一.主要思路:
(1). 第一部分是读取win系统注册表中该路径下的键值,获得相应项后提取并打印
net = "SOFTWAREMicrosoftWindows NTCurrentVersion" +
"NetworkListSignaturesUnmanaged"
key = OpenKey(HKEY_LOCAL_MACHINE, net)
print '
[*] Networks You have Joined.'
for i in range(100):
try:
guid = EnumKey(key, i)
(2).第二部分主要是对提取出来的mac地址进行查询,获得相应网站的查询api后提交数据
并返回结果
def wiglePrint(username, password, netid):
browser = mechanize.Browser()
browser.open('http://wigle.net')
(3).关于浏览器对象的创建分离出来
br = mechanize.Browser()
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj) ##关联cookies
3.遭遇问题:
(1).#ssl._create_default_https_context = ssl._create_unverified_context #搞定证书验证,否则报错
某些网站由于是自制的CA证书,所以会发生ssl_error错误,加上以上一句可以忽略证书
(2).reqData = urllib.urlencode({'credential_0': username,
'credential_1': password})
以上数据是有传递格式的。
(3).扫描注册表键值时,要注意有中文名会抛出异常,用跳过的方式处理
4.其他收获:
(1). 关于_winreg的函数作用,来源(https://docs.python.org/2.7/library/index.html)
EnumKey(key, index)
Enumerates subkeys of an open registry key, returning a string
OpenKey(key, sub_key, reserved=0, access=KEY_READ)Opens the specified key, returning a handle object.(句柄)
EnumValue(key, index)
Enumerates values of an open registry key, returning a tuple.(元组)Python的元组与列表类似,不同之处在于元组的元素不能修改,元组使用小括号,列表使用方括号
(2). urllib.urlencode()函数作用
接受参数形式为:[(key1, value1), (key2, value2),...] 和 {'key1': 'value1', 'key2': 'value2',...}
返回的是形如key2=value2&key1=value1字符串。且经过了url编码
(3). 正则 re.findall 的简单用法(返回string中所有与pattern相匹配的全部字串,返回形式为数组)
语法:findall(pattern, string, flags=0)
import re
Python 正则表达式 re findall 方法能够以列表的形式返回能匹配的子串
findall查找全部r标识代表后面是正则的语句
regular_v1 = re.findall(r"docs","https://docs.python.org/3/whatsnew/3.6.html")
print (regular_v1)
输出为 ['docs']
(4).mechanize库模拟一个浏览器的方法(https://blog.csdn.net/cnmilan/article/details/9196471)
import mechanize
import cookielib
# Cookie Jar
cj = cookielib.LWPCookieJar()
# Browser
br = mechanize.Browser()
br.set_cookiejar(cj)
# Browser options
br.set_handle_equiv(True)
br.set_handle_gzip(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
# Follows refresh 0 but not hangs on refresh > 0(关注刷新但不会挂起刷新)
br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
# Want debugging messages?
#br.set_debug_http(True)
#br.set_debug_redirects(True)
#br.set_debug_responses(True)
# User-Agent (http header)
br.addheaders = [('User-agent', 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/4.0.0')]
以上代码构建了一个浏览器对象,以下是用法
# HTTP access and get response pack
br.open("http://blog.csdn.net/cnmilan")
print br.response().read().decode("utf-8")
br.open(url,data),此时利用post方法传递参数并打开页面
br.open(url),(url=xxxx?xxxxx)此时相当于利用get方法传递数据并打开页面
(5)模拟登录中的表单登录实现
browser.open('https://api.wigle.net/')
# for f in browser.forms(): ##有的页面有很多表单,你可以通过来查看
# print f
browser.select_form(nr=0) # 模拟登录
browser['credential_0'] = 'xxxxxxxx'
browser['credential_1'] = 'xxxxxxxxxx'
browser.submit()
(6)通过pyqt实现照片定位
https://www.shiyanlou.com/courses/604/labs/1995/document
二.代码
#!/usr/bin/python
# -*- coding: utf-8 -*-
import os
import optparse
import mechanize
import urllib
import re
import urlparse
from _winreg import *
import cookielib
def b_rowser():
br = mechanize.Browser()
cj = cookielib.LWPCookieJar()
br.set_cookiejar(cj) ##关联cookies
###设置一些参数,因为是模拟客户端请求,所以要支持客户端的一些常用功能,比如gzip,referer等
br.set_handle_equiv(True)
br.set_handle_gzip(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
###这个是degbug##你可以看到他中间的执行过程,对你调试代码有帮助
br.set_debug_http(True)
# br.set_debug_redirects(True)
# br.set_debug_responses(True)
br.addheaders = [('User-agent',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11')] ##模拟浏览器头
return br
def val2addr(val):
addr = ''
for ch in val:
addr += '%02x ' % ord(ch)
addr = addr.strip(' ').replace(' ', ':')[0:17]
return addr
def wiglePrint(username, password, netid):
browser = b_rowser()
#reqData = urllib.urlencode({'credential_0': username,
# 'credential_1': password})
browser.open('https://api.wigle.net/')
# for f in browser.forms(): ##有的页面有很多表单,你可以通过来查看
# print f
browser.select_form(nr=0) # 模拟登录
browser['credential_0'] = 'zhengtu'
browser['credential_1'] = 'GAO923zhi874*WIGLE'
browser.submit()
resp = browser.open("https://api.wigle.net/api/v2/network/search?netid=" + netid).read()#本机的mac地址无法查询,可用书上的例子
print resp
mapLat = 'N/A'
mapLon = 'N/A'
rLat = re.findall(r'trilat=.*&', resp)
if rLat:
mapLat = rLat[0].split('&')[0].split('=')[1]
rLon = re.findall(r'trilong=.*&', resp)
if rLon:
mapLon = rLon[0].split
print '[-] Lat: ' + mapLat + ', Lon: ' + mapLon
def printNets(username, password):
net = "SOFTWAREMicrosoftWindows NTCurrentVersion" +
"NetworkListSignaturesUnmanaged"
key = OpenKey(HKEY_LOCAL_MACHINE, net)
print '
[*] Networks You have Joined.'
for i in range(100):
try:
guid = EnumKey(key, i)
netKey = OpenKey(key, str(guid))
(n, addr, t) = EnumValue(netKey, 5)
(n, name, t) = EnumValue(netKey, 4)
macAddr = val2addr(addr)
netName = str(name)
print '[+] ' + netName + ' ' + macAddr
wiglePrint(username, password, macAddr)
CloseKey(netKey)
except:
pass
def main():
parser = optparse.OptionParser('usage %prog ' +
'-u <wigle username> -p <wigle password>')
parser.add_option('-u', dest='username', type='string',
help='specify wigle password')
parser.add_option('-p', dest='password', type='string',
help='specify wigle username')
(options, args) = parser.parse_args()
username = options.username
password = options.password
if username == None or password == None:
print parser.usage
exit(0)
else:
printNets(username, password)
if __name__ == '__main__':
main()