ZoomEye-python
--------------
English | `中文文档 <docs/README_CN.md>`_
``ZoomEye`` is a cyberspace search engine, users can search for
network devices using a browser https://www.zoomeye.org.
``ZoomEye-python`` is a Python library developed based on the
``ZoomEye API``. It provides the ``ZoomEye command line`` mode and can
also be integrated into other tools as an ``SDK``. The library allows
technicians to **search**, **filter**, and **export** ``ZoomEye`` data
more conveniently.
0x01 installation
~~~~~~~~~~~~~~~~~
It can be installed directly from ``pypi``:
::
pip3 install zoomeye
or installed from ``github``:
::
pip3 install git+https://github.com/knownsec/ZoomEye-python.git
0x02 how to use cli
~~~~~~~~~~~~~~~~~~~
After successfully installing ``ZoomEye-python``, you can use the
``zoomeye`` command directly, as follows:
::
$ zoomeye -h
usage: zoomeye [-h] [-v] {info,search,init,ip,history,clear} ...
positional arguments:
{info,search,init,ip,history,clear}
info Show ZoomEye account info
search Search the ZoomEye database
init Initialize the token for ZoomEye-python
ip Query IP information
history Query device history
clear Manually clear the cache and user information
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
1.initialize token
^^^^^^^^^^^^^^^^^^
Before using the ``ZoomEye-python cli``, the user ``token`` needs to be
initialized. The credential is used to verify the user’s identity to
query data from ``ZoomEye``; only support API-KEY authentication methods.
You can view the help through ``zoomeye init -h``, and use ``APIKEY`` to
demonstrate below:
::
$ zoomeye init -apikey "01234567-acbd-00000-1111-22222222222"
successfully initialized
Role: developer
Quota: 10000
Users can login to ``ZoomEye`` and obtain ``APIKEY`` in personal
information (https://www.zoomeye.org/profile); ``APIKEY`` will not
expire, users can reset in personal information according to their
needs.
2.query quota
^^^^^^^^^^^^^
Users can query personal information and data quota through the ``info``
command, as follows:
::
$ zoomeye info
user_info: {
"email": "",
"name": "",
"nick_name": "",
"api_key": "",
"role": "", # service level
"phone", "",
"expired_at": ""
}
quota: {
"remain_free_quota": "", # This month remaining free amount
"remain_pay_quota": "", # Amount of remaining payment this month
"remain_total_quota": "" # Total amount remaining by the service date
}
3.search
^^^^^^^^
Search is the core function of ``ZoomEye-python``, which is used through
the ``search`` command. the ``search`` command needs to specify the
search keyword (``dork``), let's perform a simple search below:
::
$ zoomeye search "telnet" -num 1
ip:port service country app banner
222.*.*.*:23 telnet Japan Pocket CMD telnetd \xff\xfb\x01\xff\xfb\x03\xff\x...
total: 1
Using the ``search`` command is as simple as using a browser to search
in ``ZoomEye``. by default, we display five more important fields. users
can use these data to understand the target information:
::
1.ip:port ip address and port
2.service the service that the port is open
3.country country of this ip address
4.app application type
5.banner characteristic response of the port
In the above example, the number to be displayed is specified using the
``-num`` parameter. in addition, ``search`` also supports the following
parameters (``zoomeye search -h``) so that users can handle the data. we
will explain and demonstrate below.
::
-num set the number of displays/searches, support 'all'
-count query the total amount of this dork in the ZoomEye database
-facet query the distribution of the full data of the dork
-stat the distribution of statistical data result sets
-filter query the list of a certain area in the data result set, or filter according to the content
-save the result set can be exported according to the filter conditions
-force ignore the local cache and force the data to be obtained from the API
-type select web or host search
4.number of data
^^^^^^^^^^^^^^^^
Through the ``-num`` parameter, we can specify the number of search and
display, and the specified number is the number of consumed quantities.
you can query the volume of the ``dork`` in the ZoomEye database through
the ``-count`` parameter, as follows:
::
$ zoomeye search "telnet" -count
56903258
..
One thing to note, the consumption of the ``-num`` parameter is an
integer multiple of 20, because the minimum number of a single query
of the ``ZoomEye API`` is 20.
5.statistics
^^^^^^^^^^^^
We can use ``-facet`` and ``-stat`` to perform data statistics, use
``-facet`` to query the statistics of the dork's full data (obtained
through ``API`` after statistics by ``ZoomEye``), and ``-stat`` You can
perform statistics on the query result set. The fields supported by the
two commands include:
::
# host searhc
app statistics by application type
device statistics by device type
service statistics by service type
os statistics by operating system type
port statistics by port
country statistics by country
city statistics by city
# web search
webapp statistics by Web application
component statistics by Web container
framework statistics by Web framework
server statistics by Web server
waf statistics by Web firewall(WAF)
os statistics by operating system
country statistics by country
use ``-facet`` to count the application types of all ``telnet`` devices:
::
$ zoomeye search "telnet" -facet app
app count
[unknown] 28317914
BusyBox telnetd 10176313
Linux telnetd 3054856
Cisco IOS telnetd 1505802
Huawei Home Gateway telnetd 1229112
MikroTik router config httpd 1066947
Huawei telnetd 965378
Busybox telnetd 962470
Netgear broadband router... 593346
NASLite-SMB/Sveasoft Alc... 491957
use ``-stat`` to count and query the application types of 20 ``telnet``
devices:
::
$ zoomeye search "telnet" -stat app
app count
Cisco IOS telnetd 7
[unknown] 5
BusyBox telnetd 4
Linux telnetd 3
Pocket CMD telnetd 1
6.data filter
^^^^^^^^^^^^^
Use the ``-filter`` parameter to query the list of partial segments in
the data result set, or filter based on content. The segments supported
by this command include:
::
# host/search
app show application type details
version show version information details
device show device type details
port show port information details
city show city details
country show country details
asn show as number details
banner show details of characteristic response
timestamp show record data time
* when this symbol is included, show all field details
# web/search
app show application type details
headers HTTP header
keywords meta keyword
title HTTP Title information
site site search
city show city details
country show country details
webapp Web application
component Web container
framework Web framework
server Web server
waf Web firewall(WAF)
os operating system
timestamp updated timestamp
* when this symbol is included, show all field details
Compared to the omitted display by default, the complete data can be
viewed through ``-filter``, as follows:
::
$ zoomeye search "telnet" -num 1 -filter banner
ip banner
222.*.*.* \xff\xfb\x01\xff\xfb\x03\xff\xfd\x03TELNET session now in ESTABLISHED state\r\n\r\n
total: 1
When using ``-filter`` to filter, the syntax is: ``key1,key2,key3=value``, where ``key3=value`` is the filter condition, and the displayed content is ``key1,key2`` Example:
::
$ zoomeye search telnet -num 1 -filter port,app,banner=Telnet
ip port app
240e:*:*:*::3 23 LANDesk remote management
In the above example: ``banner=Telnet`` is the filter condition, and ``port,app`` is the displayed content. If you need to display ``banner``, the filter statement is like this
::
$ zoomeye search telnet -num 1 -filter port,app,banner,banner=Telnet
7.data export
^^^^^^^^^^^^^
The ``-save`` parameter can export data. the syntax of this parameter is
the same as that of ``-filter``, and the result is saved to a file in
the format of line json, as follows:
::
$ zoomeye search "telnet" -save banner=telnet
save file to telnet_1_1610446755.json successful!
$ cat telnet_1_1610446755.json
{'ip': '218.223.21.91', 'banner': '\\xff\\xfb\\x01\\xff\\xfb\\x03\\xff\\xfd\\x03TELNET session now in ESTABLISHED state\\r\\n\\r\\n'}
..
if you use ``-save`` without any parameters, the query result will be
saved as a file according to the json format of ``ZoomEye API``. this
method is generally used to integrate data while retaining metadata;
the file can be as input, it is parsed and processed again through
``cli``, such as ``zoomeye search "xxxxx.json"``.
8.graphical data
^^^^^^^^^^^^^^^^
The ``-figure`` parameter is a data visualization parameter. This parameter provides two display methods: ``pie (pie chart)`` and ``hist (histogram)``. The data will still be displayed without specifying it. When ``-figure`` is specified , Only graphics will be displayed. The pie chart is as follows:
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205004653480.png
:width: 500px
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205005016399.png
:width: 500px
The histogram is as follows:
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205004806739.png
:width: 500px
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205005117712.png
:width: 500px
9. IP history
^^^^^^^^^^^^^
``ZoomEye-python`` provides the function of querying IP historical device data. Use the command ``history [ip]`` to query the historical data of IP devices. The usage is as follows:
::
$zoomeye history "207.xx.xx.13" -num 1
207.xx.xx.13
Hostnames: [unknown]
Country: United States
City: Lake Charles
Organization: fulair.com
Lastupdated: 2021-02-18T03:44:06
Number of open ports: 1
Number of historical probes: 1
timestamp port/service app raw_data
2021-02-18 03:44:06 80/http Apache httpd HTTP/1.0 301 Moved Permanently...
By default, five fields are shown to users:
::
1. time recorded time
2. service Open service
3. port port
4. app web application
5. raw fingerprint information
Use ``zoomeye history -h`` to view the parameters provided by ``history``.
::
$zoomeye history -h
usage: zoomeye history [-h] [-filter filed=regexp] [-force] ip
positional arguments:
ip search historical device IP
optional arguments:
-h, --help show this help message and exit
-filter filed=regexp filter data and print raw data detail. field:
[time,port,service,app,raw]
-force ignore the local cache and force the data to be
obtained from the API
The following is a demonstration of ``-filter``:
::
$zoomeye history "207.xx.xx.13" -filter "time=^2019-08,port,service"
207.xx.xx.13
Hostnames: [unknown]
Country: United States
City: Lake Charles
Organization: fulair.com
Lastupdated: 2019-08-16T10:53:46
Number of open ports: 3
Number of historical probes: 3
time port service
2019-08-16 10:53:46 389 ldap
2019-08-08 23:32:30 22 ssh
2019-08-03 01:55:59 80 http
The `-filter` parameter supports the filtering of the following five fields:
::
1.time scan time
2.port port information
3.service open service
4.app web application
5.banner original fingerprint information
* when this symbol is included, show all field details
A display of the ``id`` field is added during the display. ``id`` is the serial number. For the convenience of viewing, it cannot be used as a filtered field.
..
Note: At present, only the above five fields are allowed to filter.
The user quota will also be consumed when using the ``history`` command. The user quota will be deducted for the number of pieces of data returned in the ``history`` command. For example: IP "8.8.8.8" has a total of ``944`` historical records, and the user quota of ``944`` is deducted for one query.
10. search IP information
^^^^^^^^^^^^^^^^^^^^^^^^^
You can query the information of the specified IP through the ``zoomeye ip`` command, for example:
::
$ zoomeye ip 185.*.*.57
185.*.*.57
Hostnames: [unknown]
Isp: [unknown]
Country: Saudi Arabia
City: [unknown]
Organization: [unknown]
Lastupdated: 2021-03-02T11:14:33
Number of open ports: 4{2002, 9002, 123, 25}
port service app banner
9002 telnet \xff\xfb\x01\xff\xfb\x0...
123 ntp ntpd \x16\x82\x00\x01\x05\x0...
2002 telnet Pocket CMD telnetd \xff\xfb\x01\xff\xfb\x0...
25 smtp Cisco IOS NetWor... 220 10.1.10.2 Cisco Net...
The ``zoomeye ip`` command also supports the filter parameter ``-filter``, and the syntax is the same as that of ``zoomeye search``. E.g:
::
$ zoomeye ip "185.*.*.57" -filter "app,app=ntpd"
Hostnames: [unknown]
Isp: [unknown]
Country: Saudi Arabia
City: [unknown]
Organization: [unknown]
Lastupdated: 2021-02-17T02:15:06
Number of open ports: 0
Number of historical probes: 1
app
ntpd
The fields supported by the ``filter`` parameter are:
::
1.port port information
2.service open service
3.app web application
4.banner original fingerprint information
..
Note: This function limits the number of queries per user per day based on different user levels.
Registered users and developers can query 10 times a day
Advanced users can query 20 times a day
VIP users can query 30 times a day
After the number of times per day is used up, it will be refreshed after 24 hours, that is, counting from the time of the first IP check, and the number of refreshes after 24 hours.
11.cleanup function
^^^^^^^^^^^^^^^^^^^^
Users search for a large amount of data every day, which causes the storage space occupied by the cache folder to gradually increase; if users use ``ZoomEye-python`` on a public server, it may cause their own ``API KEY`` and ``ACCESS TOKEN`` to leak .
For this reason, ``ZoomEye-python`` provides the clear command ``zoomeye clear``, which can clear the cached data and user configuration. The usage is as follows:
::
$zoomeye clear -h
usage: zoomeye clear [-h] [-setting] [-cache]
optional arguments:
-h, --help show this help message and exit
-setting clear user api key and access token
-cache clear local cache file
11.data cache
^^^^^^^^^^^^^
``ZoomEye-python`` provides a caching in ``cli`` mode, which is located
under ``~/.config/zoomeye/cache`` to save user quota as much as
possible; the data set that the user has queried will be cached locally
for 5 days. when users query the same data set, quotas are not consumed.
13.domain name query
^^^^^^^^^^^^^^^^^^^^
``ZoomEye-python`` provides the domain name query function (including associated domain name query and subdomain name query). To query a domain name, run the domain [domain name] [query type] command as follows:
::
$ python cli.py domain baidu.com 0
name timestamp ip
zszelle.baidu30a72.bf.3dtops.com 2021-06-27 204.11.56.48
zpvpcxa.baidu.3dtops.com 2021-06-27 204.11.56.48
zsrob.baidu.3dtops.com 2021-06-27 204.11.56.48
zw8uch.7928.iwo7y0.baidu82.com 2021-06-27 59.188.232.88
zydsrdxd.baidu.3dtops.com 2021-06-27 204.11.56.48
zycoccz.baidu.3dtops.com 2021-06-27 204.11.56.48
...
total: 30/79882
By default, the user is presented with three more important fields:
::
1. name 域名全称
2. timestamp 建立时间戳
3. ip ip地址
Use ``zoomeye domain -h`` to view parameters provided by the ``domain``.
::
$ python cli.py domain -h
usage: zoomeye domain [-h] [-page PAGE] [-dot] q {0,1}
positional arguments:
q search key word(eg:baidu.com)
{0,1} 0: search associated domain;1: search sub domain
optional arguments:
-h, --help show this help message and exit
-page PAGE view the page of the query result
-dot generate a network map of the domain name
The following is a demonstration of ``-page`` :(default query for the first page when not specified)
::
$ python cli.py domain baidu.com 0 -page 3
name timestamp ip
zvptcfua.baidu6c7be.mm.3dtops.com 2021-06-27 204.11.56.48
zmukxtd.baidu65c78.iw.3dtops.com 2021-06-27 204.11.56.48
zhengwanghuangguanxianjinkaihu.baidu.fschangshi.com 2021-06-27 23.224.194.175
zibo-baidu.com 2021-06-27 194.56.78.148
zuwxb4.jingyan.baidu.66players.com 2021-06-27 208.91.197.46
zhannei.baidu.com.hypestat.com 2021-06-27 67.212.187.108
zrr.sjz-baidu.com 2021-06-27 204.11.56.48
zp5hd1.baidu.com.ojsdi.cn 2021-06-27 104.149.242.155
...
zhidao.baidu.com.39883.wxeve.cn 2021-06-27 39.98.202.39
zhizhao.baidu.com 2021-06-27 182.61.45.108
zfamnje.baidu.3dtops.com 2021-06-27 204.11.56.48
zjnfza.baidu.3dtops.com 2021-06-27 204.11.56.48
total: 90/79882
The ``-dot`` parameter can generate a network map of domain name and IP,Before using this function, you need to install ``grapvhiz``.
Please refer to `grapvhiz <https://graphviz.org/download/>`_ for the installation tutorial. It is supported on Windows/Linux/Mac.
The ``-dot`` parameter will generate a picture in ``png`` format and save the original dot language script at the same time.
.. figure:: images/image-20211208112710711.png
:width: 500px
0x03 video
~~~~~~~~~~
`ZoomEye-python is demonstrated under Windows, Mac, Linux, FreeBSD
<https://weibo.com/tv/show/1034:4597603044884556?from=old_pc_videoshow>`_
|asciicast|
0x04 use SDK
~~~~~~~~~~~~
.. _initialize-token-1:
1.initialize token
^^^^^^^^^^^^^^^^^^
Similarly, the SDK also supports API-KEY authentication methods,
``APIKEY``, as follows:
**APIKEY**
.. code:: python
from zoomeye.sdk import ZoomEye
zm = ZoomEye(api_key="01234567-acbd-00000-1111-22222222222")
2.SDK API
^^^^^^^^^
The following are the interfaces and instructions provided by the SDK:
::
1.dork_search(dork, page=0, resource="host", facets=None)
search the data of the specified page according to dork
2.multi_page_search(dork, page=1, resource="host", facets=None)
search multiple pages of data according to dork
3.resources_info()
get current user information
4.show_count()
get the number of all matching results under the current dork
5.dork_filter(keys)
extract the data of the specified field from the search results
6.get_facet()
get statistical results of all data from search results
7.history_ip(ip)
query historical data information of an ip
8.show_site_ip(data)
traverse the web-search result set, and output the domain name and ip address
9.show_ip_port(data)
traverse the host-search result set and output the ip address and port
10.generate_dot(self, q, source=0, page=1)
Generate graphviz files and pictures written in the domain center
3.SDK example
^^^^^^^^^^^^^
.. code:: python
$ python3
>>> import zoomeye.sdk as zoomeye
>>> dir(zoomeye)
['ZoomEye', 'ZoomEyeDict', '__builtins__', '__cached__', '__doc__',
'__file__', '__loader__', '__name__', '__package__', '__spec__',
'fields_tables_host', 'fields_tables_web', 'getpass', 'requests',
'show_ip_port', 'show_site_ip', 'zoomeye_api_test']
>>> # Use API-KEY search
>>> zm = zoomeye.ZoomEye(api_key="01234567-acbd-00000-1111-22222222222")
>>> data = zm.dork_search('apache country:cn')
>>> zoomeye.show_site_ip(data)
213.***.***.46.rev.vo***one.pt ['46.***.***.213']
me*****on.o****e.net.pg ['203.***.***.114']
soft********63221110.b***c.net ['126.***.***.110']
soft********26216022.b***c.net ['126.***.***.22']
soft********5084068.b***c.net ['126.***.***.68']
soft********11180040.b***c.net ['126.***.***.40']
...
.. _search-1:
4.search
^^^^^^^^
As in the above example, we use ``dork_search()`` to search, and we can
also set the ``facets`` parameter to obtain the aggregated statistical
results of the full data of the dork. for the fields supported by
``facets``, please refer to **2.use cli - 5.statistics**. as follows:
.. code:: python
>>> data = zm.dork_search('telnet', facets='app')
>>> zm.get_facet()
{'product': [{'name': '', 'count': 28323128}, {'name': 'BusyBox telnetd', 'count': 10180912}, {'name': 'Linux telnetd', ......
..
``multi_page_search()`` can also search. use this function when you
need to obtain a large amount of data, where the ``page`` field
indicates how many pages of data are obtained; and ``dork_search()``
only obtains the data of a specified page.
.. _data-filter-1:
5.data filter
^^^^^^^^^^^^^
the ``dork_filter()`` function is provided in the SDK, we can filter the
data more conveniently and extract the specified data fields as follows:
.. code:: python
>>> data = zm.dork_search("telnet")
>>> zm.dork_filter("ip,port")
[['180.*.*.166', 5357], ['180.*.*.6', 5357], ......
..
since the fields returned by ``web-search`` and ``host-search``
interfaces are different, you need to fill in the correct fields when
filtering. the fields included in ``web-search``: app / headers /
keywords / title / ip / site / city / country the fields included in
``host-search``: app / version / device / ip / port / hostname / city
/ country / asn / banner
0x05 contributions
~~~~~~~~~~~~~~~~~~
| `r0oike@knownsec 404 <https://github.com/r0oike>`__
| `0x7F@knownsec 404 <https://github.com/0x7Fancy>`__
| `fenix@knownsec 404 <https://github.com/13ph03nix>`__
| `dawu@knownsec 404 <https://github.com/d4wu>`__
0x06 issue
~~~~~~~~~~
| **1.The minimum number of requests for SDK and command line tools is
20**
| Due to API limitations, the minimum unit of our query is 20 pieces of
data at a time. for a new dork, whether it is to view the total number
or specify to search for only 1 piece of data, there will be an
overhead of 20 pieces; of course, in the cli, we provide a cache, the
data that has been searched is cached locally
(``~/.config/zoomeye/cache``), and the validity period is 5 days,
which can greatly save quota.
| **2.How to enter dork with quotes?**
| When using cli to search, you will encounter dork with quotes, for example: ``"<body style=\"margin:0;padding:0\"> <p align=\"center\"> <iframe src=\ "index.xhtml\""``, when dork contains quotation marks or multiple quotation marks, the outermost layer of dork must be wrapped in quotation marks to indicate a parameter as a whole, otherwise command line parameter parsing will cause problems. Then the correct search method for the following dork should be: ``'"<body style=\"margin:0;padding:0\"> <p align=\"center\"> <iframe src=\"index.xhtml\" "'``.
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205131713799.png
:width: 500px
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205131802799.png
:width: 500px
| **3.Why is there inconsistent data in facet?**
| The following figure shows the full data statistics results of
``telnet``. the result of the first query is that 20 data query
requests (including the statistical results) were initiated by cli one
day ago by default, and cached in a local folder; the second time We
set the number of queries to 21, cli will read 20 cached data and
initiate a new query request (actually the smallest unit is 20, which
also contains statistical results), the first query and the second
query a certain period of time is in between. during this period of
time, ``ZoomEye`` periodically scans and updates the data, resulting
in the above data inconsistency, so cli will use the newer statistical
results.
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210111111035187.png
:width: 500px
| **4.Why may the total amount of data in ZoomEye-python and the browser
search the same dork be different?**
| ``ZoomEye`` provides two search interfaces: ``/host/search`` and ``/web/search``. In ``ZoomEye-python``, only ``/host/search`` is used by default, and ``/web/search`` is not used. Users can choose the search method according to their needs by specifying the ``type`` parameter.
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210111141028072.png
:width: 500px
.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210111141114558.png
:width: 500px
| **5.The quota information obtained by the info command may be
inconsistent with the browser side?**
| The browser side displays the free quota and recharge quota
(https://www.zoomeye.org/profile/record), but only the free quota
information is displayed in ``ZoomEye-python``, we will fix it in the
subsequent version This question.
0x07 404StarLink Project
~~~~~~~~~~~~~~~~~~~~~~~~
.. figure:: https://github.com/knownsec/404StarLink-Project/raw/master/logo.png
``ZoomEye-python`` is a part of 404Team `Starlink
Project <https://github.com/knownsec/404StarLink-Project>`__. If you
have any questions about ``ZoomEye-python`` or want to talk to a small
partner, you can refer to The way to join the group of Starlink Project.
- https://github.com/knownsec/404StarLink-Project#community
--------------
| References:
| https://www.zoomeye.org/doc
| knownsec 404
| Time: 2021.01.12
.. |asciicast| image:: https://asciinema.org/a/qyDaJw9qQc7UjffD04HzMApWa.svg
:target: https://asciinema.org/a/qyDaJw9qQc7UjffD04HzMApWa
Raw data
{
"_id": null,
"home_page": "https://github.com/knownsec/zoomeye-python",
"name": "zoomeye",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "security tool,zoomeye,command tool",
"author": "404 Team@Knownsec",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/25/db/8f49cedeb9d04c741eb2a21b856e478508df8195faebff605ad9654434f4/zoomeye-2.2.0.tar.gz",
"platform": null,
"description": "ZoomEye-python\n--------------\nEnglish | `\u4e2d\u6587\u6587\u6863 <docs/README_CN.md>`_\n\n``ZoomEye`` is a cyberspace search engine, users can search for\nnetwork devices using a browser https://www.zoomeye.org.\n\n``ZoomEye-python`` is a Python library developed based on the\n``ZoomEye API``. It provides the ``ZoomEye command line`` mode and can\nalso be integrated into other tools as an ``SDK``. The library allows\ntechnicians to **search**, **filter**, and **export** ``ZoomEye`` data\nmore conveniently.\n\n\n\n0x01 installation\n~~~~~~~~~~~~~~~~~\n\nIt can be installed directly from ``pypi``:\n\n::\n\n pip3 install zoomeye\n\nor installed from ``github``:\n\n::\n\n pip3 install git+https://github.com/knownsec/ZoomEye-python.git\n\n0x02 how to use cli\n~~~~~~~~~~~~~~~~~~~\n\nAfter successfully installing ``ZoomEye-python``, you can use the\n``zoomeye`` command directly, as follows:\n\n::\n\n $ zoomeye -h\n usage: zoomeye [-h] [-v] {info,search,init,ip,history,clear} ...\n positional arguments:\n {info,search,init,ip,history,clear}\n info Show ZoomEye account info\n search Search the ZoomEye database\n init Initialize the token for ZoomEye-python\n ip Query IP information\n history Query device history\n clear Manually clear the cache and user information\n\n optional arguments:\n -h, --help show this help message and exit\n -v, --version show program's version number and exit\n\n\n1.initialize token\n^^^^^^^^^^^^^^^^^^\n\nBefore using the ``ZoomEye-python cli``, the user ``token`` needs to be\ninitialized. The credential is used to verify the user\u2019s identity to\nquery data from ``ZoomEye``; only support API-KEY authentication methods.\n\nYou can view the help through ``zoomeye init -h``, and use ``APIKEY`` to\ndemonstrate below:\n\n::\n\n $ zoomeye init -apikey \"01234567-acbd-00000-1111-22222222222\"\n successfully initialized\n Role: developer\n Quota: 10000\n\nUsers can login to ``ZoomEye`` and obtain ``APIKEY`` in personal\ninformation (https://www.zoomeye.org/profile); ``APIKEY`` will not\nexpire, users can reset in personal information according to their\nneeds.\n\n\n2.query quota\n^^^^^^^^^^^^^\n\nUsers can query personal information and data quota through the ``info``\ncommand, as follows:\n\n::\n\n $ zoomeye info\n user_info: {\n \"email\": \"\",\n \"name\": \"\",\n \"nick_name\": \"\",\n \"api_key\": \"\",\n \"role\": \"\", # service level\n \"phone\", \"\",\n \"expired_at\": \"\"\n }\n quota: {\n \"remain_free_quota\": \"\", # This month remaining free amount\n \"remain_pay_quota\": \"\", # Amount of remaining payment this month\n \"remain_total_quota\": \"\" # Total amount remaining by the service date\n }\n\n3.search\n^^^^^^^^\n\nSearch is the core function of ``ZoomEye-python``, which is used through\nthe ``search`` command. the ``search`` command needs to specify the\nsearch keyword (``dork``), let's perform a simple search below:\n\n::\n\n $ zoomeye search \"telnet\" -num 1\n ip:port service country app banner \n 222.*.*.*:23 telnet Japan Pocket CMD telnetd \\xff\\xfb\\x01\\xff\\xfb\\x03\\xff\\x...\n\n total: 1\n\nUsing the ``search`` command is as simple as using a browser to search\nin ``ZoomEye``. by default, we display five more important fields. users\ncan use these data to understand the target information:\n\n::\n\n 1.ip:port ip address and port\n 2.service the service that the port is open\n 3.country country of this ip address\n 4.app application type\n 5.banner characteristic response of the port\n\nIn the above example, the number to be displayed is specified using the\n``-num`` parameter. in addition, ``search`` also supports the following\nparameters (``zoomeye search -h``) so that users can handle the data. we\nwill explain and demonstrate below.\n\n::\n\n -num set the number of displays/searches, support 'all'\n -count query the total amount of this dork in the ZoomEye database\n -facet query the distribution of the full data of the dork\n -stat the distribution of statistical data result sets\n -filter query the list of a certain area in the data result set, or filter according to the content\n -save the result set can be exported according to the filter conditions\n -force ignore the local cache and force the data to be obtained from the API\n -type select web or host search\n\n4.number of data\n^^^^^^^^^^^^^^^^\n\nThrough the ``-num`` parameter, we can specify the number of search and\ndisplay, and the specified number is the number of consumed quantities.\nyou can query the volume of the ``dork`` in the ZoomEye database through\nthe ``-count`` parameter, as follows:\n\n::\n\n $ zoomeye search \"telnet\" -count\n 56903258\n\n..\n\n One thing to note, the consumption of the ``-num`` parameter is an\n integer multiple of 20, because the minimum number of a single query\n of the ``ZoomEye API`` is 20.\n\n5.statistics\n^^^^^^^^^^^^\n\nWe can use ``-facet`` and ``-stat`` to perform data statistics, use\n``-facet`` to query the statistics of the dork's full data (obtained\nthrough ``API`` after statistics by ``ZoomEye``), and ``-stat`` You can\nperform statistics on the query result set. The fields supported by the\ntwo commands include:\n\n::\n\n # host searhc\n app statistics by application type\n device statistics by device type\n service statistics by service type\n os statistics by operating system type\n port statistics by port\n country statistics by country\n city statistics by city\n\n # web search\n webapp statistics by Web application\n component statistics by Web container\n framework statistics by Web framework\n server statistics by Web server\n waf statistics by Web firewall(WAF)\n os statistics by operating system\n country statistics by country\n\nuse ``-facet`` to count the application types of all ``telnet`` devices:\n\n::\n\n $ zoomeye search \"telnet\" -facet app\n app count\n [unknown] 28317914\n BusyBox telnetd 10176313\n Linux telnetd 3054856\n Cisco IOS telnetd 1505802\n Huawei Home Gateway telnetd 1229112\n MikroTik router config httpd 1066947\n Huawei telnetd 965378\n Busybox telnetd 962470\n Netgear broadband router... 593346\n NASLite-SMB/Sveasoft Alc... 491957\n\nuse ``-stat`` to count and query the application types of 20 ``telnet``\ndevices:\n\n::\n\n $ zoomeye search \"telnet\" -stat app\n app count \n Cisco IOS telnetd 7\n [unknown] 5\n BusyBox telnetd 4\n Linux telnetd 3\n Pocket CMD telnetd 1\n\n\n6.data filter\n^^^^^^^^^^^^^\n\nUse the ``-filter`` parameter to query the list of partial segments in\nthe data result set, or filter based on content. The segments supported\nby this command include:\n\n::\n\n # host/search\n app show application type details\n version show version information details\n device show device type details\n port show port information details\n city show city details\n country show country details\n asn show as number details\n banner show details of characteristic response\n timestamp show record data time\n * when this symbol is included, show all field details\n\n # web/search\n app show application type details\n headers HTTP header\n keywords meta keyword\n title HTTP Title information\n site site search\n city show city details\n country show country details\n webapp Web application\n component Web container\n framework Web framework\n server Web server\n waf Web firewall(WAF)\n os operating system\n timestamp updated timestamp\n * when this symbol is included, show all field details\n\n\nCompared to the omitted display by default, the complete data can be\nviewed through ``-filter``, as follows:\n\n::\n\n $ zoomeye search \"telnet\" -num 1 -filter banner\n ip banner \n 222.*.*.* \\xff\\xfb\\x01\\xff\\xfb\\x03\\xff\\xfd\\x03TELNET session now in ESTABLISHED state\\r\\n\\r\\n\n\n total: 1\n\nWhen using ``-filter`` to filter, the syntax is: ``key1,key2,key3=value``, where ``key3=value`` is the filter condition, and the displayed content is ``key1,key2`` Example:\n\n::\n\n $ zoomeye search telnet -num 1 -filter port,app,banner=Telnet\n\n ip port app\n 240e:*:*:*::3 23 LANDesk remote management\n\nIn the above example: ``banner=Telnet`` is the filter condition, and ``port,app`` is the displayed content. If you need to display ``banner``, the filter statement is like this\n\n::\n\n $ zoomeye search telnet -num 1 -filter port,app,banner,banner=Telnet\n\n\n\n7.data export\n^^^^^^^^^^^^^\n\nThe ``-save`` parameter can export data. the syntax of this parameter is\nthe same as that of ``-filter``, and the result is saved to a file in\nthe format of line json, as follows:\n\n::\n\n $ zoomeye search \"telnet\" -save banner=telnet\n save file to telnet_1_1610446755.json successful!\n\n $ cat telnet_1_1610446755.json\n {'ip': '218.223.21.91', 'banner': '\\\\xff\\\\xfb\\\\x01\\\\xff\\\\xfb\\\\x03\\\\xff\\\\xfd\\\\x03TELNET session now in ESTABLISHED state\\\\r\\\\n\\\\r\\\\n'}\n\n..\n\n if you use ``-save`` without any parameters, the query result will be\n saved as a file according to the json format of ``ZoomEye API``. this\n method is generally used to integrate data while retaining metadata;\n the file can be as input, it is parsed and processed again through\n ``cli``, such as ``zoomeye search \"xxxxx.json\"``.\n\n\n8.graphical data\n^^^^^^^^^^^^^^^^\n\nThe ``-figure`` parameter is a data visualization parameter. This parameter provides two display methods: ``pie (pie chart)`` and ``hist (histogram)``. The data will still be displayed without specifying it. When ``-figure`` is specified , Only graphics will be displayed. The pie chart is as follows:\n\n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205004653480.png\n :width: 500px\n\n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205005016399.png\n :width: 500px\n\nThe histogram is as follows:\n\n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205004806739.png\n :width: 500px\n\n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205005117712.png\n :width: 500px\n\n\n9. IP history\n^^^^^^^^^^^^^\n\n``ZoomEye-python`` provides the function of querying IP historical device data. Use the command ``history [ip]`` to query the historical data of IP devices. The usage is as follows:\n\n::\n\n $zoomeye history \"207.xx.xx.13\" -num 1\n 207.xx.xx.13\n Hostnames: [unknown]\n Country: United States\n City: Lake Charles\n Organization: fulair.com\n Lastupdated: 2021-02-18T03:44:06\n Number of open ports: 1\n Number of historical probes: 1\n\n timestamp port/service app raw_data\n 2021-02-18 03:44:06 80/http Apache httpd HTTP/1.0 301 Moved Permanently...\n\n\n\nBy default, five fields are shown to users:\n\n::\n\n 1. time recorded time\n 2. service Open service\n 3. port port\n 4. app web application\n 5. raw fingerprint information\n\n\nUse ``zoomeye history -h`` to view the parameters provided by ``history``.\n\n::\n\n $zoomeye history -h\n\n usage: zoomeye history [-h] [-filter filed=regexp] [-force] ip\n\n positional arguments:\n ip search historical device IP\n\n optional arguments:\n -h, --help show this help message and exit\n -filter filed=regexp filter data and print raw data detail. field:\n [time,port,service,app,raw]\n -force ignore the local cache and force the data to be\n obtained from the API\n\nThe following is a demonstration of ``-filter``:\n\n\n::\n\n $zoomeye history \"207.xx.xx.13\" -filter \"time=^2019-08,port,service\"\n 207.xx.xx.13\n Hostnames: [unknown]\n Country: United States\n City: Lake Charles\n Organization: fulair.com\n Lastupdated: 2019-08-16T10:53:46\n Number of open ports: 3\n Number of historical probes: 3\n\n time port service\n 2019-08-16 10:53:46 389 ldap\n 2019-08-08 23:32:30 22 ssh\n 2019-08-03 01:55:59 80 http\n\n\nThe `-filter` parameter supports the filtering of the following five fields:\n\n::\n\n 1.time scan time\n 2.port port information\n 3.service open service\n 4.app web application\n 5.banner original fingerprint information\n * when this symbol is included, show all field details\n\n\nA display of the ``id`` field is added during the display. ``id`` is the serial number. For the convenience of viewing, it cannot be used as a filtered field.\n\n..\n\n Note: At present, only the above five fields are allowed to filter.\n\n The user quota will also be consumed when using the ``history`` command. The user quota will be deducted for the number of pieces of data returned in the ``history`` command. For example: IP \"8.8.8.8\" has a total of ``944`` historical records, and the user quota of ``944`` is deducted for one query.\n\n10. search IP information\n^^^^^^^^^^^^^^^^^^^^^^^^^\nYou can query the information of the specified IP through the ``zoomeye ip`` command, for example:\n\n::\n\n $ zoomeye ip 185.*.*.57\n 185.*.*.57\n Hostnames: [unknown]\n Isp: [unknown]\n Country: Saudi Arabia\n City: [unknown]\n Organization: [unknown]\n Lastupdated: 2021-03-02T11:14:33\n Number of open ports: 4{2002, 9002, 123, 25}\n\n port service app banner\n 9002 telnet \\xff\\xfb\\x01\\xff\\xfb\\x0...\n 123 ntp ntpd \\x16\\x82\\x00\\x01\\x05\\x0...\n 2002 telnet Pocket CMD telnetd \\xff\\xfb\\x01\\xff\\xfb\\x0...\n 25 smtp Cisco IOS NetWor... 220 10.1.10.2 Cisco Net...\n\n\nThe ``zoomeye ip`` command also supports the filter parameter ``-filter``, and the syntax is the same as that of ``zoomeye search``. E.g:\n\n::\n\n $ zoomeye ip \"185.*.*.57\" -filter \"app,app=ntpd\"\n Hostnames: [unknown]\n Isp: [unknown]\n Country: Saudi Arabia\n City: [unknown]\n Organization: [unknown]\n Lastupdated: 2021-02-17T02:15:06\n Number of open ports: 0\n Number of historical probes: 1\n\n app\n ntpd\n\nThe fields supported by the ``filter`` parameter are:\n\n::\n\n 1.port port information\n 2.service open service\n 3.app web application\n 4.banner original fingerprint information\n\n\n\n..\n\n Note: This function limits the number of queries per user per day based on different user levels.\n\n Registered users and developers can query 10 times a day\n\n Advanced users can query 20 times a day\n\n VIP users can query 30 times a day\n\n After the number of times per day is used up, it will be refreshed after 24 hours, that is, counting from the time of the first IP check, and the number of refreshes after 24 hours.\n\n\n11.cleanup function\n^^^^^^^^^^^^^^^^^^^^\n\nUsers search for a large amount of data every day, which causes the storage space occupied by the cache folder to gradually increase; if users use ``ZoomEye-python`` on a public server, it may cause their own ``API KEY`` and ``ACCESS TOKEN`` to leak .\nFor this reason, ``ZoomEye-python`` provides the clear command ``zoomeye clear``, which can clear the cached data and user configuration. The usage is as follows:\n\n::\n\n $zoomeye clear -h\n usage: zoomeye clear [-h] [-setting] [-cache]\n\n optional arguments:\n -h, --help show this help message and exit\n -setting clear user api key and access token\n -cache clear local cache file\n\n\n11.data cache\n^^^^^^^^^^^^^\n\n``ZoomEye-python`` provides a caching in ``cli`` mode, which is located\nunder ``~/.config/zoomeye/cache`` to save user quota as much as\npossible; the data set that the user has queried will be cached locally\nfor 5 days. when users query the same data set, quotas are not consumed.\n\n\n13.domain name query\n^^^^^^^^^^^^^^^^^^^^\n\n``ZoomEye-python`` provides the domain name query function (including associated domain name query and subdomain name query). To query a domain name, run the domain [domain name] [query type] command as follows:\n\n\n::\n\n $ python cli.py domain baidu.com 0\n name timestamp ip\n zszelle.baidu30a72.bf.3dtops.com 2021-06-27 204.11.56.48\n zpvpcxa.baidu.3dtops.com 2021-06-27 204.11.56.48\n zsrob.baidu.3dtops.com 2021-06-27 204.11.56.48\n zw8uch.7928.iwo7y0.baidu82.com 2021-06-27 59.188.232.88\n zydsrdxd.baidu.3dtops.com 2021-06-27 204.11.56.48\n zycoccz.baidu.3dtops.com 2021-06-27 204.11.56.48\n ...\n\n total: 30/79882\n\n\n\nBy default, the user is presented with three more important fields:\n\n\n::\n\n 1. name \u57df\u540d\u5168\u79f0\n 2. timestamp \u5efa\u7acb\u65f6\u95f4\u6233\n 3. ip ip\u5730\u5740\n\n\n\nUse ``zoomeye domain -h`` to view parameters provided by the ``domain``.\n\n\n::\n\n $ python cli.py domain -h\n usage: zoomeye domain [-h] [-page PAGE] [-dot] q {0,1}\n\n positional arguments:\n q search key word(eg:baidu.com)\n {0,1} 0: search associated domain;1: search sub domain\n\n optional arguments:\n -h, --help show this help message and exit\n -page PAGE view the page of the query result\n -dot generate a network map of the domain name\n\n\n\nThe following is a demonstration of ``-page`` :(default query for the first page when not specified)\n\n\n::\n\n $ python cli.py domain baidu.com 0 -page 3\n name timestamp ip\n zvptcfua.baidu6c7be.mm.3dtops.com 2021-06-27 204.11.56.48\n zmukxtd.baidu65c78.iw.3dtops.com 2021-06-27 204.11.56.48\n zhengwanghuangguanxianjinkaihu.baidu.fschangshi.com 2021-06-27 23.224.194.175\n zibo-baidu.com 2021-06-27 194.56.78.148\n zuwxb4.jingyan.baidu.66players.com 2021-06-27 208.91.197.46\n zhannei.baidu.com.hypestat.com 2021-06-27 67.212.187.108\n zrr.sjz-baidu.com 2021-06-27 204.11.56.48\n zp5hd1.baidu.com.ojsdi.cn 2021-06-27 104.149.242.155\n\n ...\n\n zhidao.baidu.com.39883.wxeve.cn 2021-06-27 39.98.202.39\n zhizhao.baidu.com 2021-06-27 182.61.45.108\n zfamnje.baidu.3dtops.com 2021-06-27 204.11.56.48\n zjnfza.baidu.3dtops.com 2021-06-27 204.11.56.48\n\n total: 90/79882\n\nThe ``-dot`` parameter can generate a network map of domain name and IP,Before using this function, you need to install ``grapvhiz``.\nPlease refer to `grapvhiz <https://graphviz.org/download/>`_ for the installation tutorial. It is supported on Windows/Linux/Mac.\nThe ``-dot`` parameter will generate a picture in ``png`` format and save the original dot language script at the same time.\n\n.. figure:: images/image-20211208112710711.png\n :width: 500px\n\n0x03 video\n~~~~~~~~~~\n\n`ZoomEye-python is demonstrated under Windows, Mac, Linux, FreeBSD\n<https://weibo.com/tv/show/1034:4597603044884556?from=old_pc_videoshow>`_\n\n|asciicast|\n\n0x04 use SDK\n~~~~~~~~~~~~\n\n.. _initialize-token-1:\n\n1.initialize token\n^^^^^^^^^^^^^^^^^^\n\nSimilarly, the SDK also supports API-KEY authentication methods,\n ``APIKEY``, as follows:\n\n**APIKEY**\n\n.. code:: python\n\n from zoomeye.sdk import ZoomEye\n\n zm = ZoomEye(api_key=\"01234567-acbd-00000-1111-22222222222\")\n\n2.SDK API\n^^^^^^^^^\n\nThe following are the interfaces and instructions provided by the SDK:\n\n::\n\n 1.dork_search(dork, page=0, resource=\"host\", facets=None)\n search the data of the specified page according to dork\n 2.multi_page_search(dork, page=1, resource=\"host\", facets=None)\n search multiple pages of data according to dork\n 3.resources_info()\n get current user information\n 4.show_count()\n get the number of all matching results under the current dork\n 5.dork_filter(keys)\n extract the data of the specified field from the search results\n 6.get_facet()\n get statistical results of all data from search results\n 7.history_ip(ip)\n query historical data information of an ip\n 8.show_site_ip(data)\n traverse the web-search result set, and output the domain name and ip address\n 9.show_ip_port(data)\n traverse the host-search result set and output the ip address and port\n 10.generate_dot(self, q, source=0, page=1)\n Generate graphviz files and pictures written in the domain center\n\n3.SDK example\n^^^^^^^^^^^^^\n\n.. code:: python\n\n $ python3\n >>> import zoomeye.sdk as zoomeye\n >>> dir(zoomeye)\n ['ZoomEye', 'ZoomEyeDict', '__builtins__', '__cached__', '__doc__',\n '__file__', '__loader__', '__name__', '__package__', '__spec__',\n 'fields_tables_host', 'fields_tables_web', 'getpass', 'requests',\n 'show_ip_port', 'show_site_ip', 'zoomeye_api_test']\n >>> # Use API-KEY search\n >>> zm = zoomeye.ZoomEye(api_key=\"01234567-acbd-00000-1111-22222222222\")\n >>> data = zm.dork_search('apache country:cn')\n >>> zoomeye.show_site_ip(data)\n 213.***.***.46.rev.vo***one.pt ['46.***.***.213']\n me*****on.o****e.net.pg ['203.***.***.114']\n soft********63221110.b***c.net ['126.***.***.110']\n soft********26216022.b***c.net ['126.***.***.22']\n soft********5084068.b***c.net ['126.***.***.68']\n soft********11180040.b***c.net ['126.***.***.40']\n ...\n\n.. _search-1:\n\n4.search\n^^^^^^^^\n\nAs in the above example, we use ``dork_search()`` to search, and we can\nalso set the ``facets`` parameter to obtain the aggregated statistical\nresults of the full data of the dork. for the fields supported by\n``facets``, please refer to **2.use cli - 5.statistics**. as follows:\n\n.. code:: python\n\n >>> data = zm.dork_search('telnet', facets='app')\n >>> zm.get_facet()\n {'product': [{'name': '', 'count': 28323128}, {'name': 'BusyBox telnetd', 'count': 10180912}, {'name': 'Linux telnetd', ......\n\n..\n\n ``multi_page_search()`` can also search. use this function when you\n need to obtain a large amount of data, where the ``page`` field\n indicates how many pages of data are obtained; and ``dork_search()``\n only obtains the data of a specified page.\n\n.. _data-filter-1:\n\n5.data filter\n^^^^^^^^^^^^^\n\nthe ``dork_filter()`` function is provided in the SDK, we can filter the\ndata more conveniently and extract the specified data fields as follows:\n\n.. code:: python\n\n >>> data = zm.dork_search(\"telnet\")\n >>> zm.dork_filter(\"ip,port\")\n [['180.*.*.166', 5357], ['180.*.*.6', 5357], ......\n\n..\n\n since the fields returned by ``web-search`` and ``host-search``\n interfaces are different, you need to fill in the correct fields when\n filtering. the fields included in ``web-search``: app / headers /\n keywords / title / ip / site / city / country the fields included in\n ``host-search``: app / version / device / ip / port / hostname / city\n / country / asn / banner\n\n\n0x05 contributions\n~~~~~~~~~~~~~~~~~~\n\n| `r0oike@knownsec 404 <https://github.com/r0oike>`__\n| `0x7F@knownsec 404 <https://github.com/0x7Fancy>`__\n| `fenix@knownsec 404 <https://github.com/13ph03nix>`__\n| `dawu@knownsec 404 <https://github.com/d4wu>`__\n\n0x06 issue\n~~~~~~~~~~\n\n| **1.The minimum number of requests for SDK and command line tools is\n 20**\n| Due to API limitations, the minimum unit of our query is 20 pieces of\n data at a time. for a new dork, whether it is to view the total number\n or specify to search for only 1 piece of data, there will be an\n overhead of 20 pieces; of course, in the cli, we provide a cache, the\n data that has been searched is cached locally\n (``~/.config/zoomeye/cache``), and the validity period is 5 days,\n which can greatly save quota.\n\n| **2.How to enter dork with quotes?**\n| When using cli to search, you will encounter dork with quotes, for example: ``\"<body style=\\\"margin:0;padding:0\\\"> <p align=\\\"center\\\"> <iframe src=\\ \"index.xhtml\\\"\"``, when dork contains quotation marks or multiple quotation marks, the outermost layer of dork must be wrapped in quotation marks to indicate a parameter as a whole, otherwise command line parameter parsing will cause problems. Then the correct search method for the following dork should be: ``'\"<body style=\\\"margin:0;padding:0\\\"> <p align=\\\"center\\\"> <iframe src=\\\"index.xhtml\\\" \"'``.\n\n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205131713799.png\n :width: 500px\n\n\n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210205131802799.png\n :width: 500px\n\n\n| **3.Why is there inconsistent data in facet?**\n| The following figure shows the full data statistics results of\n ``telnet``. the result of the first query is that 20 data query\n requests (including the statistical results) were initiated by cli one\n day ago by default, and cached in a local folder; the second time We\n set the number of queries to 21, cli will read 20 cached data and\n initiate a new query request (actually the smallest unit is 20, which\n also contains statistical results), the first query and the second\n query a certain period of time is in between. during this period of\n time, ``ZoomEye`` periodically scans and updates the data, resulting\n in the above data inconsistency, so cli will use the newer statistical\n results.\n \n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210111111035187.png\n :width: 500px\n\n| **4.Why may the total amount of data in ZoomEye-python and the browser\n search the same dork be different?**\n| ``ZoomEye`` provides two search interfaces: ``/host/search`` and ``/web/search``. In ``ZoomEye-python``, only ``/host/search`` is used by default, and ``/web/search`` is not used. Users can choose the search method according to their needs by specifying the ``type`` parameter.\n\n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210111141028072.png\n :width: 500px\n\n.. figure:: https://raw.githubusercontent.com/knownsec/ZoomEye-python/master/images/image-20210111141114558.png\n :width: 500px\n\n| **5.The quota information obtained by the info command may be\n inconsistent with the browser side?**\n| The browser side displays the free quota and recharge quota\n (https://www.zoomeye.org/profile/record), but only the free quota\n information is displayed in ``ZoomEye-python``, we will fix it in the\n subsequent version This question.\n\n0x07 404StarLink Project\n~~~~~~~~~~~~~~~~~~~~~~~~\n\n.. figure:: https://github.com/knownsec/404StarLink-Project/raw/master/logo.png\n\n``ZoomEye-python`` is a part of 404Team `Starlink\nProject <https://github.com/knownsec/404StarLink-Project>`__. If you\nhave any questions about ``ZoomEye-python`` or want to talk to a small\npartner, you can refer to The way to join the group of Starlink Project.\n\n- https://github.com/knownsec/404StarLink-Project#community\n\n--------------\n\n| References:\n| https://www.zoomeye.org/doc\n\n| knownsec 404\n| Time: 2021.01.12\n\n.. |asciicast| image:: https://asciinema.org/a/qyDaJw9qQc7UjffD04HzMApWa.svg\n :target: https://asciinema.org/a/qyDaJw9qQc7UjffD04HzMApWa\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
"bugtrack_url": null,
"license": "",
"summary": "Python library and command-line tool for ZoomEye (https://www.zoomeye.org/doc)",
"version": "2.2.0",
"split_keywords": [
"security tool",
"zoomeye",
"command tool"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "bf2b11b7ed57eb0c54b3f39a0c3d8c5c447603422667289b6c56c1ce8e34edbf",
"md5": "ac41b0935ee9e7df7be59117845847ba",
"sha256": "592728a56e22e719b533eff8feba6467a1e13ab929f768a10b6dfa73896da505"
},
"downloads": -1,
"filename": "zoomeye-2.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ac41b0935ee9e7df7be59117845847ba",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 40215,
"upload_time": "2023-04-12T08:22:53",
"upload_time_iso_8601": "2023-04-12T08:22:53.450593Z",
"url": "https://files.pythonhosted.org/packages/bf/2b/11b7ed57eb0c54b3f39a0c3d8c5c447603422667289b6c56c1ce8e34edbf/zoomeye-2.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "25db8f49cedeb9d04c741eb2a21b856e478508df8195faebff605ad9654434f4",
"md5": "455ea3bdf3a9af242c48345d78e45bf3",
"sha256": "5a8bf81833020c9f65b179e1ad0259c3e948adb39404985411b3c65f0204571c"
},
"downloads": -1,
"filename": "zoomeye-2.2.0.tar.gz",
"has_sig": false,
"md5_digest": "455ea3bdf3a9af242c48345d78e45bf3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 45721,
"upload_time": "2023-04-12T08:22:57",
"upload_time_iso_8601": "2023-04-12T08:22:57.282742Z",
"url": "https://files.pythonhosted.org/packages/25/db/8f49cedeb9d04c741eb2a21b856e478508df8195faebff605ad9654434f4/zoomeye-2.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-04-12 08:22:57",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "knownsec",
"github_project": "zoomeye-python",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "zoomeye"
}
JSON
