diff --git a/README.rst b/README.rst index e28f911..a9fee30 100755 --- a/README.rst +++ b/README.rst @@ -57,12 +57,7 @@ After successfully installing ``ZoomEye-python``, you can use the Before using the ``ZoomEye-python cli``, the user ``token`` needs to be initialized. The credential is used to verify the user’s identity to -query data from ``ZoomEye``; we provide two authentication methods: - -:: - - 1.username/password - 2.APIKEY (recommend) +query data from ``ZoomEye``; only support API-KEY authentication methods. You can view the help through ``zoomeye init -h``, and use ``APIKEY`` to demonstrate below: @@ -79,10 +74,6 @@ information (https://www.zoomeye.org/profile); ``APIKEY`` will not expire, users can reset in personal information according to their needs. -in addition, we also provide the initialization method of -``username/password``. After authentication in this way, the -``JWT-token`` will be returned, which has certain timeliness and -requires the user to login again after failure. 2.query quota ^^^^^^^^^^^^^ @@ -623,18 +614,10 @@ The ``-dot`` parameter will generate a picture in ``png`` format and save the or 1.initialize token ^^^^^^^^^^^^^^^^^^ -Similarly, the SDK also supports two authentication methods, -``username/password`` and ``APIKEY``, as follows: - -**1.user/pass** - -.. code:: python - - from zoomeye.sdk import ZoomEye - - zm = ZoomEye(username="username", password="password") +Similarly, the SDK also supports API-KEY authentication methods, + ``APIKEY``, as follows: -**2.APIKEY** +**APIKEY** .. code:: python @@ -649,27 +632,25 @@ The following are the interfaces and instructions provided by the SDK: :: - 1.login() - use username/password or APIKEY for authentication - 2.dork_search(dork, page=0, resource="host", facets=None) + 1.dork_search(dork, page=0, resource="host", facets=None) search the data of the specified page according to dork - 3.multi_page_search(dork, page=1, resource="host", facets=None) + 2.multi_page_search(dork, page=1, resource="host", facets=None) search multiple pages of data according to dork - 4.resources_info() + 3.resources_info() get current user information - 5.show_count() + 4.show_count() get the number of all matching results under the current dork - 6.dork_filter(keys) + 5.dork_filter(keys) extract the data of the specified field from the search results - 7.get_facet() + 6.get_facet() get statistical results of all data from search results - 8.history_ip(ip) + 7.history_ip(ip) query historical data information of an ip - 9.show_site_ip(data) + 8.show_site_ip(data) traverse the web-search result set, and output the domain name and ip address - 10.show_ip_port(data) + 9.show_ip_port(data) traverse the host-search result set and output the ip address and port - 11.generate_dot(self, q, source=0, page=1) + 10.generate_dot(self, q, source=0, page=1) Generate graphviz files and pictures written in the domain center 3.SDK example @@ -684,12 +665,8 @@ The following are the interfaces and instructions provided by the SDK: '__file__', '__loader__', '__name__', '__package__', '__spec__', 'fields_tables_host', 'fields_tables_web', 'getpass', 'requests', 'show_ip_port', 'show_site_ip', 'zoomeye_api_test'] - >>> # Use username and password to login - >>> zm = zoomeye.ZoomEye() - >>> zm.username = 'username@zoomeye.org' - >>> zm.password = 'password' - >>> print(zm.login()) - ....JIUzI1NiIsInR5cCI6IkpXVCJ9..... + >>> # Use API-KEY search + >>> zm = zoomeye.ZoomEye(api_key="01234567-acbd-00000-1111-22222222222") >>> data = zm.dork_search('apache country:cn') >>> zoomeye.show_site_ip(data) 213.***.***.46.rev.vo***one.pt ['46.***.***.213'] diff --git a/docs/README_CN.md b/docs/README_CN.md index 2fd0ef5..4ce8217 100755 --- a/docs/README_CN.md +++ b/docs/README_CN.md @@ -39,10 +39,7 @@ optional arguments: ``` #### 1.初始化token -在使用 `ZoomEye-python cli` 前需要先初始化用户 `token`,该凭证用于验证用户身份以便从 `ZoomEye` 查询数据;我们提供了两种认证方式: - - 1.username/password - 2.APIKEY (推荐) +在使用 `ZoomEye-python cli` 前需要先初始化用户 `token`,该凭证用于验证用户身份以便从 `ZoomEye` 查询数据;仅支持 API-KEY 认证。 可以通过 `zoomeye init -h` 查看帮助,下面通过 `APIKEY` 来进行演示: @@ -55,7 +52,6 @@ Quota: 10000 用户可以通过登陆 `ZoomEye` 在个人信息中() 获取 `APIKEY`;`APIKEY` 不会过期,用户可根据需求在个人信息中进行重置。 -除此之外,我们还提供了 `username/password` 的初始化方式,通过这种方式认证后会返回 `JWT-token`,具有一定的时效性,失效后需要用户重新登陆。 #### 2.查询配额 用户可以通过 `info` 命令查询个人信息以及数据配额,如下: @@ -495,17 +491,9 @@ total: 90/79882 ### 0x04 使用SDK #### 1.初始化token -同样,在 SDK 中也支持 `username/password` 和 `APIKEY` 两种认证方式,如下: - -**1.user/pass** - -```python -from zoomeye.sdk import ZoomEye - -zm = ZoomEye(username="username", password="password") -``` +同样,在 SDK 中仅支持通过 `APIKEY` 认证,如下: -**2.APIKEY** +**APIKEY** ```python from zoomeye.sdk import ZoomEye @@ -516,27 +504,25 @@ zm = ZoomEye(api_key="01234567-acbd-00000-1111-22222222222") #### 2.SDK API 以下是 SDK 提供的接口以及说明: - 1.login() - 使用 username/password 或者 APIKEY 进行认证 - 2.dork_search(dork, page=0, resource="host", facets=None) + 1.dork_search(dork, page=0, resource="host", facets=None) 根据 dork 搜索指定页的数据 - 3.multi_page_search(dork, page=1, resource="host", facets=None) + 2.multi_page_search(dork, page=1, resource="host", facets=None) 根据 dork 搜索多页数据 - 4.resources_info() + 3.resources_info() 获取当前用户的信息 - 5.show_count() + 4.show_count() 获取当前 dork 下全部匹配结果的数量 - 6.dork_filter(keys) + 5.dork_filter(keys) 从搜索结果中提取指定字段的数据 - 7.get_facet() + 6.get_facet() 从搜索结果中获取全量数据的聚合结果 - 8.history_ip(ip) + 7.history_ip(ip) 查询某个 ip 的历史数据信息 - 9.show_site_ip(data) + 8.show_site_ip(data) 遍历 web-search 结果集,并输出域名和ip地址 - 10.show_ip_port(data) + 9.show_ip_port(data) 遍历 host-search 结果集,并输出ip地址和端口 - 11.generate_dot(self, q, source=0, page=1) + 10.generate_dot(self, q, source=0, page=1) 生成以域名中心写出graphviz文件和图片 #### 3.使用示例 @@ -549,12 +535,8 @@ $ python3 '__file__', '__loader__', '__name__', '__package__', '__spec__', 'fields_tables_host', 'fields_tables_web', 'getpass', 'requests', 'show_ip_port', 'show_site_ip', 'zoomeye_api_test'] ->>> # Use username and password to login +>>> # Use API-KEY search dork >>> zm = zoomeye.ZoomEye() ->>> zm.username = 'username@zoomeye.org' ->>> zm.password = 'password' ->>> print(zm.login()) -....JIUzI1NiIsInR5cCI6IkpXVCJ9..... >>> data = zm.dork_search('apache country:cn') >>> zoomeye.show_site_ip(data) 213.***.***.46.rev.vo***one.pt ['46.***.***.213'] diff --git a/zoomeye/__init__.py b/zoomeye/__init__.py index 4d53a11..44a965c 100644 --- a/zoomeye/__init__.py +++ b/zoomeye/__init__.py @@ -11,5 +11,5 @@ __name__ = 'zoomeye' __package__ = 'zoomeye' -__version__ = 'v2.1.2' +__version__ = 'v2.2.0' __site__ = "https://www.zoomeye.org/doc" diff --git a/zoomeye/cli.py b/zoomeye/cli.py index 044715e..9d5fe14 100644 --- a/zoomeye/cli.py +++ b/zoomeye/cli.py @@ -153,8 +153,6 @@ def main(): # initial account configuration related commands parser_init = subparsers.add_parser("init", help="Initialize the token for ZoomEye-python") parser_init.add_argument("-apikey", help="ZoomEye API Key", default=None, metavar='[api key]') - parser_init.add_argument("-username", help="ZoomEye account username", default=None, metavar='[username]') - parser_init.add_argument("-password", help="ZoomEye account password", default=None, metavar='[password]') parser_init.set_defaults(func=core.init) parser_ip_info = subparsers.add_parser("ip", help="Query IP information") diff --git a/zoomeye/core.py b/zoomeye/core.py index 9c7f60c..c96472e 100644 --- a/zoomeye/core.py +++ b/zoomeye/core.py @@ -43,35 +43,6 @@ def key_init(key): os.chmod(key_file, 0o600) -def jwt_init(username, password): - """ - initialize through the user name and password, write jwt to the local configuration file, - the expiration time is about 12 hours, so it is recommended to initialize through the api key. - :param username: str, login zoomeye account - :param password: str, login zoomeye account password - :return: - """ - file.check_exist(zoomeye_dir) - try: - zoom = ZoomEye(username=username, password=password) - access_token = zoom.login() - except Exception: - return - jwt_file = zoomeye_dir + "/jwt" - if access_token: - # display the remaining resources of the current account - user_data = zoom.resources_info() - show.printf("Role: {}".format(user_data["plan"])) - show.printf("Quota: {}".format(user_data["resources"].get("search"))) - with open(jwt_file, 'w') as f: - f.write(access_token) - show.printf("successfully initialized", color="green") - # change the permission of the configuration file to read-only - os.chmod(jwt_file, 0o600) - else: - show.printf("failed initialized!", color="red") - - def init(args): """ the initialization processing function will select the initialization method according to the user's input. @@ -79,16 +50,10 @@ def init(args): :return: """ api_key = args.apikey - username = args.username - password = args.password # use api key init - if api_key and username is None and password is None: + if api_key: key_init(api_key) return - # use username and password init - if api_key is None and username and password: - jwt_init(username, password) - return # invalid parameter show.printf("input parameter error", color="red") show.printf("please run for help.", color="red") @@ -134,8 +99,8 @@ def info(args): :param args: :return: """ - api_key, access_token = file.get_auth_key() - zm = ZoomEye(api_key=api_key, access_token=access_token) + api_key = file.get_auth_key() + zm = ZoomEye(api_key=api_key) # get user information user_data = zm.resources_info() if user_data: diff --git a/zoomeye/data.py b/zoomeye/data.py index b2a6b97..5dcda3b 100644 --- a/zoomeye/data.py +++ b/zoomeye/data.py @@ -346,8 +346,8 @@ def __init__(self, dork, num, resource, facet=None, force=False): self.facet_data = None self.total = 0 - self.api_key, self.access_token = file.get_auth_key() - self.zoomeye = ZoomEye(api_key=self.api_key, access_token=self.access_token) + self.api_key = file.get_auth_key() + self.zoomeye = ZoomEye(api_key=self.api_key) def handle_page(self): try: @@ -652,8 +652,8 @@ def get_data(self): get user level and IP historical data """ normal_user = ['user', 'developer'] - api_key, access_token = file.get_auth_key() - zm = ZoomEye(api_key=api_key, access_token=access_token) + api_key = file.get_auth_key() + zm = ZoomEye(api_key=api_key) role = zm.resources_info() # permission restrictions if role["plan"] in normal_user: @@ -716,8 +716,8 @@ def request_data(self): """ get api data """ - api_key, access_token = file.get_auth_key() - zm = ZoomEye(api_key=api_key, access_token=access_token) + api_key = file.get_auth_key() + zm = ZoomEye(api_key=api_key) data = zm.dork_search(self.dork) return data @@ -755,8 +755,8 @@ def __init__(self, q, source, page): self.q = q self.source = source self.page = page - api_key, access_token = file.get_auth_key() - self.zm = ZoomEye(api_key=api_key, access_token=access_token) + api_key = file.get_auth_key() + self.zm = ZoomEye(api_key=api_key) def show_information(self): """show domain search data""" diff --git a/zoomeye/file.py b/zoomeye/file.py index 07cefb8..e65b4c1 100644 --- a/zoomeye/file.py +++ b/zoomeye/file.py @@ -63,28 +63,19 @@ def get_auth_key(): :return: """ api_key = None - access_token = None try: # read the api key from the configuration file, # if not, it will throw an exception that the file is not found. api_key = get_api_key(zoomeye_dir + "/apikey") - return api_key, access_token + return api_key # catch file not found exception except FileNotFoundError: - # try to get the json web token in the configuration file - try: - access_token = get_jwt_token(zoomeye_dir + "/jwt") - return api_key, access_token - except FileNotFoundError: - print("please run 'zoomeye init -apikey ' " - "or 'zoomeye init -username -password before using this command") - exit(0) + print("please run 'zoomeye init -apikey ' before using this command") + exit(0) # catch other exceptions except Exception: - # there is no past api key and json web token in the configuration file - # tell users that they need to be initialized before use - print("please run 'zoomeye init -apikey ' " - "or 'zoomeye init -username -password before using this command") + # unknown error + print("Unknown Error! Please submit issue.") exit(0) diff --git a/zoomeye/sdk.py b/zoomeye/sdk.py index 6200861..3a9d03b 100644 --- a/zoomeye/sdk.py +++ b/zoomeye/sdk.py @@ -86,11 +86,8 @@ def find(self, key): class ZoomEye: - def __init__(self, username=None, password=None, api_key="", access_token=""): - self.username = username - self.password = password + def __init__(self, api_key=""): self.api_key = api_key - self.access_token = access_token self.raw_data = None # process data, list @@ -130,39 +127,24 @@ def _request(self, url, params=None, headers=None, method='GET'): return None # if response succeed and status code is not 200 return error format json # others error return unknown error - # mainly users initialized by username and password, access token expires after 12 hours else: raise ValueError(resp.json().get('message')) def _check_header(self): + """ + 2023-04 remove username & password authenticate + only support API-KEY authenticate + """ if self.api_key: headers = { 'API-KEY': self.api_key, } - elif self.access_token: - headers = { - 'Authorization': 'JWT %s' % self.access_token - } else: headers = {} # add user agent headers["User-Agent"] = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" return headers - def login(self): - """ - please see: https://www.zoomeye.org/doc#login - :return: json web token - """ - params = '{{"username": "{}", "password": "{}"}}'.format(self.username, - self.password) - result = self._request(self.login_api, params, method="POST") - if result and "access_token" in result: - self.access_token = result.get("access_token") - return self.access_token - else: - return result - def dork_search(self, dork, page=0, resource="host", facets=None): """ Search records with ZoomEye dorks. @@ -400,11 +382,7 @@ def show_ip_port(data): def zoomeye_api_test(): zoomeye = ZoomEye() - zoomeye.api_key = input('ZoomEye API-KEY(If you don\'t use API-KEY , Press Enter): ') - zoomeye.username = input('ZoomEye Username: ') - zoomeye.password = getpass.getpass(prompt='ZoomEye Password: ') - if zoomeye.username != "" and zoomeye.password != "": - zoomeye.login() + zoomeye.api_key = input('ZoomEye API-KEY:') print(zoomeye.resources_info()) data = zoomeye.dork_search('solr')