Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

找出来的*.google.com都是*.*.*.125这样的,然后似乎都是转到hangouts #88

Closed
rexdf opened this issue Aug 10, 2015 · 6 comments
Closed

找出来的*.google.com都是*.*.*.125这样的,然后似乎都是转到hangouts #88

rexdf opened this issue Aug 10, 2015 · 6 comments
Labels
wontfix

Comments

@rexdf
Copy link
Contributor

rexdf commented Aug 10, 2015 

...
$./filter.sh *.google.com
*.*.*125
...

$curl https://www.google.com/ncr -I --resolve www.google.com:443:173.194.214.125
HTTP/1.1 301 Moved Permanently
Location: http:https://www.google.com/hangouts/
Content-Type: text/html
Content-Length: 178

而在墙外ping www.google.com则结尾不是125的IP,在墙外执行则如下:

curl https://www.google.com/ncr -I --resolve www.google.com:443:74.125.226.84
HTTP/1.1 302 Found
Location: http:https://www.google.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Aug 2015 12:03:56 GMT
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: PREF=ID=1111111111111111:FF=0:LD=en:CR=2:TM=1439208236:LM=1439208236:V=1:S=DwJ3iZMBC3my-R3V; expires=Wed, 09-Aug-2017 12:03:56 GMT; path=/; domain=.google.com
Alternate-Protocol: 443:quic,p=1

这个找出来全部是125结尾的现象不知道我是不是个例?
@txthinking
Copy link
Owner

在外面忙,明天我试试
On Aug 10, 2015 8:05 PM, "rexdf" [email protected] wrote:

...
$./filter.sh .google.com._._125
...
$curl https://www.google.com/ncr -I --resolve www.google.com:443:173.194.214.125
HTTP/1.1 301 Moved Permanently
Location: http:https://www.google.com/hangouts/
Content-Type http:https://www.google.com/hangouts/Content-Type: text/html
Content-Length: 178

而在墙外ping www.google.com则结尾不是125的IP,在墙外执行则如下:

curl https://www.google.com/ncr -I --resolve www.google.com:443:74.125.226.84
HTTP/1.1 302 Found
Location: http:https://www.google.com/
Cache-Control http:https://www.google.com/Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Aug 2015 12:03:56 GMT
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: PREF=ID=1111111111111111:FF=0:LD=en:CR=2:TM=1439208236:LM=1439208236:V=1:S=DwJ3iZMBC3my-R3V; expires=Wed, 09-Aug-2017 12:03:56 GMT; path=/; domain=.google.com
Alternate-Protocol: 443:quic,p=1

这个找出来全部是125结尾的现象不知道我是不是个例?


Reply to this email directly or view it on GitHub
#88.

@txthinking
Copy link
Owner

先试试用 select.sh 呢

@rexdf
Copy link
Contributor Author

rexdf commented Aug 12, 2015

因为auto.sh找出来的总是不能用(多次删了重新git clone),所以我想直接进去手工找。filter.sh不就是grep -Ph "\s$p$" output/* | sort -k2n -k3n吗?

问题关键在于我找到的out目录下面没有一个不是125结尾的。估计是我网络问题还是啥的,下午再试下

@txthinking
Copy link
Owner

看来我需要更新下filter的功能

2015-08-12 9:42 GMT+08:00 rexdf [email protected]:

因为auto.sh找出来的总是不能用(多次删了重新git clone),所以我想直接进去手工找。filter.sh不就是grep -Ph
"\s$p$" output/* | sort -k2n -k3n吗?

问题关键在于我找到的out目录下面_没有一个不是_125结尾的。估计是我网络问题还是啥的,下午再试下


Reply to this email directly or view it on GitHub
#88 (comment)
.

About Me: http:https://www.txthinking.com

@rexdf
Copy link
Contributor Author

rexdf commented Aug 12, 2015

我不大知道怎么回事,不太懂网络(nmap)相关的问题。下面是在output目录执行结果

$ grep -nr *.google.com
3512041472-3512074239:4751:209.85.146.125       0%      464.6   *.google.com
3512041472-3512074239:5145:209.85.147.125       40%     518.333 *.google.com
2915172352-2915237887:16826:173.194.65.125      0%      432.2   *.google.com
2915172352-2915237887:18409:173.194.71.125      40%     478.333 *.google.com
2915172352-2915237887:19200:173.194.74.125      0%      433.8   *.google.com
2915172352-2915237887:19993:173.194.77.125      0%      521.8   *.google.com
2915172352-2915237887:49893:173.194.194.125     40%     446.667 *.google.com
2915172352-2915237887:50093:173.194.195.125     20%     443.5   *.google.com
2915172352-2915237887:50487:173.194.196.125     0%      735.4   *.google.com
2915172352-2915237887:50682:173.194.197.125     0%      516.6   *.google.com
2915172352-2915237887:51083:173.194.199.125     20%     429     *.google.com
2915172352-2915237887:51476:173.194.200.125     0%      383.2   *.google.com
2915172352-2915237887:51875:173.194.202.125     0%      395.4   *.google.com
2915172352-2915237887:52269:173.194.203.125     40%     440.667 *.google.com
2915172352-2915237887:53262:173.194.207.125     0%      579.2   *.google.com
2915172352-2915237887:53658:173.194.209.125     20%     470     *.google.com
2915172352-2915237887:54052:173.194.210.125     0%      512     *.google.com
2915172352-2915237887:54242:173.194.211.125     60%     428.5   *.google.com
2915172352-2915237887:54450:173.194.212.125     0%      408.2   *.google.com
2915172352-2915237887:54843:173.194.213.125     0%      505.8   *.google.com
2915172352-2915237887:55039:173.194.214.125     0%      498.4   *.google.com
2915172352-2915237887:55241:173.194.215.125     40%     562.667 *.google.com
2915172352-2915237887:55437:173.194.216.125     20%     521.75  *.google.com
2915172352-2915237887:56032:173.194.218.125     80%     526     *.google.com
2915172352-2915237887:56232:173.194.219.125     20%     511.5   *.google.com
2915172352-2915237887:56627:173.194.220.125     0%      553.8   *.google.com
2915172352-2915237887:57024:173.194.222.125     80%     429     *.google.com
1249705984-1249771519:5342:74.125.20.125        60%     586     *.google.com
1249705984-1249771519:5939:74.125.22.125        20%     525     *.google.com
1249705984-1249771519:6334:74.125.24.125        20%     546     *.google.com
1249705984-1249771519:6929:74.125.26.125        20%     528.25  *.google.com
1249705984-1249771519:7718:74.125.29.125        40%     445.333 *.google.com
1249705984-1249771519:7918:74.125.30.125        0%      466     *.google.com
1249705984-1249771519:17818:74.125.69.125       0%      544.2   *.google.com
1249705984-1249771519:18409:74.125.71.125       0%      472.4   *.google.com
1249705984-1249771519:33258:74.125.129.125      0%      422.8   *.google.com
1249705984-1249771519:34252:74.125.133.125      0%      424.4   *.google.com
1249705984-1249771519:34451:74.125.134.125      20%     568.25  *.google.com
1249705984-1249771519:35045:74.125.136.125      0%      507.2   *.google.com
1249705984-1249771519:35837:74.125.139.125      40%     715.667 *.google.com
1249705984-1249771519:36033:74.125.140.125      0%      395.8   *.google.com
1249705984-1249771519:36234:74.125.141.125      20%     497.75  *.google.com
1249705984-1249771519:36827:74.125.143.125      20%     541     *.google.com
1249705984-1249771519:49890:74.125.194.125      60%     606     *.google.com
1249705984-1249771519:50092:74.125.195.125      20%     604.75  *.google.com
1249705984-1249771519:50486:74.125.196.125      0%      581.2   *.google.com
1249705984-1249771519:51673:74.125.201.125      0%      487     *.google.com
1249705984-1249771519:52865:74.125.206.125      20%     672.5   *.google.com
1089052672-1089060863:198:64.233.160.125        20%     478.5   *.google.com
1089052672-1089060863:395:64.233.161.125        0%      585.2   *.google.com
1089052672-1089060863:987:64.233.163.125        0%      565.4   *.google.com
1089052672-1089060863:1185:64.233.164.125       0%      539     *.google.com
1089052672-1089060863:1582:64.233.165.125       0%      491.8   *.google.com
1089052672-1089060863:5343:64.233.180.125       80%     629     *.google.com
1089052672-1089060863:6135:64.233.183.125       40%     629.333 *.google.com
1089052672-1089060863:6534:64.233.185.125       40%     547     *.google.com
1089052672-1089060863:6927:64.233.186.125       40%     699     *.google.com
1089052672-1089060863:7326:64.233.188.125       100%    NO      *.google.com
1089052672-1089060863:7720:64.233.189.125       80%     260     *.google.com
1089052672-1089060863:7918:64.233.190.125       0%      645.8   *.google.com
1089052672-1089060863:8116:64.233.191.125       20%     475.75  *.google.com
3639549952-3639558143:1778:216.239.38.121       80%     125     *.google.com

@txthinking
Copy link
Owner

hangout的IP会开启5222端口,select.sh里面也是通过5222端口是否开着来排出hangout
IP. 但是这个端口时而让我扫到,时而让我扫不到

FUCK scripts $ nmap --host-timeout 2s 173.194.67.125 -p 5222
2>/dev/null | grep -Pc "5222/tcp open"
1
FUCK scripts $ nmap --host-timeout 2s 173.194.67.125 -p 5222
2>/dev/null | grep -Pc "5222/tcp open"
0
FUCK scripts $ nmap --host-timeout 2s 173.194.67.125 -p 5222
2>/dev/null | grep -Pc "5222/tcp open"
0
FUCK scripts $ nmap --host-timeout 2s 173.194.67.125 -p 5222
2>/dev/null | grep -Pc "5222/tcp open"
1
FUCK scripts $ nmap --host-timeout 2s 173.194.67.125 -p 5222
2>/dev/null | grep -Pc "5222/tcp open"
1
FUCK scripts $ nmap --host-timeout 2s 173.194.67.125 -p 5222
2>/dev/null | grep -Pc "5222/tcp open"
1
FUCK scripts $ nmap --host-timeout 2s 173.194.67.125 -p 5222
2>/dev/null | grep -Pc "5222/tcp open"
1

另外我跑了一遍,发现存活IP少了很多 :(

On Wed, Aug 12, 2015 at 10:20 AM, rexdf [email protected] wrote:

我不大知道怎么回事,不太懂网络(nmap)相关的问题。下面是在output目录执行结果

$ grep -nr *.google.com
3512041472-3512074239:4751:209.85.146.125 0% 464.6 *.google.com
3512041472-3512074239:5145:209.85.147.125 40% 518.333 *.google.com
2915172352-2915237887:16826:173.194.65.125 0% 432.2 *.google.com
2915172352-2915237887:18409:173.194.71.125 40% 478.333 *.google.com
2915172352-2915237887:19200:173.194.74.125 0% 433.8 *.google.com
2915172352-2915237887:19993:173.194.77.125 0% 521.8 *.google.com
2915172352-2915237887:49893:173.194.194.125 40% 446.667 *.google.com
2915172352-2915237887:50093:173.194.195.125 20% 443.5 *.google.com
2915172352-2915237887:50487:173.194.196.125 0% 735.4 *.google.com
2915172352-2915237887:50682:173.194.197.125 0% 516.6 *.google.com
2915172352-2915237887:51083:173.194.199.125 20% 429 *.google.com
2915172352-2915237887:51476:173.194.200.125 0% 383.2 *.google.com
2915172352-2915237887:51875:173.194.202.125 0% 395.4 *.google.com
2915172352-2915237887:52269:173.194.203.125 40% 440.667 *.google.com
2915172352-2915237887:53262:173.194.207.125 0% 579.2 *.google.com
2915172352-2915237887:53658:173.194.209.125 20% 470 *.google.com
2915172352-2915237887:54052:173.194.210.125 0% 512 *.google.com
2915172352-2915237887:54242:173.194.211.125 60% 428.5 *.google.com
2915172352-2915237887:54450:173.194.212.125 0% 408.2 *.google.com
2915172352-2915237887:54843:173.194.213.125 0% 505.8 *.google.com
2915172352-2915237887:55039:173.194.214.125 0% 498.4 *.google.com
2915172352-2915237887:55241:173.194.215.125 40% 562.667 *.google.com
2915172352-2915237887:55437:173.194.216.125 20% 521.75 *.google.com
2915172352-2915237887:56032:173.194.218.125 80% 526 *.google.com
2915172352-2915237887:56232:173.194.219.125 20% 511.5 *.google.com
2915172352-2915237887:56627:173.194.220.125 0% 553.8 *.google.com
2915172352-2915237887:57024:173.194.222.125 80% 429 *.google.com
1249705984-1249771519:5342:74.125.20.125 60% 586 *.google.com
1249705984-1249771519:5939:74.125.22.125 20% 525 *.google.com
1249705984-1249771519:6334:74.125.24.125 20% 546 *.google.com
1249705984-1249771519:6929:74.125.26.125 20% 528.25 *.google.com
1249705984-1249771519:7718:74.125.29.125 40% 445.333 *.google.com
1249705984-1249771519:7918:74.125.30.125 0% 466 *.google.com
1249705984-1249771519:17818:74.125.69.125 0% 544.2 *.google.com
1249705984-1249771519:18409:74.125.71.125 0% 472.4 *.google.com
1249705984-1249771519:33258:74.125.129.125 0% 422.8 *.google.com
1249705984-1249771519:34252:74.125.133.125 0% 424.4 *.google.com
1249705984-1249771519:34451:74.125.134.125 20% 568.25 *.google.com
1249705984-1249771519:35045:74.125.136.125 0% 507.2 *.google.com
1249705984-1249771519:35837:74.125.139.125 40% 715.667 *.google.com
1249705984-1249771519:36033:74.125.140.125 0% 395.8 *.google.com
1249705984-1249771519:36234:74.125.141.125 20% 497.75 *.google.com
1249705984-1249771519:36827:74.125.143.125 20% 541 *.google.com
1249705984-1249771519:49890:74.125.194.125 60% 606 *.google.com
1249705984-1249771519:50092:74.125.195.125 20% 604.75 *.google.com
1249705984-1249771519:50486:74.125.196.125 0% 581.2 *.google.com
1249705984-1249771519:51673:74.125.201.125 0% 487 *.google.com
1249705984-1249771519:52865:74.125.206.125 20% 672.5 *.google.com
1089052672-1089060863:198:64.233.160.125 20% 478.5 *.google.com
1089052672-1089060863:395:64.233.161.125 0% 585.2 *.google.com
1089052672-1089060863:987:64.233.163.125 0% 565.4 *.google.com
1089052672-1089060863:1185:64.233.164.125 0% 539 *.google.com
1089052672-1089060863:1582:64.233.165.125 0% 491.8 *.google.com
1089052672-1089060863:5343:64.233.180.125 80% 629 *.google.com
1089052672-1089060863:6135:64.233.183.125 40% 629.333 *.google.com
1089052672-1089060863:6534:64.233.185.125 40% 547 *.google.com
1089052672-1089060863:6927:64.233.186.125 40% 699 *.google.com
1089052672-1089060863:7326:64.233.188.125 100% NO *.google.com
1089052672-1089060863:7720:64.233.189.125 80% 260 *.google.com
1089052672-1089060863:7918:64.233.190.125 0% 645.8 *.google.com
1089052672-1089060863:8116:64.233.191.125 20% 475.75 *.google.com
3639549952-3639558143:1778:216.239.38.121 80% 125 *.google.com


Reply to this email directly or view it on GitHub
#88 (comment)
.

About Me: http:https://www.txthinking.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@txthinking @rexdf