Talk about the recent ZoomEye updates

Author: Heige(a.k.a Superhei) of KnownSec 404 Team 12/10/2020

As the world’s leading search engine for cyberspace mapping, ZoomEye has been working hard! I would like to thank all the friends who support ZoomEye.

API-KEY

I am honored that more and more new excellent project developers are beginning to integrate and call the ZoomEye API, such as:

Intel Owl https://github.com/intelowlproject/IntelOwl
OWASP Amass https://github.com/OWASP/Amass
TheTHE https://empresas.blogthinkbig.com/zoomeye-ampliando-thethe-mas-plugins/?=tw2

Of course, the ZoomEye API SDK project (https://github.com/knownsec/ZoomEye ) has been updated accordingly.

The installation command is as follows:

sudo pip3 install git+https://github.com/knownsec/ZoomEye.git

The calling example is as follows:

╭─heige@404Team ~/
╰─$python3
Python 3.7.5 (default, Nov 1 2019, 02:16:23)
[Clang 11.0.0 (clang-1100.0.33.8)] on darwin
Type “help”, “copyright”, “credits” or “license” for more information.
>>> import zoomeye
>>> zm = zoomeye.ZoomEye(api_key=”664***130-****-1E6fe-****-4FC03****d3")
>>> data = zm.dork_search(‘apache +country:cn’)
>>> zoomeye.show_site_ip(data)
None 2406:0:58:80c6:202:128:247:75
None 154.207.42.20
None 211.21.177.53

Just as we expect, we hope to join many excellent project developers to give full play to the capabilities of ZoomEye.

Visual graphical input query

Data subscription

This function can continuously monitor data changes for the specified IP (including IP segment) and the target of the device dork, and provide data change trend graphs, new data downloads, email reminders, etc.

Continuously improve data acquisition capabilities

Then, we focused on optimizing the recognition of URL redirects in the HTTP protocol.Accurately obtaining the banner data in the redirect URL page is essential for us to identify device fingerprints, extract page titile and other information,So we have introduced the browser engine to dynamically recognize URL redirects including http 302 headers, html/js, etc.

In addition, we began to transform the WMAP engine scanned by our website, which will grab the complete html code data for display instead of obtaining the http response header information before.

Of course, this time we also continue to update our port protocol data support:

* Added CobaltStrike Beacon configuration information acquisition,

ZoomEye Dork : “CobaltStrike Beacon configurations”
https://www.zoomeye.org/searchResult?q=%22CobaltStrike%20Beacon%20configurations%22

* Added 264/tcp port scanning and support checkpoint related protocol detection
ZoomEye Dork : port:”264" +service:”checkpoint”
https://www.zoomeye.org/searchResult?q=port%3A%22264%22%20%2Bservice%3A%22checkpoint%22

* Added 4899/tcp port scanning and support radmin related protocol detection
ZoomEye Dork : port:”4899" +service:”radmin”
https://www.zoomeye.org/searchResult?q=port%3A%224899%22%20%2Bservice%3A%22radmin%22

Support bracket first logical operation

Now, we start to support () priority operation, which can satisfy more complex logical searches.

Finally, we secretly fixed a lot of bugs :)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store