php内网探测脚本&简单代理访问


Oct 15 2015

php内网探测脚本&简单代理访问

首页 » 神器下载 » php内网探测脚本&简单代理访问   

<?php
$url = isset($_REQUEST['u'])?$_REQUEST['u']:null;
$ip = isset($_REQUEST['i'])?$_REQUEST['i']:null;

if($url != null){
    $host = getHost($url);
    echo getCss($host,getHtmlContext($url));
}else if($ip != null){
    $useIP = substr($ip,0,strripos($ip,".") + 1);
  ob_start();
    for($i=0;$i<256;$i++){
      $url = "http://".$useIP.$i;
    $html = getHtmlContext($url);
    $title = getTitle(html);
    $serverType = getHeader("Server");
    $status = $html ? "Success": "Fail";
    if($html){
       echo $url."  >>  ".$title.">>".$serverType." >>".$status."<br/>";
    }
        @ob_flush();
        flush();
  }
  ob_end_clean();
}
function getHtmlContext($url){
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HEADER, TRUE);    //表示需要response header
    curl_setopt($ch, CURLOPT_NOBODY, FALSE); //表示需要response body
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($ch, CURLOPT_TIMEOUT, 120);
    $result = curl_exec($ch);
  global $header;
  if($result){
       $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
       $header = explode("\r\n",substr($result, 0, $headerSize));
       $body = substr($result, $headerSize);
  }
    if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '200') {
        return $body;
    }
    if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '302') {
    $location = getHeader("Location");
    if(strpos(getHeader("Location"),'http://') == false){
      $location = getHost($url).$location;
    }
        return getHtmlContext($location);
    }
    return NULL;
}
function getHeader($name){
  global $header;
  foreach ($header as $loop) {
     if(strpos($loop,$name) !== false){
       return trim(substr($loop,strlen($name)+2));
     }
  }
}
function getTitle($html){
    preg_match("/<title>(.*?)<\/title>/i",$html, $matches);
  return $matches[1];
}
function getHost($url){
    preg_match("/^(http:\/\/)?([^\/]+)/i",$url, $matches);
    return $matches[0];
}
function getCss($host,$html){
    preg_match_all("/<link[\s\S]*?href=['\"](.*?[.]css.*?)[\"'][\s\S]*?>/i",$html, $matches);
  //print_r($matches);
    foreach($matches[1] as $v){
    $cssurl = $v;
        if(strpos($v,'http://') == false){
      $cssurl = $host."/".$v;
    }
    $csshtml = "<style>".file_get_contents($cssurl)."</style>";
    $html .= $csshtml;
  }
  return $html;
}
?> 1.gif 

如果您喜欢本博客,欢迎点击图片定订阅到邮箱填写您的邮件地址,订阅我们的精彩内容:

正文部分到此结束

文章标签: 渗透工具 内网渗透

版权声明:若无特殊注明,本文皆为( mOon )原创,转载请保留文章出处。

也许喜欢: «通过xmlrpc暴力破解wordpress(单请求多组帐户密码)含exp | jsp内网探测脚本&简单代理访问»

你肿么看?

你还可以输入 250/250 个字

 微笑 大笑 拽 大哭 亲亲 流汗 喷血 奸笑 囧 不爽 晕 示爱 害羞 吃惊 惊叹 爱你 吓死了 呵呵

评论信息框

已有2条评论

匿名

2016-10-05 07:25 沙发
cookies这功能没有吗

mOon

2016-10-19 09:08
@匿名:你要cookies 可以付费帮你写。。哈哈