PHP内网探测脚本(内网代理访问+内网端口扫描)
程序员文章站
2024-02-07 08:08:46
...
前些天看到wooyun社区有人发的jsp内网探测脚本,可以内网代理访问和内网端口扫描。但是却没找到php的既能代理内网,又能扫描内网端口的的脚本。所以我写了这个集合版本的php内网探测脚本。
';@ob_flush();@flush();scanip($startip,$timeout,$portarr);@ob_flush();@flush();exit();} if($eiparr[3]!=255){$eiparr[3]+=1;}while($ciparr!=$eiparr){$ip=$ciparr[0].'.'.$ciparr[1].'.'.$ciparr[2].'.'.$ciparr[3];echo '
Scanning IP '.$ip.'
';@ob_flush();@flush();scanip($ip,$timeout,$portarr);$ciparr[3]+=1; if($ciparr[3]>255){$ciparr[2]+=1;$ciparr[3]=0;}if($ciparr[2]>255){$ciparr[1]+=1;$ciparr[2]=0;}}}/*内网代理代码*/function getHtmlContext($url){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, TRUE); //表示需要response header curl_setopt($ch, CURLOPT_NOBODY, FALSE); //表示需要response body curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_TIMEOUT, 120); $result = curl_exec($ch); global $header; if($result){ $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header = explode("\r\n",substr($result, 0, $headerSize)); $body = substr($result, $headerSize); } if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '200') { return $body; } if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '302') { $location = getHeader("Location"); if(strpos(getHeader("Location"),'http://') == false){ $location = getHost($url).$location; } return getHtmlContext($location); } return NULL; } function getHost($url){ preg_match("/^(http:\/\/)?([^\/]+)/i",$url, $matches); return $matches[0]; } function getCss($host,$html){ preg_match_all("//i",$html, $matches); foreach($matches[1] as $v){ $cssurl = $v; if(strpos($v,'http://') == false){ $cssurl = $host."/".$v; } $csshtml = ""; $html .= $csshtml; } return $html; } if($url != null){ $host = getHost($url); echo getCss($host,getHtmlContext($url)); }?>
一、代码
';@ob_flush();@flush(); } }}echo '';if(isset($_POST['startip'])&&isset($_POST['endip'])&&isset($_POST['port'])&&isset($_POST['timeout'])){ $startip=$_POST['startip'];$endip=$_POST['endip'];$timeout=$_POST['timeout'];$port=$_POST['port'];$portarr=explode(',',$port);$siparr=explode('.',$startip);$eiparr=explode('.',$endip);$ciparr=$siparr;if(count($ciparr)!=4||$siparr[0]!=$eiparr[0]||$siparr[1]!=$eiparr[1]){exit('IP error: Wrong IP address or Trying to scan class A address');}if($startip==$endip){echo 'Scanning IP '.$startip.'
';@ob_flush();@flush();scanip($startip,$timeout,$portarr);@ob_flush();@flush();exit();} if($eiparr[3]!=255){$eiparr[3]+=1;}while($ciparr!=$eiparr){$ip=$ciparr[0].'.'.$ciparr[1].'.'.$ciparr[2].'.'.$ciparr[3];echo '
Scanning IP '.$ip.'
';@ob_flush();@flush();scanip($ip,$timeout,$portarr);$ciparr[3]+=1; if($ciparr[3]>255){$ciparr[2]+=1;$ciparr[3]=0;}if($ciparr[2]>255){$ciparr[1]+=1;$ciparr[2]=0;}}}/*内网代理代码*/function getHtmlContext($url){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, TRUE); //表示需要response header curl_setopt($ch, CURLOPT_NOBODY, FALSE); //表示需要response body curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_TIMEOUT, 120); $result = curl_exec($ch); global $header; if($result){ $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header = explode("\r\n",substr($result, 0, $headerSize)); $body = substr($result, $headerSize); } if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '200') { return $body; } if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '302') { $location = getHeader("Location"); if(strpos(getHeader("Location"),'http://') == false){ $location = getHost($url).$location; } return getHtmlContext($location); } return NULL; } function getHost($url){ preg_match("/^(http:\/\/)?([^\/]+)/i",$url, $matches); return $matches[0]; } function getCss($host,$html){ preg_match_all("//i",$html, $matches); foreach($matches[1] as $v){ $cssurl = $v; if(strpos($v,'http://') == false){ $cssurl = $host."/".$v; } $csshtml = ""; $html .= $csshtml; } return $html; } if($url != null){ $host = getHost($url); echo getCss($host,getHtmlContext($url)); }?>
其中的代理访问这部分的源码,借鉴了前人的源代码。附上地址:http://zone.wooyun.org/content/22879。对作者表示感谢
用法:
1、端口扫描部分:
填好起始ip、结束ip、自定义端口、超时等,点击扫描即可,十分方便
2、内网代理部分:
直接在文件后面加url参数,注意这里要带着http协议,不然可能css加载不完
上一篇: 论坛的发言在写入数据库之前应该怎么操作
下一篇: jsp向mysql插入记录的问题
推荐阅读
-
PHP内网探测脚本(内网代理访问+内网端口扫描)
-
公司内网环境访问外网需要通过代理,彩信接口在外网环境已经调通,如何通过curl访问代理服务器访问外网
-
利用php+socket5代理进行内网渗透测试
-
php 有没有一种办法,通过外网映射访问获取到内网的ip
-
Ngrok反向代理实现外网访问内网
-
公司内网环境访问外网需要通过代理,彩信接口在外网环境已经调通,如何通过curl访问代理服务器访问外网
-
CentOS7下搭建nginx反向代理服务器使得外网可以二级域名访问内网应用 centos7.2 centos 7.0 centos 6.7
-
php 有没有一种办法,透过外网映射访问获取到内网的ip
-
利用php+socket5代理进行内网渗透测试
-
内网访问PHP服务器,该如何处理