子域名爆破&C段查询&调用Bing查询同IP网站

 1 <?php
 2 
 3 function domainfuzz($domain) {
 4         $ip = gethostbyname($domain);
 5         preg_match("/\d+\.\d+\.\d+\.\d+/",$ip,$arr);
 6         return $arr;
 7 }
 8 
 9 function main() {
10         if(isset($_GET['q'])) {
11                 $return = array();
12                 $domain = trim($_GET["domain"]);
13                 //前缀字典
14                 $q = trim($_GET["q"]);
15                 preg_match("/(\w+\.\w+)$/",$domain,$arr);
16                 $fuzz = $q.'.'.$arr[1];
17                 $result = domainfuzz($fuzz);
18                 $return["domain"] = $fuzz;
19                 if(empty($result)) {
20                         $return["status"] = 500;
21                         $return["ip"] = null;
22                 } else {
23                         $return["status"] = 200;
24                         $return["ip"] = $result[0];
25                 }
26                 echo json_encode($return);
27         }
28 }
29 
30 main();
31 if(!isset($_GET['q'])) {
32 ?>
33 <!DOCTYPE html>
34 <html>
35         <head>
36                 <title>在线子域名爆破|Domain fuzz</title>
37                 <meta charset="utf-8">
38                 <meta >
39                 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">
40                 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap-theme.min.css">
41                 <script src="//cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script>
42                 <script src="//cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
43                 <style type="text/css" media="screen">
44                 </style>
45         </head>
46         <body>
47                 域名：<input type="text" id="domain">
48                 <button>开始</button>
49                 <div id="fuzz"></div>
50                 <div id="info"></div>
51         </body>
52         <script>
53                 //字典自己添加
54                 var dist = ["www","mail","ftp","smtp","kaoshi"];
55                 var num = 0;
56                 var domain = "";
57                 $("button").click(function() {
58                         num = 0;
59                         domain = $("#domain").val();
60                         query();
61                 });
62                 function query() {
63                          
64                         $.get("","domain="+domain+"&q="+dist[num],function(res){
65                                 $("#fuzz").html(res.domain);
66                                 if(res.status == 200) {
67                                         $("#info").append("爆破成功："+ res.domain + "-" + res.ip+ "<br>");
68                                 }
69                                  
70                         },"json");
71                         num++;
72                         if(num<3000) {
73                                 query();
74                         }
75         }
76                 //alert(dist.length);
77         </script>
78 </html>
79 
80 <?php
81 
82 }
83 ?>

  1 <?php
  2 
  3 function getIp($url) {
  4         $data = file_get_contents("http://www.ip138.com/ips138.asp?ip={$url}&action=2");
  5         preg_match("/(\d+\.\d+\.\d+\.\d+)<\/font>/", $data, $arr);
  6         if(!empty($arr[1])) {
  7                 return $arr[1];
  8         }
  9         return $url;
 10 }
 11 
 12 function getBing($ip) {
 13         $ctx = stream_context_create(array(
 14                         'http' => array(
 15                                 'timeout' => 30,
 16                                 //'proxy' => 'tcp://113.47.46.152:1080',
 17                                 'request_fulluri' => True,
 18                                 'header'=> "User-Agent: BaiduSpider\r\nAccept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
 19                         )
 20                 )
 21         );
 22         $first = 1;
 23         $res = array();
 24         while(true) {
 25                 $url = "http://www.bing.com/search?q=ip%3A{$ip}&go=%E6%8F%90%E4%BA%A4&qs=n&first={$first}&form=QBRE&pq=ip%3A{$ip}&sc=0-0&sp=-1&sk=&cvid=5e52385772e24683a0bdf047de60abfc";
 26                 $first = $first + 10;
 27                 $result = file_get_contents($url, False, $ctx); 
 28                 preg_match_all('/<h2><a href="((http|https):\/\/([\w|\.]+)\/)([\w|\/|&|=|\.|\?]+)?" h="ID=\w+,\w+\.\w+">/',$result,$arr);
 29                 if(!empty($arr[1])) {
 30                         foreach($arr[1] as $v) {
 31                                 array_push($res, $v);
 32                         } 
 33                 }
 34                 if(!preg_match('/<div class="sw_next">/', $result)) {
 35                         break;
 36                 }
 37 
 38         }
 39         return array_unique($res);
 40 }
 41 
 42 //getBing("58.96.186.133");
 43 
 44 function main() {
 45         if(isset($_POST["action"])) {
 46                 $action = trim($_POST["action"]);
 47                 if($action == "getip") {
 48                         $domain = trim($_POST["domain"]);
 49                         $ip = getIp($domain);
 50                         echo $ip;
 51                 }
 52                 if($action == "query") {
 53                         $ip = trim($_POST["ip"]);
 54                         $res = getBing($ip);
 55                         echo json_encode($res);
 56                 }
 57         }
 58 }
 59 
 60 main();
 61 if(empty($_POST['action'])) {
 62 ?>
 63 <!DOCTYPE html>
 64 <html>
 65         <head>
 66                 <title>必应接口C段查询|c段查询|旁站查询</title>
 67                 <meta charset="utf-8">
 68                 <meta >
 69                 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">
 70                 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap-theme.min.css">
 71                 <script src="//cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script>
 72                 <script src="//cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
 73                 <style type="text/css" media="screen">
 74                         .main{
 75                                 width:90%;
 76                                 //border:1px solid red;
 77                                 margin-top:20px;
 78                         }
 79                         .ip{
 80                                 margin-top:10px;
 81                         }
 82                         dd{
 83                                 text-indent:10px;
 84                         }
 85                 </style>
 86         </head>
 87         <body>
 88                 <div class="container">
 89                         <div class="main">
 90                                 <h1>必应接口C段查询 </h1>
 91                                 <form class="form-inline">
 92                                         <div class="form-group" style="">
 93                                         <input type="text" id="domain" class="form-control" placeholder="输入你要查询的ip或域名">
 94                                         </div>
 95                                         <button type="submit" class="btn btn-success" id="getip">获取ip</button>
 96                                         <button type="submit" class="btn btn-info" id="query">查询</button>
 97                                 </form>
 98                                 <div class="alert alert-info ip" role="alert" style="display:none">IP:<span id="ip"></span><span id="se"></span></div>
 99                                 <div class="progress" id="jd" style="display:none">
100                                   <div class="progress-bar progress-bar-success progress-bar-striped" role="progressbar" aria-valuenow="40" id="b" aria-valuemin="0" aria-valuemax="100" style="width: 0%">
101                                           <span class="sr-only">40% Complete (success)</span>
102                                   </div>
103                                 </div>
104                                 <dl id="result">
105 
106                                 </dl>
107                         </div>
108                 </div>
109         </body>
110         <script type="text/javascript">
111                 var ipi = 1;
112                 $(function() {
113                         $("#getip").click(function() {
114                                 var domain = $("#domain").val();
115                                 if(domain == "") {
116                                         alert("请输入ip或者域名");
117                                         return false;
118                                 }
119                                 $.post("","action=getip&domain="+domain,function(res) {
120                                         var ip = res;
121                                         $("#ip").html(ip);
122                                         $(".ip").show();
123                                         arr = ip.split(".");
124                                         start = arr[0] + "." + arr[1] + "." + arr[2] + "." + 1;
125                                         end = arr[0] + "." + arr[1] + "." + arr[2] + "." + 255;
126                                         $("#se").html(" 查询ip段：" + start + "-" + end)
127                                 })
128                         });
129                          
130                         $("#query").click(function() {
131                                 ipi=1;
132                                 $("#b").css("width","0%");
133                                 $("#result").html("");
134                                 $("#jd").show();
135                                 query();
136                                  
137                         });
138                 })
139 
140                 function query() {
141                         $("#query").click(function() {
142                                 return;
143                         });
144                         var html = "";
145                         var b = (ipi/255) * 100;
146                         var ip = $("#ip").html();
147                         if(ip == "") {
148                                 alert("骚年请先获取Ip哦");
149                                 return;
150                         }
151                         var arr = ip.split(".");
152                         var ips = arr[0] + "." + arr[1] + "." + arr[2] + "." + ipi;
153                          
154                         $.post("","action=query&ip="+ips,function(res) {
155                                 $("#b").css("width",b+"%");
156                                 html += "<dt>"+ ips +"</dt>";
157                                 for(var i in res) {
158                                         html += "<dd><a href=\"" + res[i] + "\" target=\"_blank\">" + res[i]+"</a></dd>";
159                                          
160                                 }
161                                 $("#result").append(html);
162                                 if(ipi<255) {
163                                         ipi++;
164                                         query();
165                                 }
166                         },"json");
167                 }
168         </script>
169 </html>
170 
171 <?php
172 }
173 ?>

 1 #!/usr/bin/env python
 2 # -*- coding: utf-8 -*-
 3 # @Author: Lcy
 4 # @Date:   2015-07-22 10:41:17
 5 # @Last Modified by:   Lcy
 6 # @Last Modified time: 2015-07-22 10:49:44
 7 import urllib2
 8 import re
 9 import sys
10 import socket
11 
12 def curl(ip,first):
13     #设置ip代理，
14     proxy_handler = urllib2.ProxyHandler({"http" : 'http://115.47.46.152:1080'})
15     null_proxy_handler = urllib2.ProxyHandler({})
16     opener = urllib2.build_opener(proxy_handler)
17     urllib2.install_opener(opener)
18     uri = "http://www.bing.com/search?q=ip%3A" + ip +"&go=%E6%8F%90%E4%BA%A4&qs=n&first="+ str(first) +"&form=QBRE&pq=ip%3A" + ip +"&sc=0-0&sp=-1&sk=&cvid=5e52385772e24683a0bdf047de60abfc"
19     request = urllib2.Request(uri)
20     request.add_header('User-Agent', 'BaiduSpider')
21     response = urllib2.urlopen(request, timeout=10)
22     res = response.read()
23     return res
24 def getIp(domain):
25     myaddr = socket.getaddrinfo(domain,'http')[0][4][0]
26     return myaddr
27 def get(ip):
28     ip = getIp(ip)
29     print "[+] Query IP:" + ip + "\n"
30     rev = []
31     first = 1
32     while True:
33         res = curl(ip,first)
34         first = first + 10
35         r = re.findall(r'<h2><a href="((http|https):\/\/([\w|\.]+)\/)([\w|\/|&|=|\.|\?]+)?" h="ID=\w+,\w+\.\w+">',res)
36         for i in r:
37             print "[+] " + i[0]
38             rev.append(i[0])
39         m = re.search(r'<div class="sw_next">', res)
40         if not m:
41             break
42     result = list(set(rev))
43     return result
44 if __name__ == "__main__":
45     print u"""------------------------------------------------------------------------------
46 必应旁站查询                                                    qq:1141056911
47                                                                        By Lcy
48                                                             http://phpinfo.me
49 ------------------------------------------------------------------------------
50     """
51     if len(sys.argv) != 2:
52         print "Usage: %s ip" % sys.argv[0]
53         exit()    
54     urllist = get(sys.argv[1])
55     result = ""
56     for i in urllist:
57         result = result + i + "\r\n"
58     f = open("Result.txt","w")
59     f.write(result)
60     f.close()
61     print u"\r\n结果已经保存为Result.txt"

本文转自 K1two2 博客园博客，原文链接： http://www.cnblogs.com/k1two2/p/4748642.html   ，如需转载请自行联系原作者