在线子域名爆破
1 <?php 2 3 function domainfuzz($domain) { 4 $ip = gethostbyname($domain); 5 preg_match("/\d+\.\d+\.\d+\.\d+/",$ip,$arr); 6 return $arr; 7 } 8 9 function main() { 10 if(isset($_GET['q'])) { 11 $return = array(); 12 $domain = trim($_GET["domain"]); 13 //前缀字典 14 $q = trim($_GET["q"]); 15 preg_match("/(\w+\.\w+)$/",$domain,$arr); 16 $fuzz = $q.'.'.$arr[1]; 17 $result = domainfuzz($fuzz); 18 $return["domain"] = $fuzz; 19 if(empty($result)) { 20 $return["status"] = 500; 21 $return["ip"] = null; 22 } else { 23 $return["status"] = 200; 24 $return["ip"] = $result[0]; 25 } 26 echo json_encode($return); 27 } 28 } 29 30 main(); 31 if(!isset($_GET['q'])) { 32 ?> 33 <!DOCTYPE html> 34 <html> 35 <head> 36 <title>在线子域名爆破|Domain fuzz</title> 37 <meta charset="utf-8"> 38 <meta > 39 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css"> 40 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap-theme.min.css"> 41 <script src="//cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script> 42 <script src="//cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script> 43 <style type="text/css" media="screen"> 44 </style> 45 </head> 46 <body> 47 域名:<input type="text" id="domain"> 48 <button>开始</button> 49 <div id="fuzz"></div> 50 <div id="info"></div> 51 </body> 52 <script> 53 //字典自己添加 54 var dist = ["www","mail","ftp","smtp","kaoshi"]; 55 var num = 0; 56 var domain = ""; 57 $("button").click(function() { 58 num = 0; 59 domain = $("#domain").val(); 60 query(); 61 }); 62 function query() { 63 64 $.get("","domain="+domain+"&q="+dist[num],function(res){ 65 $("#fuzz").html(res.domain); 66 if(res.status == 200) { 67 $("#info").append("爆破成功:"+ res.domain + "-" + res.ip+ "<br>"); 68 } 69 70 },"json"); 71 num++; 72 if(num<3000) { 73 query(); 74 } 75 } 76 //alert(dist.length); 77 </script> 78 </html> 79 80 <?php 81 82 } 83 ?>
在线C段查询小工具
1 <?php 2 3 function getIp($url) { 4 $data = file_get_contents("http://www.ip138.com/ips138.asp?ip={$url}&action=2"); 5 preg_match("/(\d+\.\d+\.\d+\.\d+)<\/font>/", $data, $arr); 6 if(!empty($arr[1])) { 7 return $arr[1]; 8 } 9 return $url; 10 } 11 12 function getBing($ip) { 13 $ctx = stream_context_create(array( 14 'http' => array( 15 'timeout' => 30, 16 //'proxy' => 'tcp://113.47.46.152:1080', 17 'request_fulluri' => True, 18 'header'=> "User-Agent: BaiduSpider\r\nAccept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", 19 ) 20 ) 21 ); 22 $first = 1; 23 $res = array(); 24 while(true) { 25 $url = "http://www.bing.com/search?q=ip%3A{$ip}&go=%E6%8F%90%E4%BA%A4&qs=n&first={$first}&form=QBRE&pq=ip%3A{$ip}&sc=0-0&sp=-1&sk=&cvid=5e52385772e24683a0bdf047de60abfc"; 26 $first = $first + 10; 27 $result = file_get_contents($url, False, $ctx); 28 preg_match_all('/<h2><a href="((http|https):\/\/([\w|\.]+)\/)([\w|\/|&|=|\.|\?]+)?" h="ID=\w+,\w+\.\w+">/',$result,$arr); 29 if(!empty($arr[1])) { 30 foreach($arr[1] as $v) { 31 array_push($res, $v); 32 } 33 } 34 if(!preg_match('/<div class="sw_next">/', $result)) { 35 break; 36 } 37 38 } 39 return array_unique($res); 40 } 41 42 //getBing("58.96.186.133"); 43 44 function main() { 45 if(isset($_POST["action"])) { 46 $action = trim($_POST["action"]); 47 if($action == "getip") { 48 $domain = trim($_POST["domain"]); 49 $ip = getIp($domain); 50 echo $ip; 51 } 52 if($action == "query") { 53 $ip = trim($_POST["ip"]); 54 $res = getBing($ip); 55 echo json_encode($res); 56 } 57 } 58 } 59 60 main(); 61 if(empty($_POST['action'])) { 62 ?> 63 <!DOCTYPE html> 64 <html> 65 <head> 66 <title>必应接口C段查询|c段查询|旁站查询</title> 67 <meta charset="utf-8"> 68 <meta > 69 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css"> 70 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap-theme.min.css"> 71 <script src="//cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script> 72 <script src="//cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script> 73 <style type="text/css" media="screen"> 74 .main{ 75 width:90%; 76 //border:1px solid red; 77 margin-top:20px; 78 } 79 .ip{ 80 margin-top:10px; 81 } 82 dd{ 83 text-indent:10px; 84 } 85 </style> 86 </head> 87 <body> 88 <div class="container"> 89 <div class="main"> 90 <h1>必应接口C段查询 </h1> 91 <form class="form-inline"> 92 <div class="form-group" style=""> 93 <input type="text" id="domain" class="form-control" placeholder="输入你要查询的ip或域名"> 94 </div> 95 <button type="submit" class="btn btn-success" id="getip">获取ip</button> 96 <button type="submit" class="btn btn-info" id="query">查询</button> 97 </form> 98 <div class="alert alert-info ip" role="alert" style="display:none">IP:<span id="ip"></span><span id="se"></span></div> 99 <div class="progress" id="jd" style="display:none"> 100 <div class="progress-bar progress-bar-success progress-bar-striped" role="progressbar" aria-valuenow="40" id="b" aria-valuemin="0" aria-valuemax="100" style="width: 0%"> 101 <span class="sr-only">40% Complete (success)</span> 102 </div> 103 </div> 104 <dl id="result"> 105 106 </dl> 107 </div> 108 </div> 109 </body> 110 <script type="text/javascript"> 111 var ipi = 1; 112 $(function() { 113 $("#getip").click(function() { 114 var domain = $("#domain").val(); 115 if(domain == "") { 116 alert("请输入ip或者域名"); 117 return false; 118 } 119 $.post("","action=getip&domain="+domain,function(res) { 120 var ip = res; 121 $("#ip").html(ip); 122 $(".ip").show(); 123 arr = ip.split("."); 124 start = arr[0] + "." + arr[1] + "." + arr[2] + "." + 1; 125 end = arr[0] + "." + arr[1] + "." + arr[2] + "." + 255; 126 $("#se").html(" 查询ip段:" + start + "-" + end) 127 }) 128 }); 129 130 $("#query").click(function() { 131 ipi=1; 132 $("#b").css("width","0%"); 133 $("#result").html(""); 134 $("#jd").show(); 135 query(); 136 137 }); 138 }) 139 140 function query() { 141 $("#query").click(function() { 142 return; 143 }); 144 var html = ""; 145 var b = (ipi/255) * 100; 146 var ip = $("#ip").html(); 147 if(ip == "") { 148 alert("骚年请先获取Ip哦"); 149 return; 150 } 151 var arr = ip.split("."); 152 var ips = arr[0] + "." + arr[1] + "." + arr[2] + "." + ipi; 153 154 $.post("","action=query&ip="+ips,function(res) { 155 $("#b").css("width",b+"%"); 156 html += "<dt>"+ ips +"</dt>"; 157 for(var i in res) { 158 html += "<dd><a href=\"" + res[i] + "\" target=\"_blank\">" + res[i]+"</a></dd>"; 159 160 } 161 $("#result").append(html); 162 if(ipi<255) { 163 ipi++; 164 query(); 165 } 166 },"json"); 167 } 168 </script> 169 </html> 170 171 <?php 172 } 173 ?>
Python调用Bing进行同IP网站查询
1 #!/usr/bin/env python 2 # -*- coding: utf-8 -*- 3 # @Author: Lcy 4 # @Date: 2015-07-22 10:41:17 5 # @Last Modified by: Lcy 6 # @Last Modified time: 2015-07-22 10:49:44 7 import urllib2 8 import re 9 import sys 10 import socket 11 12 def curl(ip,first): 13 #设置ip代理, 14 proxy_handler = urllib2.ProxyHandler({"http" : 'http://115.47.46.152:1080'}) 15 null_proxy_handler = urllib2.ProxyHandler({}) 16 opener = urllib2.build_opener(proxy_handler) 17 urllib2.install_opener(opener) 18 uri = "http://www.bing.com/search?q=ip%3A" + ip +"&go=%E6%8F%90%E4%BA%A4&qs=n&first="+ str(first) +"&form=QBRE&pq=ip%3A" + ip +"&sc=0-0&sp=-1&sk=&cvid=5e52385772e24683a0bdf047de60abfc" 19 request = urllib2.Request(uri) 20 request.add_header('User-Agent', 'BaiduSpider') 21 response = urllib2.urlopen(request, timeout=10) 22 res = response.read() 23 return res 24 def getIp(domain): 25 myaddr = socket.getaddrinfo(domain,'http')[0][4][0] 26 return myaddr 27 def get(ip): 28 ip = getIp(ip) 29 print "[+] Query IP:" + ip + "\n" 30 rev = [] 31 first = 1 32 while True: 33 res = curl(ip,first) 34 first = first + 10 35 r = re.findall(r'<h2><a href="((http|https):\/\/([\w|\.]+)\/)([\w|\/|&|=|\.|\?]+)?" h="ID=\w+,\w+\.\w+">',res) 36 for i in r: 37 print "[+] " + i[0] 38 rev.append(i[0]) 39 m = re.search(r'<div class="sw_next">', res) 40 if not m: 41 break 42 result = list(set(rev)) 43 return result 44 if __name__ == "__main__": 45 print u"""------------------------------------------------------------------------------ 46 必应旁站查询 qq:1141056911 47 By Lcy 48 http://phpinfo.me 49 ------------------------------------------------------------------------------ 50 """ 51 if len(sys.argv) != 2: 52 print "Usage: %s ip" % sys.argv[0] 53 exit() 54 urllist = get(sys.argv[1]) 55 result = "" 56 for i in urllist: 57 result = result + i + "\r\n" 58 f = open("Result.txt","w") 59 f.write(result) 60 f.close() 61 print u"\r\n结果已经保存为Result.txt"