内网探测脚本&简单代理访问 jsp/php 源码分享
作者:袖梨
2022-11-14
php内网探测脚本&简单代理访问
..
1.直接访问默认扫描当前IP的C段,获取标题、web容器.
2.可以自定义传入需要扫描的段,传入参数ip即可
3.代理访问参数为url,可简单的访问内网的web,对了,我还加载了网站里的css,做到尽量看上去和直接访问的效果一样
list = new ArrayList(); String referer = ""; String cookie = ""; String decode = "utf-8"; int thread = 100; HttpURLConnection getHTTPConn(String urlString) { try { java.net.URL url = new java.net.URL(urlString); java.net.HttpURLConnection conn = (java.net.HttpURLConnection) url .openConnection(); conn.setRequestMethod("GET"); conn.addRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Maxthon;)"); conn.addRequestProperty("Accept-Encoding", "gzip"); conn.addRequestProperty("referer", referer); conn.addRequestProperty("cookie", cookie); //conn.setInstanceFollowRedirects(false); conn.setConnectTimeout(3000); conn.setReadTimeout(3000); return conn; } catch (Exception e) { return null; } } HttpURLConnection conn; String getHtmlContext(HttpURLConnection conn, String decode) { Map result = new HashMap (); try { String code = "utf-8"; if (decode != null) { code = decode; } StringBuffer html = new StringBuffer(); java.io.InputStreamReader isr = new java.io.InputStreamReader( conn.getInputStream(), code); java.io.BufferedReader br = new java.io.BufferedReader(isr); String temp; while ((temp = br.readLine()) != null) { if (!temp.trim().equals("")) { html.append(temp).append("n"); } } br.close(); isr.close(); return html.toString(); } catch (Exception e) { System.out.println("getHtmlContext:"+e.getMessage()); return "null"; } } String getServerType(HttpURLConnection conn) { try { return conn.getHeaderField("Server"); } catch (Exception e) { return "null"; } } String getTitle(String htmlSource) { try { List list = new ArrayList (); String title = ""; Pattern pa = Pattern.compile(" .*? "); Matcher ma = pa.matcher(htmlSource); while (ma.find()) { list.add(ma.group()); } for (int i = 0; i ", ""); } catch (Exception e) { return null; } } ListgetCss(String html, String url, String decode) { List cssurl = new ArrayList (); List csscode = new ArrayList (); try { String title = ""; Pattern pa = Pattern.compile(".*href="(.*)[.]css"); Matcher ma = pa.matcher(html.toLowerCase()); while (ma.find()) { cssurl.add(ma.group(1) + ".css"); } for (int i = 0; i " + getHtmlContext(getHTTPConn(cssuuu), decode) + ""; csscode.add(csshtml); } } catch (Exception e) { System.out.println("getCss:"+e.getMessage()); } return csscode; } String getMyIPLocal() throws IOException { InetAddress ia = InetAddress.getLocalHost(); return ia.getHostAddress(); }%> css = getCss(html, u, decode); String csshtml = ""; if (!html.equals("null")) { for (int i = 0; i queue = new LinkedBlockingQueue (); for (int i = 1; i > "+ title + ">>"+ serverType+ " >>" + status+ "
"); } catch (Exception e) { e.printStackTrace(); } } } else { return; } } } }).start(); } while (tg.activeCount() != 0) { } } catch (Exception e) { e.printStackTrace(); } } catch (Exception e) { out.println(e.toString()); } } %>
参数:
ip [需要探测的ip段]
url [需要请求的地址]
其他参数:
thread [指定线程数]
decode [指定编码]
referer [伪造referer]
cookie [伪造cookie]
待完善:
1.一个C段,可能有多种编码格式,所以指定一个参数是有问题的。
2.端口可以修改传入一个数组,支持探测多个端口80,8080..
3.代理访问功能并不完善,例如加载js、加载图片、超链接替换成代理访问的链接、表单替换支持真实请求..
php内网探测脚本&简单代理访问
> “.$title.”>>”.$serverType.” >>”.$status.”
”; } @ob_flush(); flush(); } ob_end_clean(); } function getHtmlContext($url){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, TRUE); //表示需要response header curl_setopt($ch, CURLOPT_NOBODY, FALSE); //表示需要response body curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_TIMEOUT, 120); $result = curl_exec($ch); global $header; if($result){ $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header = explode(“rn”,substr($result, 0, $headerSize)); $body = substr($result, $headerSize); } if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == ‘200’) { return $body; } if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == ‘302’) { $location = getHeader(“Location”); if(strpos(getHeader(“Location”),’http://*??**?) == false){ $location = getHost($url).$location; } return getHtmlContext($location); } return NULL; } function getHeader($name){ global $header; foreach ($header as $loop) { if(strpos($loop,$name) !== false){ return trim(substr($loop,strlen($name)+2)); } } } function getTitle($html){ preg_match(“/(.*?)/i”,$html, $matches); return $matches[1]; } function getHost($url){ preg_match(“/^(http://)?([^/]+)/i”,$url, $matches); return $matches[0]; } function getCss($host,$html){ preg_match_all(“/<link>/i”,$html, $matches); //print_r($matches); foreach($matches[1] as $v){ $cssurl = $v; if(strpos($v,’http://*??**?) == false){ $cssurl = $host.”/”.$v; } $csshtml = “<style>”.file_get_contents($cssurl).”</style>”; $html .= $csshtml; } return $html; } ?>
