在线子域名爆破
<?php
function domainfuzz($domain) {
$ip = gethostbyname($domain);
preg_match("/\d+\.\d+\.\d+\.\d+/",$ip,$arr);
return $arr;
}
function main() {
if(isset($_GET['q'])) {
$return = array();
$domain = trim($_GET["domain"]);
//前缀字典
$q = trim($_GET["q"]);
preg_match("/(\w+\.\w+)$/",$domain,$arr);
$fuzz = $q.'.'.$arr[1];
$result = domainfuzz($fuzz);
$return["domain"] = $fuzz;
if(empty($result)) {
$return["status"] = 500;
$return["ip"] = null;
} else {
$return["status"] = 200;
$return["ip"] = $result[0];
}
echo json_encode($return);
}
}
main();
if(!isset($_GET['q'])) {
?>
<!DOCTYPE html>
<html>
<head>
<title>在线子域名爆破|Domain fuzz</title>
<meta charset="utf-8">
<meta >
<link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap-theme.min.css">
<script src="//cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script>
<script src="//cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<style type="text/css" media="screen">
</style>
</head>
<body>
域名:<input type="text" id="domain">
<button>开始</button>
<div id="fuzz"></div>
<div id="info"></div>
</body>
<script>
//字典自己添加
var dist = ["www","mail","ftp","smtp","kaoshi"];
var num = 0;
var domain = "";
$("button").click(function() {
num = 0;
domain = $("#domain").val();
query();
});
function query() {
$.get("","domain="+domain+"&q="+dist[num],function(res){
$("#fuzz").html(res.domain);
if(res.status == 200) {
$("#info").append("爆破成功:"+ res.domain + "-" + res.ip+ "<br>");
}
},"json");
num++;
if(num<3000) {
query();
}
}
//alert(dist.length);
</script>
</html>
<?php
}
?>
在线C段查询小工具
<?php
function getIp($url) {
$data = file_get_contents("http://www.ip138.com/ips138.asp?ip={$url}&action=2");
preg_match("/(\d+\.\d+\.\d+\.\d+)<\/font>/", $data, $arr);
if(!empty($arr[1])) {
return $arr[1];
}
return $url;
}
function getBing($ip) {
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 30,
//'proxy' => 'tcp://113.47.46.152:1080',
'request_fulluri' => True,
'header'=> "User-Agent: BaiduSpider\r\nAccept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
)
)
);
$first = 1;
$res = array();
while(true) {
$url = "http://www.bing.com/search?q=ip%3A{$ip}&go=%E6%8F%90%E4%BA%A4&qs=n&first={$first}&form=QBRE&pq=ip%3A{$ip}&sc=0-0&sp=-1&sk=&cvid=5e52385772e24683a0bdf047de60abfc";
$first = $first + 10;
$result = file_get_contents($url, False, $ctx);
preg_match_all('/<h2><a href="((http|https):\/\/([\w|\.]+)\/)([\w|\/|&|=|\.|\?]+)?" h="ID=\w+,\w+\.\w+">/',$result,$arr);
if(!empty($arr[1])) {
foreach($arr[1] as $v) {
array_push($res, $v);
}
}
if(!preg_match('/<div class="sw_next">/', $result)) {
break;
}
}
return array_unique($res);
}
//getBing("58.96.186.133");
function main() {
if(isset($_POST["action"])) {
$action = trim($_POST["action"]);
if($action == "getip") {
$domain = trim($_POST["domain"]);
$ip = getIp($domain);
echo $ip;
}
if($action == "query") {
$ip = trim($_POST["ip"]);
$res = getBing($ip);
echo json_encode($res);
}
}
}
main();
if(empty($_POST['action'])) {
?>
<!DOCTYPE html>
<html>
<head>
<title>必应接口C段查询|c段查询|旁站查询</title>
<meta charset="utf-8">
<meta >
<link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">
<link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap-theme.min.css">
<script src="//cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script>
<script src="//cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<style type="text/css" media="screen">
.main{
width:90%;
//border:1px solid red;
margin-top:20px;
}
.ip{
margin-top:10px;
}
dd{
text-indent:10px;
}
</style>
</head>
<body>
<div class="container">
<div class="main">
<h1>必应接口C段查询 </h1>
<form class="form-inline">
<div class="form-group" style="">
<input type="text" id="domain" class="form-control" placeholder="输入你要查询的ip或域名">
</div>
<button type="submit" class="btn btn-success" id="getip">获取ip</button>
<button type="submit" class="btn btn-info" id="query">查询</button>
</form>
<div class="alert alert-info ip" role="alert" style="display:none">IP:<span id="ip"></span><span id="se"></span></div>
<div class="progress" id="jd" style="display:none">
<div class="progress-bar progress-bar-success progress-bar-striped" role="progressbar" aria-valuenow="40" id="b" aria-valuemin="0" aria-valuemax="100" style="width: 0%">
<span class="sr-only">40% Complete (success)</span>
</div>
</div>
<dl id="result">
</dl>
</div>
</div>
</body>
<script type="text/javascript">
var ipi = 1;
$(function() {
$("#getip").click(function() {
var domain = $("#domain").val();
if(domain == "") {
alert("请输入ip或者域名");
return false;
}
$.post("","action=getip&domain="+domain,function(res) {
var ip = res;
$("#ip").html(ip);
$(".ip").show();
arr = ip.split(".");
start = arr[0] + "." + arr[1] + "." + arr[2] + "." + 1;
end = arr[0] + "." + arr[1] + "." + arr[2] + "." + 255;
$("#se").html(" 查询ip段:" + start + "-" + end)
})
});
$("#query").click(function() {
ipi=1;
$("#b").css("width","0%");
$("#result").html("");
$("#jd").show();
query();
});
})
function query() {
$("#query").click(function() {
return;
});
var html = "";
var b = (ipi/255) * 100;
var ip = $("#ip").html();
if(ip == "") {
alert("骚年请先获取Ip哦");
return;
}
var arr = ip.split(".");
var ips = arr[0] + "." + arr[1] + "." + arr[2] + "." + ipi;
$.post("","action=query&ip="+ips,function(res) {
$("#b").css("width",b+"%");
html += "<dt>"+ ips +"</dt>";
for(var i in res) {
html += "<dd><a href=\"" + res[i] + "\" target=\"_blank\">" + res[i]+"</a></dd>";
}
$("#result").append(html);
if(ipi<255) {
ipi++;
query();
}
},"json");
}
</script>
</html>
<?php
}
?>
Python调用Bing进行同IP网站查询
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: Lcy
# @Date: 2015-07-22 10:41:17
# @Last Modified by: Lcy
# @Last Modified time: 2015-07-22 10:49:44
import urllib2
import re
import sys
import socket def curl(ip,first):
#设置ip代理,
proxy_handler = urllib2.ProxyHandler({"http" : 'http://115.47.46.152:1080'})
null_proxy_handler = urllib2.ProxyHandler({})
opener = urllib2.build_opener(proxy_handler)
urllib2.install_opener(opener)
uri = "http://www.bing.com/search?q=ip%3A" + ip +"&go=%E6%8F%90%E4%BA%A4&qs=n&first="+ str(first) +"&form=QBRE&pq=ip%3A" + ip +"&sc=0-0&sp=-1&sk=&cvid=5e52385772e24683a0bdf047de60abfc"
request = urllib2.Request(uri)
request.add_header('User-Agent', 'BaiduSpider')
response = urllib2.urlopen(request, timeout=10)
res = response.read()
return res
def getIp(domain):
myaddr = socket.getaddrinfo(domain,'http')[0][4][0]
return myaddr
def get(ip):
ip = getIp(ip)
print "[+] Query IP:" + ip + "\n"
rev = []
first = 1
while True:
res = curl(ip,first)
first = first + 10
r = re.findall(r'<h2><a href="((http|https):\/\/([\w|\.]+)\/)([\w|\/|&|=|\.|\?]+)?" h="ID=\w+,\w+\.\w+">',res)
for i in r:
print "[+] " + i[0]
rev.append(i[0])
m = re.search(r'<div class="sw_next">', res)
if not m:
break
result = list(set(rev))
return result
if __name__ == "__main__":
print u"""------------------------------------------------------------------------------
必应旁站查询 qq:1141056911
By Lcy
http://phpinfo.me
------------------------------------------------------------------------------
"""
if len(sys.argv) != 2:
print "Usage: %s ip" % sys.argv[0]
exit()
urllist = get(sys.argv[1])
result = ""
for i in urllist:
result = result + i + "\r\n"
f = open("Result.txt","w")
f.write(result)
f.close()
print u"\r\n结果已经保存为Result.txt"