在线子域名爆破
1 <?php
2
3 function domainfuzz($domain) {
4 $ip = gethostbyname($domain);
5 preg_match("/\d+\.\d+\.\d+\.\d+/",$ip,$arr);
6 return $arr;
7 }
8
9 function main() {
10 if(isset($_GET['q'])) {
11 $return = array();
12 $domain = trim($_GET["domain"]);
13 //前缀字典
14 $q = trim($_GET["q"]);
15 preg_match("/(\w+\.\w+)$/",$domain,$arr);
16 $fuzz = $q.'.'.$arr[1];
17 $result = domainfuzz($fuzz);
18 $return["domain"] = $fuzz;
19 if(empty($result)) {
20 $return["status"] = 500;
21 $return["ip"] = null;
22 } else {
23 $return["status"] = 200;
24 $return["ip"] = $result[0];
25 }
26 echo json_encode($return);
27 }
28 }
29
30 main();
31 if(!isset($_GET['q'])) {
32 ?>
33 <!DOCTYPE html>
34 <html>
35 <head>
36 <title>在线子域名爆破|Domain fuzz</title>
37 <meta charset="utf-8">
38 <meta >
39 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">
40 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap-theme.min.css">
41 <script src="//cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script>
42 <script src="//cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
43 <style type="text/css" media="screen">
44 </style>
45 </head>
46 <body>
47 域名:<input type="text" id="domain">
48 <button>开始</button>
49 <div id="fuzz"></div>
50 <div id="info"></div>
51 </body>
52 <script>
53 //字典自己添加
54 var dist = ["www","mail","ftp","smtp","kaoshi"];
55 var num = 0;
56 var domain = "";
57 $("button").click(function() {
58 num = 0;
59 domain = $("#domain").val();
60 query();
61 });
62 function query() {
63
64 $.get("","domain="+domain+"&q="+dist[num],function(res){
65 $("#fuzz").html(res.domain);
66 if(res.status == 200) {
67 $("#info").append("爆破成功:"+ res.domain + "-" + res.ip+ "<br>");
68 }
69
70 },"json");
71 num++;
72 if(num<3000) {
73 query();
74 }
75 }
76 //alert(dist.length);
77 </script>
78 </html>
79
80 <?php
81
82 }
83 ?>
在线C段查询小工具
1 <?php
2
3 function getIp($url) {
4 $data = file_get_contents("http://www.ip138.com/ips138.asp?ip={$url}&action=2");
5 preg_match("/(\d+\.\d+\.\d+\.\d+)<\/font>/", $data, $arr);
6 if(!empty($arr[1])) {
7 return $arr[1];
8 }
9 return $url;
10 }
11
12 function getBing($ip) {
13 $ctx = stream_context_create(array(
14 'http' => array(
15 'timeout' => 30,
16 //'proxy' => 'tcp://113.47.46.152:1080',
17 'request_fulluri' => True,
18 'header'=> "User-Agent: BaiduSpider\r\nAccept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
19 )
20 )
21 );
22 $first = 1;
23 $res = array();
24 while(true) {
25 $url = "http://www.bing.com/search?q=ip%3A{$ip}&go=%E6%8F%90%E4%BA%A4&qs=n&first={$first}&form=QBRE&pq=ip%3A{$ip}&sc=0-0&sp=-1&sk=&cvid=5e52385772e24683a0bdf047de60abfc";
26 $first = $first + 10;
27 $result = file_get_contents($url, False, $ctx);
28 preg_match_all('/<h2><a href="((http|https):\/\/([\w|\.]+)\/)([\w|\/|&|=|\.|\?]+)?" h="ID=\w+,\w+\.\w+">/',$result,$arr);
29 if(!empty($arr[1])) {
30 foreach($arr[1] as $v) {
31 array_push($res, $v);
32 }
33 }
34 if(!preg_match('/<div class="sw_next">/', $result)) {
35 break;
36 }
37
38 }
39 return array_unique($res);
40 }
41
42 //getBing("58.96.186.133");
43
44 function main() {
45 if(isset($_POST["action"])) {
46 $action = trim($_POST["action"]);
47 if($action == "getip") {
48 $domain = trim($_POST["domain"]);
49 $ip = getIp($domain);
50 echo $ip;
51 }
52 if($action == "query") {
53 $ip = trim($_POST["ip"]);
54 $res = getBing($ip);
55 echo json_encode($res);
56 }
57 }
58 }
59
60 main();
61 if(empty($_POST['action'])) {
62 ?>
63 <!DOCTYPE html>
64 <html>
65 <head>
66 <title>必应接口C段查询|c段查询|旁站查询</title>
67 <meta charset="utf-8">
68 <meta >
69 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">
70 <link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap-theme.min.css">
71 <script src="//cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script>
72 <script src="//cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
73 <style type="text/css" media="screen">
74 .main{
75 width:90%;
76 //border:1px solid red;
77 margin-top:20px;
78 }
79 .ip{
80 margin-top:10px;
81 }
82 dd{
83 text-indent:10px;
84 }
85 </style>
86 </head>
87 <body>
88 <div class="container">
89 <div class="main">
90 <h1>必应接口C段查询 </h1>
91 <form class="form-inline">
92 <div class="form-group" style="">
93 <input type="text" id="domain" class="form-control" placeholder="输入你要查询的ip或域名">
94 </div>
95 <button type="submit" class="btn btn-success" id="getip">获取ip</button>
96 <button type="submit" class="btn btn-info" id="query">查询</button>
97 </form>
98 <div class="alert alert-info ip" role="alert" style="display:none">IP:<span id="ip"></span><span id="se"></span></div>
99 <div class="progress" id="jd" style="display:none">
100 <div class="progress-bar progress-bar-success progress-bar-striped" role="progressbar" aria-valuenow="40" id="b" aria-valuemin="0" aria-valuemax="100" style="width: 0%">
101 <span class="sr-only">40% Complete (success)</span>
102 </div>
103 </div>
104 <dl id="result">
105
106 </dl>
107 </div>
108 </div>
109 </body>
110 <script type="text/javascript">
111 var ipi = 1;
112 $(function() {
113 $("#getip").click(function() {
114 var domain = $("#domain").val();
115 if(domain == "") {
116 alert("请输入ip或者域名");
117 return false;
118 }
119 $.post("","action=getip&domain="+domain,function(res) {
120 var ip = res;
121 $("#ip").html(ip);
122 $(".ip").show();
123 arr = ip.split(".");
124 start = arr[0] + "." + arr[1] + "." + arr[2] + "." + 1;
125 end = arr[0] + "." + arr[1] + "." + arr[2] + "." + 255;
126 $("#se").html(" 查询ip段:" + start + "-" + end)
127 })
128 });
129
130 $("#query").click(function() {
131 ipi=1;
132 $("#b").css("width","0%");
133 $("#result").html("");
134 $("#jd").show();
135 query();
136
137 });
138 })
139
140 function query() {
141 $("#query").click(function() {
142 return;
143 });
144 var html = "";
145 var b = (ipi/255) * 100;
146 var ip = $("#ip").html();
147 if(ip == "") {
148 alert("骚年请先获取Ip哦");
149 return;
150 }
151 var arr = ip.split(".");
152 var ips = arr[0] + "." + arr[1] + "." + arr[2] + "." + ipi;
153
154 $.post("","action=query&ip="+ips,function(res) {
155 $("#b").css("width",b+"%");
156 html += "<dt>"+ ips +"</dt>";
157 for(var i in res) {
158 html += "<dd><a href=\"" + res[i] + "\" target=\"_blank\">" + res[i]+"</a></dd>";
159
160 }
161 $("#result").append(html);
162 if(ipi<255) {
163 ipi++;
164 query();
165 }
166 },"json");
167 }
168 </script>
169 </html>
170
171 <?php
172 }
173 ?>
Python调用Bing进行同IP网站查询
1 #!/usr/bin/env python
2 # -*- coding: utf-8 -*-
3 # @Author: Lcy
4 # @Date: 2015-07-22 10:41:17
5 # @Last Modified by: Lcy
6 # @Last Modified time: 2015-07-22 10:49:44
7 import urllib2
8 import re
9 import sys
10 import socket
11
12 def curl(ip,first):
13 #设置ip代理,
14 proxy_handler = urllib2.ProxyHandler({"http" : 'http://115.47.46.152:1080'})
15 null_proxy_handler = urllib2.ProxyHandler({})
16 opener = urllib2.build_opener(proxy_handler)
17 urllib2.install_opener(opener)
18 uri = "http://www.bing.com/search?q=ip%3A" + ip +"&go=%E6%8F%90%E4%BA%A4&qs=n&first="+ str(first) +"&form=QBRE&pq=ip%3A" + ip +"&sc=0-0&sp=-1&sk=&cvid=5e52385772e24683a0bdf047de60abfc"
19 request = urllib2.Request(uri)
20 request.add_header('User-Agent', 'BaiduSpider')
21 response = urllib2.urlopen(request, timeout=10)
22 res = response.read()
23 return res
24 def getIp(domain):
25 myaddr = socket.getaddrinfo(domain,'http')[0][4][0]
26 return myaddr
27 def get(ip):
28 ip = getIp(ip)
29 print "[+] Query IP:" + ip + "\n"
30 rev = []
31 first = 1
32 while True:
33 res = curl(ip,first)
34 first = first + 10
35 r = re.findall(r'<h2><a href="((http|https):\/\/([\w|\.]+)\/)([\w|\/|&|=|\.|\?]+)?" h="ID=\w+,\w+\.\w+">',res)
36 for i in r:
37 print "[+] " + i[0]
38 rev.append(i[0])
39 m = re.search(r'<div class="sw_next">', res)
40 if not m:
41 break
42 result = list(set(rev))
43 return result
44 if __name__ == "__main__":
45 print u"""------------------------------------------------------------------------------
46 必应旁站查询 qq:1141056911
47 By Lcy
48 http://phpinfo.me
49 ------------------------------------------------------------------------------
50 """
51 if len(sys.argv) != 2:
52 print "Usage: %s ip" % sys.argv[0]
53 exit()
54 urllist = get(sys.argv[1])
55 result = ""
56 for i in urllist:
57 result = result + i + "\r\n"
58 f = open("Result.txt","w")
59 f.write(result)
60 f.close()
61 print u"\r\n结果已经保存为Result.txt"