php curl 实现的并发目录扫描

/ 1评 / 0

用法跟wwwscan 基本一样
支持linux 参数输入风格 如 -p 等同 --port
html方式输出 扫描结果
支持自定义字典

利用 php curl函数 模拟 多线程 扫描
更人性化 无需输入所有参数 默认 定义了相关参数(字典:cig.list 默认线程: 5)
对url处理更人性化 如扫描 www.baidu.com 可输入:
http://www.baidu.com http://www.baidu.com/ www.baidu.com
效果一样

 
[php]
<?php
date_default_timezone_set("PRC");
error_reporting(0);
@ini_set('memory_limit','-1');
set_time_limit(0);
function isCli(){
return defined('STDIN');
}
if(!isCli()){
exit("[!] This program must be run in command line mode!");
}
curl_exists();
function curl_exists(){if(!function_exists(curl_init)){
die( " [!] Sorry cURL is not installed!"."\r\n");
}
}
$_url=$argv[1];if(substr($_url,0,7)!='http://'){
$full_url='http://'.$_url;
}else{
$full_url=$_url;
}
$serverinfo=get_headers($full_url, 1);
$serverinfo=$serverinfo['Server'];
if(is_array($serverinfo)){
$serverinfo=$serverinfo[0];
}
if(!filter_var($full_url, FILTER_VALIDATE_URL)){
Help();
}$Html_template_str= '<p align="left"><font face="Verdana" size="3">'."\r\n"."Myscan v1.0 scan report
".'</font></p>'.'<p align="right"><font face="Verdana" size="2" color="#007500">'."\r\n"."Blog: exploit-db.blogcn.com
"."\r\n"."\r\n".'<hr>'."\r\n";
$_url=trim(parse_url($full_url,PHP_URL_HOST));
$htmlfile=$_url.'.html';
if(file_exists($htmlfile)){
unlink($htmlfile);
}
fwrite(fopen($htmlfile,'a'),$Html_template_str);
$ip=gethostbyname($_url);
for ($i=1;$i<$argc;$i++)
{
switch($argv[$i])
{
case "-p":
case "--prot":
$port= $argv[$i+1];
break;
case "-r":
case "--path":
$path= $argv[$i+1];
break;
case "-t":
case "--threads":
$threads = $argv[$i+1];
break;
case "-d":
case "--dic":
$dic= $argv[$i+1];
break;
}
}
if (empty($port)){
$port="80";
}
if (empty($path)){
$path="/";
}
if (empty($threads)){
$threads="5";
}
if (empty($dic)){
$dic='cgi.list';
}
$urls=array_fill(0, $threads, "$_url".":".$port.$path);//此处设置线程数
info($serverinfo,$full_url,$ip,$_url,$port,$path,$dic,$threads);
$array=dic($dic);
$a_length= sizeof($array);
$u_length= sizeof($urls);
$result= array();
for($i=0;$i<$a_length;$i+=$u_length)
{
$middle = array();
for($j=0;$j<$u_length;$j++)
if($i+$j<$a_length)
$middle[]= $urls[$j].$array[$i+$j];
$result[] = $middle;
}
foreach ($result as $url)
{
$mp = new MultiHttpRequest($url);
$mp->start($htmlfile);
}
class MultiHttpRequest {
public $urls = array();
public $curlopt_header = 1;
public $method = "GET";
function __construct($urls = false) {
$this->urls = $urls;
}
function set_urls($urls) {
$this->urls = $urls;
return $this;
}
function is_return_header($b) {
$this->curlopt_header = $b;
return $this;
}
function set_method($m) {
$this->medthod = strtoupper($m);
return $this;
}
function start($htmlfile) {
if(!is_array($this->urls) or count($this->urls) == 0){
return false;
}
$curl = $text = array();
$handle = curl_multi_init();
foreach($this->urls as $k=>$v){
$curl[$k] = $this->add_handle($handle, $v);
}
$this->exec_handle($handle);
foreach($this->urls as $k=>$v){
$p=curl_getinfo($curl[$k]);
$http_code=$p['http_code'];
$found="http://".str_replace("//","/",str_ireplace("http://","",$p['url']));
$Current_check=cnSubStr(str_replace("//","/",parse_url($p['url'],PHP_URL_PATH)),12);
echo "Checking: $Current_check ";
usleep(1);
echo "\r";
if($http_code=='200' or $http_code=='403' or $http_code=='500' )//响应码
{
echo "Fund: ". $found." ".'('.'HTTP/1.1 '.$p['http_code'] ." OK".') !!!'."\r\n";
$html_str .= '<a href="'.$found.'"'. "target='_blank'>".$found."</a>".' '.'<font face="Verdana" color="#FF0000" size="2">HTTP/1.1 '.$http_code. " OK".'</font><br>';
fwrite(fopen($htmlfile,'a'),$html_str);
}
curl_multi_remove_handle($handle, $curl[$k]);
}
curl_multi_close($handle);
}
private function add_handle($handle, $url) {
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HEADER, $this->curlopt_header);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 1);//超时设置
curl_multi_add_handle($handle, $curl);
return $curl;
}
private function exec_handle($handle) {
$flag = null;
do {
curl_multi_exec($handle, $flag);
} while ($flag > 0);
}
}
function info($serverinfo,$full_url,$ip,$url,$port,$path,$dic,$threads){
print_r('
Web Directory Scan tool
Blog:exploit-db.blogcn.com
');
echo PHP_EOL;
echo " Resolving Ip of {$url}... OK: {$ip}".PHP_EOL;
echo " Testing If There Is A Default Turning Page... Not Found!".PHP_EOL;
echo " Server Type: {$serverinfo}".PHP_EOL;
echo " Prot: $port".PHP_EOL;
echo " Path: $path".PHP_EOL;
echo " Wordlist File: $dic".PHP_EOL;
echo " Use threads : $threads".PHP_EOL;
echo PHP_EOL;
echo "[*] starting at " .date('H:i:s').PHP_EOL;
echo PHP_EOL;
}
function dic($filename){
$file=file($filename);
$array=preg_replace('/($\s*$)|(^\s*^)/m','',$file); //消除空行
foreach ($array as $key=>$r){
$array[$key]=trim("$r"); //去除空白字符
}
$new_array=array_values(array_unique($array));
return $new_array;
}
function cnSubStr($string,$length){
$title_str = "";
if(strlen($string)>$length*2){
$title_str = substr($string,0,$length)."…";
}else{
$title_str = $string;
}
return $title_str;
}
function Help(){
print_r('
Web Directory Scan tool
Blog:exploit-db.blogcn.com
<Usage>: Myscan <HostName|Ip> [Options]
<Options>:
-p, --prot set http/https port
-t, --threads set max thread
-r, --path set root path to scan
-d, --dic set web Directory wordlist
<Example>:
Myscan www.sbmonkey.com -p 8080 -t 10
Myscan www.sbmonkey.com -r "/test/" -p 8080
Myscan www.sbmonkey.com -d mydic.txt
Myscan www.sbmonkey.com
');
exit();
}
echo PHP_EOL;
echo "[*] shutting down at ". date('H:i:s').PHP_EOL;
?>
[/php]
转自:http://www.sbmonkey.com/?post=41

一条回应:“php curl 实现的并发目录扫描”

  1. BKY博客说道:

    待我试试先,看看效果!谢谢小马的分享! 😮

发表评论

电子邮件地址不会被公开。 必填项已用*标注