貌似很多朋友拿着库,用BAT 或者PHP读取TXT的形式来扫,文件太大了的话,1,2分钟估计都查不出来,因为导入库是一个不错的方法,很多都不知道怎么搭建的吧,用MSSQL或则ORACLE来搭建的,个人感觉没那必要,原因在于安装他们需要的空间很大,运行也占内存,因此,个人推荐MYSQL,对于的亿级以上的数据也是不超过10秒钟,下面是我最近的搭建过程与一些心得:
1.首先得准备一个MYSQL+PHP环境,我用的是PHPSTUDY集成环境工具,自己下载安装就行了。
2.接下来就是MYSQL的表的设计了,之前一直采用的是USERNAME,NICKNAME,PASSWORD,EMAIL,MOBILE,IDCARD,SALT,SITE(用户名,昵称,密码,邮箱,手机,身份证,SALT,来源网站)这样的字段,如图(NAVICATE FOR MYSQL工具截图):


字段类型采用varchar 长度一般在50就行了,索引是必须要的。

如果觉得就这样的话,那就大错特错了,我举个例:


QQ库一般只占用 username,password两项,那么其他字段都为空

126邮箱 只占用 email,password两项 ,其他为空

建立索引时,这些为空的字段也占用了空间,这是一点

第二点,有些库密码是明文 ,有些又是密文,密文一般都没啥可查询的,如果都建索引的话,就浪费了空间了,不建立索引,那查询速度又不行了

因此,个人建议分表导入,每个不同类型的库,都采用一个表来存,查询时,根据需要,只查询我们需要查询的库,这样节约空间了,也节约了时间

我以我的库结构来说吧


前缀都采用统一的字符,下划线后面跟这个表有关的名称,比如shegongku_qq,shegongku_126这样的,每个表都是采用USERNAME,NICKNAME,PASSWORD,EMAIL,MOBILE,IDCARD,SALT,SITE这样的字段

查询界面:

主要PHP流程代码:

<code id="code0">   $kw=$_REQUEST['kw'];  //查询关键字
$type=$_REQUEST['type'];  //查询的字段,比如用户名,密码,还是其他等等
$search=$_REQUEST['search']; //查询类型,LIKE 模糊查找,=精确查找
private function len_check($kw='',$slen=3){  //检查待查询的字符长度
if (strlen(trim($kw))<$slen){
return true;
}else{
return false;
}
}
switch ($type) {
case 'username':
if($this->len_check($kw,3)){ $this->ajaxReturn(0,'查询长度不能小于:3',2);exit();}
$ret=$this->_getData('username',$kw,$search);
break;
case 'nickname':
if($this->len_check($kw,3)){ $this->ajaxReturn(0,'查询长度不能小于:3',2);exit();}
$ret=$this->_getData('nickname',$kw,$search);
break;
//......同上</code>

满足条件后,就都调用了_getData函数,这里就是查询主要的函数

<code id="code1">private function _getData($type='',$kw='',$search='like'){
if(empty($type)||empty($kw)||empty($search)){
return false;
}
$WebList=array(
'126'     =>array('site' => '126邮箱',        'username' => 2, 'nickname' => 2, 'password' => 1, 'mobile' => 2, 'idcard' => 2, 'email' => 1, 'salt' => 2),
'126disk' =>array('site' => '126网盘',        'username' => 1, 'nickname' => 1, 'password' => 1, 'mobile' => 2, 'idcard' => 2, 'email' => 1, 'salt' => 2),
.......//其他表都一样的
'changgui'=>array('site' => '',          'username' => 1, 'nickname' => 1, 'password' => 1, 'mobile' => 1, 'idcard' => 1, 'email' => 1, 'salt' => 1),
'163'     =>array('site' => '163邮箱',        'username' => 2, 'nickname' => 2, 'password' => 1, 'mobile' => 2, 'idcard' => 2, 'email' => 1, 'salt' => 2),
);
//上面的'username' => 2 表示此字段不需要查询,因此username字段可以不要(我是为了好看,都统一了字段,这里个人决定要不要), 'email' => 1 表示此字段需要查询
$ret=array();
$kws=array();
foreach ($WebList as $web=>$desc) {
$vs=array();
if ($desc[$type]=='1'){ //字段是否属于能查询的
foreach ($desc as $k=>$v)
if ($v==''||$v=='1')       //存在的字段处理,为空的SITE需要从表中获取
$vs[]=$k;
elseif ($v=='2')
$vs[]="'null' as $k";   //不存在的字段处理,用null填充
else
$vs[]="'$v' as $k";  //直接输出SITE来源比如:126邮箱
$col=implode(',',$vs);        //将字段用,连接起来
if ($search=="like")
$sql[]="SELECT * FROM  (  SELECT   $col FROM shegongku_".$web." WHERE `{$type}` like '$kw%' LIMIT 10   )  tmp_{$web} ";
else
$sql[]="SELECT * FROM  (  SELECT   $col FROM shegongku_".$web." WHERE `{$type}` = '$kw’ LIMIT 10   )  tmp_{$web} ";
}
}
$sql=implode(" UNION ALL ", $sql); //联合查询,此处将上面的每个表查询联合起来</code>

接下来的$SQL就是需要执行的查询语句了,我就不贴代码了


给个实例联合查询SQL语句(模糊查询邮箱是ceshi@qq.com的结果,其他):

<code id="code2">SELECT * FROM  (  SELECT   '126邮箱' as site,'null' as username,'null' as nickname,password,'null' as mobile,'null' as idcard,email,'null' as salt FROM shegongku_126 WHERE `email` like 'ceshi@qq.com%' LIMIT 10   )  tmp_126  UNION ALL SELECT * FROM  (  SELECT   '126网盘' as site,username,nickname,password,'null' as mobile,'null' as idcard,email,'null' as salt FROM shegongku_126disk WHERE `email` like 'ceshi@qq.com%' LIMIT 10   )  tmp_126disk  UNION ALL SELECT * FROM  (  SELECT   '163邮箱' as site,'null' as username,'null' as nickname,password,'null' as mobile,'null' as idcard,email,'null' as salt FROM shegongku_163 WHERE `email` like 'ceshi@qq.com%' LIMIT 10   )  tmp_163  UNION ALL SELECT * FROM  (  SELECT   '17173' as site,username,'null' as nickname,password,'null' as mobile,'null' as idcard,email,'null' as salt FROM shegongku_17173 WHERE `email` like 'ceshi@qq.com%' LIMIT 10   )  tmp_17173  UNION ALL SELECT * FROM  (  SELECT   site,username,nickname,password,mobile,idcard,email,salt FROM shegongku_changgui WHERE `email` like 'ceshi@qq.com%' LIMIT 10   )  tmp_changgui  UNION ALL SELECT * FROM  (  SELECT   'YS168' as site,username,'null' as nickname,password,'null' as mobile,'null' as idcard,email,'null' as salt FROM shegongku_ys168 WHERE `email` like 'ceshi@qq.com%' LIMIT 10   )  tmp_ys168</code>

这样就排除了不想要查询的表,大大节约了搜索时间,也更加方便设置需要查询的字段

转自:https://forum.90sec.org/viewthread.php?tid=5859

转载文章请注明,转载自:小马's Blog https://www.i0day.com

本文链接: https://www.i0day.com/1380.html