昨天逛国外论坛的时候发现了一个旁注查询脚本,python写的,只用了30行代码,python太强大了,分析了一下,用php也整了个,共享给大家。
目前已知问题:每天查询有次数限制,需要更换ip才行的,所以用处不是很大。
python原版:
#!/usr/bin/env python
from sys import argv,exit
import urllib2
import urllib
import json
print '\033[1;32m[+]\033[0m Reverse ip lookup by MMxM'
if(len(argv) != 2):
print '\033[1;36m[*]\033[0m How to use: %s <ip|hostname>'%argv[0]
exit(1)
try:
url = 'http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php'
req = urllib2.Request(url)
req.add_header('Referer', 'http://www.yougetsignal.com/tools/web-sites-on-web-server/')
params = {"remoteAddress": argv[1]}
query = urllib.urlencode(params)
r = urllib2.urlopen(req, query)
data = json.loads(r.read())
domain = (data['domainArray'])
print "\n[+] Domains Found:\n"
for s in domain:
for d in s:
if d != '':
print d
except:
print "[-] Unexpected error"
我根据这个脚本写成的php版的,分享给大家。
php版旁站查询1
<?php
/**
* Created BY 独自等待
* Date : 13-7-22
* Time : 下午5:30
* FileName : domain_check1.php
* 欢迎访问独自等待博客www.waitalone.cn
*/
print_r('
+-------------------------------------------------+
Reverse IP Domain Check
Site:http://www.waitalone.cn/
Exploit BY: 独自等待
Time:2013-07-23
+-------------------------------------------------+
');
if ($argc < 2) {
print_r('
+-------------------------------------------------+
Useage: php ' . $argv[0] . ' IP/Hostname
Example: php ' . $argv[0] . ' www.waitalone.cn
+-------------------------------------------------+
');
exit;
}
error_reporting(7);
$domain = $argv[1];
$json = send_pack($domain);
if (preg_match_all('/\["(.*?)",/i', $json, $match)) {
echo '共有旁站域名:' . count($match[1]) . "个\n";
foreach ($match[1] as $list) {
echo $list . "\n";
}
} else {
echo '查询失败,可能达到了API次数限制!';
}
//提交数据包函数
function send_pack($domain)
{
$data = "GET /domains.php?remoteAddress=" . $domain . "&key= HTTP/1.1\r\n";
$data .= "Host: domains.yougetsignal.com" . "\r\n";
$data .= "User-Agent: Baiduspider\r\n";
$data .= "Referer: http://www.yougetsignal.com/tools/web-sites-on-web-server/\r\n";
$data .= "Connection: Close\r\n\r\n";
//这里一定要2个\r\n否则将会一直等待并且不返回数据
//echo $data;exit;
$fp = @fsockopen('domains.yougetsignal.com', 80, $errno, $errstr, 10);
//echo ini_get('default_socket_timeout');//默认超时时间为60秒
if (!$fp) {
echo $errno . '-->' . $errstr . "\n";
exit('Could not connect to query server!');
} else {
fwrite($fp, $data);
$back = '';
while (!feof($fp)) {
$back .= fread($fp, 1024);
}
fclose($fp);
}
return $back;
}
?>
php版旁站查询2
<?php
/**
* Created BY 独自等待
* Date : 13-7-23
* Time : 上午10:02
* FileName : domain_check2.php
* 欢迎访问独自等待博客www.waitalone.cn
*/
print_r('
+-------------------------------------------------+
Reverse IP Domain Check
Site:http://www.waitalone.cn/
Exploit BY: 独自等待
Time:2013-07-23
+-------------------------------------------------+
');
if ($argc < 2) {
print_r('
+-------------------------------------------------+
Useage: php ' . $argv[0] . ' IP/Hostname
Example: php ' . $argv[0] . ' www.waitalone.cn
+-------------------------------------------------+
');
exit;
}
error_reporting(7);
$domain = 'http://domains.yougetsignal.com/domains.php?remoteAddress=' . $argv[1] . '&key=';
$json = file_get_contents($domain);
if (preg_match_all('/\["(.*?)",/i', $json, $match)) {
echo '共有旁站域名:' . count($match[1]) . "个\n";
foreach ($match[1] as $list) {
echo $list . "\n";
}
} else {
echo '查询失败,可能达到了API次数限制!';
}
?>
php版旁站查询3
<?php
/**
* Created BY 独自等待
* Date : 13-7-23
* Time : 上午10:09
* FileName : domain_check3.php
* 欢迎访问独自等待博客www.waitalone.cn
*/
print_r('
<pre>
+-------------------------------------------------+
Reverse IP Domain Check
Site:http://www.waitalone.cn/
Exploit BY: 独自等待
Time:' . date('Y-m-d') . '
+-------------------------------------------------+
</pre>
');
error_reporting(7);
$url = 'http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php';
$referer = 'http://www.yougetsignal.com/tools/web-sites-on-web-server/';
if(isset($_POST['url'])){
$domain = $_POST['url'];
}else{
echo <<<EOF
<form action="" method="post">
请输入查询域名:<input type="text" name="url" value="www.waitalone.cn"/>
<input type="submit" value="提交"/>
</form>
EOF;
exit;
}
$post_data = 'remoteAddress=' . $domain;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
//初始化CURL
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
//返回原生的(Raw)输出
curl_setopt($curl, CURLOPT_REFERER, $referer);
//设置refere信息
curl_setopt($curl, CURLOPT_POST, 1);
//启用POST提交数据
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);
//POST提交的数据
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
//抓取跳转后的数据
$data = curl_exec($curl);
//执行CURL
curl_close($curl);
if (preg_match_all('/\["(.*?)",/i', $data, $match)) {
echo '共有旁站域名:' . count($match[1]) . "个<br>";
foreach ($match[1] as $list) {
echo '<a href=http://' . $list . '/ target=_blank style="text-decoration: none;padding: 100px auto">' . $list . '</a><br>';
}
} else {
echo '查询失败,可能达到了API次数限制!';
}
?>
推荐使用python版或者是php第二版,最简洁,第3版为练习curl使用写的,这个是web下面执行,php第1,2版要在cmd下执行。
- 作者:独自等待 | 发布:2013年07月23日
- 分类:安全工具
- 标签:php,python,旁注
- 转载文章请注明:旁站查询脚本 | 独自等待-信息安全博客
楼主大大,链接不可用了啊,能否
你好,我是一个初学者,就是扫到
服务器
大神把这工具也发我一下吧,万分
大大,链接又失效了,能发我邮箱
大大 链接失效了 可以更新下
作者你好,贵站的友联我已经添加
大佬后来你分析这个了吗?
厉害