昨天逛国外论坛的时候发现了一个旁注查询脚本,python写的,只用了30行代码,python太强大了,分析了一下,用php也整了个,共享给大家。
目前已知问题:每天查询有次数限制,需要更换ip才行的,所以用处不是很大。
python原版:
#!/usr/bin/env python from sys import argv,exit import urllib2 import urllib import json print '\033[1;32m[+]\033[0m Reverse ip lookup by MMxM' if(len(argv) != 2): print '\033[1;36m[*]\033[0m How to use: %s <ip|hostname>'%argv[0] exit(1) try: url = 'http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php' req = urllib2.Request(url) req.add_header('Referer', 'http://www.yougetsignal.com/tools/web-sites-on-web-server/') params = {"remoteAddress": argv[1]} query = urllib.urlencode(params) r = urllib2.urlopen(req, query) data = json.loads(r.read()) domain = (data['domainArray']) print "\n[+] Domains Found:\n" for s in domain: for d in s: if d != '': print d except: print "[-] Unexpected error"
我根据这个脚本写成的php版的,分享给大家。
php版旁站查询1
<?php /** * Created BY 独自等待 * Date : 13-7-22 * Time : 下午5:30 * FileName : domain_check1.php * 欢迎访问独自等待博客www.waitalone.cn */ print_r(' +-------------------------------------------------+ Reverse IP Domain Check Site:http://www.waitalone.cn/ Exploit BY: 独自等待 Time:2013-07-23 +-------------------------------------------------+ '); if ($argc < 2) { print_r(' +-------------------------------------------------+ Useage: php ' . $argv[0] . ' IP/Hostname Example: php ' . $argv[0] . ' www.waitalone.cn +-------------------------------------------------+ '); exit; } error_reporting(7); $domain = $argv[1]; $json = send_pack($domain); if (preg_match_all('/\["(.*?)",/i', $json, $match)) { echo '共有旁站域名:' . count($match[1]) . "个\n"; foreach ($match[1] as $list) { echo $list . "\n"; } } else { echo '查询失败,可能达到了API次数限制!'; } //提交数据包函数 function send_pack($domain) { $data = "GET /domains.php?remoteAddress=" . $domain . "&key= HTTP/1.1\r\n"; $data .= "Host: domains.yougetsignal.com" . "\r\n"; $data .= "User-Agent: Baiduspider\r\n"; $data .= "Referer: http://www.yougetsignal.com/tools/web-sites-on-web-server/\r\n"; $data .= "Connection: Close\r\n\r\n"; //这里一定要2个\r\n否则将会一直等待并且不返回数据 //echo $data;exit; $fp = @fsockopen('domains.yougetsignal.com', 80, $errno, $errstr, 10); //echo ini_get('default_socket_timeout');//默认超时时间为60秒 if (!$fp) { echo $errno . '-->' . $errstr . "\n"; exit('Could not connect to query server!'); } else { fwrite($fp, $data); $back = ''; while (!feof($fp)) { $back .= fread($fp, 1024); } fclose($fp); } return $back; } ?>
php版旁站查询2
<?php /** * Created BY 独自等待 * Date : 13-7-23 * Time : 上午10:02 * FileName : domain_check2.php * 欢迎访问独自等待博客www.waitalone.cn */ print_r(' +-------------------------------------------------+ Reverse IP Domain Check Site:http://www.waitalone.cn/ Exploit BY: 独自等待 Time:2013-07-23 +-------------------------------------------------+ '); if ($argc < 2) { print_r(' +-------------------------------------------------+ Useage: php ' . $argv[0] . ' IP/Hostname Example: php ' . $argv[0] . ' www.waitalone.cn +-------------------------------------------------+ '); exit; } error_reporting(7); $domain = 'http://domains.yougetsignal.com/domains.php?remoteAddress=' . $argv[1] . '&key='; $json = file_get_contents($domain); if (preg_match_all('/\["(.*?)",/i', $json, $match)) { echo '共有旁站域名:' . count($match[1]) . "个\n"; foreach ($match[1] as $list) { echo $list . "\n"; } } else { echo '查询失败,可能达到了API次数限制!'; } ?>
php版旁站查询3
<?php /** * Created BY 独自等待 * Date : 13-7-23 * Time : 上午10:09 * FileName : domain_check3.php * 欢迎访问独自等待博客www.waitalone.cn */ print_r(' <pre> +-------------------------------------------------+ Reverse IP Domain Check Site:http://www.waitalone.cn/ Exploit BY: 独自等待 Time:' . date('Y-m-d') . ' +-------------------------------------------------+ </pre> '); error_reporting(7); $url = 'http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php'; $referer = 'http://www.yougetsignal.com/tools/web-sites-on-web-server/'; if(isset($_POST['url'])){ $domain = $_POST['url']; }else{ echo <<<EOF <form action="" method="post"> 请输入查询域名:<input type="text" name="url" value="www.waitalone.cn"/> <input type="submit" value="提交"/> </form> EOF; exit; } $post_data = 'remoteAddress=' . $domain; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); //初始化CURL curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); //返回原生的(Raw)输出 curl_setopt($curl, CURLOPT_REFERER, $referer); //设置refere信息 curl_setopt($curl, CURLOPT_POST, 1); //启用POST提交数据 curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data); //POST提交的数据 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); //抓取跳转后的数据 $data = curl_exec($curl); //执行CURL curl_close($curl); if (preg_match_all('/\["(.*?)",/i', $data, $match)) { echo '共有旁站域名:' . count($match[1]) . "个<br>"; foreach ($match[1] as $list) { echo '<a href=http://' . $list . '/ target=_blank style="text-decoration: none;padding: 100px auto">' . $list . '</a><br>'; } } else { echo '查询失败,可能达到了API次数限制!'; } ?>
推荐使用python版或者是php第二版,最简洁,第3版为练习curl使用写的,这个是web下面执行,php第1,2版要在cmd下执行。
- 作者:独自等待 | 发布:2013年07月23日
- 分类:安全工具
- 标签:php,python,旁注
- 转载文章请注明:旁站查询脚本 | 独自等待-信息安全博客
test测试
求更新连接....
加油!
更新下链接吧,现在找个工具真难
默认没有开启强制路由的才可以
文章不错非常喜欢
多次在您网站上学到有用的东西,
大牛,能不能把工具发我邮箱,链
Thanks♪(・ω・)ノ感谢
dalao,那道小红的80端口