Active Members dancezar Posted January 9, 2014 Active Members Report Share Posted January 9, 2014 (edited) Acesta este un mic dork scanner scris in Js/php care se foloseste de serviciul de cautare bing.Am incercat pe cateva dorkuri si scote destul de bine.In cazul in care bing va blocheaza ,decomentati linia 6 si eventual schimbati proxy-ul.index.html<html><head><title>Bing dorks extractor</title></head><body><label>Dork: </label><input type="text" id="dk" /><br><label>Dump file:</label><input type="text" id="df" /><br><label>Service: </select><select id="sel"><option>Google</option><option>Bing</option></select><br><input type="button" id="btn" value="Scan" onclick="if(this.value=='Scan'){scaneaza();this.value='Stop';}else if(this.value=='Stop'){this.value='Scan';work=0;}else if(this.value='Continue'){work=1;go(contor);this.value='Stop';}" /><div id="r"></div><div id="ar"></div><script>var drk=document.getElementById('dk');var opt=document.getElementById('sel');var contor;var pagina;var dork;var total;var work;var file=document.getElementById('df');var area=document.getElementById('ar');var c1=document.getElementById('r');xmlhttp = new XMLHttpRequest();function go(c){if(opt.value=='Google'){if(file.value!="")xmlhttp.open("GET", "get.php?t=google&dk="+encodeURIComponent(dork)+"&cont="+c+"&file="+file.value, true);elsexmlhttp.open("GET", "get.php?t=google&dk="+encodeURIComponent(dork)+"&cont="+c+"&file=", true);}else{if(file.value!="")xmlhttp.open("GET", "get.php?t=bing&dk="+encodeURIComponent(dork)+"&cont="+c+"&file="+file.value+"&pag="+pagina, true);elsexmlhttp.open("GET", "get.php?t=bing&dk="+encodeURIComponent(dork)+"&cont="+c+"&file="+"&pag="+pagina, true);}xmlhttp.overrideMimeType('text/html; charset=UTF-8');xmlhttp.onreadystatechange = function() {if (xmlhttp.readyState == 4) {parse();}}xmlhttp.send(null)}function scaneaza(){if(opt.value=="Google"){dork=drk.value;pagina=-1;contor=1;work=1;go(contor);}else{dork=drk.value;pagina=1;contor=1;total=111111111111111;work=1;go(contor);}}function parse(){sursa=xmlhttp.responseText;if(opt.value=="Google"){ if(sursa.search("- did not match any documents.")>-1){ alert('Gata!'); }else if(sursa.search("blockedblockedblockedblockedblockedblockedblocked")>-1){ alert('Blocat!'); }else{ if(pagina==-1){ total=parseInt(sursa); go(contor); contor=1; pagina=1; }else{ if(pagina<total){ if(pagina==1) contor=10; else contor=contor+10; pagina++; c1.innerHTML="Pagina "+pagina+" din "+total; s=sursa.split(","); for(i=0;i<s.length;i++) area.innerHTML=area.innerHTML+s[i]+"<br>"; go(contor); } } }}else{if(work==1){if(pagina<total){if(sursa.search("blockedblockedblockedblockedblockedblockedblocked")>-1){alert('Blocat!');work=0;document.getElementById('btn').value='Continue';}else{if(pagina==1){total=sursa.split("<!--AllContent");total=total[1].split("--");total=(parseInt(total)/10)+1;s=sursa.replace("<!--AllContent"+total+"--"+">");}s=sursa.split(",");for(i=0;i<s.length;i++) area.innerHTML=area.innerHTML+s[i]+"<br>";contor=contor+10;pagina++;c1.innerHTML="Pagina "+pagina+" din "+total;go(contor);}}else{alert('Gata');document.getElementById('btn').value='Start';work=0;}}}}</script></body></html>get.php<?phpsession_start();if($_REQUEST['t']=='google'){if(!isset($_SESSION['prox']))$_SESSION['prox']=0;$proxy=array("nimic","217.12.113.67:443","222.124.198.136:3129","91.214.200.45:8080");$useragent = "Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.14912/870; U; id) Presto/2.4.15";if($_REQUEST['cont']==1){$data=file_get_contents("http://www.google.com/search?hl=en&tbo=d&site=&source=hp&q=".urlencode($_REQUEST['dk']));$split=explode('<div class="sd" id="resultStats">About ',$data);$split=explode(' results',$split[1]);echo ((int)str_replace(",","",$split[0])/10);}else{$ch = curl_init ();curl_setopt ($ch, CURLOPT_URL, "http://www.google.com/search?hl=en&tbo=d&site=&source=hp&q=".urlencode($_REQUEST['dk'])."&start=".$_REQUEST['cont']);//curl_setopt($ch, CURLOPT_PROXY,"217.12.113.67:443");curl_setopt ($ch, CURLOPT_USERAGENT, $useragent);curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);$output = curl_exec ($ch);curl_close($ch);if(strpos($output,"To continue, please type the characters below:")!=false){$_SESSION['prox']=(int)$_SESSION['prox']+1;echo $_SESSION['prox'];echo 'blockedblockedblockedblockedblockedblockedblocked';exit;}$split=explode('<div style="clear:both"><a href="/url?q=',$output);for($i=1;$i<count($split);$i++){ $aux=explode("&sa=U",$split[$i]); echo urldecode($aux[0])."<br>";}}}else{if(!isset($_SESSION['pro']))$_SESSION['pro']=0;function start(){$useragent=array("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11","Mozilla/5.0 (X11; U; Linux i686; es-AR; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7","Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))","Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25");$proxy=array("217.12.113.67:443","222.124.198.136:3129","91.214.200.45:8080");if($_REQUEST['pag']=="1")$url="http://www.bing.com/search?q=".urlencode($_REQUEST['dk'])."&qs=n&form=QBLH&pq=".urlencode($_REQUEST['dk'])."&sc=0-5&sp=-1&sk=";else{if($_REQUEST['pag']=="2")$url="http://www.bing.com/search?q=".urlencode($_REQUEST['dk'])."&qs=n&pq=".urlencode($_REQUEST['dk'])."&sc=0-5&sp=-1&sk=&first=11&FORM=PERE";else$url="http://www.bing.com/search?q=".urlencode($_REQUEST['dk'])."&qs=n&pq=".urlencode($_REQUEST['dk'])."&sc=0-0&sp=-1&sk=&first=".$_REQUEST['cont']."&FORM=PERE".$_REQUEST['pag'];}$ch=curl_init();curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_PROXY,$proxy[(int)$_SESSION['pro']]);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_TIMEOUT, 200);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);curl_setopt($ch, CURLOPT_MAXREDIRS, 2); curl_setopt($ch, CURLOPT_USERAGENT,$useragent[rand(0,count($useragent)-1)]);curl_setopt($ch, CURLOPT_COOKIEJAR, "cookies.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "cookies.txt");curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);$data1 = curl_exec($ch);curl_close($ch);$data1=str_replace(",","",$data1);return $data1;}//".urlencode($_REQUEST['dk'])." cont=$data=start();if(strpos($data,"Bad Request")!=false||strpos($data,"Pardon the interruption")!=false){echo 'blockedblockedblockedblockedblockedblockedblocked';$s=(int)$_SESSION['pro'];if($s<(count($proxy)-1))$_SESSION['pro']=(int)$_SESSION['pro']+1;exit;}//$split=explode('',$data);if($_REQUEST['cont']=="1"){$split=explode('<span class="sb_count" id="count">',$data);$split=explode(' results',$split[1]);echo '<!--AllContent'.$split[0].'-->';}$split=explode('<div class="sb_tlst"><h3><a href="',$data);if($_REQUEST['file']!="")$f=fopen($_REQUEST['file'],'a');for($i=1;$i<count($split);$i++){ $aux=explode('"',$split[$i]); if($_REQUEST['file']!="") fwrite($f,strip_tags(urldecode($aux[0]))."\r\n"); echo strip_tags(urldecode($aux[0])).",";}if($_REQUEST['file']!="")fclose($f);}?>In a doua casuta puteti scrie numele unui fisier unde se vor adauga datele dupa ce au fost extrase.Daca aveti buguri/sugestii nu ezitati sa dati un pm.Seara buna//Am facut modificari puteti sa va adaugati lista cu proxy-uri in array-u $proxy Edited January 23, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...
joetunna Posted February 16, 2014 Report Share Posted February 16, 2014 Da o eroare zice "Blocat!" . Quote Link to comment Share on other sites More sharing options...
Bolovanus Posted February 16, 2014 Report Share Posted February 16, 2014 Da o eroare zice "Blocat!" .why not python with multithread? => fct. de fallen//cum: python bing.py dork nr pagini//exemplu: python bing.py pages.php?id=1 3#!/usr/bin/python2.7import urllib2import reimport sysimport threading#------------------------------------------------------------------------------#Usage: python bing.py dork number_of_pages#Example: python bing.py pages.php?id= 3#------------------------------------------------------------------------------def searchBing(dork, nr): ''' Search on Bing after a dork and get a nr of pages with results. dork - the keyword nr - number of pages Return a list with all URLs ''' url = ''.join(("http://www.bing.com/search?q=", re.sub(r'\s+', '%20', str(dork)), "&first=", str(nr))) request = urllib2.Request(url) request.add_header('User-agent', 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0') response = urllib2.urlopen(request).read() return set(re.findall(r'<h3><a href="(.+?)"', response))def checkLink(url): try: req = urllib2.Request(url + "'") req.add_header('User-agent', 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0') res = urllib2.urlopen(req).read() errors = ['You have an error in your SQL syntax', 'ODBC Microsoft Access Driver', 'Microsoft OLE DB Provider for SQL Server', 'Unclosed quotation mark', 'Microsoft OLE DB Provider for Oracle' 'Microsoft JET Database Engine error', 'SQL query failed', 'Warning: mysql_query', 'Warning: mysql_fetch_row', 'Warning: mysql_fetch_assoc', 'Warning: mysql_fetch_object', 'Warning: mysql_numrows', 'Warning: mysql_num_rows', 'Warning: mysql_fetch_array', 'Warning: pg_connect', 'Oracle ODBC', 'Oracle Error', 'Oracle Driver', 'Microsoft JET Database Engine error', 'Microsoft OLE DB Provider for SQL Server error', 'error in your SQL syntax', 'Error converting data type varchar to numeric', 'Input string was not in a correct format', 'Warning: mysql_result', 'Warning: pg_exec', 'Warning: array_merge', 'Warning: preg_match', 'Incorrect syntax near'] for error in errors: if error in res: print 'Found!!! %s' % url with open('vuln.txt', 'a') as myfile: myfile.write(url + '\n') break except: passfor number in range(1, (int(sys.argv[2]) * 10) + 1, 10): for link in searchBing(sys.argv[1], number): t = threading.Thread(target=checkLink, args=(link,)) t.start() Quote Link to comment Share on other sites More sharing options...
joetunna Posted February 19, 2014 Report Share Posted February 19, 2014 Am rezolvat. Mercii! Quote Link to comment Share on other sites More sharing options...
