SubDomain Scanner v1.0

1. <?php
2.  
3.         /*
4.                 Bing SubDomain Scanner By injector_ma
5.         */
6. error_reporting(0);
7. set_time_limit(0);
8.  
9. if (!function_exists ("curl_exec"))
10.         die ("Fatal Error : cURL Extension is not Installed...\n");
11.  
12. $domain = $argv[1];
13.        
14. echo"
15. _________    ___.        .___                    .__              
16. /   _____/__ _\_ |__    __| _/____   _____ _____  |__| ____   ______
17. \_____  \|  |  \ __ \  / __ |/  _ \ /     \\__  \ |  |/    \ /  ___/
18. /        \  |  / \_\ \/ /_/ (  <_> )  Y Y  \/ __ \|  |   |  \\___ \
19. /_______  /____/|___  /\____ |\____/|__|_|  (____  /__|___|  /____  >
20.       \/          \/      \/            \/     \/        \/     \/
21. \n";
22.  
23. if(count(Bingsub ($domain)) == 0){
24.  
25. $subs = array(
26. "app","apps","cpanel","ftp","mail","mysql","webmail","smtp","pop","pop3","direct-connect",  
27. "direct-connect-mail","record","ssl","dns","help","blog","forum","doc","home","shop",  
28. "vb","www","web","webadmin","weblog","webmail","webmaster","webservices","webserver",  
29. "log","logs","images","lab","ftpd","docs","download","downloads","about","backup",  
30. "chat","data","smtp","upload","uploads","ns1","ns2","record","ssl","imap","result",
31. "vip","demo","beta","video"
32. );
33.  
34.         echo"\n\t\tNothing Found. Start Using Brute Force Methode ...\n\n";
35.        
36.         foreach($subs as $sub){
37.  
38.                 $Check = @fsockopen("$sub.$domain", 80);
39.                 if($Check){
40.                         echo  "$sub.$domain : ".gethostbyname("$sub.$domain")." \n\n";
41.                         $save = fopen('subdomains.txt','ab');
42.                         fwrite($save,"http://$sub.$domain\r\n");
43.                         fclose($save);
44.                 }
45.         }
46. }else{
47.  
48.         foreach(Bingsub ($domain) as $sub){
49.  
50.                 echo $sub." : ";
51.                         echo gethostbyname($sub)."\r\n";
52.        
53.                 $save = fopen('subdomains.txt','ab');
54.                 fwrite($save,"http://".$sub."\r\n");
55.                 fclose($save);
56.         }
57. }
58.                
59. function Bingsub ($domain)
60. {
61.  
62. for($i = 1; $i <= 1000; $i += 10){
63.         $gt = curlreq("http://www.bing.com/search?q=".urlencode("domain:$domain")."&first=$i","msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
64.         $searchme = '#<h2><a href="(.*?)"#i';
65.         if (preg_match_all ($searchme, $gt, $matches)){
66.                 foreach ($matches[1] as $matches){
67.                         $urls[] = cleanme ($matches);
68.                 }
69.         }
70.         if(!preg_match('#class="sb_pagN"#',$gt)) break;
71. }
72. if(!empty($urls) && is_array($urls)){
73.         return array_unique($urls);
74.     }
75. }
76.  
77. function cleanme ($link){
78.     return str_replace("www.","",parse_url($link, PHP_URL_HOST));
79. }
80.  
81. function curlreq($url, $user_agent, $proxy = FALSE, $post = FALSE)
82. {
83.         $ch = @curl_init($url);
84.         @curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
85.         @curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
86.         @curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
87.         if ($proxy)
88.         {
89.                 @curl_setopt ($ch, CURLOPT_PROXY, $proxy);
90.         }
91.         if ($post)
92.         {
93.                 @curl_setopt ($ch, CURLOPT_POST, TRUE);
94.                 @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
95.         }
96.         @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
97.         @curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
98.         $source = @curl_exec($ch);
99.        
100.     @curl_close($ch);
101.     return $source;
102. }