Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Coder: Mr.Kro0oz.305
- Grtz 2: wis-security
- */
- @set_time_limit(0);
- // SubDomains List
- $subs = array(
- "app",
- "apps",
- "cpanel",
- "ftp",
- "mail",
- "webmail",
- "smtp",
- "pop",
- "pop3",
- "direct-connect",
- "direct-connect-mail",
- "record",
- "ssl",
- "dns",
- "help",
- "blog",
- "forum",
- "doc",
- "home",
- "shop",
- "vb",
- "www",
- "web",
- "webadmin",
- "weblog",
- "webmail",
- "webmaster",
- "webservices",
- "webserver",
- "log",
- "logs",
- "images",
- "lab",
- "ftpd",
- "docs",
- "download",
- "downloads",
- "about",
- "backup",
- "chat",
- "data",
- "smtp",
- "upload",
- "uploads",
- "ns1",
- "ns2",
- "record",
- "ssl",
- "imap",
- "result",
- "vip",
- "demo",
- "beta",
- "video",
- );
- $proxy = "186.42.121.150:80";
- echo"
- .-..-. .-..-. .--. .----. .--. .----.
- : `' : : :' ; : ,. : `-- ;: ,. :: .--'
- : .. :.--. : ' .--. .--. : :: : .--. .---. .' ' : :: :`. `.
- : :; :: ..'_ : :.`.: ..'' .; :: :; :' .; :`-'_.' _ _`,`.: :; :.-`, :
- :_;:_;:_; :_;:_;:_;:_; `.__.'`.__.'`.__.'`.___;:_;`.__.'`.__.'`.__.'
- \n";
- echo"\r\n [+] Target (without http://) :"; // Put Target
- $target=trim(fgets(STDIN,1024));
- echo "\n[+]------------------------ Start --------------------------[+]\n\n";
- echo"\r\n [+] START INFORMATION GATHERING: \n\n";
- echo"[-] Host IP : ".gethostbyname($target)." \n";
- $sourc = @file_get_contents("http://www.whois.com/whois/$target");
- preg_match_all("#<br>Name Server:(.*?)<br>#i",$sourc,$name);
- $nameservers = $name[1];
- foreach($nameservers as $nameserver){
- echo"[-] Name Server: $nameserver \n";
- }
- $source = @file_get_contents("http://www.mydnstools.info/webserverinfo/$target");
- preg_match_all("#<b>Server: (.*?)
- </b>#i",$source,$serv);
- $servers = $serv[1];
- foreach($servers as $server){
- echo"[-] Server: $server \n";
- }
- echo"\r\n [+] START FIND SUBDOMAINS: \n\n";
- foreach($subs as $sub){
- $Check = @fsockopen("$sub.$target", 80);
- if($Check)
- {
- echo "[-] ".$sub.".".$target." : ".gethostbyname($sub.".".$target)." \n";
- }
- }
- $get = @file_get_contents("http://www.pagesinventory.com/search/?s=$target");
- preg_match_all("#<td><a href=\"\/domain\/(.*?).html\">#i",$get,$matches);
- $rzlts = $matches[1];
- foreach($rzlts as $rzlt){
- echo"[-] ".$rzlt." : ".gethostbyname($rzlt)." \n";
- }
- echo"\r\n [+] START REVERSE IP: \n\n";
- if(empty($proxy)) {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "http://domains.yougetsignal.com/domains.php");
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress={$target}");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($ch);
- curl_close($ch);
- if(preg_match_all("#\"domainCount\":\"(.*?)\"#",$postResult,$domain)) {
- $nigga = $domain[1];
- }
- foreach ($nigga as $domains) { echo "[-] Total Websites: $domains\n"; }
- if(preg_match_all("#\[([^\]]*)\]#",$postResult,$fuck)){
- $zebi = $fuck[1];
- }
- foreach ($zebi as $fucck) {
- if(preg_match_all("#\"(.*?)\", \"\"#",$fucck,$matches)) {
- $klawi = $matches[1];
- foreach ($klawi as $fuckaa) {
- $save = fopen('Log.txt','ab');
- fwrite($save,"http://".$fuckaa."/\r\n");
- fclose($save);
- } }} echo "\n[-] Result in Log.txt\n";
- } else {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "http://domains.yougetsignal.com/domains.php");
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress={$target}");
- curl_setopt($ch, CURLOPT_PROXY, $proxy);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($ch);
- curl_close($ch);
- if(preg_match_all("#\"domainCount\":\"(.*?)\"#",$postResult,$domain)) {
- $nigga = $domain[1];
- }
- foreach ($nigga as $domains) { echo "[-] Total Websites: $domains\n"; }
- if(preg_match_all("#\[([^\]]*)\]#",$postResult,$fuck)){
- $zebi = $fuck[1];
- }
- foreach ($zebi as $fucck) {
- if(preg_match_all("#\"(.*?)\", \"\"#",$fucck,$matches)) {
- $klawi = $matches[1];
- foreach ($klawi as $fuckaa) {
- $save = fopen('Log.txt','ab');
- fwrite($save,"http://".$fuckaa."/\r\n");
- fclose($save);
- } }}
- echo "\n[-] Result in Log.txt\n"; }
- echo"\r\n [+] START GRABBING WORDPRESS AND JOOMLA WEBSITES: \n\n";
- $sites=file("./log.txt");
- echo" [-] Start Grabbing Joomla Websites: \n\n";
- foreach ($sites as $site){
- $src = @file_get_contents("".$site."/administrator/"); // Get source
- if(eregi("Joomla!",$src)){ // Grab WEBSITES use joomla
- echo"[-] $site \n";
- }
- else{
- echo"[-] Nothing Found ..!! \n";
- }
- echo" [-] Start Grabbing WordPress Websites: \n\n";
- $src = @file_get_contents("".$site."/wp-login.php"); // Get Source
- if(eregi("wordpress",$src)){ // Grab WEBSITES use wordpress
- echo"[-] $site \n";
- }
- }
- echo "\n\n[+]------------------------ ./Done --------------------------[+]\n\n";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement