Joom And Word

1. <?php
2.         /*
3.                 Coder: Mr.Kro0oz.305
4.                 Grtz 2: wis-security
5.                
6.         */
7.  
8. @set_time_limit(0);
9.  
10. // SubDomains List
11. $subs = array(
12. "app",
13. "apps",
14. "cpanel",
15. "ftp",
16. "mail",
17. "webmail",
18. "smtp",
19. "pop",
20. "pop3",
21. "direct-connect",
22. "direct-connect-mail",
23. "record",
24. "ssl",
25. "dns",
26. "help",
27. "blog",
28. "forum",
29. "doc",
30. "home",
31. "shop",
32. "vb",
33. "www",
34. "web",
35. "webadmin",
36. "weblog",
37. "webmail",
38. "webmaster",
39. "webservices",
40. "webserver",
41. "log",
42. "logs",
43. "images",
44. "lab",
45. "ftpd",
46. "docs",
47. "download",
48. "downloads",
49. "about",
50. "backup",
51. "chat",
52. "data",
53. "smtp",
54. "upload",
55. "uploads",
56. "ns1",
57. "ns2",
58. "record",
59. "ssl",
60. "imap",
61. "result",
62. "vip",
63. "demo",
64. "beta",
65. "video",
66. );
67.  
68. $proxy = "186.42.121.150:80";
69.  
70. echo"
71. .-..-.       .-..-.            .--.                .----. .--. .----.
72. : `' :       : :' ;           : ,. :               `--  ;: ,. :: .--'
73. : .. :.--.   :   ' .--.  .--. : :: : .--. .---.     .' ' : :: :`. `.
74. : :; :: ..'_ : :.`.: ..'' .; :: :; :' .; :`-'_.' _  _`,`.: :; :.-`, :
75. :_;:_;:_; :_;:_;:_;:_;  `.__.'`.__.'`.__.'`.___;:_;`.__.'`.__.'`.__.'
76.                                                                    
77.                                                                    
78. \n";
79.  
80. echo"\r\n [+] Target (without http://) :"; // Put Target
81. $target=trim(fgets(STDIN,1024));
82.  
83. echo "\n[+]------------------------ Start --------------------------[+]\n\n";
84.  
85. echo"\r\n [+] START INFORMATION GATHERING: \n\n";
86.  
87. echo"[-] Host IP : ".gethostbyname($target)." \n";
88.  
89. $sourc = @file_get_contents("http://www.whois.com/whois/$target");
90. preg_match_all("#<br>Name Server:(.*?)<br>#i",$sourc,$name);
91.  
92. $nameservers = $name[1];
93. foreach($nameservers as $nameserver){
94. echo"[-] Name Server: $nameserver \n";
95. }
96.  
97. $source = @file_get_contents("http://www.mydnstools.info/webserverinfo/$target");
98. preg_match_all("#<b>Server: (.*?)
99. </b>#i",$source,$serv);
100. $servers = $serv[1];
101. foreach($servers as $server){
102. echo"[-] Server: $server \n";
103.  
104. }
105.  
106. echo"\r\n [+] START FIND SUBDOMAINS: \n\n";
107.  
108.      foreach($subs as $sub){
109.  
110.  
111.         $Check = @fsockopen("$sub.$target", 80);
112.          
113.         if($Check)
114.         {
115.  
116.          echo "[-] ".$sub.".".$target." : ".gethostbyname($sub.".".$target)." \n";
117.          
118.         }
119. }
120.  
121. $get = @file_get_contents("http://www.pagesinventory.com/search/?s=$target");
122.  
123. preg_match_all("#<td><a href=\"\/domain\/(.*?).html\">#i",$get,$matches);
124.  
125. $rzlts = $matches[1];
126. foreach($rzlts as $rzlt){
127.  
128. echo"[-] ".$rzlt." : ".gethostbyname($rzlt)." \n";
129. }
130.  
131. echo"\r\n [+] START REVERSE IP: \n\n";
132.  
133. if(empty($proxy)) {
134.  
135.    $ch = curl_init();
136.  curl_setopt($ch, CURLOPT_URL, "http://domains.yougetsignal.com/domains.php");
137.  curl_setopt($ch, CURLOPT_POST, true);
138.  curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress={$target}");
139.  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
140.  $postResult = curl_exec($ch);
141.  curl_close($ch);
142.  
143.  if(preg_match_all("#\"domainCount\":\"(.*?)\"#",$postResult,$domain)) {
144.     $nigga = $domain[1];
145. }
146. foreach ($nigga as $domains) { echo "[-] Total Websites: $domains\n";    }  
147.    if(preg_match_all("#\[([^\]]*)\]#",$postResult,$fuck)){
148.  $zebi = $fuck[1];
149. }
150. foreach ($zebi as $fucck) {  
151.  
152. if(preg_match_all("#\"(.*?)\", \"\"#",$fucck,$matches)) {  
153.         $klawi = $matches[1];
154. foreach ($klawi as $fuckaa)  {  
155.  
156.   $save = fopen('Log.txt','ab');
157.   fwrite($save,"http://".$fuckaa."/\r\n");
158.   fclose($save);
159. } }} echo "\n[-] Result in Log.txt\n";
160. } else {
161.  
162.         $ch = curl_init();
163.  curl_setopt($ch, CURLOPT_URL, "http://domains.yougetsignal.com/domains.php");
164.  curl_setopt($ch, CURLOPT_POST, true);
165.  curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress={$target}");
166.  curl_setopt($ch, CURLOPT_PROXY, $proxy);
167.  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
168.  $postResult = curl_exec($ch);
169.  curl_close($ch);
170.  
171.  if(preg_match_all("#\"domainCount\":\"(.*?)\"#",$postResult,$domain)) {
172. $nigga = $domain[1];
173. }
174. foreach ($nigga as $domains) { echo "[-] Total Websites: $domains\n";    }
175. if(preg_match_all("#\[([^\]]*)\]#",$postResult,$fuck)){
176.  $zebi = $fuck[1];
177. }
178. foreach ($zebi as $fucck) {  
179.  
180.  if(preg_match_all("#\"(.*?)\", \"\"#",$fucck,$matches)) {  
181.         $klawi = $matches[1];
182. foreach ($klawi as $fuckaa)  {  
183.  
184.   $save = fopen('Log.txt','ab');
185.   fwrite($save,"http://".$fuckaa."/\r\n");
186.   fclose($save);
187. } }}
188.  
189. echo "\n[-] Result in Log.txt\n"; }
190.  
191. echo"\r\n [+] START GRABBING WORDPRESS AND JOOMLA WEBSITES: \n\n";
192.  
193. $sites=file("./log.txt");
194.  
195. echo" [-] Start Grabbing Joomla Websites: \n\n";
196.  
197. foreach ($sites as $site){
198.  
199. $src = @file_get_contents("".$site."/administrator/"); // Get source
200.  
201. if(eregi("Joomla!",$src)){ // Grab WEBSITES use joomla
202.  
203. echo"[-] $site \n";
204.  
205. }
206. else{
207. echo"[-] Nothing Found ..!! \n";
208. }
209.  
210. echo" [-] Start Grabbing WordPress Websites: \n\n";
211.  
212. $src = @file_get_contents("".$site."/wp-login.php"); // Get Source
213.  
214. if(eregi("wordpress",$src)){ // Grab WEBSITES use wordpress
215.  
216. echo"[-] $site \n";
217.  
218. }
219. }
220.  
221. echo "\n\n[+]------------------------ ./Done --------------------------[+]\n\n";
222. ?>