Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <pre><?php
- // shodan.io [Search, Dump] all result's
- //
- // Just edit username and password and request from browser filename.php?key=keyword Ex. http://localhost/filename.php?key=freebpx
- //
- set_time_limit(0);
- ###################### enter your account info
- $username = "lollolbadr1"; // shodan username
- $password = "imxOvHTnyq6B"; // shodan password
- ######################
- $keyword= $_GET['key'];
- function login()
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, 'https://account.shodan.io/login');
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded',
- 'Referer: https://account.shodan.io/login?continue=https%3A%2F%2Faccount.shodan.io%2F',
- 'User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:55.0) Gecko/20100101 Firefox/55.0'));
- curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/coks.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/coks.txt');
- curl_setopt($ch, CURLOPT_HEADER, FALSE );
- $rets = curl_exec($ch);
- if (!preg_match("/name='csrf_token' value='(.*?)' \/>/", $rets, $spoof))
- {
- if(!preg_match("/name='csrf_token' value='([a-zA-z0-9]{32})'/", $rets, $spoof))
- {
- preg_match("/name='csrf_token' value='([a-zA-z0-9]{32})'/", $rets, $spoof);
- }
- }
- $scrf = $spoof[1];
- curl_setopt($ch,CURLOPT_POST,true);
- curl_setopt($ch,CURLOPT_POSTFIELDS,'username='.$GLOBALS['username'].'&password='.$GLOBALS['password'].'&grant_type=password&continue=https://account.shodan.io/&csrf_token='.$scrf.'&login_submit=Log in');
- $rets = curl_exec($ch);
- if(preg_match("/Logout/i", $rets))
- {
- return true;
- }
- }
- function search($do)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, 'https://www.shodan.io/search?query='.$GLOBALS['keyword'].'&page='.$do);
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded',
- 'Referer: https://account.shodan.io/login?continue=https%3A%2F%2Faccount.shodan.io%2F',
- 'User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:55.0) Gecko/20100101 Firefox/55.0'));
- curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/coks.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/coks.txt');
- curl_setopt($ch, CURLOPT_HEADER, FALSE );
- curl_setopt($ch,CURLOPT_POST,true);
- curl_setopt($ch,CURLOPT_POSTFIELDS,'username='.$GLOBALS['username'].'&password='.$GLOBALS['password'].'&grant_type=password&continue=https%3A%2F%2Faccount.shodan.io%2F&login_submit=Log+in');
- $rets = curl_exec($ch);
- if(preg_match_all('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\:[0-9]{1,5}/', $rets, $match) or preg_match_all('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $rets, $match))
- {
- foreach($match as $key => $ips)
- {
- foreach($ips as $key => $ip)
- {
- file_put_contents($GLOBALS['keyword'].'.txt', trim($ip) ."\n", FILE_APPEND);
- }
- }
- }
- }
- function totalfound()
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, 'https://www.shodan.io/search/_summary?query='.$GLOBALS['keyword']);
- curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded',
- 'Referer: https://account.shodan.io/login?continue=https%3A%2F%2Faccount.shodan.io%2F',
- 'User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:55.0) Gecko/20100101 Firefox/55.0'));
- curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/coks.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/coks.txt');
- curl_setopt($ch, CURLOPT_HEADER, FALSE );
- $rets = curl_exec($ch);
- if (!preg_match('/class="bignumber">(.*?)<\/div>/', $rets, $spoof))
- {
- preg_match('/class="bignumber">([a-zA-z0-9]{32})<\/div>/', $rets, $spoof);
- }
- $total = $spoof[1];
- return(trim(str_replace(',','',$total)));
- }
- if(isset($GLOBALS['keyword']) && $GLOBALS['keyword'] !="")
- {
- echo "Total Results: ".totalfound() ."<br>";
- $pages = ceil(totalfound() / 10);
- echo "Total Pages: ".$pages."<br>";
- flush ();
- sleep(5);
- if(login()==true)
- {
- file_put_contents($GLOBALS['keyword'].'.txt',$GLOBALS['keyword']."\n", FILE_APPEND);
- for ($i = 0; $i <= $pages; $i++)
- {
- search($i);
- if($i =="200")
- {
- die("finished");
- }
- }
- echo " End ..";
- }else{
- die ("Login Error: check your login information lines 7&8");
- }
- }else{
- die ("file.php?key=apache");
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement