Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // ENV SCANNER by 0xCor3 | Security Ghost
- // ini_set('display_errors', 1);
- ini_set('default_socket_timeout', 5);
- error_reporting(E_ALL);
- class env_scanner
- {
- public $list;
- private $ch;
- public function __construct($file)
- {
- if(is_file($file) && file_exists($file))
- {
- $this->list = explode("\r\n", file_get_contents($file));
- }else
- {
- die(sprintf("file %s not found.", $file));
- }
- }
- public function run(){
- sprintf("[#] List Total : %s", count($this->list));
- foreach($this->list as $url)
- {
- $url = $this->domain_parser($url);
- echo sprintf("[>] Scanning based domain of %s status %s", $url['domain'], $this->check_env($url['domain_protocol']) == true ? "[OK]" : "[NF]").PHP_EOL;
- echo sprintf("[*] Getting Subdomains and Reversing IP of %s", $url['domain_protocol']).PHP_EOL;
- $leecher = $this->subdomain_leecher($url['domain']);
- if(isset($leecher[1])){
- echo sprintf("[*] Total Subdomain of %s is %d", $url['domain'], count($this->subdomain_leecher($url['domain_protocol']))).PHP_EOL;
- foreach($leecher as $result){
- echo sprintf("\t[/] Subdomains %s status %s",$result, $this->check_env("http://".$result."/.env") == true ? "[OK]" : "[NF]").PHP_EOL;
- }
- }else{
- echo "\t[!] Domain doesn't have subdomains.".PHP_EOL;
- }
- }
- }
- private function domain_parser($url){
- $domain = explode("/", $url);
- return array(
- "domain" => str_replace(array("http://", "https://"), array("", ""), $domain[2]),
- "domain_protocol" => $domain[0]."//".$domain[2]
- );
- }
- private function check_env($env_url)
- {
- return preg_match("/DB_CONNECTION|APP_ENV|PUSHER_APP_ID/i", $this->cURL($env_url."/.env")) ? true : false;
- }
- private function subdomain_leecher($domain)
- {
- $domain = str_replace(array("www.", "https://", "http://"), "", $domain);
- $headers = array();
- $headers[] = 'Sec-Fetch-Mode: cors';
- $headers[] = 'Origin: https://hackertarget.com';
- $headers[] = 'Accept-Language: en-US,en;q=0.9,id;q=0.8';
- $headers[] = 'X-Requested-With: XMLHttpRequest';
- $headers[] = 'Cookie: _ga=GA1.2.1946554911.1569521943; _gid=GA1.2.958707370.1569521943; _gat=1';
- $headers[] = 'Pragma: no-cache';
- $headers[] = 'User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36';
- $headers[] = 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8';
- $headers[] = 'Accept: text/html, */*; q=0.01';
- $headers[] = 'Cache-Control: no-cache';
- $headers[] = 'Authority: hackertarget.com';
- $headers[] = 'Referer: https://hackertarget.com/find-dns-host-records/';
- $headers[] = 'Sec-Fetch-Site: same-origin';
- $post = $this->cURL("https://hackertarget.com/find-dns-host-records/", $headers, "theinput=".trim($domain)."&thetest=hostsearch&name_of_nonce_field=d385c70e4e&_wp_http_referer=%2Ffind-dns-host-records%2F");
- preg_match('#<pre id="formResponse">(.*?)<\/pre>#si', $post, $hasil);
- if(!preg_match('/error check your search parameter/i', $hasil[1])){
- foreach(explode("\n", $hasil[1]) as $res){
- $explode = explode(",", $res);
- if($explode[0] != NULL){
- $hasilz[] = $explode[0];
- }
- }
- return $hasilz;
- }else{
- return "[!] Domain doesn't have subdomains.".PHP_EOL;
- }
- }
- private function cURL($url, array $headers = NULL, $post = 0)
- {
- $this->ch = curl_init();
- $curl_options = array(
- CURLOPT_URL => $url,
- CURLOPT_RETURNTRANSFER => true,
- CURLOPT_SSL_VERIFYPEER => false,
- CURLOPT_SSL_VERIFYHOST => false,
- CURLOPT_TIMEOUT => 7,
- CURLOPT_CONNECTTIMEOUT => 7,
- );
- if ($headers != NULL){ $curl_options[CURLOPT_HTTPHEADER] = $headers; }
- if ($post){ $curl_options[CURLOPT_POST] = true; $curl_options[CURLOPT_POSTFIELDS] = $post; }
- curl_setopt_array($this->ch, $curl_options);
- return curl_exec($this->ch);
- curl_close($this->ch);
- }
- }
- echo ">> Lists file : "; $file = trim(fgets(STDIN));
- $hyper_env = new env_scanner($file);
- print_r($hyper_env->run());
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement