有需要csdn免积分下载、pudn免积分下载、51cto免积分，请到http://www.itziy.com/
命令行下执行，直接php调用将显示使用方式
功能说明
1.支持代理
2.支持设置递归检查次数
3.支持输出类型控制、检查内容控制
作用：
主要代替肉眼尽量多的抓取可能的请求包及url地址等，方便渗透测试 0) { echo 'remain: ',$num,' now start to check for url address',php_eol,php_eol; preg_match_all('//i', $result, $match); if (check_a_tag && isset($match[2]) && !empty($match[2])) { foreach ($match[2] as $mc) { $mc = trim($mc); if ($mc == '#') continue; if (stripos($mc, 'http') === false) $mc = $host.$mc; if (($ret = check_valid_url($mc))) { if (!isset($outputarr[md5($mc)])) { $outputarr[md5($mc)] = $mc; file_put_contents($output, $mc.\n, file_append); echo 'url: ',$mc,' find ajax require so save it',php_eol; } } } } //check for page url echo 'remain: ',$num,' now start to check for page url',php_eol,php_eol; preg_match_all('/(https?|ftp|mms):\/\/([a-z0-9]+[_\-]?[a-z0-9]+\.)*[a-z0-9]+\-?[a-z0-9]+\.[a-z]{2,}(\/.*)*\/?/i', $result, $match); if (check_url && isset($match[2]) && !empty($match[2])) { foreach ($match[2] as $mc) { $mc = trim($mc); if ($mc == '#') continue; if (stripos($mc, 'http') === false) $mc = $host.$mc; if (($ret = check_valid_url($mc))) { if (!isset($outputarr[md5($mc)])) { $outputarr[md5($mc)] = $mc; file_put_contents($output, $mc.\n, file_append); echo 'url: ',$mc,' find ajax require so save it',php_eol; } } } } //check for javascript ajax require echo 'remain: ',$num,' now start to check for javascript ajax require',php_eol,php_eol; preg_match_all('//i', $result, $match); if (check_js_tag && isset($match[2]) && !empty($match[2])) { foreach ($match[2] as $mc) { $mc = trim($mc); if ($mc == '#') continue; if (stripos($mc, 'http') === false) $mc = $host.$mc; if (($ret = check_valid_url($mc))) { //check for current page foreach ($checkarr as $ck) { if (!isset($outputarr[md5($mc)]) && strpos($ret, $ck) !== false) { $outputarr[md5($mc)] = $mc; file_put_contents($output, $mc.\n, file_append); echo 'url: ',$mc,' find ajax require so save it',php_eol; break; } } } } } if ($reverse) return; //check for next page preg_match_all('//i', $result, $match); if (isset($match[2]) && !empty($match[2])) { echo 'check for next page, remain page counts: ',$num,php_eol; foreach ($match[2] as $mc) { $mc = trim($mc); if ($mc == '#') continue; if (stripos($mc, 'http') === false) $mc = $host.$mc; echo 'check for next page: ',$mc,php_eol; work(check_valid_url($mc), true); } } $num--; sleep(3); }}function check_valid_url($url){ if (stripos($url, 'http') === false) $url = 'http://'.$url; $ch = curl_init(); curl_setopt($ch, curlopt_url, $url); curl_setopt($ch, curlopt_header, true); curl_setopt($ch, curlopt_followlocation, true); curl_setopt($ch, curlopt_returntransfer, true); curl_setopt($ch, curlopt_useragent, 'mozilla/5.0 (compatible; googlebot/2.1; +http://www.google.com/bot.html)'); if (!is_null($header)) curl_setopt($ch, curlopt_httpheader, $header); if (!is_null($proxy)) curl_setopt($ch, curlopt_proxy, $proxy); $ret = curl_exec($ch); $errinfo = curl_error($ch); curl_close($ch); unset($ch); if (!empty($errinfo) || ((strpos($ret, '200 ok') === false) && (strpos($ret, '302 moved') === false)) || strpos($ret, '114so.cn') !== false) { showerror('check url: '.$url. ' find some errors', array($errinfo, $ret)); if (save_error) file_put_contents(dirname(__file__).'/error.txt', $url.\n, file_append); return false; } return $ret;}function check_extension(){ if (!function_exists('curl_init') || !extension_loaded('curl')) return false; return true;}function showerror($t, $c){ $str = #########################################################################\n; $str .= # .$t.\n; if (is_string($c)) $str .= # .$c; elseif (is_array($c) && !empty($c)) { foreach ($c as $c1) $str .= # .$c1.\n; } $str .= \n#########################################################################\n; echo $str; unset($str);}
复制代码