PHP内网探测脚本(内网代理访问+内网端口扫描)

一、代码

';@ob_flush();@flush(); } }}echo '';if(isset($_POST['startip'])&&isset($_POST['endip'])&&isset($_POST['port'])&&isset($_POST['timeout'])){	$startip=$_POST['startip'];$endip=$_POST['endip'];$timeout=$_POST['timeout'];$port=$_POST['port'];$portarr=explode(',',$port);$siparr=explode('.',$startip);$eiparr=explode('.',$endip);$ciparr=$siparr;if(count($ciparr)!=4||$siparr[0]!=$eiparr[0]||$siparr[1]!=$eiparr[1]){exit('IP error: Wrong IP address or Trying to scan class A address');}if($startip==$endip){echo 'Scanning IP '.$startip.'
';@ob_flush();@flush();scanip($startip,$timeout,$portarr);@ob_flush();@flush();exit();} if($eiparr[3]!=255){$eiparr[3]+=1;}while($ciparr!=$eiparr){$ip=$ciparr[0].'.'.$ciparr[1].'.'.$ciparr[2].'.'.$ciparr[3];echo '
Scanning IP '.$ip.'
';@ob_flush();@flush();scanip($ip,$timeout,$portarr);$ciparr[3]+=1; if($ciparr[3]>255){$ciparr[2]+=1;$ciparr[3]=0;}if($ciparr[2]>255){$ciparr[1]+=1;$ciparr[2]=0;}}}/*内网代理代码*/function getHtmlContext($url){     $ch = curl_init();     curl_setopt($ch, CURLOPT_URL, $url);     curl_setopt($ch, CURLOPT_HEADER, TRUE);    //表示需要response header     curl_setopt($ch, CURLOPT_NOBODY, FALSE); //表示需要response body     curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);     curl_setopt($ch, CURLOPT_TIMEOUT, 120);     $result = curl_exec($ch);   global $header;   if($result){        $headerSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE);        $header = explode("\r\n",substr($result, 0, $headerSize));        $body = substr($result, $headerSize);   }     if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '200') {         return $body;     }     if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == '302') {     $location = getHeader("Location");     if(strpos(getHeader("Location"),'http://') == false){       $location = getHost($url).$location;     }         return getHtmlContext($location);     }     return NULL; } function getHost($url){     preg_match("/^(http:\/\/)?([^\/]+)/i",$url, $matches);     return $matches[0]; } function getCss($host,$html){     preg_match_all("//i",$html, $matches);     foreach($matches[1] as $v){     $cssurl = $v;         if(strpos($v,'http://') == false){       $cssurl = $host."/".$v;     }     $csshtml = "";     $html .= $csshtml;   }   return $html; } if($url != null){     $host = getHost($url);     echo getCss($host,getHtmlContext($url)); }?>

其中的代理访问这部分的源码，借鉴了前人的源代码。附上地址：http://zone.wooyun.org/content/22879。对作者表示感谢

用法：

1、端口扫描部分：

填好起始ip、结束ip、自定义端口、超时等，点击扫描即可，十分方便

2、内网代理部分：

直接在文件后面加url参数，注意这里要带着http协议，不然可能css加载不完