Intranet detection Script & simple proxy access jsp/php source sharing

PHP Intranet Detection Script & simple proxy access

..

1. Direct access to the default scan of the current IP section C, get the title, Web container.

2. Can customize the incoming need to scan the segment, incoming parameter IP can

3. Proxy access parameters for the URL, can be a simple access to the intranet web, by the way, I also loaded the website CSS, so as to look and direct access to the same effect

<%@ page language= "java"  import= "java.util.*"  pageencoding= "UTF-8"%>  <%@  page isthreadsafe= "false"%>  <% @page  import= "Java.io.PrintWriter"%>  <%@ Page import= "Java.io.OutputStreamWriter"%>  <% @page  import= "Java.util.regex.Matcher"%>   <% @page  import= "java.io.IOException"%>  <% @page  import= "java.net.InetAddress"% >  <% @page  import= "Java.util.regex.Pattern"%>  <% @page  import= " Java.net.HttpURLConnection "%>  <% @page  import=" Java.util.concurrent.LinkedBlockingQueue "%>   <%!final static List<String> list = new ArrayList<String> () ;    String referer =  "";    String cookie =  "";     String decode =  "Utf-8";    int thread = 100;     httpurlconnecTion gethttpconn (string urlstring)  {      try {         java.net.url url = new java.net.url (urlString);         java.net.HttpURLConnection conn =  (java.net.HttpURLConnection)  url             .openconnection ();         conn.setrequestmethod ("get");         Conn.addrequestproperty ("user-agent",            ) mozilla/4.0  (compatible; msie 7.0; windows nt 5.1; maxthon;) ");         conn.addrequestproperty ("accept-encoding",  "gzip");         conn.addrequestproperty ("Referer",  referer);         Conn.addrequestproperty ("Cookie",  cookie);        //conn.setinstancefollowredirects (false);         conn.setconnecttimeout (3000);         Conn.setreadtimeout (3000);        return conn;       } catch  (exception e)  {        return null;       }    }    HttpURLConnection conn;     string gethtmlcontext (Httpurlconnection conn, string decode)  {       Map<String, Object> result = new HashMap<String,  Object> ();      try {        String  code =  "Utf-8";        if  (decode != null)  {   &NBSP;&NBSP;&NBSP;     code = decode;        }         stringbuffer html = new stringbuffer ();         java.io.inputstreamreader isr = new java.io.inputstreamreader (
            conn.getinputstream (),  code);        java.io.bufferedreader br = new java.io.bufferedreader (ISR);        String temp;         while  ((Temp = br.readline ())  != null)  {           if  (!temp.trim (). Equals (""))  {         
   html.append (temp). Append ("\ n");          }        }        br.close ();         isr.close ();        return html.tostring ();       } catch  (exception e)  {         System.out.println ("Gethtmlcontext:" +e.getmessage ());        return  " Null ";      }    }    string getservertype ( Httpurlconnection conn)  {      try {         return conn.getheaderfield ("Server");      } catch  ( exception e)  {        return  "null";       }    }    string gettitle (string htmlsource)  {       try {  &NBSP;&NBsp;    list<string> list = new arraylist<string> ();        String title =  "";         pattern pa = pattern.compile ("<title>.*?</title>");         matcher ma = pa.matcher (htmlsource);         while  (Ma.find ())  {          list.add (Ma.group ());         }        for  (int i  = 0; i < list.size ()  i++)  {        
  title = title + list.get (i);        }        return title.replaceall ("<.*?>",  "");       } catch  (exception e)  {        return null;       }    }    list<string> getcss (string html,  String url, string decode)  {      list<string> cssurl  = new ArrayList<String> ();      list<string> csscode  = new ArrayList<String> ();      try {         String title =  "";        pattern  pa = pattern.compile (". *href=\" (. *) [.] CSS ");        matcher ma = pa.matcher (Html.toLowerCase ());         while  (Ma.find ())  {           cssurl.add (Ma.group (1)  +  ". css");  &NBSP;&Nbsp;    }        for  (int i = 0;  i < cssurl.size ()  i++)  {           string cssuuu = url +  "/"  + cssurl.get (i);           String csshtml =  "<style>"                + gethtmlcontext (Gethttpconn (cssuuu),  decode)                +  "</style>";    
      csscode.add (csshtml);        }      } catch  (exception e)  {         System.out.println ("Getcss:" +e.getmessage ());      }       Return csscode;&nbSp   }    string getmyiplocal ()  throws IOException {       inetaddress ia = inetaddress.getlocalhost ();       Return ia.gethostaddress ();    }%>  <%    string u =  request.getparameter ("url");    string ip = request.getparameter ("IP");     if  (u != null)  {      decode =  Request.getparameter ("decode");      string ref = request.getparameter (
"Referer");      string cook = request.getparameter ("cookie");      if  (ref != null)  {         referer = ref;      }      if  (cook !=  null)  {  &NBsp;     cookie = cook;      }       string html = gethtmlcontext (Gethttpconn (U),  decode);       list<string> css = getcss (html, u, decode);      
string csshtml =  "";      if  (!html.equals ("null"))  {        for  (Int i = 0; i < css.size ();
 i++)  {          csshtml += css.get (i);        }        out.print (html +  csshtml);      } else {         Response.setstatus (Httpservletresponse.sc_not_found);        out.print ("Request failed!") ");  &NBSP;&NBSP;&NBsp; }      return;    }    else if  (IP  != null | |  u == null)  {      String threadpp =  ( Request.getparameter ("thread"));      if  (threadpp != null)  {         thread = integer.parseint (THREADPP);         system.out.println (THREADPP);      }       try {        try {           String http =  "http://";           String localip = getmyiplocal ();          if  ( Ip != null)  {            localip =  ip;          }           string useip = localip.substring (0,               localip.lastindexof (".")  + 1);          final Queue<String>  Queue = new linkedblockingqueue<string> ();           for  (int i = 1; i <= 256; i++)  {             string url = http + useip +  i;            queue.offer (URL);           }          final  jspwriter pw = out;          tHreadgroup tg = new threadgroup ("C");           for  (int i = 0; i < thread; i++)  {    
        new thread (tg, new runnable ()  {              public void run ()  {                 while  (True)  {                   String addr = queue.poll ();                   if  (addr != null)  {                     system.out.println (addr);   &NBSP;&NBSP;&NBSP;&NBSP;&NBsp;             httpurlconnection conn  = gethttpconn (addr);                     string html = gethtmlcontext (conn,                          decode);                     string title = gettitle (HTML);                     String serverType =  GETSERVERTYPE (conn);                     String status = !html             &Nbsp;           .equals ("null")  ?  "Success"                          :  "Fail";                     if  (html != null                          && !status.equals ("Fail"))  {                       try {                          Pw.println (addr +  "  >>  " + title +  ">>" +  servertype+  " >> " + status+ " <br/> ");                       } catch  (exception e)  {                          e.printstacktrace ();                       }                     }                   } else {                     return;                   }                 }               }           &nbsp}). Start ();           }           while  (Tg.activecount ()  != 0)  {          }         } catch  (exception e)  {           e.printstacktrace ();        }       } catch  (exception e)  {         Out.println (E.tostring ());      }    } %>

Parameters:

IP [IP segment to be probed]

URL [requires the requested address]

Other parameters:

thread [Specify number of threads]

decode [Specify encoding]

Referer [Forged Referer]

Cookies [Fake cookies]

To be perfected:

1. A c segment may have multiple encoding formats, so specifying a parameter is problematic.

2. Ports can be modified to pass in an array that supports probing multiple port 80,8080.

3. The proxy access function is not perfect, such as loading JS, loading picture, hyperlink replacement to replace the proxy access link, form replacement support real request.

PHP Intranet Detection Script & simple proxy access

<?php $url  = isset ($_request[' u '])? $_request[' U ']:null;
$ip  = isset ($_request[' i ']) $_request[' i ']:null; if ($url  != null) {$host  = gethost ($url); Echo getcss ($host, Gethtmlcontext ($url)); Else if ($ip  != null) {$useIP  = substr ($ip, 0,strripos ($ip, ".")
&NBSP;+&NBSP;1);
Ob_start (); For ($i =0 $i <256; $i + +) {$url  =  "http://". $useIP. $i; $html  = gethtmlcontext ($url); $title
 = gettitle (HTML);
$serverType  = getheader ("Server");
$status  =  $html  ?  "Success":  "Fail"; if ($html) {echo  $url. "   >>   ". $title." >> ". $serverType."  >> ". $status."
<br/> ";
} @ob_flush ();
Flush ();
} Ob_end_clean ();
} function gethtmlcontext ($url) {$ch  = curl_init (); curl_setopt ($ch, curlopt_url,  $url); curl_setopt ($ch,  curlopt_header, true);     //indicates the need for Response header curl_setopt ($ch,&NBSP;CURLOPT_NOBODY,&NBSP;FALSE);  //expressed the need for Response body curl_setopt ($ch,  curlopt_returntransfer,
 true);
curl_setopt ($ch,  curlopt_timeout, 120);
$result  = curl_exec ($ch);
global  $header; if ($result) {$headerSize  = curl_getinfo ($ch,  curlinfo_header_size); $header  = explode ("
\ r \ n ", substr ($result, 0,  $headerSize));
$body  = substr ($result,  $headerSize); if  (Curl_getinfo ($ch,  curlinfo_http_code)  ==  ')  {return  $body;} if  ( Curl_getinfo ($ch,  curlinfo_http_code)  ==  ' 302 ')  {$location  = getheader ("Location
”);
if (Strpos (GetHeader ("Location"), ' http://')  == false) {$location  = gethost ($url). $location;}
Return gethtmlcontext ($location);
} return null; } function getheader ($name) {global  $header; foreach  ($header  as  $loop)  {if (Strpos ( $loop, $name)  !== false) {RETURN&NBsp;trim (substr ($loop, strlen ($name) +2)); }} function gettitle ($html) {preg_match ("/<title>") (. *?)
<\/title>/i ", $html,  $matches);
return  $matches [1]; } function gethost ($url) {preg_match ("/^" (http:\/\/)?
[^\/]+)/I ", $url,  $matches);
return  $matches [0]; } function getcss ($host, $html) {preg_match_all ("/<link[\s\s]*?href=[' \"] (. *?[.] Css.*?) [\”‘]
[\s\s]*?>/i ", $html,  $matches);
Print_r ($matches); foreach ($matches [1] as  $v) {$cssurl  =  $v; if (Strpos ($v, ' http://')  == false) {$ cssurl =  $host. "
/". $v; $csshtml  =  "<style>". file_get_contents ($cssurl).
</style> ";
$html  .=  $csshtml;
} return  $html; }?>