Code:
<html> <head> <title></title> </head> <body> <h1></h1> <form action="?" method="GET"> <input type="text" name="host" value="<?PHP echo isset($_GET['host']) ? $_GET['host'] : 'www.example.com'; ?>" /> <input type="submit" value="mandale gas" /> </form> <br><br> <?PHP analizar($_GET['host']); ?> </body> </html> <?PHP //reversedns bing () //reversedns gigablast () //whoishostingthis () //google/bing/otros dorks //dns lookups () //transferencias de zona //brute force de subdominios () function analizar($host){ error_reporting(999999999); error_reporting(0); set_time_limit(0); echo 'Host: '. htmlentities($host, ENT_QUOTES, 'UTF-8').'<br>'; echo '<table><tr><td>IP</td><td>Reverse</td><td>Long ip</td><td>ISP</td><td>Ciudad</td><td>Region</td><td>Pais</td></tr>'; $ip = gethostbynamel($host); foreach ($ip as $this_ip){ $reverse = gethostbyaddr($this_ip); if ( $reverse == $this_ip ) { $reverse = ''; } echo '<tr><td>'.htmlentities($this_ip, ENT_QUOTES, 'UTF-8').'</td>'; echo '<td>'.htmlentities($reverse, ENT_QUOTES, 'UTF-8').'</td>'; echo '<td>'.htmlentities(sprintf("%u", ip2long(trim($this_ip))), ENT_QUOTES, 'UTF-8').'</td>'; $temp = file_get_contents("http://www.melissadata.com/lookups/iplocation.asp?ipaddress=".$this_ip); // print_R($temp); preg_match("@<tr class='tdresul01'><td class='columresult'>ISP</td><td align='left'><b>([^&]+) </b></td></tr>@",$temp,$match); echo '<td>' . htmlentities($match[1], ENT_QUOTES, 'UTF-8') . '</td>'; preg_match("@<tr><td class='columresult'>City</td><td align='left'><b>(.+)</b></td></tr>@",$temp,$match); echo '<td>' . htmlentities($match[1], ENT_QUOTES, 'UTF-8') . '</td>'; preg_match("@<tr class='tdresul01'><td class='columresult'>State or Region</td><td align='left'><b>(.+)</b></td></tr>@",$temp,$match); echo '<td>' . htmlentities($match[1], ENT_QUOTES, 'UTF-8') . '</td>'; preg_match("@<tr><td class='columresult'>Country</td><td align='left'><b>(.+)</b></td></tr>@",$temp,$match); echo '<td>' . htmlentities($match[1], ENT_QUOTES, 'UTF-8') . '</td></tr>'; } echo '</table><br>'; //dns $resultado_dns = dns_get_record($host, DNS_ANY, $authdns); foreach ($resultado_dns as $dns){ if ($dns["type"]=="A"){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["ip"]." (ttl ".$dns["ttl"].")".'<br>'; }elseif ($dns["type"]=="MX"){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["target"]." (".$dns["pri"].") (ttl ".$dns["ttl"].")".'<br>'; }elseif (($dns["type"]=="CNAME") or ($dns["type"]=="NS") or ($dns["type"]=="PTR")){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["target"]." (ttl ".$dns["ttl"].")".'<br>'; }elseif ($dns["type"]=="TXT"){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["txt"]." (ttl ".$dns["ttl"].")".'<br>'; }elseif ($dns["type"]=="HINFO"){ echo "[".$dns["host"]."] ".$dns["type"]." => CPU: ".$dns["cpu"]." OS: ".$dns["os"]." (ttl ".$dns["ttl"].")".'<br>'; }elseif ($dns["type"]=="SOA"){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["mname"]." - Email: ".$dns["rname"]." - Serial: ".$dns["serial"]." - Refresh: ".$dns["refresh"]." - Retry: ".$dns["retry"]." - Expire: ".$dns["expire"]." - Minimum-ttl: ".$dns["minimum-ttl"]." (ttl ".$dns["ttl"].")".'<br>'; }elseif ($dns["type"]=="AAA"){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["ipv6"]." (ttl ".$dns["ttl"].")".'<br>'; }elseif ($dns["type"]=="A6"){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["masklen"]." - ".$dns["ipv6"]." - ".$dns["chain"]." - "." (ttl ".$dns["ttl"].")".'<br>'; }elseif ($dns["type"]=="SRV"){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["pri"]." - ".$dns["weight"]." - ".$dns["target"].":".$dns["port"]." (ttl ".$dns["ttl"].")".'<br>'; }elseif ($dns["type"]=="NAPTR"){ echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["order"]." - ".$dns["pref"]." - ".$dns["flags"]." - ".$dns["services"]." - ".$dns["regex"]." - ".$dns["replacement"]." (ttl ".$dns["ttl"].")".'<br>'; }else{ echo "<br>"; } } foreach ($authdns as $this_authdns) { echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["target"]." - ".$dns["class"]." (ttl ".$dns["ttl"].")".'<br>'; } $temp = file_get_contents("http://www.whoishostingthis.com/".$host); preg_match('@<a href="http://www.whoishostingthis.com/linkout/?.*";[^>]*?>([^<]+)</a>@i',$temp,$match); echo '<br>Hosted by: ' . (isset($match[1]) ? $match[1] : 'Unknown') . '<br>'; //reverse dns (bing) echo '<table><tr><td>IP</td><td>Bing (confirmados)</td><td>Bing(Sin confirmar)</td><td>GigaBlast (confirmados)</td><td>GigaBlast (sin confirmar)</td><td>Total (confirmados)</td><td>Total (sin confirmar)</td></tr>'; foreach ($ip as $this_ip) { echo '<tr><td>'.$this_ip.'</td>'; //Bing $offset = 0; $confirmed_domains_bing = array(); $no_confirmed_domains_bing = array(); $url_dns = array(); $pasado = null; do{ unset($url_dns); $url = 'http://api.search.live.net/json.aspx?AppId=7066FAEB6435DB963AE3CD4AC79CBED8B962779C&Query=IP:'.$this_ip.'&Sources=web&Web.Offset='.$offset; $data = json_decode(file_get_contents($url)); foreach($data->SearchResponse->Web->Results as $value){ $dms = parse_url($value->Url, PHP_URL_HOST); if ( (!in_array ($dms, $confirmed_domains_bing)) and (!in_array ($dms, $no_confirmed_domains_bing)) ){ if ( in_array($this_ip, gethostbynamel($dms)) ) { $confirmed_domains_bing[] = $dms; }else{ $no_confirmed_domains_bing[] = $dms; } } $url_dns[] = $dms; } if ($offset % 4 == 0 ) { $actual = $url_dns; }else{ $pasado = $url_dns; } $offset = $offset + 10; }while ($actual != $pasado); sort($confirmed_domains_bing); sort($no_confirmed_domains_bing); echo '<td><textarea cols="30" rows="15">'.sizeof($confirmed_domains_bing)."\n".htmlentities(implode("\n", $confirmed_domains_bing), ENT_QUOTES, 'UTF-8').'</textarea></td><td><textarea cols="30" rows="15">'.sizeof($no_confirmed_domains_bing)."\n".htmlentities(implode("\n", $no_confirmed_domains_bing), ENT_QUOTES, 'UTF-8').'</textarea></td>'; //Reverse dns Giga Blast $offset = 0; $confirmed_domains_gigablast = array(); $no_confirmed_domains_gigablast = array(); $pasado = null; for($i=0; $i<10;$i++){ $links = file_get_contents('http://www.gigablast.com/search?q=ip:'.urlencode($this_ip).'&n=50&sc=0&dr=0&raw=1&nrt=110&spell=0&s='.($i*50)); $links = explode("\n", $links); unset($links[0], $links[sizeof($links)]); foreach ($links as $link) { $dms = parse_url($link, PHP_URL_HOST); if ( (!in_array ($dms, $confirmed_domains_gigablast)) and (!in_array ($dms, $no_confirmed_domains_gigablast)) ){ if ( in_array($this_ip, gethostbynamel($dms)) ) { $confirmed_domains_gigablast[] = $dms; }else{ $no_confirmed_domains_gigablast[] = $dms; } } } } sort($confirmed_domains_gigablast); sort($no_confirmed_domains_gigablast); echo '<td><textarea cols="30" rows="15">'.sizeof($confirmed_domains_gigablast)."\n".htmlentities(implode("\n", $confirmed_domains_gigablast), ENT_QUOTES, 'UTF-8').'</textarea></td><td><textarea cols="30" rows="15">'.sizeof($no_confirmed_domains_gigablast)."\n".htmlentities(implode("\n", $no_confirmed_domains_gigablast), ENT_QUOTES, 'UTF-8').'</textarea></td>'; $confirmed_domains = array_unique(array_merge($confirmed_domains_bing, $confirmed_domains_gigablast)); sort($confirmed_domains); $no_confirmed_domains = array_unique(array_merge($no_confirmed_domains_bing, $no_confirmed_domains_gigablast)); sort($no_confirmed_domains); echo '<td><textarea cols="30" rows="15">'.sizeof($confirmed_domains)."\n".htmlentities(implode("\n", $confirmed_domains), ENT_QUOTES, 'UTF-8').'</textarea></td><td><textarea cols="30" rows="15">'.sizeof($no_confirmed_domains)."\n".htmlentities(implode("\n", $no_confirmed_domains), ENT_QUOTES, 'UTF-8').'</textarea></td></tr>'; } echo '</table>'; //sub domain brute force echo '<br><br>Bruteando subdominios:<br>'; $subdomains = file_get_contents('subdomains.txt'); $subdomains = explode("\n", $subdomains); foreach($subdomains as $subdomain){ if(gethostbyname($subdomain.'.'.$host) != $subdomain.'.'.$host){ echo $subdomain.'.'.$host.'<br>'; } } } ?>