可以自行決定要掃範圍內的port(例如:1~1000)
是否有像Netstat這樣子的語法可以用
專題需要,煩請大大幫忙
有功能完整的code,立刻獻上20點
ps請勿提供.exe的檔案,指名要用PHP語法下去寫
2005-10-17 16:15:14 · 1 個解答 · 發問者 子華 1 in 電腦與網際網路 ➔ 程式設計
###############################################################################
# #
# PHP Net Tools #
# Copyright (C) 2005 Eric Robertson #
# h4rdc0d3@gmail.com #
# #
# ------- #
# #
# PHP Net Tools is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program; if not, please visit http://www.gnu.org #
# #
# ------- #
# #
# You are permitted to edit and redistrubute this code as you wish, #
# as long as you give credit where due and include a copy of the GPL. #
# #
# PHP Net Tools includes the following functional and configurable features: #
# Resolve host/reverse DNS lookup, find the country in which the target #
# host is located, ip whois, domain whois, ns lookup, dig, ping, #
# traceroute, tracepath, portscan, nmap, and info logging. #
# #
# Please see the help option ([?]) for more information on each function. #
# #
# ------- #
# #
# last revision: 09.29.2005 (v2.6.2) #
# see changelog.txt #
# #
###############################################################################
// Set script version number
$version = '2.6.2';
// Log information of anyone visiting the site? (default = FALSE)
$enable_log_user = FALSE;
// Declare some globals
global $ip, $host_name, $host_ip;
// Shorten the variable names from submitted form elements - also initializes the variables for security
$host = $_POST['host'];
$resolve = $_POST['resolve'];
$ip_to_country = $_POST['ip_to_country'];
$whois_ip = $_POST['whois_ip'];
$whois_ip_server = $_POST['whois_ip_server'];
$whois_domain = $_POST['whois_domain'];
$whois_domain_server = $_POST['whois_domain_server'];
$ns = $_POST['ns'];
$dig = $_POST['dig'];
$dig_class = $_POST['dig_class'];
$dig_server = $_POST['dig_server'];
$ping = $_POST['ping'];
$ping_count = $_POST['ping_count'];
$trace = $_POST['trace'];
$tracepath = $_POST['tracepath'];
$portscan = $_POST['portscan'];
$ports = $_POST['ports'];
$scan_timeout = $_POST['scan_timeout'];
$nmap = $_POST['nmap'];
$nmap_options = $_POST['nmap_options'];
// Function to find the ip address of the user
function get_ip()
{
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR']; }
elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP']; }
else {
$ip = $_SERVER['REMOTE_ADDR']; }
return $ip;
}
// Function to log information of the person browsing the site (date, time, IP, host, what they scanned).
// Saved in a comma separated text file which allows it to be opened as a spreadsheet
function log_user($host)
{
global $ip;
// Current Date and Time
$log_date = date('Y.m.d');
$log_time = date('H:i:s');
// Create a variable holding the information to be saved
$log_info = "$log_date,$log_time,$ip," . gethostbyaddr($ip) . ",$host\r\n";
// If the "log.csv" file already exists ...
if (file_exists('log.csv'))
{
// ... open the file ready to add the info to the end ...
$handle = fopen('log.csv', 'a');
}
// ... otherwise, ...
else
{
// ... create a new file and add a line with the heading
$handle = fopen('log.csv', 'w');
@fwrite($handle, "DATE,TIME,USER IP,USER HOST,QUERY\r\n\r\n");
}
// Add user info to the log file and close it
@fwrite($handle, $log_info);
fclose($handle);
}
// Function to print the Resolve Host/Reverse Lookup option results
function resolve($host)
{
global $host_name, $host_ip;
echo "$host resolved to ";
if ($host == $host_name) {
echo "$host_ip
"; }
else {
echo "$host_name
"; }
}
// Function to find the country location of the machine host/ip
function ip_to_country()
{
// Do a whois on the ip using "whois.arin.net" and store the results in $buffer
$buffer = nl2br(whois_ip('whois.arin.net', '-1', 'FALSE'));
// If the whois contains a line for a referral server, do a new whois using this server and store in $buffer
if (eregi("ReferralServer:[[:space:]]*[a-z]*(whois://)*([a-z0-9-][\.a-z0-9-]{2,})[:]*([0-9]+)*", $buffer, $regs))
{
$referral_host = $regs[2];
$buffer = nl2br(whois_ip($referral_host, $regs[3], 'FALSE'));
}
// If there is a line labeled "country", get its value and print it...
if (eregi("country:[[:space:]]*([a-z]{2,})", $buffer, $regs))
{
// Store the value of the "country" line from the buffer
$country = $regs[1];
// Caching of the country list: If the file "list_file.txt" exists on the server, the country list was already cached,
// so read it into the $list_file variable...
if (file_exists('list_file.txt'))
{
$list_file = @file_get_contents('list_file.txt');
}
// ...otherwise, download the country list and cache it on the server in the file "list_file.txt"
else
{
// The ISO standards website provides a free text file listing every country and it's 2 character country code -
// download this file and store it in the $list_file variable
$list_file = @file_get_contents('http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/list-en1-semic.txt');
// Cache the country code list on the server
$handle = fopen('list_file.txt', 'w');
@fwrite($handle, $list_file);
fclose($handle);
}
// Convert the new line characters in the file contents to HTML line breaks and split it at each line into an array
$list_file_br = nl2br($list_file);
$list_rows = explode("
", $list_file_br);
// Define an array to store the country info
$country_list = array();
// Loop through each line in the file and save the 2 character country code and it's full name
// in the $country_list array
for ($i = 1; $i < count($list_rows); $i++)
{
$row = explode(";", $list_rows[$i]);
$row_abbr = $row[1];
$row_name = ucwords(strtolower($row[0]));
$country_list[$row_abbr] = $row_name;
}
// If the country in the whois buffer is in the country_list array, print its full name...
if (array_key_exists($country, $country_list)) {
echo "Location: $country_list[$country] ($country)
"; }
// ...otherwise, just print the 2 character country code listed in the whois buffer
else {
echo "Location: $country
"; }
}
// ...or if there is no "country" line, print location unknown
else {
echo 'Location: Unknown
'; }
}
// Function to perform a whois lookup on the machine's ip address
function whois_ip($whois_ip_server, $whois_ip_port, $do_echo)
{
if (eregi("^[a-z0-9\:\.\-]+$", $whois_ip_server))
{
global $host_ip;
// The whois server "whois.arin.net" requires a "+" flag to get all the details
if ($whois_ip_server == 'whois.arin.net') {
$whois_ip_server .= ' +'; }
// Set a variable containing the command to be sent to the system
$command = "whois -h $whois_ip_server $host_ip";
// If we passed a specific port to this function to connect to, add the necessary info to the command
if ($whois_ip_port > 0) {
$command .= " -p $whois_ip_port"; }
// Send the whois command to the system
// Normally, the shell_exec function does not report STDERR messages. The "2>&1" option tells the system
// to pipe STDERR to STDOUT so if there is an error, we can see it.
$fp = shell_exec("$command 2>&1");
// If the $do_echo variable is set to "TRUE", print the whois results...
if ($do_echo == 'TRUE')
{
echo 'Whois (IP) Results:
';';
echo nl2br(htmlentities(trim($fp)));
echo '
';';
echo 'Invalid character(s) in the Whois (IP) Server field.';
echo '
";";
echo nl2br(htmlentities(trim($fp)));
echo "
';';
echo 'Invalid character(s) in the Whois (Domain) Server field.';
echo '
';';
echo nl2br(htmlentities(trim($fp)));
echo '
";';
echo nl2br(htmlentities(trim($fp)));
echo '
";';
echo 'Invalid characters in the Dig Server field.';
echo '
';';
echo nl2br(htmlentities(trim($fp)));
echo '
';';
echo nl2br(htmlentities(trim($fp)));
echo '
';';
echo nl2br(htmlentities(trim($fp)));
echo '
';';
echo "";
// split the $ports variable into an array containing the port numbers to scan
$port_array = explode(",", $ports);
// Save the current time (for calculating how long the scan took)
$start_time = time();
// Loop through the ports and check to see if they are open or not
for ($i = 0; $i < count($port_array); $i++)
{
// If the current loop contains two sets of numbers with a dash separating them,
// it is a range of ports, so create a new loop to scan and print out each one...
if (eregi("([0-9]+)[-]{1}([0-9]+)", $port_array[$i], $regs))
{
for ($x = $regs[1]; $x <= $regs[2]; $x++)
{
// Create a connection to the port
$sock = @fsockopen($host, $x, $num, $error, $scan_timeout);
// If we can connect to the port, set the port status to "open",
// otherwise, set the port status to "closed"
if ($sock) {
$port_status = "open";
fclose($sock); }
else {
$port_status = 'closed'; }
// Get the description of the port
$port_name = getservbyport($x, 'tcp');
// Print the port status
echo "'; Port $x is $port_status. ";
// If the current port has a description/default use, print it
if ($port_name != NULL) {
echo "[$port_name] "; }
echo '
}
}
// ...otherwise, if the current loop contains just numbers, it is a single port, so scan it
elseif (eregi("[0-9]+", $port_array[$i]))
{
// Create a connection to the port
$sock = @fsockopen($host, $port_array[$i], $num, $error, $scan_timeout);
// If we can connect to the port, set the port status to "open",
// otherwise, set the port status to "closed"
if ($sock) {
$port_status = "open";
fclose($sock); }
else {
$port_status = 'closed'; }
// Get the description of the port
$port_name = getservbyport($port_array[$i], 'tcp');
// Print the port status
echo "'; Port $port_array[$i] is $port_status. ";
// If the current port has a description/default use, print it
if ($port_name != NULL) {
echo "[$port_name] "; }
echo '
}
}
// Save the current time again (for calculating how long the scan took)
$end_time = time();
// Calculate the elapsed time during the port scan
$time_diff = $end_time - $start_time;
$mins = date('i', $time_diff);
$secs = date('s', $time_diff);
// If the the elapsed time during the port scan was less than a second, set it as taking 1 second
// (it obviously has to take some amount of time)
if (($mins == '00') && ($secs == '00')) {
$secs = '01'; }
// Print the elapsed time of the port scan
echo "";
Portscan completed in $mins minutes and $secs seconds.
echo '
';';
echo 'Invalid characters in the Portscan field.';
echo '
';';
echo nl2br(htmlentities(trim($fp)));
echo '
';';
echo 'Invalid characters in the Nmap field.';
echo '
2005-10-18 17:05:20 · answer #1 · answered by Arvin 5 · 0⤊ 0⤋