Code:
<html>
<head>
<title></title>
</head>
<body>
<h1></h1>
<form action="?" method="GET">
<input type="text" name="host" value="<?PHP echo isset($_GET['host']) ? $_GET['host'] : 'www.example.com'; ?>" />
<input type="submit" value="mandale gas" />
</form>
<br><br>
<?PHP analizar($_GET['host']); ?>
</body>
</html>
<?PHP
//reversedns bing ()
//reversedns gigablast ()
//whoishostingthis ()
//google/bing/otros dorks
//dns lookups ()
//transferencias de zona
//brute force de subdominios ()
function analizar($host){
error_reporting(999999999);
error_reporting(0);
set_time_limit(0);
echo 'Host: '. htmlentities($host, ENT_QUOTES, 'UTF-8').'<br>';
echo '<table><tr><td>IP</td><td>Reverse</td><td>Long ip</td><td>ISP</td><td>Ciudad</td><td>Region</td><td>Pais</td></tr>';
$ip = gethostbynamel($host);
foreach ($ip as $this_ip){
$reverse = gethostbyaddr($this_ip);
if ( $reverse == $this_ip ) {
$reverse = '';
}
echo '<tr><td>'.htmlentities($this_ip, ENT_QUOTES, 'UTF-8').'</td>';
echo '<td>'.htmlentities($reverse, ENT_QUOTES, 'UTF-8').'</td>';
echo '<td>'.htmlentities(sprintf("%u", ip2long(trim($this_ip))), ENT_QUOTES, 'UTF-8').'</td>';
$temp = file_get_contents("http://www.melissadata.com/lookups/iplocation.asp?ipaddress=".$this_ip);
// print_R($temp);
preg_match("@<tr class='tdresul01'><td class='columresult'>ISP</td><td align='left'><b>([^&]+) </b></td></tr>@",$temp,$match);
echo '<td>' . htmlentities($match[1], ENT_QUOTES, 'UTF-8') . '</td>';
preg_match("@<tr><td class='columresult'>City</td><td align='left'><b>(.+)</b></td></tr>@",$temp,$match);
echo '<td>' . htmlentities($match[1], ENT_QUOTES, 'UTF-8') . '</td>';
preg_match("@<tr class='tdresul01'><td class='columresult'>State or Region</td><td align='left'><b>(.+)</b></td></tr>@",$temp,$match);
echo '<td>' . htmlentities($match[1], ENT_QUOTES, 'UTF-8') . '</td>';
preg_match("@<tr><td class='columresult'>Country</td><td align='left'><b>(.+)</b></td></tr>@",$temp,$match);
echo '<td>' . htmlentities($match[1], ENT_QUOTES, 'UTF-8') . '</td></tr>';
}
echo '</table><br>';
//dns
$resultado_dns = dns_get_record($host, DNS_ANY, $authdns);
foreach ($resultado_dns as $dns){
if ($dns["type"]=="A"){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["ip"]." (ttl ".$dns["ttl"].")".'<br>';
}elseif ($dns["type"]=="MX"){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["target"]." (".$dns["pri"].") (ttl ".$dns["ttl"].")".'<br>';
}elseif (($dns["type"]=="CNAME") or ($dns["type"]=="NS") or ($dns["type"]=="PTR")){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["target"]." (ttl ".$dns["ttl"].")".'<br>';
}elseif ($dns["type"]=="TXT"){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["txt"]." (ttl ".$dns["ttl"].")".'<br>';
}elseif ($dns["type"]=="HINFO"){
echo "[".$dns["host"]."] ".$dns["type"]." => CPU: ".$dns["cpu"]." OS: ".$dns["os"]." (ttl ".$dns["ttl"].")".'<br>';
}elseif ($dns["type"]=="SOA"){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["mname"]." - Email: ".$dns["rname"]." - Serial: ".$dns["serial"]." - Refresh: ".$dns["refresh"]." - Retry: ".$dns["retry"]." - Expire: ".$dns["expire"]." - Minimum-ttl: ".$dns["minimum-ttl"]." (ttl ".$dns["ttl"].")".'<br>';
}elseif ($dns["type"]=="AAA"){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["ipv6"]." (ttl ".$dns["ttl"].")".'<br>';
}elseif ($dns["type"]=="A6"){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["masklen"]." - ".$dns["ipv6"]." - ".$dns["chain"]." - "." (ttl ".$dns["ttl"].")".'<br>';
}elseif ($dns["type"]=="SRV"){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["pri"]." - ".$dns["weight"]." - ".$dns["target"].":".$dns["port"]." (ttl ".$dns["ttl"].")".'<br>';
}elseif ($dns["type"]=="NAPTR"){
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["order"]." - ".$dns["pref"]." - ".$dns["flags"]." - ".$dns["services"]." - ".$dns["regex"]." - ".$dns["replacement"]." (ttl ".$dns["ttl"].")".'<br>';
}else{
echo "<br>";
}
}
foreach ($authdns as $this_authdns) {
echo "[".$dns["host"]."] ".$dns["type"]." => ".$dns["target"]." - ".$dns["class"]." (ttl ".$dns["ttl"].")".'<br>';
}
$temp = file_get_contents("http://www.whoishostingthis.com/".$host);
preg_match('@<a href="http://www.whoishostingthis.com/linkout/?.*";[^>]*?>([^<]+)</a>@i',$temp,$match);
echo '<br>Hosted by: ' . (isset($match[1]) ? $match[1] : 'Unknown') . '<br>';
//reverse dns (bing)
echo '<table><tr><td>IP</td><td>Bing (confirmados)</td><td>Bing(Sin confirmar)</td><td>GigaBlast (confirmados)</td><td>GigaBlast (sin confirmar)</td><td>Total (confirmados)</td><td>Total (sin confirmar)</td></tr>';
foreach ($ip as $this_ip) {
echo '<tr><td>'.$this_ip.'</td>';
//Bing
$offset = 0;
$confirmed_domains_bing = array();
$no_confirmed_domains_bing = array();
$url_dns = array();
$pasado = null;
do{
unset($url_dns);
$url = 'http://api.search.live.net/json.aspx?AppId=7066FAEB6435DB963AE3CD4AC79CBED8B962779C&Query=IP:'.$this_ip.'&Sources=web&Web.Offset='.$offset;
$data = json_decode(file_get_contents($url));
foreach($data->SearchResponse->Web->Results as $value){
$dms = parse_url($value->Url, PHP_URL_HOST);
if ( (!in_array ($dms, $confirmed_domains_bing)) and (!in_array ($dms, $no_confirmed_domains_bing)) ){
if ( in_array($this_ip, gethostbynamel($dms)) ) {
$confirmed_domains_bing[] = $dms;
}else{
$no_confirmed_domains_bing[] = $dms;
}
}
$url_dns[] = $dms;
}
if ($offset % 4 == 0 ) {
$actual = $url_dns;
}else{
$pasado = $url_dns;
}
$offset = $offset + 10;
}while ($actual != $pasado);
sort($confirmed_domains_bing);
sort($no_confirmed_domains_bing);
echo '<td><textarea cols="30" rows="15">'.sizeof($confirmed_domains_bing)."\n".htmlentities(implode("\n", $confirmed_domains_bing), ENT_QUOTES, 'UTF-8').'</textarea></td><td><textarea cols="30" rows="15">'.sizeof($no_confirmed_domains_bing)."\n".htmlentities(implode("\n", $no_confirmed_domains_bing), ENT_QUOTES, 'UTF-8').'</textarea></td>';
//Reverse dns Giga Blast
$offset = 0;
$confirmed_domains_gigablast = array();
$no_confirmed_domains_gigablast = array();
$pasado = null;
for($i=0; $i<10;$i++){
$links = file_get_contents('http://www.gigablast.com/search?q=ip:'.urlencode($this_ip).'&n=50&sc=0&dr=0&raw=1&nrt=110&spell=0&s='.($i*50));
$links = explode("\n", $links);
unset($links[0], $links[sizeof($links)]);
foreach ($links as $link) {
$dms = parse_url($link, PHP_URL_HOST);
if ( (!in_array ($dms, $confirmed_domains_gigablast)) and (!in_array ($dms, $no_confirmed_domains_gigablast)) ){
if ( in_array($this_ip, gethostbynamel($dms)) ) {
$confirmed_domains_gigablast[] = $dms;
}else{
$no_confirmed_domains_gigablast[] = $dms;
}
}
}
}
sort($confirmed_domains_gigablast);
sort($no_confirmed_domains_gigablast);
echo '<td><textarea cols="30" rows="15">'.sizeof($confirmed_domains_gigablast)."\n".htmlentities(implode("\n", $confirmed_domains_gigablast), ENT_QUOTES, 'UTF-8').'</textarea></td><td><textarea cols="30" rows="15">'.sizeof($no_confirmed_domains_gigablast)."\n".htmlentities(implode("\n", $no_confirmed_domains_gigablast), ENT_QUOTES, 'UTF-8').'</textarea></td>';
$confirmed_domains = array_unique(array_merge($confirmed_domains_bing, $confirmed_domains_gigablast));
sort($confirmed_domains);
$no_confirmed_domains = array_unique(array_merge($no_confirmed_domains_bing, $no_confirmed_domains_gigablast));
sort($no_confirmed_domains);
echo '<td><textarea cols="30" rows="15">'.sizeof($confirmed_domains)."\n".htmlentities(implode("\n", $confirmed_domains), ENT_QUOTES, 'UTF-8').'</textarea></td><td><textarea cols="30" rows="15">'.sizeof($no_confirmed_domains)."\n".htmlentities(implode("\n", $no_confirmed_domains), ENT_QUOTES, 'UTF-8').'</textarea></td></tr>';
}
echo '</table>';
//sub domain brute force
echo '<br><br>Bruteando subdominios:<br>';
$subdomains = file_get_contents('subdomains.txt');
$subdomains = explode("\n", $subdomains);
foreach($subdomains as $subdomain){
if(gethostbyname($subdomain.'.'.$host) != $subdomain.'.'.$host){
echo $subdomain.'.'.$host.'<br>';
}
}
}
?>