后台目录扫描器
#include <stdio.h> #include <winsock2.h> #include <windows.h> #pragma comment(lib,"ws2_32") //全局变量 SOCKADDR_IN sin; UINT PORT,ThreadNum,sinlen=sizeof(sin),boollen=sizeof(BOOL),nZero=0,nZeroLen=sizeof(nZero),ErrContentLen=0; CHAR szHost[128]={0},szRoot[260]={0},szTmp[260]={0},IP[16]={0},szLogFile[128]={0}; CRITICAL_SECTION cs; FILE *fdir=NULL,*flog=NULL; BOOL bResumeAddr=TRUE; WORD wOldColorAttrs; CONSOLE_SCREEN_BUFFER_INFO csbiInfo; HANDLE hStdout=GetStdHandle(STD_OUTPUT_HANDLE); /*全局函数*/ //获取参数信息 void GetParam(char *szParam) { strcpy(szTmp,szParam); strtok(szTmp,"/"); strcpy(szRoot,(char*)&szParam[strlen(szTmp)]); if (strstr(szTmp,":")){ strtok(szTmp,":"); PORT=atoi((char*)&szTmp[strlen(szTmp)+1]); }else{ PORT=80; } strcpy(szHost,szTmp); } //设置红色文字 void SetRedColorText(char *szText) { SetConsoleTextAttribute(hStdout, FOREGROUND_RED|FOREGROUND_INTENSITY); printf("%s\r\n",szText); SetConsoleTextAttribute(hStdout,wOldColorAttrs); } //显示基本信息 void SetBaseInfo() { sprintf(szTmp,"Host:\t%s",szHost); SetRedColorText(szTmp); sprintf(szTmp,"Port:\t%d",PORT); SetRedColorText(szTmp); sprintf(szTmp,"Root:\t%s",szRoot); SetRedColorText(szTmp); sprintf(szTmp,"->IP: \t%s\r\n",IP); SetRedColorText(szTmp); } //添加URL函数 void AddURL(char *szPath) { flog=fopen(szLogFile,"at+"); char szURL[260]={0}; sprintf(szURL,"<font color=blue size=2><a href=%s target=_blank>%s</a></font><br>",szPath,szPath); fputs(szURL,flog); fclose(flog); } //检查函数 BOOL CheckURL(char *szURL) { SOCKET s=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&bResumeAddr,boollen); setsockopt(s,SOL_SOCKET,SO_RCVBUF,(char *)&nZero,nZeroLen); if (connect(s,(sockaddr *)&sin,sinlen)==0) { char szData[260]={0}; sprintf(szData,"GET %s%s HTTP/1.1\r\nHost: %s\r\n\r\n",szRoot,szURL,szHost); send(s,szData,strlen(szData),0); recv(s,szData,260,0); closesocket(s); szData[12]=0x00; if (atoi((char*)&szData[9])==200 || atoi((char*)&szData[9])==403) { if (ErrContentLen!=0) { char *pTmp=strstr((char*)&szData[13],"Content-Length"); if (pTmp!=NULL) { strtok(pTmp,"\r\n"); if (atoi((char*)&pTmp[16])!=ErrContentLen) return TRUE; else return FALSE; } } return TRUE; } } return FALSE; } //线程函数 DWORD WINAPI ThreadProc(LPVOID lpParameter) { char szdir[256]={0},szOut[512]={0}; while (!feof(fdir)) { EnterCriticalSection(&cs); fgets(szdir,260,fdir); LeaveCriticalSection(&cs); strtok(szdir,"\r\n"); sprintf(szOut,"http://%s:%d%s%s",szHost,PORT,szRoot,szdir); if (CheckURL(szdir)) { EnterCriticalSection(&cs); SetRedColorText(szOut); AddURL(szOut); LeaveCriticalSection(&cs); } else printf("%s\r\n",szOut); } return 0; } //主函数 void main(int argc,char *argv[]) { if (argc==4 || argc==5){ GetParam(argv[1]); ThreadNum=atoi(argv[3]); if (ThreadNum>256){ printf("Failed: Thread num is more than 256!\r\n"); return; } if (argc==5){ ErrContentLen=atoi(argv[4]); } }else{ printf("UseAge:\tCrackURL.exe RootLink DirText ThreadNum (ErrContentLen)\r\n"); return; } //初始化WSA WSADATA wsadata; WSAStartup(0x0202,&wsadata); //解析域名到IP hostent *host = gethostbyname(szHost); if (host==NULL){ printf("Reverse the domain failed!\r\n"); return; } strcpy(IP,inet_ntoa(*(struct in_addr*)host->h_addr_list[0])); //设置SIN sin.sin_family=AF_INET; sin.sin_port=htons(PORT); sin.sin_addr.s_addr=(*(struct in_addr*)host->h_addr_list[0]).s_addr; //显示基本信息 GetConsoleScreenBufferInfo(hStdout, &csbiInfo); wOldColorAttrs=csbiInfo.wAttributes; SetBaseInfo(); //打开读取与日志文件 fdir=fopen(argv[2],"rt"); if (fdir==NULL){ printf("Error: can't open the %s\r\n",argv[2]); return; } sprintf(szLogFile,"%s.html",szHost); //创建线程 HANDLE hThread[256]; InitializeCriticalSection(&cs); for (UINT i=0;i<ThreadNum;i++) hThread[i]=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)ThreadProc,NULL,0,NULL); WaitForMultipleObjectsEx(ThreadNum,hThread,TRUE,-1,TRUE); //收尾工作 for (UINT j=0;j<ThreadNum;j++) CloseHandle(hThread[j]); DeleteCriticalSection(&cs); if (flog!=NULL){ sprintf(szTmp,"explorer.exe %s",szLogFile); WinExec(szTmp,SW_NORMAL); fclose(flog); } fclose(fdir); //结束 WSACleanup(); }
运行参数:CrackURL.exe link dir.txt threadnum <errContentLength>
例如:CrackURL.exe www.baidu.com/news asp.list 50
若存在将以红色字体显示并保持到html日志文件中