facebook facebook twitter rss

Targeting Helper v1.0

Author: inj3ctor_m4 , Published: 14-07-2014

<?php

        
/*
                Name: Targeting Helper
                Version: 1.0
                Coder: inj3ctor_m4
                Grtz 2: CrashBandicot
                Thanks 2: S4E Member'z
        */

@set_time_limit(0);

// SubDomains List
$subs = array(
"app",
"apps",
"cpanel",
"ftp",
"mail",
"webmail",
"smtp",
"pop",
"pop3",
"direct-connect",
"direct-connect-mail",
"record",
"ssl",
"dns",
"help",
"blog",
"forum",
"doc",
"home",
"shop",
"vb",
"www",
"web",
"webadmin",
"weblog",
"webmail",
"webmaster",
"webservices",
"webserver",
"log",
"logs",
"images",
"lab",
"ftpd",
"docs",
"download",
"downloads",
"about",
"backup",
"chat",
"data",
"smtp",
"upload",
"uploads",
"ns1",
"ns2",
"record",
"ssl",
"imap",
"result",
"vip",
"demo",
"beta",
"video",
);

$proxy "186.42.121.150:80";

echo
"
                          __  __ ___    _  __ ____   ____ 
                         / / / //   |  | |/ // __ \ / __ \
                        / /_/ // /| |  |   // / / // /_/ /
                       / __  // ___ | /   |/ /_/ // _, _/ 
                      /_/ /_//_/  |_|/_/|_|\____//_/ |_|  
                                                          
\n"
;

echo
"\r\n [+] Target (without http://) :"// Put Target
$target=trim(fgets(STDIN,1024));

echo 
"\n[+]------------------------ Start --------------------------[+]\n\n";

echo
"\r\n [+] START INFORMATION GATHERING: \n\n";

echo
"[-] Host IP : ".gethostbyname($target)." \n";

$sourc = @file_get_contents("http://www.whois.com/whois/$target");
preg_match_all("#<br>Name Server:(.*?)<br>#i",$sourc,$name);

$nameservers $name[1];
foreach(
$nameservers as $nameserver){
echo
"[-] Name Server: $nameserver \n";
}

$source = @file_get_contents("http://www.mydnstools.info/webserverinfo/$target");
preg_match_all("#<b>Server: (.*?)
</b>#i"
,$source,$serv);
$servers $serv[1];
foreach(
$servers as $server){
echo
"[-] Server: $server \n";

}

echo
"\r\n [+] START FIND SUBDOMAINS: \n\n";
 
     foreach(
$subs as $sub){
 
 
        
$Check = @fsockopen("$sub.$target"80);
         
        if(
$Check)
        {
 
         echo 
"[-] ".$sub.".".$target." : ".gethostbyname($sub.".".$target)." \n";
         
        }
}

$get = @file_get_contents("http://www.pagesinventory.com/search/?s=$target");

preg_match_all("#<td><a href=\"\/domain\/(.*?).html\">#i",$get,$matches);

$rzlts $matches[1];
foreach(
$rzlts as $rzlt){
 
echo
"[-] ".$rzlt." : ".gethostbyname($rzlt)." \n";
}

echo
"\r\n [+] START REVERSE IP: \n\n";

if(empty(
$proxy)) {
 
   
$ch curl_init();
 
curl_setopt($chCURLOPT_URL"http://domains.yougetsignal.com/domains.php");
 
curl_setopt($chCURLOPT_POSTtrue);
 
curl_setopt($chCURLOPT_POSTFIELDS"remoteAddress={$target}");
 
curl_setopt($chCURLOPT_RETURNTRANSFER1);
 
$postResult curl_exec($ch);
 
curl_close($ch);
 
 if(
preg_match_all("#\"domainCount\":\"(.*?)\"#",$postResult,$domain)) {
    
$nigga $domain[1];
}
foreach (
$nigga as $domains) { echo "[-] Total Websites: $domains\n";    }  
   if(
preg_match_all("#\[([^\]]*)\]#",$postResult,$fuck)){
 
$zebi $fuck[1];
}
foreach (
$zebi as $fucck) {  
 
if(
preg_match_all("#\"(.*?)\", \"\"#",$fucck,$matches)) {  
        
$klawi $matches[1];
foreach (
$klawi as $fuckaa)  {  
 
  
$save fopen('Log.txt','ab');
  
fwrite($save,"http://".$fuckaa."/\r\n");
  
fclose($save);
} }} echo 
"\n[-] Result in Log.txt\n";
} else {
 
        
$ch curl_init();
 
curl_setopt($chCURLOPT_URL"http://domains.yougetsignal.com/domains.php");
 
curl_setopt($chCURLOPT_POSTtrue);
 
curl_setopt($chCURLOPT_POSTFIELDS"remoteAddress={$target}");
 
curl_setopt($chCURLOPT_PROXY$proxy);
 
curl_setopt($chCURLOPT_RETURNTRANSFER1);
 
$postResult curl_exec($ch);
 
curl_close($ch);
 
 if(
preg_match_all("#\"domainCount\":\"(.*?)\"#",$postResult,$domain)) {
$nigga $domain[1];
}
foreach (
$nigga as $domains) { echo "[-] Total Websites: $domains\n";    }
if(
preg_match_all("#\[([^\]]*)\]#",$postResult,$fuck)){
 
$zebi $fuck[1];
}
foreach (
$zebi as $fucck) {  
 
 if(
preg_match_all("#\"(.*?)\", \"\"#",$fucck,$matches)) {  
        
$klawi $matches[1];
foreach (
$klawi as $fuckaa)  {  
 
  
$save fopen('Log.txt','ab');
  
fwrite($save,"http://".$fuckaa."/\r\n");
  
fclose($save);
} }}
 
echo 
"\n[-] Result in Log.txt\n"; }

echo
"\r\n [+] START GRABBING WORDPRESS AND JOOMLA WEBSITES: \n\n";

$sites=file("./log.txt");

echo
" [-] Start Grabbing Joomla Websites: \n\n";

foreach (
$sites as $site){

$src = @file_get_contents("".$site."/administrator/"); // Get source

if(eregi("Joomla!",$src)){ // Grab WEBSITES use joomla

echo"[-] $site \n";

}
else{
echo
"[-] Nothing Found ..!! \n";
}

echo
" [-] Start Grabbing WordPress Websites: \n\n";

$src = @file_get_contents("".$site."/wp-login.php"); // Get Source

if(eregi("wordpress",$src)){ // Grab WEBSITES use wordpress

echo"[-] $site \n";

}
}
}
echo 
"\n\n[+]------------------------ ./Done --------------------------[+]\n\n";
?>

Like us on Facebook :