pada script ini, ane manfaatin service bing untuk cari subdomainnya
<?php
/*
name: bing subdomain scanner
author: rieqyns13
usage: php bingsubdomainscanner.php site.com
*/
$args = $_SERVER['argv'];
if(!isset($args[1])){
echo "[+]Penggunaan di terminal/cmd: php bingsubdomainscanner.php site.com";
exit;
}else $url = $args[1];
scan($url);
function curl($url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$exec = curl_exec($ch);
curl_close($ch);
return $exec;
}
function scan($url){
$i=1;
$jum=0;
$reg = '@^(https?\://)?(www\.)?([a-z0-9]([a-z0-9]|(\-[a-z0-9]))*\.)+[a-z]+$@i';
if(preg_match($reg, $url)){
while(1){
$curl = curl("http://www.bing.com/search?q=domain:".$url."&first=".$i);
$data = preg_match_all('#\<div class\="sb_meta"\>\<cite\>(.*?)\</cite\>#is', $curl, $m) ? $m[1] : null;
if($data==null){
echo "Tidak ada hasil";
exit;
}
foreach($data as $dat){
$dat_ = preg_match("|/|i", $dat) ? strstr($dat, "/", 1) : $dat ;
$urls[$i][] = $dat_;
}
$count = count($urls[$i]);
$urls_ = array_unique($urls[$i]);
sort($urls_);
foreach($urls_ as $url_){
echo $url_."\n";
$jum++;
}
$i=$i+10;
if($count<10){
echo "\nJumlah subdomain terdeteksi: ".$jum;
exit;
}
}
}else{
echo "URL tidak valid";
exit;
}
}
?>
cara penggunannya cukup ketik gini di cmd
php bingsubdomainscanner.php devilzc0de.org
hasilnya lewat cmd
jika ingin jalanin di browser, tinggal ksih tambahan html dikit
<?php
/*
name: bing subdomain scanner(with html)
author: RieqyNS13
*/
ini_set("output_buffering", "Off");
set_time_limit(0);
if(isset($_POST['submit'])){
if(!empty($_POST['domain'])){
$domain = trim($_POST['domain']);
}else $domain = null;
}else $domain = null;
?>
<html>
<head>
<title>Bing Subdomain Scanner by RieqyNS13</title>
<meta name="author" content="RieqyNS13">
<meta name="description" content="Bing Subdomain Scanner by RieqyNS13">
</head>
<body>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method=POST>
<label for="subdomain">Masukkan domain</label> <input type="text" value="<?php echo $domain; ?>" name="domain" style="width:200px" placeholder="e.g. http://gay.com or gay.com"><input type="submit" name="submit" value="Scan"><br>
<textarea placeholder="subdomain akan ditampilkan di sini" rows="20" cols="35" readonly>
<?php
if(isset($domain) && !empty($domain)){
scan($domain);
}
function curl($url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$exec = curl_exec($ch);
curl_close($ch);
return $exec;
}
function scan($url){
$i=1;
$jum=0;
$reg = '@^(https?\://)?(www\.)?([a-z0-9]([a-z0-9]|(\-[a-z0-9]))*\.)+[a-z]+$@i';
if(preg_match($reg, $url)){
while(1){
$curl = curl("http://www.bing.com/search?q=domain:".$url."&first=".$i);
$data = preg_match_all('#\<div class\="sb_meta"\>\<cite\>(.*?)\</cite\>#is', $curl, $m) ? $m[1] : null;
if($data==null){
$count=0;
goto a;
}
foreach($data as $dat){
$dat_ = preg_match("|/|i", $dat) ? strstr($dat, "/", 1) : $dat ;
$urls[$i][] = $dat_;
}
$count = count($urls[$i]);
$urls_ = array_unique($urls[$i]);
sort($urls_);
foreach($urls_ as $url_){
echo $url_."\n";
ob_flush();flush();
$jum++;
}
$i=$i+10;
a:
if($count<10 || $data==null){
echo "\nJumlah subdomain terdeteksi: ".$jum;
ob_flush();flush();
exit;
}
}
}else{
echo "URL tidak valid";
ob_flush();flush();
exit;
}
}
?>
</textarea>
</form>
</body>
</html>
hasil yg lewat browser