📄 mainunit.pas
字号:
TmpADOQuery.Sql.Text := 'select * from ' + TabName; {连接指定的数据表}
TmpADOQuery.Open;
while not TmpADOQuery.Eof do {历遍查询}
begin
ChkBox.Items.Add(TmpADOQuery.FieldByName(FieName).asstring);
TmpADOQuery.Next;
end;
Gbox.Caption := Gbox.Caption + inttostr(ChkBox.Items.Count) + '个'; {提示记录的数量}
for i := 0 to ChkBox.Items.Count - 1 do {依次将他们全部选中}
ChkBox.Checked[i] := True;
except
end;
end;
procedure TMainForm.FormCreate(Sender: TObject); {窗体创建时执行的代码}
var
i: integer;
begin
// TFrmLogin.Create(Application).ShowModal; {创建登陆窗口}
// TFrmLogin.Create(Application).Free;
WebBrowser1.Navigate('about:blank');
try
ADOQuery2.Close;
ADOQuery2.Sql.Text := 'select * from Scan_UpFile'; {连接数据库,读出Scan_UpFile表中的记录}
ADOQuery2.Open;
while not ADOQuery2.Eof do
begin
ClbPage.Items.Add(ADOQuery2.FieldByName('UpFilePage').asstring); {历遍查询}
ADOQuery2.Next;
end;
{SQL注入检测 - 设置专区}
ReadData(ADOQuery2, ChkBoxTable, 'Sql_TableName', 'TableName', GroupBox1); {读出所有表名}
ReadData(ADOQuery2, ChkBoxField, 'Sql_FieldName', 'FieldName', GroupBox2); {读出所有列名}
ReadData(ADOQuery2, ChkBoxAdminLogin, 'Scan_AdminLogin', 'AdminPage', GroupBox3); {读出所有后台地址}
try
ADOLinkCount.Close;
ADOLinkCount.SQL.Text := 'select * from setup';
ADOLinkCount.Open;
SpinEdit1.Value := ADOLinkCount.fieldbyname('linkcount').AsInteger;
except
end;
{连接数据库出错时提示下载新的数据库文件}
except
application.MessageBox('找不到SetData.mdb数据库,请到以下地址下载,并覆盖到同一目录下,双击安装既可!' + #13 +
'SetData.mdb下载地址: http://www.hackdiy.com/SetData.exe', '连接出错', 48);
application.Terminate; {销毁程序}
Exit;
end;
for i := 0 to 4 do
ClbPage.Checked[i] := True; {第一次运行选中前5个上传页面}
GbShowPageCount.Caption := '共' + inttostr(ClbPage.Items.Count) + '个页面'; {提示上传页面的数量}
{初始化SQL注入部分的界面}
StringGrid1.Rows[0].Text := '排序';
StringGrid1.ColWidths[0] := 35;
btnUpFile.Visible := True;
btnQuery.Enabled := True;
btnStartScan.Visible := True;
PageControl2.Visible := True;
application.Title := 'Domain3.0';
Caption := FmSub;
ReadLink_Panel.Align := AlClient;
ScanInject_Panel.Align := AlClient;
Sql_Panel.Align := AlClient;
ScanLogin_Panel.Align := AlClient;
SqlSetUp_Panel.Align := AlClient;
Sql_AboutPanel.Align := AlClient;
if (Login_Bool) or (Caption <> FmSub) or (Pos('黑客动画吧出品 - 明小子', Caption) = 0) then //判断是否通过单击"登陆"按钮进行登陆
begin
MainForm.BorderStyle := BsNone;
MainForm.Width := 0;
MainForm.Height := 0;
application.Terminate;
end;
end;
procedure GetIP(RUL: string); {域名转IP地址的函数}
type
TaPInAddr = array[0..10] of PInAddr;
PaPInAddr = ^TaPInAddr;
var
phe: PHostEnt;
pptr: PaPInAddr;
I: Integer;
GInitData: TWSADATA;
begin
try
WSAStartup($101, GInitData);
phe := GetHostByName(PChar(RUL)); {设置需要转换的域名}
pptr := PaPInAddr(Phe^.h_addr_list);
MainForm.EdIP.Text := StrPas(inet_ntoa(pptr^[0]^)); {得到IP地址}
WSACleanup;
except
MainForm.Pane1.Caption := '请检测域名是否输入正确,或网络连接是否正常!';
Exit;
end;
MainForm.EdIP.SetFocus; {转换成功,将鼠标焦点转换到EdIP上}
MainForm.EdIP.SelStart := 20;
MainForm.Pane1.Caption := '域名解析成功!';
end;
function CutHostStr(URL: string): string; {分解URL中的主机地址的自定义函数}
var
p: integer;
begin
URL := StringReplace(LowerCase(URL), 'http://', '', [rfIgnoreCase]);
if Pos('/', URL) > 1 then
begin
P := Pos('/', URL);
URL := Copy(URL, 1, P - 1);
end;
Result := URL;
end;
procedure TMainForm.EdSiteKeyPress(Sender: TObject; var Key: Char); {回车后执行域名转IP}
begin
if Key = #13 then
begin
if EdSite.Text = '' then
begin
Pane1.Caption := '提示:请先输入你所要查询的网址!';
Exit;
end;
GetIP(CutHostStr(EdSite.Text));
end;
end;
procedure TMainForm.SpBtnGetIPClick(Sender: TObject); {单击转换按钮时执行域名转IP}
begin
if Trim(EdSite.Text) = '' then
begin
Pane1.Caption := '提示:请先输入你所要查询的网址!';
Exit;
end;
GetIP(CutHostStr(EdSite.Text));
end;
function CutSiteStr(HTML: string): string; {分解虚拟主机网址的自定义函数}
var
P1, p2: integer;
SList: TStrings;
FlagNum: integer;
begin
try
with MainForm do
begin
FlagNum := 0;
LbShowprogress.Caption := '程序查询完毕!';
if Pos('Enter the security', HTML) > 1 then {判断是否需要输入验证码}
begin
Timer1.Enabled := False;
Gauge1.Progress := 0;
WebBrowser1.Navigate('http://whois.webhosting.info/' + MainForm.EdIP.Text); {需要输入验证码}
application.MessageBox('暂时无法进行查询!' + #13#10 + '请手动输入验证码后再进行查询', '提示', 48);
btnQuery.Enabled := True;
btnDownPage.Enabled := True;
Result := MainForm.SiteList.Items.Text;
Exit;
end;
if Pos('Details', HTML) > 1 then {判断是否没有绑定任何国际域名}
begin
Timer1.Enabled := False;
Gauge1.Progress := 0;
Result := MainForm.SiteList.Items.Text;
btnQuery.Enabled := True;
application.MessageBox('该IP地址没有绑定任何国际域名!', '提示', 48);
Exit;
end;
SList := TStringList.Create;
while Pos('.">', HTML) > 1 do {开始分解虚拟主机的网址}
begin
FlagNum := FlagNum + 1;
P1 := Pos('.">', HTML) + 3;
P2 := Pos('.</a>', HTML);
SList.Add('www.' + LowerCase(Copy(HTML, P1, P2 - P1)));
HTML := StringReplace(HTML, '.">', '', [rfIgnoreCase]);
HTML := StringReplace(HTML, '.</a>', '', [rfIgnoreCase]);
end;
Result := SList.Text;
SList.Free;
end;
except
end;
end;
function GetSiteCount(HTML: string): string; {分解HTML代码中虚拟主机的总数的函数}
var
P1, p2: integer;
begin
if Pos('</b> Total', HTML) < 1 then Exit;
P1 := Pos('hosts <b>', HTML) + 9;
P2 := Pos('</b> Total', HTML);
Result := Copy(HTML, P1, P2 - P1);
end;
procedure proQuerySite; {查询IP上绑定多少域名的过程}
var
HTMLCode: string;
SiteSumCount: string;
i, j, N: integer;
begin
try
with MainForm do
begin
HTMLCode := UrlGetStr('http://whois.webhosting.info/' + EdIP.Text +
'?pi=' + inttostr(PageNum) + '&ob=SLD&oo=ASC');
SiteSumCount := GetSiteCount(HTMLCode);
LbCount.Caption := '共有站点:' + SiteSumCount; {得到网站数量}
SiteList.Items.Text := CutSiteStr(HTMLCode); {得到该页网址}
if ChkLoadUrl.Checked then
begin
if SiteList.Items.Count >= 1 then
begin
ScanListBox.Clear;
for n := 0 to SiteList.Items.Count - 1 do
ScanListBox.Items.Add('http://' + SiteList.Items[n]);
GBWaitScanLst.Caption := Format('待检测网址: 1 - %d', [ScanListBox.Items.Count]);
end;
end;
LbPageShow.Caption := Format('本页显示: 1 - %d', [SiteList.Items.Count]);
LbPage.Caption := Format('当前页面:%d页', [PageNum]);
i := strtoint(SiteSumCount);
Timer1.Enabled := False;
Gauge1.Progress := 0;
if i < (50 * PageNum) then
MainForm.btnDownPage.Enabled := False
else
MainForm.btnDownPage.Enabled := True;
if PageNum = 1 then
btnUpPage.Enabled := False
else
btnUpPage.Enabled := True;
btnQuery.Enabled := True;
end;
except
end;
end;
procedure TMainForm.btnQueryClick(Sender: TObject); {查询 & 上一页 & 下一页的执行过程}
var
D: DWORD;
begin
try
PageControl2.TabIndex := 0;
if Length(Trim(EdIP.Text)) < 8 then
begin
Pane1.Caption := '请输入IP地址';
Exit;
end;
btnUpPage.Enabled := False; {不可执行}
btnDownPage.Enabled := False;
btnQuery.Enabled := False;
Gauge1.MaxValue := 100; {设置进度条最大值}
Timer1.Enabled := True;
LbShowprogress.Caption := '正在查询中...';
case TButton(Sender).Tag of
0:
begin
PageNum := 1; {初始化翻页的值为1}
BeginThread(nil, 0, @proQuerySite, nil, 0, D); {创建查询虚拟主机的线程}
end;
1:
begin
if PageNum = 1 then Exit;
PageNum := PageNum - 1; {上一页查询}
BeginThread(nil, 0, @proQuerySite, nil, 0, D); {创建上一页查询的线程}
end;
2:
begin
PageNum := PageNum + 1; {下一页页查询}
BeginThread(nil, 0, @proQuerySite, nil, 0, D); {创建下一页查询的线程}
end;
end;
except
end;
end;
procedure TMainForm.EdIPKeyPress(Sender: TObject; var Key: Char); {回车后同样执行查询过程}
var
D: DWORD;
begin
if key = #13 then
begin
PageControl2.TabIndex := 0;
if Length(Trim(EdIP.Text)) < 8 then
begin
Pane1.Caption := '请输入IP地址';
Exit;
end;
btnUpPage.Enabled := False;
btnDownPage.Enabled := False;
btnQuery.Enabled := False;
Gauge1.MaxValue := 100; {设置进度条最大值}
Timer1.Enabled := True;
PageNum := 1;
LbShowprogress.Caption := '正在查询中...';
BeginThread(nil, 0, @proQuerySite, nil, 0, D); {回车后创建查询虚拟主机的线程}
end;
end;
procedure TMainForm.Timer2Timer(Sender: TObject); {自动关闭弹出的脚本提示窗口}
var
h: HWND;
begin
H := FindWindow('Internet Explorer_TridentDlgFrame', nil);
if H > 1 then
SendMessage(H, WM_CLOSE, 0, 0);
end;
procedure TMainForm.WebBrowser1DownloadBegin(Sender: TObject); {旁注检测 - 重新浏览网页时执行}
var
i: integer;
begin
if Chkinject.Checked then {判断是否需要在浏览网页时检测注入点}
begin
Web_Scan_inject_Num := 0;
ScanInjectTimer.Enabled := True;
Web_Scan_Inject_bool := True;
Web_Scan_Inject_bool2 := True;
try
for i := 0 to 4 do {销毁检测注入点的线程}
// Web_Scan_Inject[i].Terminate;
except
end;
end;
end;
procedure TMainForm.Web_Scan_inject_Exit(sender: TObject); {旁注检测 - 浏览网页自检测注入点线程退出后执行}
begin
Inc(Web_Scan_inject_Num);
if Web_Scan_inject_Num >= 5 then
begin
LbShowprogress.Caption := '提示:注入点检测完毕!';
ScanInjectTimer.Enabled := False;
end;
end;
procedure TMainForm.WebBrowser1DocumentComplete(Sender: TObject; {旁注检测 - 读取Cookies及检测注入点}
const pDisp: IDispatch; var URL: OleVariant);
var
All: IHTMLElementCollection;
Len, i, j: integer;
Item: OleVariant;
begin
try
if (Webbrowser1.LocationURL <> 'about:blank') and (Web_Scan_Inject_bool2) and
(Chkinject.Checked) and (Web_Scan_Inject_bool) then
begin
Timer2.Enabled := True;
LbShowprogress.Caption := '读取连接地址中...';
end;
if not Webbrowser1.Busy then {浏览器已不在工作时读取浏览器中的Cookies}
begin
Doc := WebBrowser1.Document as IHTMLDocument2;
if ChkCookies.Checked then {判断是否需要在浏览网页时自动读取Cookies}
EditCookie.Text := Doc.cookie;
ListBox1.Items.Clear;
Timer2.Enabled := False;
All := Doc.Get_Links; {得到连接地址}
Len := All.length; {得到连接地址的数量}
if Chkinject.Checked then
begin
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -