*/ error_reporting(0); set_time_limit(0); ini_set('memory_limit', '9999M'); $scan_count = 0; $success = 0; $failrate = 0; $query = stripslashes($_POST['dork']); if ($query == '') { echo "
"; } if ($query != '' ) { $scan_type = $_POST['vuln_type']; // useragents to bypass google captcha bullshit and stop google detecting the bot $agents = array('Yahoo-MMCrawler/3.x (mms dash mmcrawler dash support at yahoo dash inc dot com)', 'Mozilla/5.0 (Yahoo-MMCrawler/4.0; mailto:vertical-crawl-support@yahoo-inc.com)', 'YahooFeedSeeker/2.0 (compatible; Mozilla 4.0; MSIE 5.5; http://publisher.yahoo.com/rssguide; users …; views …)', 'Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)', 'Mozilla/5.0 (compatible; Yahoo! DE Slurp; http://help.yahoo.com/help/us/ysearch/slurp)', 'Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)'); $rounds = 10 * $how_many; $started_rounds = 0; $counted = 10; while ($started_rounds <= $rounds) { $counted++; $rand = rand('0', '23'); $useragent = $agents[$rand]; $transf = curl_init(); curl_setopt($transf, CURLOPT_USERAGENT, $useragent); curl_setopt($transf, CURLOPT_RETURNTRANSFER, 1); curl_setopt($transf, CURLOPT_URL, "http://www.google.com/search?q=$query&hl=en&start=$started_rounds&sa=N"); $file = curl_exec($transf); curl_close($transf); preg_match_all ("/a[\s]+href[\s]?=[\s\"\']+". "http(.*?)[\"\']+.*?"."/", $file, $ok); $count = count($ok[1]); $started_rounds = $started_rounds + 10; for ($counted = 0; $counted < $count ; $counted++) { $url = "http" . $ok[1]["$counted"]; $url2 = eregi_replace("http://|https|www.", "", $url); $total = strlen($url2); $pos = strpos($url2, "/"); $sum = $total -$pos; $domain = substr($url2, 0, -$sum); // filter out the shit... This is your blacklist, be sure to seperate the url, and to eliminate subdomains add the main site and then .site as well if (eregi("youtube.com|google.com|googleusercontent.com|facebook.com|photobucket.com|.mil|.gov|.edu|.au|.go", $domain)) { $domain = ''; } if ($domain != '' && $domain != ':') { if ($scan_type == 'ADMIN') { // admin finder $scan_for = array('admin', 'adm'); $host = $domain; foreach ($scan_for as $scan){ $scan_count++; $headers= get_headers("http://$domain/$scan/"); if (eregi('200', $headers[0])) { echo "