标签:
// Winhttp.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include <winhttp.h>
#include <comdef.h>
#pragma comment (lib,"Winhttp.lib")
BOOL request_http(wchar_t* Host,int port);
BOOL request_https(wchar_t* Host,int port);
struct Plist
{
wchar_t Host[65500];
int port[7];
};
DWORD WINAPI ThreadProc(LPVOID Lpparam)
{
Plist *tp = (Plist*)Lpparam;
int now_port;
wchar_t Hostname[65500] = {0};
for (int i =2;i<255;i++)
{
wsprintfW(Hostname,L"%s.%d",tp->Host,i);
for (int j =0;j<7;j++)
{
now_port = tp->port[j];
printf("[-]:ScannerIng Host:%S Port:%d\r\n",Hostname,now_port);
if (now_port == 443 || now_port == 8443)
{
request_https(Hostname,now_port);
}else
{
request_http(Hostname,now_port);
}
}
}
return 0;
}
BOOL request_https(wchar_t* Host,int port)
{
DWORD dwSize = 0;
wchar_t* Servers;
wchar_t* Power_by;
DWORD dwDownloaded = 0;
LPSTR pszOutBuffer = NULL;
wchar_t* lpOutBuffer = NULL;
BOOL bResults = FALSE;
HINTERNET hSession = NULL,
hConnect = NULL,
hRequest = NULL;
// Use WinHttpOpen to obtain a session handle.
hSession = WinHttpOpen( L"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
WINHTTP_NO_PROXY_NAME,
WINHTTP_NO_PROXY_BYPASS, 0);
WinHttpSetTimeouts( hSession, 5000, 5000, 5000, 5000);
// Specify an HTTP server.
if (hSession)
hConnect = WinHttpConnect( hSession,Host, //test website:www.esafe.com.tw
port, 0);
// Create an HTTP request handle.
if (hConnect)
hRequest = WinHttpOpenRequest( hConnect, L"GET",L"/",
NULL, WINHTTP_NO_REFERER,
WINHTTP_DEFAULT_ACCEPT_TYPES,
WINHTTP_FLAG_SECURE);
DWORD options = SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID |
SECURITY_FLAG_IGNORE_UNKNOWN_CA ;
if( hRequest )
bResults = WinHttpSetOption( hRequest, WINHTTP_OPTION_SECURITY_FLAGS ,
(LPVOID)&options, sizeof (DWORD) );
if(bResults == FALSE){
printf("Error in WinHttpQueryOption WINHTTP_OPTION_SECURITY_FLAGS: %ld\n",GetLastError());
}
if (hRequest)
bResults = WinHttpSendRequest( hRequest,
WINHTTP_NO_ADDITIONAL_HEADERS,
0, WINHTTP_NO_REQUEST_DATA, 0,
0, 0);
if (bResults)
bResults = WinHttpReceiveResponse( hRequest, NULL);
if (bResults)
{
WinHttpQueryHeaders( hRequest, WINHTTP_QUERY_RAW_HEADERS_CRLF,
WINHTTP_HEADER_NAME_BY_INDEX, NULL,
&dwSize, WINHTTP_NO_HEADER_INDEX);
// Allocate memory for the buffer.
if( GetLastError( ) == ERROR_INSUFFICIENT_BUFFER )
{
lpOutBuffer = new WCHAR[dwSize/sizeof(WCHAR)];
// Now, use WinHttpQueryHeaders to retrieve the header.
bResults = WinHttpQueryHeaders( hRequest,
WINHTTP_QUERY_RAW_HEADERS_CRLF,
WINHTTP_HEADER_NAME_BY_INDEX,
lpOutBuffer, &dwSize,
WINHTTP_NO_HEADER_INDEX);
}
}
if (bResults)
{
Power_by = wcsstr(lpOutBuffer,L"X-Powered-By:");
if (Power_by != NULL)
{
for (int i =0;i<wcslen(Power_by);i++)
{
if (Power_by[i] == ‘\r‘)
{
Power_by[i] = ‘\0‘;
}
}
}
Servers = wcsstr(lpOutBuffer,L"Server:");
if (Servers != NULL)
{
for (int j=0;j<wcslen(Servers);j++)
{
if (Servers[j] == ‘\r‘)
{
Servers[j] = ‘\0‘;
}
}
}
printf("[+]:Host:%S Port:%d %S %S\n",Host,port,Servers,Power_by);
delete[] lpOutBuffer;
}
if (!bResults)
{
//printf("Error in :%d.\r\n",GetLastError());
return FALSE;
}
if( hRequest ) WinHttpCloseHandle( hRequest );
if( hConnect ) WinHttpCloseHandle( hConnect );
if( hSession ) WinHttpCloseHandle( hSession );
return TRUE;
}
BOOL request_http(wchar_t* Host,int port)
{
DWORD dwSize = 0;
wchar_t* Servers_head = NULL;
wchar_t* Powered_head = NULL;
wchar_t* lpOutBuffer = NULL;
BOOL bResults = FALSE;
HINTERNET hSession = NULL,hConnect = NULL,hRequest = NULL;
// Use WinHttpOpen to obtain a session handle.
hSession = WinHttpOpen( L"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
WINHTTP_NO_PROXY_NAME,
WINHTTP_NO_PROXY_BYPASS, 0);
WinHttpSetTimeouts( hSession, 5000, 5000, 5000, 5000); //settimeout
// Specify an HTTP server.
if (hSession)
hConnect = WinHttpConnect( hSession, Host,
port, 0);
// Create an HTTP request handle.
if (hConnect)
hRequest = WinHttpOpenRequest( hConnect, L"GET", NULL,
NULL, WINHTTP_NO_REFERER,
WINHTTP_DEFAULT_ACCEPT_TYPES,
0);
// Send a request.
if (hRequest)
bResults = WinHttpSendRequest( hRequest,
WINHTTP_NO_ADDITIONAL_HEADERS,
0, WINHTTP_NO_REQUEST_DATA, 0,
0, 0);
// End the request.
if (bResults)
bResults = WinHttpReceiveResponse( hRequest, NULL);
// First, use WinHttpQueryHeaders to obtain the size of the buffer.
if (bResults)
{
WinHttpQueryHeaders( hRequest, WINHTTP_QUERY_RAW_HEADERS_CRLF,
WINHTTP_HEADER_NAME_BY_INDEX, NULL,
&dwSize, WINHTTP_NO_HEADER_INDEX);
// Allocate memory for the buffer.
if( GetLastError( ) == ERROR_INSUFFICIENT_BUFFER )
{
lpOutBuffer = new WCHAR[dwSize/sizeof(WCHAR)];
// Now, use WinHttpQueryHeaders to retrieve the header.
bResults = WinHttpQueryHeaders( hRequest,
WINHTTP_QUERY_RAW_HEADERS_CRLF,
WINHTTP_HEADER_NAME_BY_INDEX,
lpOutBuffer, &dwSize,
WINHTTP_NO_HEADER_INDEX);
}
}
// Print the header contents.
if (bResults)
{
// Powered_head = wcsstr(lpOutBuffer,L"X-Powered-By:");
Powered_head = wcsstr(lpOutBuffer,L"X-Powered-By:");
if (Powered_head != NULL)
{
for (int i =0;i<wcslen(Powered_head);i++)
{
if (Powered_head[i] == ‘\r‘)
{
Powered_head[i] = ‘\0‘;
}
}
}
Servers_head = wcsstr(lpOutBuffer,L"Server:");
if (Servers_head != NULL)
{
for (int j=0;j<wcslen(Servers_head);j++)
{
if (Servers_head[j] == ‘\r‘)
{
Servers_head[j] = ‘\0‘;
}
}
}
printf("[+]:Host:%S Port:%d %S %S\n",Host,port,Servers_head,Powered_head);
delete [] lpOutBuffer;
}
// Report any errors.
if (!bResults)
//printf("Host:%S Port:%d Close \r\n",Host,port);
;
// Close any open handles.
if (hRequest) WinHttpCloseHandle(hRequest);
if (hConnect) WinHttpCloseHandle(hConnect);
if (hSession) WinHttpCloseHandle(hSession);
return TRUE;
}
void Usage(wchar_t* prog)
{
printf("[*]:%S Usage-> Hostname Host->Port.\r\n",prog);
printf("[*]:%S Usage-> Http -> Headers.\r\n",prog);
printf("[*]:90Sec Security Team@Agile.\r\n");
}
int wmain(int argc,wchar_t* argv[])
{
HANDLE Hthread;
Plist tp; //struct
if (argc != 2)
{
Usage(argv[0]);
return 0;
}
lstrcpyW(tp.Host,argv[1]);
//printf("tp Host = %S.\r\n",tp.Host);
tp.port[0] = 80;
tp.port[1] = 8080;
tp.port[2] = 8000;
tp.port[3] = 8090;
tp.port[4] = 8888;
tp.port[5] = 443;
tp.port[6] = 8443;
Hthread = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)ThreadProc,&tp,0,NULL);
if (Hthread == INVALID_HANDLE_VALUE)
{
printf("Create Thread Error.\r\n");
return 0;
}else
{
;//printf("Create Thread suscess.\r\n");
}
WaitForSingleObject(Hthread,INFINITE);
CloseHandle(Hthread);
return 0;
}
标签:
原文地址:http://www.cnblogs.com/killbit/p/4608421.html
