Collection of the latest changes and improvements
This commit is contained in:
Daniel Winzen
36
helpers/fill_unknown_phishing.php
Normal file
36
helpers/fill_unknown_phishing.php
Normal file
@ -0,0 +1,36 @@
|
||||
<?php
|
||||
include('../common_config.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
$ch=curl_init();
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_USERAGENT, USERAGENT);
|
||||
curl_setopt($ch, CURLOPT_PROXY, PROXY);
|
||||
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
||||
$online=$offline=$desc_online=$error=[];
|
||||
$stmt=$db->prepare("SELECT address FROM onions INNER JOIN phishing ON (phishing.onion_id=onions.id) WHERE address!='' AND phishing.original='';");
|
||||
$stmt->execute([time()]);
|
||||
$onions=$stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
$stmt=$db->prepare('UPDATE phishing, onions SET phishing.original=? WHERE phishing.onion_id=onions.id AND onions.address=?;');
|
||||
|
||||
//do tests
|
||||
foreach($onions as $onion){
|
||||
curl_setopt($ch, CURLOPT_URL, "http://$onion[address].onion/");
|
||||
if(($site=curl_exec($ch))!==false){
|
||||
preg_match('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $site, $addr);
|
||||
if($addr[3]!='' && $addr[3]!==$onion['address']){
|
||||
echo "scam: $onion[address] - original: $addr[3]\n";
|
||||
$stmt->execute([$addr[3], $onion['address']]);
|
||||
}
|
||||
}
|
||||
}
|
||||
curl_close($ch);
|
||||
64
helpers/tmp.php
Normal file
64
helpers/tmp.php
Normal file
@ -0,0 +1,64 @@
|
||||
<?php
|
||||
include('../common_config.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
$stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.category!=15 AND onions.category!=18 AND isnull(phishing.onion_id) LIMIT 2100,10000;");
|
||||
$move=$db->prepare("UPDATE onions SET category=18, locked=1 WHERE address=?;");
|
||||
$ch=curl_init();
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion"));
|
||||
$response=curl_exec($ch);
|
||||
$curl_info=curl_getinfo($ch);
|
||||
$header_size = $curl_info['header_size'];
|
||||
$header = substr($response, 0, $header_size);
|
||||
$body = substr($response, $header_size);
|
||||
curl_setopt($ch, CURLOPT_URL, "http://$tmp[0].onion");
|
||||
$response2=curl_exec($ch);
|
||||
$curl_info2=curl_getinfo($ch);
|
||||
$header_size2 = $curl_info2['header_size'];
|
||||
$header2 = substr($response2, 0, $header_size2);
|
||||
$body2 = substr($response2, $header_size2);
|
||||
echo $tmp[0];
|
||||
if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\n~', $header)){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
elseif(preg_match('~Expires: Sat, 17 Jun 2000 12:00:00 GMT\r\n~', $header)){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
elseif(preg_match('~Last-Modified:\sWed,\s08\sJun\s1955\s12:00:00\sGMT\r\n~', $header)){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
elseif(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body==='' && preg_match('~^HTTP/1\.1\s500\sOK\r\n~', $header2)){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
elseif(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body==='' && preg_match('~Connection:\s\[object\sObject\]\r\n~', $header2)){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
elseif(preg_match('~^HTTP/1\.1\s200\sOK\r\nServer:\snginx/1\.6\.2~', $header) && $body==='404'){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
elseif(preg_match('~^HTTP/1\.1\s302\sFound\r\nLocation:\s/\r\n~', $header) && $body==='Found. Redirecting to /'){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
elseif(preg_match('~^HTTP/1\.1\s503\sForwarding\sfailure~', $header)){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
echo "\n";
|
||||
}
|
||||
curl_close($ch);
|
||||
52
helpers/tmp2.php
Normal file
52
helpers/tmp2.php
Normal file
@ -0,0 +1,52 @@
|
||||
<?php
|
||||
include('../common_config.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
$stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.category!=15 AND isnull(phishing.onion_id) AND timeadded>1506800000;");
|
||||
$move=$db->prepare("UPDATE onions SET category=15, locked=1, description='WARNING - This site will crash your browser with infinite iframes.' WHERE address=?;");
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
$ch=curl_init();
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:9050');
|
||||
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
||||
curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion"));
|
||||
$response=curl_exec($ch);
|
||||
$curl_info=curl_getinfo($ch);
|
||||
$header_size = $curl_info['header_size'];
|
||||
$header = substr($response, 0, $header_size);
|
||||
$body = substr($response, $header_size);
|
||||
curl_close($ch);
|
||||
//if(preg_match('~Location:\s/\r\n~', $header)){
|
||||
echo "$tmp[0].onion";
|
||||
if(preg_match("~HTTP/1\.1\s404\sNot\sFound\r\nContent-Type:\stext/plain;\scharset=utf-8\r\nX-Content-Type-Options:\snosniff\r\nDate: .* GMT\r\nContent-Length:\s19~", $header)){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\n~', $header) && $body==='HTTP error'){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\nCache-Control:\sno-store,\sno-cache,\smust-revalidate\r\nPragma: no-cache\r\nServer: anon\r\n~', $header)){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\nCache-Control:\sno-store,\sno-cache,\smust-revalidate\r\nPragma: no-cache\r\ncontent-length: 0\r\n~', $header) && $body!==''){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
if(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body===''){
|
||||
echo " - SCAM";
|
||||
}
|
||||
if(preg_match('~^HTTP/1\.1\s200\sOK\r\n~', $header) && $body==='404'){
|
||||
echo " - SCAM";
|
||||
}
|
||||
echo "\n";
|
||||
}
|
||||
25
helpers/tmp3.php
Normal file
25
helpers/tmp3.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
include('../common_config.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
$stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND isnull(phishing.onion_id) AND onions.id>22439;");
|
||||
$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Add injecting phishing clone of an existing site - SCAM' WHERE address=?;");
|
||||
$ch=curl_init();
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
|
||||
//curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion"));
|
||||
$response=curl_exec($ch);
|
||||
if($response==='<!-- <meta http-equiv="refresh"content="0; url=http://o2nlo5zjoxp25kfv.onion"> -->
|
||||
'){
|
||||
$move->execute($tmp);
|
||||
echo " - SCAM - moved";
|
||||
}
|
||||
}
|
||||
curl_close($ch);
|
||||
41
helpers/tmp4.php
Normal file
41
helpers/tmp4.php
Normal file
@ -0,0 +1,41 @@
|
||||
<?php
|
||||
include('../common_config.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
$stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.locked=0 AND isnull(phishing.onion_id);");
|
||||
$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='CP - SCAM' WHERE address=?;");
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
$ch=curl_init();
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:9050');
|
||||
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
||||
curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion"));
|
||||
$response=curl_exec($ch);
|
||||
$curl_info=curl_getinfo($ch);
|
||||
$header_size = $curl_info['header_size'];
|
||||
$header = substr($response, 0, $header_size);
|
||||
$body = substr($response, $header_size);
|
||||
curl_close($ch);
|
||||
echo "$tmp[0].onion";
|
||||
if(preg_match('~Last-Modified:\sSat,\s03\sAug\s2019\s15:40:54\sGMT\r\n~', $header)){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
if(preg_match('~Last-Modified:\sWed,\s03\sJul\s2019\s19:53:24\sGMT\r\n~', $header)){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
if(preg_match('~Last-Modified:\sTue,\s30\sJul\s2019\s19:11:00\sGMT\r\n~', $header)){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
echo "\n";
|
||||
}
|
||||
33
helpers/tmp5.php
Normal file
33
helpers/tmp5.php
Normal file
@ -0,0 +1,33 @@
|
||||
<?php
|
||||
include('../common_config.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
$stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.locked=0 AND isnull(phishing.onion_id);");
|
||||
$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Part of scam network - SCAM' WHERE address=?;");
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
$ch=curl_init();
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:9050');
|
||||
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
||||
curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion"));
|
||||
$response=curl_exec($ch);
|
||||
$curl_info=curl_getinfo($ch);
|
||||
$header_size = $curl_info['header_size'];
|
||||
$header = substr($response, 0, $header_size);
|
||||
$body = substr($response, $header_size);
|
||||
curl_close($ch);
|
||||
echo "$tmp[0].onion";
|
||||
if(preg_match('~Last-Modified:\sFri,\s21\sDec\s2018\s17:30:54\sGMT\r\n~', $header)){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
echo "\n";
|
||||
}
|
||||
33
helpers/tmp6.php
Normal file
33
helpers/tmp6.php
Normal file
@ -0,0 +1,33 @@
|
||||
<?php
|
||||
include('../common_config.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
$stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.locked=0 AND isnull(phishing.onion_id);");
|
||||
$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Part of scam network - SCAM' WHERE address=?;");
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
$ch=curl_init();
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:9050');
|
||||
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
||||
curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion"));
|
||||
$response=curl_exec($ch);
|
||||
$curl_info=curl_getinfo($ch);
|
||||
$header_size = $curl_info['header_size'];
|
||||
$header = substr($response, 0, $header_size);
|
||||
$body = substr($response, $header_size);
|
||||
curl_close($ch);
|
||||
echo "$tmp[0].onion";
|
||||
if(preg_match('~HTTP/1.1\s302\sFound\r\nLocation:.*\r\nContent-type:\stext/html;\scharset=UTF-8\r\nDate:.*\r\nServer:\slighttpd/1\.4\.45\sGMT\r\n~', $header)){
|
||||
echo " - SCAM - moved";
|
||||
$move->execute($tmp);
|
||||
}
|
||||
echo "\n";
|
||||
}
|
||||
39
helpers/tmp7.php
Normal file
39
helpers/tmp7.php
Normal file
@ -0,0 +1,39 @@
|
||||
<?php
|
||||
include('../common_config.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
$stmt=$db->prepare("SELECT null FROM onions WHERE address = ?;");
|
||||
$move=$db->prepare("UPDATE onions SET category=18, locked=1, description=CONCAT(description, ' - Part of scam network - SCAM') WHERE address = ? AND locked=0;");
|
||||
$insert=$db->prepare('INSERT INTO onions (address, md5sum, timeadded, locked, description, category) VALUES (?, ?, ?, 1, "Part of scam network - SCAM", 18);');
|
||||
for($i = 1; $i < 213; ++$i){
|
||||
$ch=curl_init();
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:9050');
|
||||
curl_setopt($ch, CURLOPT_PROXYTYPE, 7);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
||||
curl_setopt($ch, CURLOPT_URL, "http://kenimar6g7h2z75m.onion/go.php?id=$i");
|
||||
$response=curl_exec($ch);
|
||||
$curl_info=curl_getinfo($ch);
|
||||
$header_size = $curl_info['header_size'];
|
||||
$header = substr($response, 0, $header_size);
|
||||
$body = substr($response, $header_size);
|
||||
curl_close($ch);
|
||||
if(preg_match('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $header, $addr)){
|
||||
$stmt->execute([$addr[3]]);
|
||||
if($stmt->fetch()){
|
||||
$move->execute([$addr[3]]);
|
||||
echo "SCAM - moved - $addr[3] - ";
|
||||
}else{
|
||||
$insert->execute([$addr[3], md5($addr[3], true), time()]);
|
||||
echo "SCAM - added - $addr[3] - ";
|
||||
}
|
||||
}
|
||||
echo "$i\n";
|
||||
}
|
||||
Reference in New Issue
Block a user