HackBar 小工具包,包含一些常用的工具。(SQL injection,XSS,加密等),web开发人员可以利用它,快速构建一个http请求,或者用它快速实现某种算法等。
PS:最好使用在Powershell中,string类型好接收。
例如: php char.php -md5 ("string")
ShowUse();}
$this->scriptName=$argv[0]; //获取当前脚本文件名称
$param=$this->getParameter($argv,$argc); //获取参数值
$method=$argv[1]; //获取方法名称
$this->distributeFunction($method,$param); //分发方法
echo "\n root@localhost~#: {$this->result} "; //输出结果
}
private function getParameter($argv,$argc){
$argc-=1;
for($i=3;$i<=$argc;$i++){
if($i < $argc){
$argv[2].=$argv[$i].' ';
continue;
}
$argv[2].=$argv[$i];
}
return $argv[2];
}
private function distributeFunction($method,$param){
switch($method){
case '-url':
$this->easyEncryption($param,'url');
break;
case '-base64':
$this->easyEncryption($param,'base64');
break;
case '-md5':
$this->easyEncryption($param,'md5');
break;
case '-sha1':
$this->easyEncryption($param,'sha1');
break;
case '-crypt':
$this->easyEncryption($param,'crypt');
break;
case '-html':
$this->HTMLtoASCII($param);
break;
case '-script':
$this->ScriptChrCode($param);
break;
case '-javascript':
$this->JavaScriptEncode($param);
break;
case '-ascii-html':
$this->AscIItoChar($param);
break;
case '-waf':
$this->wafString($param);
break;
case '-Union':
$this->Union($param);
break;
default:
$this->ShowUse(); //参数不完全则输出使用方法
}
}
/** 将html转换为ASCII码实体符
* @param $str string 要转换的字符串
* @param $result string 转换结果
*/
private function HTMLtoASCII($str){
$array=str_split($str);
foreach($array as $value){
$this->result.='&#'.ord($value);
}
}
/**将Javascript编码转换为字符串
* @param $str string 要转换的字符
* @return int int 没有匹配成功返回0
*/
private function ScriptChrCode($str){
$preg='/(\d{1,})/';
preg_match_all($preg,$str,$out);
if(empty($out[0])){
$this->result=$str;
return 0;
}
$chrs=$out[1];
foreach($chrs as $v){
$this->result.= chr($v);
}
}
/**将字符串转换为Javascript字符编码
* @param $str string 输入的字符串
*/
private function JavaScriptEncode($str){
$array=str_split($str);
$this->result='';
}
}
/**ASCII码实体符转换为普通字符串
* @param $str string 要转换的字符串
*/
private function AscIItoChar($str){
preg_match_all('/\d{1,3}/', $str, $out);
foreach ($out[0] as $key) {
$this->result .= chr($key);
}
}
/**
* @param $pass string 要加密的字符串
* @param string $type 加密类型
* @return string 返回加密后结果
*/
private function easyEncryption($pass,$type='base64'){
switch($type){
case 'base64':
$this->result=base64_encode($pass);
break;
case 'md5':
$this->result=md5($pass);
break;
case 'url':
$this->result=urlencode($pass);
break;
case 'sha1':
$this->result=sha1($pass);
break;
case 'crypt':
$this->result=crypt($pass);
break;
}
return $this->result;
}
//将字符串空格替换成'/**/'
/*
* @param $str string 输入字符串
*/
private function wafString($str){
$this->result=str_replace(' ','/**/',$str);
}
/**直接返回UNION字段数目递增..
* @param $num int UNION字段数目
*/
private function Union($num){
$this->result='UNION SELECT ';
for($i=1;$i<=$num;$i++){
if($i<$num){
$this->result.=$i.',';
continue;
}
$this->result.=$i;
}
}
/**
* 输出使用方法
*/
private function ShowUse(){
$method=array(
'-url'=>' comment : chars to url_encode',
'-md5'=>'comment : chars to md5 encryption',
'-base64'=>'comment : chars to base64 encryption',
'-sha1'=>'comment : chars to sha1 encryption',
'-crypt'=>'comment : chars to crypt encryption',
'-html'=>'comment : HTML chars to ASCII code',
'-script'=>'comment : Javascript String.fromCharCode to chars ',
'-javascript'=>'comment : Javascript chars to String.fromCharCode ',
'-ascii-html'=>'comment : ASCII chars to char',
'-waf'=>'comment : SQL chars to comment /**/ ...',
'-Union'=>'comment : SQL UNION field to UNION SELECT 1,2,3,4 ...'
);
print('>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>'."\n");
print(' ENCODEING '."\n");
print(' '."\n");
print(' |/*_*/ '."\n");
print(' /*/ \*/ '."\n");
print(' /*/By Rvn0xsy '."\n");
print(' /**/**///*/* '."\n");
print(' Please run in Powershell '."\n");
print(' network-floods.com '."\n");
print('<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<'."\n");
foreach($method as $key =>$value){
echo "\n php ". $this->scriptName ." {$key} ". ' ("chars") '." {$value} \n\n";
}
exit; //退出程序
}
}
$CODE=new Encoding($argv,$argc);