#!/usr/bin/perl # avscan.pl(1), altavista.com scanner : vade79 -> _v9[v9@fakehalo.org] (!6724b) # avscan.pl(1), revision#2 from version 1, fixed and has multiple port support. # # this perl script is for scanning altavista.com with garbage text to find # server(s). once the scan is complete, or you press CTRL-C, it will check # the server(s) found for open ports/data. then, write the data to a file. # # this is basically useful for scanning new|old(select a date) servers for # daemons/data. # config(1/2): site(s) to ignore, wildcard(like isin[=~]) match. $ignore="xoom.com tripod.com yahoo.com www.geocities.com www.angelfire.com www.mindspring.com"; # config(2/2): 0/1: ansi headers? (just for something to look at). $ansi=1; # begin: base code. (code that doesn't need to be changed from here on) use Socket;$SIG{'INT'}=\&next;$SIG{'TSTP'}=\&shutdown; sub out{if($ansi){print "::: @_\n";}else{print "::: @_\n";}} sub outq{if($ansi){print "??? @_";}else{print "??? @_";}$q=1;} sub outh{if($q){print "\n";}if($ansi){print "!!! @_ (pre-exit)\n";}else{print "!!! @_ (pre-exit)\n";}&exit(1);} sub sendto{print READ "@_\n";} sub aconnect{ my($s,$p,$ia,$pa,$proto,$buf,$read,$b,$c);$s="www.altavista.com";$p=80;$round++; &out("($round) connecting to: $s($p).");$ia=inet_aton($s);$pa=sockaddr_in($p,$ia); $proto=getprotobyname('tcp');$buf=select READ;$|=1;select $buf; socket(READ,PF_INET,SOCK_STREAM,$proto)||&outh("error creating socket: $s($p) -> $!."); connect(READ,$pa)||&outh("error connecting to: $s($p) -> $!."); &out("($round) connected to: $s($p).");&out("($round) attempting to access list."); &sendto("GET /cgi-bin/query?&text=yes&q=$word[$m]$date&stq=$num"); $b=0;$c=0;while(defined($read=)){&handler(split(/ /,$read));$b++;$c=$c+length($read);} &out("($round) connection closed, eof. (read: $b line(s)->$c byte(s))"); } sub bconnect{ my($s,$p)=split(/ /,shift);my($ia,$pa,$proto,$buf,$read); &out("connecting to: $s($p)."); $ia=inet_aton($s);$pa=sockaddr_in($p,$ia); $proto=getprotobyname('tcp');$buf=select READ;$|=1;select $buf; socket(READ,PF_INET,SOCK_STREAM,$proto)||&outh("error creating socket: $s($p) -> $!."); connect(READ,$pa)||&out("error connecting to: $s($p) -> $!."); &out("connected to: $s($p)."); if($x){ &out("waiting for initial data string."); while(defined($read=)){ if($read=~$w||!$w){ &out("writting initial data string to file. ($outfile.dat)"); open(OUTFILEI,">>$outfile.dat")||&outh("error opening outfile to write: $outfile.dat."); print OUTFILEI "$s($p): $read";close(OUTFILEI)||&outh("error closing outfile: $outfile.dat."); } else{&out("data from server was not found in the string provided, not writting.");} shutdown(READ,2)||&out("error shutting down socket."); } } else{ &out("writting connection to file. ($outfile.dat)"); open(OUTFILEI,">>$outfile.dat")||&outh("error opening outfile to write: $outfile.dat."); print OUTFILEI "$s($p): \n"; close(OUTFILEI)||&outh("error closing outfile: $outfile.dat."); shutdown(READ,2)||&out("error shutting down socket."); } &out("connection closed, eof."); } sub handler{ if($check){ @_=split(/\//,$_[1]);my($i,$j,@ignore);$i=0;$j=0;@ignore=split(/ /,$ignore); while($ignore[$i]){if($_[2]=~$ignore[$i]){$j=1;$inum++;}$i++;} if(!$j){ open(OUTFILE,">>$outfile")||&outh("error opening outfile to write: $outfile."); print OUTFILE "$_[2]\n"; close(OUTFILE)||&outh("error closing outfile: $outfile."); } } $check=0;$num++;if("$num."eq$_[0]){$num++;$check=1;}$num--; } sub next{ if($next){&outh("INT(sig) detected, stopping with exit.");} &out("INT(sig) detected, stopping after cycle to scan list. ($outfile)");$next=1; } sub shutdown{ if($next){&out("TSTP(sig) detected, attempting to close socket. (if exists)");shutdown(READ,2)||&out("error shutting down socket.");} else{&out("TSTP(sig) detected, not in that procedure. still finding servers. (use CTRL-C)");} } sub exit{ if($_[0]==1){&out("EXIT(1): exit due to call by subroutine outh().");} else{&out("EXIT(!1): clean exit.");}exit(0); } if(!$ARGV[1]){&out("syntax : $0 [start_num] [start(mm/dd/yy) stop(mm/dd/yy)]");&out("example: $0 porn outfile.txt 10 07/15/95 07/15/96");exit(0);} @word=split(/:/,$ARGV[0]);$outfile=$ARGV[1];chomp($outfile); if($ARGV[2]){ if($ARGV[2]<1||$ARGV[2]>999&&int($ARGV[2])){&out("ignoring start number: invalid number. (1-999)");} else{&out("using non-zero start number: valid.");$num=int($ARGV[2]);} } if($ARGV[4]){ chomp($ARGV[4]);@s=split(/\//,$ARGV[3]);@e=split(/\//,$ARGV[4]); if($s[0]>12||$s[0]<1||$s[1]>31||$s[1]<1||$s[2]<1||$e[0]>12||$e[0]<1||$e[1]>31||$e[1]<1||$e[2]<1){&out("ignoring start/stop dates: invalid syntax.");} else{ if($s[2]<=$e[2]){if($s[0]<=$e[0]){if($s[1]<=$e[1]){$passed=1;}}} if($passed){&out("using dates provided: valid.");$date="&d0=$s[0]%2F$s[1]%2F$s[2]&d1=$e[0]%2F$e[1]%2F$e[2]";} else{&out("ignoring start/stop dates: end date > start date.");} } } if(!$num){$num=0;}$snum=0;$oldnum=-1; &out("use CTRL-C to skip to the server portscan.");&out("use CTRL-Z to skip to shut down the current socket. (if scanning list)"); $m=0;$round=0;while($word[$m]&&!$next){ $num=int($num);&out("starting scan for word \"$word[$m]\" on number $num."); while($num!=$oldnum&&!$next){ $oldnum=$num;$inum=0;&aconnect;$cnum=$num-$oldnum;$snum=$snum+$cnum-$inum; &out("[$oldnum->$num] $cnum matches found this cycle. ($inum ignored, $snum total)"); } if(!$next){&out("[$oldnum->$num] no new matches found from this cycle and the last cycle, stopping. ($inum ignored, $snum total)");} $m++;$num=0;$oldnum=-1; } $next=1;&out("use CTRL-C to exit."); if(-f$outfile){ open(OUTFILER,$outfile)||&outh("error opening outfile to write: $outfile."); @domain=;close(OUTFILER)||&outh("error closing outfile: $outfile."); while($y[0]<=0||$y[0]>=65536){ &outq("enter port(s) to scan for(1-65535)[ie: 21,23,25]: ");@y=split(/,/,);chomp(@y); $r=0;while($y[$r]){if($y[$r]<=0||$y[$r]>=65536||int($y[$r])ne$y[$r]){undef(@y);&out("non numerical/out of range number found, try again. [argument $r]");}$r++;}$q=0; } while(!$x){&outq("wait for initial data or first string?(y/n): ");$x=;$q=0;} if(substr($x,0,1)eq"y"){$x=1;}else{$x=0;}if($x){&outq("record|grep for specific text(return for all): ");$w=;$q=0;chomp($w);} $z=0;while($domain[$z]){chomp($domain[$z]);$p=0;while($y[$p]>=1&&$y[$p]<=65535){&bconnect("$domain[$z] $y[$p]");$p++;}$z++;} } else{&out("no file to check($outfile), stopping scan. (no servers)");} &out("finished, scan complete.");&exit(0);