#!/usr/bin/perl # # Domain Scanner v2.0 # Pavel Aubchon-Mendoza [admin@deviance.org][12/29/1998] # # Docs : ./domscan.pl -docs | more # or: ./domscan.pl -docs > domscan.txt # or: www.deviance.org/domscani.txt # use IO::Socket; use Net::Ping; $numa = @ARGV; @port = (21,23,25,79,80,110); $single = 0; $range = 0; $ping = 1; $ban = 0; $no = 0; $log = 0; print "\n\rDomain Scanner v2.0\n\r"; print "Hale + http://www.deviance.org\n\r"; print "An Esoteric Production : http://www.arez.com/eso\n\r\n\r"; if($ARGV[0] eq "") { print "Documentation : ./domscan.pl -docs | more\n\r"; print " ./domscan.pl -docs > domscan.txt\n\r"; print "Esoteric Info : ./domscan.pl -eso | more\n\r"; print " ./domscan.pl -eso > esoteric.nfo\n\r"; die "\n"; } for($i=0;$i<$numa;$i++) { @temp = split(//,$ARGV[$i]); $fc = @temp[0]; $lc = @temp[length($ARGV[$i])-1]; if($ARGV[$i] =~ /\d-\d/) { @range[$range] = $ARGV[$i]; $range++; } elsif($fc eq "-" && $lc eq "-") { $temp = reverse($ARGV[$i]); chop($temp); $temp = reverse($temp); chop($temp); @port = split(/\,/,$temp); } elsif($ARGV[$i] eq "-np") { $ping = 0; } elsif($ARGV[$i] eq "-n") { $no = 1; } elsif($ARGV[$i] eq "-l") { $log = 1; } elsif($ARGV[$i] eq "-docs") { &getif("domscani.txt"); } elsif($ARGV[$i] eq "-eso") { &getif("esoteric.nfo"); } else { @single[$single] = $ARGV[$i]; $single++; } } if($ping eq 0) { print " + Not pinging hosts +\n\r"; } if($no eq 1) { print " + DNS lookup only +\n\r"; } if($log eq 1) { print " + Logging to scan.log +\n\r"; } for($j=0;$j<@single;$j++) { &pscan(@single[$j],$ping,$no,$log,@port); } for($k=0;$k<@range;$k++) { @sort = split(/-/,@range[$k]); @ip1 = split(/\./,@sort[0]); @ip2 = split(/\./,@sort[1]); $ip1 = ((@ip1[0]*16777216)+(@ip1[1]*65536)+(@ip1[2]*256)+@ip1[3]); $ip2 = ((@ip2[0]*16777216)+(@ip2[1]*65536)+(@ip2[2]*256)+@ip2[3]); if($ip2<$ip1) { die("Malformed IP range: $ip1 - $ip2",""); } for($c=$ip1;$c<$ip2+1;$c++) { @bytes = &getquad($c); $ip = join("\.",@bytes); &pscan($ip,$ping,$no,$log,@port); } } sub pscan { my($host,$ping,$no,$log,@port) = @_; $go = 1; $hostn = ""; if($no eq 1) { $ping=0; $go=0; @bytes = split(/\./,$host); $packaddr = pack("C4",@bytes); ($name,$altnames,$addrtype,$len,@addrlist) = gethostbyaddr($packaddr,2); $hostn = $name; if($hostn ne "") { print "$host : $name\n\r"; } } if($ping eq 1) { $p = Net::Ping->new("icmp"); $go = $p->ping($host); $p->close(); } if($go eq 1) { for($i=0;$i<@port;$i++) { $res = 0; $handle = IO::Socket::INET->new("$host:@port[$i]") or $res = 1; if($res eq 0) { $handle->autoflush(1); if($hostn eq "") { $hostn = &gethost($host); } print "\[Connected to $host $hostn :@port[$i]\]\n\r"; #if($ban eq 1) { # $in = <$handle>; # print " -> $in"; # } grab banners - maybe by next version, hangs on some ports.. if($log eq 1) { open(OUT,">>scan.log"); print OUT ("\[Connected to $host $hostn :@port[$i]\]\n\r"); #if($ban eq 1) { print OUT (" -> $in\n\r"); } close(OUT); } close($handle); } else { if($hostn eq "") { $hostn = &gethost($host); } print "\[Could not connect to $host $hostn :@port[$i]\]\n\r"; } } } else { if($no eq 0) { print "\[Skipping $host / No Response\]\n\r";} } } sub getquad { my($ip) = @_; @bytes[0] = int $ip/16777216; $rem = $ip % 16777216; @bytes[1] = int $rem/65536; $rem = $rem % 65536; @bytes[2] = int $rem/256; $rem = $rem % 256; @bytes[3] = $rem; @bytes; } sub getif { my($doc) = @_; $res = 0; $handle = IO::Socket::INET->new("www.deviance.org:80") or $res = 1; if($res eq 0) { print $handle "GET /$doc HTTP/1.0\n"; print $handle "Host: www.deviance.org\n\n"; while(<$handle>) { print "$_"; } die "-EOF-\n"; } die "[Could not establish connection to server - try direct]\n\r"; } sub gethost { my($host) = @_; @bytes = split(/\./,$host); $packaddr = pack("C4",@bytes); ($name,$altnames,$addrtype,$len,@addrlist) = gethostbyaddr($packaddr,2); $hostn = $name; if($hostn ne "") { $hostn = "\($hostn\)"; } $hostn; }