#!/usr/bin/perl # # plomp by andrew cook (andrew-cook@live.com) (efnet: sshlong) # # high speed http(80) banner retrieval an analysis. plomp grabs the version # info from the banner if present and reports it. However, by also sending # a series malformed requests to the server plomp is able to determine if # the version information in the banner has been altered. # # USAGE: plomp -t -n # use IO::Socket; use Getopt::Std; @http_report = (); $spawns=0; %options=(); getopts("n:t:", \%options); if($options{n} > 0 && $options{n} < 1000) { $max_children=$options{n}; } else { $max_children=9; } if($options{t}) { $hostlist=$options{t}; } else { die "usage: plomp -t -n "; } open(TARGETS,$hostlist); @targets=; chomp(@targets); foreach(@targets) { if( fork() == 0) { http_scan($_); print("$target http report\n"); print("------------------------------------------\n"); print("apache: $http_report[1]\n"); print("iis: $http_report[2]\n"); print("Sun: $http_report[3]\n"); print("$http_report[4]\n\n"); exit; } else { $spawns++; if($spawns >= $max_children) { wait(); $spawns--; } } } sub http_scan() { my $apache=0; my $iis=0; my $sunjava=0; my @lines; $target=$_; my $http_head = "HEAD / HTTP/1.0\n\n"; my $http_delete = "DELETE / HTTP/1.0\n\n"; my $http_get = "GET / HTTP/6.9\n\n"; my $http_improper = "POOP / HTTP/1.0\n\n"; my $http_port=80; if( my $shitbox = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $target, PeerPort => $http_port, Timeout => '5' ) ) { print $shitbox "$http_head"; @lines=<$shitbox>; foreach $match (@lines) { if($match =~ /server/i) { $resp1=$match; } } } if( my $shitbox = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $target, PeerPort => $http_port, Timeout => '9' ) ) { print $shitbox "$http_delete"; @lines=<$shitbox>; foreach(@lines) { if($_ =~ /405 Method/) { $apache += 1; } elsif($_ =~ /501/) { $iis += 1; } } } if(my $shitbox = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $target, PeerPort => $http_port, Timeout => '9' ) ) { print $shitbox "$http_get"; @lines=<$shitbox>; foreach(@lines) { if($_ =~ /400/) { $resp3=$_; } elsif($_ =~ /505 HTTP/i) { $resp3+$_; $sunjava += 1; } } } if(my $shitbox = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $target, PeerPort => $http_port, Timeout => '9' ) ) { print $shitbox "$http_improper"; @lines=<$shitbox>; foreach(@lines) { if($_ =~ /200/) { $apache += 1; } elsif($_ =~ /400/) { $iis += 1; $sunjava += 1; } } } if($resp1 =~ /apache/i) { $apache += 1; } elsif($resp1 =~ /iis/i) { $iis += 1; } elsif($resp1 =~ /sun/i) { $sunjava += 1; } @http_report[0] = $target; @http_report[1] = ($apache * 33) . "%"; @http_report[2] = ($iis * 33) . "%"; @http_report[3] = ($sunjava * 33) . "%"; @http_report[4] = $resp1; }