/********************************************************************* * Generic Scan beta++ * * by marv alpert/bzero@efnet * * * * okay so far i have seen only about a million telnet banner, * * a zillion qpop, a quintillion wuftpd, and a triptillion * * wingate scanners etc etc. So the question is: why? It is trivial * * to modify one to scan for the other. Case in point: * * * * A generic banner scanner. eg scan for qpop 110, wuftpd 21, * * wingates 23, telnet banners 23, etc etc get tha picture? * * * * Props to beej for his NP tutorial, 'anonymous' of statd * * scanner fame, bangel and STang for various nifty lilcode ideas * *********************************************************************/ // note: I like the usage as is, so if you want to make the usage an // all-in-one type deal joe$ ./gscan ip ip port >> log & // modify it yourself, should take you under a minute. // note: if the string input function gives you a prob just use something like: // int strlen; // strlen=fread(gimmie, sizeof(char), 30, stdin); // gimmie[strlen] = '\0'; // or even just a gets(gimmie); if you must #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include void neeto(char *s, unsigned int m); void main(int argc, char *argv[]) { int sockfd; FILE *vuln; char z; struct in_addr addr; struct sockaddr_in target; unsigned long begin; unsigned long fin; unsigned long index; char buffer[999]; char gimmie[30]; int port; if (argc!=4) { printf("----------------------------------------------\n"); printf("\nusage : %s begining_ip finish_ip port\n\n",argv[0]); exit(0); } begin=inet_addr(argv[1]); fin=inet_addr(argv[2]); port=atoi(argv[3]); printf("generic scan by bzero\n"); printf("m4rv@antisocial.com\n"); printf("----------------------------------------------\n\n"); puts("enter banner to scan for, eg wuftpd, wingate, qpop, telnetd etc"); neeto(gimmie, 29); printf("okie, banner scanning for: %s\n\n", gimmie); vuln = fopen("eye_suck.txt", "r"); if(vuln) { puts("eye_suck.txt is already there bonehead."); printf("n00k it? [Y/N]"); z = toupper(getchar()); if(z!='Y') { puts("okie fine then"); fclose(vuln); exit(0); } } vuln = fopen("eye_suck.txt","w"); if(vuln==NULL) { puts("doh"); exit(0); } printf("----------------------------------------------\n"); puts("results will be saved to file and presented on"); puts("screen for your viewing pleasure"); printf("\n\n"); puts("Generic Banner Scanner in effect b0yEEE"); puts("scannorizing............"); sockfd=socket(AF_INET, SOCK_STREAM, 0); for (index = ntohl(begin); index <= ntohl(fin); index++) { // these nifty 2 linez from bangle if ((index & 0xff) == 255) index++; if ((index & 0xff) == 0) index++; target.sin_family=AF_INET; /* host byte order */ target.sin_port=htons(port); /* short, network byte order */ target.sin_addr.s_addr=htonl(index); addr.s_addr=htonl(index); if (connect(sockfd, (struct sockaddr*)&target, sizeof(target))==0) { read(sockfd, buffer, sizeof(buffer)); if (strstr(buffer, gimmie)!=NULL) { fprintf(stdout, "joy, a match: %s\n", inet_ntoa(addr)); fprintf(vuln, "joy, a match: %s\n", inet_ntoa(addr)); } if (strstr(buffer, gimmie)==NULL) { fprintf(stdout, "open wif no match: %s\n", inet_ntoa(addr)); fprintf(vuln, "open wif no match: %s\n", inet_ntoa(addr)); } } } close(sockfd); fclose(vuln); } void neeto(char *s, unsigned int m){ register char c; int i=0; system("stty -g > initialsttygsettings \n" "stty -icanon min 1 time 0 -echo"); for(;;){ c=getchar(); if( (c >= 32) && (c < 127) ){ if(i >= m){ printf("\b"); i--;} *(s+i)=c; printf("%c",c); i++;} else if(c=='\r' || c=='\n'){ *(s+i)='\0'; system("stty `cat initialsttygsettings` >/dev/null 2>&1 \n" "rm initialsttygsettings"); return;} else if((c=='\b' || c==127) && i>0){ printf("\b \b"); i--;} } return; }