Banner.c v1.0 is an improved banner grabber - It is faster then existing banner grabbers, and compiles on many platforms. Features the ability to scan a rage of hosts and check for keywords in the banners.
6f2a3939d08b85df19a5b8dbd9591c1a7cf6926be6d6cea1da55c9a0b63806af
/* Name: banner.c v1.0
* Author: Cyber_Bob
* Made: Code Crusader 2.1.4 (very l33t scr1pt maker, y0 ;)
* Compiled: linux 2.2.16 i686 (slackware 7.1)
* gcc version egcs-2.91.66
* gcc banner.c -o banner
*
* ------------------------------------------------------------------------------
* Release Notes:
*
* This version is a big improvement over the last version. Some added features
* are the ability to scan a range of hosts and it will look for keywords in
* banners to check for a possible entry point for breakin. I've also been told
* it works good for reporting Wingates which prove ever useful on IRC. Also, it
* has the ability to recognize certain ports daemons by name (RFC Standards).
* If a possible vulnerable daemon is found you must strike enter before the scan
* will continue. Look for logging options in the next version. As of right now
* I am only testing idea's. There is also a delay in microseconds between
* connections to each port, this options is #define'd at 500000 (half a second)
* by default so you can watch the output scroll by without much effort. For a
* simple method of logging I added a "<!>" event at the beginning of lines that
* signal a possible risk (I like to call it the attention mark) for easy parsing
* of a command like:
*
* ./banner 1.1.1.1 255.255.255.255 1 65535 >> ./output.log
*
* ------------------------------------------------------------------------------
* [Shoutz] #NuKeZ , #OutLaw , #Assassins , and #twlc cr3w'z
*
* [Shoutz/People] ^Paladin^, Sleep, L^WaRrioR, DePhAzEr, Dark, skalore,
* Jackery, firebird1, trunck, Cyber_Egg (stupid ass bot),
* h1kari, Sleep, soulFate, CommPort5, RizzDog, ScuzleBut,
* sgxxxxxxxxxxxxxxxxxxxxx (lots of leet x's ;P), n0th,
* t03tag, USSR Labs (just cuz they dissed marc of eEye ;),
* VIRILATOR, evilgh0st, Phear, anybody else I forgot and
* deserves to be in here..
* ------------------------------------------------------------------------------
*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/errno.h>
#define VERSION "1.0 beta"
#define DELAY 500000
char data[1000];
int sock,p1, p2,i=1,ctr2;
unsigned long start, end, ctr;
struct sockaddr_in sa;
int main (int argc, char *argv[]) {
printf("\n\n Banner v%s\n",VERSION);
printf(" By - Cyber_Bob\n\n");
if(argc!=5) {
printf("\nUsage: %s <IP-Start> <IP-End> <Port-Start> <Port-End>\n",argv[0]);
exit(1);
}
else {
start=inet_addr(argv[1]);
end=inet_addr(argv[2]);
p1=atoi(argv[3]);
p2=atoi(argv[4]);
}
puts("Press ENTER to Continue...\n");
getchar();
puts("Started!\n--------------------------------------");
for(ctr = ntohl(start);ctr <= ntohl(end);ctr++) {
printf("Reading info for host #%d...\n\n",i++);
if((ctr & 0xff) == 0) ctr++;
if((ctr & 0xff) ==255) ctr++;
for(ctr2 = p1;ctr2 <= p2;ctr2++) {
sa.sin_family=AF_INET;
sa.sin_port=htons(ctr2);
sa.sin_addr.s_addr=htonl(ctr);
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
connect(sock,(struct sockaddr *)&sa,sizeof(sa));
fflush(stdin);
memset(data,0,sizeof(data));
read(sock,&data,1000);
if(ctr2 == 21) {
printf("<!> Port: %d (FTPD)\nBanner: %s\n", ctr2, data);
}
else if(ctr2 == 23) {
printf("<!> Port: %d (TELNETD)\nBanner: %s\n", ctr2, data);
}
else if(ctr2 == 79) {
printf("<!> Port: %d (FINGERD)\nBanner: %s\n", ctr2, data);
}
else if(ctr2 == 80) {
printf("<!> Port: %d (HTTPD)\nBanner: %s\n", ctr2, data);
}
else if(ctr2 == 113) {
printf("<!> Port: %d (IDENTD)\nBanner: %s\n", ctr2, data);
}
else if(ctr2 == 1080) {
printf("<!> Port: %d (PROXY)\nBanner: %s\n", ctr2, data);
}
else {
printf("<!> Port: %d\nBanner: %s\n", ctr2, data);
}
puts("\nChecking for possible insecure daemons...\n");
if(strstr(data, "QPOP")!=NULL) {
puts("<!> QPop daemon found, possible security risk... (Enter to Continue)");
getchar();
}
else if(strstr(data, "wu-")!=NULL) {
puts("<!> WU-FTP daemon found, possible security risk... (Enter to Continue)");
getchar();
}
else if(strstr(data, "sendmail")!=NULL || strstr(data, "Sendmail")!=NULL) {
puts("<!> Sendmail daemon found, possible security risk... (Enter to Continue)");
getchar();
}
else if(strstr(data, "ProFTPD")!=NULL) {
puts("<!> ProFTP daemon found, possible security risk... (Enter to continue)");
getchar();
}
else if(strstr(data, "Wingate")!=NULL || strstr(data, "WinGate")!=NULL) {
puts("<!> Wingate daemon found, possible security risk... (Enter to Continue)");
getchar();
}
else {
puts("None of the daemons checked for were found!\n");
}
usleep(DELAY);
}
puts("\n--------------------------------------");
}
puts("Finished!");
return 0;
}