Plomp is a HTTP banner grabber script written in Perl that also sends malformed requests to the server in order to determine if the version information has been altered.
7046c3463928e49abe3a505f5061cd467763d59028f8751f33833e12e511ee9c
#!/usr/bin/perl
#
# plomp by andrew cook (andrew-cook@live.com) (efnet: sshlong)
#
# high speed http(80) banner retrieval an analysis. plomp grabs the version
# info from the banner if present and reports it. However, by also sending
# a series malformed requests to the server plomp is able to determine if
# the version information in the banner has been altered.
#
# USAGE: plomp -t <target list> -n <number of processes to fork()>
#
use IO::Socket;
use Getopt::Std;
@http_report = ();
$spawns=0;
%options=();
getopts("n:t:", \%options);
if($options{n} > 0 && $options{n} < 1000) {
$max_children=$options{n};
} else {
$max_children=9;
}
if($options{t}) {
$hostlist=$options{t};
} else {
die "usage: plomp -t <targetlist> -n <number of children>";
}
open(TARGETS,$hostlist);
@targets=<TARGETS>;
chomp(@targets);
foreach(@targets) {
if( fork() == 0) {
http_scan($_);
print("$target http report\n");
print("------------------------------------------\n");
print("apache: $http_report[1]\n");
print("iis: $http_report[2]\n");
print("Sun: $http_report[3]\n");
print("$http_report[4]\n\n");
exit;
} else {
$spawns++;
if($spawns >= $max_children) {
wait();
$spawns--;
}
}
}
sub http_scan() {
my $apache=0;
my $iis=0;
my $sunjava=0;
my @lines;
$target=$_;
my $http_head = "HEAD / HTTP/1.0\n\n";
my $http_delete = "DELETE / HTTP/1.0\n\n";
my $http_get = "GET / HTTP/6.9\n\n";
my $http_improper = "POOP / HTTP/1.0\n\n";
my $http_port=80;
if( my $shitbox = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $target,
PeerPort => $http_port,
Timeout => '5'
) ) {
print $shitbox "$http_head";
@lines=<$shitbox>;
foreach $match (@lines) {
if($match =~ /server/i) {
$resp1=$match;
}
}
}
if( my $shitbox = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $target,
PeerPort => $http_port,
Timeout => '9'
) ) {
print $shitbox "$http_delete";
@lines=<$shitbox>;
foreach(@lines) {
if($_ =~ /405 Method/) {
$apache += 1;
} elsif($_ =~ /501/) {
$iis += 1;
}
}
}
if(my $shitbox = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $target,
PeerPort => $http_port,
Timeout => '9'
) ) {
print $shitbox "$http_get";
@lines=<$shitbox>;
foreach(@lines) {
if($_ =~ /400/) {
$resp3=$_;
}
elsif($_ =~ /505 HTTP/i) {
$resp3+$_;
$sunjava += 1;
}
}
}
if(my $shitbox = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $target,
PeerPort => $http_port,
Timeout => '9'
) ) {
print $shitbox "$http_improper";
@lines=<$shitbox>;
foreach(@lines) {
if($_ =~ /200/) {
$apache += 1;
} elsif($_ =~ /400/) {
$iis += 1;
$sunjava += 1;
}
}
}
if($resp1 =~ /apache/i) { $apache += 1; }
elsif($resp1 =~ /iis/i) { $iis += 1; }
elsif($resp1 =~ /sun/i) { $sunjava += 1; }
@http_report[0] = $target;
@http_report[1] = ($apache * 33) . "%";
@http_report[2] = ($iis * 33) . "%";
@http_report[3] = ($sunjava * 33) . "%";
@http_report[4] = $resp1;
}