A generic banner scanner. eg scan for qpop 110, wuftpd 21, wingates 23, telnet banners 23, etc etc
6c91acdac7860bc6c8f947323fff0c03f4c97d8fd8cebfb891ee6248e6f1150c/*********************************************************************
* Generic Scan beta++ *
* by marv alpert/bzero@efnet *
* *
* okay so far i have seen only about a million telnet banner, *
* a zillion qpop, a quintillion wuftpd, and a triptillion *
* wingate scanners etc etc. So the question is: why? It is trivial *
* to modify one to scan for the other. Case in point: *
* *
* A generic banner scanner. eg scan for qpop 110, wuftpd 21, *
* wingates 23, telnet banners 23, etc etc get tha picture? *
* *
* Props to beej for his NP tutorial, 'anonymous' of statd *
* scanner fame, bangel and STang for various nifty lilcode ideas *
*********************************************************************/
// note: I like the usage as is, so if you want to make the usage an
// all-in-one type deal joe$ ./gscan ip ip port >> log &
// modify it yourself, should take you under a minute.
// note: if the string input function gives you a prob just use something like:
// int strlen;
// strlen=fread(gimmie, sizeof(char), 30, stdin);
// gimmie[strlen] = '\0';
// or even just a gets(gimmie); if you must
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <errno.h>
#include <netdb.h>
#include <signal.h>
#include <string.h>
#include <fcntl.h>
#include <ctype.h>
#include <sys/stat.h>
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>
void neeto(char *s, unsigned int m);
void main(int argc, char *argv[])
{
int sockfd;
FILE *vuln;
char z;
struct in_addr addr;
struct sockaddr_in target;
unsigned long begin;
unsigned long fin;
unsigned long index;
char buffer[999];
char gimmie[30];
int port;
if (argc!=4)
{
printf("----------------------------------------------\n");
printf("\nusage : %s begining_ip finish_ip port\n\n",argv[0]);
exit(0);
}
begin=inet_addr(argv[1]);
fin=inet_addr(argv[2]);
port=atoi(argv[3]);
printf("generic scan by bzero\n");
printf("m4rv@antisocial.com\n");
printf("----------------------------------------------\n\n");
puts("enter banner to scan for, eg wuftpd, wingate, qpop, telnetd etc");
neeto(gimmie, 29);
printf("okie, banner scanning for: %s\n\n", gimmie);
vuln = fopen("eye_suck.txt", "r");
if(vuln)
{
puts("eye_suck.txt is already there bonehead.");
printf("n00k it? [Y/N]");
z = toupper(getchar());
if(z!='Y')
{
puts("okie fine then");
fclose(vuln);
exit(0);
}
}
vuln = fopen("eye_suck.txt","w");
if(vuln==NULL)
{
puts("doh");
exit(0);
}
printf("----------------------------------------------\n");
puts("results will be saved to file and presented on");
puts("screen for your viewing pleasure");
printf("\n\n");
puts("Generic Banner Scanner in effect b0yEEE");
puts("scannorizing............");
sockfd=socket(AF_INET, SOCK_STREAM, 0);
for (index = ntohl(begin); index <= ntohl(fin); index++)
{
// these nifty 2 linez from bangle
if ((index & 0xff) == 255) index++;
if ((index & 0xff) == 0) index++;
target.sin_family=AF_INET; /* host byte order */
target.sin_port=htons(port); /* short, network byte order */
target.sin_addr.s_addr=htonl(index);
addr.s_addr=htonl(index);
if (connect(sockfd, (struct sockaddr*)&target, sizeof(target))==0)
{
read(sockfd, buffer, sizeof(buffer));
if (strstr(buffer, gimmie)!=NULL)
{
fprintf(stdout, "joy, a match: %s\n", inet_ntoa(addr));
fprintf(vuln, "joy, a match: %s\n", inet_ntoa(addr));
}
if (strstr(buffer, gimmie)==NULL)
{
fprintf(stdout, "open wif no match: %s\n", inet_ntoa(addr));
fprintf(vuln, "open wif no match: %s\n", inet_ntoa(addr));
}
}
}
close(sockfd);
fclose(vuln);
}
void neeto(char *s, unsigned int m){
register char c;
int i=0;
system("stty -g > initialsttygsettings \n"
"stty -icanon min 1 time 0 -echo");
for(;;){
c=getchar();
if( (c >= 32) && (c < 127) ){
if(i >= m){
printf("\b");
i--;}
*(s+i)=c;
printf("%c",c);
i++;}
else if(c=='\r' || c=='\n'){
*(s+i)='\0';
system("stty `cat initialsttygsettings` >/dev/null 2>&1 \n"
"rm initialsttygsettings");
return;}
else if((c=='\b' || c==127) && i>0){
printf("\b \b");
i--;}
}
return;
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed