My Little Banner Scanner

GovernmentSecurity.org > The Archives > Public Downloads

gsicht

May 10 2004, 08:01 PM

hi, i coded a http banner scanner that creates(with the help of pscan.c) a ip list, and scanns the banners of it.
it is coded for linux, but with a little bit c knowletge you can compile it with the help of cygwin.
it is a very fast scanner, but at the moment there is still a problem with some http's which gives the scanner no answer so that the scanner stops. maybe you can patch this.

compile and run:
[user@linux scanner]$ ./install

XXXXXXXXXXXXXXXXXX
X bannerscan 1.2 X
XXXXXXXXXXXXXXXXXX

help: read README

[user@linux scanner]$ ./run ipA.ipB port ipC

read README for more info!

here are the sources:

gsicht

May 10 2004, 08:11 PM

arg! here is the source:

http://mitglied.lycos.de/exploits/bannerscanner.tar.gz

BuzzDee

May 10 2004, 08:13 PM

wow thank u! really good work! ill have a look @ the source maybe i can help u with ur error

greetz

Kynroxes

May 10 2004, 10:29 PM

good job gsicht, I'm interessting by this thanks you for the share

gsicht

May 11 2004, 02:59 PM

ok, now i wrote a new version.
changes:
1. you can connect to one host now
2. the scanner can read ftp/smtp/etc banners

to make ip lists, take pscan.c

here is the code of banner.c v1.3

CODE

/*
* banner scanner 1.3
****************************
* coded by gsicht (11.05.04)
* nothing.king@firemail.de
****************************
*/

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <stddef.h>
#include <getopt.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <netdb.h>
#include <sys/time.h>

#define TOPIC "\nBannerscan 1.3 by gsicht (11.04.04)\n"
#define TIMEOUT 2

char request[100];
char string[] = "OPTIONS / HTTP/1.0";
//"ECHO 'GET / HTTP/1.0'";

void usage(char *prog)
{
printf("USAGE:\n");
printf("%s -f HOSTLIST/-h HOST -p PORT -l FILENAME [options]\n",prog);
printf(" -h [host]\ttarget host\n");
printf(" -f [filename]\tfile with targets\n");
printf(" -p [port]\tport to connect\n");
printf(" -l [filename]\tlogfile for the output\n\n");
printf("options:\n");
printf(" -t [seconds]\ttimeout for connect()\n");
printf(" -m [mode_number] default is 1\n");
printf(" 1\treads a banner without sending a string(for daemons like ftp or smtp)\n");
printf(" 2\treads a http banner\n\n");
printf("example1: %s -f list.txt -p 21 -l log.txt\n",prog);
printf("example2: %s -h www.google.de -p 80 -l log.txt -m 2 -t 3\n\n",prog);
}

int connect_with_time(int sfd,struct sockaddr *addr,int addrlen,struct timeval *timeout)
{
struct timeval sv;
int svlen = sizeof sv;
int ret;

if (!timeout)
return connect(sfd,addr,addrlen);
if (getsockopt(sfd,SOL_SOCKET,SO_RCVTIMEO,(char *)&sv, &svlen) < 0)
return -1;
if (setsockopt(sfd, SOL_SOCKET,SO_RCVTIMEO,(char *)timeout,sizeof *timeout) < 0)
return -1;
ret = connect (sfd, addr, addrlen);
setsockopt (sfd, SOL_SOCKET,SO_RCVTIMEO,(char *)&sv,sizeof sv);
return ret;
}

int single_mode(char *hostname,int port,FILE *logfile,int mode)
{
struct hostent *host;
struct sockaddr_in addr;

int timeout = TIMEOUT;
struct timeval tv;
tv.tv_usec = 0;
tv.tv_sec = timeout;

char empf_buffer[2048];
int i;

int sock = socket(AF_INET, SOCK_STREAM, 0);
if(sock == -1)
{
printf("socket() failed\n");
exit(0);
}

if((host = gethostbyname(hostname)) == NULL)
{
printf("gethostbyname() failed\n");
exit(1);
}

addr.sin_addr = *((struct in_addr *)host->h_addr);
addr.sin_family = AF_INET;
addr.sin_port = htons(port);

fprintf(stdout,"[+] connecting...\t\t");

if(connect_with_time(sock,(struct sockaddr *)&addr, sizeof(struct sockaddr),&tv) == -1)
{
printf("-couldn't connect to server\n");
exit(0);
}
fprintf(stdout,"-connected\n");
if(mode == 2)
{
snprintf(request,sizeof(request),"%s\r\n\r\n",string);
fprintf(stdout,"[+] sending request...\t\t");
if(send(sock,request,strlen(request),0)==-1)
fprintf(stdout,"-send() error\n");
fprintf(stdout,"-OK\n");
}
fprintf(stdout,"[+] reading banner...\t\t");
i=recv(sock,empf_buffer,sizeof(empf_buffer),0);
empf_buffer[i]='\0';

if(strstr(empf_buffer,"Server")!=NULL )
{
fprintf(stdout,"-HTTP found\n");
fprintf(logfile,"IP:%s:%d\n%s\n\n\n\n",hostname,port,empf_buffer);
}
else
{
fprintf(stdout,"-OK\n");
fprintf(logfile,"IP:%s:%d\n%s\n\n\n\n",hostname,port,empf_buffer);
}
close(sock);
end();
return 0;
}

int end()
{
printf("\nohh yeah! now check your logfile for the outputs\n");
printf("coded by gsicht (nothing.king@firemail.de)\n\n");
}

int main(int argc, char *argv[])
{

int port,sock,c,i,x,verbose;
int mode = 1;
int con_mode = 0;

struct sockaddr_in addr;

// files
FILE *iplist;
FILE *logfile;
char *listname;
char *logname;

char empf_buffer[4000];
char target[350];

int timeout = TIMEOUT;
struct timeval tv;

puts(TOPIC);

if(argc < 3)
{
usage(argv[0]);
return 0;
}

while((c = getopt(argc, argv, "f:h:p:l:t:m:"))!= EOF)
{
switch (c)
{
case 'h':
snprintf(target,sizeof(target),optarg);
con_mode = 0;
break;

case 'f':
listname = optarg;
iplist = fopen(listname,"r");
if(iplist==NULL)
{
printf("\nError, could not open the ip-list\n\n");
exit(0);
}
con_mode = 1;
break;

case 'p':
port = atoi(optarg);

if((port > 65535) || (port < 1))
{
printf("select a port between 1-65535\n");
exit(0);
}
break;

case 'l':
logname = optarg;
if(logname == NULL)
logfile = fopen("log.txt", "w");
else
logfile = fopen(logname, "w");
if(logfile==NULL)
{
printf("cannot create logfile\n\n");
exit(0);
}
break;

case 't':
timeout = atoi(optarg);
if(optarg == NULL)
timeout = TIMEOUT;
break;

case 'm':
mode = atoi(optarg);
if(mode < 1 || mode > 2)
{
printf("\nerror: mode %d does not exist\n\n",mode);
exit(0);
}
break;

default:
usage(argv[0]);
}
}

if(con_mode == 0)
printf("target:\t\t\t%s\n",target);
if(con_mode == 1)
printf("ip list:\t\t%s\n",listname);
fprintf(stdout, "port:\t\t\t%d\n"
"timeout:\t\t%d\n"
"logfile:\t\t%s\n",port,timeout,logname);
if(mode == 2)
printf("request:\t\t%s\n",string);
printf("\n");

sleep(1);
printf("ok, let's start...\n\n");
sleep(1);

if(con_mode == 0)
{
single_mode(target,port,logfile,mode);
exit(0);
}

int nRet;
size_t *t = malloc(0);

char **gptr = (char **)malloc(sizeof(char*));
*gptr = NULL;

while( (nRet=getline(gptr, t, iplist)) > 0)
{

snprintf(target,sizeof(target),*gptr);

sock = socket(AF_INET, SOCK_STREAM, 0);
if(sock == -1)
{
printf(" socket() failed\n\n");
exit(0);
}

tv.tv_usec = 0;
tv.tv_sec = timeout;

addr.sin_addr.s_addr = inet_addr(target);
addr.sin_family = AF_INET;
addr.sin_port = htons(port);

// connect with or without timeout
// if(connect(sock,(struct sockaddr *)&addr, sizeof(struct sockaddr)) == -1)
if(connect_with_time(sock,(struct sockaddr *)&addr, sizeof(struct sockaddr),&tv) == -1)
{
printf(" couldn't connect to server\n");
}
else
{
if(mode == 2)
{
snprintf(request,sizeof(request),"%s\r\n\r\n",string);
fprintf(stdout,"[+] sending request to %s\t",target);
if(send(sock,request,strlen(request),0)==-1)
fprintf(stdout,"-send() error\n");
}
else
fprintf(stdout,"%s",target);
fprintf(stdout,"[+] reading banner...\t",target);
i=recv(sock,empf_buffer,sizeof(empf_buffer),0);
empf_buffer[i]='\0';

if(strstr(empf_buffer,"Server")!=NULL )
{
fprintf(stdout,"-HTTP found\n\n");
fprintf(logfile,"IP:%s:%d\n%s\n\n\n\n",target,port,empf_buffer);
}
else
{
fprintf(stdout,"-OK\n\n");
fprintf(logfile,"IP:%s:%d\n%s\n\n\n\n",target,port,empf_buffer);
}

}
close(sock);
}
end();
return 0;
}

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.