hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Public Downloads
Killaloop
May 28 2004, 10:11 AM
have written this little perlscript. it filters textfiles for a specified banner in banner.txt and writes the IPs back to output.txt (only works if banner and ip are in same line).
guess some of you could need it.

example: banner.pl "IIS 5.0"
!for more advanced search syntax look at the second posting!

CODE

example banner.txt
testing banner 12.153.104.49:80 yehaha MS IIS 5.0
112.153.104.49:80 MS IIS 5.1
12.153.104.149:80 MS IIS 5.0
banner 22.53.104.149 MS IIS 5.0
this is 223.4.4.3 APACHE 2.3


CODE

output.txt
12.153.104.49:80
12.153.104.149:80
22.53.104.149




-------cut here-------

#!/usr/bin/perl -w
# Bannerfilter
#
# filters the specified banner from banner.txt and
# writes ips back to output.txt
# usage: banner.pl "<Banner to look for>"
# example: banner.pl "IIS 5.0"
#


open( INPUT, "<banner.txt") || die "Can't open file : $!\n";
open(OUTPUT, ">output.txt" );
chomp (@input = <INPUT>);
$banner = "$ARGV[0]";
print "Usage: $0 \"Banner\"\n\n" if (@ARGV!=1);
print "Example: $0 \"IIS 5.0\"\n" if (@ARGV!=1);

foreach(@input)
{

if(/($banner)/)

{
push(@Filter, $_);
}
}
foreach(<@Filter>)
{
if(/\b[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?/)

{
print OUTPUT "$_\n";
print "$_\n";
}
}
close(INPUT);
close (OUTPUT);
Killaloop
May 28 2004, 10:31 AM
forgot to say: if something does't work as it should, tell me about it and I will have a look (I'm still learning this stuff).
also before someone asks again you need active perl to run this from windows

regards

/edit
forgot to mention the more advanced search possibilities
example:
banner.pl "APACHE|IIS"
this will list all IPs where APACHE or IIS is in the banner

example2:
banner.pl "APACHE.*PHP"
this will list all IPs where APACHE and PHP is in the banner

be creative and safe yourself alot of work
Killaloop
May 28 2004, 03:40 PM
ok here is a version that will only filter the IP out and will not show the port

bannerfilter.txt "IIS"

banner.txt example

[HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Content-Location: http://10.0.0.20/Default.htm Date: Wed, 21 Apr 2004 14:47:12 GMT Content-Type: text/html Accept-]
[HTTP/1.1 200 OK Server: Microsoft-IIS/5.1 Content-Location: http://10.0.0.21/Default.htm Date: Wed, 21 Apr 2004 14:47:12 GMT Content-Type: text/html Accept-]
testing banner 12.153.104.49:80 yehaha MS IIS 5.0
112.153.104.49:80 MS IIS 5.1
12.153.104.149:80 MS IIS 4.0

output.txt example

10.0.0.20
10.0.0.21
12.153.104.49
112.153.104.49
12.153.104.149

the advanced syntax for multible searchstrings for the banner can still be used
example:
to match APACHE and PHP: banner2.pl "APACHE.*PHP"
to match IIS or APACHE: banner2.pl "IIS|APACHE"
FLAT
May 28 2004, 04:52 PM
woa thx smile.gif

thats a great script ... simple but very very usefull biggrin.gif

i hope to see more nice scripts wink.gif

Flat
Killaloop
May 28 2004, 05:42 PM
QUOTE (FLAT @ May 28 2004, 04:52 PM)
woa thx smile.gif

thats a great script ... simple but very very usefull biggrin.gif

i hope to see more nice scripts wink.gif

Flat

yeah will keep them coming .. can really safe some work and regex is damn nice in perl
will work on a regex filtering program that will filter just about everything out the way you want it to. options where grep and other tools can't come with
Buluemoon
May 31 2004, 02:43 PM
Thanks Killaloop, was just wondering yesterday if anyone had made a tool like this, great work.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.