#!/bin/bash # Greats to all dumb asses, hackers crackers suckers:] and # All the living Lifeforms that knows me # Special 10xz to: # STRASHARO , HellPain , Pro-XeX(necroleak) , Indjeto # [H/K]Flex , dr0p , ORDER , static , Adrenalinche and all # other shits mentioned above # # Special Big Thanx to ORDER who was tester of that shit. # # FAST FAQ: # Q: What The Hell About ... shall I Use This Shit?? # A: This gets or tries to get a banner from a remote machine # Running Some kind of httpd, on a range of machines, that # would possibly run web servers. # # Q: Are You Nuts Man?? # A: Quite a lot.:] # # Q: You are stupid! # A: Yeah I know:] # # Q: Can I use this stuff for some other checks of daemon banners? # A: Yes You can. Simply change the $wrong below. # E: wrong='GET HEAD / HTTP/1.0\n\n\n\n' change the string to the one needed # to grep the service banner. # # Q:What exactly this stuff does. # A:It asks the httpd for banner. # So most of the httpds return error and # their httpd banner. # # # Q:What Music do you like? # A: metal, punk, rock, gothic, industrial, trance # # # ## This is dedicated to my-exgirlfriend whom ircnickname is fdsg # Sorry About the raw source but i don't have time to make # it look good. # # If errors occured mail to: hipodilski@openvms-rocks.com # visit -===www.pc-freak.org===- -- Enjoy The Anti M$ Stuff # string to send to the service wrong='HELO localhost\n\n\n\n'; # default port value def_port='25'; # head value head_num='4'; # time to sleep w8 for connection time='2'; # logs dir log_dir_name='smtpdout'; log_dir="`echo $HOME`/$log_dir_name"; # Print Messages service='SMTP'; # Filebase name for logfiles service_log_name='smtpcheck'; # Some func needed vars string1=$1; string2=$2; string3=$3; # Little check to see shall we use our default port or not. if [ -n "$2" ] && [ "$2" != "-v" ]; then def_port="$2"; fi # Cuts Entered String as $1 so we get the octets we need ... octet_stuff() { ## whole entered string A=$string1; # D ## 4th ip octet A4=${A/*./}; C=${A/.$A4/}; # A ## 1st ip octet A1=${A/.*/}; E=${A/$A1./}; # B ## 2nd ip octet A2=${E/.*/}; # C ## 3rd ip octet A3=${C/*./}; ## start range num A5=${A4/-*/}; E1=${E/-*/}; ## end range num A6=${A4/*-/}; } # check for log dir existence else creates one. dir_check() { if test -d $log_dir; then cat /dev/null else mkdir $log_dir; fi } # Checks is the entered ip ip correct ipv4 adress. check_ip_true() { ip_border='255'; if [ -z $string1 ]; then help_banner; else if [ "$A1" -gt "$ip_border" ] || [ "$A2" -gt "$ip_border" ] || [ "$A3" -gt "$ip_border" ] || [ "$A5" -gt "$ip_border" ]; then echo -n "Invalid IP"; echo "Some IP Octet exceeds possible borders from 0 to 255!."; exit 0; else cat /dev/null fi fi } # Help Function help_banner() { echo "$service Bash Ver. Scanner by (hipo) from pC-fREAK Org."; echo '------------------------=Help=-----------------------'; echo '[syntax]:'; echo "`basename $0` [ip-range] [port] [parameter]:"; echo 'example [xxx.xxx.xxx.xxx] [port] [-v]'; echo 'port defaults to 80'; echo '[-v parameter for vebose mode]'; echo "Example:"; echo "`basename $0` 127.0.0.1-255 80; `basename $0` 127.0.0.1-1 80 -v;"; echo 'This Example Will Scan the range 127.0.0.1-255 and host 127.0.0.1'; echo "If bugs occured mail me at : hipodilski@openvms-rocks.com"; echo '------------------------------------------------------'; echo 'Enjoy.!:]'; exit 0; } # Check For Params and decides which scan func. to invoke check_params() { if [ -z "$string1" ]; then help_banner; exit 1; elif [ -n "$string1" ] && [ -z "$string2" ]; then do_scan; elif [ -n "$string1" ] && [ -n "$string2" ] && [ "$string2" != "-v" ] && [ -z "$string3" ]; then do_scan1; elif [ -n "$string1" ] && [ "$string2" == "-v" ]; then do_scan2; elif [ -n "$string1" ] && [ -n "$string2" ] && [ "$string3" == "-v" ]; then do_scan2; else echo "Error You have messed something. "; exit 1 fi } # Scan function Num:0 do_scan() { touch $log_dir/$service_log_name-$C.$i; for i in `seq $A5 $A6`; do ((echo -e "$wrong"; sleep $time; echo -e "QUIT") | telnet "$C.$i" $def_port | \ head -n $head_num &> $log_dir/$service_log_name-$C.$i; ) &>/dev/null echo -e "$service Version on $C.$i Scanned.\nSee logs in $log_dir \ for details"; echo "*------------------------------------------*"; done } # Scan function Num:1 do_scan1() { touch $log_dir/$service_log_name-$C.$i; for i in `seq $A5 $A6`; do ((echo -e "$wrong" ; $time) | telnet "$C.$i" $def_port | head -n $head_num \ &> $log_dir/$service_log_name-"$C.$i";) &> /dev/null; echo -e "$service Version on $C.$i Scanned\nSee logs in $log_dir \ for details"; echo "*------------------------------------------*"; done } # Scan function Num:2 do_scan2() { echo "Verbose Mode On:"; touch $log_dir/$service_log_name-$C.$i; for i in `seq $A5 $A6`; do ((echo -e "$wrong" ; sleep $time; killall -9 telnet) | telnet "$C.$i" $def_port | \ head -n "$head_num" &> $log_dir/$service_log_name-"$C.$i";) &> /dev/null echo '*------------------*'; wait cur_log_state=`cat $log_dir/$service_log_name-"$C.$i" | wc -l | awk '{ print $1 }'`; if [ "$cur_log_state" == 1 ]; then echo "$C.$i is not Running on this $service server."; elif [ "$cur_log_state" == 0 ]; then echo "port $def_port on $C.$i is filtered or host is down ..."; elif [ "$cur_log_state" == 3 ] || [ "$cur_log_state" == 2 ]; then echo "$service at $C.$i doesn't return his version ..."; else cat "$log_dir"/$service_log_name-"$C.$i"; fi done } # It is supposed to be 3d Scan func but actually :} # Maybe bash is buggy and this is simple workaround. do_scan2() { echo "Verbose Mode On:"; touch $log_dir/$service_log_name-$C.$i; for i in `seq $A5 $A6`; do ((echo -e "$wrong" ; sleep $time; killall -9 telnet) | telnet "$C.$i" $def_port | \ head -n "$head_num" &> $log_dir/$service_log_name-"$C.$i";) &> /dev/null echo '*------------------*'; wait cur_log_state=`cat $log_dir/$service_log_name-"$C.$i" | wc -l | awk '{ print $1 }'`; if [ "$cur_log_state" == 1 ]; then echo "$C.$i is not Running $service server."; elif [ "$cur_log_state" == 0 ]; then echo "port $def_port on $C.$i is filtered or host is down ..."; elif [ "$cur_log_state" == 3 ] || [ "$cur_log_state" == 2 ]; then echo "$service at $C.$i doesn't return his version ..."; else cat "$log_dir"/$service_log_name-"$C.$i"; fi done } # Main Function Inokes all the stuff main() { octet_stuff; check_ip_true; dir_check; check_params; } main; # Release date # Oct. 12 04:25:02 EEST 2003