Netgrep checks a range of hosts for a specific service and grabs the banner. Features the ability to send a string to the port, and the ability to grep through the banner.
5db887fef030a6bd5114a42ab513996b22e0c7934e3da58c0568a6c7af3e6e48/* NetGrep V0.6 Beta http://vapid.dhs.org
* See the usage for info. ./netgrep
* lwc@vapid.dhs.org
* To compile make brscan.
* For solaris add -lnsl -lsocket libraries. (buggy)
* 1/19/99 fixed a stupid bug that caused a seg fault in Solaris.
* Why I shouldnt code after 1:00am.
* 1/25/99 fixed another bug with output.
* I am attempting to make this more portable (linux etc.)*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <netdb.h>
#include <ctype.h>
#include <strings.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <arpa/inet.h>
#include <sys/stat.h>
#define MAXSIZE 255
#define TIME 1 /* Make this bigger for slower connections.*/
int readsoc(int fd, char temp_buff[MAXSIZE]);
void timeout(int s);
int flag = 0;
void usage(char *stp);
int writesoc(int fd, char temp_buff[MAXSIZE]);
int
main(int argc, char *argv[])
{
int sock, port, VERBOSE = 0, enagrep = 0, enawrite = 0,
dumpport = 0;
char buffer[MAXSIZE], grepstring[MAXSIZE], out_buff[MAXSIZE],
ch;
FILE *fout, *output;
struct sockaddr_in sin;
unsigned long start, end, counter;
void *sigfunc;
output = stdout; /* default output is stdout */
if (argc == 1) usage(argv[0]);
while ((ch = getopt(argc, argv, "w:g:f:l:t:p:vd")) != EOF) {
switch ((char) ch) {
case 'g':
{
strncpy(grepstring, optarg, MAXSIZE);
enagrep = 1;
break;
}
case 'l':
{
if ((fout = fopen(optarg, "w+"))) {
output = fout;
}
break;
}
case 'f':
{
start = inet_addr(optarg);
break;
}
case 't':
{
end = inet_addr(optarg);
break;
}
case 'd':
{
dumpport = 1;
break;
}
case 'p':
{
port = atoi(optarg);
break;
}
case 'v':
{
VERBOSE = 1;
break;
}
case 'w':
{
enawrite = 1;
strncpy(out_buff, optarg, MAXSIZE);
strcat(out_buff, "\r\n\n");
break;
}
}
}
for (counter = ntohl(start); counter <= ntohl(end); counter++) {
/*skip 0 & 255 addresses.*/
if(((counter & 0xff) == 255)) counter+=2;
sigfunc = signal(SIGALRM, timeout);
alarm(TIME);
sock = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_family = AF_INET;
sin.sin_port = htons(port);
sin.sin_addr.s_addr = htonl(counter);
if (VERBOSE)
fprintf(output, "Scanning host %s:",
inet_ntoa(sin.sin_addr));
if (connect(sock, (struct sockaddr *) & sin, sizeof(sin)) == 0) {
if (enawrite) {
writesoc(sock, out_buff);
}
if ((dumpport || enagrep) && readsoc(sock, buffer)) {
if (!enagrep)
fprintf(output, "%s\n", buffer);
else {
if (strstr(buffer, grepstring))
fprintf(output, "%s\n", buffer);
}
}
if (!VERBOSE)
fprintf(output, "Scanning host %s:",
inet_ntoa(sin.sin_addr));
fprintf(output, "[OPEN] %d\n", port);
close(sock);
} else if (VERBOSE) {
/*.. means connection denied
++ means connection attempt timed out */
if (flag == 0) fprintf(output, ".\n");
if (flag == 1) { fprintf(output, "+\n"); flag=0;
alarm(0);
signal(SIGALRM,sigfunc);
}
}
}
return (0);
}
void
timeout(int s)
{
/*return to here if we get a time out after so many seconds.*/
flag = 1;
return;
}
int
readsoc(int fd, char temp_buff[MAXSIZE])
{
/*read in from a file descriptor
rewrite this to do more than 1 line.
\r is from html proto.*/
int x = 0;
char ch;
while (read(fd, &ch, 1) && x < MAXSIZE) {
if (ch != '\r')
temp_buff[x] = (char) ch;
else {
temp_buff[x] = '\0';
break;
}
x++;
}
return (x);
}
int
writesoc(int fd, char temp_buff[MAXSIZE])
{
/*Write temp_buff out to a socket descriptor.*/
int x = 0, total = 0;
while (temp_buff[x] != '\n') {
total += write(fd, &temp_buff[x], 1);
x++;
}
/* ## clean this code up some. */
if (temp_buff[x] == '\n')
write(fd, &temp_buff[x], 1);
return (total);
}
void
usage(char *stp)
{
printf(" Netgrep v0.2 1/11/2000\n\n");
printf(" http://vapid.dhs.org\n");
printf(" %s [args] \n", stp);
printf(" -f From ip address.\n");
printf(" -t To ip address.\n");
printf(" -p Port number.\n");
printf(" -g Grep for string.\n");
printf(" -v Verbose output.\n");
printf(" -w Write string to port.\n");
printf(" -l Log to file.\n");
exit(0);
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed