portscan in perl

Simple port can in perl …

#!/usr/bin/perl
#
# A simple TCP port scanner in perl
# James.Abendschan@nau.edu  27 January 1996
#
# output to stdout, logging to stderr
#
# todo -
#  better arg handling :)
#  fork() scans?

# ports to scan:
# 21 - ftp
# 23 - telnet
# 25 - smtp
# 79 - finger
# 80 - www
# 119 - nntp
# 139 - netbios (wfwg over tcpip)
# 8000 - occasional www
# 8080 - ocassional www

@myports = (21, 23, 25, 79, 80, 119, 139, 8000, 8080);

require 'sys/socket.ph';
require 'flush.pl';

$SIG{'ALRM'} = 'do_alarm';

if ($ARGV[0] eq "") {
 print "please provide a subnet to scan!  e.g., 134.114.84\n";
 exit 1;
}

{
 $net = $ARGV[0];
 ($a, $b, $c) = split(/\./, $net);

  for ($d=0;$d<256;$d++) {
   $host = "$a.$b.$c.$d";

   @portlist = @myports;

   while(@portlist) {
    $port = shift(@portlist);
    print STDERR "Trying $host:$port\n";
    $data = scan($host, $port);
    if (index($data, "FAILED") != 0) {
     @addr = split(/\./, $host);
     $addr = pack(' C4', @addr[0], @addr[1], @addr[2], @addr[3]);
     ($name, $aliases, $type, $len, @addrs) = gethostbyaddr($addr, 2);
     if ($name eq "") {
      $name = $host;
     }
     print STDOUT "$name:$port:$data\n";
     flush(STDOUT);
    }
   }
  }
}

#
# scan (host, port)
# returns error or banner
#

sub scan
{

 $hostname = shift @_;
 $serverport = shift @_;

 $connecttimeout = "1";		# time to wait for a reply
 $bannertimeout = "7";		# time to wait for data after a connect

init:

   # seed & pick a random port number 

   for ($i=0; $i < $$; $i++) { rand(); }

   $clientport = int(rand(32768) + 1024);
   $sockaddr = 'S n a4 x8';
   $locport=pack($sockaddr, &AF_INET, $clientport, "");

   if (!socket(C, &PF_INET, &SOCK_STREAM, $proto)) {
    #print "WARNING - couldn't create client socket: $!\n";
    sleep 5;
    goto init;
   }

   if (!bind(C, $locport)) {
    # die("cannot bind client socket: $!\n");
    #print "WARNING - couldn't bind client socket:$!\n";
    sleep (5);
    goto init;
   }

   ($name, $aliases, $proto) = getprotobyname('tcp');
   ($name, $aliases, $type, $len, $thisaddr) = gethostbyname($hostname);
   ($a,$b,$c,$d) = unpack('C4', $thisaddr);

   $ipaddr="$a.$b.$c.$d";

   $thatport = pack($sockaddr, &AF_INET, $serverport, $thisaddr);

   alarm(0);
   alarm($connecttimeout);

   if (!connect(C, $thatport)) {
    return "FAILED: $!\n";
   }

   alarm(0);

   select(C);
   $| = 1;
   select(STDOUT);

   # Now send/rec data to C

   # nudge it..

   print C "\r\n";

   alarm($bannertimeout); 

   $banner = "";
   while ($data = <C>) {
    $banner = "$banner$data"
   }

   alarm(0);

   if ($banner eq "") {
    $banner = $data;
   }

   shutdown(C, 1);
   close(C);

   $banner =~ tr/\r/\./;
   $banner =~ tr/\n/\./;

   return $banner;
}

#
# Handle timeouts
#

sub do_alarm {
  alarm(0); # reset alarm clock
  $SIG{'ALRM'} = 'do_alarm';
  close (C);
  return "FAILED: timeout";
}


// source : from tenet la...
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s