home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Power Hacker 2003
/
Power_Hacker_2003.iso
/
Exploit and vulnerability
/
hoobie
/
scan.sh
< prev
next >
Wrap
Text File
|
2001-11-06
|
2KB
|
61 lines
#!/usr/local/bin/perl -s
#
# Scan a subnet for valid hosts; if given hostname, will look at the
# 255 possible hosts on that net. Report if host is running rexd or
# ypserv.
#
# Usage: scan n.n.n.n
# mine, by default
$default = "130.80.26";
$| = 1;
if ($v) { $verbose = 1; }
if ($#ARGV == -1) { $root = $default; }
else { $root = $ARGV[0]; }
# ip address
if ($root !~ /[0-9]+\.[0-9]+\.[0-9]+/) {
($na, $ad, $ty, $le, @host_ip) = gethostbyname($root);
($one,$two,$three,$four) = unpack('C4',$host_ip[0]);
$root = "$one.$two.$three";
if ($root eq "..") { die "Can't figure out what to scan...\n"; }
}
print "Subnet $root:\n" if $verbose;
for $i (01..255) {
print "Trying $root.$i\t=> " if $verbose;
&resolve("$root.$i");
}
#
# Do the work
#
sub resolve {
local($name) = @_;
# ip address
if ($name =~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) {
($a,$b,$c,$d) = split(/\./, $name);
@ip = ($a,$b,$c,$d);
($name) = gethostbyaddr(pack("C4", @ip), &AF_INET);
}
else {
($name, $aliases, $type, $len, @ip) = gethostbyname($name);
($a,$b,$c,$d) = unpack('C4',$ip[0]);
}
if ($name && @ip) {
print "$a.$b.$c.$d\t$name\n";
system("if ping $name 5 > /dev/null ; then\nif rpcinfo -u $name 100005 > /dev/null ; then showmount -e $name\nfi\nif rpcinfo -t $name 100017 > /dev/null ; then echo \"Running rexd.\"\nfi\nif rpcinfo -u $name 100004 > /dev/null ; then echo \"R
unning ypserv.\"\nfi\nfi");
}
else { print "unable to resolve address\n" if $verbose; }
}
sub AF_INET {2;}