Vulnerability Development mailing list archives
Re: HTTP scanners?
From: shawn.a.clifford () LMCO COM (Clifford, Shawn A)
Date: Fri, 28 Jan 2000 16:46:40 -0500
Not to beat a dead horse, but here is a simple Perl script that will use netcat to find all Web servers on any port of a machine. This could easily be reworked in csh/awk, and the input could be an IP address generator (to scan a block of addresses rather than reading them in from a file). The only gotcha is accidentally connecting to something like the chargen service without the -z option in netcat. This will consume all of your memory. That's why this script looks for all available ports (with -z) and then checks only 'http' or unkown (?) services. But if someone were to hang chargen off of an unnamed port, it would do nasty things to netcat when it tries to read the output! It took 11 minutes to scan all 65535 ports on one of my machines, and turned up 4 web servers! Cheers, -- Shawn ------ #!/usr/local/bin/perl # # Title: httpd_scan.pl # Author: Shawn A. Clifford # Date: 28-Jan-2000 # Purpose: Find httpd (Web) servers on a given list of machines. # Inputs: "nodes.lst" - A file containing addresses/hostnames to # be scanned. # Externals: Netcat (nc) from avian.org:/src/hacks/nc110.tgz # Perl from www.cpan.org and lots of other places # Usage: ./http_scan.pl # open(IN, "<nodes.lst"); while(<IN>) { chomp($target = $_); print "\nScanning host $target ".`date`; print "===========================================================\n"; @data = `nc -zvw 3 $target 1-65535 2>&1`; # Finds all active ports foreach $service (@data) { # Go back and check each service if ($service =~ /\(\?\)/ || $service =~ /http/i) { (undef, undef, $port) = split(/\s+/,$service); @web_data = `echo "HEAD / HTTP/1.0\n\n"|nc -vw 3 $target $port 2>&1`; $host = $type = undef; foreach $line (@web_data) { if ($line =~ /open$/) { ($host, undef) = split(/\s+/,$line); } if ($line =~ /Server\:/i) { (undef, $type) = split(/\s+/,$line); } if ($host && $type) { printf("%s: port %5s: %s\n", $host, $port, $type); $host = undef; $type = undef; } } } } print "==== Scan completed ".`date`."\n"; } close(IN);
Current thread:
- Re: HTTP scanners? Thorsheim, Per (Jan 24)
- <Possible follow-ups>
- Re: HTTP scanners? Matt Storey (Jan 25)
- Re: HTTP scanners? rb (Jan 25)
- Re: HTTP scanners? Clifford, Shawn A (Jan 28)