Network Scanner

[Chad Brown]

I put together a script for scaning a network. Features are DNS
resolution, selective port scan, scanning of multiple addresses at one
time, and ping sweep. Ports can be customized depending on what is
being sought on a network. If anyone decides to add more ideas to this
please send me a copy. Im very interested in input.

http://onager.guild.net/~vrai/
(e-mail address removed)



#!/usr/bin/perl

#usage--> netsweep 20.0.0.1

use Socket;
use Net:ing;

@ports = (21,22,23,80,110,119,1080,8080);
$Max_Processes = 20;

$Target_IP = $ARGV[0];

#---Startup

if ( $Target_IP eq "" ) {
die "need target ip...\n";
}

@Target_IP_Sep = IP_Seperate($Target_IP);

$TA = @Target_IP_Sep[0];
$TB = @Target_IP_Sep[1];
$TC = @Target_IP_Sep[2];

$Start_Addy = $TA.".".$TB.".".$TC.".0";
$End_Addy = $TA.".".$TB.".".$TC.".255";

$Current_Long = Dot2Long_IP($Start_Addy);
$End_Long = Dot2Long_IP($End_Addy);


#---Main workload control routines
$stp = 0;
$npids = 0;

while () {

#forker
FORK: {
if ($pid=fork) {
#return $pids;
}
elsif (defined $pid) {
Connect_IP(Long2Dot_IP($Current_Long));
}
elsif ($! == EAGAIN) {
sleep 3;
redo FORK;
}
else {
die "cant fork!\n";
}
}

#fork control
$npids++;
if($npids>=$Max_Processes){
$wait_ret=wait();
if($wait_ret>0){
$npids--;
}
}

#iterate to next IP
$Current_Long++;

#look for end IP
if ($Current_Long eq $End_Long+1) {
sleep(2);
exit(0);
};

}

#---Sub Functions

sub Dot2Long_IP {
return unpack('N', inet_aton(shift));
}

sub Long2Dot_IP {
return inet_ntoa(pack('N', shift));
}

sub IP_Seperate {
my ($IP_Address) = @_ ;
@IP_SepArr = split(/\./,$IP_Address);
return @IP_SepArr;
}

sub Connect_IP($IP_Addy){
my ($tghost) = @_ ;

$connect_list = "";

$connect_list = $tghost;

#getting host name
$host_ipaddr = inet_aton($tghost);
$host_name = gethostbyaddr($host_ipaddr, AF_INET);
if ($host_name eq "") {
$host_name = "NR";
}
$connect_list = $connect_list." $host_name";

#pinging target
$p = Net:ing->new("icmp");

if ($p->ping($tghost)) {
$connect_list = $connect_list." TG_A"; #for returns
}
else {
$connect_list = $connect_list." TG_N"; #for negatives
}

$p->close();

#start scan on ports
foreach $port (@ports) {

$AF_INET=2;
$SOCK_STREAM=1;
$sockaddr='S n a4 x8';

($name,$aliases,$proto)=getprotobyname('tcp');

($name,$aliases,$type,$len,$thataddr)=gethostbyname($tghost);
$this=pack($sockaddr,$AF_INET,0,$thisaddr);
$that=pack($sockaddr,$AF_INET,$port,$thataddr);

die "unknown host $tghost\n" if($thataddr eq "");

socket(S,$AF_INET,$SOCK_STREAM,$proto) or die $!;
bind(S,$this) or die $!;

if(connect(S,$that)) {
$connect_list = $connect_list." ".$port;
close(S)
}
else {
close(S);
}

}

print "$connect_list\n";

$connect_list = "";
exit();
}

 

[Uri Guttman]

CB> I put together a script for scaning a network. Features are DNS
CB> resolution, selective port scan, scanning of multiple addresses at one
CB> time, and ping sweep. Ports can be customized depending on what is
CB> being sought on a network. If anyone decides to add more ideas to this
CB> please send me a copy. Im very interested in input.

CB> http://onager.guild.net/~vrai/
CB> (e-mail address removed)



CB> #!/usr/bin/perl

CB> #usage--> netsweep 20.0.0.1

CB> use Socket;
CB> use Net:ing;

no strict or warnings. fix that first and then i will comment on the
rest.

<snip of unstrict/unwarned code>

uri

 

[Chad Brown]

CB> I put together a script for scaning a network. Features are DNS
CB> resolution, selective port scan, scanning of multiple addresses at one
CB> time, and ping sweep. Ports can be customized depending on what is
CB> being sought on a network. If anyone decides to add more ideas to this
CB> please send me a copy. Im very interested in input.

CB> http://onager.guild.net/~vrai/
CB> (e-mail address removed)



CB> #!/usr/bin/perl

CB> #usage--> netsweep 20.0.0.1

CB> use Socket;
CB> use Net:ing;

no strict or warnings. fix that first and then i will comment on the
rest.

<snip of unstrict/unwarned code>

uri

Im an ace at VB but im new to Perl... yea I know the code looks like a
bucket of bolts slapped up there hehe


$ perlcc -o netsweep netsweep.pl
Signal 11
/usr/bin/perlcc: netsweep.pl did not compile, which can't happen:
Starting compile
Walking tree
Prescan
Saving methods
No definition for sub main::Socket
No definition for sub main::Socket (unable to autoload)
No definition for sub main::Net:ing
No definition for sub main::Net:ing (unable to autoload)


this script works very smoothly under interpretation but I wouldnt
have too many ideas of how to fix the no definitions problem...

 

[Chad Brown]

I fixed the code... but I ran it with the strict and warnings
commented out and . It would not iterate right its sticking to the
first ip (like 21.211.1.0) and the next iterations of the forks run at
the same IP...

I got most of the warnings out but still got one left that im puzzeled
with...

G:\PHASIC\PROJECTS\NETSCAN>netsweep.pl
Bareword "EAGAIN" not allowed while "strict subs" in use at
G:\PHASIC\PROJECTS\NETSCAN\netsweep.pl line 43.
Execution of G:\PHASIC\PROJECTS\NETSCAN\netsweep.pl aborted due to
compilation errors.


here is the recorrected code...


#!/usr/bin/perl

#usage--> netsweep 20.0.0.1

use strict;
use warnings;

use Socket;
use Net:ing;

my @ports = (21,22,23,80,110,119,1080,8080);
my $Max_Processes = 20;

my $Target_IP = $ARGV[0];

#---Startup

if ( $Target_IP eq "" ) {
die "need target ip...\n";
}

my @Target_IP_Sep = IP_Seperate($Target_IP);

my $TA = $Target_IP_Sep[0];
my $TB = $Target_IP_Sep[1];
my $TC = $Target_IP_Sep[2];

my $Start_Addy = $TA.".".$TB.".".$TC.".0";
my $End_Addy = $TA.".".$TB.".".$TC.".255";

my $Current_Long = Dot2Long_IP($Start_Addy);
my $End_Long = Dot2Long_IP($End_Addy);


#---Main workload control routines
my $stp = 0;
my $npids = 0;

while () {

#forker
FORK: {
if (my $pid=fork) {
#return $pids;
}
elsif (defined $pid) {
Connect_IP(Long2Dot_IP($Current_Long));
}
elsif ($! == EAGAIN) {
sleep 3;
redo FORK;
}
else {
die "cant fork!\n";
}
}

#fork control
$npids++;
if($npids>=$Max_Processes){
my $wait_ret=wait();
if($wait_ret>0){
$npids--;
}
}

#iterate to next IP
$Current_Long++;

#look for end IP
if ($Current_Long eq $End_Long+1) {
sleep(2);
exit(0);
};

}

#---Sub Functions

sub Dot2Long_IP {
return unpack('N', inet_aton(shift));
}

sub Long2Dot_IP {
return inet_ntoa(pack('N', shift));
}

sub IP_Seperate {
my ($IP_Address) = @_ ;
my @IP_SepArr = split(/\./,$IP_Address);
return @IP_SepArr;
}

sub Connect_IP {
my ($tghost) = @_ ;

my $connect_list = "";

$connect_list = $tghost;

#getting host name
my $host_ipaddr = inet_aton($tghost);
my $host_name = gethostbyaddr($host_ipaddr, AF_INET);
if (my $host_name eq "") {
my $host_name = "NR";
}
$connect_list = $connect_list." $host_name";

#pinging target
my $p = Net:ing->new("icmp");

if ($p->ping($tghost)) {
my $connect_list = $connect_list." TG_A"; #for returns
}
else {
my $connect_list = $connect_list." TG_N"; #for negatives
}

$p->close();

#start scan on ports
foreach my $port (@ports) {

my $AF_INET=2;
my $SOCK_STREAM=1;
my $sockaddr='S n a4 x8';

my ($name,$aliases,$proto)=getprotobyname('tcp');

($name,$aliases,my $type,my $len,my
$thataddr)=gethostbyname($tghost);
my $this=pack($sockaddr,$AF_INET,0,my $thisaddr);
my $that=pack($sockaddr,$AF_INET,$port,$thataddr);

die "unknown host $tghost\n" if($thataddr eq "");

socket(S,$AF_INET,$SOCK_STREAM,$proto) or die $!;
bind(S,$this) or die $!;

if(connect(S,$that)) {
$connect_list = $connect_list." ".$port;
close(S)
}
else {
close(S);
}

}

print "$connect_list\n";

$connect_list = "";
exit();
}

 

[Thomas Kratz]

I fixed the code... but I ran it with the strict and warnings
commented out and . It would not iterate right its sticking to the
first ip (like 21.211.1.0) and the next iterations of the forks run at
the same IP...

I got most of the warnings out but still got one left that im puzzeled
with...

G:\PHASIC\PROJECTS\NETSCAN>netsweep.pl
Bareword "EAGAIN" not allowed while "strict subs" in use at
G:\PHASIC\PROJECTS\NETSCAN\netsweep.pl line 43.
Execution of G:\PHASIC\PROJECTS\NETSCAN\netsweep.pl aborted due to
compilation errors.

Net:ing does not export EAGAIN. Use Net:ing::EAGAIN or import the
Errno constants by appending:

use Errno qw/OSIX/;

or

use POSIX qw/:errno_h/;

Without using strict, you'll get no compilation error but the value of a
plain EAGAIN is undefined and your comparison "if ($! == EAGAIN)" will
certainly not do what you think it does (that shows again, that using
strict is a very good idea).

Thomas

 

[wfsp]

I got most of the warnings out but still got one left that im puzzeled
with...

G:\PHASIC\PROJECTS\NETSCAN>netsweep.pl
Bareword "EAGAIN" not allowed while "strict subs" in use at
G:\PHASIC\PROJECTS\NETSCAN\netsweep.pl line 43.
Execution of G:\PHASIC\PROJECTS\NETSCAN\netsweep.pl aborted due to
compilation errors.

here is the recorrected code...

#forker
FORK: {
if (my $pid=fork) {
#return $pids;
}
elsif (defined $pid) {
Connect_IP(Long2Dot_IP($Current_Long));
}
elsif ($! == EAGAIN) {
sleep 3;
redo FORK;
}
else {
die "cant fork!\n";
}
}

<snip>

There is indeed a Bareword "EAGAIN". What is the puzzle? Is it a string, a
constant?

 

[Chad Brown]

I cant figure this one out... I initialized the variable and it still
brings up the warning.

Use of uninitialized value in pack at
G:\PHASIC\PROJECTS\NETSCAN\netsweep.pl line 136.

this is the line thats causing it...
my $this = pack($sockaddr,$AF_INET,0,my $thisaddr);

 

[Anno Siegel]

I cant figure this one out... I initialized the variable and it still
brings up the warning.

Use of uninitialized value in pack at
G:\PHASIC\PROJECTS\NETSCAN\netsweep.pl line 136.

this is the line thats causing it...
my $this = pack($sockaddr,$AF_INET,0,my $thisaddr);

^^^^^^^^^^^^

Apart from other possibilities, "my $thisaddr" is guaranteed to
be undefined. What's the mystery?

Anno

 

[Chad Brown]

^^^^^^^^^^^^

Apart from other possibilities, "my $thisaddr" is guaranteed to
be undefined. What's the mystery?

Anno

Im new to perl... outside the datatypes of pack and unpack im unsure of the rest...
I know the use of "my" is simple.
Anyone have any input on the data typing in perl?
Im so stuck to laws of VB and C++.

What is the difference between my and local?

 

[Sam Holden]

Im new to perl... outside the datatypes of pack and unpack im unsure of the rest...
I know the use of "my" is simple.
Anyone have any input on the data typing in perl?
Im so stuck to laws of VB and C++.

What is the difference between my and local?

perldoc -f my
perldoc -f local

Followed by perldoc perlsub, since both of those say 'See "..." in perlsub'.

You don't have to get permission from here before reading the manual.

 

[187]

perldoc -f my
perldoc -f local

Followed by perldoc perlsub, since both of those say 'See "..." in
perlsub'.

You don't have to get permission from here before reading the manual.

Not meaning to step o nyour toes, but it seems to me, people like the
fellow you just replied to, have just stepped into thr world of Perl,
and such a person may not know at all that such a document exists or
just not realize it.

If you are using Perl on a unix/linux-ish system, Perldoc is your
friend, but some other operating systems, such as the Win32 ActiveState
version have some nice TML based documentation, akin to the online
version.

 

[ChrisO]

I put together a script for scaning a network. Features are DNS
resolution, selective port scan, scanning of multiple addresses at one
time, and ping sweep. Ports can be customized depending on what is
being sought on a network. If anyone decides to add more ideas to this
please send me a copy. Im very interested in input.

Are you doing this for a learning exercise? Because there are already
mature, open source network scanners that even a mature, very
knowledgable Perl developer would be hard put to match.

-ceo

 

[Chad Brown]

Are you doing this for a learning exercise? Because there are already
mature, open source network scanners that even a mature, very
knowledgable Perl developer would be hard put to match.

-ceo

Im well aware of the existence of other scanners. I put this together
so that I could add more stuff onto it and customize and possibly get
other scripts to work with it.

And about the mature... This project is "YES"... a learning
exercise... I wouldnt have took it on if I have seen other scanners
out there. I was looking for constructive help not critisism. Also as
the post says I was looking for ideas. This is not a cocky display of
junky code... Yea im not the best at perl.

 

[ChrisO]

Im well aware of the existence of other scanners. I put this together
so that I could add more stuff onto it and customize and possibly get
other scripts to work with it.

And about the mature... This project is "YES"... a learning
exercise... I wouldnt have took it on if I have seen other scanners
out there. I was looking for constructive help not critisism. Also as
the post says I was looking for ideas. This is not a cocky display of
junky code... Yea im not the best at perl.

My post wasn't intended to be critical nor as an insult but rather
intended to alert you to the presence of existing solutions in the event
you were unaware. Most people are happy to be provided with this sort
of input.

I also don't recall making light of your code. Though I stand by my
assertion that the exercise is pointless outside of a learning exercise
even for an experienced Perl coder. Customization, which you claim as
the virtue of your efforts, is precisely what is built into many of the
existing scanners to which I have already alluded and have callable
interfaces.

Nevertheless, don't consider even this message an attempt to "poo-poo"
your efforts. I for one practically re-wrote 'fetchmail' using Perl,
but only because I wasn't already aware of fetchmail. I would have been
grateful to have had someone point out its existance so I wouldn't have
spent all my time re-writing it in Perl. I learned alot from the effort
however... So in that case, this sort of thing is never a "waste."

Anyway, try not to get all "huffy"... If it's valuable to you, then by
all means, have a hearty go at it.

-ceo

 

[Chad Brown]

My post wasn't intended to be critical nor as an insult but rather
intended to alert you to the presence of existing solutions in the event
you were unaware. Most people are happy to be provided with this sort
of input.

I also don't recall making light of your code. Though I stand by my
assertion that the exercise is pointless outside of a learning exercise
even for an experienced Perl coder. Customization, which you claim as
the virtue of your efforts, is precisely what is built into many of the
existing scanners to which I have already alluded and have callable
interfaces.

Nevertheless, don't consider even this message an attempt to "poo-poo"
your efforts. I for one practically re-wrote 'fetchmail' using Perl,
but only because I wasn't already aware of fetchmail. I would have been
grateful to have had someone point out its existance so I wouldn't have
spent all my time re-writing it in Perl. I learned alot from the effort
however... So in that case, this sort of thing is never a "waste."

Anyway, try not to get all "huffy"... If it's valuable to you, then by
all means, have a hearty go at it.

-ceo

Its no problem... just misinterpreted it because of the shortness of the message.