Proxy Scan | www.pemula.info

1. #!/usr/bin/perl -w
2.  
3. ######################################################################
4. # proxyScan v0.1
5. #
6. # by Ed Blanchfield http://www.e-things.org/
7. #
8. # This program is free software; you can redistribute it and/or
9. # modify it under the terms of the Perl Artistic License or the
10. # GNU General Public License as published by the Free Software
11. # Foundation; either version 2 of the License, or (at your option) any
12. # later version.
13. #
14. # This program is distributed in the hope that it will be useful,
15. # but WITHOUT ANY WARRANTY; without even the implied warranty of
16. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17. # GNU General Public License for more details.
18. #
19. # If you do not have a copy of the GNU General Public License write to
20. # the Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
21. # MA 02139, USA.
22. #
23. #
24. #######################################################################
25.  
26.  
27. use Getopt::Long;
28. use LWP::UserAgent;
29. use strict;
30.  
31. my $DEBUG;
32. my $ports;
33. my $targets;
34. my $proxy;
35. my $method;
36. my $delay;
37. my $timeout;
38. my $userAgent = "proxyScan/0.1";
39.  
40.  
41. ######################################################################
42. # main()
43.  
44. &getArgs;
45.  
46. # process each target host separated by comma's.
47. foreach my $targetHost (split(/,/, $targets)) {
48.     # check if it's an IP range
49.     if ($targetHost
50.         =~ /^(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/) {
51.  
52.         # save start and end of range as decimal
53.         my $startIp     = &ip2dec($1);
54.         my $endIp   = &ip2dec($2);
55.  
56.         # sanity check the range
57.         if ($startIp > $endIp) {
58.             print "$0: startIp is greater than endIp ";
59.             print "in $targetHost\n";
60.             die;
61.         }
62.  
63.         # iterate each IP address in the range
64.         for (my $dec=$startIp; $dec <= $endIp; $dec++) {
65.  
66.             # scan each IP by for each port
67.             foreach my $targetPort (split(/,/, $ports)) {
68.  
69.                 # if the port is a range
70.                 if ($targetPort =~ /^(\d+)-(\d+)$/) {
71.                     my $startPort = $1;
72.                     my $endPort   = $2;
73.  
74.                     if ($startPort > $endPort) {
75.                         print "$0: startPort is",
76.                          " greater than endPort",
77.                          " in $targetPort\n";
78.                         die;
79.                     }
80.  
81.                     for (my $port=$startPort;
82.                          $port <= $endPort; $port++) {
83.                         my $ip=&dec2ip($dec);
84.                         &scanPort($ip,$port);
85.                     }
86.  
87.                 # otherwise a single port
88.                 } else {
89.                     my $ip=&dec2ip($dec);
90.                     &scanPort($ip,$targetPort);
91.                 }
92.             }
93.         }
94.  
95.     # process single IP's, or hostnames
96.     } else {
97.  
98.         # scan this host for each port
99.         foreach my $targetPort (split(/,/, $ports)) {
100.  
101.             # if the port is a range
102.             if ($targetPort =~ /^(\d+)-(\d+)$/) {
103.                 my $startPort = $1;
104.                 my $endPort   = $2;
105.  
106.                 if ($startPort > $endPort) {
107.                     print "$0: startPort is",
108.                      " greater than endPort",
109.                      " in $targetPort\n";
110.                     die;
111.                 }
112.  
113.                 for (my $port=$startPort;
114.                      $port <= $endPort; $port++) {
115.                     my $ip=$targetHost;
116.                     &scanPort($ip,$port);
117.                 }
118.  
119.             # otherwise a single port
120.             } else {
121.                 my $ip=$targetHost;
122.                 &scanPort($ip,$targetPort);
123.             }
124.         }
125.  
126.     }
127. }
128.  
129. # the end, only funtions from here on
130. exit;
131.  
132.  
133. ######################################################################
134. # Check and set options from command line args
135. #
136. sub getArgs() {
137.     Getopt::Long::Configure('bundling',
138.             'no_ignore_case');
139.  
140.     my $optVerbose;
141.     my $optHelp;
142.     my $optPorts;
143.     my $optTimeout;
144.     my $optDelay;
145.     my $optMethod;
146.     my $optTargets;
147.  
148.     GetOptions
149.         ("v|verbose"    => \$optVerbose,
150.         "h|help"        => \$optHelp,
151.         "p|ports=s"     => \$optPorts,
152.         "o|timout=s"    => \$optTimeout,
153.         "d|delay=s"     => \$optDelay,
154.         "m|method=s"    => \$optMethod,
155.         "t|targets=s"   => \$optTargets);
156.  
157.     if ($optHelp) { # then help / usage option
158.         print "Usage: $0 [options below]\n";
159.         print "Options:\n";
160.         print "   --help",
161.         "\tthis message.\n";
162.         print "   --verbose",
163.         "\tbe verbose for debugging.\n";
164.         print "   --ports",
165.         "\tports to scan for.\n";
166.         print "\t\tExample: 80-90,8080-8090,443,23,22\n";
167.         print "   --targets",
168.         "\ttarget hosts to scan for through proxy. Default is localhost.\n";
169.         print "\t\tExample: localhost,10.1.1.1-10.1.1.100,myhost.somedomain.com\n";
170.         print "   --timeout",
171.         "\ttimeout in seconds to wait for a response. default is 2 seconds\n";
172.         print "   --delay",
173.         "\tdelay in seconds between requests. Default is 0.5.\n";
174.         print "   --method",
175.         "\trequest method (CONNECT/GET/OPTIONS/TRACE/etc). default is GET.\n";
176.         print "\n";
177.         print "Set proxy with environment variables *_proxy.  ";
178.         print "Example: export http_proxy=http://proxy.my.place:8080/\n\n";
179.         exit;
180.     }
181.  
182.  
183.     if ($optVerbose) {         # set debugging / verbose output
184.             $DEBUG=1;
185.     } else {
186.         # default
187.             my $DEBUG=0;
188.     }
189.  
190.     if ($optPorts) {         # ports to scan through
191.         if ($optPorts =~ /^[\d,-]+$/) {
192.             $ports = $optPorts;
193.         } else {
194.             die "$0: invalid ports.\n";
195.         }
196.     } else {
197.         # default port to 80
198.         $ports = "80";
199.     }
200.  
201.     if ($optTargets) {         # target hosts to scan through proxy
202.         if ($optTargets =~ /^[\d\w\.,-]+$/) {
203.             $targets = $optTargets;
204.         } else {
205.             die "$0: invalid targets.\n";
206.         }
207.     } else {
208.         # default targets to localhost only
209.         $targets = "localhost";
210.     }
211.  
212.     if ($optTimeout) {         # timout in secs for a response
213.         if ($optTimeout =~ /^\d+$/) {
214.             $timeout = $optTimeout;
215.         } else {
216.             die "$0: invalid timeout.\n";
217.         }
218.     } else {
219.         # default timeout
220.         $timeout = "2";
221.     }
222.  
223.     if ($optDelay) {         # delay in secs between request
224.         if ($optDelay =~ /^\d+$/) {
225.             $delay = $optDelay;
226.         } else {
227.             die "$0: invalid delay.\n";
228.         }
229.     } else {
230.         # default delay
231.         $delay = "0.5";
232.     }
233.  
234.     if ($optMethod) {         # HTTP method
235.         if ($optMethod =~ /^\w+$/) {
236.             $method = uc($optMethod);
237.         } else {
238.             die "$0: invalid method.\n";
239.         }
240.     } else {
241.         # default method
242.         $method = "GET";
243.     }
244. }
245.  
246. ######################################################################
247. # Scan for a target and port
248. #
249. sub scanPort() {
250.  
251.     my $target = shift
252.         || die "$0: no target passed to scanPort()\n";
253.  
254.     my $port = shift
255.         || die "$0: no port passed to scanPort()\n";
256.  
257.     if ($target && $port) {
258.  
259.         # Create a user agent object
260.         my $ua = LWP::UserAgent->new;
261.         $ua->agent("$userAgent ");
262.         $ua->timeout($timeout);
263.         $ua->env_proxy;
264.         my $url = "http://".$target.":".$port;
265.  
266.         if ($DEBUG) {
267.             if ($ENV{http_proxy}) {
268.                 print "proxy = $ENV{http_proxy}\n";
269.             } else {
270.                 print "proxy = [NOT SET]\n";
271.             }
272.             print "port = $port\n";
273.             print "target = $target\n";
274.             print "url = $url\n";
275.         }
276.  
277.         # Create a request
278.         my $req = HTTP::Request->new($method => $url);
279.  
280.         # Pass request to the user agent and get a response back
281.         my $res = $ua->request($req);
282.  
283.         # Check the outcome of the response
284.         my $passFail;;
285.         if ($res->is_success) {
286.             $passFail="pass";  
287.         } else {
288.             $passFail="fail";  
289.         }
290.  
291.         print "result=\"$passFail\",";
292.         print "URL=\"$url\",";
293.         print "method=\"$method\",";
294.  
295.         if ($ENV{http_proxy}) {
296.             print "proxy=\"$ENV{http_proxy}\",";
297.         } else {
298.             print "proxy=\"[NOT SET]\",";
299.         }
300.  
301.         print "result=\"".$res->status_line, "\"\n";
302.         # uncomment for the response content
303.         #print $res->content;
304.  
305.  
306.         # sleep a while based on the delay set
307.         # the delay is important.  without this LWP
308.         # will send out request as fast as it can and
309.         # we may miss the response.
310.         sleep($delay);
311.  
312.     } else {
313.         die "$0: you must specify at least on host and one port\n";
314.     }
315. }
316.  
317. ######################################################################
318. # Convert IP addresses to decimal for use with ranges
319. #
320. sub ip2dec() {
321.     my $hex;
322.     my $ip = shift || return;
323.  
324.     # Sanity check arguments and example regex of an IP address, almost.
325.     if ($ip !~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ) {
326.         die "$0: Invalid IP address given to ip2dec - $ip\n";
327.     }
328.  
329.     # Convert to Hex
330.     foreach my $octet (split(/\./,$ip, 4)) {
331.         die "Invalid IP address given\n"
332.             if($octet < 0 || $octet > 255);
333.         $hex .= sprintf("%02x",$octet);
334.     }
335.  
336.     # Convert to decimal and return
337.     return hex($hex);
338. }
339.  
340. ######################################################################
341. # Convert Decimal to IP address
342. #
343. sub dec2ip {
344.     my $dec = shift || return;
345.  
346.     # Sanity check arguments
347.     if ($dec !~ /^\d+$/ ) {
348.         die "$0: Invalid decimal IP given to dec2ip - $dec\n";
349.     }
350.         my $hexagain = sprintf("%08x", $dec);
351.         my $octet1 = substr($hexagain,0,2);
352.         my $octet2 = substr($hexagain,2,2);
353.         my $octet3 = substr($hexagain,4,2);
354.         my $octet4 = substr($hexagain,6,2);
355.         my $dec1 = hex($octet1);
356.         my $dec2 = hex($octet2);
357.         my $dec3 = hex($octet3);
358.         my $dec4 = hex($octet4);
359.         return "$dec1.$dec2.$dec3.$dec4";
360. }