Site hosted by Angelfire.com: Build your free website today!
#!/usr/bin/perl

 if ($#ARGV < 0) {
   print "Error in syntax - try again.\n";
   print "  sample: webping.pl 10.1.1.1-254\n";
 }

doit($ARGV[0]);
foreach $item (@hosts) {
 portscan($item);
}
close OUTFILE;

sub doit {

 $line = $_[0];
 
 if ($line!=/#/) {
 
   if ($line=~/-/) {
    @tmp = split/-/, $line;
    @bip = split/\./, $tmp[0];
    @eip = split/\./, $tmp[1];
   } else {
    @bip = split/\./, $line;
    @eip = split/\./, $line;
   }

   $a1 = $bip[0];
   $b1 = $bip[1];
   $c1 = $bip[2];
   $d1 = $bip[3];

   $num = @eip;
   if ($num==1) {
     $a2 = $bip[0];
     $b2 = $bip[1];
     $c2 = $bip[2];
     $d2 = $eip[0];
   } elsif ($num==2) {
     $a2 = $bip[0];
     $b2 = $bip[1];
     $c2 = $eip[0];
     $d2 = $eip[1];
   } elsif ($num==3) {
     $a2 = $bip[0];
     $b2 = $eip[0];
     $c2 = $eip[1];
     $d2 = $eip[2];
   } elsif ($num==4) {
     $a2 = $eip[0];
     $b2 = $eip[1];
     $c2 = $eip[2];
     $d2 = $eip[3];
   }

  # Based on the IP subnet (Class A, B, C) set the
  # correct variables.
  check_end();
  $aend=$a2;

  # Create the array.
  while ($a1 <= $aend) {
   while ($b1 <= $bend) {
    while ($c1 <= $cend) {
     while ($d1 <= $dend) {
      push (@hosts, "$a1.$b1.$c1.$d1");
      $d1+=1;
      check_end();
     }
    $c1+=1;
    $d1=0;
   }
   $b1+=1;
   $c1=0;
   }
  $a1+=1;
  $b1=0;
  }
 }
 
}
 

sub portscan {
 
 my $target = $_[0];
 
# print "Port scanning $target.\n";
 
 local $/;
 open(SCAN, "nc -vzn -w 2 $target 1673 2>&1 |");     # Port open
 $result = <SCAN>;
 
 if ($result=~/open/) {
 
  print "\tPort 80 on $target found open.\n";
 
  open (HTTP, ">http.tmp");
  print HTTP "GET /msadc/msadcs.dll HTTP/1.0\n\n";
  close HTTP;
  open(SCAN2, "type http.tmp | nc -nvv -w 2 $target 80 2>&1 |");    # Banners
  $result2 = <SCAN2>;
 
  if ($result2=~/Microsoft-IIS\/4.0/) {
   if ($result2=~/x-varg/) {
    print "\t$target IS vulnerable to MDAC attack.\n";
   }
   $msyes = 1;
  }
 
  if ($msyes == 1) {
 
    open (HTTP, ">http.tmp");
    print HTTP "GET /.HTR HTTP/1.0\n\n";
    close HTTP;
    open(SCAN2, "type http.tmp | nc -nvv -w 2 $target 80 2>&1 |");    # Banners
    $result2 = <SCAN2>;
    if ($result2 == "") {
     print "\t$target IS vulnerable to IISHACK attack.\n";
    }
  }
 
  close SCAN;
 
 }
 
}
 

sub check_end {
   if (($a1==$a2) && ($b1==$b2) && ($c1==$c2)) {
     $dend=$d2;
   } else {
       $dend=255;
   }
   if (($a1==$a2) && ($b1==$b2)) {
     $cend=$c2;
   } else {
       $cend=255;
   }
   if ($a1==$a2) {
     $bend=$b2;
   } else {
       $bend=255;
   }
}