/*
	This is a banner grabber for httpd, it uses non_blocking sockets for improving
	speed and dumps the output in a .bscan file and to stdout, it can run into
	background but still dumping info on stdout. Change the timeouts and stuff 
	for your own machine and speed, also it uses so much cpu time and memory but ..
	who cares about that ??! ItWorksForMe.
	Just :
	$ gcc -o b bscan.c
	$./b <a_file_with_ips_in_it>
	
	Send bugs to cosmin800@hotmail.com or bagabonturo@yahoo.com.
	
	Greets to: walter, amidax, jhony_boy, neo, panik, xx3, pfex,nebunu #c (on UnderNet)
	and all others.
	
	ARMANY_00: esti cel mai prost om de pe fata pamantului, si tu, si varata,si 
	toti pustii aia ratati ai tai care se cred hackeri si modifica sursele.
	MUIE la toti la lamerii din Hunedoara si de pe unde mai sunteti... sa va bagam 
	pulan-n gat.
	
	Coded by DrBIOS & Bagabontu 
	January 2003.
*/ 
/* put the conection timeout here 2 */
#define T_CONNECT 3
/* here goes the receiving timeout */
#define T_RECV 5
/* number of paralel sockets to use */
#define MAX_SOCKETS 10

//change to 1 to fork into background ...
#define __BSCAN_FORK 0

#define WHITE1 ""
#define WHITE2 ""
#define GRAY ""
#define RED ""
#define GREEN ""
#define YELLOW ""
#define BLUE ""
#define VIOLET ""

#include <arpa/inet.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <fcntl.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <errno.h>
#include <unistd.h>
#include <signal.h>



char fip[25];
FILE *in,*out;
char *capat,*dreaq,*coada,tot[100];

char request[100]="GET / HTTP/1.0\r\n\r\n";
int sockets[MAX_SOCKETS];
struct sockaddr_in ip[MAX_SOCKETS];
unsigned char status[MAX_SOCKETS];
time_t timeout_connect[MAX_SOCKETS];
time_t timeout_recv[MAX_SOCKETS];
char tempvar[512];
int recv_ret;
char recvbuffer[MAX_SOCKETS][4096];
struct in_addr kkt;
int opensockets=0;
int used=0;
int getstatus(void);
FILE *fp;
char altbuffer[2048];
int x;
pid_t pidul;

int getnextip(char *ip, FILE *fp);
int countlines(FILE *fp);
void handler(int n);
void putsignals(void);

												
int main(int argc, char **argv)
{
	int i;
  if (argc!=2) 
	{
		printf("bscan 1.01 one piece httpd banner grabber by 
		%s
      DrBIOS  <cosmin800@hotmail.com>
    Bagabontu <bagabonturo@yahoo.com>
		%s
		\n",GREEN,WHITE1);
		if (argv[0]==NULL) printf("exec()??? ...\n");
		else 
		{
			printf("try this one :\n %s <input file>\n\n",argv[0]);
		}
		exit(1);	
	
	}
  if ((in=fopen(argv[1],"r"))==NULL)
	{
		printf("%si can't open %s%s\n",RED,argv[1],WHITE1);
		exit(1);
	}
	sprintf(tempvar,"%s.bscan",argv[1]);
	if ((fp=fopen(tempvar,"w"))==NULL)
	{
		printf("%s i can't open %s%s\n",RED,tempvar,WHITE1);
		exit(1);
	}	 
	memset(tempvar,0,sizeof(tempvar));
	putsignals();
	printf("%sstarting bscan 1.01 by DrBIOS & Bagabont, build on %s %s\n",BLUE,__DATE__,__TIME__);
	printf("sockets -> %d\n",MAX_SOCKETS);
	printf("conection timeout -> %d\n",T_CONNECT);
	printf("receiving timeout -> %d\n",T_RECV);
	printf("lines in %s -> %d\n",argv[1],countlines(in));
	printf("output -> %s.bscan%s\n\n",argv[1],WHITE1);
  if (__BSCAN_FORK)
	{
		pidul=fork();
		if (pidul==-1)
		{
			printf("FORKING FAILED !!! resuming in 10 seconds\n");
			sleep(10);
		} 
		if (pidul>0)
		{
			printf("bscan forked in background pid %d\n",pidul);
			
			exit(0);
		}
		if (pidul==0)
		{
			//child ...
		}
		
	}

  while(1) // START cat timp sunt ipuri in fisier ...
  {
		for(i=0;i<MAX_SOCKETS;i++)
		{	
			if((status[i]==0) && (getnextip(fip,in)))	//status e 0 cand nu e creat socketu
			{
				//printf("status 1 socket %d \n",i);
				status[i]=1;		
				sockets[i]=socket(AF_INET,SOCK_STREAM,0);
		  	x=fcntl(sockets[i],F_SETFL,O_NONBLOCK);
				if (x==-1)
				{
					printf("unable to set non-blocking mode\n");
					exit(2);
				}
			}
			if (getstatus()) 
			{
				//printf("fsdfds");
				fclose(fp);
				exit(0);
			}
			if(status[i]==1) //status e 1 cand e creat socket da nu se face nimic cu el .. deci dam un connect si setam timpu de start
			{
				ip[i].sin_port=htons(80);
				ip[i].sin_family=AF_INET;
				
				if ((ip[i].sin_addr.s_addr=inet_addr(fip))==-1)
				{
					printf("%shmm ...some shit in here doesn't look like an ip address ... %s\n",RED,WHITE1);
					close(sockets[i]);
					status[i]=0;
				}
				else 
				{
					connect(sockets[i],(struct sockaddr *)&ip[i],sizeof(ip[i]));
					timeout_connect[i]=time(0);
					status[i]=2;
					
				}
			
				
			}
			if (status[i]==2) //s-a dat conect cica ... dam inca un connect si ne uitam dupa errno...
			{	
				kkt.s_addr=ip[i].sin_addr.s_addr;
				connect(sockets[i],(struct sockaddr *)&ip[i],sizeof(ip[i]));
				if (errno==EISCONN)	status[i]=3;
				if (errno==ECONNREFUSED) 
				{					
					printf("%s%s: conection refused%s \n",RED,inet_ntoa(kkt),WHITE1);
					close(sockets[i]);
					status[i]=0;
				
				}
				if (time(0)-timeout_connect[i]>=T_CONNECT)
				{
					printf("%s%s: conection timeout%s \n",YELLOW,inet_ntoa(kkt),WHITE1);
					status[i]=0;
					close(sockets[i]);				
				}
				if (errno==ENETUNREACH)
				{
					printf("%s%s: NETWORK UNREACHABLE\n%s",RED,inet_ntoa(kkt),WHITE1);
					status[i]=0;
					close(sockets[i]);
				}
				
			} //status =2
			if (status[i]==3) //status 3 ...trimitem un send .... si init timeout ...oare ?!?
			{
		  	send(sockets[i],request,sizeof(request),MSG_DONTWAIT);
				memset(recvbuffer[i],0,sizeof(recvbuffer[i]));
				timeout_recv[i]=time(0);
				status[i]=4;
			}//status=3
			if (status[i]==4)
			{	
				if (time(0)-timeout_recv[i]<T_RECV) //NU E TIMEOUT
				{
					memset(tempvar,0,sizeof(tempvar));
					if (strlen(recvbuffer[i])<256) //deci nu am primit 256 bytes ...
					{					
						recv_ret=recv(sockets[i],tempvar,sizeof(tempvar),MSG_DONTWAIT);
						if (recv_ret==0)
						{
							kkt.s_addr=ip[i].sin_addr.s_addr;
							printf("%s: %s conection closed ??...%s\n",inet_ntoa(kkt),YELLOW,WHITE1);
							status[i]=0;
							close(sockets[i]);
							memset(recvbuffer[i],0,sizeof(recvbuffer[i]));
						}
						if (recv_ret>0) // am primit ceva date ...
						{
							strcat(recvbuffer[i],tempvar);
						}	
					}//nu am primit aia cati or fi bytes ..
					else //deci am primit cei n bytes ...
					{
						kkt.s_addr=ip[i].sin_addr.s_addr;
						if 
						((capat=strstr(recvbuffer[i],"Server"))==NULL)
						{
							printf("%s%s WARNING : no ""Server"" line in reply ...stealth server or ... program bug check manually with nc, please contact DrBIOS or Bagabontu%s\n",inet_ntoa(kkt),RED,WHITE1);
							sleep(3);
						}
						else
						{
							dreaq=strchr(capat,' ');
							//assert(dreaq!=NULL);
							dreaq=dreaq+1;
							coada=strchr(dreaq,'\n');
							if (coada!=NULL)
							{
					   		*coada='\0';
				 		 		printf("%s%s%s: %s\n",GREEN,inet_ntoa(kkt),WHITE1,dreaq);
								sprintf(altbuffer,"%s:%s\n",inet_ntoa(kkt),dreaq);
								fputs(altbuffer,fp);
								fflush(fp);
							}
							else 
							{
								printf("WARNING :  no newline found after ""Server"" -> contact DrBIOS or Bagabontu\n");
							}
						}
						status[i]=0;
						close(sockets[i]);
						
				}
			}
			else
			{
				kkt.s_addr=ip[i].sin_addr.s_addr;
				printf("%s%s: receiving timeout%s \n",YELLOW,inet_ntoa(kkt),WHITE1);
				status[i]=0;
				close(sockets[i]);				
			}
		
			}
			
		
		}		//for ...
  }//STOP  cat timp sunt ipuri in fisiere
  return(0);
}

int getstatus(void)
{
int i;
	for (i=0;i<MAX_SOCKETS;i++) 
	if (status[i]!=0) return 0;
	return 1;
	
}

int getnextip(char *ip, FILE *fp)
{
	char *ln;
  char buffer[1024];
  if ((fgets(buffer,sizeof(buffer)-1,fp))==NULL) return 0;
  ln=strchr(buffer,'\n');
	if (ln!=NULL) *ln='\0';
  strncpy(ip,buffer,25); //securitate din aia ...SEGV cu strcpy
  return 1;

}

int countlines(FILE *fp)
{
  int i=0;

  char buffer[1024];
  bzero(buffer,sizeof(buffer));
  while(fgets(buffer,sizeof(buffer),fp)!=NULL)
  {
     //printf("%s",buffer);
     bzero(buffer,sizeof(buffer));
     i++;
  }
  rewind(fp);
  clearerr(fp);
  return(i);
}

void    handler(int n)
{
  int i;
	for(i=0;i<MAX_SOCKETS;i++) close(sockets[i]);
  printf("\n\n%sBSCAN EXITING ON SIGNAL %d\n\n%s",RED,n,WHITE1);
  fclose(fp);
  exit(0);
}

void putsignals(void)
{
	signal(SIGHUP, handler);
	signal(SIGINT, handler);
	signal(SIGQUIT, handler);
	signal(SIGILL, handler);
	signal(SIGABRT, handler);
	signal(SIGBUS, handler);
	signal(SIGFPE, handler);
	signal(SIGSEGV, handler);
	signal(SIGTERM, handler);
	signal(SIGPIPE, handler);
	signal(SIGIO, handler);
}