/* Broadscan v 0.31
   DUP Broadcast IP scanner
   by Vacuum http://www.technotronic.com
   09-03-98
   This is a very lame scanner written to
   stop people from asking how to find
   DUP broadcast ip addresses. Use this in
   conjunction with smurf, fraggle,
   or papasmurf. DoS kiddies enjoy!
*/

#include <stdlib.h>
#include <stdio.h>

#define DEBUG 1

FILE *stream;

void pingz0r(int first, int second, int start, int end)
{
int counter,flag;
FILE *stream;
char tempstring[2048];
char parse[2048];

for (counter=start; counter <end; counter++)
{
 flag=0;
 sprintf(tempstring,"ping -c 2 -n  %d.%d.%d.255 2>/dev/null",first,
                     second, counter);
 stream=popen(tempstring,"r");
 while (fgets(parse,sizeof(parse),stream)!=NULL)
 {
  if (DEBUG) printf("Results:%s",parse);
  if (strstr(parse,"DUP"))
  {
    flag=1;
    fclose(stream);
    break;
  }
 }
 if (flag==1)
 stream=fopen("broadcast.txt", "a"); 
 fprintf(stream, "%d.%d.%d.255\n",first,second,counter);
 fclose( stream);
}
}

main(int argc, char *argv[])

{
int first,second;

if (argc!=3)
 {
  printf("\nusage : %s <octet> <octet>\n\n",argv[0]);
  exit(0);
 }

first=atoi(argv[1]);
second=atoi(argv[2]);

if (first==127)
 {
 printf("%d is a localhost. You have no clue or are trying to break this program",first);
 exit(0);
 }
if (first>254  || first <0)
 {
 printf("First octet is: %d. It must be between <1-254>",first);
 exit(0);
 }
if (second>254 || second<0)
 {
 printf("Second octet is: %d. It must be <1-254>",second);
 exit(0);
 } 

printf("Scanning for DUP broadcast ip addresses\n");
printf("Results output to broadcast.txt\n");

if (fork()!=0)
	pingz0r(first,second,0,128);
else
	pingz0r(first,second,128,255);

}