/* This C program is something I wrote when I wanted to search my internal network for systems running certain services but didnt want to run a full blown portscanner. This allows you to scan an IP address range for a specific port. */ /* ## Broad Scan v0.6. ## This scanner will strobe a range of IP addresses for any ## open port you specify. GPL licensed of course. ## 9/21/99 Tested FreeBSD. ## Example: ./brscan 192.168.0.1 192.169.0.1 80 will scan a class B ## Disclamer: Your responsible for how this program is used. ## lwc@vapid.dhs.org Compile: make brscan ## http://vapid.dhs.org */ #include #include #include #include #include #include #include #include #include #include #include #include #include #define VERBOSE 1 // Print out everything ? void timeout(int s); int flag=0; int main(int argc, char *argv[]) { int sock; FILE *fout,*output; struct sockaddr_in sin; unsigned long start; unsigned long end; unsigned long counter; if (argc<4 || argc > 5) { printf("\nBroad Scan v0.6 by Larry W. Cashdollar\n"); printf("\nhttp://vapid.dhs.org\n"); printf("usage: %s start_ip_address end_ip_address port output_file\n\n",argv[0]); exit(0); } /*Do they want to watch this or dump it for later?*/ if (argc==5) { fout = fopen(argv[4],"w+"); output=fout; } else output=stdout; start=inet_addr(argv[1]); end=inet_addr(argv[2]); /*start our loop man ntohl for how this works.*/ for (counter = ntohl(start); counter <= ntohl(end); counter++) { signal(SIGALRM,timeout); alarm(2); sock=socket(AF_INET, SOCK_STREAM, 0); sin.sin_family=AF_INET; sin.sin_port=htons(atoi(argv[3])); sin.sin_addr.s_addr=htonl(counter); if (VERBOSE) fprintf(output,"Scanning host %s:",inet_ntoa(sin.sin_addr)); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))==0) { if (!VERBOSE) fprintf(output,"Scanning host %s:",inet_ntoa(sin.sin_addr)); fprintf(output,"[OPEN] %s\n",argv[3]); close(sock); } else if (VERBOSE) fprintf(output,".\n"); } return(0); } void timeout(int s){ flag=1; /*Use this in version 0.7?*/ return; }