esgeroth : software : cserandom : netscan.c
info

netscan.c

This was written during an ... exploratory phase ... you pass the first two octets of an IP address (i.e. a 16 bit network prefix) and it loops through each IP with that prefix and does a reverse lookup on it and prints out all DNS aliases. I never used this for evil, just as a way to see what hostnames were out there. See also portscan.c. Last modified April 24, 1998.

#include <errno.h> /* obligatory includes */ #include <signal.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/wait.h> #include <netinet/in.h> #include <netdb.h> #include <fcntl.h> #include <time.h> char* makestring_fromint(int x,char *cd); int main(int argc,char *argv[]){ struct sockaddr_in sa; struct hostent *hp; int a,s,i,j; u_long addr; char ic[4],jc[4],iaddr[15]; char **p; if (argc!=2){ printf("usage: %s sub.net\n",argv[0]); exit (1);} strcpy(iaddr,argv[1]); strcat(iaddr,".0.0"); if ((int)(addr = inet_addr(iaddr)) == -1){ printf("sub.net, two numbers, one dot\n"); exit (2);} printf("Alrighty, scanning all domain names in net %s\n",argv[1]); fflush(stdout); hp = gethostbyaddr((char *)&addr,sizeof(addr),AF_INET); if (hp!=NULL){ for (p=hp->h_addr_list;*p!=0;p++){ struct in_addr in; char **q; memcpy(&in.s_addr, *p, sizeof (in.s_addr)); printf("%s\t%s",inet_ntoa(in),hp->h_name); for (q=hp->h_aliases;*q!=0;q++) printf(" %s",*q); putchar('\n'); } } for(i=0;i<256;i++){ makestring_fromint(i,ic); for(j=0;j<256;j++){ if(!(i||j)) j++; strcpy(iaddr,argv[1]); strcat(iaddr,"."); strcat(iaddr,ic); strcat(iaddr,"."); strcat(iaddr,makestring_fromint(j,jc)); addr = inet_addr(iaddr); hp=gethostbyaddr((char *)&addr,sizeof(addr),AF_INET); if (hp!=NULL){ for (p=hp->h_addr_list;*p!=0;p++){ struct in_addr in; char **q; memcpy(&in.s_addr,*p,sizeof (in.s_addr)); printf("%s\t%s",inet_ntoa(in),hp->h_name); for (q=hp->h_aliases;*q!=0;q++) printf(" %s",*q); putchar('\n'); } fflush(stdout); } } } return 0; } char* makestring_fromint(int x,char *cd){ char ab[4]; int i=0; for(i=0;i<3;i++){ ab[i]=((x%10) + '0'); x/=10;} for(i=0;i<3;i++) cd[i]=ab[2-i]; cd[3]='\0'; return cd; }