#!/usr/bin/perl
##################################################### 
# Basado en ftpcheck v0.31 de David Weekly 
#          http://david.weekly.org/code
#
#   This is Hiper BETA !!!! DO NOT DOWNLOAD!
#     just for me.. to test it in many servers
#       to keep handy while fixing the code
#
#   Thanks David, i will do the Raw Sockets from 0
#      to my style ;) 
#
#                         Hugo Martín
#####################################################
use Socket;
use IO::Socket;

# timeouts in seconds for creating a socket and connecting
my $MAX_SOCKET_TIME = 2;
my $MAX_CONNECT_TIME = 3;

my $HELP=qq{Usage: ftpcheck [-h | --help] [-p processes] [-d | --debug] host};


my @hosts;

# how many simultaneous processes are we allowed to use?
my $MAX_PROCESSES=10;
my $DEBUG=0;

print ("-------------------------------------------------------------------------\n");
print ("\n   Net Scanner v0.1   por Hugo Martín    [www.hackcraft.com] \n");
print ("\n-------------------------------------------------------------------------\n");

while($_=shift){
    if(/^--(.*)/){
	$_=$1;
	if(/help/){
	    print $HELP;
	    exit(0);
	}
	if(/debug/){
	    $DEBUG=1;
	}
    }    
    elsif(/^-(.*)/){
	$_=$1;
	if(/^h/ or /^\?/){	    
	    print $HELP;
	    exit(0);
	}
	if(/^p/){
	    $MAX_PROCESSES=shift;
	}
	if(/^d/){
	    $DEBUG=1;
	}
    }else{
	push @hosts,$_;
    }
}

if(!$hosts[0]){
    print $HELP;
    exit(-1);
}

my $host;
$|=1;

# go through all of the hosts, replacing subnets with all contained IPs.
for $host (@hosts){
    $_=shift(@hosts);

    # scan a class C
    if(/^([^.]+)\.([^.]+)\.([^.]+)$/){
	my $i;
	print "Expanding class C $_\n" if($DEBUG);
	for($i=1;$i<255;$i++){
	    my $thost="$_.$i";
	    push @hosts,$thost;
	}
    }
    else{
	push @hosts,$_;
    }
}

my @pids;
my $npids=0;

for $host (@hosts){
    my $pid;
    $pid=fork();
    if($pid>0){
	$npids++;
	if($npids>=$MAX_PROCESSES){
	    for(1..($MAX_PROCESSES)){
		$wait_ret=wait();
		if($wait_ret>0){
		    $npids--;
		}
	    }
	}
	next;
    }elsif(undef $pid){
	print "fork error\n" if ($DEBUG);
	exit(0);
    }else{
	my($proto,$port,$sin,$ip);
	print "Trying $host\n" if ($DEBUG);
	$0="(checking $host)";

	# kill thread on timeout
	local $SIG{'ALRM'} = sub { exit(0); };

	alarm $MAX_SOCKET_TIME;
	$proto=getprotobyname('tcp');
	$port=110;
	$ip=inet_aton($host);
	if(!$ip){
	    print "couldn't find host $host\n" if($DEBUG);
	    exit(0);
	}
	$sin=sockaddr_in($port,$ip);
	socket(Sock, PF_INET, SOCK_STREAM, $proto);

	alarm $MAX_CONNECT_TIME;
	if(!connect(Sock,$sin)){
	    exit(0);
	}
	my $iaddr=(unpack_sockaddr_in(getpeername(Sock)))[1];
	close(Sock);       
	

	print "listen $host!\n" if($DEBUG);
	alarm 0;
	$hostname=gethostbyaddr($iaddr,AF_INET);

	# create new connection 
	my $sock=IO::Socket::INET->new("$host:$port")
		or die "IO:Socket:$@";
	print $sock "HEAD GET / \n\n";
	print<$sock>;
	close($sock) || die "close: $!";
	exit(0);
    }
}

print "done spawning, $npids children remain\n" if($DEBUG);

# wait for my children
for(1..$npids){
    my $wt=wait();
    if($wt==-1){
	print "hey $!\n" if($DEBUG);
	redo;
    }
}

print "Done\n";