#!/usr/bin/perl
#
#
#  No comments.
#
#  #Phreak.nl http://www.casema.net/~gin
#
#  -- Xphere --




use Socket;
$SIG{'ALRM'} = sub { exit(0) };
$SIG{'CHLD'} = sub { wait };


if ($#ARGV == 1) {
    $in = $ARGV[0];
    $out = $ARGV[1];
} else {
    print "\n\e[0;34m[ MDAC scanner by: Xphere -- #Phreak.nl ]\e[0m\n\n";
    print "Usage: $0 <host_list> <log_file> &\n";
    exit(0);
}


open(IN, "$in") || die "Can't open $in!";
open(OUT, ">>$out") || die "Can't create $out!";


while (<IN>) {
    chomp($line = $_);

    if ($line =~ /(\S*)/) {
        if ($pid = fork) {
            sleep 10;
	} elsif (defined($pid)) {
            alarm(25);
	    checkh($1);
	    alarm(0);
	    exit(0);
	}
    }
}




sub checkh
{
    my ($server) = @_;
    my ($port) = 80;
    chop($hostname = 'hostname');

    ($name, $aliases, $proto) = getprotobyname('tcp');
    ($name, $aliases, $port) = getservbyname($port,'tcp')
        unless $port =~ /^\d+$/;
    ($name, $aliases, $type, $len, $thisaddr) = gethostbyname($hostname);
    ($name, $aliases, $type, $len, $thataddr) = gethostbyname($server);

    socket(S, AF_INET, SOCK_STREAM, $proto);
    $sockaddr = 'S n a4 x8';
    $this = pack($sockaddr, AF_INET, 0, $thisaddr);
    $that = pack($sockaddr, AF_INET, $port, $thataddr);

    if (bind(S, $this) && connect(S, $that)) {
        select(S);
	$|=1;
        print S "GET \/msadc\/msadcs.dll HTTP\/1.0\r\n\r\n";

	while (<S>) {
            chomp($serv = $_);
            if ($serv =~ /^HTTP\/1\.1\s200\sOK/i) {
                print OUT "$server runs MDAC.\n"
	    }
	}
    }
    close(S);
}


sleep 15;
close(IN);
close(OUT);