#!/usr/bin/perl
# Perl Grinder
# by bansh33 [bansh33@r00tabega.com]
# -www.r00tabega.com-
# 
# This is Grinder for Windows by Rhino9 ported to perl
# for easy use on a *nix shell/box.  
# 
# propz to my mommy and daddy cuz they make me drink my milk
#
# usage: ./grinder.pl [start ip] [end ip] [port] [url]
#
# for example:
# ./grinder.pl 128.135.0.0 128.135.255.255 80 /cgi-bin/phf
# (be sure to remember the slash in the beginning of the url or it won't work)
#
use Socket;
if (!($ARGV[0])) {
        print "Perl Grinder by bansh33 [www.r00tabega.com]\n";
        print "Based on Grinder for Windows by Rhino9\n\n";
        print "usage: ./grinder.pl [start ip] [end ip] [port] [url]\n"; 
        exit; 
}
if (!($ARGV[1])) {
        print "Perl Grinder by bansh33 [www.r00tabega.com]\n";
        print "Based on Grinder for Windows by Rhino9\n";
        print "usage: ./grinder.pl $ARGV[0] [end ip] [port] [url]\n"; 
        exit; 
}
if (!($ARGV[2])) {
        print "Perl Grinder by bansh33 [www.r00tabega.com]\n";
        print "Based on Grinder for Windows by Rhino9\n\n";
        print "usage: ./grinder.pl $ARGV[0] $ARGV[1] [port] [url]\n"; 
        exit; 
}
if (!($ARGV[3])) {
        print "Perl Grinder by bansh33 [www.r00tabega.com]\n";
        print "Based on Grinder for Windows by Rhino9\n\n";
        print "usage: ./grinder.pl $ARGV[0] $ARGV[1] $ARGV[2] [url]\n"; 
        exit; 
}
$startip = $ARGV[0];
$endip = $ARGV[1];
$port = $ARGV[2];
$url = $ARGV[3];
@startips = split(/\./,$startip);
@endips = split(/\./,$endip);
# Read each segment of the start and end IP addresses into 2 data arrays.
$start1 = $startips[0];
$start2 = $startips[1];
$start3 = $startips[2];
$start4 = $startips[3];
$end1 = $endips[0];
$end2 = $endips[1];
$end3 = $endips[2];
$end4 = $endips[3];
print "\nVerbose Mode (Show what scanning for, not just found)? [y/n]: ";
chomp($verbosemode=<STDIN>);

# Alright, now each segment is in its own string so it's easy to build the list of addresses to scan.
for ($i = $start1; $i < $end1+1; $i++) {
        for ($j = $start2; $j < $end2+1; $j++) {
                for ($k = $start3; $k < $end3+1; $k++) {
                        for ($l = $start4; $l < $end4+1; $l++) {
                                $host = "$i.$j.$k.$l";
                                &getownedbyname("$host");

}}}} 
exit;

sub getownedbyname() {
$host = "@_";
$serverIP = inet_aton($host);
$serverAddr = sockaddr_in(80, $serverIP);
socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
gethostbyname($host) or print "No IP address";
if(!gethostbyname($host)) { print "Can't Resolve DNS/IP"; }
else {
if(connect(CLIENT, $serverAddr)) {
send(CLIENT,"GET $url HTTP/1.0\n\n",0);
        $check=<CLIENT>;
        ($http,$code,$therest) = split(/ /,$check);
        if($code == 200) {
        print "$host\: Found! [$code]\n";
        
}
else {
if ($verbosemode eq "y") {
print "$host\: Not found [$code]\n";
} 

} 


}
}
}
# EOF [r00tabega.security.labs]