/* Name: banner.c v1.0
 * Author: Cyber_Bob
 * Made: Code Crusader 2.1.4 (very l33t scr1pt maker, y0 ;)
 * Compiled: linux 2.2.16 i686 (slackware 7.1)
 *           gcc version egcs-2.91.66
 *           gcc banner.c -o banner
 *
 * ------------------------------------------------------------------------------
 * Release Notes:
 * 
 * This version is a big improvement over the last version. Some added features
 * are the ability to scan a range of hosts and it will look for keywords in
 * banners to check for a possible entry point for breakin. I've also been told
 * it works good for reporting Wingates which prove ever useful on IRC. Also, it
 * has the ability to recognize certain ports daemons by name (RFC Standards).
 * If a possible vulnerable daemon is found you must strike enter before the scan
 * will continue. Look for logging options in the next version. As of right now
 * I am only testing idea's. There is also a delay in microseconds between
 * connections to each port, this options is #define'd at 500000 (half a second)
 * by default so you can watch the output scroll by without much effort. For a
 * simple method of logging I added a "<!>" event at the beginning of lines that
 * signal a possible risk (I like to call it the attention mark) for easy parsing
 * of a command like:
 * 
 * ./banner 1.1.1.1 255.255.255.255 1 65535 >> ./output.log
 * 
 * ------------------------------------------------------------------------------
 * [Shoutz] #NuKeZ , #OutLaw , #Assassins , and #twlc cr3w'z
 *
 * [Shoutz/People] ^Paladin^, Sleep, L^WaRrioR, DePhAzEr, Dark, skalore,
 *                 Jackery, firebird1, trunck, Cyber_Egg (stupid ass bot),
 *                 h1kari, Sleep, soulFate, CommPort5, RizzDog, ScuzleBut,
 *                 sgxxxxxxxxxxxxxxxxxxxxx (lots of leet x's ;P), n0th,
 *                 t03tag, USSR Labs (just cuz they dissed marc of eEye ;), 
 *                 VIRILATOR, evilgh0st, Phear, anybody else I forgot and
 *                 deserves to be in here..
 * ------------------------------------------------------------------------------
 */


#include        <stdio.h>
#include        <stdlib.h>
#include        <sys/time.h>
#include        <sys/types.h>
#include        <unistd.h>
#include        <sys/socket.h>
#include        <netinet/in.h>
#include        <netdb.h>
#include        <sys/errno.h>

#define VERSION "1.0 beta"
#define DELAY	500000

char	data[1000];
int     sock,p1, p2,i=1,ctr2;
unsigned long start, end, ctr;
struct  sockaddr_in sa;

int main (int argc, char *argv[]) {
	printf("\n\n                      Banner v%s\n",VERSION);
	printf("                       By - Cyber_Bob\n\n");
    if(argc!=5) {
       	printf("\nUsage: %s <IP-Start> <IP-End> <Port-Start> <Port-End>\n",argv[0]);
        exit(1);
	}
	else {
       	start=inet_addr(argv[1]);
       	end=inet_addr(argv[2]);
	    p1=atoi(argv[3]);
	    p2=atoi(argv[4]);
	}
	puts("Press ENTER to Continue...\n");
	getchar();
	puts("Started!\n--------------------------------------");
    for(ctr = ntohl(start);ctr <= ntohl(end);ctr++) {
		printf("Reading info for host #%d...\n\n",i++);
		if((ctr & 0xff) == 0) ctr++;
		if((ctr & 0xff) ==255) ctr++;
	for(ctr2 = p1;ctr2 <= p2;ctr2++) {
		sa.sin_family=AF_INET;
		sa.sin_port=htons(ctr2);
		sa.sin_addr.s_addr=htonl(ctr);
		
		sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
		connect(sock,(struct sockaddr *)&sa,sizeof(sa));
		fflush(stdin);
		memset(data,0,sizeof(data));
		read(sock,&data,1000);
		if(ctr2 == 21) {
			printf("<!> Port: %d (FTPD)\nBanner: %s\n", ctr2, data);
		}
		else if(ctr2 == 23) {
			printf("<!> Port: %d (TELNETD)\nBanner: %s\n", ctr2, data);
		}
		else if(ctr2 == 79) {
			printf("<!> Port: %d (FINGERD)\nBanner: %s\n", ctr2, data);
		}
		else if(ctr2 == 80) {
			printf("<!> Port: %d (HTTPD)\nBanner: %s\n", ctr2, data);
		}
		else if(ctr2 == 113) {
			printf("<!> Port: %d (IDENTD)\nBanner: %s\n", ctr2, data);
		}
		else if(ctr2 == 1080) {
			printf("<!> Port: %d (PROXY)\nBanner: %s\n", ctr2, data);
		}
		else {
			printf("<!> Port: %d\nBanner: %s\n", ctr2, data);
		}
		puts("\nChecking for possible insecure daemons...\n");
		if(strstr(data, "QPOP")!=NULL) {
			puts("<!> QPop daemon found, possible security risk... (Enter to Continue)");
			getchar();
		}
		else if(strstr(data, "wu-")!=NULL) {
			puts("<!> WU-FTP daemon found, possible security risk... (Enter to Continue)");
			getchar();
		}
		else if(strstr(data, "sendmail")!=NULL || strstr(data, "Sendmail")!=NULL) {
			puts("<!> Sendmail daemon found, possible security risk... (Enter to Continue)");
			getchar();
		}
		else if(strstr(data, "ProFTPD")!=NULL) {
			puts("<!> ProFTP daemon found, possible security risk... (Enter to continue)");
			getchar();
		}
		else if(strstr(data, "Wingate")!=NULL || strstr(data, "WinGate")!=NULL) {
			puts("<!> Wingate daemon found, possible security risk... (Enter to Continue)");
			getchar();
		}
		else {
			puts("None of the daemons checked for were found!\n");
		}
		usleep(DELAY);
	}
		puts("\n--------------------------------------");
	}
	puts("Finished!");
	return 0;
}