#!/usr/bin/perl -Tw
#
###############
# Copyright (C) 2001, Jon Hart <jhart@ccs.neu.edu>
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
#
###############
# Determine which ports on a remote host are open.
# Very similar to a default nmap scan.
# Useful in places where you don't have nmap, or if you want to script
# something (via the web, for example).
#
# (jhart@ccs.neu.edu) work/school
#	and/or
# (warchild@spoofed.org) home/play
############### 
#
use strict;
use diagnostics;
use Socket;
use IO::Socket;
use Getopt::Long;
# get our options in place
GetOptions(	"target=s"	=>	\(my $opt_target),
			"ports=s"		=>	\(my $opt_ports),
			"debug"		=>	\(my $opt_debug));
my $target;
my @ports;
if(defined($opt_target) && defined($opt_ports)) { 
	@ports = make_ports($opt_ports);
	if ($opt_target =~ /^([\d.]+)$/) {	# a strictly numeric host.
     	if ($opt_debug) { print "Not resolving $1\n"; }
     	$target = $1;
		&scan($target);
	} elsif ($opt_target =~ /^([\d.\w-]+)$/) { # a fqdn
    		if ($opt_debug) { print "Resolving $1\n"; }
    		my $packedip = gethostbyname($1) or die "Couldn't resolve $1: $!\n";
     	$target = inet_ntoa($packedip);
          &scan($target);
	} else { die "Couldn't determine host format, wtf!\n"; }
}
else { print << "EOT";
	scan --target <IP> --ports <ports>
	Options:
	--debug	(print out as each port is checked)
	Example:
	./scan --target 129.10.116.200 --ports 20-25,80,6000-6100
EOT
}
sub scan{
my $connect;
my $host = shift;
if(defined($opt_debug)) { print "Starting scan...\n"; }
foreach (@ports) {
	if(defined($opt_debug)) { print "Checking $host:$_\n"; }
		$connect = new IO::Socket::INET->new( 
			PeerAddr	=> $host,
			PeerPort	=> $_,
			Proto	=> "tcp",
			Timeout	=> 0.5,	# 1 sec is too much, .1 ain't enough
			Type		=> SOCK_STREAM);
		if(defined($connect)) { 
			print "$_ is open\n";
			$connect->shutdown(0);
		}
	}
}
sub make_ports {
my @port_strings = split(/,/, shift);
my @ports;
foreach (@port_strings) {
	if (/(\d+)-(\d+)/) {
		for (my $i = $1; $i <= $2; $i++) {
			push(@ports, $i);
		}
	} else {
		push(@ports, $_);
	}
}
return @ports;
}