-
Notifications
You must be signed in to change notification settings - Fork 7
/
webserver_enum.py
128 lines (87 loc) · 2.76 KB
/
webserver_enum.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/usr/bin/python
# File : webserver_enum.py
# Makes HTTP GET requests to various common ports
# to find a list of webservers
# Accepts CIDR Input
# Command line usage : python webserver_enum.py 192.168.1.0/24 0-1024
import socket
import sys
import httplib
import threading
import ipaddress
RESPONSE_CODES = [200 # Success
,301 # Permanent redirect
,302 # Temporary redirect
,304 # Not modified
,403 # Forbidden
,404 # Page not found
,500 # Server side error]
# common ports for http
DEFAULT_PORTS = [80,8080,3000,3001,1337,9393]
# input ports - only use if port specifications are provided
INPUT_PORTS = []
# final list of webserver scan results
WEBSERVER_IP=[]
# checks for http service
def http_port_scan(ip,port):
h = httplib.HTTPConnection(ip,port,timeout=0.1)
status = False
try:
h.request('GET','/')
r = h.getresponse()
msg = str(r.reason) + ' ' + str(r.status)
if r.status in RESPONSE_CODES:
status = True
except socket.error, e:
msg = e.strerror
except:
msg = 'Unexpected error'
return status, ip + ':' + str(port) + ' ' + str(msg)
# Scanning results
def scan_r(ip, port):
global WEBSERVER_IP
result = http_port_scan(ip,port)
# print result
if result[0]==True:
print " [!] Webserver at: : " ,ip,port
print result
WEBSERVER_IP.append(result)
return True
# Scanning threads
def scan_t(ip,ports=DEFAULT_PORTS):
threads = []
for i in range(len(ports)):
t = threading.Thread(target=scan_r, args=(ip,ports[i]))
threads.append(t)
for i in range(len(ports)):
threads[i].start()
for i in range(len(ports)):
threads[i].join()
def main():
global WEBSERVER_IP
ports=DEFAULT_PORTS
global INPUT_PORTS
if len(sys.argv) == 1:
iprange = raw_input("Enter IP range (CIDR) : ")
iprange_d = iprange.decode("utf-8")
elif len(sys.argv)==2:
iprange_d = sys.argv[1].decode("utf-8")
elif len(sys.argv)==3:
iprange_d = sys.argv[1].decode("utf-8")
if sys.argv[2]:
ports= sys.argv[2]
if "-" in ports:
range_p = ports.split("-")
start_p = range_p[0]
end_p = range_p[1]
print "port range: ", start_p,end_p
for i in range(int(start_p),int(end_p)):
INPUT_PORTS.append(i)
ports = INPUT_PORTS
net = ipaddress.ip_network(iprange_d)
for ip in net:
print "[*] Checking Target : ", ip
addr = str(ip)
scan_t(addr,ports)
print WEBSERVER_IP
main()