webserver_enum.py

#!/usr/bin/python

# File : webserver_enum.py
# Makes HTTP GET requests to various common ports
# to find a list of webservers

# Accepts CIDR Input
# Command line usage : python webserver_enum.py 192.168.1.0/24 0-1024


import socket
import sys
import httplib
import threading
import ipaddress

RESPONSE_CODES = [200 # Success
                 ,301 # Permanent redirect
                 ,302 # Temporary redirect
                 ,304 # Not modified
                 ,403 # Forbidden
                 ,404 # Page not found
                 ,500 # Server side error]

# common ports for http
DEFAULT_PORTS = [80,8080,3000,3001,1337,9393]

# input ports - only use if port specifications are provided
INPUT_PORTS = []


# final list of webserver scan results
WEBSERVER_IP=[]

# checks for http service
def http_port_scan(ip,port):
	h = httplib.HTTPConnection(ip,port,timeout=0.1)
	status = False

	try:
		h.request('GET','/')
        	r = h.getresponse()
        	msg = str(r.reason) + ' ' + str(r.status)

                if r.status in RESPONSE_CODES:
	          	status = True
    	except socket.error, e:
        	msg = e.strerror
    	except:
        	msg = 'Unexpected error'
    	return status, ip + ':' + str(port) + ' ' + str(msg)




# Scanning results
def scan_r(ip, port):
        global WEBSERVER_IP
        result = http_port_scan(ip,port)
#	print result
	if result[0]==True:
            print "     [!] Webserver at: : " ,ip,port
	    print result
            WEBSERVER_IP.append(result)
            return True



# Scanning threads
def scan_t(ip,ports=DEFAULT_PORTS):

	threads = []
	for i in range(len(ports)):
		t = threading.Thread(target=scan_r, args=(ip,ports[i]))
		threads.append(t)

	for i in range(len(ports)):
		threads[i].start()
	for i in range(len(ports)):
		threads[i].join()




def main():

        global WEBSERVER_IP

        ports=DEFAULT_PORTS

        global INPUT_PORTS

	if len(sys.argv) == 1:
		iprange = raw_input("Enter IP range (CIDR) : ")
		iprange_d = iprange.decode("utf-8")

        elif len(sys.argv)==2:
	        iprange_d = sys.argv[1].decode("utf-8")

        elif len(sys.argv)==3:
            iprange_d = sys.argv[1].decode("utf-8")
            if sys.argv[2]:
                    ports= sys.argv[2]

                    if "-" in ports:
                        range_p = ports.split("-")
                        start_p = range_p[0]
                        end_p = range_p[1]
                        print "port range: ", start_p,end_p
                        for i in range(int(start_p),int(end_p)):
                            INPUT_PORTS.append(i)

                    ports = INPUT_PORTS

	net = ipaddress.ip_network(iprange_d)

	for ip in net:
        	print "[*] Checking Target : ", ip
		addr = str(ip)
		scan_t(addr,ports)

        print WEBSERVER_IP



main()