Katanius Posted April 14, 2007 Share Posted April 14, 2007 I've written a script to scan ip ranges and find live hosts, for each host i find i need to determine what kind of host it is (web server, mail server, ftp server, dns, e.t.c.) how can this be done?? Im new in PHP and im kind of stuck... im also running this script on a windows platform so i cant use get_record and the likes. here's the script: <?php //Set the start and the end of the ip range to be scanned $startofrange='62.169.194.0'; $endofrange='62.169.194.50'; //Create a text file to write the results of the scan $filename = "ScanResult_".date('d-m-y_H-i').".txt"; $fp = fopen($filename,"w")or die("ERROR $filename could not be created"); fwrite($fp,"Scan results: \r\n"); fclose($fp); echo "Starting Scan..."."<br>"; //convert the start and end ip to decimal form to be able to be increased with ++ and be easier to work with $ipstart=ip2long($startofrange); $ipend=ip2long($endofrange); //set infinite time limit so the programm does ot time out and initialize counters set_time_limit(0); $counter=0; //counts ips scanned $hostcount=0; //counts hosts found for( $ip=$ipstart ; $ip<=$ipend ; $ip++ ) //loop from the start of range to the end of range { $counter++; //converts %ip to unsigned to display corrrect value $ipstring=sprintf("%u ",$ip); //opens the created file to write ips scanned and theyr decimal value $fp=fopen($filename,"a")or die("ERROR Could not open $filename"); fputs($fp,"IP=".long2ip($ip)." LongIP=$ipstring"."Host: "); //display the scanned ips to the browser echo "IP=".long2ip($ip)." LongIP="; echo $ipstring." Host: "; $hostname = @nslookup(long2ip($ip)); //uses the created nslookup function to find host if($hostname!=long2ip($ip)) { fputs($fp,"$hostname \r\n"); echo $hostname."<br>"; $hostcount++; } else { fputs($fp,"No Host found! \r\n"); echo "No Host found!"."<br>"; } } //writes in the openned file the number of ips scanned and hosts found and closes the file fputs($fp,"End Of Scan: $counter addresses scanned, $hostcount hosts found. \r\n"); fclose($fp); //displays the number of ips scanned and hosts found echo "Scan Finished: $counter addresses scanned, $hostcount hosts found."; //The nslookup function used above function nslookup ($ipadr) { //uses the external nslookup command to find host informaton //and splits results into an array to keep only the information needed $host = split('Name:',`nslookup $ipadr`); //if a host exists trims spaces of the string returned by nslookup and replaces unusefull information with'' //else returns the ip address $host = ( trim (isset($host[1]) ? str_replace ("\n".'Address: '.$ipadr, '', $host[1]) : $ipadr)); $host = str_replace("\nAliases: ",' Aliases: ',$host); return $host; // returns the host or the ip address if no host found } ?> I've tryed to identify web servers using headers but it takes ages to complete... if($hostname!=long2ip($ip)) { fputs($fp,"$hostname \r\n"); echo $hostname."<br>"; $hostcount++; //determines if host is a web server using headers if(@get_headers("http://$hostname")!=FALSE) { fputs($fp,"WEB-SERVER \r\n"); echo "WEB-SERVER"."<br>"; } } else { fputs($fp,"No Host found! \r\n"); echo "No Host found!"."<br>"; } can someone plz help? Quote Link to comment Share on other sites More sharing options...
Katanius Posted April 14, 2007 Author Share Posted April 14, 2007 Can someone help me with this please? At least is there another way to identify web servers that is faster or without using headers? for each host it finds that isn't a web page or server it takes ages to figure it out and move on to the next. what can i do? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.