Need help identifying type of host

[Katanius]

I've written a script to scan ip ranges and find live hosts,

 

for each host i find i need to determine what kind of host it is (web server, mail server, ftp server, dns, e.t.c.)

 

how can this be done?? Im new in PHP and im kind of stuck...

im also running this script on a windows platform so i cant use get_record and the likes.

 

here's the script:

<?php

//Set the start and the end of the ip range to be scanned
$startofrange='62.169.194.0';
$endofrange='62.169.194.50';

//Create a text file to write the results of the scan
$filename = "ScanResult_".date('d-m-y_H-i').".txt";
$fp = fopen($filename,"w")or die("ERROR $filename could not be created");
fwrite($fp,"Scan results: \r\n"); 
fclose($fp);

echo "Starting Scan..."."<br>";

//convert the start and end ip to decimal form to be able to be increased with ++ and be easier to work with
$ipstart=ip2long($startofrange);
$ipend=ip2long($endofrange);

//set infinite time limit so the programm does ot time out and initialize counters
set_time_limit(0);
$counter=0;   //counts ips scanned
$hostcount=0; //counts hosts found

for( $ip=$ipstart ; $ip<=$ipend ; $ip++ )   //loop from the start of range to the end of range
{ 
  $counter++;  
//converts %ip to unsigned to display corrrect value                                                    
  $ipstring=sprintf("%u ",$ip);                                    

//opens the created file to write ips scanned and theyr decimal value   
  $fp=fopen($filename,"a")or die("ERROR Could not open $filename");
  fputs($fp,"IP=".long2ip($ip)." LongIP=$ipstring"."Host: ");
//display the scanned ips to the browser  
  echo "IP=".long2ip($ip)." LongIP=";
  echo $ipstring." Host: ";
  
  $hostname = @nslookup(long2ip($ip));   //uses the created nslookup function to find host                          
  if($hostname!=long2ip($ip))
  { 
    fputs($fp,"$hostname \r\n");
    echo $hostname."<br>";
    $hostcount++;
  }
  else
  {
    fputs($fp,"No Host found! \r\n");
    echo "No Host found!"."<br>";
  }  
}
//writes in the openned file the number of ips scanned and hosts found and closes the file
fputs($fp,"End Of Scan: $counter addresses scanned, $hostcount hosts found. \r\n");
fclose($fp);
//displays the number of ips scanned and hosts found
echo "Scan Finished: $counter addresses scanned, $hostcount hosts found.";

//The nslookup function used above

function nslookup ($ipadr)
{
//uses the external nslookup command to find host informaton
//and splits results into an array to keep only the information needed
$host = split('Name:',`nslookup $ipadr`);  
//if a host exists trims spaces of the string returned by nslookup and replaces unusefull information with''
//else returns the ip address
$host = ( trim (isset($host[1]) ? str_replace ("\n".'Address:  '.$ipadr, '', $host[1]) : $ipadr));
$host = str_replace("\nAliases:  ",'  Aliases: ',$host);
return $host; // returns the host or the ip address if no host found
}

?>

 

I've tryed to identify web servers using headers but it takes ages to complete...

 

if($hostname!=long2ip($ip))
  { 
    fputs($fp,"$hostname \r\n");
    echo $hostname."<br>";
    $hostcount++;
//determines if host is a web server using headers 
    if(@get_headers("http://$hostname")!=FALSE)
    {
      fputs($fp,"WEB-SERVER \r\n");
      echo "WEB-SERVER"."<br>";
    }

  }
  else
  {
    fputs($fp,"No Host found! \r\n");
    echo "No Host found!"."<br>";
  }  

 

can someone plz help?

[Katanius]

Can someone help me with this please?

 

At least is there another way to identify web servers that is faster or without using headers?

for each host it finds that isn't a web page or server it takes ages to figure it out and move on to the next.

 

what can i do?