[REBOL] virus-ip-scan
From: petr::krenzelok::trz::cz at: 12-May-2004 9:27
Hi,
I build small but usefull script for my own purpose to allow me to scan
network for possibly infected computers. It is new/rewritten version of
my old script, which contained IP adresses hardcoded. Now they are
abstracted. I have also one question, hopefully answered by Romano or
Gabriele, but I would not mind answer by anyone else ...
- what I have removed from script was request to dns://ip-here, because
it lasted too long. So I only ask for computer-name via dns:// if
possible virus is found. I know there is async dns possibility via
dns:///, but I don't know how should I track it, so ....
- it does not try to communicate with opened port - it only tries to
open tcp port, and if successfull, it regards such machine as being infected
- it does only tcp check, I was lazy to abstract i further and scan for
UDP opened ports if any virus uses them, but I could add it :-)
- don't set timeout too low. I tried with 0.1, so hopefully on local
network it is ok, but you simply risk that if answer is not fast enough,
it will time-out and in fact such machine could be infected ...
- now for ranges of IP adresses: block of four integers or subblocks.
Examples:
172 25 7 [0 255] ; scan all range on 172.25.7 network
172 25 7 [20 40 61 61 128 200] ; scans only 20 - 40, 61, 128-200 ranges
on 172.25.7 network
172 25 [7 10] [0 255] ; scans 172.25.7-10 networks, from 0-255
[0 255] [0 255] [0 255] [0 255] ; NEVER try that :-)
PS: as always - my code is probably far from optimal, but it hopefully
does the job :-)
Now the script:
REBOL []
system/schemes/default/timeout: 0.1
if exists? %virus-ip-scan.log [delete %virus-ip-scan.log]
log: func [text][
print text
write/append %virus-ip-scan.log join reduce text newline
]
IP-ranges: [
172 25 7 [0 255]
172 25 37 [0 255]
172 25 14 [0 255]
]
virus-ports: [
Sasser
[1022 1023 4445 5554 9996]
Blaster
[4444]
]
IPs-to-check: copy []
log ["Start at: " now]
log "Generating IP ranges ..."
foreach [IP1 IP2 IP3 IP4] IP-ranges [
if integer? IP1 [IP1: copy reduce [IP1 IP1]]
foreach [min-IP1 max-IP1] IP1 [
for IP-1 min-IP1 max-IP1 1 [
if integer? IP2 [IP2: copy reduce [IP2 IP2]]
foreach [min-IP2 max-IP2] IP2 [
for IP-2 min-IP2 max-IP2 1 [
if integer? IP3 [IP3: copy reduce [IP3 IP3]]
foreach [min-IP3 max-IP3] IP3 [
for IP-3 min-IP3 max-IP3 1 [
if integer? IP4 [IP4: copy reduce [IP4 IP4]]
foreach [min-IP4 max-IP4] IP4 [
for IP-4 min-IP4 max-IP4 1 [
append IPs-to-check to-tuple reduce [IP-1 IP-2 IP-3 IP-4]
]
] ; IP4
]
] ; IP3
]
] ; IP2
]
] ; IP1
] ; main loop ...
log "Checking ..."
foreach IP IPs-to-check [
report: copy ""
start: now/time
foreach [virus ports] virus-ports [
infected-by: copy []
foreach port ports [
if attempt [user: open join tcp:// reduce [IP ":" port]][
if not found? find head infected-by virus [append infected-by virus]
attempt [close user]
]
] ; ports
] ; virus
either empty? infected-by [
append report rejoin [now/time - start ": " IP ": OK"]
log report
][
append report rejoin [IP " (user: " either none? u: read join dns://
IP ["unknown"][u] "): "]
append report form infected-by
insert report join "" [now/time - start ": "]
log report
clear infected-by
]
] ; IP (user)
log ["End of check at: " now]