Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env perl
- # RitX - Reverse IP Tool v1.5
- # Copyright (C) 2009-2012
- # r0b10S-12 <r12xr00tu@gmail.com>
- print "\n\t+-----------------------------+\n";
- print "\t| RitX 1.5 |\n";
- print "\t| Coded by r0b10S-12 |\n";
- print "\t+-----------------------------+\n\n\n";
- use LWP::Simple;
- use Socket qw(inet_aton);
- use Getopt::Long;
- # check missing modules...
- my @Modules = ("threads","LWP::ConnCache","HTTP::Cookies");
- foreach my $module (@Modules)
- {
- my $can = eval "use $module;1;";
- if ($can && $module =~ /threads/)
- {
- # Do processing using threads
- $thread_support = 1;
- }
- elsif(!$can && $module =~ /threads/)
- {
- # Do it without using threads
- $thread_support = 0;
- }
- # The module isn't there
- if ($@ =~ /Can't locate/) {
- die "\n[!!] it seems that some modules are missing...:\n".$@."\n";
- }
- }
- my $b = $0;
- $b =~ s/.*\///;
- sub usage {
- print <<HELP;
- Usage: perl $b [OPTIONS]
- Options:
- -t, --target Server hostname or IP
- -c, --check Check extracted domains that are in the same IP address to eleminate cached/old records
- -b, --bing Save Bing search results to a file
- --list List current supported Reverse Ip Lookup websites
- --print Print results
- --timeout=SECONDS Seconds to wait before timeout connection (default 30)
- --user-agent Specify User-Agent value to send in HTTP requests
- --proxy To use a Proxy
- --proxy-auth Proxy authentication information (user:password).
- -o, --output=FILE Save results to a file (default IP.txt)
- -h, --help This shity message
- -v, --verbose Print more informations
- Threads:
- --threads=THREADS Maximum number of concurrent IP checks (default 1) require --check
- HELP
- exit;
- }
- my %SERV = (
- Myipneighbors =>{
- SITE => "My-ip-neighbors.com",
- URL => "http://www.my-ip-neighbors.com/?domain=%s",
- REGEX => '<td class="action"\starget="\_blank"><a\shref="http\:\/\/whois\.domaintools\.com\/(.*?)"\starget="\_blank"\sclass="external">Whois<\/a><\/td>',
- },
- Yougetsignal =>{
- SITE => "Yougetsignal.com",
- DATA => 'remoteAddress',
- URL => "http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php",
- SP => 'Yougetsignal()',
- },
- Myiptest =>{
- SITE => "Myiptest.com",
- URL => "http://www.myiptest.com/staticpages/index.php/Reverse-IP/%s",
- REGEX => "<td style='width:200px;'><a href='http:\/\/www\.myiptest\.com\/staticpages\/index\.php\/Reverse-IP\/.*?'>(.*?)<\/a><\/td>",
- },
- WebHosting =>{
- SITE => "Whois.WebHosting.info",
- URL => "http://whois.webhosting.info/%s?pi=%s&ob=SLD&oo=DESC",
- HEAVY => 1,
- SP => 'Whoiswebhosting()',
- },
- Domainsbyip =>{
- SITE => 'Domainsbyip.com',
- URL => 'http://domainsbyip.com/%s/',
- REGEX => '<li class="site.*?"><a href="http\:\/\/domainsbyip.com\/domaintoip\/(.*?)/">.*?<\/a>',
- },
- Ipadress =>{
- SITE => "Ip-adress.com",
- URL => "http://www.ip-adress.com/reverse_ip/%s",
- REGEX => '<td style\=\"font\-size\:8pt\">.\n\[<a href="\/whois\/(.*?)">Whois<\/a>\]',
- },
- Bing =>{
- SITE => "Bing.com",
- URL => "http://api.search.live.net/xml.aspx?Appid=%s&query=ip:%s&Sources=Web&Version=2.0&Options=EnableHighlighting&Web.Count=50&Web.Options=DisableQueryAlterations&Web.Offset=",
- SP => 'BingApi()',
- },
- ewhois =>{
- SITE => "Ewhois.com",
- URL => "http://www.ewhois.com/",
- HEAVY => 1,
- SP => 'eWhois()',
- },
- Sameip =>{
- SITE => "Sameip.org",
- URL => "http://sameip.org/ip/%s/",
- REGEX => '<a href="http:\/\/.*?" rel=\'nofollow\' title="visit .*?" target="_blank">(.*?)<\/a>',
- },
- Robtex =>{
- SITE => "Robtex.com",
- URL => "http://www.robtex.com/ajax/dns/%s.html",
- REGEX => "<li><a href\=\"\/dns\/.*?\.html\#shared\" >(.*?)<\/a><\/li>",
- },
- Webmax =>{
- SITE => "Tools.web-max.ca",
- URL => "http://ip2web.web-max.ca/?byip=1&ip=%s",
- REGEX => '<a href="http:\/\/.*?" target="_blank">(.*?)<\/a>',
- },
- DNStrails =>{
- SITE => "DNStrails.com",
- URL => "http://www.DNStrails.com/tools/lookup.htm?ip=%s&date=recent",
- REGEX => 'date=recent">(.*?)<\/a>\s\(as\sa\swebserver\)',
- },
- Viewdns =>{
- SITE => "Viewdns.info",
- URL => "http://viewdns.info/reverseip/?host=%s",
- SP => "ViewDNS()"
- }
- );
- # Process options.
- my ($target,$timeout,$threadz,$check,$print,$bing,$proxy,$proxy_auth,$useragent,$filename,$verbose);
- if ( @ARGV > 0 )
- {
- GetOptions( 't|target=s' => \$target,
- 'timeout=i' => \$timeout,
- 'threads=i' => \$threadz,
- 'c|check' => \$check,
- 'print' => \$print,
- 'list' => \&list_serv,
- 'b|bing' => \$bing,
- 'proxy=s' => \$proxy,
- 'proxy-auth=s' => \$proxy_auth,
- 'user-agent' => \$useragent,
- 'o|output=s' => \$filename,
- 'v|verbose' => \$verbose,
- 'h|help' => \&usage) or exit;
- }
- else
- {
- print "[*] Usage : perl $b [OPTIONS]\n";
- print " EXEMPLE : perl $b -t www.target.com -o result.txt\n\n";
- print "[*] Try 'perl $b -h' for more options.\n";
- exit;
- }
- if($^O =~ /MSWin32|cygwin/ and ($threadz>10))
- {
- print "\n[-] Sorry, maximum number of used threads is 10 for Windows to avoid some possible connection and performance issues\n\n";
- exit;
- }
- if ($target =~ /\d+.\d+.\d+.\d+/)
- {
- # nice do nothing
- }
- elsif ($target =~ /([a-z][a-z0-9\-]+(\.|\-*\.))+[a-z]{2,6}$/)
- {
- my $IP = getIP($target);
- if ($IP)
- {
- $target = $IP;
- }
- else
- {
- die "\n[!!] Unable to Resolve Host $target ! \n";
- }
- }
- else
- {
- die "[-] Invalid Hostname or Ip address .\n";
- }
- my $DNSx = gethostbyaddr(inet_aton($target),AF_INET);
- # Check if the target uses CloudFlare service
- my $IPx = unpack("N",inet_aton($target));
- if(($IPx >= 3428708352 and $IPx <= 3428708607) or ($IPx >= 3428692224 and $IPx <= 3428692479) or ($IPx >= 3340468224 and $IPx <= 3340470271) or ($IPx >= 2918526976 and $IPx <= 2918531071) or ($IPx >= 1729546240 and $IPx <= 1729547263))
- {
- print "[WARNING] The target uses CloudFlare's service!!\n\n";
- print "[!] do you wanna continue? [y/n]:";
- my $choice=<STDIN>;
- chop($choice);
- if($choice eq "n")
- {
- print "\n[*] shutting down!!\n\n";
- exit;
- }
- else
- {
- print "[+] OK! as you like\n";
- }
- }
- # Global variables
- $bingApiKey = 'B2EF5E9434B8778E2B01E5D6CE71545CCEC97C86';#get your own code
- $VERSION = '1.5';
- $TMPdir = "tmp";
- $useragent ||= 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5';
- $filename ||= "$target.txt";
- $timeout ||= 30;
- $SIG{INT} = \&trapsig;
- mkdir $TMPdir or die "[-] Cant create tmp directory!\n" if ! -d $TMPdir;
- my $ua = LWP::UserAgent->new(agent => $useragent);
- $ua->timeout($timeout);
- $ua->max_redirect(0);
- $ua->conn_cache(LWP::ConnCache->new());
- $ua->default_header('Referer' => "http://www.fbi.gov");
- $|++;
- if ($proxy)
- {
- $proxy .= ":8080" if not $proxy =~ /:/;
- # connect to the proxy
- my $req = HTTP::Request->new(CONNECT => 'http://'.$proxy.'/' );
- if (defined $proxy_auth)
- {
- my ($user,$password)=split(":",$proxy_auth);
- $req->proxy_authorization_basic($user, $password);
- }
- my $res = $ua->request($req);
- # connection failed
- if ( not $res->is_success ){
- print "\n[-] failed to connect to the proxy... ignore it\n\n";
- }
- else
- {
- $ua->proxy(http => "http://$proxy/");
- }
- }
- print "\n[*] This thing will take a little time so please wait...\n\n";
- print "[*] Processing:\n";
- ### Functions
- sub list_serv
- {
- print "[*] List of available Reverse Ip Lookup services:\n\n";
- foreach $X (keys %SERV)
- {
- print " -> $SERV{$X}->{SITE}\n";
- }
- print "\n";
- exit;
- }
- sub trapsig
- {
- print "\n\n[!!] Caught Interrupt (CTRL+C), Aborting\n";
- print "[!!] Saving results\n";
- save_report($filename);
- exit();
- }
- sub add
- {
- my $x = lc($_[0]);
- ($x =~ /[\<\"]|freecellphonetracer|reversephonedetective|americanhvacparts|freephonetracer|phone\.addresses|reversephone\.theyellowpages|\.in-addr\.arpa|^\d+(\.|-)\d+(\.|-)/) ? return:0;
- push(@{$SERV{$X}->{DUMP}},$x) if($verbose);
- $x =~ s/http(.|s)\:\/\/|\*\.|^www\.|\///;#remove shit
- ++$SERV{$X}->{NB};
- push(@result,$x);
- }
- sub getIP
- {
- my @ip = unpack('C4',(gethostbyname($_[0]))[4]) or return;
- return join('.',@ip);
- }
- sub getDNS
- {
- return gethostbyaddr(inet_aton($_[0]),AF_INET);
- }
- sub Req
- {
- my ($URL,$data)=@_;
- my $res;
- if(!$data)
- {
- $res = $ua->get($URL);
- }
- else
- {
- $res = $ua->post($URL,
- {
- $data => $target,
- });
- }
- if(!$res->is_success)
- {
- print "[!] Error: ".$res->status_line."\n" if ($verbose);
- }
- return $res->content;
- }
- sub Yougetsignal
- {
- my $resu = Req(sprintf($SERV{$X}->{URL},$target),$SERV{$X}->{DATA});
- while ($resu =~ m/\["(.*?)\"\, \"(1|)\"\]/g)
- {
- add($1);
- }
- if ($resu =~ m/Daily reverse IP check limit reached for/i)
- {
- $ERROR = "E1";
- $SERV{$X}->{NB} = $ERROR;
- }
- }
- sub eWhois
- {
- sub callback
- {
- while($_[0] =~ m/"(.*?)","","","(UA\-[0-9]+\-[0-9]+|)",""/g)
- {
- add($1);
- }
- }
- my $url = "http://www.ewhois.com/export/ip-address/$target/";
- my $cookie_jar = HTTP::Cookies->new(autosave => 1);
- my $browser = LWP::UserAgent->new(agent => $useragent);
- $browser->cookie_jar($cookie_jar);
- my $resu = $browser->post("http://www.ewhois.com/login/",
- {
- 'data[User][email]'=>'r12xr00tu@gmail.com',
- 'data[User][password]'=>'RitX:::R1tX',
- 'data[User][remember_me]'=>'0'
- });
- if(!$resu->header('Location'))
- {
- print "[-] Sorry, we cant login to eWhois!\n";
- return;
- }
- $browser->get($url, ':content_cb' => \&callback );
- }
- sub Whoiswebhosting
- {
- for (my $i=1;$i<=100;$i++)
- {
- my $resu = Req(sprintf($SERV{$X}->{URL},$target,$i));
- if ($resu =~ m/<a href=\"\/.*?\?pi\=\d+\&ob\=SLD\&oo\=DESC\">Next\ \;\>\;\>\;<\/a>/g)
- {
- while ($resu =~ m/<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>/g)
- {
- add($1);
- }
- }
- else
- {
- while ($resu =~ m/<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>/g)
- {
- add($1);
- }
- if ($resu =~ m/The security key helps us prevent automated searches/i)
- {
- $ERROR = "E2";
- $SERV{$X}->{NB} = $ERROR;
- last;
- }
- last;
- }
- }
- }
- sub ViewDNS
- {
- my $resu = Req(sprintf($SERV{$X}->{URL},$target));
- if($resu =~ m/<table border="1"><tr><td>Domain<\/td><td>Last Resolved Date<\/td><\/tr>(.*?)<\/table><br><\/td><\/tr>/i)
- {
- $resu = $1;
- while($resu =~ m/<tr><td>(.*?)<\/td><td align="center">/gi)
- {
- add($1);
- }
- }
- }
- sub BingApi
- {
- my $b;
- my $off = 0;
- for(my $offset=50;$offset<=500;$offset+=50)
- {
- my $resu = Req(sprintf($SERV{$X}->{URL},$bingApiKey,$target).$offset);
- if ($resu =~ m/<web\:Offset>(.*?)<\/web\:Offset>/gi)
- {
- $off = $1;
- }
- if ($off == $offset)
- {
- while ($resu =~ m/<web\:Url>http:\/\/(.*?)<\/web\:Url>/g)
- {
- $b = $1;
- push(@bingtrash,$b) if $bing;
- $b =~ s/\/.*// if index($b,"/");
- add($b);
- }
- }
- else
- {
- last;
- }
- }
- }
- sub add2tmp
- {
- syswrite(TMP,gethostbyaddr(inet_aton($_[0]),AF_INET).":$_[0];");
- }
- sub checkDomain
- {
- if(getDNS('www.'.$_[0]) eq $DNSx)
- {
- $NEWNB++;
- print " Found : $_[0]\n";
- push(@resx,'www.'.$_[0]);
- }
- elsif(getDNS($_[0]) eq $DNSx)
- {
- print " Found : $_[0]\n";
- $NEWNB++;
- push(@resx,$_[0]);
- }
- else
- {
- print " Try : $_[0]\n";
- }
- }
- sub save_report
- {
- my $filen = $_[0];
- if($donecheck && $threadz && $thread_support)
- {
- open (IN,"./$TMPdir/RitX-tmp.txt") or print ("\n[!] Can't create the file ($filen)\n");
- open (OUT,">$target-checked.txt") or print ("\n[!] Can't create the file ($filen)\n");
- syswrite(OUT,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Results were tested and checked, so all old records were removed.\n\n");
- while(<IN>)
- {
- chomp;
- if (index($_,$DNSx))
- {
- $NEWNB++;
- s/$DNSx://;
- syswrite(OUT,"$_\n");
- }
- }
- close(IN);
- close(OUT);
- }
- elsif($donecheck && !$threadz)
- {
- open (OUT,">$target-checked.txt") or print ("\n[!] Can't create the file ($filen)\n");
- syswrite(OUT,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Results were tested and checked, so all old records were removed.\n# Total domains: $NEWNB\n\n");
- foreach (@resx)
- {
- syswrite(OUT,"$_\n") if ($_);
- }
- close(OUT);
- }
- open (F,">$filen") or print ("\n[!] Can't create the file ($filen)\n");
- syswrite(F,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Total domains: $TOTALNB\n\n");
- foreach(@result)
- {
- syswrite(F,"$_\n") if ($_);
- }
- close(F);
- }
- #----------#
- foreach $X (keys %SERV)
- {
- my $match = $SERV{$X}->{REGEX};
- syswrite(STDOUT," -> $SERV{$X}->{SITE}\n");
- if(!$SERV{$X}->{SP})
- {
- $res=Req(sprintf($SERV{$X}->{URL},$target),$SERV{$X}->{DATA});
- }
- else
- {
- eval($SERV{$X}->{SP});
- next;
- }
- while($res =~ m/$match/g)
- {
- add($1);
- }
- }
- die "\n\n[-] Sorry, there is no data were retrieved!\n" if(scalar(@result)<1);
- @result = sort(grep { ++$R12{$_} < 2 } @result);
- undef(%R12);
- $TOTALNB = scalar(@result);
- if($verbose)
- {
- print "\n[+] DEBUG:\n\n";
- foreach $X (keys %SERV)
- {
- syswrite(STDOUT," + $SERV{$X}->{SITE}\n");
- foreach $DMP (@{$SERV{$X}->{DUMP}})
- {
- syswrite(STDOUT," - $DMP\n");
- }
- }
- }
- if($bing)
- {
- if (scalar(@bingtrash)>0)
- {
- syswrite(STDOUT,"[+] saving Bing shit... ");
- my $file = "bingresults-$target.txt";
- open (BING,">$file") or print ("\n[!] Can't create bing shit\n");
- print BING "# Genereted By RitX $VERSION\n# Those are all search results from Bing.com ($target).\n\n";
- foreach (@bingtrash)
- {
- print BING "$_\n";
- }
- close(BING);
- syswrite(STDOUT,"DONE\n");
- print "[+] bing results were saved into $file\n";
- }
- else
- {
- print "\n[-] no bing data!!\n\n"
- }
- }
- if ($check)
- {
- my ($domain,$t);
- print "\n[x] Checking and removing old records from results\n";
- if ($threadz && $thread_support)
- {
- open(TMP,">./$TMPdir/RitX-tmp.txt");
- TMP->autoflush(1);
- foreach (@result)
- {
- threads->create(\&add2tmp,"www.$_")->detach;
- $t++;
- if($t==$threadz)
- {
- $s+=$t;
- print "\r passed $s";
- undef $t;
- sleep 1;
- }
- }
- close(TMP);
- }
- else
- {
- print "[-] Sorry your PERL installation doesn't support threads!\n\n" if !$thread_support;
- &checkDomain($_) foreach (@result);
- }
- $donecheck = 1;
- print "[+] Done\n";
- }
- &save_report($filename);
- print "\n[x] Result of $target : \n\n";
- print " +--------+\n | NB |\n+-----------------------+--------+\n";
- foreach $X (keys %SERV)
- {
- printf "| %-22s| %-7s|\n",$SERV{$X}->{SITE},(($SERV{$X}->{NB}) ? $SERV{$X}->{NB} : 0);
- print "+--------------------------------+\n";
- }
- printf " %-14s| Total | %-7s|\n"," ",$TOTALNB;
- print " +----------------+\n";
- print "[+] After removing old records : $NEWNB\n\n" if $donecheck;
- if ($ERROR)
- {
- print "+--Keys------------------------------------+\n";
- print "|E1: Daily reverse IP check limit reached. |\n";
- print "|E2: Some Security Measures (Captcha). |\n";
- print "+------------------------------------------+\n";
- }
- if ($TOTALNB != 0 and $print)
- {
- print "[+] Results:\n";
- my $v = 0;
- foreach my $RD (@result)
- {
- $v++;
- print " $RD\n";
- if($v==20){<STDIN>;undef $v};
- }
- }
- print "[+] All domain name results has been saved to ($filename)\n";
- print "[+] All checked domains are saved to ($target-checked.txt)\n" if ($NEWNB>0);
- print "[++] have fun :)\n";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement