R0b10s-12 Reverse IP

#!/usr/bin/env perl

# RitX - Reverse IP Tool v1.5
# Copyright (C) 2009-2012
# r0b10S-12 <r12xr00tu@gmail.com>


print "\n\t+-----------------------------+\n";
print "\t|           RitX 1.5          |\n";
print "\t|      Coded by r0b10S-12     |\n";
print "\t+-----------------------------+\n\n\n";

use LWP::Simple;
use Socket qw(inet_aton);
use Getopt::Long;

# check missing modules...
my @Modules = ("threads","LWP::ConnCache","HTTP::Cookies");

foreach my $module (@Modules)
{
    my $can = eval "use $module;1;";
    if ($can && $module =~ /threads/)
    {
        # Do processing using threads
        $thread_support = 1;
    }
    elsif(!$can && $module =~ /threads/)
    {
        # Do it without using threads
        $thread_support = 0;
    }
    # The module isn't there
    if ($@ =~ /Can't locate/) {
        die "\n[!!] it seems that some modules are missing...:\n".$@."\n";
    }
}

my $b = $0;
$b =~ s/.*\///;
sub usage {
    print <<HELP;
Usage: perl $b [OPTIONS]
Options:
   -t, --target            Server hostname or IP
   -c, --check             Check extracted domains that are in the same IP address to eleminate cached/old records
   -b, --bing              Save Bing search results to a file
       --list              List current supported Reverse Ip Lookup websites
       --print             Print results
       --timeout=SECONDS   Seconds to wait before timeout connection (default 30)
       --user-agent        Specify User-Agent value to send in HTTP requests
       --proxy             To use a Proxy
       --proxy-auth        Proxy authentication information (user:password).
   -o, --output=FILE       Save results to a file (default IP.txt)
   -h, --help              This shity message
   -v, --verbose           Print more informations

   Threads:
   --threads=THREADS       Maximum number of concurrent IP checks (default 1) require --check

HELP
    exit;
}

my %SERV = (
    Myipneighbors =>{
        SITE    =>  "My-ip-neighbors.com",
        URL     =>  "http://www.my-ip-neighbors.com/?domain=%s",
        REGEX   =>  '<td class="action"\starget="\_blank"><a\shref="http\:\/\/whois\.domaintools\.com\/(.*?)"\starget="\_blank"\sclass="external">Whois<\/a><\/td>',
    },
    Yougetsignal =>{
        SITE    =>  "Yougetsignal.com",
        DATA    =>  'remoteAddress',
        URL     =>  "http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php",
        SP      =>  'Yougetsignal()',
    },
    Myiptest =>{
        SITE    =>  "Myiptest.com",
        URL     =>  "http://www.myiptest.com/staticpages/index.php/Reverse-IP/%s",
        REGEX   =>  "<td style='width:200px;'><a href='http:\/\/www\.myiptest\.com\/staticpages\/index\.php\/Reverse-IP\/.*?'>(.*?)<\/a><\/td>",
    },
    WebHosting =>{
        SITE    =>  "Whois.WebHosting.info",
        URL     =>  "http://whois.webhosting.info/%s?pi=%s&ob=SLD&oo=DESC",
        HEAVY   =>  1,
        SP      =>  'Whoiswebhosting()',
    },
    Domainsbyip =>{
        SITE    =>  'Domainsbyip.com',
        URL     =>  'http://domainsbyip.com/%s/',
        REGEX   =>  '<li class="site.*?"><a href="http\:\/\/domainsbyip.com\/domaintoip\/(.*?)/">.*?<\/a>',
    },
    Ipadress =>{
        SITE    =>  "Ip-adress.com",
        URL     =>  "http://www.ip-adress.com/reverse_ip/%s",
        REGEX   =>  '<td style\=\"font\-size\:8pt\">.\n\[<a href="\/whois\/(.*?)">Whois<\/a>\]',
    },
    Bing =>{
        SITE    =>  "Bing.com",
        URL     =>  "http://api.search.live.net/xml.aspx?Appid=%s&query=ip:%s&Sources=Web&Version=2.0&Options=EnableHighlighting&Web.Count=50&Web.Options=DisableQueryAlterations&Web.Offset=",
        SP      =>  'BingApi()',
    },
    ewhois =>{
        SITE    =>  "Ewhois.com",
        URL     =>  "http://www.ewhois.com/",
        HEAVY   =>  1,
        SP      =>  'eWhois()',
    },
    Sameip =>{
        SITE    =>  "Sameip.org",
        URL     =>  "http://sameip.org/ip/%s/",
        REGEX   =>  '<a href="http:\/\/.*?" rel=\'nofollow\' title="visit .*?" target="_blank">(.*?)<\/a>',
    },
    Robtex =>{
        SITE    =>  "Robtex.com",
        URL     =>  "http://www.robtex.com/ajax/dns/%s.html",
        REGEX   =>  "<li><a href\=\"\/dns\/.*?\.html\#shared\" >(.*?)<\/a><\/li>",
    },
    Webmax =>{
        SITE    =>  "Tools.web-max.ca",
        URL     =>  "http://ip2web.web-max.ca/?byip=1&ip=%s",
        REGEX   =>  '<a href="http:\/\/.*?" target="_blank">(.*?)<\/a>',
    },
    DNStrails =>{
        SITE    =>  "DNStrails.com",
        URL     =>  "http://www.DNStrails.com/tools/lookup.htm?ip=%s&date=recent",
        REGEX   =>  'date=recent">(.*?)<\/a>\s\(as\sa\swebserver\)',
    },
    Viewdns =>{
        SITE    =>  "Viewdns.info",
        URL     =>  "http://viewdns.info/reverseip/?host=%s",
        SP      =>  "ViewDNS()"
    }
);

# Process options.
my ($target,$timeout,$threadz,$check,$print,$bing,$proxy,$proxy_auth,$useragent,$filename,$verbose);

if ( @ARGV > 0 )
{
    GetOptions( 't|target=s'    => \$target,
                'timeout=i'     => \$timeout,
                'threads=i'     => \$threadz,
                'c|check'       => \$check,
                'print'         => \$print,
                'list'          => \&list_serv,
                'b|bing'        => \$bing,
                'proxy=s'       => \$proxy,
                'proxy-auth=s'  => \$proxy_auth,
                'user-agent'    => \$useragent,
                'o|output=s'    => \$filename,
                'v|verbose'     => \$verbose,
                'h|help'        => \&usage) or exit;
}
else
{
    print "[*] Usage    : perl $b [OPTIONS]\n";
    print "    EXEMPLE  : perl $b -t www.target.com -o result.txt\n\n";
    print "[*] Try 'perl $b -h' for more options.\n";
    exit;
}


if($^O =~ /MSWin32|cygwin/ and ($threadz>10))
{
    print "\n[-] Sorry, maximum number of used threads is 10 for Windows to avoid some possible connection and performance issues\n\n";
    exit;
}

if ($target =~ /\d+.\d+.\d+.\d+/)
{
    # nice do nothing
}
elsif ($target =~ /([a-z][a-z0-9\-]+(\.|\-*\.))+[a-z]{2,6}$/)
{
    my $IP = getIP($target);
    if ($IP)
    {
        $target = $IP;
    }
    else
    {
        die "\n[!!] Unable to Resolve Host $target ! \n";
    }
}
else
{
    die "[-] Invalid Hostname or Ip address .\n";
}

my $DNSx = gethostbyaddr(inet_aton($target),AF_INET);
# Check if the target uses CloudFlare service
my $IPx = unpack("N",inet_aton($target));
if(($IPx >= 3428708352 and $IPx <= 3428708607) or ($IPx >= 3428692224 and $IPx <= 3428692479) or ($IPx >= 3340468224 and $IPx <= 3340470271) or ($IPx >= 2918526976 and $IPx <= 2918531071) or ($IPx >= 1729546240 and $IPx <= 1729547263))
{
    print "[WARNING] The target uses CloudFlare's service!!\n\n";
    print "[!] do you wanna continue? [y/n]:";
    my $choice=<STDIN>;
    chop($choice);
    if($choice eq "n")
    {
        print "\n[*] shutting down!!\n\n";
        exit;
    }
    else
    {
        print  "[+] OK! as you like\n";
    }
}

# Global variables
$bingApiKey  = 'B2EF5E9434B8778E2B01E5D6CE71545CCEC97C86';#get your own code
$VERSION     = '1.5';
$TMPdir      = "tmp";
$useragent ||= 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5';
$filename  ||= "$target.txt";
$timeout   ||= 30;
$SIG{INT}    = \&trapsig;

mkdir $TMPdir or die "[-] Cant create tmp directory!\n" if ! -d $TMPdir;

my $ua = LWP::UserAgent->new(agent => $useragent);
$ua->timeout($timeout);
$ua->max_redirect(0);
$ua->conn_cache(LWP::ConnCache->new());
$ua->default_header('Referer' => "http://www.fbi.gov");
$|++;
if ($proxy)
{
    $proxy .= ":8080" if not $proxy =~ /:/;
    # connect to the proxy
    my $req = HTTP::Request->new(CONNECT => 'http://'.$proxy.'/' );
    if (defined $proxy_auth)
    {
        my ($user,$password)=split(":",$proxy_auth);
        $req->proxy_authorization_basic($user, $password);
    }
    my $res = $ua->request($req);
    # connection failed
    if ( not $res->is_success ){
        print "\n[-] failed to connect to the proxy... ignore it\n\n";
    }
    else
    {
        $ua->proxy(http => "http://$proxy/");
    }
}

print "\n[*] This thing will take a little time so please wait...\n\n";
print "[*] Processing:\n";

### Functions

sub list_serv
{
    print "[*] List of available Reverse Ip Lookup services:\n\n";
    foreach $X (keys %SERV)
    {
        print "    -> $SERV{$X}->{SITE}\n";
    }
    print "\n";
    exit;
}

sub trapsig
{
    print "\n\n[!!] Caught Interrupt (CTRL+C), Aborting\n";
    print "[!!] Saving results\n";
    save_report($filename);
    exit();
}
sub add
{
    my $x = lc($_[0]);
    ($x =~ /[\<\"]|freecellphonetracer|reversephonedetective|americanhvacparts|freephonetracer|phone\.addresses|reversephone\.theyellowpages|\.in-addr\.arpa|^\d+(\.|-)\d+(\.|-)/) ? return:0;
    push(@{$SERV{$X}->{DUMP}},$x) if($verbose);
    $x =~ s/http(.|s)\:\/\/|\*\.|^www\.|\///;#remove shit
    ++$SERV{$X}->{NB};
    push(@result,$x);
}
sub getIP
{
    my @ip = unpack('C4',(gethostbyname($_[0]))[4]) or return;
    return join('.',@ip);
}

sub getDNS
{
    return gethostbyaddr(inet_aton($_[0]),AF_INET);
}

sub Req
{
    my ($URL,$data)=@_;
    my $res;
    if(!$data)
    {
        $res = $ua->get($URL);
    }
    else
    {
        $res = $ua->post($URL,
        {
            $data => $target,
        });
    }
    if(!$res->is_success)
    {
        print "[!] Error: ".$res->status_line."\n" if ($verbose);
    }
    return $res->content;
}

sub Yougetsignal
{
    my $resu = Req(sprintf($SERV{$X}->{URL},$target),$SERV{$X}->{DATA});
    while ($resu =~ m/\["(.*?)\"\, \"(1|)\"\]/g)
    {
        add($1);
    }
    if ($resu =~ m/Daily reverse IP check limit reached for/i)
    {
        $ERROR = "E1";
        $SERV{$X}->{NB} = $ERROR;
    }
}

sub eWhois
{
    sub callback
    {
        while($_[0] =~ m/"(.*?)","","","(UA\-[0-9]+\-[0-9]+|)",""/g)
        {
            add($1);
        }
    }
    my $url = "http://www.ewhois.com/export/ip-address/$target/";
    my $cookie_jar = HTTP::Cookies->new(autosave => 1);
    my $browser = LWP::UserAgent->new(agent => $useragent);
    $browser->cookie_jar($cookie_jar);
    my $resu = $browser->post("http://www.ewhois.com/login/",
    {
        'data[User][email]'=>'r12xr00tu@gmail.com',
        'data[User][password]'=>'RitX:::R1tX',
        'data[User][remember_me]'=>'0'
    });
    if(!$resu->header('Location'))
    {
        print "[-] Sorry, we cant login to eWhois!\n";
        return;
    }
    $browser->get($url, ':content_cb' => \&callback );
}

sub Whoiswebhosting
{
    for (my $i=1;$i<=100;$i++)
    {
        my $resu = Req(sprintf($SERV{$X}->{URL},$target,$i));
        if ($resu =~ m/<a href=\"\/.*?\?pi\=\d+\&ob\=SLD\&oo\=DESC\">Next\&nbsp\;\&gt\;\&gt\;<\/a>/g)
        {
            while ($resu =~ m/<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>/g)
            {
                add($1);
            }
        }
        else
        {
            while ($resu =~ m/<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>/g)
            {
                add($1);
            }
            if ($resu =~ m/The security key helps us prevent automated searches/i)
            {
                $ERROR = "E2";
                $SERV{$X}->{NB} = $ERROR;
                last;
            }
            last;
        }
    }
}

sub ViewDNS
{
    my $resu = Req(sprintf($SERV{$X}->{URL},$target));
    if($resu =~ m/<table border="1"><tr><td>Domain<\/td><td>Last Resolved Date<\/td><\/tr>(.*?)<\/table><br><\/td><\/tr>/i)
    {
        $resu = $1;
        while($resu =~ m/<tr><td>(.*?)<\/td><td align="center">/gi)
        {
            add($1);
        }
    }
}

sub BingApi
{
    my $b;
    my $off = 0;
    for(my $offset=50;$offset<=500;$offset+=50)
    {
        my $resu = Req(sprintf($SERV{$X}->{URL},$bingApiKey,$target).$offset);
        if ($resu =~ m/<web\:Offset>(.*?)<\/web\:Offset>/gi)
        {
            $off = $1;
        }
        if ($off == $offset)
        {
            while ($resu =~ m/<web\:Url>http:\/\/(.*?)<\/web\:Url>/g)
            {
                $b = $1;
                push(@bingtrash,$b) if $bing;
                $b =~ s/\/.*// if index($b,"/");
                add($b);
            }
        }
        else
        {
            last;
        }
    }
}

sub add2tmp
{
    syswrite(TMP,gethostbyaddr(inet_aton($_[0]),AF_INET).":$_[0];");
}


sub checkDomain
{
    if(getDNS('www.'.$_[0]) eq $DNSx)
    {
        $NEWNB++;
        print "    Found : $_[0]\n";
        push(@resx,'www.'.$_[0]);
    }
    elsif(getDNS($_[0]) eq $DNSx)
    {
        print "    Found : $_[0]\n";
        $NEWNB++;
        push(@resx,$_[0]);
    }
    else
    {
        print "    Try : $_[0]\n";
    }
}

sub save_report
{
    my $filen = $_[0];
    if($donecheck && $threadz && $thread_support)
    {
        open (IN,"./$TMPdir/RitX-tmp.txt") or print ("\n[!] Can't create the file ($filen)\n");
        open (OUT,">$target-checked.txt") or print ("\n[!] Can't create the file ($filen)\n");
        syswrite(OUT,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Results were tested and checked, so all old records were removed.\n\n");
        while(<IN>)
        {
            chomp;
            if (index($_,$DNSx))
            {
                $NEWNB++;
                s/$DNSx://;
                syswrite(OUT,"$_\n");
            }
        }
        close(IN);
        close(OUT);
    }
    elsif($donecheck && !$threadz)
    {
        open (OUT,">$target-checked.txt") or print ("\n[!] Can't create the file ($filen)\n");
        syswrite(OUT,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Results were tested and checked, so all old records were removed.\n# Total domains: $NEWNB\n\n");
        foreach (@resx)
        {
            syswrite(OUT,"$_\n") if ($_);
        }
        close(OUT);
    }
    open (F,">$filen") or print ("\n[!] Can't create the file ($filen)\n");
    syswrite(F,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Total domains: $TOTALNB\n\n");
    foreach(@result)
    {
        syswrite(F,"$_\n") if ($_);
    }
    close(F);
}


#----------#
foreach $X (keys %SERV)
{
    my $match = $SERV{$X}->{REGEX};
    syswrite(STDOUT,"   -> $SERV{$X}->{SITE}\n");
    if(!$SERV{$X}->{SP})
    {
        $res=Req(sprintf($SERV{$X}->{URL},$target),$SERV{$X}->{DATA});
    }
    else
    {
        eval($SERV{$X}->{SP});
        next;
    }
    while($res =~ m/$match/g)
    {
        add($1);
    }
}

die "\n\n[-] Sorry, there is no data were retrieved!\n" if(scalar(@result)<1);

@result = sort(grep { ++$R12{$_} < 2 } @result);
undef(%R12);
$TOTALNB = scalar(@result);

if($verbose)
{
    print "\n[+] DEBUG:\n\n";
    foreach $X (keys %SERV)
    {
        syswrite(STDOUT,"  + $SERV{$X}->{SITE}\n");
        foreach $DMP (@{$SERV{$X}->{DUMP}})
        {
            syswrite(STDOUT,"    - $DMP\n");
        }
    }
}

if($bing)
{
    if (scalar(@bingtrash)>0)
    {
        syswrite(STDOUT,"[+] saving Bing shit...  ");
        my $file = "bingresults-$target.txt";
        open (BING,">$file") or print ("\n[!] Can't create bing shit\n");
        print BING "# Genereted By RitX $VERSION\n# Those are all search results from Bing.com ($target).\n\n";
        foreach (@bingtrash)
        {
            print BING "$_\n";
        }
        close(BING);
        syswrite(STDOUT,"DONE\n");
        print "[+] bing results were saved into $file\n";
    }
    else
    {
        print "\n[-] no bing data!!\n\n"
    }
}

if ($check)
{
    my ($domain,$t);
    print "\n[x] Checking and removing old records from results\n";
    if ($threadz && $thread_support)
    {
        open(TMP,">./$TMPdir/RitX-tmp.txt");
        TMP->autoflush(1);
        foreach (@result)
        {
            threads->create(\&add2tmp,"www.$_")->detach;
            $t++;
            if($t==$threadz)
            {
                $s+=$t;
                print "\r passed $s";
                undef $t;
                sleep 1;
            }
        }
        close(TMP);
    }
    else
    {
        print "[-] Sorry your PERL installation doesn't support threads!\n\n" if !$thread_support;
        &checkDomain($_) foreach (@result);
    }
    $donecheck = 1;
    print "[+] Done\n";
}
&save_report($filename);


print "\n[x] Result of $target : \n\n";

print "                        +--------+\n                        |   NB   |\n+-----------------------+--------+\n";
foreach $X (keys %SERV)
{
    printf "| %-22s| %-7s|\n",$SERV{$X}->{SITE},(($SERV{$X}->{NB}) ? $SERV{$X}->{NB} : 0);
    print "+--------------------------------+\n";
}
printf "  %-14s| Total | %-7s|\n"," ",$TOTALNB;
print "                +----------------+\n";
print "[+] After removing old records : $NEWNB\n\n" if $donecheck;

if ($ERROR)
{
    print "+--Keys------------------------------------+\n";
    print "|E1: Daily reverse IP check limit reached. |\n";
    print "|E2: Some Security Measures (Captcha).     |\n";
    print "+------------------------------------------+\n";
}
if ($TOTALNB != 0 and $print)
{
    print "[+] Results:\n";
    my $v = 0;
    foreach my $RD (@result)
    {
        $v++;
        print "  $RD\n";
        if($v==20){<STDIN>;undef $v};
    }
}
print "[+] All domain name results has been saved to ($filename)\n";
print "[+] All checked domains are saved to ($target-checked.txt)\n" if ($NEWNB>0);
print "[++] have fun :)\n";