reveseip.pl

#!/usr/bin/perl -w
use strict;
use Getopt::Std;
use LWP::UserAgent;
use POSIX;
use Socket;
#########################################
#   wir3dev@c0rrupt Oct 1/2011  #
#########################################

our @fetched_hosts;

sub gather_hosts
{
    my($ip, $step, $verify, $active) = @_;
    my $url = undef;
    my $cont = 1;
    if($step == 1)
    {
        $url = "http://www.bing.com/search?q=ip:$ip";
    }
    else
    {
        $url = "http://www.bing.com/search?q=ip:$ip&go=&qs=n&sk=&sc=1-16&first=$step";
    }
    $step += 10;
    my $search = LWP::UserAgent->new;
    $search->agent("Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)");
    my $res = $search->get($url);
    die "Failed to retrieve contents\n" unless($res->is_success);
    die "No results for IP $ip\n" if($res->decoded_content =~ /No results found for <strong>ip/);
    $cont = 0 if($res->decoded_content =~ /Ref A:/);
    if($cont)
    {
        print "[+] Gathering hosts, page " . floor($step/10) . "...\n";
        my @fetched_page = split(/\n/, $res->decoded_content);
        foreach(@fetched_page)
        {
            my @tmp_res = /<cite>[:\/\/]*([\w\.\-]+)[\w+\/\.\-_:\?=]*<\/cite>/g;
            foreach(@tmp_res)
            {
                if($active)
                {
                    my $req = LWP::UserAgent->new;
                    $req->agent("Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)");
                    my $rep = $req->get("http://" . $_);
                    if(!$rep->is_success)
                    {
                        print "[INACTIVE] Site $_ appears to be inactive, skipping...\n";
                        next;
                    }
                }
                if($verify)
                {
                    next if(!&verify_hosts($_, $ip))
                }
                push @fetched_hosts, $_;
            }

        }
    }
    &gather_hosts($ip, $step, $verify) if($cont);
    @fetched_hosts;
}

sub verify_hosts
{
    my($host, $ip) = @_;
    print "Checking host $host\n";
    return 0 if($host !~ /[:\/\/]*([\w\.\-]+)[\w+\/\.\-_:\?=]*/);
    my @host = gethostbyname($host);
    if(!@host)
    {
        print "[ERROR] Error converting host $host to ip, skipping...\n";
        return 0;
    }
    my @arr = unpack('C4', $host[4]);
    $host = join('.', @arr);
    if($ip !~ /$arr[0]\.$arr[1]\.$arr[2]\./)
    {
        print "[VERIFY] Host [$host] does not match range $ip, skipping...\n";
        return 0;
    }
    1
}

sub array_unique
{
    my @tmp = @_;
    my %sorted;
    $sorted{$_} = 1 foreach(@_);
    keys(%sorted);
}

sub write_file
{
    my $write = $_[0];
    open FILE, ">$write";
    print FILE "$_\n" foreach(@fetched_hosts);
    close FILE;
    print "[+] Saved results in $write\n";
}

sub usage
{
    die "Reverse IP coded by wir3dev\nNote: Options in square brackets are required\nUsage: $0 [-q] (ip to check) -w (save file) -v (verify results) -a (verify if site is active)\n";
}

print "[#] Reverse IP coded by wir3dev [#]\n";
my %opts;
getopts("q:w:va", \%opts);
usage if(!defined($opts{'q'}));
usage if($opts{'q'} !~ /^\d+\.\d+\.\d+\.\d+$/);
if(exists($opts{'v'})) {$opts{'v'} = 1;} else {$opts{'v'} = 0;}
if(exists($opts{'a'})) {$opts{'a'} = 1;} else {$opts{'a'} = 0;}
print "\n\nGathering hosts for IP $opts{q}...\n";
gather_hosts $opts{'q'}, 1, $opts{'v'}, $opts{'a'};
@fetched_hosts = array_unique @fetched_hosts;
print "---------------------------------------------------------------------------\n";
for(my $i = 0; $i < $#fetched_hosts; $i++)
{
    print "$fetched_hosts[$i]\n";
}
print "\n---------------------------------------------------------------------------\n";
print "[+] Complete. Fetched " . ($#fetched_hosts) . " hosts\n";
write_file $opts{'w'} if(defined($opts{'w'}));