perl reverse domain ok

1. #!/usr/bin/env perl
2.  
3. # RitX - Reverse IP Tool v1.3
4. # Copyright (C) 2011-2012
5. # r0b10S-12 <r12xr00tu@gmail.com>
6. # #p0c.cc
7.  
8. # Change Log:
9. # 1.3:
10. # Rename the script to RitX.
11. # Rewrite the entire code.
12. # Now RitX is command line tool.
13. # Better performance.
14. # add the multi-threading functions.
15. # Now results are more accurate.
16. # Fix all broken Regex and bugs.
17. # 1.2:
18. # Added 2 more websites .
19. # Removed all dead services .
20. # Fix some bugs.
21. # Made some changes.
22. # 1.0:
23. # Rit initial release.
24.  
25. print "\n\t+-----------------------------+\n";
26. print "\t| RitX 1.3 |\n";
27. print "\t| Coded by r0b10S-12 |\n";
28. print "\t+-----------------------------+\n\n";
29.  
30. #use threads ( stack_size => 4096 );
31. #use threads::shared;
32. use LWP ();
33. #use warnings;
34. #use strict;
35. #use LWP::ConnCache ();
36. #use Getopt::Long;
37.  
38. # Provide a friendly message for missing modules...
39. my @Modules = ("threads","threads::shared","Getopt::Long","LWP::ConnCache");
40.  
41. foreach $module (@Modules)
42. {
43. $can = eval "use $module;1;";
44. if ($can && $module =~ /threads/)
45. {
46. # Do processing using threads
47. $usethreads = 1;
48. }
49. elsif(!$can && $module =~ /threads/)
50. {
51. # Do it without using threads
52. $usethreads = 0;
53. }
54. # The module isn't there
55. if ($@ =~ /Can't locate/) {
56. die "\n[!!] Seems that some module is missing...:\n".$@."\n";
57. }
58. }
59.  
60. my $in:shared;
61. my @resx:shared;
62.  
63. $b = $0;
64. $b =~s/.*\///;
65. sub usage {
66. print <<HELP;
67. Usage: perl $b [OPTIONS]
68. Options:
69. -s, --target Server hostname or ip (for best results use IP)
70. -t, --timeout=SECONDS Seconds to wait before timeout connection (default 30)
71. -c, --check Check web sites that are in the same IP address range
72. -p, --print Print results
73. -o, --output=FILE Save results to a file (default IP.txt)
74. -h, --help This message
75.  
76. Threads:
77. --threads=THREADS Maximum number of concurrent ip checks (default 1) require --check
78.  
79. HELP
80. exit;
81. }
82.  
83.  
84. # Process options.
85. if ( @ARGV > 0 )
86. {
87. GetOptions( 's|target=s' => \$target,
88. 't|timeout=i' => \$timeout,
89. 'threads=i' => \$threads,
90. 'c|check' => \$check,
91. 'p|print' => \$print,
92. 'o|output=s' => \$filename,
93. 'h|help' => \$help) or usage;
94. }
95. else
96. {
97. print "[*] Usage : perl $b [OPTIONS]\n";
98. print " EXEMPLE : perl $b -s www.target.com -o result.txt\n\n";
99. print "[*] Try 'perl $b -h' for more options.\n";
100. exit;
101. }
102.  
103. $help and usage;
104. $target or usage;
105.  
106. if ($target =~ m/^([1-9]|1[0-9]{1,2}|2[0-4]\d|25[0-5])(\.([0-9]|1[0-9]{1,2}|2[0-4]\d|25[0-5])){3}$/)
107. {
108. # nice do nothing
109. }
110. elsif ($target =~ /([a-z][a-z0-9\-]+(\.|\-*\.))+[a-z]{2,6}$/)
111. {
112. $IP = getIP($target);
113. if ($IP)
114. {
115. $target = $IP;
116. }
117. else
118. {
119. die "\n[!!] Unable to Resolve Host $target ! \n";
120. }
121. }
122. else
123. {
124. die "[-] Invalid Hostname or Ip address .\n";
125. }
126.  
127. # Global variables
128. $VERSION = "1.3";
129. $useragent ||= 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5';
130. $filename ||= "$target.txt";
131. $timeout ||= 30;
132.  
133. #-------------------------------------------------------------------------------#
134. $ua = LWP::UserAgent->new(agent => $useragent);
135. $ua->timeout($timeout);
136. $ua->max_redirect(0);
137. $ua->conn_cache(LWP::ConnCache->new());
138. print "\n[*] This operation will take little time ,Please wait...\n\n";
139. #-------------------------------------------------------------------------------#
140. print "[*] Processing:\n";
141. @R = (
142. {
143. SITE => "Myipneighbors.net",
144. URL => "http://www.myipneighbors.net/?s=%s",
145. REGEX => '<\/tr><tr><td><a href="\/\?s\=.*?">(.*?)<\/a><\/td>',
146. },
147. {
148. SITE => "My-ip-neighbors.com",
149. URL => "http://www.my-ip-neighbors.com/?domain=%s",
150. REGEX => '<td class="action"\starget="\_blank"><a\shref="http\:\/\/whois\.domaintools\.com\/(.*?)"\starget="\_blank"\sclass="external">Whois<\/a><\/td>',
151. },
152. {
153. SITE => "Yougetsignal.com",
154. DATA => 'remoteAddress',
155. URL => "http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php",
156. SP => 'Yougetsignal()',
157. },
158. {
159. SITE => "Myiptest.com",
160. URL => "http://www.myiptest.com/staticpages/index.php/Reverse-IP/%s",
161. REGEX => "<td style='width:200px;'><a href='http:\/\/www.myiptest.com\/staticpages\/index.php\/Reverse-IP\/.*?'>(.*?)<\/a><\/td>",
162. },
163. {
164. SITE => "Whois.WebHosting.info",
165. URL => "http://whois.webhosting.info/%s",
166. SP => 'Whoiswebhosting()',
167. },
168. {
169. SITE => "Ksasecurity.net",
170. URL => 'http://www.ksasecurity.net/results-reverse.php?url=%s',
171. REGEX => "<a href='.*?' target='_blank'>http:\/\/(.*?)<\/a><\/li>",
172. },
173. {
174. SITE => 'Domainsbyip.com',
175. URL => 'http://domainsbyip.com/%s/',
176. REGEX => '<li class="site.*?"><a href="http\:\/\/domainsbyip.com\/domaintoip\/(.*?)/">.*?<\/a>',
177. },
178. {
179. SITE => "Ip-adress.com",
180. URL => "http://www.ip-adress.com/reverse_ip/%s",
181. REGEX => '\[<a href="\/whois\/(.*?)">Whois<\/a>\]',
182. },
183. {
184. SITE => "Bing.com",
185. URL => "http://www.bing.com/search?q=ip:%s&filt=all",
186. SP => 'Bing()',
187. },
188. {
189. SITE => "Sameip.org",
190. URL => "http://sameip.org/ip/%s/",
191. REGEX => '<a href="http:\/\/.*?" rel=\'nofollow\' title="visit .*?" target="_blank">(.*?)<\/a>',
192. },
193. {
194. SITE => "Robtex.com",
195. URL => "http://www.robtex.com/ajax/dns/%s.html",
196. REGEX => '<a href="\/dns\/.*?\.html" >(([a-z][a-z0-9\-]+(\.|\-*\.))+[a-z]{2,6})<\/a><br \/>',
197. },
198. {
199. SITE => "Reverseip.us",
200. URL => "http://www.reverseip.us/?url=%s",
201. REGEX => '<td bgcolor="\#EAEAEA" align="left">&nbsp;&nbsp;<a target="_blank" href="http\:\/\/.*?">(.*?)<\/a><\/td>',
202. },
203. {
204. SITE => "Tools.web-max.ca",
205. URL => "http://ip2web.web-max.ca/?byip=1&ip=%s",
206. REGEX => '<a href="http:\/\/.*?" target="_blank">(.*?)<\/a>',
207. }
208. );
209.  
210. ### Functions
211. sub add
212. {
213. $x = lc($_[0]);
214. ($x =~ /\:|freecellphonetracer|reversephonedetective|americanhvacparts|freephonetracer|p​hone\.addresses|reversephone\.theyellowpages|\.in-addr\.arpa|^\d+(\.|-)\d+(\.|-)/) ? return:0;
215. $x =~ s/http:\/\/|\*\.|^www\.|\///;
216. push(@JUNK,$x);
217. }
218. sub getIP
219. {
220. @ip = unpack("C4",(gethostbyname($_[0]))[4]) or return;
221. return join(".", @ip);
222. }
223.  
224. sub Req
225. {
226. #print "$_[0]\n";
227. $data = $_[1];
228. if(!$data)
229. {
230. $res = $ua->get($_[0]);
231. }
232. else
233. {
234. $res = $ua->post($_[0],
235. {
236. $data => $target,
237. });
238. }
239. if($res->is_success)
240. {
241. #print $res->status_line."\n$_[0]\n";
242. }
243. else
244. {
245. print "[!] Error: ".$res->status_line."\n";
246. }
247. return $res->content;
248. }
249.  
250. sub Yougetsignal
251. {
252. $resu = Req(sprintf($TARGET->{URL},$target),$TARGET->{DATA});
253. while ($resu =~ m/\[([^\]]*)\]/g)
254. {
255. $s1 = $1;
256. $s1 =~ m/\"(.*?)\", \"?\"/g;
257. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$1);
258. add($1);
259. $n{$y}++;
260. }
261. if ($resu =~ m/"message":"Daily reverse IP check limit reached for .*\."/)
262. {
263. $n{$y} = "E1";
264. }
265. }
266. sub Whoiswebhosting
267. {
268. $resu = Req(sprintf($TARGET->{URL},$target));
269. if ($resu =~ m/<\/a>&nbsp;&nbsp;&nbsp;<a href="\/.*?\?pi=(.*?)&ob=SLD&oo=ASC">&nbsp;&nbsp;Last&nbsp;&gt;&gt;<\/a><\/td>/g)
270. {
271. $nb = $1;
272. for ($i=1;$i<=$nb;$i++)
273. {
274. $resu = Req(sprintf($TARGET->{URL},$target).'?pi='.$i.'&ob=SLD&oo=ASC');
275. while ($resu =~ m/<td><a href="http:\/\/whois.webhosting.info\/.*?\.">(.*?)\.<\/a><\/td>/g )
276. {
277. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$1);
278. add(lc($1));
279. $n{$y}++;
280. }
281. if ($resu =~ m/The security key helps us prevent automated searches/i)
282. {
283. $n{$y} = "E2";
284. last;
285. }
286. }
287. }
288. else
289. {
290. while ($resu =~ m/<td><a href="http:\/\/whois.webhosting.info\/.*?\.">(.*?)\.<\/a><\/td>/g )
291. {
292. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$1);
293. add(lc($1));
294. $n{$y}++;
295. }
296. if ($resu =~ m/The security key helps us prevent automated searches/i)
297. {
298. $n{$y} = "E2";
299. }
300. }
301. }
302.  
303. sub Bing
304. {
305. for ($i=1;;$i+=10)
306. {
307. $resu = Req(sprintf($TARGET->{URL},$target).'&first='.$i);
308. $resux = $resu;
309. if ($resux =~ m/FORM=PORE" class="sb_pagN" onmousedown="return si_T\(.*?\)">.*?<\/a><\/li><\/ul>/g)
310. {
311. while ($resu =~ m/<\/p><div class="sb_meta"><cite>(.*?)<\/cite>/g)
312. {
313. $b = $1;
314. $b =~ s/\/.*+// if ($b =~ /\//);
315. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$b);
316. add($b);
317. $n{$y}++;
318. }
319. }
320. else
321. {
322. while ($resu =~ m/<\/p><div class="sb_meta"><cite>(.*?)<\/cite>/g)
323. {
324. $b = $1;
325. $b =~ s/\/.*+// if ($b =~ /\//);
326. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$b);
327. add($b);
328. $n{$y}++;
329. }
330. last;
331. }
332. }
333. }
334. sub check
335. {
336. if((getIP('www.'.$_[0])==$target)or(getIP($_[0])==$target))
337. {
338. $in++;
339. print " Found : $_[0]\n";
340. #$resx[$in+1]=$_[0];
341. push(@resx,$_[0]);
342. }
343. #else
344. #{
345. # print "\r Try $_[0]\t\t\t";
346. #}
347. }
348.  
349. #-------------------------------------------------------------------------------#
350. foreach $TARGET (@R)
351. {
352. $y++;
353. syswrite(STDOUT," -> $TARGET->{SITE}\n");
354. if(!$TARGET->{SP})
355. {
356. $res=Req(sprintf($TARGET->{URL},$target),$TARGET->{DATA});
357. }
358. else
359. {
360. eval($TARGET->{SP});
361. next;
362. }
363. $match = $TARGET->{REGEX};
364. while($res =~ m/$match/gi)
365. {
366. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$1);
367. add($1);
368. $n{$y}++;
369. }
370. }
371.  
372. #foreach $TARGET (@R)
373. #{
374. # syswrite(STDOUT," + $TARGET->{SITE}\n");
375. # foreach $aaa (@{$TARGET->{"$TARGET->{SITE}"}{DATOS}})
376. # {
377. # syswrite(STDOUT," - $aaa\n");
378. # }
379. #}
380. #-------------------------------------------------------------------------------#
381. @result = sort(grep { ++$R12{$_} < 2 } @JUNK);
382.  
383. if ($check)
384. {
385. print "\n[x] Checking and cleaning the results\n";
386. if ($threads && $usethreads)
387. {
388. foreach $tr (@result)
389. {
390. $t++;
391. threads->create(\&check,$tr)->detach();
392. if($t=$threads)
393. {
394. while(threads->list()>0)
395. {
396. sleep 2;
397. }
398. $t=0;
399. }
400. }
401. }
402. elsif ($threads && !$usethreads)
403. {
404. print "[-] Sorry your PERL installation doesn't support threads!\n";
405. &check($_) foreach @result;
406. }
407. elsif (!$threads)
408. {
409. &check($_) foreach @result;
410. }
411. sleep 2;
412. @result = @resx;
413. print "[+] Done\n";
414. }
415. print "\n[x] Result of $target : \n\n";
416. open (F,">$filename") or die ("\n[!] Can't create the file ($filename)\n");
417. print F "# Genereted By RitX $VERSION\n";
418. print F "# Those are the domains hosted on the same web server as ($target).\n\n";
419. foreach $RD (@result)
420. {
421. print F "$RD\n" if ($RD);
422. $ny++;
423. }
424. close(F);
425.  
426. for ($i=0;$i<=14;$i++)
427. {
428. $n{$i} = 0 if (!$n{$i});
429. }
430.  
431. print " +------+\n";
432. print " | NB |\n";
433. print "+-----------------------+------+\n";
434. print "| Myipneighbors.net | $n{1}\n";
435. print "|------------------------------|\n";
436. print "| My-ip-neighbors.com | $n{2}\n";
437. print "|------------------------------|\n";
438. print "| Yougetsignal.com | $n{3}\n";
439. print "|------------------------------|\n";
440. print "| Myiptest.com | $n{4}\n";
441. print "|------------------------------|\n";
442. print "| Whois.webhosting.info | $n{5}\n";
443. print "|------------------------------|\n";
444. print "| Ksasecurity.net | $n{6}\n";
445. print "|------------------------------|\n";
446. print "| Domainbyip.com | $n{7}\n";
447. print "|------------------------------|\n";
448. print "| Ip-adress.com | $n{8}\n";
449. print "|------------------------------|\n";
450. print "| Bing.com | $n{9}\n";
451. print "|------------------------------|\n";
452. print "| Sameip.org | $n{10}\n";
453. print "|------------------------------|\n";
454. print "| Robtex.com | $n{11}\n";
455. print "|------------------------------|\n";
456. print "| Reverseip.us | $n{12}\n";
457. print "|------------------------------|\n";
458. print "| Tools.web-max.ca | $n{13}\n";
459. print "+-------------+----------------+\n";
460. print " | Total | $ny\n";
461. print " +----------------+\n";
462. if (($n{5} or $n{3}) =~ /E/)
463. {
464. print "+--Keys------------------------------------+\n";
465. print "|E1: Daily reverse IP check limit reached .|\n";
466. print "|E2: Some Security Measures (Captcha) . |\n";
467. print "+------------------------------------------+\n";
468. }
469. if ($ny != 0 and $print)
470. {
471. print "[+] Results:\n";
472. foreach $RD (@result)
473. {
474. $v++;
475. print " $RD\n";
476. if($v==20){<STDIN>;$v=0;};
477. }
478. }
479. print "[+] Scan Finished, have a nice hacking :p\n\n";
480. #-------------------------------------------------------------------------------#