t3ll0

perl reverse domain ok

Apr 1st, 2013
117
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env perl
  2.  
  3. # RitX - Reverse IP Tool v1.3
  4. # Copyright (C) 2011-2012
  5. # r0b10S-12 <r12xr00tu@gmail.com>
  6. # #p0c.cc
  7.  
  8. # Change Log:
  9. # 1.3:
  10. # Rename the script to RitX.
  11. # Rewrite the entire code.
  12. # Now RitX is command line tool.
  13. # Better performance.
  14. # add the multi-threading functions.
  15. # Now results are more accurate.
  16. # Fix all broken Regex and bugs.
  17. # 1.2:
  18. # Added 2 more websites .
  19. # Removed all dead services .
  20. # Fix some bugs.
  21. # Made some changes.
  22. # 1.0:
  23. # Rit initial release.
  24.  
  25. print "\n\t+-----------------------------+\n";
  26. print "\t| RitX 1.3 |\n";
  27. print "\t| Coded by r0b10S-12 |\n";
  28. print "\t+-----------------------------+\n\n";
  29.  
  30. #use threads ( stack_size => 4096 );
  31. #use threads::shared;
  32. use LWP ();
  33. #use warnings;
  34. #use strict;
  35. #use LWP::ConnCache ();
  36. #use Getopt::Long;
  37.  
  38. # Provide a friendly message for missing modules...
  39. my @Modules = ("threads","threads::shared","Getopt::Long","LWP::ConnCache");
  40.  
  41. foreach $module (@Modules)
  42. {
  43. $can = eval "use $module;1;";
  44. if ($can && $module =~ /threads/)
  45. {
  46. # Do processing using threads
  47. $usethreads = 1;
  48. }
  49. elsif(!$can && $module =~ /threads/)
  50. {
  51. # Do it without using threads
  52. $usethreads = 0;
  53. }
  54. # The module isn't there
  55. if ($@ =~ /Can't locate/) {
  56. die "\n[!!] Seems that some module is missing...:\n".$@."\n";
  57. }
  58. }
  59.  
  60. my $in:shared;
  61. my @resx:shared;
  62.  
  63. $b = $0;
  64. $b =~s/.*\///;
  65. sub usage {
  66. print <<HELP;
  67. Usage: perl $b [OPTIONS]
  68. Options:
  69. -s, --target Server hostname or ip (for best results use IP)
  70. -t, --timeout=SECONDS Seconds to wait before timeout connection (default 30)
  71. -c, --check Check web sites that are in the same IP address range
  72. -p, --print Print results
  73. -o, --output=FILE Save results to a file (default IP.txt)
  74. -h, --help This message
  75.  
  76. Threads:
  77. --threads=THREADS Maximum number of concurrent ip checks (default 1) require --check
  78.  
  79. HELP
  80. exit;
  81. }
  82.  
  83.  
  84. # Process options.
  85. if ( @ARGV > 0 )
  86. {
  87. GetOptions( 's|target=s' => \$target,
  88. 't|timeout=i' => \$timeout,
  89. 'threads=i' => \$threads,
  90. 'c|check' => \$check,
  91. 'p|print' => \$print,
  92. 'o|output=s' => \$filename,
  93. 'h|help' => \$help) or usage;
  94. }
  95. else
  96. {
  97. print "[*] Usage : perl $b [OPTIONS]\n";
  98. print " EXEMPLE : perl $b -s www.target.com -o result.txt\n\n";
  99. print "[*] Try 'perl $b -h' for more options.\n";
  100. exit;
  101. }
  102.  
  103. $help and usage;
  104. $target or usage;
  105.  
  106. if ($target =~ m/^([1-9]|1[0-9]{1,2}|2[0-4]\d|25[0-5])(\.([0-9]|1[0-9]{1,2}|2[0-4]\d|25[0-5])){3}$/)
  107. {
  108. # nice do nothing
  109. }
  110. elsif ($target =~ /([a-z][a-z0-9\-]+(\.|\-*\.))+[a-z]{2,6}$/)
  111. {
  112. $IP = getIP($target);
  113. if ($IP)
  114. {
  115. $target = $IP;
  116. }
  117. else
  118. {
  119. die "\n[!!] Unable to Resolve Host $target ! \n";
  120. }
  121. }
  122. else
  123. {
  124. die "[-] Invalid Hostname or Ip address .\n";
  125. }
  126.  
  127. # Global variables
  128. $VERSION = "1.3";
  129. $useragent ||= 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5';
  130. $filename ||= "$target.txt";
  131. $timeout ||= 30;
  132.  
  133. #-------------------------------------------------------------------------------#
  134. $ua = LWP::UserAgent->new(agent => $useragent);
  135. $ua->timeout($timeout);
  136. $ua->max_redirect(0);
  137. $ua->conn_cache(LWP::ConnCache->new());
  138. print "\n[*] This operation will take little time ,Please wait...\n\n";
  139. #-------------------------------------------------------------------------------#
  140. print "[*] Processing:\n";
  141. @R = (
  142. {
  143. SITE => "Myipneighbors.net",
  144. URL => "http://www.myipneighbors.net/?s=%s",
  145. REGEX => '<\/tr><tr><td><a href="\/\?s\=.*?">(.*?)<\/a><\/td>',
  146. },
  147. {
  148. SITE => "My-ip-neighbors.com",
  149. URL => "http://www.my-ip-neighbors.com/?domain=%s",
  150. REGEX => '<td class="action"\starget="\_blank"><a\shref="http\:\/\/whois\.domaintools\.com\/(.*?)"\starget="\_blank"\sclass="external">Whois<\/a><\/td>',
  151. },
  152. {
  153. SITE => "Yougetsignal.com",
  154. DATA => 'remoteAddress',
  155. URL => "http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php",
  156. SP => 'Yougetsignal()',
  157. },
  158. {
  159. SITE => "Myiptest.com",
  160. URL => "http://www.myiptest.com/staticpages/index.php/Reverse-IP/%s",
  161. REGEX => "<td style='width:200px;'><a href='http:\/\/www.myiptest.com\/staticpages\/index.php\/Reverse-IP\/.*?'>(.*?)<\/a><\/td>",
  162. },
  163. {
  164. SITE => "Whois.WebHosting.info",
  165. URL => "http://whois.webhosting.info/%s",
  166. SP => 'Whoiswebhosting()',
  167. },
  168. {
  169. SITE => "Ksasecurity.net",
  170. URL => 'http://www.ksasecurity.net/results-reverse.php?url=%s',
  171. REGEX => "<a href='.*?' target='_blank'>http:\/\/(.*?)<\/a><\/li>",
  172. },
  173. {
  174. SITE => 'Domainsbyip.com',
  175. URL => 'http://domainsbyip.com/%s/',
  176. REGEX => '<li class="site.*?"><a href="http\:\/\/domainsbyip.com\/domaintoip\/(.*?)/">.*?<\/a>',
  177. },
  178. {
  179. SITE => "Ip-adress.com",
  180. URL => "http://www.ip-adress.com/reverse_ip/%s",
  181. REGEX => '\[<a href="\/whois\/(.*?)">Whois<\/a>\]',
  182. },
  183. {
  184. SITE => "Bing.com",
  185. URL => "http://www.bing.com/search?q=ip:%s&filt=all",
  186. SP => 'Bing()',
  187. },
  188. {
  189. SITE => "Sameip.org",
  190. URL => "http://sameip.org/ip/%s/",
  191. REGEX => '<a href="http:\/\/.*?" rel=\'nofollow\' title="visit .*?" target="_blank">(.*?)<\/a>',
  192. },
  193. {
  194. SITE => "Robtex.com",
  195. URL => "http://www.robtex.com/ajax/dns/%s.html",
  196. REGEX => '<a href="\/dns\/.*?\.html" >(([a-z][a-z0-9\-]+(\.|\-*\.))+[a-z]{2,6})<\/a><br \/>',
  197. },
  198. {
  199. SITE => "Reverseip.us",
  200. URL => "http://www.reverseip.us/?url=%s",
  201. REGEX => '<td bgcolor="\#EAEAEA" align="left">&nbsp;&nbsp;<a target="_blank" href="http\:\/\/.*?">(.*?)<\/a><\/td>',
  202. },
  203. {
  204. SITE => "Tools.web-max.ca",
  205. URL => "http://ip2web.web-max.ca/?byip=1&ip=%s",
  206. REGEX => '<a href="http:\/\/.*?" target="_blank">(.*?)<\/a>',
  207. }
  208. );
  209.  
  210. ### Functions
  211. sub add
  212. {
  213. $x = lc($_[0]);
  214. ($x =~ /\:|freecellphonetracer|reversephonedetective|americanhvacparts|freephonetracer|p​hone\.addresses|reversephone\.theyellowpages|\.in-addr\.arpa|^\d+(\.|-)\d+(\.|-)/) ? return:0;
  215. $x =~ s/http:\/\/|\*\.|^www\.|\///;
  216. push(@JUNK,$x);
  217. }
  218. sub getIP
  219. {
  220. @ip = unpack("C4",(gethostbyname($_[0]))[4]) or return;
  221. return join(".", @ip);
  222. }
  223.  
  224. sub Req
  225. {
  226. #print "$_[0]\n";
  227. $data = $_[1];
  228. if(!$data)
  229. {
  230. $res = $ua->get($_[0]);
  231. }
  232. else
  233. {
  234. $res = $ua->post($_[0],
  235. {
  236. $data => $target,
  237. });
  238. }
  239. if($res->is_success)
  240. {
  241. #print $res->status_line."\n$_[0]\n";
  242. }
  243. else
  244. {
  245. print "[!] Error: ".$res->status_line."\n";
  246. }
  247. return $res->content;
  248. }
  249.  
  250. sub Yougetsignal
  251. {
  252. $resu = Req(sprintf($TARGET->{URL},$target),$TARGET->{DATA});
  253. while ($resu =~ m/\[([^\]]*)\]/g)
  254. {
  255. $s1 = $1;
  256. $s1 =~ m/\"(.*?)\", \"?\"/g;
  257. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$1);
  258. add($1);
  259. $n{$y}++;
  260. }
  261. if ($resu =~ m/"message":"Daily reverse IP check limit reached for .*\."/)
  262. {
  263. $n{$y} = "E1";
  264. }
  265. }
  266. sub Whoiswebhosting
  267. {
  268. $resu = Req(sprintf($TARGET->{URL},$target));
  269. if ($resu =~ m/<\/a>&nbsp;&nbsp;&nbsp;<a href="\/.*?\?pi=(.*?)&ob=SLD&oo=ASC">&nbsp;&nbsp;Last&nbsp;&gt;&gt;<\/a><\/td>/g)
  270. {
  271. $nb = $1;
  272. for ($i=1;$i<=$nb;$i++)
  273. {
  274. $resu = Req(sprintf($TARGET->{URL},$target).'?pi='.$i.'&ob=SLD&oo=ASC');
  275. while ($resu =~ m/<td><a href="http:\/\/whois.webhosting.info\/.*?\.">(.*?)\.<\/a><\/td>/g )
  276. {
  277. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$1);
  278. add(lc($1));
  279. $n{$y}++;
  280. }
  281. if ($resu =~ m/The security key helps us prevent automated searches/i)
  282. {
  283. $n{$y} = "E2";
  284. last;
  285. }
  286. }
  287. }
  288. else
  289. {
  290. while ($resu =~ m/<td><a href="http:\/\/whois.webhosting.info\/.*?\.">(.*?)\.<\/a><\/td>/g )
  291. {
  292. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$1);
  293. add(lc($1));
  294. $n{$y}++;
  295. }
  296. if ($resu =~ m/The security key helps us prevent automated searches/i)
  297. {
  298. $n{$y} = "E2";
  299. }
  300. }
  301. }
  302.  
  303. sub Bing
  304. {
  305. for ($i=1;;$i+=10)
  306. {
  307. $resu = Req(sprintf($TARGET->{URL},$target).'&first='.$i);
  308. $resux = $resu;
  309. if ($resux =~ m/FORM=PORE" class="sb_pagN" onmousedown="return si_T\(.*?\)">.*?<\/a><\/li><\/ul>/g)
  310. {
  311. while ($resu =~ m/<\/p><div class="sb_meta"><cite>(.*?)<\/cite>/g)
  312. {
  313. $b = $1;
  314. $b =~ s/\/.*+// if ($b =~ /\//);
  315. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$b);
  316. add($b);
  317. $n{$y}++;
  318. }
  319. }
  320. else
  321. {
  322. while ($resu =~ m/<\/p><div class="sb_meta"><cite>(.*?)<\/cite>/g)
  323. {
  324. $b = $1;
  325. $b =~ s/\/.*+// if ($b =~ /\//);
  326. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$b);
  327. add($b);
  328. $n{$y}++;
  329. }
  330. last;
  331. }
  332. }
  333. }
  334. sub check
  335. {
  336. if((getIP('www.'.$_[0])==$target)or(getIP($_[0])==$target))
  337. {
  338. $in++;
  339. print " Found : $_[0]\n";
  340. #$resx[$in+1]=$_[0];
  341. push(@resx,$_[0]);
  342. }
  343. #else
  344. #{
  345. # print "\r Try $_[0]\t\t\t";
  346. #}
  347. }
  348.  
  349. #-------------------------------------------------------------------------------#
  350. foreach $TARGET (@R)
  351. {
  352. $y++;
  353. syswrite(STDOUT," -> $TARGET->{SITE}\n");
  354. if(!$TARGET->{SP})
  355. {
  356. $res=Req(sprintf($TARGET->{URL},$target),$TARGET->{DATA});
  357. }
  358. else
  359. {
  360. eval($TARGET->{SP});
  361. next;
  362. }
  363. $match = $TARGET->{REGEX};
  364. while($res =~ m/$match/gi)
  365. {
  366. #push(@{$TARGET->{"$TARGET->{SITE}"}{DATOS}},$1);
  367. add($1);
  368. $n{$y}++;
  369. }
  370. }
  371.  
  372. #foreach $TARGET (@R)
  373. #{
  374. # syswrite(STDOUT," + $TARGET->{SITE}\n");
  375. # foreach $aaa (@{$TARGET->{"$TARGET->{SITE}"}{DATOS}})
  376. # {
  377. # syswrite(STDOUT," - $aaa\n");
  378. # }
  379. #}
  380. #-------------------------------------------------------------------------------#
  381. @result = sort(grep { ++$R12{$_} < 2 } @JUNK);
  382.  
  383. if ($check)
  384. {
  385. print "\n[x] Checking and cleaning the results\n";
  386. if ($threads && $usethreads)
  387. {
  388. foreach $tr (@result)
  389. {
  390. $t++;
  391. threads->create(\&check,$tr)->detach();
  392. if($t=$threads)
  393. {
  394. while(threads->list()>0)
  395. {
  396. sleep 2;
  397. }
  398. $t=0;
  399. }
  400. }
  401. }
  402. elsif ($threads && !$usethreads)
  403. {
  404. print "[-] Sorry your PERL installation doesn't support threads!\n";
  405. &check($_) foreach @result;
  406. }
  407. elsif (!$threads)
  408. {
  409. &check($_) foreach @result;
  410. }
  411. sleep 2;
  412. @result = @resx;
  413. print "[+] Done\n";
  414. }
  415. print "\n[x] Result of $target : \n\n";
  416. open (F,">$filename") or die ("\n[!] Can't create the file ($filename)\n");
  417. print F "# Genereted By RitX $VERSION\n";
  418. print F "# Those are the domains hosted on the same web server as ($target).\n\n";
  419. foreach $RD (@result)
  420. {
  421. print F "$RD\n" if ($RD);
  422. $ny++;
  423. }
  424. close(F);
  425.  
  426. for ($i=0;$i<=14;$i++)
  427. {
  428. $n{$i} = 0 if (!$n{$i});
  429. }
  430.  
  431. print " +------+\n";
  432. print " | NB |\n";
  433. print "+-----------------------+------+\n";
  434. print "| Myipneighbors.net | $n{1}\n";
  435. print "|------------------------------|\n";
  436. print "| My-ip-neighbors.com | $n{2}\n";
  437. print "|------------------------------|\n";
  438. print "| Yougetsignal.com | $n{3}\n";
  439. print "|------------------------------|\n";
  440. print "| Myiptest.com | $n{4}\n";
  441. print "|------------------------------|\n";
  442. print "| Whois.webhosting.info | $n{5}\n";
  443. print "|------------------------------|\n";
  444. print "| Ksasecurity.net | $n{6}\n";
  445. print "|------------------------------|\n";
  446. print "| Domainbyip.com | $n{7}\n";
  447. print "|------------------------------|\n";
  448. print "| Ip-adress.com | $n{8}\n";
  449. print "|------------------------------|\n";
  450. print "| Bing.com | $n{9}\n";
  451. print "|------------------------------|\n";
  452. print "| Sameip.org | $n{10}\n";
  453. print "|------------------------------|\n";
  454. print "| Robtex.com | $n{11}\n";
  455. print "|------------------------------|\n";
  456. print "| Reverseip.us | $n{12}\n";
  457. print "|------------------------------|\n";
  458. print "| Tools.web-max.ca | $n{13}\n";
  459. print "+-------------+----------------+\n";
  460. print " | Total | $ny\n";
  461. print " +----------------+\n";
  462. if (($n{5} or $n{3}) =~ /E/)
  463. {
  464. print "+--Keys------------------------------------+\n";
  465. print "|E1: Daily reverse IP check limit reached .|\n";
  466. print "|E2: Some Security Measures (Captcha) . |\n";
  467. print "+------------------------------------------+\n";
  468. }
  469. if ($ny != 0 and $print)
  470. {
  471. print "[+] Results:\n";
  472. foreach $RD (@result)
  473. {
  474. $v++;
  475. print " $RD\n";
  476. if($v==20){<STDIN>;$v=0;};
  477. }
  478. }
  479. print "[+] Scan Finished, have a nice hacking :p\n\n";
  480. #-------------------------------------------------------------------------------#
RAW Paste Data