Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 15
Guests Online: 15
Members Online: 0

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

Virtual Host Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-08-09 20:09
I recently coded a little virtual host scanner in C and just wanted to see if anyone had any suggestions to make it better or any code optimization tips for it. For those of you who don't know what a virtual host scanner is it basically takes lets say google.com and checks to see if there are any sub domains up. For example mail.google.com or admin.google.com. Its a pretty nifty tool to have sometimes. Anyway here is the code...

pastebin: http://pastebin.c. . .

or

Code
/*

##################
#  Virtual Host  #
#     Scanner    #
##################

*/

#include <stdio.h>
#include <string.h>
#include <netdb.h>

#define my_port "80"

int main(int argc, char *argv[]) {

    if (argc != 3) {
   printf("\nusage: ./dns <host> <list>\n\n");
   return 1; }

    FILE *dns_file;

    if ((dns_file = fopen(argv[2],"r")) == NULL) {
   printf("\nFile does not exist!\n");
   return 1; }

    char guess[50];

    while (fscanf(dns_file, "%s", guess) != EOF) {
   int status;
   char dnsbrute[60];
   sprintf(dnsbrute,"%s.%s",guess, argv[1]);

   struct addrinfo hints, *res;
   memset(&hints, 0, sizeof hints);
   hints.ai_family = AF_UNSPEC;
   hints.ai_socktype = SOCK_STREAM;

   if ((status = getaddrinfo(dnsbrute, my_port, &hints, &res)) == 0) {
       printf("\nFOUND! %s", dnsbrute); } }

    fclose(dns_file);
    return 0; }





Here it is in action against google.com with a small wordlist of possible sub domains...

Code
[root@localhost code]# gcc -o vhost vhost.c

[root@localhost code]# ./vhost google.com wordlist.txt

FOUND! blog.google.com
FOUND! doc.google.com
FOUND! docs.google.com
FOUND! download.google.com
FOUND! downloads.google.com
FOUND! image.google.com
FOUND! images.google.com
FOUND! mail.google.com
FOUND! search.google.com
FOUND! web.google.com
FOUND! www2.google.com





As of right now its kind of slow but not too terribly slow. Its pretty reliable but on some hosts it
gives false positives on all of the sub domains. Any criticism/comments/suggestions are welcome.





Edited by on 11-08-09 21:08
Author

RE: Virtual Host Scanner


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-08-09 20:36
MoshBat wrote:
Print only those found.


Done and done. Thanks for the tip looks a lot cleaner when you run it now.
(Edited my original post)