[cc lang=”perl”]#!/usr/bin/perl
#
# plomp by andrew cook (andrew-cook@live.com) (efnet: sshlong)
#
# high speed http(80) banner retrieval an analysis. plomp grabs the version
# info from the banner if present and reports it. However, by also sending
# a series malformed requests to the server plomp is able to determine if
# the version information in the banner has been altered.
#
# USAGE: plomp -t -n
#

use IO::Socket;
use Getopt::Std;

@http_report = ();

$spawns=0;
%options=();
getopts(“n:t:”, %options);
if($options{n} > 0 && $options{n} < 1000) { $max_children=$options{n}; } else { $max_children=9; } if($options{t}) { $hostlist=$options{t}; } else { die "usage: plomp -t -n “;
}

open(TARGETS,$hostlist);
@targets=;
chomp(@targets);
foreach(@targets) {
if( fork() == 0) {
http_scan($_);

print(“$target http reportn”);
print(“——————————————n”);
print(“apache: $http_report[1]n”);
print(“iis: $http_report[2]n”);
print(“Sun: $http_report[3]n”);
print(“$http_report[4]nn”);

exit;

} else {
$spawns++;
if($spawns >= $max_children) {
wait();
$spawns–;
}
}
}

sub http_scan() {

my $apache=0;
my $iis=0;
my $sunjava=0;

my @lines;
$target=$_;
my $http_head = “HEAD / HTTP/1.0nn”;
my $http_delete = “DELETE / HTTP/1.0nn”;
my $http_get = “GET / HTTP/6.9nn”;
my $http_improper = “POOP / HTTP/1.0nn”;
my $http_port=80;

if( my $shitbox = IO::Socket::INET->new(
Proto => “tcp”,
PeerAddr => $target,
PeerPort => $http_port,
Timeout => ‘5’
) ) {
print $shitbox “$http_head”;
@lines=<$shitbox>;
foreach $match (@lines) {
if($match =~ /server/i) {
$resp1=$match;
}

}
}
if( my $shitbox = IO::Socket::INET->new(
Proto => “tcp”,
PeerAddr => $target,
PeerPort => $http_port,
Timeout => ‘9’
) ) {
print $shitbox “$http_delete”;
@lines=<$shitbox>;
foreach(@lines) {
if($_ =~ /405 Method/) {
$apache += 1;
} elsif($_ =~ /501/) {
$iis += 1;
}
}
}
if(my $shitbox = IO::Socket::INET->new(
Proto => “tcp”,
PeerAddr => $target,
PeerPort => $http_port,
Timeout => ‘9’
) ) {
print $shitbox “$http_get”;
@lines=<$shitbox>;
foreach(@lines) {
if($_ =~ /400/) {
$resp3=$_;
}
elsif($_ =~ /505 HTTP/i) {
$resp3+$_;
$sunjava += 1;
}
}
}
if(my $shitbox = IO::Socket::INET->new(
Proto => “tcp”,
PeerAddr => $target,
PeerPort => $http_port,
Timeout => ‘9’
) ) {
print $shitbox “$http_improper”;
@lines=<$shitbox>;
foreach(@lines) {
if($_ =~ /200/) {
$apache += 1;
} elsif($_ =~ /400/) {
$iis += 1;
$sunjava += 1;
}
}
}
if($resp1 =~ /apache/i) { $apache += 1; }
elsif($resp1 =~ /iis/i) { $iis += 1; }
elsif($resp1 =~ /sun/i) { $sunjava += 1; }

@http_report[0] = $target;
@http_report[1] = ($apache * 33) . “%”;
@http_report[2] = ($iis * 33) . “%”;
@http_report[3] = ($sunjava * 33) . “%”;
@http_report[4] = $resp1;
}[/cc]

usage:
[cc lang=”bash”]plomp -t -n [/cc]