Imported Upstream version 0.4
Jim O'Gorman (Kali Developer)
9 years ago
0 | 0 | #!/bin/bash |
1 | 1 | # lbd (load balancing detector) detects if a given domain uses |
2 | 2 | # DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers) |
3 | # Copyright (C) 2010-2014 Stefan Behte | |
4 | # | |
5 | # This program is free software; you can redistribute it and/or | |
6 | # modify it under the terms of the GNU General Public License | |
7 | # as published by the Free Software Foundation; either version 2 | |
8 | # of the License, or (at your option) any later version. | |
9 | # | |
10 | # This program is distributed in the hope that it will be useful, | |
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | # GNU General Public License for more details. | |
14 | # | |
15 | # You should have received a copy of the GNU General Public License | |
16 | # along with this program; if not, write to the Free Software | |
17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
18 | # | |
19 | # License: GNU General Public License, version 2 | |
20 | # http://www.gnu.org/licenses/gpl-2.0.html | |
3 | 21 | # |
4 | # License: GPL-v2 | |
5 | # | |
6 | # Written by Stefan Behte | |
7 | 22 | # Contact me, if you have any new ideas, bugs/bugfixes, recommondations or questions! |
8 | 23 | # Please also contact me, if you just like the tool. :) |
9 | 24 | # |
10 | # Stefan dot Behte at gmx dot net | |
25 | # craig at haquarter dot de | |
11 | 26 | # |
27 | # 0.1: - initial release | |
28 | # 0.2: - fix license for fedora | |
29 | # - fix indenting | |
30 | # 0.3: - fix bug if dns server returns same IP multiple times | |
31 | # (fix by bit bori, thanks!) | |
32 | # - fix bug if there is no date header | |
33 | # (fix by Paul Rib, thanks!) | |
34 | # 0.4: - support HTTPs, support different ports | |
35 | # (thanks Bharadwaj Machiraju) | |
12 | 36 | |
13 | 37 | QUERIES=50 |
14 | 38 | DOMAIN=$1 |
39 | PORT=${2-80} # Use default port 80, if not given | |
40 | if [ "$3" = "https" ] | |
41 | then | |
42 | HTTPS=true | |
43 | else | |
44 | HTTPS=false | |
45 | fi | |
15 | 46 | METHODS="" |
16 | 47 | |
17 | 48 | echo |
18 | echo "lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing." | |
49 | echo "lbd - load balancing detector 0.4 - Checks if a given domain uses load-balancing." | |
19 | 50 | echo " Written by Stefan Behte (http://ge.mine.nu)" |
20 | 51 | echo " Proof-of-concept! Might give false positives." |
21 | 52 | |
22 | 53 | if [ "$1" = "" ] |
23 | 54 | then |
24 | echo "usage: $0 [domain]" | |
25 | echo | |
26 | exit -1 | |
55 | echo "usage: $0 domain [port] {https}" | |
56 | echo | |
57 | exit -1 | |
27 | 58 | fi |
28 | 59 | |
29 | 60 | echo -e -n "\nChecking for DNS-Loadbalancing:" |
30 | NR=`host $DOMAIN | grep -c "has add"` | |
61 | NR=`host $DOMAIN | grep "has add" | uniq | wc -l` | |
62 | ||
31 | 63 | if [ $NR -gt 1 ] |
32 | 64 | then |
33 | METHODS="DNS" | |
34 | echo " FOUND" | |
35 | host $DOMAIN | grep "has add" | |
36 | echo | |
65 | METHODS="DNS" | |
66 | echo " FOUND" | |
67 | host $DOMAIN | grep "has add" | uniq | |
68 | echo | |
37 | 69 | else |
38 | echo " NOT FOUND" | |
70 | echo " NOT FOUND" | |
39 | 71 | fi |
40 | 72 | |
41 | echo -e "Checking for HTTP-Loadbalancing ["Server"]: " | |
73 | echo -e "Checking for HTTP-Loadbalancing [Server]: " | |
42 | 74 | for ((i=0 ; i< $QUERIES ; i++)) |
43 | 75 | do |
44 | printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 > .nlog | |
45 | S=`grep -i "Server:" .nlog | awk -F: '{print $2}'` | |
46 | if ! grep "`echo ${S}| cut -b2-`" .log &>/dev/null | |
47 | then | |
48 | echo "${S}" | |
49 | fi | |
50 | cat .nlog >> .log | |
76 | if [ $HTTPS = true ] | |
77 | then | |
78 | printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet > .nlog 2> /dev/null | |
79 | else | |
80 | printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT > .nlog 2>/dev/null | |
81 | fi | |
82 | ||
83 | S=`grep -i "Server:" .nlog | awk -F: '{print $2}'` | |
84 | ||
85 | if ! grep "`echo ${S}| cut -b2-`" .log &>/dev/null | |
86 | then | |
87 | echo "${S}" | |
88 | fi | |
89 | cat .nlog >> .log | |
51 | 90 | done |
91 | ||
52 | 92 | NR=`sort .log | uniq | grep -c "Server:"` |
93 | ||
53 | 94 | if [ $NR -gt 1 ] |
54 | 95 | then |
55 | echo " FOUND" | |
56 | METHODS="$METHODS HTTP[Server]" | |
96 | echo " FOUND" | |
97 | METHODS="$METHODS HTTP[Server]" | |
57 | 98 | else |
58 | echo " NOT FOUND" | |
99 | echo " NOT FOUND" | |
59 | 100 | fi |
60 | 101 | echo |
61 | 102 | rm .nlog .log |
62 | 103 | |
63 | 104 | |
64 | echo -e -n "Checking for HTTP-Loadbalancing ["Date"]: " | |
105 | echo -e -n "Checking for HTTP-Loadbalancing [Date]: " | |
65 | 106 | D4= |
107 | ||
66 | 108 | for ((i=0 ; i<$QUERIES ; i++)) |
67 | 109 | do |
68 | D=`printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 | grep "Date:" | awk '{print $6}'` | |
69 | printf "$D, " | |
110 | if [ $HTTPS = true ] | |
111 | then | |
112 | D=`printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet 2> /dev/null | grep "Date:" | awk '{print $6}'` | |
113 | else | |
114 | D=`printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT 2>/dev/null | grep "Date:" | awk '{print $6}'` | |
115 | fi | |
116 | printf "$D, " | |
70 | 117 | |
71 | Df=$(echo " $D" | sed -e 's/:0/:/g' -e 's/ 0/ /g') | |
72 | D1=$(echo ${Df} | awk -F: '{print $1}') | |
73 | D2=$(echo ${Df} | awk -F: '{print $2}') | |
74 | D3=$(echo ${Df} | awk -F: '{print $3}') | |
75 | if [ "$D4" = "" ]; then D4=0; fi | |
118 | if [ "$D" == "" ] | |
119 | then | |
120 | echo "No date header found, skipping." | |
121 | break | |
122 | fi | |
123 | ||
124 | Df=$(echo " $D" | sed -e 's/:0/:/g' -e 's/ 0/ /g') | |
125 | D1=$(echo ${Df} | awk -F: '{print $1}') | |
126 | D2=$(echo ${Df} | awk -F: '{print $2}') | |
127 | D3=$(echo ${Df} | awk -F: '{print $3}') | |
76 | 128 | |
77 | if [ $[ $D1 * 3600 + $D2 * 60 + $D3 ] -lt $D4 ] | |
78 | then | |
79 | echo "FOUND" | |
80 | METHODS="$METHODS HTTP[Date]" | |
81 | break; | |
82 | fi | |
129 | if [ "$D4" = "" ]; then D4=0; fi | |
130 | ||
131 | if [ $[ $D1 * 3600 + $D2 * 60 + $D3 ] -lt $D4 ] | |
132 | then | |
133 | echo "FOUND" | |
134 | METHODS="$METHODS HTTP[Date]" | |
135 | break; | |
136 | fi | |
137 | ||
138 | D4="$[ $D1 * 3600 + $D2 * 60 + $D3 ]" | |
83 | 139 | |
84 | D4="$[ $D1 * 3600 + $D2 * 60 + $D3 ]" | |
85 | if [ $i -eq $[$QUERIES - 1] ] | |
86 | then | |
87 | echo "NOT FOUND" | |
88 | fi | |
140 | if [ $i -eq $[$QUERIES - 1] ] | |
141 | then | |
142 | echo "NOT FOUND" | |
143 | fi | |
89 | 144 | done |
90 | 145 | |
91 | ||
92 | echo -e -n "\nChecking for HTTP-Loadbalancing ["Diff"]: " | |
146 | echo -e -n "\nChecking for HTTP-Loadbalancing [Diff]: " | |
93 | 147 | for ((i=0 ; i<$QUERIES ; i++)) |
94 | 148 | do |
95 | printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 | grep -v -e "Date:" -e "Set-Cookie" > .nlog | |
96 | ||
97 | if ! cmp .log .nlog &>/dev/null && [ -e .log ] | |
98 | then | |
99 | echo "FOUND" | |
100 | diff .log .nlog | grep -e ">" -e "<" | |
101 | METHODS="$METHODS HTTP[Diff]" | |
102 | break; | |
103 | fi | |
104 | ||
105 | cp .nlog .log | |
106 | ||
107 | if [ $i -eq $[$QUERIES - 1] ] | |
108 | then | |
109 | echo "NOT FOUND" | |
110 | fi | |
149 | if [ $HTTPS = true ] | |
150 | then | |
151 | printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet 2> /dev/null | grep -v -e "Date:" -e "Set-Cookie" > .nlog | |
152 | else | |
153 | printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT 2>/dev/null | grep -v -e "Date:" -e "Set-Cookie" > .nlog | |
154 | fi | |
155 | ||
156 | if ! cmp .log .nlog &>/dev/null && [ -e .log ] | |
157 | then | |
158 | echo "FOUND" | |
159 | diff .log .nlog | grep -e ">" -e "<" | |
160 | METHODS="$METHODS HTTP[Diff]" | |
161 | break; | |
162 | fi | |
163 | ||
164 | cp .nlog .log | |
165 | ||
166 | if [ $i -eq $[$QUERIES - 1] ] | |
167 | then | |
168 | echo "NOT FOUND" | |
169 | fi | |
111 | 170 | done |
112 | 171 | |
113 | 172 | rm .nlog .log |
115 | 174 | |
116 | 175 | if [ "$METHODS" != "" ] |
117 | 176 | then |
118 | echo | |
119 | echo $DOMAIN does Load-balancing. Found via Methods: $METHODS | |
120 | echo | |
177 | echo | |
178 | echo $DOMAIN does Load-balancing. Found via Methods: $METHODS | |
179 | echo | |
121 | 180 | else |
122 | echo | |
123 | echo $DOMAIN does NOT use Load-balancing. | |
124 | echo | |
181 | echo | |
182 | echo $DOMAIN does NOT use Load-balancing. | |
183 | echo | |
125 | 184 | fi |
126 | 185 | |
127 |