Codebase list lbd / 4e4038e
Imported Upstream version 0.4 Jim O'Gorman (Kali Developer) 9 years ago
1 changed file(s) with 127 addition(s) and 69 deletion(s). Raw diff Collapse all Expand all
+127
-69
lbd less more
00 #!/bin/bash
11 # lbd (load balancing detector) detects if a given domain uses
22 # DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers)
3 # Copyright (C) 2010-2014 Stefan Behte
4 #
5 # This program is free software; you can redistribute it and/or
6 # modify it under the terms of the GNU General Public License
7 # as published by the Free Software Foundation; either version 2
8 # of the License, or (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program; if not, write to the Free Software
17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 #
19 # License: GNU General Public License, version 2
20 # http://www.gnu.org/licenses/gpl-2.0.html
321 #
4 # License: GPL-v2
5 #
6 # Written by Stefan Behte
722 # Contact me, if you have any new ideas, bugs/bugfixes, recommondations or questions!
823 # Please also contact me, if you just like the tool. :)
924 #
10 # Stefan dot Behte at gmx dot net
25 # craig at haquarter dot de
1126 #
27 # 0.1: - initial release
28 # 0.2: - fix license for fedora
29 # - fix indenting
30 # 0.3: - fix bug if dns server returns same IP multiple times
31 # (fix by bit bori, thanks!)
32 # - fix bug if there is no date header
33 # (fix by Paul Rib, thanks!)
34 # 0.4: - support HTTPs, support different ports
35 # (thanks Bharadwaj Machiraju)
1236
1337 QUERIES=50
1438 DOMAIN=$1
39 PORT=${2-80} # Use default port 80, if not given
40 if [ "$3" = "https" ]
41 then
42 HTTPS=true
43 else
44 HTTPS=false
45 fi
1546 METHODS=""
1647
1748 echo
18 echo "lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing."
49 echo "lbd - load balancing detector 0.4 - Checks if a given domain uses load-balancing."
1950 echo " Written by Stefan Behte (http://ge.mine.nu)"
2051 echo " Proof-of-concept! Might give false positives."
2152
2253 if [ "$1" = "" ]
2354 then
24 echo "usage: $0 [domain]"
25 echo
26 exit -1
55 echo "usage: $0 domain [port] {https}"
56 echo
57 exit -1
2758 fi
2859
2960 echo -e -n "\nChecking for DNS-Loadbalancing:"
30 NR=`host $DOMAIN | grep -c "has add"`
61 NR=`host $DOMAIN | grep "has add" | uniq | wc -l`
62
3163 if [ $NR -gt 1 ]
3264 then
33 METHODS="DNS"
34 echo " FOUND"
35 host $DOMAIN | grep "has add"
36 echo
65 METHODS="DNS"
66 echo " FOUND"
67 host $DOMAIN | grep "has add" | uniq
68 echo
3769 else
38 echo " NOT FOUND"
70 echo " NOT FOUND"
3971 fi
4072
41 echo -e "Checking for HTTP-Loadbalancing ["Server"]: "
73 echo -e "Checking for HTTP-Loadbalancing [Server]: "
4274 for ((i=0 ; i< $QUERIES ; i++))
4375 do
44 printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 > .nlog
45 S=`grep -i "Server:" .nlog | awk -F: '{print $2}'`
46 if ! grep "`echo ${S}| cut -b2-`" .log &>/dev/null
47 then
48 echo "${S}"
49 fi
50 cat .nlog >> .log
76 if [ $HTTPS = true ]
77 then
78 printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet > .nlog 2> /dev/null
79 else
80 printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT > .nlog 2>/dev/null
81 fi
82
83 S=`grep -i "Server:" .nlog | awk -F: '{print $2}'`
84
85 if ! grep "`echo ${S}| cut -b2-`" .log &>/dev/null
86 then
87 echo "${S}"
88 fi
89 cat .nlog >> .log
5190 done
91
5292 NR=`sort .log | uniq | grep -c "Server:"`
93
5394 if [ $NR -gt 1 ]
5495 then
55 echo " FOUND"
56 METHODS="$METHODS HTTP[Server]"
96 echo " FOUND"
97 METHODS="$METHODS HTTP[Server]"
5798 else
58 echo " NOT FOUND"
99 echo " NOT FOUND"
59100 fi
60101 echo
61102 rm .nlog .log
62103
63104
64 echo -e -n "Checking for HTTP-Loadbalancing ["Date"]: "
105 echo -e -n "Checking for HTTP-Loadbalancing [Date]: "
65106 D4=
107
66108 for ((i=0 ; i<$QUERIES ; i++))
67109 do
68 D=`printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 | grep "Date:" | awk '{print $6}'`
69 printf "$D, "
110 if [ $HTTPS = true ]
111 then
112 D=`printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet 2> /dev/null | grep "Date:" | awk '{print $6}'`
113 else
114 D=`printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT 2>/dev/null | grep "Date:" | awk '{print $6}'`
115 fi
116 printf "$D, "
70117
71 Df=$(echo " $D" | sed -e 's/:0/:/g' -e 's/ 0/ /g')
72 D1=$(echo ${Df} | awk -F: '{print $1}')
73 D2=$(echo ${Df} | awk -F: '{print $2}')
74 D3=$(echo ${Df} | awk -F: '{print $3}')
75 if [ "$D4" = "" ]; then D4=0; fi
118 if [ "$D" == "" ]
119 then
120 echo "No date header found, skipping."
121 break
122 fi
123
124 Df=$(echo " $D" | sed -e 's/:0/:/g' -e 's/ 0/ /g')
125 D1=$(echo ${Df} | awk -F: '{print $1}')
126 D2=$(echo ${Df} | awk -F: '{print $2}')
127 D3=$(echo ${Df} | awk -F: '{print $3}')
76128
77 if [ $[ $D1 * 3600 + $D2 * 60 + $D3 ] -lt $D4 ]
78 then
79 echo "FOUND"
80 METHODS="$METHODS HTTP[Date]"
81 break;
82 fi
129 if [ "$D4" = "" ]; then D4=0; fi
130
131 if [ $[ $D1 * 3600 + $D2 * 60 + $D3 ] -lt $D4 ]
132 then
133 echo "FOUND"
134 METHODS="$METHODS HTTP[Date]"
135 break;
136 fi
137
138 D4="$[ $D1 * 3600 + $D2 * 60 + $D3 ]"
83139
84 D4="$[ $D1 * 3600 + $D2 * 60 + $D3 ]"
85 if [ $i -eq $[$QUERIES - 1] ]
86 then
87 echo "NOT FOUND"
88 fi
140 if [ $i -eq $[$QUERIES - 1] ]
141 then
142 echo "NOT FOUND"
143 fi
89144 done
90145
91
92 echo -e -n "\nChecking for HTTP-Loadbalancing ["Diff"]: "
146 echo -e -n "\nChecking for HTTP-Loadbalancing [Diff]: "
93147 for ((i=0 ; i<$QUERIES ; i++))
94148 do
95 printf "HEAD / HTTP/1.0\r\n\r\n" | nc $DOMAIN 80 | grep -v -e "Date:" -e "Set-Cookie" > .nlog
96
97 if ! cmp .log .nlog &>/dev/null && [ -e .log ]
98 then
99 echo "FOUND"
100 diff .log .nlog | grep -e ">" -e "<"
101 METHODS="$METHODS HTTP[Diff]"
102 break;
103 fi
104
105 cp .nlog .log
106
107 if [ $i -eq $[$QUERIES - 1] ]
108 then
109 echo "NOT FOUND"
110 fi
149 if [ $HTTPS = true ]
150 then
151 printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet 2> /dev/null | grep -v -e "Date:" -e "Set-Cookie" > .nlog
152 else
153 printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT 2>/dev/null | grep -v -e "Date:" -e "Set-Cookie" > .nlog
154 fi
155
156 if ! cmp .log .nlog &>/dev/null && [ -e .log ]
157 then
158 echo "FOUND"
159 diff .log .nlog | grep -e ">" -e "<"
160 METHODS="$METHODS HTTP[Diff]"
161 break;
162 fi
163
164 cp .nlog .log
165
166 if [ $i -eq $[$QUERIES - 1] ]
167 then
168 echo "NOT FOUND"
169 fi
111170 done
112171
113172 rm .nlog .log
115174
116175 if [ "$METHODS" != "" ]
117176 then
118 echo
119 echo $DOMAIN does Load-balancing. Found via Methods: $METHODS
120 echo
177 echo
178 echo $DOMAIN does Load-balancing. Found via Methods: $METHODS
179 echo
121180 else
122 echo
123 echo $DOMAIN does NOT use Load-balancing.
124 echo
181 echo
182 echo $DOMAIN does NOT use Load-balancing.
183 echo
125184 fi
126185
127