用 Perl 掃瞄指定 IP 段中可暱名登入的 FTP

因為好奇的關係.所以用 Perl 重寫了這支東西
不過由於已經將很多年前的 Perl 忘光光和留在當年
所以寫得不太好了.當作練手作.

程式是通過掃瞄手段找出指定 IP 段中.
存在暱名登入的 FTP 主機並作記錄

記錄一下代碼

#!/usr/bin/perl -w
# ==================================================
# Author: Zeuxis Lo
# Date  : 2013-01-28 21:13
# Script: ftp-scan.pl
# Remark: Scan FTP servers allowing Anonymous Login
# ==================================================
use strict;
use warnings;
use threads;
use Thread::Queue;
use IO::Socket::INET;
use Net::FTP;

our $ftp_address_queue = Thread::Queue->new();

sub ftp {
	while (my $ftp_address = $ftp_address_queue->dequeue_nb()) {
		if ($ftp_address eq "exit") {
			last;
		}
		
		my $ftp = Net::FTP->new($ftp_address, Timeout => 3);
	
		if (!$ftp || !$ftp->login()) {
			print "Not Working: $ftp_address\n";
		}else{
			print "Working: $ftp_address\n";
			
			open(FILE, ">>ftp-scan.txt");
			print(FILE "$ftp_address\n");
			close(FILE);
			
			$ftp->quit();
		}
	}
}

sub scanner {
	my $ip_range_queue = shift;
	
	while (my $ip_address = $ip_range_queue->dequeue_nb()) {
		my $error = 0;
		
		my $socket = IO::Socket::INET->new(
			PeerAddr => $ip_address,
			PeerPort => "21",
			Proto => 'tcp',
			Timeout => 3,
		) or $error = 1;
		
		if ($error == 1) {
			print "No FTP: $ip_address\n";
		}else{
			$ftp_address_queue->enqueue($ip_address);
			
			print "FTP: $ip_address\n";
			
			open(FILE, ">>ftp-scan.txt");
			print(FILE "$ip_address\n");
			close(FILE);
			
			close($socket);
		}
	}
}

sub ip_range() {
	my $start_ip = $ARGV[0];
	my $end_ip   = $ARGV[1];
	
	my $ip_range_queue = Thread::Queue->new();
	
	my @start = split(/\./, $start_ip);
	my @end   = split(/\./, $end_ip);
	
	$ip_range_queue->enqueue($start_ip);

	while(join(".", @start) ne $end_ip) {
		$start[3] += 1;
		
		for my $i (3..1) {
			if ($start[$i] == 256) {
				$start[$i] = 0;
				$start[$i-1] += 1;
			}
		}
		
		$ip_range_queue->enqueue(join(".", @start));
	}
	
	threads->create(\&scanner, $ip_range_queue) for(0..10);	
	
	$_->join for(threads->list);
	
	if ($ftp_address_queue->pending < = 0) {
		print '\nNo FTP servers found\n';
		exit;
	}
	
	for(0..10) {
		$ftp_address_queue->enqueue("exit");
		
		threads->create(\&ftp);
	}
	
	$_->join for(threads->list);
}

if ($#ARGV != 1) {
	print "Usage: perl ftp-scan.pl [start ip] [end ip]\n";
	print "Example: perl ftp-scan.pl 127.0.0.1 127.0.0.5\n";
	exit;
}else{
	ip_range();
}