Virtual Host Scanner
I recently coded a little virtual host scanner in C and just wanted to see if anyone had any suggestions to make it better or any code optimization tips for it. For those of you who don't know what a virtual host scanner is it basically takes lets say google.com and checks to see if there are any sub domains up. For example mail.google.com or admin.google.com. Its a pretty nifty tool to have sometimes. Anyway here is the code…
pastebin: http://pastebin.com/f5a7339af
or
##################
# Virtual Host #
# Scanner #
##################
*/
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#define my_port "80"
int main(int argc, char *argv[]) {
if (argc != 3) {
printf("\nusage: ./dns <host> <list>\n\n");
return 1; }
FILE *dns_file;
if ((dns_file = fopen(argv[2],"r")) == NULL) {
printf("\nFile does not exist!\n");
return 1; }
char guess[50];
while (fscanf(dns_file, "%s", guess) != EOF) {
int status;
char dnsbrute[60];
sprintf(dnsbrute,"%s.%s",guess, argv[1]);
struct addrinfo hints, *res;
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if ((status = getaddrinfo(dnsbrute, my_port, &hints, &res)) == 0) {
printf("\nFOUND! %s", dnsbrute); } }
fclose(dns_file);
return 0; }
Here it is in action against google.com with a small wordlist of possible sub domains…
[root@localhost code]# ./vhost google.com wordlist.txt
FOUND! blog.google.com
FOUND! doc.google.com
FOUND! docs.google.com
FOUND! download.google.com
FOUND! downloads.google.com
FOUND! image.google.com
FOUND! images.google.com
FOUND! mail.google.com
FOUND! search.google.com
FOUND! web.google.com
FOUND! www2.google.com
As of right now its kind of slow but not too terribly slow. Its pretty reliable but on some hosts it gives false positives on all of the sub domains. Any criticism/comments/suggestions are welcome.