#!/usr/bin/env perl
# RitX - Reverse IP Tool v1.5
# Copyright (C) 2009-2012
# r0b10S-12 <r12xr00tu@gmail.com>
print "\n\t+-----------------------------+\n";
print "\t| RitX 1.5 |\n";
print "\t| Coded by r0b10S-12 |\n";
print "\t+-----------------------------+\n\n\n";
use LWP::Simple;
use Socket qw(inet_aton);
use Getopt::Long;
# check missing modules...
my @Modules = ("threads","LWP::ConnCache","HTTP::Cookies");
foreach my $module (@Modules)
{
my $can = eval "use $module;1;";
if ($can && $module =~ /threads/)
{
# Do processing using threads
$thread_support = 1;
}
elsif(!$can && $module =~ /threads/)
{
# Do it without using threads
$thread_support = 0;
}
# The module isn't there
if ($@ =~ /Can't locate/) {
die "\n[!!] it seems that some modules are missing...:\n".$@."\n";
}
}
my $b = $0;
$b =~ s/.*\///;
sub usage {
print <<HELP;
Usage: perl $b [OPTIONS]
Options:
-t, --target Server hostname or IP
-c, --check Check extracted domains that are in the same IP address to eleminate cached/old records
-b, --bing Save Bing search results to a file
--list List current supported Reverse Ip Lookup websites
--print Print results
--timeout=SECONDS Seconds to wait before timeout connection (default 30)
--user-agent Specify User-Agent value to send in HTTP requests
--proxy To use a Proxy
--proxy-auth Proxy authentication information (user:password).
-o, --output=FILE Save results to a file (default IP.txt)
-h, --help This shity message
-v, --verbose Print more informations
Threads:
--threads=THREADS Maximum number of concurrent IP checks (default 1) require --check
HELP
exit;
}
my %SERV = (
Myipneighbors =>{
SITE => "My-ip-neighbors.com",
URL => "http://www.my-ip-neighbors.com/?domain=%s",
REGEX => '<td class="action"\starget="\_blank"><a\shref="http\:\/\/whois\.domaintools\.com\/(.*?)"\starget="\_blank"\sclass="external">Whois<\/a><\/td>',
},
Yougetsignal =>{
SITE => "Yougetsignal.com",
DATA => 'remoteAddress',
URL => "http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php",
SP => 'Yougetsignal()',
},
Myiptest =>{
SITE => "Myiptest.com",
URL => "http://www.myiptest.com/staticpages/index.php/Reverse-IP/%s",
REGEX => "<td style='width:200px;'><a href='http:\/\/www\.myiptest\.com\/staticpages\/index\.php\/Reverse-IP\/.*?'>(.*?)<\/a><\/td>",
},
WebHosting =>{
SITE => "Whois.WebHosting.info",
URL => "http://whois.webhosting.info/%s?pi=%s&ob=SLD&oo=DESC",
HEAVY => 1,
SP => 'Whoiswebhosting()',
},
Domainsbyip =>{
SITE => 'Domainsbyip.com',
URL => 'http://domainsbyip.com/%s/',
REGEX => '<li class="site.*?"><a href="http\:\/\/domainsbyip.com\/domaintoip\/(.*?)/">.*?<\/a>',
},
Ipadress =>{
SITE => "Ip-adress.com",
URL => "http://www.ip-adress.com/reverse_ip/%s",
REGEX => '<td style\=\"font\-size\:8pt\">.\n\[<a href="\/whois\/(.*?)">Whois<\/a>\]',
},
Bing =>{
SITE => "Bing.com",
URL => "http://api.search.live.net/xml.aspx?Appid=%s&query=ip:%s&Sources=Web&Version=2.0&Options=EnableHighlighting&Web.Count=50&Web.Options=DisableQueryAlterations&Web.Offset=",
SP => 'BingApi()',
},
ewhois =>{
SITE => "Ewhois.com",
URL => "http://www.ewhois.com/",
HEAVY => 1,
SP => 'eWhois()',
},
Sameip =>{
SITE => "Sameip.org",
URL => "http://sameip.org/ip/%s/",
REGEX => '<a href="http:\/\/.*?" rel=\'nofollow\' title="visit .*?" target="_blank">(.*?)<\/a>',
},
Robtex =>{
SITE => "Robtex.com",
URL => "http://www.robtex.com/ajax/dns/%s.html",
REGEX => "<li><a href\=\"\/dns\/.*?\.html\#shared\" >(.*?)<\/a><\/li>",
},
Webmax =>{
SITE => "Tools.web-max.ca",
URL => "http://ip2web.web-max.ca/?byip=1&ip=%s",
REGEX => '<a href="http:\/\/.*?" target="_blank">(.*?)<\/a>',
},
DNStrails =>{
SITE => "DNStrails.com",
URL => "http://www.DNStrails.com/tools/lookup.htm?ip=%s&date=recent",
REGEX => 'date=recent">(.*?)<\/a>\s\(as\sa\swebserver\)',
},
Viewdns =>{
SITE => "Viewdns.info",
URL => "http://viewdns.info/reverseip/?host=%s",
SP => "ViewDNS()"
}
);
# Process options.
my ($target,$timeout,$threadz,$check,$print,$bing,$proxy,$proxy_auth,$useragent,$filename,$verbose);
if ( @ARGV > 0 )
{
GetOptions( 't|target=s' => \$target,
'timeout=i' => \$timeout,
'threads=i' => \$threadz,
'c|check' => \$check,
'print' => \$print,
'list' => \&list_serv,
'b|bing' => \$bing,
'proxy=s' => \$proxy,
'proxy-auth=s' => \$proxy_auth,
'user-agent' => \$useragent,
'o|output=s' => \$filename,
'v|verbose' => \$verbose,
'h|help' => \&usage) or exit;
}
else
{
print "[*] Usage : perl $b [OPTIONS]\n";
print " EXEMPLE : perl $b -t www.target.com -o result.txt\n\n";
print "[*] Try 'perl $b -h' for more options.\n";
exit;
}
if($^O =~ /MSWin32|cygwin/ and ($threadz>10))
{
print "\n[-] Sorry, maximum number of used threads is 10 for Windows to avoid some possible connection and performance issues\n\n";
exit;
}
if ($target =~ /\d+.\d+.\d+.\d+/)
{
# nice do nothing
}
elsif ($target =~ /([a-z][a-z0-9\-]+(\.|\-*\.))+[a-z]{2,6}$/)
{
my $IP = getIP($target);
if ($IP)
{
$target = $IP;
}
else
{
die "\n[!!] Unable to Resolve Host $target ! \n";
}
}
else
{
die "[-] Invalid Hostname or Ip address .\n";
}
my $DNSx = gethostbyaddr(inet_aton($target),AF_INET);
# Check if the target uses CloudFlare service
my $IPx = unpack("N",inet_aton($target));
if(($IPx >= 3428708352 and $IPx <= 3428708607) or ($IPx >= 3428692224 and $IPx <= 3428692479) or ($IPx >= 3340468224 and $IPx <= 3340470271) or ($IPx >= 2918526976 and $IPx <= 2918531071) or ($IPx >= 1729546240 and $IPx <= 1729547263))
{
print "[WARNING] The target uses CloudFlare's service!!\n\n";
print "[!] do you wanna continue? [y/n]:";
my $choice=<STDIN>;
chop($choice);
if($choice eq "n")
{
print "\n[*] shutting down!!\n\n";
exit;
}
else
{
print "[+] OK! as you like\n";
}
}
# Global variables
$bingApiKey = 'B2EF5E9434B8778E2B01E5D6CE71545CCEC97C86';#get your own code
$VERSION = '1.5';
$TMPdir = "tmp";
$useragent ||= 'Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5';
$filename ||= "$target.txt";
$timeout ||= 30;
$SIG{INT} = \&trapsig;
mkdir $TMPdir or die "[-] Cant create tmp directory!\n" if ! -d $TMPdir;
my $ua = LWP::UserAgent->new(agent => $useragent);
$ua->timeout($timeout);
$ua->max_redirect(0);
$ua->conn_cache(LWP::ConnCache->new());
$ua->default_header('Referer' => "http://www.fbi.gov");
$|++;
if ($proxy)
{
$proxy .= ":8080" if not $proxy =~ /:/;
# connect to the proxy
my $req = HTTP::Request->new(CONNECT => 'http://'.$proxy.'/' );
if (defined $proxy_auth)
{
my ($user,$password)=split(":",$proxy_auth);
$req->proxy_authorization_basic($user, $password);
}
my $res = $ua->request($req);
# connection failed
if ( not $res->is_success ){
print "\n[-] failed to connect to the proxy... ignore it\n\n";
}
else
{
$ua->proxy(http => "http://$proxy/");
}
}
print "\n[*] This thing will take a little time so please wait...\n\n";
print "[*] Processing:\n";
### Functions
sub list_serv
{
print "[*] List of available Reverse Ip Lookup services:\n\n";
foreach $X (keys %SERV)
{
print " -> $SERV{$X}->{SITE}\n";
}
print "\n";
exit;
}
sub trapsig
{
print "\n\n[!!] Caught Interrupt (CTRL+C), Aborting\n";
print "[!!] Saving results\n";
save_report($filename);
exit();
}
sub add
{
my $x = lc($_[0]);
($x =~ /[\<\"]|freecellphonetracer|reversephonedetective|americanhvacparts|freephonetracer|phone\.addresses|reversephone\.theyellowpages|\.in-addr\.arpa|^\d+(\.|-)\d+(\.|-)/) ? return:0;
push(@{$SERV{$X}->{DUMP}},$x) if($verbose);
$x =~ s/http(.|s)\:\/\/|\*\.|^www\.|\///;#remove shit
++$SERV{$X}->{NB};
push(@result,$x);
}
sub getIP
{
my @ip = unpack('C4',(gethostbyname($_[0]))[4]) or return;
return join('.',@ip);
}
sub getDNS
{
return gethostbyaddr(inet_aton($_[0]),AF_INET);
}
sub Req
{
my ($URL,$data)=@_;
my $res;
if(!$data)
{
$res = $ua->get($URL);
}
else
{
$res = $ua->post($URL,
{
$data => $target,
});
}
if(!$res->is_success)
{
print "[!] Error: ".$res->status_line."\n" if ($verbose);
}
return $res->content;
}
sub Yougetsignal
{
my $resu = Req(sprintf($SERV{$X}->{URL},$target),$SERV{$X}->{DATA});
while ($resu =~ m/\["(.*?)\"\, \"(1|)\"\]/g)
{
add($1);
}
if ($resu =~ m/Daily reverse IP check limit reached for/i)
{
$ERROR = "E1";
$SERV{$X}->{NB} = $ERROR;
}
}
sub eWhois
{
sub callback
{
while($_[0] =~ m/"(.*?)","","","(UA\-[0-9]+\-[0-9]+|)",""/g)
{
add($1);
}
}
my $url = "http://www.ewhois.com/export/ip-address/$target/";
my $cookie_jar = HTTP::Cookies->new(autosave => 1);
my $browser = LWP::UserAgent->new(agent => $useragent);
$browser->cookie_jar($cookie_jar);
my $resu = $browser->post("http://www.ewhois.com/login/",
{
'data[User][email]'=>'r12xr00tu@gmail.com',
'data[User][password]'=>'RitX:::R1tX',
'data[User][remember_me]'=>'0'
});
if(!$resu->header('Location'))
{
print "[-] Sorry, we cant login to eWhois!\n";
return;
}
$browser->get($url, ':content_cb' => \&callback );
}
sub Whoiswebhosting
{
for (my $i=1;$i<=100;$i++)
{
my $resu = Req(sprintf($SERV{$X}->{URL},$target,$i));
if ($resu =~ m/<a href=\"\/.*?\?pi\=\d+\&ob\=SLD\&oo\=DESC\">Next\ \;\>\;\>\;<\/a>/g)
{
while ($resu =~ m/<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>/g)
{
add($1);
}
}
else
{
while ($resu =~ m/<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>/g)
{
add($1);
}
if ($resu =~ m/The security key helps us prevent automated searches/i)
{
$ERROR = "E2";
$SERV{$X}->{NB} = $ERROR;
last;
}
last;
}
}
}
sub ViewDNS
{
my $resu = Req(sprintf($SERV{$X}->{URL},$target));
if($resu =~ m/<table border="1"><tr><td>Domain<\/td><td>Last Resolved Date<\/td><\/tr>(.*?)<\/table><br><\/td><\/tr>/i)
{
$resu = $1;
while($resu =~ m/<tr><td>(.*?)<\/td><td align="center">/gi)
{
add($1);
}
}
}
sub BingApi
{
my $b;
my $off = 0;
for(my $offset=50;$offset<=500;$offset+=50)
{
my $resu = Req(sprintf($SERV{$X}->{URL},$bingApiKey,$target).$offset);
if ($resu =~ m/<web\:Offset>(.*?)<\/web\:Offset>/gi)
{
$off = $1;
}
if ($off == $offset)
{
while ($resu =~ m/<web\:Url>http:\/\/(.*?)<\/web\:Url>/g)
{
$b = $1;
push(@bingtrash,$b) if $bing;
$b =~ s/\/.*// if index($b,"/");
add($b);
}
}
else
{
last;
}
}
}
sub add2tmp
{
syswrite(TMP,gethostbyaddr(inet_aton($_[0]),AF_INET).":$_[0];");
}
sub checkDomain
{
if(getDNS('www.'.$_[0]) eq $DNSx)
{
$NEWNB++;
print " Found : $_[0]\n";
push(@resx,'www.'.$_[0]);
}
elsif(getDNS($_[0]) eq $DNSx)
{
print " Found : $_[0]\n";
$NEWNB++;
push(@resx,$_[0]);
}
else
{
print " Try : $_[0]\n";
}
}
sub save_report
{
my $filen = $_[0];
if($donecheck && $threadz && $thread_support)
{
open (IN,"./$TMPdir/RitX-tmp.txt") or print ("\n[!] Can't create the file ($filen)\n");
open (OUT,">$target-checked.txt") or print ("\n[!] Can't create the file ($filen)\n");
syswrite(OUT,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Results were tested and checked, so all old records were removed.\n\n");
while(<IN>)
{
chomp;
if (index($_,$DNSx))
{
$NEWNB++;
s/$DNSx://;
syswrite(OUT,"$_\n");
}
}
close(IN);
close(OUT);
}
elsif($donecheck && !$threadz)
{
open (OUT,">$target-checked.txt") or print ("\n[!] Can't create the file ($filen)\n");
syswrite(OUT,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Results were tested and checked, so all old records were removed.\n# Total domains: $NEWNB\n\n");
foreach (@resx)
{
syswrite(OUT,"$_\n") if ($_);
}
close(OUT);
}
open (F,">$filen") or print ("\n[!] Can't create the file ($filen)\n");
syswrite(F,"# Genereted By RitX $VERSION\n# Those are the domains hosted on the same web server as ($target).\n# Total domains: $TOTALNB\n\n");
foreach(@result)
{
syswrite(F,"$_\n") if ($_);
}
close(F);
}
#----------#
foreach $X (keys %SERV)
{
my $match = $SERV{$X}->{REGEX};
syswrite(STDOUT," -> $SERV{$X}->{SITE}\n");
if(!$SERV{$X}->{SP})
{
$res=Req(sprintf($SERV{$X}->{URL},$target),$SERV{$X}->{DATA});
}
else
{
eval($SERV{$X}->{SP});
next;
}
while($res =~ m/$match/g)
{
add($1);
}
}
die "\n\n[-] Sorry, there is no data were retrieved!\n" if(scalar(@result)<1);
@result = sort(grep { ++$R12{$_} < 2 } @result);
undef(%R12);
$TOTALNB = scalar(@result);
if($verbose)
{
print "\n[+] DEBUG:\n\n";
foreach $X (keys %SERV)
{
syswrite(STDOUT," + $SERV{$X}->{SITE}\n");
foreach $DMP (@{$SERV{$X}->{DUMP}})
{
syswrite(STDOUT," - $DMP\n");
}
}
}
if($bing)
{
if (scalar(@bingtrash)>0)
{
syswrite(STDOUT,"[+] saving Bing shit... ");
my $file = "bingresults-$target.txt";
open (BING,">$file") or print ("\n[!] Can't create bing shit\n");
print BING "# Genereted By RitX $VERSION\n# Those are all search results from Bing.com ($target).\n\n";
foreach (@bingtrash)
{
print BING "$_\n";
}
close(BING);
syswrite(STDOUT,"DONE\n");
print "[+] bing results were saved into $file\n";
}
else
{
print "\n[-] no bing data!!\n\n"
}
}
if ($check)
{
my ($domain,$t);
print "\n[x] Checking and removing old records from results\n";
if ($threadz && $thread_support)
{
open(TMP,">./$TMPdir/RitX-tmp.txt");
TMP->autoflush(1);
foreach (@result)
{
threads->create(\&add2tmp,"www.$_")->detach;
$t++;
if($t==$threadz)
{
$s+=$t;
print "\r passed $s";
undef $t;
sleep 1;
}
}
close(TMP);
}
else
{
print "[-] Sorry your PERL installation doesn't support threads!\n\n" if !$thread_support;
&checkDomain($_) foreach (@result);
}
$donecheck = 1;
print "[+] Done\n";
}
&save_report($filename);
print "\n[x] Result of $target : \n\n";
print " +--------+\n | NB |\n+-----------------------+--------+\n";
foreach $X (keys %SERV)
{
printf "| %-22s| %-7s|\n",$SERV{$X}->{SITE},(($SERV{$X}->{NB}) ? $SERV{$X}->{NB} : 0);
print "+--------------------------------+\n";
}
printf " %-14s| Total | %-7s|\n"," ",$TOTALNB;
print " +----------------+\n";
print "[+] After removing old records : $NEWNB\n\n" if $donecheck;
if ($ERROR)
{
print "+--Keys------------------------------------+\n";
print "|E1: Daily reverse IP check limit reached. |\n";
print "|E2: Some Security Measures (Captcha). |\n";
print "+------------------------------------------+\n";
}
if ($TOTALNB != 0 and $print)
{
print "[+] Results:\n";
my $v = 0;
foreach my $RD (@result)
{
$v++;
print " $RD\n";
if($v==20){<STDIN>;undef $v};
}
}
print "[+] All domain name results has been saved to ($filename)\n";
print "[+] All checked domains are saved to ($target-checked.txt)\n" if ($NEWNB>0);
print "[++] have fun :)\n";
