*Hobbit*'s netcat 1.10

This commit is contained in:
Anatoly Techtonik
2007-01-17 09:51:02 +00:00
commit 5086ba1ade
31 changed files with 5263 additions and 0 deletions

5
scripts/README Normal file
View File

@ -0,0 +1,5 @@
A collection of example scripts that use netcat as a backend, each
documented by its own internal comments.
I'll be the first to admit that some of these are seriously *sick*,
but they do work and are quite useful to me on a daily basis.

33
scripts/alta Executable file
View File

@ -0,0 +1,33 @@
#! /bin/sh
## special handler for altavista, since they only hand out chunks of 10 at
## a time. Tries to isolate out results without the leading/trailing trash.
## multiword arguments are foo+bar, as usual.
## Second optional arg switches the "what" field, to e.g. "news"
test "${1}" = "" && echo 'Needs an argument to search for!' && exit 1
WHAT="web"
test "${2}" && WHAT="${2}"
# convert multiple args
PLUSARG="`echo $* | sed 's/ /+/g'`"
# Plug in arg. only doing simple-q for now; pg=aq for advanced-query
# embedded quotes define phrases; otherwise it goes wild on multi-words
QB="GET /cgi-bin/query?pg=q&what=${WHAT}&fmt=c&q=\"${PLUSARG}\""
# ping 'em once, to get the routing warm
nc -z -w 8 www.altavista.digital.com 24015 2> /dev/null
echo "=== Altavista ==="
for xx in 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 \
190 200 210 220 230 240 250 260 270 280 290 300 310 320 330 340 350 ; do
echo "${QB}&stq=${xx}" | nc -w 15 www.altavista.digital.com 80 | \
egrep '^<a href="http://'
done
exit 0
# old filter stuff
sed -e '/Documents .* matching .* query /,/query?.*stq=.* Document/p' \
-e d

29
scripts/bsh Executable file
View File

@ -0,0 +1,29 @@
#! /bin/sh
## a little wrapper to "password" and re-launch a shell-listener.
## Arg is taken as the port to listen on. Define "NC" to point wherever.
NC=nc
case "$1" in
?* )
LPN="$1"
export LPN
sleep 1
echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
echo "launched on port $LPN"
exit 0
;;
esac
# here we play inetd
echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
while read qq ; do
case "$qq" in
# here's yer password
gimme )
cd /
exec csh -i
;;
esac
done

23
scripts/dist.sh Executable file
View File

@ -0,0 +1,23 @@
#! /bin/sh
## This is a quick example listen-exec server, which was used for a while to
## distribute netcat prereleases. It illustrates use of netcat both as a
## "fake inetd" and a syslogger, and how easy it then is to crock up a fairly
## functional server that restarts its own listener and does full connection
## logging. In a half-screen of shell script!!
PORT=31337
sleep 1
SRC=`tail -1 dist.log`
echo "<36>elite: ${SRC}" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
echo ";;; Hi, ${SRC}..."
echo ";;; This is a PRERELEASE version of 'netcat', tar/gzip/uuencoded."
echo ";;; Unless you are capturing this somehow, it won't do you much good."
echo ";;; Ready?? Here it comes! Have phun ..."
sleep 8
cat dist.file
sleep 1
./nc -v -l -p ${PORT} -e dist.sh < /dev/null >> dist.log 2>&1 &
sleep 1
echo "<36>elite: done" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
exit 0

79
scripts/irc Executable file
View File

@ -0,0 +1,79 @@
#! /bin/sh
## Shit-simple script to supply the "privmsg <recipient>" of IRC typein, and
## keep the connection alive. Pipe this thru "nc -v -w 5 irc-server port".
## Note that this mechanism makes the script easy to debug without being live,
## since it just echoes everything bound for the server.
## if you want autologin-type stuff, construct some appropriate files and
## shovel them in using the "<" mechanism.
# magic arg: if "tick", do keepalive process instead of main loop
if test "$1" = "tick" ; then
# ignore most signals; the parent will nuke the kid
# doesn't stop ^Z, of course.
trap '' 1 2 3 13 14 15 16
while true ; do
sleep 60
echo "PONG !"
done
fi
# top level: fire ourselves off as the keepalive process, and keep track of it
sh $0 tick &
ircpp=$!
echo "[Keepalive: $ircpp]" >&2
# catch our own batch of signals: hup int quit pipe alrm term urg
trap 'kill -9 $ircpp ; exit 0' 1 2 3 13 14 15 16
sleep 2
sender=''
savecmd=''
# the big honkin' loop...
while read xx yy ; do
case "${xx}" in
# blank line: do nothing
"")
continue
;;
# new channel or recipient; if bare ">", we're back to raw literal mode.
">")
if test "${yy}" ; then
sender="privmsg ${yy} :"
else
sender=''
fi
continue
;;
# send crud from a file, one line per second. Can you say "skr1pt kidz"??
# *Note: uses current "recipient" if set.
"<")
if test -f "${yy}" ; then
( while read zz ; do
sleep 1
echo "${sender}${zz}"
done ) < "$yy"
echo "[done]" >&2
else
echo "[File $yy not found]" >&2
fi
continue
;;
# do and save a single command, for quick repeat
"/")
if test "${yy}" ; then
savecmd="${yy}"
fi
echo "${savecmd}"
;;
# default case goes to recipient, just like always
*)
echo "${sender}${xx} ${yy}"
continue
;;
esac
done
# parting shot, if you want it
echo "quit :Bye all!"
kill -9 $ircpp
exit 0

35
scripts/iscan Executable file
View File

@ -0,0 +1,35 @@
#! /bin/sh
## duplicate DaveG's ident-scan thingie using netcat. Oooh, he'll be pissed.
## args: target port [port port port ...]
## hose stdout *and* stderr together.
##
## advantages: runs slower than ident-scan, giving remote inetd less cause
## for alarm, and only hits the few known daemon ports you specify.
## disadvantages: requires numeric-only port args, the output sleazitude,
## and won't work for r-services when coming from high source ports.
case "${2}" in
"" ) echo needs HOST and at least one PORT ; exit 1 ;;
esac
# ping 'em once and see if they *are* running identd
nc -z -w 9 "$1" 113 || { echo "oops, $1 isn't running identd" ; exit 0 ; }
# generate a randomish base port
RP=`expr $$ % 999 + 31337`
TRG="$1"
shift
while test "$1" ; do
nc -v -w 8 -p ${RP} "$TRG" ${1} < /dev/null > /dev/null &
PROC=$!
sleep 3
echo "${1},${RP}" | nc -w 4 -r "$TRG" 113 2>&1
sleep 2
# does this look like a lamer script or what...
kill -HUP $PROC
RP=`expr ${RP} + 1`
shift
done

46
scripts/ncp Executable file
View File

@ -0,0 +1,46 @@
#! /bin/sh
## Like "rcp" but uses netcat on a high port.
## do "ncp targetfile" on the RECEIVING machine
## then do "ncp sourcefile receivinghost" on the SENDING machine
## if invoked as "nzp" instead, compresses transit data.
## pick your own personal favorite port, which will be used on both ends.
## You should probably change this for your own uses.
MYPORT=23456
## if "nc" isn't systemwide or in your PATH, add the right place
# PATH=${HOME}:${PATH} ; export PATH
test "$3" && echo "too many args" && exit 1
test ! "$1" && echo "no args?" && exit 1
me=`echo $0 | sed 's+.*/++'`
test "$me" = "nzp" && echo '[compressed mode]'
# if second arg, it's a host to send an [extant] file to.
if test "$2" ; then
test ! -f "$1" && echo "can't find $1" && exit 1
if test "$me" = "nzp" ; then
compress -c < "$1" | nc -v -w 2 $2 $MYPORT && exit 0
else
nc -v -w 2 $2 $MYPORT < "$1" && exit 0
fi
echo "transfer FAILED!"
exit 1
fi
# fall here for receiver. Ask before trashing existing files
if test -f "$1" ; then
echo -n "Overwrite $1? "
read aa
test ! "$aa" = "y" && echo "[punted!]" && exit 1
fi
# 30 seconds oughta be pleeeeenty of time, but change if you want.
if test "$me" = "nzp" ; then
nc -v -w 30 -p $MYPORT -l < /dev/null | uncompress -c > "$1" && exit 0
else
nc -v -w 30 -p $MYPORT -l < /dev/null > "$1" && exit 0
fi
echo "transfer FAILED!"
# clean up, since even if the transfer failed, $1 is already trashed
rm -f "$1"
exit 1

50
scripts/probe Executable file
View File

@ -0,0 +1,50 @@
#! /bin/sh
## launch a whole buncha shit at yon victim in no particular order; capture
## stderr+stdout in one place. Run as root for rservice and low -p to work.
## Fairly thorough example of using netcat to collect a lot of host info.
## Will set off every intrusion alarm in existence on a paranoid machine!
# where .d files are kept; "." if nothing else
DDIR=../data
# address of some well-connected router that groks LSRR
GATE=192.157.69.11
# might conceivably wanna change this for different run styles
UCMD='nc -v -w 8'
test ! "$1" && echo Needs victim arg && exit 1
echo '' | $UCMD -w 9 -r "$1" 13 79 6667 2>&1
echo '0' | $UCMD "$1" 79 2>&1
# if LSRR was passed thru, should get refusal here:
$UCMD -z -r -g $GATE "$1" 6473 2>&1
$UCMD -r -z "$1" 6000 4000-4004 111 53 2105 137-140 1-20 540-550 95 87 2>&1
# -s `hostname` may be wrong for some multihomed machines
echo 'UDP echoecho!' | nc -u -p 7 -s `hostname` -w 3 "$1" 7 19 2>&1
echo '113,10158' | $UCMD -p 10158 "$1" 113 2>&1
rservice bin bin | $UCMD -p 1019 "$1" shell 2>&1
echo QUIT | $UCMD -w 8 -r "$1" 25 158 159 119 110 109 1109 142-144 220 23 2>&1
# newline after any telnet trash
echo ''
echo PASV | $UCMD -r "$1" 21 2>&1
echo 'GET /' | $UCMD -w 10 "$1" 80 81 210 70 2>&1
# sometimes contains useful directory info:
echo 'GET /robots.txt' | $UCMD -w 10 "$1" 80 2>&1
# now the big red lights go on
rservice bin bin 9600/9600 | $UCMD -p 1020 "$1" login 2>&1
rservice root root | $UCMD -r "$1" exec 2>&1
echo 'BEGIN big udp -- everything may look "open" if packet-filtered'
data -g < ${DDIR}/nfs-0.d | $UCMD -i 1 -u "$1" 2049 | od -x 2>&1
# no wait-time, uses RTT hack
nc -v -z -u -r "$1" 111 66-70 88 53 87 161-164 121-123 213 49 2>&1
nc -v -z -u -r "$1" 137-140 694-712 747-770 175-180 2103 510-530 2>&1
echo 'END big udp'
$UCMD -r -z "$1" 175-180 2000-2003 530-533 1524 1525 666 213 8000 6250 2>&1
# Use our identd-sniffer!
iscan "$1" 21 25 79 80 111 53 6667 6000 2049 119 2>&1
# this gets pretty intrusive, but what the fuck. Probe for portmap first
if nc -w 5 -z -u "$1" 111 ; then
showmount -e "$1" 2>&1
rpcinfo -p "$1" 2>&1
fi
exit 0

148
scripts/web Executable file
View File

@ -0,0 +1,148 @@
#! /bin/sh
## The web sucks. It is a mighty dismal kludge built out of a thousand
## tiny dismal kludges all band-aided together, and now these bottom-line
## clueless pinheads who never heard of "TCP handshake" want to run
## *commerce* over the damn thing. Ye godz. Welcome to TV of the next
## century -- six million channels of worthless shit to choose from, and
## about as much security as today's cable industry!
##
## Having grown mightily tired of pain in the ass browsers, I decided
## to build the minimalist client. It doesn't handle POST, just GETs, but
## the majority of cgi forms handlers apparently ignore the method anyway.
## A distinct advantage is that it *doesn't* pass on any other information
## to the server, like Referer: or info about your local machine such as
## Netscum tries to!
##
## Since the first version, this has become the *almost*-minimalist client,
## but it saves a lot of typing now. And with netcat as its backend, it's
## totally the balls. Don't have netcat? Get it here in /src/hacks!
## _H* 950824, updated 951009 et seq.
##
## args: hostname [port]. You feed it the filename-parts of URLs.
## In the loop, HOST, PORT, and SAVE do the right things; a null line
## gets the previous spec again [useful for initial timeouts]; EOF to exit.
## Relative URLs behave like a "cd" to wherever the last slash appears, or
## just use the last component with the saved preceding "directory" part.
## "\" clears the "filename" part and asks for just the "directory", and
## ".." goes up one "directory" level while retaining the "filename" part.
## Play around; you'll get used to it.
if test "$1" = "" ; then
echo Needs hostname arg.
exit 1
fi
umask 022
# optional PATH fixup
# PATH=${HOME}:${PATH} ; export PATH
test "${PAGER}" || PAGER=more
BACKEND="nc -v -w 15"
TMPAGE=/tmp/web$$
host="$1"
port="80"
if test "$2" != "" ; then
port="$2"
fi
spec="/"
specD="/"
specF=''
saving=''
# be vaguely smart about temp file usage. Use your own homedir if you're
# paranoid about someone symlink-racing your shell script, jeez.
rm -f ${TMPAGE}
test -f ${TMPAGE} && echo "Can't use ${TMPAGE}" && exit 1
# get loopy. Yes, I know "echo -n" aint portable. Everything echoed would
# need "\c" tacked onto the end in an SV universe, which you can fix yourself.
while echo -n "${specD}${specF} " && read spec ; do
case $spec in
HOST)
echo -n 'New host: '
read host
continue
;;
PORT)
echo -n 'New port: '
read port
continue
;;
SAVE)
echo -n 'Save file: '
read saving
# if we've already got a page, save it
test "${saving}" && test -f ${TMPAGE} &&
echo "=== ${host}:${specD}${specF} ===" >> $saving &&
cat ${TMPAGE} >> $saving && echo '' >> $saving
continue
;;
# changing the logic a bit here. Keep a state-concept of "current dir"
# and "current file". Dir is /foo/bar/ ; file is "baz" or null.
# leading slash: create whole new state.
/*)
specF=`echo "${spec}" | sed 's|.*/||'`
specD=`echo "${spec}" | sed 's|\(.*/\).*|\1|'`
spec="${specD}${specF}"
;;
# embedded slash: adding to the path. "file" part can be blank, too
*/*)
specF=`echo "${spec}" | sed 's|.*/||'`
specD=`echo "${specD}${spec}" | sed 's|\(.*/\).*|\1|'`
;;
# dotdot: jump "up" one level and just reprompt [confirms what it did...]
..)
specD=`echo "${specD}" | sed 's|\(.*/\)..*/|\1|'`
continue
;;
# blank line: do nothing, which will re-get the current one
'')
;;
# hack-quoted blank line: "\" means just zero out "file" part
'\')
specF=''
;;
# sigh
'?')
echo Help yourself. Read the script fer krissake.
continue
;;
# anything else is taken as a "file" part
*)
specF=${spec}
;;
esac
# now put it together and stuff it down a connection. Some lame non-unix
# http servers assume they'll never get simple-query format, and wait till
# an extra newline arrives. If you're up against one of these, change
# below to (echo GET "$spec" ; echo '') | $BACKEND ...
spec="${specD}${specF}"
echo GET "${spec}" | $BACKEND $host $port > ${TMPAGE}
${PAGER} ${TMPAGE}
# save in a format that still shows the URLs we hit after a de-html run
if test "${saving}" ; then
echo "=== ${host}:${spec} ===" >> $saving
cat ${TMPAGE} >> $saving
echo '' >> $saving
fi
done
rm -f ${TMPAGE}
exit 0
#######
# Encoding notes, finally from RFC 1738:
# %XX -- hex-encode of special chars
# allowed alphas in a URL: $_-.+!*'(),
# relative names *not* described, but obviously used all over the place
# transport://user:pass@host:port/path/name?query-string
# wais: port 210, //host:port/database?search or /database/type/file?
# cgi-bin/script?arg1=foo&arg2=bar&... scripts have to parse xxx&yyy&zzz
# ISMAP imagemap stuff: /bin/foobar.map?xxx,yyy -- have to guess at coords!
# local access-ctl files: ncsa: .htaccess ; cern: .www_acl
#######
# SEARCH ENGINES: fortunately, all are GET forms or at least work that way...
# multi-word args for most cases: foo+bar
# See 'websearch' for concise results of this research...

138
scripts/webproxy Executable file
View File

@ -0,0 +1,138 @@
#! /bin/sh
## Web proxy, following the grand tradition of Web things being handled by
## gross scripts. Uses netcat to listen on a high port [default 8000],
## picks apart requests and sends them on to the right place. Point this
## at the browser client machine you'll be coming from [to limit access to
## only it], and point the browser's concept of an HTTP proxy to the
## machine running this. Takes a single argument of the client that will
## be using it, and rejects connections from elsewhere. LOGS the queries
## to a configurable logfile, which can be an interesting read later on!
## If the argument is "reset", the listener and logfile are cleaned up.
##
## This works surprisingly fast and well, for a shell script, although may
## randomly fail when hammered by a browser that tries to open several
## connections at once. Drop the "maximum connections" in your browser if
## this is a problem.
##
## A more degenerate case of this, or preferably a small C program that
## does the same thing under inetd, could handle a small site's worth of
## proxy queries. Given the way browsers are evolving, proxies like this
## can play an important role in protecting your own privacy.
##
## If you grabbed this in ASCII mode, search down for "eew" and make sure
## the embedded-CR check is intact, or requests might hang.
##
## Doesn't handle POST forms. Who cares, if you're just watching HTTV?
## Dumbness here has a highly desirable side effect: it only sends the first
## GET line, since that's all you really ever need to send, and suppresses
## the other somewhat revealing trash that most browsers insist on sending.
# set these as you wish: proxy port...
PORT=8000
# logfile spec: a real file or /dev/null if you don't care
LFILE=${0}.log
# optional: where to dump connect info, so you can see if anything went wrong
# CFILE=${0}.conn
# optional extra args to the listener "nc", for instance "-s inside-net-addr"
# XNC=''
# functionality switch has to be done fast, so the next listener can start
# prelaunch check: if no current client and no args, bail.
case "${1}${CLIENT}" in
"")
echo needs client hostname
exit 1
;;
esac
case "${1}" in
"")
# Make like inetd, and run the next relayer process NOW. All the redirection
# is necessary so this shell has NO remaining channel open to the net.
# This will hang around for 10 minutes, and exit if no new connections arrive.
# Using -n for speed, avoiding any DNS/port lookups.
nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
2> $CFILE &
;;
esac
# no client yet and had an arg, this checking can be much slower now
umask 077
if test "$1" ; then
# if magic arg, just clean up and then hit our own port to cause server exit
if test "$1" = "reset" ; then
rm -f $LFILE
test -f "$CFILE" && rm -f $CFILE
nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
exit 0
fi
# find our ass with both hands
test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
# correct launch: set up client access control, passed along thru environment.
CLIENT="$1"
export CLIENT
test "$CFILE" || CFILE=/dev/null
export CFILE
touch "$CFILE"
# tell us what happened during the last run, if possible
if test -f "$CFILE" ; then
echo "Last connection results:"
cat $CFILE
fi
# ping client machine and get its bare IP address
CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'`
test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
# if this was an initial launch, be informative about it
echo "=== Launch: $CLIENT" >> $LFILE
echo "Proxy running -- will accept connections on $PORT from $CLIENT"
echo " Logging queries to $LFILE"
test -f "$CFILE" && echo " and connection fuckups to $CFILE"
# and run the first listener, showing us output just for the first hit
nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
exit 0
fi
# Fall here to handle a page.
# GET type://host.name:80/file/path HTTP/1.0
# Additional: trash
# More: trash
# <newline>
read x1 x2 x3 x4
echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
test "$x4" && echo "extra junk after request: $x4" && exit 0
# nuke questionable characters and split up the request
hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'`
# echo massaged hurl: $hurl >> $LFILE
hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"`
hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"`
test "$hp" = "$hh" && hp=80
hf=`echo "$hurl" | sed -e "s+[^/]*++"`
# echo total split: $hh : $hp : $hf >> $LFILE
# suck in and log the entire request, because we're curious
# Fails on multipart stuff like forms; oh well...
if test "$x3" ; then
while read xx ; do
echo "${xx}" >> $LFILE
test "${xx}" || break
# eew, buried returns, gross but necessary for DOS stupidity:
test "${xx}" = "
" && break
done
fi
# check for non-GET *after* we log the query...
test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
# no, you can *not* phone home, you miserable piece of shit
test "`echo $hh | fgrep -i netscap`" && \
echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
# Do it. 30 sec net-wait time oughta be *plenty*...
# Some braindead servers have forgotten how to handle the simple-query syntax.
# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc...
echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \
echo "oops, can't get to $hh : $hp".
echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
exit 0

44
scripts/webrelay Executable file
View File

@ -0,0 +1,44 @@
#! /bin/sh
## web relay -- a degenerate version of webproxy, usable with browsers that
## don't understand proxies. This just forwards connections to a given server.
## No query logging, no access control [although you can add it to XNC for
## your own run], and full-URL links will undoubtedly confuse the browser
## if it can't reach the server directly. This was actually written before
## the full proxy was, and it shows.
## The arguments in this case are the destination server and optional port.
## Please flame pinheads who use self-referential absolute links.
# set these as you wish: proxy port...
PORT=8000
# any extra args to the listening "nc", for instance "-s inside-net-addr"
XNC=''
# functionality switch, which has to be done fast to start the next listener
case "${1}${RDEST}" in
"")
echo needs hostname
exit 1
;;
esac
case "${1}" in
"")
# no args: fire off new relayer process NOW. Will hang around for 10 minutes
nc -w 600 -l -n -p $PORT -e "$0" $XNC < /dev/null > /dev/null 2>&1 &
# and handle this request, which will simply fail if vars not set yet.
exec nc -w 15 $RDEST $RPORT
;;
esac
# Fall here for setup; this can now be slower.
RDEST="$1"
RPORT="$2"
test "$RPORT" || RPORT=80
export RDEST RPORT
# Launch the first relayer same as above, but let its error msgs show up
# will hang around for a minute, and exit if no new connections arrive.
nc -v -w 600 -l -p $PORT -e "$0" $XNC < /dev/null > /dev/null &
echo \
"Relay to ${RDEST}:${RPORT} running -- point your browser here on port $PORT"
exit 0

77
scripts/websearch Executable file
View File

@ -0,0 +1,77 @@
#! /bin/sh
## Hit the major search engines. Hose the [large] output to a file!
## autoconverts multiple arguments into the right format for given servers --
## usually worda+wordb, with certain lame exceptions like dejanews.
## Extracting and post-sorting the URLs is highly recommended...
##
## Altavista currently handled by a separate script; may merge at some point.
##
## _H* original 950824, updated 951218 and 960209
test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1
PLUSARG="`echo $* | sed 's/ /+/g'`"
PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`"
IFILE=/tmp/.webq.$$
# Don't have "nc"? Get "netcat" from avian.org and add it to your toolkit.
doquery () {
echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3"
}
# changed since original: now supplying port numbers and separator lines...
echo "=== Yahoo ==="
doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80
echo '' ; echo "=== Webcrawler ==="
doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80
# the infoseek lamers want "registration" before they do a real search, but...
echo '' ; echo "=== Infoseek ==="
echo " is broken."
# doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80
# ... which doesn't work cuz their lame server wants the extra newlines, WITH
# CRLF pairs ferkrissake. Fuck 'em for now, they're hopelessly broken. If
# you want to play, the basic idea and query formats follow.
# echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE
# echo "" >> $IFILE
# nc -v -w 30 guide-p.infoseek.com 80 < $IFILE
# this is kinda flakey; might have to do twice??
echo '' ; echo "=== Opentext ==="
doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \
search.opentext.com 80
# looks like inktomi will only take hits=100, or defaults back to 30
# we try to suppress all the stupid rating dots here, too
echo '' ; echo "=== Inktomi ==="
doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \
sed '/^<IMG ALT.*inktomi.*\.gif">$/d'
#djnews lame shit limits hits to 120 and has nonstandard format
echo '' ; echo "=== Dejanews ==="
doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \
smithers.dejanews.com 80
# OLD lycos: used to work until they fucking BROKE it...
# doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \
# query5.lycos.cs.cmu.edu 80
# NEW lycos: wants the User-agent field present in query or it returns nothing
# 960206: webmaster@lycos duly bitched at
# 960208: reply received; here's how we will now handle it:
echo \
"GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \
> $IFILE
echo "User-agent: *FUCK OFF*" >> $IFILE
echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE
echo '' >> $IFILE
echo '' ; echo "=== Lycos ==="
nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE
rm -f $IFILE
exit 0
# CURRENTLY BROKEN [?]
# infoseek
# some args need to be redone to ensure whatever "and" mode applies