*Hobbit*'s netcat 1.10
This commit is contained in:
5
scripts/README
Normal file
5
scripts/README
Normal file
@ -0,0 +1,5 @@
|
||||
A collection of example scripts that use netcat as a backend, each
|
||||
documented by its own internal comments.
|
||||
|
||||
I'll be the first to admit that some of these are seriously *sick*,
|
||||
but they do work and are quite useful to me on a daily basis.
|
33
scripts/alta
Executable file
33
scripts/alta
Executable file
@ -0,0 +1,33 @@
|
||||
#! /bin/sh
|
||||
## special handler for altavista, since they only hand out chunks of 10 at
|
||||
## a time. Tries to isolate out results without the leading/trailing trash.
|
||||
## multiword arguments are foo+bar, as usual.
|
||||
## Second optional arg switches the "what" field, to e.g. "news"
|
||||
|
||||
test "${1}" = "" && echo 'Needs an argument to search for!' && exit 1
|
||||
WHAT="web"
|
||||
test "${2}" && WHAT="${2}"
|
||||
|
||||
# convert multiple args
|
||||
PLUSARG="`echo $* | sed 's/ /+/g'`"
|
||||
|
||||
# Plug in arg. only doing simple-q for now; pg=aq for advanced-query
|
||||
# embedded quotes define phrases; otherwise it goes wild on multi-words
|
||||
QB="GET /cgi-bin/query?pg=q&what=${WHAT}&fmt=c&q=\"${PLUSARG}\""
|
||||
|
||||
# ping 'em once, to get the routing warm
|
||||
nc -z -w 8 www.altavista.digital.com 24015 2> /dev/null
|
||||
echo "=== Altavista ==="
|
||||
|
||||
for xx in 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 \
|
||||
190 200 210 220 230 240 250 260 270 280 290 300 310 320 330 340 350 ; do
|
||||
echo "${QB}&stq=${xx}" | nc -w 15 www.altavista.digital.com 80 | \
|
||||
egrep '^<a href="http://'
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
||||
# old filter stuff
|
||||
sed -e '/Documents .* matching .* query /,/query?.*stq=.* Document/p' \
|
||||
-e d
|
||||
|
29
scripts/bsh
Executable file
29
scripts/bsh
Executable file
@ -0,0 +1,29 @@
|
||||
#! /bin/sh
|
||||
## a little wrapper to "password" and re-launch a shell-listener.
|
||||
## Arg is taken as the port to listen on. Define "NC" to point wherever.
|
||||
|
||||
NC=nc
|
||||
|
||||
case "$1" in
|
||||
?* )
|
||||
LPN="$1"
|
||||
export LPN
|
||||
sleep 1
|
||||
echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
|
||||
echo "launched on port $LPN"
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
# here we play inetd
|
||||
echo "-l -p $LPN -e $0" | $NC > /dev/null 2>&1 &
|
||||
|
||||
while read qq ; do
|
||||
case "$qq" in
|
||||
# here's yer password
|
||||
gimme )
|
||||
cd /
|
||||
exec csh -i
|
||||
;;
|
||||
esac
|
||||
done
|
23
scripts/dist.sh
Executable file
23
scripts/dist.sh
Executable file
@ -0,0 +1,23 @@
|
||||
#! /bin/sh
|
||||
## This is a quick example listen-exec server, which was used for a while to
|
||||
## distribute netcat prereleases. It illustrates use of netcat both as a
|
||||
## "fake inetd" and a syslogger, and how easy it then is to crock up a fairly
|
||||
## functional server that restarts its own listener and does full connection
|
||||
## logging. In a half-screen of shell script!!
|
||||
|
||||
PORT=31337
|
||||
|
||||
sleep 1
|
||||
SRC=`tail -1 dist.log`
|
||||
echo "<36>elite: ${SRC}" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
|
||||
echo ";;; Hi, ${SRC}..."
|
||||
echo ";;; This is a PRERELEASE version of 'netcat', tar/gzip/uuencoded."
|
||||
echo ";;; Unless you are capturing this somehow, it won't do you much good."
|
||||
echo ";;; Ready?? Here it comes! Have phun ..."
|
||||
sleep 8
|
||||
cat dist.file
|
||||
sleep 1
|
||||
./nc -v -l -p ${PORT} -e dist.sh < /dev/null >> dist.log 2>&1 &
|
||||
sleep 1
|
||||
echo "<36>elite: done" | ./nc -u -w 1 localhost 514 > /dev/null 2>&1
|
||||
exit 0
|
79
scripts/irc
Executable file
79
scripts/irc
Executable file
@ -0,0 +1,79 @@
|
||||
#! /bin/sh
|
||||
## Shit-simple script to supply the "privmsg <recipient>" of IRC typein, and
|
||||
## keep the connection alive. Pipe this thru "nc -v -w 5 irc-server port".
|
||||
## Note that this mechanism makes the script easy to debug without being live,
|
||||
## since it just echoes everything bound for the server.
|
||||
## if you want autologin-type stuff, construct some appropriate files and
|
||||
## shovel them in using the "<" mechanism.
|
||||
|
||||
# magic arg: if "tick", do keepalive process instead of main loop
|
||||
if test "$1" = "tick" ; then
|
||||
# ignore most signals; the parent will nuke the kid
|
||||
# doesn't stop ^Z, of course.
|
||||
trap '' 1 2 3 13 14 15 16
|
||||
while true ; do
|
||||
sleep 60
|
||||
echo "PONG !"
|
||||
done
|
||||
fi
|
||||
|
||||
# top level: fire ourselves off as the keepalive process, and keep track of it
|
||||
sh $0 tick &
|
||||
ircpp=$!
|
||||
echo "[Keepalive: $ircpp]" >&2
|
||||
# catch our own batch of signals: hup int quit pipe alrm term urg
|
||||
trap 'kill -9 $ircpp ; exit 0' 1 2 3 13 14 15 16
|
||||
sleep 2
|
||||
|
||||
sender=''
|
||||
savecmd=''
|
||||
|
||||
# the big honkin' loop...
|
||||
while read xx yy ; do
|
||||
case "${xx}" in
|
||||
# blank line: do nothing
|
||||
"")
|
||||
continue
|
||||
;;
|
||||
# new channel or recipient; if bare ">", we're back to raw literal mode.
|
||||
">")
|
||||
if test "${yy}" ; then
|
||||
sender="privmsg ${yy} :"
|
||||
else
|
||||
sender=''
|
||||
fi
|
||||
continue
|
||||
;;
|
||||
# send crud from a file, one line per second. Can you say "skr1pt kidz"??
|
||||
# *Note: uses current "recipient" if set.
|
||||
"<")
|
||||
if test -f "${yy}" ; then
|
||||
( while read zz ; do
|
||||
sleep 1
|
||||
echo "${sender}${zz}"
|
||||
done ) < "$yy"
|
||||
echo "[done]" >&2
|
||||
else
|
||||
echo "[File $yy not found]" >&2
|
||||
fi
|
||||
continue
|
||||
;;
|
||||
# do and save a single command, for quick repeat
|
||||
"/")
|
||||
if test "${yy}" ; then
|
||||
savecmd="${yy}"
|
||||
fi
|
||||
echo "${savecmd}"
|
||||
;;
|
||||
# default case goes to recipient, just like always
|
||||
*)
|
||||
echo "${sender}${xx} ${yy}"
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# parting shot, if you want it
|
||||
echo "quit :Bye all!"
|
||||
kill -9 $ircpp
|
||||
exit 0
|
35
scripts/iscan
Executable file
35
scripts/iscan
Executable file
@ -0,0 +1,35 @@
|
||||
#! /bin/sh
|
||||
## duplicate DaveG's ident-scan thingie using netcat. Oooh, he'll be pissed.
|
||||
## args: target port [port port port ...]
|
||||
## hose stdout *and* stderr together.
|
||||
##
|
||||
## advantages: runs slower than ident-scan, giving remote inetd less cause
|
||||
## for alarm, and only hits the few known daemon ports you specify.
|
||||
## disadvantages: requires numeric-only port args, the output sleazitude,
|
||||
## and won't work for r-services when coming from high source ports.
|
||||
|
||||
case "${2}" in
|
||||
"" ) echo needs HOST and at least one PORT ; exit 1 ;;
|
||||
esac
|
||||
|
||||
# ping 'em once and see if they *are* running identd
|
||||
nc -z -w 9 "$1" 113 || { echo "oops, $1 isn't running identd" ; exit 0 ; }
|
||||
|
||||
# generate a randomish base port
|
||||
RP=`expr $$ % 999 + 31337`
|
||||
|
||||
TRG="$1"
|
||||
shift
|
||||
|
||||
while test "$1" ; do
|
||||
nc -v -w 8 -p ${RP} "$TRG" ${1} < /dev/null > /dev/null &
|
||||
PROC=$!
|
||||
sleep 3
|
||||
echo "${1},${RP}" | nc -w 4 -r "$TRG" 113 2>&1
|
||||
sleep 2
|
||||
# does this look like a lamer script or what...
|
||||
kill -HUP $PROC
|
||||
RP=`expr ${RP} + 1`
|
||||
shift
|
||||
done
|
||||
|
46
scripts/ncp
Executable file
46
scripts/ncp
Executable file
@ -0,0 +1,46 @@
|
||||
#! /bin/sh
|
||||
## Like "rcp" but uses netcat on a high port.
|
||||
## do "ncp targetfile" on the RECEIVING machine
|
||||
## then do "ncp sourcefile receivinghost" on the SENDING machine
|
||||
## if invoked as "nzp" instead, compresses transit data.
|
||||
|
||||
## pick your own personal favorite port, which will be used on both ends.
|
||||
## You should probably change this for your own uses.
|
||||
MYPORT=23456
|
||||
|
||||
## if "nc" isn't systemwide or in your PATH, add the right place
|
||||
# PATH=${HOME}:${PATH} ; export PATH
|
||||
|
||||
test "$3" && echo "too many args" && exit 1
|
||||
test ! "$1" && echo "no args?" && exit 1
|
||||
me=`echo $0 | sed 's+.*/++'`
|
||||
test "$me" = "nzp" && echo '[compressed mode]'
|
||||
|
||||
# if second arg, it's a host to send an [extant] file to.
|
||||
if test "$2" ; then
|
||||
test ! -f "$1" && echo "can't find $1" && exit 1
|
||||
if test "$me" = "nzp" ; then
|
||||
compress -c < "$1" | nc -v -w 2 $2 $MYPORT && exit 0
|
||||
else
|
||||
nc -v -w 2 $2 $MYPORT < "$1" && exit 0
|
||||
fi
|
||||
echo "transfer FAILED!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# fall here for receiver. Ask before trashing existing files
|
||||
if test -f "$1" ; then
|
||||
echo -n "Overwrite $1? "
|
||||
read aa
|
||||
test ! "$aa" = "y" && echo "[punted!]" && exit 1
|
||||
fi
|
||||
# 30 seconds oughta be pleeeeenty of time, but change if you want.
|
||||
if test "$me" = "nzp" ; then
|
||||
nc -v -w 30 -p $MYPORT -l < /dev/null | uncompress -c > "$1" && exit 0
|
||||
else
|
||||
nc -v -w 30 -p $MYPORT -l < /dev/null > "$1" && exit 0
|
||||
fi
|
||||
echo "transfer FAILED!"
|
||||
# clean up, since even if the transfer failed, $1 is already trashed
|
||||
rm -f "$1"
|
||||
exit 1
|
50
scripts/probe
Executable file
50
scripts/probe
Executable file
@ -0,0 +1,50 @@
|
||||
#! /bin/sh
|
||||
## launch a whole buncha shit at yon victim in no particular order; capture
|
||||
## stderr+stdout in one place. Run as root for rservice and low -p to work.
|
||||
## Fairly thorough example of using netcat to collect a lot of host info.
|
||||
## Will set off every intrusion alarm in existence on a paranoid machine!
|
||||
|
||||
# where .d files are kept; "." if nothing else
|
||||
DDIR=../data
|
||||
# address of some well-connected router that groks LSRR
|
||||
GATE=192.157.69.11
|
||||
|
||||
# might conceivably wanna change this for different run styles
|
||||
UCMD='nc -v -w 8'
|
||||
|
||||
test ! "$1" && echo Needs victim arg && exit 1
|
||||
|
||||
echo '' | $UCMD -w 9 -r "$1" 13 79 6667 2>&1
|
||||
echo '0' | $UCMD "$1" 79 2>&1
|
||||
# if LSRR was passed thru, should get refusal here:
|
||||
$UCMD -z -r -g $GATE "$1" 6473 2>&1
|
||||
$UCMD -r -z "$1" 6000 4000-4004 111 53 2105 137-140 1-20 540-550 95 87 2>&1
|
||||
# -s `hostname` may be wrong for some multihomed machines
|
||||
echo 'UDP echoecho!' | nc -u -p 7 -s `hostname` -w 3 "$1" 7 19 2>&1
|
||||
echo '113,10158' | $UCMD -p 10158 "$1" 113 2>&1
|
||||
rservice bin bin | $UCMD -p 1019 "$1" shell 2>&1
|
||||
echo QUIT | $UCMD -w 8 -r "$1" 25 158 159 119 110 109 1109 142-144 220 23 2>&1
|
||||
# newline after any telnet trash
|
||||
echo ''
|
||||
echo PASV | $UCMD -r "$1" 21 2>&1
|
||||
echo 'GET /' | $UCMD -w 10 "$1" 80 81 210 70 2>&1
|
||||
# sometimes contains useful directory info:
|
||||
echo 'GET /robots.txt' | $UCMD -w 10 "$1" 80 2>&1
|
||||
# now the big red lights go on
|
||||
rservice bin bin 9600/9600 | $UCMD -p 1020 "$1" login 2>&1
|
||||
rservice root root | $UCMD -r "$1" exec 2>&1
|
||||
echo 'BEGIN big udp -- everything may look "open" if packet-filtered'
|
||||
data -g < ${DDIR}/nfs-0.d | $UCMD -i 1 -u "$1" 2049 | od -x 2>&1
|
||||
# no wait-time, uses RTT hack
|
||||
nc -v -z -u -r "$1" 111 66-70 88 53 87 161-164 121-123 213 49 2>&1
|
||||
nc -v -z -u -r "$1" 137-140 694-712 747-770 175-180 2103 510-530 2>&1
|
||||
echo 'END big udp'
|
||||
$UCMD -r -z "$1" 175-180 2000-2003 530-533 1524 1525 666 213 8000 6250 2>&1
|
||||
# Use our identd-sniffer!
|
||||
iscan "$1" 21 25 79 80 111 53 6667 6000 2049 119 2>&1
|
||||
# this gets pretty intrusive, but what the fuck. Probe for portmap first
|
||||
if nc -w 5 -z -u "$1" 111 ; then
|
||||
showmount -e "$1" 2>&1
|
||||
rpcinfo -p "$1" 2>&1
|
||||
fi
|
||||
exit 0
|
148
scripts/web
Executable file
148
scripts/web
Executable file
@ -0,0 +1,148 @@
|
||||
#! /bin/sh
|
||||
## The web sucks. It is a mighty dismal kludge built out of a thousand
|
||||
## tiny dismal kludges all band-aided together, and now these bottom-line
|
||||
## clueless pinheads who never heard of "TCP handshake" want to run
|
||||
## *commerce* over the damn thing. Ye godz. Welcome to TV of the next
|
||||
## century -- six million channels of worthless shit to choose from, and
|
||||
## about as much security as today's cable industry!
|
||||
##
|
||||
## Having grown mightily tired of pain in the ass browsers, I decided
|
||||
## to build the minimalist client. It doesn't handle POST, just GETs, but
|
||||
## the majority of cgi forms handlers apparently ignore the method anyway.
|
||||
## A distinct advantage is that it *doesn't* pass on any other information
|
||||
## to the server, like Referer: or info about your local machine such as
|
||||
## Netscum tries to!
|
||||
##
|
||||
## Since the first version, this has become the *almost*-minimalist client,
|
||||
## but it saves a lot of typing now. And with netcat as its backend, it's
|
||||
## totally the balls. Don't have netcat? Get it here in /src/hacks!
|
||||
## _H* 950824, updated 951009 et seq.
|
||||
##
|
||||
## args: hostname [port]. You feed it the filename-parts of URLs.
|
||||
## In the loop, HOST, PORT, and SAVE do the right things; a null line
|
||||
## gets the previous spec again [useful for initial timeouts]; EOF to exit.
|
||||
## Relative URLs behave like a "cd" to wherever the last slash appears, or
|
||||
## just use the last component with the saved preceding "directory" part.
|
||||
## "\" clears the "filename" part and asks for just the "directory", and
|
||||
## ".." goes up one "directory" level while retaining the "filename" part.
|
||||
## Play around; you'll get used to it.
|
||||
|
||||
if test "$1" = "" ; then
|
||||
echo Needs hostname arg.
|
||||
exit 1
|
||||
fi
|
||||
umask 022
|
||||
|
||||
# optional PATH fixup
|
||||
# PATH=${HOME}:${PATH} ; export PATH
|
||||
|
||||
test "${PAGER}" || PAGER=more
|
||||
BACKEND="nc -v -w 15"
|
||||
TMPAGE=/tmp/web$$
|
||||
host="$1"
|
||||
port="80"
|
||||
if test "$2" != "" ; then
|
||||
port="$2"
|
||||
fi
|
||||
|
||||
spec="/"
|
||||
specD="/"
|
||||
specF=''
|
||||
saving=''
|
||||
|
||||
# be vaguely smart about temp file usage. Use your own homedir if you're
|
||||
# paranoid about someone symlink-racing your shell script, jeez.
|
||||
rm -f ${TMPAGE}
|
||||
test -f ${TMPAGE} && echo "Can't use ${TMPAGE}" && exit 1
|
||||
|
||||
# get loopy. Yes, I know "echo -n" aint portable. Everything echoed would
|
||||
# need "\c" tacked onto the end in an SV universe, which you can fix yourself.
|
||||
while echo -n "${specD}${specF} " && read spec ; do
|
||||
case $spec in
|
||||
HOST)
|
||||
echo -n 'New host: '
|
||||
read host
|
||||
continue
|
||||
;;
|
||||
PORT)
|
||||
echo -n 'New port: '
|
||||
read port
|
||||
continue
|
||||
;;
|
||||
SAVE)
|
||||
echo -n 'Save file: '
|
||||
read saving
|
||||
# if we've already got a page, save it
|
||||
test "${saving}" && test -f ${TMPAGE} &&
|
||||
echo "=== ${host}:${specD}${specF} ===" >> $saving &&
|
||||
cat ${TMPAGE} >> $saving && echo '' >> $saving
|
||||
continue
|
||||
;;
|
||||
# changing the logic a bit here. Keep a state-concept of "current dir"
|
||||
# and "current file". Dir is /foo/bar/ ; file is "baz" or null.
|
||||
# leading slash: create whole new state.
|
||||
/*)
|
||||
specF=`echo "${spec}" | sed 's|.*/||'`
|
||||
specD=`echo "${spec}" | sed 's|\(.*/\).*|\1|'`
|
||||
spec="${specD}${specF}"
|
||||
;;
|
||||
# embedded slash: adding to the path. "file" part can be blank, too
|
||||
*/*)
|
||||
specF=`echo "${spec}" | sed 's|.*/||'`
|
||||
specD=`echo "${specD}${spec}" | sed 's|\(.*/\).*|\1|'`
|
||||
;;
|
||||
# dotdot: jump "up" one level and just reprompt [confirms what it did...]
|
||||
..)
|
||||
specD=`echo "${specD}" | sed 's|\(.*/\)..*/|\1|'`
|
||||
continue
|
||||
;;
|
||||
# blank line: do nothing, which will re-get the current one
|
||||
'')
|
||||
;;
|
||||
# hack-quoted blank line: "\" means just zero out "file" part
|
||||
'\')
|
||||
specF=''
|
||||
;;
|
||||
# sigh
|
||||
'?')
|
||||
echo Help yourself. Read the script fer krissake.
|
||||
continue
|
||||
;;
|
||||
# anything else is taken as a "file" part
|
||||
*)
|
||||
specF=${spec}
|
||||
;;
|
||||
esac
|
||||
|
||||
# now put it together and stuff it down a connection. Some lame non-unix
|
||||
# http servers assume they'll never get simple-query format, and wait till
|
||||
# an extra newline arrives. If you're up against one of these, change
|
||||
# below to (echo GET "$spec" ; echo '') | $BACKEND ...
|
||||
spec="${specD}${specF}"
|
||||
echo GET "${spec}" | $BACKEND $host $port > ${TMPAGE}
|
||||
${PAGER} ${TMPAGE}
|
||||
|
||||
# save in a format that still shows the URLs we hit after a de-html run
|
||||
if test "${saving}" ; then
|
||||
echo "=== ${host}:${spec} ===" >> $saving
|
||||
cat ${TMPAGE} >> $saving
|
||||
echo '' >> $saving
|
||||
fi
|
||||
done
|
||||
rm -f ${TMPAGE}
|
||||
exit 0
|
||||
|
||||
#######
|
||||
# Encoding notes, finally from RFC 1738:
|
||||
# %XX -- hex-encode of special chars
|
||||
# allowed alphas in a URL: $_-.+!*'(),
|
||||
# relative names *not* described, but obviously used all over the place
|
||||
# transport://user:pass@host:port/path/name?query-string
|
||||
# wais: port 210, //host:port/database?search or /database/type/file?
|
||||
# cgi-bin/script?arg1=foo&arg2=bar&... scripts have to parse xxx&yyy&zzz
|
||||
# ISMAP imagemap stuff: /bin/foobar.map?xxx,yyy -- have to guess at coords!
|
||||
# local access-ctl files: ncsa: .htaccess ; cern: .www_acl
|
||||
#######
|
||||
# SEARCH ENGINES: fortunately, all are GET forms or at least work that way...
|
||||
# multi-word args for most cases: foo+bar
|
||||
# See 'websearch' for concise results of this research...
|
138
scripts/webproxy
Executable file
138
scripts/webproxy
Executable file
@ -0,0 +1,138 @@
|
||||
#! /bin/sh
|
||||
## Web proxy, following the grand tradition of Web things being handled by
|
||||
## gross scripts. Uses netcat to listen on a high port [default 8000],
|
||||
## picks apart requests and sends them on to the right place. Point this
|
||||
## at the browser client machine you'll be coming from [to limit access to
|
||||
## only it], and point the browser's concept of an HTTP proxy to the
|
||||
## machine running this. Takes a single argument of the client that will
|
||||
## be using it, and rejects connections from elsewhere. LOGS the queries
|
||||
## to a configurable logfile, which can be an interesting read later on!
|
||||
## If the argument is "reset", the listener and logfile are cleaned up.
|
||||
##
|
||||
## This works surprisingly fast and well, for a shell script, although may
|
||||
## randomly fail when hammered by a browser that tries to open several
|
||||
## connections at once. Drop the "maximum connections" in your browser if
|
||||
## this is a problem.
|
||||
##
|
||||
## A more degenerate case of this, or preferably a small C program that
|
||||
## does the same thing under inetd, could handle a small site's worth of
|
||||
## proxy queries. Given the way browsers are evolving, proxies like this
|
||||
## can play an important role in protecting your own privacy.
|
||||
##
|
||||
## If you grabbed this in ASCII mode, search down for "eew" and make sure
|
||||
## the embedded-CR check is intact, or requests might hang.
|
||||
##
|
||||
## Doesn't handle POST forms. Who cares, if you're just watching HTTV?
|
||||
## Dumbness here has a highly desirable side effect: it only sends the first
|
||||
## GET line, since that's all you really ever need to send, and suppresses
|
||||
## the other somewhat revealing trash that most browsers insist on sending.
|
||||
|
||||
# set these as you wish: proxy port...
|
||||
PORT=8000
|
||||
# logfile spec: a real file or /dev/null if you don't care
|
||||
LFILE=${0}.log
|
||||
# optional: where to dump connect info, so you can see if anything went wrong
|
||||
# CFILE=${0}.conn
|
||||
# optional extra args to the listener "nc", for instance "-s inside-net-addr"
|
||||
# XNC=''
|
||||
|
||||
# functionality switch has to be done fast, so the next listener can start
|
||||
# prelaunch check: if no current client and no args, bail.
|
||||
case "${1}${CLIENT}" in
|
||||
"")
|
||||
echo needs client hostname
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
case "${1}" in
|
||||
"")
|
||||
# Make like inetd, and run the next relayer process NOW. All the redirection
|
||||
# is necessary so this shell has NO remaining channel open to the net.
|
||||
# This will hang around for 10 minutes, and exit if no new connections arrive.
|
||||
# Using -n for speed, avoiding any DNS/port lookups.
|
||||
nc -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" < /dev/null > /dev/null \
|
||||
2> $CFILE &
|
||||
;;
|
||||
esac
|
||||
|
||||
# no client yet and had an arg, this checking can be much slower now
|
||||
umask 077
|
||||
|
||||
if test "$1" ; then
|
||||
# if magic arg, just clean up and then hit our own port to cause server exit
|
||||
if test "$1" = "reset" ; then
|
||||
rm -f $LFILE
|
||||
test -f "$CFILE" && rm -f $CFILE
|
||||
nc -w 1 -n 127.0.0.1 $PORT < /dev/null > /dev/null 2>&1
|
||||
exit 0
|
||||
fi
|
||||
# find our ass with both hands
|
||||
test ! -f "$0" && echo "Oops, cannot find my own corporeal being" && exit 1
|
||||
# correct launch: set up client access control, passed along thru environment.
|
||||
CLIENT="$1"
|
||||
export CLIENT
|
||||
test "$CFILE" || CFILE=/dev/null
|
||||
export CFILE
|
||||
touch "$CFILE"
|
||||
# tell us what happened during the last run, if possible
|
||||
if test -f "$CFILE" ; then
|
||||
echo "Last connection results:"
|
||||
cat $CFILE
|
||||
fi
|
||||
|
||||
# ping client machine and get its bare IP address
|
||||
CLIENT=`nc -z -v -w 8 "$1" 22000 2>&1 | sed 's/.*\[\(..*\)\].*/\1/'`
|
||||
test ! "$CLIENT" && echo "Can't find address of $1" && exit 1
|
||||
|
||||
# if this was an initial launch, be informative about it
|
||||
echo "=== Launch: $CLIENT" >> $LFILE
|
||||
echo "Proxy running -- will accept connections on $PORT from $CLIENT"
|
||||
echo " Logging queries to $LFILE"
|
||||
test -f "$CFILE" && echo " and connection fuckups to $CFILE"
|
||||
|
||||
# and run the first listener, showing us output just for the first hit
|
||||
nc -v -w 600 -n -l -p $PORT -e "$0" $XNC "$CLIENT" &
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Fall here to handle a page.
|
||||
# GET type://host.name:80/file/path HTTP/1.0
|
||||
# Additional: trash
|
||||
# More: trash
|
||||
# <newline>
|
||||
|
||||
read x1 x2 x3 x4
|
||||
echo "=== query: $x1 $x2 $x3 $x4" >> $LFILE
|
||||
test "$x4" && echo "extra junk after request: $x4" && exit 0
|
||||
# nuke questionable characters and split up the request
|
||||
hurl=`echo "$x2" | sed -e "s+.*//++" -e 's+[\`'\''|$;<>{}\\!*()"]++g'`
|
||||
# echo massaged hurl: $hurl >> $LFILE
|
||||
hh=`echo "$hurl" | sed -e "s+/.*++" -e "s+:.*++"`
|
||||
hp=`echo "$hurl" | sed -e "s+.*:++" -e "s+/.*++"`
|
||||
test "$hp" = "$hh" && hp=80
|
||||
hf=`echo "$hurl" | sed -e "s+[^/]*++"`
|
||||
# echo total split: $hh : $hp : $hf >> $LFILE
|
||||
# suck in and log the entire request, because we're curious
|
||||
# Fails on multipart stuff like forms; oh well...
|
||||
if test "$x3" ; then
|
||||
while read xx ; do
|
||||
echo "${xx}" >> $LFILE
|
||||
test "${xx}" || break
|
||||
# eew, buried returns, gross but necessary for DOS stupidity:
|
||||
test "${xx}" = "
|
||||
" && break
|
||||
done
|
||||
fi
|
||||
# check for non-GET *after* we log the query...
|
||||
test "$x1" != "GET" && echo "sorry, this proxy only does GETs" && exit 0
|
||||
# no, you can *not* phone home, you miserable piece of shit
|
||||
test "`echo $hh | fgrep -i netscap`" && \
|
||||
echo "access to Netscam's servers <b>DENIED.</b>" && exit 0
|
||||
# Do it. 30 sec net-wait time oughta be *plenty*...
|
||||
# Some braindead servers have forgotten how to handle the simple-query syntax.
|
||||
# If necessary, replace below with (echo "$x1 $hf" ; echo '') | nc...
|
||||
echo "$x1 $hf" | nc -w 30 "$hh" "$hp" 2> /dev/null || \
|
||||
echo "oops, can't get to $hh : $hp".
|
||||
echo "sent \"$x1 $hf\" to $hh : $hp" >> $LFILE
|
||||
exit 0
|
44
scripts/webrelay
Executable file
44
scripts/webrelay
Executable file
@ -0,0 +1,44 @@
|
||||
#! /bin/sh
|
||||
## web relay -- a degenerate version of webproxy, usable with browsers that
|
||||
## don't understand proxies. This just forwards connections to a given server.
|
||||
## No query logging, no access control [although you can add it to XNC for
|
||||
## your own run], and full-URL links will undoubtedly confuse the browser
|
||||
## if it can't reach the server directly. This was actually written before
|
||||
## the full proxy was, and it shows.
|
||||
## The arguments in this case are the destination server and optional port.
|
||||
## Please flame pinheads who use self-referential absolute links.
|
||||
|
||||
# set these as you wish: proxy port...
|
||||
PORT=8000
|
||||
# any extra args to the listening "nc", for instance "-s inside-net-addr"
|
||||
XNC=''
|
||||
|
||||
# functionality switch, which has to be done fast to start the next listener
|
||||
case "${1}${RDEST}" in
|
||||
"")
|
||||
echo needs hostname
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
case "${1}" in
|
||||
"")
|
||||
# no args: fire off new relayer process NOW. Will hang around for 10 minutes
|
||||
nc -w 600 -l -n -p $PORT -e "$0" $XNC < /dev/null > /dev/null 2>&1 &
|
||||
# and handle this request, which will simply fail if vars not set yet.
|
||||
exec nc -w 15 $RDEST $RPORT
|
||||
;;
|
||||
esac
|
||||
|
||||
# Fall here for setup; this can now be slower.
|
||||
RDEST="$1"
|
||||
RPORT="$2"
|
||||
test "$RPORT" || RPORT=80
|
||||
export RDEST RPORT
|
||||
|
||||
# Launch the first relayer same as above, but let its error msgs show up
|
||||
# will hang around for a minute, and exit if no new connections arrive.
|
||||
nc -v -w 600 -l -p $PORT -e "$0" $XNC < /dev/null > /dev/null &
|
||||
echo \
|
||||
"Relay to ${RDEST}:${RPORT} running -- point your browser here on port $PORT"
|
||||
exit 0
|
77
scripts/websearch
Executable file
77
scripts/websearch
Executable file
@ -0,0 +1,77 @@
|
||||
#! /bin/sh
|
||||
## Hit the major search engines. Hose the [large] output to a file!
|
||||
## autoconverts multiple arguments into the right format for given servers --
|
||||
## usually worda+wordb, with certain lame exceptions like dejanews.
|
||||
## Extracting and post-sorting the URLs is highly recommended...
|
||||
##
|
||||
## Altavista currently handled by a separate script; may merge at some point.
|
||||
##
|
||||
## _H* original 950824, updated 951218 and 960209
|
||||
|
||||
test "${1}" = "" && echo 'Needs argument[s] to search for!' && exit 1
|
||||
PLUSARG="`echo $* | sed 's/ /+/g'`"
|
||||
PIPEARG="`echo ${PLUSARG} | sed 's/+/|/g'`"
|
||||
IFILE=/tmp/.webq.$$
|
||||
|
||||
# Don't have "nc"? Get "netcat" from avian.org and add it to your toolkit.
|
||||
doquery () {
|
||||
echo GET "$1" | nc -v -i 1 -w 30 "$2" "$3"
|
||||
}
|
||||
|
||||
# changed since original: now supplying port numbers and separator lines...
|
||||
|
||||
echo "=== Yahoo ==="
|
||||
doquery "/bin/search?p=${PLUSARG}&n=300&w=w&s=a" search.yahoo.com 80
|
||||
|
||||
echo '' ; echo "=== Webcrawler ==="
|
||||
doquery "/cgi-bin/WebQuery?searchText=${PLUSARG}&maxHits=300" webcrawler.com 80
|
||||
|
||||
# the infoseek lamers want "registration" before they do a real search, but...
|
||||
echo '' ; echo "=== Infoseek ==="
|
||||
echo " is broken."
|
||||
# doquery "WW/IS/Titles?qt=${PLUSARG}" www2.infoseek.com 80
|
||||
# ... which doesn't work cuz their lame server wants the extra newlines, WITH
|
||||
# CRLF pairs ferkrissake. Fuck 'em for now, they're hopelessly broken. If
|
||||
# you want to play, the basic idea and query formats follow.
|
||||
# echo "GET /WW/IS/Titles?qt=${PLUSARG}" > $IFILE
|
||||
# echo "" >> $IFILE
|
||||
# nc -v -w 30 guide-p.infoseek.com 80 < $IFILE
|
||||
|
||||
# this is kinda flakey; might have to do twice??
|
||||
echo '' ; echo "=== Opentext ==="
|
||||
doquery "/omw/simplesearch?SearchFor=${PLUSARG}&mode=phrase" \
|
||||
search.opentext.com 80
|
||||
|
||||
# looks like inktomi will only take hits=100, or defaults back to 30
|
||||
# we try to suppress all the stupid rating dots here, too
|
||||
echo '' ; echo "=== Inktomi ==="
|
||||
doquery "/query/?query=${PLUSARG}&hits=100" ink3.cs.berkeley.edu 1234 | \
|
||||
sed '/^<IMG ALT.*inktomi.*\.gif">$/d'
|
||||
|
||||
#djnews lame shit limits hits to 120 and has nonstandard format
|
||||
echo '' ; echo "=== Dejanews ==="
|
||||
doquery "/cgi-bin/nph-dnquery?query=${PIPEARG}+maxhits=110+format=terse+defaultOp=AND" \
|
||||
smithers.dejanews.com 80
|
||||
|
||||
# OLD lycos: used to work until they fucking BROKE it...
|
||||
# doquery "/cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=1" \
|
||||
# query5.lycos.cs.cmu.edu 80
|
||||
# NEW lycos: wants the User-agent field present in query or it returns nothing
|
||||
# 960206: webmaster@lycos duly bitched at
|
||||
# 960208: reply received; here's how we will now handle it:
|
||||
echo \
|
||||
"GET /cgi-bin/pursuit?query=${PLUSARG}&maxhits=300&terse=terse&matchmode=and&minscore=.5 HTTP/1.x" \
|
||||
> $IFILE
|
||||
echo "User-agent: *FUCK OFF*" >> $IFILE
|
||||
echo "Why: go ask todd@pointcom.com (Todd Whitney)" >> $IFILE
|
||||
echo '' >> $IFILE
|
||||
echo '' ; echo "=== Lycos ==="
|
||||
nc -v -i 1 -w 30 twelve.srv.lycos.com 80 < $IFILE
|
||||
|
||||
rm -f $IFILE
|
||||
exit 0
|
||||
|
||||
# CURRENTLY BROKEN [?]
|
||||
# infoseek
|
||||
|
||||
# some args need to be redone to ensure whatever "and" mode applies
|
Reference in New Issue
Block a user