Solved

help needed w Windows batch script

Posted on 2016-07-16
10
37 Views
Last Modified: 2016-07-18
I have in mind to write the following Windows batch script to poll entire range of 254 IP subnet to see
if the IP has web server listening on it;  help me fix the codes below to get it working:

echo off
do while reading c:\temp\wgetoutput.txt
wget -S <IP_from_IPlist.txt>  2> c:\temp\wgetoutput.txt
if %errorlevel% == 0 then find "Server:" >> c:\temp\websvrtype.txt
  else
echo "not a webserver" >> >> c:\temp\websvrtype.txt
endif



I have the wget tool & it's tested working.
The error output  (ie 2> )  of  'wget -S IP_addr' is as below:

If successfully connected to a web server: (ie errorlevel is 0)
=================================
Connecting to 10.1.10.71:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.0 301 Redirect
  Server: GoAhead-Webs
  Date: Fri Jan 14 18:41:53 2106
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Type: text/html
  Location: index.asp

If unsuccessfully connected to a web server: (errorlevel is usually 1 but can be high value if IP invalid; so all non-zero values)
====================================
           => `index.html.1'
Connecting to 10.1.10.1:80... failed: Connection refused.
0
Comment
Question by:sunhux
  • 3
  • 2
  • 2
  • +2
10 Comments
 

Author Comment

by:sunhux
Comment Utility
correction:

if %errorlevel% == 0 then find "Server:" >> c:\temp\websvrtype.txt
    should read
if %errorlevel% == 0 then find "Server:" c:\temp\wgetoutput.txt >> c:\temp\websvrtype.txt
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 70 total points
Comment Utility
You might consider one of the programs that already exist like AngyIP scanner.  http://angryip.org/
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Here http://www.advanced-ip-scanner.com/ is another that doesn't require JAVA.
0
 
LVL 51

Assisted Solution

by:Joe Winograd, EE MVE
Joe Winograd, EE MVE earned 100 total points
Comment Utility
Hi sunhux,
I can't help you with that batch file, but along the lines of Dave's posts, this EE article provides a solution that may interest you:
Test IP Addresses with PING

Regards, Joe
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 50 total points
Comment Utility
I also use Advanced IP Scanner. It works well, does what you want and can save the results to a file.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 51

Assisted Solution

by:Joe Winograd, EE MVE
Joe Winograd, EE MVE earned 100 total points
Comment Utility
sunhux,
One other thing. If you don't want to install AutoHotkey and prefer to download an executable (an EXE file), such as with the two links that Dave provided, then I'll be happy to compile it for you into a stand-alone executable (an EXE file that requires no installation — just run it), as mentioned in my PING article. Regards, Joe
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 280 total points
Comment Utility
As you seem to get a list of web server types, too, none of the tools suggested will help you IMHO. I've hardcoded the IP subnet 192.168.0.0 below. The script will go thru all 254 addresses. Also, your suggested output does not show the IP address, which makes the resulting file rather useless - I've added that part, too.
@echo off
setlocal EnableDelayedExpansion
set net=192.168.0
del c:\temp\websvrtype.txt 2>nul
for /L %%A in (1,1,254) do (
  set srv=%net%.%%A
  set type=
  for /F "tokens=1* delims=: " %%R in ('wget -S %net%.%%A  2^>^&1 ^| find "Server:"') do set type=%%S
  if "!type!" == "" (
    echo !srv!: not a web server 
  ) else (
    echo !srv!: !type!
  )
) >> c:\temp\websvrtype.txt

Open in new window

0
 

Author Comment

by:sunhux
Comment Utility
excellent, I'll test it out tomorrow
0
 

Author Comment

by:sunhux
Comment Utility
I just made one minor change so that it doesn't take very long when wget polls
IP addresses that are not in use or not responding :

('c:\wget\wget -S -t 1 --timeout=2 %net%.%%A  2^>^&1 ^| find "Server:"')

ie
-t 1 : number of tries is 1
--timeout=2 : timeout after 2 secs

& it worked marvelously without triggering IPS/IDS/firewall events in our Arcsight
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Good move to lessen the timeout and retries. Also, with this (non)speed it doesn't surprise me no IDS is complaining - it is just too slow to do so. Anyway, usually the target IDS is the one checking for attacks, not your local one.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Background Still having to process all these year-end "csv" files received from all these sources (including Government entities), sometimes we have the need to examine the contents due to data error, etc... As a "Unix" shop, our only readily …
This article will show, step by step, how to integrate R code into a R Sweave document
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now