/* PortScanner.java */

/*  January 23, 1999 */

/*

    Copyright (c) 1999 Mark D. LaDue
    You may study, use, modify, and distribute this example for any purpose.
    This example is provided WITHOUT WARRANTY either expressed or implied.

*/

/*

    Author: Dr. Mark D. LaDue
    Home Page: http://www.rstcorp.com/hostile-applets/index.html

*/


/*

    This simple class scans a host and looks for responses that characterize
    the admin servlets running on Sun's Java Web Server and IBM's WebSphere.
    Any admin servlets found can then be attacked with the CrackAdmin utility.

*/ 

import java.io.*;

import java.net.*;

public class PortScanner implements Runnable {

    String targetHost = "localhost";

    int targetPort = 80;

    public PortScanner(String host, int port) {

        targetHost = host;

        targetPort = port;

    }

    /* Scan the targetPort on the targetHost */

    public void run() {

        URL testurl = null;

        URLConnection testcon = null;

        String threadName = Thread.currentThread().getName();

        // Increment the global count of active Threads

        AdminScanner.activeStep(1);

        // Set up the URL for the target, and quit if it's a bad one

        try {

            testurl = new URL("http://" + targetHost + ":" + Integer.toString(targetPort) + "/servlet/admin");

        }

        catch (MalformedURLException murle) {

            AdminScanner.activeStep(-1);

            System.out.println("\n" + threadName + ": Improper URL formed from " + targetHost + " and " + targetPort);

            System.exit(-1);

        }

        try {

            // Hit the target

            testcon = testurl.openConnection();

            testcon.setDoInput(true);

            testcon.setUseCaches(false);

            InputStream is = testcon.getInputStream();

            BufferedReader br = new BufferedReader(new InputStreamReader(is));

            String response = br.readLine();

            br.close();

            // See if it screams - print a dot if it doesn't

            if (response != null) {

                if (response.startsWith("Version: JWS 1.1")) {

                    System.out.println("\n\n" + threadName + ": Java Web Server Admin Servlet found at " + testurl.toString() + "\n");

                }

                else if (response.startsWith("Version:")) {

                    System.out.println("\n\n" + threadName + ": IBM WebSphere Application Server Admin Servlet found at " + testurl.toString() + "\n");

                }

                else {

                    System.out.println("\n\n" + threadName + ": Got the following interesting response from " + testurl.toString() + "\n" + response + "\n");

                }

            }

            else {

                System.out.print(".");

            }

        }

        // Decrement the global count of active Threads when we're done

        catch (IOException ioe) {

            AdminScanner.activeStep(-1);

            System.out.print(".");

        }

        AdminScanner.activeStep(-1);

    }

}