#!/usr/bin/perl
#
# ws.pl
# Web Server Discovery Tool.  Boris Loza, 2002

#  Discover Web Servers.
#  Hostname can be specified by an IP address or a DNS name.
#
#  Options: -v	:verbose
#  	    -p  :specify a port (default 80)
#  	    -C  :scan class-C subnet
#
#  Examples: ws.pl -v 192.168.10.3
#            ws.pl example.com
#            ws.pl -p 8000 example.com
#            ws.pl -C 192.168.0
#            ws.pl -p 8000 -C 192.168.0
#
# use HTTP::Response	                            #Encapsulate HTTP responses
# use LWP::UserAgent                                #Dispatch WWW requests
# $ua = new LWP::UserAgent                          #User agent object is created
# $ua->agent('Mozilla/5.0')                         #Using Mozilla/5.0 as agent's name
# $req = new HTTP::Request(GET,"http://$ARGV[0]")   #Encapsulate a request using GET method
# $headers = $ua->request($req)->headers_as_string  #Read response from the web server


use HTTP::Response;
use LWP::UserAgent;
use Getopt::Std;

$usage = "Use:\tws.pl [-v] [-p port] hostname\n\tws.pl [-p port] -C IPaddress\n";

getopts ("C:hp:v") || die $usage;

print $usage if $opt_h;

my $port = 80;	# Default port to scan

if ($opt_p) {
	$port = $opt_p;
}

my $host = $ARGV[0];

# Create Request Headers

my $req = new HTTP::Request(GET, "http://$host:$port");
my $response = $ua->request($req);

# Use verbose mode.  For single host only!
if ($opt_v) {
	print $response->headers_as_string;
	exit;
}

# Scan Class-C Network
$count = 1;

if ($opt_C) {
	(my $subnet, my $node) = ($opt_C =~ /(\d+\.\d+\.\d+)\.(\d+)/);

	if ($node) {
		print $usage;
		exit;
	}

	while ($count <= 254) {
		my $host = "$opt_C.$count";

		# Skip unreachable hosts for speed (for Windows users only)
		# Comment out for UNIX!
		if (`ping $host` =~ m/(timed out)/) {
			$count++;
			next;
		}

		my $ua = new LWP::UserAgent;
		$ua->agent('Foo');
		my $req = new HTTP::Request(GET, "http://$host:$port");
		my $response = $ua->request($req);

		if ($response->header('Server')) {
			print $host, "\t", $response->header('Server'), "\n";
		}
		elsif ($response->header('Proxy-Agent')) {
			print $host, "\t", $response->header('Proxy-Agent'), "\n";
		}
		elsif ($response->header('Title')) {
			print $host, "\t", $response->header('Title'), "\n";
		}
		elsif ($response->header('Client-Peer')) {
			print $host, "\t", "Web Server not found, but port $port is open.\n";
		}

		$count++;
	}
  exit;
}

if ($response->header('Server')) {
	print $ARGV[0], "\t", $response-header('Server');
}
elsif ($response->header('Proxy-Agent')) {
	print $ARGV[0], "\t", $response-header('Proxy-Agent');
}
elsif ($response->header('Title')) {
	print $ARGV[0], "\t", $response-header('Title');
}
elsif ($response->header('Client-Peer')) {
	print $ARGV[0], "\t", "Web Server not found, but port $port is open.\n";
}