#!/bin/bash
# A Simple IIS network scanner
# ./iisscan.sh 10.*.54.3-23 output
# http://code-reference.com
# thanks to Ge0rG
clear
if [ $# -ne 2 ]
    then
	echo "$0 [ip room] [outputfile]" >&2
	exit 0
	else
	    echo "Written by cd ;) "
	    echo "scan started against to $1 on port 80"
	    echo "ScR1Ptk1dDi3 Pr0t3c7 Sy5t3m v 1.o";exit 1
  
	nmap $1 -p 80 -sS -oG ~/$1.out | grep open | cut '-d ' -f 2 
	cat ~/$1.out | grep open | cut '-d ' -f 2 > $2
	fi
rm ~/$1.out
sum=0
g=`cat $2 | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
	echo "no matches !!!"
	rm $2
	exit 1
    fi

echo "Please wait testing server versions"
    while read host ;
	do 
	    netcat -w 5 $host 80 < test.cmd | grep "^Server: " | sed "s/^Server:/$host/" | grep "IIS" >>hosts.$1.tmp
	done < $2
sum=0
g=`cat hosts.$1.tmp | wc -c`
sum=`expr $sum + $g`
if [ $sum = 0 ]
    then 
	echo "no matches !!! of IIS Server"
	rm hosts.$1.tmp
	exit 1
    fi
rm $2
cat hosts.$1.tmp | cut '-d ' -f 1 > $2
rm hosts.$1.tmp
echo "Thanks for use ... "