Hacker For Hire » Script » using perl to grab IP addresses of multiple hostnames

using perl to grab IP addresses of multiple hostnames

By | |

Recently while conducting a vulnerability assessment for a rather large customer I was given a list of hostnames from around 20 domains culminating in a list of over 5000 targets that needed to go through the motions. Due to scale of the testing I needed to run the scans from several cloud nodes simultaneously to speed up the scanning. The other thing I needed to do was to extract all the IP addresses from the hostnames so as not to scan boxes multiple times when performing Port Scans for instance.

I had been playing with Perl for literally a couple of hours and decided to give writing my first Perl script a go in order to grab all the IP addresses from the list of hosts which I could then Unique and Sort to get the final list of target IP’s. I initially played with the idea of running ping commands or nslookups and then regex’ing the IP’s from there but I discovered a fantastic method called “gethostbyname” in Perl.

After some trial and error I ended up with this little gem that literally shaved days off this vulnerability assessment (5000+ hostnames ended up being less than 1000 IP addresses).

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/usr/bin/perl
use Socket;
# Print usage when no hosts file is specified
if ($ARGV[0] eq '') {
  print "n Usage: ".$0." <hosts_file>nn";
  print " e.g: ".$0." hosts.txtnn";
}
# Open file containing list of Hostnames
open(FILE, $ARGV[0]);
@hosts = ;
close(FILE);
# For each hostname, fetch the IP address
foreach $hostname (@hosts) {
   chomp($hostname);
   if($hostname) {
      $ip = gethostbyname($hostname);
      if($ip) {
        printf "%sn" , $hostname.":".inet_ntoa($ip);
        undef $ip;
      } else {
        # Print 0.0.0.0 for unresolved Hostnames
        printf "%sn" , $hostname.":0.0.0.0";
        undef $ip;
      }
   }
}

It works by taking each hostname and running the “gethostbyname” method on it to print out the original hostname and IP address separated by a “:” for easy regex or to use delimited import in Excel. Feel free to change the delimiter if you so wish. The other function I added was to set an IP address of “0.0.0.0” whenever a hostname could not be resolved.

Here’s what it looks like in action.

If you want to import the output into another program you can just append “ > output.csv

Hope you found this useful.

>>norsec0de

 

References:
http://www.tutorialspoint.com/perl/perl_gethostbyname.htm
http://www.tutorialspoint.com/perl/perl_printf.htm
http://www.cs.cmu.edu/afs/cs/usr/rgs/mosaic/pl-predef.html
http://perldoc.perl.org/Socket.html#%24string-%3d-inet_ntoa-%24ip_address
URLs (List of blogs I read)

Bookmark the permalink.

Leave a Reply