#!/usr/bin/perl
# do not try to use ssl_opts with LWP::UserAgent to kill certificate warnings. You'll make this script not able to run on half the farm.
# Just update the certificate on eigid.endurance.com
use strict;
use lib '/usr/lib/perl5/vendor_perl/5.8.8/';
use Sys::Hostname;
use Net::Domain qw(hostdomain);
use JSON qw(encode_json);
use LWP::UserAgent;
use HTTP::Request;
use Data::Dumper;
$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;
my %data;
$data{'hostname'} = hostname();
$data{'hostdomain'} = hostdomain();
my %dispatch = (
'generic' => \&get_generic,
'cpanel' => \&get_generic,
'virtuozzo' => \&get_virtuozzo,
);
main();
sub main {
get_brand();
get_ips();
$dispatch{get_type()}->();
submit();
}
sub get_brand {
my %brands = (
'hostgator.com$' => 'hostgator',
'websitewelcome.com$' => 'hostgator',
'launchpad.com$' => 'hostgator',
'hostgator.com.br$' => 'hostgator_br',
'prodns.com.br$' => 'hostgator_br',
'accountservergroup.com$' => 'asmallorange',
'asmallorange.com$' => 'asmallorange',
'asoshared.com$' => 'asmallorange',
'apthost.com$' => 'asmallorange',
'arvixe.com$' => 'asmallorange',
'bluefur.com$' => 'asmallorange',
'cirtexhosting.com$' => 'asmallorange',
'cloudbyix.com$' => 'asmallorange',
'hostnine.com$' => 'asmallorange',
'hostv.com$' => 'asmallorange',
'ixwebhosting.com$' => 'asmallorange',
'myserverhosts.com$' => 'asmallorange',
'mysitehosted.com$' => 'asmallorange',
'seoboxes.com$' => 'asmallorange',
'seohosting.com$' => 'asmallorange',
'seohosting.com$' => 'asmallorange',
'site5.com$' => 'asmallorange',
'weblimitsiz.com$' => 'asmallorange',
'webserversystems.com$' => 'asmallorange',
'bluehost.com$' => 'bluehost',
'domainpro.com$' => 'bluehost',
'fastdomain.com$' => 'bluehost',
'hostmonster.com$' => 'bluehost',
'justhost.com$' => 'bluehost',
'supergreenhosting.com$' => 'bluehost',
'rhost(bh|jh).com$' => 'bluehost',
'unifiedlayer.com$' => 'bluehost',
'beta(bh|hm|fd|jh).com$' => 'bluehost',
'annulet.com$' => 'buydomains',
'azdomainz.com$' => 'buydomains',
'azprivatez.com$' => 'buydomains',
'buydomains.com$' => 'buydomains',
'adlauncher.io$' => 'constantcontact',
'constantcontact.com$' => 'constantcontact',
'smbinnoloft.com$' => 'constantcontact',
'singleplatform.com$' => 'constantcontact',
'anytimesites.com$' => 'directi',
'bigdomainshop.com$' => 'directi',
'bigrock.com$' => 'directi',
'bigrock.cn$' => 'directi',
'bigrock.in$' => 'directi',
'bigrock.com$' => 'directi',
'bluefractal.com$' => 'directi',
'br.bluehost.com$' => 'directi',
'cn.bluehost.com$' => 'directi',
'in.bluehost.com$' => 'directi',
'bluehost.mx$' => 'directi',
'ru.bluehost.com$' => 'directi',
'tr.bluehost.com$' => 'directi',
'publicdomainregistry.com$' => 'directi',
'commerceisland.com$' => 'directi',
'coolocean.com$' => 'directi',
'crispnames.com$' => 'directi',
'crystalcoal.com$' => 'directi',
'curiousnet.com$' => 'directi',
'desertdevil.com$' => 'directi',
'domainband.com$' => 'directi',
'domainmantra.com$' => 'directi',
'domainshype.com$' => 'directi',
'domdrill.com$' => 'directi',
'everreadynames.com$' => 'directi',
'extendnames.com$' => 'directi',
'extremelywild.com$' => 'directi',
'findgooddomains.com$' => 'directi',
'gamefornames.com$' => 'directi',
'gofullhouse.com$' => 'directi',
'africa.hostgator.com$' => 'directi',
'cn.hostgator.com$' => 'directi',
'hostgator.in$' => 'directi',
'my.hostgator.com$' => 'directi',
'hostgator.mx$' => 'directi',
'ru.hostgator.com$' => 'directi',
'hostgator.sg$' => 'directi',
'hostgator.com.tr$' => 'directi',
'hotdomaintrade.com$' => 'directi',
'instinctsolutions.com$' => 'directi',
'jumboname.com$' => 'directi',
'keyregistrar.com$' => 'directi',
'logicboxes.com$' => 'directi',
'logicboxes.com$' => 'directi',
'magicfriday.com$' => 'directi',
'mightybay.net$' => 'directi',
'nameperfections.com$' => 'directi',
'nametofame.com$' => 'directi',
'namware.com$' => 'directi',
'needservers.com$' => 'directi',
'netjuggler.com$' => 'directi',
'networksavior.com$' => 'directi',
'publicdomainregistry.com$' => 'directi',
'platinumregistrar.com$' => 'directi',
'powercarrier.com$' => 'directi',
'powernamers.com$' => 'directi',
'publicdomainregistry.com$' => 'directi',
'rankusa.com$' => 'directi',
'cn.resellerclub.com$' => 'directi',
'resellerclub.com$' => 'directi',
'india.resellerclub.com$' => 'directi',
'id.resellerclub.com$' => 'directi',
'russia.resellerclub.com$' => 'directi',
'es.resellerclub.com$' => 'directi',
'tr.resellerclub.com$' => 'directi',
'uk.resellerclub.com$' => 'directi',
'resellersrs.com$' => 'directi',
'br.resellerclub.com$' => 'directi',
'speedhost.in$' => 'directi',
'supernameworld.com$' => 'directi',
'techtyrants.com$' => 'directi',
'theregistrarservice.com$' => 'directi',
'TitanicHosting.com$' => 'directi',
'tradestarter.com$' => 'directi',
'ultraregistrar.com$' => 'directi',
'unifiedservers.com$' => 'directi',
'unpower.com$' => 'directi',
'vertexnames.com$' => 'directi',
'visualmonster.com$' => 'directi',
'webhosting.info$' => 'directi',
'yellowstart.com$' => 'directi',
'yourdomainking.com$' => 'directi',
'zonecasting.com$' => 'directi',
'000domains.com$' => 'directi',
'directdomains.com$' => 'directi',
'domainbank.com$' => 'directi',
'domain.com$' => 'directi',
'dominio.com$' => 'directi',
'dotster.com$' => 'directi',
'enameco.com$' => 'directi',
'fortunecity.com$' => 'directi',
'hostlane.com$' => 'directi',
'namezero.com$' => 'directi',
'namesdirect.com$' => 'directi',
'vip.domain.com$' => 'directi',
'appmachine.com$' => 'eig',
'tapp.com$' => 'eig',
'emailbrain.com$' => 'eig',
'endurance.com$' => 'eig',
'impress.ly$' => 'eig',
'seogears.com$' => 'eig',
'textagrams.com$' => 'eig',
're.vu$' => 'eig',
'theinstantsurvey.com$' => 'eig',
'backupgenie.com$' => 'jdi',
'jdibackup.com$' => 'jdi',
'justcloud.com$' => 'jdi',
'mypcbackup.com$' => 'jdi',
'shieldsafe.com$' => 'jdi',
'turboyourpc.com$' => 'jdi',
'yesbackup.com$' => 'jdi',
'zipcloud.com$' => 'jdi',
'siteblog.com$' => 'jdi',
'sitebuilder.com$' => 'jdi',
'sitelio.com$' => 'jdi',
'sitey.com$' => 'jdi',
'templatesites.com$' => 'jdi',
'websitetailor.com$' => 'jdi',
'websitebuilder.com$' => 'jdi',
'webzai.com$' => 'jdi',
'cloudhosted.com$' => 'jdi',
'digitalcloud.com$' => 'jdi',
'ehost.com$' => 'jdi',
'hostclear.com$' => 'jdi',
'hostfinity.com$' => 'jdi',
'ideahost.com$' => 'jdi',
'cvexpert.com$' => 'jdi',
'speedyresume.com$' => 'jdi',
'standoutresume.com$' => 'jdi',
'mysocialsuite.com$' => 'jdi',
'social-booster.com$' => 'jdi',
'uplift.social$' => 'jdi',
'fortifi.co$' => 'jdi',
'incognitovpn.com$' => 'jdi',
'pseud.io$' => 'jdi',
'saferweb.com$' => 'jdi',
'supervpn.io$' => 'jdi',
'totalvpn.com$' => 'jdi',
'123domainrenewals.com$' => 'vdeck',
'1800-website.com$' => 'vdeck',
'1st-for-domain-names.com$' => 'vdeck',
'24x7domains.com$' => 'vdeck',
'995discountdomains.com$' => 'vdeck',
'addresscreation.com$' => 'vdeck',
'addressontheweb.com$' => 'vdeck',
'allaccessdomains.com$' => 'vdeck',
'alldomains.com$' => 'vdeck',
'apollohosting.com$' => 'vdeck',
'austriadomains.com$' => 'vdeck',
'austriandomains.com$' => 'vdeck',
'bidfordomainnames.com$' => 'vdeck',
'bizland.com$' => 'vdeck',
'blueboxinternet.com$' => 'vdeck',
'bluedomino.com$' => 'vdeck',
'CapitalDomains.org$' => 'vdeck',
'chinesedomain.cn$' => 'vdeck',
'chocolatecovereddomains.com$' => 'vdeck',
'claimeddomains.com$' => 'vdeck',
'click2site.com$' => 'vdeck',
'cocosislandsdomains.cc$' => 'vdeck',
'ColumbiaDomains.net$' => 'vdeck',
'DecentDomains.net$' => 'vdeck',
'department-of-domains.com$' => 'vdeck',
'deutchdomains.de$' => 'vdeck',
'diggitydot.com$' => 'vdeck',
'discountdomainservices.com$' => 'vdeck',
'Domain-A-Go-Go.com$' => 'vdeck',
'domain.com$' => 'vdeck',
'domainadministration.com$' => 'vdeck',
'domainbulkregistration.com$' => 'vdeck',
'domainbusinessnames.com$' => 'vdeck',
'domaincamping.com$' => 'vdeck',
'personalnames.com$' => 'vdeck',
'domainhost.com$' => 'vdeck',
'domainhostingweb.us$' => 'vdeck',
'domaininternetname.com$' => 'vdeck',
'domainnamebidder.com$' => 'vdeck',
'domainnamelookup.us$' => 'vdeck',
'dot5hosting.com$' => 'vdeck',
'easycgi.com$' => 'vdeck',
'vdeck.ehost.com$' => 'vdeck',
'enameco.com$' => 'vdeck',
'entryhost.com$' => 'vdeck',
'fatcow.com$' => 'vdeck',
'freeyellow.com$' => 'vdeck',
'globat.com$' => 'vdeck',
'homestead.com$' => 'vdeck',
'hostcentric.com$' => 'vdeck',
'hostlane.com$' => 'vdeck',
'hypermart.com$' => 'vdeck',
'imoutdoorshosting.com$' => 'vdeck',
'ipage.com$' => 'vdeck',
'ipower.com$' => 'vdeck',
'namezero.com$' => 'vdeck',
'cadomains.com$' => 'vdeck',
'netfirms.com$' => 'vdeck',
'networkshosting.com$' => 'vdeck',
'niuedomains.nu$' => 'vdeck',
'powweb.com$' => 'vdeck',
'privacypost.com$' => 'vdeck',
'purehost.com$' => 'vdeck',
'readyhosting.com$' => 'vdeck',
'registernames.com$' => 'vdeck',
'samoandomains.com$' => 'vdeck',
'spry.com$' => 'vdeck',
'startlogic.com$' => 'vdeck',
'tuvaludomains.tv$' => 'vdeck',
'unitedkingdomdomains.com$' => 'vdeck',
'newdentity.com$' => 'vdeck',
'usanethosting.com$' => 'vdeck',
'vdeck.com$' => 'vdeck',
'verio.com$' => 'vdeck',
'virtualave.com$' => 'vdeck',
'vpslink.com$' => 'vdeck',
'webhost4life.com$' => 'vdeck',
'webifybiz.com$' => 'vdeck',
'xeran.com$' => 'vdeck'
);
foreach my $regex ( keys %brands ) {
if ( $data{'hostdomain'} =~ /^$regex$/i ) {
$data{'brand'} = $brands{$regex};
last;
}
}
$data{'brand'} = 'Unknown' unless defined($data{'brand'});
return(1);
}
sub get_ips {
open(my $f, '-|', '/sbin/ip addr');
while(<$f>) {
if ( /^\s+inet\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\// ) {
next if is_rfc1918($1);
$data{'primaryip'} = $1 unless defined($data{'primaryip'});
$data{'ips'}->{$1} = [];
}
}
close($f);
# container IP's aren't bound to the server so we need to grab them from the vz db.
# If they aren't in our hash then we wont be able to match domains off of them.
if ( -f '/usr/sbin/vzlist' ) {
open(my $f, '-|', '/usr/sbin/vzlist -a -H -o ip');
while(<$f>) {
foreach my $ip ( split(/\s+/, $_) ) {
next if is_rfc1918($ip);
$data{'ips'}->{$ip} = [];
}
}
close($f);
}
return(1);
}
sub get_type {
my %types = (
'/var/cpanel' => 'cpanel',
'/usr/sbin/vzctl' => 'virtuozzo',
);
foreach my $file ( keys %types ) {
if (( -f $file ) || ( -d $file )) {
return($types{$file});
}
}
return('generic');
}
sub get_generic {
my $named_dir = get_named_dir('/etc/named.conf');
opendir(my $d, $named_dir);
foreach my $file ( map { $named_dir . '/' . $_ } grep { ! /^\.(\.)?$/ } readdir($d) ) {
next unless $file =~ /\.db$/;
read_zone($file);
}
closedir($d);
return(1);
}
sub get_virtuozzo {
open(my $f, '-|', '/usr/sbin/vzlist -a -H');
while(<$f>) {
my ( undef, $ctid ) = split(/\s+/, $_);
next unless $ctid =~ /^[0-9]+$/;
my $partition;
open(my $fh, '<', '/etc/vz/conf/' . $ctid . '.conf');
while(<$fh>) {
my ( $key, $value ) = split('=', $_);
next unless $key eq 'VE_PRIVATE';
$value =~ s/(\"|\')//g;
( undef, $partition ) = split('/', $value);
last unless $partition =~ /^vz([0-9]+)?$/;
}
close($fh);
my $named_dir = get_named_dir("/$partition/private/$ctid/fs/root/etc/named.conf");
# this is to get around plesk having a chrooted named dir.
if (( ! $named_dir ) && ( -d "/$partition/private/$ctid/fs/root/etc/psa" )) {
$named_dir = '/var/named/run-root/var/';
}
next unless $named_dir;
opendir(my $d, "/$partition/private/$ctid/fs/root/$named_dir");
foreach my $file ( map { "/$partition/private/$ctid/fs/root/$named_dir" . '/' . $_ } grep { ! /^\.(\.)?$/ } readdir($d) ) {
read_zone($file);
}
closedir($d);
}
close($f);
return(1);
}
sub submit {
my $json = encode_json(\%data);
my $auth = 'U0euhTxP1kc2BMRtN6IPG3aakhcfp8sMqwQ4Kcwk09VyngQPcK36jjMgGOOrg4rQTrwp1DREzs1DA66a4zd2R3V8G9uPfify4nR2lbUeebOIxd7v9y0u22vwlI4KLGRF';
my $url = 'https://eigid.endurance.com/eigid.php';
my $ua = LWP::UserAgent->new();
my $req = HTTP::Request->new( POST => $url );
$req->header('Content-Type' => 'application/json');
$req->header('X-Auth-Token' => $auth);
$req->content($json);
my $response = $ua->request($req);
unless ( $response->is_success ) {
print '[!] Unable to post data to eigid:', $response->code, $response->message, "\n";
exit();
}
}
sub is_rfc1918 {
my $ip = shift;
my @private_subnets = (
'^127\.',
'^10\.',
'^172\.1[6-9]\.',
'^172\.2[0-9]\.',
'^172\.3[0-1]\.',
'^192\.168\.',
);
foreach my $regex ( @private_subnets ) {
if ( $ip =~ /$regex/ ) {
return(1);
}
}
return(0);
}
sub get_named_dir {
my $file = shift;
my $dir;
open(my $fh, '<', $file);
while(<$fh>) {
if ( /^\s+?directory\s+(\'|\")([a-z0-9\/]+)(\'|\")/ ) {
$dir = $2;
last;
}
}
close($fh);
return($dir);
}
sub read_zone {
my $file = shift;
open(my $f, '<', $file);
while(<$f>) {
my ( $one, $two, $three, $four, $five ) = split(/\s+/);
my ( $domain, $type, $record );
# if a TTL is there
if ( $two =~ /^[0-9]+$/ ) {
( $domain, $type, $record ) = ( $one, $four, $five );
} else {
( $domain, $type, $record ) = ( $one, $three, $four );
}
next unless $type =~ /^a$/i;
next unless $domain =~ /\.$/;
next unless $data{'ips'}->{$record};
$domain =~ s/\.$//g;
push(@{$data{'ips'}->{$record}}, $domain);
}
close($f);
}
__END__