/*
 * l2h.c - scan-logfile ip address resolver
 * (c) 2000 by Mixter <mixter@newyorkoffice.com>, 2XS Security Ltd.
 * and Buffer0verfl0w Security (http://b0f.freebsd.lublin.pl)
 *
 * This tool takes as input a scan logfile (from standard input) that
 * consists of entries in the format "<ipaddress> <version banner>" and
 * produces an identic list (stdout) with resolved hostnames. Sample usage:
 * $ webscan lameips.txt
 * $ head -1 cgi.log
 * 127.0.0.1 /cgi-bin/phf
 * $ l2h < cgi.log > cgi.res
 * $ head -1 cgi.log
 * localhost /cgi-bin/phf
 *
 * Disclaimer: Ok it's not a mega big security application, I just wrote
 * it cause I needed it. Stop complaining, better releases being published soon.
 */

#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <arpa/inet.h>

int isip(char *);

int 
main()
{
  struct hostent *he;
  struct in_addr addr;
  char buf[512], *a, *b;

  fprintf(stderr, "Resolving hostnames from log entries, reading from stdin. Please be patient");

  while (fgets(buf, 512, stdin) != NULL)
    {
      a = strtok(buf, " ");
      if (!a || !isip(a))
	{
	  memset(buf, 0, 512);
	  continue;
	}
      b = a + strlen(a) + 1;
      addr.s_addr = inet_addr(a);
      if ((he = gethostbyaddr((const char *) &addr, sizeof(addr), AF_INET)) == NULL)
	printf("%s %s\n", a, b);
      else
	fprintf(stdout, "%s %s\n", he->h_name, b);
      memset(buf, 0, 512);
      fprintf(stderr, ".");
      fflush(stdout);
    }
 return 0;
}

int
isip(char *ip)
{
  int a, b, c, d;

  if (!sscanf(ip, "%d.%d.%d.%d", &a, &b, &c, &d))
    return 0;
  if (a < 1)
    return 0;
  if (a > 255)
    return 0;
  if (b < 0)
    return 0;
  if (b > 255)
    return 0;
  if (c < 0)
    return 0;
  if (c > 255)
    return 0;
  if (d < 0)
    return 0;
  if (d > 255)
    return 0;
  return 1;
}