#!/bin/bash

#
# $Id: gsw,v 1.4 2008/09/10 10:09:22 raptor Exp $
#
# gsw v0.2 - A very small Google Search Sweeper written in bash
# Copyright (c) 2006-2008 Marco Ivaldi <raptor@0xdeadbeef.info>
#
# GSW is a Google Search Sweeper, based on an interesting idea by Petr Kazil
# (http://www.securityfocus.com/archive/101/422607/30/0/threaded). Useful for 
# information gathering purposes during remote pen-tests. Needs wget and grep.
#
# TODO: optional reverse DNS, to search the hostnames too.
#
# Yeah, it should probably be written in some powerful programming language 
# like Perl or Python, with support for the Google API -- but this one is 
# simple, portable and has great performance, so i don't really care;) 
#
# See also: http://cse.msstate.edu/~rwm8/googlesweep/
#
# Usage example: ./gsw 192.168.0 1 254
#

# Some vars
log=gsw.log
wget=/usr/bin/wget

# Command line
network=$1
begin=$2
end=$3
count=0

# Local functions
function green() {
        echo -e "\033[01;32m$@\033[00m"  
}

function yellow() {
        echo -e "\033[01;33m$@\033[00m"
}

function red() {
        echo -e "\033[01;31m$@\033[00m"
}

function usage() {
	echo ""
	echo "GSW v0.2 - Simple Google Search Sweeper written in bash"
	echo "Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeef.info>"
	echo ""
	echo "usage  : ./gsw <network> <begin> <end>"
	echo "example: ./gsw 192.168.0 1 254"
	echo ""
	exit 1
}

# Input control
if [ -z "$3"  ]; then
	usage
fi

# Interactive logging
echo ""
echo "GSW v0.2 - Simple Google Search Sweeper written in bash"
echo "Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeef.info>"
echo ""
yellow "[x] Starting with: ${network}.${begin}"
echo ""

# Perform the google sweep
while :
do
	$wget -U "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008070206 Firefox/3.0.1" "http://www.google.com/search?hl=en&q=%22${network}.${begin}%22&btnG=Search" -q -O gsw-${network}.${begin}.html
	grep "No results found for" gsw-${network}.${begin}.html 1>/dev/null 2>/dev/null

	# Check grep return value
	if [ $? -eq 0 ]; then
		echo "${network}.${begin}"
	else
		green "${network}.${begin}"
		echo "${network}.${begin}" >> $log
		count=$(($count + 1))
	fi

	# Remove the temporary file
	rm -f gsw-${network}.${begin}.html

	# Go for the next address
        if [ $begin -eq $end ]; then
                break
        else
		begin=$(($begin + 1))
        fi

done

echo ""
yellow "[x] Finished with: ${network}.${end}"
red    "[x] Final results: information on ${count} host(s) found"
echo ""

exit 0
