# nbtscan
# (c) Alla Bezroutchko 1998
# You can copy, modify or do whatever you like with it.
# Usage: nbtscan xxx.xxx.xxx.xxx-yyy
# Scans the scope (xxx.xxx.xxx.xxx-yyy) for responding
# addresses. Tries nbtstat on each responded address.
# Gets NetBIOS name, messenger service name (usually
# the name of the logged in user), and MAC address.
# For hosts not responding to nbtstat tries arp to
# get MAC address.
# Example: nbtscan.pl 194.186.12.15-243 
# Will list something like:
# IP-address        NetBIOS name       User name         MAC-address
# ---------------   ----------------   ---------------   ------------------
# 194.186.12.15	    MY_COMPUTER	       JSMITH            00-AA-00-AB-CD-EF
# 194.186.12.16     NT_SERVER*	       ADMINISTRATOR     00-00-80-12-34-56
# ....
# 194.186.12.243    <unknown>          <unknown>         00-C0-4f-78-90-00
# 
# * Star means that this computer may be sharing files or printers 

# Parse command line
$_=$ARGV[0];
/(\d{1,3}\.\d{1,3}\.\d{1,3}\.)(\d{1,3})-(\d{1,3}$)/ || 
die "$ARGV[0] doesn't look like IP-address scope. \n Usage: nbtscan xxx.xxx.xxx.xxx-yyy.";

($netaddr, $start_ip, $end_ip)=($1,  $2, $3);

#Start scanning the scope
for($i = $start_ip;  $i <= $end_ip;  $i++)
	{
	$cur_addr=$netaddr.$i;
	if (`ping -n 1 $cur_addr`=~/.*^Reply.*/) # If address replies
		{
			$_ = `nbtstat -A $cur_addr`; # Try nbtstat on it
			if (/Host not found./)	     # Isn't netbios host	
				{
				$arp = `arp -a $cur_addr`; # try arp
				if ($arp=~/No ARP Entries Found/) # failed
					{
					$mac_addr = "<unknown>";
					}
				else
					{
					$arp =~ /.*$cur_addr\s+(.*)\s+dynamic/;
					$mac_addr = $1;			#got MAC address by ARP
					}
				$name = "<unknown>";
				$username="<unknown>";
				}
			else #parse results of nbtstat
				{
			 	/.*^(.*)\s<00>/;  #NetBIOS code for computer name 
				$name=$1;	# got computer's NetBIOS name
				if (/.*^(.*)\s<20>/)  #NetBIOS code for server service
					{$name=$name.'*'};
				@nb = split(/\n/); # split nbtstat output into separate lines
				$j=@nb;
				until($nb[$j--]=~/<03>/) {};	# find last line with <03> code
					# <03> - messenger service
				if ($nb[$j+1]=~/(.*)\s<03>/) {$username=$1;} #this should be user name
				else {$username="<unknown>";};
				/MAC Address = (.*)/; # get MAC address
				$mac_addr=$1;
				
				};
			write ;
			#print " $cur_addr\t$name\t$username\t$mac_addr \n"; # print the result
		};
	}

#output formats

format STDOUT_TOP =
Page @<<
$%

IP-address        NetBIOS name       User name         MAC-address
---------------   ----------------   ---------------   ------------------
.

format STDOUT =
@<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<
$cur_addr, $name, $username, $mac_addr
.