I am trying to write a script that will connect to an IRC channel and check
if the server is a botnet c&c server. I have found several templates for
connecting to irc, but they all rely on the MOTD to confirm connectivity.
The problem is often botnets do not set up commands such as MOTD and LUSERS.
I would like to connect to the suspected ip and then issue a few commands
such as LUSER, LIST, WHO, STATS and MOTD, then exit. I am having trouble
finding a reference that discusses how to do this. Most of what I have seen
is for legite IRC, which has the script connect, join a channel and then do
a trival task. Can someone help me modify or point me to a good example of
how to accomplish this?
Here is my IRC subroutine that allows me to connect and then does nothing:
sub irc {
# create the IRC object
my $irc = new Net::IRC;
print (" Creating connection to IRC server...");
my $conn = $irc->newconn(Server => "$ip",
Port => $port,
Nick => "jsxpiid",
Ircname => "habvhgdjba",
Username => "hvbcsrcx")
or die ("Can't connect to IRC server.");
print ("Connected\n");
# action to take once connected
sub on_connect {
my $self = shift;
print "*** Connected to IRC.\n";
}
# print any output data while connected
sub on_init {
my ($self, $event) = @_;
my (@args) = ($event->args);
shift (@args);
print "*** @args\n";
}
# handle what happens when receiving public (channel) text.
sub on_public {
my ($self, $event) = @_;
my @to = $event->to;
my ($nick, $mynick) = ($event->nick, $self->nick); # Sender
text,
+Bot nick
my $host=$event->host; # Sender's hostname
my ($arg) = ($event->args); # The message
# parse the channel text
print "<$nick> $arg\n";
}
# handles what happens when receiving private message text
sub on_msg {
my ($self, $event) = @_;
my ($nick) = $event->nick; # Message Sender
my ($arg) = ($event->args); # Message Text
my $host=$event->host;
# Here's where we want to "parse" message text
print " - $nick - $arg\n";
}
# use if nick is taken, setting it to an alternate nick.
sub on_nick_taken {
my ($self) = shift;
$self->nick("fxcvbynru");
}
# install handler subs
print (" Installing local handlers...");
$conn->add_handler('public', \&on_public);
$conn->add_handler('msg', \&on_msg);
print ("Completed\n");
print (" Installing global handlers...");
$conn->add_global_handler([ 251,252,253,254,302,255 ], \&on_init);
$conn->add_global_handler(376, \&on_connect);
$conn->add_global_handler(433, \&on_nick_taken);
print ("Completed\n");
# start irc connection
$irc->start;
}
# end irc subroutine
