#!/bin/bash
# lbd (load balancing detector) detects if a given domain uses
# DNS and/or HTTP Load-Balancing (via Server: and Date: header and diffs between server answers)
# Copyright (C) 2010-2014 Stefan Behte
# 
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
# 
# License: GNU General Public License, version 2
# http://www.gnu.org/licenses/gpl-2.0.html
#
# Contact me, if you have any new ideas, bugs/bugfixes, recommondations or questions!
# Please also contact me, if you just like the tool. :)
#  
# craig at haquarter dot de
#
# 0.1:	- initial release
# 0.2:	- fix license for fedora 
#	- fix indenting
# 0.3:	- fix bug if dns server returns same IP multiple times
#         (fix by bit bori, thanks!)
#	- fix bug if there is no date header
#	  (fix by Paul Rib, thanks!)
# 0.4:	- support HTTPs, support different ports
#	  (thanks Bharadwaj Machiraju)

QUERIES=50
DOMAIN=$1
PORT=${2-80} # Use default port 80, if not given
if [ "$3" = "https" ]
then
	HTTPS=true
else
	HTTPS=false
fi
METHODS=""

echo 
echo "lbd - load balancing detector 0.4 - Checks if a given domain uses load-balancing."
echo "                                    Written by Stefan Behte (http://ge.mine.nu)"
echo "                                    Proof-of-concept! Might give false positives."

if [ "$1" = "" ]
then
	echo "usage: $0 domain [port] {https}"
	echo
	exit -1
fi

echo -e -n "\nChecking for DNS-Loadbalancing:"
NR=`host $DOMAIN | grep "has add" | uniq | wc -l`

if [ $NR -gt 1 ]
then
	METHODS="DNS"
	echo " FOUND"
	host $DOMAIN | grep "has add" | uniq
	echo
else
	echo " NOT FOUND"
fi

echo -e "Checking for HTTP-Loadbalancing [Server]: "
for ((i=0 ; i< $QUERIES ; i++))
do
	if [ $HTTPS = true ]
	then
		printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet > .nlog 2> /dev/null
	else
		printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT > .nlog 2>/dev/null
	fi

	S=`grep -i "Server:" .nlog | awk -F: '{print $2}'`

	if ! grep "`echo ${S}| cut -b2-`" .log &>/dev/null
	then
		echo "${S}"
	fi
	cat .nlog >> .log
done

NR=`sort .log | uniq | grep -c "Server:"`

if [ $NR -gt 1 ]
then
	echo " FOUND"
	METHODS="$METHODS HTTP[Server]"
else
	echo " NOT FOUND"
fi
echo
rm .nlog .log


echo -e -n "Checking for HTTP-Loadbalancing [Date]: "
D4=

for ((i=0 ; i<$QUERIES ; i++))
do
	if [ $HTTPS = true ]
	then
		D=`printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet 2> /dev/null | grep "Date:" | awk '{print $6}'`
	else
		D=`printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT 2>/dev/null | grep "Date:" | awk '{print $6}'`
	fi
	printf "$D, "

        if [  "$D" == "" ]
	then
		echo "No date header found, skipping."
		break
	fi
	
	Df=$(echo " $D" | sed -e 's/:0/:/g' -e 's/ 0/ /g')
	D1=$(echo ${Df} | awk -F: '{print $1}')
	D2=$(echo ${Df} | awk -F: '{print $2}')
	D3=$(echo ${Df} | awk -F: '{print $3}')

	if [ "$D4" = "" ];  then   D4=0;  fi
	
	if [ $[ $D1 * 3600 + $D2 * 60 + $D3 ] -lt $D4 ]
	then
		echo "FOUND"
		METHODS="$METHODS HTTP[Date]"
		break;
	fi
	
	D4="$[ $D1 * 3600 + $D2 * 60 + $D3 ]"

	if [ $i -eq $[$QUERIES - 1] ]
	then
		echo "NOT FOUND" 
	fi
done

echo -e -n "\nChecking for HTTP-Loadbalancing [Diff]: "
for ((i=0 ; i<$QUERIES ; i++))
do
	if [ $HTTPS = true ]
	then
		printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | openssl s_client -host $DOMAIN -port $PORT -quiet 2> /dev/null | grep -v -e "Date:" -e "Set-Cookie" > .nlog
	else
		printf "HEAD / HTTP/1.1\r\nhost: $DOMAIN\r\nConnection: close\r\n\r\n" | nc $DOMAIN $PORT 2>/dev/null | grep -v -e "Date:" -e "Set-Cookie" > .nlog
	fi
	
	if ! cmp .log .nlog &>/dev/null && [ -e .log ]
	then
		echo "FOUND"
		diff .log .nlog | grep -e ">" -e "<"
		METHODS="$METHODS HTTP[Diff]"
		break;
	fi
	
	cp .nlog .log
	
	if [ $i -eq $[$QUERIES - 1] ]
	then
		echo "NOT FOUND" 
	fi
done

rm .nlog .log


if [ "$METHODS" != "" ]
then
	echo
	echo $DOMAIN does Load-balancing. Found via Methods: $METHODS
	echo
else
	echo
	echo $DOMAIN does NOT use Load-balancing.
	echo
fi