FBI, CIA, NASA Spy Alerter

[SyntaXmasteR]

Has the FBI, CIA, or NASA been visiting your website? Well now you can easily find out with the software I created. You will need the following programs installed to use the software:

1. PHP
2. MySQL

I will divide this tutorial up into sections in order to simplify the process. I will also give a detailed explanation for every step. The sections will include the following:

1. Text File
2. PHP File
3. Website Include File

TEXT FILE
This is a list of agencies that could be browsing through your website. This list is a just a starter list to give an example of how the software works. I ran across this while reading a few articles on phrack.org. You can create your own list with new IP ranges and new agencies. It would be awesome if we can keep this thread alive by updating the list often for other visitors to use.

Directions:
1. Copy the following list and paste it in a text editor
2. Save the file as agency_list.txt

Rules:
1. Agency name cannot contain a hyphen because the PHP script uses the hyphens to explode the data into arrays.

Current Agencies (Src: Phrack.org)

agency_list.txt

Code:

11.0.0.0 - 11.255.255.255 - 	DoD Network Information Center
144.233.0.0 - 144.233.255.255 - Defense Intelligence Agency
144.234.0.0 - 144.234.255.255 - Defense Intelligence Agency
144.236.0.0 - 144.236.255.255 - Defense Intelligence Agency
144.237.0.0 - 144.237.255.255 - Defense Intelligence Agency
144.238.0.0 - 144.238.255.255 - Defense Intelligence Agency
144.239.0.0 - 144.239.255.255 - Defense Intelligence Agency
144.240.0.0 - 144.240.255.255 - Defense Intelligence Agency
144.241.0.0 - 144.241.255.255 - Defense Intelligence Agency
144.242.0.0 - 144.242.255.255 - Defense Intelligence Agency
162.45.0.0 - 162.45.255.255 - 	Central Intelligence Agency
162.46.0.0 - 162.46.255.255 - 	Central Intelligence Agency
130.16.0.0 - 130.16.255.255 - 	The Pentagon
134.11.0.0 - 134.11.255.255 - 	The Pentagon
134.152.0.0 - 134.152.255.255 - The Pentagon
134.205.0.0 - 134.205.255.255 - The Pentagon
140.185.0.0 - 140.185.255.255 - The Pentagon
141.116.0.0 - 141.116.255.255 - Army Information Systems Command Pentagon
6.0.0.0 - 6.255.255.255 - DoD 	Network Information Center
128.20.0.0 - 128.20.255.255 - 	U.S. Army Research Laboratory
128.63.0.0 - 128.63.255.255 - 	U.S. Army Research Laboratory
129.229.0.0 - 129.229.255.255 - United States Army Corps of Engineers
131.218.0.0 - 131.218.255.255 - U.S. Army Research Laboratory
134.194.0.0 - 134.194.255.255 - DoD Network Information Center
134.232.0.0 - 134.232.255.255 - DoD Network Information Center
137.128.0.0 - 137.128.255.255 - U.S. ARMY Tank Automotive Command
144.252.0.0 - 144.252.255.255 - DoD Network Information Center
155.8.0.0 - 155.8.255.255 - 	DoD Network Information Center
158.3.0.0 - 158.3.255.255 - 	Headquarters, USAAISC
158.12.0.0 - 158.12.255.255 - 	U.S. Army Research Laboratory
164.225.0.0 - 164.225.255.255 - DoD Network Information Center
140.173.0.0 - 140.173.255.255 - DARPA ISTO
158.63.0.0 - 158.63.255.255 - 	Defense Advanced Research Projects Agency
145.237.0.0 - 145.237.255.255 - POLFIN ( Ministry of Finance Poland)
163.13.0.0 - 163.32.255.255 - 	Ministry of Education Computer Center Taiwan
168.187.0.0 - 168.187.255.255 - Kuwait Ministry of Communications
171.19.0.0 - 171.19.255.255 - 	Ministry of Interior Hungary
164.49.0.0 - 164.49.255.255 - 	United States Army Space and Strategic Defense
165.27.0.0 - 165.27.255.255 - 	United States Cellular Telephone
152.152.0.0 - 152.152.255.255 - NATO Headquarters
128.102.0.0 - 128.102.255.255 - NASA
128.149.0.0 - 128.149.255.255 - NASA
128.154.0.0 - 128.154.255.255 - NASA
128.155.0.0 - 128.155.255.255 - NASA
128.156.0.0 - 128.156.255.255 - NASA
128.157.0.0 - 128.157.255.255 - NASA
128.158.0.0 - 128.158.255.255 - NASA
128.159.0.0 - 128.159.255.255 - NASA
128.161.0.0 - 128.161.255.255 - NASA
128.183.0.0 - 128.183.255.255 - NASA
128.217.0.0 - 128.217.255.255 - NASA
129.50.0.0 - 129.50.255.255 - 	NASA
153.31.0.0 - 153.31.255.255 - 	FBI Criminal Justice Information Systems
138.137.0.0 - 138.137.255.255 - Navy Regional Data Automation Center
138.141.0.0 - 138.141.255.255 - Navy Regional Data Automation Center
138.143.0.0 - 138.143.255.255 - Navy Regional Data Automation Center
161.104.0.0 - 161.104.255.255 - France Telecom R&D
161.105.0.0 - 161.105.255.255 - France Telecom R&D
161.106.0.0 - 161.106.255.255 - France Telecom R&D
159.217.0.0 - 159.217.255.255 - Alcanet International (Alcatel)
158.190.0.0 - 158.190.255.255 - Credit Agricole
158.191.0.0 - 158.191.255.255 - Credit Agricole
158.192.0.0 - 158.192.255.255 - Credit Agricole
165.32.0.0 - 165.48.255.255 - 	Bank of America
171.128.0.0 - 171.206.255.255 - Bank of America
167.84.0.0 - 167.84.255.255 - 	The Chase Manhattan Bank
159.50.0.0 - 159.50.255.255 - 	Banque Nationale de Paris
159.22.0.0 - 159.22.255.255 - 	Swiss Federal Military Dept.
163.12.0.0 - 163.12.255.255 - 	navy aviation supply office
163.249.0.0 - 163.249.255.255 - Commanding Officer Navy Ships Parts
164.94.0.0 - 164.94.255.255 - 	Navy Personnel Research
164.224.0.0 - 164.224.255.255 - Secretary of the Navy
34.0.0.0 - 34.255.255.255 - 	Halliburton Company
139.121.0.0 - 139.121.255.255 - Science Applications International Corporation

PHP FILE
This is a pretty complex PHP file I created that does several operations. First it reads through the agency list you created placing each line of code in an array location. Second it separates each array location into pieces formatting those pieces for database entry. Finally it enters the data into your MySQL database. Detailed information is documented in the PHP file.

install.php
[php]<?PHP

/* ONLY RUN THIS ONCE. THIS SCRIPT WILL READ IN A TEXT
FILE WITH HYPHEN DELIMITED DATA, FORMAT THE DATA, AND
ENTER THE DATA INTO A MYSQL DATABASE */


/* THIS FUNCTION WILL CONVERT AN IP TO A DECIMAL. THIS IS
REQUIRED FOR THE MYSQL DATABASE. IF YOU ARE NOT FAMILIAR
WITH NUMBER SYSTEM CONVERSIONS IGNORE THIS SCRIPT. YOU
CAN NOT COMPARE IP ADDRESSES IN A DATABASE. YOU CAN
COMPARE DECIMAL NUMBERS. */
function convert_ip_to_decimal($ip){
$full_binary=NULL;
$ip=explode(".",$ip);
foreach($ip as $decimal){
$new_binary=decbin($decimal);
while(strlen($new_binary)!=8){
$new_binary= "0" . $new_binary;
}
$full_binary .= $new_binary;
}
return(bindec($full_binary));
}


/* CONNECT TO MYSQL SERVER. IF THE DATABASE IS ON THE SERVER
YOU WILL BE RUNNING THIS SCRIPT ON, THEN ENTER LOCALHOST IN
PLACE OF SERVERNAME. IF YOU RUN THIS SCRIPT ELSEWHERE YOU
SHOULD ENTER THE IP AND PORT OF THE SERVER YOU ARE CONNECTING
TO IN THE FOLLOWING FORMAT: ipaddressort
ENTER YOUR MYSQL USERNAME AND PASSWORD IN THE DOCUMENTED LOCATIONS

EXAMPLE OF LOCALHOST: mysql_connect("localhost","USERNAME","PASSWORD");
EXAMPLE OF ELSEWHERE: mysql_connect("127.0.0.1:3306","USERNAME","PASSWORD"); */

mysql_connect("SERVERNAME","USERNAME","PASSWORD");

/* CREATE THE DATABASE `TRACKER` */
$query = 'CREATE DATABASE tracker';
$result = mysql_query($query);

/* CREATE THE TABLE `SPIES` AND FIELDS NEEDED FOR THE DATABASE
FILEDS: ip_start, ip_stop, agency_name */
mysql_select_db('tracker') or die('Cannot select database');

$query = 'CREATE TABLE spies( '.
'ip_start INT UNSIGNED NOT NULL, '.
'ip_end INT UNSIGNED NOT NULL, '.
'agency TINYTEXT NOT NULL)';

mysql_query($query);

/* THIS SECTION READS IN THE FILE YOU CREATED FOR AGENCY_LIST.TXT
AND CREATED AN ARRAY WITH EACH LINE STORED AS $RESULTS[0,1,2,...N] */

/* EDIT THIS PATH TO POINT TO YOUR FILE. DOUBLE BACK SPACES ARE
REQUIRED FOR ESCAPE CHARACTERS */
$file="C:\\Users\\syntaxmaster\\Documents\\Word\\Programming\\agency_list.txt";
$handle=fopen($file,"rb");
$contents = fread($handle, filesize($file));
fclose($handle);

/* ARRAY CREATED TO HOLD EACH LINE FEED IN ITS OWN LOCATION */
$results=explode("\r",$contents);

/* LOOK AT EACH RESULT */
foreach($results as $item){
// REMOVE NEWLINE CHARACTERS AND CARRIAGE RETURNS
$remove_characters=array("\r","\n");
$item=str_replace($remove_characters,"",$item);

/* SEPARATE EACH ELEMENT OF THE ARRAY INTO THREE PARTS
[0]=STARTING IP
[1]=ENDING IP
[2]=AGENCY */
$item=explode("-",htmlentities($item,ENT_QUOTES));

if(isset($item[0],$item[1],$item[2])){
// CONVERT THE STARTING IP TO A DECIMAL
$item[0]=convert_ip_to_decimal(trim($item[0]));
// CONVERT THE ENDING IP TO A DECIMAL
$item[1]=convert_ip_to_decimal(trim($item[1]));
// REMOVE TABS AND SPACES FROM AGENCY
$item[2]=trim($item[2],"\t ");
}

/* GLUE TOGETHER ARRAY WITH ',' FOR DATABASE ENTRY AND PLACE
SINGLE QUOTES ON THE OUTSIDES OF STRING TO COMPLETE DATABASE
INSERT FORMAT.
ENDING STRING: 'STARTING_IP','ENDING_IP','AGENCY' */
$item_pieces = "'" . implode("','",$item) . "'";
$query="INSERT INTO `spies` VALUES(" . $item_pieces . ")";

// ENTER AGENCY INFORMATION INTO DATABASE
mysql_query($query);
}
mysql_close();
?>
[/php]

[SyntaXmasteR]

WEBSITE INCLUDE FILE
The file agency_include.php can be included on every page of your website. This file checks a visitors IP Address and compares it to the agencies in your database. If a match is made you will recieve an instant text message alert with the agency name, the timestamp, and ip address of the visitor.

agency_include.php
[php]<?PHP

/* THIS SCRIPT CAN BE INCLUDED ON EVERY PAGE OF YOUR
WEBSITE TO CHECK FOR AGENCIES STORED IN YOUR DATABASE.
A TEXT MESSAGE ALERT WILL BE SENT TO YOU INSTANTLY UPON
VISIT BY AN AGENCY */


/* THIS FUNCTION WILL CONVERT AN IP TO A DECIMAL. THIS IS
REQUIRED FOR THE MYSQL DATABASE. IF YOU ARE NOT FAMILIAR
WITH NUMBER SYSTEM CONVERSIONS IGNORE THIS SCRIPT. YOU
CAN NOT COMPARE IP ADDRESSES IN A DATABASE. YOU CAN
COMPARE DECIMAL NUMBERS. */
function convert_ip_to_decimal($ip){
$full_binary=NULL;
$ip=explode(".",$ip);
foreach($ip as $decimal){
$new_binary=decbin($decimal);
while(strlen($new_binary)!=8){
$new_binary= "0" . $new_binary;
}
$full_binary .= $new_binary;
}
return(bindec($full_binary));
}


function check_agency(){
$ip=$_SERVER['REMOTE_ADDR'];
$decimal=convert_ip_to_decimal($ip);

/* CONNECT TO MYSQL SERVER. IF THE DATABASE IS ON THE SERVER
YOU WILL BE RUNNING THIS SCRIPT ON, THEN ENTER LOCALHOST IN
PLACE OF SERVERNAME. IF YOU RUN THIS SCRIPT ELSEWHERE YOU
SHOULD ENTER THE IP AND PORT OF THE SERVER YOU ARE CONNECTING
TO IN THE FOLLOWING FORMAT: ipaddressort
ENTER YOUR MYSQL USERNAME AND PASSWORD IN THE DOCUMENTED LOCATIONS

EXAMPLE OF LOCALHOST: mysql_connect("localhost","USERNAME","PASSWORD");
EXAMPLE OF ELSEWHERE: mysql_connect("127.0.0.1:3306","USERNAME","PASSWORD"); */

mysql_connect('SERVERNAME','USERNAME','PASSWORD');
mysql_select_db('tracker') or die('Cannot select database tracker');

/* QUERY DATABASE FOR AGENCY FALLING IN VISITORS IP RANGE */
$query="SELECT agency FROM spies WHERE ip_start<='" . $decimal . "' AND ip_end>='" . $decimal . "'";
$query_array=mysql_query($query);
if($query_data=mysql_fetch_assoc($query_array)){
// SEND TEXT MESSAGE ALERT WITH TIMESTAMP
$message="AGENCY ALERT: " . $query_data['agency'] . " Spotted on " . date('Y-m-d') . " at " . date('H:i:s') . " IP: " . $ip;
$from="FROM: AgencyAlert@Script.com";
/* ENTER CELL PHONE NUMBER IN EMAIL FORMAT. I GIVE THE EXAMPLE
USING CINGULAR. YOU MUST LOOK UP YOUR OWN PHONE PROVIDERS
FULL ADDRESS.
Example: cingular=xxxxxxxxxx@mobile.mycingular.net */
$to="xxxxxxxxxx@mobile.mycingular.net";
$subject="Agency Alert";

mail($to,$subject,$message,$from);

}
mysql_close();
}

// CHECK TO SEE IF CURRENT VISITOR IS FROM AN AGENCY
check_agency();


?>
[/php]

[teknicalissue]

congrats on getting this file out lol hope fully they themselves wont catch this

[Moonbat]

Lol, SytanX, any *ahem* particular reason you decided to come up with this?

All suspicious aside, nice work. The code formatting is nice, and pretty much fully commented.

[SyntaXmasteR]

Actually I just came up with this last Friday when I saw the list of agencies while reading some articles on Phrack.org. Most of that information (on Phrack.org) is completely out of my realm of knowledge, but its always good to read information that reminds you that you don't know S**T.

Anyways... I've built a few sites that completely expose government corruption in certain areas. I wanted something to correlate press releases with government visitors to get an inside idea of who cares about what.