icescan-cvs Mailing List for IceScan (Page 3)
Status: Alpha
Brought to you by:
darkkey
Menu
▾
▴
icescan-cvs — IceScan CVS History.
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(20) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(132) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(5) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
(18) |
Apr
(23) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: arkaino <ar...@us...> - 2007-01-29 13:58:21
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv25631 Modified Files: ctargets.cc iceparams.h icescan.cc ChangeLog TODO icescan.1 Log Message: added options for host/ip/net exclusion Index: icescan.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.cc,v retrieving revision 1.41 retrieving revision 1.42 diff -C2 -d -r1.41 -r1.42 *** icescan.cc 27 Jan 2007 11:01:31 -0000 1.41 --- icescan.cc 29 Jan 2007 13:58:14 -0000 1.42 *************** *** 37,40 **** --- 37,42 ---- "\t target can be hostname, IP address (or range) or CIDR block.\n" "\t-iL <filename> | - (stdin): input targets from file|stdin\n" + "\t--exclude <host1[,host2][,host3],...> (exclude hosts/nets)\n" + "\t--excludefile <filename>| - (stdin) (exclude list from file|stdin)\n" "HOST DISCOVERY:\n" "\t default is PA and PE.\n" *************** *** 120,163 **** ! void parse_target (const char target[], iceparams *par, char *pname){ ! ! // ip range regexp ! IceRegex re("((\\d+)-(\\d+)?)"); ! if(re.match(target)){ ! std::vector<icestring> ips; ! icestring ip(target); ! std::vector<int> tmp; ! // pools for ip ranges.. std::vector<std::vector<int> > pools; ! int from, to; ! icestring range=""; ! re.findReset(); ! while (re.findNext()){ ! re.group(1, range); ! to = -1; ! sscanf(range.c_str(), "%d-%d", &from, &to); ! if (to < 0) ! to = from; ! for (int i=MIN(from, to); i <= MAX(from, to); i++) ! tmp.push_back(i); ! pools.push_back(tmp); ! tmp.erase (tmp.begin(), tmp.end()); } generate_ips (ips, pools.begin(), pools.end()); ! for (std::vector<icestring>::iterator itr = ips.begin(); itr != ips.end(); itr++) ! if (is_ip(*itr)) ! par->input_targets.push_back(*itr); }else if(is_ip(target) || is_correct_domainname(target) || is_correct_cidr(target)){ icestring t(target); ! par->input_targets.push_back(t); ! }else invalid_command(pname, "Invalid target specification. See MAN page for more info.", ""); --- 122,175 ---- ! void parse_target (const char target[], iceparams *par, char *pname, bool exclude){ ! if (is_ip_range(target)){ ! std::vector<icestring> ips; ! icestring ip(target); ! std::vector<int> tmp; ! // pools for ip ranges.. std::vector<std::vector<int> > pools; ! int from, to; ! icestring range=""; ! // regexp for EVERY octet, range or not. ! IceRegex re("((\\d+)(-\\d+)?)"); ! re.match(target); ! re.findReset(); ! ! while (re.findNext()){ ! re.group(1, range); ! to = -1; ! sscanf(range.c_str(), "%d-%d", &from, &to); ! if (to < 0) ! to = from; ! // we can use MIN-MAX (the logical way) or MAX-MIN. ! for (int i=MIN(from, to); i <= MAX(from,to); i++) ! tmp.push_back(i); ! pools.push_back(tmp); ! tmp.erase (tmp.begin(), tmp.end()); } generate_ips (ips, pools.begin(), pools.end()); ! if (exclude){ ! for (std::vector<icestring>::iterator itr = ips.begin(); itr != ips.end(); itr++) ! par->exclude_targets.push_back(*itr); ! }else{ ! for (std::vector<icestring>::iterator itr = ips.begin(); itr != ips.end(); itr++) ! par->input_targets.push_back(*itr); ! } }else if(is_ip(target) || is_correct_domainname(target) || is_correct_cidr(target)){ icestring t(target); ! if (exclude) ! par->exclude_targets.push_back(t); ! else ! par->input_targets.push_back(t); ! ! }else invalid_command(pname, "Invalid target specification. See MAN page for more info.", ""); *************** *** 165,210 **** ! void parse_input_buffer (const icestring &buf, iceparams * par, char *pname){ ! icestring target; ! IceRegex re("([^\\s,]+)"); ! if (re.match(buf)){ ! re.findReset(); ! while (re.findNext()){ ! re.group(1, target); ! parse_target (target.c_str(), par, pname); ! } ! } } ! void parse_input_file (iceparams *par, char *pname, char * fstr = NULL){ ! char tmp[1024]; ! std::stringstream buf; ! if (fstr != NULL){ ! std::ifstream in (fstr); ! if (in.is_open()){ ! while (!in.eof()){ ! in.getline (tmp, 1024, '\0'); ! buf << tmp; ! } ! in.close(); ! }else ! invalid_command(pname, "Error opening input filename.", ""); ! }else{ ! while (!std::cin.eof()){ ! std::cin.getline (tmp, 1024, '\0'); ! buf << tmp; ! } ! } ! parse_input_buffer (buf.str(), par, pname); } --- 177,222 ---- ! void parse_input_buffer (const icestring &buf, iceparams * par, char *pname, bool exclude){ ! icestring target; ! IceRegex re("([^\\s,]+)"); ! if (re.match(buf)){ ! re.findReset(); ! while (re.findNext()){ ! re.group(1, target); ! parse_target (target.c_str(), par, pname, exclude); ! } ! } } ! void parse_input_file (iceparams *par, char *pname, bool exclude, char * fstr = NULL){ ! char tmp[1024]; ! std::stringstream buf; ! if (fstr != NULL){ ! std::ifstream in (fstr); ! if (in.is_open()){ ! while (!in.eof()){ ! in.getline (tmp, 1024, '\0'); ! buf << tmp; ! } ! in.close(); ! }else ! invalid_command(pname, "Error opening input filename.", ""); ! }else{ ! while (!std::cin.eof()){ ! std::cin.getline (tmp, 1024, '\0'); ! buf << tmp; ! } ! } ! parse_input_buffer (buf.str(), par, pname, exclude); } *************** *** 462,466 **** par->scan_delay = delay; }else ! invalid_command(argv[0], "Invalid option format.",""); }else invalid_command(argv[0], "Invalid option: ", argv[i]); --- 474,502 ---- par->scan_delay = delay; }else ! invalid_command(argv[0], "Invalid option format.",""); ! ! }else if (!strcmp(argv[i], "--exclude")){ ! std::stringstream tmp; ! int npar; ! ! for (npar = i+1 ; npar < argc && argv[npar][0] != '-'; npar++) ! tmp << argv[npar] << ' '; ! ! parse_input_buffer (tmp.str(), par, argv[0], true); ! ! i = npar-1; ! ! }else if (!strcmp(argv[i], "--excludefile")){ ! if (i+1 < argc){ ! if (argv[i+1][0] == '-' && argv[i+1][1] == '\0') ! // read from stdin, set exclude flag ! parse_input_file (par, argv[0], true); ! else ! parse_input_file (par, argv[0], true, argv[i+1]); ! }else ! invalid_command(argv[0], "Invalid option format.", ""); ! i++; ! ! }else invalid_command(argv[0], "Invalid option: ", argv[i]); *************** *** 534,540 **** if (argv[i+1][0] == '-' && argv[i+1][1] == '\0') // read from stdin ! parse_input_file (par, argv[0]); else ! parse_input_file (par, argv[0], argv[i+1]); }else invalid_command(argv[0], "Invalid option format.", ""); --- 570,576 ---- if (argv[i+1][0] == '-' && argv[i+1][1] == '\0') // read from stdin ! parse_input_file (par, argv[0], false); else ! parse_input_file (par, argv[0], false, argv[i+1]); }else invalid_command(argv[0], "Invalid option format.", ""); *************** *** 797,801 **** }else{ //DBGOUTPUT("Target is: " << argv[i]); ! parse_target(argv[i], par, argv[0]); } --- 833,837 ---- }else{ //DBGOUTPUT("Target is: " << argv[i]); ! parse_target(argv[i], par, argv[0], false); } *************** *** 816,819 **** --- 852,856 ---- int main(int argc, char *argv[]){ + struct timeb tp1, tp2; Index: ChangeLog =================================================================== RCS file: /cvsroot/icescan/IceScan/ChangeLog,v retrieving revision 1.26 retrieving revision 1.27 diff -C2 -d -r1.26 -r1.27 *** ChangeLog 27 Jan 2007 11:01:31 -0000 1.26 --- ChangeLog 29 Jan 2007 13:58:14 -0000 1.27 *************** *** 5,8 **** --- 5,10 ---- *** IceScan v. 0.0.6, 12 Jan 2006 *** + + added --exclude <host1[,host2][,host3],...> (exclude hosts/nets) + + added --excludefile <filename> (exclude list from file) + added target setting xxx.xxx.xxx.xx-xx (xxx.xxx.xx-xx.xx-xx and etc) specification feature. + added -iL [filename|-] -- input targets from file or stdin stream. Index: iceparams.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceparams.h,v retrieving revision 1.39 retrieving revision 1.40 diff -C2 -d -r1.39 -r1.40 *** iceparams.h 27 Jan 2007 11:01:31 -0000 1.39 --- iceparams.h 29 Jan 2007 13:58:14 -0000 1.40 *************** *** 67,71 **** bool forceuid; ! std::vector <icestring> input_targets; // Interface number of the device used for the scans --- 67,73 ---- bool forceuid; ! std::vector<icestring> input_targets; ! // for excluded targets ! std::vector<icestring> exclude_targets; // Interface number of the device used for the scans Index: ctargets.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/ctargets.cc,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** ctargets.cc 10 Jan 2007 18:21:37 -0000 1.3 --- ctargets.cc 29 Jan 2007 13:58:14 -0000 1.4 *************** *** 28,37 **** void ctargets::process_targets(){ if(par.passive_discovery) return; ! for(int i = 0; i < par.input_targets.size(); i++) if(is_ip(par.input_targets[i]) || is_correct_domainname(par.input_targets[i])) add_subtargets(par.input_targets[i], par.input_targets[i]); ! else if(is_correct_cidr(par.input_targets[i])){ unsigned char ipc[4]; uint32_t ip; --- 28,40 ---- void ctargets::process_targets(){ + std::vector<icestring> excluded; + + if(par.passive_discovery) return; ! for(int i = 0; i < par.input_targets.size(); i++){ if(is_ip(par.input_targets[i]) || is_correct_domainname(par.input_targets[i])) add_subtargets(par.input_targets[i], par.input_targets[i]); ! else if(is_correct_cidr(par.input_targets[i])){ unsigned char ipc[4]; uint32_t ip; *************** *** 50,53 **** --- 53,108 ---- } + } + + // resolve hostnames and extend CIDR ips from "exclude_targets" + for(int i = 0; i < par.exclude_targets.size(); i++){ + + if(is_ip(par.exclude_targets[i])){ + excluded.push_back (par.exclude_targets[i]); + + }else if (is_correct_domainname(par.exclude_targets[i])){ + std::vector<icestring> sub_addrs; + int st = get_ips_byhost (par.exclude_targets[i].c_str(), sub_addrs); + + for(int i = 0; i < st; i++) + excluded.push_back (sub_addrs[i]); + + }else if(is_correct_cidr(par.exclude_targets[i])){ + unsigned char ipc[4]; + uint32_t ip; + int len; + + sscanf(par.exclude_targets[i].c_str(), "%d.%d.%d.%d/%d", &ipc[0], &ipc[1], &ipc[2], &ipc[3], &len); + + if(len > 32 || len < 0 ) continue; //UGLY!!! + + ip = ipc[0] * (int) pow(256.0, 3) + ipc[1] * (int) pow(256.0, 2) + ipc[2] * 256 + ipc[3]; + + int mlen = 32 - len; + + for(int j = 1; j < (int) pow(2.0, mlen); j++) + excluded.push_back (ip_to_str((((ip >> mlen) << mlen) + j))); + } + } + + // now we remove them for real.. + std::map<icestring, csubtarget*>::iterator itr; + for (int i = 0; i < excluded.size(); i++){ + itr = subtargets.find(excluded[i]); + if (itr != subtargets.end()){ + delete itr->second; + subtargets.erase(itr); + //DBGOUTPUT ("REMOVED: " << excluded[i].c_str()); + } + } + + par.input_targets.clear(); + + // passive engine works with "input_targets" + for (itr = subtargets.begin(); itr != subtargets.end(); itr++){ + par.input_targets.push_back((*itr).first); + //DBGOUTPUT("INPUT: " << (*itr).first.c_str()); + } + } Index: icescan.1 =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.1,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** icescan.1 24 Jan 2007 14:32:58 -0000 1.9 --- icescan.1 29 Jan 2007 13:58:14 -0000 1.10 *************** *** 72,75 **** --- 72,77 ---- -v[v[v[v]]]]: verbose levels OTHER: + --exclude <host1[,host2][,host3],...> (exclude hosts/nets) + --excludefile <filename>| - (stdin) (exclude list from file|stdin) -iL <filename> | - (stdin): input targets from file|stdin --use-first-resolve: use only 1st IP in DNS resolving of target Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.55 retrieving revision 1.56 diff -C2 -d -r1.55 -r1.56 *** TODO 27 Jan 2007 11:59:16 -0000 1.55 --- TODO 29 Jan 2007 13:58:14 -0000 1.56 *************** *** 35,40 **** I70 + PACKET TRACE should show TCP and IP options. I71 + PACKET TRACE options. (--trace-options) - I72 + --exclude <host1[,host2][,host3],...> (exclude hosts/nets) - I73 + --excludefile <filename> (exclude list from file) -- Discovering -- --- 35,38 ---- |
|
From: arkaino <ar...@us...> - 2007-01-29 13:58:17
|
Update of /cvsroot/icescan/IceScan/icesockets In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv25631/icesockets Modified Files: sock_name.cc sock_name.h Log Message: added options for host/ip/net exclusion Index: sock_name.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/sock_name.h,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** sock_name.h 13 Jan 2007 18:40:31 -0000 1.5 --- sock_name.h 29 Jan 2007 13:58:14 -0000 1.6 *************** *** 25,28 **** --- 25,32 ---- bool is_ip(icestring &); + bool is_ip_range(const char *); + + bool is_ip_range(icestring &); + bool is_correct_domainname(const char *); Index: sock_name.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/sock_name.cc,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** sock_name.cc 13 Jan 2007 18:40:30 -0000 1.6 --- sock_name.cc 29 Jan 2007 13:58:14 -0000 1.7 *************** *** 26,29 **** --- 26,38 ---- } + bool is_ip_range (const char * nisname){ + IceRegex re("(\\d+-\\d+)"); + return (re.match(nisname)); + } + + bool is_ip_range (icestring &nisname){ + return is_ip_range(nisname.c_str()); + } + bool is_correct_domainname(const char * nisname){ IceRegex re("^([A-Za-z0-9][-A-Za-z0-9]*[.]*)+$"); |
|
From: Alexander B. <da...@us...> - 2007-01-27 11:59:19
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv13268 Modified Files: TODO caengine.cc Log Message: Fixed non-working connect() + protocol scan (when using them together). Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.54 retrieving revision 1.55 diff -C2 -d -r1.54 -r1.55 *** TODO 27 Jan 2007 11:01:31 -0000 1.54 --- TODO 27 Jan 2007 11:59:16 -0000 1.55 *************** *** 1,9 **** IceScan ToDo: - CRITICAL BUGS - ############# - 2) Non-working connect() + ip protocol scan - ############################################################# - What should be in IceScan version 0.10: ([ ] - not done; [_] - partially done; [*] - seems to be working; [+] - completely done) --- 1,4 ---- *************** *** 67,79 **** I27 * don't scan broadcast addresses. I28 * timeouts for connect() scan inheritance from discover... ! I29 * fix connect() scan invalid port status if ports count > 30000 I31 * fix duplicate sending RST on SYN scan. I32 * ICMP PortUnreach messages handling in TCP/UDP raw scans I33 + Decoys (-D) I67 + IP options (T, U, S, L) - I74 * Non-working connect() + protocol scan (when using them together) I75 * fix output in NetBIOS scan: strange " none detected" message. I79 * very *slow* tcp raw scanning on fast lines (FE or loopback). -- Exploiting -- --- 62,78 ---- I27 * don't scan broadcast addresses. I28 * timeouts for connect() scan inheritance from discover... ! I29 * fix connect() scan invalid port status if ports count > 50000 I31 * fix duplicate sending RST on SYN scan. I32 * ICMP PortUnreach messages handling in TCP/UDP raw scans I33 + Decoys (-D) I67 + IP options (T, U, S, L) I75 * fix output in NetBIOS scan: strange " none detected" message. I79 * very *slow* tcp raw scanning on fast lines (FE or loopback). + -- Interfaces/Routing -- + + I82 * select proper interface when source IP selected with -s and + no interface forcing via -e done. + -- Exploiting -- Index: caengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.cc,v retrieving revision 1.20 retrieving revision 1.21 diff -C2 -d -r1.20 -r1.21 *** caengine.cc 26 Jan 2007 18:24:33 -0000 1.20 --- caengine.cc 27 Jan 2007 11:59:16 -0000 1.21 *************** *** 66,70 **** iceusleep(5); recieve_attempts(5); - //iceusleep(50); } --- 66,69 ---- *************** *** 369,375 **** } ! if(!(*i).second->discovered && !(*i).second->discovering) continue; ! ! //// Send the attempt for IP protocol scan --- 368,372 ---- } ! if(!(*i).second->discovered && !(*i).second->discovering) continue; //// Send the attempt for IP protocol scan *************** *** 390,405 **** if(!((*i).second->scans_done & TCP_SCAN)){ if(!(*i).second->discovered && cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery){ ! stop = send_icmp_attempts((*i).second, tv); } if(!(*i).second->discovered && cde.arp_discovery) ! stop = send_arp_attempts((*i).second, tv); if((!(*i).second->discovered && (cde.syn_ping_discovery || cde.fin_ping_discovery || (par.root() && cde.ack_ping_discovery))) || ((*i).second->discovered) && cde.tcp_raw_scan){ ! stop = send_raw_tcp_attempts((*i).second, tv); //#$^%!!!! GCC DEVELOPERS } if((!(*i).second->discovered && cde.ack_ping_discovery && !par.root()) || ((*i).second->discovered && par.scan_type == TCP_CONNECT_SCAN)){ ! stop = do_connect_attempts((*i).second, tv); } } --- 387,402 ---- if(!((*i).second->scans_done & TCP_SCAN)){ if(!(*i).second->discovered && cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery){ ! stop &= send_icmp_attempts((*i).second, tv); } if(!(*i).second->discovered && cde.arp_discovery) ! stop &= send_arp_attempts((*i).second, tv); if((!(*i).second->discovered && (cde.syn_ping_discovery || cde.fin_ping_discovery || (par.root() && cde.ack_ping_discovery))) || ((*i).second->discovered) && cde.tcp_raw_scan){ ! stop &= send_raw_tcp_attempts((*i).second, tv); //#$^%!!!! GCC DEVELOPERS } if((!(*i).second->discovered && cde.ack_ping_discovery && !par.root()) || ((*i).second->discovered && par.scan_type == TCP_CONNECT_SCAN)){ ! stop &= do_connect_attempts((*i).second, tv); } } *************** *** 757,794 **** unsigned short pcap_stop; ! //while(!stop){ ! pcap_stop = 0; ! if(cde.protocol_scan || cde.tcp_raw_scan || ((par.syn_ping_discovery || par.fin_ping_discovery || par.ack_ping_discovery) && cde.to_discover > 0)){ ! while(pcap_stop < 254){ ! ! for(int i = 0; i<cde.pcaps.size(); i++) ! if(cde.pcaps[i]!=NULL){ ! response = cde.pcaps[i]->read_packet(&len, &tv); ! pcap_stop += (int) !recieve_pcap_attempts(response, len, tv); ! } ! gettimeofday(&tv_f, NULL); ! if(SUB_TIMEVALS(tv_f, tv_s) >= (timeout * 1000)) ! break; ! } ! } ! if(cde.arp_discovery) ! check_arp_cache(); ! if((cde.ack_ping_discovery && !par.root()) || par.scan_type == TCP_CONNECT_SCAN){ ! do_select_round(); ! } ! if(cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery ) ! raw_icmp_recieve(); ! if(par.netbios_scan) ! recieve_netbios_attempts(); ! //gettimeofday(&tv_f, NULL); ! // if(SUB_TIMEVALS(tv_f, tv_s) >= timeout) stop = true; ! //}/*while(!stop)*/ } --- 754,793 ---- unsigned short pcap_stop; ! while(!stop){ ! ! pcap_stop = 0; ! if(cde.protocol_scan || cde.tcp_raw_scan || ((par.syn_ping_discovery || par.fin_ping_discovery || par.ack_ping_discovery) && cde.to_discover > 0)){ ! while(pcap_stop < 254){ ! for(int i = 0; i<cde.pcaps.size(); i++) ! if(cde.pcaps[i]!=NULL){ ! response = cde.pcaps[i]->read_packet(&len, &tv); ! pcap_stop += (int) !recieve_pcap_attempts(response, len, tv); ! } ! gettimeofday(&tv_f, NULL); ! if(SUB_TIMEVALS(tv_f, tv_s) >= (timeout * 1000)) ! break; ! } ! } ! if(cde.arp_discovery) ! check_arp_cache(); ! if((cde.ack_ping_discovery && !par.root()) || par.scan_type == TCP_CONNECT_SCAN){ ! do_select_round(); ! } ! if(cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery ) ! raw_icmp_recieve(); ! if(par.netbios_scan) ! recieve_netbios_attempts(); ! ! gettimeofday(&tv_f, NULL); ! if(SUB_TIMEVALS(tv_f, tv_s) >= timeout) stop = true; ! ! }/*while(!stop)*/ } |
|
From: Alexander B. <da...@us...> - 2007-01-27 11:01:35
|
Update of /cvsroot/icescan/IceScan/icesockets In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv23528/icesockets Modified Files: sock_types.h Log Message: Update TODO/ChangeLog; fixed some UI issues. Index: sock_types.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/sock_types.h,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** sock_types.h 23 Jan 2007 12:51:53 -0000 1.14 --- sock_types.h 27 Jan 2007 11:01:31 -0000 1.15 *************** *** 46,78 **** #define TRAILING_SLASH '\\' #else ! #ifndef __CYGWIN__ ! #include <netinet/if_ether.h> ! #endif ! ! #include <sys/socket.h> ! #include <arpa/inet.h> ! #ifndef __CYGWIN__ ! #include <net/if_arp.h> ! #endif ! #include <netinet/in.h> ! #include <netinet/ip.h> ! #include <netdb.h> ! #include <sys/ioctl.h> ! #include <netinet/ip.h> ! #include <netinet/ip_icmp.h> ! #define __FAVOR_BSD ! #include <netinet/tcp.h> ! #undef __FAVOR_BSD ! #ifndef __CYGWIN__ ! #undef __FAVOR_BSD ! #include <netinet/udp.h> ! #endif ! #include <pthread.h> #endif --- 46,77 ---- #define TRAILING_SLASH '\\' #else + #ifndef __CYGWIN__ + #include <netinet/if_ether.h> + #endif ! #include <sys/socket.h> ! #include <arpa/inet.h> ! #ifndef __CYGWIN__ ! #include <net/if_arp.h> ! #endif ! #include <netinet/in.h> ! #include <netinet/ip.h> ! #include <netdb.h> ! #include <sys/ioctl.h> ! #include <netinet/ip.h> ! #include <netinet/ip_icmp.h> ! #define __FAVOR_BSD ! #include <netinet/tcp.h> ! #undef __FAVOR_BSD ! #ifndef __CYGWIN__ ! #undef __FAVOR_BSD ! #include <netinet/udp.h> ! #endif ! #include <pthread.h> #endif *************** *** 417,444 **** }; - // struct ip - // { - // #if __BYTE_ORDER == __LITTLE_ENDIAN - // unsigned int ip_hl:4; /* header length */ - // unsigned int ip_v:4; /* version */ - // #endif - // #if __BYTE_ORDER == __BIG_ENDIAN - // unsigned int ip_v:4; /* version */ - // unsigned int ip_hl:4; /* header length */ - // #endif - // u8 ip_tos; /* type of service */ - // u_short ip_len; /* total length */ - // u_short ip_id; /* identification */ - // u_short ip_off; /* fragment offset field */ - // #define IP_RF 0x8000 /* reserved fragment flag */ - // #define IP_DF 0x4000 /* dont fragment flag */ - // #define IP_MF 0x2000 /* more fragments flag */ - // #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ - // u8 ip_ttl; /* time to live */ - // u8 ip_p; /* protocol */ - // u_short ip_sum; /* checksum */ - // struct in_addr ip_src, ip_dst; /* source and dest address */ - // }; - /* ARP ioctl request. */ struct arpreq --- 416,419 ---- |
|
From: Alexander B. <da...@us...> - 2007-01-27 11:01:34
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv23528 Modified Files: TODO iceparams.h ChangeLog icescan.cc caengine.h Log Message: Update TODO/ChangeLog; fixed some UI issues. Index: icescan.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.cc,v retrieving revision 1.40 retrieving revision 1.41 diff -C2 -d -r1.40 -r1.41 *** icescan.cc 26 Jan 2007 18:24:33 -0000 1.40 --- icescan.cc 27 Jan 2007 11:01:31 -0000 1.41 *************** *** 67,70 **** --- 67,75 ---- "\t--promisc: put interface(s) in promiscuous mode\n" "\t--input-dumpfile: input tcpdump file for passive scan/ping\n" + "TIMING AND PERFORMANCE:\n" + "\t-T< 0 | 1 | 2 | 3 | 4 >: Specifies probe round trip time.\n" + "\t--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time.\n" + "\t--max-retries <tries>: Caps number of port scan probe retransmissions.\n" + "\t--scan-delay/--max-scan-delay <time>: Adjust delay between probes.\n" "FW/IDS EVASION AND SPOOFING:\n" "\t-s <IPv4 address>: spoof source address\n" *************** *** 80,88 **** "\t-d<debug level>: set debug level (values from 1 to 9 available)\n" "\t-v[v[v[v]]]]: verbose levels\n" - "TIMING AND PERFORMANCE:\n" - "\t--T< 0 | 1 | 2 | 3 | 4 >: Specifies probe round trip time.\n" - "\t--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time.\n" - "\t--max-retries <tries>: Caps number of port scan probe retransmissions.\n" - "\t--scan-delay/--max-scan-delay <time>: Adjust delay between probes.\n" "OTHER:\n" "\t--use-first-resolve: use only 1st IP in DNS resolving of target\n" --- 85,88 ---- *************** *** 462,500 **** par->scan_delay = delay; }else ! invalid_command(argv[0], "Invalid option format.",""); ! ! }else if (argv[i][2] == 'T'){ ! if (argv[i][3] == '0'){ ! par->ini_timeout = OPTION_T0_INI_TIMEOUT; ! par->max_timeout = OPTION_T0_MAX_TIMEOUT; ! par->min_timeout = OPTION_T0_MIN_TIMEOUT; ! par->max_retries[par->source_iface] = OPTION_T0_MAX_RETRIES; ! }else if (argv[i][3] == '1'){ ! par->ini_timeout = OPTION_T1_INI_TIMEOUT; ! par->max_timeout = OPTION_T1_MAX_TIMEOUT; ! par->min_timeout = OPTION_T1_MIN_TIMEOUT; ! par->max_retries[par->source_iface] = OPTION_T1_MAX_RETRIES; ! }else if (argv[i][3] == '2'){ ! par->ini_timeout = OPTION_T2_INI_TIMEOUT; ! par->max_timeout = OPTION_T2_MAX_TIMEOUT; ! par->min_timeout = OPTION_T2_MIN_TIMEOUT; ! par->max_retries[par->source_iface] = OPTION_T2_MAX_RETRIES; ! }else if (argv[i][3] == '3'){ ! par->ini_timeout = OPTION_T3_INI_TIMEOUT; ! par->max_timeout = OPTION_T3_MAX_TIMEOUT; ! par->min_timeout = OPTION_T3_MIN_TIMEOUT; ! par->max_retries[par->source_iface] = OPTION_T3_MAX_RETRIES; ! }else if (argv[i][3] == '4'){ ! par->ini_timeout = OPTION_T4_INI_TIMEOUT; ! par->max_timeout = OPTION_T4_MAX_TIMEOUT; ! par->min_timeout = OPTION_T4_MIN_TIMEOUT; ! par->max_retries[par->source_iface] = OPTION_T4_MAX_RETRIES; ! }else if (argv[i][3] == '5'){ ! par->ini_timeout = OPTION_T5_INI_TIMEOUT; ! par->max_timeout = OPTION_T5_MAX_TIMEOUT; ! par->min_timeout = OPTION_T5_MIN_TIMEOUT; ! par->max_retries[par->source_iface] = OPTION_T5_MAX_RETRIES; ! } ! }else invalid_command(argv[0], "Invalid option: ", argv[i]); --- 462,466 ---- par->scan_delay = delay; }else ! invalid_command(argv[0], "Invalid option format.",""); }else invalid_command(argv[0], "Invalid option: ", argv[i]); *************** *** 775,779 **** --- 741,788 ---- break; + case 'T': + if(strlen(argv[i])<3) + invalid_command(argv[0], "Invalid timeout option type.",""); + switch(argv[i][2]){ + case '0': + par->ini_timeout = OPTION_T0_INI_TIMEOUT; + par->max_timeout = OPTION_T0_MAX_TIMEOUT; + par->min_timeout = OPTION_T0_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T0_MAX_RETRIES; + break; + case '1': + par->ini_timeout = OPTION_T1_INI_TIMEOUT; + par->max_timeout = OPTION_T1_MAX_TIMEOUT; + par->min_timeout = OPTION_T1_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T1_MAX_RETRIES; + break; + case '2': + par->ini_timeout = OPTION_T2_INI_TIMEOUT; + par->max_timeout = OPTION_T2_MAX_TIMEOUT; + par->min_timeout = OPTION_T2_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T2_MAX_RETRIES; + break; + case '3': + par->ini_timeout = OPTION_T3_INI_TIMEOUT; + par->max_timeout = OPTION_T3_MAX_TIMEOUT; + par->min_timeout = OPTION_T3_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T3_MAX_RETRIES; + break; + case '4': + par->ini_timeout = OPTION_T4_INI_TIMEOUT; + par->max_timeout = OPTION_T4_MAX_TIMEOUT; + par->min_timeout = OPTION_T4_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T4_MAX_RETRIES; + break; + case '5': + par->ini_timeout = OPTION_T5_INI_TIMEOUT; + par->max_timeout = OPTION_T5_MAX_TIMEOUT; + par->min_timeout = OPTION_T5_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T5_MAX_RETRIES; + break; + } + + break; case 'p': parse_ports(i, argc, argv, par->ports, true); Index: iceparams.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceparams.h,v retrieving revision 1.38 retrieving revision 1.39 diff -C2 -d -r1.38 -r1.39 *** iceparams.h 26 Jan 2007 18:24:33 -0000 1.38 --- iceparams.h 27 Jan 2007 11:01:31 -0000 1.39 *************** *** 18,33 **** // -S0 -ST -SB -SI -SF -SN -SX -SW -SA -SS -SU -SL -SP - - #define MAX_PROTOCOL_RETRIES 3 - - //#define MAX_WAIT_TIME 1000 // 1 second - //#define INI_TIMEOUT 300 // 0.3 second - //#define MIN_TIMEOUT 20 // 20ms - #define ACK_PING_STANDART_PORT 80 #define ARP_PING_STANDART_PORT 138 - #define OUTPUT_LEVEL 3 - #define OPTION_T0_MAX_TIMEOUT 3000 #define OPTION_T0_INI_TIMEOUT 1000 --- 18,24 ---- Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.53 retrieving revision 1.54 diff -C2 -d -r1.53 -r1.54 *** TODO 25 Jan 2007 14:21:46 -0000 1.53 --- TODO 27 Jan 2007 11:01:31 -0000 1.54 *************** *** 3,8 **** CRITICAL BUGS ############# - 1) broken tcp raw scan (too-fast rtts and timeout expiring); - discovery attempts sending too fast; rtt engine, rtt engine, rtt engine... 2) Non-working connect() + ip protocol scan ############################################################# --- 3,6 ---- *************** *** 12,22 **** ######################################################################################## [*] 1. active scan methods: MainMON, FIN, ACK, SYN, connect(), NULL, XMAS, Window, NetBIOS. ! [_] 1.1 active scan methods: UDP [*] 2. active discovery methods: ACK, connect(), FIN, SYN. ! [_] 2.1 active discovery methods: UDP, NetBIOS. [+] 3. passive scan and discover (capturing packts from network interfaces and/or from tcpdump file). [*] 4. types of output results: 1) text; 2) grepable nmap-like output. ! [_] 5. working engine of retramsmissions and tuning parameters ! [_] 6. special options(--promisc: set promiscious mode; --data-length <num>: append random data to sent packets; --badchksum: send packets with bad checksum; --data-dir: set directory which contains the databases; -iL [filename|-] -- input targets from file|stdin, each target on new line; --max_retries option; --- 10,20 ---- ######################################################################################## [*] 1. active scan methods: MainMON, FIN, ACK, SYN, connect(), NULL, XMAS, Window, NetBIOS. ! [ ] 1.1 active scan methods: UDP [*] 2. active discovery methods: ACK, connect(), FIN, SYN. ! [ ] 2.1 active discovery methods: UDP. [+] 3. passive scan and discover (capturing packts from network interfaces and/or from tcpdump file). [*] 4. types of output results: 1) text; 2) grepable nmap-like output. ! [*] 5. working engine of retramsmissions and tuning parameters ! [*] 6. special options(--promisc: set promiscious mode; --data-length <num>: append random data to sent packets; --badchksum: send packets with bad checksum; --data-dir: set directory which contains the databases; -iL [filename|-] -- input targets from file|stdin, each target on new line; --max_retries option; *************** *** 25,29 **** [*] 8. IP protocol scan. [_] 9. ports to platforms: Linux, Win32, OpenBSD, FreeBSD, Cygwin. ! [_] 10. man page and INSTALL.win32, INSTALL.<platfrom-specific> files. ################################################################################################################ --- 23,27 ---- [*] 8. IP protocol scan. [_] 9. ports to platforms: Linux, Win32, OpenBSD, FreeBSD, Cygwin. ! [_] 10. Man page and INSTALL.win32, INSTALL.<platfrom-specific> files. ################################################################################################################ *************** *** 70,80 **** I28 * timeouts for connect() scan inheritance from discover... I29 * fix connect() scan invalid port status if ports count > 30000 - I30 * fix raw tcp scans invalid port status if ports count > 40000 I31 * fix duplicate sending RST on SYN scan. I32 * ICMP PortUnreach messages handling in TCP/UDP raw scans I33 + Decoys (-D) ! I67 + IP options (R, T, U, S, L) ! I74 * Non-working connect() + protocol scan I75 * fix output in NetBIOS scan: strange " none detected" message. -- Exploiting -- --- 68,78 ---- I28 * timeouts for connect() scan inheritance from discover... I29 * fix connect() scan invalid port status if ports count > 30000 I31 * fix duplicate sending RST on SYN scan. I32 * ICMP PortUnreach messages handling in TCP/UDP raw scans I33 + Decoys (-D) ! I67 + IP options (T, U, S, L) ! I74 * Non-working connect() + protocol scan (when using them together) I75 * fix output in NetBIOS scan: strange " none detected" message. + I79 * very *slow* tcp raw scanning on fast lines (FE or loopback). -- Exploiting -- *************** *** 83,94 **** I35 + Own scripting language for exploits database - -- Timing -- - - I36 * Fix udp scan/discover timeouts. - I37 * Fix Raw TCP scan timeouts. - I38 + --max_retries option - I39 + --max-timeout option - I40 + add timeout/retry 2x engine - -- Fingerprinting -- --- 81,84 ---- *************** *** 110,113 **** --- 100,107 ---- I48 + make it build under cygwin + -- FreeBSD-specific -- + + I81 + add structures and typedefs for FreeBSD + -- OpenBSD-specific -- *************** *** 134,136 **** I61 + Man page (related links, diagram of IceScan work and etc) I62 + Web Site ! I63 + INSTALL.win32 --- 128,130 ---- I61 + Man page (related links, diagram of IceScan work and etc) I62 + Web Site ! I63 + Completely rewrite and append INSTALL.win32 Index: caengine.h =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.h,v retrieving revision 1.29 retrieving revision 1.30 diff -C2 -d -r1.29 -r1.30 *** caengine.h 26 Jan 2007 18:24:33 -0000 1.29 --- caengine.h 27 Jan 2007 11:01:31 -0000 1.30 *************** *** 85,89 **** bool tcp_raw_scan; //// Protocol Scan implementation ! bool protocol_scan; cdengine(){ --- 85,89 ---- bool tcp_raw_scan; //// Protocol Scan implementation ! bool protocol_scan; cdengine(){ *************** *** 109,114 **** arp_discovery = false; tcp_raw_scan = false; ! //// Protocol Scan implementation ! protocol_scan = false; max_socks = free_socks = ICE_FD_SETSIZE; --- 109,114 ---- arp_discovery = false; tcp_raw_scan = false; ! //// Protocol Scan implementation ! protocol_scan = false; max_socks = free_socks = ICE_FD_SETSIZE; Index: ChangeLog =================================================================== RCS file: /cvsroot/icescan/IceScan/ChangeLog,v retrieving revision 1.25 retrieving revision 1.26 diff -C2 -d -r1.25 -r1.26 *** ChangeLog 24 Jan 2007 14:32:58 -0000 1.25 --- ChangeLog 27 Jan 2007 11:01:31 -0000 1.26 *************** *** 43,46 **** --- 43,48 ---- * changed (-i) option to (-e). + added --badchksum option. + + added -T, --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout options. + + added --max-retries, --scan-delay/--max-scan-delay options. *** IceScan v. 0.0.5, 18 Dec 2006 *** |
|
From: ruttino <ru...@us...> - 2007-01-26 18:24:36
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv1330 Modified Files: caengine.cc caengine.h csubtarget.h iceparams.h icescan.cc Log Message: RTT timeouts expiring and options like --rtt-max_timeout/min_timeout/ini_timeout --scan-delay Index: icescan.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.cc,v retrieving revision 1.39 retrieving revision 1.40 diff -C2 -d -r1.39 -r1.40 *** icescan.cc 25 Jan 2007 19:06:27 -0000 1.39 --- icescan.cc 26 Jan 2007 18:24:33 -0000 1.40 *************** *** 80,83 **** --- 80,88 ---- "\t-d<debug level>: set debug level (values from 1 to 9 available)\n" "\t-v[v[v[v]]]]: verbose levels\n" + "TIMING AND PERFORMANCE:\n" + "\t--T< 0 | 1 | 2 | 3 | 4 >: Specifies probe round trip time.\n" + "\t--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time.\n" + "\t--max-retries <tries>: Caps number of port scan probe retransmissions.\n" + "\t--scan-delay/--max-scan-delay <time>: Adjust delay between probes.\n" "OTHER:\n" "\t--use-first-resolve: use only 1st IP in DNS resolving of target\n" *************** *** 414,418 **** invalid_command(argv[0], "Invalid option format.",""); ! }else if (!strcmp(argv[i], "--max-timeout")){ if(i+1<argc){ int timeout = atoi(argv[i+1]); --- 419,423 ---- invalid_command(argv[0], "Invalid option format.",""); ! }else if (!strcmp(argv[i], "--max-rtt-timeout")){ if(i+1<argc){ int timeout = atoi(argv[i+1]); *************** *** 421,428 **** --- 426,500 ---- invalid_command(argv[0], "Invalid timeout value.", ""); + par->max_timeout = timeout; par->max_wait_time[par->source_iface] = timeout; }else invalid_command(argv[0], "Invalid option format.",""); + }else if (!strcmp(argv[i], "--min-rtt-timeout")){ + if(i+1<argc){ + int timeout = atoi(argv[i+1]); + i++; + if(!timeout) + invalid_command(argv[0], "Invalid timeout value.", ""); + + par->min_timeout = timeout; + }else + invalid_command(argv[0], "Invalid option format.",""); + + }else if (!strcmp(argv[i], "--ini-rtt-timeout")){ + if(i+1<argc){ + int timeout = atoi(argv[i+1]); + i++; + if(!timeout) + invalid_command(argv[0], "Invalid timeout value.", ""); + + par->ini_timeout = timeout; + }else + invalid_command(argv[0], "Invalid option format.",""); + + }else if (!strcmp(argv[i], "--scan-delay")){ + if(i+1<argc){ + int delay = atoi(argv[i+1]); + i++; + if(!delay) + invalid_command(argv[0], "Invalid delay value.", ""); + + par->scan_delay = delay; + }else + invalid_command(argv[0], "Invalid option format.",""); + + }else if (argv[i][2] == 'T'){ + if (argv[i][3] == '0'){ + par->ini_timeout = OPTION_T0_INI_TIMEOUT; + par->max_timeout = OPTION_T0_MAX_TIMEOUT; + par->min_timeout = OPTION_T0_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T0_MAX_RETRIES; + }else if (argv[i][3] == '1'){ + par->ini_timeout = OPTION_T1_INI_TIMEOUT; + par->max_timeout = OPTION_T1_MAX_TIMEOUT; + par->min_timeout = OPTION_T1_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T1_MAX_RETRIES; + }else if (argv[i][3] == '2'){ + par->ini_timeout = OPTION_T2_INI_TIMEOUT; + par->max_timeout = OPTION_T2_MAX_TIMEOUT; + par->min_timeout = OPTION_T2_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T2_MAX_RETRIES; + }else if (argv[i][3] == '3'){ + par->ini_timeout = OPTION_T3_INI_TIMEOUT; + par->max_timeout = OPTION_T3_MAX_TIMEOUT; + par->min_timeout = OPTION_T3_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T3_MAX_RETRIES; + }else if (argv[i][3] == '4'){ + par->ini_timeout = OPTION_T4_INI_TIMEOUT; + par->max_timeout = OPTION_T4_MAX_TIMEOUT; + par->min_timeout = OPTION_T4_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T4_MAX_RETRIES; + }else if (argv[i][3] == '5'){ + par->ini_timeout = OPTION_T5_INI_TIMEOUT; + par->max_timeout = OPTION_T5_MAX_TIMEOUT; + par->min_timeout = OPTION_T5_MIN_TIMEOUT; + par->max_retries[par->source_iface] = OPTION_T5_MAX_RETRIES; + } + }else invalid_command(argv[0], "Invalid option: ", argv[i]); *************** *** 795,798 **** --- 867,872 ---- stop_sockets(); + int leng = sizeof(icestring); + return 0; } Index: iceparams.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceparams.h,v retrieving revision 1.37 retrieving revision 1.38 diff -C2 -d -r1.37 -r1.38 *** iceparams.h 25 Jan 2007 13:08:31 -0000 1.37 --- iceparams.h 26 Jan 2007 18:24:33 -0000 1.38 *************** *** 18,26 **** // -S0 -ST -SB -SI -SF -SN -SX -SW -SA -SS -SU -SL -SP - #define MAX_RETRIES 8 - #define MAX_PROTOCOL_RETRIES 2 ! #define MAX_WAIT_TIME 1000 //1 second ! #define MIN_TIMEOUT 300 //0.3 second #define ACK_PING_STANDART_PORT 80 --- 18,27 ---- // -S0 -ST -SB -SI -SF -SN -SX -SW -SA -SS -SU -SL -SP ! #define MAX_PROTOCOL_RETRIES 3 ! ! //#define MAX_WAIT_TIME 1000 // 1 second ! //#define INI_TIMEOUT 300 // 0.3 second ! //#define MIN_TIMEOUT 20 // 20ms #define ACK_PING_STANDART_PORT 80 *************** *** 29,32 **** --- 30,69 ---- #define OUTPUT_LEVEL 3 + #define OPTION_T0_MAX_TIMEOUT 3000 + #define OPTION_T0_INI_TIMEOUT 1000 + #define OPTION_T0_MIN_TIMEOUT 20 + #define OPTION_T0_MAX_RETRIES 10 + + #define OPTION_T1_MAX_TIMEOUT 2500 + #define OPTION_T1_INI_TIMEOUT 1000 + #define OPTION_T1_MIN_TIMEOUT 20 + #define OPTION_T1_MAX_RETRIES 8 + + #define OPTION_T2_MAX_TIMEOUT 2000 + #define OPTION_T2_INI_TIMEOUT 800 + #define OPTION_T2_MIN_TIMEOUT 20 + #define OPTION_T2_MAX_RETRIES 8 + + #define OPTION_T3_MAX_TIMEOUT 1500 + #define OPTION_T3_INI_TIMEOUT 500 + #define OPTION_T3_MIN_TIMEOUT 20 + #define OPTION_T3_MAX_RETRIES 6 + + #define OPTION_T4_MAX_TIMEOUT 1250 + #define OPTION_T4_INI_TIMEOUT 500 + #define OPTION_T4_MIN_TIMEOUT 20 + #define OPTION_T4_MAX_RETRIES 6 + + #define OPTION_T5_MAX_TIMEOUT 300 + #define OPTION_T5_INI_TIMEOUT 250 + #define OPTION_T5_MIN_TIMEOUT 50 + #define OPTION_T5_MAX_RETRIES 2 + + #define MAX_WAIT_TIME OPTION_T3_MAX_TIMEOUT // 1 second + #define INI_TIMEOUT OPTION_T3_INI_TIMEOUT // 0.3 second + #define MIN_TIMEOUT OPTION_T3_MIN_TIMEOUT // 20ms + + #define MAX_RETRIES OPTION_T3_MAX_RETRIES + class iceparams{ *************** *** 122,125 **** --- 159,166 ---- bool badchksum; + + // Timing and performance + u_int max_timeout,ini_timeout,min_timeout; + u_int scan_delay; // Scan Port Range *************** *** 186,189 **** --- 227,234 ---- scan_type = UNKNOWN_SCAN; + ini_timeout = INI_TIMEOUT; + max_timeout = MAX_WAIT_TIME; + min_timeout = MIN_TIMEOUT; + sim_connects = 25; source_port = 0; *************** *** 207,210 **** --- 252,257 ---- random_len = 0; + + scan_delay = 0; ip_options = NONE; Index: csubtarget.h =================================================================== RCS file: /cvsroot/icescan/IceScan/csubtarget.h,v retrieving revision 1.30 retrieving revision 1.31 diff -C2 -d -r1.30 -r1.31 *** csubtarget.h 25 Jan 2007 14:13:15 -0000 1.30 --- csubtarget.h 26 Jan 2007 18:24:33 -0000 1.31 *************** *** 151,154 **** --- 151,156 ---- icestring mac; + int route_host; + csubtarget(icestring hostname, icestring reverse_hostname, iceparams *par){ this->hostname.assign(hostname); *************** *** 158,164 **** discovered = false; if(par->root() && !par->source_iface){ ! iface = par->r->route(hostname, source_ip); CERR(7, "Routing for " << hostname << " returned source interface " << iface << "."); --- 160,168 ---- discovered = false; + route_host = crouter::ROUTE_UNKNOWN; + if(par->root() && !par->source_iface){ ! iface = par->r->route(hostname, source_ip, route_host); CERR(7, "Routing for " << hostname << " returned source interface " << iface << "."); Index: caengine.h =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.h,v retrieving revision 1.28 retrieving revision 1.29 diff -C2 -d -r1.28 -r1.29 *** caengine.h 25 Jan 2007 13:08:31 -0000 1.28 --- caengine.h 26 Jan 2007 18:24:33 -0000 1.29 *************** *** 32,36 **** #define TIMEOUT_MULTIPLIER 2.5f ! #define RTT_ALPHA 0.9f //UGLY, pls set REAL FD_SETSIZE --- 32,36 ---- #define TIMEOUT_MULTIPLIER 2.5f ! #define RTT_ALPHA 0.90f //UGLY, pls set REAL FD_SETSIZE *************** *** 63,67 **** int max_socks; int min_max_timeout; ! int max_packets, max_target_packets; int free_socks; fd_set fd_r, fd_w, fd_x; --- 63,70 ---- int max_socks; int min_max_timeout; ! ! std::map<int,int> max_packets; ! ! int max_target_packets; int free_socks; fd_set fd_r, fd_w, fd_x; *************** *** 97,101 **** to_discover = 0; cudp = NULL; ! pcaps.push_back(NULL); ack_ping_discovery = false; syn_ping_discovery = false; --- 100,104 ---- to_discover = 0; cudp = NULL; ! //pcaps.push_back(NULL); ack_ping_discovery = false; syn_ping_discovery = false; *************** *** 111,116 **** max_socks = free_socks = ICE_FD_SETSIZE; min_max_timeout = MIN_TIMEOUT; ! max_packets = MAX_PACKETS; ! max_target_packets = max_packets; targets = 0; packets = 0; --- 114,119 ---- max_socks = free_socks = ICE_FD_SETSIZE; min_max_timeout = MIN_TIMEOUT; ! //max_packets = MAX_PACKETS; ! //max_target_packets = max_packets; targets = 0; packets = 0; Index: caengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.cc,v retrieving revision 1.19 retrieving revision 1.20 diff -C2 -d -r1.19 -r1.20 *** caengine.cc 25 Jan 2007 14:13:16 -0000 1.19 --- caengine.cc 26 Jan 2007 18:24:33 -0000 1.20 *************** *** 63,69 **** init(); ! while(! send_attempts()){ ! iceusleep(50); ! recieve_attempts(200); } --- 63,70 ---- init(); ! while(!send_attempts()){ ! iceusleep(5); ! recieve_attempts(5); ! //iceusleep(50); } *************** *** 97,123 **** // RTT Jacobson formula if (c->max_timeout){ rtt_temp = (rtt * (1.0f - RTT_ALPHA)) + (RTT_ALPHA * c->max_timeout); ! c->max_timeout = (rtt_temp);// * TIMEOUT_MULTIPLIER ! ! if (c->max_retries && old_to){ ! div = ((float)c->max_timeout / (float)old_to); ! if (div > 0.1f) ! if (div > 1.0f) ! c->max_retries += (int) (MAX_RETRIES) * (div - 1.0f); ! else ! c->max_retries -= (int) (MAX_RETRIES) * (1.0f - div); ! } }else ! c->max_timeout = (long)(rtt * 1.2f); ! if (c->max_retries > MAX_RETRIES) ! c->max_retries = MAX_RETRIES; ! else if (c->max_retries < 1) ! c->max_retries = 1; ! ! //c->max_retries = 8; ! //c->max_timeout = 200; ! //DBGOUTPUT(rtt << " Adjusting rtt_timeout to " << c->max_timeout << " max_retries to " << c->max_retries); //if(SUB_TIMEVALS(tv_f, tv_s) < MIN_TIMEOUT && attempts == 1 && c->max_retries > 1){ --- 98,120 ---- // RTT Jacobson formula if (c->max_timeout){ + if (rtt < c->max_timeout) rtt_temp = (rtt * (1.0f - RTT_ALPHA)) + (RTT_ALPHA * c->max_timeout); ! else ! rtt_temp = rtt; ! ! c->max_timeout = rtt_temp; }else ! c->max_timeout = par.ini_timeout; // set to the initial time_out ! //check the min timeout allowed ! if (c->max_timeout < par.min_timeout) ! c->max_timeout = par.min_timeout; ! //check the max timeout allowed ! if (c->max_timeout > par.max_timeout) ! c->max_timeout = par.max_timeout; ! c->max_retries = par.max_retries[par.source_iface]; ! ! // DBGOUTPUT(rtt << " Adjusting rtt_timeout to " << c->max_timeout << " max_retries to " << c->max_retries); //if(SUB_TIMEVALS(tv_f, tv_s) < MIN_TIMEOUT && attempts == 1 && c->max_retries > 1){ *************** *** 144,154 **** //initiaing target _*cst_ for scan or discovery void caengine::init_target(csubtarget *cst){ if(par.no_host_discovery){ cst->discovered = true; cst->discovering = false; } - - //DBGOUTPUT("init_target"); - if(cst->discovered){ if(par.scan_type == NO_SCAN) return; --- 141,159 ---- //initiaing target _*cst_ for scan or discovery void caengine::init_target(csubtarget *cst){ + + cst->max_timeout = par.ini_timeout; + + if (cst->route_host == crouter::ROUTE_LAN){ + /// adjust parameters for lan + + }else if (cst->route_host == crouter::ROUTE_OTHER){ + /// adjust parameters for internet + + } + if(par.no_host_discovery){ cst->discovered = true; cst->discovering = false; } if(cst->discovered){ if(par.scan_type == NO_SCAN) return; *************** *** 156,161 **** cst->scan_probes.clear(); ! if(!par.max_retries[cst->iface]) par.max_retries[cst->iface] = MAX_RETRIES; ! if(!par.max_wait_time[cst->iface]) par.max_wait_time[cst->iface] = MAX_WAIT_TIME; if(!cst->discovered && cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery ){ --- 161,169 ---- cst->scan_probes.clear(); ! ! if(!par.max_retries[cst->iface]) ! par.max_retries[cst->iface] = MAX_RETRIES; ! if(!par.max_wait_time[cst->iface]) ! par.max_wait_time[cst->iface] = MAX_WAIT_TIME; if(!cst->discovered && cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery ){ *************** *** 230,234 **** for(int i = 0; i<par.used_ifaces.size(); i++){ cpcapreader *pc = new cpcapreader(par.used_ifaces[i], false); ! cde.pcaps.push_back(pc); } --- 238,250 ---- for(int i = 0; i<par.used_ifaces.size(); i++){ cpcapreader *pc = new cpcapreader(par.used_ifaces[i], false); ! cde.pcaps.push_back(pc); ! ! ! u_long speed_iface = pc->get_speed_device(); ! ! if (!par.scan_delay) ! cde.max_packets.insert(std::make_pair(par.used_ifaces[i],(speed_iface?(int)((speed_iface / 12000) * 0.1f):MAX_PACKETS))); ! else ! cde.max_packets.insert(std::make_pair(par.used_ifaces[i],(int)(1000 / par.scan_delay))); } *************** *** 252,257 **** if (setsockopt (cde.r2->get_socketid(), IPPROTO_IP, IP_HDRINCL, (char *) &val, sizeof (one)) != 0) err_die("setsockopt() HDRINCL", false); ! } ! if(cde.tcp_raw_scan || cde.syn_ping_discovery || cde.fin_ping_discovery){ --- 268,274 ---- if (setsockopt (cde.r2->get_socketid(), IPPROTO_IP, IP_HDRINCL, (char *) &val, sizeof (one)) != 0) err_die("setsockopt() HDRINCL", false); ! }else{ ! cde.max_packets.insert(std::make_pair(0,MAX_PACKETS)); ! } if(cde.tcp_raw_scan || cde.syn_ping_discovery || cde.fin_ping_discovery){ *************** *** 316,328 **** bool stop = true; struct timeval tv; ! if(cde.targets > 0){ ! cde.max_target_packets = cde.max_packets/cde.targets; ! if(cde.max_target_packets == 0) ! cde.max_target_packets = 1; ! }else cde.max_target_packets = cde.max_packets; for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ ! cde.packets = 0; if(par.scan_type == LIST_SCAN && (*i).second->discovered && !((*i).second->scans_done & LST_SCAN)){ --- 333,360 ---- bool stop = true; struct timeval tv; + static timeval tv_last; ! //if(cde.targets > 0){ ! // cde.max_target_packets = cde.max_packets;///cde.targets ! // if(cde.max_target_packets == 0) ! // cde.max_target_packets = 1; ! //}else ! // cde.max_target_packets = cde.max_packets / 2; ! ! for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ ! gettimeofday(&tv, NULL); ! ! cde.max_target_packets = cde.max_packets[(*i).second->iface]; ! ! u_long timediff = SUB_TIMEVALS(tv,tv_last) / 1000; ! if (timediff >= 1000){ ! cde.packets = 0; ! gettimeofday(&tv_last, NULL); ! }else if (cde.packets >= cde.max_target_packets){ ! stop = false; ! break; ! } if(par.scan_type == LIST_SCAN && (*i).second->discovered && !((*i).second->scans_done & LST_SCAN)){ *************** *** 339,354 **** if(!(*i).second->discovered && !(*i).second->discovering) continue; ! gettimeofday(&tv, NULL); //// Send the attempt for IP protocol scan if (!((*i).second->scans_done & IPP_SCAN) && cde.protocol_scan && (*i).second->discovered){ //// the output will be printed in send_protocols_attempts when we'll have no attempts to send ! stop = send_protocol_attemps((*i).second, tv); ! } //// Send the attempt for netbios scan if(!((*i).second->scans_done & NBT_SCAN) && par.netbios_scan && (*i).second->discovered){ //// the output will be printed in recieve_netbios_attempts when we receive the reply ! stop = send_netbios_attempts((*i).second, tv); } --- 371,386 ---- if(!(*i).second->discovered && !(*i).second->discovering) continue; ! //// Send the attempt for IP protocol scan if (!((*i).second->scans_done & IPP_SCAN) && cde.protocol_scan && (*i).second->discovered){ //// the output will be printed in send_protocols_attempts when we'll have no attempts to send ! stop &= send_protocol_attemps((*i).second, tv); ! } //// Send the attempt for netbios scan if(!((*i).second->scans_done & NBT_SCAN) && par.netbios_scan && (*i).second->discovered){ //// the output will be printed in recieve_netbios_attempts when we receive the reply ! stop &= send_netbios_attempts((*i).second, tv); } *************** *** 528,532 **** set_port_status(c, (*j).first, get_no_response_status()); stop = false; ! }else if(cde.packets <= cde.max_target_packets){ stop = false; --- 560,564 ---- set_port_status(c, (*j).first, get_no_response_status()); stop = false; ! }else if(cde.packets < cde.max_target_packets){ stop = false; *************** *** 544,552 **** cde.packets++; ! //iceusleep(1); ! }else if (cde.packets > cde.max_target_packets) break; }else ! stop = false; } --- 576,585 ---- cde.packets++; ! }else if (cde.packets >= cde.max_target_packets){ ! stop = false; break; + } }else ! stop = false; } *************** *** 608,611 **** --- 641,645 ---- c->scan_netbios_probe.attempt++; }else{ + c->scans_done = 1; out << "No response from " << c->hostname << ": may be no NetBIOS service exists on host.\n"; } *************** *** 948,952 **** #endif out << text_output; ! out.show_results(subtargets[addr],iceoutput::RESULT_NETBIOS); } --- 982,986 ---- #endif out << text_output; ! //out.show_results(subtargets[addr],iceoutput::RESULT_NETBIOS); } *************** *** 1120,1126 **** ip = (struct iphdr *) response; - sa.sin_addr.s_addr = ip->saddr; - addr.assign(inet_ntoa(sa.sin_addr)); --- 1154,1158 ---- *************** *** 1251,1255 **** u_long sub_time = SUB_TIMEVALS(tv_now,time_before) / 1000; ! u_long max_time = (par.max_wait_time[par.source_iface] ? par.max_wait_time[par.source_iface] : ( max_time_out ? (MAX_WAIT_TIME) : max_time_out )); //return true; --- 1283,1287 ---- u_long sub_time = SUB_TIMEVALS(tv_now,time_before) / 1000; ! u_long max_time = (!par.max_timeout ? par.max_timeout : ( !max_time_out ? (MAX_WAIT_TIME) : (max_time_out) )); //return true; |
|
From: ruttino <ru...@us...> - 2007-01-26 18:24:36
|
Update of /cvsroot/icescan/IceScan/icesockets In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv1330/icesockets Modified Files: cpcapreader.h crouter.h Log Message: RTT timeouts expiring and options like --rtt-max_timeout/min_timeout/ini_timeout --scan-delay Index: cpcapreader.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/cpcapreader.h,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** cpcapreader.h 14 Jan 2007 09:52:29 -0000 1.12 --- cpcapreader.h 26 Jan 2007 18:24:33 -0000 1.13 *************** *** 20,23 **** --- 20,26 ---- pcap_t* p; + /// LINK TYPE OF THE INTERFACE + int link_type; + public: *************** *** 26,30 **** pcap_block(p, block); ! if(filter_exp) pcap_filter(p, filter_exp); } --- 29,37 ---- pcap_block(p, block); ! if(filter_exp) ! pcap_filter(p, filter_exp); ! ! /// get LINK TYPE OF THE INTERFACE ! link_type = pcap_datalink(p); } *************** *** 37,40 **** --- 44,72 ---- } + u_long get_speed_device(){ + u_long out = 0; + + switch(link_type){ + case DLT_EN10MB: /* Ethernet (10Mb) */ + out = 10000000; + break; + case DLT_EN3MB: /* Experimental Ethernet (3Mb) */ + out = 30000000; + break; + case DLT_AX25: /* Amateur Radio AX.25 */ + case DLT_PRONET: /* Proteon ProNET Token Ring */ + case DLT_CHAOS: /* Chaos */ + case DLT_IEEE802: /* IEEE 802 Networks */ + case DLT_ARCNET: /* ARCNET, with BSD-style header */ + case DLT_FDDI: /* FDDI */ + case DLT_RAW: /* raw IP */ + case DLT_IEEE802_11: /* IEEE 802.11 wireless */ + out = 11000000; /* a/b/g */ + case DLT_FRELAY: + break; + } + return out; + } + void block(bool block){ pcap_block(p, block); Index: crouter.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/crouter.h,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** crouter.h 18 Jan 2007 17:09:02 -0000 1.10 --- crouter.h 26 Jan 2007 18:24:33 -0000 1.11 *************** *** 26,29 **** --- 26,31 ---- public: + enum ROUTE_TYPE {ROUTE_UNKNOWN = 0,ROUTE_LAN,ROUTE_LOOPBACK,ROUTE_OTHER}; + crouter(std::map <int, struct net_interface> &i) : ifaces(i){ local_interface = 0; *************** *** 42,46 **** //make routing procedure for destination ip //returns iface number and source ip ! int route(const icestring &dst, icestring &src){ struct sockaddr_in dip; --- 44,48 ---- //make routing procedure for destination ip //returns iface number and source ip ! int route(const icestring &dst, icestring &src,int& type_route){ struct sockaddr_in dip; *************** *** 65,68 **** --- 67,72 ---- src.assign(dst); + type_route = crouter::ROUTE_LOOPBACK; + return local_interface ? local_interface : (*i).first; } *************** *** 71,74 **** --- 75,80 ---- src.assign((*i).second.ip); + + type_route = crouter::ROUTE_LAN; return (*i).first; *************** *** 94,97 **** --- 100,105 ---- src.assign(ifaces[routes[j].iface].ip); + type_route = crouter::ROUTE_OTHER; + return routes[j].iface; } |
|
From: arkaino <ar...@us...> - 2007-01-25 19:27:10
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv17434 Modified Files: icescan.cc Log Message: minimal comment fix Index: icescan.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.cc,v retrieving revision 1.38 retrieving revision 1.39 diff -C2 -d -r1.38 -r1.39 *** icescan.cc 25 Jan 2007 13:08:31 -0000 1.38 --- icescan.cc 25 Jan 2007 19:06:27 -0000 1.39 *************** *** 121,130 **** if(re.match(target)){ ! std::vector<icestring> ips; icestring ip(target); // pools for ip ranges.. - std::vector<int> tmp; std::vector<std::vector<int> > pools; - int from, to; icestring range=""; --- 121,129 ---- if(re.match(target)){ ! std::vector<icestring> ips; icestring ip(target); + std::vector<int> tmp; // pools for ip ranges.. std::vector<std::vector<int> > pools; int from, to; icestring range=""; |
|
From: Alexander B. <da...@us...> - 2007-01-25 16:16:56
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv15072 Modified Files: INSTALL.win32 Log Message: Index: INSTALL.win32 =================================================================== RCS file: /cvsroot/icescan/IceScan/INSTALL.win32,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** INSTALL.win32 24 Dec 2006 19:45:55 -0000 1.1 --- INSTALL.win32 25 Jan 2007 16:16:48 -0000 1.2 *************** *** 0 **** --- 1,12 ---- + IceScan Win32 building instructions draft. + + To compile them under VC2005 you'll need: + + - WinPCAP (http://www.winpcap.org/install/bin/WinPcap_3_1.exe) + - WinPCAP developers pack (http://www.winpcap.org/install/bin/WpdPack_3_1.zip) + - Latest compiled LibPcre package (get sources at pcre.org). + - Latest compiled dnet package (you can get dne-strpped from + sources of Nmap (insecure.org/nmap ; download sources and extract libdnet-strpped + folder from them). + + Project solution is in vccproject folder. |
|
From: Alexander B. <da...@us...> - 2007-01-25 16:16:54
|
Update of /cvsroot/icescan/IceScan/nbproject In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv15072/nbproject Modified Files: Makefile-Default.mk configurations.xml Log Message: Index: Makefile-Default.mk =================================================================== RCS file: /cvsroot/icescan/IceScan/nbproject/Makefile-Default.mk,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** Makefile-Default.mk 18 Jan 2007 21:29:42 -0000 1.6 --- Makefile-Default.mk 25 Jan 2007 16:16:49 -0000 1.7 *************** *** 24,27 **** --- 24,28 ---- OBJECTFILES= \ build/Default/GNU-Linux-x86/icesockets/sock_win.o \ + build/Default/GNU-Linux-x86/icesockets/sock_utils.o \ build/Default/GNU-Linux-x86/caengine.o \ build/Default/GNU-Linux-x86/ctargets.o \ *************** *** 54,57 **** --- 55,62 ---- $(COMPILE.cc) -g -o build/Default/GNU-Linux-x86/icesockets/sock_win.o icesockets/sock_win.cc + build/Default/GNU-Linux-x86/icesockets/sock_utils.o: icesockets/sock_utils.cc + ${MKDIR} -p build/Default/GNU-Linux-x86/icesockets + $(COMPILE.cc) -g -o build/Default/GNU-Linux-x86/icesockets/sock_utils.o icesockets/sock_utils.cc + build/Default/GNU-Linux-x86/caengine.o: caengine.cc ${MKDIR} -p build/Default/GNU-Linux-x86 Index: configurations.xml =================================================================== RCS file: /cvsroot/icescan/IceScan/nbproject/configurations.xml,v retrieving revision 1.18 retrieving revision 1.19 diff -C2 -d -r1.18 -r1.19 *** configurations.xml 18 Jan 2007 21:29:42 -0000 1.18 --- configurations.xml 25 Jan 2007 16:16:49 -0000 1.19 *************** *** 14,22 **** <itemPath>icesockets/queue.h</itemPath> <itemPath>icesockets/sock_err.h</itemPath> - <itemPath>icesockets/sock_name.cc</itemPath> <itemPath>icesockets/sock_name.h</itemPath> <itemPath>icesockets/sock_types.h</itemPath> ! <itemPath>icesockets/sock_win.cc</itemPath> <itemPath>icesockets/sock_win.h</itemPath> </logicalFolder> <logicalFolder name="ExternalFiles" --- 14,24 ---- <itemPath>icesockets/queue.h</itemPath> <itemPath>icesockets/sock_err.h</itemPath> <itemPath>icesockets/sock_name.h</itemPath> + <itemPath>icesockets/sock_name.cc</itemPath> <itemPath>icesockets/sock_types.h</itemPath> ! <itemPath>icesockets/sock_utils.h</itemPath> ! <itemPath>icesockets/sock_utils.cc</itemPath> <itemPath>icesockets/sock_win.h</itemPath> + <itemPath>icesockets/sock_win.cc</itemPath> </logicalFolder> <logicalFolder name="ExternalFiles" *************** *** 31,51 **** <itemPath>icescan.1</itemPath> <itemPath>ieee-oui.txt</itemPath> - <itemPath>INSTALL.win32</itemPath> - <itemPath>INSTALL.conf</itemPath> <itemPath>INSTALL</itemPath> <itemPath>Makefile.am</itemPath> <itemPath>NEWS</itemPath> <itemPath>README</itemPath> <itemPath>services</itemPath> <itemPath>TODO</itemPath> </logicalFolder> - <itemPath>caengine.cc</itemPath> <itemPath>caengine.h</itemPath> <itemPath>cfingerprint.h</itemPath> - <itemPath>cpengine.h</itemPath> <itemPath>cpengine.cc</itemPath> <itemPath>csubtarget.h</itemPath> - <itemPath>ctargets.h</itemPath> <itemPath>ctargets.cc</itemPath> <itemPath>defwin.h</itemPath> <itemPath>icedbs.h</itemPath> --- 33,54 ---- <itemPath>icescan.1</itemPath> <itemPath>ieee-oui.txt</itemPath> <itemPath>INSTALL</itemPath> + <itemPath>INSTALL.conf</itemPath> + <itemPath>INSTALL.win32</itemPath> <itemPath>Makefile.am</itemPath> <itemPath>NEWS</itemPath> + <itemPath>protocols</itemPath> <itemPath>README</itemPath> <itemPath>services</itemPath> <itemPath>TODO</itemPath> </logicalFolder> <itemPath>caengine.h</itemPath> + <itemPath>caengine.cc</itemPath> <itemPath>cfingerprint.h</itemPath> <itemPath>cpengine.cc</itemPath> + <itemPath>cpengine.h</itemPath> <itemPath>csubtarget.h</itemPath> <itemPath>ctargets.cc</itemPath> + <itemPath>ctargets.h</itemPath> <itemPath>defwin.h</itemPath> <itemPath>icedbs.h</itemPath> *************** *** 90,96 **** <itemTool>3</itemTool> </item> - <item path="icesockets/crawsocket.h"> - <itemTool>3</itemTool> - </item> <item path="nbt_wrapper.h"> <itemTool>3</itemTool> --- 93,96 ---- *************** *** 172,178 **** <itemTool>3</itemTool> </item> - <item path="icesockets/sock_types.h"> - <itemTool>3</itemTool> - </item> <item path="icesockets/crouter.h"> <itemTool>3</itemTool> --- 172,175 ---- *************** *** 181,184 **** --- 178,187 ---- <itemTool>3</itemTool> </item> + <item path="icesockets/crawsocket.h"> + <itemTool>3</itemTool> + </item> + <item path="icesockets/sock_types.h"> + <itemTool>3</itemTool> + </item> <item path="icescan.cc"> <itemTool>1</itemTool> *************** *** 186,189 **** --- 189,200 ---- </ccCompilerTool> </item> + <item path="icesockets/sock_utils.cc"> + <itemTool>1</itemTool> + <ccCompilerTool> + </ccCompilerTool> + </item> + <item path="icesockets/sock_utils.h"> + <itemTool>3</itemTool> + </item> </conf> </confs> |
|
From: arkaino <ar...@us...> - 2007-01-25 14:21:51
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv32674 Modified Files: TODO Log Message: final test Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.52 retrieving revision 1.53 diff -C2 -d -r1.52 -r1.53 *** TODO 25 Jan 2007 14:13:15 -0000 1.52 --- TODO 25 Jan 2007 14:21:46 -0000 1.53 *************** *** 8,12 **** ############################################################# - What should be in IceScan version 0.10: ([ ] - not done; [_] - partially done; [*] - seems to be working; [+] - completely done) --- 8,11 ---- |
|
From: Alexander B. <da...@us...> - 2007-01-25 14:13:22
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv29302 Modified Files: TODO csubtarget.h iceoutput.h nbt_wrapper.h caengine.cc Log Message: Yet another code cleaning and bug fixing in active engine. Index: csubtarget.h =================================================================== RCS file: /cvsroot/icescan/IceScan/csubtarget.h,v retrieving revision 1.29 retrieving revision 1.30 diff -C2 -d -r1.29 -r1.30 *** csubtarget.h 25 Jan 2007 13:08:31 -0000 1.29 --- csubtarget.h 25 Jan 2007 14:13:15 -0000 1.30 *************** *** 193,197 **** scans_to_be_done = scans_done = 0; ! if(par->scan_type != NO_SCAN) scans_to_be_done += TCP_SCAN; --- 193,197 ---- scans_to_be_done = scans_done = 0; ! if(par->scan_type != NO_SCAN && par->scan_type != UNKNOWN_SCAN) scans_to_be_done += TCP_SCAN; Index: nbt_wrapper.h =================================================================== RCS file: /cvsroot/icescan/IceScan/nbt_wrapper.h,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** nbt_wrapper.h 25 Jan 2007 13:08:31 -0000 1.8 --- nbt_wrapper.h 25 Jan 2007 14:13:16 -0000 1.9 *************** *** 106,111 **** u16 iframe_transmit_errors; u16 no_receive_buffer; ! u16 tl_timeouts; ! u16 ti_timeouts; u16 free_ncbs; u16 ncbs; --- 106,111 ---- u16 iframe_transmit_errors; u16 no_receive_buffer; ! u16 tl_timeout_text; ! u16 ti_timeout_text; u16 free_ncbs; u16 ncbs; *************** *** 203,207 **** int v_print_hostinfo(const char *hostname, const struct nb_host_info* hostinfo, ! int v, icestring &nb1, icestring &nb2) { int i, unique; u8 service; --- 203,207 ---- int v_print_hostinfo(const char *hostname, const struct nb_host_info* hostinfo, ! int v, icestring *nb1, icestring *nb2) { int i, unique; u8 service; *************** *** 209,227 **** char* sname; char buffer[256]; ! std::ostringstream outs; ! std::ostringstream outssec; ! Bzero(buffer, 256); //printf("NetBIOS Name Table for %s:\n", hostname); ! outs << "NetBIOS Name Table for "<< hostname <<":\n"; ! if (outssec) ! outssec << "Host:"<< hostname; if(hostinfo->is_broken && !v){ ! outs << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long.\n"; ! if (outssec) ! outssec << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long. "; } //printf("Incomplete packet, %d bytes long.\n", hostinfo->is_broken); --- 209,230 ---- char* sname; char buffer[256]; ! std::ostringstream out_text; ! std::ostringstream out_grep; ! ! if(nb2) ! out_grep.str().assign(*nb2); ! Bzero(buffer, 256); //printf("NetBIOS Name Table for %s:\n", hostname); ! out_text << "NetBIOS Name Table for "<< hostname <<":\n"; ! if (nb2) ! out_grep << "Host:"<< hostname; if(hostinfo->is_broken && !v){ ! out_text << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long.\n"; ! if (nb2) ! out_grep << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long. "; } //printf("Incomplete packet, %d bytes long.\n", hostinfo->is_broken); *************** *** 231,238 **** else sprintf(buffer,"%-17s%-17s\n", "Name", "Service"); ! outs << buffer; ! if (outssec) ! outssec << " NetBios Services:"; if(hostinfo->header && hostinfo->names) { --- 234,241 ---- else sprintf(buffer,"%-17s%-17s\n", "Name", "Service"); ! out_text << buffer; ! if(nb2) ! out_grep << " NetBios Services:"; if(hostinfo->header && hostinfo->names) { *************** *** 248,267 **** sprintf(buffer,"%-17s", name); ! outs << buffer; ! if (outssec) ! outssec << name << "/"; if(v){ ! sprintf(buffer,"%s\n", (char*)getnbservicename(service, unique, name)); ! if (outssec) ! outssec << getnbservicename(service, unique, name)<< ","; //printf("%s\n", (char*)getnbservicename(service, unique, name)); }else{ sprintf(buffer,"<%02x>", service); ! outs << buffer; ! if (outssec) ! outssec << buffer<< "//"; //printf("<%02x>", service); if(unique) --- 251,270 ---- sprintf(buffer,"%-17s", name); ! out_text << buffer; ! if(nb2) ! out_grep << name << "/"; if(v){ ! sprintf(buffer,"%s\n", (char*)getnbservicename(service, unique, name)); ! if(nb2) ! out_grep << getnbservicename(service, unique, name)<< ","; //printf("%s\n", (char*)getnbservicename(service, unique, name)); }else{ sprintf(buffer,"<%02x>", service); ! out_text << buffer; ! if(nb2) ! out_grep << buffer<< "//"; //printf("<%02x>", service); if(unique) *************** *** 271,289 **** sprintf(buffer," GROUP\n"); //printf(" GROUP\n"); ! if (outssec) ! outssec << buffer<< ","; } ! outs << buffer; } } ! outs << "\n"; ! if (outssec) ! outssec << "\n"; - nb1 = outs.str(); - nb2 = outssec.str(); - return 1; } --- 274,294 ---- sprintf(buffer," GROUP\n"); //printf(" GROUP\n"); ! if(nb2) ! out_grep << buffer<< ","; } ! out_text << buffer; } } ! out_text << "\n"; ! if(nb2) ! out_grep << "\n"; ! ! nb1->assign(out_text.str()); ! ! if(nb2) ! nb2->assign(out_grep.str()); return 1; } *************** *** 463,473 **** offset+=sizeof(response_footer->no_receive_buffer); ! if( offset+sizeof(response_footer->tl_timeouts) >= buffsize) { hostinfo->is_broken = offset; return hostinfo; } ! response_footer->tl_timeouts = get16(buff+offset); ! offset+=sizeof(response_footer->tl_timeouts); ! if( offset+sizeof(response_footer->ti_timeouts) >= buffsize) { hostinfo->is_broken = offset; return hostinfo; } ! response_footer->ti_timeouts = get16(buff+offset); ! offset+=sizeof(response_footer->ti_timeouts); if( offset+sizeof(response_footer->free_ncbs) >= buffsize) { hostinfo->is_broken = offset; return hostinfo; } --- 468,478 ---- offset+=sizeof(response_footer->no_receive_buffer); ! if( offset+sizeof(response_footer->tl_timeout_text) >= buffsize) { hostinfo->is_broken = offset; return hostinfo; } ! response_footer->tl_timeout_text = get16(buff+offset); ! offset+=sizeof(response_footer->tl_timeout_text); ! if( offset+sizeof(response_footer->ti_timeout_text) >= buffsize) { hostinfo->is_broken = offset; return hostinfo; } ! response_footer->ti_timeout_text = get16(buff+offset); ! offset+=sizeof(response_footer->ti_timeout_text); if( offset+sizeof(response_footer->free_ncbs) >= buffsize) { hostinfo->is_broken = offset; return hostinfo; } Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.51 retrieving revision 1.52 diff -C2 -d -r1.51 -r1.52 *** TODO 25 Jan 2007 14:04:36 -0000 1.51 --- TODO 25 Jan 2007 14:13:15 -0000 1.52 *************** *** 3,12 **** CRITICAL BUGS ############# ! 1) broken tcp raw scan (too-fast rtts and timeout expiring) ! 2) Non-working connect() + ip protocol/netbios scans ! 3) Non-working grepable output for protocol scan. ! 4) Fix netBIOS scan architecture (meanwhile, output). ! 5) discovery attempts sending too fast. ! 6) rtt engine, rtt engine, rtt engine... ############################################################# --- 3,9 ---- CRITICAL BUGS ############# ! 1) broken tcp raw scan (too-fast rtts and timeout expiring); ! discovery attempts sending too fast; rtt engine, rtt engine, rtt engine... ! 2) Non-working connect() + ip protocol scan ############################################################# *************** *** 79,84 **** I33 + Decoys (-D) I67 + IP options (R, T, U, S, L) ! I74 * Non-working connect() + protocols scan ! I75 * fix output in NetBIOS scan -- Exploiting -- --- 76,81 ---- I33 + Decoys (-D) I67 + IP options (R, T, U, S, L) ! I74 * Non-working connect() + protocol scan ! I75 * fix output in NetBIOS scan: strange " none detected" message. -- Exploiting -- *************** *** 124,128 **** I53 + -oT [filename] - troff output I68 + --open - after scanning, forces IceScan to show only open ports - I76 * fix grepable output with protocol scan I77 + add grepable output for NetBIOS scan --- 121,124 ---- Index: caengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.cc,v retrieving revision 1.18 retrieving revision 1.19 diff -C2 -d -r1.18 -r1.19 *** caengine.cc 25 Jan 2007 13:08:31 -0000 1.18 --- caengine.cc 25 Jan 2007 14:13:16 -0000 1.19 *************** *** 936,942 **** if(subtargets.find(addr) != subtargets.end()){ hostinfo = (struct nb_host_info *)cnbt.parse_response(message, size); cnbt.v_print_hostinfo(subtargets[addr]->hostname.c_str(), hostinfo, ! !par.verbose, subtargets[addr]->text_output, ! subtargets[addr]->grep_output); subtargets[addr]->scans_done |= NBT_SCAN; --- 936,943 ---- if(subtargets.find(addr) != subtargets.end()){ hostinfo = (struct nb_host_info *)cnbt.parse_response(message, size); + icestring text_output; cnbt.v_print_hostinfo(subtargets[addr]->hostname.c_str(), hostinfo, ! !par.verbose, &(text_output), ! &(subtargets[addr]->grep_output)); subtargets[addr]->scans_done |= NBT_SCAN; *************** *** 946,950 **** subtargets[addr]->mac = get_arp_from_cache(subtargets[addr]->hostname); #endif ! out.show_results(subtargets[addr],iceoutput::RESULT_NETBIOS); --- 947,951 ---- subtargets[addr]->mac = get_arp_from_cache(subtargets[addr]->hostname); #endif ! out << text_output; out.show_results(subtargets[addr],iceoutput::RESULT_NETBIOS); Index: iceoutput.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceoutput.h,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** iceoutput.h 25 Jan 2007 13:08:31 -0000 1.13 --- iceoutput.h 25 Jan 2007 14:13:15 -0000 1.14 *************** *** 277,281 **** out_grep << "Host: " << " "<< str_type_scan <<": "; } ! } /// end if (res_type != RESULT_NETBIOS) if((c->scan_probes.size() || c->scan_protocols.size()) && (res_type == RESULT_PORTS || res_type == RESULT_PROTOCOLS)){ --- 277,281 ---- out_grep << "Host: " << " "<< str_type_scan <<": "; } ! } if((c->scan_probes.size() || c->scan_protocols.size()) && (res_type == RESULT_PORTS || res_type == RESULT_PROTOCOLS)){ *************** *** 353,359 **** if(outs[GREP].exists){ icestring gs = grep.str(); ! ! DBGOUTPUT(gs); ! trim(gs, ','); --- 353,357 ---- if(outs[GREP].exists){ icestring gs = grep.str(); ! trim(gs, ','); *************** *** 361,372 **** } - }else if (res_type == RESULT_NETBIOS){ - /// out the netbios results - //std::string strc = c->output_buffer_netbios.str(); - //out << c->output_buffer_netbios.str(); - - //if(outs[GREP].exists) - // out_grep << c->output_buffer_netbios_secondary.str(); - }else{ /// no results --- 359,362 ---- |
|
From: arkaino <ar...@us...> - 2007-01-25 14:04:41
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv25728 Modified Files: TODO Log Message: testing 2 Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.50 retrieving revision 1.51 diff -C2 -d -r1.50 -r1.51 *** TODO 25 Jan 2007 13:56:48 -0000 1.50 --- TODO 25 Jan 2007 14:04:36 -0000 1.51 *************** *** 32,35 **** --- 32,36 ---- ################################################################################################################ + Reference: "+" - new item |
|
From: arkaino <ar...@us...> - 2007-01-25 13:52:21
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv21116 Modified Files: TODO Log Message: testing Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.48 retrieving revision 1.49 diff -C2 -d -r1.48 -r1.49 *** TODO 25 Jan 2007 13:08:31 -0000 1.48 --- TODO 25 Jan 2007 13:52:19 -0000 1.49 *************** *** 1,4 **** IceScan ToDo: - CRITICAL BUGS ############# --- 1,3 ---- |
|
From: Alexander B. <da...@us...> - 2007-01-25 13:08:35
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv3876 Modified Files: TODO cpengine.cc nbt_wrapper.h caengine.cc .cvsignore caengine.h iceparams.h csubtarget.h iceoutput.h icescan.cc Log Message: Redesigned Ugly structure ofmultiple scan that was implemented by ruttino as temporary; fixed some minor bugs. Index: .cvsignore =================================================================== RCS file: /cvsroot/icescan/IceScan/.cvsignore,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** .cvsignore 24 Jan 2007 17:59:26 -0000 1.6 --- .cvsignore 25 Jan 2007 13:08:31 -0000 1.7 *************** *** 16,18 **** .deps *.greg - protocols \ No newline at end of file --- 16,17 ---- Index: icescan.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.cc,v retrieving revision 1.37 retrieving revision 1.38 diff -C2 -d -r1.37 -r1.38 *** icescan.cc 24 Jan 2007 17:59:30 -0000 1.37 --- icescan.cc 25 Jan 2007 13:08:31 -0000 1.38 *************** *** 73,77 **** "\t--bounce-http-proxy <<hostname>:<port>>: connect() through HTTP proxy\n" "\t--ip-options < R | T | U >: add specific IP option to outgoing packets\n" ! "\t--badchksum: send packets with a wrong TCP/UDP checksums" "OUTPUT\n" "\t-oI/oG <filename>: Output scan in normal/grepable format to given file\n" --- 73,77 ---- "\t--bounce-http-proxy <<hostname>:<port>>: connect() through HTTP proxy\n" "\t--ip-options < R | T | U >: add specific IP option to outgoing packets\n" ! "\t--badchksum: send packets with a wrong TCP/UDP checksums\n" "OUTPUT\n" "\t-oI/oG <filename>: Output scan in normal/grepable format to given file\n" *************** *** 118,153 **** // ip range regexp ! IceRegex re("((\\d+)(-\\d+)?)"); ! if (re.match(target)){ ! std::vector<icestring> ips; ! icestring ip(target); ! // pools for ip ranges.. ! std::vector<int> tmp; ! std::vector<std::vector<int> > pools; ! int from, to; ! icestring range=""; ! re.findReset(); ! while (re.findNext()){ ! re.group(1, range); ! to = -1; ! sscanf(range.c_str(), "%d-%d", &from, &to); ! if (to < 0) ! to = from; ! for (int i=MIN(from, to); i <= MAX(from, to); i++) ! tmp.push_back(i); ! pools.push_back(tmp); ! tmp.erase (tmp.begin(), tmp.end()); ! } ! generate_ips (ips, pools.begin(), pools.end()); ! for (std::vector<icestring>::iterator itr = ips.begin(); itr != ips.end(); itr++) ! if (is_ip(*itr)) ! par->input_targets.push_back(*itr); }else if(is_ip(target) || is_correct_domainname(target) || is_correct_cidr(target)){ --- 118,154 ---- // ip range regexp ! IceRegex re("((\\d+)-(\\d+)?)"); ! if(re.match(target)){ ! std::vector<icestring> ips; ! icestring ip(target); ! // pools for ip ranges.. ! std::vector<int> tmp; ! std::vector<std::vector<int> > pools; ! ! int from, to; ! icestring range=""; ! re.findReset(); ! while (re.findNext()){ ! re.group(1, range); ! to = -1; ! sscanf(range.c_str(), "%d-%d", &from, &to); ! if (to < 0) ! to = from; ! for (int i=MIN(from, to); i <= MAX(from, to); i++) ! tmp.push_back(i); ! pools.push_back(tmp); ! tmp.erase (tmp.begin(), tmp.end()); ! } ! generate_ips (ips, pools.begin(), pools.end()); ! for (std::vector<icestring>::iterator itr = ips.begin(); itr != ips.end(); itr++) ! if (is_ip(*itr)) ! par->input_targets.push_back(*itr); }else if(is_ip(target) || is_correct_domainname(target) || is_correct_cidr(target)){ *************** *** 579,583 **** case 'U': ! par->scan_type = UDP_SCAN; break; --- 580,584 ---- case 'U': ! //par->scan_type = UDP_SCAN; break; Index: csubtarget.h =================================================================== RCS file: /cvsroot/icescan/IceScan/csubtarget.h,v retrieving revision 1.28 retrieving revision 1.29 diff -C2 -d -r1.28 -r1.29 *** csubtarget.h 24 Jan 2007 17:59:30 -0000 1.28 --- csubtarget.h 25 Jan 2007 13:08:31 -0000 1.29 *************** *** 93,102 **** unsigned short int at; struct timeval send_tv; - //struct timeval recv_tv; }; enum Attempts { A_SCAN = 0, A_ICMP = 1, A_ARP = 2}; ! class csubtarget{ --- 93,106 ---- unsigned short int at; struct timeval send_tv; }; enum Attempts { A_SCAN = 0, A_ICMP = 1, A_ARP = 2}; ! #define TCP_SCAN 1 ! #define UDP_SCAN 2 ! #define IPP_SCAN 4 ! #define NBT_SCAN 8 ! #define LST_SCAN 16 ! #define PSV_SCAN 32 class csubtarget{ *************** *** 105,118 **** public: ! //// Buffer for the output to the standard device ! // 0 - PORTS OUTPUT ! // 1 - PROT OUTPUT ! std::ostringstream output_buffer[OUTPUT_LEVEL]; ! //// 4 are the secondary buffers TEXT = 0, XML = 1, GREP = 2, TROFF = 3 ! std::ostringstream output_buffer_secondary[OUTPUT_LEVEL][4]; ! ! //// NETBIOS BUFFER RESULTS ! std::ostringstream output_buffer_netbios; ! std::ostringstream output_buffer_netbios_secondary; static bool sort_probes(const scanning_probe &p1, const scanning_probe &p2){ --- 109,116 ---- public: ! ! icestring grep_output; ! icestring text_output; ! icestring xml_output; static bool sort_probes(const scanning_probe &p1, const scanning_probe &p2){ *************** *** 128,148 **** int iface; ! bool discovered; bool discovering; ! short scanned; struct attempt attempts[4]; std::map <int, scanning_probe> scan_probes; ! /// list for the protocol scan ! std::map <int, scanning_protocol> scan_protocols; ! u_short scanned_protocols; ! ! u_short scanned_netbios; ! scanning_probe scan_netbios_probe; ! ! int scanned_ports; ! int scanned_udp_ports; ! int last_scanned_udp_port; ! int MAGIC_PORT; --- 126,147 ---- int iface; ! bool discovered; bool discovering; ! ! // scans done ! u8 scans_done; ! // scans should be done ! u8 scans_to_be_done; + // array for ping/scan attempts calibrating struct attempt attempts[4]; + // map for the ports scan std::map <int, scanning_probe> scan_probes; ! // map for the protocols scan ! std::map <int, scanning_protocol> scan_protocols; ! // probe fpr net_bios scan ! scanning_probe scan_netbios_probe; ! ! // source port for scans int MAGIC_PORT; *************** *** 184,203 **** source_ip = par->source_ip; } - max_timeout = 0; max_retries = 0; - - scanned_ports = 0; - scanned_udp_ports = 0; - last_scanned_udp_port = 0; ! scanned = 0; ! scanned_protocols = 0; ! ! scanned_netbios = 0; mac = ""; - } --- 183,206 ---- source_ip = par->source_ip; } max_timeout = 0; max_retries = 0; ! text_output = ""; ! xml_output = ""; ! grep_output = ""; ! ! scans_to_be_done = scans_done = 0; ! ! if(par->scan_type != NO_SCAN) ! scans_to_be_done += TCP_SCAN; ! ! if(par->ip_protocol_scan) ! scans_to_be_done += IPP_SCAN; ! ! if(par->netbios_scan) ! scans_to_be_done += NBT_SCAN; mac = ""; } Index: cpengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/cpengine.cc,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** cpengine.cc 22 Jan 2007 16:51:29 -0000 1.7 --- cpengine.cc 25 Jan 2007 13:08:31 -0000 1.8 *************** *** 125,129 **** if(par.scan_type == PASSIVE_SCAN){ for(std::map <icestring, csubtarget *>::iterator i = cts->subtargets.begin(); i!= cts->subtargets.end(); ++i){ ! if((*i).second->discovered) out.show_results((*i).second); } } --- 125,131 ---- if(par.scan_type == PASSIVE_SCAN){ for(std::map <icestring, csubtarget *>::iterator i = cts->subtargets.begin(); i!= cts->subtargets.end(); ++i){ ! if((*i).second->discovered){ ! out.show_results((*i).second); ! } } } Index: nbt_wrapper.h =================================================================== RCS file: /cvsroot/icescan/IceScan/nbt_wrapper.h,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** nbt_wrapper.h 24 Jan 2007 17:59:30 -0000 1.7 --- nbt_wrapper.h 25 Jan 2007 13:08:31 -0000 1.8 *************** *** 203,207 **** int v_print_hostinfo(const char *hostname, const struct nb_host_info* hostinfo, ! int v, std::ostringstream* outs, std::ostringstream* outssec) { int i, unique; u8 service; --- 203,207 ---- int v_print_hostinfo(const char *hostname, const struct nb_host_info* hostinfo, ! int v, icestring &nb1, icestring &nb2) { int i, unique; u8 service; *************** *** 209,225 **** char* sname; char buffer[256]; ! Bzero(buffer, 256); //printf("NetBIOS Name Table for %s:\n", hostname); ! *outs << "NetBIOS Name Table for "<< hostname <<":\n"; if (outssec) ! *outssec << "Host:"<< hostname; if(hostinfo->is_broken && !v){ ! *outs << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long.\n"; if (outssec) ! *outssec << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long. "; } //printf("Incomplete packet, %d bytes long.\n", hostinfo->is_broken); --- 209,227 ---- char* sname; char buffer[256]; ! std::ostringstream outs; ! std::ostringstream outssec; ! Bzero(buffer, 256); //printf("NetBIOS Name Table for %s:\n", hostname); ! outs << "NetBIOS Name Table for "<< hostname <<":\n"; if (outssec) ! outssec << "Host:"<< hostname; if(hostinfo->is_broken && !v){ ! outs << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long.\n"; if (outssec) ! outssec << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long. "; } //printf("Incomplete packet, %d bytes long.\n", hostinfo->is_broken); *************** *** 229,236 **** else sprintf(buffer,"%-17s%-17s\n", "Name", "Service"); ! *outs << buffer; if (outssec) ! *outssec << " NetBios Services:"; if(hostinfo->header && hostinfo->names) { --- 231,238 ---- else sprintf(buffer,"%-17s%-17s\n", "Name", "Service"); ! outs << buffer; if (outssec) ! outssec << " NetBios Services:"; if(hostinfo->header && hostinfo->names) { *************** *** 246,265 **** sprintf(buffer,"%-17s", name); ! *outs << buffer; if (outssec) ! *outssec << name << "/"; if(v){ sprintf(buffer,"%s\n", (char*)getnbservicename(service, unique, name)); if (outssec) ! *outssec << getnbservicename(service, unique, name)<< ","; //printf("%s\n", (char*)getnbservicename(service, unique, name)); }else{ sprintf(buffer,"<%02x>", service); ! *outs << buffer; if (outssec) ! *outssec << buffer<< "//"; //printf("<%02x>", service); if(unique) --- 248,267 ---- sprintf(buffer,"%-17s", name); ! outs << buffer; if (outssec) ! outssec << name << "/"; if(v){ sprintf(buffer,"%s\n", (char*)getnbservicename(service, unique, name)); if (outssec) ! outssec << getnbservicename(service, unique, name)<< ","; //printf("%s\n", (char*)getnbservicename(service, unique, name)); }else{ sprintf(buffer,"<%02x>", service); ! outs << buffer; if (outssec) ! outssec << buffer<< "//"; //printf("<%02x>", service); if(unique) *************** *** 270,283 **** //printf(" GROUP\n"); if (outssec) ! *outssec << buffer<< ","; } ! *outs << buffer; } } ! *outs << "\n"; if (outssec) ! *outssec << "\n"; return 1; --- 272,288 ---- //printf(" GROUP\n"); if (outssec) ! outssec << buffer<< ","; } ! outs << buffer; } } ! outs << "\n"; if (outssec) ! outssec << "\n"; ! ! nb1 = outs.str(); ! nb2 = outssec.str(); return 1; Index: iceparams.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceparams.h,v retrieving revision 1.36 retrieving revision 1.37 diff -C2 -d -r1.36 -r1.37 *** iceparams.h 24 Jan 2007 17:59:30 -0000 1.36 --- iceparams.h 25 Jan 2007 13:08:31 -0000 1.37 *************** *** 93,103 **** std::vector <port_range> pu_ports; ! bool ip_protocol_scan; ! ! bool netbios_scan; ! // Scan Options ( default: -ST ) ! enum Scan_type scan_type; --- 93,102 ---- std::vector <port_range> pu_ports; ! // Scan Options ( default: -ST ) + bool ip_protocol_scan; ! bool netbios_scan; ! enum Scan_type scan_type; *************** *** 133,137 **** ice_service_name_database *isnd; ice_mac_name_database *ismd; ! ice_protocol_name_database *ispd; // Fingerprinting... --- 132,136 ---- ice_service_name_database *isnd; ice_mac_name_database *ismd; ! ice_protocol_name_database *ispd; // Fingerprinting... Index: caengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.cc,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** caengine.cc 25 Jan 2007 02:11:31 -0000 1.17 --- caengine.cc 25 Jan 2007 13:08:31 -0000 1.18 *************** *** 49,53 **** cde.arp_discovery = par.arp_discovery; cde.fin_ping_discovery = par.fin_ping_discovery; ! } if(par.scan_type == FIN_SCAN || par.scan_type == SYN_SCAN || par.scan_type == NULL_SCAN || par.scan_type == XMAS_SCAN || --- 49,54 ---- cde.arp_discovery = par.arp_discovery; cde.fin_ping_discovery = par.fin_ping_discovery; ! } ! if(par.scan_type == FIN_SCAN || par.scan_type == SYN_SCAN || par.scan_type == NULL_SCAN || par.scan_type == XMAS_SCAN || *************** *** 56,62 **** cde.tcp_raw_scan = true; ! /// Protocol scan flag ! if (par.ip_protocol_scan) ! cde.protocol_scan = true; init(); --- 57,63 ---- cde.tcp_raw_scan = true; ! /// Protocol scan flag ! if (par.ip_protocol_scan) ! cde.protocol_scan = true; init(); *************** *** 69,74 **** close(); - print_final_outputs(); - return false; } --- 70,73 ---- *************** *** 79,99 **** } - - void caengine::print_final_outputs(){ - for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ - for (int k = 0; k < OUTPUT_LEVEL; k++){ - std::string t = (*i).second->output_buffer[k].str(); - out << (*i).second->output_buffer[k].str(); - - if (out.outs[GREP].exists) - out.outs[GREP].out << (*i).second->output_buffer_secondary[k][GREP].str(); - } - - out.print_MAC_info((*i).second,&out); - if (out.outs[GREP].exists) - out.print_MAC_info((*i).second,&(out.outs[GREP].out)); - } - } - int caengine::get_first_free_socket(){ int f; --- 78,81 ---- *************** *** 108,113 **** void caengine::set_rtt_value(csubtarget *c, int attempts, struct timeval tv_s, struct timeval tv_f){ ! long rtt = SUB_TIMEVALS(tv_f, tv_s) / 1000; ! long rtt_temp = 0; long old_to = c->max_timeout; float div = 0; --- 90,95 ---- void caengine::set_rtt_value(csubtarget *c, int attempts, struct timeval tv_s, struct timeval tv_f){ ! long rtt = SUB_TIMEVALS(tv_f, tv_s) / 1000; ! long rtt_temp = 0; long old_to = c->max_timeout; float div = 0; *************** *** 115,131 **** // RTT Jacobson formula if (c->max_timeout){ ! rtt_temp = (rtt * (1.0f - RTT_ALPHA)) + (RTT_ALPHA * c->max_timeout); c->max_timeout = (rtt_temp);// * TIMEOUT_MULTIPLIER ! if (c->max_retries && old_to){ ! div = ((float)c->max_timeout / (float)old_to); ! if (div > 0.1f) ! if (div > 1.0f) ! c->max_retries += (MAX_RETRIES) * (div - 1.0f); ! else ! c->max_retries -= (MAX_RETRIES) * (1.0f - div); ! } }else ! c->max_timeout = rtt * 1.2f; if (c->max_retries > MAX_RETRIES) --- 97,113 ---- // RTT Jacobson formula if (c->max_timeout){ ! rtt_temp = (rtt * (1.0f - RTT_ALPHA)) + (RTT_ALPHA * c->max_timeout); c->max_timeout = (rtt_temp);// * TIMEOUT_MULTIPLIER ! if (c->max_retries && old_to){ ! div = ((float)c->max_timeout / (float)old_to); ! if (div > 0.1f) ! if (div > 1.0f) ! c->max_retries += (int) (MAX_RETRIES) * (div - 1.0f); ! else ! c->max_retries -= (int) (MAX_RETRIES) * (1.0f - div); ! } }else ! c->max_timeout = (long)(rtt * 1.2f); if (c->max_retries > MAX_RETRIES) *************** *** 217,221 **** cst->scan_probes.clear(); already_scan_clear = true; - cst->scanned_ports = 0; for(int j = 0; j<par.ports.size(); j++){ port_range pr = par.ports[j]; --- 199,202 ---- *************** *** 231,261 **** } } ! if(cst->discovered && par.scan_type == UDP_SCAN ){ ! if(!already_scan_clear){ ! cst->scan_probes.clear(); ! already_scan_clear = true; ! } ! cst->scanned_udp_ports = 0; ! cst->last_scanned_udp_port = 0; ! for(int j = 0; j<par.ports.size(); j++){ ! port_range pr = par.ports[j]; ! ! for(int i1 = pr.lower_port; i1 <= pr.upper_port; i1++){ ! scanning_probe *sp = new scanning_probe(i1); ! std::map <int, scanning_probe>::iterator f = cst->scan_probes.find(i1); ! sp->protocol = IPPROTO_UDP; ! if(f == cst->scan_probes.end()){ ! cst->scan_probes.insert(std::make_pair(i1, *sp)); ! } ! else{ ! f->second.next = sp; ! } ! } ! } ! } ! //// Assign the scannable protocols to the subtarget if (par.ip_protocol_scan){ ! for (int i = 0; i < 256 ; i++){ scanning_protocol* pro = new scanning_protocol(i); cst->scan_protocols.insert(std::make_pair(i,*pro)); --- 212,219 ---- } } ! //// Assign the scannable protocols to the subtarget if (par.ip_protocol_scan){ ! for (int i = 0; i < 256 ; i++){ //256 scanning_protocol* pro = new scanning_protocol(i); cst->scan_protocols.insert(std::make_pair(i,*pro)); *************** *** 357,362 **** bool caengine::send_attempts(){ bool stop = true; - bool stop_ps = true; - bool stop_nt = true; struct timeval tv; --- 315,318 ---- *************** *** 370,390 **** cde.packets = 0; ! if(par.scan_type == LIST_SCAN && (*i).second->discovered && (*i).second->scanned < 2){ ! icestring Mac; ! #ifndef __CYGWIN__ ! (*i).second->mac = get_arp_from_cache((*i).second->hostname); #endif out.list_host((*i).second, "up/not scanned"); ! ! if((*i).second->mac != "" && (*i).second->mac != "00:00:00:00:00:00"){ ! icestring mac_msg; ! out.get_mac_message((*i).second->mac,mac_msg); ! out << mac_msg.c_str() << "\n"; ! }else ! out << "\n"; ! ! (*i).second->scanned = 2; } --- 326,338 ---- cde.packets = 0; ! if(par.scan_type == LIST_SCAN && (*i).second->discovered && !((*i).second->scans_done & LST_SCAN)){ #ifndef __CYGWIN__ ! if(!(*i).second->mac.size()) ! (*i).second->mac = get_arp_from_cache((*i).second->hostname); #endif out.list_host((*i).second, "up/not scanned"); ! ! (*i).second->scans_done |= LST_SCAN; } *************** *** 394,453 **** //// Send the attempt for IP protocol scan ! if ((*i).second->scanned_protocols == 0 && par.ip_protocol_scan){ ! if((*i).second->discovered){ ! ! stop_ps = send_protocol_attemps((*i).second, tv); ! }else ! stop_ps = false; ! } //// Send the attempt for netbios scan ! if(par.netbios_scan && (*i).second->discovered){ //// the output will be printed in recieve_netbios_attempts when we receive the reply ! if (!(*i).second->scanned_netbios) ! stop_nt &= send_netbios_attempts((*i).second, tv); } ! ! //// Print out the results for the protocol scan ! if((*i).second->scanned_protocols == 1 && cde.protocol_scan){ ! out.show_results((*i).second,iceoutput::RESULT_PROTOCOLS); ! (*i).second->scanned_protocols++; ! } ! ! if((par.scan_type == NO_SCAN || par.scan_type == UNKNOWN_SCAN) && (*i).second->discovered) continue; - - if((*i).second->scanned == 0){ - - //if((*i).second->discovered && par.scan_type == NO_SCAN) continue; - - if(!(*i).second->discovered && cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery){ - stop = send_icmp_attempts((*i).second, tv); - } ! if(!(*i).second->discovered && cde.arp_discovery) ! stop = send_arp_attempts((*i).second, tv); ! //DBGOUTPUT((*i).second->hostname); ! if((!(*i).second->discovered && (cde.syn_ping_discovery || cde.fin_ping_discovery || (par.root() && cde.ack_ping_discovery))) || ((*i).second->discovered) && cde.tcp_raw_scan){ ! //DBGOUTPUT((*i).second->hostname); ! stop = send_raw_tcp_attempts((*i).second, tv); //#$^%!!!! GCC DEVELOPERS ! } ! if((!(*i).second->discovered && cde.ack_ping_discovery && !par.root()) || ((*i).second->discovered && par.scan_type == TCP_CONNECT_SCAN)){ ! stop = do_connect_attempts((*i).second, tv); ! } ! }else if((*i).second->scanned == 1 && (*i).second->discovered){ ! #ifndef __CYGWIN__ ! (*i).second->mac = get_arp_from_cache((*i).second->hostname); ! #endif ! out.show_results((*i).second); ! (*i).second->scanned++; } } /*for */ ! return stop & stop_ps & stop_nt; } --- 342,379 ---- //// Send the attempt for IP protocol scan ! if (!((*i).second->scans_done & IPP_SCAN) && cde.protocol_scan && (*i).second->discovered){ ! //// the output will be printed in send_protocols_attempts when we'll have no attempts to send ! stop = send_protocol_attemps((*i).second, tv); ! } //// Send the attempt for netbios scan ! if(!((*i).second->scans_done & NBT_SCAN) && par.netbios_scan && (*i).second->discovered){ //// the output will be printed in recieve_netbios_attempts when we receive the reply ! stop = send_netbios_attempts((*i).second, tv); } ! ! if((par.scan_type == NO_SCAN || par.scan_type == UNKNOWN_SCAN) && (*i).second->discovered) continue; ! if(!((*i).second->scans_done & TCP_SCAN)){ ! if(!(*i).second->discovered && cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery){ ! stop = send_icmp_attempts((*i).second, tv); ! } ! if(!(*i).second->discovered && cde.arp_discovery) ! stop = send_arp_attempts((*i).second, tv); ! if((!(*i).second->discovered && (cde.syn_ping_discovery || cde.fin_ping_discovery || (par.root() && cde.ack_ping_discovery))) || ((*i).second->discovered) && cde.tcp_raw_scan){ ! stop = send_raw_tcp_attempts((*i).second, tv); //#$^%!!!! GCC DEVELOPERS ! } ! if((!(*i).second->discovered && cde.ack_ping_discovery && !par.root()) || ((*i).second->discovered && par.scan_type == TCP_CONNECT_SCAN)){ ! stop = do_connect_attempts((*i).second, tv); ! } } } /*for */ ! return stop; } *************** *** 525,529 **** } ! //DBGOUTPUT(c->hostname <<" : "<< stop <<" : "<< c->scanned); return stop; } --- 451,462 ---- } ! if(stop){ ! #ifndef __CYGWIN__ ! c->scans_done |= TCP_SCAN; ! c->mac = get_arp_from_cache(c->hostname); ! #endif ! out.show_results(c); ! } ! return stop; } *************** *** 615,619 **** break; }else ! stop = false; } --- 548,560 ---- break; }else ! stop = false; ! } ! ! if(stop){ ! #ifndef __CYGWIN__ ! c->scans_done |= TCP_SCAN; ! c->mac = get_arp_from_cache(c->hostname); ! #endif ! out.show_results(c); } *************** *** 657,661 **** cnbtwrapper cnbt(&par); ! if (c->scanned_netbios) return stop; --- 598,602 ---- cnbtwrapper cnbt(&par); ! if (c->scans_done & NBT_SCAN) return stop; *************** *** 683,705 **** cprotocol_scan temp(&par,&out,this->cde.r2,this->cde.r3); for (std::map <int,scanning_protocol>::iterator i = c->scan_protocols.begin();i != c->scan_protocols.end(); i++){ ! if((*i).second.is_done() || (*i).second.attemps_done() > c->max_retries) { ! continue; ! } ! ! if (this->check_timeout((*i).second.tv_send,c->max_timeout) || ! !(*i).second.attemps_done()){ ! ! temp.send(c->hostname.c_str(), c->source_ip.c_str(), (*i).first,(*i).second.attemps_done()); ! (*i).second.send_attemp(); ! stop = false; ! }else { ! stop = false; ! } } /// the subtarget can be considered scanned ! if (stop) ! c->scanned_protocols=1; return stop; --- 624,647 ---- cprotocol_scan temp(&par,&out,this->cde.r2,this->cde.r3); for (std::map <int,scanning_protocol>::iterator i = c->scan_protocols.begin();i != c->scan_protocols.end(); i++){ + if((*i).second.is_done() || (*i).second.attemps_done() > c->max_retries) { + continue; + } ! if (this->check_timeout((*i).second.tv_send,c->max_timeout) || !(*i).second.attemps_done()){ ! temp.send(c->hostname.c_str(), c->source_ip.c_str(), (*i).first,(*i).second.attemps_done()); ! (*i).second.send_attemp(); ! stop = false; ! }else { ! stop = false; ! } } /// the subtarget can be considered scanned ! if (stop){ ! //// Print out the results for the protocol scan ! c->scans_done |= IPP_SCAN; ! out.show_results(c, iceoutput::RESULT_PROTOCOLS); ! } ! return stop; *************** *** 747,771 **** } - // check if any UDP attempt to send to host _*c_ at time _tv_ - // && send them - // return true if there no attempts to send - // and no to wait for (timeout/discover finished) - bool caengine::send_udp_attempts(csubtarget *c, struct timeval &tv){ - bool stop = true; - int packets = 0; - std::map <int, scanning_probe>::iterator j; - if(c->last_scanned_udp_port == 0) j = c->scan_probes.begin(); - else j = c->scan_probes.find(c->last_scanned_udp_port); - for(; j!= c->scan_probes.end(); ++j){ - if(!(*j).second.done){ - c->last_scanned_udp_port = j->first; - - break; - } - } - if(j == c->scan_probes.end()) c->last_scanned_udp_port = 0; - return stop; - } - // This function shutdowns socket, used fro connect() scan/ping void caengine::shutdown_scansocket(int j){ --- 689,692 ---- *************** *** 944,948 **** // also, prints some information to output bool caengine::set_port_status(csubtarget *cts, int port, enum port_status status){ ! //DBGOUTPUT(port << ":" << status << " = " << (int) cts->scan_probes[port].done); if(cts->discovered){ //DBGOUTPUT(port << ":" << status << " = " << (int) cts->scan_probes[port].done); --- 865,869 ---- // also, prints some information to output bool caengine::set_port_status(csubtarget *cts, int port, enum port_status status){ ! //DBGOUTPUT(port << ":" << status << " = " << (int) cts->scan_probes[port].done); if(cts->discovered){ //DBGOUTPUT(port << ":" << status << " = " << (int) cts->scan_probes[port].done); *************** *** 953,962 **** } - cts->scanned_ports++; cts->scan_probes[port].status = status; cts->scan_probes[port].done = true; - if(cts->scanned_ports == cts->scan_probes.size()) - cts->scanned = 1; - //DBGOUTPUT(cts->scanned_ports << " ? " << cts->scan_probes.size()); print_port_status(cts, port); } --- 874,879 ---- *************** *** 1020,1029 **** hostinfo = (struct nb_host_info *)cnbt.parse_response(message, size); cnbt.v_print_hostinfo(subtargets[addr]->hostname.c_str(), hostinfo, ! !par.verbose,&(subtargets[addr]->output_buffer_netbios) ! ,&(subtargets[addr]->output_buffer_netbios_secondary)); ! ! std::string strc = subtargets[addr]->output_buffer_netbios.str(); ! ! subtargets[addr]->scanned_netbios = 1; subtargets[addr]->scan_netbios_probe.done = true; --- 937,944 ---- hostinfo = (struct nb_host_info *)cnbt.parse_response(message, size); cnbt.v_print_hostinfo(subtargets[addr]->hostname.c_str(), hostinfo, ! !par.verbose, subtargets[addr]->text_output, ! subtargets[addr]->grep_output); ! ! subtargets[addr]->scans_done |= NBT_SCAN; subtargets[addr]->scan_netbios_probe.done = true; *************** *** 1070,1075 **** for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ ! if(!(*i).second->scanned > 1) continue; if(!(*i).second->discovering && !(*i).second->discovered) continue; --- 985,992 ---- for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ ! ! if((*i).second->scans_done & TCP_SCAN) continue; + if(!(*i).second->discovering && !(*i).second->discovered) continue; *************** *** 1082,1085 **** --- 999,1003 ---- //DBGOUTPUT(cde.scan_socks[(*j).second.socket_ptr].sock_fd); + enum port_status status = PORT_UNKNOWN; if(s >= 0 && (FD_ISSET(cde.scan_socks[(*j).second.socket_ptr].sock_fd, &fd_rtmp) || *************** *** 1155,1159 **** default: //add here more errors, pls ! status = PORT_UNKNOWN; } --- 1073,1077 ---- default: //add here more errors, pls ! status = PORT_UNKNOWN; } *************** *** 1173,1180 **** if((*i).second->max_timeout < MIN_TIMEOUT) (*i).second->max_timeout = MIN_TIMEOUT; - //DBGOUTPUT("!!!!!!!!"); - - //DBGOUTPUT((*i).second->max_timeout); - if(set_port_status((*i).second, (*j).first, status)){ //DBGOUTPUT("Breaking..."); --- 1091,1094 ---- *************** *** 1199,1310 **** int port; bool found; ! port = 0; ! if(response){ ! found = false; ! icestring addr; ! ip = (struct iphdr *) response; ! sa.sin_addr.s_addr = ip->saddr; ! addr.assign(inet_ntoa(sa.sin_addr)); ! if(subtargets.find(addr) != subtargets.end()) ! found = true; ! if (found && cde.protocol_scan){ ! //// update the list for the subtarget about the protocol scan ! if (subtargets[addr]->scan_protocols.find(ip->protocol) != subtargets[addr]->scan_protocols.end()){ ! subtargets[addr]->scan_protocols[ip->protocol].set_open(); ! this->set_rtt_value(subtargets[addr],0,subtargets[addr]->scan_protocols[ip->protocol].tv_send,tv); ! } ! } ! ! //// ICMP message manage for protocol scan ! if (ip->protocol == IPPROTO_ICMP){ ! struct icmp *icmp = (struct icmp *) (response + 4 * ip->ihl); ! if (icmp->icmp_type == 3){ ! /// Get the right information from the icmp payload ! /// Protocol info ! int proto_temp = *(icmp->icmp_dun.id_data + 9); ! /// Ip destination original packet info ! u32* addr_src = (u32*)(icmp->icmp_dun.id_data + 16); ! icestring addr_temp; ! iceinet_ntoa(*addr_src,addr_temp); ! /// Set to filtered the port ! ! if (subtargets.find(addr_temp) != subtargets.end()){ ! ! u16 port_temp; ! memcpy(&port_temp,(icmp->icmp_dun.id_data + 22),2); ! port_temp = ntohs(port_temp); ! if (cde.tcp_raw_scan){ ! /// Update the RTT for an ICMP message ! if (subtargets[addr_temp]->scan_probes.find(port_temp) != subtargets[addr_temp]->scan_probes.end()){ ! set_rtt_value(subtargets[addr_temp],0,subtargets[addr_temp]->scan_probes[port_temp].tv_send,tv); ! } ! } ! /// If the protocol scan is enabled ! if (cde.protocol_scan){ ! if (subtargets[addr_temp]->scan_protocols.find(proto_temp) != subtargets[addr_temp]->scan_protocols.end()){ ! if (icmp->icmp_code == 2){ ! subtargets[addr_temp]->scan_protocols[proto_temp].set_closed(); ! }else{ ! subtargets[addr_temp]->scan_protocols[proto_temp].set_filtered(); ! } ! /// Update the RTT for an ICMP message ! set_rtt_value(subtargets[addr_temp],0,subtargets[addr_temp]->scan_protocols[proto_temp].tv_send,tv); ! } ! } ! } /// subtarget in list ! } /// Type 3 ! } /// protocol ICMP ! ! if(found && ip->protocol == IPPROTO_TCP && (cde.tcp_raw_scan || (subtargets[addr]->discovering && cde.syn_ping_discovery || cde.fin_ping_discovery || cde.ack_ping_discovery))){ ! tcp = (struct tcphdr *) (response + 4 * ip->ihl); ! port = ntohs(tcp->th_sport); ! if(par.packet_trace) PacketTracer::TraceIPPacket("RCVD", response, len, tv); ! ! if(subtargets[addr]->scan_probes.find(port) != subtargets[addr]->scan_probes.end() && port != subtargets[addr]->MAGIC_PORT){ ! if ((tcp->th_flags & TH_RST) && ((subtargets[addr]->discovered && par.scan_type == FIN_SCAN || par.scan_type == NULL_SCAN || par.scan_type == XMAS_SCAN) || (subtargets[addr]->discovering && cde.fin_ping_discovery))) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! set_port_status(subtargets[addr], port, PORT_CLOSED); ! }else if ((tcp->th_flags & TH_RST) && (par.scan_type == WINDOW_SCAN)) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! if(tcp->th_win == 0) ! set_port_status(subtargets[addr], port, PORT_CLOSED); ! else ! set_port_status(subtargets[addr], port, PORT_OPEN); ! }else if ((tcp->th_flags & TH_RST) ! && ((subtargets[addr]->discovered && (par.scan_type == ACK_SCAN || par.scan_type == MAIMON_SCAN)) ! || (subtargets[addr]->discovering && cde.ack_ping_discovery))) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! set_port_status(subtargets[addr], port, PORT_UNFILTERED); ! }else if ((tcp->th_flags & TH_RST) && (subtargets[addr]->discovered && par.scan_type == SYN_SCAN)) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! set_port_status(subtargets[addr], port, PORT_CLOSED); ! }else if ((tcp->th_flags & (TH_ACK|TH_SYN)) && ((subtargets[addr]->discovered && par.scan_type == SYN_SCAN) || (subtargets[addr]->discovering && (cde.syn_ping_discovery || cde.ack_ping_discovery)))) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! set_port_status(subtargets[addr], port, PORT_OPEN); ! cde.r2->send_tcp_raw(subtargets[addr]->source_ip, subtargets[addr]->hostname, subtargets[addr]->MAGIC_PORT, port, 0, 0, TH_RST, 0, par.ttl, 0, 0); } ! return true; } ! } ! return false; ! } } --- 1113,1223 ---- int port; bool found; ! port = 0; ! if(response){ ! found = false; ! icestring addr; ! ip = (struct iphdr *) response; ! sa.sin_addr.s_addr = ip->saddr; ! addr.assign(inet_ntoa(sa.sin_addr)); ! if(subtargets.find(addr) != subtargets.end()) ! found = true; ! if (found && cde.protocol_scan){ ! //// update the list for the subtarget about the protocol scan ! if (subtargets[addr]->scan_protocols.find(ip->protocol) != subtargets[addr]->scan_protocols.end()){ ! subtargets[addr]->scan_protocols[ip->protocol].set_open(); ! this->set_rtt_value(subtargets[addr],0,subtargets[addr]->scan_protocols[ip->protocol].tv_send,tv); ! } ! } ! //// ICMP message manage for protocol scan ! if (ip->protocol == IPPROTO_ICMP){ ! struct icmp *icmp = (struct icmp *) (response + 4 * ip->ihl); ! if (icmp->icmp_type == 3){ ! /// Get the right information from the icmp payload ! /// Protocol info ! int proto_temp = *(icmp->icmp_dun.id_data + 9); ! /// Ip destination original packet info ! u32* addr_src = (u32*)(icmp->icmp_dun.id_data + 16); ! icestring addr_temp; ! iceinet_ntoa(*addr_src,addr_temp); ! /// Set to filtered the port ! if (subtargets.find(addr_temp) != subtargets.end()){ ! u16 port_temp; ! memcpy(&port_temp,(icmp->icmp_dun.id_data + 22),2); ! port_temp = ntohs(port_temp); ! if (cde.tcp_raw_scan){ ! /// Update the RTT for an ICMP message ! if (subtargets[addr_temp]->scan_probes.find(port_temp) != subtargets[addr_temp]->scan_probes.end()){ ! set_rtt_value(subtargets[addr_temp],0,subtargets[addr_temp]->scan_probes[port_temp].tv_send,tv); } + } ! /// If the protocol scan is enabled ! if (cde.protocol_scan){ ! if (subtargets[addr_temp]->scan_protocols.find(proto_temp) != subtargets[addr_temp]->scan_protocols.end()){ ! if (icmp->icmp_code == 2){ ! subtargets[addr_temp]->scan_protocols[proto_temp].set_closed(); ! }else{ ! subtargets[addr_temp]->scan_protocols[proto_temp].set_filtered(); ! } ! /// Update the RTT for an ICMP message ! set_rtt_value(subtargets[addr_temp],0,subtargets[addr_temp]->scan_protocols[proto_temp].tv_send,tv); ! } } ! } /// subtarget in list ! } /// Type 3 ! } /// protocol ICMP ! ! if(found && ip->protocol == IPPROTO_TCP && (cde.tcp_raw_scan || (subtargets[addr]->discovering && cde.syn_ping_discovery || cde.fin_ping_discovery || cde.ack_ping_discovery))){ ! tcp = (struct tcphdr *) (response + 4 * ip->ihl); ! port = ntohs(tcp->th_sport); ! ! if(par.packet_trace) PacketTracer::TraceIPPacket("RCVD", response, len, tv); ! ! if(subtargets[addr]->scan_probes.find(port) != subtargets[addr]->scan_probes.end() && port != subtargets[addr]->MAGIC_PORT){ ! if ((tcp->th_flags & TH_RST) && ((subtargets[addr]->discovered && par.scan_type == FIN_SCAN || par.scan_type == NULL_SCAN || par.scan_type == XMAS_SCAN) || (subtargets[addr]->discovering && cde.fin_ping_discovery))) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! set_port_status(subtargets[addr], port, PORT_CLOSED); ! }else if ((tcp->th_flags & TH_RST) && (par.scan_type == WINDOW_SCAN)) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! if(tcp->th_win == 0) ! set_port_status(subtargets[addr], port, PORT_CLOSED); ! else ! set_port_status(subtargets[addr], port, PORT_OPEN); ! }else if ((tcp->th_flags & TH_RST) ! && ((subtargets[addr]->discovered && (par.scan_type == ACK_SCAN || par.scan_type == MAIMON_SCAN)) ! || (subtargets[addr]->discovering && cde.ack_ping_discovery))) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! set_port_status(subtargets[addr], port, PORT_UNFILTERED); ! }else if ((tcp->th_flags & TH_RST) && (subtargets[addr]->discovered && par.scan_type == SYN_SCAN)) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! set_port_status(subtargets[addr], port, PORT_CLOSED); ! }else if ((tcp->th_flags & (TH_ACK|TH_SYN)) && ((subtargets[addr]->discovered && par.scan_type == SYN_SCAN) || (subtargets[addr]->discovering && (cde.syn_ping_discovery || cde.ack_ping_discovery)))) { ! set_rtt_value(subtargets[addr], subtargets[addr]->scan_probes[port].attempt, ! subtargets[addr]->scan_probes[port].tv_send, tv); ! set_port_status(subtargets[addr], port, PORT_OPEN); ! cde.r2->send_tcp_raw(subtargets[addr]->source_ip, subtargets[addr]->hostname, subtargets[addr]->MAGIC_PORT, port, 0, 0, TH_RST, 0, par.ttl, 0, 0); ! } ! ! return true; ! } ! } ! return false; ! } } Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.47 retrieving revision 1.48 diff -C2 -d -r1.47 -r1.48 *** TODO 24 Jan 2007 23:38:57 -0000 1.47 --- TODO 25 Jan 2007 13:08:31 -0000 1.48 *************** *** 3,12 **** CRITICAL BUGS ############# ! 1) non-working CIDR target specification (e.g. 0.0.0.0/0) ! 2) non-working passive scan: ! 2.1) broken filters (see (1)) ! 2.2) broken output ports table. ! 3) broken tcp raw scan (too-fast rtts and timeout expiring) ! 4) segfaults on some packets in packet-trace. ############################################################# --- 3,12 ---- CRITICAL BUGS ############# ! 1) broken tcp raw scan (too-fast rtts and timeout expiring) ! 2) Non-working connect() + ip protocol/netbios scans ! 3) Non-working grepable output for protocol scan. ! 4) Fix netBIOS scan architecture (meanwhile, output). ! 5) discovery attempts sending too fast. ! 6) rtt engine, rtt engine, rtt engine... ############################################################# *************** *** 14,18 **** What should be in IceScan version 0.10: ([ ] - not done; [_] - partially done; [*] - seems to be working; [+] - completely done) ! ############################################################################################################ [*] 1. active scan methods: MainMON, FIN, ACK, SYN, connect(), NULL, XMAS, Window, NetBIOS. [_] 1.1 active scan methods: UDP --- 14,18 ---- What should be in IceScan version 0.10: ([ ] - not done; [_] - partially done; [*] - seems to be working; [+] - completely done) ! ######################################################################################## [*] 1. active scan methods: MainMON, FIN, ACK, SYN, connect(), NULL, XMAS, Window, NetBIOS. [_] 1.1 active scan methods: UDP *************** *** 30,34 **** [_] 9. ports to platforms: Linux, Win32, OpenBSD, FreeBSD, Cygwin. [_] 10. man page and INSTALL.win32, INSTALL.<platfrom-specific> files. ! ############################################################################################################ Reference: --- 30,34 ---- [_] 9. ports to platforms: Linux, Win32, OpenBSD, FreeBSD, Cygwin. [_] 10. man page and INSTALL.win32, INSTALL.<platfrom-specific> files. ! ################################################################################################################ Reference: *************** *** 56,59 **** --- 56,60 ---- I12 + detect broadcast address. I66 + Traceroute. + I78 * discovery attempts sending too fast. -- Scanning -- *************** *** 77,80 **** --- 78,83 ---- I33 + Decoys (-D) I67 + IP options (R, T, U, S, L) + I74 * Non-working connect() + protocols scan + I75 * fix output in NetBIOS scan -- Exploiting -- *************** *** 119,124 **** I51 + -oX [filename] - XML output I53 + -oT [filename] - troff output - I55 * fix newline count in reports I68 + --open - after scanning, forces IceScan to show only open ports -- Misc -- --- 122,128 ---- I51 + -oX [filename] - XML output I53 + -oT [filename] - troff output I68 + --open - after scanning, forces IceScan to show only open ports + I76 * fix grepable output with protocol scan + I77 + add grepable output for NetBIOS scan -- Misc -- Index: caengine.h =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.h,v retrieving revision 1.27 retrieving revision 1.28 diff -C2 -d -r1.27 -r1.28 *** caengine.h 25 Jan 2007 02:11:31 -0000 1.27 --- caengine.h 25 Jan 2007 13:08:31 -0000 1.28 *************** *** 277,283 **** void show_ports(csubtarget *c); - // Show the final outputs in the right order - void print_final_outputs(); - // sets port status if time run out and no // response from target recieved --- 277,280 ---- Index: iceoutput.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceoutput.h,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** iceoutput.h 24 Jan 2007 17:59:30 -0000 1.12 --- iceoutput.h 25 Jan 2007 13:08:31 -0000 1.13 *************** *** 180,183 **** --- 180,184 ---- outs[GREP].out << "Host: " << c->hostname << " Status: " << state << "."; } + print_MAC_info(c); } *************** *** 187,191 **** // This function used to display port table for given subtarget *c // Now supports only text output. ! void show_results(csubtarget *c, RESULTS_TYPE res_type = RESULT_PORTS){ int filtered = 0, closed = 0, open = 0, open_filtered = 0, unfiltered = 0, total = 0; bool show_closed = false, show_open = true, show_of = false, show_filtered = false, show_unfiltered = false; --- 188,192 ---- // This function used to display port table for given subtarget *c // Now supports only text output. ! void show_results(csubtarget *c, enum RESULTS_TYPE res_type = RESULT_PORTS){ int filtered = 0, closed = 0, open = 0, open_filtered = 0, unfiltered = 0, total = 0; bool show_closed = false, show_open = true, show_of = false, show_filtered = false, show_unfiltered = false; *************** *** 194,214 **** char output_buf[255]; ! std::ostringstream *out; ! std::ostringstream *out_secondary_grep; // output_buffer_secondary for grep ! ! char str_type_scan[100]; std::map<int,int> list_output; ! if(!par.verbose && !c->scan_probes.size() && par.scan_type == PASSIVE_SCAN) return; ! if (res_type == RESULT_PORTS){ for(std::map <int, scanning_probe >::iterator i = c->scan_probes.begin(); i!= c->scan_probes.end(); ++i){ list_output.insert(std::make_pair((*i).first,(*i).second.status)); } ! ! out = &(c->output_buffer[RESULT_PORTS]); ! out_secondary_grep = &(c->output_buffer_secondary[0][GREP]); ! sprintf(str_type_scan,"Ports"); }else if (res_type == RESULT_PROTOCOLS){ for(std::map <int, scanning_protocol >::iterator i = c->scan_protocols.begin(); i!= c->scan_protocols.end(); ++i){ --- 195,219 ---- char output_buf[255]; ! std::ostringstream out_text; ! out_text.str().assign(c->text_output); ! ! std::ostringstream out; ! out.str().clear(); ! ! std::ostringstream out_grep; ! out_grep.str().assign(c->grep_output); ! ! icestring str_type_scan; std::map<int,int> list_output; ! if(!par.verbose && !c->scan_probes.size() && par.scan_type == PASSIVE_SCAN) ! return; ! if (res_type == RESULT_PORTS){ for(std::map <int, scanning_probe >::iterator i = c->scan_probes.begin(); i!= c->scan_probes.end(); ++i){ list_output.insert(std::make_pair((*i).first,(*i).second.status)); } ! str_type_scan = "Ports"; }else if (res_type == RESULT_PROTOCOLS){ for(std::map <int, scanning_protocol >::iterator i = c->scan_protocols.begin(); i!= c->scan_protocols.end(); ++i){ *************** *** 216,227 **** } ! out = &(c->output_buffer[RESULT_PROTOCOLS]); ! out_secondary_grep = &(c->output_buffer_secondary[1][GREP]); ! sprintf(str_type_scan,"Protocols"); ! }else if (res_type == RESULT_NETBIOS){ ! out = &(c->output_buffer[RESULT_NETBIOS]); ! out_secondary_grep = &(c->output_buffer_secondary[2][GREP]); ! } ! if (res_type != RESULT_NETBIOS){ --- 221,226 ---- } ! str_type_scan = "Protocols"; ! } if (res_type != RESULT_NETBIOS){ *************** *** 270,280 **** if(strcmp(c->hostname.c_str(), c->reversed_hostname.c_str())){ ! *out << "Interesting "<< str_type_scan <<" on " << c->reversed_hostname << " (" << c->hostname << "):"; if(outs[GREP].exists) ! *out_secondary_grep << "Host: " << c->reversed_hostname << " (" << c->hostname << ") "<< str_type_scan <<": "; }else{ ! *out << "Interesting "<< str_type_scan <<" on " << c->hostname << ":"; if(outs[GREP].exists) ! *out_secondary_grep << "Host: " << " "<< str_type_scan <<": "; } } /// end if (res_type != RESULT_NETBIOS) --- 269,279 ---- if(strcmp(c->hostname.c_str(), c->reversed_hostname.c_str())){ ! out << "Interesting "<< str_type_scan <<" on " << c->reversed_hostname << " (" << c->hostname << "):"; if(outs[GREP].exists) ! out_grep << "Host: " << c->reversed_hostname << " (" << c->hostname << ") "<< str_type_scan <<": "; }else{ ! out << "Interesting "<< str_type_scan <<" on " << c->hostname << ":"; if(outs[GREP].exists) ! out_grep << "Host: " << " "<< str_type_scan <<": "; } } /// end if (res_type != RESULT_NETBIOS) *************** *** 282,286 **** if((c->scan_probes.size() || c->scan_protocols.size()) && (res_type == RESULT_PORTS || res_type == RESULT_PROTOCOLS)){ ! *out << iceoutput::endl; os.str(""); --- 281,285 ---- if((c->scan_probes.size() || c->scan_protocols.size()) && (res_type == RESULT_PORTS || res_type == RESULT_PROTOCOLS)){ ! out << iceoutput::endl; os.str(""); *************** *** 300,309 **** os << "\n"; ! if(not_shown.size()) *out << os.str(); if (res_type == RESULT_PORTS) ! *out << "PORT STATE SERVICE\n"; else ! *out << "PROTOCOL STATE SERVICE\n"; #ifndef __CYGWIN__ --- 299,308 ---- os << "\n"; ! if(not_shown.size()) out << os.str(); if (res_type == RESULT_PORTS) ! out << "PORT STATE SERVICE\n"; else ! out << "PROTOCOL STATE SERVICE\n"; #ifndef __CYGWIN__ *************** *** 336,348 **** sprintf(output_buf, "%5d %6s %s", (*i).first, state.c_str(), par.ispd->get_protocol((*i).first).c_str()); ! *out << output_buf << "\n"; if(outs[GREP].exists){ ! if (res_type == RESULT_PORTS) gr... [truncated message content] |
|
From: Alexander B. <da...@us...> - 2007-01-25 13:08:34
|
Update of /cvsroot/icescan/IceScan/icesockets In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv3876/icesockets Modified Files: packet_tracer.h Log Message: Redesigned Ugly structure ofmultiple scan that was implemented by ruttino as temporary; fixed some minor bugs. Index: packet_tracer.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/packet_tracer.h,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** packet_tracer.h 23 Jan 2007 21:14:23 -0000 1.8 --- packet_tracer.h 25 Jan 2007 13:08:31 -0000 1.9 *************** *** 429,432 **** --- 429,442 ---- break; + + default: + os << " IP " << src_ip << " > " << dst_ip << " "; + + os << " prot=" << (int)ip->protocol; + + os << " ttl=" << (unsigned short)ip->ttl << " id=" << ntohs(ip->id) << " iplen=" << ntohs(ip->tot_len); + + if(ipopts.size()) + os << " ipopts={" << ipopts << "} "; } |
|
From: ruttino <ru...@us...> - 2007-01-25 02:11:34
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv13487 Modified Files: caengine.cc caengine.h iceprotocol.h Log Message: TCP raw scan and RTT, now is better ;) ..... I hope! Index: iceprotocol.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceprotocol.h,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** iceprotocol.h 24 Jan 2007 17:59:30 -0000 1.6 --- iceprotocol.h 25 Jan 2007 02:11:31 -0000 1.7 *************** *** 37,41 **** case IPPROTO_TCP: ! r_raw->send_tcp_raw(l_hostname,hostname,csocket::getMagicPort()+rand_port_val,csocket::getMagicPort()+rand_port_val, 0,0,TH_ACK,0,par->ttl,0,0); break; --- 37,41 ---- case IPPROTO_TCP: ! r_raw->send_tcp_raw(l_hostname,hostname,csocket::getMagicPort()+rand_port_val,80, 0,0,TH_ACK,0,par->ttl,0,0); break; Index: caengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.cc,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** caengine.cc 24 Jan 2007 17:59:30 -0000 1.16 --- caengine.cc 25 Jan 2007 02:11:31 -0000 1.17 *************** *** 108,128 **** void caengine::set_rtt_value(csubtarget *c, int attempts, struct timeval tv_s, struct timeval tv_f){ ! long rtt = SUB_TIMEVALS(tv_f, tv_s); long old_to = c->max_timeout; float div = 0; // RTT Jacobson formula ! if (c->max_timeout) ! rtt = (rtt * (1.0f - RTT_ALPHA)) + (RTT_ALPHA * c->max_timeout); ! c->max_timeout = (rtt / 1000 )* TIMEOUT_MULTIPLIER; ! ! if (c->max_retries && old_to){ ! div = ((float)c->max_timeout / (float)old_to); ! if (div > 0.1f) ! if (div > 1.0f) ! c->max_retries += MAX_RETRIES * (div - 1.0f); ! else ! c->max_retries -= MAX_RETRIES * (1.0f - div); ! } if (c->max_retries > MAX_RETRIES) --- 108,131 ---- void caengine::set_rtt_value(csubtarget *c, int attempts, struct timeval tv_s, struct timeval tv_f){ ! long rtt = SUB_TIMEVALS(tv_f, tv_s) / 1000; ! long rtt_temp = 0; long old_to = c->max_timeout; float div = 0; // RTT Jacobson formula ! if (c->max_timeout){ ! rtt_temp = (rtt * (1.0f - RTT_ALPHA)) + (RTT_ALPHA * c->max_timeout); ! c->max_timeout = (rtt_temp);// * TIMEOUT_MULTIPLIER ! ! if (c->max_retries && old_to){ ! div = ((float)c->max_timeout / (float)old_to); ! if (div > 0.1f) ! if (div > 1.0f) ! c->max_retries += (MAX_RETRIES) * (div - 1.0f); ! else ! c->max_retries -= (MAX_RETRIES) * (1.0f - div); ! } ! }else ! c->max_timeout = rtt * 1.2f; if (c->max_retries > MAX_RETRIES) *************** *** 131,135 **** c->max_retries = 1; ! //DBGOUTPUT(div << "Adjusting rtt_timeout to " << c->max_timeout << " max_retries to " << c->max_retries); //if(SUB_TIMEVALS(tv_f, tv_s) < MIN_TIMEOUT && attempts == 1 && c->max_retries > 1){ --- 134,141 ---- c->max_retries = 1; ! //c->max_retries = 8; ! //c->max_timeout = 200; ! ! //DBGOUTPUT(rtt << " Adjusting rtt_timeout to " << c->max_timeout << " max_retries to " << c->max_retries); //if(SUB_TIMEVALS(tv_f, tv_s) < MIN_TIMEOUT && attempts == 1 && c->max_retries > 1){ *************** *** 433,441 **** } - //if((*i).second->discovered && par.netbios_scan){ - // // out.show_results((*i).second,iceoutput::RESULT_NETBIOS); - // stop_nt &= send_netbios_attempts((*i).second, tv); - //} - }else if((*i).second->scanned == 1 && (*i).second->discovered){ #ifndef __CYGWIN__ --- 439,442 ---- *************** *** 448,454 **** } /*for */ - if (stop) - int ex = 0; - return stop & stop_ps & stop_nt; } --- 449,452 ---- *************** *** 588,603 **** bool caengine::send_raw_tcp_attempts(csubtarget *c, struct timeval &tv){ bool stop = true; - timeval tv_now; for(std::map <int, scanning_probe>::iterator j = c->scan_probes.begin(); j!= c->scan_probes.end(); ++j){ if((*j).second.done) continue; ! if( this->check_timeout((*j).second.tv_send,c->max_timeout) || !(*j).second.attempt){ ! ! //DBGOUTPUT(c->hostname << ":" << (*j).first); ! ! if((*j).second.attempt > c->max_retries){ set_port_status(c, (*j).first, get_no_response_status()); }else if(cde.packets <= cde.max_target_packets){ stop = false; --- 586,598 ---- bool caengine::send_raw_tcp_attempts(csubtarget *c, struct timeval &tv){ bool stop = true; for(std::map <int, scanning_probe>::iterator j = c->scan_probes.begin(); j!= c->scan_probes.end(); ++j){ if((*j).second.done) continue; + if( this->check_timeout((*j).second.tv_send,c->max_timeout)/* || !(*j).second.attempt*/){ ! if((*j).second.attempt > c->max_retries){//c->max_retries set_port_status(c, (*j).first, get_no_response_status()); + stop = false; }else if(cde.packets <= cde.max_target_packets){ stop = false; *************** *** 619,623 **** }else if (cde.packets > cde.max_target_packets) break; ! } } --- 614,619 ---- }else if (cde.packets > cde.max_target_packets) break; ! }else ! stop = false; } *************** *** 688,692 **** for (std::map <int,scanning_protocol>::iterator i = c->scan_protocols.begin();i != c->scan_protocols.end(); i++){ ! if((*i).second.is_done() || (*i).second.attemps_done() >= MAX_PROTOCOL_RETRIES) { continue; } --- 684,688 ---- for (std::map <int,scanning_protocol>::iterator i = c->scan_protocols.begin();i != c->scan_protocols.end(); i++){ ! if((*i).second.is_done() || (*i).second.attemps_done() > c->max_retries) { continue; } *************** *** 699,703 **** stop = false; }else { ! int ex = 0; } } --- 695,699 ---- stop = false; }else { ! stop = false; } } *************** *** 906,912 **** if(discovered){ ! subtargets[ssource]->max_timeout = TIMEOUT_MULTIPLIER*(SUB_TIMEVALS(tv2, subtargets[ssource]->attempts[A_ICMP].send_tv)); ! if(par.max_retries[subtargets[ssource]->iface] > 1) par.max_retries[subtargets[ssource]->iface] = par.max_retries[subtargets[ssource]->iface] / 2; set_host_up(subtargets[ssource]); --- 902,908 ---- if(discovered){ ! //subtargets[ssource]->max_timeout = TIMEOUT_MULTIPLIER*(SUB_TIMEVALS(tv2, subtargets[ssource]->attempts[A_ICMP].send_tv)); ! //if(par.max_retries[subtargets[ssource]->iface] > 1) par.max_retries[subtargets[ssource]->iface] = par.max_retries[subtargets[ssource]->iface] / 2; set_host_up(subtargets[ssource]); *************** *** 960,964 **** cts->scan_probes[port].status = status; cts->scan_probes[port].done = true; ! if(cts->scanned_ports == cts->scan_probes.size()) cts->scanned = 1; //DBGOUTPUT(cts->scanned_ports << " ? " << cts->scan_probes.size()); print_port_status(cts, port); --- 956,961 ---- cts->scan_probes[port].status = status; cts->scan_probes[port].done = true; ! if(cts->scanned_ports == cts->scan_probes.size()) ! cts->scanned = 1; //DBGOUTPUT(cts->scanned_ports << " ? " << cts->scan_probes.size()); print_port_status(cts, port); *************** *** 1342,1345 **** --- 1339,1344 ---- u_long max_time = (par.max_wait_time[par.source_iface] ? par.max_wait_time[par.source_iface] : ( max_time_out ? (MAX_WAIT_TIME) : max_time_out )); + //return true; + //DBGOUTPUT("\n" << sub_time << " > " << max_time); return (sub_time > max_time); } Index: caengine.h =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.h,v retrieving revision 1.26 retrieving revision 1.27 diff -C2 -d -r1.26 -r1.27 *** caengine.h 24 Jan 2007 17:59:30 -0000 1.26 --- caengine.h 25 Jan 2007 02:11:31 -0000 1.27 *************** *** 30,34 **** #define MAX_PACKETS 64 #define MIN_MAX_PACKETS 2 ! #define TIMEOUT_MULTIPLIER 2 #define RTT_ALPHA 0.9f --- 30,34 ---- #define MAX_PACKETS 64 #define MIN_MAX_PACKETS 2 ! #define TIMEOUT_MULTIPLIER 2.5f #define RTT_ALPHA 0.9f |
|
From: ruttino <ru...@us...> - 2007-01-24 17:59:39
|
Update of /cvsroot/icescan/IceScan/icesockets In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv16899/icesockets Modified Files: cethwrapper.h crawsocket.h csocket.h Log Message: Netbios (parallel,grep output and others), RTT Jacobson, retrasmission etc ... Index: crawsocket.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/crawsocket.h,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** crawsocket.h 23 Jan 2007 12:51:53 -0000 1.12 --- crawsocket.h 24 Jan 2007 17:59:31 -0000 1.13 *************** *** 15,18 **** --- 15,19 ---- int mtu; bool ethernet; + enum Ip_options option; char options[40]; *************** *** 223,227 **** int res = 0; if(ethernet){ ! #ifdef HAVE_LIBDNET res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); #endif --- 224,229 ---- int res = 0; if(ethernet){ ! #ifdef HAVE_LIBDNET ! res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); #endif *************** *** 250,254 **** unsigned long ack, unsigned char flags, unsigned short window, unsigned short ttl, char *data, const unsigned short datalen) { ! crandom r; --- 252,259 ---- unsigned long ack, unsigned char flags, unsigned short window, unsigned short ttl, char *data, const unsigned short datalen) { ! ! timeval tv_local_begin,tv_local_end; ! gettimeofday(&tv_local_begin,NULL); ! crandom r; *************** *** 334,344 **** if(ethernet){ #ifdef HAVE_LIBDNET res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); #endif }else if ((res = sendto(destination.c_str(), packet, ntohs(ip->tot_len), 0)) == -1) { ! perror("sendto in send_tcp_raw"); free(packet); return -1; } --- 339,354 ---- if(ethernet){ + #ifdef HAVE_LIBDNET res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); #endif + }else if ((res = sendto(destination.c_str(), packet, ntohs(ip->tot_len), 0)) == -1) { ! ! perror("sendto in send_tcp_raw"); ! #ifdef WIN32 free(packet); + #endif return -1; } *************** *** 466,469 **** --- 476,480 ---- int ret_v = 0; + if(ethernet){ #ifdef HAVE_LIBDNET *************** *** 484,488 **** uint16_t arp_protocol = ARP_PRO_IP, uint16_t eth_protocol = ETH_TYPE_ARP, uint8_t hlen = ETH_ADDR_LEN, uint8_t plen = IP_ADDR_LEN ){ ! ew.send_arp_msg(int_ip, arp_opcode, source_ha, source_pa, dest_ha, dest_pa, eth_hardware, arp_protocol, eth_protocol, hlen, plen); } --- 495,499 ---- uint16_t arp_protocol = ARP_PRO_IP, uint16_t eth_protocol = ETH_TYPE_ARP, uint8_t hlen = ETH_ADDR_LEN, uint8_t plen = IP_ADDR_LEN ){ ! return ew.send_arp_msg(int_ip, arp_opcode, source_ha, source_pa, dest_ha, dest_pa, eth_hardware, arp_protocol, eth_protocol, hlen, plen); } Index: csocket.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/csocket.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** csocket.h 10 Jan 2007 18:21:37 -0000 1.4 --- csocket.h 24 Jan 2007 17:59:31 -0000 1.5 *************** *** 59,75 **** this->type = type; ! block = true; ! ! this->_trace = _trace; ! sstate = -1; if(sid == -1){ ! this->sid = socket(domain, type, 0); ! if(this->sid == SOCKET_ERROR) sockerror("socket"); ! else sstate = 0; }else{ this->sid = sid; } // std::cout << "CSCOCKET created." << (cs_id = rand()) << std::endl; } --- 59,76 ---- this->type = type; ! block = true; ! this->_trace = _trace; sstate = -1; if(sid == -1){ ! this->sid = socket(domain, type, 0); ! if(this->sid == SOCKET_ERROR) ! sockerror("socket"); ! else ! sstate = 0; }else{ this->sid = sid; } + // std::cout << "CSCOCKET created." << (cs_id = rand()) << std::endl; } *************** *** 224,233 **** int rsize; struct sockaddr_in from; ! int fromlen; ! ! rsize = ::recvfrom(sid, buf, len, flags, (struct sockaddr *) &from, (socklen_t*) &fromlen); ! if (srchostname) strcpy(srchostname, inet_ntoa(from.sin_addr)); ! if (srchostport) *srchostport = ntohs(from.sin_port); ! return rsize; } --- 225,237 ---- int rsize; struct sockaddr_in from; ! int fromlen = sizeof(sockaddr_in); ! ! rsize = ::recvfrom(this->get_socketid(), buf, len, flags, (struct sockaddr *) &from, (socklen_t*) &fromlen); ! ! if (srchostname) ! strcpy(srchostname, inet_ntoa(from.sin_addr)); ! if (srchostport) ! *srchostport = ntohs(from.sin_port); ! return rsize; } Index: cethwrapper.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/cethwrapper.h,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** cethwrapper.h 23 Jan 2007 12:51:53 -0000 1.17 --- cethwrapper.h 24 Jan 2007 17:59:31 -0000 1.18 *************** *** 323,326 **** --- 323,327 ---- i_lookup_ip_intf(ip_t *ip, ip_addr_t dst) { + struct ip_intf *ipi; int n; *************** *** 341,352 **** return (NULL); } ! if (ipi != LIST_FIRST(&ip->ip_intf_list)) { LIST_REMOVE(ipi, next); LIST_INSERT_HEAD(&ip->ip_intf_list, ipi, next); } return (ipi); } } return (NULL); } --- 342,356 ---- return (NULL); } ! if (ipi != LIST_FIRST(&ip->ip_intf_list)) { LIST_REMOVE(ipi, next); LIST_INSERT_HEAD(&ip->ip_intf_list, ipi, next); } + + return (ipi); } } + return (NULL); } *************** *** 370,374 **** ssize_t i_ip_send(ip_t *ip, const void *buf, size_t len) ! { struct ip_hdr *iph; struct ip_intf *ipi; --- 374,378 ---- ssize_t i_ip_send(ip_t *ip, const void *buf, size_t len) ! { struct ip_hdr *iph; struct ip_intf *ipi; *************** *** 389,392 **** --- 393,398 ---- memcpy(&rtent.route_dst, &arpent.arp_pa, sizeof(rtent.route_dst)); + + for (i = 0, usec = 10; i < 3; i++, usec *= 100) { if (arp_get(ip->arp, &arpent) == 0) *************** *** 447,450 **** --- 453,457 ---- memcpy(frame + ETH_HDR_LEN, buf, len); i = ETH_HDR_LEN + len; + if (eth_send(ipi->eth, frame, i) != i) return (-1); |
|
From: ruttino <ru...@us...> - 2007-01-24 17:59:36
|
Update of /cvsroot/icescan/IceScan/vccproject In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv16899/vccproject Modified Files: .cvsignore Log Message: Netbios (parallel,grep output and others), RTT Jacobson, retrasmission etc ... Index: .cvsignore =================================================================== RCS file: /cvsroot/icescan/IceScan/vccproject/.cvsignore,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** .cvsignore 21 Dec 2006 20:42:13 -0000 1.1 --- .cvsignore 24 Jan 2007 17:59:31 -0000 1.2 *************** *** 2,4 **** *.user Release ! Debug \ No newline at end of file --- 2,5 ---- *.user Release ! Debug ! protocols \ No newline at end of file |
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv16899 Modified Files: .cvsignore caengine.cc caengine.h csubtarget.h iceoutput.h iceparams.h iceprotocol.h icescan.cc nbt_wrapper.h Log Message: Netbios (parallel,grep output and others), RTT Jacobson, retrasmission etc ... Index: icescan.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.cc,v retrieving revision 1.36 retrieving revision 1.37 diff -C2 -d -r1.36 -r1.37 *** icescan.cc 24 Jan 2007 14:32:58 -0000 1.36 --- icescan.cc 24 Jan 2007 17:59:30 -0000 1.37 *************** *** 418,426 **** int timeout = atoi(argv[i+1]); i++; - if(!timeout) invalid_command(argv[0], "Invalid timeout value.", ""); ! par->max_wait_time[par->source_iface] = timeout; }else invalid_command(argv[0], "Invalid option format.",""); --- 418,425 ---- int timeout = atoi(argv[i+1]); i++; if(!timeout) invalid_command(argv[0], "Invalid timeout value.", ""); ! par->max_wait_time[par->source_iface] = timeout; }else invalid_command(argv[0], "Invalid option format.",""); *************** *** 522,526 **** case 'B': ! par->scan_type = NBT_SCAN; break; --- 521,526 ---- case 'B': ! //par->scan_type = NBT_SCAN; ! par->netbios_scan = true; break; *************** *** 795,798 **** stop_sockets(); ! return 0; } --- 795,798 ---- stop_sockets(); ! return 0; } Index: .cvsignore =================================================================== RCS file: /cvsroot/icescan/IceScan/.cvsignore,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** .cvsignore 17 Jan 2007 22:24:25 -0000 1.5 --- .cvsignore 24 Jan 2007 17:59:26 -0000 1.6 *************** *** 16,17 **** --- 16,18 ---- .deps *.greg + protocols \ No newline at end of file Index: csubtarget.h =================================================================== RCS file: /cvsroot/icescan/IceScan/csubtarget.h,v retrieving revision 1.27 retrieving revision 1.28 diff -C2 -d -r1.27 -r1.28 *** csubtarget.h 22 Jan 2007 16:51:29 -0000 1.27 --- csubtarget.h 24 Jan 2007 17:59:30 -0000 1.28 *************** *** 75,78 **** --- 75,79 ---- void send_attemp(){ + gettimeofday(&tv_send,NULL); attemps++; } *************** *** 111,114 **** --- 112,119 ---- std::ostringstream output_buffer_secondary[OUTPUT_LEVEL][4]; + //// NETBIOS BUFFER RESULTS + std::ostringstream output_buffer_netbios; + std::ostringstream output_buffer_netbios_secondary; + static bool sort_probes(const scanning_probe &p1, const scanning_probe &p2){ return p1.port < p2.port; *************** *** 133,136 **** --- 138,144 ---- u_short scanned_protocols; + u_short scanned_netbios; + scanning_probe scan_netbios_probe; + int scanned_ports; int scanned_udp_ports; *************** *** 186,192 **** scanned = 0; ! scanned_protocols = 0; mac = ""; } --- 194,203 ---- scanned = 0; ! scanned_protocols = 0; ! ! scanned_netbios = 0; mac = ""; + } Index: nbt_wrapper.h =================================================================== RCS file: /cvsroot/icescan/IceScan/nbt_wrapper.h,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** nbt_wrapper.h 7 Jan 2007 16:25:21 -0000 1.6 --- nbt_wrapper.h 24 Jan 2007 17:59:30 -0000 1.7 *************** *** 202,239 **** } ! int v_print_hostinfo(const char *hostname, const struct nb_host_info* hostinfo, int v) { ! int i, unique; ! u8 service; ! char name[16]; ! char* sname; ! printf("NetBIOS Name Table for %s:\n", hostname); ! if(hostinfo->is_broken && !v) ! printf("Incomplete packet, %d bytes long.\n", hostinfo->is_broken); ! if(!v) ! printf("%-17s%-17s%-17s\n", "Name", "Service", "Type"); ! else ! printf("%-17s%-17s\n", "Name", "Service"); ! if(hostinfo->header && hostinfo->names) { ! for(i=0; i< hostinfo->header->number_of_names; i++) { ! service = hostinfo->names[i].ascii_name[15]; ! strncpy(name, hostinfo->names[i].ascii_name, 15); ! name[16]=0; ! unique = !(hostinfo->names[i].rr_flags & 0x0080); ! printf("%-17s", name); ! if(v) printf("%s\n", (char*)getnbservicename(service, unique, name)); ! else { ! printf("<%02x>", service); ! if(unique) printf(" UNIQUE\n"); ! else printf(" GROUP\n"); ! } ! } ! } ! printf("\n"); ! return 1; } --- 202,285 ---- } ! int v_print_hostinfo(const char *hostname, const struct nb_host_info* hostinfo, ! int v, std::ostringstream* outs, std::ostringstream* outssec) { ! int i, unique; ! u8 service; ! char name[16]; ! char* sname; ! char buffer[256]; ! Bzero(buffer, 256); ! //printf("NetBIOS Name Table for %s:\n", hostname); ! *outs << "NetBIOS Name Table for "<< hostname <<":\n"; ! if (outssec) ! *outssec << "Host:"<< hostname; ! if(hostinfo->is_broken && !v){ ! *outs << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long.\n"; ! if (outssec) ! *outssec << " Incomplete packet, "<< hostinfo->is_broken <<" bytes long. "; ! } ! //printf("Incomplete packet, %d bytes long.\n", hostinfo->is_broken); ! if(!v) ! sprintf(buffer,"%-17s%-17s%-17s\n", "Name", "Service", "Type"); ! else ! sprintf(buffer,"%-17s%-17s\n", "Name", "Service"); ! *outs << buffer; ! ! if (outssec) ! *outssec << " NetBios Services:"; ! ! if(hostinfo->header && hostinfo->names) { ! for(i=0; i< hostinfo->header->number_of_names; i++) { ! ! Bzero(buffer, 256); ! ! service = hostinfo->names[i].ascii_name[15]; ! strncpy(name, hostinfo->names[i].ascii_name, 15); ! name[15]=0; ! ! unique = !(hostinfo->names[i].rr_flags & 0x0080); ! ! sprintf(buffer,"%-17s", name); ! *outs << buffer; ! ! if (outssec) ! *outssec << name << "/"; ! ! if(v){ ! sprintf(buffer,"%s\n", (char*)getnbservicename(service, unique, name)); ! if (outssec) ! *outssec << getnbservicename(service, unique, name)<< ","; ! //printf("%s\n", (char*)getnbservicename(service, unique, name)); ! }else{ ! sprintf(buffer,"<%02x>", service); ! *outs << buffer; ! ! if (outssec) ! *outssec << buffer<< "//"; ! //printf("<%02x>", service); ! if(unique) ! sprintf(buffer," UNIQUE\n"); ! //printf(" UNIQUE\n"); ! else ! sprintf(buffer," GROUP\n"); ! //printf(" GROUP\n"); ! if (outssec) ! *outssec << buffer<< ","; ! } ! ! *outs << buffer; ! } ! } ! ! *outs << "\n"; ! if (outssec) ! *outssec << "\n"; ! ! return 1; } Index: iceparams.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceparams.h,v retrieving revision 1.35 retrieving revision 1.36 diff -C2 -d -r1.35 -r1.36 *** iceparams.h 23 Jan 2007 12:51:51 -0000 1.35 --- iceparams.h 24 Jan 2007 17:59:30 -0000 1.36 *************** *** 21,31 **** #define MAX_PROTOCOL_RETRIES 2 ! #define MAX_WAIT_TIME 1000000 //1 second ! #define MIN_TIMEOUT 500000 // 0.3 second #define ACK_PING_STANDART_PORT 80 #define ARP_PING_STANDART_PORT 138 ! #define OUTPUT_LEVEL 2 class iceparams{ --- 21,31 ---- #define MAX_PROTOCOL_RETRIES 2 ! #define MAX_WAIT_TIME 1000 //1 second ! #define MIN_TIMEOUT 300 //0.3 second #define ACK_PING_STANDART_PORT 80 #define ARP_PING_STANDART_PORT 138 ! #define OUTPUT_LEVEL 3 class iceparams{ *************** *** 41,44 **** --- 41,45 ---- std::vector <icestring> input_targets; + // Interface number of the device used for the scans int source_iface; *************** *** 94,97 **** --- 95,100 ---- bool ip_protocol_scan; + bool netbios_scan; + // Scan Options ( default: -ST ) *************** *** 170,174 **** ack_ping_discovery = false; ! syn_ping_discovery = false; fin_ping_discovery = false; icmp_echo_ping_discovery = false; --- 173,177 ---- ack_ping_discovery = false; ! syn_ping_discovery = false; fin_ping_discovery = false; icmp_echo_ping_discovery = false; *************** *** 177,188 **** udp_ping_discovery = false; arp_discovery = false; ! ip_protocol_scan = false; - passive_discovery = false; - scan_type = UNKNOWN_SCAN; ! sim_connects = 25; source_port = 0; --- 180,191 ---- udp_ping_discovery = false; arp_discovery = false; ! passive_discovery = false; ! ip_protocol_scan = false; + netbios_scan = false; scan_type = UNKNOWN_SCAN; ! sim_connects = 25; source_port = 0; *************** *** 194,198 **** max_retries[0] = MAX_RETRIES; ! max_wait_time[0] = MAX_WAIT_TIME; passive_scan_timeout = 0; --- 197,201 ---- max_retries[0] = MAX_RETRIES; ! max_wait_time[0] = 0;//MAX_WAIT_TIME; passive_scan_timeout = 0; *************** *** 247,256 **** fstr = find_icefile_path("protocols", databases_dir); ! ispd = new ice_protocol_name_database (fstr.c_str()); fstr = find_icefile_path("ieee-oui.txt", databases_dir); this->ismd = new ice_mac_name_database (fstr.c_str()); ! if(scan_type == UNKNOWN_SCAN && (!ip_protocol_scan)){ if(root()) scan_type = SYN_SCAN; --- 250,259 ---- fstr = find_icefile_path("protocols", databases_dir); ! this->ispd = new ice_protocol_name_database (fstr.c_str()); fstr = find_icefile_path("ieee-oui.txt", databases_dir); this->ismd = new ice_mac_name_database (fstr.c_str()); ! if(scan_type == UNKNOWN_SCAN && (!ip_protocol_scan) && (!netbios_scan)){ if(root()) scan_type = SYN_SCAN; Index: iceprotocol.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceprotocol.h,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** iceprotocol.h 23 Jan 2007 12:51:51 -0000 1.5 --- iceprotocol.h 24 Jan 2007 17:59:30 -0000 1.6 *************** *** 14,24 **** iceparams *par; crawsocket* r_raw; public: ! cprotocol_scan(iceparams *par, iceoutput *out, crawsocket* raw_sock){ this->out = out; this->par = par; ! this->r_raw = raw_sock; } --- 14,26 ---- iceparams *par; crawsocket* r_raw; + crawsocket* r_icmppack; public: ! cprotocol_scan(iceparams *par, iceoutput *out, crawsocket* raw_sock, crawsocket* icmp_pack){ this->out = out; this->par = par; ! this->r_raw = raw_sock; ! this->r_icmppack = icmp_pack; } *************** *** 26,34 **** } int send(const char *hostname, const char *l_hostname, const u_int proto,int rand_port_val = 0){ switch(proto){ case IPPROTO_ICMP: ! r_raw->send_icmp_packet(hostname, ICMP_ECHO, 0, getpid(), 0, 0, 0, 0); break; --- 28,37 ---- } + int send(const char *hostname, const char *l_hostname, const u_int proto,int rand_port_val = 0){ switch(proto){ case IPPROTO_ICMP: ! r_icmppack->send_icmp_packet(hostname, ICMP_ECHO, 0, getpid(), 0, 0, 0, 0); break; Index: caengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.cc,v retrieving revision 1.15 retrieving revision 1.16 diff -C2 -d -r1.15 -r1.16 *** caengine.cc 23 Jan 2007 12:51:51 -0000 1.15 --- caengine.cc 24 Jan 2007 17:59:30 -0000 1.16 *************** *** 63,68 **** while(! send_attempts()){ ! recieve_attempts(1000); ! iceusleep(10); } --- 63,68 ---- while(! send_attempts()){ ! iceusleep(50); ! recieve_attempts(200); } *************** *** 83,91 **** for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ for (int k = 0; k < OUTPUT_LEVEL; k++){ ! out << (*i).second->output_buffer[k].str(); ! if (out.outs[GREP].exists) ! out.outs[GREP].out << (*i).second->output_buffer_secondary[k][GREP].str(); } } } --- 83,96 ---- for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ for (int k = 0; k < OUTPUT_LEVEL; k++){ ! std::string t = (*i).second->output_buffer[k].str(); ! out << (*i).second->output_buffer[k].str(); ! if (out.outs[GREP].exists) ! out.outs[GREP].out << (*i).second->output_buffer_secondary[k][GREP].str(); } + + out.print_MAC_info((*i).second,&out); + if (out.outs[GREP].exists) + out.print_MAC_info((*i).second,&(out.outs[GREP].out)); } } *************** *** 102,125 **** void caengine::set_rtt_value(csubtarget *c, int attempts, struct timeval tv_s, struct timeval tv_f){ - //DBGOUTPUT(tv_s.tv_sec); - //DBGOUTPUT(tv_f.tv_sec); ! if(SUB_TIMEVALS(tv_f, tv_s) < MIN_TIMEOUT && attempts == 1 && c->max_retries > 1){ ! c->max_retries = c->max_retries/2; ! if(c->max_retries < 1) c->max_retries = 1; ! } ! if(attempts > 1) cde.max_packets--; ! if(cde.max_packets < 10) cde.max_packets = 10; ! //DBGOUTPUT(c->max_timeout); ! c->max_timeout = SUB_TIMEVALS(tv_f, tv_s) * TIMEOUT_MULTIPLIER > MIN_TIMEOUT ? ! SUB_TIMEVALS(tv_f, tv_s) * TIMEOUT_MULTIPLIER : MIN_TIMEOUT; ! if(cde.min_max_timeout < c->max_timeout) cde.min_max_timeout = c->max_timeout; ! //DBGOUTPUT("Adjusting rtt_timeout to " << c->max_timeout << " and rtt_retries to " << c->max_retries); ! //DBGOUTPUT("Adjusting max_packets to " << cde.max_packets); } --- 107,146 ---- void caengine::set_rtt_value(csubtarget *c, int attempts, struct timeval tv_s, struct timeval tv_f){ ! long rtt = SUB_TIMEVALS(tv_f, tv_s); ! long old_to = c->max_timeout; ! float div = 0; ! // RTT Jacobson formula ! if (c->max_timeout) ! rtt = (rtt * (1.0f - RTT_ALPHA)) + (RTT_ALPHA * c->max_timeout); ! c->max_timeout = (rtt / 1000 )* TIMEOUT_MULTIPLIER; ! if (c->max_retries && old_to){ ! div = ((float)c->max_timeout / (float)old_to); ! if (div > 0.1f) ! if (div > 1.0f) ! c->max_retries += MAX_RETRIES * (div - 1.0f); ! else ! c->max_retries -= MAX_RETRIES * (1.0f - div); ! } ! if (c->max_retries > MAX_RETRIES) ! c->max_retries = MAX_RETRIES; ! else if (c->max_retries < 1) ! c->max_retries = 1; ! ! //DBGOUTPUT(div << "Adjusting rtt_timeout to " << c->max_timeout << " max_retries to " << c->max_retries); ! //if(SUB_TIMEVALS(tv_f, tv_s) < MIN_TIMEOUT && attempts == 1 && c->max_retries > 1){ ! // c->max_retries = c->max_retries/2; ! // if(c->max_retries < 1) c->max_retries = 1; ! //} ! //if(attempts > 1) cde.max_packets--; ! //if(cde.max_packets < 10) cde.max_packets = 10; ! //c->max_timeout = SUB_TIMEVALS(tv_f, tv_s) * TIMEOUT_MULTIPLIER > MIN_TIMEOUT ? ! // SUB_TIMEVALS(tv_f, tv_s) * TIMEOUT_MULTIPLIER : MIN_TIMEOUT; ! //if(cde.min_max_timeout < c->max_timeout) cde.min_max_timeout = c->max_timeout; } *************** *** 155,164 **** } ! if(cst->discovered && par.scan_type == NBT_SCAN){ ! scanning_probe sp(137); ! cst->scan_probes.insert( std::make_pair (137, sp)); ! } ! if(!cst->max_timeout) cst->max_timeout = par.max_wait_time[0]; if(!cst->max_retries) cst->max_retries = par.max_retries[0]; --- 176,185 ---- } ! //if(cst->discovered && par.scan_type == NBT_SCAN){ ! // scanning_probe sp(137); ! // cst->scan_probes.insert( std::make_pair (137, sp)); ! //} ! //if(!cst->max_timeout) cst->max_timeout = par.max_wait_time[0]; if(!cst->max_retries) cst->max_retries = par.max_retries[0]; *************** *** 275,284 **** } ! if(par.scan_type == NBT_SCAN){ int port = par.source_port; cde.cudp = new csocket(AF_INET, SOCK_DGRAM); - - if(!port) port = csocket::getMagicPort(SOCK_DGRAM, 100); --- 296,304 ---- } ! if(par.netbios_scan){ int port = par.source_port; + //cde.cudp = (csocket*)new crawsocket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); cde.cudp = new csocket(AF_INET, SOCK_DGRAM); if(!port) port = csocket::getMagicPort(SOCK_DGRAM, 100); *************** *** 288,292 **** }else{ char local_hostname[80] = "0.0.0.0"; ! if(gethostname(local_hostname, 80)) exit(-1); //FIXME, UGLY!!!! cde.cudp->bind(local_hostname, port, 0); } --- 308,313 ---- }else{ char local_hostname[80] = "0.0.0.0"; ! if(gethostname(local_hostname, 80)) ! exit(-1); //FIXME, UGLY!!!! cde.cudp->bind(local_hostname, port, 0); } *************** *** 331,334 **** --- 352,356 ---- bool stop = true; bool stop_ps = true; + bool stop_nt = true; struct timeval tv; *************** *** 365,371 **** gettimeofday(&tv, NULL); if ((*i).second->scanned_protocols == 0 && par.ip_protocol_scan){ if((*i).second->discovered){ ! //// IP protocol scan sending stop_ps = send_protocol_attemps((*i).second, tv); }else --- 387,394 ---- gettimeofday(&tv, NULL); + //// Send the attempt for IP protocol scan if ((*i).second->scanned_protocols == 0 && par.ip_protocol_scan){ if((*i).second->discovered){ ! stop_ps = send_protocol_attemps((*i).second, tv); }else *************** *** 373,376 **** --- 396,406 ---- } + //// Send the attempt for netbios scan + if(par.netbios_scan && (*i).second->discovered){ + //// the output will be printed in recieve_netbios_attempts when we receive the reply + if (!(*i).second->scanned_netbios) + stop_nt &= send_netbios_attempts((*i).second, tv); + } + //// Print out the results for the protocol scan if((*i).second->scanned_protocols == 1 && cde.protocol_scan){ *************** *** 379,383 **** } ! if(par.scan_type == NO_SCAN && (*i).second->discovered) continue; if((*i).second->scanned == 0){ --- 409,414 ---- } ! if((par.scan_type == NO_SCAN || par.scan_type == UNKNOWN_SCAN) && (*i).second->discovered) ! continue; if((*i).second->scanned == 0){ *************** *** 402,408 **** } ! if((*i).second->discovered && par.scan_type == NBT_SCAN){ ! stop = send_netbios_attempts((*i).second, tv); ! } }else if((*i).second->scanned == 1 && (*i).second->discovered){ --- 433,440 ---- } ! //if((*i).second->discovered && par.netbios_scan){ ! // // out.show_results((*i).second,iceoutput::RESULT_NETBIOS); ! // stop_nt &= send_netbios_attempts((*i).second, tv); ! //} }else if((*i).second->scanned == 1 && (*i).second->discovered){ *************** *** 416,420 **** } /*for */ ! return stop & stop_ps; } --- 448,455 ---- } /*for */ ! if (stop) ! int ex = 0; ! ! return stop & stop_ps & stop_nt; } *************** *** 550,564 **** // return true if there no sttempts to send // and no to wait for (timeout/discover finished) bool caengine::send_raw_tcp_attempts(csubtarget *c, struct timeval &tv){ bool stop = true; for(std::map <int, scanning_probe>::iterator j = c->scan_probes.begin(); j!= c->scan_probes.end(); ++j){ ! if((*j).second.done) continue; ! //DBGOUTPUT(SUB_TIMEVALS(tv, (*j).second.tv_send) << " ? " << c->max_timeout); ! if(SUB_TIMEVALS(tv, (*j).second.tv_send) > c->max_timeout){ //DBGOUTPUT(c->hostname << ":" << (*j).first); if((*j).second.attempt > c->max_retries){ set_port_status(c, (*j).first, get_no_response_status()); - stop = false; }else if(cde.packets <= cde.max_target_packets){ stop = false; --- 585,603 ---- // return true if there no sttempts to send // and no to wait for (timeout/discover finished) + // SEND MAXIMUM cde.max_target_packets bool caengine::send_raw_tcp_attempts(csubtarget *c, struct timeval &tv){ bool stop = true; + timeval tv_now; for(std::map <int, scanning_probe>::iterator j = c->scan_probes.begin(); j!= c->scan_probes.end(); ++j){ ! if((*j).second.done) ! continue; ! ! if( this->check_timeout((*j).second.tv_send,c->max_timeout) || !(*j).second.attempt){ ! //DBGOUTPUT(c->hostname << ":" << (*j).first); + if((*j).second.attempt > c->max_retries){ set_port_status(c, (*j).first, get_no_response_status()); }else if(cde.packets <= cde.max_target_packets){ stop = false; *************** *** 573,583 **** if(cde.ack_ping_discovery) send_tcp_segment(c, &((*j).second), ACK_SCAN); ! }else send_tcp_segment(c, &((*j).second), st); cde.packets++; //iceusleep(1); ! } ! } else stop = false; } return stop; } --- 612,625 ---- if(cde.ack_ping_discovery) send_tcp_segment(c, &((*j).second), ACK_SCAN); ! }else ! send_tcp_segment(c, &((*j).second), st); cde.packets++; //iceusleep(1); ! }else if (cde.packets > cde.max_target_packets) ! break; ! } } + return stop; } *************** *** 589,593 **** bool stop = true; ! if(SUB_TIMEVALS(tv, c->attempts[A_ARP].send_tv) >= (c->max_timeout ? c->max_timeout : par.max_wait_time[c->iface])){ if(c->attempts[A_ARP].at <= par.max_retries[c->iface]){ stop = false; --- 631,636 ---- bool stop = true; ! if(this->check_timeout(c->attempts[A_ARP].send_tv,c->max_timeout)){ ! if(c->attempts[A_ARP].at <= par.max_retries[c->iface]){ stop = false; *************** *** 618,627 **** cnbtwrapper cnbt(&par); ! if(SUB_TIMEVALS(tv, c->scan_probes[137].tv_send) >= (c->max_timeout ? c->max_timeout : par.max_wait_time[c->iface])){ ! if(c->scan_probes[137].attempt <= par.max_retries[c->iface]){ stop = false; cnbt.send_query(*(cde.cudp), c->hostname.c_str(), 137, time(0)); ! gettimeofday(&(c->scan_probes[137].tv_send), NULL); ! c->scan_probes[137].attempt++; }else{ out << "No response from " << c->hostname << ": may be no NetBIOS service exists on host.\n"; --- 661,673 ---- cnbtwrapper cnbt(&par); ! if (c->scanned_netbios) ! return stop; ! ! if(this->check_timeout(c->scan_netbios_probe.tv_send,c->max_timeout)){ ! if(c->scan_netbios_probe.attempt <= par.max_retries[c->iface]){ stop = false; cnbt.send_query(*(cde.cudp), c->hostname.c_str(), 137, time(0)); ! gettimeofday(&(c->scan_netbios_probe.tv_send), NULL); ! c->scan_netbios_probe.attempt++; }else{ out << "No response from " << c->hostname << ": may be no NetBIOS service exists on host.\n"; *************** *** 631,634 **** --- 677,681 ---- return stop; } + // check if any PROTOCOL SCAN attempts to send to host _*c_ at time _tv_ // && send them *************** *** 637,642 **** bool caengine::send_protocol_attemps(csubtarget *c, struct timeval &tv){ bool stop = true; ! ! cprotocol_scan temp(&par,&out,this->cde.r2); for (std::map <int,scanning_protocol>::iterator i = c->scan_protocols.begin();i != c->scan_protocols.end(); i++){ --- 684,689 ---- bool caengine::send_protocol_attemps(csubtarget *c, struct timeval &tv){ bool stop = true; ! ! cprotocol_scan temp(&par,&out,this->cde.r2,this->cde.r3); for (std::map <int,scanning_protocol>::iterator i = c->scan_protocols.begin();i != c->scan_protocols.end(); i++){ *************** *** 644,652 **** continue; } ! ! temp.send(c->hostname.c_str(), c->source_ip.c_str(), (*i).first,(*i).second.attemps_done()); ! (*i).second.send_attemp(); ! ! stop = false; } --- 691,704 ---- continue; } ! ! if (this->check_timeout((*i).second.tv_send,c->max_timeout) || ! !(*i).second.attemps_done()){ ! ! temp.send(c->hostname.c_str(), c->source_ip.c_str(), (*i).first,(*i).second.attemps_done()); ! (*i).second.send_attemp(); ! stop = false; ! }else { ! int ex = 0; ! } } *************** *** 665,696 **** bool stop = true; ! if(SUB_TIMEVALS(tv, c->attempts[A_ICMP].send_tv) >= (c->max_timeout ? c->max_timeout : par.max_wait_time[c->iface])){ ! if(c->attempts[A_ICMP].at <= par.max_retries[c->iface]){ ! short int msg_type = ICMP_ECHO; ! char buf[sizeof(struct timeval) + 1]; ! //DBGOUTPUT(SUB_TIMEVALS(tv, (*i).second->attempts[A_ICMP].send_tv) << " ? " << ((*i).second->max_timeout ? (*i).second->max_timeout : par.max_wait_time[(*i).second->iface])); ! stop = false; ! //DBGOUTPUT("Sending attempt to " << (*i).second->hostname); ! Bzero(buf, sizeof(struct timeval) + 1); ! if(cde.icmp_echo_ping_discovery){ ! gettimeofday( ( struct timeval *) buf, NULL); ! }else if(cde.icmp_timestamp_ping_discovery){ ! msg_type = ICMP_TSTAMP; ! }else if(cde.icmp_mask_ping_discovery){ ! msg_type = ICMP_MASKREQ; ! } ! cde.r3->send_icmp_packet(c->hostname, msg_type, 0, getpid(), c->attempts[A_ICMP].at, 0, buf, sizeof(struct timeval)); ! c->attempts[A_ICMP].at++; ! gettimeofday(&(c->attempts[A_ICMP].send_tv), NULL); ! } } else stop = false; --- 717,749 ---- bool stop = true; ! if(this->check_timeout(c->attempts[A_ICMP].send_tv,c->max_timeout)){ ! if(c->attempts[A_ICMP].at <= par.max_retries[c->iface]){ ! short int msg_type = ICMP_ECHO; ! char buf[sizeof(struct timeval) + 1]; ! //DBGOUTPUT(SUB_TIMEVALS(tv, (*i).second->attempts[A_ICMP].send_tv) << " ? " << ((*i).second->max_timeout ? (*i).second->max_timeout : par.max_wait_time[(*i).second->iface])); ! stop = false; ! //DBGOUTPUT("Sending attempt to " << (*i).second->hostname); ! Bzero(buf, sizeof(struct timeval) + 1); ! if(cde.icmp_echo_ping_discovery){ ! gettimeofday( ( struct timeval *) buf, NULL); ! }else if(cde.icmp_timestamp_ping_discovery){ ! msg_type = ICMP_TSTAMP; ! }else if(cde.icmp_mask_ping_discovery){ ! msg_type = ICMP_MASKREQ; ! } ! cde.r3->send_icmp_packet(c->hostname, msg_type, 0, getpid(), c->attempts[A_ICMP].at, 0, buf, sizeof(struct timeval)); ! c->attempts[A_ICMP].at++; ! gettimeofday(&(c->attempts[A_ICMP].send_tv), NULL); ! ! } } else stop = false; *************** *** 753,794 **** unsigned short pcap_stop; ! while(!stop){ ! pcap_stop = 0; ! ! //int i = 0; ! ! if(cde.protocol_scan || cde.tcp_raw_scan || ((par.syn_ping_discovery || par.fin_ping_discovery || par.ack_ping_discovery) && cde.to_discover > 0)){ ! while(pcap_stop < 254){ ! // i++; ! gettimeofday(&tv_f, NULL); ! for(int i = 0; i<cde.pcaps.size(); i++) ! if(cde.pcaps[i]!=NULL){ ! response = cde.pcaps[i]->read_packet(&len, &tv); ! //gettimeofday(&tv, NULL); ! pcap_stop += (int) !recieve_pcap_attempts(response, len, tv); ! } ! if(SUB_TIMEVALS(tv_f, tv_s) >= (timeout - timeout/10)) pcap_stop = 254; ! } ! } ! //DBGOUTPUT(pcap_stop); ! if(cde.arp_discovery) ! check_arp_cache(); ! if((cde.ack_ping_discovery && !par.root()) || par.scan_type == TCP_CONNECT_SCAN){ ! do_select_round(); ! } ! if(cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery ) ! raw_icmp_recieve(); ! if(par.scan_type == NBT_SCAN) ! recieve_netbios_attempts(); ! gettimeofday(&tv_f, NULL); ! if(SUB_TIMEVALS(tv_f, tv_s) >= timeout) stop = true; ! }/*while(!stop)*/ } --- 806,843 ---- unsigned short pcap_stop; ! //while(!stop){ ! pcap_stop = 0; ! if(cde.protocol_scan || cde.tcp_raw_scan || ((par.syn_ping_discovery || par.fin_ping_discovery || par.ack_ping_discovery) && cde.to_discover > 0)){ ! while(pcap_stop < 254){ ! ! for(int i = 0; i<cde.pcaps.size(); i++) ! if(cde.pcaps[i]!=NULL){ ! response = cde.pcaps[i]->read_packet(&len, &tv); ! pcap_stop += (int) !recieve_pcap_attempts(response, len, tv); ! } ! gettimeofday(&tv_f, NULL); ! if(SUB_TIMEVALS(tv_f, tv_s) >= (timeout * 1000)) ! break; ! } ! } ! if(cde.arp_discovery) ! check_arp_cache(); ! if((cde.ack_ping_discovery && !par.root()) || par.scan_type == TCP_CONNECT_SCAN){ ! do_select_round(); ! } ! if(cde.icmp_echo_ping_discovery || cde.icmp_mask_ping_discovery || cde.icmp_timestamp_ping_discovery ) ! raw_icmp_recieve(); ! if(par.netbios_scan) ! recieve_netbios_attempts(); ! //gettimeofday(&tv_f, NULL); ! // if(SUB_TIMEVALS(tv_f, tv_s) >= timeout) stop = true; ! //}/*while(!stop)*/ } *************** *** 963,982 **** cnbtwrapper cnbt(&par); ! while((size = cde.cudp->recvfrom(message, NBT_MSGSIZE, 0, ip, NULL)) > 0){ struct nb_host_info *hostinfo; icestring addr(ip); if(subtargets.find(addr) != subtargets.end()){ hostinfo = (struct nb_host_info *)cnbt.parse_response(message, size); ! cnbt.v_print_hostinfo(subtargets[addr]->hostname.c_str(), hostinfo, !par.verbose); ! subtargets[addr]->scanned = 2; #ifndef __CYGWIN__ subtargets[addr]->mac = get_arp_from_cache(subtargets[addr]->hostname); #endif ! if(subtargets[addr]->mac != "" && subtargets[addr]->mac != "00:00:00:00:00:00"){ ! icestring mac_msg; ! out.get_mac_message(subtargets[addr]->mac,mac_msg); ! out << mac_msg.c_str() << "\n\n"; ! } } } --- 1012,1040 ---- cnbtwrapper cnbt(&par); ! ! size = cde.cudp->recvfrom(message, sizeof(message), 0, ip, NULL); ! ! if (size > 0){ struct nb_host_info *hostinfo; + icestring addr(ip); if(subtargets.find(addr) != subtargets.end()){ hostinfo = (struct nb_host_info *)cnbt.parse_response(message, size); ! cnbt.v_print_hostinfo(subtargets[addr]->hostname.c_str(), hostinfo, ! !par.verbose,&(subtargets[addr]->output_buffer_netbios) ! ,&(subtargets[addr]->output_buffer_netbios_secondary)); ! ! std::string strc = subtargets[addr]->output_buffer_netbios.str(); ! ! subtargets[addr]->scanned_netbios = 1; ! subtargets[addr]->scan_netbios_probe.done = true; ! #ifndef __CYGWIN__ subtargets[addr]->mac = get_arp_from_cache(subtargets[addr]->hostname); #endif ! ! out.show_results(subtargets[addr],iceoutput::RESULT_NETBIOS); ! } } *************** *** 1162,1193 **** if (subtargets[addr]->scan_protocols.find(ip->protocol) != subtargets[addr]->scan_protocols.end()){ subtargets[addr]->scan_protocols[ip->protocol].set_open(); } } ! if (cde.protocol_scan){ ! //// ICMP message manage for protocol scan ! if (ip->protocol == IPPROTO_ICMP){ ! struct icmp *icmp = (struct icmp *) (response + 4 * ip->ihl); ! if (icmp->icmp_type == 3){ ! /// Get the right information from the icmp payload ! /// Protocol info ! int proto_temp = *(icmp->icmp_dun.id_data + 9); ! /// Ip destination original packet info ! u32* addr_src = (u32*)(icmp->icmp_dun.id_data + 16); ! icestring addr_temp; ! iceinet_ntoa(*addr_src,addr_temp); ! /// Set to filtered the port ! if (subtargets.find(addr_temp) != subtargets.end()) ! if (subtargets[addr_temp]->scan_protocols.find(proto_temp) != subtargets[addr_temp]->scan_protocols.end()){ ! if (icmp->icmp_code == 2) ! subtargets[addr_temp]->scan_protocols[proto_temp].set_closed(); ! else ! subtargets[addr_temp]->scan_protocols[proto_temp].set_filtered(); ! } ! } ! } ! } if(found && ip->protocol == IPPROTO_TCP && (cde.tcp_raw_scan || (subtargets[addr]->discovering && cde.syn_ping_discovery || cde.fin_ping_discovery || cde.ack_ping_discovery))){ --- 1220,1272 ---- if (subtargets[addr]->scan_protocols.find(ip->protocol) != subtargets[addr]->scan_protocols.end()){ subtargets[addr]->scan_protocols[ip->protocol].set_open(); + this->set_rtt_value(subtargets[addr],0,subtargets[addr]->scan_protocols[ip->protocol].tv_send,tv); } } ! ! //// ICMP message manage for protocol scan ! if (ip->protocol == IPPROTO_ICMP){ ! struct icmp *icmp = (struct icmp *) (response + 4 * ip->ihl); ! if (icmp->icmp_type == 3){ ! /// Get the right information from the icmp payload ! /// Protocol info ! int proto_temp = *(icmp->icmp_dun.id_data + 9); ! /// Ip destination original packet info ! u32* addr_src = (u32*)(icmp->icmp_dun.id_data + 16); ! icestring addr_temp; ! iceinet_ntoa(*addr_src,addr_temp); ! /// Set to filtered the port ! ! if (subtargets.find(addr_temp) != subtargets.end()){ ! ! u16 port_temp; ! memcpy(&port_temp,(icmp->icmp_dun.id_data + 22),2); ! port_temp = ntohs(port_temp); ! ! if (cde.tcp_raw_scan){ ! /// Update the RTT for an ICMP message ! if (subtargets[addr_temp]->scan_probes.find(port_temp) != subtargets[addr_temp]->scan_probes.end()){ ! set_rtt_value(subtargets[addr_temp],0,subtargets[addr_temp]->scan_probes[port_temp].tv_send,tv); ! } ! } ! ! /// If the protocol scan is enabled ! if (cde.protocol_scan){ ! if (subtargets[addr_temp]->scan_protocols.find(proto_temp) != subtargets[addr_temp]->scan_protocols.end()){ ! if (icmp->icmp_code == 2){ ! subtargets[addr_temp]->scan_protocols[proto_temp].set_closed(); ! }else{ ! subtargets[addr_temp]->scan_protocols[proto_temp].set_filtered(); ! } ! /// Update the RTT for an ICMP message ! set_rtt_value(subtargets[addr_temp],0,subtargets[addr_temp]->scan_protocols[proto_temp].tv_send,tv); ! } ! } ! } /// subtarget in list ! } /// Type 3 ! } /// protocol ICMP ! if(found && ip->protocol == IPPROTO_TCP && (cde.tcp_raw_scan || (subtargets[addr]->discovering && cde.syn_ping_discovery || cde.fin_ping_discovery || cde.ack_ping_discovery))){ *************** *** 1256,1258 **** --- 1335,1346 ---- } + bool caengine::check_timeout(timeval time_before, u_long max_time_out){ + timeval tv_now; + gettimeofday(&tv_now,NULL); + + u_long sub_time = SUB_TIMEVALS(tv_now,time_before) / 1000; + u_long max_time = (par.max_wait_time[par.source_iface] ? par.max_wait_time[par.source_iface] : ( max_time_out ? (MAX_WAIT_TIME) : max_time_out )); + + return (sub_time > max_time); + } Index: caengine.h =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.h,v retrieving revision 1.25 retrieving revision 1.26 diff -C2 -d -r1.25 -r1.26 *** caengine.h 23 Jan 2007 12:51:51 -0000 1.25 --- caengine.h 24 Jan 2007 17:59:30 -0000 1.26 *************** *** 32,35 **** --- 32,37 ---- #define TIMEOUT_MULTIPLIER 2 + #define RTT_ALPHA 0.9f + //UGLY, pls set REAL FD_SETSIZE #ifdef __CYGWIN__ *************** *** 283,286 **** --- 285,291 ---- void close(); + + + bool check_timeout(timeval,u_long); }; Index: iceoutput.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceoutput.h,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** iceoutput.h 22 Jan 2007 18:06:49 -0000 1.11 --- iceoutput.h 24 Jan 2007 17:59:30 -0000 1.12 *************** *** 182,186 **** } ! enum RESULTS_TYPE {RESULT_PORTS = 0,RESULT_PROTOCOLS}; --- 182,186 ---- } ! enum RESULTS_TYPE {RESULT_PORTS = 0,RESULT_PROTOCOLS, RESULT_NETBIOS}; *************** *** 203,225 **** if(!par.verbose && !c->scan_probes.size() && par.scan_type == PASSIVE_SCAN) return; ! if (res_type == RESULT_PORTS){ ! for(std::map <int, scanning_probe >::iterator i = c->scan_probes.begin(); i!= c->scan_probes.end(); ++i){ ! list_output.insert(std::make_pair((*i).first,(*i).second.status)); ! } ! ! out = &(c->output_buffer[0]); ! out_secondary_grep = &(c->output_buffer_secondary[0][GREP]); ! sprintf(str_type_scan,"Ports"); ! }else{ ! for(std::map <int, scanning_protocol >::iterator i = c->scan_protocols.begin(); i!= c->scan_protocols.end(); ++i){ ! list_output.insert(std::make_pair((*i).first,(*i).second.status)); ! } ! out = &(c->output_buffer[1]); ! out_secondary_grep = &(c->output_buffer_secondary[1][GREP]); ! sprintf(str_type_scan,"Protocols"); } for(std::map <int, int >::iterator i = list_output.begin(); i!= list_output.end(); ++i){ total++; --- 203,229 ---- if(!par.verbose && !c->scan_probes.size() && par.scan_type == PASSIVE_SCAN) return; ! if (res_type == RESULT_PORTS){ ! for(std::map <int, scanning_probe >::iterator i = c->scan_probes.begin(); i!= c->scan_probes.end(); ++i){ ! list_output.insert(std::make_pair((*i).first,(*i).second.status)); ! } ! out = &(c->output_buffer[RESULT_PORTS]); ! out_secondary_grep = &(c->output_buffer_secondary[0][GREP]); ! sprintf(str_type_scan,"Ports"); ! }else if (res_type == RESULT_PROTOCOLS){ ! for(std::map <int, scanning_protocol >::iterator i = c->scan_protocols.begin(); i!= c->scan_protocols.end(); ++i){ ! list_output.insert(std::make_pair((*i).first,(*i).second.status)); } + + out = &(c->output_buffer[RESULT_PROTOCOLS]); + out_secondary_grep = &(c->output_buffer_secondary[1][GREP]); + sprintf(str_type_scan,"Protocols"); + }else if (res_type == RESULT_NETBIOS){ + out = &(c->output_buffer[RESULT_NETBIOS]); + out_secondary_grep = &(c->output_buffer_secondary[2][GREP]); + } + if (res_type != RESULT_NETBIOS){ for(std::map <int, int >::iterator i = list_output.begin(); i!= list_output.end(); ++i){ total++; *************** *** 236,240 **** } } ! if(closed < MAX_SHOWED) show_closed = true; else{ --- 240,244 ---- } } ! if(closed < MAX_SHOWED) show_closed = true; else{ *************** *** 274,344 **** *out_secondary_grep << "Host: " << " "<< str_type_scan <<": "; } ! if(c->scan_probes.size() || c->scan_protocols.size()){ ! ! *out << iceoutput::endl; ! os.str(""); ! os << "Not shown: "; ! for(int i = 0; i < not_shown.size(); i++){ ! if(i+1 == not_shown.size() && i!=0){ ! os << " and " << not_shown[i] << " "<< str_type_scan <<"."; ! }else if(i+1 == not_shown.size() && i!=0){ ! os << not_shown[i] << " "<< str_type_scan <<"."; ! }else if(i == 0){ ! os << not_shown[i]; ! }else{ ! os << ", " << not_shown[i]; ! } } ! os << "\n"; ! if(not_shown.size()) *out << os.str(); ! if (res_type == RESULT_PORTS) ! *out << "PORT STATE SERVICE\n"; ! else ! *out << "PROTOCOL STATE SERVICE\n"; ! #ifndef __CYGWIN__ ! //std::sort(c->scan_probes.begin(), c->scan_probes.end(), sort_probes); ! #endif ! int j = 0; ! icestring state = ""; ! for(std::map <int, int >::iterator i = list_output.begin(); i!= list_output.end(); ++i){ ! Bzero(output_buf, 255); ! state = ""; ! if((*i).second == PORT_OPEN){ ! state = "open"; ! }else if((*i).second == PORT_OPEN_FILTERED && show_of){ ! state = "o|f"; ! }else if((*i).second == PORT_UNFILTERED && show_unfiltered){ ! state = "unfilt"; ! }else if((*i).second == PORT_FILTERED && show_filtered){ ! state = "filt"; ! }else if((*i).second == PORT_CLOSED && show_closed){ ! state = "closed"; ! } ! ! if(state.size()){ ! if (res_type == RESULT_PORTS) ! sprintf(output_buf, "%5d/tcp %6s %s", (*i).first, state.c_str(), par.isnd->get_tcp_service((*i).first).c_str()); ! else ! sprintf(output_buf, "%5d %6s %s", (*i).first, state.c_str(), par.ispd->get_protocol((*i).first).c_str()); *out << output_buf << "\n"; ! if(outs[GREP].exists){ ! if (res_type == RESULT_PORTS) grep << (*i).first << "/" << state.c_str() << "/" << "tcp" << "//" ! << par.isnd->get_tcp_service((*i).first).c_str() << ""; ! else grep << (*i).first << "/" << state.c_str() << "//" ! << par.ispd->get_protocol((*i).first).c_str() << ""; ! grep << ", "; } --- 278,349 ---- *out_secondary_grep << "Host: " << " "<< str_type_scan <<": "; } + } /// end if (res_type != RESULT_NETBIOS) ! if((c->scan_probes.size() || c->scan_protocols.size()) && (res_type == RESULT_PORTS || res_type == RESULT_PROTOCOLS)){ ! ! *out << iceoutput::endl; ! os.str(""); ! os << "Not shown: "; ! for(int i = 0; i < not_shown.size(); i++){ ! if(i+1 == not_shown.size() && i!=0){ ! os << " and " << not_shown[i] << " "<< str_type_scan <<"."; ! }else if(i+1 == not_shown.size() && i!=0){ ! os << not_shown[i] << " "<< str_type_scan <<"."; ! }else if(i == 0){ ! os << not_shown[i]; ! }else{ ! os << ", " << not_shown[i]; } + } ! os << "\n"; ! if(not_shown.size()) *out << os.str(); ! if (res_type == RESULT_PORTS) ! *out << "PORT STATE SERVICE\n"; ! else ! *out << "PROTOCOL STATE SERVICE\n"; ! #ifndef __CYGWIN__ ! //std::sort(c->scan_probes.begin(), c->scan_probes.end(), sort_probes); ! #endif ! int j = 0; ! icestring state = ""; ! for(std::map <int, int >::iterator i = list_output.begin(); i!= list_output.end(); ++i){ ! Bzero(output_buf, 255); ! state = ""; ! if((*i).second == PORT_OPEN){ ! state = "open"; ! }else if((*i).second == PORT_OPEN_FILTERED && show_of){ ! state = "o|f"; ! }else if((*i).second == PORT_UNFILTERED && show_unfiltered){ ! state = "unfilt"; ! }else if((*i).second == PORT_FILTERED && show_filtered){ ! state = "filt"; ! }else if((*i).second == PORT_CLOSED && show_closed){ ! state = "closed"; ! } ! ! if(state.size()){ ! if (res_type == RESULT_PORTS) ! sprintf(output_buf, "%5d/tcp %6s %s", (*i).first, state.c_str(), par.isnd->get_tcp_service((*i).first).c_str()); ! else ! sprintf(output_buf, "%5d %6s %s", (*i).first, state.c_str(), par.ispd->get_protocol((*i).first).c_str()); *out << output_buf << "\n"; ! if(outs[GREP].exists){ ! if (res_type == RESULT_PORTS) grep << (*i).first << "/" << state.c_str() << "/" << "tcp" << "//" ! << par.isnd->get_tcp_service((*i).first).c_str() << ""; ! else grep << (*i).first << "/" << state.c_str() << "//" ! << par.ispd->get_protocol((*i).first).c_str() << ""; ! grep << ", "; } *************** *** 355,361 **** } }else{ if(outs[GREP].exists) ! *out_secondary_grep << " no "<< str_type_scan <<" detected."; *out << " none "<< str_type_scan <<" detected.\n"; --- 360,375 ---- } + }else if (res_type == RESULT_NETBIOS){ + /// out the netbios results + std::string strc = c->output_buffer_netbios.str(); + *out << c->output_buffer_netbios.str(); + + if(outs[GREP].exists) + *out_secondary_grep << c->output_buffer_netbios_secondary.str(); + }else{ + /// no results if(outs[GREP].exists) ! *out_secondary_grep << " no "<< str_type_scan <<" detected."; *out << " none "<< str_type_scan <<" detected.\n"; *************** *** 366,377 **** if(outs[GREP].exists) *out_secondary_grep << "\n"; ! if(c->mac != "" && c->mac != "00:00:00:00:00:00"){ ! icestring mac_msg; ! get_mac_message(c->mac,mac_msg); ! *out << mac_msg.c_str() << "\n\n"; } ! } private: --- 380,405 ---- if(outs[GREP].exists) *out_secondary_grep << "\n"; ! ! } ! ! void print_MAC_info(csubtarget* c,std::ostringstream* out){ if(c->mac != "" && c->mac != "00:00:00:00:00:00"){ ! icestring mac_msg; ! get_mac_message(c->mac,mac_msg); ! *out << mac_msg.c_str() << "\n\n"; } + } ! void print_MAC_info(csubtarget* c,iceoutput* out){ ! std::ostringstream temp; ! print_MAC_info(c,&temp); ! *out << temp.str(); ! } ! ! void print_MAC_info(csubtarget* c,std::ofstream* out){ ! std::ostringstream temp; ! print_MAC_info(c,&temp); ! *out << temp.str(); ! } private: |
|
From: Alexander B. <da...@us...> - 2007-01-23 20:51:54
|
Update of /cvsroot/icescan/IceScan/icesockets In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv8579 Modified Files: sock_utils.cc packet_tracer.h sock_utils.h Log Message: no message Index: packet_tracer.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/packet_tracer.h,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** packet_tracer.h 14 Jan 2007 15:19:48 -0000 1.6 --- packet_tracer.h 23 Jan 2007 20:51:43 -0000 1.7 *************** *** 255,258 **** --- 255,331 ---- std::cout << os.str() << std::endl; } + + static icestring TraceIPOptions(char *packet, u32 packet_len){ + struct iphdr *ip = (struct iphdr *) packet; + int i = 0; + short len = (short) ip->ihl * 4 - 20; + short ulen = 0; + short pnt = 0; + u32 addr; + struct in_addr ia; + + + char *ipopts = packet + 20; + + std::ostringstream os; + for(int i = 0; i<len && i<(packet_len - sizeof(struct iphdr)); i++){ + + switch(ipopts[i]) { + case 0: + os << "EOL"; + return os.str(); + break; + + case 1: + os << "NOP"; + break; + + case 7: + os << "RR{"; + + if(++i >= len){ + os << " !EOL"; + return os.str(); + } + + ulen = ipopts[i]; + + os << "len=" << ulen; + + if(++i >= len){ + os << " !EOL"; + return os.str(); + } + + os << " "; + pnt = ipopts[i]; + + os << "pnt=" << pnt << " "; + i++; + + for(; i < len - 1 && i < (packet_len - sizeof(struct iphdr));){ + memmove(&(ia.s_addr), ipopts + i, 4); + os << inet_ntoa(ia); + if(i + 4 < len-1){ + i+=4; + os << " "; + }else break; + } + + os << "}"; + + break; + + default: + writehex(os, (short) ipopts[i]); + break; + } + + os << " "; + } + + os << " !EOL"; + return os.str(); + } static void TraceIPPacket(icestring action, char *packet, u32 len, struct timeval tv_f){ *************** *** 267,271 **** char output_buffer[255]; u16 port_s, port_d; ! icestring flags = ""; sa_s.sin_addr.s_addr = ip->saddr; --- 340,345 ---- char output_buffer[255]; u16 port_s, port_d; ! icestring flags = "", ipopts = ""; ! sa_s.sin_addr.s_addr = ip->saddr; *************** *** 279,282 **** --- 353,360 ---- os << output_buffer << "s)"; + + if(ip->ihl > 5){ + ipopts = PacketTracer::TraceIPOptions(packet, len); + } switch(ip->protocol){ *************** *** 299,307 **** if(flags == "") flags = "."; ! os << " TCP " << inet_ntoa(sa_s.sin_addr) << ":" << port_s ! << " > " << inet_ntoa(sa_d.sin_addr) << ":" << port_d << " " << flags << " ttl=" << (unsigned short)ip->ttl ! << " id=" << ntohs(ip->id) << " iplen=" << ntohs(ip->tot_len) ! << " seq=" << ntohl(tcp->th_seq) << " win=" << ntohs(tcp->th_win); if(tcp->th_flags & (TH_ACK)) os << " ack=" << ntohl(tcp->th_ack); --- 377,389 ---- if(flags == "") flags = "."; ! os << " TCP " << inet_ntoa(sa_s.sin_addr) << ":" << port_s; ! os << " > " << inet_ntoa(sa_d.sin_addr) << ":" << port_d << " " << flags << " ttl=" << (unsigned short)ip->ttl ! << " id=" << ntohs(ip->id) << " iplen=" << ntohs(ip->tot_len); ! ! if(ipopts.size()) ! os << " ipopts={" << ipopts << "}"; ! ! os << " seq=" << ntohl(tcp->th_seq) << " win=" << ntohs(tcp->th_win); if(tcp->th_flags & (TH_ACK)) os << " ack=" << ntohl(tcp->th_ack); *************** *** 316,329 **** port_d = ntohs(udp->dest); ! os << " UDP " << inet_ntoa(sa_s.sin_addr) << ":" << port_s ! << " > " << inet_ntoa(sa_d.sin_addr) << ":" << port_d << " ttl=" << (unsigned short)ip->ttl ! << " id=" << ntohs(ip->id) << " iplen=" << ntohs(ip->tot_len) ! << " udplen=" << ntohs(udp->len); break; case IPPROTO_ICMP: ! os << " ICMP " << inet_ntoa(sa_s.sin_addr) << " > " << inet_ntoa(sa_d.sin_addr) << " "; os << getICMPPacketInfo((packet + ip->ihl * 4), len - ip->ihl * 4); --- 398,416 ---- port_d = ntohs(udp->dest); ! os << " UDP " << inet_ntoa(sa_s.sin_addr) << ":" << port_s; ! os << " > " << inet_ntoa(sa_d.sin_addr) << ":" << port_d << " ttl=" << (unsigned short)ip->ttl ! << " id=" << ntohs(ip->id) << " iplen=" << ntohs(ip->tot_len); ! ! if(ipopts.size()) ! os << " ipopts={" << ipopts << "}"; ! ! os << " udplen=" << ntohs(udp->len); break; case IPPROTO_ICMP: ! os << " ICMP " << inet_ntoa(sa_s.sin_addr); ! os << " > " << inet_ntoa(sa_d.sin_addr) << " "; os << getICMPPacketInfo((packet + ip->ihl * 4), len - ip->ihl * 4); *************** *** 331,334 **** --- 418,424 ---- os << " ttl=" << (unsigned short)ip->ttl << " id=" << ntohs(ip->id) << " iplen=" << ntohs(ip->tot_len); + if(ipopts.size()) + os << " ipopts={" << ipopts << "} "; + break; } Index: sock_utils.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/sock_utils.h,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** sock_utils.h 19 Jan 2007 12:46:46 -0000 1.7 --- sock_utils.h 23 Jan 2007 20:51:43 -0000 1.8 *************** *** 37,40 **** --- 37,42 ---- float timeb_diff(timeb &, timeb &); + void writehex(std::ostringstream &, short); + icestring make_uptime(long); Index: sock_utils.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/sock_utils.cc,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** sock_utils.cc 19 Jan 2007 12:46:46 -0000 1.9 --- sock_utils.cc 23 Jan 2007 20:51:42 -0000 1.10 *************** *** 80,83 **** --- 80,87 ---- } + void writehex(std::ostringstream &os, short d){ + + } + icestring make_uptime(long t){ char buf[1024]; |
|
From: Alexander B. <da...@us...> - 2007-01-23 12:52:03
|
Update of /cvsroot/icescan/IceScan/icesockets In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv16497/icesockets Modified Files: crawsocket.h sock_types.h cethwrapper.h Log Message: Some fixes in architecture of crawsocket/cethwrapper. Index: sock_types.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/sock_types.h,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** sock_types.h 19 Jan 2007 17:42:48 -0000 1.13 --- sock_types.h 23 Jan 2007 12:51:53 -0000 1.14 *************** *** 111,115 **** #endif ! #define ETH_ALEN_ 6 /* Octets in one ethernet addr */ #define ARPHRD_ETHER 1 /* Ethernet ARP type */ --- 111,117 ---- #endif ! enum Ip_options{NONE, RR, RT, RRT, SR, LR}; ! #define IPOPT_LENGTH 40 ! #define ETH_ALEN_ 6 /* Octets in one ethernet addr */ #define ARPHRD_ETHER 1 /* Ethernet ARP type */ Index: crawsocket.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/crawsocket.h,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** crawsocket.h 22 Jan 2007 18:06:49 -0000 1.11 --- crawsocket.h 23 Jan 2007 12:51:53 -0000 1.12 *************** *** 15,18 **** --- 15,21 ---- int mtu; bool ethernet; + enum Ip_options option; + char options[40]; + cethwrapper ew; void init_default(){ *************** *** 21,24 **** --- 24,28 ---- fragmenting = false; badchksum = false; + option = NONE; } *************** *** 59,62 **** --- 63,83 ---- } + void set_ip_option(enum Ip_options option){ + this->option = option; + Bzero(options, 40); + + switch(option){ + case RR: + options[0] = 1; //NOP + options[1] = 7; // R-code + options[2] = 39; // option length + options[3] = 4; // pointer to data + break; + + default: + break; + } + } + ~crawsocket(){ } *************** *** 160,173 **** } ! int send_ip_raw(icestring source, icestring destination,u_int protocol_type,u_int ttl,char* data,u_int data_len){ crandom r; struct sockaddr_in saddress, daddress; ! ! #ifdef WIN32 ! char *packet = (char *) malloc(sizeof(struct iphdr) + data_len); ! #else ! char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + data_len]; ! #endif ! u_int slen = make_sockname(saddress, source.c_str(), 0, domain); u_int dlen = make_sockname(daddress, destination.c_str(), 0, domain); --- 181,195 ---- } ! int send_ip_raw(icestring source, icestring destination, u_int protocol_type,u_int ttl,char* data,u_int data_len){ crandom r; struct sockaddr_in saddress, daddress; ! char *packet; ! int ipoptlen = 0; ! ! if(option != NONE) ! ipoptlen = IPOPT_LENGTH; ! ! packet = (char *) malloc(sizeof(struct iphdr) + ipoptlen + data_len); ! u_int slen = make_sockname(saddress, source.c_str(), 0, domain); u_int dlen = make_sockname(daddress, destination.c_str(), 0, domain); *************** *** 178,182 **** struct iphdr *ip = (struct iphdr *) packet; ! Bzero(packet, sizeof(struct iphdr)); ip->version = 4; ip->ihl = 5; --- 200,204 ---- struct iphdr *ip = (struct iphdr *) packet; ! Bzero(packet, sizeof(struct iphdr) + ipoptlen); ip->version = 4; ip->ihl = 5; *************** *** 187,199 **** ip->saddr = saddress.sin_addr.s_addr; ip->daddr = daddress.sin_addr.s_addr; - ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr)); if (data_len > 0) ! memcpy(packet + sizeof(struct iphdr),data,data_len); int res = 0; if(ethernet){ ! #ifdef HAVE_LIBDNET ! cethwrapper ew; res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); #endif --- 209,227 ---- ip->saddr = saddress.sin_addr.s_addr; ip->daddr = daddress.sin_addr.s_addr; + if(option != NONE){ + ip->ihl = 15; + ip->tot_len = htons(sizeof(struct iphdr) + ipoptlen + sizeof(struct tcphdr) + data_len); + memmove(packet + sizeof(struct iphdr), options, ipoptlen); + } + + ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr) + ipoptlen); + if (data_len > 0) ! memcpy(packet + sizeof(struct iphdr),data,data_len); int res = 0; if(ethernet){ ! #ifdef HAVE_LIBDNET res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); #endif *************** *** 208,214 **** if(_trace){ ! timeval tv; ! gettimeofday(&tv, NULL); ! PacketTracer::TraceIPPacket("SENT", packet, ntohs(ip->tot_len), tv); } --- 236,242 ---- if(_trace){ ! struct timeval tv; ! gettimeofday(&tv, NULL); ! PacketTracer::TraceIPPacket("SENT", packet, ntohs(ip->tot_len), tv); } *************** *** 225,237 **** crandom r; ! #ifdef WIN32 ! char *packet = (char *) malloc(sizeof(struct iphdr) + sizeof(struct tcphdr) + datalen); ! #else ! char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + datalen]; ! #endif ! ! struct iphdr *ip = (struct iphdr *) packet; ! struct tcphdr *tcp = (struct tcphdr *) (packet + sizeof(struct iphdr)); ! struct pseudo_header *pseudo = (struct pseudo_header *) (packet + sizeof(struct iphdr) - sizeof(struct pseudo_header)); int res = -1; char myname[ICEMAXHOSTNAME + 1]; --- 253,272 ---- crandom r; ! char *packet; ! struct tcphdr *tcp; ! struct iphdr *ip; ! struct pseudo_header *pseudo; ! int ipoptlen = 0; ! ! if(option != NONE) ! ipoptlen = IPOPT_LENGTH; ! ! packet = (char *) malloc(sizeof(struct iphdr) + ipoptlen + sizeof(struct tcphdr) + datalen); ! tcp = (struct tcphdr *) (packet + sizeof(struct iphdr) + ipoptlen); ! ! ! ip = (struct iphdr *) packet; ! pseudo = (struct pseudo_header *) ((u8*)tcp - sizeof(struct pseudo_header)); ! int res = -1; char myname[ICEMAXHOSTNAME + 1]; *************** *** 244,248 **** dlen = make_sockname(daddress, destination.c_str(), 0, domain); ! Bzero(packet, sizeof(iphdr) + sizeof(tcphdr)); pseudo->src_addr = saddress.sin_addr.s_addr; --- 279,283 ---- dlen = make_sockname(daddress, destination.c_str(), 0, domain); ! Bzero(packet, sizeof(iphdr) + ipoptlen + sizeof(tcphdr)); pseudo->src_addr = saddress.sin_addr.s_addr; *************** *** 289,308 **** ip->saddr = saddress.sin_addr.s_addr; ip->daddr = daddress.sin_addr.s_addr; ! ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr)); ! ! //print_tcppacket(packet,ntohs(ip->tot_len)); ! if(ethernet){ ! #ifdef HAVE_LIBDNET ! cethwrapper ew; ! res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); ! #endif }else if ((res = sendto(destination.c_str(), packet, ntohs(ip->tot_len), 0)) == -1) { ! perror("sendto in send_tcp_raw"); ! #ifdef WIN32 ! free(packet); ! #endif ! return -1; } --- 324,345 ---- ip->saddr = saddress.sin_addr.s_addr; ip->daddr = daddress.sin_addr.s_addr; ! ! if(option != NONE){ ! ip->ihl = 15; ! ip->tot_len = htons(sizeof(struct iphdr) + ipoptlen + sizeof(struct tcphdr) + datalen); ! memmove(packet + sizeof(struct iphdr), options, ipoptlen); ! } ! ! ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr) + ipoptlen); ! if(ethernet){ ! #ifdef HAVE_LIBDNET ! res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); ! #endif }else if ((res = sendto(destination.c_str(), packet, ntohs(ip->tot_len), 0)) == -1) { ! perror("sendto in send_tcp_raw"); ! free(packet); ! return -1; } *************** *** 311,317 **** if(_trace) PacketTracer::TraceIPPacket("SENT", packet, ntohs(ip->tot_len), tv); ! #ifdef WIN32 ! free(packet); ! #endif return res; } --- 348,353 ---- if(_trace) PacketTracer::TraceIPPacket("SENT", packet, ntohs(ip->tot_len), tv); ! free(packet); ! return res; } *************** *** 349,439 **** } ! int send_udp_raw(icestring Hostname, u_short port_src, u_short port_dst,u_int ttl, u_int chksum, char* data, u_int len){ ! crandom r; ! char buftosend[1500]; ! struct udphdr *udp = (struct udphdr *) (buftosend + sizeof(struct iphdr)); ! struct iphdr *ip = (struct iphdr *) buftosend; ! const char *hostname = Hostname.c_str(); ! struct sockaddr_in saddress, daddress; ! int slen, dlen; ! char sender_host[100]; ! gethostname(sender_host,100); ! Bzero(udp, sizeof(struct udphdr) + len); ! slen = make_sockname(saddress, sender_host, 0, domain); ! dlen = make_sockname(daddress, Hostname.c_str(), 0, domain); ! udp->len = htons(sizeof(struct udphdr) + len); ! udp->dest = htons(port_dst); ! udp->source = htons(port_src); ! if(!badchksum){ ! if (chksum == 0){ ! struct udpiphdr *udp_sum = new udpiphdr(); ! Bzero(udp_sum, sizeof(struct udphdr)); ! //// Calculate the UDP checksum ! udp_sum->ui_i.ih_dst = daddress.sin_addr; ! udp_sum->ui_i.ih_src = saddress.sin_addr; ! udp_sum->ui_i.ih_pr = IPPROTO_UDP; ! udp_sum->ui_i.ih_len = udp->len; ! udp_sum->ui_u = *udp; ! ! if ( ( udp->check = (in_chksum((u_int16_t *) udp_sum, len + sizeof(struct udpiphdr)))) == 0) ! udp->check = 0xffff; ! ! delete udp_sum; ! udp_sum = 0; ! } ! }else udp->check = r.rand_uint16(); ! ! if(!ttl) ! ttl = (r.rand_uint8() + 50) % 255; ! Bzero(ip, sizeof(struct iphdr)); ! ip->version = 4; ! ip->ihl = 5; ! ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + len); ! ip->id = r.rand_uint16(); ! ip->ttl = ttl; ! ip->protocol = IPPROTO_UDP; ! ip->saddr = saddress.sin_addr.s_addr; ! ip->daddr = daddress.sin_addr.s_addr; ! ! ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr)); ! memcpy((udp + sizeof(struct udphdr)), data, len); ! if(_trace){ ! icestring src; ! struct timeval tv; ! char src_hostname[128]; ! gethostname(src_hostname, 128); ! ! gettimeofday(&tv, NULL); ! src.assign(src_hostname); ! PacketTracer::TraceICMPPacket("SENT", src, hostname, buftosend, len, tv); ! } ! int ret_v = 0; ! if(ethernet){ ! #ifdef HAVE_LIBDNET ! cethwrapper ew; ! ret_v = ew.send_ip_packet(buftosend, ntohs(ip->tot_len)); ! #endif ! }else if ((ret_v = sendto(hostname, buftosend, ntohs(ip->tot_len), 0)) == -1){ ! perror("sendto in send_tcp_raw"); return -1; ! } ! return ret_v; ! } int send_icmp_packet(icestring Hostname, int Icmp_type, int Icmp_code, int Icmp_id, int Icmp_seq, int Icmp_checksum, void* Icmp_data, int Icmp_data_len){ --- 385,490 ---- } ! int send_udp_raw(icestring src_hostname, icestring dst_hostname, u_short port_src, u_short port_dst, u_int ttl, u_int chksum, char* data, u_int datalen){ ! crandom r; ! ! char *packet; ! struct udphdr *udp; ! struct iphdr *ip; ! struct pseudo_header *pseudo; ! int ipoptlen = 0; ! ! if(option != NONE) ! ipoptlen = IPOPT_LENGTH; ! ! packet = (char *) malloc(sizeof(struct iphdr) + ipoptlen + sizeof(struct tcphdr) + datalen); ! ! udp = (struct udphdr *) (packet + ipoptlen + sizeof(struct iphdr)); ! ip = (struct iphdr *) packet; ! ! struct sockaddr_in saddress, daddress; ! int slen, dlen; ! Bzero(udp, sizeof(struct udphdr) + datalen); ! slen = make_sockname(saddress, src_hostname.c_str(), 0, domain); ! dlen = make_sockname(daddress, dst_hostname.c_str(), 0, domain); ! udp->len = htons(sizeof(struct udphdr) + datalen); ! udp->dest = htons(port_dst); ! udp->source = htons(port_src); ! if(!badchksum){ ! if (chksum == 0){ ! struct udpiphdr *udp_sum = new udpiphdr(); ! Bzero(udp_sum, sizeof(struct udphdr)); ! //// Calculate the UDP checksum ! udp_sum->ui_i.ih_dst = daddress.sin_addr; ! udp_sum->ui_i.ih_src = saddress.sin_addr; ! udp_sum->ui_i.ih_pr = IPPROTO_UDP; ! udp_sum->ui_i.ih_len = udp->len; ! udp_sum->ui_u = *udp; ! if ( ( udp->check = (in_chksum((u_int16_t *) udp_sum, datalen + sizeof(struct udpiphdr)))) == 0) ! udp->check = 0xffff; ! delete udp_sum; ! udp_sum = 0; ! } ! }else udp->check = r.rand_uint16(); ! if(!ttl) ! ttl = (r.rand_uint8() + 50) % 255; ! Bzero(ip, sizeof(struct iphdr)); ! ip->version = 4; ! ip->ihl = 5; ! ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + datalen); ! ip->id = r.rand_uint16(); ! ip->ttl = ttl; ! ip->protocol = IPPROTO_UDP; ! ip->saddr = saddress.sin_addr.s_addr; ! ip->daddr = daddress.sin_addr.s_addr; ! if(option != NONE){ ! ip->ihl = 15; ! ip->tot_len = htons(sizeof(struct iphdr) + ipoptlen + sizeof(struct udphdr) + datalen); ! memmove(packet + sizeof(struct iphdr), options, ipoptlen); ! } ! ! ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr) + ipoptlen); ! memcpy((udp + sizeof(struct udphdr)), data, datalen); ! if(_trace){ ! struct timeval tv; ! gettimeofday(&tv, NULL); ! PacketTracer::TraceIPPacket("SENT", packet, ntohs(ip->tot_len), tv); ! } ! ! int ret_v = 0; ! if(ethernet){ ! #ifdef HAVE_LIBDNET ! ret_v = ew.send_ip_packet(packet, ntohs(ip->tot_len)); ! #endif ! }else if ((ret_v = sendto(dst_hostname.c_str(), packet, ntohs(ip->tot_len), 0)) == -1){ ! perror("sendto in send_tcp_raw"); ! free(packet); return -1; ! } ! free(packet); ! return ret_v; ! } + int send_arp_msg(icestring int_ip, uint16_t arp_opcode, icestring source_ha, icestring source_pa, + icestring dest_ha, icestring dest_pa, uint16_t eth_hardware = ARP_HRD_ETH, + uint16_t arp_protocol = ARP_PRO_IP, uint16_t eth_protocol = ETH_TYPE_ARP, + uint8_t hlen = ETH_ADDR_LEN, uint8_t plen = IP_ADDR_LEN ){ + ew.send_arp_msg(int_ip, arp_opcode, source_ha, source_pa, dest_ha, dest_pa, eth_hardware, arp_protocol, eth_protocol, hlen, plen); + } + int send_icmp_packet(icestring Hostname, int Icmp_type, int Icmp_code, int Icmp_id, int Icmp_seq, int Icmp_checksum, void* Icmp_data, int Icmp_data_len){ Index: cethwrapper.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/cethwrapper.h,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** cethwrapper.h 13 Jan 2007 20:31:01 -0000 1.16 --- cethwrapper.h 23 Jan 2007 12:51:53 -0000 1.17 *************** *** 338,344 **** if (ipi->pa.addr_ip == ip->sin.sin_addr.s_addr) { if (ipi->eth == NULL) { ! if ((ipi->eth = eth_open(ipi->name)) == NULL) return (NULL); } if (ipi != LIST_FIRST(&ip->ip_intf_list)) { LIST_REMOVE(ipi, next); --- 338,345 ---- if (ipi->pa.addr_ip == ip->sin.sin_addr.s_addr) { if (ipi->eth == NULL) { ! if ((ipi->eth = eth_open(ipi->name)) == NULL) return (NULL); } + if (ipi != LIST_FIRST(&ip->ip_intf_list)) { LIST_REMOVE(ipi, next); |
|
From: Alexander B. <da...@us...> - 2007-01-23 12:51:58
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv16497 Modified Files: iceprotocol.h TODO protocols iceparams.h caengine.cc icescan.cc caengine.h Log Message: Some fixes in architecture of crawsocket/cethwrapper. Index: icescan.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.cc,v retrieving revision 1.34 retrieving revision 1.35 diff -C2 -d -r1.34 -r1.35 *** icescan.cc 22 Jan 2007 18:06:49 -0000 1.34 --- icescan.cc 23 Jan 2007 12:51:51 -0000 1.35 *************** *** 72,75 **** --- 72,76 ---- "\t--ttl <value>: set IP time-to-live field\n" "\t--bounce-http-proxy <<hostname>:<port>>: connect() through HTTP proxy\n" + "\t--ip-options < R | T | U >: add specific IP option to outgoing packets\n" "\t--badchksum: send packets with a wrong TCP/UDP checksums" "OUTPUT\n" *************** *** 211,215 **** if(argc>=2){ ! for(int i = 1; i<argc; i++){ if(argv[i][0] == '-'){ if(strlen(argv[i]) >= 2){ --- 212,216 ---- if(argc>=2){ ! for(int i = 1; i<argc; i++){ if(argv[i][0] == '-'){ if(strlen(argv[i]) >= 2){ *************** *** 278,282 **** exit(0); }else if(!strcmp(argv[i], "--use-first-resolve")){ ! par->use_first_resolve = true; }else if(!strcmp(argv[i], "--input-dumpfile")){ if(i+1 < argc){ --- 279,292 ---- exit(0); }else if(!strcmp(argv[i], "--use-first-resolve")){ ! par->use_first_resolve = true; ! }else if(!strcmp(argv[i], "--ip-options")){ ! if(i+1 < argc){ ! if(argv[i+1][0] == 'R'){ ! par->ip_options = RR; ! i++; ! }else ! invalid_command(argv[0], "Invalid ip option specified.", ""); ! }else ! invalid_command(argv[0], "No ip options specified.", ""); }else if(!strcmp(argv[i], "--input-dumpfile")){ if(i+1 < argc){ *************** *** 585,598 **** case 'A': par->ack_ping_discovery = true; ! parse_ports(i, argc, argv, par->pa_ports, false); break; case 'F': par->fin_ping_discovery = true; ! parse_ports(i, argc, argv, par->pf_ports, false); break; case 'S': par->syn_ping_discovery = true; ! parse_ports(i, argc, argv, par->ps_ports, false); break; --- 595,608 ---- case 'A': par->ack_ping_discovery = true; ! parse_ports(i, argc, argv, par->pa_ports, false); break; case 'F': par->fin_ping_discovery = true; ! parse_ports(i, argc, argv, par->pf_ports, false); break; case 'S': par->syn_ping_discovery = true; ! parse_ports(i, argc, argv, par->ps_ports, false); break; *************** *** 658,666 **** } - //// If the protocol scan is not required and none of the others the default scan is TCP_CONNECT_SCAN - if (!par->ip_protocol_scan && par->scan_type == NO_SCAN) - par->scan_type = TCP_CONNECT_SCAN; - - return true; } --- 668,671 ---- Index: iceparams.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceparams.h,v retrieving revision 1.34 retrieving revision 1.35 diff -C2 -d -r1.34 -r1.35 *** iceparams.h 22 Jan 2007 18:06:49 -0000 1.34 --- iceparams.h 23 Jan 2007 12:51:51 -0000 1.35 *************** *** 15,19 **** enum Output_types{ALL = -1, TEXT = 0, XML = 1, GREP = 2, TROFF = 3}; ! enum Scan_type {UNKNOWN_SCAN, NO_SCAN, TCP_CONNECT_SCAN = 10, NBT_SCAN, PROT_SCAN, FIN_SCAN = 13, NULL_SCAN, XMAS_SCAN, WINDOW_SCAN, ACK_SCAN, SYN_SCAN, UDP_SCAN, LIST_SCAN, PASSIVE_SCAN, MAIMON_SCAN}; // -S0 -ST -SB -SI -SF -SN -SX -SW -SA -SS -SU -SL -SP --- 15,19 ---- enum Output_types{ALL = -1, TEXT = 0, XML = 1, GREP = 2, TROFF = 3}; ! enum Scan_type {UNKNOWN_SCAN, NO_SCAN = -1, TCP_CONNECT_SCAN = 10, NBT_SCAN, PROT_SCAN, FIN_SCAN = 13, NULL_SCAN, XMAS_SCAN, WINDOW_SCAN, ACK_SCAN, SYN_SCAN, UDP_SCAN, LIST_SCAN, PASSIVE_SCAN, MAIMON_SCAN}; // -S0 -ST -SB -SI -SF -SN -SX -SW -SA -SS -SU -SL -SP *************** *** 98,101 **** --- 98,103 ---- enum Scan_type scan_type; + + enum Ip_options ip_options; int sim_connects; *************** *** 204,207 **** --- 206,211 ---- random_len = 0; + ip_options = NONE; + for (int i = 0; i < 4; i++) output_filenames[i] = ""; *************** *** 242,246 **** this->isnd = new ice_service_name_database (fstr.c_str()); ! fstr = find_icefile_path("protocols", databases_dir); ispd = new ice_protocol_name_database (fstr.c_str()); --- 246,250 ---- this->isnd = new ice_service_name_database (fstr.c_str()); ! fstr = find_icefile_path("protocols", databases_dir); ispd = new ice_protocol_name_database (fstr.c_str()); *************** *** 288,291 **** --- 292,297 ---- if(input_dumpfile != "" && scan_type == PASSIVE_SCAN) source_iface = 1; + + if(ip_options != NONE); init_default_ports(); Index: iceprotocol.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceprotocol.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** iceprotocol.h 22 Jan 2007 18:06:49 -0000 1.4 --- iceprotocol.h 23 Jan 2007 12:51:51 -0000 1.5 *************** *** 39,43 **** case IPPROTO_UDP: ! r_raw->send_udp_raw(hostname,csocket::getMagicPort()+rand_port_val,csocket::getMagicPort()+rand_port_val,par->ttl,0,0,0); break; --- 39,43 ---- case IPPROTO_UDP: ! r_raw->send_udp_raw(l_hostname, hostname,csocket::getMagicPort()+rand_port_val,csocket::getMagicPort()+rand_port_val,par->ttl,0,0,0); break; Index: caengine.h =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.h,v retrieving revision 1.24 retrieving revision 1.25 diff -C2 -d -r1.24 -r1.25 *** caengine.h 22 Jan 2007 16:51:29 -0000 1.24 --- caengine.h 23 Jan 2007 12:51:51 -0000 1.25 *************** *** 56,60 **** crawsocket *r2; // 2d OSI level (TCP/UDP) csocket *cudp; // UDP socket - cethwrapper *ew; std::vector <cpcapreader *> pcaps; --- 56,59 ---- *************** *** 91,95 **** FD_ZERO(&fd_w); FD_ZERO(&fd_x); - ew = NULL; r3 = r2 = NULL; cudp = NULL; --- 90,93 ---- *************** *** 134,141 **** cudp = NULL; } - if(ew){ - delete ew; - ew = NULL; - } // DBGOUTPUT("Middle of destructor..."); --- 132,135 ---- Index: caengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.cc,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** caengine.cc 22 Jan 2007 18:06:49 -0000 1.14 --- caengine.cc 23 Jan 2007 12:51:51 -0000 1.15 *************** *** 251,259 **** if(par.packet_trace) cde.r3->trace(true); - cde.ew = new cethwrapper(true); cde.r2 = new crawsocket(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); if(par.packet_trace) cde.r2->trace(true); cde.r2->set_ethernet(par.ethernet); cde.r2->set_badchksum(par.badchksum); int one = 1; --- 251,259 ---- if(par.packet_trace) cde.r3->trace(true); cde.r2 = new crawsocket(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); if(par.packet_trace) cde.r2->trace(true); cde.r2->set_ethernet(par.ethernet); cde.r2->set_badchksum(par.badchksum); + cde.r2->set_ip_option(par.ip_options); int one = 1; *************** *** 595,599 **** gettimeofday(&(c->attempts[A_ARP].send_tv), NULL); if(par.root()){ ! cde.ew->send_arp_msg("", ARP_OP_REQUEST, "", "", "", c->hostname); }else{ if(!c->attempts[A_ARP].at){ --- 595,599 ---- gettimeofday(&(c->attempts[A_ARP].send_tv), NULL); if(par.root()){ ! cde.r2->send_arp_msg("", ARP_OP_REQUEST, "", "", "", c->hostname); }else{ if(!c->attempts[A_ARP].at){ Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.43 retrieving revision 1.44 diff -C2 -d -r1.43 -r1.44 *** TODO 22 Jan 2007 23:25:17 -0000 1.43 --- TODO 23 Jan 2007 12:51:51 -0000 1.44 *************** *** 34,38 **** I70 + PACKET TRACE should show TCP and IP options. I71 + PACKET TRACE options. (--trace-options) ! I7 + add target setting xxx.xxx.xxx.xx-xx specification feature. -- Discovering -- --- 34,40 ---- I70 + PACKET TRACE should show TCP and IP options. I71 + PACKET TRACE options. (--trace-options) ! I7 + add target setting xxx.xxx.xxx.xx-xx (xxx.xxx.xx-xx.xx-xx and etc) specification feature. ! I72 + --exclude <host1[,host2][,host3],...> (exclude hosts/nets) ! I73 + --excludefile <filename> (exclude list from file) -- Discovering -- *************** *** 47,51 **** -- Scanning -- - I14 * test IP Protocol Scan (-SI) I16 + UDP RAW Scan (spoofed ip/mac/random data/etc...) I18 + IPX scan (??) --- 49,52 ---- Index: protocols =================================================================== RCS file: /cvsroot/icescan/IceScan/protocols,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** protocols 22 Jan 2007 18:06:49 -0000 1.1 --- protocols 23 Jan 2007 12:51:51 -0000 1.2 *************** *** 1,4 **** - # /etc/protocols - # # Internet (IP) protocols definition file # --- 1,2 ---- |
|
From: Alexander B. <da...@us...> - 2007-01-22 18:07:02
|
Update of /cvsroot/icescan/IceScan/icesockets In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv17484/icesockets Modified Files: crawsocket.h Log Message: Fixed some issues in ip protocol scan; small redesign of crawsocket; added --badchksum option; added protocol database inital release file; updated TODO and ChangeLog. Index: crawsocket.h =================================================================== RCS file: /cvsroot/icescan/IceScan/icesockets/crawsocket.h,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** crawsocket.h 22 Jan 2007 16:51:30 -0000 1.10 --- crawsocket.h 22 Jan 2007 18:06:49 -0000 1.11 *************** *** 11,15 **** protected: int protocol; ! public: crawsocket(int domain = PF_INET, int type = SOCK_STREAM, int protocol = NULL, int sid = -1, bool _trace = false){ --- 11,26 ---- protected: int protocol; ! bool badchksum; ! bool fragmenting; ! int mtu; ! bool ethernet; ! ! void init_default(){ ! mtu = 0; ! ethernet = false; ! fragmenting = false; ! badchksum = false; ! } ! public: crawsocket(int domain = PF_INET, int type = SOCK_STREAM, int protocol = NULL, int sid = -1, bool _trace = false){ *************** *** 19,22 **** --- 30,35 ---- this->_trace = _trace; + init_default(); + sstate = -1; *************** *** 38,41 **** --- 51,62 ---- } + void set_badchksum(bool badchksum){ + this->badchksum = badchksum; + } + + void set_ethernet(bool ethernet){ + this->ethernet = ethernet; + } + ~crawsocket(){ } *************** *** 135,145 **** } ! void close(){ ! return csocket::close(); ! } ! int send_ip_raw(bool ethernet, icestring source, icestring destination,u_int protocol_type,u_int ttl,char* data,u_int data_len){ ! crandom r; ! struct sockaddr_in saddress, daddress; #ifdef WIN32 --- 156,166 ---- } ! void close(){ ! return csocket::close(); ! } ! int send_ip_raw(icestring source, icestring destination,u_int protocol_type,u_int ttl,char* data,u_int data_len){ ! crandom r; ! struct sockaddr_in saddress, daddress; #ifdef WIN32 *************** *** 149,159 **** #endif ! u_int slen = make_sockname(saddress, source.c_str(), 0, domain); ! u_int dlen = make_sockname(daddress, destination.c_str(), 0, domain); ! if (!ttl) ! ttl = (r.rand_uint8() + 50) % 255; ! struct iphdr *ip = (struct iphdr *) packet; Bzero(packet, sizeof(struct iphdr)); ip->version = 4; --- 170,181 ---- #endif ! u_int slen = make_sockname(saddress, source.c_str(), 0, domain); ! u_int dlen = make_sockname(daddress, destination.c_str(), 0, domain); ! if (!ttl) ! ttl = (r.rand_uint8() + 50) % 255; ! struct iphdr *ip = (struct iphdr *) packet; ! Bzero(packet, sizeof(struct iphdr)); ip->version = 4; *************** *** 167,185 **** ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr)); ! if (data_len > 0) ! memcpy(packet + sizeof(struct iphdr),data,data_len); int res = 0; if(ethernet){ ! #ifdef HAVE_LIBDNET ! cethwrapper ew; ! res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); ! #endif }else if ((res = sendto(destination.c_str(), packet, ntohs(ip->tot_len), 0)) == -1) { perror("sendto in send_ip_raw"); ! #ifdef WIN32 free(packet); ! #endif return -1; } --- 189,207 ---- ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr)); ! if (data_len > 0) ! memcpy(packet + sizeof(struct iphdr),data,data_len); int res = 0; if(ethernet){ ! #ifdef HAVE_LIBDNET ! cethwrapper ew; ! res = ew.send_ip_packet(packet, ntohs(ip->tot_len)); ! #endif }else if ((res = sendto(destination.c_str(), packet, ntohs(ip->tot_len), 0)) == -1) { perror("sendto in send_ip_raw"); ! #ifdef WIN32 free(packet); ! #endif return -1; } *************** *** 194,201 **** free(packet); #endif ! return res; } ! int send_tcp_raw(bool ethernet, icestring source, icestring destination, unsigned short sport, unsigned short dport, unsigned long seq, unsigned long ack, unsigned char flags, unsigned short window, unsigned short ttl, char *data, const unsigned short datalen) { --- 216,223 ---- free(packet); #endif ! return res; } ! int send_tcp_raw(icestring source, icestring destination, unsigned short sport, unsigned short dport, unsigned long seq, unsigned long ack, unsigned char flags, unsigned short window, unsigned short ttl, char *data, const unsigned short datalen) { *************** *** 203,211 **** crandom r; ! #ifdef WIN32 ! char *packet = (char *) malloc(sizeof(struct iphdr) + sizeof(struct tcphdr) + datalen); ! #else ! char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + datalen]; ! #endif struct iphdr *ip = (struct iphdr *) packet; --- 225,233 ---- crandom r; ! #ifdef WIN32 ! char *packet = (char *) malloc(sizeof(struct iphdr) + sizeof(struct tcphdr) + datalen); ! #else ! char packet[sizeof(struct iphdr) + sizeof(struct tcphdr) + datalen]; ! #endif struct iphdr *ip = (struct iphdr *) packet; *************** *** 249,257 **** if (window) ! tcp->th_win = window; else tcp->th_win = htons(1024 * (ttl % 4 + 1)); ! tcp->th_sum = in_chksum((unsigned short *)pseudo, sizeof(struct tcphdr) + sizeof(struct pseudo_header) + datalen); Bzero(packet, sizeof(struct iphdr)); --- 271,282 ---- if (window) ! tcp->th_win = window; else tcp->th_win = htons(1024 * (ttl % 4 + 1)); ! if(!badchksum) ! tcp->th_sum = in_chksum((unsigned short *)pseudo, sizeof(struct tcphdr) + sizeof(struct pseudo_header) + datalen); + else + tcp->th_sum = r.rand_uint16(); Bzero(packet, sizeof(struct iphdr)); *************** *** 324,328 **** } ! int send_udp_raw(bool ethernet,icestring Hostname, u_short port_src, u_short port_dst,u_int ttl, u_int chksum, char* data, u_int len){ crandom r; --- 349,353 ---- } ! int send_udp_raw(icestring Hostname, u_short port_src, u_short port_dst,u_int ttl, u_int chksum, char* data, u_int len){ crandom r; *************** *** 347,351 **** udp->source = htons(port_src); ! if (chksum == 0){ struct udpiphdr *udp_sum = new udpiphdr(); Bzero(udp_sum, sizeof(struct udphdr)); --- 372,377 ---- udp->source = htons(port_src); ! if(!badchksum){ ! if (chksum == 0){ struct udpiphdr *udp_sum = new udpiphdr(); Bzero(udp_sum, sizeof(struct udphdr)); *************** *** 356,360 **** udp_sum->ui_i.ih_len = udp->len; udp_sum->ui_u = *udp; ! if ( ( udp->check = (in_chksum((u_int16_t *) udp_sum, len + sizeof(struct udpiphdr)))) == 0) udp->check = 0xffff; --- 382,386 ---- udp_sum->ui_i.ih_len = udp->len; udp_sum->ui_u = *udp; ! if ( ( udp->check = (in_chksum((u_int16_t *) udp_sum, len + sizeof(struct udpiphdr)))) == 0) udp->check = 0xffff; *************** *** 362,382 **** delete udp_sum; udp_sum = 0; ! } if(!ttl) ! ttl = (r.rand_uint8() + 50) % 255; Bzero(ip, sizeof(struct iphdr)); ! ip->version = 4; ! ip->ihl = 5; ! ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + len); ! ip->id = r.rand_uint16(); ! ip->ttl = ttl; ! ip->protocol = IPPROTO_UDP; ! ip->saddr = saddress.sin_addr.s_addr; ! ip->daddr = daddress.sin_addr.s_addr; ! ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr)); ! memcpy((udp + sizeof(struct udphdr)), data, len); if(_trace){ --- 388,410 ---- delete udp_sum; udp_sum = 0; ! } ! }else udp->check = r.rand_uint16(); if(!ttl) ! ttl = (r.rand_uint8() + 50) % 255; Bzero(ip, sizeof(struct iphdr)); ! ip->version = 4; ! ip->ihl = 5; ! ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + len); ! ip->id = r.rand_uint16(); ! ip->ttl = ttl; ! ip->protocol = IPPROTO_UDP; ! ip->saddr = saddress.sin_addr.s_addr; ! ip->daddr = daddress.sin_addr.s_addr; ! ! ip->check = in_chksum((unsigned short *)ip, sizeof(struct iphdr)); ! memcpy((udp + sizeof(struct udphdr)), data, len); if(_trace){ |
|
From: Alexander B. <da...@us...> - 2007-01-22 18:06:58
|
Update of /cvsroot/icescan/IceScan In directory sc8-pr-cvs2.sourceforge.net:/tmp/cvs-serv17484 Modified Files: iceprotocol.h TODO iceparams.h iceoutput.h caengine.cc ChangeLog icescan.cc Added Files: protocols Log Message: Fixed some issues in ip protocol scan; small redesign of crawsocket; added --badchksum option; added protocol database inital release file; updated TODO and ChangeLog. Index: icescan.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/icescan.cc,v retrieving revision 1.33 retrieving revision 1.34 diff -C2 -d -r1.33 -r1.34 *** icescan.cc 22 Jan 2007 16:51:29 -0000 1.33 --- icescan.cc 22 Jan 2007 18:06:49 -0000 1.34 *************** *** 72,75 **** --- 72,76 ---- "\t--ttl <value>: set IP time-to-live field\n" "\t--bounce-http-proxy <<hostname>:<port>>: connect() through HTTP proxy\n" + "\t--badchksum: send packets with a wrong TCP/UDP checksums" "OUTPUT\n" "\t-oI/oG <filename>: Output scan in normal/grepable format to given file\n" *************** *** 255,259 **** par->ethernet = false; }else if(!strcmp(argv[i], "--packet-trace")){ ! par->packet_trace = true; }else if(!strcmp(argv[i], "--bounce-http-proxy")){ if(i+1<argc){ --- 256,262 ---- par->ethernet = false; }else if(!strcmp(argv[i], "--packet-trace")){ ! par->packet_trace = true; ! }else if(!strcmp(argv[i], "--badchksum")){ ! par->badchksum = true; }else if(!strcmp(argv[i], "--bounce-http-proxy")){ if(i+1<argc){ Index: ChangeLog =================================================================== RCS file: /cvsroot/icescan/IceScan/ChangeLog,v retrieving revision 1.23 retrieving revision 1.24 diff -C2 -d -r1.23 -r1.24 *** ChangeLog 22 Jan 2007 16:16:52 -0000 1.23 --- ChangeLog 22 Jan 2007 18:06:49 -0000 1.24 *************** *** 41,44 **** --- 41,45 ---- + added IP Protocol scan (-SI) * changed (-i) option to (-e). + + added --badchksum option. *** IceScan v. 0.0.5, 18 Dec 2006 *** Index: iceparams.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceparams.h,v retrieving revision 1.33 retrieving revision 1.34 diff -C2 -d -r1.33 -r1.34 *** iceparams.h 22 Jan 2007 16:51:29 -0000 1.33 --- iceparams.h 22 Jan 2007 18:06:49 -0000 1.34 *************** *** 117,120 **** --- 117,122 ---- int bounce_proxy_port; + bool badchksum; + // Scan Port Range *************** *** 198,201 **** --- 200,205 ---- promisc_mode = false; + badchksum = false; + random_len = 0; *************** *** 233,289 **** void by_default_init(){ ! icestring fstr; ! fstr = find_icefile_path("services", databases_dir); ! this->isnd = new ice_service_name_database (fstr.c_str()); ! fstr = find_icefile_path("protocols", databases_dir); ! ispd = new ice_protocol_name_database (fstr.c_str()); ! fstr = find_icefile_path("ieee-oui.txt", databases_dir); ! this->ismd = new ice_mac_name_database (fstr.c_str()); ! if(scan_type == UNKNOWN_SCAN && (!ip_protocol_scan)){ ! if(root()) ! scan_type = SYN_SCAN; ! else ! scan_type = TCP_CONNECT_SCAN; ! } ! ! if( ! (no_host_discovery || ack_ping_discovery || syn_ping_discovery || icmp_echo_ping_discovery || ! icmp_mask_ping_discovery || icmp_timestamp_ping_discovery || udp_ping_discovery || arp_discovery || ! fin_ping_discovery || passive_discovery) ){ ! ack_ping_discovery = true; ! if(root()) icmp_echo_ping_discovery = true; ! } ! ! if(source_iface){ ! max_retries[source_iface] = MAX_RETRIES; ! max_wait_time[source_iface] = MAX_WAIT_TIME; ! ! if(source_ip == ""){ ! ! if(root()){ ! if(r->get_loopback_interface() == source_iface) ! source_ip = "target"; ! else ! source_ip = cpcapreader::get_dev_ip(source_iface); ! } } } ! if(scan_type == PASSIVE_SCAN) ! passive_discovery = true; ! ! passive_discovery_timeout = MAX(passive_discovery_timeout, passive_scan_timeout); ! ! if(!passive_discovery_timeout) ! passive_discovery_timeout = 60; ! ! if(icedebug::debug) packet_trace=true; ! ! if(input_dumpfile != "" && scan_type == PASSIVE_SCAN) source_iface = 1; ! ! init_default_ports(); } --- 237,293 ---- void by_default_init(){ ! icestring fstr; ! fstr = find_icefile_path("services", databases_dir); ! this->isnd = new ice_service_name_database (fstr.c_str()); ! fstr = find_icefile_path("protocols", databases_dir); ! ispd = new ice_protocol_name_database (fstr.c_str()); ! fstr = find_icefile_path("ieee-oui.txt", databases_dir); ! this->ismd = new ice_mac_name_database (fstr.c_str()); ! if(scan_type == UNKNOWN_SCAN && (!ip_protocol_scan)){ ! if(root()) ! scan_type = SYN_SCAN; ! else ! scan_type = TCP_CONNECT_SCAN; ! } ! ! if( ! (no_host_discovery || ack_ping_discovery || syn_ping_discovery || icmp_echo_ping_discovery || ! icmp_mask_ping_discovery || icmp_timestamp_ping_discovery || udp_ping_discovery || arp_discovery || ! fin_ping_discovery || passive_discovery) ){ ! ack_ping_discovery = true; ! if(root()) icmp_echo_ping_discovery = true; ! } ! ! if(source_iface){ ! max_retries[source_iface] = MAX_RETRIES; ! max_wait_time[source_iface] = MAX_WAIT_TIME; ! ! if(source_ip == ""){ ! ! if(root()){ ! if(r->get_loopback_interface() == source_iface) ! source_ip = "target"; ! else ! source_ip = cpcapreader::get_dev_ip(source_iface); } } + } ! if(scan_type == PASSIVE_SCAN) ! passive_discovery = true; ! ! passive_discovery_timeout = MAX(passive_discovery_timeout, passive_scan_timeout); ! ! if(!passive_discovery_timeout) ! passive_discovery_timeout = 60; ! ! if(icedebug::debug) packet_trace=true; ! ! if(input_dumpfile != "" && scan_type == PASSIVE_SCAN) source_iface = 1; ! ! init_default_ports(); } Index: iceprotocol.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceprotocol.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** iceprotocol.h 22 Jan 2007 16:51:29 -0000 1.3 --- iceprotocol.h 22 Jan 2007 18:06:49 -0000 1.4 *************** *** 20,59 **** this->out = out; this->par = par; ! this->r_raw = raw_sock; } ! ~cprotocol_scan(){ ! } ! int send(const char *hostname,const u_int proto,int rand_port_val = 0){ ! ! char l_hostname[100]; ! gethostname(l_hostname,100); ! ! u_int exit_now = 1; ! switch(proto){ ! case IPPROTO_ICMP: ! ! r_raw->send_icmp_packet(hostname, ICMP_ECHO, 0, getpid(), 0, 0, 0, 0); ! break; ! case IPPROTO_TCP: ! r_raw->send_tcp_raw(par->ethernet,l_hostname,hostname,csocket::getMagicPort()+rand_port_val,csocket::getMagicPort()+rand_port_val, ! 0,0,TH_ACK,0,0,0,0); ! break; ! case IPPROTO_UDP: ! r_raw->send_udp_raw(par->ethernet,hostname,csocket::getMagicPort()+rand_port_val,csocket::getMagicPort()+rand_port_val,0,0,0,0); ! break; ! ! default: ! exit_now = 0; ! break; ! } ! if (exit_now) ! return 0; ! /// otherwise send a simple frame for that proto ! r_raw->send_ip_raw(par->ethernet,l_hostname,hostname,proto,0,0,0); ! ! return 0; } --- 20,52 ---- this->out = out; this->par = par; ! this->r_raw = raw_sock; } ! ~cprotocol_scan(){ ! } ! int send(const char *hostname, const char *l_hostname, const u_int proto,int rand_port_val = 0){ ! switch(proto){ ! case IPPROTO_ICMP: ! r_raw->send_icmp_packet(hostname, ICMP_ECHO, 0, getpid(), 0, 0, 0, 0); ! break; ! ! case IPPROTO_TCP: ! r_raw->send_tcp_raw(l_hostname,hostname,csocket::getMagicPort()+rand_port_val,csocket::getMagicPort()+rand_port_val, ! 0,0,TH_ACK,0,par->ttl,0,0); ! break; ! ! case IPPROTO_UDP: ! r_raw->send_udp_raw(hostname,csocket::getMagicPort()+rand_port_val,csocket::getMagicPort()+rand_port_val,par->ttl,0,0,0); ! break; ! ! default: ! // otherwise send a simple frame for that proto ! r_raw->send_ip_raw(l_hostname,hostname,proto,par->ttl,0,0); ! break; ! } ! ! return 0; } Index: caengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine.cc,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** caengine.cc 22 Jan 2007 16:51:29 -0000 1.13 --- caengine.cc 22 Jan 2007 18:06:49 -0000 1.14 *************** *** 81,92 **** void caengine::print_final_outputs(){ ! for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ ! for (int k = 0; k < OUTPUT_LEVEL; k++){ ! out << (*i).second->output_buffer[k].str(); ! if (out.outs[GREP].exists) ! out.outs[GREP].out << (*i).second->output_buffer_secondary[k][GREP].str(); ! } ! } } --- 81,92 ---- void caengine::print_final_outputs(){ ! for(std::map <icestring, csubtarget *>::iterator i = subtargets.begin(); i!= subtargets.end(); ++i){ ! for (int k = 0; k < OUTPUT_LEVEL; k++){ ! out << (*i).second->output_buffer[k].str(); ! if (out.outs[GREP].exists) ! out.outs[GREP].out << (*i).second->output_buffer_secondary[k][GREP].str(); ! } ! } } *************** *** 228,238 **** } ! //// Assign the scannable protocols to the subtarget ! if (par.ip_protocol_scan){ ! for (int i = 0; i < 25 ; i++){ ! scanning_protocol* pro = new scanning_protocol(i); ! cst->scan_protocols.insert(std::make_pair(i,*pro)); ! } ! } } --- 228,238 ---- } ! //// Assign the scannable protocols to the subtarget ! if (par.ip_protocol_scan){ ! for (int i = 0; i < 256 ; i++){ ! scanning_protocol* pro = new scanning_protocol(i); ! cst->scan_protocols.insert(std::make_pair(i,*pro)); ! } ! } } *************** *** 250,256 **** --- 250,259 ---- cde.r3 = new crawsocket(AF_INET, SOCK_RAW, IPPROTO_ICMP); if(par.packet_trace) cde.r3->trace(true); + cde.ew = new cethwrapper(true); cde.r2 = new crawsocket(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); if(par.packet_trace) cde.r2->trace(true); + cde.r2->set_ethernet(par.ethernet); + cde.r2->set_badchksum(par.badchksum); int one = 1; *************** *** 510,535 **** switch(st){ case FIN_SCAN: ! cde.r2->send_tcp_raw(par.ethernet, c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_FIN | par.tcpflags, 0, par.ttl, data, len); break; case NULL_SCAN: ! cde.r2->send_tcp_raw(par.ethernet, c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, par.tcpflags, 0, par.ttl, data, len); break; case XMAS_SCAN: ! cde.r2->send_tcp_raw(par.ethernet, c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_FIN | TH_URG | TH_PUSH | par.tcpflags, 0, par.ttl, data, len); break; case WINDOW_SCAN: case ACK_SCAN: ! cde.r2->send_tcp_raw(par.ethernet, c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_ACK, 0, par.ttl, data, len); break; case SYN_SCAN: ! cde.r2->send_tcp_raw(par.ethernet, c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_SYN, 0, par.ttl, data, len); break; case MAIMON_SCAN: ! cde.r2->send_tcp_raw(par.ethernet, c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_FIN | TH_ACK, 0, par.ttl, data, len); break; } --- 513,538 ---- switch(st){ case FIN_SCAN: ! cde.r2->send_tcp_raw(c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_FIN | par.tcpflags, 0, par.ttl, data, len); break; case NULL_SCAN: ! cde.r2->send_tcp_raw(c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, par.tcpflags, 0, par.ttl, data, len); break; case XMAS_SCAN: ! cde.r2->send_tcp_raw(c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_FIN | TH_URG | TH_PUSH | par.tcpflags, 0, par.ttl, data, len); break; case WINDOW_SCAN: case ACK_SCAN: ! cde.r2->send_tcp_raw(c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_ACK, 0, par.ttl, data, len); break; case SYN_SCAN: ! cde.r2->send_tcp_raw(c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_SYN, 0, par.ttl, data, len); break; case MAIMON_SCAN: ! cde.r2->send_tcp_raw(c->source_ip, c->hostname, c->MAGIC_PORT, j->port, 0, 0, TH_FIN | TH_ACK, 0, par.ttl, data, len); break; } *************** *** 642,646 **** } ! temp.send(c->hostname.c_str(),(*i).first,(*i).second.attemps_done()); (*i).second.send_attemp(); --- 645,649 ---- } ! temp.send(c->hostname.c_str(), c->source_ip.c_str(), (*i).first,(*i).second.attemps_done()); (*i).second.send_attemp(); *************** *** 1220,1224 **** subtargets[addr]->scan_probes[port].tv_send, tv); set_port_status(subtargets[addr], port, PORT_OPEN); ! cde.r2->send_tcp_raw(par.ethernet, subtargets[addr]->source_ip, subtargets[addr]->hostname, subtargets[addr]->MAGIC_PORT, port, 0, 0, TH_RST, 0, par.ttl, 0, 0); } --- 1223,1227 ---- subtargets[addr]->scan_probes[port].tv_send, tv); set_port_status(subtargets[addr], port, PORT_OPEN); ! cde.r2->send_tcp_raw(subtargets[addr]->source_ip, subtargets[addr]->hostname, subtargets[addr]->MAGIC_PORT, port, 0, 0, TH_RST, 0, par.ttl, 0, 0); } Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.41 retrieving revision 1.42 diff -C2 -d -r1.41 -r1.42 *** TODO 22 Jan 2007 16:29:51 -0000 1.41 --- TODO 22 Jan 2007 18:06:49 -0000 1.42 *************** *** 1,24 **** IceScan ToDo: ! What should be in IceScan version 0.1: ############################################################################################################ ! 1. active scan methods: MainMON, FIN, ACK, SYN, connect(), NULL, XMAS, Windows, UDP, NetBIOS. ! 2. active discovery methods: ACK, connect(), FIN, SYN, UDP, NetBIOS. ! 3. passive scan and discover (capturing packts from network interfaces and/or from tcpdump file). ! 4. types of output results: 1) text; 2) grepable nmap-linke output. ! 5. working engine of retramsmissions and tuning parameters ! 6. special options(--promisc: set promiscious mode; --data-length <num>: append random data to sent packets; --badchksum: send packets with bad checksum; --data-dir: set directory which contains the databases; -iL [filename|-] -- input targets from file|stdin, each target on new line; --max_retries option; --max-timeout option) ! 7. own parallel-resolving dns client. ! 8. IP protocol scan ! 9. port to platform: Linux, Win32, OpenBSD, FreeBSD, Cygwin. ! 10. man page and INSTALL.win32, INSTALL.<platfrom-specific> files ############################################################################################################ Reference: ! "+" - new item ! "*" - need bugfixes --- 1,27 ---- IceScan ToDo: ! What should be in IceScan version 0.10: ! ([ ] - not done; [_] - partially done; [*] - seems to be working; [+] - completely done) ############################################################################################################ ! [*] 1. active scan methods: MainMON, FIN, ACK, SYN, connect(), NULL, XMAS, Window, NetBIOS. ! [_] 1.1 active scan methods: UDP ! [*] 2. active discovery methods: ACK, connect(), FIN, SYN. ! [_] 2.1 active discovery methods: UDP, NetBIOS. ! [+] 3. passive scan and discover (capturing packts from network interfaces and/or from tcpdump file). ! [*] 4. types of output results: 1) text; 2) grepable nmap-like output. ! [_] 5. working engine of retramsmissions and tuning parameters ! [_] 6. special options(--promisc: set promiscious mode; --data-length <num>: append random data to sent packets; --badchksum: send packets with bad checksum; --data-dir: set directory which contains the databases; -iL [filename|-] -- input targets from file|stdin, each target on new line; --max_retries option; --max-timeout option) ! [ ] 7. own parallel-resolving dns client. ! [*] 8. IP protocol scan. ! [_] 9. ports to platforms: Linux, Win32, OpenBSD, FreeBSD, Cygwin. ! [_] 10. man page and INSTALL.win32, INSTALL.<platfrom-specific> files. ############################################################################################################ Reference: ! "+" - new item ! "*" - need bugfixes *************** *** 46,50 **** I14 * test IP Protocol Scan (-SI) - I15 + --badchksum option. I16 + UDP RAW Scan (spoofed ip/mac/random data/etc...) I18 + IPX scan (??) --- 49,52 ---- *************** *** 62,66 **** I30 * fix raw tcp scans invalid port status if ports count > 40000 I31 * fix duplicate sending RST on SYN scan. ! I32 + ICMP PortUnreach handling in TCP/UDP raw scans I33 + Decoys (-D) I67 + IP options (R, T, U, S, L) --- 64,68 ---- I30 * fix raw tcp scans invalid port status if ports count > 40000 I31 * fix duplicate sending RST on SYN scan. ! I32 * ICMP PortUnreach messages handling in TCP/UDP raw scans I33 + Decoys (-D) I67 + IP options (R, T, U, S, L) --- NEW FILE: protocols --- # /etc/protocols # # Internet (IP) protocols definition file # # See protocols(5) for more info # ip 0 IP # internet protocol, pseudo protocol number icmp 1 ICMP # internet control message protocol igmp 2 IGMP # Internet Group Management ggp 3 GGP # gateway-gateway protocol ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') st 5 ST # ST datagram mode tcp 6 TCP # transmission control protocol egp 8 EGP # exterior gateway protocol pup 12 PUP # PARC universal packet protocol udp 17 UDP # user datagram protocol hmp 20 HMP # host monitoring protocol xns-idp 22 XNS-IDP # Xerox NS IDP rdp 27 RDP # "reliable datagram" protocol iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 xtp 36 XTP # Xpress Tranfer Protocol ddp 37 DDP # Datagram Delivery Protocol idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport ipv6 41 IPv6 # IPv6 ipv6-route 43 IPv6-Route # Routing Header for IPv6 ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6 idrp 45 IDRP # Inter-Domain Routing Protocol rsvp 46 RSVP # Reservation Protocol gre 47 GRE # General Routing Encapsulation esp 50 ESP # Encap Security Payload for IPv6 ah 51 AH # Authentication Header for IPv6 skip 57 SKIP # SKIP ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6 ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6 ipv6-opts 60 IPv6-Opts # Destination Options for IPv6 rspf 73 RSPF # Radio Shortest Path First. vmtp 81 VMTP # Versatile Message Transport ospf 89 OSPFIGP # Open Shortest Path First IGP ipip 94 IPIP # IP-within-IP Encapsulation Protocol encap 98 ENCAP # Yet Another IP encapsulation pim 103 PIM # Protocol Independent Multicast Index: iceoutput.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceoutput.h,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** iceoutput.h 22 Jan 2007 16:51:29 -0000 1.10 --- iceoutput.h 22 Jan 2007 18:06:49 -0000 1.11 *************** *** 25,29 **** public: ! struct out_type outs[4]; static const char endl[]; --- 25,29 ---- public: ! struct out_type outs[4]; static const char endl[]; *************** *** 182,193 **** } ! enum RESULTS_TYPE {RESULT_PORTS = 0,RESULT_PROTOCOLS}; - #define LOOP_ICEITERATOR_BEGIN(a,b) for (std::map <int,##a >::iterator i = b.begin(); \ - i!= b.end(); ++i){ - #define LOOP_ICEITERATOR_END } ! ! // This function used to display port table for given subtarget *c // Now supports only text output. void show_results(csubtarget *c, RESULTS_TYPE res_type = RESULT_PORTS){ --- 182,189 ---- } ! enum RESULTS_TYPE {RESULT_PORTS = 0,RESULT_PROTOCOLS}; ! // This function used to display port table for given subtarget *c // Now supports only text output. void show_results(csubtarget *c, RESULTS_TYPE res_type = RESULT_PORTS){ *************** *** 198,358 **** char output_buf[255]; ! //iceoutput *out = this; ! std::ostringstream *out; ! std::ostringstream* out_secondary_grep; // output_buffer_secondary for grep ! char str_type_scan[100]; ! std::map<int,int> list_output; if(!par.verbose && !c->scan_probes.size() && par.scan_type == PASSIVE_SCAN) return; ! if (res_type == RESULT_PORTS){ ! LOOP_ICEITERATOR_BEGIN(scanning_probe,c->scan_probes) ! list_output.insert(std::make_pair((*i).first,(*i).second.status)); ! LOOP_ICEITERATOR_END ! out = &(c->output_buffer[0]); ! out_secondary_grep = &(c->output_buffer_secondary[0][GREP]); ! sprintf(str_type_scan,"Ports"); ! }else{ ! LOOP_ICEITERATOR_BEGIN(scanning_protocol,c->scan_protocols) ! list_output.insert(std::make_pair((*i).first,(*i).second.status)); ! LOOP_ICEITERATOR_END ! out = &(c->output_buffer[1]); ! out_secondary_grep = &(c->output_buffer_secondary[1][GREP]); ! sprintf(str_type_scan,"Protocols"); ! } ! LOOP_ICEITERATOR_BEGIN(int,list_output) total++; ! if((*i).second == PORT_OPEN){ ! open++; ! }else if((*i).second == PORT_OPEN_FILTERED){ ! open_filtered++; ! }else if((*i).second == PORT_CLOSED){ ! closed++; ! }else if((*i).second == PORT_FILTERED){ ! filtered++; ! }else if((*i).second == PORT_UNFILTERED){ ! unfiltered++; } - LOOP_ICEITERATOR_END ! if(closed < MAX_SHOWED) show_closed = true; ! else{ ! os.str(""); ! os << "" << closed << " closed"; ! not_shown.push_back(os.str()); ! } ! ! if(filtered < MAX_SHOWED) show_filtered = true; ! else{ ! os.str(""); ! os << "" << filtered << " filtered"; ! not_shown.push_back(os.str()); ! } ! ! if(open_filtered < MAX_SHOWED) show_of = true; ! else{ ! os.str(""); ! os << "" << open_filtered << " open/filtered"; ! not_shown.push_back(os.str()); ! } ! ! if(unfiltered < MAX_SHOWED) show_unfiltered = true; ! else{ ! os.str(""); ! os << "" << unfiltered << " unfiltered"; ! not_shown.push_back(os.str()); ! } ! if(strcmp(c->hostname.c_str(), c->reversed_hostname.c_str())){ ! ! *out << "Interesting "<< str_type_scan <<" on " << c->reversed_hostname << " (" << c->hostname << "):"; ! if(outs[GREP].exists) ! //outs[GREP].out << "Host: " << c->reversed_hostname << " (" << c->hostname << ") "<< str_type_scan <<": "; ! *out_secondary_grep << "Host: " << c->reversed_hostname << " (" << c->hostname << ") "<< str_type_scan <<": "; ! }else{ ! *out << "Interesting "<< str_type_scan <<" on " << c->hostname << ":"; ! if(outs[GREP].exists) ! *out_secondary_grep << "Host: " << " "<< str_type_scan <<": "; ! //outs[GREP].out << "Host: " << " "<< str_type_scan <<": "; ! } ! if(c->scan_probes.size() || c->scan_protocols.size()){ ! *out << iceoutput::endl; ! os.str(""); ! os << "Not shown: "; ! for(int i = 0; i < not_shown.size(); i++){ ! if(i+1 == not_shown.size() && i!=0){ ! os << " and " << not_shown[i] << " "<< str_type_scan <<"."; ! }else if(i+1 == not_shown.size() && i!=0){ ! os << not_shown[i] << " "<< str_type_scan <<"."; ! }else if(i == 0){ ! os << not_shown[i]; ! }else{ ! os << ", " << not_shown[i]; } - } ! os << "\n"; ! if(not_shown.size()) *out << os.str(); ! if (res_type == RESULT_PORTS) ! *out << "PORT STATE SERVICE\n"; ! else ! *out << "PROTOCOL STATE SERVICE\n"; ! #ifndef __CYGWIN__ ! //std::sort(c->scan_probes.begin(), c->scan_probes.end(), sort_probes); ! #endif ! int j = 0; ! icestring state = ""; ! //for(std::map <int, scanning_probe>::iterator i = c->scan_probes.begin(); i!= c->scan_probes.end(); ++i){ ! LOOP_ICEITERATOR_BEGIN(int,list_output) ! Bzero(output_buf, 255); ! state = ""; ! ! if((*i).second == PORT_OPEN){ ! state = "open"; ! }else if((*i).second == PORT_OPEN_FILTERED && show_of){ ! state = "o|f"; ! }else if((*i).second == PORT_UNFILTERED && show_unfiltered){ ! state = "unfilt"; ! }else if((*i).second == PORT_FILTERED && show_filtered){ ! state = "filt"; ! }else if((*i).second == PORT_CLOSED && show_closed){ ! state = "closed"; ! } ! if(state.size()){ ! if (res_type == RESULT_PORTS) ! sprintf(output_buf, "%5d/tcp %6s %s", (*i).first, state.c_str(), par.isnd->get_tcp_service((*i).first).c_str()); ! else ! sprintf(output_buf, "%5d %6s %s", (*i).first, state.c_str(), par.ispd->get_protocol((*i).first).c_str()); *out << output_buf << "\n"; if(outs[GREP].exists){ ! if (res_type == RESULT_PORTS) ! grep << (*i).first << "/" << state.c_str() << "/" << "tcp" << "//" ! << par.isnd->get_tcp_service((*i).first).c_str() << ""; ! else ! grep << (*i).first << "/" << state.c_str() << "//" ! << par.ispd->get_protocol((*i).first).c_str() << ""; ! grep << ", "; } } ! LOOP_ICEITERATOR_END --- 194,348 ---- char output_buf[255]; ! std::ostringstream *out; ! std::ostringstream *out_secondary_grep; // output_buffer_secondary for grep ! char str_type_scan[100]; ! std::map<int,int> list_output; if(!par.verbose && !c->scan_probes.size() && par.scan_type == PASSIVE_SCAN) return; ! if (res_type == RESULT_PORTS){ ! for(std::map <int, scanning_probe >::iterator i = c->scan_probes.begin(); i!= c->scan_probes.end(); ++i){ ! list_output.insert(std::make_pair((*i).first,(*i).second.status)); ! } ! out = &(c->output_buffer[0]); ! out_secondary_grep = &(c->output_buffer_secondary[0][GREP]); ! sprintf(str_type_scan,"Ports"); ! }else{ ! for(std::map <int, scanning_protocol >::iterator i = c->scan_protocols.begin(); i!= c->scan_protocols.end(); ++i){ ! list_output.insert(std::make_pair((*i).first,(*i).second.status)); ! } ! out = &(c->output_buffer[1]); ! out_secondary_grep = &(c->output_buffer_secondary[1][GREP]); ! sprintf(str_type_scan,"Protocols"); ! } ! for(std::map <int, int >::iterator i = list_output.begin(); i!= list_output.end(); ++i){ total++; ! if((*i).second == PORT_OPEN){ ! open++; ! }else if((*i).second == PORT_OPEN_FILTERED){ ! open_filtered++; ! }else if((*i).second == PORT_CLOSED){ ! closed++; ! }else if((*i).second == PORT_FILTERED){ ! filtered++; ! }else if((*i).second == PORT_UNFILTERED){ ! unfiltered++; ! } ! } ! ! if(closed < MAX_SHOWED) show_closed = true; ! else{ ! os.str(""); ! os << "" << closed << " closed"; ! not_shown.push_back(os.str()); } ! if(filtered < MAX_SHOWED) show_filtered = true; ! else{ ! os.str(""); ! os << "" << filtered << " filtered"; ! not_shown.push_back(os.str()); ! } ! ! if(open_filtered < MAX_SHOWED) show_of = true; ! else{ ! os.str(""); ! os << "" << open_filtered << " open/filtered"; ! not_shown.push_back(os.str()); ! } ! ! if(unfiltered < MAX_SHOWED) show_unfiltered = true; ! else{ ! os.str(""); ! os << "" << unfiltered << " unfiltered"; ! not_shown.push_back(os.str()); ! } ! if(strcmp(c->hostname.c_str(), c->reversed_hostname.c_str())){ ! *out << "Interesting "<< str_type_scan <<" on " << c->reversed_hostname << " (" << c->hostname << "):"; ! if(outs[GREP].exists) ! *out_secondary_grep << "Host: " << c->reversed_hostname << " (" << c->hostname << ") "<< str_type_scan <<": "; ! }else{ ! *out << "Interesting "<< str_type_scan <<" on " << c->hostname << ":"; ! if(outs[GREP].exists) ! *out_secondary_grep << "Host: " << " "<< str_type_scan <<": "; ! } ! if(c->scan_probes.size() || c->scan_protocols.size()){ ! *out << iceoutput::endl; ! os.str(""); ! os << "Not shown: "; ! for(int i = 0; i < not_shown.size(); i++){ ! if(i+1 == not_shown.size() && i!=0){ ! os << " and " << not_shown[i] << " "<< str_type_scan <<"."; ! }else if(i+1 == not_shown.size() && i!=0){ ! os << not_shown[i] << " "<< str_type_scan <<"."; ! }else if(i == 0){ ! os << not_shown[i]; ! }else{ ! os << ", " << not_shown[i]; ! } } ! os << "\n"; ! if(not_shown.size()) *out << os.str(); ! if (res_type == RESULT_PORTS) ! *out << "PORT STATE SERVICE\n"; ! else ! *out << "PROTOCOL STATE SERVICE\n"; ! #ifndef __CYGWIN__ ! //std::sort(c->scan_probes.begin(), c->scan_probes.end(), sort_probes); ! #endif ! int j = 0; ! icestring state = ""; ! for(std::map <int, int >::iterator i = list_output.begin(); i!= list_output.end(); ++i){ ! Bzero(output_buf, 255); ! state = ""; ! ! if((*i).second == PORT_OPEN){ ! state = "open"; ! }else if((*i).second == PORT_OPEN_FILTERED && show_of){ ! state = "o|f"; ! }else if((*i).second == PORT_UNFILTERED && show_unfiltered){ ! state = "unfilt"; ! }else if((*i).second == PORT_FILTERED && show_filtered){ ! state = "filt"; ! }else if((*i).second == PORT_CLOSED && show_closed){ ! state = "closed"; ! } ! if(state.size()){ ! if (res_type == RESULT_PORTS) ! sprintf(output_buf, "%5d/tcp %6s %s", (*i).first, state.c_str(), par.isnd->get_tcp_service((*i).first).c_str()); ! else ! sprintf(output_buf, "%5d %6s %s", (*i).first, state.c_str(), par.ispd->get_protocol((*i).first).c_str()); *out << output_buf << "\n"; if(outs[GREP].exists){ ! if (res_type == RESULT_PORTS) ! grep << (*i).first << "/" << state.c_str() << "/" << "tcp" << "//" ! << par.isnd->get_tcp_service((*i).first).c_str() << ""; ! else ! grep << (*i).first << "/" << state.c_str() << "//" ! << par.ispd->get_protocol((*i).first).c_str() << ""; grep << ", "; } } ! } *************** *** 362,374 **** trim(gs, ','); ! //outs[GREP].out << gs; ! *out_secondary_grep << gs; } }else{ if(outs[GREP].exists) ! // outs[GREP].out << " no "<< str_type_scan <<" detected."; ! *out_secondary_grep << " no "<< str_type_scan <<" detected."; ! *out << " none "<< str_type_scan <<" detected.\n"; --- 352,361 ---- trim(gs, ','); ! *out_secondary_grep << gs; } }else{ if(outs[GREP].exists) ! *out_secondary_grep << " no "<< str_type_scan <<" detected."; *out << " none "<< str_type_scan <<" detected.\n"; *************** *** 378,389 **** if(outs[GREP].exists) ! *out_secondary_grep << "\n"; ! //outs[GREP].out << "\n"; ! if(c->mac != "" && c->mac != "00:00:00:00:00:00"){ ! icestring mac_msg; ! get_mac_message(c->mac,mac_msg); ! *out << mac_msg.c_str() << "\n\n"; ! } } --- 365,375 ---- if(outs[GREP].exists) ! *out_secondary_grep << "\n"; ! if(c->mac != "" && c->mac != "00:00:00:00:00:00"){ ! icestring mac_msg; ! get_mac_message(c->mac,mac_msg); ! *out << mac_msg.c_str() << "\n\n"; ! } } |