[Icescan-cvs] IceScan ChangeLog, 1.39, 1.40 INSTALL, 1.4, 1.5 INSTALL.win32, 1.4, 1.5 TODO, 1.69, 1
Status: Alpha
Brought to you by:
darkkey
From: Alexander B. <da...@us...> - 2009-04-15 12:19:12
|
Update of /cvsroot/icescan/IceScan In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv18086 Modified Files: ChangeLog INSTALL INSTALL.win32 TODO caengine2.h cpengine.cc ctarget.h iceparams.h Log Message: * fixed INSTALL && INSTALL.win32 files. + add PacketTracing for DNS queries * fixed rawsockets recieve conflict with pcap recieve (now either/either) * fixed udp scan window * fixed icmp processing thet recieved through pcap. Index: caengine2.h =================================================================== RCS file: /cvsroot/icescan/IceScan/caengine2.h,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** caengine2.h 7 Apr 2009 13:39:55 -0000 1.13 --- caengine2.h 15 Apr 2009 12:18:58 -0000 1.14 *************** *** 290,298 **** caengine2(iceoutput &o, iceparams &p, std::map <icestring, ctarget *> &sts) : subtargets(sts), out(o), par(p) { ! icescript_vm::Instance()->init(&p, &o, this); // this should depend on max/min_parallelism value // but now it's only some bogus value ! if(par.scan_type == TCP_CONNECT_SCAN) cwnd = 254; else --- 290,298 ---- caengine2(iceoutput &o, iceparams &p, std::map <icestring, ctarget *> &sts) : subtargets(sts), out(o), par(p) { ! icescript_vm::Instance()->init(&p, &o, this); // this should depend on max/min_parallelism value // but now it's only some bogus value ! if(par.scan_type == TCP_CONNECT_SCAN) cwnd = 254; else *************** *** 304,308 **** rtt = 0; up_hosts = 0; ! //nothing to do yet } --- 304,308 ---- rtt = 0; up_hosts = 0; ! //nothing to do yet } *************** *** 471,480 **** } ! int fill_host_probes(ctarget* c, int max_probes){ int i = 0; - /*for(int t = 0; t < c->progress_scan_probes.size(); t++){ - DBGOUTPUT(c->progress_scan_probes[t].done); - }*/ if(max_probes > c->cwnd) max_probes = c->cwnd; --- 471,477 ---- } ! int fill_host_probes(ctarget* c, int max_probes){ int i = 0; if(max_probes > c->cwnd) max_probes = c->cwnd; *************** *** 489,505 **** int k = 0; ! struct remove { ! static bool if_probe_done(const scan_probe& sp){ ! /*if(sp.done) ! DBGOUTPUT(sp.c->hostname << ":" << sp.port << " done, removing...");*/ ! return sp.done; ! } ! }; ! std::vector<scan_probe>::iterator it = ! std::remove_if( c->progress_scan_probes.begin(), c->progress_scan_probes.end(), remove::if_probe_done ); ! c->progress_scan_probes.erase( ! it, c->progress_scan_probes.end() ); /*for(std::vector<scan_probe>::iterator it = c->progress_scan_probes.begin(); it != c->progress_scan_probes.end(); ++it){ --- 486,499 ---- int k = 0; ! struct remove { ! static bool if_probe_done(const scan_probe& sp){ ! return sp.done; ! } ! }; ! std::vector<scan_probe>::iterator it = ! std::remove_if( c->progress_scan_probes.begin(), c->progress_scan_probes.end(), remove::if_probe_done ); ! c->progress_scan_probes.erase(it, c->progress_scan_probes.end() ); /*for(std::vector<scan_probe>::iterator it = c->progress_scan_probes.begin(); it != c->progress_scan_probes.end(); ++it){ *************** *** 521,525 **** }*/ ! check_host_finished(c); for(k = 0; k < MIN(c->progress_scan_probes.size(), max_old_probes); k++){ --- 515,519 ---- }*/ ! check_host_finished(c); for(k = 0; k < MIN(c->progress_scan_probes.size(), max_old_probes); k++){ *************** *** 585,588 **** --- 579,584 ---- } + (*i).second->udp_sent = 0; + // ^^ this should depend on max/min_parallelism value // but now it's only some bogus value *************** *** 816,820 **** // send all attempts to host ! bool send_targets_attempts(){ bool stop = true; bool result = false; --- 812,816 ---- // send all attempts to host ! bool send_targets_attempts(){ bool stop = true; bool result = false; *************** *** 1115,1119 **** } ! buf = form_dns_query(c->id, qtype, names, len); cde.cdns->sendto(par.dns_servers[ds].host.c_str(), 53, buf, len, 0); gettimeofday(&(p.tv_send), NULL); --- 1111,1115 ---- } ! buf = form_dns_query(c->id, qtype, names, len, par.packet_trace); cde.cdns->sendto(par.dns_servers[ds].host.c_str(), 53, buf, len, 0); gettimeofday(&(p.tv_send), NULL); *************** *** 1244,1249 **** --- 1240,1251 ---- // send raw UDP probe, return true, if success bool send_udp_probe(ctarget *c, scan_probe &p){ + + if(c->udp_sent >= UDP_CWND) + return false; + cde.r2->send_udp_raw(c->source_ip.c_str(), c->hostname.c_str(), csocket::getMagicPort(), p.port, par.ttl, 0, 0, 0); + c->udp_sent++; + // setting last sent time for probe gettimeofday(&(p.tv_send), NULL); *************** *** 1461,1468 **** void parse_icmp_recv(icestring addr, char *response, int len, struct iphdr *ip, struct timeval &tv, int offset){ std::vector<scan_probe>::iterator p; ! struct icmp *icmp = (struct icmp *) (response + 4 * ip->ihl); ! ! //if(par.packet_trace) PacketTracer::TraceIPPacket("RCVD", response + offset, len, tv); if (icmp->icmp_type == 3){ /// Get the right information from the icmp payload --- 1463,1473 ---- void parse_icmp_recv(icestring addr, char *response, int len, struct iphdr *ip, struct timeval &tv, int offset){ std::vector<scan_probe>::iterator p; ! int hdrlen = ip->ihl << 2; ! struct icmp *icmp = (struct icmp *) (response + offset + hdrlen); ! int icmplen = len - hdrlen - offset; // fixme! + //if(par.packet_trace) PacketTracer::TraceIPPacket("RCVD2", response + offset, len, tv); + // + if (icmp->icmp_type == 3){ /// Get the right information from the icmp payload *************** *** 1476,1480 **** iceinet_ntoa(*addr_src,addr_temp); - // if we have such target and it's packet to us if (subtargets.find(addr_temp) != subtargets.end()){ --- 1481,1484 ---- *************** *** 1539,1542 **** --- 1543,1602 ---- } /// subtarget in list } /// Type 3 + else if(icmp->icmp_id == getpid() && icmplen > 16){ + bool discovered = false; + icestring ssource = addr; + if(subtargets.find(ssource) != subtargets.end()){ + if(par.icmp_echo_ping_discovery && icmp -> icmp_type == ICMP_ECHOREPLY){ + discovered = true; + std::vector <scan_probe>::iterator j = + subtargets[ssource]->find_probe(0, ICMP_RECHO, ICMP_RECHO); + + if(j != subtargets[ssource]->progress_scan_probes.end()){ + if((*j).attempt < 2) subtargets[ssource]->recalc_rtt((*j).tv_send,tv); + subtargets[ssource]->recalc_cwnd(true, (*j).attempt); + subtargets[ssource]->delete_probe(0, ICMP_RECHO); + } + + }else if(par.icmp_timestamp_ping_discovery && icmp -> icmp_type == ICMP_TSTAMPREPLY){ + discovered = true; + if(par.verbose>1){ + uint32_t t = ntohl(icmp->icmp_rtime); + out << "Recieved icmp timestamp host discovery reply: " << make_uptime(t) << ".\n"; + } + + std::vector <scan_probe>::iterator j = + subtargets[ssource]->find_probe(0, ICMP_RTSTAMP, ICMP_RTSTAMP); + + if(j != subtargets[ssource]->progress_scan_probes.end()){ + if((*j).attempt < 2) subtargets[ssource]->recalc_rtt((*j).tv_send,tv); + subtargets[ssource]->recalc_cwnd(true, (*j).attempt); + subtargets[ssource]->delete_probe(0, ICMP_RTSTAMP); + } + + }else if(par.icmp_mask_ping_discovery && icmp -> icmp_type == ICMP_MASKREPLY){ + discovered = true; + if(par.verbose>1){ + char netmask[24]; + sprintf(netmask, "%08x", ntohl(icmp->icmp_mask)); + out << "Recieved icmp netmask host discovery reply: " << netmask << ".\n"; + } + + std::vector <scan_probe>::iterator j = + subtargets[ssource]->find_probe(0, ICMP_RMASK, ICMP_RMASK); + + if(j != subtargets[ssource]->progress_scan_probes.end()){ + if((*j).attempt < 2) subtargets[ssource]->recalc_rtt((*j).tv_send,tv); + subtargets[ssource]->recalc_cwnd(true, (*j).attempt); + subtargets[ssource]->delete_probe(0, ICMP_RMASK); + } + + } + + if(discovered) + if(subtargets[ssource]->discovering) + set_host_up(subtargets[ssource]); + } + + } // other types } *************** *** 1627,1631 **** sock_recieve_connect(tv, i); }else if(cde.scan_socks[i].type == ICMP_ALL){ ! sock_recieve_icmp(tv, i); }else if(cde.scan_socks[i].type == CONNECT_NBT){ sock_recieve_netbios(tv, i); --- 1687,1692 ---- sock_recieve_connect(tv, i); }else if(cde.scan_socks[i].type == ICMP_ALL){ ! if(!cde.pcaps.size()) ! sock_recieve_icmp(tv, i); }else if(cde.scan_socks[i].type == CONNECT_NBT){ sock_recieve_netbios(tv, i); *************** *** 1863,1867 **** ctarget *c = NULL; ! parse_dns_query(message, size, answers, id); // FIXME: add here packet tracing --- 1924,1928 ---- ctarget *c = NULL; ! parse_dns_query(message, size, answers, id, par.packet_trace, tv); // FIXME: add here packet tracing *************** *** 1936,1998 **** icestring ssource(inet_ntoa(source.sin_addr)); ! struct icmp *icmp = (struct icmp *) (buf + hdrlen); ! ! int icmplen = len - hdrlen; ! ! bool discovered = false; ! ! if(icmp->icmp_id == getpid() && icmplen > 16){ ! if(subtargets.find(ssource) != subtargets.end()){ ! if(par.icmp_echo_ping_discovery && icmp -> icmp_type == ICMP_ECHOREPLY){ ! discovered = true; ! std::vector <scan_probe>::iterator j = ! subtargets[ssource]->find_probe(0, ICMP_RECHO, ICMP_RECHO); ! ! if(j != subtargets[ssource]->progress_scan_probes.end()){ ! if((*j).attempt < 2) subtargets[ssource]->recalc_rtt((*j).tv_send,tv); ! subtargets[ssource]->recalc_cwnd(true, (*j).attempt); ! subtargets[ssource]->delete_probe(0, ICMP_RECHO); ! } ! ! }else if(par.icmp_timestamp_ping_discovery && icmp -> icmp_type == ICMP_TSTAMPREPLY){ ! discovered = true; ! if(par.verbose>1){ ! uint32_t t = ntohl(icmp->icmp_rtime); ! out << "Recieved icmp timestamp host discovery reply: " << make_uptime(t) << ".\n"; ! } ! ! std::vector <scan_probe>::iterator j = ! subtargets[ssource]->find_probe(0, ICMP_RTSTAMP, ICMP_RTSTAMP); ! ! if(j != subtargets[ssource]->progress_scan_probes.end()){ ! if((*j).attempt < 2) subtargets[ssource]->recalc_rtt((*j).tv_send,tv); ! subtargets[ssource]->recalc_cwnd(true, (*j).attempt); ! subtargets[ssource]->delete_probe(0, ICMP_RTSTAMP); ! } ! ! }else if(par.icmp_mask_ping_discovery && icmp -> icmp_type == ICMP_MASKREPLY){ ! discovered = true; ! if(par.verbose>1){ ! char netmask[24]; ! sprintf(netmask, "%08x", ntohl(icmp->icmp_mask)); ! out << "Recieved icmp netmask host discovery reply: " << netmask << ".\n"; ! } ! ! std::vector <scan_probe>::iterator j = ! subtargets[ssource]->find_probe(0, ICMP_RMASK, ICMP_RMASK); ! ! if(j != subtargets[ssource]->progress_scan_probes.end()){ ! if((*j).attempt < 2) subtargets[ssource]->recalc_rtt((*j).tv_send,tv); ! subtargets[ssource]->recalc_cwnd(true, (*j).attempt); ! subtargets[ssource]->delete_probe(0, ICMP_RMASK); ! } ! } - if(discovered) - if(subtargets[ssource]->discovering) - set_host_up(subtargets[ssource]); - } - } } } --- 1997,2004 ---- icestring ssource(inet_ntoa(source.sin_addr)); ! //struct icmp *icmp = (struct icmp *) (buf + hdrlen); ! parse_icmp_recv(ssource, buf, len, ip, tv, 0); } } Index: ChangeLog =================================================================== RCS file: /cvsroot/icescan/IceScan/ChangeLog,v retrieving revision 1.39 retrieving revision 1.40 diff -C2 -d -r1.39 -r1.40 *** ChangeLog 13 Apr 2009 13:24:47 -0000 1.39 --- ChangeLog 15 Apr 2009 12:18:58 -0000 1.40 *************** *** 37,40 **** --- 37,47 ---- * manpage fixes * fixed ports dublication check in -p option + + libdnet library stripped down and included into distribution, vcproj for building is + added too. + * fixed INSTALL && INSTALL.win32 files. + + add PacketTracing for DNS queries + * fixed rawsockets recieve conflict with pcap recieve (now either/either) + * fixed udp scan window + * fixed icmp processing thet recieved through pcap. *** IceScan v. 0.0.6, 12 Jan 2007 *** Index: iceparams.h =================================================================== RCS file: /cvsroot/icescan/IceScan/iceparams.h,v retrieving revision 1.51 retrieving revision 1.52 diff -C2 -d -r1.51 -r1.52 *** iceparams.h 7 Apr 2009 13:39:55 -0000 1.51 --- iceparams.h 15 Apr 2009 12:18:58 -0000 1.52 *************** *** 17,20 **** --- 17,22 ---- #define MAX_HOSTS 25 + #define UDP_CWND 1 + struct port_range{ int lower_port; Index: INSTALL =================================================================== RCS file: /cvsroot/icescan/IceScan/INSTALL,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** INSTALL 4 Mar 2009 12:10:23 -0000 1.4 --- INSTALL 15 Apr 2009 12:18:58 -0000 1.5 *************** *** 30,45 **** If you installed libpcre from a binary package, you may have to install a "development" package: e.g. libpcre-dev or something ! simular. ! ! 3. For advanced functionality of IceScan it's recommened to install ! Dug Song's excellent libdnet. You can get "official" version at ! http://libdnet.sourceforge.net/ ! If you installed libdnet from a binary package, you may have to ! install a "development" package: e.g. libdnet-dev (or libdumbnet-dev in ! Ubuntu) or something simular. ! 4. If you want to use IceScan scripting engine, you should install Lua. It can be found at http://www.lua.org 5. Run './configure' in the IceScan distribution directory. --- 30,44 ---- If you installed libpcre from a binary package, you may have to install a "development" package: e.g. libpcre-dev or something ! simular (for example libpcre-devel in Ubuntu). ! 3. If you want to use IceScan scripting engine, you should install Lua. It can be found at http://www.lua.org + May be your distro have the binary package (e.g. liblua-dev or lua-devel + or smth. simular), but we recommend to use original package from lua.org. + + 4. If you have get sources from CVS and they don't contain configure file + in the root directory, run 'autoconf && automake' to create it. For + source snapshots you don't need to do it. 5. Run './configure' in the IceScan distribution directory. *************** *** 77,80 **** If you have trouble with the build or installation process, you can ! find assistance on the icescan-users an icescan-dev mailing lists. See http://sourceforge.net/mail/?group_id=185109 for details. --- 76,79 ---- If you have trouble with the build or installation process, you can ! find assistance on the icescan-dev mailing list. See http://sourceforge.net/mail/?group_id=185109 for details. Index: ctarget.h =================================================================== RCS file: /cvsroot/icescan/IceScan/ctarget.h,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** ctarget.h 16 Mar 2009 16:41:04 -0000 1.11 --- ctarget.h 15 Apr 2009 12:18:58 -0000 1.12 *************** *** 231,234 **** --- 231,235 ---- int max_retries; int sent_packets; + int udp_sent; // UGLY HACK for udp disable // Congestion Window parameters Index: INSTALL.win32 =================================================================== RCS file: /cvsroot/icescan/IceScan/INSTALL.win32,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** INSTALL.win32 8 Mar 2009 22:44:52 -0000 1.4 --- INSTALL.win32 15 Apr 2009 12:18:58 -0000 1.5 *************** *** 1,13 **** IceScan Win32 building instructions draft. ! To compile them under VC2008 you'll need: ! - WinPCAP (http://www.winpcap.org/install/bin/WinPcap_3_1.exe) ! - WinPCAP developers pack (http://www.winpcap.org/install/bin/WpdPack_3_1.zip) ! - Latest compiled LibPcre package (get sources at pcre.org). ! - Latest compiled dnet package (you can get dnet-strpped from ! sources of Nmap (insecure.org/nmap ; download sources and extract libdnet-strpped ! folder from them). ! - Lua 5.1.4 (get it from http://www.lua.org) ! Project solution is in vccproject folder. --- 1,48 ---- + Binary distribution + ------------------- + + If you've got IceScan in binary win32 distribution, installation is simple. + + 1. Install WinPcap. ( download it from + http://www.winpcap.org/install/default.htm ) + + 2. Unpack distribution archive into suitable directory and run icescan.exe. + + Source distribution + ------------------- + + If you've obtained IceScan from CVS or in source snapshot, here are IceScan Win32 building instructions draft. ! IceScan can be successfully built on Win32 platform. All you need is Visual Studio 2008 ! (or freeware Visual C++ 2008 Express, get it from ! http://www.microsoft.com/express/download/default.aspx ). ! Step-by-step building instruction: ! 0. Install Visual C++ 2008 (express or full). ! ! 1. Download latest WinPcap windows binaries from ! http://www.winpcap.org/install/default.htm . Install. ! ! 2. Download latest WinPcap developers pack from ! http://www.winpcap.org/devel.htm . Install. ! ! 3. Download latest LibPcre source package from http://www.pcre.org/ . ! Unpack and build. See NON-UNIX-USE file in pcre distro for Win32-building ! instructions. ! ! 4. Download LUA fro windows devpack from http://lua.org and ! http://luaforwindows.luaforge.net/ . ! ! 5. Make sure, that include and lib path's of you VS enviroment contains include ! and lib directories of libpcre, lua and winpcap dev pack's include and lib places. ! ! 6. Go to the directory with IceScan sources. ! ! 7. Compile dnet-exported library (use dnet-exported/dnet-exported.vcproj) for ! it. ! ! 8. Compile IceScan, use vccproject/IceScan.vcproj for it. ! ! 9. Enjoy! ;) Index: TODO =================================================================== RCS file: /cvsroot/icescan/IceScan/TODO,v retrieving revision 1.69 retrieving revision 1.70 diff -C2 -d -r1.69 -r1.70 *** TODO 13 Apr 2009 13:24:47 -0000 1.69 --- TODO 15 Apr 2009 12:18:58 -0000 1.70 *************** *** 44,52 **** I4 * standartize all error messages. - I5 * PACKET TRACE messages engine: add UDP send/(rcv in pcap_recieve) handling - I6 * PACKET TRACE messages engine: add ARP rcv(from arp_cache) handling I70 + PACKET TRACE should show TCP and IP options. I71 + PACKET TRACE options. (--trace-options) ! I104 + PACKET TRACE messages engine: add user UDP and DNS handling -- Discovering -- --- 44,50 ---- I4 * standartize all error messages. I70 + PACKET TRACE should show TCP and IP options. I71 + PACKET TRACE options. (--trace-options) ! I104 + PACKET TRACE messages engine: add DNS advanced handling: print queries and answers (see PacketTracer::TraceDNSPacket(...) -- Discovering -- *************** *** 75,85 **** I26 * fix bind(): address already in use (clear, when hitting ctrl+c) I28 * timeouts for connect() scan inheritance from discover... - I29 * fix connect() scan invalid port status if ports count > 1000 - I31 * fix too many duplicate sents with TCP RAW scan. I33 + Decoys (-D) I67 + IP options (T, U, S, L) I79 * very *slow* tcp raw scanning on fast lines (FE or loopback). I85 + dynamic change of max_retries. ! I86 * rewrite Congestion Windows (cwnd) changing engine. I105 + channel level scanner (CDP, OSPF, STP etc) I110 + connect() scan + uid0 = strange behaviour (sending RA???) --- 73,81 ---- I26 * fix bind(): address already in use (clear, when hitting ctrl+c) I28 * timeouts for connect() scan inheritance from discover... I33 + Decoys (-D) I67 + IP options (T, U, S, L) I79 * very *slow* tcp raw scanning on fast lines (FE or loopback). I85 + dynamic change of max_retries. ! I86 * rewrite Congestion Window (cwnd) changing engine. I105 + channel level scanner (CDP, OSPF, STP etc) I110 + connect() scan + uid0 = strange behaviour (sending RA???) *************** *** 122,126 **** -- Cygwin-specific -- ! I47 + add pceudo-classes in Cygwin (cos of no libdnet). I48 + make it build under cygwin --- 118,122 ---- -- Cygwin-specific -- ! I47 + fix dnet building in cygwin I48 + make it build under cygwin *************** *** 141,151 **** I57 * print library versions on icescan -V. I58 * replace all u_char, u_short and etc with u16,u32,u8 - I59 * add own platworm-independent packet headers and standartize all fuctions that working with 'em. I60 * add text headers to all source files. -- Docs -- ! I61 + Man page (related links, diagram of IceScan work and etc) ! I62 + Web Site I63 + Completely rewrite and append INSTALL.win32 I108 + IceScan HACKING guide --- 137,145 ---- I57 * print library versions on icescan -V. I58 * replace all u_char, u_short and etc with u16,u32,u8 I60 * add text headers to all source files. -- Docs -- ! I62 + Normal Web Site I63 + Completely rewrite and append INSTALL.win32 I108 + IceScan HACKING guide Index: cpengine.cc =================================================================== RCS file: /cvsroot/icescan/IceScan/cpengine.cc,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** cpengine.cc 7 Apr 2009 13:39:55 -0000 1.14 --- cpengine.cc 15 Apr 2009 12:18:58 -0000 1.15 *************** *** 191,197 **** for(int d = 0; d < 3; d++){ ! dnsr = send_dns_req(cudp, id, DNS_PTR, (*i).second->hostname, par.dns_servers); ! rid = recv_dns_rpl(cudp, DNS_TIMEOUT, answers); if(rid == id){ --- 191,197 ---- for(int d = 0; d < 3; d++){ ! dnsr = send_dns_req(cudp, id, DNS_PTR, (*i).second->hostname, par.dns_servers, par.packet_trace); ! rid = recv_dns_rpl(cudp, DNS_TIMEOUT, answers, par.packet_trace); if(rid == id){ |