[Javanetsim-cvs] IceScan iceparams.h, 1.5, 1.6 icescan.cc, 1.11, 1.12 csubtarget.h, 1.12, 1.13
Status: Beta
Brought to you by:
darkkey
Menu
▾
▴
[Javanetsim-cvs] IceScan iceparams.h, 1.5, 1.6 icescan.cc, 1.11, 1.12 csubtarget.h, 1.12, 1.13
|
From: Alexander B. <da...@us...> - 2006-12-13 12:59:10
|
Update of /cvsroot/javanetsim/IceScan In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv7708 Modified Files: iceparams.h icescan.cc csubtarget.h Log Message: no message Index: icescan.cc =================================================================== RCS file: /cvsroot/javanetsim/IceScan/icescan.cc,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** icescan.cc 13 Dec 2006 09:15:13 -0000 1.11 --- icescan.cc 13 Dec 2006 12:59:06 -0000 1.12 *************** *** 86,90 **** par->scan_type = PROT_SCAN; break; ! default: --- 86,93 ---- par->scan_type = PROT_SCAN; break; ! ! case 'F': ! par->scan_type = FIN_SCAN; ! break; default: Index: iceparams.h =================================================================== RCS file: /cvsroot/javanetsim/IceScan/iceparams.h,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** iceparams.h 12 Dec 2006 20:34:03 -0000 1.5 --- iceparams.h 13 Dec 2006 12:59:06 -0000 1.6 *************** *** 11,16 **** }; ! enum Scan_type {NO_SCAN, TCP_CONNECT_SCAN, NBT_SCAN, PROT_SCAN}; ! // -S0 -ST -SB -SI --- 11,16 ---- }; ! enum Scan_type {NO_SCAN, TCP_CONNECT_SCAN, NBT_SCAN, PROT_SCAN, FIN_SCAN}; ! // -S0 -ST -SB -SI -SF *************** *** 105,112 **** void init_default_ports(){ ! const int ranges_cnt = 2; ! //int ranges[ranges_cnt][2] = { {1, 24}, {630, 632} }; ! int ranges[ranges_cnt][2] = { {1, 1024}, {3388, 3390} }; if(ports.empty()){ --- 105,112 ---- void init_default_ports(){ ! const int ranges_cnt = 1; ! int ranges[ranges_cnt][2] = { {20, 24} }; //, {630, 632} }; ! //int ranges[ranges_cnt][2] = { {1, 1024}, {3388, 3390} }; if(ports.empty()){ Index: csubtarget.h =================================================================== RCS file: /cvsroot/javanetsim/IceScan/csubtarget.h,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** csubtarget.h 13 Dec 2006 09:08:33 -0000 1.12 --- csubtarget.h 13 Dec 2006 12:59:06 -0000 1.13 *************** *** 19,28 **** #define ICE_FD_SETSIZE (128) #else ! #define ICE_FD_SETSIZE (1024) #endif #define MAX_CLOSED 7 ! enum port_status { PORT_UNKNOWN = -1, PORT_OPEN = 0, PORT_CLOSED = 1, PORT_FILTERED = 2 }; class scanned_port{ --- 19,28 ---- #define ICE_FD_SETSIZE (128) #else ! #define ICE_FD_SETSIZE (10) #endif #define MAX_CLOSED 7 ! enum port_status { PORT_UNKNOWN = -1, PORT_OPEN = 0, PORT_CLOSED = 1, PORT_FILTERED = 2, PORT_OPEN_FILTERED = 3 }; class scanned_port{ *************** *** 105,108 **** --- 105,109 ---- if(par->scan_type == NBT_SCAN) nbt_scan(); if(par->scan_type == PROT_SCAN) prot_scan(); + if(par->scan_type == FIN_SCAN) fin_scan(); } *************** *** 135,138 **** --- 136,224 ---- } + int fin_scan(){ + // fin scan, -SF + raw = true; + domain = (int) SOCK_RAW; + + struct sockaddr_in saddress; + int len; + + len == make_sockname(saddress, hostname.c_str(), 0, domain); + + bool done = true; + + int MAGIC_PORT = 54678; //ugly, need to check + char local_hostname[80]; + if(gethostname(local_hostname, 80)) exit(-1); + + + icestring source(local_hostname); + + DBGOUTPUT("!!!"); + std::map <int, scanning_port> scanning_ports; + DBGOUTPUT("!!!"); + init_scanning_ports(hostname, par, (int) SOCK_RAW, scanning_ports); + + + //add UID 0 check + + if(par->verbose>0) + *out << "Starting TCP FIN scan against " << hostname.c_str() << "...\n"; + + crawsocket rawsend(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); + + + DBGOUTPUT("All ready!"); + + while(done){ + std::map <int, scanning_port>::iterator i; + + for(i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ + if(! (*i).second.done ){ + //DBGOUTPUT("!!!!");// + rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 2337818902, 2337818902, TH_FIN, 0, 0, 0); + //DBGOUTPUT("!!!!"); + (*i).second.time = time(0); + + usleep(1000); + } + } + + //sleep(1); + + crawsocket rawrecv(AF_INET, (int) SOCK_RAW, IPPROTO_TCP); + //rawrecv.nonblock(true); + + int bytes; + char response[65535]; + //, remote_hostname[ICEMAXHOSTNAME]; + struct iphdr *ip = (struct iphdr *) response; + struct tcphdr *tcp; + + + for(int k = 1; k<=27; k++){ + while( bytes = rawrecv.recvfrom(response, 65535, 0, NULL)){ + //if(ip->saddr = saddress.sin_addr.s_addr){ + // tcp = (struct tcphdr *) (response + 4 * ip->ihl); + //if (tcp->th_flags & TH_RST) { + crawsocket::print_tcppacket(response, bytes); + // int closed_port = ntohs(tcp->th_sport); + //} + //} + bzero(response, 65534); + } + } + + done = false; + } + + show_ports(); + + if(par->verbose>0) + out->line("TCP FIN scan finished."); + + scanning_ports.clear(); + } + int connect_scan(){ // connect scan, -ST *************** *** 149,153 **** init_scanning_ports(hostname, par, (int) SOCK_STREAM, scanning_ports); - if(par->verbose>0){ sprintf(output_buf, "Starting tcp connect() scan against %s...", hostname.c_str()); --- 235,238 ---- *************** *** 156,169 **** int j = initiate_connect(scanning_ports); //DBGOUTPUT(j); ! while( ! do_select_round(scanning_ports, subtarget_ports) ) usleep(1000); show_ports(); ! if(par->verbose>0){ ! bzero(output_buf, 255); ! sprintf(output_buf, "Connect() scan finished.", hostname.c_str()); ! out->line(output_buf); ! } ! scanning_ports.clear(); } --- 241,251 ---- int j = initiate_connect(scanning_ports); //DBGOUTPUT(j); ! while( ! do_select_round_connect(scanning_ports, subtarget_ports) ) usleep(1000); show_ports(); ! if(par->verbose>0) ! out->line("Connect() scan finished."); ! scanning_ports.clear(); } *************** *** 211,214 **** --- 293,298 ---- } } + + if(domain == SOCK_RAW) return; std::map <int, scanning_port>::iterator i; *************** *** 244,247 **** --- 328,332 ---- if((*i).second.socket_ptr != -1){ //DBGOUTPUT("!!!!!"); + j = (*i).second.socket_ptr; csocket c(AF_INET, scan_sockets[j].domain, scan_sockets[j].sid); *************** *** 252,263 **** FD_SET(scan_sockets[j].sid, &fd_r); FD_SET(scan_sockets[j].sid, &fd_x); ! (*i).second.time = time(0); ! int rc = c.connect(hostname.c_str(), (*i).first, 0); ! //DBGOUTPUT("!!!!!"); ! } } return j; } void shutdown_scansocket(int j){ --- 337,373 ---- FD_SET(scan_sockets[j].sid, &fd_r); FD_SET(scan_sockets[j].sid, &fd_x); ! ! (*i).second.time = time(0); ! ! int rc = c.connect(hostname.c_str(), (*i).first, 0); ! ! } } return j; } + + int make_connect(csocket *c, icestring &hostname, int port){ + int rc; + + rc = c->connect(hostname.c_str(), port, 0); + + switch(rc){ + case EINPROGRESS: + case EAGAIN: + break; + case ECONNREFUSED: + DBGOUTPUT("Connection refused."); + perror("Strange error"); + exit(0); + break; + default: + perror("Strange error"); + exit(0); + break; + } + + return rc; + } void shutdown_scansocket(int j){ *************** *** 305,326 **** FD_SET(c.get_socketid(), &fd_r); FD_SET(c.get_socketid(), &fd_x); ! scanning_ports[prt].time = time(0); //DBGOUTPUT(scanning_ports[prt].hostname); ! int rc = c.connect(hostname.c_str(), prt, 0); ! switch(rc){ ! case EINPROGRESS: ! case EAGAIN: ! break; ! case ECONNREFUSED: ! DBGOUTPUT("Connection refused."); ! perror("Strange error"); ! exit(0); ! break; ! default: ! perror("Strange error"); ! exit(0); ! break; ! } //DBGOUTPUT("Connecting to " << prt << " using socket id " << scanning_ports[prt].c->get_socketid()); //DBGOUTPUT("!!!"); --- 415,424 ---- FD_SET(c.get_socketid(), &fd_r); FD_SET(c.get_socketid(), &fd_x); ! //DBGOUTPUT(scanning_ports[prt].hostname); ! //int rc = make_connect(&c, hostname, prt); ! c.connect(hostname.c_str(), prt, 0); ! scanning_ports[prt].time = time(0); //DBGOUTPUT("Connecting to " << prt << " using socket id " << scanning_ports[prt].c->get_socketid()); //DBGOUTPUT("!!!"); *************** *** 345,349 **** // return true if scanning_ports are empty ! bool do_select_round(std::map <int, scanning_port> &scanning_ports, std::vector<scanned_port> &subtarget_ports){ fd_set fd_rtmp, fd_wtmp, fd_xtmp; --- 443,447 ---- // return true if scanning_ports are empty ! bool do_select_round_connect(std::map <int, scanning_port> &scanning_ports, std::vector<scanned_port> &subtarget_ports){ fd_set fd_rtmp, fd_wtmp, fd_xtmp; *************** *** 392,396 **** case 0: #ifdef __CYGWIN__ ! case 1: if(false){ #else --- 490,494 ---- case 0: #ifdef __CYGWIN__ ! //case 1: if(false){ #else *************** *** 426,463 **** } ! struct scanned_port sp; ! sp.port_number = (*i).first; ! ! //DBGOUTPUT("!!!!"); ! ! sp.status = status; ! subtarget_ports.push_back(sp); ! ! //DBGOUTPUT("very well"); ! ! print_port_status(sp.port_number, status); (*i).second.done = true; shutdown_scansocket((*i).second.socket_ptr); ! (*i).second.socket_ptr = -1; ! ! //DBGOUTPUT("Erasing... :" << status); ! //scanning_ports.erase(i++); ! ! //idle_status_dispatcher(scanning_ports, get_first_idle_scanning_port(scanning_ports) ); }else{ if( ( curtime - (*i).second.time) >= CONNECT_TIMEOUT ){ ! struct scanned_port sp; ! sp.port_number = (*i).first; ! sp.status = status = PORT_FILTERED; ! subtarget_ports.push_back(sp); ! ! (*i).second.done = true; ! print_port_status((*i).first, sp.status); ! ! shutdown_scansocket((*i).second.socket_ptr); ! (*i).second.socket_ptr = -1; ! }else done &= false; } --- 524,542 ---- } ! + set_port_status((*i).first, status); (*i).second.done = true; shutdown_scansocket((*i).second.socket_ptr); ! (*i).second.socket_ptr = -1; }else{ if( ( curtime - (*i).second.time) >= CONNECT_TIMEOUT ){ ! status = PORT_FILTERED; ! ! set_port_status((*i).first, status); ! (*i).second.done = true; ! shutdown_scansocket((*i).second.socket_ptr); ! (*i).second.socket_ptr = -1; }else done &= false; } *************** *** 469,472 **** --- 548,558 ---- } + void set_port_status(int port, enum port_status status){ + struct scanned_port sp; + sp.port_number = port; + sp.status = status; + subtarget_ports.push_back(sp); + print_port_status(sp.port_number, status); + } void show_ports(){ *************** *** 532,537 **** ~csubtarget(){ //DBGOUTPUT("Entering destructor..."); - //free(hostname); - //free(reversed_hostname); free(scan_sockets); subtarget_ports.clear(); --- 618,621 ---- |
