[Javanetsim-cvs] IceScan iceparams.h, 1.6, 1.7 icescan.cc, 1.14, 1.15 TODO, 1.6, 1.7 csubtarget.h,
Status: Beta
Brought to you by:
darkkey
Menu
▾
▴
[Javanetsim-cvs] IceScan iceparams.h, 1.6, 1.7 icescan.cc, 1.14, 1.15 TODO, 1.6, 1.7 csubtarget.h, 1.15, 1.16
|
From: Alexander B. <da...@us...> - 2006-12-13 20:06:37
|
Update of /cvsroot/javanetsim/IceScan In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv23589 Modified Files: iceparams.h icescan.cc TODO csubtarget.h Log Message: no message Index: icescan.cc =================================================================== RCS file: /cvsroot/javanetsim/IceScan/icescan.cc,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** icescan.cc 13 Dec 2006 13:22:00 -0000 1.14 --- icescan.cc 13 Dec 2006 20:06:32 -0000 1.15 *************** *** 20,23 **** --- 20,28 ---- "\t-SB: udp NetBIOS scan\n" "\t-SI: IP Protocol scan\n" + "\t-SN: Null scan\n" + "\t-SF: Fin scan\n" + "\t-SW: window scan\n" + "\t-SA: ACK scan\n" + "\t-SS: SYN scan\n" "PORTS SPECIFICATION:\n" "\t-p <port range>: specify port range to scan (default 1-1024).\n" *************** *** 91,94 **** --- 96,119 ---- break; + case 'N': + par->scan_type = NULL_SCAN; + break; + + case 'X': + par->scan_type = XMAS_SCAN; + break; + + case 'W': + par->scan_type = WINDOW_SCAN; + break; + + case 'A': + par->scan_type = ACK_SCAN; + break; + + case 'S': + par->scan_type = SYN_SCAN; + break; + default: std::cout << "Invalid scan type: -S" << argv[i][2] << std::endl; Index: iceparams.h =================================================================== RCS file: /cvsroot/javanetsim/IceScan/iceparams.h,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** iceparams.h 13 Dec 2006 12:59:06 -0000 1.6 --- iceparams.h 13 Dec 2006 20:06:32 -0000 1.7 *************** *** 11,16 **** }; ! enum Scan_type {NO_SCAN, TCP_CONNECT_SCAN, NBT_SCAN, PROT_SCAN, FIN_SCAN}; ! // -S0 -ST -SB -SI -SF --- 11,16 ---- }; ! enum Scan_type {NO_SCAN, TCP_CONNECT_SCAN, NBT_SCAN, PROT_SCAN, FIN_SCAN, NULL_SCAN, XMAS_SCAN, WINDOW_SCAN, ACK_SCAN, SYN_SCAN}; ! // -S0 -ST -SB -SI -SF -SN -SX -SW -SA -SS *************** *** 105,111 **** void init_default_ports(){ ! const int ranges_cnt = 1; ! int ranges[ranges_cnt][2] = { {20, 24} }; //, {630, 632} }; //int ranges[ranges_cnt][2] = { {1, 1024}, {3388, 3390} }; --- 105,111 ---- void init_default_ports(){ ! const int ranges_cnt = 2; ! int ranges[ranges_cnt][2] = { {20, 25}, {135, 136} }; //int ranges[ranges_cnt][2] = { {1, 1024}, {3388, 3390} }; Index: TODO =================================================================== RCS file: /cvsroot/javanetsim/IceScan/TODO,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** TODO 30 Nov 2006 06:43:50 -0000 1.6 --- TODO 13 Dec 2006 20:06:32 -0000 1.7 *************** *** 7,10 **** --- 7,11 ---- + add multiple targets handling; * fix reading port range for ack/udp/syn pings; + * fix reading port range for scans -- Discovering -- *************** *** 12,28 **** + UDP Ping (-PU [portlist]) [QweR] + TCP SYN Scan (-SS [portlist]) [Key] - * stop scanning of target if discovery failed: print message -- Scanning -- - * rewrite do_select_round as a template; + UDP Scan (-SU) [QweR] + ICMP Address Mask Ping (-PM) [QweR] - + Window Scan (-SW) [QweR] - + Xmas Tree Scan (-SX) [QweR] + IP Protocol Scan (-SI) [Key] (??) ! + Null Scan (-SN) [Key] ! + TCP SYN Scan (-SS) [Key] ! + The FIN Scan (-SF) [Key] -- Misc -- --- 13,24 ---- + UDP Ping (-PU [portlist]) [QweR] + TCP SYN Scan (-SS [portlist]) [Key] -- Scanning -- + UDP Scan (-SU) [QweR] + ICMP Address Mask Ping (-PM) [QweR] + IP Protocol Scan (-SI) [Key] (??) ! * merge many raw scan functions into 1. ! * do setting random window/seq(ack and seg) for raw scanning -- Misc -- Index: csubtarget.h =================================================================== RCS file: /cvsroot/javanetsim/IceScan/csubtarget.h,v retrieving revision 1.15 retrieving revision 1.16 diff -C2 -d -r1.15 -r1.16 *** csubtarget.h 13 Dec 2006 18:28:21 -0000 1.15 --- csubtarget.h 13 Dec 2006 20:06:32 -0000 1.16 *************** *** 19,28 **** #define ICE_FD_SETSIZE (128) #else ! #define ICE_FD_SETSIZE (10) #endif #define MAX_CLOSED 7 ! enum port_status { PORT_UNKNOWN = -1, PORT_OPEN = 0, PORT_CLOSED = 1, PORT_FILTERED = 2, PORT_OPEN_FILTERED = 3 }; class scanned_port{ --- 19,28 ---- #define ICE_FD_SETSIZE (128) #else ! #define ICE_FD_SETSIZE (128) #endif #define MAX_CLOSED 7 ! enum port_status { PORT_UNKNOWN = -1, PORT_OPEN = 0, PORT_CLOSED = 1, PORT_FILTERED = 2, PORT_OPEN_FILTERED = 3, PORT_UNFILTERED = 4 }; class scanned_port{ *************** *** 107,110 **** --- 107,115 ---- if(par->scan_type == PROT_SCAN) prot_scan(); if(par->scan_type == FIN_SCAN) fin_scan(); + if(par->scan_type == NULL_SCAN) null_scan(); + if(par->scan_type == XMAS_SCAN) xmas_scan(); + if(par->scan_type == WINDOW_SCAN) window_scan(); + if(par->scan_type == ACK_SCAN) ack_scan(); + if(par->scan_type == SYN_SCAN) syn_scan(); } *************** *** 137,168 **** } ! int fin_scan(){ ! // fin scan, -SF ! raw = true; ! domain = (int) SOCK_RAW; ! struct sockaddr_in saddress; int len; - - len == make_sockname(saddress, hostname.c_str(), 0, domain); - - bool done = true; - int MAGIC_PORT = 54678; //ugly, need to check char local_hostname[80]; ! if(gethostname(local_hostname, 80)) exit(-1); icestring source(local_hostname); ! ! std::map <int, scanning_port> scanning_ports; init_scanning_ports(hostname, par, (int) SOCK_RAW, scanning_ports); - - - //add UID 0 check - if(par->verbose > 0) - *out << "Starting TCP FIN scan against " << hostname.c_str() << "...\n"; - crawsocket rawsend(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); crawsocket rawrecv(AF_INET, (int) SOCK_RAW, IPPROTO_TCP); --- 142,166 ---- } ! void raw_tcp_scan(){ ! std::map <int, scanning_port> scanning_ports; struct sockaddr_in saddress; int len; int MAGIC_PORT = 54678; //ugly, need to check char local_hostname[80]; ! ! //add UID 0 check ! //^^^^^^^^^^^^ UGLY + raw = true; + domain = (int) SOCK_RAW; + len == make_sockname(saddress, hostname.c_str(), 0, domain); + + if(gethostname(local_hostname, 80)) exit(-1); + icestring source(local_hostname); ! init_scanning_ports(hostname, par, (int) SOCK_RAW, scanning_ports); crawsocket rawsend(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); crawsocket rawrecv(AF_INET, (int) SOCK_RAW, IPPROTO_TCP); *************** *** 177,188 **** int attempts = 0; ! std::map <int, scanning_port>::iterator i; ! ! while(attempts++ < 5){ ! for(i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ if(! (*i).second.done ){ ! //DBGOUTPUT("!!!!");// ! rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN, 0, 0, 0); ! //DBGOUTPUT("!!!!"); (*i).second.time = time(0); --- 175,206 ---- int attempts = 0; ! while(attempts++ < 5){ ! for(std::map <int, scanning_port>::iterator i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ if(! (*i).second.done ){ ! ! switch(par->scan_type){ ! case FIN_SCAN: ! rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN, 0, 0, 0); ! break; ! ! case NULL_SCAN: ! rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, 0, 0, 0, 0); ! break; ! ! case XMAS_SCAN: ! rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | TH_URG | TH_PUSH, 0, 0, 0); ! break; ! ! case WINDOW_SCAN: ! case ACK_SCAN: ! rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_ACK, 0, 0, 0); ! break; ! ! case SYN_SCAN: ! rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_SYN, 0, 0, 0); ! break; ! } ! ! (*i).second.time = time(0); *************** *** 193,196 **** --- 211,215 ---- } + usleep(500000); int bytes; *************** *** 201,219 **** int at = 0; while(at++<10){ ! while( bytes = rawrecv.recvfrom(response, 65535, 0, NULL) > 0){ if(ip->saddr = saddress.sin_addr.s_addr){ tcp = (struct tcphdr *) (response + 4 * ip->ihl); ! if (tcp->th_flags & TH_RST) { ! //crawsocket::print_tcppacket(response, bytes); int closed_port = ntohs(tcp->th_sport); set_port_status(closed_port, PORT_CLOSED); ! //if(scanning_ports.find(closed_port)) ! scanning_ports[closed_port].done = true; ! //^^^^UGLY, please check ! } } bzero(response, 65534); --- 220,277 ---- int at = 0; + while(at++<10){ ! while( bytes = rawrecv.recvfrom(response, 65535, 0, NULL) > 0){ if(ip->saddr = saddress.sin_addr.s_addr){ tcp = (struct tcphdr *) (response + 4 * ip->ihl); ! ! if ((tcp->th_flags & TH_RST) && (par->scan_type == FIN_SCAN || par->scan_type == NULL_SCAN || par->scan_type == XMAS_SCAN)) { int closed_port = ntohs(tcp->th_sport); set_port_status(closed_port, PORT_CLOSED); ! if(scanning_ports.find(closed_port) != scanning_ports.end()) ! scanning_ports[closed_port].done = true; ! }else if ((tcp->th_flags & TH_RST) && (par->scan_type == WINDOW_SCAN)) { ! int port = ntohs(tcp->th_sport); ! ! if(tcp->th_win == 0){ ! set_port_status(port, PORT_CLOSED); ! }else{ ! set_port_status(port, PORT_OPEN); ! } ! ! if(scanning_ports.find(port) != scanning_ports.end()) ! scanning_ports[port].done = true; ! }else if ((tcp->th_flags & TH_RST) && (par->scan_type == ACK_SCAN)) { ! int port = ntohs(tcp->th_sport); ! ! set_port_status(port, PORT_UNFILTERED); ! ! if(scanning_ports.find(port) != scanning_ports.end()) ! scanning_ports[port].done = true; ! }else if ((tcp->th_flags & TH_RST) && (par->scan_type == SYN_SCAN)) { ! int port = ntohs(tcp->th_sport); ! ! if(port != MAGIC_PORT){ ! set_port_status(port, PORT_CLOSED); ! ! if(scanning_ports.find(port) != scanning_ports.end()) ! scanning_ports[port].done = true; ! } ! }else if ((tcp->th_flags & (TH_ACK|TH_SYN)) && (par->scan_type == SYN_SCAN)) { ! int port = ntohs(tcp->th_sport); ! ! if(port != MAGIC_PORT){ ! set_port_status(port, PORT_OPEN); ! ! rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, port, 0, 0, TH_RST, 0, 0, 0); ! ! if(scanning_ports.find(port) != scanning_ports.end()) ! scanning_ports[port].done = true; ! } } + + } bzero(response, 65534); *************** *** 223,239 **** } ! for(i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ if(! (*i).second.done){ (*i).second.done = true; set_port_status((*i).first, get_no_response_status()); } ! } show_ports(); if(par->verbose>0) out->line("TCP FIN scan finished."); ! ! scanning_ports.clear(); } --- 281,364 ---- } ! for(std::map <int, scanning_port>::iterator i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ if(! (*i).second.done){ (*i).second.done = true; set_port_status((*i).first, get_no_response_status()); } ! } + scanning_ports.clear(); + } + + int fin_scan(){ + // -SF + if(par->verbose > 0) + *out << "Starting TCP FIN scan against " << hostname.c_str() << "...\n"; + + raw_tcp_scan(); show_ports(); if(par->verbose>0) out->line("TCP FIN scan finished."); ! } ! ! int null_scan(){ ! // -SN ! if(par->verbose > 0) ! *out << "Starting TCP NULL scan against " << hostname.c_str() << "...\n"; ! ! raw_tcp_scan(); ! show_ports(); ! ! if(par->verbose>0) ! out->line("TCP NULL scan finished."); ! } ! ! int ack_scan(){ ! // -SN ! if(par->verbose > 0) ! *out << "Starting TCP ACK scan against " << hostname.c_str() << "...\n"; ! ! raw_tcp_scan(); ! show_ports(); ! ! if(par->verbose>0) ! out->line("TCP ACK scan finished."); ! } ! ! int xmas_scan(){ ! // -SX ! if(par->verbose > 0) ! *out << "Starting TCP XMAS scan against " << hostname.c_str() << "...\n"; ! ! raw_tcp_scan(); ! show_ports(); ! ! if(par->verbose>0) ! out->line("TCP XMAS scan finished."); ! } ! ! int window_scan(){ ! // -SW ! if(par->verbose > 0) ! *out << "Starting TCP Window scan against " << hostname.c_str() << "...\n"; ! ! raw_tcp_scan(); ! show_ports(); ! ! if(par->verbose>0) ! out->line("TCP Window scan finished."); ! } ! ! int syn_scan(){ ! // -SS ! if(par->verbose > 0) ! *out << "Starting TCP SYN scan against " << hostname.c_str() << "...\n"; ! ! raw_tcp_scan(); ! show_ports(); ! ! if(par->verbose>0) ! out->line("TCP SYN scan finished."); } *************** *** 290,295 **** --- 415,427 ---- switch(par->scan_type){ case FIN_SCAN: + case NULL_SCAN: + case XMAS_SCAN: return PORT_OPEN_FILTERED; break; + case WINDOW_SCAN: + case ACK_SCAN: + case SYN_SCAN: + return PORT_FILTERED; + break; } } *************** *** 468,471 **** --- 600,606 ---- sprintf(output_buf, "Discovered open|filtered port %d/tcp on %s.", port, hostname.c_str()); out->line(output_buf); + }else if(ps == PORT_UNFILTERED && par->verbose > 1){ + sprintf(output_buf, "Discovered unfiltered port %d/tcp on %s.", port, hostname.c_str()); + out->line(output_buf); } } *************** *** 593,597 **** for(i = subtarget_ports.begin(); i!= subtarget_ports.end(); ++i){ total++; ! if((*i).status == PORT_OPEN){ open++; }else if((*i).status == PORT_CLOSED){ --- 728,732 ---- for(i = subtarget_ports.begin(); i!= subtarget_ports.end(); ++i){ total++; ! if((*i).status == PORT_OPEN || (*i).status == PORT_OPEN_FILTERED){ open++; }else if((*i).status == PORT_CLOSED){ *************** *** 638,641 **** --- 773,779 ---- sprintf(output_buf, "%5d/tcp o|f %s", subtarget_ports[j].port_number, isnd->get_tcp_service(subtarget_ports[j].port_number).c_str()); out->line(output_buf); + }else if(subtarget_ports[j].status == PORT_UNFILTERED){ + sprintf(output_buf, "%5d/tcp unfilt %s", subtarget_ports[j].port_number, isnd->get_tcp_service(subtarget_ports[j].port_number).c_str()); + out->line(output_buf); }else if(subtarget_ports[j].status == PORT_CLOSED && show_closed){ sprintf(output_buf, "%5d/tcp closed %s", subtarget_ports[j].port_number, isnd->get_tcp_service(subtarget_ports[j].port_number).c_str()); |
