[Javanetsim-cvs] IceScan csubtarget.h,1.30,1.31
Status: Beta
Brought to you by:
darkkey
Menu
▾
▴
[Javanetsim-cvs] IceScan csubtarget.h,1.30,1.31
|
From: Alexander B. <da...@us...> - 2006-12-16 10:39:14
|
Update of /cvsroot/javanetsim/IceScan In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv6792 Modified Files: csubtarget.h Log Message: no message Index: csubtarget.h =================================================================== RCS file: /cvsroot/javanetsim/IceScan/csubtarget.h,v retrieving revision 1.30 retrieving revision 1.31 diff -C2 -d -r1.30 -r1.31 *** csubtarget.h 16 Dec 2006 10:27:59 -0000 1.30 --- csubtarget.h 16 Dec 2006 10:39:10 -0000 1.31 *************** *** 145,323 **** } - void raw_tcp_scan(icestring scan_type){ - std::map <int, scanning_port> scanning_ports; - struct sockaddr_in saddress; - int len; - int MAGIC_PORT = 54678; //ugly, need to check - char local_hostname[80]; - - if(par->verbose > 0) - *out << "Starting TCP " << scan_type << " scan against " << hostname.c_str() << "...\n"; - - #ifdef __CYGWIN__ - if(par->forceuid){ - #else - if(getuid() || par->forceuid){ - #endif - out->line("UID isn't 0, so can't create raw socket => no RAW tcp scan..."); - return; - } - - - raw = true; - domain = (int) SOCK_RAW; - - len == make_sockname(saddress, hostname.c_str(), 0, domain); - - if(gethostname(local_hostname, 80)) exit(-1); - - icestring source(local_hostname); - - init_scanning_ports(hostname, par, (int) SOCK_RAW, scanning_ports); - - crawsocket rawsend(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); - crawsocket rawrecv(AF_INET, (int) SOCK_RAW, IPPROTO_TCP); - - rawrecv.nonblock(true); - - int one = 1; - const int *val = &one; - if (rawsend.setsockopt (IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) - perror("Setsockopt HDRINCL:"); - - int attempts = 0; - - while(attempts++ < 5){ - for(std::map <int, scanning_port>::iterator i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ - if(! (*i).second.done ){ - - switch(par->scan_type){ - case FIN_SCAN: - rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | par->tcpflags, 0, 0, 0); - break; - - case NULL_SCAN: - rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, par->tcpflags, 0, 0, 0); - break; - - case XMAS_SCAN: - rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | TH_URG | TH_PUSH | par->tcpflags, 0, 0, 0); - break; - - case WINDOW_SCAN: - case ACK_SCAN: - rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_ACK, 0, 0, 0); - break; - - case SYN_SCAN: - rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_SYN, 0, 0, 0); - break; - } - - - (*i).second.time = time(0); - - (*i).second.attempt++; - - iceusleep(1000); - } - } - - iceusleep(500000); - - int bytes; - char response[65535]; - struct iphdr *ip = (struct iphdr *) response; - struct tcphdr *tcp; - - int at = 0; - - - while(at++<10){ - while( bytes = rawrecv.recvfrom(response, 65535, 0, NULL) > 0){ - if(ip->saddr = saddress.sin_addr.s_addr){ - tcp = (struct tcphdr *) (response + 4 * ip->ihl); - - if ((tcp->th_flags & TH_RST) && (par->scan_type == FIN_SCAN || par->scan_type == NULL_SCAN || par->scan_type == XMAS_SCAN)) { - int closed_port = ntohs(tcp->th_sport); - - if(scanning_ports.find(closed_port) != scanning_ports.end()){ - if(!scanning_ports[closed_port].done){ - set_port_status(closed_port, PORT_CLOSED, "tcp"); - scanning_ports[closed_port].done = true; - } - } - }else if ((tcp->th_flags & TH_RST) && (par->scan_type == WINDOW_SCAN)) { - int port = ntohs(tcp->th_sport); - - if(scanning_ports.find(port) != scanning_ports.end()){ - if(!scanning_ports[port].done){ - scanning_ports[port].done = true; - if(tcp->th_win == 0){ - set_port_status(port, PORT_CLOSED, "tcp"); - }else{ - set_port_status(port, PORT_OPEN, "tcp"); - } - } - } - }else if ((tcp->th_flags & TH_RST) && (par->scan_type == ACK_SCAN)) { - int port = ntohs(tcp->th_sport); - - - if(scanning_ports.find(port) != scanning_ports.end()){ - if(!scanning_ports[port].done){ - set_port_status(port, PORT_UNFILTERED, "tcp"); - scanning_ports[port].done = true; - } - } - }else if ((tcp->th_flags & TH_RST) && (par->scan_type == SYN_SCAN)) { - int port = ntohs(tcp->th_sport); - - if(port != MAGIC_PORT){ - - if(scanning_ports.find(port) != scanning_ports.end()){ - if(!scanning_ports[port].done){ - scanning_ports[port].done = true; - set_port_status(port, PORT_CLOSED, "tcp"); - } - } - } - }else if ((tcp->th_flags & (TH_ACK|TH_SYN)) && (par->scan_type == SYN_SCAN)) { - int port = ntohs(tcp->th_sport); - - if(port != MAGIC_PORT){ - - if(scanning_ports.find(port) != scanning_ports.end()){ - if(!scanning_ports[port].done){ - set_port_status(port, PORT_OPEN, "tcp"); - rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, port, 0, 0, TH_RST, 0, 0, 0); - scanning_ports[port].done = true; - } - } - } - } - - - } - bzero(response, 65534); - } - iceusleep(1000); - } - } - - for(std::map <int, scanning_port>::iterator i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ - if(! (*i).second.done){ - (*i).second.done = true; - set_port_status((*i).first, get_no_response_status(), "tcp"); - } - } - - scanning_ports.clear(); - - show_ports(); - - if(par->verbose>0) - *out << "TCP " << scan_type << "scan finished.\n"; - } int udp_scan(){ --- 145,148 ---- *************** *** 614,617 **** --- 439,622 ---- } + /* This function implements any type of raw tcp scan, + * e.g. ACK, FIN and etc. + */ + void raw_tcp_scan(icestring scan_type){ + std::map <int, scanning_port> scanning_ports; + struct sockaddr_in saddress; + int len; + int MAGIC_PORT = 54678; //ugly, need to check + char local_hostname[80]; + + if(par->verbose > 0) + *out << "Starting TCP " << scan_type << " scan against " << hostname.c_str() << "...\n"; + + #ifdef __CYGWIN__ + if(par->forceuid){ + #else + if(getuid() || par->forceuid){ + #endif + out->line("UID isn't 0, so can't create raw socket => no RAW tcp scan..."); + return; + } + + + raw = true; + domain = (int) SOCK_RAW; + + len == make_sockname(saddress, hostname.c_str(), 0, domain); + + if(gethostname(local_hostname, 80)) exit(-1); + + icestring source(local_hostname); + + init_scanning_ports(hostname, par, (int) SOCK_RAW, scanning_ports); + + crawsocket rawsend(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); + crawsocket rawrecv(AF_INET, (int) SOCK_RAW, IPPROTO_TCP); + + rawrecv.nonblock(true); + + int one = 1; + const int *val = &one; + if (rawsend.setsockopt (IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) + perror("Setsockopt HDRINCL:"); + + int attempts = 0; + + while(attempts++ < 5){ + for(std::map <int, scanning_port>::iterator i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ + if(! (*i).second.done ){ + + switch(par->scan_type){ + case FIN_SCAN: + rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | par->tcpflags, 0, 0, 0); + break; + + case NULL_SCAN: + rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, par->tcpflags, 0, 0, 0); + break; + + case XMAS_SCAN: + rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | TH_URG | TH_PUSH | par->tcpflags, 0, 0, 0); + break; + + case WINDOW_SCAN: + case ACK_SCAN: + rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_ACK, 0, 0, 0); + break; + + case SYN_SCAN: + rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_SYN, 0, 0, 0); + break; + } + + + (*i).second.time = time(0); + + (*i).second.attempt++; + + iceusleep(1000); + } + } + + iceusleep(500000); + + int bytes; + char response[65535]; + struct iphdr *ip = (struct iphdr *) response; + struct tcphdr *tcp; + + int at = 0; + + + while(at++<10){ + while( bytes = rawrecv.recvfrom(response, 65535, 0, NULL) > 0){ + if(ip->saddr = saddress.sin_addr.s_addr){ + tcp = (struct tcphdr *) (response + 4 * ip->ihl); + + if ((tcp->th_flags & TH_RST) && (par->scan_type == FIN_SCAN || par->scan_type == NULL_SCAN || par->scan_type == XMAS_SCAN)) { + int closed_port = ntohs(tcp->th_sport); + + if(scanning_ports.find(closed_port) != scanning_ports.end()){ + if(!scanning_ports[closed_port].done){ + set_port_status(closed_port, PORT_CLOSED, "tcp"); + scanning_ports[closed_port].done = true; + } + } + }else if ((tcp->th_flags & TH_RST) && (par->scan_type == WINDOW_SCAN)) { + int port = ntohs(tcp->th_sport); + + if(scanning_ports.find(port) != scanning_ports.end()){ + if(!scanning_ports[port].done){ + scanning_ports[port].done = true; + if(tcp->th_win == 0){ + set_port_status(port, PORT_CLOSED, "tcp"); + }else{ + set_port_status(port, PORT_OPEN, "tcp"); + } + } + } + }else if ((tcp->th_flags & TH_RST) && (par->scan_type == ACK_SCAN)) { + int port = ntohs(tcp->th_sport); + + + if(scanning_ports.find(port) != scanning_ports.end()){ + if(!scanning_ports[port].done){ + set_port_status(port, PORT_UNFILTERED, "tcp"); + scanning_ports[port].done = true; + } + } + }else if ((tcp->th_flags & TH_RST) && (par->scan_type == SYN_SCAN)) { + int port = ntohs(tcp->th_sport); + + if(port != MAGIC_PORT){ + + if(scanning_ports.find(port) != scanning_ports.end()){ + if(!scanning_ports[port].done){ + scanning_ports[port].done = true; + set_port_status(port, PORT_CLOSED, "tcp"); + } + } + } + }else if ((tcp->th_flags & (TH_ACK|TH_SYN)) && (par->scan_type == SYN_SCAN)) { + int port = ntohs(tcp->th_sport); + + if(port != MAGIC_PORT){ + + if(scanning_ports.find(port) != scanning_ports.end()){ + if(!scanning_ports[port].done){ + set_port_status(port, PORT_OPEN, "tcp"); + rawsend.send_tcp_raw(source, hostname, MAGIC_PORT, port, 0, 0, TH_RST, 0, 0, 0); + scanning_ports[port].done = true; + } + } + } + } + + + } + bzero(response, 65534); + } + iceusleep(1000); + } + } + + for(std::map <int, scanning_port>::iterator i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ + if(! (*i).second.done){ + (*i).second.done = true; + set_port_status((*i).first, get_no_response_status(), "tcp"); + } + } + + scanning_ports.clear(); + + show_ports(); + + if(par->verbose>0) + *out << "TCP " << scan_type << "scan finished.\n"; + } + + void shutdown_scansocket(int j){ csocket c(AF_INET, scan_sockets[j].domain, scan_sockets[j].sid); |
