[Javanetsim-cvs] IceScan icediscover.cc, NONE, 1.1 csubtarget.cc, NONE, 1.1 udpscan.cc, NONE, 1.1 .
Status: Beta
Brought to you by:
darkkey
Menu
▾
▴
[Javanetsim-cvs] IceScan icediscover.cc, NONE, 1.1 csubtarget.cc, NONE, 1.1 udpscan.cc, NONE, 1.1 .cvsignore, 1.7, 1.8 Makefile.am, 1.3, 1.4 icescan.cc, 1.37, 1.38 udpscan.h, 1.19, 1.20 icediscover.h, 1.34, 1.35 csubtarget.h, 1.53, 1.54 portdef.h, 1.4, 1.5 iceoutput.h, 1.4, 1.5 icedbs.h, 1.9, 1.10 Makefile.in, 1.3, 1.4
|
From: Alexander B. <da...@us...> - 2006-12-21 15:37:28
|
Update of /cvsroot/javanetsim/IceScan In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv15392 Modified Files: .cvsignore Makefile.am icescan.cc udpscan.h icediscover.h csubtarget.h portdef.h iceoutput.h icedbs.h Makefile.in Added Files: icediscover.cc csubtarget.cc udpscan.cc Log Message: no message Index: .cvsignore =================================================================== RCS file: /cvsroot/javanetsim/IceScan/.cvsignore,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** .cvsignore 21 Dec 2006 13:16:26 -0000 1.7 --- .cvsignore 21 Dec 2006 15:37:23 -0000 1.8 *************** *** 3,5 **** icescan config.log ! icescan icescan.o Makefile icescan.exe IceScan.exe Makefile.in autom4te.cache --- 3,11 ---- icescan config.log ! icescan ! icescan.o ! Makefile ! icescan.exe ! IceScan.exe ! Makefile.in ! autom4te.cache Index: icescan.cc =================================================================== RCS file: /cvsroot/javanetsim/IceScan/icescan.cc,v retrieving revision 1.37 retrieving revision 1.38 diff -C2 -d -r1.37 -r1.38 *** icescan.cc 18 Dec 2006 07:51:56 -0000 1.37 --- icescan.cc 21 Dec 2006 15:37:23 -0000 1.38 *************** *** 1,4 **** ! #include <string> ! #include "icesockets/csocket.h" #include "iceparams.h" #include "iceversion.h" --- 1,25 ---- ! /* ! * icescan.cc -- Contains the main() function of IceScan and functions ! * to parse command line args and print help; ! */ ! ! /* ! * Copyright (C) 2006 by Alexander Bolshev[Key] <key(at)timeold.ru> ! * ! * This program is free software; you can redistribute it and/or modify ! * it under the terms of the GNU General Public License version 2 ! * as published by the Free Software Foundation, ! * ! * This program is distributed in the hope that it will be useful, ! * but WITHOUT ANY WARRANTY; without even the implied warranty of ! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ! * GNU General Public License for more details. ! * ! * You should have received a copy of the GNU General Public License ! * along with this program; if not, write to the Free Software ! * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ! * ! */ ! #include "iceparams.h" #include "iceversion.h" *************** *** 6,9 **** --- 27,31 ---- #include "icedbs.h" #include "ctarget.h" + #include "icesockets/csocket.h" #include "icesockets/ice_rand.h" Index: csubtarget.h =================================================================== RCS file: /cvsroot/javanetsim/IceScan/csubtarget.h,v retrieving revision 1.53 retrieving revision 1.54 diff -C2 -d -r1.53 -r1.54 *** csubtarget.h 21 Dec 2006 10:13:53 -0000 1.53 --- csubtarget.h 21 Dec 2006 15:37:23 -0000 1.54 *************** *** 2,20 **** #define CSUBTARGET_H - #include <cstdio> - #include <cstdlib> - #include <map> - #include <vector> - #include <errno.h> - #include "portdef.h" #include "iceoutput.h" #include "iceparams.h" - - //#ifndef WIN32 #include "nbt_wrapper.h" - //#endif - #include "iceprotocol.h" #include "icesockets/sock_pcap.h" #define CONNECT_TIMEOUT 14 --- 2,12 ---- #define CSUBTARGET_H #include "iceoutput.h" #include "iceparams.h" #include "nbt_wrapper.h" #include "iceprotocol.h" #include "icesockets/sock_pcap.h" + #include "icediscover.h" + #include "portdef.h" #define CONNECT_TIMEOUT 14 *************** *** 31,40 **** #define MAX_CLOSED 7 - class csubtarget; - //#include "udpscan.h" - bool udpscan(icestring destname, std::map <int, scanning_port> scanning_ports, iceparams *par, iceoutput *out, csubtarget * subtarget, bool isscan); - - #include "icediscover.h" - struct scan_socket{ int sid; --- 23,26 ---- *************** *** 71,227 **** std::vector<scanned_port> subtarget_ports; ! csubtarget(icestring hostname, icestring reverse_hostname, iceparams *par, iceoutput *out){ ! ! struct scanned_port sp; ! ! subtarget_ports.push_back(sp); ! ! this->hostname.assign(hostname); ! this->reversed_hostname.assign(reverse_hostname); ! this->par = par; ! this->out = out; ! discovered = false; ! init_scan_sockets(); ! ! source_ip = get_source_ip(hostname, source_iface); ! } ! ! bool discover(){ ! struct timeb tp1, tp2; ! ! ftime(&tp1); ! discovered = host_discover(hostname.c_str(), par, out); ! ftime(&tp2); ! if(par->verbose) *out << "Discovery taken " << timeb_diff(tp1, tp2) << " seconds.\n"; ! ! return discovered; ! } ! void scan(){ ! if(par->scan_type == TCP_CONNECT_SCAN) connect_scan(); ! if(par->scan_type == NBT_SCAN) nbt_scan(); ! if(par->scan_type == PROT_SCAN) prot_scan(); ! if(par->scan_type == FIN_SCAN) raw_tcp_scan("FIN"); ! if(par->scan_type == NULL_SCAN) raw_tcp_scan("NULL"); ! if(par->scan_type == XMAS_SCAN) raw_tcp_scan("XMAS"); ! if(par->scan_type == WINDOW_SCAN) raw_tcp_scan("window"); ! if(par->scan_type == ACK_SCAN) raw_tcp_scan("ACK"); ! if(par->scan_type == SYN_SCAN) raw_tcp_scan("SYN"); ! if(par->scan_type == UDP_SCAN) udp_scan(); ! } ! void mac_discover(){ ! #ifndef __CYGWIN__ ! icestring mac = get_arp_from_cache(hostname); ! ! if(mac != ""){ ! char Mac[24], vmac[7]; ! ! strcpy(Mac, mac.c_str()); ! ! vmac[0] = Mac[0]; vmac[1] = Mac[1]; ! vmac[2] = Mac[3]; vmac[3] = Mac[4]; ! vmac[4] = Mac[6]; vmac[5] = Mac[7]; ! vmac[6] = '\0'; ! ! icestring Vmac(vmac); ! ! *out << "MAC Address: " << mac << " (" << par->ismd->get_vendor(vmac) << ")" << "\n"; ! } ! #endif ! } ! int prot_scan(){ ! // cprotocol_scan cps(par, out); ! // cps.test(hostname.c_str()); ! ! return 0; ! } ! ! int nbt_scan(){ ! // NetBIOS scan, -SB ! char output_buf[255]; ! ! if(par->verbose>0){ ! sprintf(output_buf, "Starting NetBIOS scan against %s...", hostname.c_str()); ! out->line(output_buf); ! } ! ! cnbtwrapper wrap(par); ! ! wrap.test(hostname.c_str(), 137); ! if(par->verbose>0){ ! Bzero(output_buf, 255); ! sprintf(output_buf, "NetBIOS scan finished.", hostname.c_str()); ! out->line(output_buf); ! } ! ! return 0; ! } ! int udp_scan(){ ! //udp scan, -SU ! ! char output_buf[255]; ! char local_hostname[80]; ! icestring local_hn; ! ! std::map <int, scanning_port> scanning_ports; ! init_scanning_ports(hostname, par, (int) SOCK_DGRAM, scanning_ports); ! ! if(par->verbose>0){ ! sprintf(output_buf, "Starting UDP scan against %s...", hostname.c_str()); ! out->line(output_buf); ! } ! ! udpscan(hostname, scanning_ports, par, out, this, true); ! ! show_ports(); ! ! if(par->verbose>0) ! out->line("UDP scan finished."); ! ! scanning_ports.clear(); ! ! return 0; ! } ! ! int connect_scan(){ ! // connect scan, -ST ! ! char output_buf[255]; ! ! domain = (int) SOCK_STREAM; ! ! std::map <int, scanning_port> scanning_ports; ! init_scanning_ports(hostname, par, (int) SOCK_STREAM, scanning_ports); ! ! if(par->verbose>0){ ! sprintf(output_buf, "Starting tcp connect() scan against %s...", hostname.c_str()); ! out->line(output_buf); ! } ! int j = initiate_connect(scanning_ports); ! ! while( ! do_select_round_connect(scanning_ports, subtarget_ports) ) iceusleep(1000); ! show_ports(); ! ! if(par->verbose>0) ! out->line("Connect() scan finished."); ! ! scanning_ports.clear(); ! return 0; ! } ! void set_port_status(int port, enum port_status status, char* protocol){ ! struct scanned_port sp; ! sp.port_number = port; ! sp.status = status; ! subtarget_ports.push_back(sp); ! print_port_status(sp.port_number, status, protocol); ! } private: --- 57,79 ---- std::vector<scanned_port> subtarget_ports; ! csubtarget(icestring hostname, icestring reverse_hostname, iceparams *par, iceoutput *out); ! bool discover(); ! void scan(); ! void mac_discover(); ! int prot_scan(); ! int nbt_scan(); ! int udp_scan(); ! int connect_scan(); ! void set_port_status(int port, enum port_status status, char* protocol); ! ~csubtarget(); private: *************** *** 232,861 **** int sockets_size; ! void init_scan_sockets(){ ! sockets_size = ICE_FD_SETSIZE*2/3; ! ! scan_sockets = (struct scan_socket *) malloc(sizeof(scan_socket) * (sockets_size+1)); ! ! for(int i = 0; i < sockets_size; i++){ ! scan_sockets[i].busy = false; ! scan_sockets[i].sid = -1; ! } ! free_sockets = sockets_size; ! } ! ! enum port_status get_no_response_status(){ ! switch(par->scan_type){ ! case FIN_SCAN: ! case NULL_SCAN: ! case XMAS_SCAN: ! return PORT_OPEN_FILTERED; ! break; ! case WINDOW_SCAN: ! case ACK_SCAN: ! case SYN_SCAN: ! return PORT_FILTERED; ! break; ! } ! } ! ! int get_first_free_socket(){ ! int f; ! ! for(f = 0; f < sockets_size; f++) ! if(!scan_sockets[f].busy && scan_sockets[f].sid < 0) ! return f; ! ! return -1; ! } ! ! void init_scanning_ports(icestring hostname, iceparams *par, int domain, std::map <int, scanning_port> &scanning_ports){ ! for(int j = 0; j<par->ports.size(); j++){ ! port_range pr = par->ports[j]; ! ! for(int i = pr.lower_port; i <= pr.upper_port; i++){ ! if(scanning_ports.find(i) == scanning_ports.end()){ ! struct scanning_port sp; ! sp.port_number = i; ! scanning_ports[i] = sp; ! scanning_ports[i].attempt = 0; ! scanning_ports[i].done = false; ! } ! } ! } ! ! if(domain == SOCK_RAW) return; ! ! std::map <int, scanning_port>::iterator i; ! int j; ! ! for(i = scanning_ports.begin(), j = 0; i!= scanning_ports.end(); ++i, j++){ ! if(j < sockets_size){ ! csocket c(AF_INET, domain); ! scan_sockets[j].domain = domain; ! scan_sockets[j].sid = c.get_socketid(); ! maxfd = scan_sockets[j].sid; ! scan_sockets[j].busy = true; ! (*i).second.socket_ptr = j; ! free_sockets--; ! }else{ ! (*i).second.socket_ptr = -1; ! } ! } ! ! } ! ! int initiate_connect(std::map <int, scanning_port> &scanning_ports){ ! std::map <int, scanning_port>::iterator i; ! FD_ZERO(&fd_r); ! FD_ZERO(&fd_w); ! FD_ZERO(&fd_x); ! ! int j; ! ! ! for(i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ //check FD_SET ! //DBGOUTPUT((*i).first); ! if((*i).second.socket_ptr != -1){ ! //DBGOUTPUT("!!!!!"); ! ! j = (*i).second.socket_ptr; ! csocket c(AF_INET, scan_sockets[j].domain, scan_sockets[j].sid); ! ! c.nonblock(true); ! ! FD_SET(scan_sockets[j].sid, &fd_w); ! FD_SET(scan_sockets[j].sid, &fd_r); ! FD_SET(scan_sockets[j].sid, &fd_x); ! ! (*i).second.time = time(0); ! ! int rc = c.connect(hostname.c_str(), (*i).first, 0); ! ! } ! } ! ! return j; ! } ! ! int get_max_fd(){ ! int max = -1; ! ! for(int f = 0; f < sockets_size; f++) ! if(scan_sockets[f].sid > max) ! max = scan_sockets[f].sid; ! ! return max; ! } ! ! /* This function implements any type of raw tcp scan, ! * e.g. ACK, FIN and etc. ! */ ! void raw_tcp_scan(icestring scan_type){ ! std::map <int, scanning_port> scanning_ports; ! struct sockaddr_in saddress; ! int len; ! int MAGIC_PORT = csocket::getMagicPort(SOCK_DGRAM, 100); ! ! if(par->verbose > 0) ! *out << "Starting TCP " << scan_type << " scan against " << hostname.c_str() << "...\n"; ! ! #if (__CYGWIN__) ! if(!par->forceuid){ ! #else ! if(getuid() && (par->forceuid != true)){ ! #endif ! out->line("UID isn't 0, so can't create raw socket/load pcap => no RAW tcp scan..."); ! return; ! } ! ! pcap_t* p; ! ! if(par->source_iface) ! p = init_pcap(par->source_iface); ! else ! p = init_pcap(getdev_pcap(source_iface)); ! ! ! if(p == NULL){ ! out->line("Can't open pcap: no raw tcp scan. Exitting."); ! return; ! } ! ! ! len = make_sockname(saddress, hostname.c_str(), 0, domain); ! ! icestring source(source_ip); ! ! init_scanning_ports(hostname, par, (int) SOCK_RAW, scanning_ports); ! ! crawsocket rawsend(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); ! int one = 1; ! ! #ifdef WIN32 ! const BOOL val = TRUE; ! #else ! const int val = 1; ! #endif ! ! if (setsockopt (rawsend.get_socketid(), IPPROTO_IP, IP_HDRINCL, (char *) &val, sizeof (one)) != 0) ! perror("Setsockopt HDRINCL:"); ! ! ! int l = scanning_ports.size()/MAX_PACKETS; ! if(scanning_ports.size() % MAX_PACKETS != 0) l++; ! ! char filter_exp[256]; ! ! sprintf(filter_exp, "port %d host %s tcp", MAGIC_PORT, hostname.c_str()); ! ! pcap_filter(p, filter_exp); ! ! pcap_block(p, false); ! ! int maxat; ! ! int covar = 10000; ! ! int attempts = 0; ! while(attempts++ < 5){ ! int j = 0; ! while(j < l){ ! std::map <int, scanning_port>::iterator i = scanning_ports.begin(); ! ! maxat = 0; ! ! for(int k=0; k < MAX_PACKETS*j; k++) i++; ! ! for(int k = j*MAX_PACKETS; (k < (j+1)*MAX_PACKETS) && i!= scanning_ports.end(); ++i, k++){ ! if(! (*i).second.done ){ ! switch(par->scan_type){ ! case FIN_SCAN: ! rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | par->tcpflags, 0, 0, 0); ! break; ! ! case NULL_SCAN: ! rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, par->tcpflags, 0, 0, 0); ! break; ! ! case XMAS_SCAN: ! rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | TH_URG | TH_PUSH | par->tcpflags, 0, 0, 0); ! break; ! ! case WINDOW_SCAN: ! case ACK_SCAN: ! rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_ACK, 0, 0, 0); ! break; ! ! case SYN_SCAN: ! rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_SYN, 0, 0, 0); ! break; ! } ! ! ! gettimeofday(&((*i).second.tv), 0); ! ! (*i).second.attempt++; ! ! maxat++; ! ! recieve_tcp_raw(p, rawsend, source, saddress, scanning_ports, MAGIC_PORT, 10, 0); ! } ! } ! ! j++; ! ! //iceusleep(1000); ! recieve_tcp_raw(p, rawsend, source, saddress, scanning_ports, MAGIC_PORT, (maxat) * covar + 10000, maxat); ! ! //DBGOUTPUT(covar); ! } ! } ! for(std::map <int, scanning_port>::iterator i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ ! if(! (*i).second.done){ ! (*i).second.done = true; ! set_port_status((*i).first, get_no_response_status(), "tcp"); ! } ! } ! ! scanning_ports.clear(); ! ! show_ports(); ! ! if(par->verbose>0) ! *out << "TCP " << scan_type << " scan finished.\n"; ! ! close_pcap(p); ! } ! int recieve_tcp_raw(pcap_t* p, crawsocket &rawsend, icestring &source, struct sockaddr_in &saddress, std::map <int, scanning_port> &scanning_ports, int MAGIC_PORT, int timeout, int packets){ ! int bytes; ! char *response; ! struct iphdr *ip; ! struct tcphdr *tcp; ! unsigned int len; ! int maxtimeval = 0; ! struct timeval tv1, tv2, tv3; ! gettimeofday(&tv1, 0); ! bool stop = false; ! int port; ! ! //DBGOUTPUT("!!!!!"); ! //while( bytes = rawrecv.recvfrom(response, 65535, 0, NULL) > 0){ ! while(!stop){ ! response = readip_pcap(p, &len, NULL); ! port = 0; ! //DBGOUTPUT("while"); ! if(response){ ! //DBGOUTPUT("response"); ! ip = (struct iphdr *) response; ! if(ip->saddr == saddress.sin_addr.s_addr && ip->protocol == IPPROTO_TCP){ ! tcp = (struct tcphdr *) (response + 4 * ip->ihl); ! ! if ((tcp->th_flags & TH_RST) && (par->scan_type == FIN_SCAN || par->scan_type == NULL_SCAN || par->scan_type == XMAS_SCAN)) { ! port = ntohs(tcp->th_sport); ! ! if(scanning_ports.find(port) != scanning_ports.end()){ ! if(!scanning_ports[port].done){ ! set_port_status(port, PORT_CLOSED, "tcp"); ! scanning_ports[port].done = true; ! } ! } ! }else if ((tcp->th_flags & TH_RST) && (par->scan_type == WINDOW_SCAN)) { ! int port = ntohs(tcp->th_sport); ! ! if(scanning_ports.find(port) != scanning_ports.end()){ ! if(!scanning_ports[port].done){ ! scanning_ports[port].done = true; ! if(tcp->th_win == 0){ ! set_port_status(port, PORT_CLOSED, "tcp"); ! }else{ ! set_port_status(port, PORT_OPEN, "tcp"); ! } ! } ! } ! }else if ((tcp->th_flags & TH_RST) && (par->scan_type == ACK_SCAN)) { ! int port = ntohs(tcp->th_sport); ! ! ! if(scanning_ports.find(port) != scanning_ports.end()){ ! if(!scanning_ports[port].done){ ! set_port_status(port, PORT_UNFILTERED, "tcp"); ! scanning_ports[port].done = true; ! } ! } ! }else if ((tcp->th_flags & TH_RST) && (par->scan_type == SYN_SCAN)) { ! int port = ntohs(tcp->th_sport); ! ! if(port != MAGIC_PORT){ ! ! if(scanning_ports.find(port) != scanning_ports.end()){ ! if(!scanning_ports[port].done){ ! scanning_ports[port].done = true; ! set_port_status(port, PORT_CLOSED, "tcp"); ! } ! } ! } ! }else if ((tcp->th_flags & (TH_ACK|TH_SYN)) && (par->scan_type == SYN_SCAN)) { ! int port = ntohs(tcp->th_sport); ! ! if(port != MAGIC_PORT){ ! if(scanning_ports.find(port) != scanning_ports.end()){ ! if(!scanning_ports[port].done){ ! set_port_status(port, PORT_OPEN, "tcp"); ! rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, port, 0, 0, TH_RST, 0, 0, 0); ! scanning_ports[port].done = true; ! } ! } ! } ! } ! //bzero(response, 65534); ! } ! } ! gettimeofday(&tv2, 0); ! ! if(port){ ! if(SUB_TIMEVALS(tv2,scanning_ports[port].tv) > maxtimeval) ! maxtimeval = SUB_TIMEVALS(tv2,scanning_ports[port].tv); ! } ! if(SUB_TIMEVALS(tv2,tv1) >= timeout || SUB_TIMEVALS(tv2,tv1) > MAX_RAW_WAIT + packets * 500) ! stop = true; ! } ! ! return maxtimeval; ! } ! void shutdown_scansocket(int j){ ! csocket c(AF_INET, scan_sockets[j].domain, scan_sockets[j].sid); ! ! FD_CLR(c.get_socketid(), &fd_w); ! FD_CLR(c.get_socketid(), &fd_r); ! FD_CLR(c.get_socketid(), &fd_x); ! ! c.shutdown(); ! c.close(); ! ! free_sockets++; ! scan_sockets[j].busy = false; ! scan_sockets[j].sid = -1; ! } ! ! int get_first_idle_scanning_port(std::map <int, scanning_port> &scanning_ports){ ! std::map <int, scanning_port>::iterator i; ! ! //DBGOUTPUT("GFISP"); ! ! for(i = --scanning_ports.end(); i!= scanning_ports.begin(); --i){ ! if((*i).second.socket_ptr == -1 && (! (*i).second.done)) ! return (*i).first; ! } ! ! return -1; ! } ! ! void idle_status_dispatcher(std::map <int, scanning_port> &scanning_ports, int prt){ ! if(prt>=0 && free_sockets > 1){ ! int f = get_first_free_socket(); ! if(f < 0) return; ! csocket c(AF_INET, (int) domain); ! scan_sockets[f].sid = c.get_socketid(); ! scan_sockets[f].busy = true; ! scanning_ports[prt].socket_ptr = f; ! free_sockets--; ! //DBGOUTPUT(prt); ! c.nonblock(true); ! //DBGOUTPUT("!!!"); ! FD_SET(c.get_socketid(), &fd_w); ! FD_SET(c.get_socketid(), &fd_r); ! FD_SET(c.get_socketid(), &fd_x); ! ! //DBGOUTPUT(scanning_ports[prt].hostname); ! //int rc = make_connect(&c, hostname, prt); ! c.connect(hostname.c_str(), prt, 0); ! ! scanning_ports[prt].time = time(0); ! //DBGOUTPUT("Connecting to " << prt << " using socket id " << scanning_ports[prt].c->get_socketid()); ! //DBGOUTPUT("!!!"); ! //iceusleep(10000); ! } ! } ! ! void print_port_status(int port, enum port_status ps, char* protocol){ ! char output_buf[255]; ! ! if(ps == PORT_OPEN && par->verbose >= 1){ ! sprintf(output_buf, "Discovered open port %d/%s on %s.", port, protocol, hostname.c_str()); ! out->line(output_buf); ! }else if(ps == PORT_CLOSED && par->verbose > 1){ ! sprintf(output_buf, "Discovered closed port %d/%s on %s.", port, protocol, hostname.c_str()); ! out->line(output_buf); ! }else if(ps == PORT_FILTERED && par->verbose > 2){ ! sprintf(output_buf, "Discovered filtered port %d/%s on %s.", port, protocol, hostname.c_str()); ! out->line(output_buf); ! }else if(ps == PORT_OPEN_FILTERED && par->verbose > 2){ ! sprintf(output_buf, "Discovered open|filtered port %d/%s on %s.", port, protocol, hostname.c_str()); ! out->line(output_buf); ! }else if(ps == PORT_UNFILTERED && par->verbose > 1){ ! sprintf(output_buf, "Discovered unfiltered port %d/%s on %s.", port, protocol, hostname.c_str()); ! out->line(output_buf); ! } ! } // return true if scanning_ports are empty bool do_select_round_connect(std::map <int, scanning_port> &scanning_ports, ! std::vector<scanned_port> &subtarget_ports){ ! fd_set fd_rtmp, fd_wtmp, fd_xtmp; ! struct timeval tv; ! int s, err; ! int res; ! int sopt; ! #if (WIN32 || __CYGWIN__ || __linux__) ! int soptlen = sizeof(int); ! #else ! int soptlen; ! #endif ! bool done = true; ! ! maxfd = get_max_fd(); ! ! fd_rtmp = fd_r; fd_wtmp = fd_w; fd_xtmp = fd_x; ! std::map <int, scanning_port>::iterator i,j; ! ! do{ ! tv.tv_sec = 0; tv.tv_usec = 10000; ! ! #ifndef WIN32 ! s = select(maxfd + 1, &fd_rtmp, &fd_wtmp, &fd_xtmp, &tv); ! #else ! s = select(0, &fd_rtmp, &fd_wtmp, &fd_xtmp, &tv); ! #endif ! err = errno; ! //perror("select"); DBGOUTPUT(s); ! ! }while(s = -1 && err == EINTR); ! ! int curtime = time(0); ! ! for(i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ ! ! if((*i).second.done) continue; ! if( (*i).second.socket_ptr == -1){ ! idle_status_dispatcher(scanning_ports, (*i).first); ! done = false; ! continue; ! } ! ! ! enum port_status status = PORT_UNKNOWN; ! if(s >= 0 && (FD_ISSET(scan_sockets[(*i).second.socket_ptr].sid, &fd_rtmp) || ! FD_ISSET(scan_sockets[(*i).second.socket_ptr].sid, &fd_wtmp) || ! FD_ISSET(scan_sockets[(*i).second.socket_ptr].sid, &fd_xtmp))){ ! ! csocket c(AF_INET, (int) domain, scan_sockets[(*i).second.socket_ptr].sid); ! ! c.getsockopt(SOL_SOCKET, SO_ERROR, (char *)&sopt, (socklen_t*) &soptlen); ! ! switch(sopt){ ! case 0: ! #ifdef __CYGWIN__ ! if(false){ ! #else ! if(FD_ISSET(scan_sockets[(*i).second.socket_ptr].sid, &fd_r)){ ! status = PORT_OPEN; ! #endif ! }else{ ! DBGOUTPUT("WRITE"); ! iceusleep(20000); ! res = c.write("", 0, 0); ! DBGOUTPUT("/WRITE" << res); ! if(res < 0){ ! status = PORT_CLOSED; ! }else{ ! status = PORT_OPEN; //UGLY, pls add additional checkup ! } ! } ! break; ! ! case ECONNREFUSED: ! status = PORT_CLOSED; ! break; ! ! case EHOSTUNREACH: ! case ETIMEDOUT: ! case EHOSTDOWN: ! case ENETUNREACH: ! status = PORT_FILTERED; ! break; ! ! default: //add here more errors, pls ! status = PORT_UNKNOWN; ! } ! ! ! ! set_port_status((*i).first, status, "tcp"); ! (*i).second.done = true; ! shutdown_scansocket((*i).second.socket_ptr); ! (*i).second.socket_ptr = -1; ! ! }else{ ! if( ( curtime - (*i).second.time) >= CONNECT_TIMEOUT ){ ! status = PORT_FILTERED; ! ! set_port_status((*i).first, status, "tcp"); ! (*i).second.done = true; ! shutdown_scansocket((*i).second.socket_ptr); ! (*i).second.socket_ptr = -1; ! }else done &= false; ! } ! done &= true; ! } ! // DBGOUTPUT("done"); ! // DBGOUTPUT(done); ! return done; ! } ! ! void show_ports(){ ! int filtered = 0, closed = 0, open = 0, total = 0; ! bool show_closed = false; ! char output_buf[255]; ! std::vector <scanned_port>::iterator i; ! ! for(i = subtarget_ports.begin(); i!= subtarget_ports.end(); ++i){ ! total++; ! if((*i).status == PORT_OPEN || (*i).status == PORT_OPEN_FILTERED){ ! open++; ! }else if((*i).status == PORT_CLOSED){ ! //if(closed++ > MAX_CLOSED) subtarget_ports.erase(i++); ! closed++; ! }else if((*i).status == PORT_FILTERED){ ! filtered++; ! //subtarget_ports.erase(i++); ! } ! } ! ! if(open!= 0 && closed/open == 0) show_closed = true; ! else if(open == 0 && closed <= MAX_CLOSED) show_closed = true; ! ! if(strcmp(hostname.c_str(), reversed_hostname.c_str())) ! *out << "Interesting ports on " << reversed_hostname << " (" << hostname << "):" << iceoutput::endl; ! else ! *out << "Interesting ports on " << hostname << ":" << iceoutput::endl; ! ! ! Bzero(output_buf, 255); ! if(filtered > 0){ ! if(show_closed){ ! sprintf(output_buf, "Not shown: %d filtered ports.", filtered); ! }else{ ! sprintf(output_buf, "Not shown: %d filtered && %d closed ports.", filtered, closed); ! } ! out->line(output_buf); ! }else{ ! if(!show_closed){ ! sprintf(output_buf, "Not shown: %d closed ports.", closed); ! out->line(output_buf); ! } ! } ! ! out->line("PORT STATE SERVICE"); ! #ifndef __CYGWIN__ ! std::sort(subtarget_ports.begin(), subtarget_ports.end(), sort_sp); ! #endif ! int j = 0; ! ! for(j = 0; j < subtarget_ports.size(); j++){ ! Bzero(output_buf, 255); ! if(subtarget_ports[j].status == PORT_OPEN){ ! sprintf(output_buf, "%5d/tcp open %s", subtarget_ports[j].port_number, par->isnd->get_tcp_service(subtarget_ports[j].port_number).c_str()); ! out->line(output_buf); ! }else if(subtarget_ports[j].status == PORT_OPEN_FILTERED){ ! sprintf(output_buf, "%5d/tcp o|f %s", subtarget_ports[j].port_number, par->isnd->get_tcp_service(subtarget_ports[j].port_number).c_str()); ! out->line(output_buf); ! }else if(subtarget_ports[j].status == PORT_UNFILTERED){ ! sprintf(output_buf, "%5d/tcp unfilt %s", subtarget_ports[j].port_number, par->isnd->get_tcp_service(subtarget_ports[j].port_number).c_str()); ! out->line(output_buf); ! }else if(subtarget_ports[j].status == PORT_CLOSED && show_closed){ ! sprintf(output_buf, "%5d/tcp closed %s", subtarget_ports[j].port_number, par->isnd->get_tcp_service(subtarget_ports[j].port_number).c_str()); ! out->line(output_buf); ! } ! } ! } - public: - ~csubtarget(){ - //DBGOUTPUT("Entering destructor..."); - free(scan_sockets); - subtarget_ports.clear(); - //DBGOUTPUT("Leaving destructor..."); - } }; --- 84,120 ---- int sockets_size; ! void init_scan_sockets(); + enum port_status get_no_response_status(); ! int get_first_free_socket(); ! void init_scanning_ports(icestring hostname, iceparams *par, int domain, std::map <int, scanning_port> &scanning_ports); ! int initiate_connect(std::map <int, scanning_port> &scanning_ports); ! int get_max_fd(); ! /* This function implements any type of raw tcp scan, ! * e.g. ACK, FIN and etc. ! */ ! void raw_tcp_scan(icestring scan_type); ! int recieve_tcp_raw(pcap_t* p, crawsocket &rawsend, icestring &source, struct sockaddr_in &saddress, std::map <int, scanning_port> &scanning_ports, int MAGIC_PORT, int timeout, int packets); ! void shutdown_scansocket(int j); ! ! int get_first_idle_scanning_port(std::map <int, scanning_port> &scanning_ports); ! void idle_status_dispatcher(std::map <int, scanning_port> &scanning_ports, int prt); // return true if scanning_ports are empty bool do_select_round_connect(std::map <int, scanning_port> &scanning_ports, ! std::vector<scanned_port> &subtarget_ports); ! void show_ports(); ! void csubtarget::print_port_status(int port, enum port_status ps, char* protocol); }; --- NEW FILE: csubtarget.cc --- #include "csubtarget.h" //#include "udpscan.h" bool sort_sp(const scanned_port &p1, const scanned_port &p2){ return p1.port_number < p2.port_number; } csubtarget::csubtarget(icestring hostname, icestring reverse_hostname, iceparams *par, iceoutput *out){ struct scanned_port sp; subtarget_ports.push_back(sp); this->hostname.assign(hostname); this->reversed_hostname.assign(reverse_hostname); this->par = par; this->out = out; discovered = false; init_scan_sockets(); source_ip = get_source_ip(hostname, source_iface); } bool csubtarget::discover(){ struct timeb tp1, tp2; ftime(&tp1); discovered = host_discover(hostname.c_str(), par, out); ftime(&tp2); if(par->verbose) *out << "Discovery taken " << timeb_diff(tp1, tp2) << " seconds.\n"; return discovered; } void csubtarget::scan(){ if(par->scan_type == TCP_CONNECT_SCAN) connect_scan(); if(par->scan_type == NBT_SCAN) nbt_scan(); if(par->scan_type == PROT_SCAN) prot_scan(); if(par->scan_type == FIN_SCAN) raw_tcp_scan("FIN"); if(par->scan_type == NULL_SCAN) raw_tcp_scan("NULL"); if(par->scan_type == XMAS_SCAN) raw_tcp_scan("XMAS"); if(par->scan_type == WINDOW_SCAN) raw_tcp_scan("window"); if(par->scan_type == ACK_SCAN) raw_tcp_scan("ACK"); if(par->scan_type == SYN_SCAN) raw_tcp_scan("SYN"); if(par->scan_type == UDP_SCAN) udp_scan(); } void csubtarget::mac_discover(){ #ifndef __CYGWIN__ icestring mac = get_arp_from_cache(hostname); if(mac != ""){ char Mac[24], vmac[7]; strcpy(Mac, mac.c_str()); vmac[0] = Mac[0]; vmac[1] = Mac[1]; vmac[2] = Mac[3]; vmac[3] = Mac[4]; vmac[4] = Mac[6]; vmac[5] = Mac[7]; vmac[6] = '\0'; icestring Vmac(vmac); *out << "MAC Address: " << mac << " (" << par->ismd->get_vendor(vmac) << ")" << "\n"; } #endif } int csubtarget::prot_scan(){ // cprotocol_scan cps(par, out); // cps.test(hostname.c_str()); return 0; } int csubtarget::nbt_scan(){ // NetBIOS scan, -SB char output_buf[255]; if(par->verbose>0){ sprintf(output_buf, "Starting NetBIOS scan against %s...", hostname.c_str()); out->line(output_buf); } cnbtwrapper wrap(par); wrap.test(hostname.c_str(), 137); if(par->verbose>0){ Bzero(output_buf, 255); sprintf(output_buf, "NetBIOS scan finished.", hostname.c_str()); out->line(output_buf); } return 0; } int csubtarget::udp_scan(){ //udp scan, -SU char output_buf[255]; char local_hostname[80]; icestring local_hn; std::map <int, scanning_port> scanning_ports; init_scanning_ports(hostname, par, (int) SOCK_DGRAM, scanning_ports); if(par->verbose>0){ sprintf(output_buf, "Starting UDP scan against %s...", hostname.c_str()); out->line(output_buf); } udpscan(hostname, scanning_ports, par, out, this, true); show_ports(); if(par->verbose>0) out->line("UDP scan finished."); scanning_ports.clear(); return 0; } int csubtarget::connect_scan(){ // connect scan, -ST char output_buf[255]; domain = (int) SOCK_STREAM; std::map <int, scanning_port> scanning_ports; init_scanning_ports(hostname, par, (int) SOCK_STREAM, scanning_ports); if(par->verbose>0){ sprintf(output_buf, "Starting tcp connect() scan against %s...", hostname.c_str()); out->line(output_buf); } int j = initiate_connect(scanning_ports); while( ! do_select_round_connect(scanning_ports, subtarget_ports) ) iceusleep(1000); show_ports(); if(par->verbose>0) out->line("Connect() scan finished."); scanning_ports.clear(); return 0; } void csubtarget::set_port_status(int port, enum port_status status, char* protocol){ struct scanned_port sp; sp.port_number = port; sp.status = status; subtarget_ports.push_back(sp); print_port_status(sp.port_number, status, protocol); } void csubtarget::init_scan_sockets(){ sockets_size = ICE_FD_SETSIZE*2/3; scan_sockets = (struct scan_socket *) malloc(sizeof(scan_socket) * (sockets_size+1)); for(int i = 0; i < sockets_size; i++){ scan_sockets[i].busy = false; scan_sockets[i].sid = -1; } free_sockets = sockets_size; } enum port_status csubtarget::get_no_response_status(){ switch(par->scan_type){ case FIN_SCAN: case NULL_SCAN: case XMAS_SCAN: return PORT_OPEN_FILTERED; break; case WINDOW_SCAN: case ACK_SCAN: case SYN_SCAN: return PORT_FILTERED; break; } } int csubtarget::get_first_free_socket(){ int f; for(f = 0; f < sockets_size; f++) if(!scan_sockets[f].busy && scan_sockets[f].sid < 0) return f; return -1; } void csubtarget::init_scanning_ports(icestring hostname, iceparams *par, int domain, std::map <int, scanning_port> &scanning_ports){ for(int j = 0; j<par->ports.size(); j++){ port_range pr = par->ports[j]; for(int i = pr.lower_port; i <= pr.upper_port; i++){ if(scanning_ports.find(i) == scanning_ports.end()){ struct scanning_port sp; sp.port_number = i; scanning_ports[i] = sp; scanning_ports[i].attempt = 0; scanning_ports[i].done = false; } } } if(domain == SOCK_RAW) return; std::map <int, scanning_port>::iterator i; int j; for(i = scanning_ports.begin(), j = 0; i!= scanning_ports.end(); ++i, j++){ if(j < sockets_size){ csocket c(AF_INET, domain); scan_sockets[j].domain = domain; scan_sockets[j].sid = c.get_socketid(); maxfd = scan_sockets[j].sid; scan_sockets[j].busy = true; (*i).second.socket_ptr = j; free_sockets--; }else{ (*i).second.socket_ptr = -1; } } } int csubtarget::initiate_connect(std::map <int, scanning_port> &scanning_ports){ std::map <int, scanning_port>::iterator i; FD_ZERO(&fd_r); FD_ZERO(&fd_w); FD_ZERO(&fd_x); int j; for(i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ //check FD_SET //DBGOUTPUT((*i).first); if((*i).second.socket_ptr != -1){ //DBGOUTPUT("!!!!!"); j = (*i).second.socket_ptr; csocket c(AF_INET, scan_sockets[j].domain, scan_sockets[j].sid); c.nonblock(true); FD_SET(scan_sockets[j].sid, &fd_w); FD_SET(scan_sockets[j].sid, &fd_r); FD_SET(scan_sockets[j].sid, &fd_x); (*i).second.time = time(0); int rc = c.connect(hostname.c_str(), (*i).first, 0); } } return j; } int csubtarget::get_max_fd(){ int max = -1; for(int f = 0; f < sockets_size; f++) if(scan_sockets[f].sid > max) max = scan_sockets[f].sid; return max; } /* This function implements any type of raw tcp scan, * e.g. ACK, FIN and etc. */ void csubtarget::raw_tcp_scan(icestring scan_type){ std::map <int, scanning_port> scanning_ports; struct sockaddr_in saddress; int len; int MAGIC_PORT = csocket::getMagicPort(SOCK_DGRAM, 100); if(par->verbose > 0) *out << "Starting TCP " << scan_type << " scan against " << hostname.c_str() << "...\n"; #if (__CYGWIN__) if(!par->forceuid){ #else if(getuid() && (par->forceuid != true)){ #endif out->line("UID isn't 0, so can't create raw socket/load pcap => no RAW tcp scan..."); return; } pcap_t* p; if(par->source_iface) p = init_pcap(par->source_iface); else p = init_pcap(getdev_pcap(source_iface)); if(p == NULL){ out->line("Can't open pcap: no raw tcp scan. Exitting."); return; } len = make_sockname(saddress, hostname.c_str(), 0, domain); icestring source(source_ip); init_scanning_ports(hostname, par, (int) SOCK_RAW, scanning_ports); crawsocket rawsend(AF_INET, (int) SOCK_RAW, IPPROTO_RAW); int one = 1; #ifdef WIN32 const BOOL val = TRUE; #else const int val = 1; #endif if (setsockopt (rawsend.get_socketid(), IPPROTO_IP, IP_HDRINCL, (char *) &val, sizeof (one)) != 0) perror("Setsockopt HDRINCL:"); int l = scanning_ports.size()/MAX_PACKETS; if(scanning_ports.size() % MAX_PACKETS != 0) l++; char filter_exp[256]; sprintf(filter_exp, "port %d host %s tcp", MAGIC_PORT, hostname.c_str()); pcap_filter(p, filter_exp); pcap_block(p, false); int maxat; int covar = 10000; int attempts = 0; while(attempts++ < 5){ int j = 0; while(j < l){ std::map <int, scanning_port>::iterator i = scanning_ports.begin(); maxat = 0; for(int k=0; k < MAX_PACKETS*j; k++) i++; for(int k = j*MAX_PACKETS; (k < (j+1)*MAX_PACKETS) && i!= scanning_ports.end(); ++i, k++){ if(! (*i).second.done ){ switch(par->scan_type){ case FIN_SCAN: rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | par->tcpflags, 0, 0, 0); break; case NULL_SCAN: rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, par->tcpflags, 0, 0, 0); break; case XMAS_SCAN: rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_FIN | TH_URG | TH_PUSH | par->tcpflags, 0, 0, 0); break; case WINDOW_SCAN: case ACK_SCAN: rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_ACK, 0, 0, 0); break; case SYN_SCAN: rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, (*i).first, 0, 0, TH_SYN, 0, 0, 0); break; } gettimeofday(&((*i).second.tv), 0); (*i).second.attempt++; maxat++; recieve_tcp_raw(p, rawsend, source, saddress, scanning_ports, MAGIC_PORT, 10, 0); } } j++; //iceusleep(1000); recieve_tcp_raw(p, rawsend, source, saddress, scanning_ports, MAGIC_PORT, (maxat) * covar + 10000, maxat); //DBGOUTPUT(covar); } } for(std::map <int, scanning_port>::iterator i = scanning_ports.begin(); i!= scanning_ports.end(); ++i){ if(! (*i).second.done){ (*i).second.done = true; set_port_status((*i).first, get_no_response_status(), "tcp"); } } scanning_ports.clear(); show_ports(); if(par->verbose>0) *out << "TCP " << scan_type << " scan finished.\n"; close_pcap(p); } int csubtarget::recieve_tcp_raw(pcap_t* p, crawsocket &rawsend, icestring &source, struct sockaddr_in &saddress, std::map <int, scanning_port> &scanning_ports, int MAGIC_PORT, int timeout, int packets){ int bytes; char *response; struct iphdr *ip; struct tcphdr *tcp; unsigned int len; int maxtimeval = 0; struct timeval tv1, tv2, tv3; gettimeofday(&tv1, 0); bool stop = false; int port; //DBGOUTPUT("!!!!!"); //while( bytes = rawrecv.recvfrom(response, 65535, 0, NULL) > 0){ while(!stop){ response = readip_pcap(p, &len, NULL); port = 0; //DBGOUTPUT("while"); if(response){ //DBGOUTPUT("response"); ip = (struct iphdr *) response; if(ip->saddr == saddress.sin_addr.s_addr && ip->protocol == IPPROTO_TCP){ tcp = (struct tcphdr *) (response + 4 * ip->ihl); if ((tcp->th_flags & TH_RST) && (par->scan_type == FIN_SCAN || par->scan_type == NULL_SCAN || par->scan_type == XMAS_SCAN)) { port = ntohs(tcp->th_sport); if(scanning_ports.find(port) != scanning_ports.end()){ if(!scanning_ports[port].done){ set_port_status(port, PORT_CLOSED, "tcp"); scanning_ports[port].done = true; } } }else if ((tcp->th_flags & TH_RST) && (par->scan_type == WINDOW_SCAN)) { int port = ntohs(tcp->th_sport); if(scanning_ports.find(port) != scanning_ports.end()){ if(!scanning_ports[port].done){ scanning_ports[port].done = true; if(tcp->th_win == 0){ set_port_status(port, PORT_CLOSED, "tcp"); }else{ set_port_status(port, PORT_OPEN, "tcp"); } } } }else if ((tcp->th_flags & TH_RST) && (par->scan_type == ACK_SCAN)) { int port = ntohs(tcp->th_sport); if(scanning_ports.find(port) != scanning_ports.end()){ if(!scanning_ports[port].done){ set_port_status(port, PORT_UNFILTERED, "tcp"); scanning_ports[port].done = true; } } }else if ((tcp->th_flags & TH_RST) && (par->scan_type == SYN_SCAN)) { int port = ntohs(tcp->th_sport); if(port != MAGIC_PORT){ if(scanning_ports.find(port) != scanning_ports.end()){ if(!scanning_ports[port].done){ scanning_ports[port].done = true; set_port_status(port, PORT_CLOSED, "tcp"); } } } }else if ((tcp->th_flags & (TH_ACK|TH_SYN)) && (par->scan_type == SYN_SCAN)) { int port = ntohs(tcp->th_sport); if(port != MAGIC_PORT){ if(scanning_ports.find(port) != scanning_ports.end()){ if(!scanning_ports[port].done){ set_port_status(port, PORT_OPEN, "tcp"); rawsend.send_tcp_raw(par->ethernet, source, hostname, MAGIC_PORT, port, 0, 0, TH_RST, 0, 0, 0); scanning_ports[port].done = true; } } } } //bzero(response, 65534); } } gettimeofday(&tv2, 0); if(port){ if(SUB_TIMEVALS(tv2,scanning_ports[port].tv) > maxtimeval) maxtimeval = SUB_TIMEVALS(tv2,scanning_ports[port].tv); } if(SUB_TIMEVALS(tv2,tv1) >= timeout || SUB_TIMEVALS(tv2,tv1) > MAX_RAW_WAIT + packets * 500) stop = true; } return maxtimeval; } void csubtarget::shutdown_scansocket(int j){ csocket c(AF_INET, scan_sockets[j].domain, scan_sockets[j].sid); FD_CLR(c.get_socketid(), &fd_w); FD_CLR(c.get_socketid(), &fd_r); FD_CLR(c.get_socketid(), &fd_x); c.shutdown(); c.close(); free_sockets++; scan_sockets[j].busy = false; scan_sockets[j].sid = -1; } int csubtarget::get_first_idle_scanning_port(std::map <int, scanning_port> &scanning_ports){ std::map <int, scanning_port>::iterator i; //DBGOUTPUT("GFISP"); for(i = --scanning_ports.end(); i!= scanning_ports.begin(); --i){ if((*i).second.socket_ptr == -1 && (! (*i).second.done)) return (*i).first; } return -1; } void csubtarget::idle_status_dispatcher(std::map <int, scanning_port> &scanning_ports, int prt){ if(prt>=0 && free_sockets > 1){ int f = get_first_free_socket(); if(f < 0) return; csocket c(AF_INET, (int) domain); scan_sockets[f].sid = c.get_socketid(); scan_sockets[f].busy = true; scanning_ports[prt].socket_ptr ... [truncated message content] |
