📄 amap-lib.c
字号:
ids->id = amap_strdup(id);}// AMAP_LOOKUP_TRIGGERPTR //int amap_lookup_triggerptr(amap_struct_triggerptr *triggerptr, char *id) { while (triggerptr != NULL) { if (strcmp(triggerptr->trigger, id) == 0) return 1; triggerptr = (amap_struct_triggerptr*) triggerptr->next; } return 0;}// AMAP_READ_RESPONSES //void amap_read_responses(amap_struct_coms *coms, amap_struct_responses *responses, amap_struct_scaninfo *scaninfo, amap_struct_options *opt) { amap_struct_responses *response; unsigned char buf[AMAP_BUFSIZE]; time_t t; int len = 1; int i; int ii; int found; int offsets[16]; char banner[256]; char info[AMAP_MAX_ID_LENGTH + 16]; // for every active connection we check for responses if (opt->verbose > 3) printf("DEBUG: entering amap_read_responses\n"); for (i = 0; i < scaninfo->tasks; i++) { if (len > 0) memset(buf, 0, sizeof(buf)); errno = 0; found = 0; if (coms[i].active == AMAP_CONNECT_ACTIVE && coms[i].socket != -1) { if (coms[i].ssl_enabled) {#ifdef OPENSSL if (SSL_pending(coms[i].ssl_socket) > 0) len = SSL_read(coms[i].ssl_socket, buf, sizeof(buf)); else len = 0;#endif } else { len = recv(coms[i].socket, buf, sizeof(buf), 0); } if (len < 0 && opt->portscanner && errno != 0) { if (errno == ECONNREFUSED) { if (coms[i].port->skip < 1 && opt->verbose && opt->quiet == 0) amap_warn("Could not connect to %s:%d/%s, disabling port", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp"); coms[i].port->skip = 2; shutdown(coms[i].socket, SHUT_RDWR); close(coms[i].socket); memset(&coms[i], 0, sizeof(amap_struct_coms)); scaninfo->running--; } } // oh yeah, we received data! if (len > 0 && opt->banner_only) { printf("Banner on %s:%d/%s : %s\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", amap_printable_banner_string((char *)buf, len, banner, sizeof(banner))); if (opt->logfile != NULL) { if (opt->machine_readable) { fprintf(opt->logfile, "%s:%d:%s:%s::%s:%s:", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", amap_skip_translate(coms[i].port->skip), AMAP_UFO, amap_printable_banner_string((char *)buf, len, banner, sizeof(banner))); amap_banner_string(opt->logfile, buf, len); fprintf(opt->logfile, "\n"); } else fprintf(opt->logfile, "Banner on %s:%d/%s : %s\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", amap_printable_banner_string((char *)buf, len, banner, sizeof(banner))); } coms[i].port->skip = 1;#ifdef OPENSSL if (coms[i].ssl_enabled) SSL_shutdown(coms[i].ssl_socket);#endif shutdown(coms[i].socket, SHUT_RDWR); close(coms[i].socket); memset(&coms[i], 0, sizeof(amap_struct_coms)); scaninfo->running--; } if (len > 0 && opt->banner_only == 0 && opt->portscanner == 0) { coms[i].response_length = len; memcpy(coms[i].response, buf, len); if (scaninfo->scanmode != AMAP_SCANMODE_RPC) { found = 0; response = (amap_struct_responses*) responses; // match the received data to our response database/* when is a response matched? - when option one_is_enough (-1) is enabled and no other response matched so far - if the min/max values of the response length are in range that of the response id - if the ip protocol is matching that of the response id - if the id is not already identified (no doubles) - if the trigger is matching the trigger definition in the response id - if the regex matches the response */ while (response != NULL) { if ((opt->one_is_enough == 0 || found == 0) && amap_lookup_id(coms[i].port->ids, "echo") == 0) { if (len >= response->min_length && len <= response->max_length && (response->ip_prot == AMAP_PROTO_BOTH || response->ip_prot == coms[i].port->ip_prot) && amap_lookup_id(coms[i].port->ids, response->id) == 0 && (response->triggerptr == NULL || amap_lookup_triggerptr(response->triggerptr, coms[i].trigger->id) == 1)) { if (pcre_exec(response->pattern, response->hints, (char *)buf, len, 0, 0, offsets, sizeof(offsets)) >= 0) { found++; amap_add_id(coms[i].port, response->id); if (strcmp(response->id, "ssl") == 0 || strncmp(response->id, "ssl-", 4) == 0) coms[i].port->ssl = 1; if (strcmp(response->id, "rpc") == 0 || strncmp(response->id, "rpc-", 4) == 0) coms[i].port->rpc = 1; if (opt->verbose) snprintf(info, sizeof(info), "(by trigger %s) ", coms[i].trigger->id); else info[0] = 0; if (opt->logfile != NULL) { if (opt->machine_readable) { fprintf(opt->logfile, "%s:%d:%s:%s:%s:%s:%s:", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", amap_skip_translate(coms[i].port->skip), coms[i].ssl_enabled ? "SSL" : "", response->id, amap_printable_banner_string((char *)coms[i].response, coms[i].response_length, banner, sizeof(banner))); amap_banner_string(opt->logfile, coms[i].response, coms[i].response_length); fprintf(opt->logfile, "\n"); } else { fprintf(opt->logfile, "Protocol on %s:%d/%s%s%smatches %s", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].ssl_enabled ? " over SSL " : " ", info, response->id); if (opt->banner) fprintf(opt->logfile, " - banner: %s\n", amap_printable_banner_string((char *)coms[i].response, coms[i].response_length, banner, sizeof(banner))); else fprintf(opt->logfile, "\n"); if (opt->dump_all) { snprintf(info, sizeof(info), "(by trigger %s)", coms[i].trigger->id); fprintf(opt->logfile, "Identified response from %s:%d/%s%s%s:\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].ssl_enabled ? " over SSL " : " ", info); amap_dump_string(opt->logfile, coms[i].response, coms[i].response_length, 16); } } } printf("Protocol on %s:%d/%s%s%smatches %s", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].ssl_enabled ? " over SSL " : " ", info, response->id); if (opt->banner) printf(" - banner: %s\n", amap_printable_banner_string((char *)coms[i].response, coms[i].response_length, banner, sizeof(banner))); else printf("\n"); if (opt->dump_all) { snprintf(info, sizeof(info), "(by trigger %s)", coms[i].trigger->id); printf("Dump of identified response from %s:%d/%s%s%s:\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].ssl_enabled ? " over SSL " : " ", info); amap_dump_string(stdout, coms[i].response, coms[i].response_length, 16); } } } } response = (amap_struct_responses*) response->next; } // if !found then now response matched the received data, report this // opt->dump_all || if (found < 1 && ( (coms[i].port->unknown_response == NULL && coms[i].port->ids == NULL))) { //if (opt->verbose) snprintf(info, sizeof(info), "(by trigger %s) ", coms[i].trigger->id); //else // info[0] = 0; if (opt->logfile != NULL && !opt->machine_readable) { fprintf(opt->logfile, "Unrecognized response from %s:%d/%s%s%sreceived.\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].ssl_enabled ? " over SSL " : " ", info); if (opt->dump_unidentified) { fprintf(opt->logfile, "Please send output + name of the application to %s:\n", AMAP_EMAIL); amap_dump_string(opt->logfile, coms[i].response, coms[i].response_length, 16); } } printf("Unrecognized response from %s:%d/%s%s%sreceived.\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].ssl_enabled ? " over SSL " : " ", info); if (opt->dump_unidentified) { printf("Please send this output and the name of the application to %s:\n", AMAP_EMAIL); amap_dump_string(stdout, coms[i].response, coms[i].response_length, 16); } coms[i].port->unknown_response = (unsigned char *)amap_memdup((char *)coms[i].response, coms[i].response_length); coms[i].port->unknown_response_length = coms[i].response_length; } // now shutdown the connection#ifdef OPENSSL if (coms[i].ssl_enabled) SSL_shutdown(coms[i].ssl_socket);#endif shutdown(coms[i].socket, SHUT_RDWR); close(coms[i].socket); memset(&coms[i], 0, sizeof(amap_struct_coms)); scaninfo->running--; } else { // RPC response handling - dont tear it down, we will reuse it if (coms[i].response_length == 32 || coms[i].response_length == 36) { strcpy(banner, "rpc-"); strcat(banner, coms[i].trigger->id); strcat(banner, "-v"); ii = strlen(banner); banner[ii] = (char) coms[i].response[coms[i].response_length - 1] + 48; banner[ii+1] = 0; amap_add_id(coms[i].port, banner); if (opt->logfile != NULL) { if (opt->machine_readable) { fprintf(opt->logfile, "%s:%d:%s:%s:%s:%s:%s:", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", amap_skip_translate(coms[i].port->skip), coms[i].ssl_enabled ? "SSL" : "", coms[i].port->ids->id, amap_printable_banner_string((char *)coms[i].response, coms[i].response_length, banner, sizeof(banner))); amap_banner_string(opt->logfile, coms[i].response, coms[i].response_length); fprintf(opt->logfile, "\n"); } else fprintf(opt->logfile, "Protocol on %s:%d/%s%smatches %s\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].ssl_enabled ? " over SSL " : " ", coms[i].port->ids->id); } printf("Protocol on %s:%d/%s%smatches %s\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].ssl_enabled ? " over SSL " : " ", coms[i].port->ids->id); coms[i].port->skip = 1;#ifdef OPENSSL if (coms[i].ssl_enabled) SSL_shutdown(coms[i].ssl_socket);#endif shutdown(coms[i].socket, SHUT_RDWR); close(coms[i].socket); memset(&coms[i], 0, sizeof(amap_struct_coms)); scaninfo->running--; } else { coms[i].active = AMAP_CONNECT_REUSABLE; if (opt->verbose > 2) printf("DEBUG: response from socket %d, length %d\n", coms[i].socket, coms[i].response_length); } } } else { if (opt->portscanner == 0) { // hmm no response yet - but maybe its udp and it reported "port closed" via ICMP? if (errno == ECONNREFUSED) { if (coms[i].port->skip < 1 && (opt->portscanner == 0 || opt->verbose) && opt->quiet == 0) amap_warn("Could not connect to %s:%d/%s, disabling port", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp"); coms[i].port->skip = 2; shutdown(coms[i].socket, SHUT_RDWR); close(coms[i].socket); memset(&coms[i], 0, sizeof(amap_struct_coms)); scaninfo->running--; } else { // and finally: shutdown the port after connection lifetime reaches the defined timeout t = time(NULL); if ((t - coms[i].timer) > opt->timeout_response) {#ifdef OPENSSL if (coms[i].ssl_enabled) SSL_shutdown(coms[i].ssl_socket);#endif shutdown(coms[i].socket, SHUT_RDWR); close(coms[i].socket); memset(&coms[i], 0, sizeof(amap_struct_coms)); scaninfo->running--; } } } else { // portscan mode, and port is still active (no ICMP unreachable or RST received) if (coms[i].active == AMAP_CONNECT_ACTIVE) { // has the timer become old? t = time(NULL); if ((t - coms[i].timer) > opt->timeout_response) { shutdown(coms[i].socket, SHUT_RDWR); close(coms[i].socket); coms[i].active = AMAP_CONNECT_RETRY; // retry connection until -C value. this prevents false positives coms[i].ssl_enabled = 0; scaninfo->running--; } } } } } } if (opt->verbose > 3) printf("DEBUG: leaving amap_read_responses\n");}// AMAP_CHECK_CONNECTS //void amap_check_connects(amap_struct_coms *coms, amap_struct_scaninfo *scaninfo, amap_struct_options *opt, char *rpc_ptr) { struct timeval tv; fd_set rfd, wfd; int i; int ii; int res; int error; socklen_t error_len = sizeof(error); socklen_t sock_len = sizeof(struct sockaddr); int maxfd = -1; char *ptr; long int *j; time_t t;#ifdef OPENSSL int err; SSL *ssl; SSL_CTX *sslContext;#endif tv.tv_sec = 0; tv.tv_usec = 0; if (opt->verbose > 3) printf("DEBUG: entering amap_check_connects\n"); // #1 : check for finished connects/**/// variant 1 FD_ZERO(&rfd); for (i = 0; i < scaninfo->tasks; i++) if (coms[i].active == AMAP_CONNECT_INPROGRESS) { FD_SET(coms[i].socket, &rfd); if (coms[i].socket > maxfd) maxfd = coms[i].socket; } wfd = rfd; if ((res = select(maxfd + 1, &rfd, &wfd, NULL, &tv)) > 0) { // something happened with the socket for (i = 0; i < scaninfo->tasks; i++) if (FD_ISSET(coms[i].socket, &rfd) || FD_ISSET(coms[i].socket, &wfd)) { // somethings here ... error = 0; if (getsockopt(coms[i].socket, SOL_SOCKET, SO_ERROR, &error, (socklen_t *)&error_len) < 0 || error != 0) { if (coms[i].port->skip < 1 && (opt->portscanner == 0 || opt->verbose) && opt->quiet == 0) amap_warn("Could not connect (unreachable) to %s:%d/%s, disabling port (EUNKN)", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp"); coms[i].port->skip = 2; close(coms[i].socket); memset(&coms[i], 0, sizeof(amap_struct_coms)); scaninfo->running--; } else { if (opt->verbose > 2) printf("DEBUG: socket %d to %s:%d/%s became READY\n", coms[i].socket, coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp"); coms[i].active = AMAP_CONNECT_READY; } // until here } }/**/// variant 2/* for (i = 0; i < scaninfo->tasks; i++) { if (coms[i].active == AMAP_CONNECT_INPROGRESS) { FD_ZERO(&rfd); FD_SET(coms[i].socket, &rfd); wfd = rfd; if ((res = select(coms[i].socket + 1, &rfd, &wfd, NULL, &tv)) > 0) { // something happened with the socket // somethings here ...//... copy from above ... error = 0; if (getsockopt(coms[i].socket, SOL_SOCKET, SO_ERROR, &error, &error_len) < 0 || error != 0) { if (coms[i].port->skip < 1 && (opt->portscanner == 0 || opt->verbose) && opt->quiet == 0) amap_warn("Could not connect (unreachable) to %s:%d/%s, disabling port", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp"); coms[i].port->skip = 2; close(coms[i].socket); memset(&coms[i], 0, sizeof(amap_struct_coms)); scaninfo->running--; } else { if (opt->verbose > 2) printf("DEBUG: socket %d to %s:%d/%s became READY\n", coms[i].socket, coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp"); coms[i].active = AMAP_CONNECT_READY; }//... delete until here } } }*/ // #2 : check timeouts on inprogress connects t = time(NULL);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -