amap-lib.c

Ubuntu packages of security software。 相当不错的源码

  for (i = 0; i < scaninfo->tasks; i++) {
    if (coms[i].active == AMAP_CONNECT_INPROGRESS) {
      if ((t - coms[i].timer) > opt->timeout_connect + 1) {
        if (opt->verbose > 2) {
#ifdef AF_INET6
          if (opt->ipv6) {
            struct sockaddr_in6 sa;
            int t = sizeof(sa);
            getsockname(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
            printf("DEBUG: socket %d/%d to %s:%d/%s is now RETRY CONNECT\n", coms[i].socket, htons(sa.sin6_port), coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp");
          } else
#endif
          {
            struct sockaddr_in sa;
            int t = sizeof(sa);
            getsockname(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
            printf("DEBUG: socket %d/%d to %s:%d/%s is now RETRY CONNECT\n", coms[i].socket, htons(sa.sin_port), coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp");
          }
        }
        shutdown(coms[i].socket, SHUT_RDWR);
        close(coms[i].socket);
        coms[i].active = AMAP_CONNECT_RETRY;
        coms[i].ssl_enabled = 0;
      }
    }
  }
  
  // #3 : retry connections we have to

  for (i = 0; i < scaninfo->tasks; i++)
    if (coms[i].active == AMAP_CONNECT_RETRY) {
      coms[i].retry++;
      coms[i].timer = time(NULL);
      if (coms[i].retry >= opt->max_connect_retries) {
        if (coms[i].port->skip < 1 && (opt->portscanner == 0 || opt->verbose))
          amap_warn("Could not connect (timeout %d, retries %d) to %s:%d/%s, disabling port", opt->timeout_connect, opt->max_connect_retries, coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp");
        coms[i].port->skip = 3;
        memset(&coms[i], 0, sizeof(amap_struct_coms));
        scaninfo->running--;
      } else {
        errno = 0;
        if (coms[i].port->ip_prot == AMAP_PROTO_TCP)
          while ((coms[i].socket = socket(glob_af_inet, SOCK_STREAM, IPPROTO_TCP)) == 0);
        else
          while ((coms[i].socket = socket(glob_af_inet, SOCK_DGRAM, IPPROTO_UDP)) == 0);
        if (coms[i].socket < 0)
          amap_error("socket creation failed");
        res = 1;
        setsockopt(coms[i].socket, SOL_SOCKET, SO_REUSEADDR, &res, sizeof(res));
        fcntl(coms[i].socket, F_SETFL, O_NONBLOCK);
        if ((res = connect(coms[i].socket, (struct sockaddr *) coms[i].sockaddr, coms[i].sockaddr_len)) >= 0)
          coms[i].active = AMAP_CONNECT_READY;
        else {
          if (errno == EINPROGRESS)
            coms[i].active = AMAP_CONNECT_INPROGRESS;
          else {
            if (coms[i].port->skip < 1 && (opt->portscanner == 0 || opt->verbose) && opt->quiet == 0)
              amap_warn("Could not connect (unreachable) to %s:%d/%s, disabling port", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp");
            coms[i].port->skip = 2;
            close(coms[i].socket);
            memset(&coms[i], 0, sizeof(amap_struct_coms));
            scaninfo->running--;
          }
        }
        if (opt->verbose > 2) {
          int dport;
#ifdef AF_INET6
          if (opt->ipv6) {
            struct sockaddr_in6 sa;
            int t = sizeof(sa);
            getpeername(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
            dport = htons(sa.sin6_port);
            getsockname(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
            printf("DEBUG: socket %d/%d->%d to %s:%d/%s became RETRY CONNECT\n", coms[i].socket, htons(sa.sin6_port), dport, coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp");
          } else
#endif
          {
            struct sockaddr_in sa;
            int t = sizeof(sa);
            getpeername(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
            dport = htons(sa.sin_port);
            getsockname(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
            printf("DEBUG: socket %d/%d->%d to %s:%d/%s became RETRY CONNECT\n", coms[i].socket, htons(sa.sin_port), dport, coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp");
          }
        }
      }
    }

  // #4 : if we run in portscan mode, just report READY sockets and terminate connections

  for (i = 0; i < scaninfo->tasks; i++)
    if (coms[i].active == AMAP_CONNECT_READY && opt->portscanner == 1) {
      if (coms[i].port->ip_prot == AMAP_PROTO_TCP) {
        shutdown(coms[i].socket, SHUT_RDWR);
        close(coms[i].socket);
        printf("Port on %s:%d/%s is OPEN\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp");
        if (opt->logfile != NULL) {
          if (opt->machine_readable)
            fprintf(opt->logfile, "%s:%d:%s:open::%s::\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", AMAP_UFO);
          else
            fprintf(opt->logfile, "Port on %s:%d/%s is OPEN\n", coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp");
        }
        coms[i].port->skip = 1;
        memset(&coms[i], 0, sizeof(amap_struct_coms));
        scaninfo->running--;
      } else {
        write(coms[i].socket, coms[i].trigger->trigger, coms[i].trigger->trigger_length);
        coms[i].active = AMAP_CONNECT_ACTIVE;
        coms[i].timer = time(NULL);
      }
    }


  // #5 : check for connections which are active and send the triggers
  
  for (i = 0; i < scaninfo->tasks; i++)
    if (coms[i].active == AMAP_CONNECT_READY) {
      if (opt->banner_only == 0) {
#ifdef OPENSSL
        if (coms[i].port->ssl && scaninfo->scanmode != AMAP_SCANMODE_DEFAULT) {
          if ((sslContext = SSL_CTX_new(SSLv23_method())) == NULL) {
            err = ERR_get_error();
            amap_error("ssl connection preparation failed: ", ERR_error_string(err, NULL));
          }
          SSL_CTX_set_options(sslContext, SSL_OP_ALL);
          (void) SSL_CTX_set_default_verify_paths(sslContext);
          SSL_CTX_set_tmp_rsa_callback(sslContext, amap_ssl_temp_rsa_cb);
          SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL);
          if ((ssl = SSL_new(sslContext)) == NULL)
            amap_error("could not prepare SSL context, you've got severe memory problems here");
          SSL_set_fd(ssl, coms[i].socket);
          fcntl(coms[i].socket, F_SETFL, fcntl(coms[i].socket, F_GETFL) &~ O_NONBLOCK);
          if ((error = SSL_connect(ssl)) < 0) {
            if (opt->verbose > 2)
              printf("SSL connection failed\n");
            shutdown(coms[i].socket, SHUT_RDWR);
            close(coms[i].socket);
            coms[i].active = AMAP_CONNECT_RETRY;
          } else {
            if (opt->verbose > 2)
              printf("SSL connection succeeded\n");
            coms[i].ssl_socket = ssl;
            coms[i].active = AMAP_CONNECT_READY;
            coms[i].ssl_enabled = 1;
          }
        }
#endif
        if (coms[i].active == AMAP_CONNECT_READY) {
          if (scaninfo->scanmode != AMAP_SCANMODE_RPC) {
            if (coms[i].ssl_enabled) {
#ifdef OPENSSL
              SSL_write(coms[i].ssl_socket, coms[i].trigger->trigger, coms[i].trigger->trigger_length);
#endif
            } else {
              write(coms[i].socket, coms[i].trigger->trigger, coms[i].trigger->trigger_length);
            }
          } else {
            // here we build the RPC packet and send it off
            memset(rpc_ptr, 0, AMAP_BUFSIZE);
            if (coms[i].port->ip_prot == AMAP_PROTO_TCP) {
              rpc_ptr[0] = 128;
              rpc_ptr[3] = 40;
              ptr = rpc_ptr + 4;
              ii = 44;
            } else {
              ptr = rpc_ptr;
              ii = 40;
            }
            j = (long int*) ptr;
            *j = htonl(strtol(coms[i].trigger->trigger, (char **) NULL, 10));
            j = (long int *) (ptr + 12);
            ptr[11] = 2;
            *j = htonl(strtol(coms[i].trigger->trigger, (char **) NULL, 10));
            ptr[17] = 7;
            ptr[18] = 120;
            ptr[19] = 74;
            if (coms[i].ssl_enabled) {
#ifdef OPENSSL
              SSL_write(coms[i].ssl_socket, rpc_ptr, ii);
#endif
            } else {
              write(coms[i].socket, rpc_ptr, ii);
            }
          }
          if (opt->verbose > 2) {
            int dport;
#ifdef AF_INET6
            if (opt->ipv6) {
              struct sockaddr_in6 sa;
              int t = sizeof(sa);
              getpeername(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
              dport = htons(sa.sin6_port);
              getsockname(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
              printf("DEBUG: socket %d/%d->%d to %s:%d/%s became ACTIVE (trigger %s send)\n", coms[i].socket, ntohs(sa.sin6_port), dport, coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].trigger->id);
            } else
#endif
            {
              struct sockaddr_in sa;
              int t = sizeof(sa);
              getpeername(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
              dport = htons(sa.sin_port);
              getsockname(coms[i].socket, (struct sockaddr*)&sa, (socklen_t *)&t);
              printf("DEBUG: socket %d/%d->%d to %s:%d/%s became ACTIVE (trigger %s send)\n", coms[i].socket, ntohs(sa.sin_port), dport, coms[i].target->target, coms[i].port->port, coms[i].port->ip_prot == AMAP_PROTO_TCP ? "tcp" : "udp", coms[i].trigger->id);
            }
          }
          coms[i].active = AMAP_CONNECT_ACTIVE;
          coms[i].timer = time(NULL);
        }
      } else {
        if (coms[i].port->ip_prot == AMAP_PROTO_UDP)
          write(coms[i].socket, coms[i].trigger->trigger, coms[i].trigger->trigger_length);
        coms[i].active = AMAP_CONNECT_ACTIVE;
        coms[i].timer = time(NULL);
      }
    }      

  if (opt->verbose > 3)
    printf("DEBUG: leaving amap_check_connects\n");
}


// AMAP_SCAN //
int amap_scan(int scanmode, amap_struct_targets *targets, amap_struct_triggers *triggers, amap_struct_responses *responses, amap_struct_options *opt) {
  amap_struct_triggers *trigger;
  amap_struct_targets *target = (amap_struct_targets*) targets;
  amap_struct_ports *port;
  amap_struct_identifications *ids;
  amap_struct_identifications *ids_save;
  amap_struct_coms coms[AMAP_MAX_TASKS];
  amap_struct_scaninfo scaninfo;
//  struct sockaddr_in target_in;
//  struct in_addr target_addr;
  char *rpc_ptr = NULL;
  int todo = 0;
  int ready_for_next;
  int i;
  int ii;
  int s;
  int ret;

  memset(coms, 0, sizeof(coms));
  scaninfo.scanmode = scanmode;
  scaninfo.tasks = opt->tasks;
  scaninfo.running = 0;

  // count ports to identify
  while (target != NULL) {
    port = (amap_struct_ports*) target->ports;
    while (port != NULL) {
      if (port->skip == 4)
        port->skip = 0;
      if (port->skip == 0
#ifndef OPENSSL
          && (port->ssl == 0 || scanmode == AMAP_SCANMODE_DEFAULT)
#endif
          && (scanmode == AMAP_SCANMODE_DEFAULT || (scanmode == AMAP_SCANMODE_SSL && port->ssl) || (scanmode == AMAP_SCANMODE_RPC && port->rpc))) {
        if (opt->portscanner || opt->banner_only)
          todo++;
        else {
          trigger = (amap_struct_triggers*) triggers;
          while (trigger != NULL) {
            if ((trigger->ip_prot == AMAP_PROTO_BOTH || trigger->ip_prot == port->ip_prot)
                && (trigger->harmful == 0 || opt->harmful == 1))
              todo++;
            trigger = (amap_struct_triggers*) trigger->next;
          }
        }
        if (scanmode != AMAP_SCANMODE_DEFAULT) {
          if (port->ids != NULL) {
            while (port->ids->next != NULL) {
              ids = port->ids;
              while (ids->next != NULL) {
                ids_save = ids;
                ids = (amap_struct_identifications*) ids->next;
              }
              free(ids);
              ids_save->next = NULL;
            }
            free(port->ids);
            port->ids = NULL;
          }
        }
      }
      port = (amap_struct_ports*) port->next;
    }
    target = (amap_struct_targets*) target->next;
  }
  if (todo == 0)
    return todo;
  if (todo < scaninfo.tasks)
    scaninfo.tasks = todo;

  if (opt->verbose) {
    printf("Total amount of tasks to perform in ");
    switch(scanmode) {
      case AMAP_SCANMODE_DEFAULT: printf("plain"); break;
      case AMAP_SCANMODE_SSL: printf("SSL"); break;
      case AMAP_SCANMODE_RPC: printf("RPC"); break;
      default: amap_error("unknown scanmode - memory must be corrupted");
    }
    printf(" connect mode: %d\n", todo);
  }

  // prepare RPC mode stuff
  if (scanmode == AMAP_SCANMODE_RPC) {
    opt->one_is_enough = 1;
    if ((rpc_ptr = malloc(AMAP_BUFSIZE)) == NULL)
      amap_error("malloc failed");
  }

  // prepare SSL mode stuff
  if (scanmode == AMAP_SCANMODE_SSL) {
#ifndef OPENSSL
    amap_warn("amap is not compiled with SSL support, probing SSL ports not possible");
    return 0;
#else
    SSL_load_error_strings();
    SSLeay_add_ssl_algorithms();
#endif
  }

  // resetting main value and then lets go!
  trigger = (amap_struct_triggers*) triggers;

  // here the scanning really starts
  while (trigger != NULL || opt->portscanner == 1) {
    target = (amap_struct_targets*) targets;
    if (strcmp(target->target, "0.0.0.0") != 0 && (opt->harmful == 1 || trigger->harmful == 0))
      while (target != NULL) {
        port = (amap_struct_ports*) target->ports;
        while (port != NULL) {
//printf("probing port: %d/%d skip:%d id:%s    trigger: %s/%d\n",port->port,port->ip_prot,port->skip,port->ids == NULL ? "(null)" : port->ids,trigger->id == NULL ? "(null)" : port->ids->id,trigger->id,trigger->ip_prot);
          if (port->skip == 0 && (opt->one_is_enough == 0 || port->ids == NULL)
#ifndef OPENSSL
              && (port->ssl == 0 || scanmode != AMAP_SCANMODE_RPC)
#endif
              && (
                  (opt->portscanner || opt->banner_only) ||
                  ( (trigger->ip_prot == AMAP_PROTO_BOTH || trigger->ip_pro