targets.cc
来自「Ubuntu packages of security software。 相」· CC 代码 · 共 1,812 行 · 第 1/5 页
CC
1,812 行
} } return 0;}static int sendpingqueries(int sd, int rawsd, eth_t *ethsd, Target *target, u16 seq, unsigned short id, struct scanstats *ss, struct timeval *time, int pingtype, struct pingtech ptech) { if (pingtype & PINGTYPE_ICMP_PING) { if (o.scan_delay) enforce_scan_delay(NULL); sendpingquery(sd, rawsd, ethsd, target, seq, id, ss, time, PINGTYPE_ICMP_PING, ptech); } if (pingtype & PINGTYPE_ICMP_MASK) { if (o.scan_delay) enforce_scan_delay(NULL); sendpingquery(sd, rawsd, ethsd, target, seq, id, ss, time, PINGTYPE_ICMP_MASK, ptech); } if (pingtype & PINGTYPE_ICMP_TS) { if (o.scan_delay) enforce_scan_delay(NULL); sendpingquery(sd, rawsd, ethsd, target, seq, id, ss, time, PINGTYPE_ICMP_TS, ptech); } return 0;}static int get_connecttcpscan_results(struct tcpqueryinfo *tqi, Target *hostbatch[], struct timeval *time, struct pingtune *pt, struct timeout_info *to) {int res, res2;int tm;struct timeval myto, start, end;int hostindex;int trynum, newstate = HOST_DOWN;int seq;int p;char buf[256];int foundsomething = 0;fd_set myfds_r,myfds_w,myfds_x;gettimeofday(&start, NULL); while(pt->block_unaccounted) { /* OK so there is a little fudge factor, SUE ME! */ myto.tv_sec = to->timeout / 1000000; myto.tv_usec = to->timeout % 1000000; foundsomething = 0; myfds_r = tqi->fds_r; myfds_w = tqi->fds_w; myfds_x = tqi->fds_x; res = select(tqi->maxsd + 1, &myfds_r, &myfds_w, &myfds_x, &myto); if (res > 0) { for(hostindex = pt->group_start; hostindex <= pt->group_end; hostindex++) { for(trynum=0; trynum <= pt->block_tries; trynum++) { seq = hostindex * pt->max_tries + trynum; for(p=0; p < o.num_ping_synprobes; p++) { if (tqi->sockets[p][seq] >= 0) { if (o.debugging > 1) { if (FD_ISSET(tqi->sockets[p][seq], &(myfds_r))) { log_write(LOG_STDOUT, "WRITE selected for machine %s\n", hostbatch[hostindex]->targetipstr()); } if ( FD_ISSET(tqi->sockets[p][seq], &myfds_w)) { log_write(LOG_STDOUT, "READ selected for machine %s\n", hostbatch[hostindex]->targetipstr()); } if ( FD_ISSET(tqi->sockets[p][seq], &myfds_x)) { log_write(LOG_STDOUT, "EXC selected for machine %s\n", hostbatch[hostindex]->targetipstr()); } } if (FD_ISSET(tqi->sockets[p][seq], &myfds_r) || FD_ISSET(tqi->sockets[p][seq], &myfds_w) || FD_ISSET(tqi->sockets[p][seq], &myfds_x)) { foundsomething = 0; res2 = recv(tqi->sockets[p][seq], buf, sizeof(buf) - 1, 0); if (res2 == -1) { int sock_err = socket_errno(); switch(sock_err) { case ECONNREFUSED: case EAGAIN:#ifdef WIN32 case WSAENOTCONN:#endif if (sock_err == EAGAIN && o.verbose) { log_write(LOG_STDOUT, "Machine %s MIGHT actually be listening on probe port %d\n", hostbatch[hostindex]->targetipstr(), o.ping_synprobes[p]); } foundsomething = 1; newstate = HOST_UP; break; case ENETDOWN: case ENETUNREACH: case ENETRESET: case ECONNABORTED: case ETIMEDOUT: case EHOSTDOWN: case EHOSTUNREACH: foundsomething = 1; newstate = HOST_DOWN; break; default: snprintf (buf, sizeof(buf), "Strange read error from %s", hostbatch[hostindex]->targetipstr()); fprintf(stderr, "%s: %s\n", buf, strerror(sock_err)); break; } } else { foundsomething = 1; newstate = HOST_UP; if (o.verbose) { log_write(LOG_STDOUT, "Machine %s is actually LISTENING on probe port %d\n", hostbatch[hostindex]->targetipstr(), o.ping_synprobes[p]); } } if (foundsomething) { hostupdate(hostbatch, hostbatch[hostindex], newstate, 1, trynum, to, &time[seq], NULL, pt, tqi, pingstyle_connecttcp); /* break;*/ } } } } } } } gettimeofday(&end, NULL); tm = TIMEVAL_SUBTRACT(end,start); if (tm > (30 * to->timeout)) { error("WARNING: getconnecttcpscanresults is taking way too long, skipping"); break; } if (res == 0 && tm > to->timeout) break; }/* OK, now we have to kill all outstanding queries to make room for the next group :( I'll miss these little guys. */ for(hostindex = pt->group_start; hostindex <= pt->group_end; hostindex++) { for(trynum=0; trynum <= pt->block_tries; trynum++) { seq = hostindex * pt->max_tries + trynum; for(p=0; p < o.num_ping_synprobes; p++) { if ( tqi->sockets[p][seq] >= 0) { tqi->sockets_out--; close(tqi->sockets[p][seq]); tqi->sockets[p][seq] = -1; } } } } tqi->maxsd = 0; assert(tqi->sockets_out == 0); FD_ZERO(&(tqi->fds_r)); FD_ZERO(&(tqi->fds_w)); FD_ZERO(&(tqi->fds_x)); return 0;}/* loads an exclude file into an exclude target list (mdmcl) */TargetGroup* load_exclude(FILE *fExclude, char *szExclude) { int i=0; /* loop counter */ int iLine=0; /* line count */ int iListSz=0; /* size of our exclude target list. * It doubles in size as it gets * close to filling up */ char acBuf[512]; char *p_acBuf; TargetGroup *excludelist; /* list of ptrs to excluded targets */ char *pc; /* the split out exclude expressions */ char b_file = (char)0; /* flag to indicate if we are using a file */ /* If there are no params return now with a NULL list */ if (((FILE *)0 == fExclude) && ((char *)0 == szExclude)) { excludelist=NULL; return excludelist; } if ((FILE *)0 != fExclude) b_file = (char)1; /* Since I don't know of a realloc equiv in C++, we will just count * the number of elements here. */ /* If the input was given to us in a file, count the number of elements * in the file, and reset the file */ if (1 == b_file) { while ((char *)0 != fgets(acBuf,sizeof(acBuf), fExclude)) { if ((char *)0 == strchr(acBuf, '\n')) { fatal("Exclude file line %d was too long to read. Exiting.", iLine); } pc=strtok(acBuf, "\t\n "); while (NULL != pc) { iListSz++; pc=strtok(NULL, "\t\n "); } } rewind(fExclude); } /* If the exclude file was provided via command line, count the elements here */ else { p_acBuf=strdup(szExclude); pc=strtok(p_acBuf, ","); while (NULL != pc) { iListSz++; pc=strtok(NULL, ","); } free(p_acBuf); p_acBuf = NULL; } /* allocate enough TargetGroups to cover our entries, plus one that * remains uninitialized so we know we reached the end */ excludelist = new TargetGroup[iListSz + 1]; /* don't use a for loop since the counter isn't incremented if the * exclude entry isn't parsed */ i=0; if (1 == b_file) { /* If we are parsing a file load the exclude list from that */ while ((char *)0 != fgets(acBuf, sizeof(acBuf), fExclude)) { ++iLine; if ((char *)0 == strchr(acBuf, '\n')) { fatal("Exclude file line %d was too long to read. Exiting.", iLine); } pc=strtok(acBuf, "\t\n "); while ((char *)0 != pc) { if(excludelist[i].parse_expr(pc,o.af()) == 0) { if (o.debugging > 1) fprintf(stderr, "Loaded exclude target of: %s\n", pc); ++i; } pc=strtok(NULL, "\t\n "); } } } else { /* If we are parsing command line, load the exclude file from the string */ p_acBuf=strdup(szExclude); pc=strtok(p_acBuf, ","); while (NULL != pc) { if(excludelist[i].parse_expr(pc,o.af()) == 0) { if (o.debugging >1) fprintf(stderr, "Loaded exclude target of: %s\n", pc); ++i; } /* This is a totally cheezy hack, but since I can't use strtok_r... * If you can think of a better way to do this, feel free to change. * As for now, we will reset strtok each time we leave parse_expr */ { int hack_i; char *hack_c = strdup(szExclude); pc=strtok(hack_c, ","); for (hack_i = 0; hack_i < i; hack_i++) pc=strtok(NULL, ","); free(hack_c); } } } return excludelist;}/* A debug routine to dump some information to stdout. (mdmcl) * Invoked if debugging is set to 3 or higher * I had to make signigicant changes from wam's code. Although wam * displayed much more detail, alot of this is now hidden inside * of the Target Group Object. Rather than writing a bunch of methods * to return private attributes, which would only be used for * debugging, I went for the method below. */int dumpExclude(TargetGroup *exclude_group) { int i=0, debug_save=0, type=TargetGroup::TYPE_NONE; unsigned int mask = 0; struct sockaddr_storage ss; struct sockaddr_in *sin = (struct sockaddr_in *) &ss; size_t slen; /* shut off debugging for now, this is a debug routine in itself, * we don't want to see all the debug messages inside of the object */ debug_save = o.debugging; o.debugging = 0; while ((type = exclude_group[i].get_targets_type()) != TargetGroup::TYPE_NONE) { switch (type) { case TargetGroup::IPV4_NETMASK: exclude_group[i].get_next_host(&ss, &slen); mask = exclude_group[i].get_mask(); fprintf(stderr, "exclude host group %d is %s/%d\n", i, inet_ntoa(sin->sin_addr), mask); break; case TargetGroup::IPV4_RANGES: while (exclude_group[i].get_next_host(&ss, &slen) == 0) fprintf(stderr, "exclude host group %d is %s\n", i, inet_ntoa(sin->sin_addr)); break; case TargetGroup::IPV6_ADDRESS: fatal("IPV6 addresses are not supported in the exclude file\n"); break; default: fatal("Unknown target type in exclude file.\n"); } exclude_group[i++].rewind(); } /* return debugging to what it was */ o.debugging = debug_save; return 1;} static void massping(Target *hostbatch[], int num_hosts, struct scan_lists *ports, int pingtype) { static struct timeout_info to = {0,0,0}; static double gsize = (double) LOOKAHEAD; int hostnum; struct pingtune pt; struct scanstats ss; struct timeval begin_select; struct pingtech ptech; struct tcpqueryinfo tqi; int max_block_size = 70; struct ppkt { unsigned char type; unsigned char code; unsigned short checksum; unsigned short id; unsigned short seq; }; int elapsed_time; int blockinc; int probes_per_host = 0; /* Number of probes done for each host (eg ping packet plus two TCP ports would be 3) */ int sd_blocking = 1; struct sockaddr_in sock; u16 seq = 0; int sd = -1, rawsd = -1, rawpingsd = -1; eth_t *ethsd = NULL; struct timeval *time; struct timeval start, end; unsigned short id; pcap_t *pd = NULL; char filter[512]; unsigned short sportbase; int max_sockets = 0; int p; int group_start, group_end, direction; /* For going forward or backward through grouplen */ memset((char *)&ptech, 0, sizeof(ptech)); memset((char *) &pt, 0, sizeof(pt)); pt.up_this_block = 0; pt.block_unaccounted = LOOKAHEAD; pt.down_this_block = 0; pt.num_responses = 0; pt.max_tries = 5; /* Maximum number of tries for a block */ pt.group_start = 0; pt.block_tries = 0; /* How many tries this block has gone through */⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?