📄 output.cc
字号:
Tbl = new NmapOutputTable( numroutes+1, 3 ); Tbl->addItem(0, dstcol, false, "DST/MASK", 8); Tbl->addItem(0, devcol, false, "DEV", 3); Tbl->addItem(0, gwcol, false, "GATEWAY", 7); for(i=0; i < numroutes; i++) { mask_nbo = htonl(routes[i].netmask); addr_mtob(&mask_nbo, sizeof(mask_nbo), &nbits); assert(nbits <= 32); ia.s_addr = routes[i].dest; Tbl->addItemFormatted(i+1, dstcol, false, "%s/%d", inet_ntoa(ia), nbits); Tbl->addItem(i+1, devcol, false, routes[i].device->devfullname); if (routes[i].gw.s_addr != 0) Tbl->addItem(i+1, gwcol, true, inet_ntoa(routes[i].gw)); } log_write(LOG_PLAIN, "**************************ROUTES**************************\n"); log_write(LOG_PLAIN, "%s\n", Tbl->printableTable(NULL)); log_flush_all(); delete Tbl; } return 0;}/* Fills in namebuf (as long as there is space in buflen) with the Name nmap normal output will use to describe the port. This takes into account to confidence level, any SSL tunneling, etc. Truncates namebuf to 0 length if there is no room.*/static void getNmapServiceName(struct serviceDeductions *sd, int state, char *namebuf, int buflen) { char *dst = namebuf; int lenremaining = buflen; int len; if (buflen < 1) return; if (sd->service_tunnel == SERVICE_TUNNEL_SSL) { if (lenremaining < 5) goto overflow; strncpy(dst, "ssl/", lenremaining); dst += 4; lenremaining -= 4; } if (sd->name && (sd->service_tunnel != SERVICE_TUNNEL_SSL || sd->dtype == SERVICE_DETECTION_PROBED)) { if (o.servicescan && state == PORT_OPEN && sd->name_confidence <= 5) len = Snprintf(dst, lenremaining, "%s?", sd->name); else len = Snprintf(dst, lenremaining, "%s", sd->name); } else { len = Snprintf(dst, lenremaining, "%s", "unknown"); } if (len > lenremaining || len < 0) goto overflow; dst += len; lenremaining -= len; if (lenremaining < 1) goto overflow; *dst = '\0'; return; overflow: *namebuf = '\0'; }/* Prints the familiar Nmap tabular output showing the "interesting" ports found on the machine. It also handles the Machine/Greppable output and the XML output. It is pretty ugly -- in particular I should write helper functions to handle the table creation */void printportoutput(Target *currenths, PortList *plist) { char protocol[4]; char rpcinfo[64]; char rpcmachineinfo[64]; char portinfo[64]; char xmlbuf[2560]; char grepvers[256]; char grepown[64]; char *p; char *state; char serviceinfo[64]; char *name=NULL; int i; int first = 1; struct protoent *proto; Port *current; char hostname[1200]; struct serviceDeductions sd; NmapOutputTable *Tbl = NULL; int portcol = -1; // port or IP protocol # int statecol = -1; // port/protocol state int servicecol = -1; // service or protocol name int versioncol = -1; int reasoncol = -1; // int ownercol = -1; // Used for ident scan int colno = 0; unsigned int rowno; int numrows; int numignoredports = plist->numIgnoredPorts(); vector<const char *> saved_servicefps; log_write(LOG_XML, "<ports>"); int prevstate = PORT_UNKNOWN; int istate; while ((istate = plist->nextIgnoredState(prevstate)) != PORT_UNKNOWN) { log_write(LOG_XML, "<extraports state=\"%s\" count=\"%d\">\n", statenum2str(istate), plist->getStateCounts(istate)); print_xml_state_summary(plist, istate); log_write(LOG_XML, "</extraports>\n"); prevstate = istate; } if (numignoredports == plist->numports) { if (numignoredports == 0) { log_write(LOG_PLAIN, "0 ports scanned on %s\n", currenths->NameIP(hostname, sizeof(hostname))); } else { log_write(LOG_PLAIN, "%s %d scanned %s on %s %s ", (numignoredports == 1)? "The" : "All", numignoredports, (numignoredports == 1)? "port" : "ports", currenths->NameIP(hostname, sizeof(hostname)), (numignoredports == 1)? "is" : "are"); if (plist->numIgnoredStates() == 1) { log_write(LOG_PLAIN, statenum2str(plist->nextIgnoredState(PORT_UNKNOWN))); } else { prevstate = PORT_UNKNOWN; while ((istate = plist->nextIgnoredState(prevstate)) != PORT_UNKNOWN) { if (prevstate != PORT_UNKNOWN) log_write(LOG_PLAIN, " or "); log_write(LOG_PLAIN, "%s (%d)", statenum2str(istate), plist->getStateCounts(istate)); prevstate = istate; } } if(o.reason) print_state_summary(plist, STATE_REASON_EMPTY); log_write(LOG_PLAIN, "\n"); } log_write(LOG_MACHINE,"Host: %s (%s)\tStatus: Up", currenths->targetipstr(), currenths->HostName()); log_write(LOG_XML, "</ports>\n"); return; } log_write(LOG_PLAIN,"Interesting %s on %s:\n", (o.ipprotscan)? "protocols" : "ports", currenths->NameIP(hostname, sizeof(hostname))); log_write(LOG_MACHINE,"Host: %s (%s)", currenths->targetipstr(), currenths->HostName()); /* Show line like: Not shown: 3995 closed ports, 514 filtered ports if appropriate (note that states are reverse-sorted by # of ports) */ prevstate = PORT_UNKNOWN; while ((istate = plist->nextIgnoredState(prevstate)) != PORT_UNKNOWN) { if (prevstate == PORT_UNKNOWN) log_write(LOG_PLAIN, "Not shown: "); else log_write(LOG_PLAIN, ", "); char desc[32]; if (o.ipprotscan) Snprintf(desc, sizeof(desc), (plist->getStateCounts(istate) == 1)? "protocol" : "protocols"); else Snprintf(desc, sizeof(desc), (plist->getStateCounts(istate) == 1)? "port" : "ports"); log_write(LOG_PLAIN, "%d %s %s", plist->getStateCounts(istate), statenum2str(istate), desc); prevstate = istate; } if (prevstate != PORT_UNKNOWN) log_write(LOG_PLAIN, "\n"); if(o.reason) print_state_summary(plist, STATE_REASON_FULL); /* OK, now it is time to deal with the service table ... */ colno = 0; portcol = colno++; statecol = colno++; servicecol = colno++; if(o.reason) reasoncol = colno++; /* if (o.identscan) ownercol = colno++; */ if (o.servicescan || o.rpcscan) versioncol = colno++; numrows = plist->numports - numignoredports;#ifndef NOLUA int scriptrows = 0; if(plist->numscriptresults > 0) scriptrows = plist->numscriptresults; numrows += scriptrows;#endif assert(numrows > 0); numrows++; // The header counts as a row Tbl = new NmapOutputTable(numrows, colno); // Lets start with the headers if (o.ipprotscan) Tbl->addItem(0, portcol, false, "PROTOCOL", 8); else Tbl->addItem(0, portcol, false, "PORT", 4); Tbl->addItem(0, statecol, false, "STATE", 5); Tbl->addItem(0, servicecol, false, "SERVICE", 7); if (versioncol > 0) Tbl->addItem(0, versioncol, false, "VERSION", 7); if(reasoncol > 0) Tbl->addItem(0, reasoncol, false, "REASON", 6); /* if (ownercol > 0) Tbl->addItem(0, ownercol, false, "OWNER", 5); */ log_write(LOG_MACHINE,"\t%s: ", (o.ipprotscan)? "Protocols" : "Ports" ); rowno = 1; if (o.ipprotscan) { current = NULL; while( (current=plist->nextPort(current, IPPROTO_IP, 0))!=NULL ) { if (!plist->isIgnoredState(current->state)) { if (!first) log_write(LOG_MACHINE,", "); else first = 0; if(o.reason) Tbl->addItem(rowno, reasoncol, true, port_reason_str(current->reason)); state = statenum2str(current->state); proto = nmap_getprotbynum(htons(current->portno)); Snprintf(portinfo, sizeof(portinfo), "%s", proto?proto->p_name: "unknown"); Tbl->addItemFormatted(rowno, portcol, false, "%d", current->portno); Tbl->addItem(rowno, statecol, true, state); Tbl->addItem(rowno, servicecol, true, portinfo); log_write(LOG_MACHINE,"%d/%s/%s/", current->portno, state, (proto)? proto->p_name : ""); log_write(LOG_XML, "<port protocol=\"ip\" portid=\"%d\"><state state=\"%s\" reason=\"%s\" reason_ttl=\"%d\"", current->portno, state, reason_str(current->reason.reason_id, SINGULAR), current->reason.ttl); if(current->reason.ip_addr.s_addr) log_write(LOG_XML, " reason_ip=\"%s\"", inet_ntoa(current->reason.ip_addr)); log_write(LOG_XML, "/>"); if (proto && proto->p_name && *proto->p_name) log_write(LOG_XML, "\n<service name=\"%s\" conf=\"8\" method=\"table\" />", proto->p_name); log_write(LOG_XML, "</port>\n"); rowno++; } } } else { current = NULL; while( (current=plist->nextPort(current, TCPANDUDP, 0))!=NULL ) { if (!plist->isIgnoredState(current->state)) { if (!first) log_write(LOG_MACHINE,", "); else first = 0; strcpy(protocol,(current->proto == IPPROTO_TCP)? "tcp": "udp"); Snprintf(portinfo, sizeof(portinfo), "%d/%s", current->portno, protocol); state = statenum2str(current->state); current->getServiceDeductions(&sd); if (sd.service_fp && saved_servicefps.size() <= 8) saved_servicefps.push_back(sd.service_fp); if (o.rpcscan) { switch(sd.rpc_status) { case RPC_STATUS_UNTESTED: rpcinfo[0] = '\0'; strcpy(rpcmachineinfo, ""); break; case RPC_STATUS_UNKNOWN: strcpy(rpcinfo, "(RPC (Unknown Prog #))"); strcpy(rpcmachineinfo, "R"); break; case RPC_STATUS_NOT_RPC: rpcinfo[0] = '\0'; strcpy(rpcmachineinfo, "N"); break; case RPC_STATUS_GOOD_PROG: name = nmap_getrpcnamebynum(sd.rpc_program); Snprintf(rpcmachineinfo, sizeof(rpcmachineinfo), "(%s:%li*%i-%i)", (name)? name : "", sd.rpc_program, sd.rpc_lowver, sd.rpc_highver); if (!name) { Snprintf(rpcinfo, sizeof(rpcinfo), "(#%li (unknown) V%i-%i)", sd.rpc_program, sd.rpc_lowver, sd.rpc_highver); } else { if (sd.rpc_lowver == sd.rpc_highver) { Snprintf(rpcinfo, sizeof(rpcinfo), "(%s V%i)", name, sd.rpc_lowver); } else Snprintf(rpcinfo, sizeof(rpcinfo), "(%s V%i-%i)", name, sd.rpc_lowver, sd.rpc_highver); } break; default: fatal("Unknown rpc_status %d", sd.rpc_status); break; } Snprintf(serviceinfo, sizeof(serviceinfo), "%s%s%s", (sd.name)? sd.name : ((*rpcinfo)? "" : "unknown"), (sd.name)? " " : "", rpcinfo); } else { getNmapServiceName(&sd, current->state, serviceinfo, sizeof(serviceinfo)); rpcmachineinfo[0] = '\0'; } Tbl->addItem(rowno, portcol, true, portinfo); Tbl->addItem(rowno, statecol, false, state); Tbl->addItem(rowno, servicecol, true, serviceinfo); if(o.reason) Tbl->addItem(rowno, reasoncol, true, port_reason_str(current->reason)); /* if (current->owner) Tbl->addItem(rowno, ownercol, true, current->owner); */ if (*sd.fullversion) Tbl->addItem(rowno, versioncol, true, sd.fullversion); // How should we escape illegal chars in grepable output? // Well, a reasonably clean way would be backslash escapes // such as \/ and \\ . // But that makes it harder to pick // out fields with awk, cut, and such. So I'm gonna use the // ugly hat (fitting to grepable output) or replacing the '/' // character with '|' in the version and owner fields. Strncpy(grepvers, sd.fullversion, sizeof(grepvers) / sizeof(*grepvers)); p = grepvers; while((p = strchr(p, '/'))) { *p = '|'; p++; } if (!current->owner) *grepown = '\0'; else { Strncpy(grepown, current->owner, sizeof(grepown) / sizeof(*grepown)); p = grepown; while((p = strchr(p, '/'))) { *p = '|'; p++; } } if (!sd.name) serviceinfo[0] = '\0'; else { p = serviceinfo; while((p = strchr(p, '/'))) { *p = '|'; p++; } } log_write(LOG_MACHINE,"%d/%s/%s/%s/%s/%s/%s/", current->portno, state, protocol, grepown, serviceinfo, rpcmachineinfo, grepvers); log_write(LOG_XML, "<port protocol=\"%s\" portid=\"%d\">", protocol, current->portno); log_write(LOG_XML, "<state state=\"%s\" reason=\"%s\" reason_ttl=\"%d\"", state, reason_str(current->reason.reason_id, SINGULAR), current->reason.ttl); if(current->reason.ip_addr.s_addr) log_write(LOG_XML, " reason_ip=\"%s\"", inet_ntoa(current->reason.ip_addr)); log_write(LOG_XML, "/>"); if (current->owner && *current->owner) { log_write(LOG_XML, "<owner name=\"%s\" />", current->owner); } if (getServiceXMLBuf(&sd, xmlbuf, sizeof(xmlbuf)) == 0) if (*xmlbuf) log_write(LOG_XML, "%s", xmlbuf); rowno++;#ifndef NOLUA if(o.script) { ScriptResults::iterator ssr_iter; for( ssr_iter = current->scriptResults.begin(); ssr_iter != current->scriptResults.end(); ssr_iter++) { char* xml_id= xml_convert((*ssr_iter).id); char* xml_scriptoutput= xml_convert((*ssr_iter).output); log_write(LOG_XML, "<script id=\"%s\" output=\"%s\" />", xml_id, xml_scriptoutput); free(xml_id); free(xml_scriptoutput);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -