nmap.cc
来自「Ubuntu packages of security software。 相」· CC 代码 · 共 1,539 行 · 第 1/5 页
CC
1,539 行
if(o.ipoptionslen>=8) // at least one ip address log_write(LOG_STDOUT, "Binary ip options to be send:\n%s", buf); log_write(LOG_STDOUT, "Parsed ip options to be send:\n%s\n", print_ip_options(o.ipoptions, o.ipoptionslen)); } /* Open the log files, now that we know whether the user wants them appended or overwritten */ if (normalfilename) log_open(LOG_NORMAL, o.append_output, normalfilename); if (machinefilename) log_open(LOG_MACHINE, o.append_output, machinefilename); if (kiddiefilename) log_open(LOG_SKID, o.append_output, kiddiefilename); if (xmlfilename) log_open(LOG_XML, o.append_output, xmlfilename); if (!o.interactivemode) { char tbuf[128]; // ISO 8601 date/time -- http://www.cl.cam.ac.uk/~mgk25/iso-time.html if (strftime(tbuf, sizeof(tbuf), "%Y-%m-%d %H:%M %Z", tm) <= 0) fatal("Unable to properly format time"); log_write(LOG_STDOUT|LOG_SKID, "\nStarting %s %s ( %s ) at %s\n", NMAP_NAME, NMAP_VERSION, NMAP_URL, tbuf); if (o.verbose && tm->tm_mon == 8 && tm->tm_mday == 1) { log_write(LOG_STDOUT|LOG_SKID, "Happy %dth Birthday to Nmap, may it live to be %d!\n", tm->tm_year - 97, tm->tm_year + 3 ); } if (iflist) { print_iflist(); exit(0); } } if(o.traceroute && (o.idlescan || o.connectscan)) { error("Warning: Traceroute does not support idle or connect scan, disabling...\n"); o.traceroute = 0; } if(o.traceroute && !o.isr00t) { error("Warning: Traceroute has to be run as root, disabling...\n"); o.traceroute = 0; } if ((o.pingscan || o.listscan) && (portlist || o.fastscan)) fatal("You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan"); if (portlist && o.fastscan) fatal("You cannot use -F (fast scan) with -p (explicit port selection) but see --top-ports and --port-ratio to fast scan a range of ports"); if (o.ipprotscan) { if (portlist) ports = getpts(portlist); else ports = getpts((char *) (o.fastscan ? "[P:0-]" : "0-")); // Default protocols to scan } else { ports = gettoppts(o.topportlevel, portlist); } if (portlist && !ports) fatal("Your port specification string is not parseable"); if (portlist) { free(portlist); portlist = NULL; } // Uncomment the following line to use the common lisp port spec test suite //printf("port spec: (%d %d %d)\n", ports->tcp_count, ports->udp_count, ports->prot_count); exit(0);#ifdef WIN32 if (o.sendpref & PACKET_SEND_IP) { error("WARNING: raw IP (rather than raw ethernet) packet sending attempted on Windows. This probably won't work. Consider --send-eth next time.\n"); }#endif if (spoofmac) { u8 mac_data[6]; int pos = 0; /* Next index of mac_data to fill in */ char tmphex[3]; /* A zero means set it all randomly. Anything that is all digits or colons is treated as a prefix, with remaining characters for the 6-byte MAC (if any) chosen randomly. Otherwise, it is treated as a vendor string for lookup in nmap-mac-prefixes */ if (strcmp(spoofmac, "0") == 0) { pos = 0; } else { const char *p = spoofmac; while(*p) { if (*p == ':') p++; if (isxdigit(*p) && isxdigit(*(p+1))) { if (pos >= 6) fatal("Bogus --spoof-mac value encountered (%s) -- only up to 6 bytes permitted", spoofmac); tmphex[0] = *p; tmphex[1] = *(p+1); tmphex[2] = '\0'; mac_data[pos] = (u8) strtol(tmphex, NULL, 16); pos++; p += 2; } else break; } if (*p) { /* Failed to parse it as a MAC prefix -- treating as a vendor substring instead */ if (!MACCorp2Prefix(spoofmac, mac_data)) fatal("Could not parse as a prefix nor find as a vendor substring the given --spoof-mac argument: %s. If you are giving hex digits, there must be an even number of them.", spoofmac); pos = 3; } } if (pos < 6) { get_random_bytes(mac_data + pos, 6 - pos); } /* Got the new MAC! */ const char *vend = MACPrefix2Corp(mac_data); log_write(LOG_PLAIN, "Spoofing MAC address %02X:%02X:%02X:%02X:%02X:%02X (%s)\n", mac_data[0], mac_data[1], mac_data[2], mac_data[3], mac_data[4], mac_data[5], vend? vend : "No registered vendor"); o.setSpoofMACAddress(mac_data); /* If they want to spoof the MAC address, we should at least make some effort to actually send raw ethernet frames rather than IP packets (which would use the real IP */ if (o.sendpref != PACKET_SEND_IP_STRONG) o.sendpref = PACKET_SEND_ETH_STRONG; } /* By now, we've got our port lists. Give the user a warning if no * ports are specified for the type of scan being requested. Other things * (such as OS ident scan) might break cause no ports were specified, but * we've given our warning... */ if ((o.TCPScan()) && ports->tcp_count == 0) error("WARNING: a TCP scan type was requested, but no tcp ports were specified. Skipping this scan type."); if (o.UDPScan() && ports->udp_count == 0) error("WARNING: UDP scan was requested, but no udp ports were specified. Skipping this scan type."); if (o.ipprotscan && ports->prot_count == 0) error("WARNING: protocol scan was requested, but no protocols were specified to be scanned. Skipping this scan type."); /* Set up our array of decoys! */ if (o.decoyturn == -1) { o.decoyturn = (o.numdecoys == 0)? 0 : get_random_uint() % o.numdecoys; o.numdecoys++; for(i=o.numdecoys-1; i > o.decoyturn; i--) o.decoys[i] = o.decoys[i-1]; } /* We need to find what interface to route through if: * --None have been specified AND * --We are root and doing tcp ping OR * --We are doing a raw sock scan and NOT pinging anyone */ if (o.af() == AF_INET && o.v4sourceip() && !*o.device) { if (ipaddr2devname(o.device, o.v4sourceip()) != 0) { fatal("Could not figure out what device to send the packet out on with the source address you gave me! If you are trying to sp00f your scan, this is normal, just give the -e eth0 or -e ppp0 or whatever. Otherwise you can still use -e, but I find it kindof fishy."); } } if (o.af() == AF_INET && *o.device && !o.v4sourceip()) { struct sockaddr_in tmpsock; memset(&tmpsock, 0, sizeof(tmpsock)); if (devname2ipaddr(o.device, &(tmpsock.sin_addr)) == -1) { fatal("I cannot figure out what source address to use for device %s, does it even exist?", o.device); } tmpsock.sin_family = AF_INET;#if HAVE_SOCKADDR_SA_LEN tmpsock.sin_len = sizeof(tmpsock);#endif o.setSourceSockAddr((struct sockaddr_storage *) &tmpsock, sizeof(tmpsock)); } /* If he wants to bounce off of an FTP site, that site better damn well be reachable! */ if (o.bouncescan) { if (!inet_pton(AF_INET, ftp.server_name, &ftp.server)) { if ((target = gethostbyname(ftp.server_name))) memcpy(&ftp.server, target->h_addr_list[0], 4); else { fatal("Failed to resolve FTP bounce proxy hostname/IP: %s", ftp.server_name); } } else if (o.verbose) log_write(LOG_STDOUT, "Resolved FTP bounce attack proxy to %s (%s).\n", ftp.server_name, inet_ntoa(ftp.server)); } fflush(stdout); fflush(stderr); timep = time(NULL); /* Brief info incase they forget what was scanned */ Strncpy(mytime, ctime(&timep), sizeof(mytime)); chomp(mytime); char *xslfname = o.XSLStyleSheet(); char xslline[1024]; if (xslfname) { char *p = xml_convert(xslfname); Snprintf(xslline, sizeof(xslline), "<?xml-stylesheet href=\"%s\" type=\"text/xsl\"?>\n", p); free(p); } else xslline[0] = '\0'; log_write(LOG_XML, "<?xml version=\"1.0\" ?>\n%s<!-- ", xslline); log_write(LOG_NORMAL|LOG_MACHINE, "# "); log_write(LOG_NORMAL|LOG_MACHINE|LOG_XML, "%s %s scan initiated %s as: ", NMAP_NAME, NMAP_VERSION, mytime); for(i=0; i < argc; i++) { char *p = xml_convert(fakeargv[i]); log_write(LOG_XML,"%s ", p); free(p); log_write(LOG_NORMAL|LOG_MACHINE,"%s ", fakeargv[i]); } log_write(LOG_XML, "-->"); log_write(LOG_NORMAL|LOG_MACHINE|LOG_XML,"\n"); log_write(LOG_XML, "<nmaprun scanner=\"nmap\" args=\""); for(i=0; i < argc; i++) log_write(LOG_XML, (i == argc-1)? "%s\" " : "%s ", fakeargv[i]); log_write(LOG_XML, "start=\"%lu\" startstr=\"%s\" version=\"%s\" xmloutputversion=\"1.01\">\n", (unsigned long) timep, mytime, NMAP_VERSION); output_xml_scaninfo_records(ports); log_write(LOG_XML, "<verbose level=\"%d\" />\n<debugging level=\"%d\" />\n", o.verbose, o.debugging); /* Before we randomize the ports scanned, lets output them to machine parseable output */ if (o.verbose) output_ports_to_machine_parseable_output(ports, o.TCPScan(), o.udpscan, o.ipprotscan); /* more fakeargv junk, BTW malloc'ing extra space in argv[0] doesn't work */ if (quashargv) { size_t fakeargvlen = strlen(FAKE_ARGV), argvlen = strlen(argv[0]); if (argvlen < fakeargvlen) fatal("If you want me to fake your argv, you need to call the program with a longer name. Try the full pathname, or rename it fyodorssuperdedouperportscanner"); strncpy(argv[0], FAKE_ARGV, fakeargvlen); memset(&argv[0][fakeargvlen], '\0', strlen(&argv[0][fakeargvlen])); for(i=1; i < argc; i++) memset(argv[i], '\0', strlen(argv[i])); }#if defined(HAVE_SIGNAL) && defined(SIGPIPE) signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE so our program doesn't crash because of it, but we really shouldn't get an unsuspected SIGPIPE */#endif if (o.max_parallelism && (i = max_sd()) && i < o.max_parallelism) { error("WARNING: Your specified max_parallel_sockets of %d, but your system says it might only give us %d. Trying anyway", o.max_parallelism, i); } if (o.debugging > 1) log_write(LOG_STDOUT, "The max # of sockets we are using is: %d\n", o.max_parallelism); // At this point we should fully know our timing parameters if (o.debugging) { log_write(LOG_PLAIN, "--------------- Timing report ---------------\n"); log_write(LOG_PLAIN, " hostgroups: min %d, max %d\n", o.minHostGroupSz(), o.maxHostGroupSz()); log_write(LOG_PLAIN, " rtt-timeouts: init %d, min %d, max %d\n", o.initialRttTimeout(), o.minRttTimeout(), o.maxRttTimeout()); log_write(LOG_PLAIN, " max-scan-delay: TCP %d, UDP %d\n", o.maxTCPScanDelay(), o.maxUDPScanDelay()); log_write(LOG_PLAIN, " parallelism: min %d, max %d\n", o.min_parallelism, o.max_parallelism); log_write(LOG_PLAIN, " max-retries: %d, host-timeout: %ld\n", o.getMaxRetransmissions(), o.host_timeout); log_write(LOG_PLAIN, "---------------------------------------------\n"); } /* Before we randomize the ports scanned, we must initialize PortList class. */ if (o.ipprotscan) PortList::initializePortMap(IPPROTO_IP, ports->prots, ports->prot_count); if (o.TCPScan()) PortList::initializePortMap(IPPROTO_TCP, ports->tcp_ports, ports->tcp_count); if (o.UDPScan()) PortList::initializePortMap(IPPROTO_UDP, ports->udp_ports, ports->udp_count); if (randomize) { if (ports->tcp_count) { shortfry(ports->tcp_ports, ports->tcp_count); // move a few more common ports closer to the beginning to speed scan random_port_cheat(ports->tcp_ports, ports->tcp_count); } if (ports->udp_count) shortfry(ports->udp_ports, ports->udp_count); if (ports->prot_count) shortfry(ports->prots, ports->prot_count); } /* lets load our exclude list */ if ((NULL != excludefd) || (NULL != exclude_spec)) { exclude_group = load_exclude(excludefd, exclude_spec); if (o.debugging > 3) dumpExclude(exclude_group); if ((FILE *)NULL != excludefd) fclose(excludefd); if ((char *)NULL != exclude_spec) free(exclude_spec); }#ifndef NOLUA if(o.scriptupdatedb) { script_updatedb(); // disable warnings o.max_ips_to_scan = o.numhosts_scanned; }#endif /* Time to create a hostgroup state object filled with all the requested machines. The list is initially empty. It is refilled inside the loop whenever it is empty. */ host_exp_group = (char **) safe_malloc(o.ping_group_sz * sizeof(char *)); num_host_exp_groups = 0; hstate = new HostGroupState(o.ping_group_sz, o.randomize_hosts, host_exp_group, num_host_exp_groups); do { idea⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?