portscanner.cc

xprobe package sources code

/* $Id: portscanner.cc,v 1.4 2003/09/25 06:56:20 mederchik Exp $ */
/*
** Copyright (C) 2003 Meder Kydyraliev <meder@areopag.net>
** Copyright (C) 2001 Fyodor Yarochkin <fygrave@tigerteam.net>,
**                    Ofir Arkin       <ofir@sys-security.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/

#include "xprobe.h"
#define _XPROBE_MODULE
#include "xplib.h"
#include "xprobe_module_hdlr.h"
#include "target.h"
#include "interface.h"
#include "cmd_opts.h"
#include "portscanner.h"
#include "sha1.h"
#include "usi++/usi++.h"
#include "log.h"
#include <sys/wait.h>

extern Interface *ui;
extern Cmd_Opts *copts;
extern XML_Log *xml;
int done_sending=0;

void child_handler (int signum) {
	while(wait(NULL) > 0);
	signum++; //suspend warn
	done_sending = 1;
}

int Portscanner::init(void) {

    xprobe_debug(XPROBE_DEBUG_MODULES, "%s module initialized\n", get_name());
    return OK;
}


int Portscanner::exec(Target *tg, OS_Matrix *os) {
	pid_t childpid;
	unsigned int k;
	u_short j;
	u_char tcp_ignore_state, udp_ignore_state;
	map<int, char>::iterator m_i;
	struct servent *serv;
	struct timeval start, end;

	os = os; /* suspend warning */
    xprobe_debug(XPROBE_DEBUG_MODULES, "--%s module has been executed against: %s\n", get_name(),
            inet_ntoa(tg->get_addr()));

	signal(SIGCHLD, child_handler); 

	tcpport = *(tg->get_tcp_toscan());
	udpport = *(tg->get_udp_toscan());
	if ((gettimeofday(&start, NULL))<0) {
		ui->msg("Portscanner::exec gettimeofday failed\n");
		return FAIL;
	}
	/* flush before fork()ing */
	xml->flush();
	if ((childpid = fork()) < 0) {
		// error
		ui->msg("[%s] fork() failed: %s\n", get_name(), strerror(errno));
		return FAIL;
	} else if (childpid) {
		// parent
		receive_packets(tg);
	} else {
		// child
		send_packets(tg);
		xprobe_mdebug(XPROBE_DEBUG_MODULES, "BUG!! send_packets returned!\n");
		/* UNEARCH: child never returns */
	}
	// everyone meets here
	
	if ((gettimeofday(&end, NULL)) < 0) {
		ui->msg("Portscanner::exec gettimeofday failed\n");
		return FAIL;
	}
	// 1st thing to do is to see what ports where filtered
    for (k=0; k < tcpport.size(); k++)
        while(!tcpport[k].get_next(&j))
			if (tcp_ports.find(j) == tcp_ports.end()){
				tcpfiltered++;
				tcp_ports.insert(pair<int, char>(j, XPROBE_TARGETP_FILTERED));
            }
        tcp_ignore_state = get_ignore_state(IPPROTO_TCP);
        if ((tcpopen && !tcpclosed && !tcpfiltered) ||
            (!tcpopen && tcpclosed && !tcpfiltered) ||
            (!tcpopen && !tcpclosed && tcpfiltered)) {
            tcp_ignore_state = 255; //lame :)
        }

    for (k=0; k < udpport.size(); k++)
        while(!udpport[k].get_next(&j))
			if (udp_ports.find(j) == udp_ports.end()){
				udpfiltered++;
				udp_ports.insert(pair<int, char>(j, XPROBE_TARGETP_FILTERED));
			}
	xml->log(XPROBELOG_PS_SESS_START, "%d", ((end.tv_sec - start.tv_sec) * 1000 + (end.tv_usec - start.tv_usec)/1000)/1000.0);
	
	xml->log(XPROBELOG_STATS_SESS_START, "pscan stats");
	ui->msg("[+] Portscan results for %s:\n", inet_ntoa(tg->get_addr()));
	ui->msg("[+]  Stats:\n");
	ui->msg("[+]   TCP: %d - open, %d - closed, %d - filtered\n", tcpopen, tcpclosed, tcpfiltered);
	xml->log(XPROBELOG_MSG_PS_TCPST, "%o%c%f", tcpopen, tcpclosed, tcpfiltered); 
	ui->msg("[+]   UDP: %d - open, %d - closed, %d - filtered\n", udpopen, udpclosed, udpfiltered);
	xml->log(XPROBELOG_MSG_PS_UDPST, "%o%c%f", udpopen, udpclosed, udpfiltered);
	xml->log(XPROBELOG_STATS_SESS_END, "stats done");
	ui->msg("[+]   Portscan took %.2f seconds.\n",
	// convert seconds into milliseconds
	((end.tv_sec - start.tv_sec) * 1000 + (end.tv_usec - start.tv_usec)/1000)/1000.0);
	ui->msg("[+]  Details:\n");
	xml->log(XPROBELOG_PSDET_SESS_START, "details");
	ui->msg("[+]   Proto\tPort Num.\tState\t\tServ. Name\n");
	for (m_i = tcp_ports.begin(); m_i != tcp_ports.end(); m_i++) {
		if (m_i->second == tcp_ignore_state)
			continue;
		ui->msg("[+]   TCP\t%d\t\t", m_i->first);
		if (m_i->second == XPROBE_TARGETP_OPEN)
			ui->msg("open\t");
		else if (m_i->second == XPROBE_TARGETP_CLOSED)
			ui->msg("closed\t"); 
		else if (m_i->second ==XPROBE_TARGETP_FILTERED)
			ui->msg("filtered");
		ui->msg("\t");
		if ((serv=getservbyport(htons(m_i->first), "tcp")) != NULL)
			if(serv->s_name != NULL) {
				ui->msg("%-s\t", serv->s_name);
			} else {
				ui->msg("%-s\t", "N/A");
			}
		else
			ui->msg("N/A\t");
		ui->msg("\n");
		xml->log(XPROBELOG_MSG_PORT, "%n%p%t%s", m_i->first, IPPROTO_TCP, m_i->second, (serv != NULL && serv->s_name != NULL) ? serv->s_name: "N/A");
	}


	udp_ignore_state = get_ignore_state(IPPROTO_UDP);
	if ((udpopen && !udpclosed && !udpfiltered) ||
		(!udpopen && udpclosed && !udpfiltered) ||
		(!udpopen && !udpclosed && udpfiltered)) {
		udp_ignore_state = 255; //lame :)
	}
    
	for (m_i = udp_ports.begin(); m_i != udp_ports.end(); m_i++) {
		if (m_i->second == udp_ignore_state)
			continue;
		ui->msg("[+]   UDP\t%d\t\t", m_i->first);
		if (m_i->second == XPROBE_TARGETP_OPEN)
			ui->msg("open\t");
		else if (m_i->second == XPROBE_TARGETP_CLOSED)
			ui->msg("closed\t"); 
		else if (m_i->second ==XPROBE_TARGETP_FILTERED)
			ui->msg("filtered/open");
		ui->msg("\t");
		if ((serv=getservbyport(htons(m_i->first), "udp")) != NULL)
			if(serv->s_name != NULL) {
				ui->msg("%-s\t", serv->s_name);
			} else {
				ui->msg("%-s\t", "N/A");
			}
		else
			ui->msg("N/A\t");
		ui->msg("\n");
		xml->log(XPROBELOG_MSG_PORT, "%n%p%t%s", m_i->first, IPPROTO_UDP, m_i->second, (serv != NULL && serv->s_name != NULL) ? serv->s_name: "N/A");
	}

	
	//XXX: ugly fix later
	if (tcp_ignore_state == XPROBE_TARGETP_OPEN ||
		tcp_ignore_state == XPROBE_TARGETP_CLOSED ||
		tcp_ignore_state == XPROBE_TARGETP_FILTERED) {
		ui->msg("[+]  Other TCP ports are in ");
		if (tcp_ignore_state == XPROBE_TARGETP_OPEN)
			ui->msg("open");
		if (tcp_ignore_state == XPROBE_TARGETP_CLOSED)
			ui->msg("closed");
		if (tcp_ignore_state == XPROBE_TARGETP_FILTERED)
			ui->msg("filtered");
		ui->msg(" state.\n");
		xml->log(XPROBELOG_OTHER_TCPP, "%s", tcp_ignore_state);
	}
	if (udp_ignore_state == XPROBE_TARGETP_OPEN ||
		udp_ignore_state == XPROBE_TARGETP_CLOSED ||
		udp_ignore_state == XPROBE_TARGETP_FILTERED) {
		ui->msg("[+]  Other UDP ports are in ");
		if (udp_ignore_state == XPROBE_TARGETP_OPEN)
			ui->msg("open");
		if (udp_ignore_state == XPROBE_TARGETP_CLOSED)
			ui->msg("closed");
		if (udp_ignore_state == XPROBE_TARGETP_FILTERED)
			ui->msg("filtered");
		ui->msg(" state.\n");
		xml->log(XPROBELOG_OTHER_UDPP, "%s", tcp_ignore_state);
	}
	xml->log(XPROBELOG_PSDET_SESS_END, "end of portscan details");
	xml->log(XPROBELOG_PS_SESS_END, "end of portscan");
	// ok now we need to save this data into Target object
	tg->set_tcp_ports(&tcp_ports);
	tg->set_udp_ports(&udp_ports);
	// tg->set_udp_ports(&udp_ports);
    return OK;
}

int Portscanner::fini(void) {
    xprobe_debug(XPROBE_DEBUG_MODULES, "%s module has been deinitilized\n", get_name());
    return OK;
}

int Portscanner::send_packets(Target *tg) {
	struct in_addr remote=tg->get_addr(), local=tg->get_interface_addr();
	TCP tcpp(inet_ntoa(remote));
	UDP udpp(inet_ntoa(remote));
	unsigned int k, seq;
	unsigned short dport,sport;
	unsigned char digest[20];
	SHA1 sha;
	struct _shainput {
		struct in_addr src;
		struct in_addr dst;
		u_short sport;