📄 nbtscan.c
字号:
#include <sys/types.h>#include <sys/socket.h>#include <netinet/in.h>#include <arpa/inet.h>#include <stdlib.h>#include <sys/time.h>#include <string.h>#if HAVE_STDINT_H#include <stdint.h>#endif#include "statusq.h"#include "range.h"#include "list.h"#include "errors.h"#include "time.h"int quiet=0;print_banner() { printf("\nNBTscan version 1.5.1. Copyright (C) 1999-2003 Alla Bezroutchko.\n"); printf("This is a free software and it comes with absolutely no warranty.\n"); printf("You can use, distribute and modify it under terms of GNU GPL.\n\n");}void usage(void) { printf("Usage:\nnbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>) \n"); printf("\t-v\t\tverbose output. Print all names received\n"); printf("\t\t\tfrom each host\n"); printf("\t-d\t\tdump packets. Print whole packet contents.\n"); printf("\t-e\t\tFormat output in /etc/hosts format.\n"); printf("\t-l\t\tFormat output in lmhosts format.\n"); printf("\t\t\tCannot be used with -v, -s or -h options.\n"); printf("\t-t timeout\twait timeout milliseconds for response.\n"); printf("\t\t\tDefault 1000.\n"); printf("\t-b bandwidth\tOutput throttling. Slow down output\n"); printf("\t\t\tso that it uses no more that bandwidth bps.\n"); printf("\t\t\tUseful on slow links, so that ougoing queries\n"); printf("\t\t\tdon't get dropped.\n"); printf("\t-r\t\tuse local port 137 for scans. Win95 boxes\n"); printf("\t\t\trespond to this only.\n"); printf("\t\t\tYou need to be root to use this option on Unix.\n"); printf("\t-q\t\tSuppress banners and error messages,\n"); printf("\t-s separator\tScript-friendly output. Don't print\n"); printf("\t\t\tcolumn and record headers, separate fields with separator.\n"); printf("\t-h\t\tPrint human-readable names for services.\n"); printf("\t\t\tCan only be used with -v option.\n"); printf("\t-m retransmits\tNumber of retransmits. Default 0.\n"); printf("\t-f filename\tTake IP addresses to scan from file filename.\n"); printf("\t\t\t-f - makes nbtscan take IP addresses from stdin.\n"); printf("\t<scan_range>\twhat to scan. Can either be single IP\n"); printf("\t\t\tlike 192.168.1.1 or\n"); printf("\t\t\trange of addresses in one of two forms: \n"); printf("\t\t\txxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.\n"); printf("Examples:\n"); printf("\tnbtscan -r 192.168.1.0/24\n"); printf("\t\tScans the whole C-class network.\n"); printf("\tnbtscan 192.168.1.25-137\n"); printf("\t\tScans a range from 192.168.1.25 to 192.168.1.137\n"); printf("\tnbtscan -v -s : 192.168.1.0/24\n"); printf("\t\tScans C-class network. Prints results in script-friendly\n"); printf("\t\tformat using colon as field separator.\n"); printf("\t\tProduces output like that:\n"); printf("\t\t192.168.0.1:NT_SERVER:00U\n"); printf("\t\t192.168.0.1:MY_DOMAIN:00G\n"); printf("\t\t192.168.0.1:ADMINISTRATOR:03U\n"); printf("\t\t192.168.0.2:OTHER_BOX:00U\n"); printf("\t\t...\n"); printf("\tnbtscan -f iplist\n"); printf("\t\tScans IP addresses specified in file iplist.\n"); exit(2);};int set_range(char* range_str, struct ip_range* range_struct) { if(is_ip(range_str, range_struct)) return 1; if(is_range1(range_str, range_struct)) return 1; if(is_range2(range_str, range_struct)) return 1; return 0;};int print_header() { printf("%-17s%-17s%-10s%-17s%-17s\n", "IP address", "NetBIOS Name", "Server", "User", "MAC address"); printf("------------------------------------------------------------------------------\n");};int d_print_hostinfo(struct in_addr addr, const struct nb_host_info* hostinfo) { int i; unsigned char service; /* 16th byte of NetBIOS name */ char name[16]; printf("\nPacket dump for Host %s:\n\n", inet_ntoa(addr)); if(hostinfo->is_broken) printf("Incomplete packet, %d bytes long.\n", hostinfo->is_broken); if(hostinfo->header) { printf("Transaction ID: 0x%04x (%1$d)\n", hostinfo->header->transaction_id); printf("Flags: 0x%04x (%1$d)\n", hostinfo->header->flags); printf("Question count: 0x%04x (%1$d)\n", hostinfo->header->question_count); printf("Answer count: 0x%04x (%1$d)\n", hostinfo->header->answer_count); printf("Name service count: 0x%04x (%1$d)\n", hostinfo->header->name_service_count); printf("Additional record count: 0x%04x (%1$d)\n", hostinfo->header->additional_record_count); printf("Question name: %s\n", hostinfo->header->question_name); printf("Question type: 0x%04x (%1$d)\n", hostinfo->header->question_type); printf("Question class: 0x%04x (%1$d)\n", hostinfo->header->question_class); printf("Time to live: 0x%08x (%1$d)\n", hostinfo->header->ttl); printf("Rdata length: 0x%04x (%1$d)\n", hostinfo->header->rdata_length); printf("Number of names: 0x%02x (%1$d)\n", hostinfo->header->number_of_names); }; if(hostinfo->names) { printf("Names received:\n"); for(i=0; i< hostinfo->header->number_of_names; i++) { service = hostinfo->names[i].ascii_name[15]; strncpy(name, hostinfo->names[i].ascii_name, 15); name[16]=0; printf("%-17s Service: 0x%02x Flags: 0x%04x\n", name, service, hostinfo->names[i].rr_flags); } }; if(hostinfo->footer) { printf("Adapter address: %02x-%02x-%02x-%02x-%02x-%02x\n", hostinfo->footer->adapter_address[0], hostinfo->footer->adapter_address[1], hostinfo->footer->adapter_address[2], hostinfo->footer->adapter_address[3], hostinfo->footer->adapter_address[4], hostinfo->footer->adapter_address[5]); printf("Version major: 0x%02x (%1$d)\n", hostinfo->footer->version_major); printf("Version minor: 0x%02x (%1$d)\n", hostinfo->footer->version_minor); printf("Duration: 0x%04x (%1$d)\n", hostinfo->footer->duration); printf("FRMRs Received: 0x%04 (%1$d)\n", hostinfo->footer->frmps_received); printf("FRMRs Transmitted: 0x%04 (%1$d)\n", hostinfo->footer->frmps_transmitted); printf("IFrame Receive errors: 0x%04 (%1$d)\n", hostinfo->footer->iframe_receive_errors); printf("Transmit aborts: 0x%04 (%1$d)\n", hostinfo->footer->transmit_aborts); printf("Transmitted: 0x%08 (%1$d)\n", hostinfo->footer->transmitted); printf("Received: 0x%08 (%1$d)\n", hostinfo->footer->received); printf("IFrame transmit errors: 0x%04 (%1$d)\n", hostinfo->footer->iframe_transmit_errors); printf("No receive buffers: 0x%04 (%1$d)\n", hostinfo->footer->no_receive_buffer); printf("tl timeouts: 0x%04 (%1$d)\n", hostinfo->footer->tl_timeouts); printf("ti timeouts: 0x%04 (%1$d)\n", hostinfo->footer->ti_timeouts); printf("Free NCBS: 0x%04 (%1$d)\n", hostinfo->footer->free_ncbs); printf("NCBS: 0x%04 (%1$d)\n", hostinfo->footer->ncbs); printf("Max NCBS: 0x%04 (%1$d)\n", hostinfo->footer->max_ncbs); printf("No transmit buffers: 0x%04 (%1$d)\n", hostinfo->footer->no_transmit_buffers); printf("Max datagram: 0x%04 (%1$d)\n", hostinfo->footer->max_datagram); printf("Pending sessions: 0x%04 (%1$d)\n", hostinfo->footer->pending_sessions); printf("Max sessions: 0x%04 (%1$d)\n", hostinfo->footer->max_sessions); printf("Packet sessions: 0x%04 (%1$d)\n", hostinfo->footer->packet_sessions); };};int v_print_hostinfo(struct in_addr addr, const struct nb_host_info* hostinfo, char* sf, int hr) { int i, unique; my_uint8_t service; /* 16th byte of NetBIOS name */ char name[16]; char* sname; if(!sf) { printf("\nNetBIOS Name Table for Host %s:\n\n", inet_ntoa(addr)); if(hostinfo->is_broken) printf("Incomplete packet, %d bytes long.\n", hostinfo->is_broken); printf("%-17s%-17s%-17s\n", "Name", "Service", "Type"); printf("----------------------------------------\n"); }; if(hostinfo->header && hostinfo->names) { for(i=0; i< hostinfo->header->number_of_names; i++) { service = hostinfo->names[i].ascii_name[15]; strncpy(name, hostinfo->names[i].ascii_name, 15); name[16]=0; unique = !(hostinfo->names[i].rr_flags & 0x0080); if(sf) { printf("%s%s%s%s", inet_ntoa(addr), sf, name, sf); if(hr) printf("%s\n", (char*)getnbservicename(service, unique, name)); else { printf("%02x", service); if(unique) printf("U\n"); else printf("G\n"); } } else { printf("%-17s", name); if(hr) printf("%s\n", (char*)getnbservicename(service, unique, name)); else { printf("<%02x>", service); if(unique) printf(" UNIQUE\n"); else printf(" GROUP\n"); }; } }; }; if(hostinfo->footer) { if(sf) printf("%s%sMAC%s", inet_ntoa(addr), sf, sf); else printf("\nAdapter address: "); printf("%02x-%02x-%02x-%02x-%02x-%02x\n", hostinfo->footer->adapter_address[0], hostinfo->footer->adapter_address[1], hostinfo->footer->adapter_address[2], hostinfo->footer->adapter_address[3], hostinfo->footer->adapter_address[4], hostinfo->footer->adapter_address[5]); }; if(!sf) printf("----------------------------------------\n"); return 1;};int print_hostinfo(struct in_addr addr, struct nb_host_info* hostinfo, char* sf) { int i; unsigned char service; /* 16th byte of NetBIOS name */ char comp_name[16], user_name[16]; int is_server=0; int unique; int first_name=1; strncpy(comp_name,"<unknown>",15); strncpy(user_name,"<unknown>",15); if(hostinfo->header && hostinfo->names) { for(i=0; i< hostinfo->header->number_of_names; i++) { service = hostinfo->names[i].ascii_name[15]; unique = ! (hostinfo->names[i].rr_flags & 0x0080); if(service == 0 && unique && first_name) { /* Unique name, workstation service - this is computer name */ strncpy(comp_name, hostinfo->names[i].ascii_name, 15); comp_name[15] = 0; first_name = 0; }; if(service == 0x20 && unique) { is_server=1; } if(service == 0x03 && unique) { strncpy(user_name, hostinfo->names[i].ascii_name, 15); user_name[15]=0; }; }; }; if(sf) { printf("%s%s%s%s", inet_ntoa(addr), sf, comp_name, sf); if(is_server) printf("<server>"); printf("%s%s%s", sf, user_name, sf); } else { printf("%-17s%-17s",inet_ntoa(addr),comp_name); if(is_server) printf("%-10s", "<server>"); else printf("%-10s",""); printf("%-17s", user_name); }; if(hostinfo->footer) { printf("%02x-%02x-%02x-%02x-%02x-%02x\n", hostinfo->footer->adapter_address[0], hostinfo->footer->adapter_address[1], hostinfo->footer->adapter_address[2], hostinfo->footer->adapter_address[3], hostinfo->footer->adapter_address[4], hostinfo->footer->adapter_address[5]); } else { printf("\n"); }; return 1;};/* Print hostinfo in /etc/hosts or lmhosts format *//* If l is true adds #PRE to each line of output (for lmhosts) */int l_print_hostinfo(struct in_addr addr, struct nb_host_info* hostinfo, int l) { int i; unsigned char service; /* 16th byte of NetBIOS name */ char comp_name[16]; int is_server=0; int unique; int first_name=1; strncpy(comp_name,"<unknown>",15); if(hostinfo->header && hostinfo->names) { for(i=0; i< hostinfo->header->number_of_names; i++) { service = hostinfo->names[i].ascii_name[15]; unique = ! (hostinfo->names[i].rr_flags & 0x0080); if(service == 0 && unique && first_name) { /* Unique name, workstation service - this is computer name */ strncpy(comp_name, hostinfo->names[i].ascii_name, 15); comp_name[15]=0; first_name = 0; }; }; }; printf("%s\t%s", inet_ntoa(addr), comp_name); if(l) printf("\t#PRE"); printf("\n");} #define BUFFSIZE 1024int main(int argc, char *argv[]) { int timeout=1000, verbose=0, use137=0, ch, dump=0, bandwidth=0, send_ok=0, hr=0, etc_hosts=0, lmhosts=0; extern char *optarg; extern int optind; char* target_string; char* sf=NULL; char* filename =NULL; struct ip_range range; void *buff; int sock, addr_size; struct sockaddr_in src_sockaddr, dest_sockaddr; struct in_addr *prev_in_addr=NULL; struct in_addr *next_in_addr; struct timeval select_timeout, last_send_time, current_time, diff_time, send_interval; struct timeval transmit_started, now, recv_time; struct nb_host_info* hostinfo; fd_set* fdsr; fd_set* fdsw; int sel, size; struct list* scanned; my_uint32_t rtt_base; /* Base time (seconds) for round trip time calculations */ float rtt; /* most recent measured RTT, seconds */ float srtt=0; /* smoothed rtt estimator, seconds */ float rttvar=0.75; /* smoothed mean deviation, seconds */ double delta; /* used in retransmit timeout calculations */ int rto, retransmits=0, more_to_send=1, i; char errmsg[80]; char str[80]; FILE* targetlist=NULL; /* Parse supplied options */ /**************************/ if(argc<2) { ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -