?? dps.c
字號:
* We'll send one ICMP ECHO request packet to the target host.
* If ICMP ECHO REPLY is received, the target is UP.
* If ICMP HOST UNREACHABLE is received, the target is UNREACHABLE.
* If the REQUEST timed out, the target is assumed to be OFFLINE.
*/
/* set the filter */
pcap_cfg.f_code = ( char * ) malloc( 100 );
sprintf(pcap_cfg.f_code, "src host %s and dst host %s and icmp\0",
libnet_addr2name4( target_ip, LIBNET_DONT_RESOLVE ),
libnet_addr2name4( local_ip_addr, LIBNET_DONT_RESOLVE ) );
/* compile the filter */
if( pcap_compile( pcap_cfg.p, &pcap_cfg.f_program,
pcap_cfg.f_code, 1, pcap_cfg.netmask ) == -1 )
{
printf("Cannot compile the filter code: %s\n", pcap_geterr( pcap_cfg.p ) );
pcap_close( pcap_cfg.p );
exit( EXIT_FAILURE );
}
free( pcap_cfg.f_code );
/* Set the filter program on the interface */
dps_set_filter( pcap_cfg.f_program );
/* build the ICMP ECHO REQUEST packet */
dps_build_icmp( local_ip_addr, target_ip, local_eth_addr, remote_eth );
/* write the packet */
dps_write_packet();
/* listen for the response */
start_time = time( NULL );
while( start_time + PING_TIMEOUT > time( NULL ) )
{
rcv_packet = ( u_int8_t * ) pcap_next( pcap_cfg.p, &header );
if( rcv_packet == NULL || rcv_packet == 0 )
continue;
ip_hl = ( rcv_packet[ LIBNET_ETH_H ] & 0X0F ) << 0X02;
icmp = ( struct libnet_icmp_hdr * ) ( rcv_packet + LIBNET_ETH_H + ip_hl );
if( icmp->icmp_type != ICMP_ECHOREPLY || icmp->icmp_code != 0 )
continue;
if( ntohs( icmp->icmp_id ) != 0X2233 || ntohs( icmp->icmp_seq ) != 0X5544 )
continue;
return 1;
}
/* the host is not PINGable */
return 0;
}
void dps_build_icmp( u_int32_t src_ip, u_int32_t dst_ip,
u_int8_t *src_eth, u_int8_t *dst_eth )
{
libnet_cfg.icmp = libnet_build_icmpv4_echo(
ICMP_ECHO, /* ICMP type */
0, /* ICMP code */
0, /* checksum */
0X2233, /* Identification (arbitrary) */
0X5544, /* ICMP ECHO sequence number (arbitrary) */
NULL, /* optional payload */
0, /* payload size */
libnet_cfg.l, /* libnet handle */
0 /* libnet protocol tag */
);
if( libnet_cfg.icmp == -1 )
{
printf("Cannot build ICMP ECHO header\n");
exit( EXIT_FAILURE );
}
libnet_cfg.ip = libnet_build_ipv4(
ICMPIP_LEN,
TOS,
ID,
0,
TTL,
IPPROTO_ICMP,
0,
src_ip,
dst_ip,
NULL,
0,
libnet_cfg.l,
0
);
if( libnet_cfg.ip == -1 )
{
printf("Cannot build IP header\n");
exit( EXIT_FAILURE );
}
libnet_cfg.eth = libnet_build_ethernet(
dst_eth, /* Ethernet destinatin address */
src_eth, /* Ethernet source address */
ETHERTYPE_IP, /* protocol type */
NULL, /* optional payload */
0, /* payload size */
libnet_cfg.l, /* libnet handle */
0 /* libnet protocol tag */
);
if( libnet_cfg.eth == -1 )
{
printf("Cannot build Ethernet header\n");
exit( EXIT_FAILURE );
}
}
void dps_write_packet()
{
int c;
/* inject the packet in libnet_cfg.l */
c = libnet_write( libnet_cfg.l );
if( c == -1 )
{
printf("Cannot write packet\n");
exit( EXIT_FAILURE );
}
/* clear the packet */
libnet_clear_packet( libnet_cfg.l );
}
void dps_set_filter( struct bpf_program program )
{
int c;
/* Setting the filter */
c = pcap_setfilter( pcap_cfg.p, &program );
if( c == -1 )
{
printf("Cannot set the filter\n");
pcap_close( pcap_cfg.p );
exit( EXIT_FAILURE );
}
}
void dps_print()
{
int i;
struct port_data *ptr;
printf("=========================== SCAN RESULT ===========================\n");
printf("Scanned Host: %s ", libnet_addr2name4( target_ip, LIBNET_DONT_RESOLVE ) );
if( cfg.resolve )
printf("(%s)", libnet_addr2name4( target_ip, LIBNET_RESOLVE ) );
printf("\n");
printf("Scan Type: %s\n", scan_type_str );
printf("Total Scan Time: %d seconds\n", scan_time );
printf("Number of scanned ports: %d\n", result.counter);
printf(" { ");
if( result.open ) printf("[open %d] ", result.open);
if( result.closed ) printf("[closed %d] ", result.closed);
if( result.filtered ) printf("[filtered %d] ", result.filtered);
if( result.unfiltered ) printf("[unfiltered %d] ", result.unfiltered);
if( result.open_filtered ) printf("[open|filtered %d]", result.open_filtered);
printf(" }\n\n");
if( !cfg.windows )
{
printf(" ---- ------ ------- ---------------\n");
printf(" port status service used spoofed IP\n");
printf(" ---- ------ ------- ---------------\n");
}
else
{
printf(" ---- ------------- ----------- ------- ---------------\n");
printf(" port status(linux) status(win) service used spoofed IP\n");
printf(" ---- ------------- ----------- ------- ---------------\n");
}
ptr = result.data;
for( i = 0; i < result.counter; i++ )
{
printf(" %-7d", ptr->port );
switch( ptr->status )
{
case PORT_OPEN:
printf("%-14s", "open" );
break;
case PORT_CLOSED:
printf("%-14s", "closed" );
break;
case PORT_FILTERED:
printf("%-14s", "filtered" );
break;
case PORT_UNFILTERED:
printf("%-14s", "unfiltered" );
break;
case PORT_OPEN + PORT_FILTERED:
printf("%-14s", "open|filtered" );
break;
}
if( cfg.windows )
{
switch( ptr->status_win )
{
case PORT_OPEN:
printf("%-14s", "open" );
break;
case PORT_CLOSED:
printf("%-14s", "closed" );
break;
case PORT_FILTERED:
printf("%-14s", "filtered" );
break;
case PORT_UNFILTERED:
printf("%-14s", "unfiltered" );
break;
case PORT_OPEN + PORT_CLOSED:
printf("%-14s", "open|closed" );
break;
case PORT_OPEN + PORT_FILTERED:
printf("%-14s", "open|filtered" );
break;
}
}
printf("%-12s", b_search( ptr->port ) );
printf("%s ", libnet_addr2name4( ptr->spoofed_ip, LIBNET_DONT_RESOLVE ) );
if( cfg.resolve )
printf("(%s)", libnet_addr2name4( ptr->spoofed_ip, LIBNET_RESOLVE) );
printf("\n");
ptr = ptr->next;
}
}
void dps_cleanup()
{
struct port_data *ptr1;
struct port_data *ptr2;
/* free dynamically allocated pointers */
if( cfg.scan_type ) free( cfg.scan_type );
if( cfg.port_list ) free( cfg.port_list );
if( cfg.source_ports ) free( cfg.source_ports );
if( cfg.source_ips ) free( cfg.source_ips );
if( cfg.target_ips ) free( cfg.target_ips );
if( local_eth_addr ) free( local_eth_addr );
if( remote_eth ) free( remote_eth );
/* Free the Linked-List */
ptr1 = result.data;
while( ptr1 != NULL )
{
ptr2 = ptr1;
ptr1 = ptr1->next;
free( ptr2 );
}
/* Shutdown Libpcap and Libnet */
pcap_close( pcap_cfg.p );
libnet_plist_chain_free( libnet_cfg.plist );
libnet_destroy( libnet_cfg.l );
}
int dps_catch_signal( int signo, void( *handler )() )
{
struct sigaction action;
/* set the action struct */
action.sa_handler = handler;
sigemptyset( &action.sa_mask );
action.sa_flags = 0;
/* assign the action to the signal */
if( sigaction( signo, &action, NULL ) == -1 )
return -1;
else
return 1;
}
void dps_signal_handler()
{
/* signal is cought! */
printf("Signal cought.. Shutting Down...\n");
/* print whatever results there are */
dps_print();
/* cleanup before exiting */
dps_cleanup();
}
void dps_usage( char *cmd )
{
printf(
"============================================================\n"
BANNER "\n"
COPYRIGHT "\n"
"============================================================\n"
"Usage:\n"
"%s [options] hostname | ip\n"
"options:\n"
" -t Scan Type: (default: S)\n"
" N NULL Scan F FIN Scan S SYN Scan\n"
" P PSH Scan A ACK Scan U URG Scan\n"
" X XMAS Scan X1 XMAS2 Scan X2 XMAS2 Scan\n"
" X3 XMAS3 Scan U UDP Scan\n"
" -p <ports> Port list to scan (default: 1-1024)\n"
" -i <device> Device to use (optional)\n"
" -T <secs> Scan time-out in seconds (default: 1 sec)\n"
" -P <no> PINGing option: (default: 1)\n"
" 0 DONT PING 1 PING\n"
" -d Do NOT resolve hostname or lookup IP address\n"
" -w Show port status if the scanned host is Windows\n"
" -h Help (this menu)\n"
" -v[v] Verbosity\n",
cmd
);
}
/* EOF */
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -