PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Improve OS detection by moving to a different port if 'tcpwrapped' is detected

Browse Source
This commit is contained in:
jay
2014-07-30 06:55:48 +00:00
parent c613586570
commit 20235c2389
3 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
osscan2.cc
View File

@@ -1089,6 +1089,30 @@ void HostOsScanStats::initScanStats() {
target->FPR->osscan_opentcpport = openTCPPort; target->FPR->osscan_opentcpport = openTCPPort;
} }
/* We should look at a different port if we know that this port is tcpwrapped */
if (o.servicescan && openTCPPort > 0 && target->ports.isTCPwrapped(openTCPPort)) {
if (o.debugging) {
log_write(LOG_STDOUT, "First choice open TCP port %d is tcpwrapped. ", openTCPPort);
}
/* Keep moving to other ports until we find one which is not tcpwrapped, or until we run out of ports */
while ((tport = target->ports.nextPort(tport, &port, IPPROTO_TCP, PORT_OPEN))) {
openTCPPort = tport->portno;
if (!target->ports.isTCPwrapped(openTCPPort)) {
break;
}
}
target->FPR->osscan_opentcpport = openTCPPort;
if (o.debugging) {
if (target->ports.isTCPwrapped(openTCPPort)) {
log_write(LOG_STDOUT, "All open TCP ports are found to be tcpwrapped. Using %d for OS detection, but results might not be accurate.\n", openTCPPort);
} else {
log_write(LOG_STDOUT, "Using non-tcpwrapped port %d for OS detection.\n", openTCPPort);
}
}
}
/* Now we should find a closed TCP port */ /* Now we should find a closed TCP port */
if (target->FPR->osscan_closedtcpport > 0) if (target->FPR->osscan_closedtcpport > 0)
closedTCPPort = target->FPR->osscan_closedtcpport; closedTCPPort = target->FPR->osscan_closedtcpport;

23
portlist.cc
View File

@@ -894,6 +894,29 @@ bool PortList::hasOpenPorts() const {
getStateCounts(PORT_UNFILTERED) != 0; getStateCounts(PORT_UNFILTERED) != 0;
} }
/* Returns true if service scan is done and portno is found to be tcpwrapped, false otherwise */
bool PortList::isTCPwrapped(u16 portno) const {
const Port *port = lookupPort(portno, IPPROTO_TCP);
if (port == NULL) {
if (o.debugging > 1) {
log_write(LOG_STDOUT, "PortList::isTCPwrapped(%d) requested but port not in list", portno);
}
return false;
} else if (!o.servicescan) {
if (o.debugging > 1) {
log_write(LOG_STDOUT, "PortList::isTCPwrapped(%d) requested but service scan was never asked to be done", portno);
}
return false;
} else if (port->service == NULL) {
if (o.debugging > 1) {
log_write(LOG_STDOUT, "PortList::isTCPwrapped(%d) requested but port has not been service scanned yet", portno);
}
return false;
} else {
return (strcmp(port->service->name,"tcpwrapped")==0);
}
}
int PortList::setStateReason(u16 portno, u8 proto, reason_t reason, u8 ttl, int PortList::setStateReason(u16 portno, u8 proto, reason_t reason, u8 ttl,
const struct sockaddr_storage *ip_addr) { const struct sockaddr_storage *ip_addr) {
Port *answer = NULL; Port *answer = NULL;

3
portlist.h
View File

@@ -320,6 +320,9 @@ class PortList {
int numPorts() const; int numPorts() const;
bool hasOpenPorts() const; bool hasOpenPorts() const;
/* Returns true if service scan is done and portno is found to be tcpwrapped, false otherwise */
bool isTCPwrapped(u16 portno) const;
private: private:
void mapPort(u16 *portno, u8 *protocol) const; void mapPort(u16 *portno, u8 *protocol) const;
/* Get Port structure from PortList structure.*/ /* Get Port structure from PortList structure.*/