PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-10 17:59:04 +00:00
Code Issues Projects Releases Wiki Activity

Fix up indentation in targets.cc.

Browse Source
This commit is contained in:
david
2010-06-07 21:25:53 +00:00
parent 7c790dbf3b
commit 2111c0ab54
1 changed files with 181 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

364
targets.cc
View File

@@ -128,23 +128,23 @@ static void arpping(Target *hostbatch[], int num_hosts) {
int targetno; int targetno;
targets.reserve(num_hosts); targets.reserve(num_hosts);
for(targetno = 0; targetno < num_hosts; targetno++) { for (targetno = 0; targetno < num_hosts; targetno++) {
initialize_timeout_info(&hostbatch[targetno]->to); initialize_timeout_info(&hostbatch[targetno]->to);
/* Default timout should be much lower for arp */ /* Default timout should be much lower for arp */
hostbatch[targetno]->to.timeout = MIN(o.initialRttTimeout(), 100) * 1000; hostbatch[targetno]->to.timeout = MIN(o.initialRttTimeout(), 100) * 1000;
if (!hostbatch[targetno]->SrcMACAddress()) { if (!hostbatch[targetno]->SrcMACAddress()) {
bool islocal = islocalhost(hostbatch[targetno]->v4hostip()); bool islocal = islocalhost(hostbatch[targetno]->v4hostip());
if (islocal) { if (islocal) {
log_write(LOG_STDOUT|LOG_NORMAL, log_write(LOG_STDOUT|LOG_NORMAL,
"ARP ping: Considering %s UP because it is a local IP, despite no MAC address for device %s\n", "ARP ping: Considering %s UP because it is a local IP, despite no MAC address for device %s\n",
hostbatch[targetno]->NameIP(), hostbatch[targetno]->deviceName()); hostbatch[targetno]->NameIP(), hostbatch[targetno]->deviceName());
hostbatch[targetno]->flags = HOST_UP; hostbatch[targetno]->flags = HOST_UP;
} else { } else {
log_write(LOG_STDOUT|LOG_NORMAL, log_write(LOG_STDOUT|LOG_NORMAL,
"ARP ping: Considering %s DOWN because no MAC address found for device %s.\n", "ARP ping: Considering %s DOWN because no MAC address found for device %s.\n",
hostbatch[targetno]->NameIP(), hostbatch[targetno]->NameIP(),
hostbatch[targetno]->deviceName()); hostbatch[targetno]->deviceName());
hostbatch[targetno]->flags = HOST_DOWN; hostbatch[targetno]->flags = HOST_DOWN;
} }
continue; continue;
} }
@@ -167,10 +167,10 @@ void returnhost(HostGroupState *hs) {
hs->next_batch_no--; hs->next_batch_no--;
} }
/* Is the host passed as Target to be excluded, much of this logic had (mdmcl) /* Is the host passed as Target to be excluded? Much of this logic had
* to be rewritten from wam's original code to allow for the objects */ to be rewritten from wam's original code to allow for the objects */
static int hostInExclude(struct sockaddr *checksock, size_t checksocklen, static int hostInExclude(struct sockaddr *checksock, size_t checksocklen,
TargetGroup *exclude_group) { TargetGroup *exclude_group) {
unsigned long tmpTarget; /* ip we examine */ unsigned long tmpTarget; /* ip we examine */
int i=0; /* a simple index */ int i=0; /* a simple index */
char targets_type; /* what is the address type of the Target Group */ char targets_type; /* what is the address type of the Target Group */
@@ -193,8 +193,7 @@ static int hostInExclude(struct sockaddr *checksock, size_t checksocklen,
targets_type = exclude_group[i].get_targets_type(); targets_type = exclude_group[i].get_targets_type();
/* Lets go through the targets until we reach our uninitialized placeholder */ /* Lets go through the targets until we reach our uninitialized placeholder */
while (exclude_group[i].get_targets_type() != TargetGroup::TYPE_NONE) while (exclude_group[i].get_targets_type() != TargetGroup::TYPE_NONE) {
{
/* while there are still hosts in the target group */ /* while there are still hosts in the target group */
while (exclude_group[i].get_next_host(&ss, &slen) == 0) { while (exclude_group[i].get_next_host(&ss, &slen) == 0) {
tmpTarget = sin->sin_addr.s_addr; tmpTarget = sin->sin_addr.s_addr;
@@ -206,12 +205,11 @@ static int hostInExclude(struct sockaddr *checksock, size_t checksocklen,
break; break;
mask = htonl((unsigned long) (0-1) << (32-exclude_group[i].get_mask())); mask = htonl((unsigned long) (0-1) << (32-exclude_group[i].get_mask()));
if ((tmpTarget & mask) == (checkhost_in->sin_addr.s_addr & mask)) { if ((tmpTarget & mask) == (checkhost_in->sin_addr.s_addr & mask)) {
exclude_group[i].rewind(); exclude_group[i].rewind();
return 1; return 1;
} else {
break;
} }
else {
break;
}
} }
/* For ranges we need to be a little more slick, if we don't find a match /* For ranges we need to be a little more slick, if we don't find a match
* we should skip the rest of the addrs in the octet, thank wam for this * we should skip the rest of the addrs in the octet, thank wam for this
@@ -222,13 +220,13 @@ static int hostInExclude(struct sockaddr *checksock, size_t checksocklen,
if (tmpTarget == checkhost_in->sin_addr.s_addr) { if (tmpTarget == checkhost_in->sin_addr.s_addr) {
exclude_group[i].rewind(); exclude_group[i].rewind();
return 1; return 1;
} } else {
else { /* note these are in network byte order */ /* note these are in network byte order */
if ((tmpTarget & 0x000000ff) != (checkhost_in->sin_addr.s_addr & 0x000000ff)) if ((tmpTarget & 0x000000ff) != (checkhost_in->sin_addr.s_addr & 0x000000ff))
exclude_group[i].skip_range(TargetGroup::FIRST_OCTET); exclude_group[i].skip_range(TargetGroup::FIRST_OCTET);
else if ((tmpTarget & 0x0000ff00) != (checkhost_in->sin_addr.s_addr & 0x0000ff00)) else if ((tmpTarget & 0x0000ff00) != (checkhost_in->sin_addr.s_addr & 0x0000ff00))
exclude_group[i].skip_range(TargetGroup::SECOND_OCTET); exclude_group[i].skip_range(TargetGroup::SECOND_OCTET);
else if ((tmpTarget & 0x00ff0000) != (checkhost_in->sin_addr.s_addr & 0x00ff0000)) else if ((tmpTarget & 0x00ff0000) != (checkhost_in->sin_addr.s_addr & 0x00ff0000))
exclude_group[i].skip_range(TargetGroup::THIRD_OCTET); exclude_group[i].skip_range(TargetGroup::THIRD_OCTET);
continue; continue;
@@ -342,14 +340,12 @@ size_t read_host_from_file(FILE *fp, char *buf, size_t n)
return i; return i;
} }
/* A debug routine to dump some information to stdout. (mdmcl) /* A debug routine to dump some information to stdout. Invoked if debugging is
* Invoked if debugging is set to 3 or higher set to 3 or higher. I had to make significant changes from wam's code.
* I had to make signigicant changes from wam's code. Although wam Although wam displayed much more detail, alot of this is now hidden inside of
* displayed much more detail, alot of this is now hidden inside the Target Group Object. Rather than writing a bunch of methods to return
* of the Target Group Object. Rather than writing a bunch of methods private attributes, which would only be used for debugging, I went for the
* to return private attributes, which would only be used for method below. */
* debugging, I went for the method below.
*/
int dumpExclude(TargetGroup *exclude_group) { int dumpExclude(TargetGroup *exclude_group) {
int i=0, debug_save=0, type=TargetGroup::TYPE_NONE; int i=0, debug_save=0, type=TargetGroup::TYPE_NONE;
unsigned int mask = 0; unsigned int mask = 0;
@@ -357,31 +353,30 @@ int dumpExclude(TargetGroup *exclude_group) {
struct sockaddr_in *sin = (struct sockaddr_in *) &ss; struct sockaddr_in *sin = (struct sockaddr_in *) &ss;
size_t slen; size_t slen;
/* shut off debugging for now, this is a debug routine in itself, /* shut off debugging for now, this is a debug routine in itself, we don't
* we don't want to see all the debug messages inside of the object */ want to see all the debug messages inside of the object */
debug_save = o.debugging; debug_save = o.debugging;
o.debugging = 0; o.debugging = 0;
while ((type = exclude_group[i].get_targets_type()) != TargetGroup::TYPE_NONE) while ((type = exclude_group[i].get_targets_type()) != TargetGroup::TYPE_NONE) {
{
switch (type) { switch (type) {
case TargetGroup::IPV4_NETMASK: case TargetGroup::IPV4_NETMASK:
exclude_group[i].get_next_host(&ss, &slen); exclude_group[i].get_next_host(&ss, &slen);
mask = exclude_group[i].get_mask(); mask = exclude_group[i].get_mask();
error("exclude host group %d is %s/%d", i, inet_ntoa(sin->sin_addr), mask); error("exclude host group %d is %s/%d", i, inet_ntoa(sin->sin_addr), mask);
break; break;
case TargetGroup::IPV4_RANGES: case TargetGroup::IPV4_RANGES:
while (exclude_group[i].get_next_host(&ss, &slen) == 0) while (exclude_group[i].get_next_host(&ss, &slen) == 0)
error("exclude host group %d is %s", i, inet_ntoa(sin->sin_addr)); error("exclude host group %d is %s", i, inet_ntoa(sin->sin_addr));
break; break;
case TargetGroup::IPV6_ADDRESS: case TargetGroup::IPV6_ADDRESS:
fatal("IPV6 addresses are not supported in the exclude file\n"); fatal("IPV6 addresses are not supported in the exclude file\n");
break; break;
default: default:
fatal("Unknown target type in exclude file.\n"); fatal("Unknown target type in exclude file.\n");
} }
exclude_group[i++].rewind(); exclude_group[i++].rewind();
} }
@@ -425,34 +420,33 @@ static void massping(Target *hostbatch[], int num_hosts, struct scan_lists *port
} }
Target *nexthost(HostGroupState *hs, TargetGroup *exclude_group, Target *nexthost(HostGroupState *hs, TargetGroup *exclude_group,
struct scan_lists *ports, int pingtype) { struct scan_lists *ports, int pingtype) {
int hidx = 0; int hidx = 0;
int i; int i;
struct sockaddr_storage ss; struct sockaddr_storage ss;
size_t sslen; size_t sslen;
struct intf_entry *ifentry; struct intf_entry *ifentry;
u32 ifbuf[200] ; u32 ifbuf[200] ;
struct route_nfo rnfo; struct route_nfo rnfo;
bool arpping_done = false; bool arpping_done = false;
struct timeval now; struct timeval now;
ifentry = (struct intf_entry *) ifbuf; ifentry = (struct intf_entry *) ifbuf;
ifentry->intf_len = sizeof(ifbuf); // TODO: May want to use a larger buffer if interface aliases prove important. ifentry->intf_len = sizeof(ifbuf); // TODO: May want to use a larger buffer if interface aliases prove important.
if (hs->next_batch_no < hs->current_batch_sz) { if (hs->next_batch_no < hs->current_batch_sz) {
/* Woop! This is easy -- we just pass back the next host struct */ /* Woop! This is easy -- we just pass back the next host struct */
return hs->hostbatch[hs->next_batch_no++]; return hs->hostbatch[hs->next_batch_no++];
} }
/* Doh, we need to refresh our array */ /* Doh, we need to refresh our array */
/* for(i=0; i < hs->max_batch_sz; i++) hs->hostbatch[i] = new Target(); */ /* for (i=0; i < hs->max_batch_sz; i++) hs->hostbatch[i] = new Target(); */
hs->current_batch_sz = hs->next_batch_no = 0; hs->current_batch_sz = hs->next_batch_no = 0;
do { do {
/* Grab anything we have in our current_expression */ /* Grab anything we have in our current_expression */
while (hs->current_batch_sz < hs->max_batch_sz && while (hs->current_batch_sz < hs->max_batch_sz &&
hs->current_expression.get_next_host(&ss, &sslen) == 0) hs->current_expression.get_next_host(&ss, &sslen) == 0) {
{
if (hostInExclude((struct sockaddr *)&ss, sslen, exclude_group)) { if (hostInExclude((struct sockaddr *)&ss, sslen, exclude_group)) {
continue; /* Skip any hosts the user asked to exclude */ continue; /* Skip any hosts the user asked to exclude */
} }
hidx = hs->current_batch_sz; hidx = hs->current_batch_sz;
hs->hostbatch[hidx] = new Target(); hs->hostbatch[hidx] = new Target();
@@ -467,119 +461,123 @@ do {
} }
/* We figure out the source IP/device IFF /* We figure out the source IP/device IFF
1) We are r00t AND 1) We are r00t AND
2) We are doing tcp or udp pingscan OR 2) We are doing tcp or udp pingscan OR
3) We are doing a raw-mode portscan or osscan or traceroute OR 3) We are doing a raw-mode portscan or osscan or traceroute OR
4) We are on windows and doing ICMP ping */ 4) We are on windows and doing ICMP ping */
if (o.isr00t && o.af() == AF_INET && if (o.isr00t && o.af() == AF_INET &&
((pingtype & (PINGTYPE_TCP|PINGTYPE_UDP|PINGTYPE_SCTP_INIT|PINGTYPE_PROTO|PINGTYPE_ARP)) || o.RawScan() ((pingtype & (PINGTYPE_TCP|PINGTYPE_UDP|PINGTYPE_SCTP_INIT|PINGTYPE_PROTO|PINGTYPE_ARP)) || o.RawScan()
#ifdef WIN32 #ifdef WIN32
|| (pingtype & (PINGTYPE_ICMP_PING|PINGTYPE_ICMP_MASK|PINGTYPE_ICMP_TS)) || (pingtype & (PINGTYPE_ICMP_PING|PINGTYPE_ICMP_MASK|PINGTYPE_ICMP_TS))
#endif // WIN32 #endif // WIN32
)) { )) {
hs->hostbatch[hidx]->TargetSockAddr(&ss, &sslen); hs->hostbatch[hidx]->TargetSockAddr(&ss, &sslen);
if (!route_dst(&ss, &rnfo)) { if (!route_dst(&ss, &rnfo)) {
fatal("%s: failed to determine route to %s", __func__, hs->hostbatch[hidx]->NameIP()); fatal("%s: failed to determine route to %s", __func__, hs->hostbatch[hidx]->NameIP());
} }
if (rnfo.direct_connect) { if (rnfo.direct_connect) {
hs->hostbatch[hidx]->setDirectlyConnected(true); hs->hostbatch[hidx]->setDirectlyConnected(true);
} else { } else {
hs->hostbatch[hidx]->setDirectlyConnected(false); hs->hostbatch[hidx]->setDirectlyConnected(false);
hs->hostbatch[hidx]->setNextHop(&rnfo.nexthop, hs->hostbatch[hidx]->setNextHop(&rnfo.nexthop,
sizeof(rnfo.nexthop)); sizeof(rnfo.nexthop));
} }
hs->hostbatch[hidx]->setIfType(rnfo.ii.device_type); hs->hostbatch[hidx]->setIfType(rnfo.ii.device_type);
if (rnfo.ii.device_type == devt_ethernet) { if (rnfo.ii.device_type == devt_ethernet) {
if (o.spoofMACAddress()) if (o.spoofMACAddress())
hs->hostbatch[hidx]->setSrcMACAddress(o.spoofMACAddress()); hs->hostbatch[hidx]->setSrcMACAddress(o.spoofMACAddress());
else hs->hostbatch[hidx]->setSrcMACAddress(rnfo.ii.mac); else
} hs->hostbatch[hidx]->setSrcMACAddress(rnfo.ii.mac);
hs->hostbatch[hidx]->setSourceSockAddr(&rnfo.srcaddr, sizeof(rnfo.srcaddr)); }
if (hidx == 0) /* Because later ones can have different src addy and be cut off group */ hs->hostbatch[hidx]->setSourceSockAddr(&rnfo.srcaddr, sizeof(rnfo.srcaddr));
o.decoys[o.decoyturn] = hs->hostbatch[hidx]->v4source(); if (hidx == 0) /* Because later ones can have different src addy and be cut off group */
hs->hostbatch[hidx]->setDeviceNames(rnfo.ii.devname, rnfo.ii.devfullname); o.decoys[o.decoyturn] = hs->hostbatch[hidx]->v4source();
// printf("Target %s %s directly connected, goes through local iface %s, which %s ethernet\n", hs->hostbatch[hidx]->NameIP(), hs->hostbatch[hidx]->directlyConnected()? "IS" : "IS NOT", hs->hostbatch[hidx]->deviceName(), (hs->hostbatch[hidx]->ifType() == devt_ethernet)? "IS" : "IS NOT"); hs->hostbatch[hidx]->setDeviceNames(rnfo.ii.devname, rnfo.ii.devfullname);
// printf("Target %s %s directly connected, goes through local iface %s, which %s ethernet\n", hs->hostbatch[hidx]->NameIP(), hs->hostbatch[hidx]->directlyConnected()? "IS" : "IS NOT", hs->hostbatch[hidx]->deviceName(), (hs->hostbatch[hidx]->ifType() == devt_ethernet)? "IS" : "IS NOT");
} }
/* In some cases, we can only allow hosts that use the same device in a
/* In some cases, we can only allow hosts that use the same group. Similarly, we don't mix directly-connected boxes with those that
device in a group. Similarly, we don't mix aren't */
directly-connected boxes with those that aren't */
if (o.af() == AF_INET && o.isr00t && hidx > 0 && if (o.af() == AF_INET && o.isr00t && hidx > 0 &&
hs->hostbatch[hidx]->deviceName() && hs->hostbatch[hidx]->deviceName() &&
(hs->hostbatch[hidx]->v4source().s_addr != hs->hostbatch[0]->v4source().s_addr || (hs->hostbatch[hidx]->v4source().s_addr != hs->hostbatch[0]->v4source().s_addr ||
strcmp(hs->hostbatch[0]->deviceName(), strcmp(hs->hostbatch[0]->deviceName(),
hs->hostbatch[hidx]->deviceName()) != 0 hs->hostbatch[hidx]->deviceName()) != 0
|| hs->hostbatch[hidx]->directlyConnected() != hs->hostbatch[0]->directlyConnected())) { || hs->hostbatch[hidx]->directlyConnected() != hs->hostbatch[0]->directlyConnected())) {
/* Cancel everything! This guy must go in the next group and we are /* Cancel everything! This guy must go in the next group and we are
out of here */ out of here */
hs->current_expression.return_last_host(); hs->current_expression.return_last_host();
delete hs->hostbatch[hidx]; delete hs->hostbatch[hidx];
goto batchfull; goto batchfull;
} }
hs->current_batch_sz++; hs->current_batch_sz++;
} }
if (hs->current_batch_sz < hs->max_batch_sz && if (hs->current_batch_sz < hs->max_batch_sz &&
hs->next_expression < hs->num_expressions) { hs->next_expression < hs->num_expressions) {
/* We are going to have to pop in another expression. */ /* We are going to have to pop in another expression. */
while(hs->current_expression.parse_expr(hs->target_expressions[hs->next_expression++], o.af()) != 0) while(hs->current_expression.parse_expr(hs->target_expressions[hs->next_expression++], o.af()) != 0)
if (hs->next_expression >= hs->num_expressions) if (hs->next_expression >= hs->num_expressions)
break; break;
} else break; } else break;
} while(1); } while(1);
batchfull: batchfull:
if (hs->current_batch_sz == 0) if (hs->current_batch_sz == 0)
return NULL; return NULL;
/* OK, now we have our complete batch of entries. The next step is to /* OK, now we have our complete batch of entries. The next step is to
randomize them (if requested) */ randomize them (if requested) */
if (hs->randomize) { if (hs->randomize) {
hoststructfry(hs->hostbatch, hs->current_batch_sz); hoststructfry(hs->hostbatch, hs->current_batch_sz);
} }
/* First I'll do the ARP ping if all of the machines in the group are /* First I'll do the ARP ping if all of the machines in the group are
directly connected over ethernet. I may need the MAC addresses directly connected over ethernet. I may need the MAC addresses
later anyway. */ later anyway. */
if (hs->hostbatch[0]->ifType() == devt_ethernet && if (hs->hostbatch[0]->ifType() == devt_ethernet &&
hs->hostbatch[0]->directlyConnected() && hs->hostbatch[0]->directlyConnected() &&
o.sendpref != PACKET_SEND_IP_STRONG) { o.sendpref != PACKET_SEND_IP_STRONG) {
arpping(hs->hostbatch, hs->current_batch_sz); arpping(hs->hostbatch, hs->current_batch_sz);
arpping_done = true; arpping_done = true;
} }
gettimeofday(&now, NULL); gettimeofday(&now, NULL);
if ((o.sendpref & PACKET_SEND_ETH) && if ((o.sendpref & PACKET_SEND_ETH) &&
hs->hostbatch[0]->ifType() == devt_ethernet) { hs->hostbatch[0]->ifType() == devt_ethernet) {
for(i=0; i < hs->current_batch_sz; i++) for (i=0; i < hs->current_batch_sz; i++) {
if (!(hs->hostbatch[i]->flags & HOST_DOWN) && if (!(hs->hostbatch[i]->flags & HOST_DOWN) &&
!hs->hostbatch[i]->timedOut(&now)) !hs->hostbatch[i]->timedOut(&now)) {
if (!setTargetNextHopMAC(hs->hostbatch[i])) if (!setTargetNextHopMAC(hs->hostbatch[i])) {
fatal("%s: Failed to determine dst MAC address for target %s", fatal("%s: Failed to determine dst MAC address for target %s",
__func__, hs->hostbatch[i]->NameIP()); __func__, hs->hostbatch[i]->NameIP());
} }
}
/* TODO: Maybe I should allow real ping scan of directly connected }
ethernet hosts? */ }
/* Then we do the mass ping (if required - IP-level pings) */
if ((pingtype == PINGTYPE_NONE && !arpping_done) || hs->hostbatch[0]->ifType() == devt_loopback) { /* TODO: Maybe I should allow real ping scan of directly connected
for(i=0; i < hs->current_batch_sz; i++) { ethernet hosts? */
if (!hs->hostbatch[i]->timedOut(&now)) { /* Then we do the mass ping (if required - IP-level pings) */
initialize_timeout_info(&hs->hostbatch[i]->to); if ((pingtype == PINGTYPE_NONE && !arpping_done) || hs->hostbatch[0]->ifType() == devt_loopback) {
hs->hostbatch[i]->flags |= HOST_UP; /*hostbatch[i].up = 1;*/ for (i=0; i < hs->current_batch_sz; i++) {
if(pingtype == PINGTYPE_NONE && !arpping_done) if (!hs->hostbatch[i]->timedOut(&now)) {
hs->hostbatch[i]->reason.reason_id = ER_USER; initialize_timeout_info(&hs->hostbatch[i]->to);
else hs->hostbatch[i]->flags |= HOST_UP; /*hostbatch[i].up = 1;*/
hs->hostbatch[i]->reason.reason_id = ER_LOCALHOST; if (pingtype == PINGTYPE_NONE && !arpping_done)
} hs->hostbatch[i]->reason.reason_id = ER_USER;
} else
} else if (!arpping_done) { hs->hostbatch[i]->reason.reason_id = ER_LOCALHOST;
massping(hs->hostbatch, hs->current_batch_sz, ports); }
} }
} else if (!arpping_done) {
if (!o.noresolve) nmap_mass_rdns(hs->hostbatch, hs->current_batch_sz); massping(hs->hostbatch, hs->current_batch_sz, ports);
}
return hs->hostbatch[hs->next_batch_no++];
if (!o.noresolve)
nmap_mass_rdns(hs->hostbatch, hs->current_batch_sz);
return hs->hostbatch[hs->next_batch_no++];
} }