PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-22 07:29:01 +00:00
Code Issues Projects Releases Wiki Activity

get rid of silly top-level trunk dir

Browse Source
This commit is contained in:
fyodor
2005-04-11 22:34:19 +00:00
commit 26ce3d66f4
346 changed files with 245872 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
scripts/Makefile Normal file
View File

@@ -0,0 +1,30 @@
CC=gcc
CPP=g++
INCLUDE_FLAGS= -I.. -I../nbase -I../libpcap-possiblymodified
LINK_FLAGS=-L.. -L../nbase -L../libpcap-possiblymodified
NMAP_OBJS=../osscan.o ../nmap_error.o ../utils.o ../tcpip.o ../output.o ../nmap.o ../scan_engine.o ../portlist.o ../timing.o ../nmap_rpc.o ../charpool.o ../services.o ../targets.o ../idle_scan.o ../protocols.o ../FingerPrintResults.o ../NmapOps.o ../TargetGroup.o ../Target.o ../NmapOutputTable.o ../service_scan.o ../nsock/src/libnsock.a
DEFINES=-DHAVE_CONFIG_H=1
all: fingermatch fingerdiff servicematch
dummy:
fingermatch: dummy
$(CPP) -g -Wall $(INCLUDE_FLAGS) $(LINK_FLAGS) $(DEFINES) -o $@ $@.cc $(NMAP_OBJS) -lm -lnbase -lpcap -lpcre -lssl -lcrypt
fingerdiff: dummy
$(CPP) -g -Wall $(INCLUDE_FLAGS) $(LINK_FLAGS) $(DEFINES) -o $@ $@.cc $(NMAP_OBJS) -lm -lnbase -lpcap -lpcre -lssl -lcrypt
servicematch: dummy
$(CPP) -g -Wall $(INCLUDE_FLAGS) $(LINK_FLAGS) $(DEFINES) -o $@ $@.cc $(NMAP_OBJS) -lm -lnbase -lpcap -lpcre -lssl -lcrypt
web:
test x$(wroot) != x
cd .. && cp -a CHANGELOG HACKING COPYING COPYING.OpenSSL INSTALL $(DATAFILES) README-WIN32 mswin32/nmap_performance.reg $(wroot)/nmap/data
cd ../docs && cp -a nmap_manpage*.html nmap*.1 xnmap.1 nmap.usage.txt nmap.dtd nmap.xsl $(wroot)/nmap/data/
./sort-prints.pl ../nmap-os-fingerprints > nos && mv nos ../nmap-os-fingerprints
./produceosclasschoosebox.pl ../nmap-os-fingerprints > $(wroot)/nmap/data/os-classes.txt
./sign_release.pl $(wroot)/nmap/dist
find $(wroot)/nmap/data/ -type f -exec chmod 644 '{}' \;
find $(wroot)/nmap/dist/sigs -type f -exec chmod 644 '{}' \;

273
scripts/fingerdiff.cc Normal file
View File

@@ -0,0 +1,273 @@
/***************************************************************************
* fingerdiff.c -- A relatively simple utility for determining the *
* differences between a "reference" fingerprint (which can have *
* expressions as attributes) and an observed fingerprint (no *
* expressions). *
* *
***********************IMPORTANT NMAP LICENSE TERMS************************
* *
* The Nmap Security Scanner is (C) 1996-2004 Insecure.Com LLC. Nmap *
* is also a registered trademark of Insecure.Com LLC. This program is *
* free software; you may redistribute and/or modify it under the *
* terms of the GNU General Public License as published by the Free *
* Software Foundation; Version 2. This guarantees your right to use, *
* modify, and redistribute this software under certain conditions. If *
* you wish to embed Nmap technology into proprietary software, we may be *
* willing to sell alternative licenses (contact sales@insecure.com). *
* Many security scanner vendors already license Nmap technology such as *
* our remote OS fingerprinting database and code, service/version *
* detection system, and port scanning code. *
* *
* Note that the GPL places important restrictions on "derived works", yet *
* it does not provide a detailed definition of that term. To avoid *
* misunderstandings, we consider an application to constitute a *
* "derivative work" for the purpose of this license if it does any of the *
* following: *
* o Integrates source code from Nmap *
* o Reads or includes Nmap copyrighted data files, such as *
* nmap-os-fingerprints or nmap-service-probes. *
* o Executes Nmap and parses the results (as opposed to typical shell or *
* execution-menu apps, which simply display raw Nmap output and so are *
* not derivative works.) *
* o Integrates/includes/aggregates Nmap into a proprietary executable *
* installer, such as those produced by InstallShield. *
* o Links to a library or executes a program that does any of the above *
* *
* The term "Nmap" should be taken to also include any portions or derived *
* works of Nmap. This list is not exclusive, but is just meant to *
* clarify our interpretation of derived works with some common examples. *
* These restrictions only apply when you actually redistribute Nmap. For *
* example, nothing stops you from writing and selling a proprietary *
* front-end to Nmap. Just distribute it by itself, and point people to *
* http://www.insecure.org/nmap/ to download Nmap. *
* *
* We don't consider these to be added restrictions on top of the GPL, but *
* just a clarification of how we interpret "derived works" as it applies *
* to our GPL-licensed Nmap product. This is similar to the way Linus *
* Torvalds has announced his interpretation of how "derived works" *
* applies to Linux kernel modules. Our interpretation refers only to *
* Nmap - we don't speak for any other GPL products. *
* *
* If you have any questions about the GPL licensing restrictions on using *
* Nmap in non-GPL works, we would be happy to help. As mentioned above, *
* we also offer alternative license to integrate Nmap into proprietary *
* applications and appliances. These contracts have been sold to many *
* security vendors, and generally include a perpetual license as well as *
* providing for priority support and updates as well as helping to fund *
* the continued development of Nmap technology. Please email *
* sales@insecure.com for further information. *
* *
* As a special exception to the GPL terms, Insecure.Com LLC grants *
* permission to link the code of this program with any version of the *
* OpenSSL library which is distributed under a license identical to that *
* listed in the included Copying.OpenSSL file, and distribute linked *
* combinations including the two. You must obey the GNU GPL in all *
* respects for all of the code used other than OpenSSL. If you modify *
* this file, you may extend this exception to your version of the file, *
* but you are not obligated to do so. *
* *
* If you received these files with a written license agreement or *
* contract stating terms other than the terms above, then that *
* alternative license agreement takes precedence over these comments. *
* *
* Source is provided to this software because we believe users have a *
* right to know exactly what a program is going to do before they run it. *
* This also allows you to audit the software for security holes (none *
* have been found so far). *
* *
* Source code also allows you to port Nmap to new platforms, fix bugs, *
* and add new features. You are highly encouraged to send your changes *
* to fyodor@insecure.org for possible incorporation into the main *
* distribution. By sending these changes to Fyodor or one the *
* Insecure.Org development mailing lists, it is assumed that you are *
* offering Fyodor and Insecure.Com LLC the unlimited, non-exclusive right *
* to reuse, modify, and relicense the code. Nmap will always be *
* available Open Source, but this is important because the inability to *
* relicense code has caused devastating problems for other Free Software *
* projects (such as KDE and NASM). We also occasionally relicense the *
* code to third parties as discussed above. If you wish to specify *
* special license conditions of your contributions, just say so when you *
* send them. *
* *
* This program is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* General Public License for more details at *
* http://www.gnu.org/copyleft/gpl.html , or in the COPYING file included *
* with Nmap. *
* *
***************************************************************************/
/* $Id$ */
#include "nbase.h"
#include "nmap.h"
#include "osscan.h"
void usage(char *err_fmt, ...) {
va_list ap;
if (err_fmt) {
va_start(ap, err_fmt);
fflush(stdout);
vfprintf(stderr, err_fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
printf("\nUsage: Use fingerdiff w/o any arguments to read the reference\n"
" FP front stdin, or give filename:lineno to read it from\n"
" nmap-os-fingerprints.\n\n");
exit(1);
}
/* Returns -1 (or exits) for failure */
int readFP(FILE *filep, char *newFP, int newFPsz ) {
char line[512], lasttestname[64];
int linelen;
int lastlinelen = 0;
int printlen = 0;
int adjusted = 0; /* Flags if we have adjusted the entered fingerprint */
char *p;
if (newFPsz < 50) return -1;
newFP[0] = lasttestname[0] = '\0';
while((fgets(line, sizeof(line), filep))) {
if (*line == '\n' || *line == '.')
break;
linelen = strlen(line);
/* Check if it is a duplicate testname */
if (*line == '#')
continue;
p = strchr(line, '(');
if (p) {
*p = '\0';
if (strcmp(line, lasttestname) == 0) {
adjusted = 1;
if (lastlinelen >= linelen)
continue;
/* The new one is longer (and thus probably better) -- clobber the last
line */
printlen -= lastlinelen;
newFP[printlen] = '\0';
}
Strncpy(lasttestname, line, sizeof(lasttestname));
lastlinelen = linelen;
*p = '(';
} else {
/* The only legitimate non-comment line that doesn't have a ( is the
initial Fingerprint and the following Class line(s) */
if (strncmp(line, "Class ", 6) == 0) {
char *q = line + 6;
while(*q && isspace(*q)) q++;
if (!*q) continue; // Empty class line
} else if (strncmp(line, "Fingerprint ", 12) != 0) {
printf("Warning: Bogus line skipped\n");
continue;
}
}
if (printlen + linelen >= newFPsz - 5)
fatal("Overflow!");
strcpy(newFP + printlen, line);
printlen += linelen;
}
if (adjusted) {
printf("\n**WARNING**: Adjusted fingerprint due to duplicated tests (we only look at the first). Results are based on this adjusted fingerprint:\n%s\n",
newFP);
}
/* Now we validate that all elements are present */
p = newFP;
if (!strstr(p, "TSeq(") || !strstr(p, "T1(") || !strstr(p, "T2(") ||
!strstr(p, "T3(") || !strstr(p, "T4(") || !strstr(p, "T5(") ||
!strstr(p, "T6(") || !strstr(p, "T7(") || !strstr(p, "PU(")) {
/* This ought to get my attention :) */
printf("\n"
"********************************************************\n"
"***WARNING: Fingerprint is missing at least 1 element***\n"
"********************************************************\n"
);
}
if (printlen < 1)
return -1;
return 0;
}
int main(int argc, char *argv[]) {
FingerPrint *referenceFP;
FingerPrint *observedFP;
double accuracy;
char sourcefile[MAXPATHLEN];
int sourceline=-1;
char referenceFPString[2048];
char observedFPString[2048];
char line[512];
char *p, *endptr;
int i;
int done=0;
FILE *fp;
if (argc < 1 || argc > 2)
usage(NULL);
referenceFPString[0] = observedFPString[0] = '\0';
if (argc == 2) {
Strncpy(sourcefile, argv[1], sizeof(sourcefile));
p = strchr(sourcefile, ':');
if (!p) usage("Filename must be followed by a colon and then line number");
*p++ = '\0';
if (!*p) usage(NULL);
sourceline = strtol(p, &endptr, 10);
if (*endptr) {
error("could not parse line number (trailing garbage?)");
}
fp = fopen(sourcefile, "r");
done = 0; i = 1;
while(i < sourceline) {
if (fgets(line, sizeof(line), fp) == NULL)
usage("Failed to read to line %d of %s", sourceline, sourcefile);
i++;
}
if (readFP(fp, referenceFPString, sizeof(referenceFPString)) == -1)
usage("Failed to read in supposed fingerprint in %s line %d\n", sourcefile, sourceline);
fclose(fp);
printf("STEP ONE: Reading REFERENCE FINGERPRINT from %s line %d:\n%s\n"
,sourcefile, sourceline, referenceFPString);
} else {
printf("STEP ONE: Enter the **REFERENCE FINGERPRINT**, followed by a blank or single-dot line:\n");
if (readFP(stdin, referenceFPString, sizeof(referenceFPString)) == -1)
usage("Failed to read in supposed fingerprint from stdin\n");
}
referenceFP = parse_single_fingerprint(referenceFPString);
if (!referenceFP) fatal("Sorry -- failed to parse the so-called reference fingerprint you entered");
printf("STEP TWO: Enter the **OBSERVED FINGERPRINT**, followed by a blank or single-dot line:\n");
if (readFP(stdin, observedFPString, sizeof(observedFPString)) == -1)
usage("Failed to read in supposed observed fingerprint from stdin\n");
observedFP = parse_single_fingerprint(observedFPString);
if (!observedFP) fatal("Sorry -- failed to parse the so-called reference fingerprint you entered");
/* OK, now I've got the fingerprints -- I just need to compare them ... */
accuracy = compare_fingerprints(referenceFP, observedFP, 1);
if (accuracy == 1)
printf("PERFECT MATCH!\n");
else printf("Accuracy of the two prints is %d%% -- see differences above.\n",
(int) (accuracy * 100));
return 0;
}

390
scripts/fingerfix.pl Executable file
View File

@@ -0,0 +1,390 @@
#!/usr/bin/perl
# $Id$
sub max($$) {
my ($a, $b) = @_;
if ($a >= $b) { return $a;}
return $b;
}
sub min($$) {
my ($a, $b) = @_;
if ($a <= $b) { return $a;}
return $b;
}
while(<>) {
chomp;
$line = $_;
if ($line eq "." || $line eq "") { last; }
if (!$line =~ /(Fingerprint\s+\S)|(Class\s+\S)|(^T[1-7])|(^PU)|(^Contributed by)/i) { next; }
if ($line =~ /Contributed by (.*)/) {
if (!$fp{contrib}) {
$fp{contrib} = $1;
} else { $fp{contrib} .= ", $1"; }
}
elsif ($line =~ /Fingerprint\s+(.*)/i) {
$fp{os} = $1;
}
elsif ($line =~ /Class\s+(.*)/i) {
if (!$fp{class} or !($fp{class} =~ /\Q$line\E/)) {
$fp{class} .= $line . "\n";
}
}
elsif ($line =~ /TSeq\(Class=([^%\)]+)(%gcd=([^%]+)%SI=([^%\)]+))?(%Val=([A-F0-9]+))?(%IPID=([^%\)]+))?(%TS=([^%\)]+))?\)/) {
$cls = $1;
if ($cls ne "C") {
$gcd = hex($3);
$si = $4;
} else { $cval=$6; }
$ipid = $8;
$ts = $10;
if (index($fp{tseq}{cls}, $cls) == -1) {
if ($fp{tseq}{cls}) {
$fp{tseq}{cls} = $fp{tseq}{cls} . qq^|$cls^;
} else {
$fp{tseq}{cls} = $cls;
}
}
if ($cls eq "C") {
print "*******************************************************\n" .
"* WARNING: CONSTANT ISN type -- check if value changes*\n" .
"*******************************************************\n";
if (index($fp{tseq}{cval}, $cval) == -1) {
if ($fp{tseq}{cval}) {
$fp{tseq}{cval} = $fp{tseq}{cval} . qq^|$cval^;
} else {
$fp{tseq}{cval} = $cval;
}
}
} else {
if ($fp{tseq}{gcd} =~ /<([0-9A-F]+)/) {
$oldgcd = hex($1);
} else { $oldgcd = 6; }
$newgcd = max($oldgcd, $gcd * 2 + 4);
$fp{tseq}{gcd} = sprintf ("<%X", $newgcd);
$newhighlim = $newlowlim = -1;
if ($si =~ /<([0-9A-Fa-f]+)/) { $newhighlim = hex($1); }
if ($si =~ />([0-9A-Fa-f]+)/) { $newlowlim = hex($1); }
if ($fp{tseq}{si} =~ /<([0-9A-F]+)/) {
$oldhighlim = hex($1);
} else { $oldhighlim = 0; }
if ($fp{tseq}{si} =~ />([0-9A-F]+)/) {
$oldlowlim = hex($1);
} else { $oldlowlim = 0; }
if ($fp{tseq}{si} =~ /^([0-9A-F]+)/) {
$oldhighlim = $oldlowlim = hex($1);
}
if ($oldlowlim) {
if ($newlowlim != -1) { $newlowlim = max(0, min($oldlowlim, $newlowlim)); }
else { $newlowlim = max(0, min($oldlowlim, hex($si) / 10 - 20)); }
} else { if ($newlowlim == -1) { $newlowlim = max(0, hex($si) / 10 - 20); } }
if ($newhighlim == -1) {
$newhighlim = max($oldhighlim, hex($si) * 10 + 20);
} else { $newhighlim = max($oldhighlim, $newhighlim); }
# print "oldhighlim: $oldhighlim oldlowlim: $oldlowlim newhighlim: $newhighlim newlowlim: $newlowlim oldsi: $fp{tseq}{si}";
if ($newlowlim > 0) {
$fp{tseq}{si} = sprintf("<%X&>%X", $newhighlim, $newlowlim);
} else {
$fp{tseq}{si} = sprintf("<%X", $newhighlim);
}
# print " newsi: $fp{tseq}{si}\n";
}
if (index($fp{tseq}{ipid}, $ipid) == -1) {
if ($fp{tseq}{ipid}) {
$fp{tseq}{ipid} = $fp{tseq}{ipid} . qq^|$ipid^;
} else {
$fp{tseq}{ipid} = $ipid;
}
}
if (index($fp{tseq}{ts}, $ts) == -1) {
if ($fp{tseq}{ts}) {
$fp{tseq}{ts} = $fp{tseq}{ts} . qq^|$ts^;
} else {
$fp{tseq}{ts} = $ts;
}
}
} elsif ($line =~ /^T([1-7])/) {
$num = $1;
$test = "T$num";
$resp = $df = $w = $ack = $flags = $ops = "";
if ($line =~ /Resp=([NY])/) {
$resp = $1;
}
if ($line =~ /[(%]DF=([NY])/) {
$df = $1;
}
if ($line =~ /[(%]W=([^%]+)/) {
$w = $1;
if (!$w) { $w = "NULL"; }
}
if ($line =~ /[(%]ACK=([^%]+)/) {
$ack = $1;
}
if ($line =~ /[(%]Flags=([^%]*)/) {
$flags = $1;
if (!$flags) { $flags = "NULL"; }
}
if ($line =~ /Ops=([A-Z|]*)/) {
$ops = $1;
if (!$ops) { $ops = "NULL"; }
}
if ($resp eq "Y" or !$resp) {
$fp{$test}{resp} = "Y";
if ($df and index($fp{$test}{df}, $df) == -1) {
if ($fp{$test}{df}) {
$fp{$test}{df} .= qq^|$df^;
} else {
$fp{$test}{df} = $df;
}
}
if (index($fp{$test}{w}, $w) == -1) {
if ($fp{$test}{w}) {
$fp{$test}{w} = $fp{$test}{w} . qq^|$w^;
} else {
$fp{$test}{w} = $w;
}
}
if ($ack and index($fp{$test}{ack}, $ack) == -1) {
if ($fp{$test}{ack}) {
$fp{$test}{ack} = $fp{$test}{ack} . qq^|$ack^;
} else {
$fp{$test}{ack} = $ack;
}
}
if (!($fp{$test}{flags} =~ /(^|\|)$flags($|\|)/)) {
if ($fp{$test}{flags}) {
$fp{$test}{flags} = $fp{$test}{flags} . qq^|$flags^;
} else {
$fp{$test}{flags} = $flags;
}
}
if (!($fp{$test}{ops} =~ /(^|\|)$ops($|\|)/)) {
if ($fp{$test}{ops}) {
$fp{$test}{ops} = $fp{$test}{ops} . qq^|$ops^;
} else {
$fp{$test}{ops} = $ops;
}
}
} elsif ($fp{$test}{resp} ne "Y") {
$fp{$test}{resp} = "N";
}
} elsif ($line =~ /^PU/) {
$resp = $df = $tos = $iplen = $riptl = $rid = $ripck = $uck = $ulen = $dat = "";
if ($line =~ /Resp=([NY])/) {
$resp = $1;
}
if ($line =~ /[(%]DF=([NY])/) {
$df = $1;
}
if ($line =~ /[(%]TOS=([^%]+)/) {
$tos = $1;
if (!$tos) { $tos = "NULL"; }
}
if ($line =~ /[(%]IPLEN=([^%]+)/) {
$iplen = $1;
}
if ($line =~ /[(%]RIPTL=([^%]+)/) {
$riptl = $1;
}
if ($line =~ /[(%]RID=([^%]+)/) {
$rid = $1;
}
if ($line =~ /[(%]RIPCK=([^%]+)/) {
$ripck = $1;
if (!$ripck) { $ripck = "NULL"; }
}
if ($line =~ /[(%]UCK=([^%]+)/) {
$uck = $1;
if (!$uck) { $uck = "NULL"; }
}
if ($line =~ /[(%]ULEN=([^%]+)/) {
$ulen = $1;
}
if ($line =~ /[(%]DAT=([A-Z|]+)/) {
$dat = $1;
}
if ($resp eq "Y" or !$resp) {
$fp{pu}{resp} = "Y";
if ($df and index($fp{pu}{df}, $df) == -1) {
if ($fp{pu}{df}) {
$fp{pu}{df} = $fp{pu}{df} . qq^|$df^;
} else {
$fp{pu}{df} = $df;
}
}
if ($tos and index($fp{pu}{tos}, $tos) == -1) {
if ($fp{pu}{tos}) {
$fp{pu}{tos} = $fp{pu}{tos} . qq^|$tos^;
} else {
$fp{pu}{tos} = $tos;
}
}
if ($iplen and index($fp{pu}{iplen}, $iplen) == -1) {
if ($fp{pu}{iplen}) {
$fp{pu}{iplen} = $fp{pu}{iplen} . qq^|$iplen^;
} else {
$fp{pu}{iplen} = $iplen;
}
}
if ($riptl and index($fp{pu}{riptl}, $riptl) == -1) {
if ($fp{pu}{riptl}) {
$fp{pu}{riptl} = $fp{pu}{riptl} . qq^|$riptl^;
} else {
$fp{pu}{riptl} = $riptl;
}
}
if ($rid and index($fp{pu}{rid}, $rid) == -1) {
if ($fp{pu}{rid}) {
$fp{pu}{rid} = $fp{pu}{rid} . qq^|$rid^;
} else {
$fp{pu}{rid} = $rid;
}
}
if ($ripck and index($fp{pu}{ripck}, $ripck) == -1) {
if ($fp{pu}{ripck}) {
$fp{pu}{ripck} = $fp{pu}{ripck} . qq^|$ripck^;
} else {
$fp{pu}{ripck} = $ripck;
}
}
if ($uck and index($fp{pu}{uck}, $uck) == -1) {
if ($fp{pu}{uck}) {
$fp{pu}{uck} = $fp{pu}{uck} . qq^|$uck^;
} else {
$fp{pu}{uck} = $uck;
}
}
if ($ulen and index($fp{pu}{ulen}, $ulen) == -1) {
if ($fp{pu}{ulen}) {
$fp{pu}{ulen} = $fp{pu}{ulen} . qq^|$ulen^;
} else {
$fp{pu}{ulen} = $ulen;
}
}
if ($dat and index($fp{pu}{dat}, $dat) == -1) {
if ($fp{pu}{dat}) {
$fp{pu}{dat} = $fp{pu}{dat} . qq^|$dat^;
} else {
$fp{pu}{dat} = $dat;
}
}
} elsif ($fp{pu}{resp} ne "Y") {
$fp{pu}{resp} = "N";
}
}
}
# OK, now it is time to print out the merged Fprint ...
# Printing contributed by line was like a magnet for spammers and took
# up a substantial amount of space in the file. Plus may make
# licensees nervous.
# if ($fp{contrib}) { print "# Contributed by $fp{contrib}\n"; }
print "Fingerprint $fp{os}\n";
if ($fp{class}) { print $fp{class}; }
else { print "Class \n"; }
if ($fp{tseq}{cls}) {
print("TSeq(Class=$fp{tseq}{cls}");
if ($fp{tseq}{cls} ne "64K" and $fp{tseq}{cls} ne "i800"
and $fp{tseq}{cls} ne "C") {
if ($fp{tseq}{gcd}) {
print "%gcd=$fp{tseq}{gcd}";
}
if ($fp{tseq}{cls} ne "TR") {
if ($fp{tseq}{si}) {
print "%SI=$fp{tseq}{si}";
}
}
}
if ($fp{tseq}{cval}) {print "%Val=$fp{tseq}{cval}"; }
if ($fp{tseq}{ipid}) { print "%IPID=$fp{tseq}{ipid}"; }
if ($fp{tseq}{ts}) { print "%TS=$fp{tseq}{ts}"; }
print ")\n";
}
foreach $t (1 .. 7) {
$test = "T$t";
if ($fp{$test}{resp} eq "Y") {
print "$test(";
if ($t == 2 or $t == 3) {
print "Resp=Y%";
}
$fp{$test}{flags} =~ s/NULL//;
$fp{$test}{ops} =~ s/NULL//;
$fp{$test}{w} =~ s/NULL/0/;
print "DF=$fp{$test}{df}%W=$fp{$test}{w}%ACK=$fp{$test}{ack}%Flags=$fp{$test}{flags}%Ops=$fp{$test}{ops})\n";
} else {
print "$test(Resp=N)\n";
}
}
if ($fp{pu}{resp} eq "Y") {
print "PU(";
$fp{pu}{tos} =~ s/NULL/0/;
$fp{pu}{uck} =~ s/NULL/0/;
$fp{pu}{ripck} =~ s/NULL/0/;
if ($fp{pu}{rid}) {
$rid = "RID=$fp{pu}{rid}\%";
} else { $ridwarning = 1; $rid = "RID=E|F\%"; }
print "DF=$fp{pu}{df}%TOS=$fp{pu}{tos}%IPLEN=$fp{pu}{iplen}%RIPTL=$fp{pu}{riptl}%${rid}RIPCK=$fp{pu}{ripck}%UCK=$fp{pu}{uck}%ULEN=$fp{pu}{ulen}%DAT=$fp{pu}{dat})\n";
} else {
print "PU(Resp=N)\n";
}
if ($ridwarning == 1) {
$ridwarning = 0;
print "*******************************************************\n" .
"* WARNING: Missing PU RID value -- this is normal for *\n" .
"* hosts submitted by Solaris or Windows boxes. You *\n" .
"* may want to get RID from similar fingerprints *\n" .
"*******************************************************\n";
}

246
scripts/fingermatch.cc Normal file
View File

@@ -0,0 +1,246 @@
/***************************************************************************
* fingermatch.cc -- A relatively simple utility for determining whether a *
* given Nmap fingerprint matches (or comes close to matching) any of the *
* fingerprints in a collection such as the nmap-os-fingerprints file that *
* ships with Nmap. *
* *
***********************IMPORTANT NMAP LICENSE TERMS************************
* *
* The Nmap Security Scanner is (C) 1996-2004 Insecure.Com LLC. Nmap *
* is also a registered trademark of Insecure.Com LLC. This program is *
* free software; you may redistribute and/or modify it under the *
* terms of the GNU General Public License as published by the Free *
* Software Foundation; Version 2. This guarantees your right to use, *
* modify, and redistribute this software under certain conditions. If *
* you wish to embed Nmap technology into proprietary software, we may be *
* willing to sell alternative licenses (contact sales@insecure.com). *
* Many security scanner vendors already license Nmap technology such as *
* our remote OS fingerprinting database and code, service/version *
* detection system, and port scanning code. *
* *
* Note that the GPL places important restrictions on "derived works", yet *
* it does not provide a detailed definition of that term. To avoid *
* misunderstandings, we consider an application to constitute a *
* "derivative work" for the purpose of this license if it does any of the *
* following: *
* o Integrates source code from Nmap *
* o Reads or includes Nmap copyrighted data files, such as *
* nmap-os-fingerprints or nmap-service-probes. *
* o Executes Nmap and parses the results (as opposed to typical shell or *
* execution-menu apps, which simply display raw Nmap output and so are *
* not derivative works.) *
* o Integrates/includes/aggregates Nmap into a proprietary executable *
* installer, such as those produced by InstallShield. *
* o Links to a library or executes a program that does any of the above *
* *
* The term "Nmap" should be taken to also include any portions or derived *
* works of Nmap. This list is not exclusive, but is just meant to *
* clarify our interpretation of derived works with some common examples. *
* These restrictions only apply when you actually redistribute Nmap. For *
* example, nothing stops you from writing and selling a proprietary *
* front-end to Nmap. Just distribute it by itself, and point people to *
* http://www.insecure.org/nmap/ to download Nmap. *
* *
* We don't consider these to be added restrictions on top of the GPL, but *
* just a clarification of how we interpret "derived works" as it applies *
* to our GPL-licensed Nmap product. This is similar to the way Linus *
* Torvalds has announced his interpretation of how "derived works" *
* applies to Linux kernel modules. Our interpretation refers only to *
* Nmap - we don't speak for any other GPL products. *
* *
* If you have any questions about the GPL licensing restrictions on using *
* Nmap in non-GPL works, we would be happy to help. As mentioned above, *
* we also offer alternative license to integrate Nmap into proprietary *
* applications and appliances. These contracts have been sold to many *
* security vendors, and generally include a perpetual license as well as *
* providing for priority support and updates as well as helping to fund *
* the continued development of Nmap technology. Please email *
* sales@insecure.com for further information. *
* *
* As a special exception to the GPL terms, Insecure.Com LLC grants *
* permission to link the code of this program with any version of the *
* OpenSSL library which is distributed under a license identical to that *
* listed in the included Copying.OpenSSL file, and distribute linked *
* combinations including the two. You must obey the GNU GPL in all *
* respects for all of the code used other than OpenSSL. If you modify *
* this file, you may extend this exception to your version of the file, *
* but you are not obligated to do so. *
* *
* If you received these files with a written license agreement or *
* contract stating terms other than the terms above, then that *
* alternative license agreement takes precedence over these comments. *
* *
* Source is provided to this software because we believe users have a *
* right to know exactly what a program is going to do before they run it. *
* This also allows you to audit the software for security holes (none *
* have been found so far). *
* *
* Source code also allows you to port Nmap to new platforms, fix bugs, *
* and add new features. You are highly encouraged to send your changes *
* to fyodor@insecure.org for possible incorporation into the main *
* distribution. By sending these changes to Fyodor or one the *
* Insecure.Org development mailing lists, it is assumed that you are *
* offering Fyodor and Insecure.Com LLC the unlimited, non-exclusive right *
* to reuse, modify, and relicense the code. Nmap will always be *
* available Open Source, but this is important because the inability to *
* relicense code has caused devastating problems for other Free Software *
* projects (such as KDE and NASM). We also occasionally relicense the *
* code to third parties as discussed above. If you wish to specify *
* special license conditions of your contributions, just say so when you *
* send them. *
* *
* This program is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* General Public License for more details at *
* http://www.gnu.org/copyleft/gpl.html , or in the COPYING file included *
* with Nmap. *
* *
***************************************************************************/
/* $Id$ */
#include "nbase.h"
#include "nmap.h"
#include "osscan.h"
#define FINGERMATCH_GUESS_THRESHOLD 0.75 /* How low we will still show guesses for */
void usage() {
printf("Usage: fingermatch <fingerprintfilename>\n"
"(You will be prompted for the fingerprint data)\n"
"\n");
exit(1);
}
int main(int argc, char *argv[]) {
char *fingerfile = NULL;
FingerPrint **reference_FPs = NULL;
FingerPrint *testFP;
struct FingerPrintResults FPR;
char fprint[2048];
unsigned int printlen = 0;
char line[512];
unsigned int linelen;
char lasttestname[32];
unsigned int lastlinelen = 0;
char *p;
int i;
char gen[128]; /* temporary buffer for os generation part of classification */
int adjusted = 0; /* Flags if we have adjusted the entered fingerprint */
if (argc != 2)
usage();
/* First we read in the fingerprint file provided on the command line */
fingerfile = argv[1];
reference_FPs = parse_fingerprint_file(fingerfile);
if (reference_FPs == NULL)
fatal("Could not open or parse Fingerprint file given on the command line: %s", fingerfile);
/* Now we read in the user-provided fingerprint */
printf("Enter the fingerprint you would like to match, followed by a blank single-dot line:\n");
lasttestname[0] = '\0';
while(fgets(line, sizeof(line), stdin)) {
if (*line == '\n' || *line == '.')
break;
linelen = strlen(line);
/* Check if it is a duplicate testname */
if (*line == '#')
continue;
p = strchr(line, '(');
if (p) {
*p = '\0';
if (strcmp(line, lasttestname) == 0) {
adjusted = 1;
if (lastlinelen >= linelen)
continue;
/* The new one is longer (and thus probably better) -- clobber the last
line */
printlen -= lastlinelen;
fprint[printlen] = '\0';
}
Strncpy(lasttestname, line, sizeof(lasttestname));
lastlinelen = linelen;
*p = '(';
} else {
/* The only legitimate non-comment line that doesn't have a ( is the
initial Fingerprint and the following Class line(s) */
if (strncmp(line, "Class ", 6) == 0) {
char *q = line + 6;
while(*q && isspace(*q)) q++;
if (!*q) continue; // Empty class line
} else if (strncmp(line, "Fingerprint ", 12) != 0) {
printf("Warning: Bogus line skipped\n");
continue;
}
}
if (printlen + linelen >= sizeof(fprint) - 5)
fatal("Overflow!");
strcpy(fprint + printlen, line);
printlen += linelen;
}
if (adjusted) {
printf("\n**WARNING**: Adjusted fingerprint due to duplicated tests (we only look at the first). Results are based on this adjusted fingerprint:\n%s\n", fprint);
}
/* Now we validate that all elements are present */
if (!strstr(fprint, "TSeq(") || !strstr(fprint, "T1(") ||
!strstr(fprint, "T2(") || !strstr(fprint, "T3(") ||
!strstr(fprint, "T4(") || !strstr(fprint, "T5(") ||
!strstr(fprint, "T6(") || !strstr(fprint, "T7(") ||
!strstr(fprint, "PU(")) {
/* This ought to get my attention :) */
printf("\n"
"********************************************************\n"
"***WARNING: Fingerprint is missing at least 1 element***\n"
"********************************************************\n");
}
testFP = parse_single_fingerprint(fprint);
if (!testFP) fatal("Sorry -- failed to parse the so-called fingerprint you entered");
/* Now we find the matches! */
match_fingerprint(testFP, &FPR, reference_FPs, FINGERMATCH_GUESS_THRESHOLD);
switch(FPR.overall_results) {
case OSSCAN_NOMATCHES:
printf("**NO MATCHES** found for the entered fingerprint in %s\n", fingerfile);
break;
case OSSCAN_TOOMANYMATCHES:
printf("Found **TOO MANY EXACT MATCHES** to print for entered fingerprint in %s\n", fingerfile);
break;
case OSSCAN_SUCCESS:
if (FPR.num_perfect_matches > 0) {
printf("Found **%d PERFECT MATCHES** for entered fingerprint in %s:\n", FPR.num_perfect_matches, fingerfile);
printf("Accu Line# OS (classification)\n");
for(i=0; i < FPR.num_matches && FPR.accuracy[i] == 1; i++) {
if (FPR.prints[i]->OS_class[0].OS_Generation)
snprintf(gen, sizeof(gen), " %s ", FPR.prints[i]->OS_class[0].OS_Generation);
else gen[0] = '\0';
printf("100%% %5d %s (%s | %s |%s| %s)\n", FPR.prints[i]->line, FPR.prints[i]->OS_name, FPR.prints[i]->OS_class[0].OS_Vendor, FPR.prints[i]->OS_class[0].OS_Family, gen, FPR.prints[i]->OS_class[0].Device_Type );
}
} else {
printf("No perfect matches found, **GUESSES AVAILABLE** for entered fingerprint in %s:\n", fingerfile);
printf("Accu Line# OS (classification)\n");
for(i=0; i < 10 && i < FPR.num_matches; i++) {
if (FPR.prints[i]->OS_class[0].OS_Generation)
snprintf(gen, sizeof(gen), " %s ", FPR.prints[i]->OS_class[0].OS_Generation);
else gen[0] = '\0';
printf("%3d%% %5d %s (%s | %s |%s| %s)\n", (int) (FPR.accuracy[i] * 100), FPR.prints[i]->line, FPR.prints[i]->OS_name, FPR.prints[i]->OS_class[0].OS_Vendor, FPR.prints[i]->OS_class[0].OS_Family, gen, FPR.prints[i]->OS_class[0].Device_Type );
}
}
printf("\n");
break;
default:
fatal("Bogus error.");
break;
}
return 0;
}

74
scripts/make-mac-prefixes.pl Executable file
View File

@@ -0,0 +1,74 @@
#!/usr/bin/perl -w
use POSIX;
# A simple perl script that takes a MAC address database as distribted
# by the IEEE at http://standards.ieee.org/regauth/oui/oui.txt and
# creates an nmap-mac-prefixes file, which is just a bunch of lines
# like this (but without the initial "# ":
#
# 000072 Miniware Technology
# 00012E PC Partner Ltd.
# 080023 Panasonic Communications Co., Ltd.
#
sub usage() {
print "usage: make-mac-prefixis.pl [infile] [outfile]\n" .
"where infile is usually oui.txt as distributed from\n" .
"http://standards.ieee.org/regauth/oui/oui.txt and outfile is usually\n" .
"nmap-mac-prefixes. The output file will be overwritten if it already exists.\n";
exit 1;
}
# Un-capitalize an all-caps company name;
sub decap($) {
my $oldcomp = shift();
my $newcomp = "";
my @words = split /\s/, $oldcomp;
foreach $word (@words) {
if (length($word) > 3 && (length($word) > 5 or !($word =~ /[.,\!\$]/))) {
$word = "\L$word\E";
$word = "\u$word";
}
if ($newcomp) { $newcomp .= " $word"; }
else {$newcomp = $word; }
}
return $newcomp;
}
# Rules to shorten the names a bit, such as eliminating Inc.
sub shorten($) {
my $comp = shift();
$comp =~ s/,.{1,6}$//;
$comp =~ s/ (Corporation|Inc|Ltd|Corp|S\.A\.|Co\.|llc|pty|l\.l\.c\.|s\.p\.a\.|b\.v\.)(\.|\b)//gi;
# Fix stupid entries like "DU PONT PIXEL SYSTEMS ."
$comp =~ s/\s+.$//;
return $comp;
}
my $infile = shift() || usage();
my $outfile = shift() || usage();
if (! -f $infile) { print "ERROR: Could not find input file $infile"; usage(); }
open INFILE, "<$infile" or die "Could not open input file $infile";
open OUTFILE, ">$outfile" or die "Could not open output file $outfile";
print OUTFILE "# \$Id" . ": \$ generated with make-mac-prefixes.pl\n";
print OUTFILE "# Original data comes from http://standards.ieee.org/regauth/oui/oui.txt\n";
print OUTFILE "# These values are known as Organizationally Unique Identifiers (OUIs)\n";
print OUTFILE "# See http://standards.ieee.org/faqs/OUI.html\n";
while($ln = <INFILE>) {
if ($ln =~ /\s*([0-9a-fA-F]{2})-([0-9a-fA-F]{2})-([0-9a-fA-F]{2})\s+\(hex\)\s+(\S.*)$/) {
my $prefix = "$1$2$3";
my $compname= $4;
# This file often over-capitalizes company names
if (!($compname =~ /[a-z]/) || $compname =~ /\b[A-Z]{4,}/) {
$compname = decap($compname);
}
$compname = shorten($compname);
print OUTFILE "$prefix $compname\n";
}
# else { print "failed to match: $ln"; }
}

93
scripts/nmap.header.tmpl Normal file
View File

@@ -0,0 +1,93 @@
***********************IMPORTANT NMAP LICENSE TERMS************************
* *
* The Nmap Security Scanner is (C) 1996-2004 Insecure.Com LLC. Nmap *
* is also a registered trademark of Insecure.Com LLC. This program is *
* free software; you may redistribute and/or modify it under the *
* terms of the GNU General Public License as published by the Free *
* Software Foundation; Version 2. This guarantees your right to use, *
* modify, and redistribute this software under certain conditions. If *
* you wish to embed Nmap technology into proprietary software, we may be *
* willing to sell alternative licenses (contact sales@insecure.com). *
* Many security scanner vendors already license Nmap technology such as *
* our remote OS fingerprinting database and code, service/version *
* detection system, and port scanning code. *
* *
* Note that the GPL places important restrictions on "derived works", yet *
* it does not provide a detailed definition of that term. To avoid *
* misunderstandings, we consider an application to constitute a *
* "derivative work" for the purpose of this license if it does any of the *
* following: *
* o Integrates source code from Nmap *
* o Reads or includes Nmap copyrighted data files, such as *
* nmap-os-fingerprints or nmap-service-probes. *
* o Executes Nmap and parses the results (as opposed to typical shell or *
* execution-menu apps, which simply display raw Nmap output and so are *
* not derivative works.) *
* o Integrates/includes/aggregates Nmap into a proprietary executable *
* installer, such as those produced by InstallShield. *
* o Links to a library or executes a program that does any of the above *
* *
* The term "Nmap" should be taken to also include any portions or derived *
* works of Nmap. This list is not exclusive, but is just meant to *
* clarify our interpretation of derived works with some common examples. *
* These restrictions only apply when you actually redistribute Nmap. For *
* example, nothing stops you from writing and selling a proprietary *
* front-end to Nmap. Just distribute it by itself, and point people to *
* http://www.insecure.org/nmap/ to download Nmap. *
* *
* We don't consider these to be added restrictions on top of the GPL, but *
* just a clarification of how we interpret "derived works" as it applies *
* to our GPL-licensed Nmap product. This is similar to the way Linus *
* Torvalds has announced his interpretation of how "derived works" *
* applies to Linux kernel modules. Our interpretation refers only to *
* Nmap - we don't speak for any other GPL products. *
* *
* If you have any questions about the GPL licensing restrictions on using *
* Nmap in non-GPL works, we would be happy to help. As mentioned above, *
* we also offer alternative license to integrate Nmap into proprietary *
* applications and appliances. These contracts have been sold to many *
* security vendors, and generally include a perpetual license as well as *
* providing for priority support and updates as well as helping to fund *
* the continued development of Nmap technology. Please email *
* sales@insecure.com for further information. *
* *
* As a special exception to the GPL terms, Insecure.Com LLC grants *
* permission to link the code of this program with any version of the *
* OpenSSL library which is distributed under a license identical to that *
* listed in the included Copying.OpenSSL file, and distribute linked *
* combinations including the two. You must obey the GNU GPL in all *
* respects for all of the code used other than OpenSSL. If you modify *
* this file, you may extend this exception to your version of the file, *
* but you are not obligated to do so. *
* *
* If you received these files with a written license agreement or *
* contract stating terms other than the terms above, then that *
* alternative license agreement takes precedence over these comments. *
* *
* Source is provided to this software because we believe users have a *
* right to know exactly what a program is going to do before they run it. *
* This also allows you to audit the software for security holes (none *
* have been found so far). *
* *
* Source code also allows you to port Nmap to new platforms, fix bugs, *
* and add new features. You are highly encouraged to send your changes *
* to fyodor@insecure.org for possible incorporation into the main *
* distribution. By sending these changes to Fyodor or one the *
* Insecure.Org development mailing lists, it is assumed that you are *
* offering Fyodor and Insecure.Com LLC the unlimited, non-exclusive right *
* to reuse, modify, and relicense the code. Nmap will always be *
* available Open Source, but this is important because the inability to *
* relicense code has caused devastating problems for other Free Software *
* projects (such as KDE and NASM). We also occasionally relicense the *
* code to third parties as discussed above. If you wish to specify *
* special license conditions of your contributions, just say so when you *
* send them. *
* *
* This program is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* General Public License for more details at *
* http://www.gnu.org/copyleft/gpl.html , or in the COPYING file included *
* with Nmap. *
* *
***************************************************************************/

50
scripts/nsock.header.tmpl Normal file
View File

@@ -0,0 +1,50 @@
***********************IMPORTANT NSOCK LICENSE TERMS***********************
* *
* The nsock parallel socket event library is (C) 1999-2004 Insecure.Com *
* LLC This library is free software; you may redistribute and/or *
* modify it under the terms of the GNU General Public License as *
* published by the Free Software Foundation; Version 2. This guarantees *
* your right to use, modify, and redistribute this software under certain *
* conditions. If this license is unacceptable to you, Insecure.Com LLC *
* may be willing to sell alternative licenses (contact *
* sales@insecure.com ). *
* *
* As a special exception to the GPL terms, Insecure.Com LLC grants *
* permission to link the code of this program with any version of the *
* OpenSSL library which is distributed under a license identical to that *
* listed in the included Copying.OpenSSL file, and distribute linked *
* combinations including the two. You must obey the GNU GPL in all *
* respects for all of the code used other than OpenSSL. If you modify *
* this file, you may extend this exception to your version of the file, *
* but you are not obligated to do so. *
* *
* If you received these files with a written license agreement stating *
* terms other than the (GPL) terms above, then that alternative license *
* agreement takes precedence over this comment. *
* *
* Source is provided to this software because we believe users have a *
* right to know exactly what a program is going to do before they run it. *
* This also allows you to audit the software for security holes (none *
* have been found so far). *
* *
* Source code also allows you to port Nmap to new platforms, fix bugs, *
* and add new features. You are highly encouraged to send your changes *
* to fyodor@insecure.org for possible incorporation into the main *
* distribution. By sending these changes to Fyodor or one the *
* insecure.org development mailing lists, it is assumed that you are *
* offering Fyodor and Insecure.Com LLC the unlimited, non-exclusive right *
* to reuse, modify, and relicense the code. Nmap will always be *
* available Open Source, but this is important because the inability to *
* relicense code has caused devastating problems for other Free Software *
* projects (such as KDE and NASM). We also occasionally relicense the *
* code to third parties as discussed above. If you wish to specify *
* special license conditions of your contributions, just say so when you *
* send them. *
* *
* This program is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* General Public License for more details ( *
* http://www.gnu.org/copyleft/gpl.html ). *
* *
***************************************************************************/

47674
scripts/oui.txt Normal file
View File

File diff suppressed because it is too large Load Diff

48
scripts/produceosclasschoosebox.pl Executable file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/perl -w
if (!$ARGV[0]) {
print "Usage: produceosclasschoosebox.pl <nmap-os-fingerprints-filepath>\n\n"; exit;
}
# Kill leading and trailing whitespace
sub killws($) {
$str = shift;
$str =~ s/^\s+//g;
$str =~ s/\s+$//g;
return $str;
}
my @optionar;
my %unique_optvals;
while(<>) {
my %infohash;
if (/^Class /) {
s/Class //;
# Kill leading and trailing whitespace
my ($vendor, $osfam, $osgen, $type) = split /\|/;
$vendor = killws($vendor);
$osfam = killws($osfam);
$osgen = killws($osgen);
$type = killws($type);
$infohash{opval} = "$vendor|$osfam|$osgen|$type";
if (!$unique_optvals{$infohash{opval}}) {
$unique_optvals{$infohash{opval}} = 1;
$infohash{vendor} = $vendor;
$infohash{osfam} = $osfam;
$infohash{osgen} = $osgen;
$infohash{type} = $type;
if ($osgen) { $osgen = " $osgen"; }
if ($vendor eq $osfam) { $vendor = ""; } else {$vendor = "$vendor "; }
$infohash{fullname} = "$vendor$osfam$osgen $type";
push @optionar, \%infohash;
}
}
}
@optionar = sort { lc($a->{fullname}) cmp lc($b->{fullname}) } @optionar;
foreach $opt (@optionar) {
print qq|<option value="| . $opt->{opval} . qq|">| . $opt->{fullname} . "\n";
}

326
scripts/servicematch.cc Normal file
View File

@@ -0,0 +1,326 @@
/***************************************************************************
* servicematch.cc -- A relatively simple utility for determining whether *
* a given Nmap service fingerprint matches (or comes close to any of the *
* fingerprints in a collection such as the nmap-service-probes file that *
* ships with Nmap. *
* *
***********************IMPORTANT NMAP LICENSE TERMS************************
* *
* The Nmap Security Scanner is (C) 1996-2004 Insecure.Com LLC. Nmap *
* is also a registered trademark of Insecure.Com LLC. This program is *
* free software; you may redistribute and/or modify it under the *
* terms of the GNU General Public License as published by the Free *
* Software Foundation; Version 2. This guarantees your right to use, *
* modify, and redistribute this software under certain conditions. If *
* you wish to embed Nmap technology into proprietary software, we may be *
* willing to sell alternative licenses (contact sales@insecure.com). *
* Many security scanner vendors already license Nmap technology such as *
* our remote OS fingerprinting database and code, service/version *
* detection system, and port scanning code. *
* *
* Note that the GPL places important restrictions on "derived works", yet *
* it does not provide a detailed definition of that term. To avoid *
* misunderstandings, we consider an application to constitute a *
* "derivative work" for the purpose of this license if it does any of the *
* following: *
* o Integrates source code from Nmap *
* o Reads or includes Nmap copyrighted data files, such as *
* nmap-os-fingerprints or nmap-service-probes. *
* o Executes Nmap and parses the results (as opposed to typical shell or *
* execution-menu apps, which simply display raw Nmap output and so are *
* not derivative works.) *
* o Integrates/includes/aggregates Nmap into a proprietary executable *
* installer, such as those produced by InstallShield. *
* o Links to a library or executes a program that does any of the above *
* *
* The term "Nmap" should be taken to also include any portions or derived *
* works of Nmap. This list is not exclusive, but is just meant to *
* clarify our interpretation of derived works with some common examples. *
* These restrictions only apply when you actually redistribute Nmap. For *
* example, nothing stops you from writing and selling a proprietary *
* front-end to Nmap. Just distribute it by itself, and point people to *
* http://www.insecure.org/nmap/ to download Nmap. *
* *
* We don't consider these to be added restrictions on top of the GPL, but *
* just a clarification of how we interpret "derived works" as it applies *
* to our GPL-licensed Nmap product. This is similar to the way Linus *
* Torvalds has announced his interpretation of how "derived works" *
* applies to Linux kernel modules. Our interpretation refers only to *
* Nmap - we don't speak for any other GPL products. *
* *
* If you have any questions about the GPL licensing restrictions on using *
* Nmap in non-GPL works, we would be happy to help. As mentioned above, *
* we also offer alternative license to integrate Nmap into proprietary *
* applications and appliances. These contracts have been sold to many *
* security vendors, and generally include a perpetual license as well as *
* providing for priority support and updates as well as helping to fund *
* the continued development of Nmap technology. Please email *
* sales@insecure.com for further information. *
* *
* As a special exception to the GPL terms, Insecure.Com LLC grants *
* permission to link the code of this program with any version of the *
* OpenSSL library which is distributed under a license identical to that *
* listed in the included Copying.OpenSSL file, and distribute linked *
* combinations including the two. You must obey the GNU GPL in all *
* respects for all of the code used other than OpenSSL. If you modify *
* this file, you may extend this exception to your version of the file, *
* but you are not obligated to do so. *
* *
* If you received these files with a written license agreement or *
* contract stating terms other than the terms above, then that *
* alternative license agreement takes precedence over these comments. *
* *
* Source is provided to this software because we believe users have a *
* right to know exactly what a program is going to do before they run it. *
* This also allows you to audit the software for security holes (none *
* have been found so far). *
* *
* Source code also allows you to port Nmap to new platforms, fix bugs, *
* and add new features. You are highly encouraged to send your changes *
* to fyodor@insecure.org for possible incorporation into the main *
* distribution. By sending these changes to Fyodor or one the *
* Insecure.Org development mailing lists, it is assumed that you are *
* offering Fyodor and Insecure.Com LLC the unlimited, non-exclusive right *
* to reuse, modify, and relicense the code. Nmap will always be *
* available Open Source, but this is important because the inability to *
* relicense code has caused devastating problems for other Free Software *
* projects (such as KDE and NASM). We also occasionally relicense the *
* code to third parties as discussed above. If you wish to specify *
* special license conditions of your contributions, just say so when you *
* send them. *
* *
* This program is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
* General Public License for more details at *
* http://www.gnu.org/copyleft/gpl.html , or in the COPYING file included *
* with Nmap. *
* *
***************************************************************************/
/* $Id$ */
#include "nbase.h"
#include "nmap.h"
#include "service_scan.h"
#include <ctype.h>
void usage() {
printf("Usage: servicematch <fingerprintfilename>\n"
"(You will be prompted for the fingerprint data)\n"
"\n");
exit(1);
}
// This function parses the read-in fprint, compares the responses to the
// given tests as if they had been read from a remote system, and prints out
// the first match if any, followed by the fingerprint in single-line format.
// The 'ipaddystr' is either a string of the form " on www.xx.y.zzz" containing the IP
// address of the target from which fprint was obtained, or it is empty (meaning we don't know).
int doMatch(AllProbes *AP, char *fprint, int fplen, char *ipaddystr) {
u16 portno;
int proto;
char *p;
char *currentprobe = NULL;
char probename[128];
char resptext[3048];
char *endp = NULL;
unsigned long fullrlen;
bool trunc = false; // Was at least one response truncated due to length?
unsigned int resptextlen;
char *dst;
ServiceProbe *SP = NULL;
char softmatch[32] = {0};
const struct MatchDetails *MD = NULL;
bool nullprobecheat = false; // We cheated and found a match in the NULL probe to a non-null-probe response
// First lets find the port number and protocol
assert(fplen > 10);
assert(strncmp(fprint, "SF-Port", 7) == 0);
portno = atoi(fprint + 7);
p = strchr(fprint, ':');
assert(p);
p -= 3;
if (strncmp(p, "TCP", 3) == 0)
proto = IPPROTO_TCP;
else proto = IPPROTO_UDP;
currentprobe = strstr(p, "%r(");
while(currentprobe) {
// move to the probe name
p = currentprobe + 3;
dst = probename;
while(*p && *p != ',') {
assert((unsigned int) (dst - probename) < sizeof(probename) - 1);
*dst++ = *p++;
}
*dst++ = '\0';
// Grab
assert(*p == ',');
p++;
assert(isxdigit(*p));
fullrlen = strtoul(p, &endp, 16);
p = endp;
assert(*p == ',');
p++;
assert(*p == '"');
p++;
dst = resptext;
while(*p && (*p != '"' || (*(p-1) == '\\' && *(p-2) != '\\'))) {
assert((unsigned int) (dst - resptext) < sizeof(resptext) - 1);
*dst++ = *p++;
}
*dst++ = '\0';
// Now we unescape the response into plain binary
cstring_unescape(resptext, &resptextlen);
if (resptextlen < fullrlen)
trunc = true;
// Finally we try to match this with the appropriate probe from the
// nmap-service-probes file.
SP = AP->getProbeByName(probename, proto);
if (!SP) {
error("WARNING: Unable to find probe named %s in given probe file.", probename);
} else {
nullprobecheat = false;
MD = SP->testMatch((u8 *) resptext, resptextlen);
if (!MD && !SP->isNullProbe() && SP->getProbeProtocol() == IPPROTO_TCP && AP->nullProbe) {
MD = AP->nullProbe->testMatch((u8 *) resptext, resptextlen);
nullprobecheat = true;
}
if (MD && MD->serviceName) {
if (MD->isSoft) {
// We'll just squirrel it away for now
if (*softmatch && strcmp(softmatch, MD->serviceName) != 0) {
fprintf(stderr, "WARNING: Soft match for service %s, followed by (ignored) soft match for service %s\n", softmatch, MD->serviceName);
} else Strncpy(softmatch, MD->serviceName, sizeof(softmatch));
} else {
// YEAH! Found a hard match!
if (MD->product || MD->version || MD->info)
printf("MATCHED %ssvc %s |%s|%s|%s|%s: %s\n", nullprobecheat? "(NULLPROBE CHEAT) " : "", MD->serviceName, MD->product? MD->product : "", MD->version? MD->version : "", MD->info? MD->info : "", ipaddystr, fprint);
else
printf("MATCHED %ssvc %s (NO VERSION)%s: %s\n", nullprobecheat? "(NULLPROBE CHEAT) " : "", MD->serviceName, ipaddystr, fprint);
return 0;
}
}
}
// Lets find the next probe, if any
currentprobe = strstr(p, "%r(");
}
if (trunc) printf("WARNING: At least one probe response was truncated\n");
if (*softmatch) printf("SOFT MATCH svc %s (SOFT MATCH)%s: %s\n", softmatch, ipaddystr, fprint);
else printf("FAILED to match%s: %s\n", ipaddystr, fprint);
return 1;
}
int cleanfp(char *fprint, int *fplen) {
char *src = fprint, *dst = fprint;
while(*src) {
if (strncmp(src, "\\x20", 4) == 0) {
*dst++ = ' ';
src += 4;
/* } else if (*src == '\\' && (*(src+1) == '"' || *(src+1) == '\\')) {
*dst++ = *++src;
src++; */ // We shouldn't do this yet
} else if (src != dst) {
*dst++ = *src++;
} else { dst++; src++; }
}
*dst++ = '\0';
*fplen = dst - fprint - 1;
return 0;
}
int main(int argc, char *argv[]) {
AllProbes *AP = new AllProbes();
char *probefile = NULL;
char fprint[16384];
int fplen = 0; // Amount of chars in the current fprint
char line[512];
unsigned int linelen;
char *dst = NULL;
int lineno;
char *p, *q;
bool isInFP = false; // whether we are currently reading in a fingerprint
struct in_addr ip;
char lastipbuf[64];
if (argc != 2)
usage();
lastipbuf[0] = '\0';
/* First we read in the fingerprint file provided on the command line */
probefile = argv[1];
parse_nmap_service_probe_file(AP, probefile);
/* Now we read in the user-provided service fingerprint(s) */
printf("Enter the service fingerprint(s) you would like to match. Will read until EOF. Other Nmap output text (besides fingerprints) is OK too and will be ignored\n");
while(fgets(line, sizeof(line), stdin)) {
lineno++;
linelen = strlen(line);
p = line;
while(*p && isspace(*p)) p++;
if (isInFP) {
if (strncmp(p, "SF:", 3) == 0) {
p += 3;
assert(sizeof(fprint) > fplen + linelen + 1);
dst = fprint + fplen;
while(*p != '\r' && *p != '\n' && *p != ' ')
*dst++ = *p++;
fplen = dst - fprint;
*dst++ = '\0';
} else {
fatal("Fingerprint incomplete ending on line #%d", lineno);
}
}
if (strncmp(p, "SF-Port", 7) == 0) {
if (isInFP)
fatal("New service fingerprint started before the previous one was complete -- line %d", lineno);
assert(sizeof(fprint) > linelen + 1);
dst = fprint;
while(*p != '\r' && *p != '\n' && *p != ' ')
*dst++ = *p++;
fplen = dst - fprint;
*dst++ = '\0';
isInFP = true;
} else if (strncmp(p, "Interesting port", 16) == 0) {
q = line + linelen - 1;
while(*q && (*q == ')' || *q == ':' || *q == '\n'|| *q == '.' || isdigit((int) (unsigned char) *q))) {
if (*q == ')' || *q == ':' || *q == '\n') *q = '\0';
q--;
}
q++;
assert(isdigit((int)(unsigned char) *q));
if (inet_aton(q, &ip) != 0) {
snprintf(lastipbuf, sizeof(lastipbuf), " on %s", inet_ntoa(ip));
}
}
// Now we test if the fingerprint is complete
if (isInFP && fplen > 5 && strncmp(fprint + fplen - 3, "\");", 3) == 0) {
// Yeah! We have read in the whole fingerprint
isInFP = false;
// Cleans the fingerprint up a little, such as replacing \x20 with space and unescaping characters like \\ and \"
cleanfp(fprint, &fplen);
doMatch(AP, fprint, fplen, lastipbuf);
}
}
return 0;
}

61
scripts/serviceprintsunwrap.pl Executable file
View File

@@ -0,0 +1,61 @@
#!/usr/bin/perl -w
# For now, this script just un-wordwraps all the service fingerprints
# found in a file (or set of files) and prints them out. It also adds
# an IP element if it obtains that info from the Nmap log file.
sub osprep($) {
my $ln = shift;
chomp ($ln);
$ln =~ s/^\s+//;
$ln =~ s/\s+$//;
return $ln;
}
sub finalfpprep($) {
my $ln = shift;
$ln =~ s/\\x20/ /g;
return $ln;
}
my $infp = 0;
my $lineno = 0;
my $currentfp = "";
my $nextline;
my $lastip = "";
while(<>) {
$nextline = $_;
$lineno++;
if ($infp) {
if (!($nextline =~ /^ [^ ]+$/)) {
# Yay, just finished reading in an FP
print finalfpprep($currentfp) . "\n";
$infp = 0;
$currentfp = "";
} else {
$nextline = osprep($nextline);
$currentfp .= $nextline;
if (length($currentfp) > 10000) {
die "Fingerprint too long on line $lineno of input file(s)";
}
}
}
if ($nextline =~ /^Interesting ports on.*\D(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/) {
$lastip = $1;
}
if ($nextline =~ /^\s*SF-Port\d+-...:/) {
$nextline = osprep($nextline);
if ($lastip) {
$nextline =~ s/(SF-Port\d+-...:)/$1TIP=$lastip%/;
}
$currentfp .= $nextline;
$infp = 1;
}
}
if ($infp and $currentfp) {
print finalfpprep($currentfp) . "\n";
}

44
scripts/sign_release.pl Executable file
View File

@@ -0,0 +1,44 @@
#!/usr/local/bin/perl -w
sub usage() {
print "sign_release.pl <distdir>\n";
print "Cycles through every file in <distdir>, looking for corresponding gpg detached signature (<distdir>/$file.gpg.txt) and message digest (<distdir>/$file.digest.txt) files. If either are both are missing for a given $file, they are recreated by calling gpg appropriately.\n\n";
exit(1);
}
if ($#ARGV != 0) {
print STDERR "ERROR: Wrong number of command-line arguments (must be exactly 1)\n";
usage();
}
my $distdir = shift();
if ($distdir =~ m|/$|) { chop $distdir; }
if (! -d $distdir) {
print STDERR "ERROR: Dist dir ($distdir) doesn't exist\n";
}
if (! -d "$distdir/sigs/" ) {
print STDERR "ERROR: You must create sig directory ($distdir/sigs) before calling this script\n";
}
# Now go through each file generating sigs if neccessary
opendir DISTDIR, $distdir or die "Could not open distdir: $distdir\n";
foreach $file (readdir DISTDIR) {
if (-f "$distdir/$file") {
my $sigfile = "$distdir/sigs/$file.gpg.txt";
my $digfile = "$distdir/sigs/$file.digest.txt";
if (!-f $sigfile) {
my $command = "gpg --detach-sign --armor -o $sigfile $distdir/$file; chmod 644 $sigfile";
print "Running: $command\n";
system($command);
}
if (!-f $digfile) {
my $command = "cd $distdir && gpg --print-md \\* $file > $digfile; chmod 644 $digfile";
print "Running: $command\n";
system($command);
}
}
}

128
scripts/sort-prints.pl Executable file
View File

@@ -0,0 +1,128 @@
#!/usr/bin/perl -w
sub usage() {
print STDERR "Usage: sort-prints.pl <nmap-os-fingerprints file>\n" .
"Slurps up the given nmap-os-fingerprints file, sorts it appropriately (Class, then name string), then spits it out to stdout. Some minor canonicalization is done too.\n\n";
exit(0);
}
sub fprintsort {
lc($a->{firstClass}) cmp lc($b->{firstClass})
or
lc($a->{name}) cmp lc($b->{name});
}
if ($#ARGV != 0) {
print STDERR "ERROR: Wrong number of command-line arguments (must be exactly 1)\n";
usage();
}
my $osfile = shift();
open(OSFILE, "<$osfile") or die "Failed to open purported nmap-os-fingerprints file: $osfile\n";
my $state = "headertxt";
my $lineno = 0;
my $headertxt = "";
my @prints;
my %newFP = ();
while($nxtline = <OSFILE>) {
$lineno++;
if ($state eq "headertxt") {
if ($nxtline =~ /^\#/) {
$headertxt .= $nxtline;
} else {
$state = "fprint-comments";
}
next;
}
if ($nxtline =~ /^\s*$/) {
# REMEMBER TO COPY ANY TEXT HERE TO THE FINAL PRINT CAPTURE BELOW THIS LOOP
if ($state eq "fprint-tests") {
# A blank line ends a fingerprint
my %copy = %newFP;
push @prints, \%copy;
# print "Read in an FP! There are now " . ($#prints + 1) . "\n";
%newFP = ();
$state = "fprint-comments";
}
next;
}
if ($state eq "fprint-comments") {
if ($nxtline =~ /^\#/) {
if (!($nxtline =~ /^\# /)) {
$nxtline =~ s/^\#/\# /;
}
$newFP{comments} .= $nxtline;
next;
} else {
$state = "fprint-name";
}
}
if ($state eq "fprint-name") {
if ($nxtline =~ /^Fingerprint (\S.*\S)\s*$/) {
$newFP{name} = $1;
$state = "fprint-class";
next;
}
die "ERROR: Parse error on $osfile:$lineno -- expected Fingerprint directive";
}
if ($state eq "fprint-class") {
if ($nxtline =~ /^Class (\S.*\S)$/) {
if (!$newFP{firstClass}) {
$newFP{firstClass} = $1;
}
$newFP{data} .= "$nxtline";
next;
} else {
if (!$newFP{firstClass}) {
die "ERROR: Parse error on $osfile:$lineno -- expected Class directive";
}
$state = "fprint-tests";
}
}
if ($state eq "fprint-tests") {
if ($nxtline =~ /^(TSeq|T[1-7]|PU)\(.*\)(\s*\#.*)?$/) {
$newFP{data} .= "$nxtline";
next;
}
die "ERROR: Parse error on $osfile:$lineno -- expected a Tseq, T1-T7, or PU test line";
}
}
# Capture the final print
if ($state eq "fprint-tests") {
# A blank line ends a fingerprint
my %copy = %newFP;
push @prints, \%copy;
# print "Read final FP! There are now " . ($#prints + 1) . "\n";
} elsif ($state ne "fprint-comments") {
die "ERROR: $osfile appears to have ended in mid-fingerprint";
}
# print "Successfully read in " . ($#prints + 1) . " fingerprints from $osfile\n";
my @sortedprints = sort fprintsort @prints;
# print "The first name is $prints[0]->{name} and the second is $prints[1]->{name}\n";
# print "The sorted first name is $sortedprints[0]->{name} and the second is $sortedprints[1]->{name}\n";
print $headertxt;
print "\n";
my $firstline = "true";
foreach $print (@sortedprints) {
if ($firstline) {
$firstline = 0;
} else { print "\n"; }
if ($print->{comments}) {
print $print->{comments};
}
print "Fingerprint $print->{name}\n";
print "$print->{data}";
}

152
scripts/templatereplace.pl Executable file
View File

@@ -0,0 +1,152 @@
#!/usr/bin/perl -w
my $usage = <<EOUSAGE;
Usage: templatereplace.pl [ops] <templatefile> <subjectfile1> ...
The idea behind this simple script is to replace blocks of text in one
or more files with a standard block provided in a "template file".
This script first reads in the template file, making special note of
the first and last lines. It then reads in the subject files, one by
one. If it sees the first template file line in one of the files, it
deletes text in the subject file until it finds the last template
line. Then it replaces the deleted text with the verbatim contents of
the template file. Files that don't contain the first template line
are unchanged.
Example usage:
find . -name '*.[ch]' -o -name '*.cc' -o -name COPYING -o -iname '*.in' | xargs scripts/templatereplace.pl -v scripts/nmap.header.tmpl
find . -name '*.[ch]' -o -name '*.cc' -o -name COPYING -o -iname '*.in' | xargs scripts/templatereplace.pl -v scripts/nsock.header.tmpl
EOUSAGE
use Getopt::Std;
use English;
my $verbose = 0;
sub usage() { print $usage; exit(1); }
# This function processes a template file by reading in all the data
# from $tmpldata->{name} and filling in $tmpldata->{firstline},
# $tmpldata->{lastline}, and $tmpldata->{content} (the latter does
# not include firstline and lastline). This function will give an
# error and exit the program if there are problems.
sub process_tmpl($) {
my $tdata = shift();
my $line;
my $lastline;
my $lineno = 1;
if ($verbose) {
print "Reading in template file: " . $tdata->{fname} . "\n";
}
if (!open TMPL, "<" . $tdata->{fname}) {
print "FAILED to read in template file: " . $tdata->{fname} . "\n";
usage();
}
$tdata->{content} = "";
while($line = <TMPL>) {
if ($lineno == 1) {
$tdata->{firstline} = $line;
} else {
if ($lineno != 2) { $tdata->{content} .= $lastline; }
}
$lastline = $line;
$lineno++;
}
if ($lineno < 3) {
print "Template file " . $tdata->{fname} . " is not long enough! Muts be at least 3 lines (first, content, and last)\n";
}
$tdata->{lastline} = $lastline;
close TMPL;
}
sub process_subj($$) {
my ($subjectfile, $tmpl) = @_;
my $newfile = "";
my $state = 0;
my $line;
if (!open SUB, "<$subjectfile") {
print "FAILED to read in subject file ($subjectfile) - skipping\n";
return;
}
# No need to worry about perms since we are overwriting existing file.
# my $perm = (stat $subjectfile)[2];
# $perm = $perm & 0777; # We ONLY want mode (not type too) and no suid bits
while($line = <SUB>) {
if ($state == 0) {
# Haven't found the match begin yet
if ($line eq $tmpl->{firstline}) { $state = 1; }
else { $newfile .= $line; }
} elsif ($state == 1) {
# Am between the match begin and end
if ($line eq $tmpl->{lastline}) {
$state = 2;
$newfile .= $tmpl->{firstline};
$newfile .= $tmpl->{content};
$newfile .= $tmpl->{lastline};
}
# Otherwise do nothing
} else {
# Already did the match, now we just copy the lines verbatim.
$newfile .= $line;
}
}
close SUB;
if ($state == 0) {
if ($verbose) { print "$subjectfile -> no replacement\n"; }
} elsif ($state == 1) {
print "WARNING: $subjectfile had begin line but never ended - skipping\n";
} else {
# Yeah - we did the replacement so now lets write back the file.
if (!open SUBWRITE, ">$subjectfile") {
print "FAILED to write to subject file ($subjectfile) - $! - skipping\n";
return;
}
print SUBWRITE $newfile;
close SUBWRITE;
if ($verbose) {
print "$subjectfile -> replacement succeeded\n";
}
}
}
# MAIN
use vars qw($opt_h $opt_v);
if (!getopts("vh")) {
print STDERR "Invalid arguments\n";
usage();
}
if ($opt_h) {
usage();
}
if ($opt_v) {
$verbose = 1;
}
$tmpldata{fname} = shift();
process_tmpl(\%tmpldata);
if ($verbose) {
printf "Processed template:" . $tmpldata{fname} . "\nSeeking Start: " . $tmpldata{firstline} . " End: " . $tmpldata{lastline} . "\n";
}
# Now it is time to handle each subject file, one at a time.
my $subjectfile;
while($subjectfile = shift()) {
process_subj($subjectfile, \%tmpldata);
}