PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

o There is a new OS detection pseudo-test, SCAN.DC, which records how

Browse Source 
the network distance in SCAN.DS was calculated. Its value can be "L"
  for localhost, "D" for a direct connection, "I" for an ICMP TTL
  calculation, and "T" for a traceroute hop count. This is mainly for
  the benefit of OS integration, when it is sometimes important to
  distinguish between DS=1%DC=I (probably the result of forged TTLs)
  and DS=1%DC=D (a true one-hop connection.) [David]
This commit is contained in:
david
2009-08-23 23:58:28 +00:00
parent 85e7b4dd89
commit 4c6bafb3fa
7 changed files with 78 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG
View File

@@ -1,5 +1,13 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o There is a new OS detection pseudo-test, SCAN.DC, which records how
the network distance in SCAN.DS was calculated. Its value can be "L"
for localhost, "D" for a direct connection, "I" for an ICMP TTL
calculation, and "T" for a traceroute hop count. This is mainly for
the benefit of OS integration, when it is sometimes important to
distinguish between DS=1%DC=I (probably the result of forged TTLs)
and DS=1%DC=D (a true one-hop connection.) [David]
o [Zenmap] New translation: Russian (contributed by Alexander Khodyrev). o [Zenmap] New translation: Russian (contributed by Alexander Khodyrev).
o Added the ssl-cert.nse script, which retrieves and prints the server o Added the ssl-cert.nse script, which retrieves and prints the server

11
Target.h
View File

@@ -114,6 +114,16 @@ enum osscan_flags {
OS_NOTPERF=0, OS_PERF, OS_PERF_UNREL OS_NOTPERF=0, OS_PERF, OS_PERF_UNREL
}; };
/* The method used to calculate the Target::distance, included in OS
fingerprints. */
enum dist_calc_method {
DIST_METHOD_NONE,
DIST_METHOD_LOCALHOST,
DIST_METHOD_DIRECT,
DIST_METHOD_ICMP,
DIST_METHOD_TRACEROUTE
};
struct host_timeout_nfo { struct host_timeout_nfo {
unsigned long msecs_used; /* How many msecs has this Target used? */ unsigned long msecs_used; /* How many msecs has this Target used? */
bool toclock_running; /* Is the clock running right now? */ bool toclock_running; /* Is the clock running right now? */
@@ -242,6 +252,7 @@ class Target {
struct seq_info seq; struct seq_info seq;
int distance; int distance;
enum dist_calc_method distance_calculation_method;
FingerPrintResults *FPR; /* FP results get by the OS scan system. */ FingerPrintResults *FPR; /* FP results get by the OS scan system. */
PortList ports; PortList ports;

49
osscan.cc
View File

@@ -443,17 +443,43 @@ if (!FP) return;
return; return;
} }
static const char *dist_method_fp_string(enum dist_calc_method method)
{
const char *s = "";
switch (method) {
case DIST_METHOD_NONE:
s = "";
break;
case DIST_METHOD_LOCALHOST:
s = "L";
break;
case DIST_METHOD_DIRECT:
s = "D";
break;
case DIST_METHOD_ICMP:
s = "I";
break;
case DIST_METHOD_TRACEROUTE:
s = "T";
break;
}
return s;
}
/* Writes an informational "Test" result suitable for including at the /* Writes an informational "Test" result suitable for including at the
top of a fingerprint. Gives info which might be useful when the top of a fingerprint. Gives info which might be useful when the
FPrint is submitted (eg Nmap version, etc). Result is written (up FPrint is submitted (eg Nmap version, etc). Result is written (up
to ostrlen) to the ostr var passed in */ to ostrlen) to the ostr var passed in */
static void WriteSInfo(char *ostr, int ostrlen, bool isGoodFP, static void WriteSInfo(char *ostr, int ostrlen, bool isGoodFP,
const struct in_addr * const addr, int distance, const u8 *mac, const struct in_addr * const addr, int distance,
int openTcpPort, int closedTcpPort, int closedUdpPort) { enum dist_calc_method distance_calculation_method,
const u8 *mac, int openTcpPort,
int closedTcpPort, int closedUdpPort) {
struct tm *ltime; struct tm *ltime;
time_t timep; time_t timep;
char dsbuf[10], otbuf[8], ctbuf[8], cubuf[8]; char dsbuf[10], otbuf[8], ctbuf[8], cubuf[8], dcbuf[8];
char macbuf[16]; char macbuf[16];
timep = time(NULL); timep = time(NULL);
ltime = localtime(&timep); ltime = localtime(&timep);
@@ -472,14 +498,19 @@ static void WriteSInfo(char *ostr, int ostrlen, bool isGoodFP,
if(distance != -1) { if(distance != -1) {
Snprintf(dsbuf, sizeof(dsbuf), "%%DS=%d", distance); Snprintf(dsbuf, sizeof(dsbuf), "%%DS=%d", distance);
} }
if (distance_calculation_method != DIST_METHOD_NONE) {
Snprintf(dcbuf, sizeof(dcbuf), "%%DC=%s", dist_method_fp_string(distance_calculation_method));
} else {
dcbuf[0] = '\0';
}
macbuf[0] = '\0'; macbuf[0] = '\0';
if (mac) if (mac)
Snprintf(macbuf, sizeof(macbuf), "%%M=%02X%02X%02X", mac[0], mac[1], mac[2]); Snprintf(macbuf, sizeof(macbuf), "%%M=%02X%02X%02X", mac[0], mac[1], mac[2]);
Snprintf(ostr, ostrlen, "SCAN(V=%s%%D=%d/%d%%OT=%s%%CT=%s%%CU=%s%%PV=%c%s%%G=%c%s%%TM=%X%%P=%s)", Snprintf(ostr, ostrlen, "SCAN(V=%s%%D=%d/%d%%OT=%s%%CT=%s%%CU=%s%%PV=%c%s%s%%G=%c%s%%TM=%X%%P=%s)",
NMAP_VERSION, ltime->tm_mon + 1, ltime->tm_mday, NMAP_VERSION, ltime->tm_mon + 1, ltime->tm_mday,
otbuf, ctbuf, cubuf, isipprivate(addr)?'Y':'N', dsbuf, isGoodFP?'Y':'N', otbuf, ctbuf, cubuf, isipprivate(addr)?'Y':'N', dsbuf, dcbuf, isGoodFP?'Y':'N',
macbuf, (int) timep, NMAP_PLATFORM); macbuf, (int) timep, NMAP_PLATFORM);
} }
@@ -622,8 +653,10 @@ static bool FingerTest_lessthan(const FingerTest* a, const FingerTest* b) {
are included only once. If wrapit is true, the string is wrapped for are included only once. If wrapit is true, the string is wrapped for
submission. */ submission. */
const char *mergeFPs(FingerPrint *FPs[], int numFPs, bool isGoodFP, const char *mergeFPs(FingerPrint *FPs[], int numFPs, bool isGoodFP,
const struct in_addr * const addr, int distance, const u8 *mac, const struct in_addr * const addr, int distance,
int openTcpPort, int closedTcpPort, int closedUdpPort, bool wrapit) { enum dist_calc_method distance_calculation_method,
const u8 *mac, int openTcpPort, int closedTcpPort,
int closedUdpPort, bool wrapit) {
static char str[10240]; static char str[10240];
static char wrapstr[10240]; static char wrapstr[10240];
@@ -689,7 +722,7 @@ const char *mergeFPs(FingerPrint *FPs[], int numFPs, bool isGoodFP,
p = str; p = str;
/* Lets start by writing the fake "SCAN" test for submitting fingerprints */ /* Lets start by writing the fake "SCAN" test for submitting fingerprints */
WriteSInfo(p, sizeof(str), isGoodFP, addr, distance, mac, openTcpPort, closedTcpPort, closedUdpPort); WriteSInfo(p, sizeof(str), isGoodFP, addr, distance, distance_calculation_method, mac, openTcpPort, closedTcpPort, closedUdpPort);
p = p + strlen(str); p = p + strlen(str);
if (!wrapit) *p++ = '\n'; if (!wrapit) *p++ = '\n';

7
osscan.h
View File

@@ -96,6 +96,7 @@
#include "nmap.h" #include "nmap.h"
#include "global_structures.h" #include "global_structures.h"
#include "FingerPrintResults.h" #include "FingerPrintResults.h"
#include "Target.h"
#define OSSCAN_SUCCESS 0 #define OSSCAN_SUCCESS 0
#define OSSCAN_NOMATCHES -1 #define OSSCAN_NOMATCHES -1
@@ -146,7 +147,11 @@ void match_fingerprint(FingerPrint *FP, FingerPrintResults *FPR,
/* Returns true if perfect match -- if num_subtests & num_subtests_succeeded are non_null it updates them. if shortcircuit is zero, it does all the tests, otherwise it returns when the first one fails */ /* Returns true if perfect match -- if num_subtests & num_subtests_succeeded are non_null it updates them. if shortcircuit is zero, it does all the tests, otherwise it returns when the first one fails */
void freeFingerPrint(FingerPrint *FP); void freeFingerPrint(FingerPrint *FP);
const char *mergeFPs(FingerPrint *FPs[], int numFPs, bool isGoodFP, const struct in_addr * const addr, int distance, const u8 *mac, int openTcpPort, int closedTcpPort, int closedUdpPort, bool wrapit); const char *mergeFPs(FingerPrint *FPs[], int numFPs, bool isGoodFP,
const struct in_addr * const addr, int distance,
enum dist_calc_method distance_calculation_method,
const u8 *mac, int openTcpPort, int closedTcpPort,
int closedUdpPort, bool wrapit);
#endif /*OSSCAN_H*/ #endif /*OSSCAN_H*/

6
osscan2.cc
View File

@@ -3623,6 +3623,7 @@ static void endRound(OsScanInfo *OSI, HostOsScan *HOS, int roundNum) {
list<HostOsScanInfo *>::iterator hostI; list<HostOsScanInfo *>::iterator hostI;
HostOsScanInfo *hsi = NULL; HostOsScanInfo *hsi = NULL;
int distance = -1; int distance = -1;
enum dist_calc_method distance_calculation_method = DIST_METHOD_NONE;
for(hostI = OSI->incompleteHosts.begin(); for(hostI = OSI->incompleteHosts.begin();
hostI != OSI->incompleteHosts.end(); hostI++) { hostI != OSI->incompleteHosts.end(); hostI++) {
@@ -3652,14 +3653,18 @@ static void endRound(OsScanInfo *OSI, HostOsScan *HOS, int roundNum) {
if (islocalhost(hsi->target->v4hostip())) { if (islocalhost(hsi->target->v4hostip())) {
/* scanning localhost */ /* scanning localhost */
distance = 0; distance = 0;
distance_calculation_method = DIST_METHOD_LOCALHOST;
} else if (hsi->target->MACAddress()) { } else if (hsi->target->MACAddress()) {
/* on the same network segment */ /* on the same network segment */
distance = 1; distance = 1;
distance_calculation_method = DIST_METHOD_DIRECT;
} else if (hsi->hss->distance!=-1) { } else if (hsi->hss->distance!=-1) {
distance = hsi->hss->distance; distance = hsi->hss->distance;
distance_calculation_method = DIST_METHOD_ICMP;
} }
hsi->target->distance = hsi->target->FPR->distance = distance; hsi->target->distance = hsi->target->FPR->distance = distance;
hsi->target->distance_calculation_method = distance_calculation_method;
hsi->target->FPR->distance_guess = hsi->hss->distance_guess; hsi->target->FPR->distance_guess = hsi->hss->distance_guess;
} }
@@ -3717,6 +3722,7 @@ static void printFP(OsScanInfo *OSI) {
hsi->target->targetipstr(), hsi->target->targetipstr(),
mergeFPs(FPR->FPs, FPR->numFPs, true, mergeFPs(FPR->FPs, FPR->numFPs, true,
hsi->target->v4hostip(), hsi->target->distance, hsi->target->v4hostip(), hsi->target->distance,
hsi->target->distance_calculation_method,
hsi->target->MACAddress(), hsi->target->MACAddress(),
FPR->osscan_opentcpport, FPR->osscan_closedtcpport, FPR->osscan_opentcpport, FPR->osscan_closedtcpport,
FPR->osscan_closedudpport, false)); FPR->osscan_closedudpport, false));

6
output.cc
View File

@@ -1562,9 +1562,9 @@ static const char *merge_fpr(const FingerPrintResults *FPR,
const Target *currenths, const Target *currenths,
bool isGoodFP, bool wrapit) { bool isGoodFP, bool wrapit) {
return mergeFPs(FPR->FPs, FPR->numFPs, isGoodFP, currenths->v4hostip(), return mergeFPs(FPR->FPs, FPR->numFPs, isGoodFP, currenths->v4hostip(),
currenths->distance, currenths->MACAddress(), currenths->distance, currenths->distance_calculation_method,
FPR->osscan_opentcpport, FPR->osscan_closedtcpport, currenths->MACAddress(), FPR->osscan_opentcpport,
FPR->osscan_closedudpport, wrapit); FPR->osscan_closedtcpport, FPR->osscan_closedudpport, wrapit);
} }
static void write_merged_fpr(const FingerPrintResults *FPR, static void write_merged_fpr(const FingerPrintResults *FPR,

4
traceroute.cc
View File

@@ -808,8 +808,10 @@ Traceroute::trace(vector < Target * >&Targets) {
for (targ = valid_targets.begin(); targ != valid_targets.end(); ++targ) { for (targ = valid_targets.begin(); targ != valid_targets.end(); ++targ) {
int distance; int distance;
distance = TraceGroups[t->v4host().s_addr]->getDistance(); distance = TraceGroups[t->v4host().s_addr]->getDistance();
if (distance != -1) if (distance != -1) {
(*targ)->distance = distance; (*targ)->distance = distance;
(*targ)->distance_calculation_method = DIST_METHOD_TRACEROUTE;
}
} }
SPM->endTask(NULL, NULL); SPM->endTask(NULL, NULL);