From 6ee953a5ff05af635af762c8d7059319161e70f7 Mon Sep 17 00:00:00 2001 From: rewanth Date: Wed, 23 Aug 2017 08:52:40 +0000 Subject: [PATCH] Removes trailing spaces in 69 files. Closes #971. --- CHANGELOG | 4 +- CONTRIBUTING.md | 2 +- Makefile.in | 8 +- acinclude.m4 | 4 +- libnetutil/ARPHeader.h | 4 +- libnetutil/DestOptsHeader.h | 2 +- libnetutil/EthernetHeader.h | 2 +- libnetutil/FragmentHeader.h | 2 +- libnetutil/HopByHopHeader.h | 2 +- libnetutil/ICMPv4Header.cc | 16 ++-- libnetutil/ICMPv4Header.h | 18 ++--- libnetutil/ICMPv6Header.cc | 80 +++++++++---------- libnetutil/ICMPv6Header.h | 30 +++---- libnetutil/ICMPv6Option.cc | 4 +- libnetutil/IPv6ExtensionHeader.h | 2 +- libnetutil/IPv6Header.cc | 18 ++--- libnetutil/IPv6Header.h | 20 ++--- libnetutil/Makefile.in | 4 +- libnetutil/PacketElement.h | 2 +- libnetutil/PacketParser.cc | 80 +++++++++---------- libnetutil/PacketParser.h | 2 +- libnetutil/RawData.cc | 2 +- libnetutil/RoutingHeader.cc | 2 +- libnetutil/RoutingHeader.h | 4 +- libnetutil/TCPHeader.cc | 10 +-- libnetutil/TCPHeader.h | 2 +- libnetutil/UDPHeader.h | 2 +- libnetutil/netutil.cc | 82 ++++++++++---------- libnetutil/netutil.h | 2 +- missing | 2 +- ncat/ChangeLog | 10 +-- ncat/Makefile.in | 4 +- ncat/configure.ac | 16 ++-- ncat/docs/README | 16 ++-- ncat/docs/THANKS | 6 +- ncat/docs/examples/ipaccess | 2 +- ncat/docs/examples/scripts/README | 2 +- ncat/docs/examples/scripts/http-scan/README | 4 +- ncat/docs/ncat.xml | 2 +- ncat/docs/ncatguide.xml | 4 +- ncat/ncat_listen.c | 2 +- nmap-os-db | 20 ++--- nmap-payloads | 2 +- nmap-rpc | 20 ++--- nmap.cc | 2 +- nmap.spec.in | 4 +- nselib/data/favicon-db | 4 +- nselib/data/jdwp-class/JDWPExecCmd.java | 20 ++--- nselib/data/jdwp-class/JDWPSystemInfo.java | 22 +++--- nselib/data/jdwp-class/README.txt | 14 ++-- nselib/data/psexec/README | 18 ++--- nselib/data/psexec/nmap_service.c | 86 ++++++++++----------- nselib/http.lua | 2 +- nselib/libssh2.luadoc | 12 +-- nselib/msrpc.lua | 2 +- nselib/smb.lua | 10 +-- nsock/examples/Makefile | 2 +- nsock/src/Makefile.in | 10 +-- nsock/src/configure.ac | 2 +- nsock/src/engine_iocp.c | 4 +- nsock/src/nsock_internal.h | 2 +- nsock/src/nsock_iod.c | 2 +- nsock/src/nsock_proxy.h | 2 +- nsock/src/nsock_timers.c | 2 +- output.cc | 4 +- scan_engine.cc | 2 +- scripts/http-security-headers.nse | 48 ++++++------ scripts/http-vuln-cve2017-5689.nse | 14 ++-- scripts/smb2-time.nse | 4 +- 69 files changed, 409 insertions(+), 409 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 160a78e46..866955f50 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,8 +11,8 @@ o [NSE][GH#892] New script http-bigip-cookie decodes unencrypted F5 BIG-IP cookies and reports back the IP address and port of the actual server behind the load-balancer. [Seth Jackson] -o [NSE] New script http-jsonp-detection Attempts to discover JSONP endpoints in - web servers. JSONP endpoints can be used to bypass Same-origin Policy +o [NSE] New script http-jsonp-detection Attempts to discover JSONP endpoints in + web servers. JSONP endpoints can be used to bypass Same-origin Policy restrictions in web browsers. [Vinamra Bhatia] o Nmap can now resolve and scan all IP addresses of a host. Instead of using diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bcc8e3304..36fcc0de4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,6 @@ # Table of Contents --- - + * [Introduction](#intro) * [Code Repository](#repo) * [Bug Reports](#bug) diff --git a/Makefile.in b/Makefile.in index 63ca8df88..d7dab46c7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -26,8 +26,8 @@ export LIBLINEAR_LIBS = @LIBLINEAR_LIBS@ export NCATDIR=@NCATDIR@ CC = @CC@ CXX = @CXX@ -CCOPT = -DBGFLAGS = +CCOPT = +DBGFLAGS = STRIP = @STRIP@ LIBPCAPDIR = @libpcapdir@ LIBSSH2DIR = @LIBSSH2DIR@ @@ -74,7 +74,7 @@ LINGUAS ?= $(ALL_LINGUAS) # DESTDIR is used by some package maintainers to install Nmap under -# its usual directory structure into a different tree. See the +# its usual directory structure into a different tree. See the # CHANGELOG for more info. DESTDIR = @@ -469,7 +469,7 @@ check-dns: tests/check_dns check: @NCAT_CHECK@ @NSOCK_CHECK@ @ZENMAP_CHECK@ @NSE_CHECK@ @NDIFF_CHECK@ check-dns -${srcdir}/configure: configure.ac +${srcdir}/configure: configure.ac cd ${srcdir} && autoconf ## autoheader might not change config.h.in, so touch a stamp file. diff --git a/acinclude.m4 b/acinclude.m4 index c4554e724..491769a5f 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -40,7 +40,7 @@ extern char pcap_version[]; int main() { int major, minor1, minor2; sscanf(pcap_version,"%d.%d.%d", &major, &minor1, &minor2); - if (major > 0) + if (major > 0) return 0; if (minor1 < 9) return 1; @@ -227,7 +227,7 @@ AC_DEFUN([APR_FIND_APR], [ AC_MSG_CHECKING(for APR) AC_ARG_WITH(apr, - [ --with-apr=PATH prefix for installed APR or the full path to + [ --with-apr=PATH prefix for installed APR or the full path to apr-config], [ if test "$withval" = "no" || test "$withval" = "yes"; then diff --git a/libnetutil/ARPHeader.h b/libnetutil/ARPHeader.h index 0246a2941..5d4759015 100644 --- a/libnetutil/ARPHeader.h +++ b/libnetutil/ARPHeader.h @@ -209,7 +209,7 @@ #define OP_RESERVED 65535 /* Reserved [RFC5494] */ -/* TODO @todo: getTargetIP() and getSenderIP() should either +/* TODO @todo: getTargetIP() and getSenderIP() should either * return struct in_addr or IPAddress but not u32. */ class ARPHeader : public NetworkLayerElement { @@ -217,7 +217,7 @@ class ARPHeader : public NetworkLayerElement { private: struct nping_arp_hdr{ - + u16 ar_hrd; /* Hardware Type. */ u16 ar_pro; /* Protocol Type. */ u8 ar_hln; /* Hardware Address Length. */ diff --git a/libnetutil/DestOptsHeader.h b/libnetutil/DestOptsHeader.h index c93846fbe..35395bfee 100644 --- a/libnetutil/DestOptsHeader.h +++ b/libnetutil/DestOptsHeader.h @@ -145,7 +145,7 @@ class DestOptsHeader : public HopByHopHeader { . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - // Implemented in HopByHopHeader.h + // Implemented in HopByHopHeader.h public: DestOptsHeader(); ~DestOptsHeader(); diff --git a/libnetutil/EthernetHeader.h b/libnetutil/EthernetHeader.h index 3cd2312c8..aa4a9a928 100644 --- a/libnetutil/EthernetHeader.h +++ b/libnetutil/EthernetHeader.h @@ -180,7 +180,7 @@ class EthernetHeader : public DataLinkLayerElement { nping_eth_hdr_t h; public: - + EthernetHeader(); ~EthernetHeader(); void reset(); diff --git a/libnetutil/FragmentHeader.h b/libnetutil/FragmentHeader.h index a24836908..33cdaf9ca 100644 --- a/libnetutil/FragmentHeader.h +++ b/libnetutil/FragmentHeader.h @@ -154,7 +154,7 @@ class FragmentHeader : public IPv6ExtensionHeader { typedef struct nping_ipv6_ext_fragment_hdr nping_ipv6_ext_fragment_hdr_t; nping_ipv6_ext_fragment_hdr_t h; - + public: FragmentHeader(); ~FragmentHeader(); diff --git a/libnetutil/HopByHopHeader.h b/libnetutil/HopByHopHeader.h index 04272e7a4..d23afc423 100644 --- a/libnetutil/HopByHopHeader.h +++ b/libnetutil/HopByHopHeader.h @@ -170,7 +170,7 @@ class HopByHopHeader : public IPv6ExtensionHeader { nping_ipv6_ext_hopbyhop_hdr_t h; u8 *curr_option; - + public: HopByHopHeader(); ~HopByHopHeader(); diff --git a/libnetutil/ICMPv4Header.cc b/libnetutil/ICMPv4Header.cc index b5ea1f61a..3ed6dc581 100644 --- a/libnetutil/ICMPv4Header.cc +++ b/libnetutil/ICMPv4Header.cc @@ -380,7 +380,7 @@ bool ICMPv4Header::validateType(u8 val){ } /* End of validateType() */ -/** Returns true if the type fields contains an RFC compliant ICMP message +/** Returns true if the type fields contains an RFC compliant ICMP message * type. */ bool ICMPv4Header::validateType(){ return validateType( this->h.type ); @@ -500,13 +500,13 @@ int ICMPv4Header::setSum(){ u8 buffer[65535]; int total_len=0; h.checksum = 0; - + memcpy(buffer, &h, length); - + if( this->getNextElement() != NULL) - total_len=next->dumpToBinaryBuffer(buffer+length, 65535-length); + total_len=next->dumpToBinaryBuffer(buffer+length, 65535-length); total_len+=length; - + h.checksum = in_cksum((unsigned short *)buffer, total_len); return OP_SUCCESS; @@ -636,7 +636,7 @@ u32 ICMPv4Header::getReserved() const { * host byte order */ return (u32)ntohs(h_trc->unused); break; - + default: return OP_FAILURE; break; @@ -1100,7 +1100,7 @@ int ICMPv4Header::getICMPHeaderLengthFromType( u8 type ) const { case ICMP_TRACEROUTE: return 20; break; - + case ICMP_DOMAINNAME: case ICMP_DOMAINNAMEREPLY: return 8; @@ -1214,7 +1214,7 @@ const char *ICMPv4Header::type2string(int type, int code) const { case ICMP_MASKREPLY: return "Address mask reply"; break; - + case ICMP_TRACEROUTE: return "Traceroute"; break; diff --git a/libnetutil/ICMPv4Header.h b/libnetutil/ICMPv4Header.h index 929ed8de4..bc905a020 100644 --- a/libnetutil/ICMPv4Header.h +++ b/libnetutil/ICMPv4Header.h @@ -217,7 +217,7 @@ class ICMPv4Header : public ICMPHeader { /**********************************************************************/ /* ICMPv4 MESSAGE SPECIFIC HEADERS */ /**********************************************************************/ - + /* Destination Unreachable Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -232,7 +232,7 @@ class ICMPv4Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct icmp4_dest_unreach_msg icmp4_dest_unreach_msg_t; - + /* Time Exceeded Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -247,7 +247,7 @@ class ICMPv4Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct icmp4_time_exceeded_msg icmp4_time_exceeded_msg_t; - + /* Parameter Problem Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -264,7 +264,7 @@ class ICMPv4Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct icmp4_parameter_problem_msg icmp4_parameter_problem_msg_t; - + /* Source Quench Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -279,7 +279,7 @@ class ICMPv4Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct icmp4_source_quench_msg icmp4_source_quench_msg_t; - + /* Redirect Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -294,7 +294,7 @@ class ICMPv4Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct icmp4_redirect_msg icmp4_redirect_msg_t; - + /* Echo Request/Reply Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -345,7 +345,7 @@ class ICMPv4Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct icmp4_information_msg icmp4_information_msg_t; - + /* ICMP Router Advertisement Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -458,7 +458,7 @@ class ICMPv4Header : public ICMPHeader { u16 sequence; }__attribute__((__packed__)); typedef struct icmp4_domain_name_request_msg icmp4_domain_name_request_msg_t; - + /* ICMP Domain Name Reply Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -594,7 +594,7 @@ class ICMPv4Header : public ICMPHeader { int getICMPHeaderLengthFromType( u8 type ) const; const char *type2string(int type, int code) const; bool isError() const; - + }; /* End of class ICMPv4Header */ diff --git a/libnetutil/ICMPv6Header.cc b/libnetutil/ICMPv6Header.cc index e22901601..988093bf0 100644 --- a/libnetutil/ICMPv6Header.cc +++ b/libnetutil/ICMPv6Header.cc @@ -179,7 +179,7 @@ u8 *ICMPv6Header::getBufferPointer(){ /** Stores supplied packet in the internal buffer so the information * can be accessed using the standard get & set methods. - * @warning The ICMPv6Header class is able to hold a maximum of + * @warning The ICMPv6Header class is able to hold a maximum of * sizeof(nping_icmpv6_hdr_t) bytes. If the supplied buffer is longer than * that, only the first 1508 bytes will be stored in the internal buffer. * @warning Supplied len MUST be at least 8 bytes (min ICMPv6 header length). @@ -238,31 +238,31 @@ int ICMPv6Header::print(FILE *output, int detail) const { fprintf(output, " (type=%u/code=%u)", type, code); switch(type) { - + case ICMPv6_UNREACH: case ICMPv6_TIMXCEED: if(detail>=PRINT_DETAIL_HIGH) fprintf(output, " unused=%lu", (long unsigned int)this->getUnused()); break; - + case ICMPv6_ROUTERSOLICIT: if(detail>=PRINT_DETAIL_HIGH) fprintf(output, " reserved=%lu", (long unsigned int)this->getReserved()); break; - + case ICMPv6_PKTTOOBIG: fprintf(output, " mtu=%lu", (long unsigned int)this->getMTU()); break; - + case ICMPv6_PARAMPROB: fprintf(output, " pointer=%lu", (long unsigned int)this->getPointer()); break; - + case ICMPv6_ECHO: case ICMPv6_ECHOREPLY: fprintf(output, " id=%u seq=%u", this->getIdentifier(), this->getSequence()); break; - + case ICMPv6_NODEINFOQUERY: case ICMPv6_NODEINFORESP: if(this->getNodeInfoFlags()!=0){ @@ -505,15 +505,15 @@ int ICMPv6Header::setReserved(u32 val){ case ICMPv6_UNREACH: this->h_du->unused=htonl(val); break; - + case ICMPv6_TIMXCEED: this->h_te->unused=htonl(val); break; - + case ICMPv6_ROUTERSOLICIT: this->h_rs->reserved=htonl(val); break; - + case ICMPv6_NGHBRSOLICIT: this->h_ns->reserved=htonl(val); break; @@ -536,7 +536,7 @@ int ICMPv6Header::setReserved(u32 val){ case ICMPv6_RTRRENUM: this->h_rr->reserved=htonl(val); break; - + /* Types that don't have a reserved field */ case ICMPv6_ROUTERADVERT: case ICMPv6_ECHO: @@ -1283,10 +1283,10 @@ const char *ICMPv6Header::type2string(int type, int code) const { case ICMPv6_UNREACH_REJECT_ROUTE: return "Reject route"; break; default: return "Destination unreachable (unknown code)"; break; } - break; - + break; + case ICMPv6_PKTTOOBIG: - return "Packet too big"; + return "Packet too big"; break; case ICMPv6_TIMXCEED: @@ -1296,7 +1296,7 @@ const char *ICMPv6Header::type2string(int type, int code) const { default: return "Time exceeded (unknown code)"; break; } break; - + case ICMPv6_PARAMPROB: switch(code){ case ICMPv6_PARAMPROB_FIELD: return "Parameter problem (bad field)"; break; @@ -1307,34 +1307,34 @@ const char *ICMPv6Header::type2string(int type, int code) const { break; case ICMPv6_ECHO: - return "Echo request"; + return "Echo request"; break; case ICMPv6_ECHOREPLY: - return "Echo reply"; + return "Echo reply"; break; case ICMPv6_GRPMEMBQUERY: - return "Group membership query"; + return "Group membership query"; break; case ICMPv6_GRPMEMBREP: - return "Group membership report"; + return "Group membership report"; break; case ICMPv6_GRPMEMBRED: - return "Group membership reduction"; + return "Group membership reduction"; break; case ICMPv6_ROUTERSOLICIT: - return "Router sol"; + return "Router sol"; break; case ICMPv6_ROUTERADVERT: - return "Router advert"; + return "Router advert"; break; case ICMPv6_NGHBRSOLICIT: - return "Neighbor sol"; + return "Neighbor sol"; break; case ICMPv6_NGHBRADVERT: - return "Neighbor advert"; + return "Neighbor advert"; break; case ICMPv6_REDIRECT: - return "Redirect"; + return "Redirect"; break; case ICMPv6_RTRRENUM: switch(code){ @@ -1363,61 +1363,61 @@ const char *ICMPv6Header::type2string(int type, int code) const { break; case ICMPv6_INVNGHBRSOLICIT: - return "Inverse neighbor sol"; + return "Inverse neighbor sol"; break; case ICMPv6_INVNGHBRADVERT: - return "Inverse neighbor advert"; + return "Inverse neighbor advert"; break; case ICMPv6_MLDV2: - return "MLDv2 report"; + return "MLDv2 report"; break; case ICMPv6_AGENTDISCOVREQ: - return "Home agent request"; + return "Home agent request"; break; case ICMPv6_AGENTDISCOVREPLY: - return "Home agent reply"; + return "Home agent reply"; break; case ICMPv6_MOBPREFIXSOLICIT: - return "Prefix sol"; + return "Prefix sol"; break; case ICMPv6_MOBPREFIXADVERT: - return "Prefix advert"; + return "Prefix advert"; break; case ICMPv6_CERTPATHSOLICIT: - return "Cert path sol"; + return "Cert path sol"; break; case ICMPv6_CERTPATHADVERT: - return "Cert path advert"; + return "Cert path advert"; break; case ICMPv6_EXPMOBILITY: - return "Experimental mobility"; + return "Experimental mobility"; break; case ICMPv6_MRDADVERT: - return "Multicast router advert"; + return "Multicast router advert"; break; case ICMPv6_MRDSOLICIT: - return "Multicast router sol"; + return "Multicast router sol"; break; case ICMPv6_MRDTERMINATE: - return "Multicast router term"; + return "Multicast router term"; break; case ICMPv6_FMIPV6: - return "FMIPv6"; + return "FMIPv6"; break; - + default: return "Unknown ICMPv6 type"; break; diff --git a/libnetutil/ICMPv6Header.h b/libnetutil/ICMPv6Header.h index 8f68ea8cb..4c440e8f4 100644 --- a/libnetutil/ICMPv6Header.h +++ b/libnetutil/ICMPv6Header.h @@ -155,24 +155,24 @@ * * 1. Imagine we need to build an ICMP echo request message that includes some * arbitrary data to be echoed. We could do the following: - * + * * u8 final_packet[1024]; <-- Buffer to store the resulting packet * u32 final_packet_len=0; <-- Length of the resulting packet * ICMPv6Header header; <-- The ICMPv6 fixed-length part * RawData data; <-- The data to append to the echo message - * + * * header.setType(ICMPv6_ECHO); <-- Set ICMPv6 type to "Echo request" * data.store("1234567890"); <-- Store data we need to send. * header.setNextElement(&data); <-- Tell ICMPv6Header what's after it * header.setSum(); <-- Compute the checksum - * + * * final_packet_len=header.dumpToBinaryBuffer(fina_packet, 1024); * send_packet(final_packet, final_packet_len) * * 2. If we are sending a parameter problem message and we need to include the * invoking datagram, we can call setNextElement() passing an IPv6Header * pointer. - * + * * u8 final_packet[1024]; <-- Buffer to store the resulting packet * u32 final_packet_len=0; <-- Length of the resulting packet * ICMPv6Header header; <-- The ICMPv6 fixed-length part @@ -186,7 +186,7 @@ * * 3. If we are sending a router solicitation message, we'll call * setNextElement() passing an IPv6Options Pointer. - * + * * u8 final_packet[1024]; <-- Buffer to store the resulting packet * u32 final_packet_len=0; <-- Length of the resulting packet * ICMPv6Header header; <-- The ICMPv6 fixed-length part @@ -217,11 +217,11 @@ * following IETF RFC documents: RFC 4443, RFC 2461, RFC 2894 */ /* ICMP types and codes. - * The following types and codes have been defined by IANA. A complete list + * The following types and codes have been defined by IANA. A complete list * may be found at http://www.iana.org/assignments/icmpv6-parameters * * Definitions on the first level of indentation are ICMPv6 Types. - * Definitions on the second level of indentation (values enclosed in + * Definitions on the second level of indentation (values enclosed in * parenthesis) are ICMPv6 Codes */ #define ICMPv6_UNREACH 1 /* Destination unreachable [RFC 2463, 4443] */ #define ICMPv6_UNREACH_NO_ROUTE (0) /* --> No route to destination */ @@ -335,7 +335,7 @@ class ICMPv6Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct nping_icmpv6_hdr nping_icmpv6_hdr_t; - + /**********************************************************************/ /* ICMPv6 MESSAGE SPECIFIC HEADERS */ /**********************************************************************/ @@ -371,7 +371,7 @@ class ICMPv6Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct pkt_too_big_msg pkt_too_big_msg_t; - + /* Time Exceeded Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -387,7 +387,7 @@ class ICMPv6Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct time_exceeded_msg time_exceeded_msg_t; - + /* Parameter Problem Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -403,7 +403,7 @@ class ICMPv6Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct parameter_problem_msg parameter_problem_msg_t; - + /* Echo Request/Response Messages +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -418,7 +418,7 @@ class ICMPv6Header : public ICMPHeader { //u8 data[?]; }__attribute__((__packed__)); typedef struct echo_msg echo_msg_t; - + /* Router Advertisement Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -441,7 +441,7 @@ class ICMPv6Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct router_advert_msg router_advert_msg_t; - + /* Router Solicitation Message +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -538,7 +538,7 @@ class ICMPv6Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct redirect_msg redirect_msg_t; - + /* Router Renumbering Header +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | @@ -612,7 +612,7 @@ class ICMPv6Header : public ICMPHeader { }__attribute__((__packed__)); typedef struct mld_msg mld_msg_t; - + nping_icmpv6_hdr_t h; /* Helper pointers */ diff --git a/libnetutil/ICMPv6Option.cc b/libnetutil/ICMPv6Option.cc index f8a9fc8e3..0c2eac431 100644 --- a/libnetutil/ICMPv6Option.cc +++ b/libnetutil/ICMPv6Option.cc @@ -371,7 +371,7 @@ int ICMPv6Option::getHeaderLengthFromType(u8 type){ case ICMPv6_OPTION_SRC_LINK_ADDR: return ICMPv6_OPTION_SRC_LINK_ADDR_LEN; break; - + case ICMPv6_OPTION_TGT_LINK_ADDR: return ICMPv6_OPTION_TGT_LINK_ADDR_LEN; break; @@ -388,7 +388,7 @@ int ICMPv6Option::getHeaderLengthFromType(u8 type){ return ICMPv6_OPTION_MTU_LEN; break; - /* Packets with non RFC-Compliant option types will be represented as an + /* Packets with non RFC-Compliant option types will be represented as an * 8-byte ICMPv6 option. */ default: return ICMPv6_OPTION_MIN_HEADER_LEN; diff --git a/libnetutil/IPv6ExtensionHeader.h b/libnetutil/IPv6ExtensionHeader.h index c12ed354c..0cd452abe 100644 --- a/libnetutil/IPv6ExtensionHeader.h +++ b/libnetutil/IPv6ExtensionHeader.h @@ -145,7 +145,7 @@ #define EXTOPT_HOMEADDR 0xC9 /* Home Address (RFC 6275) */ class IPv6ExtensionHeader : public PacketElement { - + }; #endif diff --git a/libnetutil/IPv6Header.cc b/libnetutil/IPv6Header.cc index 99303e635..77d16430c 100644 --- a/libnetutil/IPv6Header.cc +++ b/libnetutil/IPv6Header.cc @@ -176,7 +176,7 @@ u8 *IPv6Header::getBufferPointer(){ * in the internal buffer. * @warning Supplied len MUST be at least 40 bytes (IPv6 header length). * @return OP_SUCCESS on success and OP_FAILURE in case of error */ -int IPv6Header::storeRecvData(const u8 *buf, size_t len){ +int IPv6Header::storeRecvData(const u8 *buf, size_t len){ if(buf==NULL || lengetHopLimit()); }else if( detail == PRINT_DETAIL_MED ){ - Snprintf(ipinfo, sizeof(ipinfo), "hlim=%d tclass=%d flow=%d", + Snprintf(ipinfo, sizeof(ipinfo), "hlim=%d tclass=%d flow=%d", this->getHopLimit(), this->getTrafficClass(), this->getFlowLabel() ); }else if( detail>=PRINT_DETAIL_HIGH ){ - Snprintf(ipinfo, sizeof(ipinfo), "ver=%d hlim=%d tclass=%d flow=%d plen=%d nh=%d", - this->getVersion(), this->getHopLimit(), this->getTrafficClass(), + Snprintf(ipinfo, sizeof(ipinfo), "ver=%d hlim=%d tclass=%d flow=%d plen=%d nh=%d", + this->getVersion(), this->getHopLimit(), this->getTrafficClass(), this->getFlowLabel(), this->getPayloadLength(), this->getNextHeader() ); } - fprintf(output, " %s]", ipinfo); + fprintf(output, " %s]", ipinfo); if(this->next!=NULL){ print_separator(output, detail); next->print(output, detail); @@ -295,8 +295,8 @@ u8 IPv6Header::getVersion() const { u8 fullbyte; }header1stbyte; - header1stbyte.fullbyte = h.ip6_start[0]; - return (u8)header1stbyte.halfbyte.ver; + header1stbyte.fullbyte = h.ip6_start[0]; + return (u8)header1stbyte.halfbyte.ver; } /* End of getVersion() */ @@ -337,7 +337,7 @@ int IPv6Header::setTrafficClass(u8 val){ /* Write the bytes back to the header */ h.ip6_start[0]=header1stbyte.fullbyte; h.ip6_start[1]=header2ndbyte.fullbyte; - + return OP_SUCCESS; } /* End of setTrafficClass() */ @@ -489,7 +489,7 @@ int IPv6Header::setNextHeader(const char *p){ setNextHeader(58); /* 58=IANA number for proto ICMPv6 */ else netutil_fatal("setNextProto(): Invalid protocol number\n"); - return OP_SUCCESS; + return OP_SUCCESS; } /* End of setNextHeader() */ diff --git a/libnetutil/IPv6Header.h b/libnetutil/IPv6Header.h index 8975c1230..832168622 100644 --- a/libnetutil/IPv6Header.h +++ b/libnetutil/IPv6Header.h @@ -146,7 +146,7 @@ class IPv6Header : public NetworkLayerElement { private: - + /* IPv6 Header Format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 @@ -172,14 +172,14 @@ class IPv6Header : public NetworkLayerElement { | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ - + struct nping_ipv6_hdr { u8 ip6_start[4]; /* Version, Traffic and Flow */ u16 ip6_len; /* Payload length */ u8 ip6_nh; /* Next Header */ u8 ip6_hopl; /* Hop Limit */ u8 ip6_src[16]; /* Source IP Address */ - u8 ip6_dst[16]; /* Destination IP Address */ + u8 ip6_dst[16]; /* Destination IP Address */ }__attribute__((__packed__)); typedef struct nping_ipv6_hdr nping_ipv6_hdr_t; @@ -187,7 +187,7 @@ class IPv6Header : public NetworkLayerElement { nping_ipv6_hdr_t h; public: - + /* Misc */ IPv6Header(); ~IPv6Header(); @@ -200,7 +200,7 @@ class IPv6Header : public NetworkLayerElement { /* IP version */ int setVersion(); - int setVersion(u8 val); + int setVersion(u8 val); u8 getVersion() const; /* Traffic class */ @@ -210,27 +210,27 @@ class IPv6Header : public NetworkLayerElement { /* Flow Label */ int setFlowLabel(u32 val); u32 getFlowLabel() const; - + /* Payload Length */ int setPayloadLength(u16 val); int setPayloadLength(); u16 getPayloadLength() const; - + /* Next Header */ int setNextHeader(u8 val); int setNextHeader(const char *p); u8 getNextHeader() const; - + /* Hop Limit */ int setHopLimit(u8 val); u8 getHopLimit() const; - + /* Source Address */ int setSourceAddress(u8 *val); int setSourceAddress(struct in6_addr val); const u8 *getSourceAddress() const; struct in6_addr getSourceAddress(struct in6_addr *result) const; - + /* Destination Address*/ int setDestinationAddress(u8 *val); int setDestinationAddress(struct in6_addr val); diff --git a/libnetutil/Makefile.in b/libnetutil/Makefile.in index 855fa2265..c7deb927c 100644 --- a/libnetutil/Makefile.in +++ b/libnetutil/Makefile.in @@ -17,7 +17,7 @@ TARGET = libnetutil.a SRCS = $(srcdir)/netutil.cc $(srcdir)/PacketElement.cc $(srcdir)/NetworkLayerElement.cc $(srcdir)/ARPHeader.cc $(srcdir)/PacketElement.cc $(srcdir)/NetworkLayerElement.cc $(srcdir)/TransportLayerElement.cc $(srcdir)/ARPHeader.cc $(srcdir)/EthernetHeader.cc $(srcdir)/ICMPv4Header.cc $(srcdir)/ICMPv6Header.cc $(srcdir)/IPv4Header.cc $(srcdir)/IPv6Header.cc $(srcdir)/TCPHeader.cc $(srcdir)/UDPHeader.cc $(srcdir)/RawData.cc $(srcdir)/HopByHopHeader.cc $(srcdir)/DestOptsHeader.cc $(srcdir)/FragmentHeader.cc $(srcdir)/RoutingHeader.cc $(srcdir)/PacketParser.cc OBJS = netutil.o PacketElement.o NetworkLayerElement.o TransportLayerElement.o ARPHeader.o EthernetHeader.o ICMPv4Header.o ICMPv6Header.o IPv4Header.o IPv6Header.o TCPHeader.o UDPHeader.o RawData.o HopByHopHeader.o DestOptsHeader.o FragmentHeader.o RoutingHeader.o PacketParser.o -all: $(TARGET) +all: $(TARGET) $(TARGET): $(OBJS) rm -f $@ @@ -25,7 +25,7 @@ $(TARGET): $(OBJS) $(RANLIB) $@ clean: - rm -f $(OBJS) $(TARGET) + rm -f $(OBJS) $(TARGET) distclean: clean rm -rf Makefile makefile.dep diff --git a/libnetutil/PacketElement.h b/libnetutil/PacketElement.h index 50c11ad61..59a495364 100644 --- a/libnetutil/PacketElement.h +++ b/libnetutil/PacketElement.h @@ -182,7 +182,7 @@ class PacketElement { public: PacketElement(); - + virtual ~PacketElement(){ } /* End of PacketElement destructor */ diff --git a/libnetutil/PacketParser.cc b/libnetutil/PacketParser.cc index 2fe43495d..6227fb69a 100644 --- a/libnetutil/PacketParser.cc +++ b/libnetutil/PacketParser.cc @@ -621,11 +621,11 @@ pkt_type_t *PacketParser::parse_packet(const u8 *pkt, size_t pktlen, bool eth_in }else{ // next_layer==APPLICATION_LAYER if(PKTPARSERDEBUG)puts("Next Layer=Application"); if(curr_pktlen>0){ - - /* If we get here it is possible that the packet is ARP but - * we have no access to the original Ethernet header. We - * determine if this header is ARP by checking its size - * and checking for some common values. */ + + /* If we get here it is possible that the packet is ARP but + * we have no access to the original Ethernet header. We + * determine if this header is ARP by checking its size + * and checking for some common values. */ if(arp.storeRecvData(curr_pkt, curr_pktlen)!=OP_FAILURE){ if( (arplen=arp.validate())!=OP_FAILURE){ if(arp.getHardwareType()==HDR_ETH10MB){ @@ -649,7 +649,7 @@ pkt_type_t *PacketParser::parse_packet(const u8 *pkt, size_t pktlen, bool eth_in } } } - + //if(expected==HEADER_TYPE_DNS){ //}else if(expected==HEADER_TYPE_HTTP){ //}... ETC @@ -1035,9 +1035,9 @@ const char *PacketParser::test_packet_parser(PacketElement *test_pkt){ /* Returns true if the supplied "rcvd" packet is a response to the "sent" packet. - * This method currently handles IPv4, IPv6, ICMPv4, ICMPv6, TCP and UDP. Here + * This method currently handles IPv4, IPv6, ICMPv4, ICMPv6, TCP and UDP. Here * some examples of what can be matched using it: - * + * * Probe: TCP SYN -> Response TCP SYN|ACK * Probe: TCP SYN -> Response TCP RST|ACK * Probe: UDP:53 -> Response UDP from port 53. @@ -1050,9 +1050,9 @@ const char *PacketParser::test_packet_parser(PacketElement *test_pkt){ * * Note that ICMP error messages are matched against sent probes (e.g: an ICMP * Parameter Problem generated as a result of an invalid TCP segment is matched - * positively with the original TCP segment). Therefore, the caller must ensure + * positively with the original TCP segment). Therefore, the caller must ensure * that the received packet is what it expects before using it (e.g: the packet - * is an actual TCP packet, not an ICMP error). + * is an actual TCP packet, not an ICMP error). * * Warning: this method assumes that the probes you send are reasonably * different from each other. Don't expect a 100% accuracy if you send a bunch @@ -1063,8 +1063,8 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ if(sent==NULL || rcvd==NULL) return false; - - /* If any of the packets is encapsulated in an Ethernet frame, strip the + + /* If any of the packets is encapsulated in an Ethernet frame, strip the * link layer header before proceeding with the matching process. */ if(rcvd->protocol_id()==HEADER_TYPE_ETHERNET) if( (rcvd=rcvd->getNextElement())==NULL) @@ -1072,11 +1072,11 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ if(sent->protocol_id()==HEADER_TYPE_ETHERNET) if( (sent=sent->getNextElement())==NULL) return false; - + /* Make sure both packets have the same network layer */ if(rcvd->protocol_id()!=sent->protocol_id()) return false; - + /* The packet could be ARP */ if(rcvd->protocol_id()==HEADER_TYPE_ARP){ ARPHeader *sent_arp=(ARPHeader *)sent; @@ -1084,7 +1084,7 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ switch(sent_arp->getOpCode()){ case OP_ARP_REQUEST: if(rcvd_arp->getOpCode()==OP_ARP_REPLY){ - /* TODO @todo: getTargetIP() and getSenderIP() should + /* TODO @todo: getTargetIP() and getSenderIP() should * either return struct in_addr or IPAddress but not u32. */ if(sent_arp->getTargetIP()==rcvd_arp->getSenderIP()) if(sent_arp->getSenderIP()==rcvd_arp->getTargetIP()) @@ -1092,8 +1092,8 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ } return false; break; - - /* We only support ARP, not RARP or other weird stuff. Also, if + + /* We only support ARP, not RARP or other weird stuff. Also, if * we didn't send a request, then we don't expect any response */ case OP_RARP_REQUEST: case OP_DRARP_REQUEST: @@ -1101,11 +1101,11 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ default: return false; break; - + } return false; } - + /* The packet is IPv4 or IPv6 */ if(rcvd->protocol_id()!=HEADER_TYPE_IPv6 && rcvd->protocol_id()!=HEADER_TYPE_IPv4) return false; @@ -1123,7 +1123,7 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ return false; if(PKTPARSERDEBUG)printf("%s(): Src and Dst addresses make sense.\n", __func__); - + /* Skip layers until we find ICMP or a transport protocol */ PacketElement *rcvd_layer4=rcvd_ip->getNextElement(); PacketElement *sent_layer4=sent_ip->getNextElement(); @@ -1145,34 +1145,34 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ } if(rcvd_layer4==NULL || sent_layer4==NULL) return false; - + if(PKTPARSERDEBUG)printf("%s(): Layer 4 found for both packets.\n", __func__); /* If we get here it means that both packets have a proper layer4 protocol * header. Now we have to check which type are they and see if a probe-response * relation can be established. */ if(sent_layer4->protocol_id()==HEADER_TYPE_ICMPv6 || sent_layer4->protocol_id()==HEADER_TYPE_ICMPv4){ - + if(PKTPARSERDEBUG)printf("%s(): Sent packet is ICMP.\n", __func__); /* Make sure received packet is ICMP (we only expect ICMP responses for * ICMP probes) */ if(rcvd_layer4->protocol_id()!=HEADER_TYPE_ICMPv6 && rcvd_layer4->protocol_id()!=HEADER_TYPE_ICMPv4 ) return false; - + /* Make sure both packets have the same ICMP version */ if(sent_layer4->protocol_id()!=rcvd_layer4->protocol_id()) return false; - if(PKTPARSERDEBUG)printf("%s(): Received packet is ICMP too.\n", __func__); - + if(PKTPARSERDEBUG)printf("%s(): Received packet is ICMP too.\n", __func__); + /* Check if the received ICMP is an error message. We don't care which kind * of error message it is. The only important thing is that error messages * contain a copy of the original datagram, and that's what we want to * match against the sent probe. */ if( ((ICMPHeader *)rcvd_layer4)->isError() ){ NetworkLayerElement *iperror=(NetworkLayerElement *)rcvd_layer4->getNextElement(); - + if(PKTPARSERDEBUG)printf("%s(): Received ICMP is an error message.\n", __func__); /* ICMP error message must contain the original datagram */ @@ -1426,9 +1426,9 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ return false; // Should never happen, though. } }else{ /* Received ICMP is informational. */ - + if(PKTPARSERDEBUG)printf("%s(): Received ICMP is an informational message.\n", __func__); - + /* If we get here it means that we received an informational ICMPv6 * message. So now we have to check if the received message is the * expected reply to the probe we sent (like an Echo reply for an Echo @@ -1726,12 +1726,12 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ } } }else if(sent_layer4->protocol_id()==HEADER_TYPE_TCP || sent_layer4->protocol_id()==HEADER_TYPE_UDP){ - + if(PKTPARSERDEBUG)printf("%s(): Sent packet has a transport layer header.\n", __func__); /* Both are TCP or both UDP */ if(sent_layer4->protocol_id()==rcvd_layer4->protocol_id()){ - + if(PKTPARSERDEBUG)printf("%s(): Received packet has a transport layer header too.\n", __func__); /* Probe source port must equal response target port */ @@ -1744,9 +1744,9 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ /* If we sent TCP or UDP and got ICMP in response, we need to find a copy of our packet in the * ICMP payload, providing it is an ICMP error message. */ }else if(rcvd_layer4->protocol_id()==HEADER_TYPE_ICMPv6 || rcvd_layer4->protocol_id()==HEADER_TYPE_ICMPv4){ - + if(PKTPARSERDEBUG)printf("%s(): Received packet does not have transport layer header but an ICMP header.\n", __func__); - + /* We only expect ICMP error messages */ if( !(((ICMPHeader *)rcvd_layer4)->isError()) ) return false; @@ -1810,17 +1810,17 @@ bool PacketParser::is_response(PacketElement *sent, PacketElement *rcvd){ /* Tries to find a transport layer header in the supplied chain of * protocol headers. On success it returns a pointer to a PacketElement * of one of these types: - * + * * HEADER_TYPE_TCP * HEADER_TYPE_UDP - * HEADER_TYPE_ICMPv4 + * HEADER_TYPE_ICMPv4 * HEADER_TYPE_ICMPv6 * HEADER_TYPE_SCTP * HEADER_TYPE_ARP - * + * * It returns NULL if no transport layer header is found. - * - * Note that this method onyl understands IPv4, IPv6 (and its + * + * Note that this method onyl understands IPv4, IPv6 (and its * extension headers) and Ethernet. If the supplied packet contains * something different before the tranport layer, NULL will be returned. * */ @@ -1841,7 +1841,7 @@ PacketElement *PacketParser::find_transport_layer(PacketElement *chain){ case HEADER_TYPE_IPv6_MOBILE: aux=aux->getNextElement(); break; - + /* If we found the transport layer, return it. */ case HEADER_TYPE_TCP: case HEADER_TYPE_UDP: @@ -1851,9 +1851,9 @@ PacketElement *PacketParser::find_transport_layer(PacketElement *chain){ case HEADER_TYPE_ARP: return aux; break; - + /* Otherwise, the packet contains headers we don't understand - * so we just return NULL to indicate that no valid transport + * so we just return NULL to indicate that no valid transport * layer was found. */ default: return NULL; diff --git a/libnetutil/PacketParser.h b/libnetutil/PacketParser.h index 94a6b5fb1..ab716a553 100644 --- a/libnetutil/PacketParser.h +++ b/libnetutil/PacketParser.h @@ -178,7 +178,7 @@ typedef struct packet_type{ class PacketParser { private: - + public: /* Misc */ diff --git a/libnetutil/RawData.cc b/libnetutil/RawData.cc index 7cd0623ac..ef5303a36 100644 --- a/libnetutil/RawData.cc +++ b/libnetutil/RawData.cc @@ -165,7 +165,7 @@ u8 * RawData::getBufferPointer(){ } /* End of getBufferPointer() */ -u8 * RawData::getBufferPointer(int *mylen){ +u8 * RawData::getBufferPointer(int *mylen){ if(mylen!=NULL) *mylen=this->length; return this->data; diff --git a/libnetutil/RoutingHeader.cc b/libnetutil/RoutingHeader.cc index c2aacb05b..f29993b25 100644 --- a/libnetutil/RoutingHeader.cc +++ b/libnetutil/RoutingHeader.cc @@ -186,7 +186,7 @@ int RoutingHeader::storeRecvData(const u8 *buf, size_t len){ /* Type 0 has a variable length, but the value of its HdrExtLen * field must be even (because it must be a multiple of the * IPv6 address size). We also make sure that the received buffer - * has as many bytes as the HdrExtLen field says it has, and + * has as many bytes as the HdrExtLen field says it has, and * that it doesn't exceed the maximum number of octets we * can store in this object. */ if(this->h.len%2==1 || ((unsigned int)(this->h.len+1))*8 > len || (this->h.len+1)*8 > ROUTING_HEADER_MAX_LEN){ diff --git a/libnetutil/RoutingHeader.h b/libnetutil/RoutingHeader.h index 7dc982e4d..b91e03dc1 100644 --- a/libnetutil/RoutingHeader.h +++ b/libnetutil/RoutingHeader.h @@ -191,7 +191,7 @@ class RoutingHeader : public IPv6ExtensionHeader { + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - + 3) Type 2 Routing header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -219,7 +219,7 @@ class RoutingHeader : public IPv6ExtensionHeader { nping_ipv6_ext_routing_hdr_t h; u8 *curr_addr; - + public: RoutingHeader(); ~RoutingHeader(); diff --git a/libnetutil/TCPHeader.cc b/libnetutil/TCPHeader.cc index c6a197678..833856bb1 100644 --- a/libnetutil/TCPHeader.cc +++ b/libnetutil/TCPHeader.cc @@ -886,12 +886,12 @@ const u8 *TCPHeader::getOptions(size_t *optslen) const { /* Returns the index-th option in the TCP header. On success it returns a * structure filled with option information. If there is no index-th option, - * it returns a structure with st.value==NULL. Note that this function does - * not perform strict validity checking. It does check that the length claimed - * by the options does not exceed the available buffer but it does not check, - * for example, that the MSS option always contains a length of 4. Also, + * it returns a structure with st.value==NULL. Note that this function does + * not perform strict validity checking. It does check that the length claimed + * by the options does not exceed the available buffer but it does not check, + * for example, that the MSS option always contains a length of 4. Also, * if the returned option type is TCPOPT_EOL or TCPOPT_NOOP, the len field - * would be set to zero and the "value" field should NOT be accessed, as it + * would be set to zero and the "value" field should NOT be accessed, as it * will not contain reliable information. */ nping_tcp_opt_t TCPHeader::getOption(unsigned int index) const { nping_tcp_opt_t *curr_opt=NULL; diff --git a/libnetutil/TCPHeader.h b/libnetutil/TCPHeader.h index 1654986ea..137b644a3 100644 --- a/libnetutil/TCPHeader.h +++ b/libnetutil/TCPHeader.h @@ -256,7 +256,7 @@ class TCPHeader : public TransportLayerElement { int protocol_id() const; int validate(); int print(FILE *output, int detail) const; - + int setSourcePort(u16 p); u16 getSourcePort() const; diff --git a/libnetutil/UDPHeader.h b/libnetutil/UDPHeader.h index 17792b593..c80ce1f11 100644 --- a/libnetutil/UDPHeader.h +++ b/libnetutil/UDPHeader.h @@ -174,7 +174,7 @@ class UDPHeader : public TransportLayerElement { int protocol_id() const; int validate(); int print(FILE *output, int detail) const; - + int setSourcePort(u16 p); u16 getSourcePort() const; diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc index fbe34967b..a1e2ac588 100644 --- a/libnetutil/netutil.cc +++ b/libnetutil/netutil.cc @@ -195,7 +195,7 @@ #endif #endif #ifndef NETINET_IP_H /* This guarding is needed for at least some versions of OpenBSD */ -#include +#include #define NETINET_IP_H #endif #include @@ -400,7 +400,7 @@ int parse_ip_options(const char *txt, u8 *data, int datalen, int* firsthopoff, i *d++ = 0;*d++ = 0;*d++ = 0;*d++ = 0; }else{ if(errstr) Snprintf(errstr, errstrlen, "When using source routing you must leave at least one slot for target's ip."); - return OP_FAILURE; + return OP_FAILURE; } } if(s == RR) @@ -527,7 +527,7 @@ int ip_is_reserved(struct in_addr *ip) /* 169.254.0.0/16 is reserved for DHCP clients seeking addresses - RFC3927 */ if (i1 == 169 && i2 == 254) return 1; - + /* 203.0.113.0/24 is reserved for documentation (RFC5737) */ if (i1 == 203 && i2 == 0 && i3 == 113) return 1; @@ -1607,7 +1607,7 @@ int sockaddr_equal_zero(const struct sockaddr_storage *s) { /* This is a helper for getsysroutes_dnet. Once the table of routes is in place, this function assigns each to an interface and removes any routes that can't be assigned. */ -static struct dnet_collector_route_nfo *sysroutes_dnet_find_interfaces(struct dnet_collector_route_nfo *dcrn) +static struct dnet_collector_route_nfo *sysroutes_dnet_find_interfaces(struct dnet_collector_route_nfo *dcrn) { struct interface_info *ifaces; int numifaces = 0; @@ -1721,7 +1721,7 @@ static struct sys_route *getsysroutes_dnet(int *howmany, char *errstr, size_t er dcrn.numifaces = 0; assert(howmany); route_t *dr = route_open(); - + if (!dr){ if(errstr) Snprintf(errstr, errstrlen, "%s: route_open() failed", __func__); *howmany=-1; @@ -1757,7 +1757,7 @@ struct sys_route *getsysroutes(int *howmany, char *errstr, size_t errstrlen) { static struct sys_route *routes = NULL; static int numroutes = 0; assert(howmany); - + if (routes != NULL) { /* We have it cached. */ *howmany = numroutes; @@ -1865,7 +1865,7 @@ memset(buffer, 0, 129); switch(nextheader){ - case 0: + case 0: if(acronym) strncpy(buffer, "HOPOPT", 128); else @@ -1873,7 +1873,7 @@ switch(nextheader){ break; - case 1: + case 1: if(acronym) strncpy(buffer, "ICMP", 128); else @@ -1881,7 +1881,7 @@ switch(nextheader){ break; - case 2: + case 2: if(acronym) strncpy(buffer, "IGMP", 128); else @@ -1889,7 +1889,7 @@ switch(nextheader){ break; - case 4: + case 4: if(acronym) strncpy(buffer, "IP", 128); else @@ -1897,7 +1897,7 @@ switch(nextheader){ break; - case 6: + case 6: if(acronym) strncpy(buffer, "TCP", 128); else @@ -1905,7 +1905,7 @@ switch(nextheader){ break; - case 8: + case 8: if(acronym) strncpy(buffer, "EGP", 128); else @@ -1913,7 +1913,7 @@ switch(nextheader){ break; - case 9: + case 9: if(acronym) strncpy(buffer, "IGP", 128); else @@ -1921,7 +1921,7 @@ switch(nextheader){ break; - case 17: + case 17: if(acronym) strncpy(buffer, "UDP", 128); else @@ -1929,7 +1929,7 @@ switch(nextheader){ break; - case 41: + case 41: if(acronym) strncpy(buffer, "IPv6", 128); else @@ -1937,7 +1937,7 @@ switch(nextheader){ break; - case 43: + case 43: if(acronym) strncpy(buffer, "IPv6-Route", 128); else @@ -1945,7 +1945,7 @@ switch(nextheader){ break; - case 44: + case 44: if(acronym) strncpy(buffer, "IPv6-Frag", 128); else @@ -1953,7 +1953,7 @@ switch(nextheader){ break; - case 50: + case 50: if(acronym) strncpy(buffer, "ESP", 128); else @@ -1961,7 +1961,7 @@ switch(nextheader){ break; - case 51: + case 51: if(acronym) strncpy(buffer, "AH", 128); else @@ -1969,7 +1969,7 @@ switch(nextheader){ break; - case 55: + case 55: if(acronym) strncpy(buffer, "MOBILE", 128); else @@ -1977,7 +1977,7 @@ switch(nextheader){ break; - case 58: + case 58: if(acronym) strncpy(buffer, "IPv6-ICMP", 128); else @@ -1985,7 +1985,7 @@ switch(nextheader){ break; - case 59: + case 59: if(acronym) strncpy(buffer, "IPv6-NoNxt", 128); else @@ -1993,7 +1993,7 @@ switch(nextheader){ break; - case 60: + case 60: if(acronym) strncpy(buffer, "IPv6-Opts", 128); else @@ -2001,7 +2001,7 @@ switch(nextheader){ break; - case 70: + case 70: if(acronym) strncpy(buffer, "VISA", 128); else @@ -2009,7 +2009,7 @@ switch(nextheader){ break; - case 88: + case 88: if(acronym) strncpy(buffer, "EIGRP", 128); else @@ -2017,7 +2017,7 @@ switch(nextheader){ break; - case 94: + case 94: if(acronym) strncpy(buffer, "IPIP", 128); else @@ -2025,7 +2025,7 @@ switch(nextheader){ break; - case 132: + case 132: if(acronym) strncpy(buffer, "SCTP", 128); else @@ -2033,7 +2033,7 @@ switch(nextheader){ break; - case 133: + case 133: if(acronym) strncpy(buffer, "FC", 128); else @@ -2041,7 +2041,7 @@ switch(nextheader){ break; - case 135: + case 135: if(acronym) strncpy(buffer, "MH", 128); else @@ -2052,7 +2052,7 @@ switch(nextheader){ return buffer; - + } /* End of nexthdrtoa() */ @@ -2250,7 +2250,7 @@ char *format_ip_options(const u8* ipopt, int ipoptlen) { STRAPP("}",NULL); option_type = UNKNOWN; } - } // while + } // while if(option_type != UNKNOWN) STRAPP("}"); @@ -3528,8 +3528,8 @@ static int route_dst_generic(const struct sockaddr_storage *dst, * of the routing details. If the source address needs to be spoofed, * it should be passed through "spoofss" (otherwise NULL should be * specified), along with a suitable network device (parameter "device"). - * Even if spoofss is NULL, if user specified a network device with -e, - * it should still be passed. Note that it's OK to pass either NULL or + * Even if spoofss is NULL, if user specified a network device with -e, + * it should still be passed. Note that it's OK to pass either NULL or * an empty string as the "device", as long as spoofss==NULL. */ int route_dst(const struct sockaddr_storage *dst, struct route_nfo *rnfo, const char *device, const struct sockaddr_storage *spoofss) { @@ -3544,7 +3544,7 @@ int route_dst(const struct sockaddr_storage *dst, struct route_nfo *rnfo, * the call fails. It also prints informational messages about the * errors encountered. It returns the number of bytes sent or -1 in * case of error. */ -int Sendto(const char *functionname, int sd, +int Sendto(const char *functionname, int sd, const unsigned char *packet, int len, unsigned int flags, struct sockaddr *to, int tolen) { @@ -3625,7 +3625,7 @@ int send_ip_packet_sd(int sd, const struct sockaddr_in *dst, assert(sd >= 0); sock = *dst; - /* It is bogus that I need the address and port info when sending a RAW IP + /* It is bogus that I need the address and port info when sending a RAW IP packet, but it doesn't seem to work w/o them */ if (packetlen >= 20) { if (ip->ip_p == IPPROTO_TCP @@ -4260,7 +4260,7 @@ static int read_reply_pcap(pcap_t *pd, long to_usec, // sent the packet (which is according to gettimeofday() in nbase). For now, I will sadly have to // use gettimeofday() for Windows in this case // Actually I now allow .05 discrepancy. So maybe this isn't needed. I'll comment out for now. - // Nope: it is still needed at least for Windows. Sometimes the time from he pcap header is a + // Nope: it is still needed at least for Windows. Sometimes the time from he pcap header is a // COUPLE SECONDS before the gettimeofday() results :(. #if defined(WIN32) || defined(__amigaos__) gettimeofday(&tv_end, NULL); @@ -4520,11 +4520,11 @@ bool doArp(const char *dev, const u8 *srcmac, u8 *targetmac, void (*traceArp_callback)(int, const u8 *, u32 , struct timeval *) ) { - /* timeouts in microseconds ... the first ones are retransmit times, while + /* timeouts in microseconds ... the first ones are retransmit times, while the final one is when we give up */ int timeouts[] = { 100000, 400000, 800000 }; int max_sends = 3; - int num_sends = 0; // How many we have sent so far + int num_sends = 0; // How many we have sent so far eth_t *ethsd; u8 frame[ETH_HDR_LEN + ARP_HDR_LEN + ARP_ETHIP_LEN]; const struct sockaddr_in *targetsin = (struct sockaddr_in *) targetip; @@ -4661,7 +4661,7 @@ const char *grab_next_host_spec(FILE *inputfd, bool random, int argc, const char Strncpy(host_spec, inet_ntoa(ip), sizeof(host_spec)); } else if (!inputfd) { return( (optind < argc)? argv[optind++] : NULL); - } else { + } else { n = read_host_from_file(inputfd, host_spec, sizeof(host_spec)); if (n == 0) return NULL; @@ -4688,7 +4688,7 @@ int set_max_open_descriptors(int desired_max) { int flag=0; #if (defined(RLIMIT_OFILE) || defined(RLIMIT_NOFILE)) - + #ifdef RLIMIT_NOFILE flag=RLIMIT_NOFILE; /* Linux */ #else @@ -4728,7 +4728,7 @@ int get_max_open_descriptors() { int flag=0; #if (defined(RLIMIT_OFILE) || defined(RLIMIT_NOFILE)) - + #ifdef RLIMIT_NOFILE flag=RLIMIT_NOFILE; /* Linux */ #else diff --git a/libnetutil/netutil.h b/libnetutil/netutil.h index 2c3a0a7b8..cc33bc62c 100644 --- a/libnetutil/netutil.h +++ b/libnetutil/netutil.h @@ -147,7 +147,7 @@ extern "C" { #include "dnet.h" #include -/* It is VERY important to never change the value of these two constants. +/* It is VERY important to never change the value of these two constants. * Specially, OP_FAILURE should never be positive, as some pieces of code take * that for granted. */ enum { OP_FAILURE = -1, OP_SUCCESS = 0 }; diff --git a/missing b/missing index e7ef83a1c..fad52344c 100755 --- a/missing +++ b/missing @@ -3,7 +3,7 @@ scriptversion=2003-09-02.23 -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003 +# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003 # Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. diff --git a/ncat/ChangeLog b/ncat/ChangeLog index 7475530b4..344fdadeb 100644 --- a/ncat/ChangeLog +++ b/ncat/ChangeLog @@ -70,17 +70,17 @@ o Added an HTTP proxy server feature, which creates a simple forking HTTP proxy o The SOCKSv4 proxy option is now specified by "--proxy-type socks4" instead of --socks4-proxy. This option also now takes the username from --proxy-auth rather than the previous user@host:port syntax. [Kris] - + o The HTTP proxy option is now specified by "--proxy-type http" instead of --http-proxy. Also, the HTTP CONNECT request now uses CRLF for the EOL instead of just LF. [Kris] - + o Removed the SOCKS proxy server support because it was broken, didn't have any support for SOCKSv5, and we now have an HTTP proxy server for a similar purpose. [Kris] - + o Fixed --proxy-auth which always caused a segmentation fault. [Kris] - + o Fixed an issue which commonly occurred when using --proxy-type socks4 and when reading from a piped or redirected stdin. The problem was that Ncat was sending the data read from stdin across the network before it was fully @@ -213,7 +213,7 @@ o Added support for ASCII logging. o Added support for hexdump logging. -o Various bits of code cleaned up. +o Various bits of code cleaned up. Ncat 0.06 diff --git a/ncat/Makefile.in b/ncat/Makefile.in index 105b29ee9..f8975f111 100644 --- a/ncat/Makefile.in +++ b/ncat/Makefile.in @@ -69,9 +69,9 @@ CPPFLAGS += $(DEFS) $(INCLS) SHTOOL = ../shtool -# DESTDIR can be used by package maintainers to install Ncat under its +# DESTDIR can be used by package maintainers to install Ncat under its # usual directory structure into a different tree. -DESTDIR = +DESTDIR = SRCS = ncat_main.c ncat_connect.c ncat_core.c ncat_posix.c ncat_listen.c ncat_proxy.c ncat_ssl.c base64.c http.c util.c sys_wrap.c OBJS = ncat_main.o ncat_connect.o ncat_core.o ncat_posix.o ncat_listen.o ncat_proxy.o ncat_ssl.o base64.o http.o util.o sys_wrap.o diff --git a/ncat/configure.ac b/ncat/configure.ac index 128b4c160..994d1f768 100644 --- a/ncat/configure.ac +++ b/ncat/configure.ac @@ -67,7 +67,7 @@ AC_SEARCH_LIBS(dlopen, dl) if test "$use_openssl" = "yes" -a -z "$specialssldir" ; then AC_CHECK_HEADER(openssl/ssl.h,, [ use_openssl="no" - AC_MSG_WARN([Failed to find openssl/ssl.h so OpenSSL will not be used. + AC_MSG_WARN([Failed to find openssl/ssl.h so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ]) if test "$use_openssl" = "yes"; then @@ -91,12 +91,12 @@ if test "$use_openssl" = "yes" -a -z "$specialssldir" ; then AC_MSG_WARN([Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ]) fi - + if test "$use_openssl" = "yes"; then AC_CHECK_LIB(ssl, SSL_new, [ use_openssl="yes"], [ use_openssl="no" - AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. + AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ], [ -lcrypto ]) fi @@ -213,7 +213,7 @@ requested_included_lua=no no_lua=no # First we test whether they specified liblua explicitly -AC_ARG_WITH(liblua, +AC_ARG_WITH(liblua, AC_HELP_STRING([--with-liblua=DIR], [Use an existing (compiled) lua lib from DIR/include and DIR/lib.]) AC_HELP_STRING([--with-liblua=included], [Use the liblua version included with Nmap]) AC_HELP_STRING([--without-liblua], [Compile without lua (this will exclude all of NSE from compilation)]), @@ -228,7 +228,7 @@ AC_HELP_STRING([--without-liblua], [Compile without lua (this will exclude all o LUA_CLEAN="clean-lua" LUA_DIST_CLEAN="distclean-lua" have_lua="yes" - + ;; no) no_lua="yes" @@ -253,7 +253,7 @@ if test "$no_lua" = "yes"; then LUA_DIST_CLEAN="" INSTALLNSE="" -else +else # If they didn't specify it, we try to find it if test $have_lua != yes; then @@ -279,7 +279,7 @@ else # if we didn't find we use our own if test $have_lua != yes; then - AC_MSG_RESULT(no) + AC_MSG_RESULT(no) CPPFLAGS="-I\$(top_srcdir)/$LIBLUADIR $CPPFLAGS" LIBLUA_LIBS="\$(top_srcdir)/$LIBLUADIR/liblua.a" LUA_DEPENDS="\$(top_srcdir)/$LIBLUADIR/liblua.a" @@ -288,7 +288,7 @@ else LUA_DIST_CLEAN="distclean-lua" AC_DEFINE(LUA_INCLUDED) else - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) fi INSTALLNSE="install-nse" diff --git a/ncat/docs/README b/ncat/docs/README index a596179e5..77000fb3a 100644 --- a/ncat/docs/README +++ b/ncat/docs/README @@ -1,9 +1,9 @@ - . . + . . \`-"'"-'/ - } 6 6 { - ==. Y ,== + } 6 6 { + ==. Y ,== /^^^\ . - / \ ) + / \ ) ( )-( )/ _ -""---""--- / / Ncat \_/ @@ -11,7 +11,7 @@ \_.=|____E -README for Ncat +README for Ncat --------------- Ncat is a reimplementation of the currently splintered and reasonably @@ -86,7 +86,7 @@ to have SOCKS support in the application. This also begs the question of, "What would happen if you decided you wanted to pass the --udp flag in to the above command somewhere?" -In this case, you would have a TCP to UDP "gender changer". +In this case, you would have a TCP to UDP "gender changer". If you have an application that only makes only TCP connections, for example, you could spawn a Ncat process to listen on a the applications TCP port and @@ -106,8 +106,8 @@ A single IP address, of the format: EG: 192.168.10.1 A CIDR-style IP address range, of the format: - - ip.ip.ip.ip/cidr + + ip.ip.ip.ip/cidr EG: 192.168.10.0/24 diff --git a/ncat/docs/THANKS b/ncat/docs/THANKS index f38f89cb3..d8d1bc04d 100644 --- a/ncat/docs/THANKS +++ b/ncat/docs/THANKS @@ -1,8 +1,8 @@ Ncat Acknowledgements ===================== -This file is a short rambling of various "thank-you"'s to all -the very generous support and advice received from various +This file is a short rambling of various "thank-you"'s to all +the very generous support and advice received from various parties. First and foremost: Thanks go out to Fyodor for all the support @@ -23,7 +23,7 @@ Thanks to all the people who've submitted bug reports, given me ideas, helped me test Ncat or just given me general encouragement over the previous years. It is most appreciated. -Finally, thanks to Hobbit for writing the original Netcat; it still +Finally, thanks to Hobbit for writing the original Netcat; it still rocks. --Chris Gibson, diff --git a/ncat/docs/examples/ipaccess b/ncat/docs/examples/ipaccess index 6768c3963..356bea161 100644 --- a/ncat/docs/examples/ipaccess +++ b/ncat/docs/examples/ipaccess @@ -7,7 +7,7 @@ # able to access your newly spawned SOCKS4 # server. # -# Obviously, these IP addresses are pretty +# Obviously, these IP addresses are pretty # useless to most people. It is an example # afterall. :) # diff --git a/ncat/docs/examples/scripts/README b/ncat/docs/examples/scripts/README index 7a2ef8915..e50372f9a 100644 --- a/ncat/docs/examples/scripts/README +++ b/ncat/docs/examples/scripts/README @@ -2,5 +2,5 @@ These are various scripts that demonstrate some potential usage for Ncat. If you find a neat usage for Ncat and possibly -write a few lines of code to automate something, +write a few lines of code to automate something, then please email them over to Chris Gibson (chris@linuxops.net) diff --git a/ncat/docs/examples/scripts/http-scan/README b/ncat/docs/examples/scripts/http-scan/README index 6d436c0e0..bb5c8bee2 100644 --- a/ncat/docs/examples/scripts/http-scan/README +++ b/ncat/docs/examples/scripts/http-scan/README @@ -2,7 +2,7 @@ HTTP-SCAN with Ncat ~~~~~~~~~~~~~~~~~~~ This is a simple exercise that uses a small amount of -scripted automation that will throw out the banner +scripted automation that will throw out the banner information of n number of hosts listed in the file "iplist". Ncat uses the "get.request" HTTP header to get the newly @@ -10,5 +10,5 @@ connected webserver to tell you about itself. Usage: ./scan-example -Variables to change: None, but you may want to change "iplist" +Variables to change: None, but you may want to change "iplist" to other more informative hosts. diff --git a/ncat/docs/ncat.xml b/ncat/docs/ncat.xml index cc87dc332..cbb090abb 100644 --- a/ncat/docs/ncat.xml +++ b/ncat/docs/ncat.xml @@ -1024,7 +1024,7 @@ Ncat is (C) 2005–2012 Insecure.Com LLC. It is distributed as free and open source software under the same license terms as our - Nmap software. Precise terms and further details are available + Nmap software. Precise terms and further details are available from . in . diff --git a/ncat/docs/ncatguide.xml b/ncat/docs/ncatguide.xml index fa8ec2cd3..5b66cd4d7 100644 --- a/ncat/docs/ncatguide.xml +++ b/ncat/docs/ncatguide.xml @@ -207,7 +207,7 @@ Content-Type: text/html; charset=UTF-8 which replaces any line endings you type with CRLF. CRLF line endings are required by many protocols, including HTTP, though many servers will accept a plain newline (LF) character. - + GET / HTTP/1.0 requests the root document of the server; we are retrieving the same document named by the URL @@ -992,7 +992,7 @@ Protocol mismatch. to make the server require authentication with a specific username and password. - + For HTTP, both the BasicBasic authentication (HTTP) and DigestDigest authentication (HTTP) diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c index 085329f77..b047a5866 100644 --- a/ncat/ncat_listen.c +++ b/ncat/ncat_listen.c @@ -337,7 +337,7 @@ static int ncat_listen_stream(int proto) /* We pass these temporary descriptor sets to fselect, since fselect modifies the sets it receives. */ fd_set readfds = master_readfds, writefds = master_writefds; - + if (o.debug > 1) logdebug("selecting, fdmax %d\n", client_fdlist.fdmax); diff --git a/nmap-os-db b/nmap-os-db index 042097b35..e33efde89 100644 --- a/nmap-os-db +++ b/nmap-os-db @@ -3004,7 +3004,7 @@ T7(R=Y%DF=N%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=FA-104%TG=FF%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=N%T=FA-104%TG=FF%CD=S) -# APC Network Management Card AOS v3.5.5 +# APC Network Management Card AOS v3.5.5 # APC aos v3.3.4, Date: 01/05/2007 # APC UPS device with a AP9619 network management card installed. The full AOS version number on this device is 3.5.5. Fingerprint APC Network Management Card (AOS 3.3.4 - 3.5.5) @@ -17832,7 +17832,7 @@ T7(R=Y%DF=N%T=FB-105%TG=FF%W=0%S=A%A=S%F=AR%RD=0) U1(DF=N%T=FB-105%TG=FF%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=S%T=FB-105%TG=FF%CD=S) -# Cisco c7200 router running in GNS3 on Windows XP +# Cisco c7200 router running in GNS3 on Windows XP Fingerprint Cisco C7200 router (IOS 15) Class Cisco | IOS | 15.X | router CPE cpe:/h:cisco:catalyst_7200 @@ -23483,7 +23483,7 @@ T7(R=N) U1(DF=N%T=7B-85%TG=80%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(R=N) -# EMC Celerra SAN +# EMC Celerra SAN Fingerprint EMC Celerra NAS device Class EMC | embedded || storage-misc SEQ(SP=C-16%GCD=FA00|1F400|2EE00|3E800|4E200%ISR=97-A1%TI=RI%TS=1|3) @@ -29969,7 +29969,7 @@ T7(R=Y%DF=Y%T=3B-45%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=3B-45%TG=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=N%T=3B-45%TG=40%CD=S) -# HTC ONE, HTC Sense-version 5.0, Android 4.2.2, Kernel-version 3.4.10-g445d072 +# HTC ONE, HTC Sense-version 5.0, Android 4.2.2, Kernel-version 3.4.10-g445d072 Fingerprint Android 4.2.2 (Linux 3.4) Class Google | Android | 4.2.X | phone CPE cpe:/o:google:android:4.2.2 @@ -43060,7 +43060,7 @@ T7(R=Y%DF=N%T=FA-104%TG=FF%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) U1(DF=N%T=FA-104%TG=FF%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=N%T=FA-104%TG=FF%CD=S) -# Red Hat Linux 6.2 (Zoot) running 2.2.14-5 kernel +# Red Hat Linux 6.2 (Zoot) running 2.2.14-5 kernel Fingerprint Linux 2.2.14 (Red Hat 6.2) Class Linux | Linux | 2.2.X | general purpose CPE cpe:/o:linux:linux_kernel:2.2.14 @@ -44208,7 +44208,7 @@ IE(DFI=N%T=3B-45%TG=40%CD=S) # NetGear WG302 v1 Wireless Access Point # DWL-G700AP, Firmware Version: v2.12 # Terayon BW3500 CMTS equipment -# Red Hat Linux 7.2 (Enigma), running 2.4.7-10 kernel +# Red Hat Linux 7.2 (Enigma), running 2.4.7-10 kernel Fingerprint Linux 2.4.7 Class Linux | Linux | 2.4.X | general purpose CPE cpe:/o:linux:linux_kernel:2.4.7 @@ -75909,7 +75909,7 @@ IE(DFI=S%T=7B-85%TG=80%CD=Z) # Windows 5.1 (Build 2600.xpsp_sp3_gdr.090804-1435 : Service Pack 3) # AT&T Uverse home DVR -# AT&T U-Verse Motorola set top boxes +# AT&T U-Verse Motorola set top boxes # Media Receiver 300, Vendor: T-Home (Germany), CE 5.0 # XP64 with all available Windows updates Fingerprint AT&T U-Verse set-top box (Windows CE 5.0) @@ -83598,7 +83598,7 @@ T7(R=N) U1(DF=N%T=FA-104%TG=FF%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=N%T=FA-104%TG=FF%CD=S) -# +# Fingerprint NetApp FAS2040 NAS device (Data ONTAP) Class NetApp | Data ONTAP | 7.X | storage-misc CPE cpe:/o:netapp:data_ontap:7 auto @@ -89943,7 +89943,7 @@ IE(DFI=N%T=3B-45%TG=40%CD=S) # QNAP TS-859 running QTS 4.0.3 # QNAP TS-439 running QTS 4.0.7, TS-439 is an oldish NAS appliance. -# QTS 4.2.0 +# QTS 4.2.0 Fingerprint QNAP QTS 4.0 - 4.2 Class QNAP | QTS | 4.X | storage-misc CPE cpe:/o:qnap:qts:4 auto @@ -91946,7 +91946,7 @@ T7(R=Y%DF=N%T=FA-104%TG=FF%W=0%S=Z%A=S+%F=R%RD=0) U1(DF=N%T=3B-45%TG=40%IPL=138%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=S%T=3B-45%TG=40%CD=Z) -# Samsung i8910 HD phone, running Symbian 9.4, S60 5th Edition. +# Samsung i8910 HD phone, running Symbian 9.4, S60 5th Edition. Fingerprint Samsung i8910 mobile phone (Symbian OS 9.4) Class Samsung | Symbian OS | 9.X | phone CPE cpe:/o:samsung:symbian_os:9.4 auto diff --git a/nmap-payloads b/nmap-payloads index a535e51a1..706bb6f47 100644 --- a/nmap-payloads +++ b/nmap-payloads @@ -71,7 +71,7 @@ udp 161 udp 177 "\x00\x01\x00\x02\x00\x01\x00" # Connectionless LDAP - used by Microsoft Active Directory -udp 389 +udp 389 "\x30\x84\x00\x00\x00\x2d\x02\x01\x07\x63\x84\x00\x00\x00\x24\x04\x00" "\x0a\x01\x00\x0a\x01\x00\x02\x01\x00\x02\x01\x64\x01\x01\x00\x87\x0b" "\x6f\x62\x6a\x65\x63\x74\x43\x6c\x61\x73\x73\x30\x84\x00\x00\x00\x00" diff --git a/nmap-rpc b/nmap-rpc index 405d64e66..91aa10c52 100644 --- a/nmap-rpc +++ b/nmap-rpc @@ -96,16 +96,16 @@ # # # Program numbers are assigned in groups of 0x20000000 (decimal 536870912) -# according to the following chart: +# according to the following chart: # # 0x0 - 0x1fffffff Defined by IANA -# 0x20000000 - 0x3fffffff Defined by user -# 0x40000000 - 0x5fffffff Transient -# 0x60000000 - 0x7fffffff Reserved -# 0x80000000 - 0x9fffffff Reserved -# 0xa0000000 - 0xbfffffff Reserved -# 0xc0000000 - 0xdfffffff Reserved -# 0xe0000000 - 0xffffffff Reserved +# 0x20000000 - 0x3fffffff Defined by user +# 0x40000000 - 0x5fffffff Transient +# 0x60000000 - 0x7fffffff Reserved +# 0x80000000 - 0x9fffffff Reserved +# 0xa0000000 - 0xbfffffff Reserved +# 0xc0000000 - 0xdfffffff Reserved +# 0xe0000000 - 0xffffffff Reserved # # To obtain SUN Remote Procedure Call (RPC) numbers send an e-mail # request to "rpc@sun.com". @@ -683,7 +683,7 @@ bl_hwda 300296 filemon 300300 # # AcuServer provides remote file access services to ACUCOBOL-85 and -# ACUCOBOL-GT applications. +# ACUCOBOL-GT applications. # acuserve 300301 acunetprog # @@ -1562,7 +1562,7 @@ ife-dbmgr 395172 ife-testmgr 395173 atrium_server 395174 # -# Compaq TruCluster - Available Server Environment +# Compaq TruCluster - Available Server Environment # asedirector 395175 asedirector ase_director # ASE Director Daemon aseagent 395176 aseagent ase_agent # ASE Agent Daemon diff --git a/nmap.cc b/nmap.cc index e0031cd96..2e584c1ad 100644 --- a/nmap.cc +++ b/nmap.cc @@ -2737,7 +2737,7 @@ static void display_nmap_version() { #else without.push_back("libz"); #endif - + #ifdef PCRE_INCLUDED with.push_back(std::string("nmap-libpcre-") + get_word_or_quote(pcre_version(), 0)); #else diff --git a/nmap.spec.in b/nmap.spec.in index ec096e712..43fd38581 100644 --- a/nmap.spec.in +++ b/nmap.spec.in @@ -85,7 +85,7 @@ gzip $RPM_BUILD_ROOT%{_mandir}/man1/* || : %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT -%files +%files %defattr(-,root,root) %doc COPYING %doc docs/README @@ -96,7 +96,7 @@ gzip $RPM_BUILD_ROOT%{_mandir}/man1/* || : %{_datadir}/nmap %{_bindir}/ndiff -# Ndiff is now a module and has e.g. /usr/lib/python2.4/site-packages/ndiff.py, /usr/lib/python2.4/site-packages/ndiff.pyc +# Ndiff is now a module and has e.g. /usr/lib/python2.4/site-packages/ndiff.py, /usr/lib/python2.4/site-packages/ndiff.pyc %{python_sitelib}/ndiff* %doc %{_prefix}/share/man/man1/ndiff.1.gz diff --git a/nselib/data/favicon-db b/nselib/data/favicon-db index a2995e60a..6083db0e6 100644 --- a/nselib/data/favicon-db +++ b/nselib/data/favicon-db @@ -85,7 +85,7 @@ FA339F101F0C0D65EE46CB96A06C8F45: Sidearm athletics CMS # 68B329DA9893E34099C7D8AD5CB9C940: newline AF999538CD3D4D0370F3EA92E0A6070F: H-Sphere Control Panel 10BD6AD7B318DF92D9E9BD03104D9B80: Plone CMS -A34DEA4BD04BDB816BEA176619C29063: Parallels Confixx Control Panel +A34DEA4BD04BDB816BEA176619C29063: Parallels Confixx Control Panel EC49973C1991BF39FCDB53260467F39F: Parallels Control Panel 292B586171617B56E77EE694485B1052: hover domain forwarding 4644F2D45601037B8423D45E13194C93: Apache Tomcat @@ -106,6 +106,6 @@ A8FE5B8AE2C445A33AC41B33CCC9A120: Arris Touchstone Device 70625A6E60529A85CC51AD7DA2D5580D: sslstrip B4EF6B5F343C8DF8FEA454C04B2FD614: Sourcefire http admin -# Cakephp's favicon.ico +# Cakephp's favicon.ico C0533AE5D0ED638BA3FB3485D8250A28: CakePHP 1.1.x application 66B3119D379AEE26BA668FEF49188DD3: CakePHP 1.2.x-1.3.x Application diff --git a/nselib/data/jdwp-class/JDWPExecCmd.java b/nselib/data/jdwp-class/JDWPExecCmd.java index a6d18fd09..0b9af5d97 100644 --- a/nselib/data/jdwp-class/JDWPExecCmd.java +++ b/nselib/data/jdwp-class/JDWPExecCmd.java @@ -1,27 +1,27 @@ import java.io.*; -/* This is the JDWPExecCmd source used for jdwp-exec script to execute - * a command on the remote system. +/* This is the JDWPExecCmd source used for jdwp-exec script to execute + * a command on the remote system. * * It just executes the shell command passed as string argument to * run() function and returns its output. - * + * * Compile simply with: * javac JDWPExecCmd.java (should be in the nselib/data/ directory). * - * author = "Aleksandar Nikolic" + * author = "Aleksandar Nikolic" * license = "Same as Nmap--See https://nmap.org/book/man-legal.html" */ public class JDWPExecCmd { public static String run(String cmd) { - String result = cmd + " output:\n"; + String result = cmd + " output:\n"; try{ - Process p = Runtime.getRuntime().exec(cmd); - BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream())); - String line = null; - while ((line = in.readLine()) != null) { - result += line.trim()+"\n"; + Process p = Runtime.getRuntime().exec(cmd); + BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream())); + String line = null; + while ((line = in.readLine()) != null) { + result += line.trim()+"\n"; } result += "\n"; }catch(Exception ex){ diff --git a/nselib/data/jdwp-class/JDWPSystemInfo.java b/nselib/data/jdwp-class/JDWPSystemInfo.java index 8e7e6d8a3..1ad49516a 100644 --- a/nselib/data/jdwp-class/JDWPSystemInfo.java +++ b/nselib/data/jdwp-class/JDWPSystemInfo.java @@ -1,18 +1,18 @@ import java.io.*; import java.util.Date; -/* This is the JDWPSystemInfo source used for jdwp-info script to get remote +/* This is the JDWPSystemInfo source used for jdwp-info script to get remote * system information. * * Compile simply with: * javac JDWPSystemInfo.java (should be in the nselib/data/jdwp-class directory). * - * author = "Aleksandar Nikolic" + * author = "Aleksandar Nikolic" * license = "Same as Nmap--See https://nmap.org/book/man-legal.html" */ public class JDWPSystemInfo { public static String run() { - String result = ""; + String result = ""; result += "Available processors: " + Runtime.getRuntime().availableProcessors() + "\n"; result += "Free memory: " + Runtime.getRuntime().freeMemory() + "\n"; File[] roots = File.listRoots(); @@ -24,18 +24,18 @@ public class JDWPSystemInfo { result += "Name of the OS: " + System.getProperty("os.name") + "\n"; result += "OS Version : " + System.getProperty("os.version") + "\n"; result += "OS patch level : " + System.getProperty("sun.os.patch.level") + "\n"; - result += "OS Architecture: " + System.getProperty("os.arch") + "\n"; - result += "Java version: " + System.getProperty("java.version") + "\n"; - result += "Username: " + System.getProperty("user.name") + "\n"; - result += "User home: " + System.getProperty("user.home") + "\n"; + result += "OS Architecture: " + System.getProperty("os.arch") + "\n"; + result += "Java version: " + System.getProperty("java.version") + "\n"; + result += "Username: " + System.getProperty("user.name") + "\n"; + result += "User home: " + System.getProperty("user.home") + "\n"; Date dateNow = new Date(); - result += "System time: " + dateNow + "\n"; - + result += "System time: " + dateNow + "\n"; + return result; } - + public static void main(String[] args){ System.out.println(run()); } - + } diff --git a/nselib/data/jdwp-class/README.txt b/nselib/data/jdwp-class/README.txt index 5d2f4f59d..3113a2af4 100644 --- a/nselib/data/jdwp-class/README.txt +++ b/nselib/data/jdwp-class/README.txt @@ -1,12 +1,12 @@ This directory contains sources and compiled classes used by jdwp-* scripts. -All classes must have run() method defined which is -expected to return a string. +All classes must have run() method defined which is +expected to return a string. Method run() can have arguments, but then the scripts would need to be modified to add those arguments when class is injected. As JDWPExecCmd has a run() method -which accepts a string as its argument, see +which accepts a string as its argument, see jdwp-exec script for details of passing the arguments to a method via JDWP. Arguments need to be tagged with their respective type. @@ -17,10 +17,10 @@ Example from jdwp-exec: status,cmdID = jdwp.createString(socket,0,cmd) local runArgs = bin.pack(">CL",0x4c,cmdID) -- 0x4c is object type tag -- invoke run method - local result - status, result = jdwp.invokeObjectMethod(socket,0,injectedClass.instance,injectedClass.thread,injectedClass.id,runMethodID,1,runArgs) - + local result + status, result = jdwp.invokeObjectMethod(socket,0,injectedClass.instance,injectedClass.thread,injectedClass.id,runMethodID,1,runArgs) + To compile these sources: -# javac *.java +# javac *.java diff --git a/nselib/data/psexec/README b/nselib/data/psexec/README index 460e27a10..227cb84cb 100644 --- a/nselib/data/psexec/README +++ b/nselib/data/psexec/README @@ -1,22 +1,22 @@ -The files in this directory are the data files required for smb-psexec.nse. +The files in this directory are the data files required for smb-psexec.nse. -The .lua files are configurations. Each of these defines a profile for a -psexec execution. +The .lua files are configurations. Each of these defines a profile for a +psexec execution. -nmap_service.exe is a program that facilitates the operation of smb-psexec.nse. +nmap_service.exe is a program that facilitates the operation of smb-psexec.nse. It is uploaded to the remote host and runs the programs it's directed to run, -redirecting their output to a file. This file is then downloaded by the -script and displayed to the user. +redirecting their output to a file. This file is then downloaded by the +script and displayed to the user. When Nmap released version 5.20, it was discovered that some over-zealous antivirus software tagged this program as spyware[1]. For that reason, when stored on the host machine, it is now encoded by xoring every byte of the -file with 0xFF. When uploaded to a target machine, it is decoded in-stream. +file with 0xFF. When uploaded to a target machine, it is decoded in-stream. This prevents programs on the host machine from tagging it as malicious, but -does not prevent the target from detecting it (which is arguably a good thing). +does not prevent the target from detecting it (which is arguably a good thing). The encoder.c program reads a program from stdin, encodes it by xoring with -0xFF, and writes it to stdout. +0xFF, and writes it to stdout. [1] http://seclists.org/nmap-dev/2010/q1/198 diff --git a/nselib/data/psexec/nmap_service.c b/nselib/data/psexec/nmap_service.c index 89c1424d2..a6a563b28 100644 --- a/nselib/data/psexec/nmap_service.c +++ b/nselib/data/psexec/nmap_service.c @@ -1,28 +1,28 @@ /**This is the program that's uploaded to a Windows machine when psexec is run. It acts as a Windows * service, since that's what Windows expects. When it is started, it's passed a list of programs to - * run. These programs are all expected to be at the indicated path (whether they were uploaded or - * they were always present makes no difference). - * + * run. These programs are all expected to be at the indicated path (whether they were uploaded or + * they were always present makes no difference). + * * After running the programs, the output from each of them is ciphered with a simple xor encryption - * (the encryption key is passed as a parameter; because it crosses the wire, it isn't really a + * (the encryption key is passed as a parameter; because it crosses the wire, it isn't really a * security feature, more of validation/obfuscation to prevent sniffers from grabbing the output. This - * output is placed in a temp file. When the cipher is complete, the output is moved into a new file. + * output is placed in a temp file. When the cipher is complete, the output is moved into a new file. * When Nmap detects the presence of this new file, it is downloaded, then all files, temp files, and - * the service (this program) is deleted. + * the service (this program) is deleted. * * One interesting note is that executable files don't require a specific extension to be used by this - * program. By default, at the time of this writing, Nmap appends a .txt extension to the file. + * program. By default, at the time of this writing, Nmap appends a .txt extension to the file. * - * @args argv[1] The final filename where the ciphered output will go. + * @args argv[1] The final filename where the ciphered output will go. * @args argv[2] The temporary file where output is sent before being renamed; this is sent as a parameter - * so we can delete it later (if, say, the script fails). + * so we can delete it later (if, say, the script fails). * @args argv[3] The number of programs that are going to be run. - * @args argv[4] Logging: a boolean value (1 to enable logging, 0 to disable). + * @args argv[4] Logging: a boolean value (1 to enable logging, 0 to disable). * @args argv[5] An 'encryption' key for simple 'xor' encryption. This string can be as long or as short - * as you want, but a longer string will be more secure (although this algorithm should + * as you want, but a longer string will be more secure (although this algorithm should * *never* really be considered secure). - * @args Remaining There are two arguments for each program to run: a path (including arguments) and - * environmental variables. + * @args Remaining There are two arguments for each program to run: a path (including arguments) and + * environmental variables. * * @auther Ron Bowes * @copyright Ron Bowes @@ -49,7 +49,7 @@ static void log_message(char *format, ...) enabled = 0; DeleteFile("c:\\nmap-log.txt"); } - + if(enabled) { @@ -58,7 +58,7 @@ static void log_message(char *format, ...) fopen_s(&file, "c:\\nmap-log.txt", "a"); - if(file != NULL) + if(file != NULL) { va_start(argp, format); vfprintf(file, format, argp); @@ -198,7 +198,7 @@ static void go(int num, char *lpAppPath, char *env, int headless, int include_st { char buf[1024]; int count; - + count = fread(buf, 1, 1024, read); while(count) { @@ -220,28 +220,28 @@ static void go(int num, char *lpAppPath, char *env, int headless, int include_st } // Control handler function -static void ControlHandler(DWORD request) -{ - switch(request) - { - case SERVICE_CONTROL_STOP: +static void ControlHandler(DWORD request) +{ + switch(request) + { + case SERVICE_CONTROL_STOP: - ServiceStatus.dwWin32ExitCode = 0; - ServiceStatus.dwCurrentState = SERVICE_STOPPED; + ServiceStatus.dwWin32ExitCode = 0; + ServiceStatus.dwCurrentState = SERVICE_STOPPED; SetServiceStatus (hStatus, &ServiceStatus); - return; - - case SERVICE_CONTROL_SHUTDOWN: + return; - ServiceStatus.dwWin32ExitCode = 0; - ServiceStatus.dwCurrentState = SERVICE_STOPPED; + case SERVICE_CONTROL_SHUTDOWN: + + ServiceStatus.dwWin32ExitCode = 0; + ServiceStatus.dwCurrentState = SERVICE_STOPPED; SetServiceStatus (hStatus, &ServiceStatus); - return; - + return; + default: break; - } - + } + SetServiceStatus(hStatus, &ServiceStatus); } @@ -255,7 +255,7 @@ static void die(int err) SetServiceStatus(hStatus, &ServiceStatus); } -static void ServiceMain(int argc, char** argv) +static void ServiceMain(int argc, char** argv) { char *outfile_name; char *tempfile_name; @@ -267,7 +267,7 @@ static void ServiceMain(int argc, char** argv) /* Make sure we got the minimum number of arguments. */ if(argc < 6) - return; + return; /* Read the arguments. */ outfile_name = argv[1]; @@ -293,22 +293,22 @@ static void ServiceMain(int argc, char** argv) log_message("Argument %d: %s", i, argv[i]); /* Set up the service. Likely unnecessary for what we're doing, but it doesn't hurt. */ - ServiceStatus.dwServiceType = SERVICE_WIN32; - ServiceStatus.dwCurrentState = SERVICE_RUNNING; + ServiceStatus.dwServiceType = SERVICE_WIN32; + ServiceStatus.dwCurrentState = SERVICE_RUNNING; ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; - ServiceStatus.dwWin32ExitCode = 0; - ServiceStatus.dwServiceSpecificExitCode = 0; - ServiceStatus.dwCheckPoint = 0; - ServiceStatus.dwWaitHint = 0; - hStatus = RegisterServiceCtrlHandler("", (LPHANDLER_FUNCTION)ControlHandler); + ServiceStatus.dwWin32ExitCode = 0; + ServiceStatus.dwServiceSpecificExitCode = 0; + ServiceStatus.dwCheckPoint = 0; + ServiceStatus.dwWaitHint = 0; + hStatus = RegisterServiceCtrlHandler("", (LPHANDLER_FUNCTION)ControlHandler); SetServiceStatus(hStatus, &ServiceStatus); /* Registering Control Handler failed (this is a bit late, but eh?) */ - if(hStatus == (SERVICE_STATUS_HANDLE)0) + if(hStatus == (SERVICE_STATUS_HANDLE)0) { log_message("Service failed to start"); die(-1); - return; + return; } /* Set the current directory. */ diff --git a/nselib/http.lua b/nselib/http.lua index b9f4348f9..4a3f49545 100644 --- a/nselib/http.lua +++ b/nselib/http.lua @@ -2746,7 +2746,7 @@ function save_path(host, port, path, status, links_to, linked_from, contenttype) -- contains both query and fragment parsed['raw_querystring'] = parsed['query'] - + if parsed['fragment'] then parsed['raw_querystring'] = ( parsed['raw_querystring'] or "" ) .. '#' .. parsed['fragment'] end diff --git a/nselib/libssh2.luadoc b/nselib/libssh2.luadoc index dbbad360f..0dbf9ed5b 100644 --- a/nselib/libssh2.luadoc +++ b/nselib/libssh2.luadoc @@ -30,7 +30,7 @@ function hostkey_hash(session, hashtype) --- Sets timeout of libssh2 session -- @param session Connected libssh2 session. --- @param timeout Timeout for session in milliseconds. +-- @param timeout Timeout for session in milliseconds. function set_timeout(session, timeout) --- Returns list of authentication methods supported by the server @@ -41,7 +41,7 @@ function userauth_list(session) --- Attempts to authenicate libssh2 session using provided credentials -- @param username Username to authenicate as. -- @param password Password to authenicate with. --- @return true/false, depending on success +-- @return true/false, depending on success function userauth_password(session, username, password) --- Attempts to authenticate libssh2 session using provided publickey @@ -49,7 +49,7 @@ function userauth_password(session, username, password) -- @param username Username to authenicate as -- @param privatekeyfile File containing privatekey -- @param passphrase Passphrase for privatekey --- @param publickeyfile File containing publickey. Not necessary if libssh2 is +-- @param publickeyfile File containing publickey. Not necessary if libssh2 is -- compiled against OpenSSL -- @return true/false, depending on success function userauth_publickey(session, username, privatekeyfile, passphrase publickeyfile) @@ -67,7 +67,7 @@ function read_publickey(publickeyfile) -- @return true/false, depending on whether user can authenticate with given key function publickey_canauth(session, username, publickeydata) ---- Opens channel on authenticated ssh2 session and sets it to pseudo +--- Opens channel on authenticated ssh2 session and sets it to pseudo -- terminal mode. -- @param session Authenticated libssh2 session -- @return libssh2 channel @@ -76,7 +76,7 @@ function open_channel(session) --- Reads data from stdin on libssh2 channel. -- @param session Authenticated libssh2 session -- @param channel Open libssh2 channel --- @return string containing data read from channel +-- @return string containing data read from channel function channel_read(session, channel) --- Reads data from stderr on libssh2 channel. @@ -89,7 +89,7 @@ function channel_read_stderr(session, channel) -- @param session Authenticated libssh2 session -- @param channel Open libssh2 channel -- @param buffer String containing data to be written --- @return Number of bytes written to channel +-- @return Number of bytes written to channel function channel_write(session, channel, buffer) --- Executes command on libssh2 channel and returns output diff --git a/nselib/msrpc.lua b/nselib/msrpc.lua index 306aba497..3b7697f31 100644 --- a/nselib/msrpc.lua +++ b/nselib/msrpc.lua @@ -4710,7 +4710,7 @@ function get_share_info(host, name) end -- Call NetShareGetInfo - + local status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 2) stdnse.debug2("NetShareGetInfo status:%s result:%s", status, netsharegetinfo_result) if(status == false) then diff --git a/nselib/smb.lua b/nselib/smb.lua index c87154fdd..80b00b880 100644 --- a/nselib/smb.lua +++ b/nselib/smb.lua @@ -945,7 +945,7 @@ end --- -- Negotiates SMBv1 connections --- +-- -- Sends the following: -- * List of known protocols -- @@ -1121,7 +1121,7 @@ function negotiate_protocol(smb, overrides) status, dialect = negotiate_v1(smb, overrides) if status then return true - else + else stdnse.debug1("Couldn't negotiate a SMBv1 connection:%s", dialect) return false, string.format("Could not negotiate a connection:%s", dialect) end @@ -1137,7 +1137,7 @@ end function list_dialects(host, overrides) local smb2_dialects = {0x0202, 0x0210, 0x0300, 0x0302, 0x0311} local supported_dialects = {} - local status, smb1_dialects + local status, smb1_dialects local smbstate -- Check for SMBv1 first @@ -1146,7 +1146,7 @@ function list_dialects(host, overrides) if(status == false) then return false, smbstate end - + status, smb1_dialects = negotiate_v1(smbstate, overrides) if status then --Add SMBv1 as a dialect table.insert(supported_dialects, smb1_dialects) @@ -1172,7 +1172,7 @@ function list_dialects(host, overrides) --clean smb connection stop(smbstate) status = false - end + end return true, supported_dialects end diff --git a/nsock/examples/Makefile b/nsock/examples/Makefile index 457729c1c..de40593dd 100644 --- a/nsock/examples/Makefile +++ b/nsock/examples/Makefile @@ -1,6 +1,6 @@ CC = gcc CCOPT = -DEFS = +DEFS = NBASEDIR=../../nbase NSOCKLIB=../src/libnsock.a NBASELIB=$(NBASEDIR)/libnbase.a diff --git a/nsock/src/Makefile.in b/nsock/src/Makefile.in index cf0b8617b..569d99901 100644 --- a/nsock/src/Makefile.in +++ b/nsock/src/Makefile.in @@ -10,7 +10,7 @@ datarootdir = @datarootdir@ CC = @CC@ AR = ar RANLIB = @RANLIB@ -CCOPT = +CCOPT = DEFS = @DEFS@ -DNSOCK_VERSION=\"$(NSOCK_VERSION)\" # With GCC, add extra security checks to source code. DEFS += -D_FORTIFY_SOURCE=2 @@ -18,9 +18,9 @@ INCLS = -I../include CFLAGS = @CFLAGS@ $(CCOPT) # CFLAGS = -g -Wall $(DEFS) $(INCLS) CPPFLAGS = @CPPFLAGS@ $(DEFS) $(INCLS) -STATIC = +STATIC = SHTOOL = ./shtool -INSTALL = $(SHTOOL) install +INSTALL = $(SHTOOL) install MAKEDEPEND = @MAKEDEPEND@ RPMTDIR=$(HOME)/rpmdir NBASEDIR=@NBASEDIR@ @@ -47,7 +47,7 @@ DEPS = error.h filespace.h gh_list.h nsock_internal.h netutils.h nsock_pcap.h \ .c.o: $(CC) -c $(CPPFLAGS) $(CFLAGS) $< -o $@ -all: $(TARGET) +all: $(TARGET) $(TARGET): $(DEPS) $(OBJS) rm -f $@ @@ -72,7 +72,7 @@ depend: check: cd $(NSOCKTESTDIR) && $(MAKE) && ./run_tests.sh -${srcdir}/configure: configure.ac +${srcdir}/configure: configure.ac cd ${srcdir} && autoconf # autoheader might not change config.h.in, so touch a stamp file. diff --git a/nsock/src/configure.ac b/nsock/src/configure.ac index a170d00d7..3d279fca1 100644 --- a/nsock/src/configure.ac +++ b/nsock/src/configure.ac @@ -48,7 +48,7 @@ case "$host" in # Solaris 11 and later use BPF packet capture rather than DLPI. AC_DEFINE(SOLARIS_BPF_PCAP_CAPTURE) ;; - *-solaris2.0*) + *-solaris2.0*) AC_DEFINE(SOLARIS) ;; *-solaris2.[[1-9]][[0-9]]*) diff --git a/nsock/src/engine_iocp.c b/nsock/src/engine_iocp.c index f4d04cf3d..60c982fde 100644 --- a/nsock/src/engine_iocp.c +++ b/nsock/src/engine_iocp.c @@ -344,7 +344,7 @@ int iocp_loop(struct npool *nsp, int msec_timeout) { nsock_log_error("nsock_loop error %d: %s", sock_err, socket_strerror(sock_err)); nsp->errnum = sock_err; return -1; - } + } } iterate_through_event_lists(nsp); @@ -379,7 +379,7 @@ void iterate_through_event_lists(struct npool *nsp) { if (!HasOverlappedIoCompleted((OVERLAPPED *)iinfo->eov)) continue; - + struct niod *nsi = iinfo->eov->nse->iod; struct nevent *nse = iinfo->eov->nse; gh_list_t *evlist = NULL; diff --git a/nsock/src/nsock_internal.h b/nsock/src/nsock_internal.h index 4152d8f5d..db89f94f5 100644 --- a/nsock/src/nsock_internal.h +++ b/nsock/src/nsock_internal.h @@ -361,7 +361,7 @@ struct nevent { * that other crap */ unsigned int event_done: 1; unsigned int eof: 1; - + #if HAVE_IOCP struct extended_overlapped *eov; #endif diff --git a/nsock/src/nsock_iod.c b/nsock/src/nsock_iod.c index 8a613e023..e79f1d42a 100644 --- a/nsock/src/nsock_iod.c +++ b/nsock/src/nsock_iod.c @@ -68,7 +68,7 @@ #endif #include - + /* nsock_iod is like a "file descriptor" for the nsock library. You use it to * request events. And here is how you create an nsock_iod. nsock_iod_new returns diff --git a/nsock/src/nsock_proxy.h b/nsock/src/nsock_proxy.h index 9393ce995..09516c29f 100644 --- a/nsock/src/nsock_proxy.h +++ b/nsock/src/nsock_proxy.h @@ -124,7 +124,7 @@ struct proxy_chain_context { /* Nodes iterator in px_chain->nodes */ struct proxy_node *px_current; - + /* Current node connection state. */ enum nsock_proxy_state px_state; diff --git a/nsock/src/nsock_timers.c b/nsock/src/nsock_timers.c index cc3ba6188..9ae2210aa 100644 --- a/nsock/src/nsock_timers.c +++ b/nsock/src/nsock_timers.c @@ -74,7 +74,7 @@ nsock_event_id nsock_timer_create(nsock_pool ms_pool, nsock_ev_handler handler, nse->id); nsock_pool_add_event(nsp, nse); - + return nse->id; } diff --git a/output.cc b/output.cc index 70303f3c0..ee470956e 100644 --- a/output.cc +++ b/output.cc @@ -718,7 +718,7 @@ void printportoutput(Target *currenths, PortList *plist) { first = 0; if (o.reason) { if (current->reason.ttl) - Tbl->addItemFormatted(rowno, reasoncol, false, "%s ttl %d", + Tbl->addItemFormatted(rowno, reasoncol, false, "%s ttl %d", port_reason_str(current->reason), current->reason.ttl); else Tbl->addItem(rowno, reasoncol, true, port_reason_str(current->reason)); @@ -783,7 +783,7 @@ void printportoutput(Target *currenths, PortList *plist) { Tbl->addItem(rowno, servicecol, true, serviceinfo); if (o.reason) { if (current->reason.ttl) - Tbl->addItemFormatted(rowno, reasoncol, false, "%s ttl %d", + Tbl->addItemFormatted(rowno, reasoncol, false, "%s ttl %d", port_reason_str(current->reason), current->reason.ttl); else Tbl->addItem(rowno, reasoncol, true, port_reason_str(current->reason)); diff --git a/scan_engine.cc b/scan_engine.cc index 64f31bf71..15b9a249f 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -782,7 +782,7 @@ UltraScanInfo::~UltraScanInfo() { for (hostI = completedHosts.begin(); hostI != completedHosts.end(); hostI++) { delete *hostI; } - + incompleteHosts.clear(); completedHosts.clear(); diff --git a/scripts/http-security-headers.nse b/scripts/http-security-headers.nse index 27623f90f..17329ffc9 100644 --- a/scripts/http-security-headers.nse +++ b/scripts/http-security-headers.nse @@ -7,7 +7,7 @@ local string = require "string" description = [[ Checks for the HTTP response headers related to security given in OWASP Secure Headers Project and gives a brief description of the header and its configuration value. - + The script requests the server for the header with http.head and parses it to list headers founds with their configurations. The script checks for HSTS(HTTP Strict Transport Security), HPKP(HTTP Public Key Pins), X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy, @@ -24,31 +24,31 @@ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers -- -- @output -- 80/tcp open http syn-ack --- | http-security-headers: --- | Strict_Transport_Security: +-- | http-security-headers: +-- | Strict_Transport_Security: -- | Header: Strict-Transport-Security: max-age=15552000; preload --- | Public_Key_Pins_Report_Only: +-- | Public_Key_Pins_Report_Only: -- | Header: Public-Key-Pins-Report-Only: max-age=500; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/" --- | X_Frame_Options: +-- | X_Frame_Options: -- | Header: X-Frame-Options: DENY -- | Description: The browser must not display this content in any frame. --- | X_XSS_Protection: +-- | X_XSS_Protection: -- | Header: X-XSS-Protection: 0 -- | Description: The XSS filter is disabled. --- | X_Content_Type_Options: +-- | X_Content_Type_Options: -- | Header: X-Content-Type-Options: nosniff --- | Will prevent the browser from MIME-sniffing a response away from the declared content-type. +-- | Will prevent the browser from MIME-sniffing a response away from the declared content-type. -- | Content-Security-Policy: -- | Header: Content-Security-Policy: script-src 'self' -- | Description: Loading policy for all resources type in case of a resource type dedicated directive is not defined (fallback). -- | X-Permitted-Cross-Domain-Policies: --- | Header: X-Permitted-Cross-Domain-Policies: none --- | Description : No policy files are allowed anywhere on the target server, including this master policy file. --- | Cache_Control: +-- | Header: X-Permitted-Cross-Domain-Policies: none +-- | Description : No policy files are allowed anywhere on the target server, including this master policy file. +-- | Cache_Control: -- | Header: Cache-Control: private, no-cache, no-store, must-revalidate --- | Pragma: +-- | Pragma: -- | Header: Pragma: no-cache --- | Expires: +-- | Expires: -- |_ Header: Expires: Sat, 01 Jan 2000 00:00:00 GMT -- -- @@ -104,14 +104,14 @@ action = function(host, port) local path = stdnse.get_script_args(SCRIPT_NAME .. ".path") or "/" local response local output_info = {} - local hsts_header - local hpkp_header - local xframe_header - local x_xss_header - local x_content_type_header + local hsts_header + local hpkp_header + local xframe_header + local x_xss_header + local x_content_type_header local csp_header - local x_cross_domain_header - local cookie + local x_cross_domain_header + local cookie local req_opt = {redirect_ok=function(host,port) local c = 2 return function(uri) @@ -153,7 +153,7 @@ action = function(host, port) xframe_header = string.lower(response.header['x-frame-options']) if string.match(xframe_header,'deny') then table.insert(output_info.X_Frame_Options, "Description: The browser must not display this content in any frame.") - elseif string.match(xframe_header,'sameorigin') then + elseif string.match(xframe_header,'sameorigin') then table.insert(output_info.X_Frame_Options, "Description: The browser must not display this content in any frame from a page of different origin than the content itself.") elseif string.match(xframe_header,'allow.from') then table.insert(output_info.X_Frame_Options, "Description: The browser must not display this content in a frame from any page with a top-level browsing context of different origin than the specified origin.") @@ -168,7 +168,7 @@ action = function(host, port) x_xss_header = string.lower(response.header['x-xss-protection']) if string.match(x_xss_header,'block') then table.insert(output_info.X_XSS_Protection, "Description: The browser will prevent the rendering of the page when XSS is detected.") - elseif string.match(x_xss_header,'report') then + elseif string.match(x_xss_header,'report') then table.insert(output_info.X_XSS_Protection, "Description: The browser will sanitize the page and report the violation if XSS is detected.") elseif string.match(x_xss_header,'0') then table.insert(output_info.X_XSS_Protection, "Description: The XSS filter is disabled.") @@ -261,13 +261,13 @@ action = function(host, port) if string.match(csp_header,'report.to') then table.insert(output_info.Content_Security_Policy, "Description: Specifies a group (defined in Report-To header) to which the user agent sends reports about policy violation. ") end - + end if response.header['x-permitted-cross-domain-policies'] then output_info.X_Permitted_Cross_Domain_Policies = {} table.insert(output_info.X_Permitted_Cross_Domain_Policies, "Header: X-Permitted-Cross-Domain-Policies: " .. response.header['x-permitted-cross-domain-policies']) - + x_cross_domain_header = string.lower(response.header['x-permitted-cross-domain-policies']) if string.match(x_cross_domain_header,'none') then table.insert(output_info.X_Permitted_Cross_Domain_Policies, "Description: No policy files are allowed anywhere on the target server, including this master policy file. ") diff --git a/scripts/http-vuln-cve2017-5689.nse b/scripts/http-vuln-cve2017-5689.nse index 3095d99bd..e11b703b4 100644 --- a/scripts/http-vuln-cve2017-5689.nse +++ b/scripts/http-vuln-cve2017-5689.nse @@ -1,8 +1,8 @@ description = [[ -Detects if a system with Intel Active Management Technology is vulnerable to the INTEL-SA-00075 +Detects if a system with Intel Active Management Technology is vulnerable to the INTEL-SA-00075 privilege escalation vulnerability (CVE2017-5689). -This script determines if a target is vulnerable by attempting to perform digest authentication +This script determines if a target is vulnerable by attempting to perform digest authentication with a blank response parameter. If the authentication succeeds, a HTTP 200 response is received. References: @@ -53,7 +53,7 @@ local stdnse = require "stdnse" -- 10.0 (HIGH) (AV:N/AC:L/AU:N/C:C/I:C/A:C) -- -- --- Intel Active Management Technology is vulnerable to an authentication bypass that can be +-- Intel Active Management Technology is vulnerable to an authentication bypass that can be -- exploited by performing digest authentication and sending a blank response digest parameter. -- --
@@ -108,11 +108,11 @@ digest parameter. local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port) local response = http.get(host, port, '/index.htm') - if response.header['server'] and response.header['server']:find('Intel(R)', 1, true) + if response.header['server'] and response.header['server']:find('Intel(R)', 1, true) and response.status and response.status == 401 then local www_authenticate = http.parse_www_authenticate(response.header['www-authenticate']) - if www_authenticate[1]['params'] and www_authenticate[1]['params']['realm'] and www_authenticate[1]['params']['nonce'] then - local auth_header = string.format("Digest username=\"admin\", realm=\"%s\", nonce=\"%s\", uri=\"index.htm\"," .. + if www_authenticate[1]['params'] and www_authenticate[1]['params']['realm'] and www_authenticate[1]['params']['nonce'] then + local auth_header = string.format("Digest username=\"admin\", realm=\"%s\", nonce=\"%s\", uri=\"index.htm\"," .. "cnonce=\"%s\", nc=1, qop=\"auth\", response=\"\"", www_authenticate[1]['params']['realm'], www_authenticate[1]['params']['nonce'], stdnse.generate_random_string(10)) local opt = { header = { ['Authorization'] = auth_header } } @@ -121,7 +121,7 @@ digest parameter. vuln.state = vulns.STATE.VULN end end - end + end return vuln_report:make_output(vuln) end diff --git a/scripts/smb2-time.nse b/scripts/smb2-time.nse index 274f1cdf2..e4513fa9b 100644 --- a/scripts/smb2-time.nse +++ b/scripts/smb2-time.nse @@ -11,10 +11,10 @@ Attempts to obtain the current system date and the start date of a SMB2 server. -- -- @output -- Host script results: --- | smb2-time: +-- | smb2-time: -- | date: 2017-07-28 03:06:34 -- |_ start_date: 2017-07-20 09:29:49 --- +-- -- @xmloutput -- 2017-07-28 03:07:57 -- 2017-07-20 09:29:49