PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

latest changes ...

Browse Source
This commit is contained in:
fyodor
2006-03-25 23:56:48 +00:00
parent 161b2bb30f
commit 7fafddee53
26 changed files with 466 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
CHANGELOG
View File

@@ -1,13 +1,47 @@
# Nmap Changelog ($Id$); -*-text-*-
o Updated the LibPCRE build system to add the -fno-thread-jumps option
to gcc when compiling on the new Intel-based Apple Mac OS X systems.
Hopefully this resolves the version detection crashes that several
people have reported on such systems. Thanks to Kurt Grutzmacher
(grutz(a)jingojango.net) for sending the configure.ac patch.
Nmap 4.02ALPHA2
o Updated to a newer XSL stylesheet (for XML to HTML output
tranformation) by Benjamin Erb. This new version includes IP
address sorting, removal of javascript requirements, some new
address, hostname, and Nmap version information, and various minor
tweaks and fixes.
o Cleaned up the Amiga port code to use atexit() rather than the
previous macro hack. Thanks to Kris Katterjohn (kjak(a)ispwest.com)
for the patch. Applied maybe half a dozen new other code cleanup
patches from him as well.
o Made some changes to various Nmap initialization functions which
help ALT Linux (altlinux.org) developers run Nmap in a chroot
environment. Thanks to Dmitry V. Levin (ldv(a)altlinux.org) for the
patch.
help ALT Linux (altlinux.org) and Owl (openwall.com) developers run
Nmap in a chroot environment. Thanks to Dmitry V. Levin
(ldv(a)altlinux.org) for the patch.
o Cleaned up the code a bit by making a bunch (nearly 100) global
symols (mostly function calls) static. I was also able to removed
some unused functions. Thanks to Dmitry V. Levin (ldv(a)altlinux.org)
for sending a list of candidate symbols.
some unused functions and superfluous config.h.in defines. Thanks
to Dmitry V. Levin (ldv(a)altlinux.org) for sending a list of
candidate symbols.
o Nmap now tests for the existence of data files using stat(2) rather
than testing whether they can be opened for reading (with fopen).
This is because some device files (tape drives, etc.) may react badly
to being opened at all. Thanks to Dmitry V. Levin
(ldv(a)altlinux.org) for the suggestion.
o Changed Nmap to cache interface information rather than opening and
closing it (with dnet's eth_open and eth_close functions) all the
time.
o Applied a one-character Visual Studio 2005 compatability patch from
kx (kxmail(a)gmail.com). It changed getch() into _getch() on Windows.
Nmap 4.02ALPHA1

2
Makefile.in
View File

@@ -1,4 +1,4 @@
export NMAP_VERSION = 4.02Alpha1
export NMAP_VERSION = 4.02Alpha2
NMAP_NAME= Nmap
NMAP_URL= http://www.insecure.org/nmap/
NMAP_PLATFORM=@host@

4
NmapOps.cc
View File

@@ -310,7 +310,7 @@ void NmapOps::ValidateOptions() {
}
if (pingtype != PINGTYPE_NONE && spoofsource) {
error("WARNING: If -S is being used to fake your source address, you may also have to use -e <iface> and -P0 . If you are using it to specify your real source address, you can ignore this warning.");
error("WARNING: If -S is being used to fake your source address, you may also have to use -e <interface> and -P0 . If you are using it to specify your real source address, you can ignore this warning.");
}
if (pingtype != PINGTYPE_NONE && idlescan) {
@@ -428,7 +428,7 @@ void NmapOps::ValidateOptions() {
}
if (af() == AF_INET6 && (numdecoys|osscan|bouncescan|fragscan|ackscan|finscan|idlescan|ipprotscan|maimonscan|nullscan|rpcscan|synscan|udpscan|windowscan|xmasscan)) {
fatal("Sorry -- IPv6 support is currently only available for connect() scan (-sT), ping scan (-sP), and list scan (-sL). Further support is under consideration.");
fatal("Sorry -- IPv6 support is currently only available for connect() scan (-sT), ping scan (-sP), and list scan (-sL). OS detection and decoys are also not supported with IPv6. Further support is under consideration.");
}
if (af() != AF_INET) mass_dns = false;

2
Target.cc
View File

@@ -277,8 +277,6 @@ void Target::setHostName(char *name) {
hostname = NULL;
}
if (name) {
if (strchr(name, '%')) {
}
p = hostname = strdup(name);
while (*p) {
// I think only a-z A-Z 0-9 . and - are allowed, but I'll be a little more

8
config.h.in
View File

@@ -106,8 +106,6 @@
#undef HAVE_STRUCT_IP
#undef HAVE_USLEEP
#undef HAVE_NANOSLEEP
#undef HAVE_STRUCT_ICMP
@@ -149,8 +147,6 @@
#undef HAVE_TERMIOS_H
#undef HAVE_PCRE_H
#undef HAVE_PCRE_PCRE_H
#undef BSD_NETWORKING
@@ -159,12 +155,8 @@
#undef HAVE_STRCASESTR
#undef HAVE_GETOPT_LONG
#undef IN_ADDR_DEEPSTRUCT
#undef HAVE_NETINET_IN_SYSTEM_H
#undef HAVE_SOCKADDR_SA_LEN
#undef HAVE_NETINET_IF_ETHER_H

40
docs/nmap.1
View File

@@ -2,7 +2,7 @@
.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
.\" Instead of manually editing it, you probably should edit the DocBook XML
.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
.TH "NMAP" "1" "03/03/2006" "" "Nmap Reference Guide"
.TH "NMAP" "1" "03/08/2006" "" "Nmap Reference Guide"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -131,14 +131,16 @@ OS DETECTION:
\-\-osscan\-limit: Limit OS detection to promising targets
\-\-osscan\-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in milliseconds, unless you append 's'
(seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
\-T[0\-5]: Set timing template (higher is faster)
\-\-min\-hostgroup/max\-hostgroup <size>: Parallel host scan group sizes
\-\-min\-parallelism/max\-parallelism <msec>: Probe parallelization
\-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <msec>: Specifies
\-\-min\-parallelism/max\-parallelism <time>: Probe parallelization
\-\-min\-rtt\-timeout/max\-rtt\-timeout/initial\-rtt\-timeout <time>: Specifies
probe round trip time.
\-\-max\-retries <tries>: Caps number of port scan probe retransmissions.
\-\-host\-timeout <msec>: Give up on target after this long
\-\-scan\-delay/\-\-max\-scan\-delay <msec>: Adjust delay between probes
\-\-host\-timeout <time>: Give up on target after this long
\-\-scan\-delay/\-\-max\-scan\-delay <time>: Adjust delay between probes
FIREWALL/IDS EVASION AND SPOOFING:
\-f; \-\-mtu <val>: fragment packets (optionally w/given MTU)
\-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
@@ -157,6 +159,7 @@ OUTPUT:
\-d[level]: Set or increase debugging level (Up to 9 is meaningful)
\-\-packet\-trace: Show all packets sent and received
\-\-iflist: Print host interfaces and routes (for debugging)
\-\-log\-errors: Log errors/warnings to the normal\-format output file
\-\-append\-output: Append to rather than clobber specified output files
\-\-resume <filename>: Resume an aborted scan
\-\-stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
@@ -180,7 +183,9 @@ EXAMPLES:
.PP
Everything on the Nmap command\-line that isn't an option (or option argument) is treated as a target host specification. The simplest case is to specify a target IP address or hostname for scanning.
.PP
Sometimes you wish to scan a whole network of adjacent hosts. For this, Nmap supports CIDR\-style addressing. You can append /\fInumbits\fR
Sometimes you wish to scan a whole network of adjacent hosts. For this, Nmap supports CIDR\-style addressing. You can append
/\fInumbits\fR
to an IP address or hostname and Nmap will scan every IP address for which the first
\fInumbits\fR
are the same as for the reference IP or hostname given. For example, 192.168.10.0/24 would scan the 256 hosts between 192.168.10.0 (binary:
@@ -243,7 +248,13 @@ options (which select ping types) can be combined. You can increase your odds of
\fB\-P*\fR
options, because it is almost always faster and more effective.
.PP
The following options control host discovery.
By default, Nmap does host discovery and then performs a port scan against each host it determines is online. This is true even if you specify non\-default host discovery types such as UDP probes (\fB\-PU\fR). Read about the
\fB\-sP\fR
option to learn how to perform
\fIonly\fR
host discovery, or use
\fB\-P0\fR
to skip host discovery and port scan all target hosts. The following options control host discovery:
.TP
\fB\-sL\fR (List Scan)
The list scan is a degenerate form of host discovery that simply lists each host of the network(s) specified, without sending any packets to the target hosts. By default, Nmap still does reverse\-DNS resolution on the hosts to learn their names. It is often surprising how much useful information simple hostnames give out. For example,
@@ -415,7 +426,7 @@ While Nmap attempts to produce accurate results, keep in mind that all of its in
This section documents the dozen or so port scan techniques supported by Nmap. Only one method may be used at a time, except that UDP scan (\fB\-sU\fR) may be combined with any one of the TCP scan types. As a memory aid, port scan type options are of the form
\fB\-s\fR\fB\fIC\fR\fR, where
\fIC\fR
is a prominent character in the scan name, usually the first. The one exception to this is the deprecated FTP bounce scan (\fB\-b\fR). By default, Nmap performs a SYN Scan, though it substitutes a Connect() scan if the user does not have proper privileges to send raw packets (requires root access on UNIX) or if IPv6 targets were specified. Of the scans listed in this section, unprivileged users can only execute connect() and ftp bounce scans.
is a prominent character in the scan name, usually the first. The one exception to this is the deprecated FTP bounce scan (\fB\-b\fR). By default, Nmap performs a SYN Scan, though it substitutes a connect scan if the user does not have proper privileges to send raw packets (requires root access on UNIX) or if IPv6 targets were specified. Of the scans listed in this section, unprivileged users can only execute connect and ftp bounce scans.
.TP
\fB\-sS\fR (TCP SYN scan)
SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by intrusive firewalls. SYN scan is relatively unobtrusive and stealthy, since it never completes TCP connections. It also works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap's Fin/Null/Xmas, Maimon and Idle scans do. It also allows clear, reliable differentiation between the
@@ -426,8 +437,8 @@ states.
.sp
This technique is often referred to as half\-open scanning, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and then wait for a response. A SYN/ACK indicates the port is listening (open), while a RST (reset) is indicative of a non\-listener. If no response is received after several retransmissions, the port is marked as filtered. The port is also marked filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or 13) is received.
.TP
\fB\-sT\fR (TCP connect() scan)
TCP Connect() scan is the default TCP scan type when SYN scan is not an option. This is the case when a user does not have raw packet privileges or is scanning IPv6 networks. Instead of writing raw packets as most other scan types do, Nmap asks the underlying operating system to establish a connection with the target machine and port by issuing the
\fB\-sT\fR (TCP connect scan)
TCP connect scan is the default TCP scan type when SYN scan is not an option. This is the case when a user does not have raw packet privileges or is scanning IPv6 networks. Instead of writing raw packets as most other scan types do, Nmap asks the underlying operating system to establish a connection with the target machine and port by issuing the
connect()
system call. This is the same high\-level system call that web browsers, P2P clients, and most other network\-enabled applications use to establish a connection. It is part of a programming interface known as the Berkeley Sockets API. Rather than read raw packet responses off the wire, Nmap uses this API to obtain status information on each connection attempt.
.sp
@@ -450,7 +461,7 @@ filtered. Occasionally, a service will respond with a UDP packet, proving that i
open. If no response is received after retransmissions, the port is classified as
open|filtered. This means that the port could be open, or perhaps packet filters are blocking the communication. Versions scan (\fB\-sV\fR) can be used to help differentiate the truly open ports from the filtered ones.
.sp
A big challenge with UDP scanning is doing it quickly. Open and filtered ports rarely send any response, leaving Nmap to time out and then conduct retransmissions just in case the probe or response were lost. Closed ports are often an even bigger problem. They usually send back an ICMP port unreachable error. But unlike the RST packets sent by closed TCP ports in response to a SYN or Connect scan, many hosts rate limit ICMP port unreachable messages by default. Linux and Solaris are particularly strict about this. For example, the Linux 2.4.20 kernel limits destination unreachable messages to one per second (in
A big challenge with UDP scanning is doing it quickly. Open and filtered ports rarely send any response, leaving Nmap to time out and then conduct retransmissions just in case the probe or response were lost. Closed ports are often an even bigger problem. They usually send back an ICMP port unreachable error. But unlike the RST packets sent by closed TCP ports in response to a SYN or connect scan, many hosts rate limit ICMP port unreachable messages by default. Linux and Solaris are particularly strict about this. For example, the Linux 2.4.20 kernel limits destination unreachable messages to one per second (in
\fInet/ipv4/icmp.c\fR).
.sp
Nmap detects rate limiting and slows down accordingly to avoid flooding the network with useless packets that the target machine will drop. Unfortunately, a Linux\-style limit of one packet per second makes a 65,536\-port scan take more than 18 hours. Ideas for speeding your UDP scans up include scanning more hosts in parallel, doing a quick scan of just the popular ports first, scanning from behind the firewall, and using
@@ -821,7 +832,7 @@ with the maximum amoung of time you are willing to wait. I often specify
30m
to ensure that Nmap doesn't waste more than half an hour on a single host. Note that Nmap may be scanning other hosts at the same time during that half an hour as well, so it isn't a complete loss. A host that times out is skipped. No port table, OS detection, or version detection results are printed for that host.
.TP
\fB\-\-scan\-delay <time>\fR; \fB\-\-max_scan\-delay <time>\fR (Adjust delay between probes)
\fB\-\-scan\-delay <time>\fR; \fB\-\-max\-scan\-delay <time>\fR (Adjust delay between probes)
This option causes Nmap to wait at least the given amount of time between each probe it sends to a given host. This is particularly useful in the case of rate limiting. Solaris machines (among many others) will usually respond to UDP scan probe packets with only one ICMP message per second. Any more than that sent by Nmap will be wasteful. A
\fB\-\-scan\-delay\fR
of
@@ -927,7 +938,7 @@ ME, nmap will put you in a random position.
.sp
Note that the hosts you use as decoys should be up or you might accidentally SYN flood your targets. Also it will be pretty easy to determine which host is scanning if only one is actually up on the network. You might want to use IP addresses instead of names (so the decoy networks don't see you in their nameserver logs).
.sp
Decoys are used both in the initial ping scan (using ICMP, SYN, ACK, or whatever) and during the actual port scanning phase. Decoys are also used during remote OS detection (\fB\-O\fR). Decoys do not work with version detection or TCP connect() scan.
Decoys are used both in the initial ping scan (using ICMP, SYN, ACK, or whatever) and during the actual port scanning phase. Decoys are also used during remote OS detection (\fB\-O\fR). Decoys do not work with version detection or TCP connect scan.
.sp
It is worth noting that using too many decoys may slow your scan and potentially even make it less accurate. Also, some ISPs will filter out your spoofed packets, but many do not restrict spoofed IP packets at all.
.TP
@@ -1103,6 +1114,7 @@ As with XML output, this man page does not allow for documenting the entire form
\fI\%http://www.unspecific.com/nmap\-oG\-output\fR.
.TP
\fB\-oA <basename>\fR (Output to all formats)
As a convenience, you may specify
\fB\-oA \fR\fB\fIbasename\fR\fR
to store scan results in normal, XML, and grepable formats at once. They are stored in
@@ -1188,7 +1200,7 @@ directive is omitted.
This section describes some important (and not\-so\-important) options that don't really fit anywhere else.
.TP
\fB\-6\fR (Enable IPv6 scanning)
Since 2002, Nmap has offered IPv6 support for its most popular features. In particular, ping scanning (TCP\-only), connect() scanning, and version detection all support IPv6. The command syntax is the same as usual except that you also add the
Since 2002, Nmap has offered IPv6 support for its most popular features. In particular, ping scanning (TCP\-only), connect scanning, and version detection all support IPv6. The command syntax is the same as usual except that you also add the
\fB\-6\fR
option. Of course, you must use IPv6 syntax if you specify an address rather than a hostname. An address might look like
3ffe:7501:4819:2000:210:f3ff:fe03:14d0, so hostnames are recommended. The output looks the same as usual, with the IPv6 address on the

2
docs/nmap.usage.txt
View File

@@ -1,4 +1,4 @@
Nmap 4.02Alpha1 ( http://www.insecure.org/nmap/ )
Nmap 4.02Alpha2 ( http://www.insecure.org/nmap/ )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.

232
docs/nmap.xsl
View File

@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- =========================================================================
nmap.xsl stylesheet version 0.9a
last change: 2005-02-04
nmap.xsl stylesheet version 0.9b
last change: 2006-03-04
Benjamin Erb, http://www.benjamin-erb.de
==============================================================================
Copyright (c) 2004 Benjamin Erb
Copyright (c) 2004-2006 Benjamin Erb
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -34,10 +34,10 @@
<!-- global variables -->
<!-- ............................................................ -->
<xsl:variable name="nmap_xsl_version">0.9a</xsl:variable>
<xsl:variable name="nmap_xsl_version">0.9b</xsl:variable>
<!-- ............................................................ -->
<xsl:variable name="start"><xsl:value-of select="/nmaprun/@start" /></xsl:variable>
<xsl:variable name="end"><xsl:value-of select="/nmaprun/runstats/finished/@time" /> </xsl:variable>
<xsl:variable name="start"><xsl:value-of select="/nmaprun/@startstr" /></xsl:variable>
<xsl:variable name="end"><xsl:value-of select="/nmaprun/runstats/finished/@timestr" /> </xsl:variable>
<xsl:variable name="totaltime"><xsl:value-of select="/nmaprun/runstats/finished/@time -/nmaprun/@start" /></xsl:variable>
<!-- ............................................................ -->
@@ -55,17 +55,6 @@
<xsl:comment>generated with nmap.xsl - version <xsl:value-of select="$nmap_xsl_version" /> by Benjamin Erb - http://www.benjamin-erb.de/nmap_xsl.php </xsl:comment>
<!-- embedded JavaScript for time conversion -->
<script language="JavaScript" type="text/javascript" >
function timestamp2date(stamp)
{
var myDate = new Date(stamp * 1000);
dateStr = myDate.toGMTString();
return dateStr;
}
</script>
<style type="text/css">
/* stylesheet print */
@media print
@@ -154,7 +143,7 @@ function timestamp2date(stamp)
#container
{
text-align:left;
margin: 0px auto;
margin: 10px auto;
width: 90%;
}
@@ -162,7 +151,7 @@ function timestamp2date(stamp)
{
font-family: Verdana, Helvetica, sans-serif;
font-weight:bold;
font-size: 16pt;
font-size: 14pt;
color: #000000;
background-color:#87CEFA;
margin:10px 0px 0px 0px;
@@ -172,22 +161,13 @@ function timestamp2date(stamp)
text-align: left;
}
h1 a
{
font-family: Verdana, Helvetica, sans-serif;
font-weight:bold;
font-size: 16pt;
color: #000000;
background-color:#87CEFA;
}
h2
{
font-family: Verdana, Helvetica, sans-serif;
font-weight:bold;
font-size: 12pt;
font-size: 11pt;
color: #000000;
margin:10px 0px 0px 0px;
margin:30px 0px 0px 0px;
padding:4px;
width: 100%;
border:1px solid black;
@@ -208,7 +188,7 @@ function timestamp2date(stamp)
background-color:#FFCCCC;
border-color:#8B0000;
}
h3
{
font-family: Verdana, Helvetica, sans-serif;
@@ -223,7 +203,7 @@ function timestamp2date(stamp)
p
{
font-family: Verdana, Helvetica, sans-serif;
font-size: 10pt;
font-size: 8pt;
color:#000000;
background-color: #FFFFFF;
width: 75%;
@@ -241,7 +221,7 @@ function timestamp2date(stamp)
ul
{
font-family: Verdana, Helvetica, sans-serif;
font-size: 10pt;
font-size: 8pt;
color:#000000;
background-color: #FFFFFF;
width: 75%;
@@ -249,6 +229,17 @@ function timestamp2date(stamp)
}
a
{
font-family: Verdana, Helvetica, sans-serif;
text-decoration: none;
font-size: 8pt;
color:#000000;
font-weight:bold;
background-color: #FFFFFF;
color: #000000;
}
li a
{
font-family: Verdana, Helvetica, sans-serif;
text-decoration: none;
@@ -264,6 +255,15 @@ function timestamp2date(stamp)
text-decoration: underline;
}
a.red
{
color:#8B0000;
}
a.green
{
color:#006400;
}
table
{
width: 80%;
@@ -277,7 +277,7 @@ function timestamp2date(stamp)
{
vertical-align:top;
font-family: Verdana, Helvetica, sans-serif;
font-size: 10pt;
font-size: 8pt;
color:#000000;
background-color: #D1D1D1;
}
@@ -303,18 +303,28 @@ function timestamp2date(stamp)
tr.closed
{
background-color: #FFCCCC;
background-color: #FFAFAF;
color: #000000;
}
td
{
padding:2px;
}
.status
{
display:none;
}
#menu li
{
display : inline;
margin : 0;
margin-right : 10px;
/*margin-right : 10px;*/
padding : 0;
list-style-type : none;
}
}
}
</style>
<title>nmap report</title>
@@ -322,50 +332,59 @@ function timestamp2date(stamp)
<body>
<div id="container">
<h1>nmap scan report - scan @
<xsl:call-template name="timestamp">
<xsl:with-param name="stamp"><xsl:value-of select="$start" /></xsl:with-param>
</xsl:call-template>
<h1>nmap scan report - scan @ <xsl:value-of select="$start" />
</h1>
<ul id="menu">
<li><a href="#scansummary">scan summary</a></li>
<li><a href="#scaninfo">scan info</a></li>
<li><a href="#scansummary">scan summary</a><xsl:text> | </xsl:text></li>
<li><a href="#scaninfo">scan info</a><xsl:text> | </xsl:text></li>
<xsl:for-each select="host">
<li>
<xsl:element name="a">
<xsl:attribute name="href">#<xsl:value-of select="translate(address/@addr, '.', '_') " /></xsl:attribute>
<xsl:attribute name="target">_self</xsl:attribute>
<xsl:value-of select="address/@addr"/>
</xsl:element>
</li>
</xsl:for-each>
<li><a href="#runstats">runstats</a></li>
<xsl:for-each select="host">
<xsl:sort select="substring ( address/@addr, 1, string-length ( substring-before ( address/@addr, '.' ) ) )* (256*256*256) + substring ( substring-after ( address/@addr, '.' ), 1, string-length ( substring-before ( substring-after ( address/@addr, '.' ), '.' ) ) )* (256*256) + substring ( substring-after ( substring-after ( address/@addr, '.' ), '.' ), 1, string-length ( substring-before ( substring-after ( substring-after ( address/@addr, '.' ), '.' ), '.' ) ) ) * 256 + substring ( substring-after ( substring-after ( substring-after ( address/@addr, '.' ), '.' ), '.' ), 1 )" order="ascending" data-type="number"/>
<li>
<xsl:element name="a">
<xsl:attribute name="href">#<xsl:value-of select="translate(address/@addr, '.', '_') " /></xsl:attribute>
<xsl:attribute name="class">
<xsl:choose>
<xsl:when test="status/@state = 'up'">green</xsl:when>
<xsl:otherwise>red</xsl:otherwise>
</xsl:choose>
</xsl:attribute>
<xsl:value-of select="address/@addr"/>
<xsl:if test="count(hostnames/hostname) > 0">
<xsl:for-each select="hostnames/hostname">
<xsl:sort select="@name" order="ascending" data-type="text"/>
<xsl:text> / </xsl:text><xsl:value-of select="@name"/>
</xsl:for-each>
</xsl:if>
</xsl:element>
<xsl:text> | </xsl:text></li>
</xsl:for-each>
<li><a href="#runstats">runstats</a></li>
</ul>
<xsl:element name="a">
<xsl:attribute name="name">scansummary</xsl:attribute>
</xsl:element>
<h2>scan summary</h2>
<p>
<xsl:value-of select="@scanner"/> was initiated at
<xsl:call-template name="timestamp">
<xsl:with-param name="stamp"><xsl:value-of select="$start" /></xsl:with-param>
</xsl:call-template> with these arguments:<br/>
<xsl:value-of select="@scanner"/> was initiated at <xsl:value-of select="$start" /> with these arguments:<br/>
<i><xsl:value-of select="@args" /></i><br/>
The process stopped at
<xsl:call-template name="timestamp">
<xsl:with-param name="stamp"><xsl:value-of select="$end" /></xsl:with-param>
</xsl:call-template>.
The process stopped at <xsl:value-of select="$end" />.
<xsl:choose>
<xsl:when test="debugging/@level = '0'">Debugging was disabled, </xsl:when>
<xsl:otherwise>Debugging was enabled, </xsl:otherwise>
<xsl:when test="debugging/@level = '0'">Debbuging was disabled, </xsl:when>
<xsl:otherwise>Debugging was enabeld, </xsl:otherwise>
</xsl:choose>
the verbosity level was <xsl:value-of select="verbose/@level" />.
the verbosing level was <xsl:value-of select="verbose/@level" />.
</p>
<xsl:apply-templates/>
</div>
<xsl:apply-templates select="host">
<xsl:sort select="substring ( address/@addr, 1, string-length ( substring-before ( address/@addr, '.' ) ) )* (256*256*256) + substring ( substring-after ( address/@addr, '.' ), 1, string-length ( substring-before ( substring-after ( address/@addr, '.' ), '.' ) ) )* (256*256) + substring ( substring-after ( substring-after ( address/@addr, '.' ), '.' ), 1, string-length ( substring-before ( substring-after ( substring-after ( address/@addr, '.' ), '.' ), '.' ) ) ) * 256 + substring ( substring-after ( substring-after ( substring-after ( address/@addr, '.' ), '.' ), '.' ), 1 )" order="ascending" data-type="number"/>
</xsl:apply-templates>
<xsl:apply-templates select="runstats"/>
</div>
</body>
</html>
</xsl:template>
@@ -401,6 +420,11 @@ function timestamp2date(stamp)
<li><xsl:value-of select="hosts/@up" /> host(s) online</li>
<li><xsl:value-of select="hosts/@down" /> host(s) offline</li>
</ul>
<ul>
<li>nmap version: <xsl:value-of select="/nmaprun/@version" /></li>
<li>xml output version: <xsl:value-of select="/nmaprun/@xmloutputversion" /></li>
<li>nmap.xsl version: <xsl:value-of select="$nmap_xsl_version" /></li>
</ul>
<xsl:apply-templates/>
</xsl:template>
<!-- ............................................................ -->
@@ -413,15 +437,45 @@ function timestamp2date(stamp)
</xsl:element>
<xsl:choose>
<xsl:when test="status/@state = 'up'"><h2 class="green"><xsl:value-of select="address/@addr"/> (online)</h2></xsl:when>
<xsl:otherwise><h2 class="red"><xsl:value-of select="address/@addr"/> (offline)</h2></xsl:otherwise>
<xsl:when test="status/@state = 'up'">
<h2 class="green"><xsl:value-of select="address/@addr"/>
<xsl:if test="count(hostnames/hostname) > 0">
<xsl:for-each select="hostnames/hostname">
<xsl:sort select="@name" order="ascending" data-type="text"/>
<xsl:text> / </xsl:text><xsl:value-of select="@name"/>
</xsl:for-each>
</xsl:if>
<span class="status">(online)</span>
</h2>
</xsl:when>
<xsl:otherwise>
<h2 class="red"><xsl:value-of select="address/@addr"/>
<xsl:if test="count(hostnames/hostname) > 0">
<xsl:for-each select="hostnames/hostname">
<xsl:sort select="@name" order="ascending" data-type="text"/>
<xsl:text> / </xsl:text><xsl:value-of select="@name"/>
</xsl:for-each>
</xsl:if>
<span class="status">(offline)</span></h2>
</xsl:otherwise>
</xsl:choose>
<xsl:apply-templates/>
<xsl:if test="count(address) > 0">
<h3>address</h3>
<ul>
<xsl:for-each select="address">
<li><xsl:value-of select="@addr"/> (<xsl:value-of select="@addrtype"/>)</li>
</xsl:for-each>
</ul>
</xsl:if>
<xsl:apply-templates/>
</xsl:template>
<!-- ............................................................ -->
<!-- hostnames -->
<!-- ............................................................ -->
<xsl:template match="hostnames">
@@ -432,7 +486,7 @@ function timestamp2date(stamp)
<!-- hostname -->
<!-- ............................................................ -->
<xsl:template match="hostname">
<li><xsl:value-of select="@name"/> ( <xsl:value-of select="@type"/> )</li>
<li><xsl:value-of select="@name"/> (<xsl:value-of select="@type"/>)</li>
</xsl:template>
<!-- ............................................................ -->
@@ -445,6 +499,8 @@ function timestamp2date(stamp)
<p>The <xsl:value-of select="@count" /> ports scanned but not shown below are in state: <b><xsl:value-of select="@state" /></b></p>
</xsl:if>
</xsl:for-each>
<xsl:if test="count(port) > 0">
<table cellspacing="1">
<tr class="head">
<td colspan="2">Port</td>
@@ -456,6 +512,7 @@ function timestamp2date(stamp)
</tr>
<xsl:apply-templates/>
</table>
</xsl:if>
</xsl:template>
<!-- ............................................................ -->
@@ -533,13 +590,7 @@ function timestamp2date(stamp)
<xsl:template match="osmatch">
<li>os match: <b><xsl:value-of select="@name" /> </b></li>
<li>accuracy: <xsl:value-of select="@accuracy" />%</li>
</xsl:template>
<!-- ............................................................ -->
<!-- os fingerprint -->
<!-- ............................................................ -->
<xsl:template match="osfingerprint">
<li>os fingerprint: <em><xsl:value-of select="@fingerprint" /></em></li>
<li>reference fingerprint line number: <xsl:value-of select="@line" /></li>
</xsl:template>
<!-- ............................................................ -->
@@ -605,25 +656,4 @@ function timestamp2date(stamp)
</xsl:template>
<!-- ............................................................ -->
<!-- Timestamp Conversion -->
<!-- ............................................................ -->
<xsl:template name="timestamp">
<xsl:param name="stamp" />
<xsl:choose>
<!-- Prevent Firefox / Transformiix from running docuement.write() -->
<xsl:when test="system-property('xsl:vendor')!='Transformiix'">
<script language="JavaScript" type="text/javascript" >
<xsl:comment>
document.write(timestamp2date(<xsl:value-of select="$stamp"/>));
</xsl:comment>
</script>
</xsl:when>
<xsl:otherwise><xsl:value-of select="$stamp"/></xsl:otherwise>
</xsl:choose>
</xsl:template>
<!-- ............................................................ -->
</xsl:stylesheet>
</xsl:stylesheet>

6
idle_scan.cc
View File

@@ -371,7 +371,7 @@ static void initialize_idleproxy(struct idle_proxy_info *proxy, char *proxyName,
__FUNCTION__);
memcpy(proxy->eth.srcmac, proxy->host.SrcMACAddress(), 6);
memcpy(proxy->eth.dstmac, proxy->host.NextHopMACAddress(), 6);
proxy->eth.ethsd = eth_open(proxy->host.deviceName());
proxy->eth.ethsd = eth_open_cached(proxy->host.deviceName());
if (proxy->eth.ethsd == NULL)
fatal("%s: Failed to open ethernet device (%s)", __FUNCTION__, proxy->host.deviceName());
proxy->rawsd = -1;
@@ -666,7 +666,7 @@ static int idlescan_countopen2(struct idle_proxy_info *proxy,
__FUNCTION__);
memcpy(eth.srcmac, target->SrcMACAddress(), 6);
memcpy(eth.dstmac, target->NextHopMACAddress(), 6);
eth.ethsd = eth_open(target->deviceName());
eth.ethsd = eth_open_cached(target->deviceName());
if (eth.ethsd == NULL)
fatal("%s: Failed to open ethernet device (%s)", __FUNCTION__, target->deviceName());
} else eth.ethsd = NULL;
@@ -768,7 +768,7 @@ static int idlescan_countopen2(struct idle_proxy_info *proxy,
if (rcv_time) *rcv_time = latestchange;
}
if (newipid > 0) proxy->latestid = newipid;
if (eth.ethsd) { eth_close(eth.ethsd); eth.ethsd = NULL; }
if (eth.ethsd) { eth.ethsd = NULL; } /* don't need to close it due to caching */
return openports;
}

37
libpcre/NMAP_MODIFICATIONS
View File

@@ -67,3 +67,40 @@ o Remove some junk that deals with dynamic linking of pcre:
/* For other operating systems, we use the standard "extern". */
#ifndef PCRE_DATA_SCOPE
o Applied this patch from Kurt Grutzmacher (grutz(a)jingojango.net)
which adds the -fno-thread-jumps option when compiled on Mac OS X
intel:
--- ../nmap-4.02Alpha2.orig/libpcre/configure.ac 2006-03-10 12:48:
34.000000000 -0800
+++ libpcre/configure.ac 2006-03-10 12:49:33.000000000 -0800
@@ -169,6 +169,18 @@
UTF8=-DSUPPORT_UTF8
fi
+dnl MacOSX on Intel Hack to remove thread-jumps
+AC_CANONICAL_HOST
+
+case "$host" in
+ i386-apple-darwin*)
+ macosx=yes
+ AC_DEFINE(MACOSX)
+ needs_cpp_precomp=yes
+ CFLAGS="$CFLAGS -fno-thread-jumps"
+ ;;
+esac
+
dnl "Export" these variables
AC_SUBST(BUILD_EXEEXT)
@@ -191,6 +203,7 @@
AC_SUBST(POSIX_MALLOC_THRESHOLD)
AC_SUBST(UCP)
AC_SUBST(UTF8)
+AC_SUBST(CFLAGS)
AC_SUBST(POSIX_OBJ)
AC_SUBST(POSIX_LOBJ)

107
libpcre/configure vendored
View File

@@ -309,7 +309,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT RANLIB ac_ct_RANLIB CPP EGREP pcre_have_long_long pcre_have_ulong_long BUILD_EXEEXT BUILD_OBJEXT CC_FOR_BUILD CFLAGS_FOR_BUILD EBCDIC HAVE_MEMMOVE HAVE_STRERROR LINK_SIZE MATCH_LIMIT NEWLINE NO_RECURSE PCRE_MAJOR PCRE_MINOR PCRE_DATE PCRE_VERSION PCRE_LIB_VERSION PCRE_POSIXLIB_VERSION POSIX_MALLOC_THRESHOLD UCP UTF8 POSIX_OBJ POSIX_LOBJ POSIX_LIB LIBOBJS LTLIBOBJS'
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT RANLIB ac_ct_RANLIB CPP EGREP pcre_have_long_long pcre_have_ulong_long build build_cpu build_vendor build_os host host_cpu host_vendor host_os BUILD_EXEEXT BUILD_OBJEXT CC_FOR_BUILD CFLAGS_FOR_BUILD EBCDIC HAVE_MEMMOVE HAVE_STRERROR LINK_SIZE MATCH_LIMIT NEWLINE NO_RECURSE PCRE_MAJOR PCRE_MINOR PCRE_DATE PCRE_VERSION PCRE_LIB_VERSION PCRE_POSIXLIB_VERSION POSIX_MALLOC_THRESHOLD UCP UTF8 POSIX_OBJ POSIX_LOBJ POSIX_LIB LIBOBJS LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
@@ -830,6 +830,10 @@ Fine tuning of the installation directories:
_ACEOF
cat <<\_ACEOF
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
_ACEOF
fi
@@ -3495,6 +3499,99 @@ if test "$UCP" != "" ; then
UTF8=-DSUPPORT_UTF8
fi
ac_aux_dir=
for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
if test -f $ac_dir/install-sh; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install-sh -c"
break
elif test -f $ac_dir/install.sh; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install.sh -c"
break
elif test -f $ac_dir/shtool; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/shtool install -c"
break
fi
done
if test -z "$ac_aux_dir"; then
{ { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
{ (exit 1); exit 1; }; }
fi
ac_config_guess="$SHELL $ac_aux_dir/config.guess"
ac_config_sub="$SHELL $ac_aux_dir/config.sub"
ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
# Make sure we can run config.sub.
$ac_config_sub sun4 >/dev/null 2>&1 ||
{ { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
echo "$as_me: error: cannot run $ac_config_sub" >&2;}
{ (exit 1); exit 1; }; }
echo "$as_me:$LINENO: checking build system type" >&5
echo $ECHO_N "checking build system type... $ECHO_C" >&6
if test "${ac_cv_build+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_build_alias=$build_alias
test -z "$ac_cv_build_alias" &&
ac_cv_build_alias=`$ac_config_guess`
test -z "$ac_cv_build_alias" &&
{ { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
{ (exit 1); exit 1; }; }
ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
{ { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
{ (exit 1); exit 1; }; }
fi
echo "$as_me:$LINENO: result: $ac_cv_build" >&5
echo "${ECHO_T}$ac_cv_build" >&6
build=$ac_cv_build
build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
echo "$as_me:$LINENO: checking host system type" >&5
echo $ECHO_N "checking host system type... $ECHO_C" >&6
if test "${ac_cv_host+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_cv_host_alias=$host_alias
test -z "$ac_cv_host_alias" &&
ac_cv_host_alias=$ac_cv_build_alias
ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
{ { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
{ (exit 1); exit 1; }; }
fi
echo "$as_me:$LINENO: result: $ac_cv_host" >&5
echo "${ECHO_T}$ac_cv_host" >&6
host=$ac_cv_host
host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
case "$host" in
i386-apple-darwin*)
macosx=yes
cat >>confdefs.h <<\_ACEOF
#define MACOSX 1
_ACEOF
needs_cpp_precomp=yes
CFLAGS="$CFLAGS -fno-thread-jumps"
;;
esac
@@ -4154,6 +4251,14 @@ s,@CPP@,$CPP,;t t
s,@EGREP@,$EGREP,;t t
s,@pcre_have_long_long@,$pcre_have_long_long,;t t
s,@pcre_have_ulong_long@,$pcre_have_ulong_long,;t t
s,@build@,$build,;t t
s,@build_cpu@,$build_cpu,;t t
s,@build_vendor@,$build_vendor,;t t
s,@build_os@,$build_os,;t t
s,@host@,$host,;t t
s,@host_cpu@,$host_cpu,;t t
s,@host_vendor@,$host_vendor,;t t
s,@host_os@,$host_os,;t t
s,@BUILD_EXEEXT@,$BUILD_EXEEXT,;t t
s,@BUILD_OBJEXT@,$BUILD_OBJEXT,;t t
s,@CC_FOR_BUILD@,$CC_FOR_BUILD,;t t

13
libpcre/configure.ac
View File

@@ -169,6 +169,18 @@ if test "$UCP" != "" ; then
UTF8=-DSUPPORT_UTF8
fi
dnl MacOSX on Intel Hack to remove thread-jumps
AC_CANONICAL_HOST
case "$host" in
i386-apple-darwin*)
macosx=yes
AC_DEFINE(MACOSX)
needs_cpp_precomp=yes
CFLAGS="$CFLAGS -fno-thread-jumps"
;;
esac
dnl "Export" these variables
AC_SUBST(BUILD_EXEEXT)
@@ -191,6 +203,7 @@ AC_SUBST(PCRE_POSIXLIB_VERSION)
AC_SUBST(POSIX_MALLOC_THRESHOLD)
AC_SUBST(UCP)
AC_SUBST(UTF8)
AC_SUBST(CFLAGS)
AC_SUBST(POSIX_OBJ)
AC_SUBST(POSIX_LOBJ)

12
mswin32/nmap.vcproj
View File

@@ -174,6 +174,9 @@
<File
RelativePath="..\nmap_rpc.cc">
</File>
<File
RelativePath="..\nmap_tty.cc">
</File>
<File
RelativePath="..\NmapOps.cc">
</File>
@@ -216,9 +219,6 @@
<File
RelativePath="..\timing.cc">
</File>
<File
RelativePath="..\tty.cc">
</File>
<File
RelativePath="..\utils.cc">
</File>
@@ -278,6 +278,9 @@
<File
RelativePath="..\nmap_rpc.h">
</File>
<File
RelativePath="..\nmap_tty.h">
</File>
<File
RelativePath="..\nmap_winconfig.h">
</File>
@@ -323,9 +326,6 @@
<File
RelativePath="..\timing.h">
</File>
<File
RelativePath="..\tty.h">
</File>
<File
RelativePath="..\utils.h">
</File>

6
nmap-os-fingerprints
View File

@@ -12987,7 +12987,7 @@ T7(Resp=N)
PU(DF=Y%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
# Linux ubuntu 2.6.8.1-5-386 #1 Sat Feb 12 00:19:31 UTC 2005 i686 GNU/Linux
Fingerprint Linux 2.6.8 (ubuntu)
Fingerprint Linux 2.6.8 (Ubuntu)
Class Linux | Linux | 2.6.X | general purpose
TSeq(Class=RI%gcd=<6%SI=<10F66C0&>2B6A6%IPID=Z%TS=1000HZ)
T1(DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
@@ -13597,7 +13597,7 @@ PU(DF=N%TOS=0%IPLEN=B0%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
# Microsoft Windows Server 2003 SP1 [Version 5.2.3790]
# Windows 2003 Service Pack 1 32 Bit Running on Abit Mobo AMD64
Fingerprint MIcrosoft Windows 2003 Server SP1
Fingerprint Microsoft Windows 2003 Server SP1
Class Microsoft | Windows | 2003/.NET | general purpose
TSeq(Class=TR%gcd=<6%IPID=I)
T1(DF=N%W=FC00%ACK=S++%Flags=AS%Ops=MNWNNT)
@@ -20002,7 +20002,7 @@ T6(Resp=Y%DF=N%W=400%ACK=S++%Flags=AR%Ops=)
T7(Resp=Y%DF=N%W=400%ACK=S++%Flags=AR%Ops=)
PU(Resp=N)
Fingerprint Sony AIBO ERS-7 running AIBO MInd 2
Fingerprint Sony AIBO ERS-7 running AIBO Mind 2
Class Sony | embedded || robotic pet
TSeq(Class=TR|TD%gcd=<186A4%SI=<64%IPID=I%TS=U)
T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=M)

29
nmap.cc
View File

@@ -459,7 +459,6 @@ int nmap_main(int argc, char *argv[]) {
vector<Target *> Targets;
char *portlist = NULL; /* Ports list specified by user */
char *proberr;
char emptystring[1];
int sourceaddrwarning = 0; /* Have we warned them yet about unguessable
source addresses? */
unsigned int ideal_scan_group_sz = 0;
@@ -575,8 +574,6 @@ int nmap_main(int argc, char *argv[]) {
}
fakeargv[argc] = NULL;
emptystring[0] = '\0'; /* It wouldn't be an empty string w/o this ;) */
if (argc < 2 ) printusage(argv[0], -1);
Targets.reserve(100);
#ifdef WIN32
@@ -1571,6 +1568,8 @@ int nmap_main(int argc, char *argv[]) {
free(ports);
}
eth_close_cached();
/* Free fake argv */
for(i=0; i < argc; i++)
free(fakeargv[i]);
@@ -2105,6 +2104,8 @@ void reaper(int signo) {
void sigdie(int signo) {
int abt = 0;
fflush(stdout);
switch(signo) {
case SIGINT:
fprintf(stderr, "caught SIGINT signal, cleaning up\n");
@@ -2141,19 +2142,29 @@ void sigdie(int signo) {
abt = 1;
break;
}
fflush(stdout);
fflush(stderr);
log_close(LOG_MACHINE|LOG_NORMAL|LOG_SKID);
if (abt) abort();
exit(1);
}
#ifndef S_IRUSR
#define S_IRUSR 00400
#endif
/* Returns true (nonzero) if the file pathname given exists and is
readable by the executing process. Returns zero if it is not */
static int fileexistsandisreadable(char *pathname) {
FILE *fp;
/* We check this the easy way! */
fp = fopen(pathname, "r");
if (fp) fclose(fp);
return (fp == NULL)? 0 : 1;
struct stat st;
if (stat(pathname, &st) == -1)
return 0;
if (!(st.st_mode & S_IFDIR) && (st.st_mode & S_IRUSR))
return 1;
return 0;
}
int nmap_fetchfile(char *filename_returned, int bufferlen, char *file) {

5
nmap.h
View File

@@ -174,10 +174,6 @@ void *realloc();
/* BSDI needs this to insure the correct struct ip */
#undef _IP_VHL
#if HAVE_STRINGS_H
#include <strings.h>
#endif
#include <stdio.h>
#if HAVE_RPC_TYPES_H
@@ -473,5 +469,4 @@ int gather_logfile_resumption_state(char *fname, int *myargc, char ***myargv);
int inet_aton(register const char *, struct in_addr *);
#endif
#endif /* NMAP_H */

4
nmap_error.cc
View File

@@ -118,7 +118,7 @@ void fatal(const char *fmt, ...) {
log_vwrite(LOG_NORMAL, fmt, ap);
va_end(ap);
}
log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, "QUITTING!\n");
log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, "\nQUITTING!\n");
exit(1);
}
@@ -134,7 +134,7 @@ void error(const char *fmt, ...) {
log_vwrite(LOG_NORMAL, fmt, ap);
va_end(ap);
}
log_write(o.log_errors? LOG_NORMAL|LOG_STDERR : LOG_STDERR, "\n");
return;
}

2
nmap_tty.cc
View File

@@ -126,7 +126,7 @@ extern NmapOps o;
// Microsoft's runtime makes this fairly simple. :)
void tty_init() { return; }
static int tty_getchar() { return _kbhit() ? getch() : -1; }
static int tty_getchar() { return _kbhit() ? _getch() : -1; }
static void tty_done() { return; }
#else

2
nmap_winconfig.h
View File

@@ -104,7 +104,7 @@
#ifndef NMAP_WINCONFIG_H
#define NMAP_WINCONFIG_H
#define NMAP_VERSION "4.02Alpha1"
#define NMAP_VERSION "4.02Alpha2"
#define NMAP_NAME "Nmap"
#define NMAP_URL "http://www.insecure.org/nmap"
#define NMAP_PLATFORM "i686-pc-windows-windows"

4
nmapfe/nmapfe_sig.c
View File

@@ -139,8 +139,6 @@
#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <signal.h>
#ifdef WIN32
#include <windows.h>
@@ -1241,7 +1239,7 @@ int arg_parse(const char *command, char ***argv)
char **myargv = NULL;
int argc = 0;
char mycommand[4096];
unsigned char *start, *end;
char *start, *end;
char oldend;
*argv = NULL;

6
osscan.cc
View File

@@ -539,7 +539,7 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) {
if ((o.sendpref & PACKET_SEND_ETH) && target->ifType() == devt_ethernet) {
memcpy(eth.srcmac, target->SrcMACAddress(), 6);
memcpy(eth.dstmac, target->NextHopMACAddress(), 6);
eth.ethsd = eth_open(target->deviceName());
eth.ethsd = eth_open_cached(target->deviceName());
if (eth.ethsd == NULL)
fatal("%s: Failed to open ethernet device (%s)", __FUNCTION__, target->deviceName());
@@ -1117,9 +1117,7 @@ static FingerPrint *get_fingerprint(Target *target, struct seq_info *si) {
FP = NULL;
if (rawsd >= 0)
close(rawsd);
if (ethptr) {
eth_close(ethptr->ethsd);
}
/* No need to close ethptr->ethsd due to caching */
pcap_close(pd);
return FP;
}

5
scan_engine.cc
View File

@@ -106,7 +106,6 @@
#include "timing.h"
#include "NmapOps.h"
#include "nmap_tty.h"
#include <dnet.h>
#include <list>
@@ -1093,7 +1092,7 @@ UltraScanInfo::~UltraScanInfo() {
delete SPM;
if (rawsd >= 0) { close(rawsd); rawsd = -1; }
if (pd) { pcap_close(pd); pd = NULL; }
if (ethsd) { eth_close(ethsd); ethsd = NULL; }
if (ethsd) { ethsd = NULL; /* NO need to eth_close it due to caching */ }
}
/* A circular buffer of the incompleteHosts. nextIncompleteHost() gives
@@ -1204,7 +1203,7 @@ void UltraScanInfo::Init(vector<Target *> &Targets, struct scan_lists *pts, styp
if (ping_scan_arp || ((o.sendpref & PACKET_SEND_ETH) &&
Targets[0]->ifType() == devt_ethernet)) {
/* We'll send ethernet packets with dnet */
ethsd = eth_open(Targets[0]->deviceName());
ethsd = eth_open_cached(Targets[0]->deviceName());
if (ethsd == NULL)
fatal("dnet: Failed to open device %s", Targets[0]->deviceName());
rawsd = -1;

4
targets.cc
View File

@@ -1533,7 +1533,7 @@ static void massping(Target *hostbatch[], int num_hosts,
if (o.numdecoys > 1 || ptech.rawtcpscan || ptech.rawicmpscan || ptech.rawudpscan) {
if ((o.sendpref & PACKET_SEND_ETH) && hostbatch[0]->ifType() == devt_ethernet) {
/* We'll send ethernet packets with dnet */
ethsd = eth_open(hostbatch[0]->deviceName());
ethsd = eth_open_cached(hostbatch[0]->deviceName());
if (ethsd == NULL)
fatal("dnet: Failed to open device %s", hostbatch[0]->deviceName());
rawsd = -1; rawpingsd = -1;
@@ -1662,7 +1662,7 @@ static void massping(Target *hostbatch[], int num_hosts,
if (sd >= 0) close(sd);
if (rawsd >= 0) close(rawsd);
if (rawpingsd >= 0) close(rawpingsd);
if (ethsd) eth_close(ethsd);
/* No need to close ethsd due to caching */
free(time);
if (pd) pcap_close(pd);
if (o.debugging)

63
tcpip.cc
View File

@@ -145,6 +145,10 @@ int if2nameindex(int ifi);
static PacketCounter PktCt;
/* These two are for eth_open_cached() and eth_close_cached() */
static char etht_cache_device_name[64];
static eth_t *etht_cache_device = NULL;
void sethdrinclude(int sd) {
#ifdef IP_HDRINCL
int one = 1;
@@ -178,9 +182,9 @@ static char *ll2shortascii(unsigned long long bytes, char *buf, int buflen) {
if (buflen < 2 || !buf) fatal("Bogus parameter passed to ll2shortascii");
if (bytes > 1000000) {
snprintf(buf, buflen, "%.3gMB", bytes / 1000000.0);
snprintf(buf, buflen, "%.3fMB", bytes / 1000000.0);
} else if (bytes > 10000) {
snprintf(buf, buflen, "%.3gKB", bytes / 1000.0);
snprintf(buf, buflen, "%.3fKB", bytes / 1000.0);
} else snprintf(buf, buflen, "%uB", (unsigned int) bytes);
return buf;
@@ -714,7 +718,7 @@ fatal("Call to pcap_open_live(%s, %d, %d, %d) failed three times. Reported error
"*BSD: If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support. If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV <device>; or use mknod).\n"
"SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such file or directory', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use \"-P0 -sT localhost\" though.\n\n", pcapdev, snaplen, promisc, to_ms, err0r);
} else {
error("pcap_open_live(%s, %d, %d, %d) FAILLED. Reported error: %s. Will wait %d seconds then retry.", pcapdev, snaplen, promisc, to_ms, err0r, (int) pow(5, failed));
error("pcap_open_live(%s, %d, %d, %d) FAILED. Reported error: %s. Will wait %d seconds then retry.", pcapdev, snaplen, promisc, to_ms, err0r, (int) pow(5, failed));
}
sleep((int) pow(5, failed));
}
@@ -783,6 +787,46 @@ int resolve(char *hostname, struct in_addr *ip) {
return 0;
}
/* A simple function that caches the eth_t from dnet for one device,
to avoid opening, closing, and re-opening it thousands of tims. If
you give a different device, this function will close the first
one. Thus this should never be used by programs that need to deal
with multiple devices at once. In addition, you MUST NEVER
eth_close() A DEVICE OBTAINED FROM THIS FUNCTION. Instead, you can
call eth_close_cached() to close whichever device (if any) is
cached. Returns NULL if it fails to open the device. */
eth_t *eth_open_cached(const char *device) {
if (!device) fatal("eth_open_cached() called with NULL device name!");
if (!*device) fatal("eth_open_cached() called with empty device name!");
if (strcmp(device, etht_cache_device_name) == 0) {
/* Yay, we have it cached. */
return etht_cache_device;
}
if (*etht_cache_device_name) {
eth_close(etht_cache_device);
etht_cache_device_name[0] = '\0';
etht_cache_device = NULL;
}
etht_cache_device = eth_open(device);
if (etht_cache_device)
Strncpy(etht_cache_device_name, device, sizeof(etht_cache_device_name));
return etht_cache_device;
}
/* See the description for eth_open_cached */
void eth_close_cached() {
if (etht_cache_device) {
eth_close(etht_cache_device);
etht_cache_device = NULL;
etht_cache_device_name[0] = '\0';
}
return;
}
int send_tcp_raw_decoys( int sd, struct eth_nfo *eth,
const struct in_addr *victim, int ttl,
u16 sport, u16 dport, u32 seq, u32 ack, u8 flags,
@@ -1039,15 +1083,14 @@ int send_ip_packet(int sd, struct eth_nfo *eth, u8 *packet, unsigned int packetl
memcpy(eth_frame + 14, packet, packetlen);
eth_pack_hdr(eth_frame, eth->dstmac, eth->srcmac, ETH_TYPE_IP);
if (!eth->ethsd) {
ethsd = eth_open(eth->devname);
ethsd = eth_open_cached(eth->devname);
if (!ethsd)
fatal("send_ip_packet: Failed to open ethernet device (%s)", eth->devname);
ethsd_opened = true;
} else ethsd = eth->ethsd;
res = eth_send(ethsd, eth_frame, 14 + packetlen);
PacketTrace::trace(PacketTrace::SENT, packet, packetlen);
if (ethsd_opened)
eth_close(ethsd);
/* No need to close ethsd due to caching */
free(eth_frame);
eth_frame = NULL;
return res;
@@ -1906,7 +1949,7 @@ static bool doArp(const char *dev, const u8 *srcmac,
set_pcap_filter(dev, pd, "arp and ether dst host %02X:%02X:%02X:%02X:%02X:%02X", srcmac[0], srcmac[1], srcmac[2], srcmac[3], srcmac[4], srcmac[5]);
/* Prepare probe and sending stuff */
ethsd = eth_open(dev);
ethsd = eth_open_cached(dev);
if (!ethsd) fatal("%s: failed to open device %s", __FUNCTION__, dev);
eth_pack_hdr(frame, ETH_ADDR_BROADCAST, *srcmac, ETH_TYPE_ARP);
arp_pack_hdr_ethip(frame + ETH_HDR_LEN, ARP_OP_REQUEST, *srcmac,
@@ -1948,7 +1991,7 @@ static bool doArp(const char *dev, const u8 *srcmac,
/* OK - let's close up shop ... */
pcap_close(pd);
eth_close(ethsd);
/* No need to close ethsd due to caching */
return foundit;
}
@@ -2144,6 +2187,7 @@ static int collect_dnet_routes(const struct route_entry *entry, void *arg) {
return 0;
}
#if WIN32
static int collect_dnet_interfaces(const struct intf_entry *entry, void *arg) {
struct dnet_collector_route_nfo *dcrn = (struct dnet_collector_route_nfo *) arg;
int i;
@@ -2193,6 +2237,7 @@ static int collect_dnet_interfaces(const struct intf_entry *entry, void *arg) {
dcrn->numifaces++;
return 0;
}
#endif /* WIN32 */
struct interface_info *getinterfaces(int *howmany) {
static bool initialized = 0;
@@ -2333,7 +2378,7 @@ int sd;
memcpy(mydevs[numifaces].mac, &tmpifr.ifr_addr.sa_data, 6);
#else
/* Let's just let libdnet handle it ... */
eth_t *ethsd = eth_open(mydevs[numifaces].devname);
eth_t *ethsd = eth_open_cached(mydevs[numifaces].devname);
eth_addr_t ethaddr;
if (!ethsd)

14
tcpip.h
View File

@@ -198,7 +198,6 @@ void *realloc();
#include <unistd.h>
#endif
#include <fcntl.h>
#include <sys/socket.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
@@ -651,6 +650,19 @@ pcap_t *my_pcap_open_live(const char *device, int snaplen, int promisc,
// invalid (Windows and Amiga), readip_pcap returns the time you called it.
bool pcap_recv_timeval_valid();
/* A simple function that caches the eth_t from dnet for one device,
to avoid opening, closing, and re-opening it thousands of tims. If
you give a different device, this function will close the first
one. Thus this should never be used by programs that need to deal
with multiple devices at once. In addition, you MUST NEVER
eth_close() A DEVICE OBTAINED FROM THIS FUNCTION. Instead, you can
call eth_close_cached() to close whichever device (if any) is
cached. Returns NULL if it fails to open the device. */
eth_t *eth_open_cached(const char *device);
/* See the description for eth_open_cached */
void eth_close_cached();
/* A simple function I wrote to help in debugging, shows the important fields
of a TCP packet*/
int readtcppacket(const u8 *packet, int readdata);

7
utils.h
View File

@@ -117,7 +117,6 @@
#include <netinet/in.h>
#endif
#include <sys/time.h>
#include <assert.h>
#include <sys/mman.h>
#include "config.h"
@@ -227,12 +226,6 @@ long tval2msecs(char *tspec);
str is returned. */
char *cstring_unescape(char *str, unsigned int *len);
#ifndef HAVE_USLEEP
#ifdef HAVE_NANOSLEEP
void usleep(unsigned long usec);
#endif
#endif
#ifndef HAVE_STRERROR
char *strerror(int errnum);
#endif