PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Implement Evil bit option in Nping. Fixes #2486

Browse Source
This commit is contained in:
nnposter
2022-06-27 02:38:51 +00:00
parent b8d3d9cff2
commit d00a80d398
6 changed files with 59 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
nping/ArgParser.cc
View File

@@ -101,6 +101,7 @@ int ArgParser::parseArguments(int argc, char *argv[]) {
u8 *auxbuff=NULL;
u16 *portlist=NULL;
char errstr[256];
char *script_kiddie;
struct option long_options[] = {
@@ -188,6 +189,7 @@ int ArgParser::parseArguments(int argc, char *argv[]) {
{"id", required_argument, 0, 0},
{"df", no_argument, 0, 0},
{"mf", no_argument, 0, 0},
{"evil", no_argument, 0, 0},
{"ttl", required_argument, 0, 0},
{"badsum-ip", no_argument, 0, 0},
{"ip-options", required_argument, 0, 0},
@@ -700,6 +702,9 @@ int ArgParser::parseArguments(int argc, char *argv[]) {
/* More fragments bit */
} else if (strcmp(long_options[option_index].name, "mf") == 0 ){
o.setMF();
/* Reserved / Evil bit */
} else if (strcmp(long_options[option_index].name, "evil") == 0 ){
o.setRF();
/* Time to live (hop-limit in IPv6) */
} else if (strcmp(long_options[option_index].name, "ttl") == 0 ||
strcmp(long_options[option_index].name, "hop-limit") == 0 ){
@@ -1099,6 +1104,11 @@ int ArgParser::parseArguments(int argc, char *argv[]) {
} /* End of getopt while */
/* Option --evil is implied when SCRIPT_KIDDIE has a non-zero value */
script_kiddie = getenv("SCRIPT_KIDDIE");
if (script_kiddie != NULL && strcmp(script_kiddie, "0") != 0)
o.setRF();
/* Now it's time to parse target host specifications. As nmap does, Nping
* treats everything getopt() can't parse as a host specification. At this
* point, var optind should point to the argv[] position that contains the
@@ -1185,6 +1195,7 @@ void ArgParser::printUsage(void){
" --id <id> : Set identification field (16 bits).\n"
" --df : Set Don't Fragment flag.\n"
" --mf : Set More Fragments flag.\n"
" --evil : Set Reserved / Evil flag.\n"
" --ttl <hops> : Set time to live [0-255].\n"
" --badsum-ip : Use a random invalid checksum. \n"
" --ip-options <S|R [route]|L [route]|T|U ...> : Set IP options\n"

21
nping/NpingOps.cc
View File

@@ -1179,6 +1179,20 @@ bool NpingOps::getDF(){
} /* End of getDF() */
/** Set Reserved / Evil flag */
int NpingOps::setRF(){
this->rf = true;
this->rf_set = true;
return OP_SUCCESS;
} /* End of setRF() */
/** Get Reserved / Evil flag */
bool NpingOps::getRF(){
return this->rf;
} /* End of getRF() */
/* Returns true if option has been set */
bool NpingOps::issetMF(){
return this->mf_set;
@@ -1191,6 +1205,12 @@ bool NpingOps::issetDF(){
} /* End of isset() */
/* Returns true if option has been set */
bool NpingOps::issetRF(){
return this->rf_set;
} /* End of isset() */
/** Sets Maximum Transmission Unit length. Supplied parameter must be a positive
* integer and must be a multiple of 8.
* @return OP_SUCCESS on success and OP_FAILURE in case of error. */
@@ -2577,6 +2597,7 @@ bool NpingOps::canRunUDPWithoutPrivileges(){
this->issetIdentification() ||
this->issetMF() ||
this->issetDF() ||
this->issetRF() ||
this->issetIPv4SourceAddress() ||
this->issetIPv6SourceAddress() ||
this->issetIPOptions() ||

6
nping/NpingOps.h
View File

@@ -184,6 +184,8 @@ class NpingOps {
bool mf_set;
bool df; /* Don't fragment flag */
bool df_set;
bool rf; /* Reserved / Evil flag */
bool rf_set;
u32 mtu; /* Custom MTU len (for IP fragmentation) */
bool mtu_set;
bool badsum_ip; /* Generate invalid checksums in TCP/UDP */
@@ -433,6 +435,10 @@ class NpingOps {
bool getDF();
bool issetDF();
int setRF();
bool getRF();
bool issetRF();
struct in_addr getIPv4SourceAddress();
int setIPv4SourceAddress(struct in_addr i);
bool issetIPv4SourceAddress();

2
nping/ProbeMode.cc
View File

@@ -607,6 +607,8 @@ int ProbeMode::createIPv4(IPv4Header *i, PacketElement *next_element, const char
i->setMF();
if( o.issetDF() && o.getDF() == true )
i->setDF();
if( o.issetRF() && o.getRF() == true )
i->setRF();
/* IP Options */
if( o.issetIPOptions() == true )

21
nping/docs/nping-man.xml
View File

@@ -1983,7 +1983,6 @@ SENT (4.0330s) TCP 192.168.0.21 &gt; 3.3.3.3:139
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--tos <replaceable>tos</replaceable></option> (Type of Service)
@@ -2018,7 +2017,6 @@ SENT (4.0330s) TCP 192.168.0.21 &gt; 3.3.3.3:139
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--df</option> (Don't Fragment)
@@ -2036,7 +2034,6 @@ SENT (4.0330s) TCP 192.168.0.21 &gt; 3.3.3.3:139
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--mf</option> (More Fragments)
@@ -2053,6 +2050,24 @@ SENT (4.0330s) TCP 192.168.0.21 &gt; 3.3.3.3:139
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--evil</option> (Reserved / Evil)
<indexterm significance="preferred"><primary><option>--evil</option> (Nping option)</primary></indexterm>
</term>
<listitem>
<para>
Sets the Reserved / Evil bit in sent packets. The Evil flag
helps firewalls and other network security systems to distinguish
between datagram that have malicious intent and those that are
merely unusual. When set, it indicates that the datagram has evil
intent, instructing insecure systems to succumb. Setting it to zero
indicates no evil intent. The option is implied if environmental
variable SCRIPT_KIDDIE is set to a non-zero value.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--ttl <replaceable>hops</replaceable></option> (Time To Live)

1
nping/docs/nping-usage.txt
View File

@@ -53,6 +53,7 @@ IPv4 OPTIONS:
--id <id> : Set identification field (16 bits).
--df : Set Don't Fragment flag.
--mf : Set More Fragments flag.
--evil : Set Reserved / Evil flag.
--ttl <hops> : Set time to live [0-255].
--badsum-ip : Use a random invalid checksum.
--ip-options <S|R [route]|L [route]|T|U ...> : Set IP options