Loading src/logger.c +29 −0 Original line number Diff line number Diff line Loading @@ -41,3 +41,32 @@ LOG(int level, const char *fmt, ...) va_end(marker); } /*************************************************************************** ***************************************************************************/ void vLOGip(int level, unsigned ip, unsigned port, const char *fmt, va_list marker) { if (level <= verbosity) { char sz_ip[16]; sprintf_s(sz_ip, sizeof(sz_ip), "%u.%u.%u.%u", (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF); fprintf(stderr, "%-15s:%5u: ", sz_ip, port); vfprintf(stderr, fmt, marker); fflush(stderr); } } /*************************************************************************** ***************************************************************************/ void LOGip(int level, unsigned ip, unsigned port, const char *fmt, ...) { va_list marker; va_start(marker, fmt); vLOGip(level, ip, port, fmt, marker); va_end(marker); } src/logger.h +1 −0 Original line number Diff line number Diff line Loading @@ -4,5 +4,6 @@ extern int verbosity; /* defined in logger.c */ void LOG(int level, const char *fmt, ...); void LOGip(int level, unsigned ip, unsigned port, const char *fmt, ...); #endif src/main.c +11 −20 Original line number Diff line number Diff line Loading @@ -464,7 +464,7 @@ receive_thread(struct Masscan *masscan, /* OOPS: handle arp instead. Since we may completely bypass the TCP/IP * stack, we may have to handle ARPs ourself, or the router will * lose track of us. */ LOG(2, "found arp 0x%08x\n", parsed.ip_dst); LOGip(2, ip_them, 0, "-> ARP [%u] \n", px[parsed.found_offset]); arp_response( adapter_ip, adapter_mac, px, length, masscan->packet_buffers, Loading Loading @@ -501,10 +501,13 @@ receive_thread(struct Masscan *masscan, usecs); } LOG(5, "%u.%u.%u.%u - ackno=0x%08x flags=%02x\n", (ip_them>>24)&0xff, (ip_them>>16)&0xff, (ip_them>>8)&0xff, (ip_them>>0)&0xff, seqno_me, TCP_FLAGS(px, parsed.transport_offset)); { char buf[64]; LOGip(5, ip_them, parsed.port_src, "-> TCP ackno=0x%08x flags=0x%02x(%s)\n", seqno_me, TCP_FLAGS(px, parsed.transport_offset), reason_string(TCP_FLAGS(px, parsed.transport_offset), buf, sizeof(buf))); } /* If recording --banners, create a new "TCP Control Block (TCB)" */ if (tcpcon) { Loading Loading @@ -871,21 +874,9 @@ int main(int argc, char *argv[]) * of their ranges, and when doing wide scans, add the exclude list to * prevent them from being scanned. */ { unsigned i; for (i=0; i<masscan->exclude_ip.count; i++) { struct Range range = masscan->exclude_ip.list[i]; rangelist_remove_range(&masscan->targets, range.begin, range.end); } for (i=0; i<masscan->exclude_port.count; i++) { struct Range range = masscan->exclude_port.list[i]; rangelist_remove_range(&masscan->ports, range.begin, range.end); } rangelist_exclude(&masscan->targets, &masscan->exclude_ip); rangelist_exclude(&masscan->ports, &masscan->exclude_port); rangelist_remove_range2(&masscan->targets, range_parse_ipv4("224.0.0.0/4", 0, 0)); } Loading src/out-binary.c +2 −2 Original line number Diff line number Diff line Loading @@ -101,7 +101,7 @@ binary_out_banner(struct Output *out, FILE *fp, unsigned ip, unsigned port, } else { foo[1] = (unsigned char)((length + 12)>>7) | 0x80; foo[2] = (unsigned char)((length + 12) & 0x7F); i = 2; i = 3; } /* [TIMESTAMP] field */ Loading src/proto-banner1.c +12 −179 Original line number Diff line number Diff line Loading @@ -5,17 +5,13 @@ #include "rawsock-pcapfile.h" #include "proto-preprocess.h" #include "proto-banner1.h" #include "proto-http.h" #include "proto-ssh.h" #include <ctype.h> #include <stdlib.h> #include <string.h> struct Patterns { const char *pattern; unsigned pattern_length; unsigned id; unsigned is_anchored; }; struct Patterns patterns[] = { {"SSH-1.", 6, PROTO_SSH1, SMACK_ANCHOR_BEGIN}, Loading @@ -26,179 +22,8 @@ struct Patterns patterns[] = { {0,0} }; enum { HTTPFIELD_INCOMPLETE, HTTPFIELD_SERVER, HTTPFIELD_UNKNOWN, HTTPFIELD_NEWLINE, }; struct Patterns http_fields[] = { {"Server:", 7, HTTPFIELD_SERVER, SMACK_ANCHOR_BEGIN}, {":", 1, HTTPFIELD_UNKNOWN, 0}, {"\n", 1, HTTPFIELD_NEWLINE, 0}, {0,0,0,0} }; struct Banner1 { struct SMACK *smack; struct SMACK *http_fields; }; /*************************************************************************** ***************************************************************************/ static unsigned b_http( struct Banner1 *banner1, unsigned state, const unsigned char *px, size_t length, char *banner, unsigned *banner_offset, size_t banner_max) { unsigned i; unsigned state2; size_t id; enum { FIELD_START = 9, FIELD_NAME, FIELD_COLON, FIELD_VALUE, }; state2 = (state>>16) & 0xFFFF; id = (state>>8) & 0xFF; state = (state>>0) & 0xFF; for (i=0; i<length; i++) switch (state) { case 0: case 1: case 2: case 3: case 4: if (toupper(px[i]) != "HTTP/"[state]) state = STATE_DONE; else state++; break; case 5: if (px[i] == '.') state++; else if (!isdigit(px[i])) state = STATE_DONE; break; case 6: if (isspace(px[i])) state++; else if (!isdigit(px[i])) state = STATE_DONE; break; case 7: /* TODO: look for 1xx response code */ if (px[i] == '\n') state = FIELD_START; break; case FIELD_START: if (px[i] == '\r') break; else if (px[i] == '\n') { state = STATE_DONE; break; } else { state2 = 0; state = FIELD_NAME; /* drop down */ } case FIELD_NAME: if (px[i] == '\r') break; id = smack_search_next( banner1->http_fields, &state2, px, &i, (unsigned)length); if (id == HTTPFIELD_NEWLINE) { state2 = 0; state = FIELD_START; } else if (id == SMACK_NOT_FOUND) ; /* continue here */ else if (id == HTTPFIELD_UNKNOWN) { size_t id2; id2 = smack_next_match(banner1->http_fields, &state2); if (id2 != SMACK_NOT_FOUND) id = id2; state = FIELD_COLON; } else state = STATE_DONE; break; case FIELD_COLON: if (px[i] == '\n') { state = FIELD_START; break; } else if (isspace(px[i])) { break; } else { state = FIELD_VALUE; /* drop down */ } case FIELD_VALUE: if (px[i] == '\r') break; else if (px[i] == '\n') { state = FIELD_START; break; } if (id == HTTPFIELD_SERVER) { if (*banner_offset < banner_max) { banner[(*banner_offset)++] = px[i]; } } break; case STATE_DONE: default: i = (unsigned)length; break; } if (state == STATE_DONE) return state; else return (state2 & 0xFFFF) << 16 | (id & 0xFF) << 8 | (state & 0xFF); } /*************************************************************************** ***************************************************************************/ static unsigned b_ssh( struct Banner1 *banner1, unsigned state, const unsigned char *px, size_t length, char *banner, unsigned *banner_offset, size_t banner_max) { unsigned i; banner1=banner1; for (i=0; i<length; i++) switch (state) { case 0: if (px[i] == '\r') continue; if (px[i] == '\n' || px[i] == '\0' || !isprint(px[i])) { state = STATE_DONE; continue; } if (*banner_offset < banner_max) banner[(*banner_offset)++] = px[i]; break; default: i = (unsigned)length; break; } return state; } /*************************************************************************** ***************************************************************************/ Loading Loading @@ -229,6 +54,8 @@ banner1_parse( for (i=0; patterns[i].id != *proto; i++) ; *banner_offset = 0; state = banner1_parse( banner1, state, proto, Loading @@ -239,18 +66,24 @@ banner1_parse( state, proto, px+offset, length-offset, banner, banner_offset, banner_max); } else { size_t len = length; if (len > banner_max - *banner_offset) len = banner_max = *banner_offset; memcpy(banner + *banner_offset, px, len); (*banner_offset) += (unsigned)len; } break; case PROTO_SSH1: case PROTO_SSH2: case PROTO_FTP1: case PROTO_FTP2: state = b_ssh(banner1, state, state = banner_ssh(banner1, state, px, length, banner, banner_offset, banner_max); break; case PROTO_HTTP: state = b_http(banner1, state, state = banner_http(banner1, state, px, length, banner, banner_offset, banner_max); break; Loading Loading
src/logger.c +29 −0 Original line number Diff line number Diff line Loading @@ -41,3 +41,32 @@ LOG(int level, const char *fmt, ...) va_end(marker); } /*************************************************************************** ***************************************************************************/ void vLOGip(int level, unsigned ip, unsigned port, const char *fmt, va_list marker) { if (level <= verbosity) { char sz_ip[16]; sprintf_s(sz_ip, sizeof(sz_ip), "%u.%u.%u.%u", (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF); fprintf(stderr, "%-15s:%5u: ", sz_ip, port); vfprintf(stderr, fmt, marker); fflush(stderr); } } /*************************************************************************** ***************************************************************************/ void LOGip(int level, unsigned ip, unsigned port, const char *fmt, ...) { va_list marker; va_start(marker, fmt); vLOGip(level, ip, port, fmt, marker); va_end(marker); }
src/logger.h +1 −0 Original line number Diff line number Diff line Loading @@ -4,5 +4,6 @@ extern int verbosity; /* defined in logger.c */ void LOG(int level, const char *fmt, ...); void LOGip(int level, unsigned ip, unsigned port, const char *fmt, ...); #endif
src/main.c +11 −20 Original line number Diff line number Diff line Loading @@ -464,7 +464,7 @@ receive_thread(struct Masscan *masscan, /* OOPS: handle arp instead. Since we may completely bypass the TCP/IP * stack, we may have to handle ARPs ourself, or the router will * lose track of us. */ LOG(2, "found arp 0x%08x\n", parsed.ip_dst); LOGip(2, ip_them, 0, "-> ARP [%u] \n", px[parsed.found_offset]); arp_response( adapter_ip, adapter_mac, px, length, masscan->packet_buffers, Loading Loading @@ -501,10 +501,13 @@ receive_thread(struct Masscan *masscan, usecs); } LOG(5, "%u.%u.%u.%u - ackno=0x%08x flags=%02x\n", (ip_them>>24)&0xff, (ip_them>>16)&0xff, (ip_them>>8)&0xff, (ip_them>>0)&0xff, seqno_me, TCP_FLAGS(px, parsed.transport_offset)); { char buf[64]; LOGip(5, ip_them, parsed.port_src, "-> TCP ackno=0x%08x flags=0x%02x(%s)\n", seqno_me, TCP_FLAGS(px, parsed.transport_offset), reason_string(TCP_FLAGS(px, parsed.transport_offset), buf, sizeof(buf))); } /* If recording --banners, create a new "TCP Control Block (TCB)" */ if (tcpcon) { Loading Loading @@ -871,21 +874,9 @@ int main(int argc, char *argv[]) * of their ranges, and when doing wide scans, add the exclude list to * prevent them from being scanned. */ { unsigned i; for (i=0; i<masscan->exclude_ip.count; i++) { struct Range range = masscan->exclude_ip.list[i]; rangelist_remove_range(&masscan->targets, range.begin, range.end); } for (i=0; i<masscan->exclude_port.count; i++) { struct Range range = masscan->exclude_port.list[i]; rangelist_remove_range(&masscan->ports, range.begin, range.end); } rangelist_exclude(&masscan->targets, &masscan->exclude_ip); rangelist_exclude(&masscan->ports, &masscan->exclude_port); rangelist_remove_range2(&masscan->targets, range_parse_ipv4("224.0.0.0/4", 0, 0)); } Loading
src/out-binary.c +2 −2 Original line number Diff line number Diff line Loading @@ -101,7 +101,7 @@ binary_out_banner(struct Output *out, FILE *fp, unsigned ip, unsigned port, } else { foo[1] = (unsigned char)((length + 12)>>7) | 0x80; foo[2] = (unsigned char)((length + 12) & 0x7F); i = 2; i = 3; } /* [TIMESTAMP] field */ Loading
src/proto-banner1.c +12 −179 Original line number Diff line number Diff line Loading @@ -5,17 +5,13 @@ #include "rawsock-pcapfile.h" #include "proto-preprocess.h" #include "proto-banner1.h" #include "proto-http.h" #include "proto-ssh.h" #include <ctype.h> #include <stdlib.h> #include <string.h> struct Patterns { const char *pattern; unsigned pattern_length; unsigned id; unsigned is_anchored; }; struct Patterns patterns[] = { {"SSH-1.", 6, PROTO_SSH1, SMACK_ANCHOR_BEGIN}, Loading @@ -26,179 +22,8 @@ struct Patterns patterns[] = { {0,0} }; enum { HTTPFIELD_INCOMPLETE, HTTPFIELD_SERVER, HTTPFIELD_UNKNOWN, HTTPFIELD_NEWLINE, }; struct Patterns http_fields[] = { {"Server:", 7, HTTPFIELD_SERVER, SMACK_ANCHOR_BEGIN}, {":", 1, HTTPFIELD_UNKNOWN, 0}, {"\n", 1, HTTPFIELD_NEWLINE, 0}, {0,0,0,0} }; struct Banner1 { struct SMACK *smack; struct SMACK *http_fields; }; /*************************************************************************** ***************************************************************************/ static unsigned b_http( struct Banner1 *banner1, unsigned state, const unsigned char *px, size_t length, char *banner, unsigned *banner_offset, size_t banner_max) { unsigned i; unsigned state2; size_t id; enum { FIELD_START = 9, FIELD_NAME, FIELD_COLON, FIELD_VALUE, }; state2 = (state>>16) & 0xFFFF; id = (state>>8) & 0xFF; state = (state>>0) & 0xFF; for (i=0; i<length; i++) switch (state) { case 0: case 1: case 2: case 3: case 4: if (toupper(px[i]) != "HTTP/"[state]) state = STATE_DONE; else state++; break; case 5: if (px[i] == '.') state++; else if (!isdigit(px[i])) state = STATE_DONE; break; case 6: if (isspace(px[i])) state++; else if (!isdigit(px[i])) state = STATE_DONE; break; case 7: /* TODO: look for 1xx response code */ if (px[i] == '\n') state = FIELD_START; break; case FIELD_START: if (px[i] == '\r') break; else if (px[i] == '\n') { state = STATE_DONE; break; } else { state2 = 0; state = FIELD_NAME; /* drop down */ } case FIELD_NAME: if (px[i] == '\r') break; id = smack_search_next( banner1->http_fields, &state2, px, &i, (unsigned)length); if (id == HTTPFIELD_NEWLINE) { state2 = 0; state = FIELD_START; } else if (id == SMACK_NOT_FOUND) ; /* continue here */ else if (id == HTTPFIELD_UNKNOWN) { size_t id2; id2 = smack_next_match(banner1->http_fields, &state2); if (id2 != SMACK_NOT_FOUND) id = id2; state = FIELD_COLON; } else state = STATE_DONE; break; case FIELD_COLON: if (px[i] == '\n') { state = FIELD_START; break; } else if (isspace(px[i])) { break; } else { state = FIELD_VALUE; /* drop down */ } case FIELD_VALUE: if (px[i] == '\r') break; else if (px[i] == '\n') { state = FIELD_START; break; } if (id == HTTPFIELD_SERVER) { if (*banner_offset < banner_max) { banner[(*banner_offset)++] = px[i]; } } break; case STATE_DONE: default: i = (unsigned)length; break; } if (state == STATE_DONE) return state; else return (state2 & 0xFFFF) << 16 | (id & 0xFF) << 8 | (state & 0xFF); } /*************************************************************************** ***************************************************************************/ static unsigned b_ssh( struct Banner1 *banner1, unsigned state, const unsigned char *px, size_t length, char *banner, unsigned *banner_offset, size_t banner_max) { unsigned i; banner1=banner1; for (i=0; i<length; i++) switch (state) { case 0: if (px[i] == '\r') continue; if (px[i] == '\n' || px[i] == '\0' || !isprint(px[i])) { state = STATE_DONE; continue; } if (*banner_offset < banner_max) banner[(*banner_offset)++] = px[i]; break; default: i = (unsigned)length; break; } return state; } /*************************************************************************** ***************************************************************************/ Loading Loading @@ -229,6 +54,8 @@ banner1_parse( for (i=0; patterns[i].id != *proto; i++) ; *banner_offset = 0; state = banner1_parse( banner1, state, proto, Loading @@ -239,18 +66,24 @@ banner1_parse( state, proto, px+offset, length-offset, banner, banner_offset, banner_max); } else { size_t len = length; if (len > banner_max - *banner_offset) len = banner_max = *banner_offset; memcpy(banner + *banner_offset, px, len); (*banner_offset) += (unsigned)len; } break; case PROTO_SSH1: case PROTO_SSH2: case PROTO_FTP1: case PROTO_FTP2: state = b_ssh(banner1, state, state = banner_ssh(banner1, state, px, length, banner, banner_offset, banner_max); break; case PROTO_HTTP: state = b_http(banner1, state, state = banner_http(banner1, state, px, length, banner, banner_offset, banner_max); break; Loading
