From 4cb17c28d91b2b0bb399684d139ddb3b62df74ad Mon Sep 17 00:00:00 2001 From: Robert David Graham Date: Sat, 14 Sep 2013 17:32:47 -0400 Subject: [PATCH] listscan (nmap -sL) --- src/main-conf.c | 19 ++++--- src/main-listscan.c | 71 ++++++++++++++++++++++++ src/main.c | 16 ++++-- src/masscan.h | 2 + src/output.c | 2 +- src/pixie-timer.c | 7 ++- xcode4/masscan.xcodeproj/project.pbxproj | 4 ++ 7 files changed, 108 insertions(+), 13 deletions(-) create mode 100644 src/main-listscan.c diff --git a/src/main-conf.c b/src/main-conf.c index 6af453f0..37358476 100644 --- a/src/main-conf.c +++ b/src/main-conf.c @@ -109,14 +109,14 @@ masscan_echo_nic(struct Masscan *masscan, FILE *fp, unsigned i) (masscan->nic[i].adapter_ip>> 8)&0xFF, (masscan->nic[i].adapter_ip>> 0)&0xFF ); - fprintf(fp, "adapter-mac = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz, + fprintf(fp, "adapter-mac%s = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz, masscan->nic[i].adapter_mac[0], masscan->nic[i].adapter_mac[1], masscan->nic[i].adapter_mac[2], masscan->nic[i].adapter_mac[3], masscan->nic[i].adapter_mac[4], masscan->nic[i].adapter_mac[5]); - fprintf(fp, "router-mac = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz, + fprintf(fp, "router-mac%s = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz, masscan->nic[i].router_mac[0], masscan->nic[i].router_mac[1], masscan->nic[i].router_mac[2], @@ -617,7 +617,8 @@ masscan_set_parameter(struct Masscan *masscan, } else if (EQUALS("ports", name) || EQUALS("port", name)) { rangelist_parse_ports(&masscan->ports, value); - masscan->op = Operation_Scan; + if (masscan->op == 0) + masscan->op = Operation_Scan; } else if (EQUALS("exclude-ports", name) || EQUALS("exclude-port", name)) { rangelist_parse_ports(&masscan->exclude_port, value); @@ -650,7 +651,8 @@ masscan_set_parameter(struct Masscan *masscan, else offset++; /* skip comma */ } - masscan->op = Operation_Scan; + if (masscan->op == 0) + masscan->op = Operation_Scan; } else if ( EQUALS("exclude", name) || @@ -679,7 +681,8 @@ masscan_set_parameter(struct Masscan *masscan, else offset++; /* skip comma */ } - masscan->op = Operation_Scan; + if (masscan->op == 0) + masscan->op = Operation_Scan; } else if (EQUALS("append-output", name) || EQUALS("output-append", name)) { if (EQUALS("overwrite", name)) masscan->nmap.append = 0; @@ -821,6 +824,8 @@ masscan_set_parameter(struct Masscan *masscan, masscan->resume.seed = parseInt(value); } else if (EQUALS("resume-index", name)) { masscan->resume.index = parseInt(value); + } else if (EQUALS("resume-count", name)) { + masscan->resume.count = parseInt(value); } else if (EQUALS("retries", name) || EQUALS("retry", name)) { unsigned x = strtoul(value, 0, 0); if (x >= 1000) { @@ -1230,8 +1235,8 @@ masscan_command_line(struct Masscan *masscan, int argc, char *argv[]) fprintf(stderr, "nmap(%s): Zombie scans will never be supported\n", argv[i]); exit(1); case 'L': /* List Scan - simply list targets to scan */ - fprintf(stderr, "nmap(%s): list scan unsupported\n", argv[i]); - exit(1); + masscan->op = Operation_ListScan; + break; case 'M': fprintf(stderr, "nmap(%s): Maimon scan not yet supported\n", argv[i]); exit(1); diff --git a/src/main-listscan.c b/src/main-listscan.c new file mode 100644 index 00000000..317e2e50 --- /dev/null +++ b/src/main-listscan.c @@ -0,0 +1,71 @@ +#include "masscan.h" +#include "logger.h" +#include "rand-blackrock.h" + +void +main_listscan(struct Masscan *masscan) +{ + uint64_t count_ips; + uint64_t count_ports; + uint64_t i; + uint64_t range; + uint64_t start; + uint64_t end; + struct BlackRock blackrock; + unsigned r = masscan->retries + 1; + unsigned increment = masscan->shard.of; + + count_ports = rangelist_count(&masscan->ports); + if (count_ports == 0) + rangelist_add_range(&masscan->ports, 80, 80); + count_ports = rangelist_count(&masscan->ports); + + count_ips = rangelist_count(&masscan->targets); + if (count_ips == 0) { + LOG(0, "FAIL: target IP address list empty\n"); + LOG(0, " [hint] try something like \"--range 10.0.0.0/8\"\n"); + LOG(0, " [hint] try something like \"--range 192.168.0.100-192.168.0.200\"\n"); + return; + } + + range = count_ips * count_ports; + + + blackrock_init(&blackrock, range, masscan->seed); + + start = masscan->resume.index + (masscan->shard.one-1); + end = range; + if (masscan->resume.count && end > start + masscan->resume.count) + end = start + masscan->resume.count; + end += masscan->retries * masscan->max_rate; + + + for (i=start; imax_rate); + while (xXx >= range) + xXx -= range; + xXx = blackrock_shuffle(&blackrock, xXx); + ip = rangelist_pick(&masscan->targets, xXx % count_ips); + port = rangelist_pick(&masscan->ports, xXx / count_ips); + + if (count_ports == 1) + printf("%u.%u.%u.%u\n", + (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF + ); + else + printf("%u.%u.%u.%u:%u\n", + (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF, + port + ); + + if (r == 0) { + i += increment; /* <------ increment by 1 normally, more with shards/nics */ + r = masscan->retries + 1; + } + } +} \ No newline at end of file diff --git a/src/main.c b/src/main.c index 79362637..93853f89 100644 --- a/src/main.c +++ b/src/main.c @@ -64,7 +64,7 @@ unsigned control_c_pressed = 0; static unsigned control_c_pressed_again = 0; time_t global_now; -static unsigned wait = 10; +static unsigned global_wait = 10; uint64_t foo_timestamp = 0; uint64_t foo_count = 0; @@ -238,6 +238,8 @@ transmit_thread(void *v) /*aka. scanning_thread() */ * is essentially the same logic as shards. */ start = masscan->resume.index + (masscan->shard.one-1) + parms->nic_index; end = range; + if (masscan->resume.count && end > start + masscan->resume.count) + end = start + masscan->resume.count; end += retries * rate; @@ -702,7 +704,9 @@ static void control_c_handler(int x) { if (control_c_pressed == 0) { fprintf(stderr, -"waiting %u seconds to exit... \n", wait); + "waiting %u seconds to exit..." + " \n", + global_wait); fflush(stderr); control_c_pressed = 1+x; } else @@ -907,8 +911,7 @@ main_scan(struct Masscan *masscan) unsigned i; double rate = 0; - min_index = UINT64_MAX; - + /* Find the minimum index of all the threads */ min_index = UINT64_MAX; for (i=0; inic_count; i++) { @@ -1081,6 +1084,11 @@ int main(int argc, char *argv[]) * THIS IS THE NORMAL THING */ return main_scan(masscan); + + case Operation_ListScan: + /* Create a randomized list of IP addresses */ + main_listscan(masscan); + return 0; case Operation_List_Adapters: /* List the network adapters we might want to use for scanning */ diff --git a/src/masscan.h b/src/masscan.h index 32dc615d..792f6037 100644 --- a/src/masscan.h +++ b/src/masscan.h @@ -107,6 +107,7 @@ struct Masscan struct { uint64_t seed; uint64_t index; + uint64_t count; } resume; struct { @@ -172,6 +173,7 @@ void masscan_read_config_file(struct Masscan *masscan, const char *filename); void masscan_command_line(struct Masscan *masscan, int argc, char *argv[]); void masscan_usage(); void masscan_save_state(struct Masscan *masscan); +void main_listscan(struct Masscan *masscan); int masscan_initialize_adapter( diff --git a/src/output.c b/src/output.c index 7c31dc51..5faeda9b 100644 --- a/src/output.c +++ b/src/output.c @@ -530,7 +530,7 @@ output_report_banner(struct Output *out, unsigned ip, unsigned port, length, px ); if (count < 80) - fprintf(stdout, "%.*s\n", (size_t)(79-count), + fprintf(stdout, "%.*s\n", (int)(79-count), " "); else fprintf(stdout, "\n"); diff --git a/src/pixie-timer.c b/src/pixie-timer.c index 92eaaa37..53c76b49 100644 --- a/src/pixie-timer.c +++ b/src/pixie-timer.c @@ -206,7 +206,7 @@ pixie_nanotime() return tv.tv_sec * 1000000000 + tv.tv_nsec; } -#elif defined(__MACH__) /* works for Apple */ +#elif defined(__MACH__) || defined(__FreeBSD__) /* works for Apple */ #include #include @@ -214,6 +214,11 @@ void pixie_usleep(uint64_t microseconds) { usleep(microseconds); } +void +pixie_mssleep(unsigned milliseconds) +{ + pixie_usleep(milliseconds * 1000ULL); +} uint64_t pixie_gettime() { diff --git a/xcode4/masscan.xcodeproj/project.pbxproj b/xcode4/masscan.xcodeproj/project.pbxproj index 78650e00..e2081643 100644 --- a/xcode4/masscan.xcodeproj/project.pbxproj +++ b/xcode4/masscan.xcodeproj/project.pbxproj @@ -49,6 +49,7 @@ 11AC80EE17E0DAD4001BCE3A /* proto-icmp.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80E917E0DAD4001BCE3A /* proto-icmp.c */; }; 11AC80EF17E0DAD4001BCE3A /* proto-ssh.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80EB17E0DAD4001BCE3A /* proto-ssh.c */; }; 11AC80F617E0ED47001BCE3A /* main-ptrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80F517E0ED47001BCE3A /* main-ptrace.c */; }; + 11B039C117E506B400925E7E /* main-listscan.c in Sources */ = {isa = PBXBuildFile; fileRef = 11B039C017E506B400925E7E /* main-listscan.c */; }; 11B2DD9E17DE4DD8007FC363 /* templ-payloads.c in Sources */ = {isa = PBXBuildFile; fileRef = 11B2DD9C17DE4DD8007FC363 /* templ-payloads.c */; }; /* End PBXBuildFile section */ @@ -141,6 +142,7 @@ 11AC80EC17E0DAD4001BCE3A /* proto-ssh.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "proto-ssh.h"; sourceTree = ""; }; 11AC80F517E0ED47001BCE3A /* main-ptrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "main-ptrace.c"; sourceTree = ""; }; 11AC80F817E0EDA7001BCE3A /* main-ptrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "main-ptrace.h"; sourceTree = ""; }; + 11B039C017E506B400925E7E /* main-listscan.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "main-listscan.c"; sourceTree = ""; }; 11B2DD9C17DE4DD8007FC363 /* templ-payloads.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "templ-payloads.c"; sourceTree = ""; }; 11B2DD9D17DE4DD8007FC363 /* templ-payloads.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "templ-payloads.h"; sourceTree = ""; }; /* End PBXFileReference section */ @@ -196,6 +198,7 @@ 11A9219C17DBCC7E00DDFD32 /* main-status.h */, 11A9219D17DBCC7E00DDFD32 /* main-throttle.c */, 11A9219E17DBCC7E00DDFD32 /* main-throttle.h */, + 11B039C017E506B400925E7E /* main-listscan.c */, 11A9219F17DBCC7E00DDFD32 /* main.c */, 11A921A017DBCC7E00DDFD32 /* masscan.h */, 11A921A117DBCC7E00DDFD32 /* out-binary.c */, @@ -350,6 +353,7 @@ 11AC80EE17E0DAD4001BCE3A /* proto-icmp.c in Sources */, 11AC80EF17E0DAD4001BCE3A /* proto-ssh.c in Sources */, 11AC80F617E0ED47001BCE3A /* main-ptrace.c in Sources */, + 11B039C117E506B400925E7E /* main-listscan.c in Sources */, ); runOnlyForDeploymentPostprocessing = 0; };