Port scanner that can perform SYN, FIN, NULL, and XMAS scans with options to perform them very slowly and in decoy mode.
2bcf0d84a7c42318177d48b119992c9c9bd61b342e62e2177213a4f763875e11/*
* Ok, this is quite fine scanner to me ;-) It uses standard
* scans technics like TCP, SYN, FIN, NULL, XMAS scans,
* but I also added DECOY and SLOW scans for these technics.
* In fact, decoy scan causes that IDS gets crazy and, in turn, slow scan probably
* won't log anything... you must know it's a slow scan and we won't
* scan all ports in adequate time... So I've added function which allows to scan
* only some class of ports, and, as a result, you may scan with slow scan
* one host from many machines.
*
*
* DECOY scan is a scanning that spoofs the packets from random 45 IP's
* chosen from the class 'CLASS' which I defined (but you can change that IP class
* from argument to program) and, at the end, we send the real packet
* and observe what packet is received. In fact, IDS logs all 45 + 1 real IP which
* scans that IDS (it's very hard to find out who is the "real" scanner), or it logs
* only 5-6 IP's and writes on the end of the log a note that many hosts scan him,
* but doesn't list other IP's ;-).
* Look at some output by scanlogd IDS:
*
* Jul 12 18:20:07 gamma scanlogd: 81.219.206.129:5000 to xxx.xxx.xxx.xxx ports 1, 2, 3, 4, 5, 6, ..., fSrpauxy,
* TOS 00, TTL 119 @18:20:01
* Jul 12 18:20:07 gamma last message repeated 2 times
* Jul 12 18:20:07 gamma scanlogd: 81.219.57.0:5000 to xxx.xxx.xxx.xxx ports 1, 2, 3, 4, 5, 6, ..., fSrpauxy,
* TOS 00, TTL 119 @18:20:01
* Jul 12 18:20:07 gamma last message repeated 2 times
* Jul 12 18:20:07 gamma scanlogd: 81.219.216.87:5000 to xxx.xxx.xxx.xxx ports 1, 2, 3, 4, 5, 6, ..., fSrpauxy,
* TOS 00, TTL 119 @18:20:01
* Jul 12 18:20:07 gamma last message repeated 2 times
* Jul 12 18:20:07 gamma scanlogd: 81.219.250.193:5000 to xxx.xxx.xxx.xxx ports 1, 2, 3, 4, 5, 6, ..., fSrpauxy,
* TOS 00, TTL 119 @18:20:01
* Jul 12 18:20:07 gamma last message repeated 2 times
* Jul 12 18:20:07 gamma scanlogd: 81.219.219.173:5000 to xxx.xxx.xxx.xxx ports 1, 2, 3, 4, 5, 6, ..., fSrpauxy,
* TOS 00, TTL 119 @18:20:01
* Jul 12 18:20:07 gamma scanlogd: More possible port scans follow
*
* As we can see, scanlogd logs only the first 5 random IP's and adds
* only one information: "More possible port scans follow"- the real IP
* from which we scan isn't logged ;-).
*
* We can run DECOY and SLOW scan at the same time, whether you like (or not ;-))
*
* ================================
* I decided to add a new option - randomize ports scanning...
* It will be harder to detect the scan, but if you want to use this option,
* you have to start scanning with the 1-st port.
* =================================
*
* =================================
* I decided to add a new function in this scanner - programming BPF...
* it will work faster and better! ;-)
* =================================
*
*
* Special greetz go to Sol <- "za to ze pomagasz mi w tlumaczeniu wszystkiego na angielski ;-)"
*
* --
* Best regards pi3 (pi3ki31ny) - Adam Zabrocki
* http://www.pi3.hack.pl
* http://www.pi3.phrack.pl
* http://www.pi3.shellcode.pl
* http://www.pi3.itsec.pl
* http://pi3.int.pl
*
*
*
* "Uielesnienie swiatla i ciemnosci..."
*
* I don't want to publish it at present, so if you're the lucky one who have it...
*
* -.-.-.-.-.-.-. !!! KEEP IT PRIVATE !!! .-.-.-.-.-.-.-
*
*/
#include <arpa/inet.h>
#include <fcntl.h>
#include <getopt.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <unistd.h>
#include <errno.h>
#define MAX_PORT 65535
#define MIN_PORT 1
#define DEF_PORT_MAX 1025
#define P_PORT 5000
#define MAX 1000
#define MAXSIZE 41
#define IPS 18
#define SA2 struct sockaddr
#define ETH_P_IP 0x0800 /* Internet Protocol packet */
#define CLASS "81.219"
#define VERSION "0.9 beta"
struct sock_filter /* Filter block */
{
unsigned short code; /* Actual filter code */
unsigned char jt; /* Jump true */
unsigned char jf; /* Jump false */
unsigned long k; /* Generic multiuse field */
};
struct sock_fprog /* Required for SO_ATTACH_FILTER. */
{
unsigned short len; /* Number of filter blocks */
struct sock_filter *filter;
};
#define BPF_LD 0x00
#define BPF_H 0x08
#define BPF_ABS 0x20
#define BPF_JMP 0x05
#define BPF_JEQ 0x10
#define BPF_K 0x00
#define BPF_W 0x00
#define BPF_RET 0x06
#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
int timeout=4,sockfd,filtr=0,mask_src_ip=0,mask_dst_ip=0;;
unsigned char decoy_scan=0,slow_scan=0,random_port=0;
struct iphdr *ip;
struct tcphdr *tcp;
struct hostent *h;
char buf[45][20],r_buf[65535],o_buf[65536],*klasa=NULL;
void ussage(char *arg);
void sigfunc(int signo);
int tcp_scan(int port_min, int port_max);
int syn_scan(int port_min, int port_max, char *_src_ip);
int fin_scan(int port_min, int port_max, char *_src_ip);
int null_scan(int port_min, int port_max, char *_src_ip);
int xmas_scan(int port_min, int port_max, char *_src_ip);
unsigned short cksum(unsigned char *packet);
void rand_ip(void);
int ip_to_hex_like_bpf(char *arg);
int main(int argc, char *argv[]) {
int i,j,scan,port_min=MIN_PORT,port_max=DEF_PORT_MAX;
char ipek[IPS],firstchar,src_addr[18];
signal(SIGHUP,sigfunc);
signal(SIGINT,sigfunc);
signal(SIGTERM,sigfunc);
signal(SIGQUIT,sigfunc);
(argv[1]==NULL) ? ussage(argv[0]) : 1;
bzero(ipek,sizeof(ipek));
if ((argc == 2) && (strcmp(argv[1], "--help") == 0)) /* help me! */
ussage(argv[0]);
firstchar=argv[1][0]; /* save first char of argv[1] */
if (argv[2] != NULL) { /* if exists second arg */
if (firstchar == '-') { /* if first char of argv[1] is '-' then */
for (i = 1; i < strlen(argv[1]); i++) {
switch(argv[1][i]) {
case 't':
scan = 1;
break;
case 's':
scan = 2;
break;
case 'f':
scan = 3;
break;
case 'n':
scan = 4;
break;
case 'x':
scan = 5;
break;
case 'd':
decoy_scan = 1;
break;
case 'z':
slow_scan = 1;
break;
case 'r':
random_port = 1;
for (j=0;j<65535;j++)
r_buf[j]=0;
for (j=0;j<65536;j++)
o_buf[j]=0;
break;
case 'h':
case '?':
ussage(argv[0]);
break;
default :
printf("%s: invalid option -%c -- ignoring.\nSamotny_pi3", argv[0],argv[1][i]);
break;
}
}
}
else { /* first char of argv[1] is NOT '-' so... */
printf("%s: invalid option -- %s\nSamotny_pi3", argv[0],argv[1]);
ussage(argv[0]);
}
}
else { /* but if second arg is NULL, then... */
printf("Usage: %s -tsfnxdzr <your IP> <host IP> [port_start] [port_end] [ip_class for decoy scan]\n", argv[0]);
ussage(argv[0]);
}
(argv[3]==NULL) ? ussage(argv[0]) : 1;
if (argv[4]!=NULL && argv[5]!=NULL) {
if ( (atoi(argv[5]) < MIN_PORT || atoi(argv[5]) > MAX_PORT) && \
(atoi(argv[4]) < MIN_PORT || atoi(argv[4]) > MAX_PORT) ) {
printf("Ports must be between %d - %d !!!\n",MIN_PORT,MAX_PORT);
exit(-1);
}
port_min=atoi(argv[4]);
port_max=atoi(argv[5]);
}
klasa = ((argv[6]) ? argv[6] : CLASS);
if ( (h=gethostbyname(argv[2])) == NULL) {
printf("Gethostbyname() faild!\n");
exit(-1);
}
strncpy(src_addr,argv[2],sizeof(src_addr)-1);
// src_addr[17]='\0'; // security - greetz to appelast ;)
if ( (h=gethostbyname(argv[3])) == NULL) {
printf("Gethostbyname() faild!\n");
exit(-1);
}
strncpy(ipek,inet_ntoa(*(struct in_addr*)*h->h_addr_list),sizeof(ipek)-1);
// strncpy(ipek,argv[3],sizeof(ipek)-1);
// ipek[17]='\0'; // security - greetz to appelast ;)
mask_src_ip=ip_to_hex_like_bpf(src_addr/*argv[2]*/);
mask_dst_ip=ip_to_hex_like_bpf(ipek/*argv[3]*/);
switch (scan) {
case 1:
i=tcp_scan(port_min,port_max);
printf("\n\t[*] Scaned host: %s\n\t[*] Scaned ports: %d - %d\n\t[*] Open ports: %d\n",ipek,port_min,port_max,i);
printf("\n\t\t\t...::: -=[ http://www.pi3.int.pl ]=- :::...\n\n");
break;
case 2:
i=syn_scan(port_min,port_max,src_addr);
printf("\n\t[*] Scaned host: %s\n\t[*] Scaned ports: %d - %d\n\t[*] Open ports: %d\n \
\t[*] Filtered ports: %d\n",ipek,port_min,port_max,i,filtr);
printf("\n\t\t\t...::: -=[ http://www.pi3.int.pl ]=- :::...\n\n");
break;
case 3:
i=fin_scan(port_min,port_max,src_addr);
printf("\n\t[*] Scaned host: %s\n\t[*] Scaned ports: %d - %d\n\t[*] Open ports: %d\n",ipek,port_min,port_max,i);
printf("\n\t\t\t...::: -=[ http://www.pi3.int.pl ]=- :::...\n\n");
break;
case 4:
i=null_scan(port_min,port_max,src_addr);
printf("\n\t[*] Scaned host: %s\n\t[*] Scaned ports: %d - %d\n\t[*] Open ports: %d\n",ipek,port_min,port_max,i);
printf("\n\t\t\t...::: -=[ http://www.pi3.int.pl ]=- :::...\n\n");
break;
case 5:
i=xmas_scan(port_min,port_max,src_addr);
printf("\n\t[*] Scaned host: %s\n\t[*] Scaned ports: %d - %d\n\t[*] Open ports: %d\n",ipek,port_min,port_max,i);
printf("\n\t\t\t...::: -=[ http://www.pi3.int.pl ]=- :::...\n\n");
break;
}
return 0;
}
void ussage(char *arg) {
printf("\n\t...::: -=[ Samotny_pi3 scaner - version %s - coded by pi3 (pi3ki31ny) ]=- :::...\n\n",VERSION);
printf("\n\t\t\t [+] Ussage: %s [options] <your_IP> <host_to_scan_IP> [port_min] [port_max] [ip_class for decoy scan]\n",arg);
printf("\n\t\t\t --help This help screen.");
printf("\n\t\t\t -t TCP scan (connect() scan).");
printf("\n\t\t\t -s SYN scan.");
printf("\n\t\t\t -f FIN scan.");
printf("\n\t\t\t -n NULL scan.");
printf("\n\t\t\t -x XMAS scan.\n");
printf("\n\t\t\t -d Decoy scan.");
printf("\n\t\t\t -z Slow scan.");
printf("\n\t\t\t -r Randomize ports.");
printf("\n\n\t\t\t...::: -=[ http://www.pi3.int.pl ]=- :::...\n\n");
exit(-1);
}
void sigfunc(int signo) {
char signal[8];
bzero(signal,sizeof(signal));
switch (signo) {
case 1:
strcpy(signal,"HUP\0");
break;
case 2:
strcpy(signal,"INT\0");
break;
case 3:
strcpy(signal,"QUIT\0");
break;
case 15:
strcpy(signal,"TERM\0");
break;
default:
strcpy(signal,"???\0");
break;
}
fprintf(stderr,"\nSignal SIG%s(%d), exiting...\n",signal,signo);
exit(-1);
}
unsigned short cksum(unsigned char *packet) {
unsigned int sum = 20 + 6; /* TCP len + proto(6) */
unsigned char i;
unsigned char *p = packet + 20;
for (i = 0; i < 10; i++) {
sum += (*p << 8) + *(p+1);
p += 2;
}
p = packet + 12;
for (i = 0; i < 4; i++) {
sum += (*p << 8) + *(p+1);
p += 2;
}
sum = ~(sum + (sum >> 16));
return ((sum&0xFF00)>>8)|((sum&0x00FF)<<8); /* reverse bit's ;-) */
}
void rand_ip(void) {
struct timeval tv;
int i;
bzero(buf,sizeof(buf));
gettimeofday(&tv,NULL);
srandom(tv.tv_usec);
for(i=0;i<45;i++)
snprintf(buf[i],20,"%s.%d.%d",klasa,rand()%255,rand()%255);
}
int tcp_scan(int port_min, int port_max) {
int i=port_min,k=0,d=0,sockfd;
struct sockaddr_in servaddr;
struct timeval tv,tv_stat;
printf("\n\t...::: -=[ Samotny_pi3 scaner - version %s - coded by pi3 (pi3ki31ny) ]=- :::...\n",VERSION);
printf("\n\t\t\tOpen ports (%s):\n",(slow_scan && random_port) ? "tcp scan + slow scan + randomize ports" :
(slow_scan) ? "tcp scan + slow scan" : (random_port) ? "tcp scan + randomize ports" : "tcp scan");
(random_port) ? 1 : setvbuf(stdout,(char*)NULL,_IONBF,0);
if (random_port) {
gettimeofday(&tv,NULL);
srand(tv.tv_usec);
}
tv_stat.tv_sec=5,tv_stat.tv_usec=0;
for (;i<port_max+1;i++) {
(slow_scan==1) ? nanosleep(&tv_stat,NULL) : 1;
bzero(&servaddr,sizeof(servaddr));
servaddr.sin_family = AF_INET;
if (random_port) {
do {
k=rand()%port_max;
} while (r_buf[k]);
servaddr.sin_port = htons(k+1);
r_buf[k]=1;
} else
servaddr.sin_port = htons(i);
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
servaddr.sin_addr = *(struct in_addr*)*h->h_addr_list;
if ( (sockfd=socket(AF_INET,SOCK_STREAM,0)) <0 ) {
printf("Socket() error! (errno = %d)\n",errno);
exit(-1);
}
if ( (connect(sockfd,(SA2*)&servaddr,sizeof(servaddr)) ) <0 ) {
close(sockfd);
continue;
}
if (random_port)
o_buf[k+1]=1;
else
printf("\n\t\t\t\t %6d\topen",i);
d++;
close(sockfd);
}
if (random_port)
for(i=1;i<port_max+1;i++)
(o_buf[i]) ? printf("\n\t\t\t\t %6d\topen",i) : 1;
printf("\n");
return d;
}
int syn_scan(int port_min, int port_max, char *_src_ip) {
int test,wracam,i=port_min,d=0,k,tmp,sockfd,sockod;
char size[MAXSIZE],size2[MAXSIZE+14+1];
struct sockaddr_in servaddr,remote;
struct timeval tv,tv_stat,t_tv;
fd_set rset;
struct sock_fprog bpfp;
struct sock_filter insns[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 10, 0x00000800 },
{ 0x20, 0, 0, 0x0000001a },
{ 0x15, 0, 8, mask_dst_ip },
{ 0x30, 0, 0, 0x00000017 },
{ 0x15, 0, 6, 0x00000006 },
{ 0x28, 0, 0, 0x00000014 },
{ 0x45, 4, 0, 0x00001fff },
{ 0xb1, 0, 0, 0x0000000e },
{ 0x48, 0, 0, 0x00000010 },
{ 0x15, 0, 1, P_PORT },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 },
};
printf("\n\t...::: -=[ Samotny_pi3 scaner - version %s - coded by pi3 (pi3ki31ny) ]=- :::...\n",VERSION);
printf("\n\t\t\tOpen ports (%s):\n",(decoy_scan && slow_scan && random_port) ?
"syn scan + slow scan + decoy scan + randomize ports" : (decoy_scan && slow_scan) ?
"syn scan + decoy scan + slow scan" : (decoy_scan && random_port) ? "syn scan + decoy scan + randomize ports" :
(slow_scan && random_port) ? "syn scan + slow scan + randomize ports" : (random_port) ?
"syn scan + randomize ports" : (decoy_scan) ? "syn scan + decoy scan" : (slow_scan) ? "syn scan + slow scan" : "syn scan");
(random_port) ? 1 : setvbuf(stdout,(char*)NULL,_IONBF,0);
if (random_port) {
gettimeofday(&tv,NULL);
srand(tv.tv_usec);
}
tv_stat.tv_sec=5,tv_stat.tv_usec=0,t_tv.tv_sec=0,t_tv.tv_usec=1;
(decoy_scan==1) ? rand_ip() : 1;
bpfp.len=13;
bpfp.filter=insns;
for(;i<port_max+1;i++) {
(slow_scan==1) ? nanosleep(&tv_stat,NULL) : 1;
bzero(&servaddr,sizeof(servaddr));
bzero(&remote,sizeof(remote));
bzero(size,sizeof(size));
bzero(size2,sizeof(size2));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(P_PORT);
remote.sin_family = AF_INET;
if (random_port) {
do {
k=rand()%port_max;
} while (r_buf[k]);
remote.sin_port = htons(k+1);
r_buf[k]=1;
} else
remote.sin_port = htons(i);
remote.sin_addr = *(struct in_addr*)*h->h_addr_list;
ip = (struct iphdr*) size;
tcp = (struct tcphdr*) (size + sizeof(struct iphdr));
if ( (sockfd=socket(PF_PACKET,SOCK_RAW,htons(ETH_P_IP))) <0 ) {
printf("Socket() error!\n");
exit(-1);
}
if ( (sockod=socket(AF_INET,SOCK_RAW,255)) <0 ) {
printf("Socket() error!\n");
exit(-1);
}
tv.tv_sec=5,tv.tv_usec=0;
if ( (setsockopt(sockfd,SOL_SOCKET,SO_RCVTIMEO,&tv,sizeof(tv))) != 0) {
printf("setsockopt() error!\n");
exit(-1);
}
if ( (setsockopt(sockfd, SOL_SOCKET, SO_ATTACH_FILTER, &bpfp, sizeof(bpfp))) != 0) {
printf("setsockopt() error!\n");
exit(-1);
}
shutdown(sockfd,SHUT_WR);
shutdown(sockod,SHUT_RD);
ip->version=4;
ip->ihl=sizeof(struct iphdr)>>2;
// ip->tot_len=htons(40);
ip->tot_len=htons(sizeof(struct iphdr)+sizeof(struct tcphdr));
ip->id=0;
ip->ttl=128;
ip->protocol=IPPROTO_TCP;
ip->daddr=remote.sin_addr.s_addr;
tcp->source=servaddr.sin_port;
tcp->dest=remote.sin_port;
tcp->seq=htonl(0xF1C);
tcp->fin=0;
tcp->syn=1;
tcp->rst=0;
tcp->psh=0;
tcp->ack=0;
tcp->urg=0;
tcp->doff=sizeof(struct tcphdr)>>2;
tcp->window=htons(3000);
if (decoy_scan==1)
for(tmp=0;tmp<45;tmp++) {
ip->saddr=inet_addr(buf[tmp]);
tcp->check=0;
tcp->check = cksum(size);
if ( (sendto(sockod,size,sizeof(*tcp)+sizeof(*ip),0,(SA2*)&remote,sizeof(remote))) < 0) {
printf("Sendto() error! (errno = %d)\n",errno);
exit(-1);
}
t_tv.tv_sec=0,t_tv.tv_usec=1;
nanosleep(&t_tv,NULL);
}
ip->saddr=inet_addr(_src_ip);
ip->daddr=remote.sin_addr.s_addr;
tcp->check=0;
tcp->check = cksum((unsigned char*)&size[0]);
t_tv.tv_sec=1,t_tv.tv_usec=0;
nanosleep(&t_tv,NULL);
if ( (sendto(sockod,size,sizeof(*tcp)+sizeof(*ip),0,(SA2*)&remote,sizeof(remote))) < 0) {
printf("Sendto() error! (errno = %d)\n",errno);
exit(-1);
}
FD_ZERO(&rset);
FD_SET(sockfd,&rset);
tv.tv_sec=5,tv.tv_usec=0;
if ( (wracam=select((int)(sockfd+1),&rset,NULL,NULL,&tv)) == 0) {
if (random_port)
o_buf[k+1]=2;
else
printf("\n\t\t\t\t %6d\tfiltered"/* - by select */"",i);
filtr++;
goto go;
// break;
} else if (wracam < 0) {
printf("\n\nERROR by select()!\n\n\n");
exit(-1);
}
for ( ; ; ) {
if (FD_ISSET(sockfd,&rset)) {
bzero(size2,sizeof(size2));
if ((test=read(sockfd,size2,40+14)) < 0) {
if (errno==EWOULDBLOCK) {
if (random_port)
o_buf[k+1]=2;
else
printf("\n\t\t\t\t %6d\tfiltered"/* - by read */"",i);
filtr++;
goto go;
// break;
}
printf("\nRead() error! Ignoring this port (%d)\n",i);
goto go;
// break;
}
ip = (struct iphdr*) size2+14;
tcp = (struct tcphdr*) (size2 + 14 + sizeof(struct iphdr));
if (ntohs(tcp->source) == ((random_port)?k+1:i) && ntohs(tcp->dest) == P_PORT) {
if (tcp->syn == 1 && tcp->ack == 1) {
if (random_port)
o_buf[k+1]=1;
else
printf("\n\t\t\t\t %6d\topen",i);
d++;
}
goto go;
// break;
}
}
}
go:
close(sockod);
close(sockfd);
}
if (random_port)
for(i=1;i<port_max+1;i++)
(o_buf[i]) ? printf("\n\t\t\t\t %6d\t%s",i,(o_buf[i]==1)?"open":"filtered") : 1;
printf("\n");
return d;
}
int fin_scan(int port_min, int port_max, char *_src_ip) {
int test,wracam,i=port_min,d=0,k,tmp,sockfd,sockod;
char size[MAXSIZE],size2[MAXSIZE+14+1];
struct sockaddr_in servaddr,remote;
struct timeval tv,tv_stat,t_tv;
fd_set rset;
struct sock_fprog bpfp;
struct sock_filter insns[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 10, 0x00000800 },
{ 0x20, 0, 0, 0x0000001a },
{ 0x15, 0, 8, mask_dst_ip },
{ 0x30, 0, 0, 0x00000017 },
{ 0x15, 0, 6, 0x00000006 },
{ 0x28, 0, 0, 0x00000014 },
{ 0x45, 4, 0, 0x00001fff },
{ 0xb1, 0, 0, 0x0000000e },
{ 0x48, 0, 0, 0x00000010 },
{ 0x15, 0, 1, P_PORT },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 },
};
printf("\n\t...::: -=[ Samotny_pi3 scaner - version %s - coded by pi3 (pi3ki31ny) ]=- :::...\n",VERSION);
printf("\n\t\t\tOpen ports (%s):\n",(decoy_scan && slow_scan && random_port) ?
"fin scan + slow scan + decoy scan + randomize ports" : (decoy_scan && slow_scan) ?
"fin scan + decoy scan + slow scan" : (decoy_scan && random_port) ? "fin scan + decoy scan + randomize ports" :
(slow_scan && random_port) ? "fin scan + slow scan + randomize ports" : (random_port) ?
"fin scan + randomize ports" : (decoy_scan) ? "fin scan + decoy scan" : (slow_scan) ? "fin scan + slow scan" : "fin scan");
(random_port) ? 1 : setvbuf(stdout,(char*)NULL,_IONBF,0);
if (random_port) {
gettimeofday(&tv,NULL);
srand(tv.tv_usec);
}
tv_stat.tv_sec=5,tv_stat.tv_usec=0,t_tv.tv_sec=0,t_tv.tv_usec=1;
(decoy_scan==1) ? rand_ip() : 1;
bpfp.len=13;
bpfp.filter=insns;
for(;i<port_max+1;i++) {
(slow_scan==1) ? nanosleep(&tv_stat,NULL) : 1;
bzero(&servaddr,sizeof(servaddr));
bzero(&remote,sizeof(remote));
bzero(size,sizeof(size));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(P_PORT);
remote.sin_family = AF_INET;
if (random_port) {
do {
k=rand()%port_max;
} while (r_buf[k]);
remote.sin_port = htons(k+1);
r_buf[k]=1;
} else
remote.sin_port = htons(i);
remote.sin_addr = *(struct in_addr*)*h->h_addr_list;
ip = (struct iphdr*) size;
tcp = (struct tcphdr*) (size + sizeof(struct iphdr));
if ( (sockfd=socket(PF_PACKET,SOCK_RAW,htons(ETH_P_IP))) <0 ) {
printf("Socket() error!\n");
exit(-1);
}
if ( (sockod=socket(AF_INET,SOCK_RAW,255)) <0 ) {
printf("Socket() error!\n");
exit(-1);
}
tv.tv_sec=5,tv.tv_usec=0;
if ( (setsockopt(sockfd,SOL_SOCKET,SO_RCVTIMEO,&tv,sizeof(tv))) != 0) {
printf("setsockopt() error!\n");
exit(-1);
}
if ( (setsockopt(sockfd, SOL_SOCKET, SO_ATTACH_FILTER, &bpfp, sizeof(bpfp))) != 0) {
printf("setsockopt() error!\n");
exit(-1);
}
shutdown(sockfd,SHUT_WR);
shutdown(sockod,SHUT_RD);
ip->version=4;
ip->ihl=sizeof(struct iphdr)>>2;
// ip->tot_len=htons(40);
ip->tot_len=htons(sizeof(struct iphdr)+sizeof(struct tcphdr));
ip->id=0;
ip->ttl=128;
ip->protocol=IPPROTO_TCP;
ip->daddr=remote.sin_addr.s_addr;
tcp->source=servaddr.sin_port;
tcp->dest=remote.sin_port;
tcp->seq=htonl(0xF1C);
tcp->fin=1;
tcp->syn=0;
tcp->rst=0;
tcp->psh=0;
tcp->ack=0;
tcp->urg=0;
tcp->doff=sizeof(struct tcphdr)>>2;
tcp->window=htons(3000);
if (decoy_scan==1)
for(tmp=0;tmp<45;tmp++) {
ip->saddr=inet_addr(buf[tmp]);
tcp->check=0;
tcp->check = cksum(size);
if ( (sendto(sockod,size,sizeof(*tcp)+sizeof(*ip),0,(SA2*)&remote,sizeof(remote))) < 0) {
printf("Sendto() error! (errno = %d)\n",errno);
exit(-1);
}
nanosleep(&t_tv,NULL);
}
ip->saddr=inet_addr(_src_ip);
ip->daddr=remote.sin_addr.s_addr;
tcp->check=0;
tcp->check = cksum((unsigned char*)&size[0]);
if ( (sendto(sockod,size,sizeof(*tcp)+sizeof(*ip),0,(SA2*)&remote,sizeof(remote))) < 0) {
printf("Sendto() error! (errno = %d)\n",errno);
exit(-1);
}
FD_ZERO(&rset);
FD_SET(sockfd,&rset);
if ( (wracam=select((int)(sockfd+1),&rset,NULL,NULL,&tv)) == 0) {
if (random_port)
o_buf[k+1]=1;
else
printf("\n\t\t\t\t %6d\topen"/* - by select */"",i);
d++;
goto go;
} else if (wracam < 0) {
printf("\n\nERROR by select()!\n\n\n");
exit(-1);
}
for ( ; ; ) {
if (FD_ISSET(sockfd,&rset)) {
bzero(size2,sizeof(size2));
if ((test=read(sockfd,size2,40+14)) < 0) {
if (errno==EWOULDBLOCK) {
if (random_port)
o_buf[k+1]=1;
else
printf("\n\t\t\t\t %6d\topen"/* - by read */"",i);
d++;
goto go;
}
printf("\nRead() error! Ignoring this port (%d)\n",i);
goto go;
}
ip = (struct iphdr*) size2+14;
tcp = (struct tcphdr*) (size2 + 14 + sizeof(struct iphdr));
if (ntohs(tcp->source) == ((random_port)?k+1:i) && ntohs(tcp->dest) == P_PORT) {
if (tcp->rst == 1 && tcp->ack == 1)
goto go;
}
}
}
go:
close(sockod);
close(sockfd);
}
if (random_port)
for(i=1;i<port_max+1;i++)
(o_buf[i]) ? printf("\n\t\t\t\t %6d\topen",i) : 1;
printf("\n");
return d;
}
int null_scan(int port_min, int port_max, char *_src_ip) {
int test,wracam,i=port_min,d=0,k,tmp,sockfd,sockod;
char size[MAXSIZE],size2[MAXSIZE+14+1];
struct sockaddr_in servaddr,remote;
struct timeval tv,tv_stat,t_tv;
fd_set rset;
struct sock_fprog bpfp;
struct sock_filter insns[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 10, 0x00000800 },
{ 0x20, 0, 0, 0x0000001a },
{ 0x15, 0, 8, mask_dst_ip },
{ 0x30, 0, 0, 0x00000017 },
{ 0x15, 0, 6, 0x00000006 },
{ 0x28, 0, 0, 0x00000014 },
{ 0x45, 4, 0, 0x00001fff },
{ 0xb1, 0, 0, 0x0000000e },
{ 0x48, 0, 0, 0x00000010 },
{ 0x15, 0, 1, P_PORT },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 },
};
printf("\n\t...::: -=[ Samotny_pi3 scaner - version %s - coded by pi3 (pi3ki31ny) ]=- :::...\n",VERSION);
printf("\n\t\t\tOpen ports (%s):\n",(decoy_scan && slow_scan && random_port) ?
"null scan + slow scan + decoy scan + randomize ports" : (decoy_scan && slow_scan) ?
"null scan + decoy scan + slow scan" : (decoy_scan && random_port) ? "null scan + decoy scan + randomize ports" :
(slow_scan && random_port) ? "null scan + slow scan + randomize ports" : (random_port) ?
"null scan + randomize ports" : (decoy_scan) ? "null scan + decoy scan" : (slow_scan) ? "null scan + slow scan" : "null scan");
(random_port) ? 1 : setvbuf(stdout,(char*)NULL,_IONBF,0);
if (random_port) {
gettimeofday(&tv,NULL);
srand(tv.tv_usec);
}
tv_stat.tv_sec=5,tv_stat.tv_usec=0,t_tv.tv_sec=0,t_tv.tv_usec=1;
(decoy_scan==1) ? rand_ip() : 1;
bpfp.len=13;
bpfp.filter=insns;
for(;i<port_max+1;i++) {
(slow_scan==1) ? nanosleep(&tv_stat,NULL) : 1;
bzero(&servaddr,sizeof(servaddr));
bzero(&remote,sizeof(remote));
bzero(size,sizeof(size));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(P_PORT);
remote.sin_family = AF_INET;
if (random_port) {
do {
k=rand()%port_max;
} while (r_buf[k]);
remote.sin_port = htons(k+1);
r_buf[k]=1;
} else
remote.sin_port = htons(i);
remote.sin_addr = *(struct in_addr*)*h->h_addr_list;
ip = (struct iphdr*) size;
tcp = (struct tcphdr*) (size + sizeof(struct iphdr));
if ( (sockfd=socket(PF_PACKET,SOCK_RAW,htons(ETH_P_IP))) <0 ) {
printf("Socket() error!\n");
exit(-1);
}
if ( (sockod=socket(AF_INET,SOCK_RAW,255)) <0 ) {
printf("Socket() error!\n");
exit(-1);
}
tv.tv_sec=5,tv.tv_usec=0;
if ( (setsockopt(sockfd,SOL_SOCKET,SO_RCVTIMEO,&tv,sizeof(tv))) != 0) {
printf("setsockopt() error!\n");
exit(-1);
}
if ( (setsockopt(sockfd, SOL_SOCKET, SO_ATTACH_FILTER, &bpfp, sizeof(bpfp))) != 0) {
printf("setsockopt() error!\n");
exit(-1);
}
shutdown(sockfd,SHUT_WR);
shutdown(sockod,SHUT_RD);
ip->version=4;
ip->ihl=sizeof(struct iphdr)>>2;
// ip->tot_len=htons(40);
ip->tot_len=htons(sizeof(struct iphdr)+sizeof(struct tcphdr));
ip->id=0;
ip->ttl=128;
ip->protocol=IPPROTO_TCP;
ip->daddr=remote.sin_addr.s_addr;
tcp->source=servaddr.sin_port;
tcp->dest=remote.sin_port;
tcp->seq=htonl(0xF1C);
tcp->fin=0;
tcp->syn=0;
tcp->rst=0;
tcp->psh=0;
tcp->ack=0;
tcp->urg=0;
tcp->doff=sizeof(struct tcphdr)>>2;
tcp->window=htons(3000);
if (decoy_scan==1)
for(tmp=0;tmp<45;tmp++) {
ip->saddr=inet_addr(buf[tmp]);
tcp->check=0;
tcp->check = cksum(size);
if ( (sendto(sockod,size,sizeof(*tcp)+sizeof(*ip),0,(SA2*)&remote,sizeof(remote))) < 0) {
printf("Sendto() error! (errno = %d)\n",errno);
exit(-1);
}
nanosleep(&t_tv,NULL);
}
ip->saddr=inet_addr(_src_ip);
ip->daddr=remote.sin_addr.s_addr;
tcp->check=0;
tcp->check = cksum((unsigned char*)&size[0]);
if ( (sendto(sockod,size,sizeof(*tcp)+sizeof(*ip),0,(SA2*)&remote,sizeof(remote))) < 0) {
printf("Sendto() error! (errno = %d)\n",errno);
exit(-1);
}
FD_ZERO(&rset);
FD_SET(sockfd,&rset);
if ( (wracam=select((int)(sockfd+1),&rset,NULL,NULL,&tv)) == 0) {
if (random_port)
o_buf[k+1]=1;
else
printf("\n\t\t\t\t %6d\topen"/* - by select */"",i);
d++;
goto go;
} else if (wracam < 0) {
printf("\n\nERROR by select()!\n\n\n");
exit(-1);
}
for ( ; ; ) {
if (FD_ISSET(sockfd,&rset)) {
bzero(size2,sizeof(size2));
if ((test=read(sockfd,size2,40+14)) < 0) {
if (errno==EWOULDBLOCK) {
if (random_port)
o_buf[k+1]=1;
else
printf("\n\t\t\t\t %6d\topen"/* - by read */"",i);
d++;
goto go;
}
printf("\nRead() error! Ignoring this port (%d)\n",i);
goto go;
}
ip = (struct iphdr*) size2+14;
tcp = (struct tcphdr*) (size2 + 14 + sizeof(struct iphdr));
if (ntohs(tcp->source) == ((random_port)?k+1:i) && ntohs(tcp->dest) == P_PORT) {
if (tcp->rst == 1 && tcp->ack == 1)
goto go;
}
}
}
go:
close(sockod);
close(sockfd);
}
if (random_port)
for(i=1;i<port_max+1;i++)
(o_buf[i]) ? printf("\n\t\t\t\t %6d\topen",i) : 1;
printf("\n");
return d;
}
int xmas_scan(int port_min, int port_max, char *_src_ip) {
int test,wracam,i=port_min,d=0,k,tmp,sockfd,sockod;
char size[MAXSIZE],size2[MAXSIZE+14+1];
struct sockaddr_in servaddr,remote;
struct timeval tv,tv_stat,t_tv;
fd_set rset;
struct sock_fprog bpfp;
struct sock_filter insns[] = {
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 10, 0x00000800 },
{ 0x20, 0, 0, 0x0000001a },
{ 0x15, 0, 8, mask_dst_ip },
{ 0x30, 0, 0, 0x00000017 },
{ 0x15, 0, 6, 0x00000006 },
{ 0x28, 0, 0, 0x00000014 },
{ 0x45, 4, 0, 0x00001fff },
{ 0xb1, 0, 0, 0x0000000e },
{ 0x48, 0, 0, 0x00000010 },
{ 0x15, 0, 1, P_PORT },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 },
};
printf("\n\t...::: -=[ Samotny_pi3 scaner - version %s - coded by pi3 (pi3ki31ny) ]=- :::...\n",VERSION);
printf("\n\t\t\tOpen ports (%s):\n",(decoy_scan && slow_scan && random_port) ?
"xmas scan + slow scan + decoy scan + randomize ports" : (decoy_scan && slow_scan) ?
"xmas scan + decoy scan + slow scan" : (decoy_scan && random_port) ? "xmas scan + decoy scan + randomize ports" :
(slow_scan && random_port) ? "xmas scan + slow scan + randomize ports" : (random_port) ?
"xmas scan + randomize ports" : (decoy_scan) ? "xmas scan + decoy scan" : (slow_scan) ? "xmas scan + slow scan" : "xmas scan");
(random_port) ? 1 : setvbuf(stdout,(char*)NULL,_IONBF,0);
if (random_port) {
gettimeofday(&tv,NULL);
srand(tv.tv_usec);
}
tv_stat.tv_sec=5,tv_stat.tv_usec=0,t_tv.tv_sec=0,t_tv.tv_usec=1;
(decoy_scan==1) ? rand_ip() : 1;
bpfp.len=13;
bpfp.filter=insns;
for(;i<port_max+1;i++) {
(slow_scan==1) ? nanosleep(&tv_stat,NULL) : 1;
bzero(&servaddr,sizeof(servaddr));
bzero(&remote,sizeof(remote));
bzero(size,sizeof(size));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(P_PORT);
remote.sin_family = AF_INET;
if (random_port) {
do {
k=rand()%port_max;
} while (r_buf[k]);
remote.sin_port = htons(k+1);
r_buf[k]=1;
} else
remote.sin_port = htons(i);
remote.sin_addr = *(struct in_addr*)*h->h_addr_list;
ip = (struct iphdr*) size;
tcp = (struct tcphdr*) (size + sizeof(struct iphdr));
if ( (sockfd=socket(PF_PACKET,SOCK_RAW,htons(ETH_P_IP))) <0 ) {
printf("Socket() error!\n");
exit(-1);
}
if ( (sockod=socket(AF_INET,SOCK_RAW,255)) <0 ) {
printf("Socket() error!\n");
exit(-1);
}
tv.tv_sec=5,tv.tv_usec=0;
if ( (setsockopt(sockfd,SOL_SOCKET,SO_RCVTIMEO,&tv,sizeof(tv))) != 0) {
printf("setsockopt() error!\n");
exit(-1);
}
if ( (setsockopt(sockfd, SOL_SOCKET, SO_ATTACH_FILTER, &bpfp, sizeof(bpfp))) != 0) {
printf("setsockopt() error!\n");
exit(-1);
}
shutdown(sockfd,SHUT_WR);
shutdown(sockod,SHUT_RD);
ip->version=4;
ip->ihl=sizeof(struct iphdr)>>2;
// ip->tot_len=htons(40);
ip->tot_len=htons(sizeof(struct iphdr)+sizeof(struct tcphdr));
ip->id=0;
ip->ttl=128;
ip->protocol=IPPROTO_TCP;
ip->daddr=remote.sin_addr.s_addr;
tcp->source=servaddr.sin_port;
tcp->dest=remote.sin_port;
tcp->seq=htonl(0xF1C);
tcp->fin=1;
tcp->syn=0;
tcp->rst=0;
tcp->psh=1;
tcp->ack=0;
tcp->urg=1;
tcp->doff=sizeof(struct tcphdr)>>2;
tcp->window=htons(3000);
if (decoy_scan==1)
for(tmp=0;tmp<45;tmp++) {
ip->saddr=inet_addr(buf[tmp]);
tcp->check=0;
tcp->check = cksum(size);
if ( (sendto(sockod,size,sizeof(*tcp)+sizeof(*ip),0,(SA2*)&remote,sizeof(remote))) < 0) {
printf("Sendto() error! (errno = %d)\n",errno);
exit(-1);
}
nanosleep(&t_tv,NULL);
}
ip->saddr=inet_addr(_src_ip);
ip->daddr=remote.sin_addr.s_addr;
tcp->check=0;
tcp->check = cksum((unsigned char*)&size[0]);
if ( (sendto(sockod,size,sizeof(*tcp)+sizeof(*ip),0,(SA2*)&remote,sizeof(remote))) < 0) {
printf("Sendto() error! (errno = %d)\n",errno);
exit(-1);
}
FD_ZERO(&rset);
FD_SET(sockfd,&rset);
if ( (wracam=select((int)(sockfd+1),&rset,NULL,NULL,&tv)) == 0) {
if (random_port)
o_buf[k+1]=1;
else
printf("\n\t\t\t\t %6d\topen"/* - by select */"",i);
d++;
goto go;
} else if (wracam < 0) {
printf("\n\nERROR by select()!\n\n\n");
exit(-1);
}
for ( ; ; ) {
if (FD_ISSET(sockfd,&rset)) {
bzero(size2,sizeof(size2));
if ((test=read(sockfd,size2,40+14)) < 0) {
if (errno==EWOULDBLOCK) {
if (random_port)
o_buf[k+1]=1;
else
printf("\n\t\t\t\t %6d\topen"/* - by read */"",i);
d++;
goto go;
}
printf("\nRead() error! Ignoring this port (%d)\n",i);
goto go;
}
ip = (struct iphdr*) size2+14;
tcp = (struct tcphdr*) (size2 + 14 + sizeof(struct iphdr));
if (ntohs(tcp->source) == ((random_port)?k+1:i) && ntohs(tcp->dest) == P_PORT) {
if (tcp->rst == 1 && tcp->ack == 1)
goto go;
}
}
}
go:
close(sockod);
close(sockfd);
}
if (random_port)
for(i=1;i<port_max+1;i++)
(o_buf[i]) ? printf("\n\t\t\t\t %6d\topen",i) : 1;
printf("\n");
return d;
}
int ip_to_hex_like_bpf(char *arg) {
unsigned int liczba,i;
unsigned char *tmp1,*tmp2,*tmp3,*tmp4;
tmp1=strdup(arg);
tmp2=strchr(tmp1,'.');
tmp2++;
tmp3=strchr(tmp2,'.');
tmp3++;
tmp4=strchr(tmp3,'.');
tmp4++;
for(i=0;i<strlen(tmp1);i++)
(tmp1[i]=='.') ? tmp1[i]=0 : 1;
for(i=0;i<strlen(tmp2);i++)
(tmp2[i]=='.') ? tmp2[i]=0 : 1;
for(i=0;i<strlen(tmp3);i++)
(tmp3[i]=='.') ? tmp3[i]=0 : 1;
for(i=0;i<strlen(tmp4);i++)
(tmp4[i]=='.') ? tmp4[i]=0 : 1;
i=atoi(tmp1);
i<<=24;
liczba=i;
i=atoi(tmp2);
i<<=16;
liczba|=i;
i=atoi(tmp3);
i<<=8;
liczba|=i;
i=atoi(tmp4);
liczba|=i;
return liczba;
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed