listscan (nmap -sL)

ashtray505 · Sep 14, 2013 · 4cb17c2 · 4cb17c2
1 parent bfd1d5d
commit 4cb17c2
Show file tree

Hide file tree

Showing 7 changed files with 108 additions and 13 deletions.
diff --git a/src/main-conf.c b/src/main-conf.c
@@ -109,14  109,14 @@ masscan_echo_nic(struct Masscan *masscan, FILE *fp, unsigned i)
         (masscan->nic[i].adapter_ip>> 8)&0xFF,
         (masscan->nic[i].adapter_ip>> 0)&0xFF
         );
-    fprintf(fp, "adapter-mac = x:x:x:x:x:x\n", zzz,
     fprintf(fp, "adapter-mac%s = x:x:x:x:x:x\n", zzz,
             masscan->nic[i].adapter_mac[0],
             masscan->nic[i].adapter_mac[1],
             masscan->nic[i].adapter_mac[2],
             masscan->nic[i].adapter_mac[3],
             masscan->nic[i].adapter_mac[4],
             masscan->nic[i].adapter_mac[5]);
-    fprintf(fp, "router-mac = x:x:x:x:x:x\n", zzz,
     fprintf(fp, "router-mac%s = x:x:x:x:x:x\n", zzz,
             masscan->nic[i].router_mac[0],
             masscan->nic[i].router_mac[1],
             masscan->nic[i].router_mac[2],
@@ -617,7  617,8 @@ masscan_set_parameter(struct Masscan *masscan,
     }
     else if (EQUALS("ports", name) || EQUALS("port", name)) {
         rangelist_parse_ports(&masscan->ports, value);
-        masscan->op = Operation_Scan;
         if (masscan->op == 0)
             masscan->op = Operation_Scan;
     }
     else if (EQUALS("exclude-ports", name) || EQUALS("exclude-port", name)) {
         rangelist_parse_ports(&masscan->exclude_port, value);
@@ -650,7  651,8 @@ masscan_set_parameter(struct Masscan *masscan,
             else
                 offset  ; /* skip comma */
         }
-        masscan->op = Operation_Scan;
         if (masscan->op == 0)
             masscan->op = Operation_Scan;
     }
     else if (
                 EQUALS("exclude", name) ||
@@ -679,7  681,8 @@ masscan_set_parameter(struct Masscan *masscan,
             else
                 offset  ; /* skip comma */
         }
-        masscan->op = Operation_Scan;
         if (masscan->op == 0)
             masscan->op = Operation_Scan;
     } else if (EQUALS("append-output", name) || EQUALS("output-append", name)) {
         if (EQUALS("overwrite", name))
             masscan->nmap.append = 0;
@@ -821,6  824,8 @@ masscan_set_parameter(struct Masscan *masscan,
         masscan->resume.seed = parseInt(value);
     } else if (EQUALS("resume-index", name)) {
         masscan->resume.index = parseInt(value);
     } else if (EQUALS("resume-count", name)) {
         masscan->resume.count = parseInt(value);
     } else if (EQUALS("retries", name) || EQUALS("retry", name)) {
         unsigned x = strtoul(value, 0, 0);
         if (x >= 1000) {
@@ -1230,8  1235,8 @@ masscan_command_line(struct Masscan *masscan, int argc, char *argv[])
                         fprintf(stderr, "nmap(%s): Zombie scans will never be supported\n", argv[i]);
                         exit(1);
                     case 'L': /* List Scan - simply list targets to scan */
-                        fprintf(stderr, "nmap(%s): list scan unsupported\n", argv[i]);
-                        exit(1);
                         masscan->op = Operation_ListScan;
                         break;
                     case 'M':
                         fprintf(stderr, "nmap(%s): Maimon scan not yet supported\n", argv[i]);
                         exit(1);

diff --git a/src/main-listscan.c b/src/main-listscan.c
@@ -0,0  1,71 @@
 #include "masscan.h"
 #include "logger.h"
 #include "rand-blackrock.h"
 
 void
 main_listscan(struct Masscan *masscan)
 {
     uint64_t count_ips;
     uint64_t count_ports;
     uint64_t i;
     uint64_t range;
     uint64_t start;
     uint64_t end;
     struct BlackRock blackrock;
     unsigned r = masscan->retries   1;
     unsigned increment = masscan->shard.of;
 
     count_ports = rangelist_count(&masscan->ports);
     if (count_ports == 0)
         rangelist_add_range(&masscan->ports, 80, 80);
     count_ports = rangelist_count(&masscan->ports);
 
     count_ips = rangelist_count(&masscan->targets);
     if (count_ips == 0) {
         LOG(0, "FAIL: target IP address list empty\n");
         LOG(0, " [hint] try something like \"--range 10.0.0.0/8\"\n");
         LOG(0, " [hint] try something like \"--range 192.168.0.100-192.168.0.200\"\n");
         return;
     }
 
     range = count_ips * count_ports;
 
 
     blackrock_init(&blackrock, range, masscan->seed);
 
     start = masscan->resume.index   (masscan->shard.one-1);
     end = range;
     if (masscan->resume.count && end > start   masscan->resume.count)
         end = start   masscan->resume.count;
     end  = masscan->retries * masscan->max_rate;
 
 
     for (i=start; i<end; ) {
         uint64_t xXx;
         unsigned ip;
         unsigned port;
 
 
         xXx = (i   (r--) * masscan->max_rate);
         while (xXx >= range)
             xXx -= range;
         xXx = blackrock_shuffle(&blackrock,  xXx);
         ip = rangelist_pick(&masscan->targets, xXx % count_ips);
         port = rangelist_pick(&masscan->ports, xXx / count_ips);
 
         if (count_ports == 1)
             printf("%u.%u.%u.%u\n",
                    (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF
                    );
         else
             printf("%u.%u.%u.%u:%u\n",
                    (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF,
                    port
                    );
 
         if (r == 0) {
             i  = increment; /* <------ increment by 1 normally, more with shards/nics */
             r = masscan->retries   1;
         }
     }
 }
diff --git a/src/main.c b/src/main.c
@@ -64,7  64,7 @@
 unsigned control_c_pressed = 0;
 static unsigned control_c_pressed_again = 0;
 time_t global_now;
-static unsigned wait = 10;
 static unsigned global_wait = 10;
 
 uint64_t foo_timestamp = 0;
 uint64_t foo_count = 0;
@@ -238,6  238,8 @@ transmit_thread(void *v) /*aka. scanning_thread() */
      * is essentially the same logic as shards. */
     start = masscan->resume.index   (masscan->shard.one-1)   parms->nic_index;
     end = range;
     if (masscan->resume.count && end > start   masscan->resume.count)
         end = start   masscan->resume.count;
     end  = retries * rate;
 
 
@@ -702,7  704,9 @@ static void control_c_handler(int x)
 {
     if (control_c_pressed == 0) {
         fprintf(stderr, 
-"waiting %u seconds to exit...                                            \n", wait);
                 "waiting %u seconds to exit..."
                 "                                            \n", 
                 global_wait);
         fflush(stderr);
         control_c_pressed = 1 x;
     } else
@@ -907,8  911,7 @@ main_scan(struct Masscan *masscan)
         unsigned i;
         double rate = 0;
 
-        min_index = UINT64_MAX;
-
 
         /* Find the minimum index of all the threads */
         min_index = UINT64_MAX;
         for (i=0; i<masscan->nic_count; i  ) {
@@ -1081,6  1084,11 @@ int main(int argc, char *argv[])
          * THIS IS THE NORMAL THING
          */
         return main_scan(masscan);
 
         case Operation_ListScan:
             /* Create a randomized list of IP addresses */
             main_listscan(masscan);
             return 0;
 
     case Operation_List_Adapters:
         /* List the network adapters we might want to use for scanning */

diff --git a/src/masscan.h b/src/masscan.h
@@ -107,6  107,7 @@ struct Masscan
     struct {
         uint64_t seed;
         uint64_t index;
         uint64_t count;
     } resume;
 
     struct {
@@ -172,6  173,7 @@ void masscan_read_config_file(struct Masscan *masscan, const char *filename);
 void masscan_command_line(struct Masscan *masscan, int argc, char *argv[]);
 void masscan_usage();
 void masscan_save_state(struct Masscan *masscan);
 void main_listscan(struct Masscan *masscan);
 
 int
 masscan_initialize_adapter(

diff --git a/src/output.c b/src/output.c
@@ -530,7  530,7 @@ output_report_banner(struct Output *out, unsigned ip, unsigned port,
             length, px
             );
         if (count < 80)
-            fprintf(stdout, "%.*s\n", (size_t)(79-count),
             fprintf(stdout, "%.*s\n", (int)(79-count),
 "                                                                                    ");
         else
             fprintf(stdout, "\n");

diff --git a/src/pixie-timer.c b/src/pixie-timer.c
@@ -206,14  206,19 @@ pixie_nanotime()
 
     return tv.tv_sec * 1000000000   tv.tv_nsec;
 }
-#elif defined(__MACH__) /* works for Apple */
 #elif defined(__MACH__) || defined(__FreeBSD__) /* works for Apple */
 #include <unistd.h>
 #include <mach/mach_time.h>
 
 void pixie_usleep(uint64_t microseconds)
 {
     usleep(microseconds);
 }
 void
 pixie_mssleep(unsigned milliseconds)
 {
     pixie_usleep(milliseconds * 1000ULL);
 }
 uint64_t
 pixie_gettime()
 {

diff --git a/xcode4/masscan.xcodeproj/project.pbxproj b/xcode4/masscan.xcodeproj/project.pbxproj
@@ -49,6  49,7 @@
 		11AC80EE17E0DAD4001BCE3A /* proto-icmp.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80E917E0DAD4001BCE3A /* proto-icmp.c */; };
 		11AC80EF17E0DAD4001BCE3A /* proto-ssh.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80EB17E0DAD4001BCE3A /* proto-ssh.c */; };
 		11AC80F617E0ED47001BCE3A /* main-ptrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80F517E0ED47001BCE3A /* main-ptrace.c */; };
 		11B039C117E506B400925E7E /* main-listscan.c in Sources */ = {isa = PBXBuildFile; fileRef = 11B039C017E506B400925E7E /* main-listscan.c */; };
 		11B2DD9E17DE4DD8007FC363 /* templ-payloads.c in Sources */ = {isa = PBXBuildFile; fileRef = 11B2DD9C17DE4DD8007FC363 /* templ-payloads.c */; };
 /* End PBXBuildFile section */
 
@@ -141,6  142,7 @@
 		11AC80EC17E0DAD4001BCE3A /* proto-ssh.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "proto-ssh.h"; sourceTree = "<group>"; };
 		11AC80F517E0ED47001BCE3A /* main-ptrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "main-ptrace.c"; sourceTree = "<group>"; };
 		11AC80F817E0EDA7001BCE3A /* main-ptrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "main-ptrace.h"; sourceTree = "<group>"; };
 		11B039C017E506B400925E7E /* main-listscan.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "main-listscan.c"; sourceTree = "<group>"; };
 		11B2DD9C17DE4DD8007FC363 /* templ-payloads.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "templ-payloads.c"; sourceTree = "<group>"; };
 		11B2DD9D17DE4DD8007FC363 /* templ-payloads.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "templ-payloads.h"; sourceTree = "<group>"; };
 /* End PBXFileReference section */
@@ -196,6  198,7 @@
 				11A9219C17DBCC7E00DDFD32 /* main-status.h */,
 				11A9219D17DBCC7E00DDFD32 /* main-throttle.c */,
 				11A9219E17DBCC7E00DDFD32 /* main-throttle.h */,
 				11B039C017E506B400925E7E /* main-listscan.c */,
 				11A9219F17DBCC7E00DDFD32 /* main.c */,
 				11A921A017DBCC7E00DDFD32 /* masscan.h */,
 				11A921A117DBCC7E00DDFD32 /* out-binary.c */,
@@ -350,6  353,7 @@
 				11AC80EE17E0DAD4001BCE3A /* proto-icmp.c in Sources */,
 				11AC80EF17E0DAD4001BCE3A /* proto-ssh.c in Sources */,
 				11AC80F617E0ED47001BCE3A /* main-ptrace.c in Sources */,
 				11B039C117E506B400925E7E /* main-listscan.c in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};