超高速端口扫描器 syn rawsocket
本帖最后由 sinanjj 于 2012-5-21 00:37 编辑#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <netinet/tcp.h>
#include <net/if.h>
#include <sys/ioctl.h>
unsigned long int get_host_ip ()
{
int tempSock = socket(PF_INET, SOCK_DGRAM, 0);
struct ifreq ifr;
strcpy(ifr.ifr_name, "eth0");
if (ioctl(tempSock, SIOCGIFADDR, &ifr) < 0) { printf("error: ioctl\n"); exit (0); }
close (tempSock);
unsigned long int host_ip = (((struct sockaddr_in *)&(ifr.ifr_addr))->sin_addr).s_addr;
return host_ip;
}
long int get_random (void)
{
int fd = 0;
if ((fd = open ("/dev/urandom", O_RDONLY | O_NONBLOCK)) == -1) { printf ("error: open /dev/urandom. exit\n"); exit (0); }
long int buf;
if (read (fd, (char *)&buf, 4) != 4) { printf ("error: read /dev/urandom. exit\n"); exit (0); }
if (close (fd) != 0) { printf ("error: close() fd. exit\n"); exit (0); }
return buf;
}
unsigned short csum (unsigned short *buf, int nwords) /* generates header checksums */
{
unsigned long sum;
for (sum = 0; nwords > 0; nwords--)
sum += *buf++;
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return ~sum;
}
struct pseudohdr {
u_int32_t saddr; /* source IP address */
u_int32_t daddr; /* destination IP address */
u_int8_t res; /* contains binary zeroes.(0) */
u_int8_t ptcl; /* protocol. can be tcp (6), udp(17), icmp(1) */
u_int16_t len; /* TCP/UDP packet length. (unit:byte) */
};
int main (int argc, char *argv[])
{
if (argc != 5) { printf ("usage: %s fromip toip fromport toport\n", argv); exit (0); }
unsigned long fromip, toip;
fromip = ntohl(inet_addr(argv)); toip = ntohl(inet_addr(argv)); /* inet_aton() returns non-zero if the address is valid, zero if not. */
if ((fromip == 0) || (toip == 0) || ((toip-fromip) < 0)) { printf ("error: fromip or toip\n"); exit (0); }
unsigned short fromport, toport;
fromport = atoi (argv); toport = atoi (argv);
if ((fromport == 0) || (toport == 0) || ((toport-fromport) < 0)) { printf ("error: fromport or toport\n"); exit (0); }
int raw_sock_tcp;
if ((raw_sock_tcp = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) { printf("socket() failed!\nMust be root to make raw socket.\n"); exit(0); }
unsigned char packet; bzero (packet, 80);
struct tcphdr *tcph = (struct tcphdr *)packet;
/* fill in the tcp header values */
// tcph->source = htons (1234);
tcph->source = htons (get_random());
tcph->dest = htons (1);
tcph->seq = get_random (); /* in a SYN packet, the sequence is a random */
tcph->ack_seq = 0; /* number, and the ack sequence is 0 in the 1st packet */
tcph->doff = 5;
tcph->syn = 1; /* initial connection request */
tcph->window = htonl (65535); /* maximum allowed window size */
tcph->check = 0;
tcph->urg_ptr = 0;
struct sockaddr_in dest; bzero (&dest, sizeof (dest));
dest.sin_family = PF_INET; dest.sin_addr.s_addr = inet_addr ("1.2.3.4"); dest.sin_port = htons (1);
unsigned long int host_ip = get_host_ip ();
int ip_i,port_i;
for(ip_i = 0; ip_i <= (toip-fromip); ip_i++) {
for(port_i = 0; port_i <= (toport-fromport); port_i++) {
dest.sin_addr.s_addr = htonl (fromip + ip_i); dest.sin_port = htons (fromport + port_i);
tcph->dest = htons (fromport + port_i);
tcph->source = htons (get_random());
tcph->seq = get_random (); /* in a SYN packet, the sequence is a random */
unsigned char buf; bzero (buf, 512);
struct pseudohdr *pseudohdr;
pseudohdr = (struct pseudohdr *)buf;
/* full pseudohdr */
pseudohdr->daddr = dest.sin_addr.s_addr;
pseudohdr->saddr = host_ip;
pseudohdr->res = 0; pseudohdr->ptcl = 0x06;
pseudohdr->len = htons((tcph->doff)<<2);
tcph->check = 0;
memcpy((unsigned char *)pseudohdr+sizeof(struct pseudohdr), (unsigned char *)tcph, (tcph->doff)<<2);
tcph->check = csum((unsigned short *)pseudohdr, (((tcph->doff)<<2) + sizeof(struct pseudohdr))>>1);
if (sendto (raw_sock_tcp, packet, /* the buffer containing headers and data */
((tcph->doff)<<2), /* total length of our packet */
0, (struct sockaddr *) &dest, sizeof (struct sockaddr)) < 0)
printf ("error: sendto()\n");
fd_set readfs; /* file descriptor set */
FD_ZERO (&readfs); FD_SET (raw_sock_tcp, &readfs);
struct timeval timeout = {0, 0}; /* 0s */
while (select (raw_sock_tcp+1, &readfs, NULL, NULL, &timeout)) {
bzero (buf, 512);
int n_recv;
n_recv = recvfrom(raw_sock_tcp, buf, 512, 0, NULL, NULL);
if(n_recv < 40) { continue; } /* 20byte ip header + 20byte tcp header */
if(buf == 0x12) {
printf ("%d.%d.%d.%d %d\n", buf, buf, buf, buf,
((buf<<8)&0XFF00 | buf&0XFF));
}
}
}
}
return 0;
}
udp_sniffer.c
#include <stdio.h>#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <strings.h>
#include <time.h>
#include <sys/time.h>
void be_daemon (void)
{
switch (fork()) { // fork off the parent process
case -1: { printf ("error: fork()\n"); exit(0); }
case 0: break;
default: exit (0);
}
umask (0); // change the file mode mask
setsid(); // create a new SID for the child process
chdir ("/"); // change the current working directory
close (STDIN_FILENO); close (STDOUT_FILENO); close (STDERR_FILENO); // close out the standard file descriptors
}
int main()
{
FILE * log_f;
int raw_sock, n_rcved, i;
unsigned char buf;
if ((raw_sock = socket(PF_INET, SOCK_RAW, IPPROTO_UDP))<0) { printf("error: socket()\n"); exit(0); }
be_daemon ();
for(;;) {
n_rcved = recvfrom(raw_sock, buf, 65535, 0, NULL, NULL);
if (n_rcved <= 0) continue;
if ((buf == 0x7f) && (buf==0x00) && (buf == 0x00) && (buf == 0x01)) { // filter 127.0.0.1
continue;
}
log_f = fopen("/udp_log","a+"); if (log_f == NULL) { exit(0); }
struct timeval time_now; gettimeofday(&time_now,NULL);
struct tm *tm_ptr;
tm_ptr = localtime(&time_now.tv_sec);
fprintf(log_f, "time:%04d-%02d-%02d %02d:%02d:%02d:%06d source:%d.%d.%d.%d sport:%d dport:%d length:%d data:", tm_ptr->tm_year+1900,tm_ptr->tm_mon+1,tm_ptr->tm_mday,tm_ptr->tm_hour,tm_ptr->tm_min,tm_ptr->tm_sec,(int)time_now.tv_usec,buf,buf,buf,buf,(((unsigned int)buf)<<8) + buf,(((unsigned int)buf)<<8) + buf, n_rcved-28);
for (i=0; i<(n_rcved-28); i++) fprintf(log_f, "%02x ", buf);
fprintf(log_f, "\n");
fclose(log_f);
}
} 顶 顶!!!!!!
页:
[1]