/* DB2 Scanner, made by Bears. */ #include#include #include // for exit() #include //for memset #include #include #include #include // for inet_ntoa() #include #include //Provides declarations for udp header #include //Provides declarations for ip header #include #include #include #include #include static unsigned int payloadsize = 20; static unsigned int xport = 523; void process_packet(void *args, struct pcap_pkthdr *header, void *buffer); struct buffer { void *data; int size; struct buffer *next; struct buffer *prev; }; struct buffer *head; char *ipv4; int processed,over,total,i,j; struct sockaddr_in dest; pthread_mutex_t buf_mutex = PTHREAD_MUTEX_INITIALIZER; sem_t loop_sem; int running_threads = 0; volatile int found_srvs = 0; volatile unsigned long per_thread = 0; volatile unsigned long start = 0; volatile unsigned long scanned = 0; int sleep_between = 0; volatile int bytes_sent = 0; volatile unsigned long hosts_done = 0; FILE *fd; void *readthread() { struct buffer *ourhead = head; struct sockaddr_in saddr; while(1) { sem_wait(&loop_sem); while(ourhead->data == NULL){ ourhead = ourhead->next; } pthread_mutex_lock(&buf_mutex); void *buf = malloc(ourhead->size); int size = ourhead->size; memcpy(buf, ourhead->data, ourhead->size); free(ourhead->data); ourhead->data = NULL; ourhead->size = 0; pthread_mutex_unlock(&buf_mutex); memset(&saddr, 0, sizeof(saddr)); struct iphdr *iph = (struct iphdr*)(buf + sizeof(struct ethhdr)); saddr.sin_addr.s_addr = iph->saddr; struct udphdr *udph = (struct udphdr *)(buf + sizeof(struct ethhdr) + sizeof(struct iphdr)); if(ntohs(udph->source) == xport) { int body_length = size - sizeof(struct ethhdr) - sizeof(struct iphdr) - sizeof(struct udphdr); fprintf(fd,"%s %d/n",inet_ntoa(saddr.sin_addr),body_length); fflush(fd); found_srvs++; } free(buf); processed++; ourhead = ourhead->next; } } void *flood(void *par1) { running_threads++; int thread_id = (int)par1; unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id)); unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1))); unsigned long w; int y; unsigned char buf[65536]; memcpy(buf, "/x44/x42/x32/x47/x45/x54/x41/x44/x44/x52/x00/x53/x51/x4c/x30/x35/x30/x30/x30/x00", payloadsize); int sizeofpayload = payloadsize; int sock; if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) { perror("cant open socket"); exit(-1); } for(w=ntohl(start_ip);w 0) { printf("/r"); memset(new, '/0', 16*6); sprintf(new, "%s|%-15lu", new, found_srvs); sprintf(new, "%s|%-15d", new, scanned); sprintf(new, "%s|%-15d", new, bytes_sent); sprintf(new, "%s|%-15d", new, running_threads); memset(temp, 0, 17); int percent_done=((double)(hosts_done)/(double)(toscan))*100; sprintf(temp, "%d%%", percent_done); sprintf(new, "%s|%s", new, temp); printf("%s", new); fflush(stdout); bytes_sent=0; scanned = 0; sleep(1); } printf("/n"); fclose(fd); exit(0); } int main(int argc, char *argv[ ]) { if(argc < 6){ fprintf(stderr, "Invalid parameters!/n"); fprintf(stdout, "The right fucking way: %s <1.0.0.0> <255.255.255.255>
/n", argv[0]); exit(-1); } fd = fopen(argv[3], "a"); sleep_between = atoi(argv[5]); int num_threads = atoi(argv[4]); const rlim_t kOpenFD = 1024 + (num_threads * 2); struct rlimit rl; int result; rl.rlim_cur = kOpenFD; rl.rlim_max = kOpenFD; result = setrlimit(RLIMIT_NOFILE, &rl); if (result != 0) { perror("setrlimit_nofile"); fprintf(stderr, "setrlimit_nofile returned result = %d/n", result); } bzero(&rl, sizeof(struct rlimit)); rl.rlim_cur = 256 * 1024; rl.rlim_max = 4096 * 1024; result = setrlimit(RLIMIT_STACK, &rl); if (result != 0) { perror("setrlimit_stack"); fprintf(stderr, "setrlimit_stack returned result = %d/n", result); } signal(SIGINT, &sighandler); pcap_if_t *alldevsp; pcap_t *handle; //Handle of the device that shall be sniffed char errbuf[100] , *devname , devs[100][100]; int count = 1 , n; if( pcap_findalldevs( &alldevsp , errbuf) ) { exit(1); } devname = alldevsp->name; ipv4 = malloc(16); bzero(ipv4, 16); struct ifreq ifc; int res; int sockfd = socket(AF_INET, SOCK_DGRAM, 0); if(sockfd < 0) exit(-1); strcpy(ifc.ifr_name, devname); res = ioctl(sockfd, SIOCGIFADDR, &ifc); close(sockfd); if(res < 0) exit(-1); strcpy(ipv4, inet_ntoa(((struct sockaddr_in*)&ifc.ifr_addr)->sin_addr)); printf("Opening device %s for sniffing ... " , devname); handle = pcap_open_live(devname , 65536 , 1 , 0 , errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s : %s/n" , devname , errbuf); exit(1); } printf("Done/n"); sem_init(&loop_sem, 0, -1); i = 1024*1000; while(i--) { if(head == NULL) { head = (struct buffer *)malloc(sizeof(struct buffer)); bzero(head, sizeof(struct buffer)); head->data = NULL; head->size = 0; head->next = head; head->prev = head; } else { struct buffer *new_node = (struct buffer *)malloc(sizeof(struct buffer)); bzero(new_node, sizeof(struct buffer)); new_node->data = NULL; new_node->size = 0; new_node->prev = head; new_node->next = head->next; head->next = new_node; } } pthread_t prnthread; pthread_create( &prnthread, NULL, &printthread, (void *)argv); pthread_t redthread; pthread_create( &redthread, NULL, &readthread, NULL); pcap_loop(handle , -1 , process_packet , NULL); return 0; } void process_packet(void *args, struct pcap_pkthdr *header, void *buffer) { int size = header->len; //Get the IP Header part of this packet , excluding the ethernet header struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr)); memset(&dest, 0, sizeof(dest)); dest.sin_addr.s_addr = iph->daddr; if(iph->protocol == 17 && strcmp(inet_ntoa(dest.sin_addr), ipv4) == 0) { //toss into buffer if(head->data != NULL) over++; pthread_mutex_lock(&buf_mutex); void *temp = malloc(size); memcpy(temp, buffer, size); head->data = temp; head->size = size; head = head->next; pthread_mutex_unlock(&buf_mutex); sem_post(&loop_sem); total++; } }
原创文章,作者:奋斗,如若转载,请注明出处:https://blog.ytso.com/56242.html