1 2 /*************************************************************************** 3 * NpingOps.h -- The NpingOps class contains global options, mostly based * 4 * on user-provided command-line settings. * 5 * * 6 ***********************IMPORTANT NMAP LICENSE TERMS************************ 7 * * 8 * The Nmap Security Scanner is (C) 1996-2020 Insecure.Com LLC ("The Nmap * 9 * Project"). Nmap is also a registered trademark of the Nmap Project. * 10 * * 11 * This program is distributed under the terms of the Nmap Public Source * 12 * License (NPSL). The exact license text applying to a particular Nmap * 13 * release or source code control revision is contained in the LICENSE * 14 * file distributed with that version of Nmap or source code control * 15 * revision. More Nmap copyright/legal information is available from * 16 * https://nmap.org/book/man-legal.html, and further information on the * 17 * NPSL license itself can be found at https://nmap.org/npsl. This header * 18 * summarizes some key points from the Nmap license, but is no substitute * 19 * for the actual license text. * 20 * * 21 * Nmap is generally free for end users to download and use themselves, * 22 * including commercial use. It is available from https://nmap.org. * 23 * * 24 * The Nmap license generally prohibits companies from using and * 25 * redistributing Nmap in commercial products, but we sell a special Nmap * 26 * OEM Edition with a more permissive license and special features for * 27 * this purpose. See https://nmap.org/oem * 28 * * 29 * If you have received a written Nmap license agreement or contract * 30 * stating terms other than these (such as an Nmap OEM license), you may * 31 * choose to use and redistribute Nmap under those terms instead. * 32 * * 33 * The official Nmap Windows builds include the Npcap software * 34 * (https://npcap.org) for packet capture and transmission. It is under * 35 * separate license terms which forbid redistribution without special * 36 * permission. So the official Nmap Windows builds may not be * 37 * redistributed without special permission (such as an Nmap OEM * 38 * license). * 39 * * 40 * Source is provided to this software because we believe users have a * 41 * right to know exactly what a program is going to do before they run it. * 42 * This also allows you to audit the software for security holes. * 43 * * 44 * Source code also allows you to port Nmap to new platforms, fix bugs, * 45 * and add new features. You are highly encouraged to submit your * 46 * changes as a Github PR or by email to the dev@nmap.org mailing list * 47 * for possible incorporation into the main distribution. Unless you * 48 * specify otherwise, it is understood that you are offering us very * 49 * broad rights to use your submissions as described in the Nmap Public * 50 * Source License Contributor Agreement. This is important because we * 51 * fund the project by selling licenses with various terms, and also * 52 * because the inability to relicense code has caused devastating * 53 * problems for other Free Software projects (such as KDE and NASM). * 54 * * 55 * The free version of Nmap is distributed in the hope that it will be * 56 * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * 57 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties, * 58 * indemnification and commercial support are all available through the * 59 * Npcap OEM program--see https://nmap.org/oem. * 60 * * 61 ***************************************************************************/ 62 63 #ifndef NPING_NPINGOPS_H 64 #define NPING_NPINGOPS_H 65 66 /* Probe Modes */ 67 #define TCP_CONNECT 0xF1 68 #define TCP 0xF2 69 #define UDP 0xF3 70 #define UDP_UNPRIV 0xF4 71 #define ICMP 0xF5 72 #define ARP 0xF6 73 74 /* Roles */ 75 #define ROLE_NORMAL 0x22 76 #define ROLE_CLIENT 0x44 77 #define ROLE_SERVER 0x66 78 79 /* Payload types */ 80 #define PL_NONE 0x00 81 #define PL_HEX 0xAA 82 #define PL_RAND 0xBB 83 #define PL_FILE 0xCC 84 #define PL_STRING 0xDD 85 86 /* Misc */ 87 #define ARP_TYPE_REQUEST 0x01 88 #define ARP_TYPE_REPLY 0x02 89 #define RARP_TYPE_REQUEST 0x03 90 #define RARP_TYPE_REPLY 0x04 91 92 #define FLAG_CWR 0 /* Do not change these values because they */ 93 #define FLAG_ECN 1 /* are used as indexes of an array */ 94 #define FLAG_URG 2 95 #define FLAG_ACK 3 96 #define FLAG_PSH 4 97 #define FLAG_RST 5 98 #define FLAG_SYN 6 99 #define FLAG_FIN 7 100 101 #define PACKET_SEND_NOPREF 1 /* These have been taken from NmapOps.h */ 102 #define PACKET_SEND_ETH_WEAK 2 103 #define PACKET_SEND_ETH_STRONG 4 104 #define PACKET_SEND_ETH 6 105 #define PACKET_SEND_IP_WEAK 8 106 #define PACKET_SEND_IP_STRONG 16 107 #define PACKET_SEND_IP 24 108 109 #define IP_VERSION_4 0x04 110 #define IP_VERSION_6 0x06 111 112 #define NOT_SET -1 113 #define SET_RANDOM -2 114 115 #define MAX_ICMP_ADVERT_ENTRIES 128 116 117 #include "nping.h" 118 #include "global_structures.h" 119 #include "stats.h" 120 #include "NpingTargets.h" 121 #include <string> 122 123 class NpingOps { 124 125 private: 126 127 /* Probe modes */ 128 int mode; /* Probe mode (TCP,UDP,ICMP,ARP,RARP...) */ 129 bool mode_set; 130 bool traceroute; /* Is traceroute mode enabled? */ 131 bool traceroute_set; 132 133 /* Output */ 134 int vb; /* Current Verbosity level */ 135 bool vb_set; 136 int dbg; /* Current Debugging level */ 137 bool dbg_set; 138 bool show_sent_pkts; /* Print packets sent by Nping? */ 139 bool show_sent_pkts_set; 140 141 /* Operation and Performance */ 142 u32 pcount; /* No of packets 2be sent to each target */ 143 bool pcount_set; 144 int sendpref; /* Sending preference: eth or raw ip */ 145 bool sendpref_set; 146 bool send_eth; /* True: send at raw ethernet level */ 147 bool send_eth_set; 148 long delay; /* Delay between each probe */ 149 bool delay_set; 150 char device[MAX_DEV_LEN]; /* Network interface */ 151 bool device_set; 152 bool spoofsource; /* Did user request IP spoofing? */ 153 bool spoofsource_set; 154 char *bpf_filter_spec; /* Custom, user-supplied BPF filter spec */ 155 bool bpf_filter_spec_set; 156 int current_round; /** Current round. Used in traceroute mode */ 157 bool have_pcap; /* True if we have access to libpcap */ 158 bool disable_packet_capture; /* If false, no packets are captured */ 159 bool disable_packet_capture_set; 160 161 /* Privileges */ 162 bool isr00t; /* True if current user has root privs */ 163 164 /* Payloads */ 165 int payload_type; /* Type of payload (RAND,HEX,FILE) */ 166 bool payload_type_set; 167 u8 *payload_buff; /* Pointer 2buff with the actual payload */ 168 bool payload_buff_set; 169 int payload_len; /* Length of payload */ 170 bool payload_len_set; 171 172 /* Roles */ 173 int role; /* Nping's role: normal|client|server. */ 174 bool role_set; 175 176 /* IPv4 */ 177 u8 ttl; /* IPv4 TTL / IPv6 Hop limit */ 178 bool ttl_set; 179 u8 tos; /* Type of service */ 180 bool tos_set; 181 u16 identification; /* Identification field */ 182 bool identification_set; 183 bool mf; /* More fragments flag */ 184 bool mf_set; 185 bool df; /* Don't fragment flag */ 186 bool df_set; 187 u32 mtu; /* Custom MTU len (for IP fragmentation) */ 188 bool mtu_set; 189 bool badsum_ip; /* Generate invalid checksums in TCP/UDP */ 190 bool badsum_ip_set; 191 u8 ipversion; /* IP version to be used in all packets */ 192 bool ipversion_set; 193 struct in_addr ipv4_src_address; /* Source IPv4 address */ 194 bool ipv4_src_address_set; 195 char *ip_options; /* IP Options */ 196 bool ip_options_set; 197 198 /* IPv6 */ 199 u8 ipv6_tclass; /* Traffic Class */ 200 bool ipv6_tclass_set; 201 u32 ipv6_flowlabel; /* Flow Label */ 202 bool ipv6_flowlabel_set; 203 struct in6_addr ipv6_src_address; /**< Source IPv6 address */ 204 bool ipv6_src_address_set; 205 206 /* TCP / UDP */ 207 u16 *target_ports; /* Will point to an array of ports */ 208 int tportcount; /* Total number of target ports */ 209 bool target_ports_set; 210 u16 source_port; /* Source port for TCP/UPD packets */ 211 bool source_port_set; 212 u32 tcpseq; /* TCP Sequence number */ 213 bool tcpseq_set; 214 u32 tcpack; /* TCP Acknowledgement */ 215 bool tcpack_set; 216 u8 tcpflags[8]; /* TCP Flags */ 217 bool tcpflags_set; 218 u16 tcpwin; /* TCP Window */ 219 bool tcpwin_set; 220 bool badsum; /* Generate invalid TCP/UDP checksums? */ 221 bool badsum_set; 222 223 /* ICMP */ 224 u8 icmp_type; /* ICMP Type */ 225 bool icmp_type_set; 226 u8 icmp_code; /* ICMP Code */ 227 bool icmp_code_set; 228 bool badsum_icmp; /* Generate invalid ICMP checksums? */ 229 bool badsum_icmp_set; 230 struct in_addr icmp_redir_addr; /* ICMP Redirect Address */ /* ##TODO## Turn this into an IPAddress object */ 231 bool icmp_redir_addr_set; 232 u8 icmp_paramprob_pnt; /* ICMP Parameter Problem pointer */ 233 bool icmp_paramprob_pnt_set; 234 u16 icmp_routeadv_ltime; /* ICMP Router Advertisement lifetime */ 235 bool icmp_routeadv_ltime_set; 236 u16 icmp_id; /* ICMP message identifier */ 237 bool icmp_id_set; 238 u16 icmp_seq; /* ICMP sequence number */ 239 bool icmp_seq_set; 240 u32 icmp_orig_time; /* ICMP originate timestamp */ 241 bool icmp_orig_time_set; 242 u32 icmp_recv_time; /* ICMP receive timestamp */ 243 bool icmp_recv_time_set; 244 u32 icmp_trans_time; /* ICMP transmit timestamp */ 245 bool icmp_trans_time_set; 246 /* ICMP Router advertisement entries */ 247 struct in_addr icmp_advert_entry_addr[MAX_ICMP_ADVERT_ENTRIES]; 248 u32 icmp_advert_entry_pref[MAX_ICMP_ADVERT_ENTRIES]; 249 int icmp_advert_entry_count; 250 bool icmp_advert_entry_set; 251 252 /* Ethernet */ 253 u8 src_mac[6]; /* Source MAC address */ 254 bool src_mac_set; 255 u8 dst_mac[6]; /* Destination MAC address */ 256 bool dst_mac_set; 257 u16 eth_type; /* EtherType field of the Ethernet frame */ 258 bool eth_type_set; 259 260 /* ARP/RARP */ 261 u16 arp_htype; /* ARP Hardware type */ 262 bool arp_htype_set; 263 u16 arp_ptype; /* ARP Protocol type */ 264 bool arp_ptype_set; 265 u8 arp_hlen; /* ARP Hardware address length */ 266 bool arp_hlen_set; 267 u8 arp_plen; /* ARP protocol address length */ 268 bool arp_plen_set; 269 u16 arp_opcode; /* ARP Operation code */ 270 bool arp_opcode_set; 271 u8 arp_sha[6]; /* ARP Sender hardware address */ 272 bool arp_sha_set; 273 u8 arp_tha[6]; /* ARP Target hardware address */ 274 bool arp_tha_set; 275 struct in_addr arp_spa; /* ARP Sender protocol address */ 276 bool arp_spa_set; 277 struct in_addr arp_tpa; /* ARP Target protocol address */ 278 bool arp_tpa_set; 279 280 /* Echo mode */ 281 u16 echo_port; /* Echo port to listen or connect to */ 282 bool echo_port_set; 283 char echo_passphrase[1024]; /* User passphrase */ 284 bool echo_passphrase_set; 285 bool do_crypto; /* Do encrypted & authenticated sessions? */ 286 bool echo_payload; /* Echo application-layer payloads? */ 287 bool echo_payload_set; 288 bool echo_server_once; /* Run server for only 1 client and quit? */ 289 bool echo_server_once_set; 290 struct timeval last_sent_pkt_time; /* Time last packet was sent */ 291 char *delayed_rcvd_str; /* Delayed RCVD output string */ 292 bool delayed_rcvd_str_set; /* Do we have a delayed RCVD string? */ 293 nsock_event_id delayed_rcvd_event; /* Nsock event for delayed RCVD */ 294 295 public: 296 NpingTargets targets; 297 NpingStats stats; /* Global statistics */ 298 299 public: 300 301 /* Constructors / Destructors */ 302 NpingOps(); 303 ~NpingOps(); 304 305 /* Probe modes */ 306 int setMode(int md); 307 int getMode(); 308 char *mode2Ascii(int md); 309 bool issetMode(); 310 311 bool getTraceroute(); 312 bool enableTraceroute(); 313 bool disableTraceroute(); 314 bool issetTraceroute(); 315 316 /* Output */ 317 int setVerbosity(int level); 318 int getVerbosity(); 319 int increaseVerbosity(); 320 int decreaseVerbosity(); 321 bool issetVerbosity(); 322 323 int setDebugging(int level); 324 int getDebugging(); 325 int increaseDebugging(); 326 bool issetDebugging(); 327 328 int setShowSentPackets(bool val); 329 bool showSentPackets(); 330 bool issetShowSentPackets(); 331 332 /* Operation and Performance */ 333 int setHostTimeout(long t); 334 long getHostTimeout(); 335 bool issetHostTimeout(); 336 337 int setDelay(long t); 338 long getDelay(); 339 bool issetDelay(); 340 341 int setPacketCount(u32 val); 342 u32 getPacketCount(); 343 bool issetPacketCount(); 344 345 int setSendPreference(int v); 346 int getSendPreference(); 347 bool issetSendPreference(); 348 bool sendPreferenceEthernet(); 349 bool sendPreferenceIP(); 350 351 int setSendEth(bool val); 352 bool sendEth(); 353 bool issetSendEth(); 354 355 int setDevice(char *n); 356 char *getDevice(); 357 bool issetDevice(); 358 359 int setSpoofSource(); 360 bool spoofSource(); 361 bool getSpoofSource(); 362 bool issetSpoofSource(); 363 364 int setBPFFilterSpec(char *val); 365 char *getBPFFilterSpec(); 366 bool issetBPFFilterSpec(); 367 368 int setCurrentRound(int val); 369 int getCurrentRound(); 370 bool issetCurrentRound(); 371 372 bool havePcap(); 373 int setHavePcap(bool val); 374 375 int setDisablePacketCapture(bool val); 376 bool disablePacketCapture(); 377 bool issetDisablePacketCapture(); 378 379 int setIPVersion(u8 val); 380 int getIPVersion(); 381 bool issetIPVersion(); 382 bool ipv4(); 383 bool ipv6(); 384 bool ipv6UsingSocket(); 385 int af(); 386 387 /* Privileges */ 388 int setIsRoot(int v); 389 int setIsRoot(); 390 bool isRoot(); 391 392 /* Payloads */ 393 int setPayloadType(int t); 394 int getPayloadType(); 395 bool issetPayloadType(); 396 int setPayloadBuffer(u8 *p, int len); 397 u8 *getPayloadBuffer(); 398 bool issetPayloadBuffer(); 399 int getPayloadLen(); 400 bool issetPayloadLen(); 401 402 /* Roles */ 403 int setRole(int r); 404 int setRoleClient(); 405 int setRoleServer(); 406 int setRoleNormal(); 407 int getRole(); 408 bool issetRole(); 409 410 /* IPv4 */ 411 bool enableBadsumIP(); 412 bool disableBadsumIP(); 413 bool getBadsumIP(); 414 bool issetBadsumIP(); 415 416 int setTTL(u8 t); 417 u8 getTTL(); 418 bool issetTTL(); 419 420 int setTOS(u8 tos); 421 u8 getTOS(); 422 bool issetTOS(); 423 424 int setIdentification(u16 i); 425 u16 getIdentification(); 426 bool issetIdentification(); 427 428 int setMF(); 429 bool getMF(); 430 bool issetMF(); 431 432 int setDF(); 433 bool getDF(); 434 bool issetDF(); 435 436 struct in_addr getIPv4SourceAddress(); 437 int setIPv4SourceAddress(struct in_addr i); 438 bool issetIPv4SourceAddress(); 439 440 int setIPOptions(char *txt); 441 char *getIPOptions(); 442 bool issetIPOptions(); 443 444 int setMTU(u32 t); 445 u32 getMTU(); 446 bool issetMTU(); 447 448 /* IPv6 */ 449 int setTrafficClass(u8 val); 450 u8 getTrafficClass(); 451 bool issetTrafficClass(); 452 453 int setFlowLabel(u32 val); 454 u32 getFlowLabel(); 455 bool issetFlowLabel(); 456 457 int setHopLimit(u8 t); 458 u8 getHopLimit(); 459 bool issetHopLimit(); 460 461 int setIPv6SourceAddress(u8 *val); 462 int setIPv6SourceAddress(struct in6_addr val); 463 struct in6_addr getIPv6SourceAddress(); 464 bool issetIPv6SourceAddress(); 465 466 struct sockaddr_storage *getSourceSockAddr(); 467 struct sockaddr_storage *getSourceSockAddr(struct sockaddr_storage *ss); 468 469 /* TCP / UDP */ 470 u16 *getTargetPorts( int *len ); 471 int setTargetPorts( u16 *pnt, int n ); 472 bool issetTargetPorts(); 473 bool scan_mode_uses_target_ports(int mode); 474 475 476 477 int setSourcePort(u16 val); 478 u16 getSourcePort(); 479 bool issetSourcePort(); 480 481 bool enableBadsum(); 482 bool disableBadsum(); 483 bool getBadsum(); 484 bool issetBadsum(); 485 486 int setFlagTCP(int flag); 487 int setAllFlagsTCP(); 488 int unsetAllFlagsTCP(); 489 int getFlagTCP(int flag); 490 u8 getTCPFlags(); 491 bool issetTCPFlags(); 492 493 int setTCPSequence(u32 val); 494 u32 getTCPSequence(); 495 bool issetTCPSequence(); 496 497 int setTCPAck(u32 val); 498 u32 getTCPAck(); 499 bool issetTCPAck(); 500 501 int setTCPWindow(u16 val); 502 u16 getTCPWindow(); 503 bool issetTCPWindow(); 504 505 /* ICMP */ 506 int setICMPType(u8 type); 507 u8 getICMPType(); 508 bool issetICMPType(); 509 510 int setICMPCode(u8 val); 511 u8 getICMPCode(); 512 bool issetICMPCode(); 513 514 bool enableBadsumICMP(); 515 bool disableBadsumICMP(); 516 bool getBadsumICMP(); 517 bool issetBadsumICMP(); 518 519 int setICMPRedirectAddress(struct in_addr val); 520 struct in_addr getICMPRedirectAddress(); 521 bool issetICMPRedirectAddress(); 522 523 int setICMPParamProblemPointer(u8 val); 524 u8 getICMPParamProblemPointer(); 525 bool issetICMPParamProblemPointer(); 526 527 int setICMPRouterAdvLifetime(u16 val); 528 u16 getICMPRouterAdvLifetime(); 529 bool issetICMPRouterAdvLifetime(); 530 531 int setICMPIdentifier(u16 val); 532 u16 getICMPIdentifier(); 533 bool issetICMPIdentifier(); 534 535 int setICMPSequence(u16 val); 536 u16 getICMPSequence(); 537 bool issetICMPSequence(); 538 539 int setICMPOriginateTimestamp(u32 val); 540 u32 getICMPOriginateTimestamp(); 541 bool issetICMPOriginateTimestamp(); 542 543 int setICMPReceiveTimestamp(u32 val); 544 u32 getICMPReceiveTimestamp(); 545 bool issetICMPReceiveTimestamp(); 546 547 int setICMPTransmitTimestamp(u32 val); 548 u32 getICMPTransmitTimestamp(); 549 bool issetICMPTransmitTimestamp(); 550 551 int addICMPAdvertEntry(struct in_addr addr, u32 pref ); 552 int getICMPAdvertEntry(int num, struct in_addr *addr, u32 *pref); 553 int getICMPAdvertEntryCount(); 554 bool issetICMPAdvertEntry(); 555 556 /* Ethernet */ 557 int setSourceMAC(u8 * val); 558 u8 * getSourceMAC(); 559 bool issetSourceMAC(); 560 561 int setDestMAC(u8 * val); 562 u8 * getDestMAC(); 563 bool issetDestMAC(); 564 565 int setEtherType(u16 val); 566 u16 getEtherType(); 567 bool issetEtherType(); 568 569 /* ARP/RARP */ 570 int setARPHardwareType(u16 val); 571 u16 getARPHardwareType(); 572 bool issetARPHardwareType(); 573 574 int setARPProtocolType(u16 val); 575 u16 getARPProtocolType(); 576 bool issetARPProtocolType(); 577 578 int setARPHwAddrLen(u8 val); 579 u8 getARPHwAddrLen(); 580 bool issetARPHwAddrLen(); 581 582 int setARPProtoAddrLen(u8 val); 583 u8 getARPProtoAddrLen(); 584 bool issetARPProtoAddrLen(); 585 586 int setARPOpCode(u16 val); 587 u16 getARPOpCode(); 588 bool issetARPOpCode(); 589 590 int setARPSenderHwAddr(u8 * val); 591 u8 * getARPSenderHwAddr(); 592 bool issetARPSenderHwAddr(); 593 594 int setARPTargetHwAddr(u8 * val); 595 u8 * getARPTargetHwAddr(); 596 bool issetARPTargetHwAddr(); 597 598 int setARPSenderProtoAddr(struct in_addr val); 599 struct in_addr getARPSenderProtoAddr(); 600 bool issetARPSenderProtoAddr(); 601 602 int setARPTargetProtoAddr(struct in_addr val); 603 struct in_addr getARPTargetProtoAddr(); 604 bool issetARPTargetProtoAddr(); 605 606 /* Echo Mode */ 607 int setEchoPort(u16 val); 608 u16 getEchoPort(); 609 bool issetEchoPort(); 610 611 int setEchoPassphrase(const char *str); 612 char *getEchoPassphrase(); 613 bool issetEchoPassphrase(); 614 615 bool doCrypto(); 616 int doCrypto(bool value); 617 618 bool echoPayload(); 619 int echoPayload(bool value); 620 621 int setOnce(bool val); 622 bool once(); 623 624 /* Validation */ 625 void validateOptions(); 626 bool canRunUDPWithoutPrivileges(); 627 bool canDoIPv6ThroughSocket(); 628 bool canDoIPv6Ethernet(); 629 char *select_network_iface(); 630 631 /* Misc */ 632 void displayNpingDoneMsg(); 633 void displayStatistics(); 634 int cleanup(); 635 int setDefaultHeaderValues(); 636 int getTotalProbes(); 637 638 int setLastPacketSentTime(struct timeval t); 639 struct timeval getLastPacketSentTime(); 640 641 int setDelayedRcvd(const char *str, nsock_event_id id); 642 char *getDelayedRcvd(nsock_event_id *id); 643 644 }; /* End of class NpingOps */ 645 646 #endif // NPING_NPINGOPS_H 647