1 2 /*************************************************************************** 3 * Target.h -- The Target class encapsulates much of the information Nmap * 4 * has about a host. Results (such as ping, OS scan, etc) are stored in * 5 * this class as they are determined. * 6 * * 7 ***********************IMPORTANT NMAP LICENSE TERMS************************ 8 * * 9 * The Nmap Security Scanner is (C) 1996-2020 Insecure.Com LLC ("The Nmap * 10 * Project"). Nmap is also a registered trademark of the Nmap Project. * 11 * * 12 * This program is distributed under the terms of the Nmap Public Source * 13 * License (NPSL). The exact license text applying to a particular Nmap * 14 * release or source code control revision is contained in the LICENSE * 15 * file distributed with that version of Nmap or source code control * 16 * revision. More Nmap copyright/legal information is available from * 17 * https://nmap.org/book/man-legal.html, and further information on the * 18 * NPSL license itself can be found at https://nmap.org/npsl. This header * 19 * summarizes some key points from the Nmap license, but is no substitute * 20 * for the actual license text. * 21 * * 22 * Nmap is generally free for end users to download and use themselves, * 23 * including commercial use. It is available from https://nmap.org. * 24 * * 25 * The Nmap license generally prohibits companies from using and * 26 * redistributing Nmap in commercial products, but we sell a special Nmap * 27 * OEM Edition with a more permissive license and special features for * 28 * this purpose. See https://nmap.org/oem * 29 * * 30 * If you have received a written Nmap license agreement or contract * 31 * stating terms other than these (such as an Nmap OEM license), you may * 32 * choose to use and redistribute Nmap under those terms instead. * 33 * * 34 * The official Nmap Windows builds include the Npcap software * 35 * (https://npcap.org) for packet capture and transmission. It is under * 36 * separate license terms which forbid redistribution without special * 37 * permission. So the official Nmap Windows builds may not be * 38 * redistributed without special permission (such as an Nmap OEM * 39 * license). * 40 * * 41 * Source is provided to this software because we believe users have a * 42 * right to know exactly what a program is going to do before they run it. * 43 * This also allows you to audit the software for security holes. * 44 * * 45 * Source code also allows you to port Nmap to new platforms, fix bugs, * 46 * and add new features. You are highly encouraged to submit your * 47 * changes as a Github PR or by email to the dev@nmap.org mailing list * 48 * for possible incorporation into the main distribution. Unless you * 49 * specify otherwise, it is understood that you are offering us very * 50 * broad rights to use your submissions as described in the Nmap Public * 51 * Source License Contributor Agreement. This is important because we * 52 * fund the project by selling licenses with various terms, and also * 53 * because the inability to relicense code has caused devastating * 54 * problems for other Free Software projects (such as KDE and NASM). * 55 * * 56 * The free version of Nmap is distributed in the hope that it will be * 57 * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * 58 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties, * 59 * indemnification and commercial support are all available through the * 60 * Npcap OEM program--see https://nmap.org/oem. * 61 * * 62 ***************************************************************************/ 63 64 /* $Id: Target.h 38078 2020-10-02 16:12:22Z dmiller $ */ 65 66 #ifndef TARGET_H 67 #define TARGET_H 68 69 #include "nbase.h" 70 71 #include "libnetutil/netutil.h" /* devtype */ 72 73 #ifndef NOLUA 74 #include "nse_main.h" 75 #endif 76 77 #include "portreasons.h" 78 #include "portlist.h" 79 #include "probespec.h" 80 #include "osscan.h" 81 #include "osscan2.h" 82 class FingerPrintResults; 83 84 #include <list> 85 #include <string> 86 #include <time.h> /* time_t */ 87 88 #ifndef INET6_ADDRSTRLEN 89 #define INET6_ADDRSTRLEN 46 90 #endif 91 92 enum osscan_flags { 93 OS_NOTPERF=0, OS_PERF, OS_PERF_UNREL 94 }; 95 96 struct host_timeout_nfo { 97 unsigned long msecs_used; /* How many msecs has this Target used? */ 98 bool toclock_running; /* Is the clock running right now? */ 99 struct timeval toclock_start; /* When did the clock start? */ 100 time_t host_start, host_end; /* The absolute start and end for this host */ 101 }; 102 103 struct TracerouteHop { 104 struct sockaddr_storage tag; 105 bool timedout; 106 std::string name; 107 struct sockaddr_storage addr; 108 int ttl; 109 float rtt; /* In milliseconds. */ 110 display_nameTracerouteHop111 int display_name(char *buf, size_t len) { 112 if (name.empty()) 113 return Snprintf(buf, len, "%s", inet_ntop_ez(&addr, sizeof(addr))); 114 else 115 return Snprintf(buf, len, "%s (%s)", name.c_str(), inet_ntop_ez(&addr, sizeof(addr))); 116 } 117 }; 118 119 class Target { 120 public: /* For now ... TODO: a lot of the data members should be made private */ 121 Target(); 122 ~Target(); 123 /* Recycles the object by freeing internal objects and reinitializing 124 to default state */ 125 void Recycle(); 126 /* Returns the address family of the destination address. */ 127 int af() const; 128 /* Fills a sockaddr_storage with the AF_INET or AF_INET6 address 129 information of the target. This is a preferred way to get the 130 address since it is portable for IPv6 hosts. Returns 0 for 131 success. ss_len must be provided. It is not examined, but is set 132 to the size of the sockaddr copied in. */ 133 int TargetSockAddr(struct sockaddr_storage *ss, size_t *ss_len) const; 134 const struct sockaddr_storage *TargetSockAddr() const; 135 /* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted 136 to sockaddr_storage */ 137 void setTargetSockAddr(const struct sockaddr_storage *ss, size_t ss_len); 138 // Returns IPv4 target host address or {0} if unavailable. 139 struct in_addr v4host() const; 140 const struct in_addr *v4hostip() const; 141 const struct in6_addr *v6hostip() const; 142 /* The source address used to reach the target */ 143 int SourceSockAddr(struct sockaddr_storage *ss, size_t *ss_len) const; 144 const struct sockaddr_storage *SourceSockAddr() const; 145 /* Note that it is OK to pass in a sockaddr_in or sockaddr_in6 casted 146 to sockaddr_storage */ 147 void setSourceSockAddr(const struct sockaddr_storage *ss, size_t ss_len); 148 struct sockaddr_storage source() const; 149 const struct in_addr *v4sourceip() const; 150 const struct in6_addr *v6sourceip() const; 151 /* The IPv4 or IPv6 literal string for the target host */ targetipstr()152 const char *targetipstr() const { return targetipstring; } 153 /* The IPv4 or IPv6 literal string for the source address */ sourceipstr()154 const char *sourceipstr() const { return sourceipstring; } 155 /* Give the name from the last setHostName() call, which should be 156 the name obtained from reverse-resolution (PTR query) of the IP (v4 157 or v6). If the name has not been set, or was set to NULL, an empty 158 string ("") is returned to make printing easier. */ HostName()159 const char *HostName() const { return hostname? hostname : ""; } 160 /* You can set to NULL to erase a name or if it failed to resolve -- or 161 just don't call this if it fails to resolve. The hostname is blown 162 away when you setTargetSockAddr(), so make sure you do these in proper 163 order 164 */ 165 void setHostName(const char *name); 166 /* Generates a printable string consisting of the host's IP 167 address and hostname (if available). Eg "www.insecure.org 168 (64.71.184.53)" or "fe80::202:e3ff:fe14:1102". The name is 169 written into the buffer provided, which is also returned. Results 170 that do not fit in buflen will be truncated. */ 171 const char *NameIP(char *buf, size_t buflen) const; 172 /* This next version returns a STATIC buffer -- so no concurrency */ 173 const char *NameIP() const; 174 175 /* Give the name from the last setTargetName() call, which is the 176 name of the target given on the command line if it's a named 177 host. */ TargetName()178 const char *TargetName() { return targetname; } 179 /* You can set to NULL to erase a name. The targetname is blown 180 away when you setTargetSockAddr(), so make sure you do these in proper 181 order 182 */ 183 void setTargetName(const char *name); 184 185 /* If the host is directly connected on a network, set and retrieve 186 that information here. directlyConnected() will abort if it hasn't 187 been set yet. */ 188 void setDirectlyConnected(bool connected); 189 bool directlyConnected() const; 190 int directlyConnectedOrUnset() const; /* 1-directly connected, 0-no, -1-we don't know*/ 191 192 /* If the host is NOT directly connected, you can set the next hop 193 value here. It is OK to pass in a sockaddr_in or sockaddr_in6 194 casted to sockaddr_storage*/ 195 void setNextHop(struct sockaddr_storage *next_hop, size_t next_hop_len); 196 /* Returns the next hop for sending packets to this host. Returns true if 197 next_hop was filled in. It might be false, for example, if 198 next_hop has never been set */ 199 bool nextHop(struct sockaddr_storage *next_hop, size_t *next_hop_len); 200 201 void setMTU(int devmtu); 202 int MTU(void); 203 204 /* Sets the interface type to one of: 205 devt_ethernet, devt_loopback, devt_p2p, devt_other 206 */ setIfType(devtype iftype)207 void setIfType(devtype iftype) { interface_type = iftype; } 208 /* Returns -1 if it has not yet been set with setIfType() */ ifType()209 devtype ifType() { return interface_type; } 210 /* Starts the timeout clock for the host running (e.g. you are 211 beginning a scan). If you do not have the current time handy, 212 you can pass in NULL. When done, call stopTimeOutClock (it will 213 also automatically be stopped of timedOut() returns true) */ 214 void startTimeOutClock(const struct timeval *now); 215 /* The complement to startTimeOutClock. */ 216 void stopTimeOutClock(const struct timeval *now); 217 /* Is the timeout clock currently running? */ timeOutClockRunning()218 bool timeOutClockRunning() { return htn.toclock_running; } 219 /* Returns whether the host is timedout. If the timeoutclock is 220 running, counts elapsed time for that. Pass NULL if you don't have the 221 current time handy. You might as well also pass NULL if the 222 clock is not running, as the func won't need the time. */ 223 bool timedOut(const struct timeval *now); 224 /* Return time_t for the start and end time of this host */ StartTime()225 time_t StartTime() { return htn.host_start; } EndTime()226 time_t EndTime() { return htn.host_end; } 227 228 /* Takes a 6-byte MAC address */ 229 int setMACAddress(const u8 *addy); 230 int setSrcMACAddress(const u8 *addy); 231 int setNextHopMACAddress(const u8 *addy); // this should be the target's own MAC if directlyConnected() 232 233 /* Returns a pointer to 6-byte MAC address, or NULL if none is set */ 234 const u8 *MACAddress() const; 235 const u8 *SrcMACAddress() const; 236 const u8 *NextHopMACAddress() const; 237 238 /* Set the device names so that they can be returned by deviceName() 239 and deviceFullName(). The normal name may not include alias 240 qualifier, while the full name may include it (e.g. "eth1:1"). If 241 these are non-null, they will overwrite the stored version */ 242 void setDeviceNames(const char *name, const char *fullname); 243 const char *deviceName() const; 244 const char *deviceFullName() const; 245 246 int osscanPerformed(void); 247 void osscanSetFlag(int flag); 248 249 struct seq_info seq; 250 int distance; 251 enum dist_calc_method distance_calculation_method; 252 FingerPrintResults *FPR; /* FP results get by the OS scan system. */ 253 PortList ports; 254 255 int weird_responses; /* echo responses from other addresses, Ie a network broadcast address */ 256 int flags; /* HOST_UNKNOWN, HOST_UP, or HOST_DOWN. */ 257 struct timeout_info to; 258 char *hostname; // Null if unable to resolve or unset 259 char * targetname; // The name of the target host given on the command line if it is a named host 260 261 struct probespec traceroute_probespec; 262 std::list <TracerouteHop> traceroute_hops; 263 264 /* If the address for this target came from a DNS lookup, the list of 265 resultant addresses (sometimes there are more than one) that were not scanned. */ 266 std::list<struct sockaddr_storage> unscanned_addrs; 267 268 #ifndef NOLUA 269 ScriptResults scriptResults; 270 #endif 271 272 state_reason_t reason; 273 274 /* A probe that is known to receive a response. This is used to hold the 275 current timing ping probe type during scanning. */ 276 probespec pingprobe; 277 /* The state the port or protocol entered when the response to pingprobe was 278 received. */ 279 int pingprobe_state; 280 281 private: 282 void Initialize(); 283 void FreeInternal(); // Free memory allocated inside this object 284 // Creates a "presentation" formatted string out of the target's IPv4/IPv6 address 285 void GenerateTargetIPString(); 286 // Creates a "presentation" formatted string out of the source IPv4/IPv6 address. 287 void GenerateSourceIPString(); 288 struct sockaddr_storage targetsock, sourcesock, nexthopsock; 289 size_t targetsocklen, sourcesocklen, nexthopsocklen; 290 int directly_connected; // -1 = unset; 0 = no; 1 = yes 291 char targetipstring[INET6_ADDRSTRLEN]; 292 char sourceipstring[INET6_ADDRSTRLEN]; 293 mutable char *nameIPBuf; /* for the NameIP(void) function to return */ 294 u8 MACaddress[6], SrcMACaddress[6], NextHopMACaddress[6]; 295 bool MACaddress_set, SrcMACaddress_set, NextHopMACaddress_set; 296 struct host_timeout_nfo htn; 297 devtype interface_type; 298 char devname[32]; 299 char devfullname[32]; 300 int mtu; 301 /* 0 (OS_NOTPERF) if os detection not performed 302 * 1 (OS_PERF) if os detection performed 303 * 2 (OS_PERF_UNREL) if an unreliable os detection has been performed */ 304 int osscan_flag; 305 }; 306 307 #endif /* TARGET_H */ 308 309