1 /********************************************************************** 2 * Copyright (C) (2004) (Jack Louis) <jack@dyadsecurity.com> * 3 * * 4 * This program is free software; you can redistribute it and/or * 5 * modify it under the terms of the GNU General Public License * 6 * as published by the Free Software Foundation; either * 7 * version 2 of the License, or (at your option) any later * 8 * version. * 9 * * 10 * This program is distributed in the hope that it will be useful, * 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of * 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * 13 * GNU General Public License for more details. * 14 * * 15 * You should have received a copy of the GNU General Public License * 16 * along with this program; if not, write to the Free Software * 17 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * 18 **********************************************************************/ 19 #ifndef _SCAN_EXPORTS_H 20 # define _SCAN_EXPORTS_H 21 22 #ifndef TH_FIN 23 #define TH_FIN 0x01 /* finished send data */ 24 #endif 25 #ifndef TH_SYN 26 #define TH_SYN 0x02 /* synchronize sequence numbers */ 27 #endif 28 #ifndef TH_RST 29 #define TH_RST 0x04 /* reset the connection */ 30 #endif 31 #ifndef TH_PUSH 32 #define TH_PUSH 0x08 /* push data to the app layer */ 33 #define TH_PSH 0x08 /* its too irritating to not have this */ 34 #endif 35 #ifndef TH_ACK 36 #define TH_ACK 0x10 /* acknowledge */ 37 #endif 38 #ifndef TH_URG 39 #define TH_URG 0x20 /* urgent! */ 40 #endif 41 #ifndef TH_ECE 42 #define TH_ECE 0x40 43 #endif 44 #ifndef TH_CWR 45 #define TH_CWR 0x80 46 #endif 47 48 #define MODE_TCPSCAN 1 49 #define MODE_UDPSCAN 2 50 #define MODE_IDLESCAN 4 51 #define MODE_ARPSCAN 8 52 53 #define REPORT_BADNETWORK_CKSUM 1 54 #define REPORT_BADTRANSPORT_CKSUM 2 55 56 #define OD_TYPE_OS 1 57 #define OD_TYPE_BANNER 2 58 59 #define REPORT_TYPE_IP 1 60 #define REPORT_TYPE_ARP 2 61 62 #define IP_REPORT_MAGIC 0xd2d1 63 #define ARP_REPORT_MAGIC 0xd9d8 64 65 typedef struct output_data_t { 66 uint8_t type; 67 union { 68 char *os; 69 char *banner; 70 } t_u; 71 } output_data_t; 72 73 typedef struct _PACKED_ ip_report_t { 74 uint16_t magic; /* extra checking */ 75 uint16_t sport; /* from our senders `local' port */ 76 uint16_t dport; /* the `target' machines listening port (or not listening) */ 77 uint8_t proto; /* what ip protocol it was that we got back */ 78 uint16_t type; /* for icmp this is type , for tcp it is the header flags on the packet, udp doesnt use this */ 79 uint16_t subtype; /* for icmp this is the code, for tcp and udp it is not used */ 80 uint32_t host_addr; /* our target machine */ 81 uint32_t trace_addr; /* if we sent to the target where did the packet come back from? */ 82 uint8_t ttl; /* the raw ttl on the packet from the wire (not that we sent) */ 83 struct timeval recv_time; /* the secs and usecs that we pulled the packet off the wire at */ 84 void *od_q; /* list of arbitrary data linked to this "packet" used in output mode (output_data_t list) */ 85 uint16_t flags; /* had bad network or transport crc */ 86 /* XXX this is too tcp specific for ip reporting */ 87 uint32_t mseq; /* tcp only */ 88 uint32_t tseq; /* tcp only */ 89 uint16_t window_size; /* tcp only */ 90 uint16_t doff; /* is there a packet following this report structure? if so (not 0) how many bytes is it */ 91 } ip_report_t; 92 93 typedef struct _PACKED_ arp_report_t { 94 uint16_t magic; /* extra checking */ 95 uint8_t hwaddr[6]; 96 uint32_t ipaddr; 97 struct timeval recv_time; 98 void *od_q; 99 uint16_t flags; 100 uint16_t doff; 101 } arp_report_t; 102 103 typedef struct seo_t { 104 uint16_t fingerprint; /* what fingerprint was the sender run with */ 105 uint8_t tos; /* what is the ip tos on the senders packets */ 106 uint8_t ttl; /* what is the ip ttl on the senders packets */ 107 uint16_t ip_off; /* what is the ip frag field on the senders packets */ 108 uint8_t tcphdrflgs; /* what tcp flags did the sender use */ 109 int32_t src_port; /* what src port did the sender send from? (-1 for random) */ 110 } seo_t; 111 112 #ifndef SCANSETTINGS 113 #define SCANSETTINGS void 114 #endif 115 116 /* prototypes for common.h used in getconfig.c */ 117 118 int get_scanopts(seo_t *); 119 void scan_setprivdefaults(); 120 /* returns -1 on error, otherwise returns what the scan mode is */ 121 int scan_setmode(const char *); 122 int scan_settcpflags(int ); 123 /* should all return -1 on error */ 124 int scan_setttl(int ); 125 int scan_settos(int ); 126 int scan_setbroken(const char *); 127 int scan_setfingerprint(int ); 128 int scan_setsrcp(int); 129 int scan_setrecvtimeout(int ); 130 131 void send_mode(void); 132 void recv_mode(void); 133 void init_mode(void); 134 void run_mode(void); 135 136 int add_payload(uint16_t /* port */, int32_t /* local port */ , const uint8_t * /* payload */, uint32_t /* payload_size */, 137 int (* /* create payload */)(uint8_t **, uint32_t *), uint16_t /* payload flags */); 138 139 int get_payload(uint16_t /*index*/, uint16_t /*port*/, uint8_t ** /*data*/, uint32_t * /*payload_s*/, int32_t * /*local_port*/, 140 int (** /*create payload */)(uint8_t **, uint32_t *), uint16_t /* payload_flags */); 141 142 #endif 143