many sources

igpg · Oct 14, 2013 · fff0658 · fff0658
1 parent b1d0d28
commit fff0658
Show file tree

Hide file tree

Showing 37 changed files with 1,342 additions and 268 deletions.
diff --git a/data/exclude.conf b/data/exclude.conf
@@ -67,6 +67,8 @@
 153.11.0.0/16
 
 
+
+
 #Date: Mon, 7 Oct 2013 17:25:41 -0700
 #Subject: Re: please stop the attack to our router
 #From: Di Li <[email protected]>
@@ -87,3 +89,143 @@
 #
 #Di
 
+4.53.201.0/24
+5.152.179.0/24
+8.12.162.0-8.12.164.255
+8.14.84.0/22
+8.14.145.0-8.14.147.255
+8.17.250.0-8.17.252.255
+23.27.0.0/16
+23.231.128.0/17
+37.72.172.0/23
+38.72.200.0/22
+50.93.192.0-50.93.197.255
+50.115.128.0/20
+50.117.0.0/17
+50.118.128.0/17
+63.141.222.0/24
+64.62.253.0/24
+64.92.96.0/19
+64.145.79.0/24
+64.145.82.0/23
+64.158.146.0/23
+65.49.24.0/24
+65.49.93.0/24
+65.162.192.0/22
+66.79.160.0/19
+66.160.191.0/24
+68.68.96.0/20
+69.46.64.0/19
+69.176.80.0/20
+72.13.80.0/20
+72.52.76.0/24
+74.82.43.0/24
+74.82.160.0/19
+74.114.88.0/22
+74.115.0.0/24
+74.115.2.0/24
+74.115.4.0/24
+74.122.100.0/22
+75.127.0.0/24
+103.251.91.0/24
+108.171.32.0/24
+108.171.42.0/24
+108.171.52.0/24
+108.171.62.0/24
+118.193.78.0/23
+130.93.16.0/23
+136.0.0.0/16
+142.111.0.0/16
+142.252.0.0/16
+146.82.55.93
+149.54.136.0/21
+149.54.152.0/21
+166.88.0.0/16
+172.252.0.0/16
+173.245.64.0/19
+173.245.194.0/23
+173.245.220.0/22
+173.252.192.0/18
+178.18.16.0/22
+178.18.26.0-178.18.29.255
+183.182.22.0/24
+192.92.114.0/24
+192.155.160.0/19
+192.177.0.0/16
+192.186.0.0/18
+192.249.64.0/20
+192.250.240.0/20
+194.110.214.0/24
+198.12.120.0-198.12.122.255
+198.144.240.0/20
+199.33.120.0/24
+199.33.124.0/22
+199.48.147.0/24
+199.68.196.0/22
+199.127.240.0/21
+199.187.168.0/22
+199.188.238.0/23
+199.255.208.0/24
+203.12.6.0/24
+204.13.64.0/21
+204.16.192.0/21
+204.19.238.0/24
+204.74.208.0/20
+205.159.189.0/24
+205.164.0.0/18
+205.209.128.0/18
+206.108.52.0/23
+206.165.4.0/24
+208.77.40.0/21
+208.80.4.0/22
+208.123.223.0/24
+209.51.185.0/24
+209.54.48.0/20
+209.107.192.0/23
+209.107.210.0/24
+209.107.212.0/24
+211.156.110.0/23
+216.83.33.0-216.83.49.255
+216.83.51.0-216.83.63.255
+216.151.183.0/24
+216.151.190.0/23
+216.172.128.0/19
+216.185.36.0/24
+216.218.233.0/24
+216.224.112.0/20
+
+#Received: from [194.77.40.242] (HELO samba.agouros.de)
+# for [email protected]; Sat, 12 Oct 2013 09:55:35 -0500
+#Received: from rumba.agouros.de (rumba-internal [192.168.8.1])	by
+# samba.agouros.de (Postfix) with ESMTPS id 9055FBAD1D	for
+# <[email protected]>; Sat, 12 Oct 2013 16:55:32 +0200 (CEST)
+#Received: from rumba.agouros.de (localhost [127.0.0.1])	by rumba.agouros.de
+# (Postfix) with ESMTP id 7B5DD206099	for <[email protected]>; Sat, 12 Oct
+# 2013 16:55:32 +0200 (CEST)
+#Received: from localhost.localdomain (localhost [127.0.0.1])	by
+# rumba.agouros.de (Postfix) with ESMTP id 5FBC420601D	for
+# <[email protected]>; Sat, 12 Oct 2013 16:55:32 +0200 (CEST)
+#To: <[email protected]>
+#Subject: Loginattempts from Your net
+#Message-ID: <[email protected]>
+#Date: Sat, 12 Oct 2013 16:55:32 +0200
+#From: <[email protected]>
+#
+#The address 209.126.230.72 from Your network tried to log in to
+#our network using Port 22 (1)/tcp. Below You will find a listing of the dates and
+#times the incidents occured as well as the attacked IP-Addresses.
+#This is a matter of concern for us and continued tries might result in
+#legal action. If the machine was victim to a hack take it offline, repair
+#the damage and use better protection next time.
+#The times included are in Central European (Summer) Time.
+#Date	Sourceip	port	destips
+#
+#07.10.2013 22:34:40 CEST	209.126.230.72	22	194.77.40.242 (1)
+#08.10.2013 01:44:15 CEST	209.126.230.72	22	194.77.40.246 (1)
+#
+#Regards,
+#Konstantin Agouros
+
+194.77.40.242
+194.77.40.246
+
diff --git a/src/main-conf.c b/src/main-conf.c
@@ -86,6 +86,25 @@ print_nmap_help(void)
 "\n");
 }
 
+/***************************************************************************
+ ***************************************************************************/
+static unsigned
+count_cidr_bits(struct Range range)
+{
+    unsigned i;
+
+    for (i=0; i<32; i++) {
+        unsigned mask = 0xFFFFFFFF >> i;
+
+        if ((range.begin & ~mask) == (range.end & ~mask)) {
+            if ((range.begin & mask) == 0 && (range.end & mask) == mask)
+                return i;
+        }
+    }
+
+    return 0;
+}
+
 
 /***************************************************************************
  * Echoes the configuration for one nic
@@ -104,12 +123,25 @@ masscan_echo_nic(struct Masscan *masscan, FILE *fp, unsigned i)
         sprintf_s(zzz, sizeof(zzz), "[%u]", i);
 
     fprintf(fp, "adapter%s = %s\n", zzz, masscan->nic[i].ifname);
-    fprintf(fp, "adapter-ip%s = %u.%u.%u.%u\n", zzz,
-        (masscan->nic[i].adapter_ip>>24)&0xFF,
-        (masscan->nic[i].adapter_ip>>16)&0xFF,
-        (masscan->nic[i].adapter_ip>> 8)&0xFF,
-        (masscan->nic[i].adapter_ip>> 0)&0xFF
-        );
+    if (masscan->nic[i].src.ip.first == masscan->nic[i].src.ip.last)
+        fprintf(fp, "adapter-ip%s = %u.%u.%u.%u\n", zzz,
+            (masscan->nic[i].src.ip.first>>24)&0xFF,
+            (masscan->nic[i].src.ip.first>>16)&0xFF,
+            (masscan->nic[i].src.ip.first>> 8)&0xFF,
+            (masscan->nic[i].src.ip.first>> 0)&0xFF
+            );
+    else
+        fprintf(fp, "adapter-ip%s = %u.%u.%u.%u\n", zzz,
+            (masscan->nic[i].src.ip.first>>24)&0xFF,
+            (masscan->nic[i].src.ip.first>>16)&0xFF,
+            (masscan->nic[i].src.ip.first>> 8)&0xFF,
+            (masscan->nic[i].src.ip.first>> 0)&0xFF,
+            (masscan->nic[i].src.ip.last>>24)&0xFF,
+            (masscan->nic[i].src.ip.last>>16)&0xFF,
+            (masscan->nic[i].src.ip.last>> 8)&0xFF,
+            (masscan->nic[i].src.ip.last>> 0)&0xFF
+            );
+
     fprintf(fp, "adapter-mac%s = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz,
             masscan->nic[i].adapter_mac[0],
             masscan->nic[i].adapter_mac[1],
@@ -202,17 +234,10 @@ masscan_echo(struct Masscan *masscan, FILE *fp)
             (range.begin>> 0)&0xFF
             );
         if (range.begin != range.end) {
-            unsigned i;
+            unsigned cidr_bits = count_cidr_bits(range);
 
-            for (i=0; i<30; i++) {
-                if ((range.begin&(1<<i))==0 && (range.end&(1<<i)))
-                    ;
-                else
-                    break;
-            }
-            i = 32-i;
-            if ((range.begin & (0xFFFFFFFF>>i)) == ((range.end & (0xFFFFFFFF>>i)))) {
-                fprintf(fp, "/%u", i);
+            if (cidr_bits) {
+                fprintf(fp, "/%u", cidr_bits);
             } else
             fprintf(fp, "-%u.%u.%u.%u",
                 (range.end>>24)&0xFF,
@@ -224,6 +249,12 @@ masscan_echo(struct Masscan *masscan, FILE *fp)
         fprintf(fp, "\n");
     }
 
+    fprintf(fp, "\n");
+    if (masscan->http_user_agent)
+        fprintf(    fp, 
+                    "http-user-agent = %.*s\n",
+                    masscan->http_user_agent_length,
+                    masscan->http_user_agent);
 
 }
 
@@ -471,6 +502,15 @@ parseTime(const char *value)
     return num;
 }
 
+/***************************************************************************
+ ***************************************************************************/
+static int
+is_power_of_two(uint64_t x)
+{
+    while ((x&1) == 0)
+        x >>= 1;
+    return x == 1;
+}
 
 
 /***************************************************************************
@@ -542,25 +582,61 @@ masscan_set_parameter(struct Masscan *masscan,
              || EQUALS("source-address", name) || EQUALS("spoof-ip", name)
              || EQUALS("spoof-address", name)) {
         /* Send packets FROM this IP address */
-            struct Range range;
+        struct Range range;
 
-            range = range_parse_ipv4(value, 0, 0);
-            if (range.begin > range.end) {
-                fprintf(stderr, "CONF: bad source IPv4 address: %s=%s\n", 
-                        name, value);
-                return;
-            }
+        range = range_parse_ipv4(value, 0, 0);
+
+        /* Check for bad format */
+        if (range.begin > range.end) {
+            LOG(0, "FAIL: bad source IPv4 address: %s=%s\n", 
+                    name, value);
+            LOG(0, "hint   addresses look like \"19.168.1.23\"\n");
+            exit(1);
+        }
+
+        /* If more than one IP address given, make the range is
+            * an even power of two (1, 2, 4, 8, 16, ...) */
+        if (!is_power_of_two(range.end - range.begin + 1)) {
+            LOG(0, "FAIL: range must be even power of two: %s=%s\n", 
+                    name, value);
+            exit(1);
+        }
 
-            masscan->nic[index].adapter_ip = range.begin;
+        masscan->nic[index].src.ip.first = range.begin;
+        masscan->nic[index].src.ip.last = range.end;
+        masscan->nic[index].src.ip.range = range.end - range.begin + 1;
     } else if (EQUALS("adapter-port", name) || EQUALS("source-port", name)) {
         /* Send packets FROM this port number */
-        unsigned x = strtoul(value, 0, 0);
-        if (x > 65535) {
-            fprintf(stderr, "error: %s=<n>: expected number less than 1000\n", 
+        unsigned is_error = 0;
+        struct RangeList ports;
+        memset(&ports, 0, sizeof(ports));
+
+        rangelist_parse_ports(&ports, value, &is_error);
+
+        /* Check if there was an error in parsing */
+        if (is_error) {
+            LOG(0, "FAIL: bad source port specification: %s\n", 
                     name);
-        } else {
-            masscan->nic[index].adapter_port = x;
+            exit(1);
+        }
+
+        /* Only allow one range of ports */
+        if (ports.count != 1) {
+            LOG(0, "FAIL: only one source port range may be specified: %s\n", 
+                    name);
+            exit(1);
         }
+
+        /* verify range is even power of 2 (1, 2, 4, 8, 16, ...) */
+        if (!is_power_of_two(ports.list[0].end - ports.list[0].begin + 1)) {
+            LOG(0, "FAIL: source port range must be even power of two: %s=%s\n", 
+                    name, value);
+            exit(1);
+        }
+
+        masscan->nic[index].src.port.first = ports.list[0].begin;
+        masscan->nic[index].src.port.last = ports.list[0].end;
+        masscan->nic[index].src.port.range = ports.list[0].end - ports.list[0].begin + 1;
     } else if (EQUALS("adapter-mac", name) || EQUALS("spoof-mac", name)
                || EQUALS("source-mac", name)) {
         /* Send packets FROM this MAC address */
@@ -616,12 +692,18 @@ masscan_set_parameter(struct Masscan *masscan,
 
     }
     else if (EQUALS("ports", name) || EQUALS("port", name)) {
-        rangelist_parse_ports(&masscan->ports, value);
+        unsigned is_error = 0;
+        rangelist_parse_ports(&masscan->ports, value, &is_error);
         if (masscan->op == 0)
             masscan->op = Operation_Scan;
     }
     else if (EQUALS("exclude-ports", name) || EQUALS("exclude-port", name)) {
-        rangelist_parse_ports(&masscan->exclude_port, value);
+        unsigned is_error = 0;
+        rangelist_parse_ports(&masscan->exclude_port, value, &is_error);
+        if (is_error) {
+            LOG(0, "FAIL: bad exclude port: %s\n", value);
+            exit(1);
+        }
     } else if (EQUALS("arp", name) || EQUALS("arpscan", name)) {
         /* Add ICMP ping request */
         struct Range range;
@@ -736,6 +818,15 @@ masscan_set_parameter(struct Masscan *masscan,
     } else if (EQUALS("host-timeout", name)) {
         fprintf(stderr, "nmap(%s): unsupported: this is an asynchronous tool, so no timeouts\n", name);
         exit(1);
+    } else if (EQUALS("http-user-agent", name)) {
+        if (masscan->http_user_agent)
+            free(masscan->http_user_agent);
+        masscan->http_user_agent_length = (unsigned)strlen(value);
+        masscan->http_user_agent = (unsigned char *)malloc(masscan->http_user_agent_length+1);
+        memcpy( masscan->http_user_agent,
+                value,
+                masscan->http_user_agent_length+1
+                );
     } else if (EQUALS("iflist", name)) {
         masscan->op = Operation_List_Adapters;
     } else if (EQUALS("includefile", name)) {
@@ -1412,6 +1503,22 @@ mainconf_selftest()
     trim(test, sizeof(test));
     if (strcmp(test, "test 1") != 0)
         return 1; /* failure */
-
+
+    {
+        struct Range range;
+
+        range.begin = 16;
+        range.end = 32-1;
+        if (count_cidr_bits(range) != 28)
+            return 1;
+
+        range.begin = 1;
+        range.end = 13;
+        if (count_cidr_bits(range) != 0)
+            return 1;
+
+
+    }
+
     return 0;
 }