reporting

src/in-binary.c

@@ -9,6 +9,11 @@
 #include "main-globals.h"
 #include "output.h"
 #include "string_s.h"
+#include "in-filter.h"
+#include "in-report.h"
+
+#include <stdlib.h>
+#include <assert.h>
 
 static const size_t BUF_MAX = 1024*1024;
 
@@ -204,88 +209,6 @@ parse_banner4(struct Output *out, unsigned char *buf, size_t buf_length)
                 );
 }
 
-struct CNDB_Entry {
-    unsigned ip;
-    char *name;
-    struct CNDB_Entry *next;
-};
-
-struct CNDB_Database {
-    struct CNDB_Entry *entries[65536];
-};
-
-/***************************************************************************
- ***************************************************************************/
-static struct CNDB_Database *db = NULL;
-
-/***************************************************************************
- ***************************************************************************/
-static const char *
-cndb_lookup(unsigned ip)
-{
-    const struct CNDB_Entry *entry;
-
-    entry = db->entries[ip&0xFFFF];
-    while (entry && entry->ip != ip)
-        entry = entry->next;
-    if (entry)
-        return entry->name;
-    else {
-        return 0;
-    }
-}
-/***************************************************************************
- ***************************************************************************/
-static void
-cndb_add(unsigned ip, const unsigned char *data, size_t length)
-{
-    size_t offset = 0;
-    size_t name_offset;
-    size_t name_length;
-
-    if (length < 7)
-        return;
-
-    /*cipher:0x39 , safe-we1.dyndns.org*/
-    if (memcmp(data+offset, "cipher:", 7) != 0)
-        return;
-    offset += 7;
-
-    /* skip to name */
-    while (offset < length && data[offset] != ',')
-        offset++;
-    if (offset >= length)
-        return;
-    else
-        offset++; /* skip ',' */
-    while (offset < length && data[offset] == ' ')
-        offset++;
-    if (offset >= length)
-        return;
-
-    /* we should have a good name */
-    name_offset = offset;
-    while (offset < length && data[offset] != ',')
-        offset++;
-    name_length = offset - name_offset;
-
-    /* now insert into database */
-    if (db == NULL) {
-        db = malloc(sizeof(*db));
-        memset(db, 0, sizeof(*db));
-    }
-    {
-        struct CNDB_Entry *entry;
-
-        entry = malloc(sizeof(*entry));
-        entry->ip =ip;
-        entry->name = malloc(name_length+1);
-        memcpy(entry->name, data+name_offset, name_length+1);
-        entry->name[name_length] = '\0';
-        entry->next = db->entries[ip&0xFFFF];
-        db->entries[ip&0xFFFF] = entry;
-    }
-}
 
 /***************************************************************************
  ***************************************************************************/
@@ -296,7 +219,7 @@ parse_banner9(struct Output *out, unsigned char *buf, size_t buf_length,
               const struct RangeList *btypes)
 {
     struct MasscanRecord record;
-    const unsigned char *data = buf+14;
+    unsigned char *data = buf+14;
     size_t data_length = buf_length-14;
 
     if (buf_length < 14)
@@ -319,37 +242,15 @@ parse_banner9(struct Output *out, unsigned char *buf, size_t buf_length,
      * KLUDGE: when doing SSL stuff, add a IP:name pair to a database
      * so we can annotate [VULN] strings with this information
      */
-    if (record.app_proto == PROTO_SSL3) {
-        cndb_add(record.ip, data, data_length);
-    } else if (record.app_proto == PROTO_VULN) {
-        const char *name = cndb_lookup(record.ip);
-
-        if (data_length == 15 && memcmp(data, "SSL[heartbeat] ", 15) == 0)
-            return;
+    //readscan_report(record.ip, record.app_proto, &data, &data_length);
+
 
-        if (name && strlen(name) < 300) {
-            //printf("vuln=%s\n", name);
-            ((char*)data)[data_length] = ' ';
-            memcpy((char*)data+data_length+1, name, strlen(name)+1);
-            data_length += strlen(name)+1;
-        }
-    }
-
     /*
-     * Filter
+     * Filter out records if requested
      */
-    if (ips && ips->count) {
-        if (!rangelist_is_contains(ips, record.ip))
-            return;
-    }
-    if (ports && ports->count) {
-        if (!rangelist_is_contains(ports, record.port))
-            return;
-    }
-    if (btypes && btypes->count) {
-        if (!rangelist_is_contains(btypes, record.app_proto))
-            return;
-    }
+    if (!readscan_filter_pass(record.ip, record.port, record.app_proto,
+              ips, ports, btypes))
+          return;
 
     /*
      * Now print the output
@@ -546,6 +447,9 @@ read_binary_scanfile(struct Masscan *masscan,
     struct Output *out;
     int i;
 
+    //readscan_report_init();
+
+
     out = output_create(masscan, 0);
 
     /*
@@ -570,6 +474,9 @@ read_binary_scanfile(struct Masscan *masscan,
     }
 
     output_destroy(out);
+
+    //readscan_report_print();
+
 }
 
 

src/pixie-backtrace.c

@@ -208,7 +208,7 @@ pixie_backtrace_init(const char *self)
         }
     }
 
-	signal(SIGSEGV, handle_segfault);
+	//signal(SIGSEGV, handle_segfault);
 }
 #else
 void

src/proto-x509.c

@@ -89,6 +89,7 @@ TBSCertificate  ::=  SEQUENCE  {
 #include "proto-banout.h"
 #include "masscan-app.h"
 #include "smack.h"
+#include "logger.h"
 #include <assert.h>
 #include <string.h>
 #include <stdlib.h>
@@ -341,7 +342,7 @@ ASN1_push(struct CertDecode *x, unsigned next_state, uint64_t remaining)
      */
     if (x->stack.depth) {
         if (remaining > x->stack.remainings[0]) {
-            fprintf(stderr, "ASN.1 inner object bigger than container [%u, %u]\n",
+            LOG(1, "ASN.1 inner object bigger than container [%u, %u]\n",
                 next_state, x->stack.states[0]);
             x->state = 0xFFFFFFFF;
             return;
@@ -586,15 +587,19 @@ x509_decode(struct CertDecode *x,
                 state++;
                 continue;
             }
-            //printf("issuer:");
+            if (x->is_capture_issuer) {
+                banout_append(banout, PROTO_SSL3, " issuer[", AUTO_LEN);
+            }
             state++;
             break;
         case SUBJECTNAME_TAG:
             if (px[i] != 0x13 && px[i] != 0x0c) {
                 state++;
                 continue;
             }
-            //printf("subject:");
+            if (x->is_capture_subject) {
+                banout_append(banout, PROTO_SSL3, " subject[", AUTO_LEN);
+            }
             state++;
             break;
         case ISSUER1_TAG:
@@ -642,17 +647,20 @@ x509_decode(struct CertDecode *x,
             state++;
             break;
         case ISSUERNAME_CONTENTS:
-            //printf("%c", px[i]);
-            //if (x->stack.remainings[0] == 0)
-            //    printf("\n");
+            if (x->is_capture_issuer) {
+                banout_append(banout, PROTO_SSL3, px+i, 1);
+                if (x->stack.remainings[0] == 0)
+                    banout_append(banout, PROTO_SSL3, "]", 1);
+            }
             break;
         case SUBJECTNAME_CONTENTS:
         case EXT_DNSNAME_CONTENTS:
-            //printf("%c", px[i]);
-            if (x->subject.type == Subject_Common)
+            if (x->is_capture_subject) {
+                banout_append(banout, PROTO_SSL3, px+i, 1);
+                if (x->stack.remainings[0] == 0)
+                    banout_append(banout, PROTO_SSL3, "]", 1);
+            } else if (x->subject.type == Subject_Common)
                 banout_append(banout, PROTO_SSL3, px+i, 1);
-            //if (x->stack.remainings[0] == 0)
-            //    printf("\n");
             break;
         case VERSION_CONTENTS:
             x->u.num <<= 8;

src/proto-x509.h

@@ -26,6 +26,10 @@ struct CertDecode {
     /** We catch some DER non-canonical encoding errors, but not all. Someday
      * we'll improve the parser to catch all of them */
     unsigned is_der_failure:1;
+    unsigned is_capture_subject:1;
+    unsigned is_capture_issuer:1;
+
+
 
     /** Number of certificates we've processed */
     unsigned char count;

vs10/masscan.vcxproj

@@ -22,6 +22,8 @@
     <ClCompile Include="..\src\crypto-base64.c" />
     <ClCompile Include="..\src\crypto-blackrock2.c" />
     <ClCompile Include="..\src\event-timeout.c" />
+    <ClCompile Include="..\src\in-filter.c" />
+    <ClCompile Include="..\src\in-report.c" />
     <ClCompile Include="..\src\main-listscan.c" />
     <ClCompile Include="..\src\main-ptrace.c" />
     <ClCompile Include="..\src\main-readrange.c" />
@@ -100,6 +102,8 @@
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\src\crypto-base64.h" />
+    <ClInclude Include="..\src\in-filter.h" />
+    <ClInclude Include="..\src\in-report.h" />
     <ClInclude Include="..\src\main-globals.h" />
     <ClInclude Include="..\src\event-timeout.h" />
     <ClInclude Include="..\src\in-binary.h" />

vs10/masscan.vcxproj.filters

@@ -270,6 +270,12 @@
     <ClCompile Include="..\src\proto-interactive.c">
       <Filter>Source Files\proto</Filter>
     </ClCompile>
+    <ClCompile Include="..\src\in-filter.c">
+      <Filter>Source Files\output</Filter>
+    </ClCompile>
+    <ClCompile Include="..\src\in-report.c">
+      <Filter>Source Files\output</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\src\proto-arp.h">
@@ -464,6 +470,12 @@
     <ClInclude Include="..\src\proto-vnc.h">
       <Filter>Source Files\proto</Filter>
     </ClInclude>
+    <ClInclude Include="..\src\in-filter.h">
+      <Filter>Source Files\output</Filter>
+    </ClInclude>
+    <ClInclude Include="..\src\in-report.h">
+      <Filter>Source Files\output</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <None Include="..\README.md" />