diff options
author | Anton Luka Šijanec <anton@sijanec.eu> | 2022-02-09 22:57:26 +0100 |
---|---|---|
committer | Anton Luka Šijanec <anton@sijanec.eu> | 2022-02-09 22:57:26 +0100 |
commit | 883075fc3485406d0f509496703d909550665eec (patch) | |
tree | 307141fa695c73b561c9142f5262874d43c62b79 /main.c | |
parent | just commiting this monstrosity in case I ever need it before rewriting (diff) | |
download | dnsfind-883075fc3485406d0f509496703d909550665eec.tar dnsfind-883075fc3485406d0f509496703d909550665eec.tar.gz dnsfind-883075fc3485406d0f509496703d909550665eec.tar.bz2 dnsfind-883075fc3485406d0f509496703d909550665eec.tar.lz dnsfind-883075fc3485406d0f509496703d909550665eec.tar.xz dnsfind-883075fc3485406d0f509496703d909550665eec.tar.zst dnsfind-883075fc3485406d0f509496703d909550665eec.zip |
Diffstat (limited to '')
-rw-r--r-- | main.c | 85 |
1 files changed, 51 insertions, 34 deletions
@@ -28,7 +28,7 @@ " -f Exclude sent packets from -e PCAP output They're all the same with different dst IPs.\n" \ " -h Show this help and exit.\n" \ " -k Increment IP addresses in reverse bit endianness (000 100 010 110 001 101 011 111).\n" \ -" -m Scans increasingly larger networks. Input networks are treated as /31. Use with -n.\n" \ +" -m Spiral-search around a single host given instead of networks. Use with -n.\n" \ " -n Stops scanning after provided number of working servers is found and reported.\n" \ " -p Set the source port number to use instead of a dynamically asigned one.\n" \ " -t Number of microseconds to wait between sent packets. (default & min. 1000 - 64 KB/s)\n" \ @@ -360,7 +360,9 @@ int main (int argc, char ** argv) { int k = 0; /* little bitendian IP address inc: 10.0.0.0, 10.128.0.0, 10.64.0.0, 10.192.0.0 */ int targetnum = 0; int workingnum = 0; - int increasinglylarger = 0; + unsigned int spiralsearch = 0; + unsigned int spiralsearch_up = 0; + unsigned int spiralsearch_down = 0; int t = 1000; int w = 1000000; int e = 0; /* whether to exclude sent packets in PCAP - they're all the same */ @@ -408,7 +410,7 @@ int main (int argc, char ** argv) { k++; break; case 'm': - increasinglylarger++; + spiralsearch++; break; case 'n': targetnum = atoi(optarg); @@ -435,8 +437,8 @@ int main (int argc, char ** argv) { r = 5; goto r; } - if (increasinglylarger && l != 1) { - fprintf(stderr, "-m option is set, max one network. :: " HELP, argv[0]); + if (spiralsearch && l != 1) { + fprintf(stderr, "-m option is set, max one host :: " HELP, argv[0]); r = 6; goto r; } @@ -444,8 +446,10 @@ int main (int argc, char ** argv) { for (int i = e; i < argc; i++) { int w = i-e; n[w] = str2net(argv[i]); - if (increasinglylarger) - n[w].mask.s_addr = htonl(ntohl(INADDR_BROADCAST)&~1); + if (spiralsearch) { + n[w].mask.s_addr = INADDR_BROADCAST; + h = n[w]; + } } goto o; case '?': @@ -504,10 +508,31 @@ o: notfirst++; if (getenv("DF_DEBUG")) fprintf(stderr, "j = %lld, scanuntilhost = %ld\n", j, scanuntilhost); - if ((h = host(n[i], j)).mask.s_addr != INADDR_BROADCAST || - (increasinglylarger && scanuntilhost != -1 && j >= scanuntilhost)) { + if (spiralsearch || (h = host(n[i], j)).mask.s_addr != INADDR_BROADCAST) { k: - if (increasinglylarger ? (n[0].mask.s_addr == INADDR_ANY) : (++i >= l)) { + if (spiralsearch) { + if (spiralsearch < 10) /* this indicates we haven't yet */ + spiralsearch = 10; /* scanned given ip itself */ + else { + if (spiralsearch_down == UINT32_MAX + && spiralsearch_up == UINT32_MAX) + goto finished_sending; + if ((spiralsearch_up <= spiralsearch_down + && spiralsearch_up != UINT32_MAX) + || spiralsearch_down == UINT32_MAX) { + h.addr.s_addr = htonl(ntohl(n[i].addr.s_addr) + + ++spiralsearch_up); + if (h.addr.s_addr == INADDR_BROADCAST) + spiralsearch_up = UINT32_MAX; + } else { + h.addr.s_addr = htonl(ntohl(n[i].addr.s_addr) + - ++spiralsearch_down); + if (!h.addr.s_addr) + spiralsearch_down = UINT32_MAX; + } + } + } else if (++i >= l) { +finished_sending: fprintf(stderr, "finished sending, waiting for last replies\n"); if (clock_gettime(CLOCK_MONOTONIC, &lp) == -1) { perror("clock_gettime(CLOCK_MONOTONIC, &z)"); @@ -516,20 +541,6 @@ k: } goto i; } else { - for (int ž = 0; increasinglylarger && ž < 31; ž++) - if (ntohl(n[i].mask.s_addr) & 1 << ž) { - n[i].mask.s_addr &= htonl(~(1 << ž)); - if (ntohl(n[i].addr.s_addr) & 1 << (ž)) { - scanuntilhost = 1 << ž; - n[i].addr.s_addr &= n[i].mask.s_addr; /* 0 */ - } else { - n[i].addr.s_addr |= htonl((1 << (ž))-1); - scanuntilhost = -1; /* until end */ - } - break; - } - fprintf(stderr, "increasing scanning net: %s", inet_ntoa(n[i].addr)); - fprintf(stderr, "/%s t: %ld\n", inet_ntoa(n[i].mask), scanuntilhost); j = localnumber(n[i]); h = host(n[i], j); } @@ -660,16 +671,22 @@ i: r: if (!r && notfirst) { /* TODO: tell EXACT packets that were sent before termination. */ char * x = alloca(l*31+strlen("SCANNED \n0")+strlen("WORKINGNUM aaaaaaaaaaaaaaaa")); - strcpy(x, "SCANNED "); /* if scan term, only networks be4 */ - for (int m = 0; m < (finish ? i : l); m++) { /* network at which scan was */ - strcat(x, inet_ntoa(n[m].addr)); /* terminated are reported to be */ - strcat(x, "/"); /* scanned, not mentioning the */ - strcat(x, inet_ntoa(n[m].mask)); /* part of the last not mentioned */ - strcat(x, " "); /* network that was scanned. */ - } /* this may lead to statistical */ - sprintf(x+strlen(x), "\nWORKINGNUM %d\n", workingnum); /* issues cause it'd appear */ - write(STDIN_FILENO, x, strlen(x)); /* as if we received packets from */ - } /* hosts we haven't queried yet. */ + if (spiralsearch) { + strcpy(x, "SPIRALSEARCH "); + strcat(x, inet_ntoa(n[0].addr)); + strcat(x, " "); + } else { + strcpy(x, "SCANNED "); + for (int m = 0; m < (finish ? i : l); m++) { + strcat(x, inet_ntoa(n[m].addr)); + strcat(x, "/"); + strcat(x, inet_ntoa(n[m].mask)); + strcat(x, " "); + } + } + sprintf(x+strlen(x), "\nWORKINGNUM %d\n", workingnum); + write(STDIN_FILENO, x, strlen(x)); + } if (s != -1) if (close(s)) perror("close(s)"); |