listscan (nmap -sL)

Author: robertdavidgraham

src/main-conf.c

@@ -109,14 +109,14 @@ masscan_echo_nic(struct Masscan *masscan, FILE *fp, unsigned i)
         (masscan->nic[i].adapter_ip>> 8)&0xFF,
         (masscan->nic[i].adapter_ip>> 0)&0xFF
         );
-    fprintf(fp, "adapter-mac = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz,
+    fprintf(fp, "adapter-mac%s = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz,
             masscan->nic[i].adapter_mac[0],
             masscan->nic[i].adapter_mac[1],
             masscan->nic[i].adapter_mac[2],
             masscan->nic[i].adapter_mac[3],
             masscan->nic[i].adapter_mac[4],
             masscan->nic[i].adapter_mac[5]);
-    fprintf(fp, "router-mac = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz,
+    fprintf(fp, "router-mac%s = %02x:%02x:%02x:%02x:%02x:%02x\n", zzz,
             masscan->nic[i].router_mac[0],
             masscan->nic[i].router_mac[1],
             masscan->nic[i].router_mac[2],
@@ -617,7 +617,8 @@ masscan_set_parameter(struct Masscan *masscan,
     }
     else if (EQUALS("ports", name) || EQUALS("port", name)) {
         rangelist_parse_ports(&masscan->ports, value);
-        masscan->op = Operation_Scan;
+        if (masscan->op == 0)
+            masscan->op = Operation_Scan;
     }
     else if (EQUALS("exclude-ports", name) || EQUALS("exclude-port", name)) {
         rangelist_parse_ports(&masscan->exclude_port, value);
@@ -650,7 +651,8 @@ masscan_set_parameter(struct Masscan *masscan,
             else
                 offset++; /* skip comma */
         }
-        masscan->op = Operation_Scan;
+        if (masscan->op == 0)
+            masscan->op = Operation_Scan;
     }
     else if (
                 EQUALS("exclude", name) ||
@@ -679,7 +681,8 @@ masscan_set_parameter(struct Masscan *masscan,
             else
                 offset++; /* skip comma */
         }
-        masscan->op = Operation_Scan;
+        if (masscan->op == 0)
+            masscan->op = Operation_Scan;
     } else if (EQUALS("append-output", name) || EQUALS("output-append", name)) {
         if (EQUALS("overwrite", name))
             masscan->nmap.append = 0;
@@ -821,6 +824,8 @@ masscan_set_parameter(struct Masscan *masscan,
         masscan->resume.seed = parseInt(value);
     } else if (EQUALS("resume-index", name)) {
         masscan->resume.index = parseInt(value);
+    } else if (EQUALS("resume-count", name)) {
+        masscan->resume.count = parseInt(value);
     } else if (EQUALS("retries", name) || EQUALS("retry", name)) {
         unsigned x = strtoul(value, 0, 0);
         if (x >= 1000) {
@@ -1230,8 +1235,8 @@ masscan_command_line(struct Masscan *masscan, int argc, char *argv[])
                         fprintf(stderr, "nmap(%s): Zombie scans will never be supported\n", argv[i]);
                         exit(1);
                     case 'L': /* List Scan - simply list targets to scan */
-                        fprintf(stderr, "nmap(%s): list scan unsupported\n", argv[i]);
-                        exit(1);
+                        masscan->op = Operation_ListScan;
+                        break;
                     case 'M':
                         fprintf(stderr, "nmap(%s): Maimon scan not yet supported\n", argv[i]);
                         exit(1);

src/main-listscan.c

@@ -0,0 +1,71 @@
+#include "masscan.h"
+#include "logger.h"
+#include "rand-blackrock.h"
+
+void
+main_listscan(struct Masscan *masscan)
+{
+    uint64_t count_ips;
+    uint64_t count_ports;
+    uint64_t i;
+    uint64_t range;
+    uint64_t start;
+    uint64_t end;
+    struct BlackRock blackrock;
+    unsigned r = masscan->retries + 1;
+    unsigned increment = masscan->shard.of;
+
+    count_ports = rangelist_count(&masscan->ports);
+    if (count_ports == 0)
+        rangelist_add_range(&masscan->ports, 80, 80);
+    count_ports = rangelist_count(&masscan->ports);
+    
+    count_ips = rangelist_count(&masscan->targets);
+    if (count_ips == 0) {
+        LOG(0, "FAIL: target IP address list empty\n");
+        LOG(0, " [hint] try something like \"--range 10.0.0.0/8\"\n");
+        LOG(0, " [hint] try something like \"--range 192.168.0.100-192.168.0.200\"\n");
+        return;
+    }
+
+    range = count_ips * count_ports;
+
+    
+    blackrock_init(&blackrock, range, masscan->seed);
+    
+    start = masscan->resume.index + (masscan->shard.one-1);
+    end = range;
+    if (masscan->resume.count && end > start + masscan->resume.count)
+        end = start + masscan->resume.count;
+    end += masscan->retries * masscan->max_rate;
+
+    
+    for (i=start; i<end; ) {
+        uint64_t xXx;
+        unsigned ip;
+        unsigned port;
+        
+        
+        xXx = (i + (r--) * masscan->max_rate);
+        while (xXx >= range)
+            xXx -= range;
+        xXx = blackrock_shuffle(&blackrock,  xXx);
+        ip = rangelist_pick(&masscan->targets, xXx % count_ips);
+        port = rangelist_pick(&masscan->ports, xXx / count_ips);
+        
+        if (count_ports == 1)
+            printf("%u.%u.%u.%u\n",
+                   (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF
+                   );
+        else
+            printf("%u.%u.%u.%u:%u\n",
+                   (ip>>24)&0xFF, (ip>>16)&0xFF, (ip>>8)&0xFF, (ip>>0)&0xFF,
+                   port
+                   );
+        
+        if (r == 0) {
+            i += increment; /* <------ increment by 1 normally, more with shards/nics */
+            r = masscan->retries + 1;
+        }
+    }
+}

src/main.c

@@ -64,7 +64,7 @@
 unsigned control_c_pressed = 0;
 static unsigned control_c_pressed_again = 0;
 time_t global_now;
-static unsigned wait = 10;
+static unsigned global_wait = 10;
 
 uint64_t foo_timestamp = 0;
 uint64_t foo_count = 0;
@@ -238,6 +238,8 @@ transmit_thread(void *v) /*aka. scanning_thread() */
      * is essentially the same logic as shards. */
     start = masscan->resume.index + (masscan->shard.one-1) + parms->nic_index;
     end = range;
+    if (masscan->resume.count && end > start + masscan->resume.count)
+        end = start + masscan->resume.count;
     end += retries * rate;
 
 
@@ -702,7 +704,9 @@ static void control_c_handler(int x)
 {
     if (control_c_pressed == 0) {
         fprintf(stderr, 
-"waiting %u seconds to exit...                                            \n", wait);
+                "waiting %u seconds to exit..."
+                "                                            \n", 
+                global_wait);
         fflush(stderr);
         control_c_pressed = 1+x;
     } else
@@ -907,8 +911,7 @@ main_scan(struct Masscan *masscan)
         unsigned i;
         double rate = 0;
 
-        min_index = UINT64_MAX;
-
+        
         /* Find the minimum index of all the threads */
         min_index = UINT64_MAX;
         for (i=0; i<masscan->nic_count; i++) {
@@ -1081,6 +1084,11 @@ int main(int argc, char *argv[])
          * THIS IS THE NORMAL THING
          */
         return main_scan(masscan);
+            
+        case Operation_ListScan:
+            /* Create a randomized list of IP addresses */
+            main_listscan(masscan);
+            return 0;
 
     case Operation_List_Adapters:
         /* List the network adapters we might want to use for scanning */

src/masscan.h

@@ -107,6 +107,7 @@ struct Masscan
     struct {
         uint64_t seed;
         uint64_t index;
+        uint64_t count;
     } resume;
 
     struct {
@@ -172,6 +173,7 @@ void masscan_read_config_file(struct Masscan *masscan, const char *filename);
 void masscan_command_line(struct Masscan *masscan, int argc, char *argv[]);
 void masscan_usage();
 void masscan_save_state(struct Masscan *masscan);
+void main_listscan(struct Masscan *masscan);
 
 int
 masscan_initialize_adapter(

src/output.c

@@ -530,7 +530,7 @@ output_report_banner(struct Output *out, unsigned ip, unsigned port,
             length, px
             );
         if (count < 80)
-            fprintf(stdout, "%.*s\n", (size_t)(79-count),
+            fprintf(stdout, "%.*s\n", (int)(79-count),
 "                                                                                    ");
         else
             fprintf(stdout, "\n");

src/pixie-timer.c

@@ -206,14 +206,19 @@ pixie_nanotime()
 
     return tv.tv_sec * 1000000000 + tv.tv_nsec;
 }
-#elif defined(__MACH__) /* works for Apple */
+#elif defined(__MACH__) || defined(__FreeBSD__) /* works for Apple */
 #include <unistd.h>
 #include <mach/mach_time.h>
 
 void pixie_usleep(uint64_t microseconds)
 {
     usleep(microseconds);
 }
+void
+pixie_mssleep(unsigned milliseconds)
+{
+    pixie_usleep(milliseconds * 1000ULL);
+}
 uint64_t
 pixie_gettime()
 {

xcode4/masscan.xcodeproj/project.pbxproj

@@ -49,6 +49,7 @@
 		11AC80EE17E0DAD4001BCE3A /* proto-icmp.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80E917E0DAD4001BCE3A /* proto-icmp.c */; };
 		11AC80EF17E0DAD4001BCE3A /* proto-ssh.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80EB17E0DAD4001BCE3A /* proto-ssh.c */; };
 		11AC80F617E0ED47001BCE3A /* main-ptrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 11AC80F517E0ED47001BCE3A /* main-ptrace.c */; };
+		11B039C117E506B400925E7E /* main-listscan.c in Sources */ = {isa = PBXBuildFile; fileRef = 11B039C017E506B400925E7E /* main-listscan.c */; };
 		11B2DD9E17DE4DD8007FC363 /* templ-payloads.c in Sources */ = {isa = PBXBuildFile; fileRef = 11B2DD9C17DE4DD8007FC363 /* templ-payloads.c */; };
 /* End PBXBuildFile section */
 
@@ -141,6 +142,7 @@
 		11AC80EC17E0DAD4001BCE3A /* proto-ssh.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "proto-ssh.h"; sourceTree = "<group>"; };
 		11AC80F517E0ED47001BCE3A /* main-ptrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "main-ptrace.c"; sourceTree = "<group>"; };
 		11AC80F817E0EDA7001BCE3A /* main-ptrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "main-ptrace.h"; sourceTree = "<group>"; };
+		11B039C017E506B400925E7E /* main-listscan.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "main-listscan.c"; sourceTree = "<group>"; };
 		11B2DD9C17DE4DD8007FC363 /* templ-payloads.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "templ-payloads.c"; sourceTree = "<group>"; };
 		11B2DD9D17DE4DD8007FC363 /* templ-payloads.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "templ-payloads.h"; sourceTree = "<group>"; };
 /* End PBXFileReference section */
@@ -196,6 +198,7 @@
 				11A9219C17DBCC7E00DDFD32 /* main-status.h */,
 				11A9219D17DBCC7E00DDFD32 /* main-throttle.c */,
 				11A9219E17DBCC7E00DDFD32 /* main-throttle.h */,
+				11B039C017E506B400925E7E /* main-listscan.c */,
 				11A9219F17DBCC7E00DDFD32 /* main.c */,
 				11A921A017DBCC7E00DDFD32 /* masscan.h */,
 				11A921A117DBCC7E00DDFD32 /* out-binary.c */,
@@ -350,6 +353,7 @@
 				11AC80EE17E0DAD4001BCE3A /* proto-icmp.c in Sources */,
 				11AC80EF17E0DAD4001BCE3A /* proto-ssh.c in Sources */,
 				11AC80F617E0ED47001BCE3A /* main-ptrace.c in Sources */,
+				11B039C117E506B400925E7E /* main-listscan.c in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};