Hi,
this patch adds a very simple port scanner based on connect() to busybox.
I developed it for fun and to improve my skills.
Include it if you like it. Critics, hints and improvements are welcome.
It is turned off by default. Bloat-o-meter says:
scripts/bloat-o-meter busybox_old busybox_unstripped
function old new delta
pscan_main - 472 +472
.rodata 122515 122707 +192
packed_usage 22284 22334 +50
my_gettimeofday - 35 +35
applets 3084 3096 +12
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 3/0 up/down: 761/0) Total: 761 bytes
BTW: the increase in .rodata seems very big (maybe too big) to me, but i'm not
a guru in this things....
Output looks like:
[EMAIL PROTECTED]:~/Desktop/busybox.orig# ./busybox pscan www.busybox.net
Scanning www.busybox.net ports 1 to 1024
Port Proto State Service
22 tcp open ssh
25 tcp open smtp
53 tcp open domain
80 tcp open www
443 tcp open https
873 tcp open rsync
0 stealth, 1018 closed, 6 open ports
Have fun,
Ciao
Tito
--- busybox.orig/networking/Config.in 2007-05-26 23:23:37.000000000 +0200
+++ busybox/networking/Config.in 2007-06-12 21:24:18.000000000 +0200
@@ -535,6 +535,12 @@
Make the output from the ping applet include statistics, and at the
same time provide full support for ICMP packets.
+config PSCAN
+ bool "pscan"
+ default n
+ help
+ Simple network port scanner.
+
config ROUTE
bool "route"
default n
--- busybox.orig/networking/Kbuild 2007-04-12 22:30:12.000000000 +0200
+++ busybox/networking/Kbuild 2007-06-12 21:24:18.000000000 +0200
@@ -25,6 +25,7 @@
lib-$(CONFIG_NSLOOKUP) += nslookup.o
lib-$(CONFIG_PING) += ping.o
lib-$(CONFIG_PING6) += ping.o
+lib-$(CONFIG_PSCAN) += pscan.o
lib-$(CONFIG_ROUTE) += route.o
lib-$(CONFIG_TELNET) += telnet.o
lib-$(CONFIG_TELNETD) += telnetd.o
--- busybox.orig/networking/pscan.c 1970-01-01 01:00:00.000000000 +0100
+++ busybox/networking/pscan.c 2007-06-13 18:08:42.000000000 +0200
@@ -0,0 +1,113 @@
+/*
+ * Pscan is a mini port scanner implementation for busybox
+ *
+ * Copyright 2007 Tito Ragusa <[EMAIL PROTECTED]>
+ *
+ * Licensed under the GPL v2 or later, see the file LICENSE in this tarball.
+ */
+
+#include "libbb.h"
+
+static int my_gettimeofday(void)
+{
+ struct timeval now;
+
+ if(!gettimeofday(&now, NULL))
+ return 0;
+ return (now.tv_sec * 1000000 + now.tv_usec);
+}
+
+static char *my_getservbyport(int port)
+{
+ struct servent *server;
+ /* Protocol will be tcp as we use SOCK_STREAM. */
+ if ((server = getservbyport(htons(port), NULL)))
+ return server->s_name;
+ return (char *) "unknown";
+}
+
+int pscan_main( int argc, char **argv) ATTRIBUTE_NORETURN;
+int pscan_main( int argc, char **argv)
+{
+ const char *opt_max_port = "1024"; /* default max port */
+ unsigned int max_port;
+ const char *opt_timeout = "5000000"; /* arbitrary default timeout for roundtrip: 5 seconds */
+ int timeout;
+ int closed_ports = 0;
+ int open_ports = 0;
+ int rtt = 0; /* roundtrip time */
+ int s;
+ int t1;
+ int i;
+ smallint retval = 0;
+ len_and_sockaddr *lsap;
+
+ opt_complementary = "-1";
+ getopt32(argc, argv, "p:t:", &opt_max_port, &opt_timeout);
+ max_port = xatoul_range(opt_max_port, 1, 65535);
+ timeout = xatoul_range(opt_timeout, 1, INT_MAX);
+ argv += optind;
+ lsap = xhost2sockaddr(*argv, max_port);
+
+ printf("Scanning %s ports 1 to %d\n Port\tProto\tState\tService\n", *argv, max_port);
+
+ for (i = 1; i <= max_port; i++) {
+
+ lsap = xhost2sockaddr(*argv, i);
+
+ /* The SOCK_STREAM socket type is implemented on the TCP/IP protocol.*/
+ s = xsocket(lsap->sa.sa_family, SOCK_STREAM, 0);
+
+ /* Try to unblock the socket so we don't need to wait for ETIMEOUT. */
+ ndelay_on(s);
+
+ /* Start point needed to calculate some rough rtt and tune timeout. */
+ t1 = my_gettimeofday();
+
+ connect(s, &lsap->sa, lsap->len);
+
+ if (errno == ENETDOWN
+ || errno == ENETUNREACH
+ || errno == ENETRESET
+ || errno == ECONNABORTED)
+ bb_perror_nomsg_and_die();
+
+ do {
+ if (errno == ECONNREFUSED) {
+ closed_ports++;
+ /* Attempt to calculate the rtt */
+ rtt = my_gettimeofday() - t1;
+ break;
+ }
+ retval = write(s, " ", 1);
+ if (((rtt * 2) - (my_gettimeofday() - t1)) <= 0) {
+ /* Double rtt to try to avoid some false negative results */
+ /* on ports due to network performance decrease. */
+ if (rtt < timeout) {
+ /* We had some response from the host before as rtt */
+ /* is less than default timeout value so we retry one */
+ /* more time resetting rtt to default. */
+ rtt = timeout;
+ continue;
+ }
+ /* Timeout expired. */
+ break;
+ }
+ } while (retval <= 0);
+
+ if (retval > 0) {
+ /* We were able to write to the socket. */
+ open_ports++;
+ printf("%5d\ttcp\topen\t%s\n", i, my_getservbyport(i));
+ }
+ /* Clean up. */
+ close(s);
+ free(lsap);
+ }
+
+ printf("%d stealth, %d closed, %d open ports\n",
+ max_port - (closed_ports + open_ports),
+ closed_ports,
+ open_ports);
+ exit(EXIT_SUCCESS);
+}
--- busybox.orig/include/applets.h 2007-05-19 23:33:51.000000000 +0200
+++ busybox/include/applets.h 2007-06-12 21:24:18.000000000 +0200
@@ -257,6 +257,7 @@
USE_PRINTENV(APPLET(printenv, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_PRINTF(APPLET(printf, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_PS(APPLET(ps, _BB_DIR_BIN, _BB_SUID_NEVER))
+USE_PSCAN(APPLET(pscan, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_PWD(APPLET_NOFORK(pwd, pwd, _BB_DIR_BIN, _BB_SUID_NEVER, pwd))
USE_RAIDAUTORUN(APPLET(raidautorun, _BB_DIR_SBIN, _BB_SUID_NEVER))
USE_RDATE(APPLET(rdate, _BB_DIR_USR_SBIN, _BB_SUID_NEVER))
--- busybox.orig/include/usage.h 2007-06-05 21:20:53.000000000 +0200
+++ busybox/include/usage.h 2007-06-12 21:42:22.000000000 +0200
@@ -2668,6 +2668,13 @@
" 745 root root S [getty]\n" \
" 2990 andersen andersen R ps\n"
+#define pscan_trivial_usage \
+ "[-p PORT][-t TIMEOUT] HOST"
+#define pscan_full_usage \
+ " Scan a host's ports printing all open ports." \
+ "\n\nOptions:\n" \
+ " -p scan up to this port (default 1024)\n" \
+ " -t timeout in microseconds (default 5000000)"
#define pwd_trivial_usage \
""
_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox
