Re: [PATCH] mini port scanner for busybox - V2

Thu, 14 Jun 2007 07:14:11 -0700 

On Thursday 14 June 2007 10:37:54 Denis Vlasenko wrote:
> Hi Tito,
> 
> On Wednesday 13 June 2007 23:54, Tito wrote:
> > Hi,
> > this patch adds a very simple port scanner based on connect() to busybox.
> > I developed it for fun and to improve my skills.
> > Include it if you like it. Critics, hints and improvements are welcome.
> > It is turned off by default. Bloat-o-meter says:
> > 
> > scripts/bloat-o-meter busybox_old busybox_unstripped
> > function                                             old     new   delta
> > pscan_main                                             -     472    +472
> > .rodata                                           122515  122707    +192
> > packed_usage                                       22284   22334     +50
> > my_gettimeofday                                        -      35     +35
> > applets                                             3084    3096     +12
> > ------------------------------------------------------------------------------
> > (add/remove: 2/0 grow/shrink: 3/0 up/down: 761/0)             Total: 761 
> > bytes
> > 
> > BTW: the increase in .rodata seems very big (maybe too big) to me, but i'm 
> > not a guru in this things....
> > 
> > Output looks like:
> > 
> > [EMAIL PROTECTED]:~/Desktop/busybox.orig# ./busybox pscan www.busybox.net
> > Scanning www.busybox.net ports 1 to 1024
> >  Port   Proto   State   Service
> >    22   tcp     open    ssh
> >    25   tcp     open    smtp
> >    53   tcp     open    domain
> >    80   tcp     open    www
> >   443   tcp     open    https
> >   873   tcp     open    rsync
> > 0 stealth, 1018 closed, 6 open ports
> 
> +               connect(s, &lsap->sa, lsap->len);
> +
> +               if (errno == ENETDOWN
> +               ||  errno == ENETUNREACH
> +               ||  errno == ENETRESET
> +               ||  errno == ECONNABORTED)
> +                       bb_perror_nomsg_and_die();
> +
> +               do {
> +                       if (errno == ECONNREFUSED) {
> +                               closed_ports++;
> +                               /* Attempt to calculate the rtt */
> +                               rtt = my_gettimeofday() - t1;
> +                               break;
> +                       }
> +                       retval = write(s, " ", 1);
> 
> Shouldn't you check connect return value, at least just before write?
> 
> +                       if (((rtt * 2) - (my_gettimeofday() - t1)) <= 0) {
> 
> You mean, if (rtt * 2 <= my_gettimeofday() - t1) ?
> 
> +                       /* Double rtt to try to avoid some false negative 
> results */
> +                       /* on ports due to network performance decrease.      
>     */
> 
> Where is the code which does this doubling? comment imply that rtt *= 2,
> but there is no such line.
> 
> It's good that you added these comments,
> but explanation is not clear enough (at least for me).
> 
> Care to improve?
> --
> vda
> 

Here a new version of the patch with improved comments. Enjoy! ;-D

PS: fixed also a stupid typo in my_gettimeofday
if (!gettimeofday(&now, NULL)) ==> if (gettimeofday(&now, NULL))

Ciao,
Tito


--- busybox.orig/networking/Config.in	2007-05-26 23:23:37.000000000 +0200
+++ busybox/networking/Config.in	2007-06-12 21:24:18.000000000 +0200
@@ -535,6 +535,12 @@
 	  Make the output from the ping applet include statistics, and at the
 	  same time provide full support for ICMP packets.
 
+config PSCAN
+	bool "pscan"
+	default n
+	help
+	  Simple network port scanner.
+
 config ROUTE
 	bool "route"
 	default n
--- busybox.orig/networking/Kbuild	2007-04-12 22:30:12.000000000 +0200
+++ busybox/networking/Kbuild	2007-06-12 21:24:18.000000000 +0200
@@ -25,6 +25,7 @@
 lib-$(CONFIG_NSLOOKUP)     += nslookup.o
 lib-$(CONFIG_PING)         += ping.o
 lib-$(CONFIG_PING6)        += ping.o
+lib-$(CONFIG_PSCAN)        += pscan.o
 lib-$(CONFIG_ROUTE)        += route.o
 lib-$(CONFIG_TELNET)       += telnet.o
 lib-$(CONFIG_TELNETD)      += telnetd.o
--- busybox.orig/include/applets.h	2007-05-19 23:33:51.000000000 +0200
+++ busybox/include/applets.h	2007-06-12 21:24:18.000000000 +0200
@@ -257,6 +257,7 @@
 USE_PRINTENV(APPLET(printenv, _BB_DIR_BIN, _BB_SUID_NEVER))
 USE_PRINTF(APPLET(printf, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
 USE_PS(APPLET(ps, _BB_DIR_BIN, _BB_SUID_NEVER))
+USE_PSCAN(APPLET(pscan, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
 USE_PWD(APPLET_NOFORK(pwd, pwd, _BB_DIR_BIN, _BB_SUID_NEVER, pwd))
 USE_RAIDAUTORUN(APPLET(raidautorun, _BB_DIR_SBIN, _BB_SUID_NEVER))
 USE_RDATE(APPLET(rdate, _BB_DIR_USR_SBIN, _BB_SUID_NEVER))
--- busybox.orig/include/usage.h	2007-06-05 21:20:53.000000000 +0200
+++ busybox/include/usage.h	2007-06-12 21:42:22.000000000 +0200
@@ -2668,6 +2668,13 @@
        "  745 root     root     S [getty]\n" \
        " 2990 andersen andersen R ps\n"
 
+#define pscan_trivial_usage \
+       "[-p PORT][-t TIMEOUT] HOST"
+#define pscan_full_usage \
+       " Scan a host's ports printing all open ports." \
+       "\n\nOptions:\n" \
+       "	-p	scan up to this port (default 1024)\n" \
+       "	-t	timeout in microseconds (default 5000000)"
 
 #define pwd_trivial_usage \
        ""
--- busybox.orig/networking/pscan.c	1970-01-01 01:00:00.000000000 +0100
+++ busybox/networking/pscan.c	2007-06-14 16:07:35.000000000 +0200
@@ -0,0 +1,127 @@
+/*
+ * Pscan is a mini port scanner implementation for busybox
+ *
+ * Copyright 2007 Tito Ragusa <[EMAIL PROTECTED]>
+ *
+ * Licensed under the GPL v2 or later, see the file LICENSE in this tarball.
+ */
+
+#include "libbb.h"
+
+static int my_gettimeofday(void)
+{
+	struct timeval now;
+	
+	if (gettimeofday(&now, NULL))
+		return 0;
+	return (now.tv_sec * 1000000 + now.tv_usec);
+}
+
+static char *my_getservbyport(int port)
+{
+	struct servent *server;
+	/* Protocol will be tcp as we use SOCK_STREAM. */
+	if ((server = getservbyport(htons(port), NULL)))
+		return server->s_name;
+	return (char *) "unknown";
+}
+
+int pscan_main( int argc, char **argv) ATTRIBUTE_NORETURN;
+int pscan_main( int argc, char **argv)
+{
+	const char *opt_max_port = "1024";          /* default max port */
+	unsigned int max_port;
+	const char *opt_timeout = "5000000";        /* arbitrary default timeout for roundtrip: 5 seconds */
+	int timeout;
+	int closed_ports = 0;
+	int open_ports = 0;
+	int rtt = 0;                                /* roundtrip time */
+	int s;
+	int t1;
+	int i;
+	smallint retval = 0;
+	len_and_sockaddr *lsap;
+
+	opt_complementary = "-1";
+	getopt32(argc, argv, "p:t:", &opt_max_port, &opt_timeout);
+	max_port =  xatoul_range(opt_max_port, 1, 65535);
+	timeout = xatoul_range(opt_timeout, 1, INT_MAX);
+	argv += optind;
+	lsap = xhost2sockaddr(*argv, max_port);
+
+	printf("Scanning %s ports 1 to %d\n Port\tProto\tState\tService\n", *argv, max_port);
+
+	for (i = 1; i <= max_port; i++) {
+		/* printf("%d\n", rtt);*/ /* DEBUG */
+		lsap = xhost2sockaddr(*argv, i);
+
+		/* The SOCK_STREAM socket type is implemented on the TCP/IP protocol. */
+		s = xsocket(lsap->sa.sa_family, SOCK_STREAM, 0);
+
+		/* Try to unblock the socket so we don't need to wait for ETIMEOUT.   */
+		ndelay_on(s);
+
+		/* Start point needed to calculate some rough rtt and tune timeout.   */
+		t1 = my_gettimeofday();
+
+		/* Don't check return value of connect as most of the times it is -1, */
+		/* We will check for the errno later.                                 */
+		connect(s, &lsap->sa, lsap->len);
+		/* Exit on all errors that make any further action useless.           */
+		if (errno == ENETDOWN 
+		||  errno == ENETUNREACH 
+		||  errno == ENETRESET 
+		||  errno == ECONNABORTED)
+			bb_perror_nomsg_and_die();
+		/* We ignore EHOSTUNREACH, ETIMEDOUT, EHOSTDOWN,               */
+		/* as they could be due to a firewall.                         */
+		/* We ignore EAGAIN, EINPROGRESS as they are due to O_NONBLOCK.*/
+		/* We ignore EACCES, EPERM, EADDRINUSE, EAFNOSUPPORT,          */
+		/* EALREADY, EBADF, EFAULT, EINTR, EISCONN, ENOTSOCK           */
+		/* as they are unlikely to happen here. I hope...              */
+
+		do {
+			if (errno == ECONNREFUSED) {
+				/* PORT CLOSED */
+				closed_ports++;
+				/* Attempt to calculate a new rtt. */
+				rtt = my_gettimeofday() - t1;
+				break;
+			}
+			retval = write(s, " ", 1);
+
+			if (((rtt * 2) - (my_gettimeofday() - t1)) <= 0) {
+			/* Calculate a temporary rtt and compare it with the       */
+			/* previous rtt * 2. We double the value to try to avoid   */
+			/* some false negative results on ports due to network     */
+			/* performance decrease.                                   */
+				if (rtt < timeout) {
+				/* We had some response from the host before as rtt    */
+				/* is less than our timeout value so we retry one      */
+				/* more time on this port resetting rtt to the timeout.*/
+					rtt = timeout;
+					continue;
+				}
+				/* else timeout expired. */
+				break;
+			}
+		} while (retval <= 0);
+
+		if (retval > 0) {
+			/* PORT OPEN: we were able to write to the socket. */
+			open_ports++;
+			/* Attempt to calculate a new rtt.                 */
+			rtt = my_gettimeofday() - t1;
+			printf("%5d\ttcp\topen\t%s\n", i, my_getservbyport(i));
+		}
+		/* Clean up. */
+		close(s);
+		free(lsap);
+	}
+
+	printf("%d stealth, %d closed, %d open ports\n",
+					max_port - (closed_ports + open_ports),
+					closed_ports,
+					open_ports);
+	exit(EXIT_SUCCESS);
+}

_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox

Reply via email to