Results 1 to 5 of 5

Thread: improved scanner in bata status

  1. #1
    Junior Member
    Join Date
    Feb 2006
    Posts
    26

    Talking improved scanner in bata status

    hi whats up??

    until i will figure any way to solve my problems im posting the improved scanner in bata status

    her it is :

    Code:
    #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
    #include <unistd.h>
    #include <errno.h>
    #include <netdb.h>
    #include <sys/types.h>
    #include <unistd.h>
    #include <netinet/in.h>
    #include <sys/socket.h>
        
        
        int main(int argc, char *argv[])
        {
            int sockfd, port;
            struct hostent *host;
            printf("------------------------------------------------------------------------\n");
            printf("| Welcome to Pmap(a.k.a Fast-scanner) 1.7b  Mr.uN1x.sec@gmail.com      |\n");
            printf("|----------------------------------------------------------------------|\n");
    	printf("| this version includes log of the scan in clear text(scan_result)     |\n");
    	printf("------------------------------------------------------------------------\n");
    	if (argc != 2) {
                fprintf(stderr,"exemples: \n");
    	    fprintf(stderr,"./Fast-scanner 192.168.2.1 \n");
    	    fprintf(stderr,"./Fast-scanner www.google.com \n");
    	    exit(1);
            }
    
            if ((host=gethostbyname(argv[1])) == NULL) { 
                perror("problem finding victim \n");
                perror("check your address \n");
    	    exit(1);
            }
    	for(port=0; port<=65000; port++)
    	{
    	struct sockaddr_in host_addr; 
            if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
                perror("problem in socket");
                perror("exiting \n");
    	    exit(1);
            }
    
            host_addr.sin_family = AF_INET;    
            host_addr.sin_port = htons(port);   
            host_addr.sin_addr = *((struct in_addr *)host->h_addr);
            memset(&(host_addr.sin_zero), '\0', 8);   
    
            if (connect(sockfd, (struct sockaddr *)&host_addr, sizeof(struct sockaddr)) == -1) {
                
    	    close(sockfd);
            }
    	else { 
    	
    	FILE * scan_result;
    	scan_result=fopen("scan_result","at");
    	if (port<8 && port>6)
    	       fprintf(scan_result,"echo port (7) is open \n",port);
    	if (port<10 && port>8)
    	       fprintf(scan_result,"discard port (9) is open \n",port);
    	if (port<12 && port>10)
    	       fprintf(scan_result,"systat port (11) is open \n",port);
    	if (port<19 && port>17)
    	       fprintf(scan_result,"msp port (17) is open \n",port);
    	if (port<21 && port>19)
    	       fprintf(scan_result,"ftp-data port (20) is open \n",port);
    	if (port<22 && port>20)
    	       fprintf(scan_result,"ftp port (21) is open \n",port);
    	if (port<23 && port>21)
    	       fprintf(scan_result,"ssh port (22) is open \n",port);
    	if (port<24 && port>22)
    	       fprintf(scan_result,"telnet port (23) is open \n",port);
    	if (port<26 && port>24)
    	       fprintf(scan_result,"smtp port (25) is open \n",port);
    	if (port<28 && port>26)
    	       fprintf(scan_result,"nsw-fe port (27) is open \n",port);
    	if (port<30 && port>28)
    	       fprintf(scan_result,"msg-icp port (29) is open \n",port);
    	if (port<32 && port>30)
    	       fprintf(scan_result,"msg-auth port (31) is open \n",port);
    	if (port<34 && port>32)
    	       fprintf(scan_result,"dsp port (33) is open \n",port);
    	if (port<39 && port>37)
    	       fprintf(scan_result,"rap port (38) is open \n",port);
    	if (port<40 && port>38)
    	       fprintf(scan_result,"rlp port (39) is open \n",port);
    	if (port<43 && port>41)
    	       fprintf(scan_result,"name-server port (42) is open \n",port);
    	if (port<45 && port>43)
    	       fprintf(scan_result,"mpm-flags port (44) is open \n",port);
    	if (port<46 && port>44) 
    	       fprintf(scan_result,"mpm port (45) is open \n",port);
    	if (port<48 && port>46)
    	       fprintf(scan_result,"ni-ftp port (47) is open \n",port);
    	if (port<49 && port>47)
    	       fprintf(scan_result,"auditd port (48) is open \n",port);
    	if (port<50 && port>48)
    	       fprintf(scan_result,"tacacs port (49) is open \n",port);
    	if (port<54 && port>52)
    	       fprintf(scan_result,"domain port (53) is open \n",port);
    	if (port<59 && port>57)
    	       fprintf(scan_result,"xns-mail port (58) is open \n",port);
    	if (port<62 && port>60)
    	       fprintf(scan_result,"ni-mail port (61) is open \n",port);
    	if (port<63 && port>61)
    	       fprintf(scan_result,"acas port (62) is open \n",port);
    	if (port<64 && port>62)
    	       fprintf(scan_result,"whois++ port (63) is open \n",port);
    	if (port<65 && port>63)
    	       fprintf(scan_result,"covia port (64) is open \n",port);
    	if (port<67 && port>65)
    	       fprintf(scan_result,"sql*net port (66) is open \n",port);
    	if (port<68 && port>66)
    	       fprintf(scan_result,"bootps port (67) is open \n",port);
    	if (port<69 && port>67)
    	       fprintf(scan_result,"bootpc port (68) is open \n",port);
    	if (port<70 && port>68)
    	       fprintf(scan_result,"tftp port (69) is open \n",port);
    	if (port<71 && port>69)
    	       fprintf(scan_result,"gopher port (70) is open \n",port);
    	if (port<72 && port>70)
    	       fprintf(scan_result,"netrjs-1 port (71) is open \n",port);
    	if (port<73 && port>71)
    	       fprintf(scan_result,"netrjs-2 port (72) is open \n",port);
    	if (port<74 && port>72)
    	       fprintf(scan_result,"netrjs-3 port (73) is open \n",port);
    	if (port<75 && port>73)
    	       fprintf(scan_result,"netrjs-4 port (74) is open \n",port);
    	if (port<80 && port>78)
    	       fprintf(scan_result,"finger port (79) is open \n",port);
    	if (port<81 && port>79)
    	       fprintf(scan_result,"http port (80) is open \n",port);
    	if (port<82 && port>80)
    	       fprintf(scan_result,"hosts2-ns port (81) is open \n",port);
    	if (port<89 && port>87)
    	       fprintf(scan_result,"keberos port (88) is open \n",port);
    	if (port<91 && port>89)
    	       fprintf(scan_result,"dnsix port (90) is open \n",port);
    	if (port<93 && port>91)
    	       fprintf(scan_result,"npp port (92) is open \n",port);
    	if (port<94 && port>92)
    	       fprintf(scan_result,"dcp port (93) is open \n",port);
    	if (port<98 && port>96)
    	       fprintf(scan_result,"swift-rvf port (97) is open \n",port);
    	if (port<102 && port>100)
    	       fprintf(scan_result,"NIC hostname port (101) is open \n",port);
    	if (port<107 && port>105)
    	       fprintf(scan_result,"3com-tsmux port (106) is open \n",port);
    	if (port<108 && port>106)
    	        fprintf(scan_result,"rtelnet port (107) is open \n",port);
    	if (port<109 && port>107)
    	       fprintf(scan_result,"snagas port (108) is open \n",port);       
    	if (port<110 && port>108)
    	       fprintf(scan_result,"pop2 port (109) is open \n",port);
    	if (port<112 && port>110)
    	       fprintf(scan_result,"sunrpc port (111) is open \n",port);
    	if (port<114 && port>112)
    	       fprintf(scan_result,"auth port (113 ) is open \n",port);
    	if (port<116 && port>114)
    	       fprintf(scan_result,"sftp port (115) is open \n",port);
    	if (port<119 && port>117)
    	       fprintf(scan_result,"sqlserv port (118) is open \n",port);
    	if (port<140 && port>138)
    	       fprintf(scan_result,"nstbios-ssh port (139) is open ,easy hack \n",port);
    	if (port<157 && port>155)
    	       fprintf(scan_result,"sqlsrv port (156) is open \n",port);
    	if (port<159 && port>157)
    	       fprintf(scan_result,"pcmail-srv port (158) is open \n",port);
    	                                                       
    	fclose(scan_result); 
    	printf("port %i is open \n", port);
    	close(sockfd);     
            }
            }
    }
    enjoy

    and dont forget to post comments

    tnx

  2. #2
    Sorry to say this, but you if statements are a complete abortion. Are you kidding? How can you seriously not know about the switch statement, or about == instead of using a bunch of AND logic?

    You open and close your results file 65,000 times each time you run that program. Take your fopen and fclose outside of your for loop.

    I'm sorry, I just find it odd that you're working on a port scanner, and yet have missed some very basics like I just mentioned... I'm sure you're learning a lot from doing this, but my lord.

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    472
    Threading, use of /etc/services, use of ghash tables are few things i can think of by taking a quick glace @ ur code.

    Anyways it will be good if you can read nmap, scanrand code and understand what they are doing.
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  4. #4
    Junior Member
    Join Date
    Feb 2006
    Posts
    26
    im writing the scanner from the start in another way and i will try to implamant the nmap scan option from the /etc/services i hope i will finish this until sunday

    tnx for the help and the ideas

    waiting for yours replys

    tnx alot

  5. #5
    Junior Member
    Join Date
    Mar 2006
    Posts
    9
    Hi

    Im a newbie at most of this stuff, though just looking I can see maybe one problem at least,,

    I dont see how switch statement would be any better..
    Does the code halt after it has found 1 open port..?
    And is it really necessary (unless of course your making it for somone else)..to have the Port type output in text ?,,after all ports are just numbers (an array maybe).

    Anyway not knowing a whole lot about it at the moment,,but thanks for posting a bit of newbie code up,,,I like that stuff because I can understand it to a point .

    Cheers
    \"Those are my principles, and if you don\'t like them....well, I have others\"

    - Groucho Marx -

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •