diff options
Diffstat (limited to '')
| -rw-r--r-- | portlist.h | 293 |
1 files changed, 293 insertions, 0 deletions
diff --git a/portlist.h b/portlist.h new file mode 100644 index 0000000..df4dc36 --- /dev/null +++ b/portlist.h @@ -0,0 +1,293 @@ +/*************************************************************************** + * portlist.h -- Functions for manipulating various lists of ports * + * maintained internally by Nmap. * + * * + ***********************IMPORTANT NMAP LICENSE TERMS************************ + * + * The Nmap Security Scanner is (C) 1996-2023 Nmap Software LLC ("The Nmap + * Project"). Nmap is also a registered trademark of the Nmap Project. + * + * This program is distributed under the terms of the Nmap Public Source + * License (NPSL). The exact license text applying to a particular Nmap + * release or source code control revision is contained in the LICENSE + * file distributed with that version of Nmap or source code control + * revision. More Nmap copyright/legal information is available from + * https://nmap.org/book/man-legal.html, and further information on the + * NPSL license itself can be found at https://nmap.org/npsl/ . This + * header summarizes some key points from the Nmap license, but is no + * substitute for the actual license text. + * + * Nmap is generally free for end users to download and use themselves, + * including commercial use. It is available from https://nmap.org. + * + * The Nmap license generally prohibits companies from using and + * redistributing Nmap in commercial products, but we sell a special Nmap + * OEM Edition with a more permissive license and special features for + * this purpose. See https://nmap.org/oem/ + * + * If you have received a written Nmap license agreement or contract + * stating terms other than these (such as an Nmap OEM license), you may + * choose to use and redistribute Nmap under those terms instead. + * + * The official Nmap Windows builds include the Npcap software + * (https://npcap.com) for packet capture and transmission. It is under + * separate license terms which forbid redistribution without special + * permission. So the official Nmap Windows builds may not be redistributed + * without special permission (such as an Nmap OEM license). + * + * Source is provided to this software because we believe users have a + * right to know exactly what a program is going to do before they run it. + * This also allows you to audit the software for security holes. + * + * Source code also allows you to port Nmap to new platforms, fix bugs, and add + * new features. You are highly encouraged to submit your changes as a Github PR + * or by email to the dev@nmap.org mailing list for possible incorporation into + * the main distribution. Unless you specify otherwise, it is understood that + * you are offering us very broad rights to use your submissions as described in + * the Nmap Public Source License Contributor Agreement. This is important + * because we fund the project by selling licenses with various terms, and also + * because the inability to relicense code has caused devastating problems for + * other Free Software projects (such as KDE and NASM). + * + * The free version of Nmap is distributed in the hope that it will be + * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties, + * indemnification and commercial support are all available through the + * Npcap OEM program--see https://nmap.org/oem/ + * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef PORTLIST_H +#define PORTLIST_H + +#include "nbase.h" +#ifndef NOLUA +#include "nse_main.h" +#endif + +#include "portreasons.h" + +#include <vector> + +/* port states */ +#define PORT_UNKNOWN 0 +#define PORT_CLOSED 1 +#define PORT_OPEN 2 +#define PORT_FILTERED 3 +#define PORT_TESTING 4 +#define PORT_FRESH 5 +#define PORT_UNFILTERED 6 +#define PORT_OPENFILTERED 7 /* Like udp/fin/xmas/null/ipproto scan with no response */ +#define PORT_CLOSEDFILTERED 8 /* Idle scan */ +#define PORT_HIGHEST_STATE 9 /* ***IMPORTANT -- BUMP THIS UP WHEN STATES ARE + ADDED *** */ +const char *statenum2str(int state); + +#define TCPANDUDPANDSCTP IPPROTO_MAX +#define UDPANDSCTP (IPPROTO_MAX + 1) + +enum serviceprobestate { + PROBESTATE_INITIAL=1, // No probes started yet + PROBESTATE_NULLPROBE, // Is working on the NULL Probe + PROBESTATE_MATCHINGPROBES, // Is doing matching probe(s) + PROBESTATE_NONMATCHINGPROBES, // The above failed, is checking nonmatches + PROBESTATE_FINISHED_HARDMATCHED, // Yay! Found a match + PROBESTATE_FINISHED_SOFTMATCHED, // Well, a soft match anyway + PROBESTATE_FINISHED_NOMATCH, // D'oh! Failed to find the service. + PROBESTATE_FINISHED_TCPWRAPPED, // We think the port is blocked via tcpwrappers + PROBESTATE_EXCLUDED, // The port has been excluded from the scan + PROBESTATE_INCOMPLETE // failed to complete (error, host timeout, etc.) +}; + +enum service_detection_type { SERVICE_DETECTION_TABLE, SERVICE_DETECTION_PROBED }; + +enum service_tunnel_type { SERVICE_TUNNEL_NONE, SERVICE_TUNNEL_SSL }; + +// Move some popular TCP ports to the beginning of the portlist, because +// that can speed up certain scans. You should have already done any port +// randomization, this should prevent the ports from always coming out in the +// same order. +void random_port_cheat(u16 *ports, int portcount); + +struct serviceDeductions { + serviceDeductions(); + // Free any strings that need to be freed and set all pointers to null. + void erase(); + void populateFullVersionString(char *buf, size_t n) const; + + const char *name; // will be NULL if can't determine + // Confidence is a number from 0 (least confident) to 10 (most + // confident) expressing how accurate the service detection is + // likely to be. + int name_confidence; + // Any of these 6 can be NULL if we weren't able to determine it + char *product; + char *version; + char *extrainfo; + char *hostname; + char *ostype; + char *devicetype; + std::vector<char *> cpe; + // SERVICE_TUNNEL_NONE or SERVICE_TUNNEL_SSL + enum service_tunnel_type service_tunnel; + // if we should give the user a service fingerprint to submit, here it is. Otherwise NULL. + char *service_fp; + enum service_detection_type dtype; // definition above +}; + +class Port { + friend class PortList; + + public: + Port(); + void freeService(bool del_service); + void freeScriptResults(void); + void getNmapServiceName(char *namebuf, int buflen) const; + + u16 portno; + u8 proto; + u8 state; + state_reason_t reason; + +#ifndef NOLUA + ScriptResults scriptResults; +#endif + + private: + /* This is allocated only on demand by PortList::setServiceProbeResults + to save memory for the many closed or filtered ports that don't need it. */ + serviceDeductions *service; +}; + + +/* Needed enums to address some arrays. This values + * should never be used directly. Use INPROTO2PORTLISTPROTO macro */ +enum portlist_proto { // PortList Protocols + PORTLIST_PROTO_TCP = 0, + PORTLIST_PROTO_UDP = 1, + PORTLIST_PROTO_SCTP = 2, + PORTLIST_PROTO_IP = 3, + PORTLIST_PROTO_MAX = 4 +}; + +class PortList { + public: + PortList(); + ~PortList(); + /* Set ports that will be scanned for each protocol. This function + * must be called before any PortList object will be created. */ + static void initializePortMap(int protocol, u16 *ports, int portcount); + /* Free memory used by port_map. It should be done somewhere before quitting*/ + static void freePortMap(); + + void setDefaultPortState(u8 protocol, int state); + void setPortState(u16 portno, u8 protocol, int state); + int getPortState(u16 portno, u8 protocol); + int forgetPort(u16 portno, u8 protocol); + bool portIsDefault(u16 portno, u8 protocol); + /* Saves an identification string for the target containing these + ports (an IP address might be a good example, but set what you + want). Only used when printing new port updates. Optional. A + copy is made. */ + void setIdStr(const char *id); + /* A function for iterating through the ports. Give NULL for the + first "afterthisport". Then supply the most recent returned port + for each subsequent call. When no more matching ports remain, NULL + will be returned. To restrict returned ports to just one protocol, + specify IPPROTO_TCP, IPPROTO_UDP or UPPROTO_SCTP for + allowed_protocol. A TCPANDUDPANDSCTP for allowed_protocol matches + either. A 0 for allowed_state matches all possible states. This + function returns ports in numeric order from lowest to highest, + except that if you ask for TCP, UDP & SCTP, all TCP ports will be + returned before we start returning UDP and finally SCTP ports */ + Port *nextPort(const Port *cur, Port *next, + int allowed_protocol, int allowed_state) const; + + int setStateReason(u16 portno, u8 proto, reason_t reason, u8 ttl, const struct sockaddr_storage *ip_addr); + + int numscriptresults; /* Total number of scripts which produced output */ + + /* Get number of ports in this state. This a sum for protocols. */ + int getStateCounts(int state) const; + /* Get number of ports in this state for requested protocol. */ + int getStateCounts(int protocol, int state) const; + + // sname should be NULL if sres is not + // PROBESTATE_FINISHED_MATCHED. product,version, and/or extrainfo + // will be NULL if unavailable. Note that this function makes its + // own copy of sname and product/version/extrainfo. This function + // also takes care of truncating the version strings to a + // 'reasonable' length if necessary, and cleaning up any unprintable + // chars. (these tests are to avoid annoying DOS (or other) attacks + // by malicious services). The fingerprint should be NULL unless + // one is available and the user should submit it. tunnel must be + // SERVICE_TUNNEL_NONE (normal) or SERVICE_TUNNEL_SSL (means ssl was + // detected and we tried to tunnel through it ). + void setServiceProbeResults(u16 portno, int protocol, + enum serviceprobestate sres, const char *sname, + enum service_tunnel_type tunnel, const char *product, + const char *version, const char *hostname, + const char *ostype, const char *devicetype, + const char *extrainfo, + const std::vector<const char *> *cpe, + const char *fingerprint); + + // pass in an allocated struct serviceDeductions (don't worry about initializing, and + // you don't have to free any internal ptrs. See the serviceDeductions definition for + // the fields that are populated. + void getServiceDeductions(u16 portno, int protocol, struct serviceDeductions *sd) const; + +#ifndef NOLUA + void addScriptResult(u16 portno, int protocol, ScriptResult *sr); +#endif + + /* Cycles through the 0 or more "ignored" ports which should be + consolidated for Nmap output. They are returned sorted by the + number of ports in the state, starting with the most common. It + should first be called with PORT_UNKNOWN to obtain the most popular + ignored state (if any). Then call with that state to get the next + most popular one. Returns the state if there is one, but returns + PORT_UNKNOWN if there are no (more) states which qualify for + consolidation */ + int nextIgnoredState(int prevstate) const; + + /* Returns true if a state should be ignored (consolidated), false otherwise */ + bool isIgnoredState(int state, int *count) const; + + int numIgnoredStates() const; + int numIgnoredPorts() const; + int numPorts() const; + bool hasOpenPorts() const; + + /* Returns true if service scan is done and portno is found to be tcpwrapped, false otherwise */ + bool isTCPwrapped(u16 portno) const; + + private: + void mapPort(u16 *portno, u8 *protocol) const; + /* Get Port structure from PortList structure.*/ + const Port *lookupPort(u16 portno, u8 protocol) const; + Port *createPort(u16 portno, u8 protocol); + /* Set Port structure to PortList structure.*/ + void setPortEntry(u16 portno, u8 protocol, Port *port); + + /* A string identifying the system these ports are on. Just used for + printing open ports, if it is set with setIdStr() */ + char *idstr; + /* Number of ports in each state per each protocol. */ + int state_counts_proto[PORTLIST_PROTO_MAX][PORT_HIGHEST_STATE]; + Port **port_list[PORTLIST_PROTO_MAX]; + protected: + /* Maps port_number to index in port_list array. + * Only functions: getPortEntry, setPortEntry, initializePortMap and + * nextPort should access this structure directly. */ + static u16 *port_map[PORTLIST_PROTO_MAX]; + static u16 *port_map_rev[PORTLIST_PROTO_MAX]; + /* Number of allocated elements in port_list per each protocol. */ + static int port_list_count[PORTLIST_PROTO_MAX]; + Port default_port_state[PORTLIST_PROTO_MAX]; +}; + +#endif + |