/* **************************************** * Mapem v0.2 * Remote service mapper * Written by Zapotek * ***************************************/ #include #include #include #include #include #include #include #include #include #include #include #define VERSION "v0.1" void usage( char * ); struct ports { int number; char service[20]; }; struct ports *scan( char *, int, int, int ); int main( int argc, char **argv ){ time_t t1 = 0, t2 = 0; int start = 0; int end = 0; struct hostent *he; struct sockaddr_in their_addr; int portcount = 0; int verbose; verbose = ( getopt( argc, argv, "v:" ) > 0 ) ? 1 : 0 ; // check arguments if( argc < 4 ){ usage( argv[0] ); exit( 1 ); } start = atoi( argv[2] ); end = atoi( argv[3] ); struct ports *open_ports = ( struct ports* ) calloc( end - start, sizeof ( struct ports ) ); // get host's IP address if ( ( he = gethostbyname( argv[1] ) ) == NULL ){ herror( "gethostbyname" ); exit( 1 ); } their_addr.sin_family = AF_INET; // host byte order their_addr.sin_addr = *( ( struct in_addr * ) he->h_addr ); printf( "Launching Mapem %s...\n\n", VERSION ); if( start > end ){ printf( "ERROR:\tStart port greater than end port...\n" ); exit( 0 ); } if( start < 0 || end > 65535 ){ printf( "ERROR:\tPort range must be between 0-65535.\n" ); exit( 0 ); } printf( "Target: %s", argv[1] ); printf( " [%s]\n", (char *) inet_ntoa( their_addr.sin_addr ) ); printf( "Start port: %d\tEnd port: %d\n\n", start, end ); time( &t1 ); // start timer open_ports = scan( argv[1], start, end, verbose ); if( open_ports == NULL ){ printf( "No open ports.\n" ); exit( 1 ); } printf( "Open ports on target:\n" ); printf( "PORT\t\tSERVICE\n" ); for( ; (*open_ports).number; open_ports++ ){ portcount++; printf( "%d", (*open_ports).number ); printf( "\t\t%s\n", (*open_ports).service ); } time( &t2 ); // stop timer printf( "\n%d TCP port(s) open.\n", portcount ); printf( "Scanned %d TCP ports in ", end - start ); printf( "%d seconds.\n", (int) (t2 - t1) ); return( 0 ); } struct ports *scan( char *target, int start, int end, int verbose ){ int status = 0; int sockfd, i, portcount = 0; struct sockaddr_in their_addr; struct servent *srv_name; char *name = ( char *) malloc( 20 ); struct hostent *he; struct ports *open_ports; open_ports = ( struct ports* ) calloc( end - start, sizeof ( struct ports ) ); // get host's IP address if ( ( he = gethostbyname( target ) ) == NULL ){ herror( "gethostbyname" ); exit( 1 ); } sockfd = socket( PF_INET, SOCK_STREAM, 0 ); // open socket // Typical error-trapper if ( sockfd < 0 ){ perror("socket"); exit( 1 ); } their_addr.sin_family = AF_INET; // host byte order their_addr.sin_addr = *( ( struct in_addr * ) he->h_addr ); for( i = start; i < end; i++ ){ // convert port number to network byte order & try to connect their_addr.sin_port = htons( i ); status = connect( sockfd, ( struct sockaddr *) &their_addr, sizeof( struct sockaddr ) ); if( verbose ){ printf( "Checking:\t%d\n", i ); perror( "socket" ); } if( status == 0 ){ // we got a connection aka open port // get the service's name srv_name = getservbyport( their_addr.sin_port, "tcp" ); if( srv_name != NULL ){ name = srv_name->s_name; } portcount++; (*open_ports).number = i; strcpy( (*open_ports).service, name ); name = "unknown"; open_ports++; close( sockfd ); // close socket sockfd = socket( PF_INET, SOCK_STREAM, 0 ); // open new socket if( sockfd < 0 ){ perror( "socket" ); return( 0 ); } } } close( sockfd ); // close socket return portcount ? ( open_ports - portcount ) : NULL ; } void usage( char *me ){ printf( "Mapem %s", VERSION ); printf( " by Zapotek \n" ); printf( "\t\t \n\n" ); printf( "Usage: %s \n\n", me); printf( "Options:\n" ); printf( "\t-v\t\tbe verbose\n" ); }