CScanner Documentation

using namespace CScanner;

typedef unsigned int u32;
typedef unsigned short int u16;
typedef unsigned char u8;

Public Data Members

class scan_data {
  public:
  scan_data() { };
  scan_data(scan_data* in) : s1(in->s1), s2(in->s2), s3(in->s3), s4(in->s4),
  e1(in->e1), e2(in->e2), e3(in->e3), e4(in->e4)
  { };
  u8 s1;
  u8 s2;
  u8 s3;
  u8 s4;
  u8 e1;
  u8 e2;
  u8 e3;
  u8 e4;
  // this means:
  // scan hosts from s1.s2.s3.s4 to e1.e2.e3.e4
};
scan_data input_data;

This is the data member where the ip address that need to be scanned are kept.

bool ports_first;

If set to false ( default ), the first port is scanned on all hosts, then the next port is scanned on all hosts. If set to true all ports on a host are scanned then next host is scanned.

u32 scan_speed;

This is the number of microseconds to wait between sending out SYN packets. By default 25.

u32 wait_seconds;

This is the number of seconds to wait after sending out the last SYN packet. By default 3.

Public Functions

CScanner();

Basic constructor.

bool start_syn_scan();

Starts the SYN scan. Returns true on success, false otherwise.

bool start_ping_scan();

Starts the PING scan. Returns true on success, false otherwise.

void populate_port_list(const char*);

Parses a command line parameter and populates the port list. The command line should consist of port number separated by ',' like: 21,25,53,80. It can also contain a range of ports. The first and last port of the range should be separated by ':' or '-' like: 21-110 or 53:80. 

example:
    21-25,54,80,110,443,995

This means: scan ports 21 through 25 and ports 54, 80, 110, 443, 995

void populate_ip_addr(const char*);

Parses a command line parameter and populates the ip list. The command line should consist of an IPv4 address range. The first and last address should be separated by ':' or '-'. Like 213.167.0.1:213.167.255.255 or 66.217.213.1-66.217.222.255. If there is no ':' or '-' character included in the string only a the first IP address will be parsed. 

example:
    66.170.0.1:66.170.255.255

This means: scan IP addresses beginning from 66.170.0.1 to 66.170.255.255

example:
    217.12.102.64

This means: scan the IP address 217.12.102.64

void get_options(const char*);

Parses a command line parameter and sets basic options. These options are: 

-p scan all ports on single host then move to next host
   by default all hosts are scanned then the next port is checked
scanning with the -p option has proven to be significantlly faster in certain scenarios, due to a smaller amount of ARP requests that are performed if scanning IP addresses that aren't assigned to any host. 
-s seconds to wait after sending last packet, by default 3
-t delay between scanning packets in microseconds, by default 25
void set_output(void (*p)(char const*));

By default no output is produced. Use this to set an output function (like: void foo(const char *p) p - will be a pointer to a static buffer inside CScanner). When CScanner receives a reply (positive or negative) it passes a pointer to the header of the packet, to the function you set. To give you an idea, Colitas uses this output function when analyzing scanning responses. 

SYN scanning:

void syn_print_func(char const *buffer)
{
	iphdr *ip = (iphdr *)buffer;
	tcphdr *tcp = (tcphdr *)(buffer + sizeof(struct iphdr));
	u16 port = ntohs(tcp->source);
			
	if (tcp->ack && tcp->syn) {
		if (show_positive) {
			if (!simple) {
				printf("[open]");
				printf(" %-15s %5d ", inet_ntoa((in_addr&)ip->saddr), port);
							
				if (resolve_hostnames) {
					hostent *h = gethostbyaddr((const char*) &ip->saddr, 4, AF_INET );
					if (h)
						printf("[%s]", h->h_name);
				}
			} else {
				printf(" %-15s %5d ", inet_ntoa((in_addr&)ip->saddr), port);
				
			}
			printf("\n");
		}
	}
	if (tcp->rst && tcp->ack) {
		if (show_negative) {
			if (!simple) {
				printf("[closed]");
				printf(" %-15s %d ", inet_ntoa((in_addr&)ip->saddr), port);
							
				if (resolve_hostnames) {
					hostent *h = gethostbyaddr((const char*) &ip->saddr, 4, AF_INET );
					if (h)
						printf("[%s]", h->h_name);
				}
			} else {
				printf(" %-15s %5d ", inet_ntoa((in_addr&)ip->saddr), port);
			}
			printf("\n");
		}
	}
	fflush(stdout);
	return;
}

PING scanning:

void ping_print_func(char const *buffer)
{
	iphdr *ip = (iphdr *)buffer;
	
	if (!simple) {
		printf("[found]");
		printf(" %-15s replied ", inet_ntoa((in_addr&)ip->saddr));
							
		if (resolve_hostnames) {
			hostent *h = gethostbyaddr((const char*) &ip->saddr, 4, AF_INET );
			if (h)
				printf("[%s]", h->h_name);
		}
	} else {
		printf(" %-15s", inet_ntoa((in_addr&)ip->saddr));	
	}
	
	printf("\n");
	fflush(stdout);
	
	return;
}
u32 get_ports();

Returns the number of ports to scan on each host.

u32 get_hosts();

Returns the number of hosts.


For Your Eyes Only
"I've learned that people will forget what you said, people will forget what you did, but people will never forget how you made them feel."

Last update: Saturday, 04th December, 2010
Copyright © 2001-2012 by Lukasz Tomicki