CScanner Documentation
using namespace CScanner; typedef unsigned int u32; typedef unsigned short int u16; typedef unsigned char u8;
Public Data Members
class scan_data { public: scan_data() { }; scan_data(scan_data* in) : s1(in->s1), s2(in->s2), s3(in->s3), s4(in->s4), e1(in->e1), e2(in->e2), e3(in->e3), e4(in->e4) { }; u8 s1; u8 s2; u8 s3; u8 s4; u8 e1; u8 e2; u8 e3; u8 e4; // this means: // scan hosts from s1.s2.s3.s4 to e1.e2.e3.e4 };scan_data input_data;
This is the data member where the ip address that need to be scanned are kept.
bool ports_first;If set to false ( default ), the first port is scanned on all hosts, then the next port is scanned on all hosts. If set to true all ports on a host are scanned then next host is scanned.
u32 scan_speed;This is the number of microseconds to wait between sending out SYN packets. By default 25.
u32 wait_seconds;This is the number of seconds to wait after sending out the last SYN packet. By default 3.
Public Functions
CScanner();Basic constructor.
bool start_syn_scan();Starts the SYN scan. Returns true on success, false otherwise.
bool start_ping_scan();Starts the PING scan. Returns true on success, false otherwise.
void populate_port_list(const char*);Parses a command line parameter and populates the port list. The command line should consist of port number separated by ',' like: 21,25,53,80. It can also contain a range of ports. The first and last port of the range should be separated by ':' or '-' like: 21-110 or 53:80.
example: 21-25,54,80,110,443,995
This means: scan ports 21 through 25 and ports 54, 80, 110, 443, 995
void populate_ip_addr(const char*);Parses a command line parameter and populates the ip list. The command line should consist of an IPv4 address range. The first and last address should be separated by ':' or '-'. Like 213.167.0.1:213.167.255.255 or 66.217.213.1-66.217.222.255. If there is no ':' or '-' character included in the string only a the first IP address will be parsed.
example: 66.170.0.1:66.170.255.255
This means: scan IP addresses beginning from 66.170.0.1 to 66.170.255.255
example: 217.12.102.64
This means: scan the IP address 217.12.102.64
void get_options(const char*);Parses a command line parameter and sets basic options. These options are:
-p scan all ports on single host then move to next host by default all hosts are scanned then the next port is checkedscanning with the -p option has proven to be significantlly faster in certain scenarios, due to a smaller amount of ARP requests that are performed if scanning IP addresses that aren't assigned to any host.
-s seconds to wait after sending last packet, by default 3 -t delay between scanning packets in microseconds, by default 25void set_output(void (*p)(char const*));
By default no output is produced. Use this to set an output function (like: void foo(const char *p) p - will be a pointer to a static buffer inside CScanner). When CScanner receives a reply (positive or negative) it passes a pointer to the header of the packet, to the function you set. To give you an idea, Colitas uses this output function when analyzing scanning responses.
SYN scanning: void syn_print_func(char const *buffer) { iphdr *ip = (iphdr *)buffer; tcphdr *tcp = (tcphdr *)(buffer + sizeof(struct iphdr)); u16 port = ntohs(tcp->source); if (tcp->ack && tcp->syn) { if (show_positive) { if (!simple) { printf("[open]"); printf(" %-15s %5d ", inet_ntoa((in_addr&)ip->saddr), port); if (resolve_hostnames) { hostent *h = gethostbyaddr((const char*) &ip->saddr, 4, AF_INET ); if (h) printf("[%s]", h->h_name); } } else { printf(" %-15s %5d ", inet_ntoa((in_addr&)ip->saddr), port); } printf("\n"); } } if (tcp->rst && tcp->ack) { if (show_negative) { if (!simple) { printf("[closed]"); printf(" %-15s %d ", inet_ntoa((in_addr&)ip->saddr), port); if (resolve_hostnames) { hostent *h = gethostbyaddr((const char*) &ip->saddr, 4, AF_INET ); if (h) printf("[%s]", h->h_name); } } else { printf(" %-15s %5d ", inet_ntoa((in_addr&)ip->saddr), port); } printf("\n"); } } fflush(stdout); return; } PING scanning: void ping_print_func(char const *buffer) { iphdr *ip = (iphdr *)buffer; if (!simple) { printf("[found]"); printf(" %-15s replied ", inet_ntoa((in_addr&)ip->saddr)); if (resolve_hostnames) { hostent *h = gethostbyaddr((const char*) &ip->saddr, 4, AF_INET ); if (h) printf("[%s]", h->h_name); } } else { printf(" %-15s", inet_ntoa((in_addr&)ip->saddr)); } printf("\n"); fflush(stdout); return; }u32 get_ports();
Returns the number of ports to scan on each host.
u32 get_hosts();Returns the number of hosts.
"If you don't understand the risks don't play the game."
Last update: Wednesday, 11th October, 2023 Copyright © 2001-2024 by Lukasz Tomicki |