Learn How to Use C to Hack Systems - Part 1
Port Scanner in C
The Three step Process for creating a Port Scanner
Step 1: Creating the main()
We create a main()function that takes in the required arguments (server_ip, start_port, end_port). The server IP must be IPv4, though we can extend it to accept IPv6 as well. Try it yourself !!
int main(int argc, char *argv[])
{
if (argc < 4)
{
printf ("Please enter the server IP address"
" and range of ports to be scanned\n");
printf ("USAGE: %s IPv4 First_Port Last_Port\n",
argv[0]);
exit(1);
}
char tIP[16] = {0};
strcpy(tIP, argv[1]); // Copy the IPv4 address
char First_Port[6] = {0};
strcpy(First_Port, argv[2]); // Copy the start_port
char Last_Port[6] = {0};
strcpy(Last_Port, argv[3]); // Copy the end_port
// Start port-scanner
port_scanner(tIP, First_Port, Last_Port);
return 0;
}
Step 2: Creating the port_scanner()
Create a new function, port_scanner(). We traverse through all the ports in range provided and then check against each one of them.
Create a “struct addrinfo hints” and initialize it with proper values.
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
‘hints’ is an optional pointer to a struct addrinfo, as defined by . This structure can be used to provide hints concerning the type of socket that the caller supports or wishes to use. – from the FreeBSD man page.
Initialize a pointer for the server_address that we will obtain from the server.
Now, call “getaddrinfo(tIP, tport, &hints, &serv_addr)” with proper parameters. The getaddrinfo() function allocates and initializes a linked list of addrinfo structures, one for each network address that matches node and service, subject to any restrictions imposed by hints, and returns a pointer to the start of the list in the 4th paraments, in this case “serv_addr”. The items in the linked list are linked by the ai_next field.
Additional Info:
There are several reasons why the linked list may have more than one addrinfo structure, including: the network host is multihomed, accessible over multiple protocols (e.g., both AF_INET and AF_INET6); or the same service is available from multiple socket types (one SOCK_STREAM address and another SOCK_DGRAM address, for example).
Normally, the application should try using the addresses in the order in which they are returned.
Step 3: Connecting against the sockets
Traverse through all the addrinfo received in the linked list, and create a socket. The values for the “socket()” are present in the addrinfo struct obtained above. (Each node of the linked_list is traversed using the pointer “temp”.)
sockfd = socket(temp->ai_family, temp->ai_socktype,
temp->ai_protocol);
if (sockfd < 0)
{
printf("Port %d is NOT open.\n", port);
continue;
}
If the socket creation fails, then try using the values in other nodes. Once socket creation succeeds, try connecting to it using the “connect()”. If the connection is a success, then congratulations, the socket is OPEN, else try with the other addrinfo nodes. If none of them works from the linked_list, then the socket is CLOSED. Here is the code for the same,
status = connect(sockfd, temp->ai_addr,
temp->ai_addrlen);
if (status<0)
{
printf("Port %d is NOT open.\n", port);
close(sockfd);
continue;
}
printf("Port %d is open.\n", port);
close(sockfd);
The “freeaddrinfo()” function frees the memory that was allocated for the dynamically allocated linked list “serv_addr”. It is a good practice to use this instead of “free()”.
Please find the code link at here.
Comments
Post a Comment