-
Notifications
You must be signed in to change notification settings - Fork 0
/
nmap.h
268 lines (225 loc) · 9.77 KB
/
nmap.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
/***************************************************************************
* nmap.h -- Currently handles some of Nmap's port scanning features as *
* well as the command line user interface. Note that the actual main() *
* function is in main.c *
* *
***********************IMPORTANT NMAP LICENSE TERMS************************
*
* The Nmap Security Scanner is (C) 1996-2023 Nmap Software LLC ("The Nmap
* Project"). Nmap is also a registered trademark of the Nmap Project.
*
* This program is distributed under the terms of the Nmap Public Source
* License (NPSL). The exact license text applying to a particular Nmap
* release or source code control revision is contained in the LICENSE
* file distributed with that version of Nmap or source code control
* revision. More Nmap copyright/legal information is available from
* https://nmap.org/book/man-legal.html, and further information on the
* NPSL license itself can be found at https://nmap.org/npsl/ . This
* header summarizes some key points from the Nmap license, but is no
* substitute for the actual license text.
*
* Nmap is generally free for end users to download and use themselves,
* including commercial use. It is available from https://nmap.org.
*
* The Nmap license generally prohibits companies from using and
* redistributing Nmap in commercial products, but we sell a special Nmap
* OEM Edition with a more permissive license and special features for
* this purpose. See https://nmap.org/oem/
*
* If you have received a written Nmap license agreement or contract
* stating terms other than these (such as an Nmap OEM license), you may
* choose to use and redistribute Nmap under those terms instead.
*
* The official Nmap Windows builds include the Npcap software
* (https://npcap.com) for packet capture and transmission. It is under
* separate license terms which forbid redistribution without special
* permission. So the official Nmap Windows builds may not be redistributed
* without special permission (such as an Nmap OEM license).
*
* Source is provided to this software because we believe users have a
* right to know exactly what a program is going to do before they run it.
* This also allows you to audit the software for security holes.
*
* Source code also allows you to port Nmap to new platforms, fix bugs, and add
* new features. You are highly encouraged to submit your changes as a Github PR
* or by email to the [email protected] mailing list for possible incorporation into
* the main distribution. Unless you specify otherwise, it is understood that
* you are offering us very broad rights to use your submissions as described in
* the Nmap Public Source License Contributor Agreement. This is important
* because we fund the project by selling licenses with various terms, and also
* because the inability to relicense code has caused devastating problems for
* other Free Software projects (such as KDE and NASM).
*
* The free version of Nmap is distributed in the hope that it will be
* useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
* indemnification and commercial support are all available through the
* Npcap OEM program--see https://nmap.org/oem/
*
***************************************************************************/
/* $Id$ */
#ifndef NMAP_H
#define NMAP_H
/************************INCLUDES**********************************/
#ifdef HAVE_CONFIG_H
#include "nmap_config.h"
#else
#ifdef WIN32
#include "nmap_winconfig.h"
#endif /* WIN32 */
#endif /* HAVE_CONFIG_H */
#ifdef __amigaos__
#include "nmap_amigaos.h"
#endif
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_BSTRING_H
#include <bstring.h>
#endif
/* Keep assert() defined for security reasons */
#undef NDEBUG
#include <assert.h>
/*#include <net/if_arp.h> *//* defines struct arphdr needed for if_ether.h */
// #if HAVE_NET_IF_H
// #ifndef NET_IF_H /* why doesn't OpenBSD do this?! */
// #include <net/if.h>
// #define NET_IF_H
// #endif
// #endif
// #if HAVE_NETINET_IF_ETHER_H
// #ifndef NETINET_IF_ETHER_H
// #include <netinet/if_ether.h>
// #define NETINET_IF_ETHER_H
// #endif /* NETINET_IF_ETHER_H */
// #endif /* HAVE_NETINET_IF_ETHER_H */
/******* DEFINES ************/
#ifdef NMAP_OEM
#include "../nmap-build/nmap-oem.h"
#endif
#ifndef NMAP_NAME
#define NMAP_NAME "Nmap"
#endif
#define NMAP_URL "https://nmap.org"
#define _STR(X) #X
#define STR(X) _STR(X)
#ifndef NMAP_VERSION
/* Edit this definition only within the quotes, because it is read from this
file by the makefiles. */
#define NMAP_MAJOR 7
#define NMAP_MINOR 94
#define NMAP_BUILD 1
/* SVN, BETA, etc. */
#define NMAP_SPECIAL "SVN"
#define NMAP_VERSION STR(NMAP_MAJOR) "." STR(NMAP_MINOR) NMAP_SPECIAL
#define NMAP_NUM_VERSION STR(NMAP_MAJOR) "." STR(NMAP_MINOR) "." STR(NMAP_BUILD) ".0"
#endif
#define NMAP_XMLOUTPUTVERSION "1.05"
/* User configurable #defines: */
#define MAX_PROBE_PORTS 10 /* How many TCP probe ports are allowed ? */
/* Default number of ports in parallel. Doesn't always involve actual
sockets. Can also adjust with the -M command line option. */
#define MAX_SOCKETS 36
#define MAX_TIMEOUTS MAX_SOCKETS /* How many timed out connection attempts
in a row before we decide the host is
dead? */
#define DEFAULT_TCP_PROBE_PORT 80 /* The ports TCP ping probes go to if
unspecified by user -- uber hackers
change this to 113 */
#define DEFAULT_TCP_PROBE_PORT_SPEC STR(DEFAULT_TCP_PROBE_PORT)
#define DEFAULT_UDP_PROBE_PORT 40125 /* The port UDP ping probes go to
if unspecified by user */
#define DEFAULT_UDP_PROBE_PORT_SPEC STR(DEFAULT_UDP_PROBE_PORT)
#define DEFAULT_SCTP_PROBE_PORT 80 /* The port SCTP probes go to
if unspecified by
user */
#define DEFAULT_SCTP_PROBE_PORT_SPEC STR(DEFAULT_SCTP_PROBE_PORT)
#define DEFAULT_PROTO_PROBE_PORT_SPEC "1,2,4" /* The IPProto ping probes to use
if unspecified by user */
#define MAX_DECOYS 128 /* How many decoys are allowed? */
/* TCP Options for TCP SYN probes: MSS 1460 */
#define TCP_SYN_PROBE_OPTIONS "\x02\x04\x05\xb4"
#define TCP_SYN_PROBE_OPTIONS_LEN (sizeof(TCP_SYN_PROBE_OPTIONS)-1)
/* Default maximum send delay between probes to the same host */
#ifndef MAX_TCP_SCAN_DELAY
#define MAX_TCP_SCAN_DELAY 1000
#endif
#ifndef MAX_UDP_SCAN_DELAY
#define MAX_UDP_SCAN_DELAY 1000
#endif
#ifndef MAX_SCTP_SCAN_DELAY
#define MAX_SCTP_SCAN_DELAY 1000
#endif
/* Maximum number of extra hostnames, OSs, and devices, we
consider when outputting the extra service info fields */
#define MAX_SERVICE_INFO_FIELDS 5
/* We wait at least 100 ms for a response by default - while that
seems aggressive, waiting too long can cause us to fail to detect
drops until many probes later on extremely low-latency
networks (such as localhost scans). */
#ifndef MIN_RTT_TIMEOUT
#define MIN_RTT_TIMEOUT 100
#endif
#ifndef MAX_RTT_TIMEOUT
#define MAX_RTT_TIMEOUT 10000 /* Never allow more than 10 secs for packet round
trip */
#endif
#define INITIAL_RTT_TIMEOUT 1000 /* Allow 1 second initially for packet responses */
#define INITIAL_ARP_RTT_TIMEOUT 200 /* The initial timeout for ARP is lower */
#ifndef MAX_RETRANSMISSIONS
#define MAX_RETRANSMISSIONS 10 /* 11 probes to port at maximum */
#endif
/* Number of hosts we pre-ping and then scan. We do a lot more if
randomize_hosts is set. Every one you add to this leads to ~1K of
extra always-resident memory in nmap */
#define PING_GROUP_SZ 4096
/* DO NOT change stuff after this point */
#define UC(b) (((int)b)&0xff)
#define SA struct sockaddr /*Ubertechnique from R. Stevens */
#define HOST_UNKNOWN 0
#define HOST_UP 1
#define HOST_DOWN 2
#define PINGTYPE_UNKNOWN 0
#define PINGTYPE_NONE 1
#define PINGTYPE_ICMP_PING 2
#define PINGTYPE_ICMP_MASK 4
#define PINGTYPE_ICMP_TS 8
#define PINGTYPE_TCP 16
#define PINGTYPE_TCP_USE_ACK 32
#define PINGTYPE_TCP_USE_SYN 64
/* # define PINGTYPE_RAWTCP 128 used to be here, but was never used. */
#define PINGTYPE_CONNECTTCP 256
#define PINGTYPE_UDP 512
/* #define PINGTYPE_ARP 1024 // Not used; see o.implicitARPPing */
#define PINGTYPE_PROTO 2048
#define PINGTYPE_SCTP_INIT 4096
/* Empirically determined optimum combinations of different numbers of probes:
-PE
-PE -PA80
-PE -PA80 -PS443
-PE -PA80 -PS443 -PP
-PE -PA80 -PS443 -PP -PU40125
We use the four-probe combination. */
#define DEFAULT_IPV4_PING_TYPES (PINGTYPE_ICMP_PING|PINGTYPE_TCP|PINGTYPE_TCP_USE_ACK|PINGTYPE_TCP_USE_SYN|PINGTYPE_ICMP_TS)
#define DEFAULT_IPV6_PING_TYPES (PINGTYPE_ICMP_PING|PINGTYPE_TCP|PINGTYPE_TCP_USE_ACK|PINGTYPE_TCP_USE_SYN)
#define DEFAULT_PING_ACK_PORT_SPEC "80"
#define DEFAULT_PING_SYN_PORT_SPEC "443"
/* For nonroot. */
#define DEFAULT_PING_CONNECT_PORT_SPEC "80,443"
/* The max length of each line of the subject fingerprint when
wrapped. */
#define FP_RESULT_WRAP_LINE_LEN 74
/* Length of longest DNS name */
#define FQDN_LEN 254
/* Max payload: Worst case is IPv4 with 40bytes of options and TCP with 20
* bytes of options. */
#define MAX_PAYLOAD_ALLOWED 65535-60-40
#ifndef recvfrom6_t
# define recvfrom6_t int
#endif
/***********************PROTOTYPES**********************************/
/* Renamed main so that interactive mode could preprocess when necessary */
int nmap_main(int argc, char *argv[]);
int nmap_fetchfile(char *filename_returned, int bufferlen, const char *file);
int gather_logfile_resumption_state(char *fname, int *myargc, char ***myargv);
#endif /* NMAP_H */