Path: blob/master/DDOS Scripts/AMP Methods/EPMAP Amplification/scan.c
4607 views
#include <pcap.h>1#include <stdio.h>2#include <stdlib.h> // for exit()3#include <string.h> //for memset4#include <sys/ioctl.h>5#include <net/if.h>6#include <sys/socket.h>7#include <arpa/inet.h> // for inet_ntoa()8#include <net/ethernet.h>9#include <netinet/udp.h> //Provides declarations for udp header10#include <netinet/ip.h> //Provides declarations for ip header11#include <pthread.h>12#include <semaphore.h>13#include <signal.h>14#include <sys/resource.h>15#include <unistd.h>16static unsigned int payloadsize = 1;17static unsigned int xport = 135;18void process_packet(void *args, struct pcap_pkthdr *header, void *buffer);1920struct buffer21{22void *data;23int size;24struct buffer *next;25struct buffer *prev;26};27struct buffer *head;2829char *ipv4;30int processed,over,total,i,j;31struct sockaddr_in dest;32pthread_mutex_t buf_mutex = PTHREAD_MUTEX_INITIALIZER;33sem_t loop_sem;34int running_threads = 0;35volatile int found_srvs = 0;36volatile unsigned long per_thread = 0;37volatile unsigned long start = 0;38volatile unsigned long scanned = 0;39int sleep_between = 0;40volatile int bytes_sent = 0;41volatile unsigned long hosts_done = 0;42FILE *fd;4344void *readthread()45{46struct buffer *ourhead = head;47struct sockaddr_in saddr;48while(1)49{50sem_wait(&loop_sem);51while(ourhead->data == NULL){ ourhead = ourhead->next; }52pthread_mutex_lock(&buf_mutex);53void *buf = malloc(ourhead->size);54int size = ourhead->size;55memcpy(buf, ourhead->data, ourhead->size);56free(ourhead->data);57ourhead->data = NULL;58ourhead->size = 0;59pthread_mutex_unlock(&buf_mutex);60memset(&saddr, 0, sizeof(saddr));61struct iphdr *iph = (struct iphdr*)(buf + sizeof(struct ethhdr));62saddr.sin_addr.s_addr = iph->saddr;63struct udphdr *udph = (struct udphdr *)(buf + sizeof(struct ethhdr) + sizeof(struct iphdr));64if(ntohs(udph->source) == xport)65{66int body_length = size - sizeof(struct ethhdr) - sizeof(struct iphdr) - sizeof(struct udphdr);67fprintf(fd,"%s %d\n",inet_ntoa(saddr.sin_addr),body_length);68fflush(fd);69found_srvs++;70}71free(buf);72processed++;73ourhead = ourhead->next;74}75}7677void *flood(void *par1)78{79running_threads++;80int thread_id = (int)par1;81unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));82unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));83unsigned long w;84int y;85unsigned char buf[65536];86memcpy(buf, " ", payloadsize);87int sizeofpayload = payloadsize;88int sock;89if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {90perror("cant open socket");91exit(-1);92}93for(w=ntohl(start_ip);w<htonl(end);w++)94{95struct sockaddr_in servaddr;96bzero(&servaddr, sizeof(servaddr));97servaddr.sin_family = AF_INET;98servaddr.sin_addr.s_addr=htonl(w);99servaddr.sin_port=htons(xport);100sendto(sock,(char *)buf,sizeofpayload,0, (struct sockaddr *)&servaddr,sizeof(servaddr));101bytes_sent+=sizeofpayload;102scanned++;103hosts_done++;104usleep(sleep_between*1000);105}106close(sock);107running_threads--;108return;109}110111void sighandler(int sig)112{113fclose(fd);114printf("\n");115exit(0);116}117118void *printthread(void *argvs)119{120char **argv = (char **)argvs;121int threads = atoi(argv[4]);122pthread_t thread;123sleep(1);124char *str_start = malloc(18);125memset(str_start, 0, 18);126str_start = argv[1];127char *str_end = malloc(18);128memset(str_end, 0, 18);129str_end = argv[2];130start = inet_addr(str_start);131per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;132unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));133int i;134for(i = 0;i<threads;i++){135pthread_create( &thread, NULL, &flood, (void *) i);136}137sleep(1);138char *temp = (char *)malloc(17);139memset(temp, 0, 17);140sprintf(temp, "Found");141printf("%-16s", temp);142memset(temp, 0, 17);143sprintf(temp, "Host/s");144printf("%-16s", temp);145memset(temp, 0, 17);146sprintf(temp, "B/s");147printf("%-16s", temp);148memset(temp, 0, 17);149sprintf(temp, "Running Thrds");150printf("%-16s", temp);151memset(temp, 0, 17);152sprintf(temp, "Done");153printf("%s", temp);154printf("\n");155156char *new;157new = (char *)malloc(16*6);158while (running_threads > 0)159{160printf("\r");161memset(new, '\0', 16*6);162sprintf(new, "%s|%-15lu", new, found_srvs);163sprintf(new, "%s|%-15d", new, scanned);164sprintf(new, "%s|%-15d", new, bytes_sent);165sprintf(new, "%s|%-15d", new, running_threads);166memset(temp, 0, 17);167int percent_done=((double)(hosts_done)/(double)(toscan))*100;168sprintf(temp, "%d%%", percent_done);169sprintf(new, "%s|%s", new, temp);170printf("%s", new);171fflush(stdout);172bytes_sent=0;173scanned = 0;174sleep(1);175}176printf("\n");177fclose(fd);178exit(0);179}180181int main(int argc, char *argv[ ])182{183if(argc < 6){184fprintf(stderr, "Invalid parameters!\n");185fprintf(stdout, "Usage: %s <ip range start (192.168.0.0)> <ip range end (192.168.255.255)> <outfile> <threads> <scan delay in ms>\n", argv[0]);186exit(-1);187}188fd = fopen(argv[3], "a");189sleep_between = atoi(argv[5]);190int num_threads = atoi(argv[4]);191192const rlim_t kOpenFD = 1024 + (num_threads * 2);193struct rlimit rl;194int result;195rl.rlim_cur = kOpenFD;196rl.rlim_max = kOpenFD;197result = setrlimit(RLIMIT_NOFILE, &rl);198if (result != 0)199{200perror("setrlimit_nofile");201fprintf(stderr, "setrlimit_nofile returned result = %d\n", result);202}203bzero(&rl, sizeof(struct rlimit));204rl.rlim_cur = 256 * 1024;205rl.rlim_max = 4096 * 1024;206result = setrlimit(RLIMIT_STACK, &rl);207if (result != 0)208{209perror("setrlimit_stack");210fprintf(stderr, "setrlimit_stack returned result = %d\n", result);211}212213signal(SIGINT, &sighandler);214215pcap_if_t *alldevsp;216pcap_t *handle; //Handle of the device that shall be sniffed217218char errbuf[100] , *devname , devs[100][100];219int count = 1 , n;220221if( pcap_findalldevs( &alldevsp , errbuf) )222{223exit(1);224}225226devname = alldevsp->name;227ipv4 = malloc(16);228bzero(ipv4, 16);229struct ifreq ifc;230int res;231int sockfd = socket(AF_INET, SOCK_DGRAM, 0);232233if(sockfd < 0) exit(-1);234strcpy(ifc.ifr_name, devname);235res = ioctl(sockfd, SIOCGIFADDR, &ifc);236close(sockfd);237if(res < 0) exit(-1);238strcpy(ipv4, inet_ntoa(((struct sockaddr_in*)&ifc.ifr_addr)->sin_addr));239printf("Opening device %s for sniffing ... " , devname);240handle = pcap_open_live(devname , 65536 , 1 , 0 , errbuf);241242if (handle == NULL)243{244fprintf(stderr, "Couldn't open device %s : %s\n" , devname , errbuf);245exit(1);246}247printf("Done\n");248249sem_init(&loop_sem, 0, -1);250i = 1024*1000;251while(i--)252{253if(head == NULL)254{255head = (struct buffer *)malloc(sizeof(struct buffer));256bzero(head, sizeof(struct buffer));257head->data = NULL;258head->size = 0;259head->next = head;260head->prev = head;261} else {262struct buffer *new_node = (struct buffer *)malloc(sizeof(struct buffer));263bzero(new_node, sizeof(struct buffer));264new_node->data = NULL;265new_node->size = 0;266new_node->prev = head;267new_node->next = head->next;268head->next = new_node;269}270}271272pthread_t prnthread;273pthread_create( &prnthread, NULL, &printthread, (void *)argv);274pthread_t redthread;275pthread_create( &redthread, NULL, &readthread, NULL);276277pcap_loop(handle , -1 , process_packet , NULL);278279return 0;280}281282void process_packet(void *args, struct pcap_pkthdr *header, void *buffer)283{284int size = header->len;285286//Get the IP Header part of this packet , excluding the ethernet header287struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr));288memset(&dest, 0, sizeof(dest));289dest.sin_addr.s_addr = iph->daddr;290291if(iph->protocol == 17 && strcmp(inet_ntoa(dest.sin_addr), ipv4) == 0)292{293//toss into buffer294if(head->data != NULL) over++;295pthread_mutex_lock(&buf_mutex);296void *temp = malloc(size);297memcpy(temp, buffer, size);298head->data = temp;299head->size = size;300head = head->next;301pthread_mutex_unlock(&buf_mutex);302sem_post(&loop_sem);303total++;304}305}306307