OpenVAS Scanner  7.0.0~git
nasl_builtin_nmap.c
Go to the documentation of this file.
1 /* Copyright (C) 2011-2019 Greenbone Networks GmbH
2  *
3  * SPDX-License-Identifier: GPL-2.0-or-later
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version 2
8  * of the License, or (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  */
19 
49 #include "../misc/plugutils.h"
50 #include "nasl_lex_ctxt.h"
51 
52 #include <glib.h>
53 #include <gvm/base/logging.h>
54 #include <gvm/base/prefs.h> /* for prefs_get */
55 #include <gvm/util/kb.h>
56 #include <signal.h>
57 #include <stdio.h>
58 #include <stdlib.h>
59 #include <string.h>
60 #include <sys/types.h>
61 #include <sys/wait.h>
62 #include <unistd.h>
63 
67 #define CHUNK_LEN 512
68 
72 #define MAX_TRACE_HOPS 64
73 
77 #define NMAP_CMD "nmap"
78 
79 /* -- script options -- */
80 
84 #define PREF_TREAT_ALL_HOST_ONLINE "Treat all hosts as online"
85 
89 #define PREF_TRACEROUTE "Trace hop path to each host"
90 
95 #define PREF_NO_DNS "Disable DNS resolution"
96 
100 #define PREF_TCP_SCANNING_TECHNIQUE "TCP scanning technique"
101 
106 #define PREF_SERVICE_SCAN "Service scan"
107 
111 #define PREF_RPC_PORT_SCAN "RPC port scan"
112 
116 #define PREF_IDENTIFY_REMOTE_OS "Identify the remote OS"
117 
122 #define PREF_AGGRESSIVE_OS_DETECT "Aggressive OS detection"
123 
128 #define PREF_FRAGMENT_IP "Fragment IP packets (bypasses firewalls)"
129 
133 #define PREF_SOURCE_PORT "Source port"
134 
138 #define PREF_TIMING_POLICY "Timing policy"
139 
144 #define PREF_HOST_TIMEOUT "Host Timeout (ms)"
145 
150 #define PREF_MIN_RTT_TIMEOUT "Min RTT Timeout (ms)"
151 
156 #define PREF_MAX_RTT_TIMEOUT "Max RTT Timeout (ms)"
157 
162 #define PREF_INITIAL_RTT_TIMEOUT "Initial RTT timeout (ms)"
163 
168 #define PREF_MIN_PARALLELISM "Ports scanned in parallel (min)"
169 
174 #define PREF_MAX_PARALLELISM "Ports scanned in parallel (max)"
175 
180 #define PREF_MIN_HOSTGROUP "Hosts scanned in parallel (min)"
181 
186 #define PREF_MAX_HOSTGROUP "Hosts scanned in parallel (max)"
187 
191 #define PREF_INTERPROBE_DELAY "Minimum wait between probes (ms)"
192 
197 #define PREF_EXCLUDE_HOSTS "Exclude hosts"
198 
202 #define PREF_IMPORT_XML_FILE "File containing XML results"
203 
207 #define OPT_SET "yes"
208 
212 #define OPT_UNSET "no"
213 
218 {
219  gchar *name;
220  gchar *output;
221 };
222 
227 {
228  gchar *addr;
229  gchar *host;
230  gchar *rtt;
231 };
232 
236 struct nmap_port
237 {
238  gchar *proto;
239  gchar *portno;
240  gchar *state;
241  gchar *service;
243  gchar *
245  GSList *port_scripts;
246  GSList
248 };
249 
257 struct nmap_host
258 {
259  gchar *addr;
260  gchar *state;
261  gchar *best_os;
262  gchar *tcpseq_index;
264  gchar *ipidseq;
266  int distance;
269  GSList *host_scripts;
270  GSList *ports;
271  GSList *os_cpes;
272 };
273 
278 {
279  GHashTable *opentag;
280  GHashTable *closetag;
282  gboolean in_host;
283  gboolean in_ports;
284  gboolean in_port;
285  gboolean in_hostscript;
286  gboolean enable_read;
287  gchar *rbuff;
288 };
289 
293 typedef struct
294 {
295  /* Command line generation */
296  gchar **args;
297  int arg_idx;
298 
299  /* External XML file parsing */
300  const gchar *filename;
301 
302  /* General execution environment */
303  struct script_infos *env;
304 
305  /* OID of this NVT */
306  const char *oid;
307 
308  /* XML parsing states */
309  struct nmap_parser parser;
310 
311  struct nmap_host tmphost;
312  struct nmap_port tmpport;
313 } nmap_t;
314 
318 typedef struct
319 {
320  gchar *optname;
321  gchar *flag;
322  gboolean argument_required;
323 } nmap_opt_t;
324 
325 /* --------------------- INTERNAL FUNCTIONS PROTOTYPES ---------------------- */
326 
327 /*
328  * Nmap handler ctor/dtor.
329  */
330 static nmap_t *
331 nmap_create (lex_ctxt *lexic);
332 static void
333 nmap_destroy (nmap_t *nmap);
334 
335 /*
336  * Command line generation from supplied options and parameters.
337  */
338 static int
339 build_cmd_line (nmap_t *nmap);
340 static int
341 add_arg (nmap_t *nmap, const gchar *name, const gchar *value);
342 static int
343 add_nse_arguments (nmap_t *nmap);
344 static gchar *
345 get_script_list (nmap_t *nmap);
346 static gchar *
347 get_script_args (nmap_t *nmap);
348 static int
350 static int
352 static int
353 add_portrange (nmap_t *nmap);
354 static void
355 setup_xml_parser (nmap_t *nmap);
356 static void
357 set_opentag_callbacks (GHashTable *open);
358 static void
359 set_closetag_callbacks (GHashTable *close);
360 static int
361 add_target (nmap_t *nmap);
362 static void
364 
365 /*
366  * Execution control and high level results parsing.
367  */
368 static void
369 sig_h ();
370 static void
371 sig_c ();
372 static int
373 nmap_run_and_parse (nmap_t *nmap);
374 static void
375 current_host_reset (nmap_t *nmap);
376 static void
377 port_destroy (gpointer data, gpointer udata);
378 static void
379 nse_script_destroy (gpointer data, gpointer udata);
380 static void
381 simple_item_destroy (gpointer data, gpointer udata);
382 static void
383 tmphost_add_port (nmap_t *nmap);
384 static void
385 tmphost_add_nse_hostscript (nmap_t *nmap, gchar *name, gchar *output);
386 static void
387 tmphost_add_nse_portscript (nmap_t *nmap, gchar *name, gchar *output);
388 
389 /*
390  * Top level callbacks to handle opening/closing XML elements.
391  */
392 static void
393 xml_start_element (GMarkupParseContext *context, const gchar *element_name,
394  const gchar **attribute_names,
395  const gchar **attribute_values, gpointer user_data,
396  GError **error);
397 static void
398 xml_end_element (GMarkupParseContext *context, const gchar *element_name,
399  gpointer user_data, GError **error);
400 
401 static void
402 xml_read_text (GMarkupParseContext *context, const gchar *text, gsize text_len,
403  gpointer user_data, GError **error);
404 
405 /*
406  * Callbacks for opening recognized elements.
407  */
408 static void
409 xmltag_open_host (nmap_t *nmap, const gchar **attrnames, const gchar **attrval);
410 static void
411 xmltag_open_status (nmap_t *nmap, const gchar **attrnames,
412  const gchar **attrval);
413 static void
414 xmltag_open_address (nmap_t *nmap, const gchar **attrnames,
415  const gchar **attrval);
416 static void
417 xmltag_open_ports (nmap_t *nmap, const gchar **attrnames,
418  const gchar **attrval);
419 static void
420 xmltag_open_port (nmap_t *nmap, const gchar **attrnames, const gchar **attrval);
421 static void
422 xmltag_open_state (nmap_t *nmap, const gchar **attrnames,
423  const gchar **attrval);
424 static void
425 xmltag_open_service (nmap_t *nmap, const gchar **attrnames,
426  const gchar **attrval);
427 static void
428 xmltag_open_cpe (nmap_t *nmap, const gchar **attrnames, const gchar **attrval);
429 static void
430 xmltag_open_hostscript (nmap_t *nmap, const gchar **attrnames,
431  const gchar **attrval);
432 static void
433 xmltag_open_osmatch (nmap_t *nmap, const gchar **attrnames,
434  const gchar **attrval);
435 static void
436 xmltag_open_script (nmap_t *nmap, const gchar **attrnames,
437  const gchar **attrval);
438 static void
439 xmltag_open_tcpsequence (nmap_t *nmap, const gchar **attrnames,
440  const gchar **attrval);
441 static void
442 xmltag_open_ipidsequence (nmap_t *nmap, const gchar **attrnames,
443  const gchar **attrval);
444 static void
445 xmltag_open_hop (nmap_t *nmap, const gchar **attrnames, const gchar **attrval);
446 static void
447 xmltag_open_distance (nmap_t *nmap, const gchar **attrnames,
448  const gchar **attrval);
449 
450 /*
451  * Callbacks for closing recognized elements.
452  */
453 static void
454 xmltag_close_host (nmap_t *nmap);
455 static void
456 xmltag_close_ports (nmap_t *nmap);
457 static void
458 xmltag_close_port (nmap_t *nmap);
459 static void
460 xmltag_close_cpe (nmap_t *nmap);
461 static void
463 
464 /*
465  * Helper function to get the strdup'ed value of a given attribute.
466  */
467 static gchar *
468 get_attr_value (const gchar *name, const gchar **attribute_names,
469  const gchar **attribute_values);
470 
471 /*
472  * Store host results in the KB.
473  */
474 static void
476 static void
477 save_host_state (nmap_t *nmap);
478 static void
479 save_open_ports (nmap_t *nmap);
480 static void
481 register_service (nmap_t *nmap, struct nmap_port *p);
482 static void
483 save_detected_os (nmap_t *nmap);
484 static void
486 static void
488 static void
490 static void
491 save_portscripts (nmap_t *nmap);
492 static void
493 save_hostscripts (nmap_t *nmap);
494 
495 /* -------------------------------------------------------------------------- */
496 
497 /* PID of the nmap subprocess. Declared global for access from within
498  * sighandlers. */
499 static pid_t pid = 0;
500 
508 tree_cell *
510 {
511  nmap_t *nmap;
512 
513  g_debug ("Starting Nmap builtin wrapper\n");
514 
515  /* Initialize our nmap handler */
516  if ((nmap = nmap_create (lexic)) == NULL)
517  {
518  g_debug ("Unable to initialize Nmap\n");
519  return NULL;
520  }
521 
522  /* Execute nmap and store results */
523  nmap_run_and_parse (nmap);
524 
525  /* release resources */
526  nmap_destroy (nmap);
527 
528  return FAKE_CELL;
529 }
530 
539 nmap_t *
541 {
542  gchar *pref;
543  nmap_t *nmap;
544 
545  nmap = (nmap_t *) g_malloc0 (sizeof (nmap_t));
546 
547  nmap->env = lexic->script_infos;
548  nmap->oid = lexic->oid;
549 
550  /* import results from external file? */
552  if (!pref || !strlen (pref))
553  {
554  /* no: build command line to execute */
555  if (build_cmd_line (nmap) < 0)
556  {
557  nmap_destroy (nmap);
558  return NULL;
559  }
560 
561  /* Display command line to use */
562  g_debug ("Nmap initialized: ");
563  dbg_display_cmdline (nmap);
564  }
565  else
566  {
567  /* yes: store filename */
568  nmap->filename = get_plugin_preference_fname (nmap->env, pref);
569  g_debug ("Reading nmap results from file: %s\n", nmap->filename);
570  }
571 
572  setup_xml_parser (nmap);
573  return nmap;
574 }
575 
581 void
583 {
584  if (!nmap)
585  return;
586 
587  if (nmap->args)
588  {
589  int i;
590 
591  for (i = 0; i < nmap->arg_idx; i++)
592  g_free (nmap->args[i]);
593 
594  g_free (nmap->args);
595  }
596 
597  if (nmap->parser.opentag)
598  g_hash_table_destroy (nmap->parser.opentag);
599 
600  if (nmap->parser.closetag)
601  g_hash_table_destroy (nmap->parser.closetag);
602 
603  g_free (nmap);
604 }
605 
613 int
615 {
616  int i;
617  /* this list handles basic options (simple flag or name/value) */
618  nmap_opt_t options[] = {
619  /* --- Host discovery --- */
620  {PREF_TREAT_ALL_HOST_ONLINE, "-Pn", FALSE},
621  {PREF_TRACEROUTE, "--traceroute", FALSE},
622  {PREF_NO_DNS, "-n", FALSE},
623 
624  /* --- Scan techniques --- */
625  {PREF_SERVICE_SCAN, "-sV", FALSE},
626  {PREF_RPC_PORT_SCAN, "-sR", FALSE},
627 
628  /* --- OS Detection --- */
629  {PREF_IDENTIFY_REMOTE_OS, "-O", FALSE},
630  {PREF_AGGRESSIVE_OS_DETECT, "--osscan-guess", FALSE},
631 
632  /* --- Firewall/IDS evasion --- */
633  {PREF_FRAGMENT_IP, "-f", FALSE},
634  {PREF_SOURCE_PORT, "-g", TRUE},
635 
636  /* --- Timing and performances --- */
637  {PREF_HOST_TIMEOUT, "--host-timeout", TRUE},
638  {PREF_MIN_RTT_TIMEOUT, "--min-rtt-timeout", TRUE},
639  {PREF_MAX_RTT_TIMEOUT, "--max-rtt-timeout", TRUE},
640  {PREF_INITIAL_RTT_TIMEOUT, "--initial-rtt-timeout", TRUE},
641  {PREF_MIN_PARALLELISM, "--min-parallelism", TRUE},
642  {PREF_MAX_PARALLELISM, "--max-parallelism", TRUE},
643  {PREF_MIN_HOSTGROUP, "--min-hostgroup", TRUE},
644  {PREF_MAX_HOSTGROUP, "--max-hostgroup", TRUE},
645  {PREF_INTERPROBE_DELAY, "--delay", TRUE},
646 
647  /* --- Targets specification --- */
648  {PREF_EXCLUDE_HOSTS, "--exclude", TRUE},
649 
650  {NULL, NULL, FALSE}};
651 
652  /* Nmap invocation */
653  add_arg (nmap, NMAP_CMD, NULL);
654 
655  /* Enable XML output on stdout */
656  add_arg (nmap, "-oX", "-");
657 
658  for (i = 0; options[i].optname; i++)
659  {
660  gchar *optval;
661 
662  optval = get_plugin_preference (nmap->oid, options[i].optname);
663  if (!optval)
664  continue;
665 
666  if (options[i].argument_required)
667  {
668  if (strlen (optval) > 0)
669  if (add_arg (nmap, options[i].flag, optval) < 0)
670  return -1;
671  }
672  else
673  {
674  if (g_strcmp0 (optval, OPT_SET) == 0)
675  if (add_arg (nmap, options[i].flag, NULL) < 0)
676  return -1;
677  }
678  }
679 
680  if (add_portrange (nmap) < 0)
681  return -1;
682 
683  /* Always enable UDP port scan, so that the port list controls this. */
684  if (add_arg (nmap, "-sU", NULL) < 0)
685  return -1;
686 
687  /* Scan technique */
688  if (add_scantype_arguments (nmap) < 0)
689  return -1;
690 
691  /* Timing policy */
692  if (add_timing_arguments (nmap) < 0)
693  return -1;
694 
695  /* Script scan */
696  if (add_nse_arguments (nmap) < 0)
697  return -1;
698 
699  if (add_target (nmap) < 0)
700  return -1;
701 
702  return 1;
703 }
704 
714 int
715 add_arg (nmap_t *nmap, const gchar *name, const gchar *value)
716 {
717  if (!name)
718  return -1;
719 
720  if (!nmap->args)
721  {
722  /* Initial call, instantiate the NULL terminated list of arguments */
723  nmap->args = g_malloc (sizeof (*nmap->args));
724  nmap->arg_idx = 0;
725  }
726 
727  if (!value)
728  {
729  /* simple flag (no value) */
730  nmap->args =
731  g_realloc (nmap->args, (nmap->arg_idx + 2) * sizeof (gchar *));
732  nmap->args[nmap->arg_idx++] = g_strdup (name);
733  }
734  else
735  {
736  /* name->value argument */
737  nmap->args =
738  g_realloc (nmap->args, (nmap->arg_idx + 3) * sizeof (gchar *));
739  nmap->args[nmap->arg_idx++] = g_strdup (name);
740  nmap->args[nmap->arg_idx++] = g_strdup (value);
741  }
742 
743  /* NULL-terminate the list */
744  nmap->args[nmap->arg_idx] = NULL;
745 
746  return 1;
747 }
748 
757 int
759 {
760  gchar *pscript, *pargs;
761 
762  pscript = get_script_list (nmap);
763  pargs = get_script_args (nmap);
764  if (strlen (pscript))
765  {
766  /* Add script flags if user requested some NSE */
767  add_arg (nmap, "--script", pscript);
768 
769  if (strlen (pargs))
770  add_arg (nmap, "--script-args", pargs);
771  }
772  g_free (pscript);
773  g_free (pargs);
774 
775  return 1;
776 }
777 
786 gchar *
788 {
789  kb_t kb = plug_get_kb (nmap->env);
790  struct kb_item *top, *res;
791  gchar **scriptv, *scriptstr;
792  int i = 0;
793 
794  scriptv = NULL;
795 
796  /* Read list of scripts from the KB */
797  top = res = kb_item_get_all (kb, "NmapNSE/scripts");
798  while (res)
799  {
800  scriptv = (gchar **) g_realloc (scriptv, (i + 1) * sizeof (gchar *));
801  scriptv[i++] = g_strdup (res->v_str);
802  res = res->next;
803  }
804 
805  scriptv = (gchar **) g_realloc (scriptv, (i + 1) * sizeof (gchar *));
806  scriptv[i] = NULL;
807 
808  kb_item_free (top);
809 
810  scriptstr = g_strjoinv (",", scriptv);
811 
812  for (i = 0; scriptv[i]; i++)
813  g_free (scriptv[i]);
814 
815  g_free (scriptv);
816 
817  return scriptstr;
818 }
819 
828 gchar *
830 {
831  kb_t kb = plug_get_kb (nmap->env);
832  struct kb_item *top, *res;
833  gchar **argv, *argstr;
834  int i = 0;
835 
836  argv = NULL;
837 
838  top = res = kb_item_get_all (kb, "NmapNSE/arguments");
839  while (res)
840  {
841  argv = (gchar **) g_realloc (argv, (i + 1) * sizeof (gchar *));
842  argv[i++] = g_strdup (res->v_str);
843  res = res->next;
844  }
845 
846  argv = (gchar **) g_realloc (argv, (i + 1) * sizeof (gchar *));
847  argv[i] = NULL;
848 
849  kb_item_free (top);
850 
851  argstr = g_strjoinv (",", argv);
852 
853  for (i = 0; argv[i]; i++)
854  g_free (argv[i]);
855  g_free (argv);
856 
857  return argstr;
858 }
859 
867 int
869 {
870  int i;
871  gchar *scantype;
872  nmap_opt_t flagmap[] = {
873  {"connect()", "-sT", FALSE}, {"SYN", "-sS", FALSE},
874  {"ACK", "-sA", FALSE}, {"FIN", "-sF", FALSE},
875  {"Window", "-sW", FALSE}, {"Maimon", "-sM", FALSE},
876  {"Xmas tree", "-sX", FALSE}, {"Null", "-sN", FALSE},
877  {"SCTP Init", "-sY", FALSE}, {"SCTP COOKIE_ECHO", "-sZ", FALSE},
878  {NULL, NULL, FALSE}};
879 
881  if (!scantype)
882  return -1;
883 
884  for (i = 0; flagmap[i].optname; i++)
885  if (g_strcmp0 (scantype, flagmap[i].optname) == 0)
886  return add_arg (nmap, flagmap[i].flag, NULL);
887 
888  return -1;
889 }
890 
898 int
900 {
901  int i;
902  gchar *timing;
903  nmap_opt_t flagmap[] = {
904  {"Paranoid", "-T0", FALSE}, {"Sneaky", "-T1", FALSE},
905  {"Polite", "-T2", FALSE}, {"Normal", "-T3", FALSE},
906  {"Aggressive", "-T4", FALSE}, {"Insane", "-T5", FALSE},
907  {NULL, NULL, FALSE}};
908 
909  timing = get_plugin_preference (nmap->oid, PREF_TIMING_POLICY);
910  if (!timing)
911  return -1;
912 
913  for (i = 0; flagmap[i].optname; i++)
914  if (g_strcmp0 (timing, flagmap[i].optname) == 0)
915  return add_arg (nmap, flagmap[i].flag, NULL);
916 
917  return -1;
918 }
919 
927 int
929 {
930  const char *portrange = prefs_get ("port_range");
931 
932  if (!portrange)
933  {
934  g_debug ("Invalid environment: unavailable \"port_range\"\n");
935  return -1;
936  }
937 
938  return add_arg (nmap, "-p", portrange);
939 }
940 
946 void
948 {
949  /* reset internal states */
950  nmap->parser.in_host = FALSE;
951  nmap->parser.in_ports = FALSE;
952  nmap->parser.in_port = FALSE;
953  nmap->parser.in_hostscript = FALSE;
954  nmap->parser.enable_read = FALSE;
955 
956  nmap->parser.opentag = g_hash_table_new (g_str_hash, g_str_equal);
957  nmap->parser.closetag = g_hash_table_new (g_str_hash, g_str_equal);
958 
961 }
962 
968 void
969 set_opentag_callbacks (GHashTable *open)
970 {
971  const struct
972  {
973  const gchar *tag;
974  void (*func) (nmap_t *, const gchar **, const gchar **);
975  } callbacks[] = {{"hop", xmltag_open_hop},
976  {"osmatch", xmltag_open_osmatch},
977  {"port", xmltag_open_port},
978  {"service", xmltag_open_service},
979  {"cpe", xmltag_open_cpe},
980  {"state", xmltag_open_state},
981  {"status", xmltag_open_status},
982  {"host", xmltag_open_host},
983  {"address", xmltag_open_address},
984  {"script", xmltag_open_script},
985  {"ports", xmltag_open_ports},
986  {"distance", xmltag_open_distance},
987  {"hostscript", xmltag_open_hostscript},
988  {"tcpsequence", xmltag_open_tcpsequence},
989  {"ipidsequence", xmltag_open_ipidsequence},
990  {NULL, NULL}};
991  int i;
992 
993  for (i = 0; callbacks[i].tag; i++)
994  g_hash_table_insert (open, (void *) callbacks[i].tag, callbacks[i].func);
995 }
996 
1002 void
1003 set_closetag_callbacks (GHashTable *close)
1004 {
1005  const struct
1006  {
1007  const gchar *tag;
1008  void (*func) (nmap_t *);
1009  } callbacks[] = {{"host", xmltag_close_host},
1010  {"ports", xmltag_close_ports},
1011  {"port", xmltag_close_port},
1012  {"cpe", xmltag_close_cpe},
1013  {"hostscript", xmltag_close_hostscript},
1014  {NULL, NULL}};
1015  int i;
1016 
1017  for (i = 0; callbacks[i].tag; i++)
1018  g_hash_table_insert (close, (void *) callbacks[i].tag, callbacks[i].func);
1019 }
1020 
1028 int
1030 {
1031  struct scan_globals *globals;
1032  gchar *network;
1033 
1034  globals = nmap->env->globals;
1035  if (!globals)
1036  {
1037  g_debug ("Invalid environment: unavailable \"globals\"\n");
1038  return -1;
1039  }
1040 
1041  network = globals->network_targets;
1042  if (!network)
1043  {
1044  g_debug ("Invalid environment: unavailable \"network_targets\"\n");
1045  return -1;
1046  }
1047 
1048  return add_arg (nmap, network, NULL);
1049 }
1050 
1056 void
1058 {
1059  int i;
1060 
1061  for (i = 0; nmap->args[i]; i++)
1062  g_debug ("%s ", nmap->args[i]);
1063 
1064  if (i == 0)
1065  {
1066  g_debug ("<empty>");
1067  }
1068 }
1069 
1073 void
1075 {
1076  if (pid > 0)
1077  kill (pid, SIGKILL);
1078 }
1079 
1083 void
1085 {
1086  if (pid > 0)
1087  waitpid (pid, NULL, WNOHANG);
1088 }
1089 
1098 int
1100 {
1101  FILE *fproc;
1102  int fd = 0;
1103  size_t len;
1104  int ret = 1; /* success */
1105  gchar chunk[CHUNK_LEN];
1106  void (*old_sig_t) () = NULL;
1107  void (*old_sig_i) () = NULL;
1108  void (*old_sig_c) () = NULL;
1109  GMarkupParseContext *ctx;
1110  const GMarkupParser callbacks = {
1111  xml_start_element, xml_end_element, xml_read_text, NULL, /* passthrough */
1112  NULL /* error */
1113  };
1114 
1115  if (nmap->filename)
1116  {
1117  /* read results from external file */
1118  fproc = fopen (nmap->filename, "r");
1119  }
1120  else
1121  {
1122  /* Update signal handlers. */
1123  old_sig_t = signal (SIGTERM, sig_h);
1124  old_sig_i = signal (SIGINT, sig_h);
1125  old_sig_c = signal (SIGCHLD, sig_c);
1126 
1127  /* execute nmap and read results from the process output */
1128  if (g_spawn_async_with_pipes (NULL, nmap->args, NULL, G_SPAWN_SEARCH_PATH,
1129  NULL, NULL, &pid, NULL, &fd, NULL, NULL)
1130  == FALSE)
1131  return -1;
1132  fproc = fdopen (fd, "r");
1133  }
1134 
1135  if (!fproc)
1136  {
1137  perror ("nmap_run_and_parse()");
1138  return -1;
1139  }
1140 
1141  ctx = g_markup_parse_context_new (&callbacks, 0, nmap, NULL);
1142 
1143  while ((len = fread (chunk, sizeof (gchar), CHUNK_LEN, fproc)) > 0)
1144  {
1145  GError *err = NULL;
1146 
1147  if (!g_markup_parse_context_parse (ctx, chunk, len, &err))
1148  {
1149  if (err)
1150  {
1151  g_debug ("g_markup_parse_context_parse() failed (%s)\n",
1152  err->message);
1153  g_error_free (err);
1154 
1155  /* display the problematic chunk */
1156  chunk[len] = '\0';
1157  g_debug ("Error occurred while parsing: %s\n", chunk);
1158 
1159  ret = -1;
1160  }
1161  break;
1162  }
1163  }
1164 
1165  if (nmap->filename && ferror (fproc))
1166  {
1167  perror ("nmap_run_and_parse()");
1168  ret = -1;
1169  }
1170 
1171  if (nmap->filename)
1172  {
1173  fclose (fproc);
1174  }
1175  else
1176  {
1177  fclose (fproc);
1178  g_spawn_close_pid (pid);
1179  signal (SIGINT, old_sig_i);
1180  signal (SIGTERM, old_sig_t);
1181  signal (SIGCHLD, old_sig_c);
1182  }
1183 
1184  g_markup_parse_context_free (ctx);
1185 
1186  return ret;
1187 }
1188 
1189 #define list_free(list, dtor, udata) \
1190  do \
1191  { \
1192  if (list) \
1193  { \
1194  g_slist_foreach (list, (GFunc) dtor, udata); \
1195  g_slist_free (list); \
1196  list = NULL; \
1197  } \
1198  } \
1199  while (0)
1200 
1206 void
1208 {
1209  int i;
1210 
1211  g_free (nmap->tmphost.addr);
1212  g_free (nmap->tmphost.state);
1213  g_free (nmap->tmphost.best_os);
1214  g_free (nmap->tmphost.tcpseq_index);
1215  g_free (nmap->tmphost.tcpseq_difficulty);
1216  g_free (nmap->tmphost.ipidseq);
1217 
1218  for (i = 0; i < MAX_TRACE_HOPS; i++)
1219  {
1220  g_free (nmap->tmphost.trace[i].addr);
1221  g_free (nmap->tmphost.trace[i].rtt);
1222  g_free (nmap->tmphost.trace[i].host);
1223  }
1224 
1225  list_free (nmap->tmphost.ports, port_destroy, nmap);
1228 
1229  memset (&nmap->tmphost, 0x00, sizeof (struct nmap_host));
1230 }
1231 
1240 void
1241 port_destroy (gpointer data, gpointer udata)
1242 {
1243  struct nmap_port *port;
1244  nmap_t *nmap;
1245 
1246  port = (struct nmap_port *) data;
1247  nmap = (nmap_t *) udata;
1248 
1249  if (port)
1250  {
1251  g_free (port->proto);
1252  g_free (port->portno);
1253  g_free (port->state);
1254  g_free (port->service);
1255  g_free (port->version);
1256 
1257  list_free (port->port_scripts, nse_script_destroy, nmap);
1259  g_free (port);
1260  }
1261 }
1262 
1271 void
1272 nse_script_destroy (gpointer data, gpointer udata)
1273 {
1274  struct nse_script *script;
1275 
1276  (void) udata;
1277  script = (struct nse_script *) data;
1278  if (script)
1279  {
1280  g_free (script->name);
1281  g_free (script->output);
1282  g_free (script);
1283  }
1284 }
1285 
1295 void
1296 simple_item_destroy (gpointer data, gpointer udata)
1297 {
1298  (void) udata;
1299  g_free (data);
1300 }
1301 
1307 void
1309 {
1310  struct nmap_port *newport;
1311 
1312  newport = g_malloc0 (sizeof (struct nmap_port));
1313  memcpy (newport, &nmap->tmpport, sizeof (struct nmap_port));
1314  nmap->tmphost.ports = g_slist_prepend (nmap->tmphost.ports, newport);
1315 }
1316 
1324 void
1325 tmphost_add_nse_hostscript (nmap_t *nmap, gchar *name, gchar *output)
1326 {
1327  struct nse_script *s;
1328 
1329  s = g_malloc0 (sizeof (struct nse_script));
1330  s->name = name;
1331  s->output = output;
1332  nmap->tmphost.host_scripts = g_slist_prepend (nmap->tmphost.host_scripts, s);
1333 }
1334 
1342 void
1344 {
1345  struct nse_script *s;
1346 
1347  s = g_malloc0 (sizeof (struct nse_script));
1348  s->name = name;
1349  s->output = output;
1350  nmap->tmpport.port_scripts = g_slist_prepend (nmap->tmpport.port_scripts, s);
1351 }
1352 
1364 void
1365 xml_start_element (GMarkupParseContext *context, const gchar *element_name,
1366  const gchar **attribute_names,
1367  const gchar **attribute_values, gpointer user_data,
1368  GError **error)
1369 {
1370  nmap_t *nmap = (nmap_t *) user_data;
1371  void (*callback) (nmap_t *, const gchar **, const gchar **);
1372  (void) context;
1373  (void) error;
1374 
1375  callback = g_hash_table_lookup (nmap->parser.opentag, element_name);
1376  if (callback)
1377  callback (nmap, attribute_names, attribute_values);
1378 }
1379 
1389 void
1390 xml_end_element (GMarkupParseContext *context, const gchar *element_name,
1391  gpointer user_data, GError **error)
1392 {
1393  nmap_t *nmap = (nmap_t *) user_data;
1394  void (*callback) (nmap_t *);
1395 
1396  (void) context;
1397  (void) error;
1398  callback = g_hash_table_lookup (nmap->parser.closetag, element_name);
1399  if (callback)
1400  callback (nmap);
1401 }
1402 
1413 void
1414 xml_read_text (GMarkupParseContext *context, const gchar *text, gsize text_len,
1415  gpointer user_data, GError **error)
1416 {
1417  nmap_t *nmap = (nmap_t *) user_data;
1418 
1419  (void) context;
1420  (void) error;
1421  (void) text_len;
1422  if (!nmap->parser.enable_read)
1423  return;
1424 
1425  if (nmap->parser.rbuff)
1426  {
1427  gchar *tmpbuff;
1428 
1429  tmpbuff = g_strdup_printf ("%s%s", nmap->parser.rbuff, text);
1430  g_free (nmap->parser.rbuff);
1431  nmap->parser.rbuff = tmpbuff;
1432  }
1433  else
1434  {
1435  nmap->parser.rbuff = g_strdup (text);
1436  }
1437 }
1438 
1446 void
1447 xmltag_open_host (nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
1448 {
1449  (void) attrnames;
1450  (void) attrval;
1451  nmap->parser.in_host = TRUE;
1452 }
1453 
1461 void
1462 xmltag_open_status (nmap_t *nmap, const gchar **attrnames,
1463  const gchar **attrval)
1464 {
1465  if (!nmap->parser.in_host)
1466  g_debug ("Error: opening <status> tag out of host description\n");
1467  else
1468  nmap->tmphost.state = get_attr_value ("state", attrnames, attrval);
1469 }
1470 
1478 void
1479 xmltag_open_address (nmap_t *nmap, const gchar **attrnames,
1480  const gchar **attrval)
1481 {
1482  if (!nmap->parser.in_host)
1483  g_debug ("Error: opening <address> tag out of host description\n");
1484  else
1485  nmap->tmphost.addr = get_attr_value ("addr", attrnames, attrval);
1486 }
1487 
1495 void
1496 xmltag_open_ports (nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
1497 {
1498  (void) attrnames;
1499  (void) attrval;
1500  nmap->parser.in_ports = TRUE;
1501 }
1502 
1510 void
1511 xmltag_open_port (nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
1512 {
1513  nmap->parser.in_port = TRUE;
1514  nmap->tmpport.proto = get_attr_value ("protocol", attrnames, attrval);
1515  nmap->tmpport.portno = get_attr_value ("portid", attrnames, attrval);
1516 }
1517 
1525 void
1526 xmltag_open_state (nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
1527 {
1528  if (!nmap->parser.in_port || !nmap->tmpport.proto || !nmap->tmpport.portno)
1529  g_debug ("Error: opening <state> tag out of port description\n");
1530  else
1531  nmap->tmpport.state = get_attr_value ("state", attrnames, attrval);
1532 }
1533 
1541 void
1542 xmltag_open_service (nmap_t *nmap, const gchar **attrnames,
1543  const gchar **attrval)
1544 {
1545  if (!nmap->parser.in_port || !nmap->tmpport.proto || !nmap->tmpport.portno)
1546  g_debug ("Error: opening <service> tag out of port description\n");
1547  else
1548  {
1549  gchar *product, *version, *extrainfo;
1550 
1551  nmap->tmpport.service = get_attr_value ("name", attrnames, attrval);
1552 
1553  /* also store version detection results if available */
1554  product = get_attr_value ("product", attrnames, attrval);
1555  version = get_attr_value ("version", attrnames, attrval);
1556  extrainfo = get_attr_value ("extrainfo", attrnames, attrval);
1557 
1558  if (product || version || extrainfo)
1559 #define PRINT_NOT_NULL(x) ((x) ? (x) : "")
1560  nmap->tmpport.version = g_strdup_printf (
1561  "%s %s %s", PRINT_NOT_NULL (product), PRINT_NOT_NULL (version),
1562  PRINT_NOT_NULL (extrainfo));
1563 #undef PRINT_NOT_NULL
1564 
1565  /* g_free'ing NULLs is harmless */
1566  g_free (product);
1567  g_free (version);
1568  g_free (extrainfo);
1569  }
1570 }
1571 
1579 void
1580 xmltag_open_cpe (nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
1581 {
1582  (void) attrnames;
1583  (void) attrval;
1584  /* Safety check */
1585  if (nmap->parser.rbuff)
1586  {
1587  g_free (nmap->parser.rbuff);
1588  nmap->parser.rbuff = NULL;
1589  }
1590  nmap->parser.enable_read = TRUE;
1591 }
1592 
1600 void
1601 xmltag_open_hostscript (nmap_t *nmap, const gchar **attrnames,
1602  const gchar **attrval)
1603 {
1604  (void) attrnames;
1605  (void) attrval;
1606  nmap->parser.in_hostscript = TRUE;
1607 }
1608 
1616 void
1617 xmltag_open_osmatch (nmap_t *nmap, const gchar **attrnames,
1618  const gchar **attrval)
1619 {
1620  gchar *confstr;
1621 
1622  confstr = get_attr_value ("accuracy", attrnames, attrval);
1623  if (confstr)
1624  {
1625  int confidence;
1626 
1627  confidence = atoi (confstr);
1628  if (confidence > nmap->tmphost.os_confidence)
1629  {
1630  g_free (nmap->tmphost.best_os);
1631  nmap->tmphost.best_os = get_attr_value ("name", attrnames, attrval);
1632  nmap->tmphost.os_confidence = confidence;
1633  }
1634 
1635  g_free (confstr);
1636  }
1637 }
1638 
1646 void
1647 xmltag_open_script (nmap_t *nmap, const gchar **attrnames,
1648  const gchar **attrval)
1649 {
1650  gchar *name, *output;
1651 
1652  if (!nmap->parser.in_host)
1653  return;
1654 
1655  name = get_attr_value ("id", attrnames, attrval);
1656  output = get_attr_value ("output", attrnames, attrval);
1657 
1658  if (nmap->parser.in_port)
1660  else
1662 }
1663 
1671 void
1672 xmltag_open_tcpsequence (nmap_t *nmap, const gchar **attrnames,
1673  const gchar **attrval)
1674 {
1675  if (!nmap->parser.in_host)
1676  return;
1677 
1678  nmap->tmphost.tcpseq_index = get_attr_value ("index", attrnames, attrval);
1679  nmap->tmphost.tcpseq_difficulty =
1680  get_attr_value ("difficulty", attrnames, attrval);
1681 }
1682 
1690 void
1691 xmltag_open_ipidsequence (nmap_t *nmap, const gchar **attrnames,
1692  const gchar **attrval)
1693 {
1694  if (!nmap->parser.in_host)
1695  return;
1696 
1697  nmap->tmphost.ipidseq = get_attr_value ("class", attrnames, attrval);
1698 }
1699 
1707 void
1708 xmltag_open_distance (nmap_t *nmap, const gchar **attrnames,
1709  const gchar **attrval)
1710 {
1711  gchar *diststr;
1712 
1713  if (!nmap->parser.in_host)
1714  return;
1715 
1716  diststr = get_attr_value ("value", attrnames, attrval);
1717  if (diststr)
1718  {
1719  nmap->tmphost.distance = atoi (diststr);
1720  g_free (diststr);
1721  }
1722 }
1723 
1731 void
1732 xmltag_open_hop (nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
1733 {
1734  int ttl;
1735  gchar *ttl_str;
1736 
1737  if (!nmap->parser.in_host)
1738  return;
1739 
1740  ttl_str = get_attr_value ("ttl", attrnames, attrval);
1741  ttl = atoi (ttl_str) - 1; /* decrease ttl by one to use it as index */
1742  g_free (ttl_str);
1743 
1744  if (ttl < MAX_TRACE_HOPS)
1745  {
1746  if (!nmap->tmphost.trace[ttl].addr && !nmap->tmphost.trace[ttl].host
1747  && !nmap->tmphost.trace[ttl].rtt)
1748  {
1749  nmap->tmphost.trace[ttl].addr =
1750  get_attr_value ("ipaddr", attrnames, attrval);
1751  nmap->tmphost.trace[ttl].host =
1752  get_attr_value ("host", attrnames, attrval);
1753  nmap->tmphost.trace[ttl].rtt =
1754  get_attr_value ("rtt", attrnames, attrval);
1755  }
1756  else
1757  g_debug ("Inconsistent results: duplicate traceroute information!");
1758  }
1759  else
1760  g_debug ("Trace TTL out of bounds: %d (max=%d)", ttl, MAX_TRACE_HOPS);
1761 }
1762 
1768 void
1770 {
1771  nmap->parser.in_host = FALSE;
1772  current_host_saveall (nmap);
1773  current_host_reset (nmap);
1774 }
1775 
1781 void
1783 {
1784  nmap->parser.in_ports = FALSE;
1785 }
1786 
1792 void
1794 {
1795  nmap->parser.in_port = FALSE;
1796  tmphost_add_port (nmap);
1797  memset (&nmap->tmpport, 0x00, sizeof (struct nmap_port));
1798 }
1799 
1805 void
1807 {
1808  if (nmap->parser.rbuff)
1809  {
1810  if (nmap->parser.in_port)
1811  nmap->tmpport.version_cpes =
1812  g_slist_prepend (nmap->tmpport.version_cpes, nmap->parser.rbuff);
1813  else
1814  nmap->tmphost.os_cpes =
1815  g_slist_prepend (nmap->tmphost.os_cpes, nmap->parser.rbuff);
1816  }
1817 
1818  /* Don't free rbuff here, as we need it in the CPE list. */
1819  nmap->parser.rbuff = NULL;
1820  nmap->parser.enable_read = FALSE;
1821 }
1822 
1828 void
1830 {
1831  nmap->parser.in_hostscript = FALSE;
1832 }
1833 
1844 gchar *
1845 get_attr_value (const gchar *name, const gchar **attribute_names,
1846  const gchar **attribute_values)
1847 {
1848  int i;
1849 
1850  for (i = 0; attribute_names[i]; i++)
1851  if (g_strcmp0 (attribute_names[i], name) == 0)
1852  return g_strdup (attribute_values[i]);
1853  return NULL;
1854 }
1855 
1861 void
1863 {
1864  /* Host state: dead or alive */
1865  save_host_state (nmap);
1866 
1867  /* Open ports and services (all protocols included) */
1868  save_open_ports (nmap);
1869 
1870  /* OS fingerprinting results */
1871  save_detected_os (nmap);
1872 
1873  /* TCP/IP sensitive fields details */
1874  save_tcpseq_details (nmap);
1875  save_ipidseq_details (nmap);
1876 
1877  /* Traceroute */
1878  save_traceroute_details (nmap);
1879 
1880  /* NSE results */
1881  save_hostscripts (nmap);
1882  save_portscripts (nmap);
1883 }
1884 
1890 void
1892 {
1893  gchar key[32];
1894 
1895  if (!nmap->tmphost.state)
1896  return;
1897 
1898  g_snprintf (key, sizeof (key), "%s/Host/State", nmap->tmphost.addr);
1899  plug_set_key (nmap->env, key, ARG_STRING, nmap->tmphost.state);
1900 }
1901 
1908 void
1910 {
1911  GSList *pport;
1912 
1913  for (pport = nmap->tmphost.ports; pport; pport = g_slist_next (pport))
1914  {
1915  struct nmap_port *p;
1916 
1917  p = (struct nmap_port *) pport->data;
1918  if (strncmp (p->state, "open", 4) == 0)
1919  {
1920  gchar key[64];
1921 
1922  g_snprintf (key, sizeof (key), "%s/Ports/%s/%s", nmap->tmphost.addr,
1923  p->proto, p->portno);
1924  plug_set_key (nmap->env, key, ARG_INT, (void *) 1);
1925 
1926  /* Register detected service */
1927  register_service (nmap, p);
1928  }
1929  }
1930 }
1931 
1939 void
1941 {
1942  gchar key[64];
1943 
1944  if (!p->portno || !p->proto || !p->service)
1945  return;
1946 
1947  /* TCP services aren't stored with the same syntax than the other layer 4
1948  * protocols. */
1949  if (g_strcmp0 (p->proto, "tcp") == 0)
1950  g_snprintf (key, sizeof (key), "%s/Services/%s", nmap->tmphost.addr,
1951  p->service);
1952  else
1953  g_snprintf (key, sizeof (key), "%s/Services/%s/%s", nmap->tmphost.addr,
1954  p->proto, p->service);
1955  plug_set_key (nmap->env, key, ARG_INT, GINT_TO_POINTER (atoi (p->portno)));
1956 
1957  /* The service detection system requires discovered services to be
1958  * registered under the "Known" label too */
1959  g_snprintf (key, sizeof (key), "%s/Known/%s/%s", nmap->tmphost.addr, p->proto,
1960  p->portno);
1961  plug_set_key (nmap->env, key, ARG_STRING, p->service);
1962 
1963  if (p->version)
1964  {
1965  /* Store version detection results if available */
1966  g_snprintf (key, sizeof (key), "%s/Version/%s/%s", nmap->tmphost.addr,
1967  p->proto, p->portno);
1968  plug_set_key (nmap->env, key, ARG_STRING, p->version);
1969  }
1970 
1971  if (p->version_cpes)
1972  {
1973  GSList *pcpe;
1974 
1975  g_snprintf (key, sizeof (key), "%s/App/%s/%s", nmap->tmphost.addr,
1976  p->proto, p->portno);
1977 
1978  for (pcpe = p->version_cpes; pcpe; pcpe = g_slist_next (pcpe))
1979  plug_set_key (nmap->env, key, ARG_STRING, (gchar *) pcpe->data);
1980  }
1981 }
1982 
1989 void
1991 {
1992  gchar key[32];
1993 
1994  if (nmap->tmphost.best_os)
1995  {
1996  g_snprintf (key, sizeof (key), "%s/Host/OS", nmap->tmphost.addr);
1997  plug_set_key (nmap->env, key, ARG_STRING, nmap->tmphost.best_os);
1998  }
1999 
2000  if (nmap->tmphost.os_cpes)
2001  {
2002  GSList *pcpe;
2003 
2004  /* Use a different key to ensure that Host/OS remains unique. */
2005  g_snprintf (key, sizeof (key), "%s/Host/CPE", nmap->tmphost.addr);
2006 
2007  for (pcpe = nmap->tmphost.os_cpes; pcpe; pcpe = g_slist_next (pcpe))
2008  plug_set_key (nmap->env, key, ARG_STRING, (gchar *) pcpe->data);
2009  }
2010 }
2011 
2018 void
2020 {
2021  gchar key[64];
2022 
2023  if (!nmap->tmphost.tcpseq_index || !nmap->tmphost.tcpseq_difficulty)
2024  return;
2025 
2026  g_snprintf (key, sizeof (key), "%s/Host/tcp_seq_index", nmap->tmphost.addr);
2027  plug_set_key (nmap->env, key, ARG_STRING, nmap->tmphost.tcpseq_index);
2028 
2029  g_snprintf (key, sizeof (key), "%s/Host/tcp_seq_difficulty",
2030  nmap->tmphost.addr);
2031  plug_set_key (nmap->env, key, ARG_STRING, nmap->tmphost.tcpseq_difficulty);
2032 }
2033 
2039 void
2041 {
2042  gchar key[32];
2043 
2044  if (!nmap->tmphost.ipidseq)
2045  return;
2046 
2047  g_snprintf (key, sizeof (key), "%s/Host/ipidseq", nmap->tmphost.addr);
2048  plug_set_key (nmap->env, key, ARG_STRING, nmap->tmphost.ipidseq);
2049 }
2050 
2057 void
2059 {
2060  int i;
2061  gchar key[64];
2062 
2063  if (!nmap->tmphost.distance || nmap->tmphost.distance >= MAX_TRACE_HOPS)
2064  return;
2065 
2066  g_snprintf (key, sizeof (key), "%s/Host/distance", nmap->tmphost.addr);
2067  plug_set_key (nmap->env, key, ARG_INT,
2068  GINT_TO_POINTER (nmap->tmphost.distance));
2069 
2070  for (i = 0; i < nmap->tmphost.distance; i++)
2071  {
2072  g_snprintf (key, sizeof (key), "%s/Host/traceroute/hops/%d",
2073  nmap->tmphost.addr, i + 1);
2074  plug_set_key (nmap->env, key, ARG_STRING, nmap->tmphost.trace[i].addr);
2075 
2076  g_snprintf (key, sizeof (key), "%s/Host/traceroute/hops/%d/rtt",
2077  nmap->tmphost.addr, i + 1);
2078  plug_set_key (nmap->env, key, ARG_STRING, nmap->tmphost.trace[i].rtt);
2079 
2080  g_snprintf (key, sizeof (key), "%s/Host/traceroute/hops/%d/host",
2081  nmap->tmphost.addr, i + 1);
2082  plug_set_key (nmap->env, key, ARG_STRING, nmap->tmphost.trace[i].host);
2083  }
2084 }
2085 
2091 void
2093 {
2094  GSList *pport;
2095 
2096  for (pport = nmap->tmphost.ports; pport; pport = g_slist_next (pport))
2097  {
2098  GSList *pscript;
2099  struct nmap_port *port;
2100 
2101  port = (struct nmap_port *) pport->data;
2102 
2103  for (pscript = port->port_scripts; pscript;
2104  pscript = g_slist_next (pscript))
2105  {
2106  struct nse_script *script;
2107  gchar key[128], portspec[16];
2108 
2109  script = (struct nse_script *) pscript->data;
2110 
2111  g_snprintf (key, sizeof (key), "%s/NmapNSE/results/%s",
2112  nmap->tmphost.addr, script->name);
2113 
2114  g_snprintf (portspec, sizeof (portspec), "%s/%s", port->proto,
2115  port->portno);
2116  plug_set_key (nmap->env, key, ARG_STRING, portspec);
2117 
2118  g_strlcat (key, "/", sizeof (key));
2119  g_strlcat (key, portspec, sizeof (key));
2120  plug_set_key (nmap->env, key, ARG_STRING, script->output);
2121  }
2122  }
2123 }
2124 
2130 void
2132 {
2133  GSList *pscript;
2134 
2135  for (pscript = nmap->tmphost.host_scripts; pscript;
2136  pscript = g_slist_next (pscript))
2137  {
2138  struct nse_script *script;
2139  gchar key[128];
2140 
2141  script = (struct nse_script *) pscript->data;
2142  g_snprintf (key, sizeof (key), "%s/NmapNSE/results/hostscripts/%s",
2143  nmap->tmphost.addr, script->name);
2144  plug_set_key (nmap->env, key, ARG_STRING, script->output);
2145  }
2146 }
nmap_parser::in_hostscript
gboolean in_hostscript
Definition: nasl_builtin_nmap.c:285
save_detected_os
static void save_detected_os(nmap_t *nmap)
Save information about detected operating system into the knowledge base.
Definition: nasl_builtin_nmap.c:1990
nmap_host::tcpseq_index
gchar * tcpseq_index
Definition: nasl_builtin_nmap.c:262
nmap_t::args
gchar ** args
Definition: nasl_builtin_nmap.c:296
PREF_MAX_RTT_TIMEOUT
#define PREF_MAX_RTT_TIMEOUT
Plugin parameter description: probe round trip time hint (maximal value).
Definition: nasl_builtin_nmap.c:156
PREF_EXCLUDE_HOSTS
#define PREF_EXCLUDE_HOSTS
Plugin parameter description: comma-separated list of hosts to exclude from the scan.
Definition: nasl_builtin_nmap.c:197
xmltag_open_cpe
static void xmltag_open_cpe(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening cpe tag.
Definition: nasl_builtin_nmap.c:1580
scan_globals::network_targets
char * network_targets
Definition: scanneraux.h:34
xmltag_close_hostscript
static void xmltag_close_hostscript(nmap_t *nmap)
Sublevel XML parser callback: handle an closing hostscript tag.
Definition: nasl_builtin_nmap.c:1829
xmltag_close_port
static void xmltag_close_port(nmap_t *nmap)
Sublevel XML parser callback: handle an closing port tag.
Definition: nasl_builtin_nmap.c:1793
script_infos
Definition: scanneraux.h:43
PREF_MIN_HOSTGROUP
#define PREF_MIN_HOSTGROUP
Plugin parameter description: force minimum number of hosts to scan in parallel.
Definition: nasl_builtin_nmap.c:180
nmap_port::version_cpes
GSList * version_cpes
Definition: nasl_builtin_nmap.c:247
nmap_host
Store host information.
Definition: nasl_builtin_nmap.c:257
xmltag_open_service
static void xmltag_open_service(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening service tag.
Definition: nasl_builtin_nmap.c:1542
nmap_port::portno
gchar * portno
Definition: nasl_builtin_nmap.c:239
nmap_t::filename
const gchar * filename
Definition: nasl_builtin_nmap.c:300
PREF_TREAT_ALL_HOST_ONLINE
#define PREF_TREAT_ALL_HOST_ONLINE
Plugin parameter description: skip alive hosts discovery phase.
Definition: nasl_builtin_nmap.c:84
nmap_opt_t::optname
gchar * optname
Definition: nasl_builtin_nmap.c:320
get_attr_value
static gchar * get_attr_value(const gchar *name, const gchar **attribute_names, const gchar **attribute_values)
Helper function: get attribute value from the separate name/value tables.
Definition: nasl_builtin_nmap.c:1845
nmap_host::ports
GSList * ports
Definition: nasl_builtin_nmap.c:270
plug_get_kb
kb_t plug_get_kb(struct script_infos *args)
Definition: plugutils.c:627
nmap_opt_t::flag
gchar * flag
Definition: nasl_builtin_nmap.c:321
xmltag_open_state
static void xmltag_open_state(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening state tag.
Definition: nasl_builtin_nmap.c:1526
set_opentag_callbacks
static void set_opentag_callbacks(GHashTable *open)
Populate the callbacks hashtable with handlers for opening tags.
Definition: nasl_builtin_nmap.c:969
xmltag_open_port
static void xmltag_open_port(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening port tag.
Definition: nasl_builtin_nmap.c:1511
nmap_host::trace
struct traceroute_hop trace[MAX_TRACE_HOPS]
Definition: nasl_builtin_nmap.c:267
nmap_t::env
struct script_infos * env
Definition: nasl_builtin_nmap.c:303
simple_item_destroy
static void simple_item_destroy(gpointer data, gpointer udata)
Simple wrapper to call g_free from within g_slist_foreach statements.
Definition: nasl_builtin_nmap.c:1296
add_scantype_arguments
static int add_scantype_arguments(nmap_t *nmap)
Add the TCP scantype flag to the command line.
Definition: nasl_builtin_nmap.c:868
PREF_MIN_PARALLELISM
#define PREF_MIN_PARALLELISM
Plugin parameter description: force minimum number of parallel active probes.
Definition: nasl_builtin_nmap.c:168
xml_read_text
static void xml_read_text(GMarkupParseContext *context, const gchar *text, gsize text_len, gpointer user_data, GError **error)
Top level XML parser callback: handle text sections and store it into the read buffer if enable_read ...
Definition: nasl_builtin_nmap.c:1414
nmap_port::proto
gchar * proto
Definition: nasl_builtin_nmap.c:238
nmap_destroy
static void nmap_destroy(nmap_t *nmap)
Release a nmap handler and associated resources.
Definition: nasl_builtin_nmap.c:582
PREF_HOST_TIMEOUT
#define PREF_HOST_TIMEOUT
Plugin parameter description: give up on host after this time elapsed.
Definition: nasl_builtin_nmap.c:144
traceroute_hop::host
gchar * host
Definition: nasl_builtin_nmap.c:229
register_service
static void register_service(nmap_t *nmap, struct nmap_port *p)
Save information about a detected service (version) into the knowledge base.
Definition: nasl_builtin_nmap.c:1940
traceroute_hop::rtt
gchar * rtt
Definition: nasl_builtin_nmap.c:230
nmap_host::tcpseq_difficulty
gchar * tcpseq_difficulty
Definition: nasl_builtin_nmap.c:263
PREF_INTERPROBE_DELAY
#define PREF_INTERPROBE_DELAY
Plugin parameter description: set idle interval between probes.
Definition: nasl_builtin_nmap.c:191
xml_start_element
static void xml_start_element(GMarkupParseContext *context, const gchar *element_name, const gchar **attribute_names, const gchar **attribute_values, gpointer user_data, GError **error)
Top level XML parser callback: handle an opening tag and call the corresponding method.
Definition: nasl_builtin_nmap.c:1365
pid
static pid_t pid
Definition: nasl_builtin_nmap.c:499
port_destroy
static void port_destroy(gpointer data, gpointer udata)
Completely release a port object.
Definition: nasl_builtin_nmap.c:1241
FAKE_CELL
#define FAKE_CELL
Definition: nasl_tree.h:119
PREF_TRACEROUTE
#define PREF_TRACEROUTE
Plugin parameter description: perform traceroute.
Definition: nasl_builtin_nmap.c:89
PREF_TCP_SCANNING_TECHNIQUE
#define PREF_TCP_SCANNING_TECHNIQUE
Plugin parameter description: TCP port scanning technique to use.
Definition: nasl_builtin_nmap.c:100
nmap_create
static nmap_t * nmap_create(lex_ctxt *lexic)
Instantiate a new nmap handler, rebuild command line or open XML file to parse.
Definition: nasl_builtin_nmap.c:540
PREF_MIN_RTT_TIMEOUT
#define PREF_MIN_RTT_TIMEOUT
Plugin parameter description: probe round trip time hint (minimal value)
Definition: nasl_builtin_nmap.c:150
nmap_t
Main nmap execution handler.
Definition: nasl_builtin_nmap.c:293
add_target
static int add_target(nmap_t *nmap)
Append scan target to the command line.
Definition: nasl_builtin_nmap.c:1029
PREF_SOURCE_PORT
#define PREF_SOURCE_PORT
Plugin parameter description: set source port.
Definition: nasl_builtin_nmap.c:133
PREF_AGGRESSIVE_OS_DETECT
#define PREF_AGGRESSIVE_OS_DETECT
Plugin parameter description: guess OS from closest match if necessary.
Definition: nasl_builtin_nmap.c:122
nmap_host::best_os
gchar * best_os
Definition: nasl_builtin_nmap.c:261
traceroute_hop
Describe a detected hop on the route.
Definition: nasl_builtin_nmap.c:226
OPT_SET
#define OPT_SET
Checkbox value (when set).
Definition: nasl_builtin_nmap.c:207
xmltag_open_address
static void xmltag_open_address(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening address tag.
Definition: nasl_builtin_nmap.c:1479
name
const char * name
Definition: nasl_init.c:377
nmap_parser::opentag
GHashTable * opentag
Definition: nasl_builtin_nmap.c:279
xmltag_open_distance
static void xmltag_open_distance(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening distance tag.
Definition: nasl_builtin_nmap.c:1708
sig_c
static void sig_c()
Signal handler (Child).
Definition: nasl_builtin_nmap.c:1084
save_hostscripts
static void save_hostscripts(nmap_t *nmap)
Save information about hostrule NSE scripts into the knowledge base.
Definition: nasl_builtin_nmap.c:2131
current_host_reset
static void current_host_reset(nmap_t *nmap)
Clear the current host object.
Definition: nasl_builtin_nmap.c:1207
nse_script_destroy
static void nse_script_destroy(gpointer data, gpointer udata)
Completely release a NSE script object.
Definition: nasl_builtin_nmap.c:1272
nse_script
Handle the results of a NSE script.
Definition: nasl_builtin_nmap.c:217
nmap_parser::rbuff
gchar * rbuff
Definition: nasl_builtin_nmap.c:287
save_traceroute_details
static void save_traceroute_details(nmap_t *nmap)
Save information about network topology to the target (traceroute) into the knowledge base.
Definition: nasl_builtin_nmap.c:2058
PREF_TIMING_POLICY
#define PREF_TIMING_POLICY
Plugin parameter description: select timing template.
Definition: nasl_builtin_nmap.c:138
nmap_parser::in_port
gboolean in_port
Definition: nasl_builtin_nmap.c:284
script_infos::globals
struct scan_globals * globals
Definition: scanneraux.h:45
PREF_IMPORT_XML_FILE
#define PREF_IMPORT_XML_FILE
Plugin parameter description: import XML file.
Definition: nasl_builtin_nmap.c:202
PREF_IDENTIFY_REMOTE_OS
#define PREF_IDENTIFY_REMOTE_OS
Plugin parameter description: perform remote OS fingerprinting.
Definition: nasl_builtin_nmap.c:116
build_cmd_line
static int build_cmd_line(nmap_t *nmap)
Rebuild command line to run according to plugin parameters.
Definition: nasl_builtin_nmap.c:614
nse_script::output
gchar * output
Definition: nasl_builtin_nmap.c:220
nasl_lex_ctxt.h
PREF_MAX_HOSTGROUP
#define PREF_MAX_HOSTGROUP
Plugin parameter description: force maximum number of hosts to scan in parallel.
Definition: nasl_builtin_nmap.c:186
set_closetag_callbacks
static void set_closetag_callbacks(GHashTable *close)
Populate the callbacks hashtable with handlers for closing tags.
Definition: nasl_builtin_nmap.c:1003
xmltag_close_cpe
static void xmltag_close_cpe(nmap_t *nmap)
Sublevel XML parser callback: handle an closing cpe tag.
Definition: nasl_builtin_nmap.c:1806
MAX_TRACE_HOPS
#define MAX_TRACE_HOPS
Maximum number of hops to the target.
Definition: nasl_builtin_nmap.c:72
nmap_parser::in_ports
gboolean in_ports
Definition: nasl_builtin_nmap.c:283
struct_lex_ctxt::oid
const char * oid
Definition: nasl_lex_ctxt.h:42
PREF_NO_DNS
#define PREF_NO_DNS
Plugin parameter description: don't perform reverse resolution on discovered IP addresses.
Definition: nasl_builtin_nmap.c:95
add_arg
static int add_arg(nmap_t *nmap, const gchar *name, const gchar *value)
Add a couple argument/value on the command line.
Definition: nasl_builtin_nmap.c:715
nmap_run_and_parse
static int nmap_run_and_parse(nmap_t *nmap)
Run nmap and parse its XML output (or load an external file if requested).
Definition: nasl_builtin_nmap.c:1099
get_script_args
static gchar * get_script_args(nmap_t *nmap)
Make the comma-separated list of NSE arguments set by the user.
Definition: nasl_builtin_nmap.c:829
CHUNK_LEN
#define CHUNK_LEN
Input chunks size for the XML parser.
Definition: nasl_builtin_nmap.c:67
nmap_host::addr
gchar * addr
Definition: nasl_builtin_nmap.c:259
tmphost_add_port
static void tmphost_add_port(nmap_t *nmap)
Add port information to the current host object.
Definition: nasl_builtin_nmap.c:1308
nmap_host::ipidseq
gchar * ipidseq
Definition: nasl_builtin_nmap.c:264
scan_globals
Definition: scanneraux.h:32
PREF_MAX_PARALLELISM
#define PREF_MAX_PARALLELISM
Plugin parameter description: force maximum number of parallel active probes.
Definition: nasl_builtin_nmap.c:174
xmltag_close_host
static void xmltag_close_host(nmap_t *nmap)
Sublevel XML parser callback: handle an closing host tag.
Definition: nasl_builtin_nmap.c:1769
nmap_port
Store port information.
Definition: nasl_builtin_nmap.c:236
dbg_display_cmdline
static void dbg_display_cmdline(nmap_t *nmap)
Display the final command line for debug.
Definition: nasl_builtin_nmap.c:1057
struct_lex_ctxt::script_infos
struct script_infos * script_infos
Definition: nasl_lex_ctxt.h:41
PRINT_NOT_NULL
#define PRINT_NOT_NULL(x)
nmap_port::version
gchar * version
Definition: nasl_builtin_nmap.c:244
nmap_parser::closetag
GHashTable * closetag
Definition: nasl_builtin_nmap.c:280
tmphost_add_nse_hostscript
static void tmphost_add_nse_hostscript(nmap_t *nmap, gchar *name, gchar *output)
Add NSE hostscript result to the current host object.
Definition: nasl_builtin_nmap.c:1325
nmap_port::port_scripts
GSList * port_scripts
Definition: nasl_builtin_nmap.c:245
TC
Definition: nasl_tree.h:104
struct_lex_ctxt
Definition: nasl_lex_ctxt.h:33
xmltag_open_hostscript
static void xmltag_open_hostscript(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening hostscript tag.
Definition: nasl_builtin_nmap.c:1601
get_plugin_preference_fname
const char * get_plugin_preference_fname(struct script_infos *desc, const char *filename)
Get the file name of a plugins preference that is of type "file".
Definition: plugutils.c:455
xmltag_close_ports
static void xmltag_close_ports(nmap_t *nmap)
Sublevel XML parser callback: handle an closing host tag.
Definition: nasl_builtin_nmap.c:1782
xmltag_open_ports
static void xmltag_open_ports(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening ports tag.
Definition: nasl_builtin_nmap.c:1496
nmap_parser::enable_read
gboolean enable_read
Definition: nasl_builtin_nmap.c:286
nmap_host::state
gchar * state
Definition: nasl_builtin_nmap.c:260
xmltag_open_ipidsequence
static void xmltag_open_ipidsequence(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening ipidsequence tag.
Definition: nasl_builtin_nmap.c:1691
nmap_opt_t
Describe an nmap command line option.
Definition: nasl_builtin_nmap.c:318
ARG_INT
#define ARG_INT
Definition: plugutils.h:34
nmap_t::tmpport
struct nmap_port tmpport
Definition: nasl_builtin_nmap.c:312
PREF_INITIAL_RTT_TIMEOUT
#define PREF_INITIAL_RTT_TIMEOUT
Plugin parameter description: probe round trip time hint (initial value).
Definition: nasl_builtin_nmap.c:162
save_portscripts
static void save_portscripts(nmap_t *nmap)
Save information about postrule NSE scripts into the knowledge base.
Definition: nasl_builtin_nmap.c:2092
plugin_run_nmap
tree_cell * plugin_run_nmap(lex_ctxt *lexic)
Run the nmap_net subsystem.
Definition: nasl_builtin_nmap.c:509
sig_h
static void sig_h()
Signal handler (Halt).
Definition: nasl_builtin_nmap.c:1074
save_host_state
static void save_host_state(nmap_t *nmap)
Store host state (host alive/dead) into the knowledge base.
Definition: nasl_builtin_nmap.c:1891
xmltag_open_osmatch
static void xmltag_open_osmatch(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening osmatch tag.
Definition: nasl_builtin_nmap.c:1617
add_nse_arguments
static int add_nse_arguments(nmap_t *nmap)
Add NSE (nmap scripting engine) related arguments to the command line according to user script select...
Definition: nasl_builtin_nmap.c:758
add_portrange
static int add_portrange(nmap_t *nmap)
Add the range of ports to scan to the command line.
Definition: nasl_builtin_nmap.c:928
save_tcpseq_details
static void save_tcpseq_details(nmap_t *nmap)
Save information about TCP sequence number generation into the knowledge base.
Definition: nasl_builtin_nmap.c:2019
list_free
#define list_free(list, dtor, udata)
Definition: nasl_builtin_nmap.c:1189
PREF_SERVICE_SCAN
#define PREF_SERVICE_SCAN
Plugin parameter description: perform service/version detection scan.
Definition: nasl_builtin_nmap.c:106
xmltag_open_host
static void xmltag_open_host(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening host tag.
Definition: nasl_builtin_nmap.c:1447
nmap_t::tmphost
struct nmap_host tmphost
Definition: nasl_builtin_nmap.c:311
add_timing_arguments
static int add_timing_arguments(nmap_t *nmap)
Add timing template argument to the command line.
Definition: nasl_builtin_nmap.c:899
nmap_port::state
gchar * state
Definition: nasl_builtin_nmap.c:240
nmap_t::parser
struct nmap_parser parser
Definition: nasl_builtin_nmap.c:309
setup_xml_parser
static void setup_xml_parser(nmap_t *nmap)
Setup XML parser internals.
Definition: nasl_builtin_nmap.c:947
plug_set_key
void plug_set_key(struct script_infos *args, char *name, int type, const void *value)
Definition: plugutils.c:585
PREF_FRAGMENT_IP
#define PREF_FRAGMENT_IP
Plugin parameter description: try to evade defense by fragmenting IP packets.
Definition: nasl_builtin_nmap.c:128
get_plugin_preference
char * get_plugin_preference(const char *oid, const char *name)
Definition: plugutils.c:396
current_host_saveall
static void current_host_saveall(nmap_t *nmap)
Dump current host object state into the knowledge base.
Definition: nasl_builtin_nmap.c:1862
nmap_opt_t::argument_required
gboolean argument_required
Definition: nasl_builtin_nmap.c:322
nmap_t::arg_idx
int arg_idx
Definition: nasl_builtin_nmap.c:297
nmap_host::host_scripts
GSList * host_scripts
Definition: nasl_builtin_nmap.c:269
nmap_parser
Handle states for XML parsing.
Definition: nasl_builtin_nmap.c:277
NMAP_CMD
#define NMAP_CMD
Nmap command to call.
Definition: nasl_builtin_nmap.c:77
nmap_port::service
gchar * service
Definition: nasl_builtin_nmap.c:241
nse_script::name
gchar * name
Definition: nasl_builtin_nmap.c:219
xmltag_open_tcpsequence
static void xmltag_open_tcpsequence(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening tcpsequence tag.
Definition: nasl_builtin_nmap.c:1672
tmphost_add_nse_portscript
static void tmphost_add_nse_portscript(nmap_t *nmap, gchar *name, gchar *output)
Add NSE portscript result to a port of the current host.
Definition: nasl_builtin_nmap.c:1343
xmltag_open_script
static void xmltag_open_script(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening script tag.
Definition: nasl_builtin_nmap.c:1647
xmltag_open_status
static void xmltag_open_status(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening status tag.
Definition: nasl_builtin_nmap.c:1462
nmap_host::os_cpes
GSList * os_cpes
Definition: nasl_builtin_nmap.c:271
ARG_STRING
#define ARG_STRING
Definition: plugutils.h:33
xml_end_element
static void xml_end_element(GMarkupParseContext *context, const gchar *element_name, gpointer user_data, GError **error)
Top level XML parser callback: handle an closing tag and call the corresponding method.
Definition: nasl_builtin_nmap.c:1390
nmap_parser::in_host
gboolean in_host
Definition: nasl_builtin_nmap.c:282
xmltag_open_hop
static void xmltag_open_hop(nmap_t *nmap, const gchar **attrnames, const gchar **attrval)
Sublevel XML parser callback: handle an opening hop tag.
Definition: nasl_builtin_nmap.c:1732
nmap_t::oid
const char * oid
Definition: nasl_builtin_nmap.c:306
traceroute_hop::addr
gchar * addr
Definition: nasl_builtin_nmap.c:228
nmap_host::distance
int distance
Definition: nasl_builtin_nmap.c:266
PREF_RPC_PORT_SCAN
#define PREF_RPC_PORT_SCAN
Plugin parameter description: perform RPC port scan.
Definition: nasl_builtin_nmap.c:111
get_script_list
static gchar * get_script_list(nmap_t *nmap)
Make the comma-separated list of NSE scripts selected by the user.
Definition: nasl_builtin_nmap.c:787
save_ipidseq_details
static void save_ipidseq_details(nmap_t *nmap)
Save information about IP ID generation into the knowledge base.
Definition: nasl_builtin_nmap.c:2040
save_open_ports
static void save_open_ports(nmap_t *nmap)
Save information about open ports for the current host into the knowledge base.
Definition: nasl_builtin_nmap.c:1909
nmap_host::os_confidence
int os_confidence
Definition: nasl_builtin_nmap.c:268