/* proxyscan.c August 2010 (C)Copyright 2010 Eric Shalov. All Rights Reserved. An asynchronous TCP port scanner / proxy locator for MacOS/X (Tested on 10.4 and 10.5.8) and Linux (Tested on 2.6) Single-threaded scanner, uses select() to simultaneously scan lotsa ports, spawns a check_proxy() function on ports that connect to check if they're open proxies. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef _LINUX_TYPES_H #include #endif #ifdef _DARWIN_C_SOURCE #include #include #include #endif #define STATE_INITIALIZED 0 #define STATE_ATTEMPTING 1 #define STATE_TIMEOUT 2 #define STATE_REFUSED 3 #define STATE_CONNECTED 4 #define STATE_AWAITING_REPLY 5 #define STATE_SUCCESS 6 #define STATE_FAILED 7 /* For collecting stats */ unsigned long proxies_found = 0, connections_failed = 0, connections_refused = 0, ports_timed_out = 0; #define BUF_SIZE 1024 struct active_connection { int state; int sd; unsigned char ip[4]; int port; struct timeval attempt_began, last_tx, terminated; char buffer[BUF_SIZE]; int buf_bytes; }; int local_mode = 0; int debug = 0; int num_actives = 250; int connection_timeout_secs = 2; int http_reply_timeout = 90; unsigned long refresh_us = 0; /* throttle rate, delay in ns before reusing a connection */ unsigned long select_timeout_secs = 0; /* max time spent in select() */ unsigned long select_timeout_us = 500000; /* max time spent in select() */ unsigned long redraw_frequency_secs = 2; /* minimum delay between redraws */ unsigned long redraw_frequency_us = 0; /* minimum delay between redraws */ struct active_connection *active; int ports_to_scan[] = {80,81,82,90,3128,7000,8000,8080,8081,9000}; char *url = "http://www.nrsc.org/"; char *verification_string = "NRSC"; /* prototypes */ void show_actives(); void new_connection(int i); float load_avg(); void save_proxy(int i); int proxyscan(); int main(int argc, char *argv[]) { int ch; while ((ch = getopt(argc, argv, "c:h:lt:")) != -1) { switch(ch) { case 'c': num_actives = atoi(optarg); break; case 'h': http_reply_timeout = atoi(optarg); break; case 'l': local_mode = 1; break; case 't': connection_timeout_secs = atoi(optarg); break; default: fprintf(stderr, "%s: %s [-c connections] [-h http-timeout] [-t connection-timeout] [-l]\n" "\t-l for local-mode\n", argv[0], argv[0]); exit(1); } } if( num_actives > 250 && geteuid() != 0 ) { fprintf(stderr, "%s: Must be root to use more than 250 connections.\n", argv[0]); exit(1); } active = (struct active_connection *)malloc( sizeof(struct active_connection) * num_actives); proxyscan(); free(active); return 0; } int proxyscan() { int highest_sd; int rval; /* socket descriptor for connect */ int err_val; socklen_t opt_len; struct hostent *hostaddr; //To be used for IPaddress struct sockaddr_in servaddr; //socket structure fd_set read_fds, write_fds, err_fds; struct timeval timer, elapsed, now; char ip_as_string[16]; int i; char request[1024]; int bytes_in; int http_status; struct timeval termination_elapsed; struct timeval last_redraw, redraw_elapsed, redraw_frequency; /* Initialize random-number generator */ gettimeofday(&now, NULL); srand(now.tv_usec); /* Fill the active scanning table */ for(i=0;i) ) { gettimeofday(&last_redraw, NULL); show_actives(); if( load_avg() > 20.0 ) { printf("Whoa, the system's getting busy, shutting down.\n"); exit(1); } } /* Look for any terminated entries in connection table and re-initialize them with fresh ports to search. */ gettimeofday(&now, NULL); for(i=0;i= refresh_us) new_connection(i); } } /* Start connection attempt for any ready (initialized) connections: */ for(i=0;ih_addr, hostaddr->h_length); if(debug) printf("Connecting to %s:%d...\n\n", ip_as_string, active[i].port); rval = connect(active[i].sd, (struct sockaddr *) &servaddr, sizeof(servaddr)); active[i].state = STATE_ATTEMPTING; gettimeofday(&active[i].attempt_began, NULL); } } /* setup the select(). select on all connections that are STATE_ATTEMPTING or STATE_AWAITING_REPLY */ FD_ZERO(&read_fds); FD_ZERO(&write_fds); FD_ZERO(&err_fds); highest_sd = 0; for(i=0;i highest_sd) highest_sd = active[i].sd; } } timer.tv_sec = select_timeout_secs; timer.tv_usec = select_timeout_us; if(debug) printf("select() returned:\n"); select(highest_sd+1, &read_fds, &write_fds, &err_fds, &timer); for(i=0;i 0) { active[i].buf_bytes += bytes_in; if(debug) printf("%d BYTES READ IN ON CONN %d, CONN BUFFER NOW HAS %d BYTES\n", bytes_in, i, active[i].buf_bytes); if(active[i].buf_bytes < BUF_SIZE) active[i].buffer[active[i].buf_bytes] = '\0'; else active[i].buffer[BUF_SIZE-1] = '\0'; if(debug) printf("buffer = [%s]\n", active[i].buffer); printf("\033[23;1H\033[K" "Received %d bytes from %u.%u.%u.%u:%d:\n" "\033[24;1H\033[K", active[i].buf_bytes, active[i].ip[0], active[i].ip[1], active[i].ip[2], active[i].ip[3], active[i].port); { int chars_printed = 0; int p; for(p=0;p= ' ' && active[i].buffer[p] <= '~') { printf("%c", active[i].buffer[p]); ++chars_printed; } } printf("\033[1;1H\n"); /* Look for an HTTP reply status code */ if( sscanf(active[i].buffer,"HTTP/1.0 %d\n", &http_status) == 1) { if(http_status == 200) { if(strstr(active[i].buffer, verification_string)) { if(debug) printf("Connection %d: SUCCESS, PROXY FOUND AT %d.%d.%d.%d:%d!\n", i, active[i].ip[0], active[i].ip[1], active[i].ip[2], active[i].ip[3], active[i].port); active[i].state = STATE_SUCCESS; gettimeofday(&active[i].terminated, NULL); close(active[i].sd); ++proxies_found; /* Add proxy to list... */ save_proxy(i); } else { /* dumb access points and stuff like to give back an HTTP 200 even though they're not giving you what you asked for */ if(debug) printf("Connection %d: Not actually proxying for us.\n", i); active[i].state = STATE_FAILED; gettimeofday(&active[i].terminated, NULL); close(active[i].sd); ++connections_failed; } } else { /* http reply code indicates failure */ if(debug) printf("Connection %d: Undesired HTTP reply code: %d.\n", i, http_status); active[i].state = STATE_FAILED; gettimeofday(&active[i].terminated, NULL); close(active[i].sd); ++connections_failed; } } else { /* no http-reply code found */ if(debug) printf("Connection %d: No HTTP reply code found.\n", i); active[i].state = STATE_FAILED; gettimeofday(&active[i].terminated, NULL); close(active[i].sd); ++connections_failed; } } else { if(debug) printf("Connection %d closed.\n", i); active[i].state = STATE_FAILED; gettimeofday(&active[i].terminated, NULL); close(active[i].sd); ++connections_failed; } } } } for(i=0;i connection_timeout_secs) { gettimeofday(&active[i].terminated, NULL); close(active[i].sd); active[i].state = STATE_TIMEOUT; ++ports_timed_out; } } } for(i=0;i http_reply_timeout) { gettimeofday(&active[i].terminated, NULL); close(active[i].sd); active[i].state = STATE_FAILED; ++connections_failed; } } usleep(100000); /* cpu throttle, cooperative multitasking */ } } void show_actives() { int i; struct timeval now, began_elapsed, tx_elapsed, termination_elapsed; int max_show = 15; gettimeofday(&now, NULL); printf("\033[1;1H" "+---------------+ Load Average: %0.2f | Connection table: %d entries\n" "| PROXY SCANNER | Proxies Found: %3ld | Connected but failed to proxy: %6ld\n" "+---------------+ Timed-out: %6ld | Connection Refused: %6ld (%5.1f%%)\n", load_avg(), num_actives, proxies_found, connections_failed, ports_timed_out, connections_refused, 100.0*connections_refused/(1+proxies_found+connections_failed+ports_timed_out+connections_refused)); printf( "+------+-----------------+-------+---------+----------+----------+----------+\n" "| Conn | IP | Port | Status | Started | Last TX | Stopped |\n" "+------+-----------------+-------+---------+----------+----------+----------+\n"); for(i=0;i