Showing preview only (2,365K chars total). Download the full file or copy to clipboard to get everything.
Repository: robertdavidgraham/masscan
Branch: master
Commit: b99d433505f9
Files: 259
Total size: 2.2 MB
Directory structure:
gitextract_saggdmr8/
├── .gitattributes
├── .github/
│ └── workflows/
│ └── unittests.yml
├── .gitignore
├── LICENSE
├── Makefile
├── README.md
├── VULNINFO.md
├── bin/
│ └── .gitignore
├── data/
│ ├── afl-http.pcap
│ ├── exclude.conf
│ └── flush_all.pcap
├── debian/
│ ├── .gitignore
│ ├── README.Debian
│ ├── changelog
│ ├── compat
│ ├── control
│ ├── copyright
│ ├── masscan.dirs
│ ├── masscan.docs
│ ├── masscan.install
│ ├── masscan.manpages
│ ├── rules
│ ├── source/
│ │ └── format
│ └── watch
├── doc/
│ ├── algorithm.js
│ ├── bot.html
│ ├── faq/
│ │ ├── FAQ0001-slow.md
│ │ ├── FAQ0002-drops.md
│ │ ├── FAQ0003-excludelist.md
│ │ ├── FAQ0004-serverlogs.md
│ │ └── README.md
│ ├── howto-afl.md
│ ├── masscan.8
│ └── masscan.8.markdown
├── src/
│ ├── crypto-base64.c
│ ├── crypto-base64.h
│ ├── crypto-blackrock.c
│ ├── crypto-blackrock.h
│ ├── crypto-blackrock2.c
│ ├── crypto-lcg.c
│ ├── crypto-lcg.h
│ ├── crypto-primegen.c
│ ├── crypto-primegen.h
│ ├── crypto-siphash24.c
│ ├── crypto-siphash24.h
│ ├── event-timeout.c
│ ├── event-timeout.h
│ ├── in-binary.c
│ ├── in-binary.h
│ ├── in-filter.c
│ ├── in-filter.h
│ ├── in-report.c
│ ├── in-report.h
│ ├── main-conf.c
│ ├── main-dedup.c
│ ├── main-dedup.h
│ ├── main-globals.h
│ ├── main-initadapter.c
│ ├── main-listscan.c
│ ├── main-ptrace.c
│ ├── main-ptrace.h
│ ├── main-readrange.c
│ ├── main-readrange.h
│ ├── main-status.c
│ ├── main-status.h
│ ├── main-throttle.c
│ ├── main-throttle.h
│ ├── main.c
│ ├── masscan-app.c
│ ├── masscan-app.h
│ ├── masscan-status.h
│ ├── masscan-version.h
│ ├── masscan.h
│ ├── massip-addr.c
│ ├── massip-addr.h
│ ├── massip-parse.c
│ ├── massip-parse.h
│ ├── massip-port.h
│ ├── massip-rangesv4.c
│ ├── massip-rangesv4.h
│ ├── massip-rangesv6.c
│ ├── massip-rangesv6.h
│ ├── massip.c
│ ├── massip.h
│ ├── misc-rstfilter.c
│ ├── misc-rstfilter.h
│ ├── out-binary.c
│ ├── out-certs.c
│ ├── out-grepable.c
│ ├── out-hostonly.c
│ ├── out-json.c
│ ├── out-ndjson.c
│ ├── out-null.c
│ ├── out-record.h
│ ├── out-redis.c
│ ├── out-tcp-services.c
│ ├── out-tcp-services.h
│ ├── out-text.c
│ ├── out-unicornscan.c
│ ├── out-xml.c
│ ├── output.c
│ ├── output.h
│ ├── pixie-backtrace.c
│ ├── pixie-backtrace.h
│ ├── pixie-file.c
│ ├── pixie-file.h
│ ├── pixie-sockets.h
│ ├── pixie-threads.c
│ ├── pixie-threads.h
│ ├── pixie-timer.c
│ ├── pixie-timer.h
│ ├── proto-arp.c
│ ├── proto-arp.h
│ ├── proto-banner1.c
│ ├── proto-banner1.h
│ ├── proto-banout.c
│ ├── proto-banout.h
│ ├── proto-coap.c
│ ├── proto-coap.h
│ ├── proto-dns-parse.h
│ ├── proto-dns.c
│ ├── proto-dns.h
│ ├── proto-ftp.c
│ ├── proto-ftp.h
│ ├── proto-http.c
│ ├── proto-http.h
│ ├── proto-icmp.c
│ ├── proto-icmp.h
│ ├── proto-imap4.c
│ ├── proto-imap4.h
│ ├── proto-isakmp.c
│ ├── proto-isakmp.h
│ ├── proto-mc.c
│ ├── proto-mc.h
│ ├── proto-memcached.c
│ ├── proto-memcached.h
│ ├── proto-netbios.c
│ ├── proto-netbios.h
│ ├── proto-ntlmssp.c
│ ├── proto-ntlmssp.h
│ ├── proto-ntp.c
│ ├── proto-ntp.h
│ ├── proto-oproto.c
│ ├── proto-oproto.h
│ ├── proto-pop3.c
│ ├── proto-pop3.h
│ ├── proto-preprocess.c
│ ├── proto-preprocess.h
│ ├── proto-sctp.c
│ ├── proto-sctp.h
│ ├── proto-smb.c
│ ├── proto-smb.h
│ ├── proto-smtp.c
│ ├── proto-smtp.h
│ ├── proto-snmp.c
│ ├── proto-snmp.h
│ ├── proto-spnego.h
│ ├── proto-ssh.c
│ ├── proto-ssh.h
│ ├── proto-ssl-test.c
│ ├── proto-ssl.c
│ ├── proto-ssl.h
│ ├── proto-tcp-rdp.c
│ ├── proto-tcp-rdp.h
│ ├── proto-tcp-telnet.c
│ ├── proto-tcp-telnet.h
│ ├── proto-udp.c
│ ├── proto-udp.h
│ ├── proto-versioning.c
│ ├── proto-versioning.h
│ ├── proto-vnc.c
│ ├── proto-vnc.h
│ ├── proto-x509.c
│ ├── proto-x509.h
│ ├── proto-zeroaccess.c
│ ├── proto-zeroaccess.h
│ ├── rawsock-adapter.h
│ ├── rawsock-getif.c
│ ├── rawsock-getip.c
│ ├── rawsock-getip6.c
│ ├── rawsock-getmac.c
│ ├── rawsock-getroute.c
│ ├── rawsock-pcapfile.c
│ ├── rawsock-pcapfile.h
│ ├── rawsock.c
│ ├── rawsock.h
│ ├── read-service-probes.c
│ ├── read-service-probes.h
│ ├── rte-ring.c
│ ├── rte-ring.h
│ ├── scripting-banner.c
│ ├── scripting-masscan.c
│ ├── scripting.c
│ ├── scripting.h
│ ├── smack.h
│ ├── smack1.c
│ ├── smackqueue.c
│ ├── smackqueue.h
│ ├── stack-arpv4.c
│ ├── stack-arpv4.h
│ ├── stack-if.c
│ ├── stack-ndpv6.c
│ ├── stack-ndpv6.h
│ ├── stack-queue.c
│ ├── stack-queue.h
│ ├── stack-src.c
│ ├── stack-src.h
│ ├── stack-tcp-api.h
│ ├── stack-tcp-app.c
│ ├── stack-tcp-app.h
│ ├── stack-tcp-core.c
│ ├── stack-tcp-core.h
│ ├── stub-lua.c
│ ├── stub-lua.h
│ ├── stub-pcap-dlt.h
│ ├── stub-pcap.c
│ ├── stub-pcap.h
│ ├── stub-pfring.c
│ ├── stub-pfring.h
│ ├── syn-cookie.c
│ ├── syn-cookie.h
│ ├── templ-nmap-payloads.c
│ ├── templ-nmap-payloads.h
│ ├── templ-opts.h
│ ├── templ-payloads.c
│ ├── templ-payloads.h
│ ├── templ-pkt.c
│ ├── templ-pkt.h
│ ├── templ-tcp-hdr.c
│ ├── templ-tcp-hdr.h
│ ├── unusedparm.h
│ ├── util-bool.h
│ ├── util-checksum.c
│ ├── util-checksum.h
│ ├── util-errormsg.c
│ ├── util-errormsg.h
│ ├── util-extract.c
│ ├── util-extract.h
│ ├── util-logger.c
│ ├── util-logger.h
│ ├── util-malloc.c
│ ├── util-malloc.h
│ ├── util-safefunc.c
│ ├── util-safefunc.h
│ ├── vulncheck-heartbleed.c
│ ├── vulncheck-ntp-monlist.c
│ ├── vulncheck-sslv3.c
│ ├── vulncheck.c
│ ├── vulncheck.h
│ ├── xring.c
│ └── xring.h
├── tmp/
│ └── .gitignore
├── vs10/
│ ├── .gitignore
│ ├── masscan.sln
│ ├── masscan.vcxproj
│ └── masscan.vcxproj.filters
└── xcode4/
├── .gitignore
└── masscan.xcodeproj/
├── .gitignore
└── project.pbxproj
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitattributes
================================================
*.c text eol=lf
================================================
FILE: .github/workflows/unittests.yml
================================================
name: masscan unit tests
on:
push:
branches: [master]
pull_request:
# The branches below must be a subset of the branches above
branches: [master]
permissions:
contents: read
jobs:
regress:
name: Run regression tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- name: Checkout masscan
uses: actions/checkout@v3
- name: Install libpcap-dev
if: ${{ vars.RUNNER_OS == 'Linux' }}
run: sudo apt-get install -y libpcap-dev
- name: Run regression tests
run: make test
================================================
FILE: .gitignore
================================================
paused.conf
.Makefile.swp
.vscode
vs10/.vs/
================================================
FILE: LICENSE
================================================
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for
software and other kinds of works, specifically designed to ensure
cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
our General Public Licenses are intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights
with two steps: (1) assert copyright on the software, and (2) offer
you this License which gives you legal permission to copy, distribute
and/or modify the software.
A secondary benefit of defending all users' freedom is that
improvements made in alternate versions of the program, if they
receive widespread use, become available for other developers to
incorporate. Many developers of free software are heartened and
encouraged by the resulting cooperation. However, in the case of
software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and
letting the public access it on a server without ever releasing its
source code to the public.
The GNU Affero General Public License is designed specifically to
ensure that, in such cases, the modified source code becomes available
to the community. It requires the operator of a network server to
provide the source code of the modified version running there to the
users of that server. Therefore, public use of a modified version, on
a publicly accessible server, gives the public access to the source
code of the modified version.
An older license, called the Affero General Public License and
published by Affero, was designed to accomplish similar goals. This is
a different license, not a version of the Affero GPL, but Affero has
released a new version of the Affero GPL which permits relicensing under
this license.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the work with which it is combined will remain governed by version
3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU Affero General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU Affero General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU Affero General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU Affero General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer
network, you should also make sure that it provides a way for users to
get its source. For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code. There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<https://www.gnu.org/licenses/>.
================================================
FILE: Makefile
================================================
# If Windows, then assume the compiler is `gcc` for the
# MinGW environment. I can't figure out how to tell if it's
# actually MingGW. FIXME TODO
ifeq ($(OS),Windows_NT)
CC = gcc
endif
# Try to figure out the default compiler. I dont know the best
# way to do this with `gmake`. If you have better ideas, please
# submit a pull request on github.
ifeq ($(CC),)
ifneq (, $(shell which clang))
CC = clang
else ifneq (, $(shell which gcc))
CC = gcc
else
CC = cc
endif
endif
PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
SYS := $(shell $(CC) -dumpmachine)
GITVER := $(shell git describe --tags)
INSTALL_DATA := -pDm755
ifeq ($(GITVER),)
GITVER = "unknown"
endif
# LINUX
# The automated regression tests run on Linux, so this is the one
# environment where things likely will work -- as well as anything
# works on the bajillion of different Linux environments
ifneq (, $(findstring linux, $(SYS)))
ifneq (, $(findstring musl, $(SYS)))
LIBS =
else
LIBS = -lm -lrt -ldl -lpthread
endif
INCLUDES =
FLAGS2 =
endif
# MAC OS X
# I occassionally develope code on Mac OS X, but it's not part of
# my regularly regression-test environment. That means at any point
# in time, something might be minorly broken in Mac OS X.
ifneq (, $(findstring darwin, $(SYS)))
LIBS = -lm
INCLUDES = -I.
FLAGS2 =
INSTALL_DATA = -pm755
endif
# MinGW on Windows
# I develope on Visual Studio 2010, so that's the Windows environment
# that'll work. However, 'git' on Windows runs under MingGW, so one
# day I acccidentally typed 'make' instead of 'git, and felt compelled
# to then fix all the errors, so this kinda works now. It's not the
# intended environment, so it make break in the future.
ifneq (, $(findstring mingw, $(SYS)))
INCLUDES = -Ivs10/include
LIBS = -L vs10/lib -lIPHLPAPI -lWs2_32
#FLAGS2 = -march=i686
endif
# Cygwin
# I hate Cygwin, use Visual Studio or MingGW instead. I just put this
# second here for completeness, or in case I gate tired of hitting my
# head with a hammer and want to feel a different sort of pain.
ifneq (, $(findstring cygwin, $(SYS)))
INCLUDES = -I.
LIBS =
FLAGS2 =
endif
# OpenBSD
ifneq (, $(findstring openbsd, $(SYS)))
LIBS = -lm -lpthread
INCLUDES = -I.
FLAGS2 =
endif
# FreeBSD
ifneq (, $(findstring freebsd, $(SYS)))
LIBS = -lm -lpthread
INCLUDES = -I.
FLAGS2 =
endif
# NetBSD
ifneq (, $(findstring netbsd, $(SYS)))
LIBS = -lm -lpthread
INCLUDES = -I.
FLAGS2 =
endif
DEFINES =
CFLAGS = -g -ggdb $(FLAGS2) $(INCLUDES) $(DEFINES) -Wall -O2
.SUFFIXES: .c .cpp
all: bin/masscan
tmp/main-conf.o: src/main-conf.c src/*.h
$(CC) $(CFLAGS) -c $< -o $@ -DGIT=\"$(GITVER)\"
# just compile everything in the 'src' directory. Using this technique
# means that include file dependencies are broken, so sometimes when
# the program crashes unexpectedly, 'make clean' then 'make' fixes the
# problem that a .h file was out of date
tmp/%.o: src/%.c src/*.h
$(CC) $(CFLAGS) -c $< -o $@
SRC = $(sort $(wildcard src/*.c))
OBJ = $(addprefix tmp/, $(notdir $(addsuffix .o, $(basename $(SRC)))))
bin/masscan: $(OBJ)
$(CC) $(CFLAGS) -o $@ $(OBJ) $(LDFLAGS) $(LIBS)
clean:
rm -f tmp/*.o
rm -f bin/masscan
regress: bin/masscan
bin/masscan --selftest
test: regress
install: bin/masscan
install $(INSTALL_DATA) bin/masscan $(DESTDIR)$(BINDIR)/masscan
default: bin/masscan
================================================
FILE: README.md
================================================
[](https://github.com/robertdavidgraham/masscan/actions/workflows/unittests.yml/?branch=master)
# MASSCAN: Mass IP port scanner
This is an Internet-scale port scanner. It can scan the entire Internet
in under 5 minutes, transmitting 10 million packets per second,
from a single machine.
Its usage (parameters, output) is similar to `nmap`, the most famous port scanner.
When in doubt, try one of those features -- features that support widespread
scanning of many machines are supported, while in-depth scanning of single
machines aren't.
Internally, it uses asynchronous transmission, similar to port scanners
like `scanrand`, `unicornscan`, and `ZMap`. It's more flexible, allowing
arbitrary port and address ranges.
NOTE: masscan uses its own **ad hoc TCP/IP stack**. Anything other than
simple port scans may cause conflict with the local TCP/IP stack. This means you
need to use either the `--src-ip` option to run from a different IP address, or
use `--src-port` to configure which source ports masscan uses, then also
configure the internal firewall (like `pf` or `iptables`) to firewall those ports
from the rest of the operating system.
This tool is free, but consider contributing money to its development:
Bitcoin wallet address: 1MASSCANaHUiyTtR3bJ2sLGuMw5kDBaj4T
# Building
On Debian/Ubuntu, it goes something like the following. It doesn't
really have any dependencies other than a C compiler (such as `gcc`
or `clang`).
sudo apt-get --assume-yes install git make gcc
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
This puts the program in the `masscan/bin` subdirectory.
To install it (on Linux) run:
make install
The source consists of a lot of small files, so building goes a lot faster
by using the multi-threaded build. This requires more than 2gigs on a
Raspberry Pi (and breaks), so you might use a smaller number, like `-j4` rather than
all possible threads.
make -j
While Linux is the primary target platform, the code runs well on many other
systems (Windows, macOS, etc.). Here's some additional build info:
* Windows w/ Visual Studio: use the VS10 project
* Windows w/ MinGW: just type `make`
* Windows w/ cygwin: won't work
* Mac OS X /w XCode: use the XCode4 project
* Mac OS X /w cmdline: just type `make`
* FreeBSD: type `gmake`
* other: try just compiling all the files together, `cc src/*.c -o bin/masscan`
On macOS, the x86 binaries seem to work just as fast under ARM emulation.
# Usage
Usage is similar to `nmap`. To scan a network segment for some ports:
# masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112
This will:
* scan the `10.x.x.x` subnet, and `2603:3001:2d00:da00::x` subnets
* scans port 80 and the range 8000 to 8100, or 102 ports total, on both subnets
* print output to `<stdout>` that can be redirected to a file
To see the complete list of options, use the `--echo` feature. This
dumps the current configuration and exits. This output can be used as input back
into the program:
# masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112 --echo > xxx.conf
# masscan -c xxx.conf --rate 1000
## Banner checking
Masscan can do more than just detect whether ports are open. It can also
complete the TCP connection and interaction with the application at that
port in order to grab simple "banner" information.
Masscan supports banner checking on the following protocols:
* FTP
* HTTP
* IMAP4
* memcached
* POP3
* SMTP
* SSH
* SSL
* SMBv1
* SMBv2
* Telnet
* RDP
* VNC
The problem with this is that masscan contains its own TCP/IP stack
separate from the system you run it on. When the local system receives
a SYN-ACK from the probed target, it responds with a RST packet that kills
the connection before masscan can grab the banner.
The easiest way to prevent this is to assign masscan a separate IP
address. This would look like one of the following examples:
# masscan 10.0.0.0/8 -p80 --banners --source-ip 192.168.1.200
# masscan 2a00:1450:4007:810::/112 -p80 --banners --source-ip 2603:3001:2d00:da00:91d7:b54:b498:859d
The address you choose has to be on the local subnet and not otherwise
be used by another system. Masscan will warn you that you've made a
mistake, but you might've messed up the other machine's communications
for several minutes, so be careful.
In some cases, such as WiFi, this isn't possible. In those cases, you can
firewall the port that masscan uses. This prevents the local TCP/IP stack
from seeing the packet, but masscan still sees it since it bypasses the
local stack. For Linux, this would look like:
# iptables -A INPUT -p tcp --dport 61000 -j DROP
# masscan 10.0.0.0/8 -p80 --banners --source-port 61000
You probably want to pick ports that don't conflict with ports Linux might otherwise
choose for source-ports. You can see the range Linux uses, and reconfigure
that range, by looking in the file:
/proc/sys/net/ipv4/ip_local_port_range
On the latest version of Kali Linux (2018-August), that range is 32768 to 60999, so
you should choose ports either below 32768 or 61000 and above.
Setting an `iptables` rule only lasts until the next reboot. You need to lookup how to
save the configuration depending upon your distro, such as using `iptables-save`
and/or `iptables-persistent`.
On Mac OS X and BSD, there are similar steps. To find out the ranges to avoid,
use a command like the following:
# sysctl net.inet.ip.portrange.first net.inet.ip.portrange.last
On FreeBSD and older MacOS, use an `ipfw` command:
# sudo ipfw add 1 deny tcp from any to any 40000 in
# masscan 10.0.0.0/8 -p80 --banners --source-port 40000
On newer MacOS and OpenBSD, use the `pf` packet-filter utility.
Edit the file `/etc/pf.conf` to add a line like the following:
block in proto tcp from any to any port 40000:40015
Then to enable the firewall, run the command:
# pfctl -E
If the firewall is already running, then either reboot or reload the rules
with the following command:
# pfctl -f /etc/pf.conf
Windows doesn't respond with RST packets, so neither of these techniques
are necessary. However, masscan is still designed to work best using its
own IP address, so you should run that way when possible, even when it is
not strictly necessary.
The same thing is needed for other checks, such as the `--heartbleed` check,
which is just a form of banner checking.
## How to scan the entire Internet
While useful for smaller, internal networks, the program is really designed
with the entire Internet in mind. It might look something like this:
# masscan 0.0.0.0/0 -p0-65535
Scanning the entire Internet is bad. For one thing, parts of the Internet react
badly to being scanned. For another thing, some sites track scans and add you
to a ban list, which will get you firewalled from useful parts of the Internet.
Therefore, you want to exclude a lot of ranges. To blacklist or exclude ranges,
you want to use the following syntax:
# masscan 0.0.0.0/0 -p0-65535 --excludefile exclude.txt
This just prints the results to the command-line. You probably want them
saved to a file instead. Therefore, you want something like:
# masscan 0.0.0.0/0 -p0-65535 -oX scan.xml
This saves the results in an XML file, allowing you to easily dump the
results in a database or something.
But, this only goes at the default rate of 100 packets/second, which will
take forever to scan the Internet. You need to speed it up as so:
# masscan 0.0.0.0/0 -p0-65535 --max-rate 100000
This increases the rate to 100,000 packets/second, which will scan the
entire Internet (minus excludes) in about 10 hours per port (or 655,360 hours
if scanning all ports).
The thing to notice about this command-line is that these are all `nmap`
compatible options. In addition, "invisible" options compatible with `nmap`
are also set for you: `-sS -Pn -n --randomize-hosts --send-eth`. Likewise,
the format of the XML file is inspired by `nmap`. There are, of course, a
lot of differences, because the *asynchronous* nature of the program
leads to a fundamentally different approach to the problem.
The above command-line is a bit cumbersome. Instead of putting everything
on the command-line, it can be stored in a file instead. The above settings
would look like this:
# My Scan
rate = 100000.00
output-format = xml
output-status = all
output-filename = scan.xml
ports = 0-65535
range = 0.0.0.0-255.255.255.255
excludefile = exclude.txt
To use this configuration file, use the `-c`:
# masscan -c myscan.conf
This also makes things easier when you repeat a scan.
By default, masscan first loads the configuration file
`/etc/masscan/masscan.conf`. Any later configuration parameters override what's
in this default configuration file. That's where I put my "excludefile"
parameter so that I don't ever forget it. It just works automatically.
## Getting output
By default, masscan produces fairly large text files, but it's easy
to convert them into any other format. There are five supported output formats:
1. xml: Just use the parameter `-oX <filename>`.
Or, use the parameters `--output-format xml` and `--output-filename <filename>`.
2. binary: This is the masscan builtin format. It produces much smaller files so that
when I scan the Internet my disk doesn't fill up. They need to be parsed,
though. The command-line option `--readscan` will read binary scan files.
Using `--readscan` with the `-oX` option will produce an XML version of the
results file.
3. grepable: This is an implementation of the Nmap -oG
output that can be easily parsed by command-line tools. Just use the
parameter `-oG <filename>`. Or, use the parameters `--output-format grepable` and
`--output-filename <filename>`.
4. json: This saves the results in JSON format. Just use the
parameter `-oJ <filename>`. Or, use the parameters `--output-format json` and
`--output-filename <filename>`.
5. list: This is a simple list with one host and port pair
per line. Just use the parameter `-oL <filename>`. Or, use the parameters
`--output-format list` and `--output-filename <filename>`. The format is:
```
<port state> <protocol> <port number> <IP address> <POSIX timestamp>
open tcp 80 XXX.XXX.XXX.XXX 1390380064
```
## Comparison with Nmap
Where reasonable, every effort has been taken to make the program familiar
to `nmap` users, even though it's fundamentally different. Masscan is tuned
for wide range scanning of a lot of machines, whereas nmap is designed for
intensive scanning of a single machine or a small range.
Two important differences are:
* no default ports to scan, you must specify `-p <ports>`
* target hosts are IP addresses or simple ranges, not DNS names, nor
the funky subnet ranges `nmap` can use (like `10.0.0-255.0-255`).
You can think of `masscan` as having the following settings permanently
enabled:
* `-sS`: this does SYN scan only (currently, will change in the future)
* `-Pn`: doesn't ping hosts first, which is fundamental to the async operation
* `-n`: no DNS resolution happens
* `--randomize-hosts`: scan completely randomized, always, you can't change this
* `--send-eth`: sends using raw `libpcap`
If you want a list of additional `nmap` compatible settings, use the following
command:
# masscan --nmap
## Transmit rate (IMPORTANT!!)
This program spews out packets very fast. On Windows, or from VMs,
it can do 300,000 packets/second. On Linux (no virtualization) it'll
do 1.6 million packets-per-second. That's fast enough to melt most networks.
Note that it'll only melt your own network. It randomizes the target
IP addresses so that it shouldn't overwhelm any distant network.
By default, the rate is set to 100 packets/second. To increase the rate to
a million use something like `--rate 1000000`.
When scanning the IPv4 Internet, you'll be scanning lots of subnets,
so even though there's a high rate of packets going out, each
target subnet will receive a small rate of incoming packets.
However, with IPv6 scanning, you'll tend to focus on a single
target subnet with billions of addresses. Thus, your default
behavior will overwhelm the target network. Networks often
crash under the load that masscan can generate.
# Design
This section describes the major design issues of the program.
## Code Layout
The file `main.c` contains the `main()` function, as you'd expect. It also
contains the `transmit_thread()` and `receive_thread()` functions. These
functions have been deliberately flattened and heavily commented so that you
can read the design of the program simply by stepping line-by-line through
each of these.
## Asynchronous
This is an *asynchronous* design. In other words, it is to `nmap` what
the `nginx` web-server is to `Apache`. It has separate transmit and receive
threads that are largely independent from each other. It's the same sort of
design found in `scanrand`, `unicornscan`, and `ZMap`.
Because it's asynchronous, it runs as fast as the underlying packet transmit
allows.
## Randomization
A key difference between Masscan and other scanners is the way it randomizes
targets.
The fundamental principle is to have a single index variable that starts at
zero and is incremented by one for every probe. In C code, this is expressed
as:
for (i = 0; i < range; i++) {
scan(i);
}
We have to translate the index into an IP address. Let's say that you want to
scan all "private" IP addresses. That would be the table of ranges like:
192.168.0.0/16
10.0.0.0/8
172.16.0.0/12
In this example, the first 64k indexes are appended to 192.168.x.x to form
the target address. Then, the next 16-million are appended to 10.x.x.x.
The remaining indexes in the range are applied to 172.16.x.x.
In this example, we only have three ranges. When scanning the entire Internet,
we have in practice more than 100 ranges. That's because you have to blacklist
or exclude a lot of sub-ranges. This chops up the desired range into hundreds
of smaller ranges.
This leads to one of the slowest parts of the code. We transmit 10 million
packets per second and have to convert an index variable to an IP address
for each and every probe. We solve this by doing a "binary search" in a small
amount of memory. At this packet rate, cache efficiencies start to dominate
over algorithm efficiencies. There are a lot of more efficient techniques in
theory, but they all require so much memory as to be slower in practice.
We call the function that translates from an index into an IP address
the `pick()` function. In use, it looks like:
for (i = 0; i < range; i++) {
ip = pick(addresses, i);
scan(ip);
}
Masscan supports not only IP address ranges, but also port ranges. This means
we need to pick from the index variable both an IP address and a port. This
is fairly straightforward:
range = ip_count * port_count;
for (i = 0; i < range; i++) {
ip = pick(addresses, i / port_count);
port = pick(ports, i % port_count);
scan(ip, port);
}
This leads to another expensive part of the code. The division/modulus
instructions are around 90 clock cycles, or 30 nanoseconds, on x86 CPUs. When
transmitting at a rate of 10 million packets/second, we have only
100 nanoseconds per packet. I see no way to optimize this any better. Luckily,
though, two such operations can be executed simultaneously, so doing two
of these, as shown above, is no more expensive than doing one.
There are actually some easy optimizations for the above performance problems,
but they all rely upon `i++`, the fact that the index variable increases one
by one through the scan. Actually, we need to randomize this variable. We
need to randomize the order of IP addresses that we scan or we'll blast the
heck out of target networks that aren't built for this level of speed. We
need to spread our traffic evenly over the target.
The way we randomize is simply by encrypting the index variable. By definition,
encryption is random and creates a 1-to-1 mapping between the original index
variable and the output. This means that while we linearly go through the
range, the output IP addresses are completely random. In code, this looks like:
range = ip_count * port_count;
for (i = 0; i < range; i++) {
x = encrypt(i);
ip = pick(addresses, x / port_count);
port = pick(ports, x % port_count);
scan(ip, port);
}
This also has a major cost. Since the range is an unpredictable size instead
of a nice even power of 2, we can't use cheap binary techniques like
AND (&) and XOR (^). Instead, we have to use expensive operations like
MODULUS (%). In my current benchmarks, it's taking 40 nanoseconds to
encrypt the variable.
This architecture allows for lots of cool features. For example, it supports
"shards". You can set up 5 machines each doing a fifth of the scan or
`range / shard_count`. Shards can be multiple machines, or simply multiple
network adapters on the same machine, or even (if you want) multiple IP
source addresses on the same network adapter.
Or, you can use a 'seed' or 'key' to the encryption function, so that you get
a different order each time you scan, like `x = encrypt(seed, i)`.
We can also pause the scan by exiting out of the program, and simply
remembering the current value of `i`, and restart it later. I do that a lot
during development. I see something going wrong with my Internet scan, so
I hit <ctrl-c> to stop the scan, then restart it after I've fixed the bug.
Another feature is retransmits/retries. Packets sometimes get dropped on the
Internet, so you can send two packets back-to-back. However, something that
drops one packet may drop the immediately following packet. Therefore, you
want to send the copy about 1 second apart. This is simple. We already have
a 'rate' variable, which is the number of packets-per-second rate we are
transmitting at, so the retransmit function is simply to use `i + rate`
as the index. One of these days I'm going to do a study of the Internet,
and differentiate "back-to-back", "1 second", "10 second", and "1 minute"
retransmits this way in order to see if there is any difference in what
gets dropped.
## C10 Scalability
The asynchronous technique is known as a solution to the "c10k problem".
Masscan is designed for the next level of scalability, the "C10M problem".
The C10M solution is to bypass the kernel. There are three primary kernel
bypasses in Masscan:
* custom network driver
* user-mode TCP stack
* user-mode synchronization
Masscan can use the PF_RING DNA driver. This driver DMAs packets directly
from user-mode memory to the network driver with zero kernel involvement.
That allows software, even with a slow CPU, to transmit packets at the maximum
rate the hardware allows. If you put 8 10-gbps network cards in a computer,
this means it could transmit at 100-million packets/second.
Masscan has its own built-in TCP stack for grabbing banners from TCP
connections. This means it can easily support 10 million concurrent TCP
connections, assuming of course that the computer has enough memory.
Masscan has no "mutex". Modern mutexes (aka. futexes) are mostly user-mode,
but they have two problems. The first problem is that they cause cache-lines
to bounce quickly back-and-forth between CPUs. The second is that when there
is contention, they'll do a system call into the kernel, which kills
performance. A mutex on the fast path of a program severely limits scalability.
Instead, Masscan uses "rings" to synchronize things, such as when the
user-mode TCP stack in the receive thread needs to transmit a packet without
interfering with the transmit thread.
## Portability
The code runs well on Linux, Windows, and Mac OS X. All the important bits are
in standard C (C90). Therefore, it compiles on Visual Studio with Microsoft's
compiler, the Clang/LLVM compiler on Mac OS X, and GCC on Linux.
Windows and Macs aren't tuned for packet transmit, and get only about 300,000
packets-per-second, whereas Linux can do 1,500,000 packets/second. That's
probably faster than you want anyway.
## Safe code
A bounty is offered for vulnerabilities, see the VULNINFO.md file for more
information.
This project uses safe functions like `safe_strcpy()` instead of unsafe functions
like `strcpy()`.
This project has automated unit regression tests (`make regress`).
## Compatibility
A lot of effort has gone into making the input/output look like `nmap`, which
everyone who does port scans is (or should be) familiar with.
## IPv6 and IPv4 coexistence
Masscan supports IPv6, but there is no special mode, both are supported
at the same time. (There is no `-6` option -- it's always available).
In any example you see of masscan usage,
simply put an IPv6 address where you see an IPv4 address. You can include
IPv4 and IPv6 addresses simultaneously in the same scan. Output includes
the appropriate address at the same location, with no special marking.
Just remember that IPv6 address space is really big. You probably don't want to scan
for big ranges, except maybe the first 64k addresses of a subnet that were assigned
via DHCPv6.
Instead, you'll probably want to scan large lists of addresses stored
in a file (`--include-file filename.txt`) that you got from other sources.
Like everywhere else, this file can contain lists of both IPv4 and IPv6 addresses.
The test file I use contains 8 million addresses. Files of that size need a couple
extra seconds to be read on startup (masscan sorts the addresses and removes
duplicates before scanning).
Remember that masscan contains its own network stack. Thus, the local machine
you run masscan from does not need to be IPv6 enabled -- though the local
network needs to be able to route IPv6 packets.
## PF_RING
To get beyond 2 million packets/second, you need an Intel 10-gbps Ethernet
adapter and a special driver known as ["PF_RING ZC" from ntop](http://www.ntop.org/products/packet-capture/pf_ring/pf_ring-zc-zero-copy/). Masscan doesn't need to be rebuilt in order to use PF_RING. To use PF_RING,
you need to build the following components:
* `libpfring.so` (installed in /usr/lib/libpfring.so)
* `pf_ring.ko` (their kernel driver)
* `ixgbe.ko` (their version of the Intel 10-gbps Ethernet driver)
You don't need to build their version of `libpcap.so`.
When Masscan detects that an adapter is named something like `zc:enp1s0` instead
of something like `enp1s0`, it'll automatically switch to PF_RING ZC mode.
A more detail discussion can be found in **PoC||GTFO 0x15**.
## Regression testing
The project contains a built-in unit test:
$ make test
bin/masscan --selftest
selftest: success!
This tests a lot of tricky bits of the code. You should do this after building.
## Performance testing
To test performance, run something like the following to a throw-away address,
to avoid overloading your local router:
$ bin/masscan 0.0.0.0/4 -p80 --rate 100000000 --router-mac 66-55-44-33-22-11
The bogus `--router-mac` keeps packets on the local network segments so that
they won't go out to the Internet.
You can also test in "offline" mode, which is how fast the program runs
without the transmit overhead:
$ bin/masscan 0.0.0.0/4 -p80 --rate 100000000 --offline
This second benchmark shows roughly how fast the program would run if it were
using PF_RING, which has near zero overhead.
By the way, the randomization algorithm makes heavy use of "integer arithmetic",
a chronically slow operation on CPUs. Modern CPUs have doubled the speed
at which they perform this calculation, making `masscan` much faster.
# Authors
This tool created by Robert Graham:
email: robert_david_graham@yahoo.com
twitter: @ErrataRob
# License
Copyright (c) 2013 Robert David Graham
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, version 3 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
================================================
FILE: VULNINFO.md
================================================
# Vulnerability Information and Policy
This document contains information about robustness of this project against
hacker attacks. It describes known vulnerabilities that have been found
in previous versions, and describes policies how vulnerabilities are handled.
## Security contact
robert_david_graham@yahoo.com
@ErrataRob on twitter
## Known vulnerabilities and advisories
none
## Bounty
I'm offering $100, payable in cash or Bitcoin, for security vulnerabilities.
This is primarily for remote vulnerabilities, such as the ability of a target
to buffer-overflow the scanner, or even cause it to crash.
But I'd consider other vulnerabilities as well. Does Kali ship this with suid
and there's a preload bug? That's not really a vuln in this code, but if it's
something I could fix, I'd consider paying a bounty for it.
## Disclosure policy
If you've got a vuln, just announce it. Please send info to the contact above
as well, please.
I'll probably get around to fixing it within a month or so. This really isn't
heavily used software, so I'm lax on this.
## Threats
The primary threat is from hostile targets on the Internet sending back
responses in order to:
* exploit a buffer-overflow vulnerability
* spoof packets trying to give fraudulent scan results (mitigated with our
SYN cookies)
* flood packets trying to overload bandwidth/storage
* bad data, such as corrupting banners or DNS names trying to exploit
downstream consumers with bad html or script tags.
The secondary threat is from use of the program. For example, when a bad
parameter is entered on the command-line, the program spits it back out
in a helpful error message. This is fine for a command-line program that
should run as `root` anyway, but if somebody tries to make it into a
scriptable service, this becomes a potential vulnerability.
## Safe code policy
Unsafe functions like `strcpy()` are banned.
The code contains an automated regression test by running with the
`--regress` option. However, currently the regression only tests
a small percentage of the code.
================================================
FILE: bin/.gitignore
================================================
*
!.gitignore
================================================
FILE: data/exclude.conf
================================================
# http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
# http://tools.ietf.org/html/rfc5735
# "This" network
0.0.0.0/8
# Private networks
10.0.0.0/8
# Carrier-grade NAT - RFC 6598
100.64.0.0/10
# Host loopback
127.0.0.0/8
# Link local
169.254.0.0/16
# Private networks
172.16.0.0/12
# IETF Protocol Assignments
192.0.0.0/24
# DS-Lite
192.0.0.0/29
# NAT64
192.0.0.170/32
# DNS64
192.0.0.171/32
# Documentation (TEST-NET-1)
192.0.2.0/24
# 6to4 Relay Anycast
192.88.99.0/24
# Private networks
192.168.0.0/16
# Benchmarking
198.18.0.0/15
# Documentation (TEST-NET-2)
198.51.100.0/24
# Documentation (TEST-NET-3)
203.0.113.0/24
# Reserved
240.0.0.0/4
# Limited Broadcast
255.255.255.255/32
#Received: from elbmasnwh002.us-ct-eb01.gdeb.com ([153.11.13.41]
# helo=ebsmtp.gdeb.com) by mx1.gd-ms.com with esmtp (Exim 4.76) (envelope-from
# <bmandes@gdeb.com>) id 1VS55c-0004qL-0F for support@erratasec.com; Fri, 04
# Oct 2013 09:06:40 -0400
#To: <support@erratasec.com>
#CC: <ebsoc@gdeb.com>
#Subject: Scanning and Probing our network
#From: Robert Mandes <bmandes@gdeb.com>
#Date: Fri, 4 Oct 2013 09:06:36 -0400
#
#Stop scanning and probing our network, 153.11.0.0/16. We are a defense
#contractor and report to Federal law enforcement authorities when scans
#and probes are directed at our network. I assume you don't want to be
#part of that report. Please permanently remove our network range from
#your current and future research.
#
#Thank you
#
#Robert Mandes
#Information Security Officer
#General Dynamics
#Electric Boat
#
#C 860-625-0605
#P 860-433-1553
153.11.0.0/16
#Date: Mon, 7 Oct 2013 17:25:41 -0700
#Subject: Re: please stop the attack to our router
#From: Di Li <di@egihosting.com>
#
#Make sure you stop the scan immediately, that's not OK for any company or
#organization scan our network at all.
#
#If you fail to do that we will block whole traffic from ASN 10439, and we
#will file a police report after that.
#
#Let me know when you stop, since we still receive the attack from you, and
#by the way your scan are not going anywhere, it's was dropped from our edge
#since the first 5 scan
#
#Oct 7 17:17:32:I:SNMP: Auth. failure, intruder IP: 209.126.230.72
#...
#Oct 7 16:55:27:I:SNMP: Auth. failure, intruder IP: 209.126.230.72
#
#Di
4.53.201.0/24
5.152.179.0/24
8.12.162.0-8.12.164.255
8.14.84.0/22
8.14.145.0-8.14.147.255
8.17.250.0-8.17.252.255
23.27.0.0/16
23.231.128.0/17
37.72.172.0/23
38.72.200.0/22
50.93.192.0-50.93.197.255
50.115.128.0/20
50.117.0.0/17
50.118.128.0/17
63.141.222.0/24
64.62.253.0/24
64.92.96.0/19
64.145.79.0/24
64.145.82.0/23
64.158.146.0/23
65.49.24.0/24
65.49.93.0/24
65.162.192.0/22
66.79.160.0/19
66.160.191.0/24
68.68.96.0/20
69.46.64.0/19
69.176.80.0/20
72.13.80.0/20
72.52.76.0/24
74.82.43.0/24
74.82.160.0/19
74.114.88.0/22
74.115.0.0/24
74.115.2.0/24
74.115.4.0/24
74.122.100.0/22
75.127.0.0/24
103.251.91.0/24
108.171.32.0/24
108.171.42.0/24
108.171.52.0/24
108.171.62.0/24
118.193.78.0/23
130.93.16.0/23
136.0.0.0/16
142.111.0.0/16
142.252.0.0/16
146.82.55.93
149.54.136.0/21
149.54.152.0/21
166.88.0.0/16
172.252.0.0/16
173.245.64.0/19
173.245.194.0/23
173.245.220.0/22
173.252.192.0/18
178.18.16.0/22
178.18.26.0-178.18.29.255
183.182.22.0/24
192.92.114.0/24
192.155.160.0/19
192.177.0.0/16
192.186.0.0/18
192.249.64.0/20
192.250.240.0/20
194.110.214.0/24
198.12.120.0-198.12.122.255
198.144.240.0/20
199.33.120.0/24
199.33.124.0/22
199.48.147.0/24
199.68.196.0/22
199.127.240.0/21
199.187.168.0/22
199.188.238.0/23
199.255.208.0/24
203.12.6.0/24
204.13.64.0/21
204.16.192.0/21
204.19.238.0/24
204.74.208.0/20
205.159.189.0/24
205.164.0.0/18
205.209.128.0/18
206.108.52.0/23
206.165.4.0/24
208.77.40.0/21
208.80.4.0/22
208.123.223.0/24
209.51.185.0/24
209.54.48.0/20
209.107.192.0/23
209.107.210.0/24
209.107.212.0/24
211.156.110.0/23
216.83.33.0-216.83.49.255
216.83.51.0-216.83.63.255
216.151.183.0/24
216.151.190.0/23
216.172.128.0/19
216.185.36.0/24
216.218.233.0/24
216.224.112.0/20
#Received: from [194.77.40.242] (HELO samba.agouros.de)
# for abuse@erratasec.com; Sat, 12 Oct 2013 09:55:35 -0500
#Received: from rumba.agouros.de (rumba-internal [192.168.8.1]) by
# samba.agouros.de (Postfix) with ESMTPS id 9055FBAD1D for
# <abuse@erratasec.com>; Sat, 12 Oct 2013 16:55:32 +0200 (CEST)
#Received: from rumba.agouros.de (localhost [127.0.0.1]) by rumba.agouros.de
# (Postfix) with ESMTP id 7B5DD206099 for <abuse@erratasec.com>; Sat, 12 Oct
# 2013 16:55:32 +0200 (CEST)
#Received: from localhost.localdomain (localhost [127.0.0.1]) by
# rumba.agouros.de (Postfix) with ESMTP id 5FBC420601D for
# <abuse@erratasec.com>; Sat, 12 Oct 2013 16:55:32 +0200 (CEST)
#To: <abuse@erratasec.com>
#Subject: Loginattempts from Your net
#Message-ID: <20131012145532.5FBC420601D@rumba.agouros.de>
#Date: Sat, 12 Oct 2013 16:55:32 +0200
#From: <elwood@agouros.de>
#
#The address 209.126.230.72 from Your network tried to log in to
#our network using Port 22 (1)/tcp. Below You will find a listing of the dates and
#times the incidents occured as well as the attacked IP-Addresses.
#This is a matter of concern for us and continued tries might result in
#legal action. If the machine was victim to a hack take it offline, repair
#the damage and use better protection next time.
#The times included are in Central European (Summer) Time.
#Date Sourceip port destips
#
#07.10.2013 22:34:40 CEST 209.126.230.72 22 194.77.40.242 (1)
#08.10.2013 01:44:15 CEST 209.126.230.72 22 194.77.40.246 (1)
#
#Regards,
#Konstantin Agouros
194.77.40.242
194.77.40.246
#Received: from [165.160.9.58] (HELO mx2.cscinfo.com)
#X-Virus-Scanned: amavisd-new at cscinfo.com
#Received: from mx2.cscinfo.com ([127.0.0.1]) by localhost
# (plmail02.wil.csc.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id
# GGQ7EiQaK2P0 for <protodev@erratasec.com>; Wed, 30 Oct 2013 09:26:00 -0400
# (EDT)
#Received: from casarray.cscinfo.com (pwmailch02.cscinfo.com [172.20.53.94]) by
# mx2.cscinfo.com (Postfix) with ESMTPS id 4BA5E58170 for
# <protodev@erratasec.com>; Wed, 30 Oct 2013 09:26:00 -0400 (EDT)
#Received: from PWMAILM02.cscinfo.com ([169.254.7.52]) by
# PWMAILCH02.cscinfo.com ([172.20.53.94]) with mapi id 14.02.0247.003; Wed, 30
# Oct 2013 09:26:00 -0400
#From: "Derksen, Bill" <bderksen@cscinfo.com>
#Subject: Unauthorized Scanning
#Date: Wed, 30 Oct 2013 13:25:59 +0000
#Message-ID: <1F80316A0C861F40A9A88F18465F138E01EF885F@PWMAILM02.cscinfo.com>
#x-originating-ip: [172.31.252.72]
#
#We have detected unauthorized activity from your systems on our public netw=
#ork. Please suspend scanning of our networks immediately.
#
#Our network block is 165.160/16
#
#Further scanning will result in reports of unauthorized activity being file=
#d with law enforcement agencies.
#
#Corporation Service Company
#
#
#
#________________________________
#
#NOTICE: This e-mail and any attachments is intended only for use by the add=
#ressee(s) named herein and may contain legally privileged, proprietary or c=
#onfidential information. If you are not the intended recipient of this e-ma=
#il, you are hereby notified that any dissemination, distribution or copying=
# of this email, and any attachments thereto, is strictly prohibited. If you=
# receive this email in error please immediately notify me via reply email o=
#r at (800) 927-9800 and permanently delete the original copy and any copy o=
#f any e-mail, and any printout.
165.160.0.0/16
#******************************
#Greetings from the IT Security Team at Utah State University.
#
#We have detected network activity that might be suspicious or
#malicious. We think it might be sourced from your network. We
#include IP Addresses as well as description, log snippets, and
#other useful information.
#
#Please review this information or forward to the responsible person.
129.123.0.0/16
144.39.0.0/16
204.113.91.0/24
#On Friday, November 17th 2017 starting at 03:39 EST (UTC-5:00), part of the
#Physics Network at McGill University (132.206.9.0/24, 132.206.123.0/24
#and/or 132.206.125.0/24) was scanned from xxx.xxx.xxx.xxx (see syslog
#snippet below). The scan targetted the domain service (port 53/udp). We
#consider this scan to be an attempt to unlawfully access or abuse our
#network (intentionally or as a result of virus or worm activity).
132.206.9.0/24
132.206.123.0/24
132.206.125.0/24
#
# Add DOD + US Military, often not a great idea to scan military ranges.
# If you desire, you can comment these ranges out.
#
6.0.0.0/8
7.0.0.0/8
11.0.0.0/8
21.0.0.0/8
22.0.0.0/8
26.0.0.0/8
28.0.0.0/8
29.0.0.0/8
30.0.0.0/8
33.0.0.0/8
55.0.0.0/8
205.0.0.0/8
214.0.0.0/8
215.0.0.0/8
#******************************
#Janet is a UK research and education network!
#Please DO NOT scan, you been warned!
31.25.0.0/23
31.25.2.0/23
31.25.4.0/22
37.72.112.0/21
46.254.200.0/21
81.87.0.0/16
85.12.64.0/18
89.207.208.0/21
92.245.224.0/19
128.16.0.0/16
128.40.0.0/16
128.41.0.0/18
128.86.0.0/16
128.232.0.0/16
128.240.0.0/16
128.243.0.0/16
129.11.0.0/16
129.12.0.0/16
129.31.0.0/16
129.67.0.0/16
129.169.0.0/16
129.215.0.0/16
129.234.0.0/16
130.88.0.0/16
130.159.0.0/16
130.209.0.0/16
130.246.0.0/16
131.111.0.0/16
131.227.0.0/16
131.231.0.0/16
131.251.0.0/16
134.36.0.0/16
134.83.0.0/16
134.151.0.0/16
134.219.0.0/16
134.220.0.0/16
134.225.0.0/16
136.148.0.0/16
136.156.0.0/16
137.44.0.0/16
137.50.0.0/16
137.73.0.0/16
137.108.0.0/16
137.195.0.0/16
137.222.0.0/16
137.253.0.0/16
138.38.0.0/16
138.40.0.0/16
138.250.0.0/15
138.253.0.0/16
139.133.0.0/16
139.153.0.0/16
139.166.0.0/16
139.184.0.0/16
139.222.0.0/16
140.97.0.0/16
141.163.0.0/16
141.170.64.0/19
141.170.96.0/22
141.170.100.0/23
141.241.0.0/16
143.52.0.0/15
143.117.0.0/16
143.167.0.0/16
143.210.0.0/16
143.234.0.0/16
144.32.0.0/16
144.82.0.0/16
144.124.0.0/16
144.173.0.0/16
146.87.0.0/16
146.97.0.0/16
146.169.0.0/16
146.176.0.0/16
146.179.0.0/16
146.191.0.0/16
146.227.0.0/16
147.143.0.0/16
147.188.0.0/16
147.197.0.0/16
148.79.0.0/16
148.88.0.0/16
148.197.0.0/16
149.155.0.0/16
149.170.0.0/16
150.204.0.0/16
152.71.0.0/16
152.78.0.0/16
152.105.0.0/16
155.198.0.0/16
155.245.0.0/16
157.140.0.0/16
157.228.0.0/16
158.94.0.0/16
158.125.0.0/16
158.143.0.0/16
158.223.0.0/16
159.86.128.0/18
159.92.0.0/16
160.5.0.0/16
160.9.0.0/16
161.73.0.0/16
161.74.0.0/16
161.76.0.0/16
161.112.0.0/16
163.1.0.0/16
163.119.0.0/16
163.160.0.0/16
163.167.0.0/16
164.11.0.0/16
185.83.168.0/22
192.12.72.0/24
192.18.195.0/24
192.35.172.0/24
192.41.104.0/21
192.41.112.0/20
192.41.128.0/22
192.68.153.0/24
192.76.6.0/23
192.76.8.0/21
192.76.16.0/20
192.76.32.0/22
192.82.153.0/24
192.84.5.0/24
192.84.75.0/24
192.84.76.0/22
192.84.80.0/22
192.84.212.0/24
192.88.9.0/24
192.88.10.0/24
192.94.235.0/24
192.100.78.0/24
192.100.154.0/24
192.107.168.0/24
192.108.120.0/24
192.124.46.0/24
192.133.244.0/24
192.149.111.0/24
192.150.180.0/22
192.150.184.0/24
192.153.213.0/24
192.156.162.0/24
192.160.194.0/24
192.171.128.0/18
192.171.192.0/21
192.173.1.0/24
192.173.2.0/23
192.173.4.0/24
192.173.128.0/21
192.188.157.0/24
192.188.158.0/24
192.190.201.0/24
192.190.202.0/24
192.195.42.0/23
192.195.105.0/24
192.195.116.0/23
192.195.118.0/24
193.32.22.0/24
193.37.225.0/24
193.37.240.0/21
193.38.143.0/24
193.39.80.0/21
193.39.172.0/22
193.39.212.0/24
193.60.0.0/14
193.107.116.0/22
193.130.15.0/24
193.133.28.0/23
193.138.86.0/24
194.32.32.0/20
194.35.93.0/24
194.35.186.0/24
194.35.192.0/19
194.35.241.0/24
194.36.1.0/24
194.36.2.0/23
194.36.121.0/24
194.36.152.0/21
194.60.218.0/24
194.66.0.0/16
194.80.0.0/14
194.187.32.0/22
195.194.0.0/15
212.121.0.0/19
212.121.192.0/19
212.219.0.0/16
================================================
FILE: debian/.gitignore
================================================
files
masscan
masscan.debhelper.log
masscan.substvars
================================================
FILE: debian/README.Debian
================================================
masscan for Debian
------------------
Initial debianisation
-- Vladimir Vitkov <vvitkov@sdl.com> Fri, 24 Jan 2014 11:03:38 +0200
================================================
FILE: debian/changelog
================================================
masscan (1.0.3-46+gbbadb7b-1) precise; urgency=low
* Rebuild from current git
* Use propper git hash versioning
-- Vladimir Vitkov (Packaging Key) <vvitkov@sdl.com> Tue, 10 Jun 2014 12:11:04 +0300
masscan (1.0.1+git20140124-1) unstable; urgency=low
* Rebuild from current git
-- Vladimir Vitkov <vvitkov@sdl.com> Fri, 24 Jan 2014 14:37:30 +0200
masscan (1.0.1+git20140106-1) unstable; urgency=low
* Initial release
-- Vladimir Vitkov <vvitkov@sdl.com> Fri, 24 Jan 2014 11:03:38 +0200
================================================
FILE: debian/compat
================================================
8
================================================
FILE: debian/control
================================================
Source: masscan
Section: net
Priority: extra
Maintainer: Vladimir Vitkov <vvitkov@sdl.com>
Build-Depends: debhelper (>= 8.0.0), libpcap-dev
Standards-Version: 3.9.3
Homepage: https://github.com/robertdavidgraham/masscan
#Vcs-Git: https://github.com/robertdavidgraham/masscan.git
#Vcs-Browser: http://git.debian.org/?p=collab-maint/masscan.git;a=summary
Package: masscan
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Mass IP port scanner
This is the fastest Internet port scanner. It can scan the
entire Internet in under 6 minutes, transmitting 10 million
packets per second.
.
It produces results similar to nmap, the most famous port
scanner. Internally, it operates more like scanrand,
unicornscan, and ZMap, using asynchronous transmission.
The major difference is that it's faster than these other
scanners. In addition, it's more flexible, allowing
arbitrary address ranges and port ranges.
================================================
FILE: debian/copyright
================================================
Format: http://dep.debian.net/deps/dep5
Upstream-Name: masscan
Source: https://github.com/robertdavidgraham/masscan
Files: *
Copyright: 2013 Robert David Graham <robert_david_graham@yahoo.com>
License: AGPL
This program, "masscan", is not completely free software. It may not be
used by the United States Department of Defense (DoD) or National Security
Agency (NSA), or by agents acting on their behalf, such as contractors,
sub-contractors, and so on. These entitities must contact me to acquire
a different license.
.
Barring the above exception, you can use, redistribute, and/or modify
this code under the terms of the GNU Affero General Public License
version 3.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Files: debian/*
Copyright: 2014 Vladimir Vitkov <vvitkov@sdl.com>
License: GPL-3.0+
License: GPL-3.0+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
================================================
FILE: debian/masscan.dirs
================================================
usr/bin
================================================
FILE: debian/masscan.docs
================================================
README.md
VULNINFO.md
doc/algorithm.js
doc/bot.html
================================================
FILE: debian/masscan.install
================================================
bin/masscan usr/bin/
================================================
FILE: debian/masscan.manpages
================================================
doc/masscan.8
================================================
FILE: debian/rules
================================================
#!/usr/bin/make -f
# -*- makefile -*-
# Sample debian/rules that uses debhelper.
# This file was originally written by Joey Hess and Craig Small.
# As a special exception, when this file is copied by dh-make into a
# dh-make output file, you may use that output file without restriction.
# This special exception was added by Craig Small in version 0.37 of dh-make.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
%:
dh $@
override_dh_auto_test:
$(MAKE) regress
================================================
FILE: debian/source/format
================================================
3.0 (quilt)
================================================
FILE: debian/watch
================================================
version=3
# use the github release pages
https://github.com/robertdavidgraham/masscan/releases .*/(\d\S*)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
================================================
FILE: doc/algorithm.js
================================================
/*
This is an implementation of the core Masscan scanning algorithm
in JavaScript/NodeJS. The core scanning algorithm is what makes
Masscan unique from other scanners, so it's worth highlighting
separately in a sample program.
REVIEW OF SCANNERS
The most famous port-scanner is "nmap". However, it is a
"host-at-a-time" scanner, and struggles at scanning large networks.
Masscan is an asynchronous, probe-at-a-time scanner. It spews out
probes to different ports, without caring if two probes happen to
be send to the same host. If the user wants a list of all ports
open on a single host, they have to post-process the masscan output
themselves, because masscan doesn't do it.
There are other asynchronous port-scanners, like scanrand, unicornscan,
and zmap. However, they have limitations in the way they do randomization
of their scans. They have limitations on the ranges of addresses and
ports that they'll accept, try to store an individual memory record
for everything scanned, or only partly randomize their scans.
THE WAY MASSCAN WORKS
Masscan first stores the targets as a "list of ranges". IP address
ranges are stored in one structure, and port ranges are stored
in another structure.
Then, a single index variable is used to enumerate the set of all
IP:port combinations. The scan works by simply incrementing the
index variable from 0 to the total number of probes (the 'range').
Then, before the enumeration step, the index is permuted into another
random index within the same range, in a 1-to-1 mapping. In other
words, the algorithm is theoretically reversable: given the output
of the permutation function, we can obtain the original index.
EXAMPLE
This program can be run like the following:
node patent.js 10.0.0.0-10.0.0.5 192.168.0.0/31 80,U:161
10.0.0.0-10.0.0.5
192.168.0.0-192.168.0.1
0.0.0.80-0.0.0.80
0.1.0.161-0.1.0.161
--> 10.0.0.4 udp:161
--> 10.0.0.0 udp:161
--> 10.0.0.1 udp:161
--> 10.0.0.4 tcp:80
--> 192.168.0.1 tcp:80
--> 10.0.0.0 tcp:80
--> 10.0.0.2 udp:161
--> 10.0.0.5 udp:161
--> 192.168.0.0 tcp:80
--> 192.168.0.0 udp:161
--> 10.0.0.1 tcp:80
--> 10.0.0.3 udp:161
--> 10.0.0.2 tcp:80
--> 10.0.0.5 tcp:80
--> 192.168.0.1 udp:161
--> 10.0.0.3 tcp:80
What you see first is the target ranges being echoed back that it scans,
first the IP address ranges, followed by the port ranges. The port ranges
are in weird decimal-dot notation because they share the same code
as for IPv4 addresses.
Then we see the randomized output, where individual probes are sent to a
random IP address and port.
TransmitThread
All the majic happens in the "TransmitThread()" function near the bottom
of this file.
We first see how the index variable 'i' is incremented from 0 to the
total number of packets that will be sent. We then see how first this
index is permuted to 'xXx', then this variable is separated into
one index for the IP address and another index for the port. Then,
those indexes are used to enumerate one of the IP addresses and
one of the ports.
Blackrock
This is the permutation function. It implements an encryption algorithm
based on DES (Data Encryption Standard). However, the use of real DES
would impose a restricting on the range that it be an even power of 2.
In the above example, with 14 total probes, this doesn't apply.
Therefore, we have to change binary operators like XOR with their
non-binary equivelents.
The upshot is that we first initialize Blackrock with the range (and
a seed/key), and then shuffle the index. The process is stateless,
meaning that any time we shuffle the number '5' we always get the
same result, regardless of what has happened before.
Targets, RangeList, Range
A Range is just a begin/end of an integer. We use this both for
IPv4 addresses (which are just 32-bit integers) and ports
(which are 16 bit integers).
A RangeList is just an array of Ranges. In Masscan, this object
sorts and combines ranges, making sure there are no duplicates,
but that isn't used in this example.
The RangeList object shows how an index can enumerate the
individual addresses/ports. This is down by walking the list
and subtracting from the index the size of each range, until
we reach a range that is larger than the index.
The Targets object just holds both the IP and port lists.
*/
function Range(begin, end) {
if (typeof begin == 'undefined' && typeof end == 'undefined') {
this.begin = 0xFFFFFFFF;
this.end = 0;
} else if (typeof end == 'undefined') {
this.begin = begin;
this.end = begin;
} else {
this.begin = begin;
this.end = end;
}
this.toString = function () {
return ((this.begin >> 24) & 0xFF)
+ "." + ((this.begin >> 16) & 0xFF)
+ "." + ((this.begin >> 8) & 0xFF)
+ "." + ((this.begin >> 0) & 0xFF)
+ "-" + ((this.end >> 24) & 0xFF)
+ "." + ((this.end >> 16) & 0xFF)
+ "." + ((this.end >> 8) & 0xFF)
+ "." + ((this.end >> 0) & 0xFF);
}
this.count = function () {
return this.end - this.begin + 1;
}
this.pick = function (index) {
return this.begin + index;
}
return this;
}
function RangeList() {
this.list = [];
this.total_count = 0;
this.push = function (range) {
this.list.push(range);
this.total_count += range.count();
}
this.count = function () {
return this.total_count;
}
this.pick = function (index) {
for (var i in this.list) {
var item = this.list[i];
if (index < item.count())
return item.pick(index);
else
index -= item.count();
}
return null;
}
}
function Targets() {
this.ports = new RangeList();
this.ips = new RangeList();
this.parse_ip = function (text) {
var x = text.split(".");
var result = 0;
result |= parseInt(x[0]) << 24;
result |= parseInt(x[1]) << 16;
result |= parseInt(x[2]) << 8;
result |= parseInt(x[3]) << 0;
return result;
}
this.parse_ports = function (arg) {
var offset = 0;
if (arg.indexOf(":") !== -1) {
var x = arg.split(":");
if (x[0] == "U")
offset = 65536;
else if (x[0] == "S")
offset = 65536 * 2;
arg = x[1];
}
var target;
if (arg.indexOf("-") !== -1) {
var x = arg.split("-");
target = new Range(parseInt(x[0]), parseInt(x[1]));
} else
target = new Range(parseInt(arg));
target.begin += offset;
target.end += offset;
this.ports.push(target);
}
this.parse_args = function (argv) {
for (var i in argv) {
var arg = argv[i];
if (arg.indexOf(",") !== -1) {
var x = arg.split(",");
for (var j in x)
this.parse_ports(x[j]);
} else if (arg.indexOf("/") !== -1) {
var x = arg.split("/");
var address = this.parse_ip(x[0]);
var prefix = parseInt(x[1]);
var mask = 0xFFFFFFFF << (32 - prefix);
address = address & mask;
var target = new Range(address, address | ~mask);
this.ips.push(target);
} else if (arg.indexOf("-") !== -1) {
var x = arg.split("-");
var begin = this.parse_ip(x[0]);
var end = this.parse_ip(x[1]);
var target = new Range(begin, end);
this.ips.push(target);
} else if (arg.indexOf(".") !== -1) {
var target = new Range(this.parse_ip(arg));
this.ips.push(target);
} else {
this.parse_ports(arg);
}
}
}
this.print = function () {
var i;
for (i in this.ips.list) {
console.log(this.ips.list[i].toString());
}
for (i in this.ports.list) {
console.log(this.ports.list[i].toString());
}
}
return this;
}
function Blackrock(range, seed) {
var split = Math.floor(Math.sqrt(range * 1.0));
this.rounds = 3;
this.seed = seed;
this.range = range;
this.a = split - 1;
this.b = split + 1;
while (this.a * this.b <= range)
this.b++;
/** Inner permutation function */
this.F = function (j, R, seed) {
var primes = [961752031, 982324657, 15485843, 961752031];
R = ((R << (R & 0x4)) + R + seed);
return Math.abs((((primes[j] * R + 25) ^ R) + j));
}
/** Outer feistal construction */
this.fe = function (r, a, b, m, seed) {
var L, R;
var j;
var tmp;
L = m % a;
R = Math.floor(m / a);
for (j = 1; j <= r; j++) {
if (j & 1) {
tmp = (L + this.F(j, R, seed)) % a;
} else {
tmp = (L + this.F(j, R, seed)) % b;
}
L = R;
R = tmp;
}
if (r & 1) {
return a * L + R;
} else {
return a * R + L;
}
}
/** Outer reverse feistal construction */
this.unfe = function (r, a, b, m, seed) {
var L, R;
var j;
var tmp;
if (r & 1) {
R = m % a;
L = Math.floor(m / a);
} else {
L = m % a;
R = Math.floor(m / a);
}
for (j = r; j >= 1; j--) {
if (j & 1) {
tmp = this.F(j, L, seed);
if (tmp > R) {
tmp = (tmp - R);
tmp = a - (tmp % a);
if (tmp == a)
tmp = 0;
} else {
tmp = (R - tmp);
tmp %= a;
}
} else {
tmp = this.F(j, L, seed);
if (tmp > R) {
tmp = (tmp - R);
tmp = b - (tmp % b);
if (tmp == b)
tmp = 0;
} else {
tmp = (R - tmp);
tmp %= b;
}
}
R = L;
L = tmp;
}
return a * R + L;
}
this.shuffle = function (m) {
var c;
c = this.fe(this.rounds, this.a, this.b, m, this.seed);
while (c >= this.range)
c = this.fe(this.rounds, this.a, this.b, c, this.seed);
return c;
}
this.unshuffle = function (m) {
var c;
c = unfe(this.rounds, this.a, this.b, m, this.seed);
while (c >= this.range)
c = unfe(this.rounds, this.a, this.b, c, this.seed);
return c;
}
return this;
}
function TransmitThread(targets, transmit, seed) {
var range = targets.ips.count() * targets.ports.count();
var b = Blackrock(range, seed);
for (var i = 0; i < range; i++) {
var xXx = b.shuffle(i);
var ip_index = Math.floor(xXx / targets.ports.count());
var port_index = Math.floor(xXx % targets.ports.count());
var ip = targets.ips.pick(ip_index);
var port = targets.ports.pick(port_index);
transmit(ip, port);
}
}
function Transmit2Thread(targets, transmit, seed, start, stop, increment) {
var range = targets.ips.count() * targets.ports.count();
var b = Blackrock(range, seed);
for (var i = start; i < range && i < stop; i += increment) {
var xXx = b.shuffle(i);
var ip_index = Math.floor(xXx / targets.ports.count());
var port_index = Math.floor(xXx % targets.ports.count());
var ip = targets.ips.pick(ip_index);
var port = targets.ports.pick(port_index);
transmit(ip, port);
}
}
function transmit(ip, port) {
var proto = "tcp";
if (port > 65536 * 2) {
proto = "sctp";
port -= 65536 * 2;
} else if (port > 65536) {
proto = "udp";
port -= 65536;
}
var ipstring = ((ip >> 24) & 0xFF)
+ "." + ((ip >> 16) & 0xFF)
+ "." + ((ip >> 8) & 0xFF)
+ "." + ((ip >> 0) & 0xFF)
console.log("--> " + ipstring + " " + proto + ":" + port);
}
var targets = new Targets();
targets.parse_args(process.argv.splice(2));
targets.print();
TransmitThread(targets, transmit, 42);
================================================
FILE: doc/bot.html
================================================
<html>
<head>
<title>Masscan/1.0 - fast port scanner</title>
</head>
<body>
<h1>Masscan/1.0 - fast port scanner</h1>
<p>This tool is not a web spider, but a port scanner. It'll make only one request to a website, usually for the root / webpage. It then records the <b>Server:</b> field from the HTTP header, the <b><title></b> from the page contents, and possibly a few other interesting fields.</p>
<p>This does not follow links, it doesn't scan your web pages, but the ports on your machine.</p>
<p>The source code for this tool is at <a href="https://github.com/robertdavidgraham/masscan/">https://github.com/robertdavidgraham/masscan/</a>. This is an open source project, so that this means it's not me (Robert Graham) who is using this tool to scan your website, but likely somebody else. I can't speak for their intentions, but this tool is more useful at doing surveys of the Internet than trying to hack in (tools like 'nmap' or 'nessus' are more often used for that).</p>
</body>
</html>
================================================
FILE: doc/faq/FAQ0001-slow.md
================================================
# Why is it not as fast as I expect?
## Question
Why is scanning speed only around 100,000 packets-per-second instead of a million packets-per-second?
## Answer
I don't know.
If you have the latest Linux distro on the latest hardware, you can sometime
see scanning speeds of 1 million packets-per-second, even when virtualized.
However, sometimes you also see only 100,000 packets-per-second.
I've spent a lot of time trying to diagnose this situation and cannot
figure out what's going on. The box I use in a colo does 500,000 packets-per-second.
A relatively slow machine in my home lab does 1.2 million packets-per-second.
The speed is determined by the operating system. The amount of CPU used by `masscan`
itself is insignificant.
My theory is various configuration options within the operating system that can make
packet transmission very slow. Simple features that would not otherwise impact network
stacks that run at lower rates become really important at high rates.
One way around this is to install `PF_RING` and dedicate a network adapter to packet
transmission completely bypassing the operating system. In that case, packet transmission
rates can reach 15 million packets-per-second.
================================================
FILE: doc/faq/FAQ0002-drops.md
================================================
# Why are many results missing that I expect?
# Question
When I do a scan, results are missing that I know are there.
They show up when I repeat the scan, but then others are missing.
The faster I scan, the more results are missing.
# Answer
Network infrastructure does not like high rates of small packets.
Even though they can handle high **bit-rates** then cannot handle
high **packet-rates**.
This is what makes `masscan` so unique. It transmits packets at rates
far higher than other things can cope with. It often crashes networks.
Therefore, the faster you transmit packets, the more it overloads network
equipment, causing the packets to be dropped, causing probes to fail.
As the issue #546 below indicates, they are experiencing this at very low
rates of less than 10,000 packets-per-second. That seems excessively low.
I assume the actual reason is because of policy enforcement limiting traffic
rates rather than overloading network equipment.
# Issues
- [#546 fast scan get result](https://github.com/robertdavidgraham/masscan/issues/546)
================================================
FILE: doc/faq/FAQ0003-excludelist.md
================================================
# How can I add my IP address to an exclude list so that people stop scanning me?
# Question
I hate everyone probing me all the time and want them to stop.
How can I add my IP address ranges to an exclude list?
# Answer
You can't.
First of all, nobody is going to pay attention to a sample exclude list
within this project. Sure, I can add IP addresses to the list, but that
won't help you.
Second, there's no way I can confirm who you are. So I can't simply
add to an exclude list just because you ask.
Thirdly, it'll just make you more of a target, as smart hackers know to
use the exclude-list as one of their first include-lists, as it marks
people who have something to hide.
Fourthly, and most importantly, it's Wrong Think on how to manage your
network.
================================================
FILE: doc/faq/FAQ0004-serverlogs.md
================================================
# Why is masscan in my server logs?
## Question
Some example questions:
* Why is `masscan` appearing in my server logs?
* Why are you scanning me?
* Why is my server trying to connect to this github repo?
## Answer
When `masscan` connections to a webserver, it puts a link
back to this repo in the `User-Agent` field.
Since lots of people run Internet-wide scans using this tool,
and an Internet wide scan hits every public web server, you'll
see this appear in your web server logs several times a day.
It's the **end-to-end** principle of the Internet. Having a public
webserver on the Internet means that anybody can and will try to
connect to the web server.
It's nothing necessarily malicious. Lots of people run Internet-wide
scans to gather information about the state of the Internet. Of course,
some are indeed malicious, scanning to find vulnerabilities. However,
even when malicious, they probably aren't targetting you in particular,
but are instead scanning everybody.
================================================
FILE: doc/faq/README.md
================================================
# FAQs (frequently asked questions)
This directory contains some documents discussing frequently asked
questions
- 1 - [Why is it not as fast as I expect?](FAQ0001-slow.md)
- 2 - [Why are many results missing that I expect?](FAQ0002-drops.md)
- 3 - [How can I add my IPs to an official exclude list, to get people to stop scanning me?](FAQ0003-excludelist.md)
- 4 - [Why is this in my server logs?](FAQ0004-serverlogs.md)
================================================
FILE: doc/howto-afl.md
================================================
Using afl fuzzer against masscan
================================
AFL (American-Fuzzy-Lop) is an automated *fuzzer*. It takes existing
input to a program, then morphs that input in order to test new
code paths through the code. It's extremely successful at finding
bugs as well as *vulnerabilities*.
There are two inputs to *masscan*. One is the files it reads, which
come in various formats. The second is input from the network, in
response to network probes, which consist of various network protocols.
For AFL, there is also the issue of how *masscan* crashes. It tries to
print a backtrace. This causes AFL to falsely mark this as a "hang"
rather than a "crash". To fix this, run *masscan* with the *--nobacktrace*
option.
## Fuzzing file formats ##
The *masscan* program reads the following files. You can set the fuzzer
at each one of these to fuzz how it parses the contents.
*-c <filename.conf>*
*Masscan* can read its configuration either from the command-line or from a file.
To create a file, run *masscan* as normal, then hit <ctrl-c>. This will save all
it's settings, even default values, into a file. It's a good starting point for
fuzzing.
*--readscan <filename.mass>*
One of the possible outputs of *masscan* is in a proprietary binary format. You
can then run *masscan* to convert to any other output format.
In other words, you can run masscan to output XML like:
masscan <blah blah blah> -oX scan.xml
Or, in a two step process:
masscan <blah blah blah> -ob scan.mass
masscan --readscan scan.mass -oX scan.xml
*--exclude-file <filename.ranges>*
*Masscan* can scan large ragnes, like *0.0.0.0/0* (the entire Internet). You may
want to exclude specific addresses or ranges. These are configured in the
"exclude file".
You can also read ranges using *--include-file <filename.ranges>* or
*-iL <filename.ranges>*, but as far as fuzzing, I'm pretty sure it'll
be the same results.
*--hello-file[<port>] <filename>*
This file is read, then dumped blindly across a TCP connection, in order
to say "hello" to a service. Since there's no parsing here, I'm not sure
you'll find anything fuzzing this.
*--nmap-payloads <filename>*
This file specifies the default payloads for UDP. It's in the same file
format as for *nmap*. There's some juicy parsing here that may lead
to bugs.
*--pcap-payloads <filename.pcap>*
This is the same as *--nmap-payloads*, but reads the UDP payloads from
a *libpcap* file.
## Fuzzing network protocols ##
*Masscan* parses several network protocols. It also must reassemble
fragmented responses over TCP for any application protocol. Remember:
*masscan* has it's own stack, so must parse everything that comes
over the network.
AFL has no ability to read from the network at this time. Moreover,
even then it wouldn't work easily, since *masscan* has a network stack
rather than just an application layer to deal with.
The trick is to first use *masscan* on a target that responds back
on a protocol, then save just the response side of the TCP connection
to a file. Then, when running *masscan* under AFL, read in that file
using the option *--adapter file:<filename.pcap>*. Then, and this is
critical, you must hard code all the TCP stack values to match those
of the original connection.
I generated the file *masscan/data/afl-http.pcap* as an example file
to read for fuzzing the parsing of HTTP. The command-line parameters
to use are:
bin/masscan --nobacktrace --adapter file:data/afl-http.pcap --source-ip 10.20.30.200 --source-port 6000 --source-mac 00-11-22-33-44-55 --router-mac c0-c1-c0-a0-9b-9d --seed 0 --banners -p80 74.125.196.147 --nostatus
The explanation are:
*--nobacktrace*: so that AFL correctly marks crashes as crashes
and not as hangs.
*--adapter file:*: This option normally specifies the adapter,
like *eth0* or *en1*. By putting the *file:* prefix on an adapter name,
it'll use a file (in *libpcap* format) to use instead. In this case,
transmits are dropped, and any packets are read from a file.
*--source-ip*, *--source-port*, *--source-mac*, *--router-mac*:
These are the hard-coded TCP/IP stack settings that must match the packets
in the file.
*--seed*: This must match the randomization seed in the packet file. Since
everything else is hardcoded, I think the only thing this will control
will be the sequence number of the TCP connection.
*--banners*: this tell the scanner to not simply find open ports, but also
establish a TCP connection and interact with the protocol, and report on
the results.
*-p<port>*: The destination IP address to connect to.
*<ip-address>*: The IP address to connect to
This should produce an output like the following. If you get the
banner back, then you know you've successfully done everything
correctly. Conversely, if you set *--seed 1*, then it won't work,
because it'll reject responses that match the wrong seed.
Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2016-06-06 05:19:03 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [1 port/host]
Discovered open port 80/tcp on 74.125.196.147
Banner on port 80/tcp on 74.125.196.147: [title] Google
Banner on port 80/tcp on 74.125.196.147: [http] HTTP/1.0 200 OK\x0d\x0a...
...
(Additional output is truncated -- you get the idea).
The problem with this is that *masscan* will take about 10 seconds before it
produces the results. When it establishes a connection, it waits a few seconds
for the other side to transmit, then sends it's "hello", then waits many
seconds for all output to be received. I don't know if this messes AFL up,
whether I need to add additional options to truncate any waiting.
================================================
FILE: doc/masscan.8
================================================
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "MASSCAN" "8" "January 2014" "" ""
.
.SH "NAME"
\fBmasscan\fR \- Fast scan of the Internet
.
.SH "SYNOPSIS"
masscan [\fIoptions\fR] [<IP|RANGE>... \-p \fIPORT\fR[,\fIPORT\fR...]]
.
.SH "DESCRIPTION"
\fBmasscan\fR is an Internet\-scale port scanner, useful for large scale surveys of the Internet, or of internal networks\. While the default transmit rate is only 100 packets/second, it can optional go as fast as 25 million packets/second, a rate sufficient to scan the Internet in 3 minutes for one port\.
.
.SH "OPTIONS"
.
.IP "\(bu" 4
\fB<IP|RANGE>\fR: anything on the command\-line not prefixed with a \'\-\' is assumed to be an IP address or range\. There are three valid formats\. The first is a single IPv4 address like "192\.168\.0\.1"\. The second is a range like "10\.0\.0\.1\-10\.0\.0\.100"\. The third is a CIDR address, like "0\.0\.0\.0/0"\. At least one target must be specified\. Multiple targets can be specified\. This can be specified as multiple options separated by space, or can be separated by a comma as a single option, such as \fB10\.0\.0\.0/8,192\.168\.0\.1\fR\.
.
.IP "\(bu" 4
\fB\-\-range <IP|RANGE>\fR: the same as target range spec described above, except as a named parameter instead of an unnamed one\.
.
.IP "\(bu" 4
\fB\-p PORT[,PORT...]\fR, \fB\-\-ports PORT[,PORT...]\fR: specifies the port(s) to be scanned\. A single port can be specified, like \fB\-p80\fR\. A range of ports can be specified, like \fB\-p 20\-25\fR\. A list of ports/ranges can be specified, like \fB\-p80,20\-25\fR\. UDP ports can also be specified, like \fB\-\-ports U:161,U:1024\-1100\fR\.
.
.IP "\(bu" 4
\fB\-\-banners\fR: specifies that banners should be grabbed, like HTTP server versions, HTML title fields, and so forth\. Only a few protocols are supported\.
.
.IP "\(bu" 4
\fB\-\-rate RATE\fR: specifies the desired rate for transmitting packets\. This can be very small numbers, like \fB0\.1\fR for transmitting packets at rates of one every 10 seconds, for very large numbers like 10000000, which attempts to transmit at 10 million packets/second\. In my experience, Windows and can do 250 thousand packets per second, and latest versions of Linux can do 2\.5 million packets per second\. The PF_RING driver is needed to get to 25 million packets/second\.
.
.IP "\(bu" 4
\fB\-c FILE\fR, \fB\-\-conf FILE\fR: reads in a configuration file\. The format of the configuration file is described below\.
.
.IP "\(bu" 4
\fB\-\-resume FILE\fR: the same as \fB\-\-conf\fR, except that a few options are automatically set, such as \fB\-\-append\-output\fR\. The format of the configuration file is described below\.
.
.IP "\(bu" 4
\fB\-\-echo\fR: don\'t run, but instead dump the current configuration to a file\. This file can then be used with the \fB\-c\fR option\. The format of this output is described below under \'CONFIGURATION FILE\'\.
.
.IP "\(bu" 4
\fB\-e IFNAME\fR, \fB\-\-adapter IFNAME\fR: use the named raw network interface, such as "eth0" or "dna1"\. If not specified, the first network interface found with a default gateway will be used\.
.
.IP "\(bu" 4
\fB\-\-adapter\-ip IP\fR: send packets using this IP address\. If not specified, then the first IP address bound to the network interface will be used\. Instead of a single IP address, a range may be specified\. NOTE: The size of the range must be an even power of 2, such as 1, 2, 4, 8, 16, 1024 etc\. addresses\.
.
.IP "\(bu" 4
\fB\-\-adapter\-port PORT\fR: send packets using this port number as the source\. If not specified, a random port will be chosen in the range 40000 through 60000\. This port should be filtered by the host firewall (like iptables) to prevent the host network stack from interfering with arriving packets\. Instead of a single port, a range can be specified, like \fB40000\-40003\fR\. NOTE: The size of the range must be an even power of 2, such as the example above that has a total of 4 addresses\.
.
.IP "\(bu" 4
\fB\-\-adapter\-mac MAC\fR: send packets using this as the source MAC address\. If not specified, then the first MAC address bound to the network interface will be used\.
.
.IP "\(bu" 4
\fB\-\-router\-mac MAC\fR: send packets to this MAC address as the destination\. If not specified, then the gateway address of the network interface will be ARPed\.
.
.IP "\(bu" 4
\fB\-\-ping\fR: indicates that the scan should include an ICMP echo request\. This may be included with TCP and UDP scanning\.
.
.IP "\(bu" 4
\fB\-\-exclude <IP|RANGE>\fR: blacklist an IP address or range, preventing it from being scanned\. This overrides any target specification, guaranteeing that this address/range won\'t be scanned\. This has the same format as the normal target specification\.
.
.IP "\(bu" 4
\fB\-\-excludefile FILE\fR: reads in a list of exclude ranges, in the same target format described above\. These ranges override any targets, preventing them from being scanned\.
.
.IP "\(bu" 4
\fB\-\-append\-output\fR: causes output to append to the file, rather than overwriting the file\.
.
.IP "\(bu" 4
\fB\-\-iflist\fR: list the available network interfaces, and then exits\.
.
.IP "\(bu" 4
\fB\-\-retries NUM\fR: the number of retries to send, at 1 second intervals\. Note that since this scanner is stateless, retries are sent regardless if replies have already been received\.
.
.IP "\(bu" 4
\fB\-\-nmap\fR: print help about nmap\-compatibility alternatives for these options\.
.
.IP "\(bu" 4
\fB\-\-pcap\-payloads FILE\fR: read packets from a libpcap file containing packets and extract the UDP payloads, and associate those payloads with the destination port\. These payloads will then be used when sending UDP packets with the matching destination port\. Only one payload will be remembered per port\. Similar to \fB\-\-nmap\-payloads\fR\.
.
.IP "\(bu" 4
\fB\-\-nmap\-payloads FILE\fR: read in a file in the same format as the nmap file \fBnmap\-payloads\fR\. This contains UDP payload, so that we can send useful UDP packets instead of empty ones\. Similar to \fB\-\-pcap\-payloads\fR\.
.
.IP "\(bu" 4
\fB\-\-http\-user\-agent USER_AGENT\fR: replaces the existing user\-agent field with the indicated value when doing HTTP requests\.
.
.IP "\(bu" 4
\fB\-\-open\-only\fR: report only open ports, not closed ports\.
.
.IP "\(bu" 4
\fB\-\-pcap FILE\fR: saves received packets (but not transmitted packets) to the libpcap\-format file\.
.
.IP "\(bu" 4
\fB\-\-packet\-trace\fR: prints a summary of those packets sent and received\. This is useful at low rates, like a few packets per second, but will overwhelm the terminal at high rates\.
.
.IP "\(bu" 4
\fB\-\-pfring\fR: force the use of the PF_RING driver\. The program will exit if PF_RING DNA drvers are not available\.
.
.IP "\(bu" 4
\fB\-\-resume\-index INDEX\fR: the point in the scan at when it was paused\.
.
.IP "\(bu" 4
\fB\-\-resume\-count NUM\fR: the maximum number of probes to send before exiting\. This is useful with the \fB\-\-resume\-index\fR to chop up a scan and split it among multiple instances, though the \fB\-\-shards\fR option might be better\.
.
.IP "\(bu" 4
\fB\-\-shards X/Y\fR: splits the scan among instances\. \fBx\fR is the id for this scan, while \fBy\fR is the total number of instances\. For example, \fB\-\-shards 1/2\fR tells an instance to send every other packet, starting with index 0\. Likewise, \fB\-\-shards 2/2\fR sends every other packet, but starting with index 1, so that it doesn\'t overlap with the first example\.
.
.IP "\(bu" 4
\fB\-\-rotate TIME\fR: rotates the output file, renaming it with the current timestamp, moving it to a separate directory\. The time is specified in number of seconds, like "3600" for an hour\. Or, units of time can be specified, such as "hourly", or "6hours", or "10min"\. Times are aligned on an even boundary, so if "daily" is specified, then the file will be rotated every day at midnight\.
.
.IP "\(bu" 4
\fB\-\-rotate\-offset TIME\fR: an offset in the time\. This is to accommodate timezones\.
.
.IP "\(bu" 4
\fB\-\-rotate\-dir DIR\fR: when rotating the file, this specifies which directory to move the file to\. A useful directory is \fB/var/log/masscan\fR\.
.
.IP "\(bu" 4
\fB\-\-seed INT\fR: an integer that seeds the random number generator\. Using a different seed will cause packets to be sent in a different random order\. Instead of an integer, the string \fBtime\fR can be specified, which seeds using the local timestamp, automatically generating a differnet random order of scans\. If no seed specified, \fBtime\fR is the default\.
.
.IP "\(bu" 4
\fB\-\-regress\fR: run a regression test, returns \'0\' on success and \'1\' on failure\.
.
.IP "\(bu" 4
\fB\-\-ttl NUM\fR: specifies the TTL of outgoing packets, defaults to 255\.
.
.IP "\(bu" 4
\fB\-\-wait SECONDS\fR: specifies the number of seconds after transmit is done to wait for receiving packets before exiting the program\. The default is 10 seconds\. The string \fBforever\fR can be specified to never terminate\.
.
.IP "\(bu" 4
\fB\-\-offline\fR: don\'t actually transmit packets\. This is useful with a low rate and \fB\-\-packet\-trace\fR to look at what packets might\'ve been transmitted\. Or, it\'s useful with \fB\-\-rate 100000000\fR in order to benchmark how fast transmit would work (assuming a zero\-overhead driver)\. PF_RING is about 20% slower than the benchmark result from offline mode\.
.
.IP "\(bu" 4
\fB\-sL\fR: this doesn\'t do a scan, but instead creates a list of random addresses\. This is useful for importing into other tools\. The options \fB\-\-shard\fR, \fB\-\-resume\-index\fR, and \fB\-\-resume\-count\fR can be useful with this feature\.
.
.IP "\(bu" 4
\fB\-\-interactive\fR: show the results in realtime on the console\. It has no effect if used with \-\-output\-format or \-\-output\-filename\.
.
.IP "\(bu" 4
\fB\-\-output\-format FMT\fR: indicates the format of the output file, which can be \fBxml\fR, \fBbinary\fR, \fBgrepable\fR, \fBlist\fR, or \fBJSON\fR\. The option \fB\-\-output\-filename\fR must be specified\.
.
.IP "\(bu" 4
\fB\-\-output\-filename FILE\fR: the file which to save results to\. If the parameter \fB\-\-output\-format\fR is not specified, then the default of \fBxml\fR will be used\.
.
.IP "\(bu" 4
\fB\-oB FILE\fR: sets the output format to binary and saves the output in the given filename\. This is equivelent to using the \fB\-\-output\-format\fR and \fB\-\-output\-filename\fR parameters\. The option \fB\-\-readscan\fR can then be used to read the binary file\. Binary files are much smaller than their XML equivelents, but require a separate step to convert back into XML or another readable format\.
.
.IP "\(bu" 4
\fB\-oX FILE\fR: sets the output format to XML and saves the output in the given filename\. This is equivelent to using the \fB\-\-output\-format xml\fR and \fB\-\-output\-filename\fR parameters\.
.
.IP "\(bu" 4
\fB\-oG FILE\fR: sets the output format to grepable and saves the output in the given filename\. This is equivelent to using the \-\-output\-format grepable and \-\-output\-filename parameters\.
.
.IP "\(bu" 4
\fB\-oJ FILE\fR: sets the output format to JSON and saves the output in the given filename\. This is equivelent to using the \-\-output\-format json and \-\-output\-filename parameters\.
.
.IP "\(bu" 4
\fB\-oL FILE\fR: sets the output format to a simple list format and saves the output in the given filename\. This is equivelent to using the \-\-output\-format list and \-\-output\-filename parameters\.
.
.IP "\(bu" 4
\fB\-\-readscan FILE\fR: reads the files created by the \fB\-oB\fR option from a scan, then outputs them in one of the other formats, depending on command\-line parameters\. In other words, it can take the binary version of the output and convert it to an XML or JSON format\.
.
.IP "" 0
.
.SH "CONFIGURATION FILE FORMAT"
The configuration file uses the same parameter names as on the commandline, but without the \fB\-\-\fR prefix, and with an \fB=\fR sign between the name and the value\. An example configuration file might be:
.
.IP "" 4
.
.nf
# targets
range = 10\.0\.0\.0/8,192\.168\.0\.0/16
range = 172\.16\.0\.0/14
ports = 20\-25,80,U:53
ping = true
# adapter
adapter = eth0
adapter\-ip = 192\.168\.0\.1
router\-mac = 66\-55\-44\-33\-22\-11
# other
exclude\-file = /etc/masscan/exludes\.txt
.
.fi
.
.IP "" 0
.
.P
By default, the program will read default configuration from the file \fB/etc/masscan/masscan\.conf\fR\. This is useful for system\-specific settings, such as the \fB\-\-adapter\-xxx\fR options\. This is also useful for excluded IP addresses, so that you can scan the entire Internet, while skipping dangerous addresses, like those owned by the DoD, and not make an accidental mistake\.
.
.SH "CONTROL\-C BEHAVIOR"
When the user presses \fIctrl\-c\fR, the scan will stop, and the current state of the scan will be saved in the file \'paused\.conf\'\. The scan can be resumed with the \fB\-\-resume\fR option:
.
.IP "" 4
.
.nf
# masscan \-\-resume paused\.conf
.
.fi
.
.IP "" 0
.
.P
The program will not exit immediately, but will wait a default of 10 seconds to receive results from the Internet and save the results before exiting completely\. This time can be changed with the \fB\-\-wait\fR option\.
.
.SH "SIMPLE EXAMPLES"
The following example scans all private networks for webservers, and prints all open ports that were found\.
.
.IP "" 4
.
.nf
# masscan 10\.0\.0\.0/8 192\.168\.0\.0/16 172\.16\.0\.0/12 \-p80 \-\-open\-only
.
.fi
.
.IP "" 0
.
.P
The following example scans the entire Internet for DNS servers, grabbing their versions, then saves the results in an XML file\.
.
.IP "" 4
.
.nf
# masscan 0\.0\.0\.0/0 \-\-excludefile no\-dod\.txt \-pU:53 \-\-banners \-\-output\-filename dns\.xml
.
.fi
.
.IP "" 0
.
.P
You should be able to import the XML into databases and such\.
.
.P
The following example reads a binary scan results file called bin\-test\.scan and prints results to console\.
.
.IP "" 4
.
.nf
# masscan \-\-readscan bin\-test\.scan
.
.fi
.
.IP "" 0
.
.P
The following example reads a binary scan results file called bin\-test\.scan and creates an XML output file called bin\-test\.xml\.
.
.IP "" 4
.
.nf
# masscan \-\-readscan bin\-test\.scan \-oX bin\-test\.xml
.
.fi
.
.IP "" 0
.
.SH "ADVANCED EXAMPLES"
Let\'s say that you want to scan the entire Internet and spread the scan across three machines\. Masscan would be launched on all three machines using the following command\-lines:
.
.IP "" 4
.
.nf
# masscan 0\.0\.0\.0/0 \-p0\-65535 \-\-shard 1/3
# masscan 0\.0\.0\.0/0 \-p0\-65535 \-\-shard 2/3
# masscan 0\.0\.0\.0/0 \-p0\-65535 \-\-shard 3/3
.
.fi
.
.IP "" 0
.
.P
An alternative is with the "resume" feature\. A scan has an internal index that goes from zero to the number of ports times then number of IP addresses\. The following example shows splitting up a scan into chunks of a 1000 items each:
.
.IP "" 4
.
.nf
# masscan 0\.0\.0\.0/0 \-p0\-65535 \-\-resume\-index 0 \-\-resume\-count 1000
# masscan 0\.0\.0\.0/0 \-p0\-65535 \-\-resume\-index 1000 \-\-resume\-count 1000
# masscan 0\.0\.0\.0/0 \-p0\-65535 \-\-resume\-index 2000 \-\-resume\-count 1000
# masscan 0\.0\.0\.0/0 \-p0\-65535 \-\-resume\-index 3000 \-\-resume\-count 1000
.
.fi
.
.IP "" 0
.
.P
A script can use this to split smaller tasks across many other machines, such as Amazon EC2 instances\. As each instance completes a job, the script might send a request to a central coordinating server for more work\.
.
.SH "SPURIOUS RESETS"
When scanning TCP using the default IP address of your adapter, the built\-in stack will generate RST packets\. This will prevent banner grabbing\. There are are two ways to solve this\. The first way is to create a firewall rule to block that port from being seen by the stack\. How this works is dependent on the operating system, but on Linux this looks something like:
.
.IP "" 4
.
.nf
# iptables \-A INPUT \-p tcp \-i eth0 \-\-dport 61234 \-j DROP
.
.fi
.
.IP "" 0
.
.P
Then, when scanning, that same port must be used as the source:
.
.IP "" 4
.
.nf
# masscan 10\.0\.0\.0/8 \-p80 \-\-banners \-\-adapter\-port 61234
.
.fi
.
.IP "" 0
.
.P
An alternative is to "spoof" a different IP address\. This IP address must be within the range of the local network, but must not otherwise be in use by either your own computer or another computer on the network\. An example of this would look like:
.
.IP "" 4
.
.nf
# masscan 10\.0\.0\.0/8 \-p80 \-\-banners \-\-adapter\-ip 192\.168\.1\.101
.
.fi
.
.IP "" 0
.
.P
Setting your source IP address this way is the preferred way of running this scanner\.
.
.SH "ABUSE COMPLAINTS"
This scanner is designed for large\-scale surveys, of either an organization, or of the Internet as a whole\. This scanning will be noticed by those monitoring their logs, which will generate complaints\.
.
.P
If you are scanning your own organization, this may lead to you being fired\. Never scan outside your local subnet without getting permission from your boss, with a clear written declaration of why you are scanning\.
.
.P
The same applies to scanning the Internet from your employer\. This is another good way to get fired, as your IT department gets flooded with complaints as to why your organization is hacking them\.
.
.P
When scanning on your own, such as your home Internet or ISP, this will likely cause them to cancel your account due to the abuse complaints\.
.
.P
One solution is to work with your ISP, to be clear about precisely what we are doing, to prove to them that we are researching the Internet, not "hacking" it\. We have our ISP send the abuse complaints directly to us\. For anyone that asks, we add them to our "\-\-excludefile", blacklisting them so that we won\'t scan them again\. While interacting with such people, some instead add us to their whitelist, so that their firewalls won\'t log us anymore (they\'ll still block us, of course, they just won\'t log that fact to avoid filling up their logs with our scans)\.
.
.P
Ultimately, I don\'t know if it\'s possible to completely solve this problem\. Despite the Internet being a public, end\-to\-end network, you are still "guilty until proven innocent" when you do a scan\.
.
.SH "COMPATIBILITY"
While not listed in this document, a lot of parameters compatible with \fBnmap\fR will also work\.
.
.SH "SEE ALSO"
nmap(8), pcap(3)
.
.SH "AUTHORS"
This tool was written by Robert Graham\. The source code is available at https://github\.com/robertdavidgraham/masscan\.
================================================
FILE: doc/masscan.8.markdown
================================================
masscan(8) -- Fast scan of the Internet
=======================================
## SYNOPSIS
masscan \[options\] \[<IP|ranges>... -p PORT\[,PORT...\]\]
## DESCRIPTION
**masscan** is an Internet-scale port scanner, useful for large scale surveys
of the Internet, or of internal networks. While the default transmit rate
is only 100 packets/second, it can optionally go as fast as 25 million
packets/second, a rate sufficient to scan the Internet in 3 minutes for
one port.
## OPTIONS
* `<IP|RANGE>`: anything on the command-line not prefixed with a '-' is
assumed to be an IP address or range. There are three valid formats.
The first is a single IP address like `192.168.0.1` or `2001:db8::1`. The second
is a range like `10.0.0.1-10.0.0.100`. The third is a CIDR address,
like `0.0.0.0/0` or `2001:db8::/90`. At least one target must be specified. Multiple
targets can be specified. This can be specified as multiple options
separated by space, or can be separated by a comma as a single option,
such as `10.0.0.0/8,192.168.0.1,2001:db8::1`.
* `--range <IP|RANGE>`: the same as target range spec described above,
except as a named parameter instead of an unnamed one.
* `-p PORT[,PORT..]`, `--ports PORT[,PORT...]`: specifies the port(s) to be scanned. A
single port can be specified, like `-p80`. A range of ports can be
specified, like `-p 20-25`. A list of ports/ranges can be specified, like
`-p80,20-25`. UDP ports can also be specified, like
`--ports U:161,U:1024-1100`.
* `--banners`: specifies that banners should be grabbed after establishing
a TCP connection. Protocols supported include HTTP, FTP, IMAP4, memcached,
POP3, SMTP, SSH, SSL, SMB, Telnet, RDP, and VNC.
* `--rate RATE`: specifies the desired rate for transmitting
packets. This can be very small numbers, like `0.1` for transmitting
packets at rates of one every 10 seconds, for very large numbers like
10000000, which attempts to transmit at 10 million packets/second. In my
experience, Windows and can do 250 thousand packets per second, and latest
versions of Linux can do 2.5 million packets per second. The PF_RING driver
is needed to get to 25 million packets/second.
* `-c FILE`, `--conf FILE`: reads in a configuration file.
If not specified, then will read from `/etc/masscan/masscan.conf` by default.
The format is described below under 'CONFIGURATION FILE'.
* `--resume FILE`: the same as `--conf`, except that a few options
are automatically set, such as `--append-output`. The format of the
configuration file is described below. The purpose is to resume a scan
saved in `paused.conf` that was interupted with [ctrl-c].
* `--echo`: don't run, but instead dump the current configuration to a file.
This file can then be used with the `-c` option. The format of this
output is described below under 'CONFIGURATION FILE'.
* `-e IFNAME`, `--adapter IFNAME`: use the named raw network interface,
such as "eth0" or "dna1". If not specified, the first network interface
found with a default gateway will be used.
* `--adapter-ip IP`, `--source-ip IP`: send packets using this IP address. If not
specified, then the first IP address bound to the network interface
will be used. Instead of a single IP address, a range may be specified.
NOTE: The size of the range must be an even power of 2, such as 1, 2, 4,
8, 16, 1024 etc. addresses.
* `--adapter-port PORT`: send packets using this port number as the
source. If not specified, a random port will be chosen in the range 40000
through 60000. This port should be filtered by the host firewall (like
iptables) to prevent the host network stack from interfering with arriving
packets. Instead of a single port, a range can be specified, like
`40000-40003`. NOTE: The size of the range must be an even power of 2,
such as the example above that has a total of 4 addresses.
* `--adapter-mac MAC`: send packets using this as the source MAC
address. If not specified, then the first MAC address bound to the network
interface will be used.
* `--adapter-vlan VLANID`: send packets using this 802.1q VLAN ID
* `--router-mac MAC`: send packets to this MAC address as the
destination. If not specified, then the gateway address of the network
interface will be ARPed.
* `--ping`: indicates that the scan should include an ICMP echo request.
This may be included with TCP and UDP scanning.
* `--exclude <IP|RANGE>`: blacklist an IP address or range, preventing it
from being scanned. This overrides any target specification, guaranteeing
that this address/range won't be scanned. This has the same format
as the normal target specification.
* `--excludefile FILE`: reads in a list of exclude ranges, in the same
target format described above. These ranges override any targets,
preventing them from being scanned.
* `-iL FILE`, `--includefile FILE`: reads in a list of ranges to scan, in the same
target format described above for IP addresses and ranges. This file can contain
millions of addresses and ranges.
* `--append-output`: causes output to append to the file, rather than
overwriting the file. Useful for when resumeing scans (see `--resume`).
* `--iflist`: list the available network interfaces, and then exits. The
`-e IFNAME` can then be used with one of the listed adapters.
* `--retries <num>`: the number of retries to send, at 1 second intervals. Note
that since this scanner is stateless, retries are sent regardless if
replies have already been received.
* `--nmap`: print help about nmap-compatibility alternatives for these
options.
* `--pcap-payloads FILE`: read packets from a libpcap file containing packets
and extract the UDP payloads, and associate those payloads with the
destination port. These payloads will then be used when sending UDP
packets with the matching destination port. Only one payload will
be remembered per port. Similar to `--nmap-payloads`.
* `--nmap-payloads FILE`: read in a file in the same format as
the nmap file `nmap-payloads`. This contains UDP payload, so that we
can send useful UDP packets instead of empty ones. Similar to
`--pcap-payloads`.
* `--http-* HEADER`: replaces the existing field in the HTTP header
with a new one. Fields that can be replaced are `--http-method`, `--http-url`,
`--http-version`,`--http-host`, and `--http-user-agent`.
Example: `--http-user-agent Keurig K575 Coffee Maker`. See also `--http-field` and `--http-cookie`.
* `--http-field NAME:VALUE`: replaces the existing HTTP header field,
or inserts a new one if the field doesn't exist, given as a `name:value` pair.
Cannot be used to replace the fields in the request-line (method, url, version).
Example: `--http-field Accept:image/gif`.
* `--http-field-remove NAME`: removes the first field from the header that matches
(may be needed multiple times for fields like `Cookie` that can exist multiple times)
* `--http-cookie VALUE`: adds a `Cookie:` field to the HTTP header, even
if other cookie fields exist. The other `--http-*` options replace existing
fields in the HTTP header, this one adds more even if some already exist.
* `--http-payload STR`: adds a payload string after the header; this will
automatically add a `--http-field Content-Length:LEN` field to match the length of the string,
but the user will have to add their own `--http-field Content-Type:TYPE` field to match
the string. Presumably, the user will also change the method to something like
`--http-method POST`. Common conntent types would be `application/x-www-form-urlencoded`,
`application/json`, or `text/xml`.
* `--show [open|closed]`: tells which port status to display, such
as 'open' for those ports that respond with a SYN-ACK on TCP, or
'closed' for those ports that repsond with RST. The default is
only to display 'open' ports.
* `--noshow [open|closed]`: disables a port status to display, such
as to no longer display 'open' ports.
* `--pcap FILE`: saves received packets (but not transmitted
packets) to the libpcap-format file.
* `--packet-trace`: prints a summary of those packets sent and received.
This is useful at low rates, like a few packets per second, but will
overwhelm the terminal at high rates.
* `--pfring`: force the use of the PF_RING driver. The program will exit
if PF_RING DNA drvers are not available.
* `--resume-index INDEX`: the point in the scan at when it was paused.
* `--resume-count NUM`: the maximum number of probes to send before exiting.
This is useful with the `--resume-index` to chop up a scan and split
it among multiple instances, though the `--shards` option might be
better.
* `--shards X/Y`: splits the scan among instances. `x` is the id
for this scan, while `y` is the total number of instances. For example,
`--shards 1/2` tells an instance to send every other packet, starting
with index 0. Likewise, `--shards 2/2` sends every other packet, but
starting with index 1, so that it doesn't overlap with the first example.
* `--rotate TIME`: rotates the output file, renaming it with the
current timestamp, moving it to a separate directory. The time is
specified in number of seconds, like "3600" for an hour. Or, units
of time can be specified, such as "hourly", or "6hours", or "10min".
Times are aligned on an even boundary, so if "daily" is specified,
then the file will be rotated every day at midnight.
* `--rotate-offset TIME`: an offset in the time. This is to accomodate
timezones.
* `--rotate-size SIZE`: rotates the output file when it exceeds the
given size. Typical suffixes can be applied (k,m,g,t) for kilo, mega,
giga, tera.
* `--rotate-dir DIR`: when rotating the file, this specifies which
directory to move the file to. A useful directory is `/var/log/masscan`.
* `--seed INT`: an integer that seeds the random number generator.
Using a different seed will cause packets to be sent in a different
random order. Instead of an integer, the string `time` can be specified,
which seeds using the local timestamp, automatically generating a
different random order of scans. If no seed specified, `time` is the
default.
* `--regress`: run a regression test, returns '0' on success and '1' on
failure.
* `--ttl NUM`: specifies the TTL of outgoing packets, defaults to 255.
* `--wait SECONDS`: specifies the number of seconds after transmit is
done to wait for receiving packets before exiting the program. The default
is 10 seconds. The string `forever` can be specified to never terminate.
* `--offline`: don't actually transmit packets. This is useful with
a low rate and `--packet-trace` to look at what packets might've been
transmitted. Or, it's useful with `--rate 100000000` in order to
benchmark how fast transmit would work (assuming a zero-overhead
driver). PF_RING is about 20% slower than the benchmark result from
offline mode.
* `-sL`: this doesn't do a scan, but instead creates a list of random
addresses. This is useful for importing into other tools. The options
`--shard`, `--resume-index`, and `--resume-count` can be useful with
this feature.
* `--interactive`: show the results in realtime on the console. It has
no effect if used with --output-format or --output-filename.
* `--output-format FMT`: indicates the format of the output file, which
can be `xml`, `binary`, `grepable`, `list`, or `JSON`. The
option `--output-filename` must be specified.
* `--output-filename FILE`: the file which to save results to. If
the parameter `--output-format` is not specified, then the default of
`xml` will be used.
* `-oB FILE`: sets the output format to binary and saves the output in
the given filename. This is equivalent to using the `--output-format` and
`--output-filename` parameters. The option `--readscan` can then be used to
read the binary file. Binary files are mush smaller than their XML
equivalents, but require a separate step to convert back into XML or
another readable format.
* `-oX FILE`: sets the output format to XML and saves the output in the
given filename. This is equivalent to using the `--output-format xml` and
`--output-filename` parameters.
* `-oG FILE`: sets the output format to grepable and saves the output
in the given filename. This is equivalent to using the --output-format grepable
and --output-filename parameters.
* `-oJ FILE`: sets the output format to JSON and saves the output in
the given filename. This is equivalent to using the --output-format json
and --output-filename parameters.
* `-oL FILE`: sets the output format to a simple list format and saves
the output in the given filename. This is equivalent to using
the --output-format list and --output-filename parameters.
* `--readscan FILE`: reads the files created by the `-oB` option
from a scan, then outputs them in one of the other formats, depending
on command-line parameters. In other words, it can take the binary
version of the output and convert it to an XML or JSON format. When this option
is given, defaults from `/etc/masscan/masscan.conf` will not be read.
* `--connection-timeout SECS`: when doing banner checks, this specifies the
maximum number of seconds that a TCP connection can be held open. The default
is 30 seconds. Increase this time if banners are incomplete. For example,
we have to increase the timeout when downloading all the SSL certs from
the Internet, because some sites take that long to deliver all the certs
in the chain. However, beware that when this is set to a large value, it'll
consume a lot of memory on fast scans. While the code may handle millions of
open TCP connections, you may not have enough memory for that.
* `--hello-file[PORT] FILE`: send the contents of the file once the
TCP connection has been established with the given port. Requires that
`--banners` also be set. Heuristics will be performed on the reponse in
an attempt to discover what protocol, so HTTP responses will be parsed
differently than other protocols.
* `--hello-string[PORT] BASE64`: same as `--hello-file` except that the
contents of the BASE64 encoded string are decoded, then used as the hello
string that greets the server.
* `--capture TYPE` or `--nocapture TYPE`: when doing banners (`--banner`), this
determines what to capture from the banners. By default, only the TITLE field from
HTML documents is captured, to get the entire document, use `--capture html`.
By default, the entire certificate from SSL is captured, to disable this, use
`--nocapture cert`. Currently, only the values `html` and `cert` are currently
supported for this option, but many more will be added in the future.
## CONFIGURATION FILE FORMAT
The configuration file uses the same parameter names as on the
commandline, but without the `--` prefix, and with an `=` sign
between the name and the value. An example configuration file
might be:
# targets
range = 10.0.0.0/8,192.168.0.0/16
range = 172.16.0.0/12
ports = 20-25,80,U:53
ping = true
# adapter
adapter = eth0
adapter-ip = 192.168.0.1
router-mac = 66-55-44-33-22-11
# other
exclude-file = /etc/masscan/exludes.txt
By default, the program will read default configuration from the file
`/etc/masscan/masscan.conf`. This is useful for system-specific settings,
such as the `--adapter-xxx` options. This is also useful for
excluded IP addresses, so that you can scan the entire Internet,
while skipping dangerous addresses, like those owned by the DoD,
and not make an accidental mistake.
## CONTROL-C BEHAVIOR
When the user presses <ctrl-c>, the scan will stop, and the current
state of the scan will be saved in the file 'paused.conf'. The scan
can be resumed with the `--resume` option:
# masscan --resume paused.conf
The program will not exit immediately, but will wait a default of 10
seconds to receive results from the Internet and save the results before
exiting completely. This time can be changed with the `--wait` option.
## USER-MODE STACK
Masscan has a user-mode TCP/IP stack that co-exists with the operating-system's
stack. Normally, this works fine but sometimes can cause problems, especially
with the `--banners` option that establishes a TCP/IP connection. In some
cases, all the stack's parameters will have to be specified separately:
--adapter-port PORT
--adapter-ip IP
--adapter-mac MAC
--adapter-vlan VLANID
--router-mac MAC
If the user-mode stack shares the same IP address as the operating-system,
then the kernel will send RST packets during a scan. This can cause
unnecessary traffic during a simple port scan, and will terminate TCP
connections when doing a `--banners` scan. To prevent, this, the built-in
firewall should be used to filter the source ports. On Linux, this can be done
by doing something like:
# iptables -A INPUT -i eth0 -p tcp --dport 44444 -j DROP
This will prevent the Linux kernel from processing incoming packets to port
44444, but `masscan` will still see the packets. Set the maching parameter
of `--adapter-port 44444` to force `masscan` to use that port instead of
a random port.
## SIMPLE EXAMPLES
The following example scans all private networks for webservers, and prints
all open ports that were found.
# masscan 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 -p80 --open-only
The following example scans the entire Internet for DNS servers, grabbing
their versions, then saves the results in an XML file.
# masscan 0.0.0.0/0 --excludefile no-dod.txt -pU:53 --banners --output-filename dns.xml
You should be able to import the XML into databases and such.
The following example reads a binary scan results file called bin-test.scan and prints
results to console.
# masscan --readscan bin-test.scan
The following example reads a binary scan results file called bin-test.scan and creates
an XML output file called bin-test.xml.
# masscan --readscan bin-test.scan -oX bin-test.xml
## ADVANCED EXAMPLES
Let's say that you want to scan the entire Internet and spread the scan
across three machines. Masscan would be launched on all three machines
using the following command-lines:
# masscan 0.0.0.0/0 -p0-65535 --shard 1/3
# masscan 0.0.0.0/0 -p0-65535 --shard 2/3
# masscan 0.0.0.0/0 -p0-65535 --shard 3/3
An alternative is with the "resume" feature. A scan has an internal index that
goes from zero to the number of ports times the number of IP addresses. The
following example shows splitting up a scan into chunks of a 1000 items each:
# masscan 0.0.0.0/0 -p0-65535 --resume-index 0 --resume-count 1000
# masscan 0.0.0.0/0 -p0-65535 --resume-index 1000 --resume-count 1000
# masscan 0.0.0.0/0 -p0-65535 --resume-index 2000 --resume-count 1000
# masscan 0.0.0.0/0 -p0-65535 --resume-index 3000 --resume-count 1000
A script can use this to split smaller tasks across many other machines,
such as Amazon EC2 instances. As each instance completes a job, the
script might send a request to a central coordinating server for more
work.
## SPURIOUS RESETS
When scanning TCP using the default IP address of your adapter, the built-in
stack will generate RST packets. This will prevent banner grabbing. There are
are two ways to solve this. The first way is to create a firewall rule
to block that port from being seen by the stack. How this works is dependent
on the operating system, but on Linux this looks something like:
# iptables -A INPUT -p tcp -i eth0 --dport 61234 -j DROP
Then, when scanning, that same port must be used as the source:
# masscan 10.0.0.0/8 -p80 --banners --adapter-port 61234
An alternative is to "spoof" a different IP address. This IP address must be
within the range of the local network, but must not otherwise be in use by
either your own computer or another computer on the network. An example of this
would look like:
# masscan 10.0.0.0/8 -p80 --banners --adapter-ip 192.168.1.101
Setting your source IP address this way is the preferred way of running this
scanner.
## ABUSE COMPLAINTS
This scanner is designed for large-scale surveys, of either an organization,
or of the Internet as a whole. This scanning will be noticed by those
monitoring their logs, which will generate complaints.
If you are scanning your own organization, this may lead to you being fired.
Never scan outside your local subnet without getting permission from your boss,
with a clear written declaration of why you are scanning.
The same applies to scanning the Internet from your employer. This is another
good way to get fired, as your IT department gets flooded with complaints as
to why your organization is hacking them.
When scanning on your own, such as your home Internet or ISP, this will likely
cause them to cancel your account due to the abuse complaints.
One solution is to work with your ISP, to be clear about precisely what we are
doing, to prove to them that we are researching the Internet, not "hacking" it.
We have our ISP send the abuse complaints directly to us. For anyone that asks,
we add them to our "--excludefile", blacklisting them so that we won't scan
them again. While interacting with such people, some instead add us to their
whitelist, so that their firewalls won't log us anymore (they'll still block
us, of course, they just won't log that fact to avoid filling up their logs
with our scans).
Ultimately, I don't know if it's possible to completely solve this problem.
Despite the Internet being a public, end-to-end network, you are still
"guilty until proven innocent" when you do a scan.
## COMPATIBILITY
While not listed in this document, a lot of parameters compatible with
`nmap` will also work. It runs on macOS, Linux, and Windows. It's compiled
in fairly portable C language. It supports IPv4 and IPv6.
## SEE ALSO
nmap(8), pcap(3)
## AUTHORS
This tool was written by Robert Graham. The source code is available at
https://github.com/robertdavidgraham/masscan.
================================================
FILE: src/crypto-base64.c
================================================
#include "crypto-base64.h"
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <time.h>
/*****************************************************************************
*****************************************************************************/
size_t
base64_encode(void *vdst, size_t sizeof_dst,
const void *vsrc, size_t sizeof_src)
{
static const char *b64 =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789"
"+/";
size_t i = 0;
size_t d = 0;
unsigned char *dst = (unsigned char *)vdst;
const unsigned char *src = (const unsigned char *)vsrc;
/* encode every 3 bytes of source into 4 bytes of destination text */
while (i + 3 <= sizeof_src) {
unsigned n;
/* make sure there is enough space */
if (d + 4 > sizeof_dst)
return d;
/* convert the chars */
n = src[i]<<16 | src[i+1]<<8 | src[i+2];
dst[d+0] = b64[ (n>>18) & 0x3F ];
dst[d+1] = b64[ (n>>12) & 0x3F ];
dst[d+2] = b64[ (n>> 6) & 0x3F ];
dst[d+3] = b64[ (n>> 0) & 0x3F ];
i += 3;
d += 4;
}
/* If the source text isn't an even multiple of 3 characters, then we'll
* have to append a '=' or '==' to the output to compensate */
if (i + 2 <= sizeof_src && d + 4 <= sizeof_dst) {
unsigned n = src[i]<<16 | src[i+1]<<8;
dst[d+0] = b64[ (n>>18) & 0x3F ];
dst[d+1] = b64[ (n>>12) & 0x3F ];
dst[d+2] = b64[ (n>> 6) & 0x3F ];
dst[d+3] = '=';
d += 4;
} else if (i + 1 <= sizeof_src && d + 4 <= sizeof_dst) {
unsigned n = src[i]<<16;
dst[d+0] = b64[ (n>>18) & 0x3F ];
dst[d+1] = b64[ (n>>12) & 0x3F ];
dst[d+2] = '=';
dst[d+3] = '=';
d += 4;
}
return d;
}
/*****************************************************************************
*****************************************************************************/
size_t
base64_decode(void *vdst, size_t sizeof_dst,
const void *vsrc, size_t sizeof_src)
{
static const unsigned char rstr[] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 62, 0xFF, 0xFF, 0xFF, 63,
52, 53, 54, 55, 56, 57, 58, 59,
60, 61, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0, 1, 2, 3, 4, 5, 6,
7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22,
23, 24, 25, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 26, 27, 28, 29, 30, 31, 32,
33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48,
49, 50, 51, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};
size_t i = 0;
size_t d = 0;
unsigned char *dst = (unsigned char *)vdst;
const unsigned char *src = (const unsigned char *)vsrc;
while (i < sizeof_src) {
unsigned b;
unsigned c=0;
/* byte#1 */
while (i<sizeof_src && (c = rstr[src[i]]) > 64)
i++;
if (src[i] == '=' || i++ >= sizeof_src)
break;
b = (c << 2) & 0xfc;
while (i<sizeof_src && (c = rstr[src[i]]) > 64)
i++;
if (src[i] == '=' || i++ >= sizeof_src)
break;
b |= (c>>4) & 0x03;
if (d<sizeof_dst)
dst[d++] = (unsigned char)b;
if (i>=sizeof_src)
break;
/* byte#2 */
b = (c<<4) & 0xF0;
while (i<sizeof_src && src[i] != '=' && (c = rstr[src[i]]) > 64)
;
if (src[i] == '=' || i++ >= sizeof_src)
break;
b |= (c>>2) & 0x0F;
if (d<sizeof_dst)
dst[d++] = (unsigned char)b;
if (i>=sizeof_src)
break;
/* byte#3*/
b = (c<<6) & 0xC0;
while (i<sizeof_src && src[i] != '=' && (c = rstr[src[i]]) > 64)
;
if (src[i] == '=' || i++ >= sizeof_src)
break;
b |= c;
if (d<sizeof_dst)
dst[d++] = (unsigned char)b;
if (i>=sizeof_src)
break;
}
if (d<sizeof_dst)
dst[d] = '\0';
return d;
}
/*****************************************************************************
* Provide my own rand() simply to avoid static-analysis warning me that
* 'rand()' is unrandom, when in fact we want the non-random properties of
* rand() for regression testing.
*****************************************************************************/
static unsigned
r_rand(unsigned *seed)
{
static const unsigned a = 214013;
static const unsigned c = 2531011;
*seed = (*seed) * a + c;
return (*seed)>>16 & 0x7fff;
}
/*****************************************************************************
*****************************************************************************/
int
base64_selftest(void)
{
char buf[100];
char buf2[100];
char buf3[100];
size_t buf_len;
size_t buf2_len;
unsigned i;
unsigned seed = (unsigned)time(0);
buf_len = base64_encode(buf, sizeof(buf), "hello", 5);
buf2_len = base64_decode(buf2, sizeof(buf2), buf, buf_len);
if (buf2_len != 5 && memcmp(buf2, "hello", 5) != 0) {
fprintf(stderr, "base64: selftest failed\n");
return 1;
}
/*
* Generate a bunch of random strings, encode them, then decode them,
* making sure the final result matches the original string
*/
for (i=0; i<100; i++) {
unsigned j;
size_t buf3_len;
/* create a string of random bytes */
buf_len = r_rand(&seed) % 50;
for (j=0; j<buf_len; j++) {
buf[j] = (char)r_rand(&seed);
}
/* encode it */
buf2_len = base64_encode(buf2, sizeof(buf2), buf, buf_len);
/* decode it back again */
buf3_len = base64_decode(buf3, sizeof(buf3), buf2, buf2_len);
/* now make sure result equals original */
if (buf3_len != buf_len && memcmp(buf3, buf, buf_len) != 0) {
fprintf(stderr, "base64: selftest failed\n");
return 1;
}
}
return 0;
}
================================================
FILE: src/crypto-base64.h
================================================
#ifndef CRYPTO_BASE64_H
#define CRYPTO_BASE64_H
#include <stdio.h>
size_t base64_decode(void *dst, size_t sizeof_dst, const void *src, size_t sizeof_src);
size_t base64_encode(void *dst, size_t sizeof_dst, const void *src, size_t sizeof_src);
int base64_selftest(void);
#endif
================================================
FILE: src/crypto-blackrock.c
================================================
/*
BlackRock cipher
(h/t Marsh Ray @marshray for this idea)
This is a randomization/reshuffling function based on a crypto
"Feistel network" as described in the paper:
'Ciphers with Arbitrary Finite Domains'
by John Black and Phillip Rogaway
http://www.cs.ucdavis.edu/~rogaway/papers/subset.pdf
This is a crypto-like construction that encrypts an arbitrary sized
range. Given a number in the range [0..9999], it'll produce a mapping
to a distinct different number in the same range (and back again).
In other words, it randomizes the order of numbers in a sequence.
For example, it can be used to randomize the sequence [0..9]:
0 -> 6
1 -> 4
2 -> 8
3 -> 1
4 -> 9
5 -> 3
6 -> 0
7 -> 5
8 -> 2
9 -> 7
As you can see on the right hand side, the numbers are in random
order, and they don't repeat.
This is create for port scanning. We can take an index variable
and increment it during a scan, then use this function to
randomize it, yet be assured that we've probed every IP and port
within the range.
The cryptographic strength of this construction depends upon the
number of rounds, and the exact nature of the inner "READ()" function.
Because it's a Feistel network, that "READ()" function can be almost
anything.
We don't care about cryptographic strength, just speed, so we are
using a trivial READ() function.
This is a class of "format-preserving encryption". There are
probably better constructions than what I'm using.
*/
#include "crypto-blackrock.h"
#include "pixie-timer.h"
#include "util-malloc.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <math.h>
#include <ctype.h>
#include <time.h>
#if defined(_MSC_VER)
#define inline _inline
#endif
/***************************************************************************
* It's an s-box. You gotta have an s-box
***************************************************************************/
const unsigned char sbox[256] = {
0x91, 0x58, 0xb3, 0x31, 0x6c, 0x33, 0xda, 0x88,
0x57, 0xdd, 0x8c, 0xf2, 0x29, 0x5a, 0x08, 0x9f,
0x49, 0x34, 0xce, 0x99, 0x9e, 0xbf, 0x0f, 0x81,
0xd4, 0x2f, 0x92, 0x3f, 0x95, 0xf5, 0x23, 0x00,
0x0d, 0x3e, 0xa8, 0x90, 0x98, 0xdd, 0x20, 0x00,
0x03, 0x69, 0x0a, 0xca, 0xba, 0x12, 0x08, 0x41,
0x6e, 0xb9, 0x86, 0xe4, 0x50, 0xf0, 0x84, 0xe2,
0xb3, 0xb3, 0xc8, 0xb5, 0xb2, 0x2d, 0x18, 0x70,
0x0a, 0xd7, 0x92, 0x90, 0x9e, 0x1e, 0x0c, 0x1f,
0x08, 0xe8, 0x06, 0xfd, 0x85, 0x2f, 0xaa, 0x5d,
0xcf, 0xf9, 0xe3, 0x55, 0xb9, 0xfe, 0xa6, 0x7f,
0x44, 0x3b, 0x4a, 0x4f, 0xc9, 0x2f, 0xd2, 0xd3,
0x8e, 0xdc, 0xae, 0xba, 0x4f, 0x02, 0xb4, 0x76,
0xba, 0x64, 0x2d, 0x07, 0x9e, 0x08, 0xec, 0xbd,
0x52, 0x29, 0x07, 0xbb, 0x9f, 0xb5, 0x58, 0x6f,
0x07, 0x55, 0xb0, 0x34, 0x74, 0x9f, 0x05, 0xb2,
0xdf, 0xa9, 0xc6, 0x2a, 0xa3, 0x5d, 0xff, 0x10,
0x40, 0xb3, 0xb7, 0xb4, 0x63, 0x6e, 0xf4, 0x3e,
0xee, 0xf6, 0x49, 0x52, 0xe3, 0x11, 0xb3, 0xf1,
0xfb, 0x60, 0x48, 0xa1, 0xa4, 0x19, 0x7a, 0x2e,
0x90, 0x28, 0x90, 0x8d, 0x5e, 0x8c, 0x8c, 0xc4,
0xf2, 0x4a, 0xf6, 0xb2, 0x19, 0x83, 0xea, 0xed,
0x6d, 0xba, 0xfe, 0xd8, 0xb6, 0xa3, 0x5a, 0xb4,
0x48, 0xfa, 0xbe, 0x5c, 0x69, 0xac, 0x3c, 0x8f,
0x63, 0xaf, 0xa4, 0x42, 0x25, 0x50, 0xab, 0x65,
0x80, 0x65, 0xb9, 0xfb, 0xc7, 0xf2, 0x2d, 0x5c,
0xe3, 0x4c, 0xa4, 0xa6, 0x8e, 0x07, 0x9c, 0xeb,
0x41, 0x93, 0x65, 0x44, 0x4a, 0x86, 0xc1, 0xf6,
0x2c, 0x97, 0xfd, 0xf4, 0x6c, 0xdc, 0xe1, 0xe0,
0x28, 0xd9, 0x89, 0x7b, 0x09, 0xe2, 0xa0, 0x38,
0x74, 0x4a, 0xa6, 0x5e, 0xd2, 0xe2, 0x4d, 0xf3,
0xf4, 0xc6, 0xbc, 0xa2, 0x51, 0x58, 0xe8, 0xae,
};
/***************************************************************************
***************************************************************************/
void
blackrock_init(struct BlackRock *br, uint64_t range, uint64_t seed, unsigned rounds)
{
double foo = sqrt(range * 1.0);
/* This algorithm gets very non-random at small numbers, so I'm going
* to try to fix some constants here to make it work. It doesn't have
* to be good, since it's kinda pointless having ranges this small */
switch (range) {
case 0:
br->a = 0;
br->b = 0;
break;
case 1:
br->a = 1;
br->b = 1;
break;
case 2:
br->a = 1;
br->b = 2;
break;
case 3:
br->a = 2;
br->b = 2;
break;
case 4:
case 5:
case 6:
br->a = 2;
br->b = 3;
break;
case 7:
case 8:
br->a = 3;
br->b = 3;
break;
default:
br->range = range;
br->a = (uint64_t)(foo - 2);
br->b = (uint64_t)(foo + 3);
break;
}
while (br->a * br->b <= range)
br->b++;
br->rounds = rounds;
br->seed = seed;
br->range = range;
}
/***************************************************************************
* The inner round/mixer function. In DES, it's a series of S-box lookups,
* which
***************************************************************************/
static inline uint64_t
READ(uint64_t r, uint64_t R, uint64_t seed)
{
uint64_t r0, r1, r2, r3;
#define GETBYTE(R,n) ((((R)>>(n*8))^seed^r)&0xFF)
R ^= (seed << r) ^ (seed >> (64 - r));
r0 = sbox[GETBYTE(R,0)]<< 0 | sbox[GETBYTE(R,1)]<< 8;
r1 = (sbox[GETBYTE(R,2)]<<16UL | sbox[GETBYTE(R,3)]<<24UL)&0x0ffffFFFFUL;
r2 = sbox[GETBYTE(R,4)]<< 0 | sbox[GETBYTE(R,5)]<< 8;
r3 = (sbox[GETBYTE(R,6)]<<16UL | sbox[GETBYTE(R,7)]<<24UL)&0x0ffffFFFFUL;
R = r0 ^ r1 ^ r2<<23UL ^ r3<<33UL;
return R;
}
/***************************************************************************
*
* NOTE:
* the names in this function are cryptic in order to match as closely
* as possible the pseudocode in the following paper:
* http://www.cs.ucdavis.edu/~rogaway/papers/subset.pdf
* Read that paper in order to understand this code.
***************************************************************************/
static inline uint64_t
ENCRYPT(unsigned r, uint64_t a, uint64_t b, uint64_t m, uint64_t seed)
{
uint64_t L, R;
unsigned j;
uint64_t tmp;
L = m % a;
R = m / a;
for (j=1; j<=r; j++) {
if (j & 1) {
tmp = (L + READ(j, R, seed)) % a;
} else {
tmp = (L + READ(j, R, seed)) % b;
}
L = R;
R = tmp;
}
if (r & 1) {
return a * L + R;
} else {
return a * R + L;
}
}
/***************************************************************************
***************************************************************************/
static inline uint64_t
UNENCRYPT(unsigned r, uint64_t a, uint64_t b, uint64_t m, uint64_t seed)
{
uint64_t L, R;
unsigned j;
uint64_t tmp;
if (r & 1) {
R = m % a;
L = m / a;
} else {
L = m % a;
R = m / a;
}
for (j=r; j>=1; j--) {
if (j & 1) {
tmp = READ(j, L, seed);
if (tmp > R) {
tmp = (tmp - R);
tmp = a - (tmp%a);
if (tmp == a)
tmp = 0;
} else {
tmp = (R - tmp);
tmp %= a;
}
} else {
tmp = READ(j, L, seed);
if (tmp > R) {
tmp = (tmp - R);
tmp = b - (tmp%b);
if (tmp == b)
tmp = 0;
} else {
tmp = (R - tmp);
tmp %= b;
}
}
R = L;
L = tmp;
}
return a * R + L;
}
/***************************************************************************
***************************************************************************/
uint64_t
blackrock_shuffle(const struct BlackRock *br, uint64_t m)
{
uint64_t c;
c = ENCRYPT(br->rounds, br->a, br->b, m, br->seed);
while (c >= br->range)
c = ENCRYPT(br->rounds, br->a, br->b, c, br->seed);
return c;
}
/***************************************************************************
***************************************************************************/
uint64_t
blackrock_unshuffle(const struct BlackRock *br, uint64_t m)
{
uint64_t c;
c = UNENCRYPT(br->rounds, br->a, br->b, m, br->seed);
while (c >= br->range)
c = UNENCRYPT(br->rounds, br->a, br->b, c, br->seed);
return c;
}
/***************************************************************************
* This function called only during selftest/regression-test.
***************************************************************************/
static unsigned
blackrock_verify(struct BlackRock *br, uint64_t max)
{
unsigned char *list;
uint64_t i;
unsigned is_success = 1;
uint64_t range = br->range;
/* Allocate a list of 1-byte counters */
list = CALLOC(1, (size_t)((range<max)?range:max));
/* For all numbers in the range, verify increment the counter for
* the output. */
for (i=0; i<range; i++) {
uint64_t x = blackrock_shuffle(br, i);
if (x < max)
list[x]++;
}
/* Now check the output to make sure that every counter is set exactly
* to the value of '1'. */
for (i=0; i<max && i<range; i++) {
if (list[i] != 1)
is_success = 0;
}
free(list);
return is_success;
}
/***************************************************************************
***************************************************************************/
void
blackrock_benchmark(unsigned rounds)
{
struct BlackRock br;
uint64_t range = 0x012356789123ULL;
uint64_t i;
uint64_t result = 0;
uint64_t start, stop;
static const uint64_t ITERATIONS = 5000000ULL;
printf("-- blackrock-1 -- \n");
printf("rounds = %u\n", rounds);
blackrock_init(&br, range, 1, rounds);
/*
* Time the algorithm
*/
start = pixie_nanotime();
for (i=0; i<ITERATIONS; i++) {
result += blackrock_shuffle(&br, i);
}
stop = pixie_nanotime();
/*
* Print the results
*/
if (result) {
double elapsed = ((double)(stop - start))/(1000000000.0);
double rate = ITERATIONS/elapsed;
rate /= 1000000.0;
printf("iterations/second = %5.3f-million\n", rate);
}
printf("\n");
}
/***************************************************************************
***************************************************************************/
int
blackrock_selftest(void)
{
uint64_t i;
uint64_t range;
/* @marshray
* Basic test of decryption. I take the index, encrypt it, then decrypt it,
* which means I should get the original index back again. Only, it's not
* working. The decryption fails. The reason it's failing is obvious -- I'm
* just not seeing it though. The error is probably in the 'UNENCRYPT()'
* function above.
*/
{
struct BlackRock br;
blackrock_init(&br, 1000, 0, 4);
for (i=0; i<10; i++) {
uint64_t result, result2;
result = blackrock_shuffle(&br, i);
result2 = blackrock_unshuffle(&br, result);
if (i != result2)
return 1; /*fail*/
}
}
range = 3015 * 3;
for (i=0; i<5; i++) {
struct BlackRock br;
int is_success;
range += 10 + i;
range *= 2;
blackrock_init(&br, range, time(0), 4);
is_success = blackrock_verify(&br, range);
if (!is_success) {
fprintf(stderr, "BLACKROCK: randomization failed\n");
return 1; /*fail*/
}
}
return 0; /*success*/
}
================================================
FILE: src/crypto-blackrock.h
================================================
#ifndef RAND_BLACKROCK_H
#define RAND_BLACKROCK_H
#include <stdint.h>
struct BlackRock {
uint64_t range;
uint64_t a;
uint64_t b;
uint64_t seed;
unsigned rounds;
uint64_t a_bits;
uint64_t a_mask;
uint64_t b_bits;
uint64_t b_mask;
};
/**
* Initializes a structure for shuffling numbers within
* a range.
*
* @param range
* The size of the range of numbers needing to be
* shuffled/randomized.
*/
void
blackrock_init(struct BlackRock *br, uint64_t range, uint64_t seed, unsigned rounds);
void
blackrock2_init(struct BlackRock *br, uint64_t range, uint64_t seed, unsigned rounds);
/**
* Given a number within a range, produce a different number with
* the same range. There is a 1-to-1 mapping between the two,
* so when linearly incrementing through the range, the output
* of this function won't repeat. In other words, encrypt the index variable.
* @param br
* The randomization parameters created with 'blackrock_init()'
* @param index
* An input within the specified range. We call it an 'index' variable
* because that's how we intend to use this function, shuffling a
* monotonically increasing index variable, but in truth, any sort
* of integer can be used. This must be within the 'range' specified
* during the call to blackrock_init(), or the results are undefined.
* @return
* A one-to-one matching index that's in the same range.
*/
uint64_t
blackrock_shuffle(const struct BlackRock *br, uint64_t index);
uint64_t
blackrock2_shuffle(const struct BlackRock *br, uint64_t index);
/**
* The reverse of the shuffle function above: given the shuffled/encrypted
* integer, return the original index value before the shuffling/encryption.
*/
uint64_t
blackrock_unshuffle(const struct BlackRock *br, uint64_t m);
uint64_t
blackrock2_unshuffle(const struct BlackRock *br, uint64_t m);
/**
* Do a regression test.
* @return
* 0 of the regression test succeeds or non-zero if it fails
*/
int
blackrock_selftest(void);
int
blackrock2_selftest(void);
/**
* Do a benchmark of this module regression test.
*/
void
blackrock_benchmark(unsigned rounds);
void
blackrock2_benchmark(unsigned rounds);
#endif
================================================
FILE: src/crypto-blackrock2.c
================================================
#include "crypto-blackrock.h"
#include "pixie-timer.h"
#include "unusedparm.h"
#include "util-malloc.h"
#include "util-safefunc.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <math.h>
#include <ctype.h>
#include <time.h>
#if defined(_MSC_VER)
#define inline _inline
#endif
/*
* Expanded DES S-boxes
*/
static const uint32_t SB1[64] =
{
0x01010400, 0x00000000, 0x00010000, 0x01010404,
0x01010004, 0x00010404, 0x00000004, 0x00010000,
0x00000400, 0x01010400, 0x01010404, 0x00000400,
0x01000404, 0x01010004, 0x01000000, 0x00000004,
0x00000404, 0x01000400, 0x01000400, 0x00010400,
0x00010400, 0x01010000, 0x01010000, 0x01000404,
0x00010004, 0x01000004, 0x01000004, 0x00010004,
0x00000000, 0x00000404, 0x00010404, 0x01000000,
0x00010000, 0x01010404, 0x00000004, 0x01010000,
0x01010400, 0x01000000, 0x01000000, 0x00000400,
0x01010004, 0x00010000, 0x00010400, 0x01000004,
0x00000400, 0x00000004, 0x01000404, 0x00010404,
0x01010404, 0x00010004, 0x01010000, 0x01000404,
0x01000004, 0x00000404, 0x00010404, 0x01010400,
0x00000404, 0x01000400, 0x01000400, 0x00000000,
0x00010004, 0x00010400, 0x00000000, 0x01010004
};
static const uint32_t SB2[64] =
{
0x80108020, 0x80008000, 0x00008000, 0x00108020,
0x00100000, 0x00000020, 0x80100020, 0x80008020,
0x80000020, 0x80108020, 0x80108000, 0x80000000,
0x80008000, 0x00100000, 0x00000020, 0x80100020,
0x00108000, 0x00100020, 0x80008020, 0x00000000,
0x80000000, 0x00008000, 0x00108020, 0x80100000,
0x00100020, 0x80000020, 0x00000000, 0x00108000,
0x00008020, 0x80108000, 0x80100000, 0x00008020,
0x00000000, 0x00108020, 0x80100020, 0x00100000,
0x80008020, 0x80100000, 0x80108000, 0x00008000,
0x80100000, 0x80008000, 0x00000020, 0x80108020,
0x00108020, 0x00000020, 0x00008000, 0x80000000,
0x00008020, 0x80108000, 0x00100000, 0x80000020,
0x00100020, 0x80008020, 0x80000020, 0x00100020,
0x00108000, 0x00000000, 0x80008000, 0x00008020,
0x80000000, 0x80100020, 0x80108020, 0x00108000
};
static const uint32_t SB3[64] =
{
0x00000208, 0x08020200, 0x00000000, 0x08020008,
0x08000200, 0x00000000, 0x00020208, 0x08000200,
0x00020008, 0x08000008, 0x08000008, 0x00020000,
0x08020208, 0x00020008, 0x08020000, 0x00000208,
0x08000000, 0x00000008, 0x08020200, 0x00000200,
0x00020200, 0x08020000, 0x08020008, 0x00020208,
0x08000208, 0x00020200, 0x00020000, 0x08000208,
0x00000008, 0x08020208, 0x00000200, 0x08000000,
0x08020200, 0x08000000, 0x00020008, 0x00000208,
0x00020000, 0x08020200, 0x08000200, 0x00000000,
0x00000200, 0x00020008, 0x08020208, 0x08000200,
0x08000008, 0x00000200, 0x00000000, 0x08020008,
0x08000208, 0x00020000, 0x08000000, 0x08020208,
0x00000008, 0x00020208, 0x00020200, 0x08000008,
0x08020000, 0x08000208, 0x00000208, 0x08020000,
0x00020208, 0x00000008, 0x08020008, 0x00020200
};
static const uint32_t SB4[64] =
{
0x00802001, 0x00002081, 0x00002081, 0x00000080,
0x00802080, 0x00800081, 0x00800001, 0x00002001,
0x00000000, 0x00802000, 0x00802000, 0x00802081,
0x00000081, 0x00000000, 0x00800080, 0x00800001,
0x00000001, 0x00002000, 0x00800000, 0x00802001,
0x00000080, 0x00800000, 0x00002001, 0x00002080,
0x00800081, 0x00000001, 0x00002080, 0x00800080,
0x00002000, 0x00802080, 0x00802081, 0x00000081,
0x00800080, 0x00800001, 0x00802000, 0x00802081,
0x00000081, 0x00000000, 0x00000000, 0x00802000,
0x00002080, 0x00800080, 0x00800081, 0x00000001,
0x00802001, 0x00002081, 0x00002081, 0x00000080,
0x00802081, 0x00000081, 0x00000001, 0x00002000,
0x00800001, 0x00002001, 0x00802080, 0x00800081,
0x00002001, 0x00002080, 0x00800000, 0x00802001,
0x00000080, 0x00800000, 0x00002000, 0x00802080
};
static const uint32_t SB5[64] =
{
0x00000100, 0x02080100, 0x02080000, 0x42000100,
0x00080000, 0x00000100, 0x40000000, 0x02080000,
0x40080100, 0x00080000, 0x02000100, 0x40080100,
0x42000100, 0x42080000, 0x00080100, 0x40000000,
0x02000000, 0x40080000, 0x40080000, 0x00000000,
0x40000100, 0x42080100, 0x42080100, 0x02000100,
0x42080000, 0x40000100, 0x00000000, 0x42000000,
0x02080100, 0x02000000, 0x42000000, 0x00080100,
0x00080000, 0x42000100, 0x00000100, 0x02000000,
0x40000000, 0x02080000, 0x42000100, 0x40080100,
0x02000100, 0x40000000, 0x42080000, 0x02080100,
0x40080100, 0x00000100, 0x02000000, 0x42080000,
0x42080100, 0x00080100, 0x42000000, 0x42080100,
0x02080000, 0x00000000, 0x40080000, 0x42000000,
0x00080100, 0x02000100, 0x40000100, 0x00080000,
0x00000000, 0x40080000, 0x02080100, 0x40000100
};
static const uint32_t SB6[64] =
{
0x20000010, 0x20400000, 0x00004000, 0x20404010,
0x20400000, 0x00000010, 0x20404010, 0x00400000,
0x20004000, 0x00404010, 0x00400000, 0x20000010,
0x00400010, 0x20004000, 0x20000000, 0x00004010,
0x00000000, 0x00400010, 0x20004010, 0x00004000,
0x00404000, 0x20004010, 0x00000010, 0x20400010,
0x20400010, 0x00000000, 0x00404010, 0x20404000,
0x00004010, 0x00404000, 0x20404000, 0x20000000,
0x20004000, 0x00000010, 0x20400010, 0x00404000,
0x20404010, 0x00400000, 0x00004010, 0x20000010,
0x00400000, 0x20004000, 0x20000000, 0x00004010,
0x20000010, 0x20404010, 0x00404000, 0x20400000,
0x00404010, 0x20404000, 0x00000000, 0x20400010,
0x00000010, 0x00004000, 0x20400000, 0x00404010,
0x00004000, 0x00400010, 0x20004010, 0x00000000,
0x20404000, 0x20000000, 0x00400010, 0x20004010
};
static const uint32_t SB7[64] =
{
0x00200000, 0x04200002, 0x04000802, 0x00000000,
0x00000800, 0x04000802, 0x00200802, 0x04200800,
0x04200802, 0x00200000, 0x00000000, 0x04000002,
0x00000002, 0x04000000, 0x04200002, 0x00000802,
0x04000800, 0x00200802, 0x00200002, 0x04000800,
0x04000002, 0x04200000, 0x04200800, 0x00200002,
0x04200000, 0x00000800, 0x00000802, 0x04200802,
0x00200800, 0x00000002, 0x04000000, 0x00200800,
0x04000000, 0x00200800, 0x00200000, 0x04000802,
0x04000802, 0x04200002, 0x04200002, 0x00000002,
0x00200002, 0x04000000, 0x04000800, 0x00200000,
0x04200800, 0x00000802, 0x00200802, 0x04200800,
0x00000802, 0x04000002, 0x04200802, 0x04200000,
0x00200800, 0x00000000, 0x00000002, 0x04200802,
0x00000000, 0x00200802, 0x04200000, 0x00000800,
0x04000002, 0x04000800, 0x00000800, 0x00200002
};
static const uint32_t SB8[64] =
{
0x10001040, 0x00001000, 0x00040000, 0x10041040,
0x10000000, 0x10001040, 0x00000040, 0x10000000,
0x00040040, 0x10040000, 0x10041040, 0x00041000,
0x10041000, 0x00041040, 0x00001000, 0x00000040,
0x10040000, 0x10000040, 0x10001000, 0x00001040,
0x00041000, 0x00040040, 0x10040040, 0x10041000,
0x00001040, 0x00000000, 0x00000000, 0x10040040,
0x10000040, 0x10001000, 0x00041040, 0x00040000,
0x00041040, 0x00040000, 0x10041000, 0x00001000,
0x00000040, 0x10040040, 0x00001000, 0x00041040,
0x10001000, 0x00000040, 0x10000040, 0x10040000,
0x10040040, 0x10000000, 0x00040000, 0x10001040,
0x00000000, 0x10041040, 0x00040040, 0x10000040,
0x10040000, 0x10001000, 0x10001040, 0x00000000,
0x10041040, 0x00041000, 0x00041000, 0x00001040,
0x00001040, 0x00040040, 0x10000000, 0x10041000
};
/***************************************************************************
* It's an s-box. You gotta have an s-box
***************************************************************************/
const unsigned char sbox2[] = {
0x91, 0x58, 0xb3, 0x31, 0x6c, 0x33, 0xda, 0x88,
0x57, 0xdd, 0x8c, 0xf2, 0x29, 0x5a, 0x08, 0x9f,
0x49, 0x34, 0xce, 0x99, 0x9e, 0xbf, 0x0f, 0x81,
0xd4, 0x2f, 0x92, 0x3f, 0x95, 0xf5, 0x23, 0x00,
0x0d, 0x3e, 0xa8, 0x90, 0x98, 0xdd, 0x20, 0x00,
0x03, 0x69, 0x0a, 0xca, 0xba, 0x12, 0x08, 0x41,
0x6e, 0xb9, 0x86, 0xe4, 0x50, 0xf0, 0x84, 0xe2,
0xb3, 0xb3, 0xc8, 0xb5, 0xb2, 0x2d, 0x18, 0x70,
0x0a, 0xd7, 0x92, 0x90, 0x9e, 0x1e, 0x0c, 0x1f,
0x08, 0xe8, 0x06, 0xfd, 0x85, 0x2f, 0xaa, 0x5d,
0xcf, 0xf9, 0xe3, 0x55, 0xb9, 0xfe, 0xa6, 0x7f,
0x44, 0x3b, 0x4a, 0x4f, 0xc9, 0x2f, 0xd2, 0xd3,
0x8e, 0xdc, 0xae, 0xba, 0x4f, 0x02, 0xb4, 0x76,
0xba, 0x64, 0x2d, 0x07, 0x9e, 0x08, 0xec, 0xbd,
0x52, 0x29, 0x07, 0xbb, 0x9f, 0xb5, 0x58, 0x6f,
0x07, 0x55, 0xb0, 0x34, 0x74, 0x9f, 0x05, 0xb2,
0xdf, 0xa9, 0xc6, 0x2a, 0xa3, 0x5d, 0xff, 0x10,
0x40, 0xb3, 0xb7, 0xb4, 0x63, 0x6e, 0xf4, 0x3e,
0xee, 0xf6, 0x49, 0x52, 0xe3, 0x11, 0xb3, 0xf1,
0xfb, 0x60, 0x48, 0xa1, 0xa4, 0x19, 0x7a, 0x2e,
0x90, 0x28, 0x90, 0x8d, 0x5e, 0x8c, 0x8c, 0xc4,
0xf2, 0x4a, 0xf6, 0xb2, 0x19, 0x83, 0xea, 0xed,
0x6d, 0xba, 0xfe, 0xd8, 0xb6, 0xa3, 0x5a, 0xb4,
0x48, 0xfa, 0xbe, 0x5c, 0x69, 0xac, 0x3c, 0x8f,
0x63, 0xaf, 0xa4, 0x42, 0x25, 0x50, 0xab, 0x65,
0x80, 0x65, 0xb9, 0xfb, 0xc7, 0xf2, 0x2d, 0x5c,
0xe3, 0x4c, 0xa4, 0xa6, 0x8e, 0x07, 0x9c, 0xeb,
0x41, 0x93, 0x65, 0x44, 0x4a, 0x86, 0xc1, 0xf6,
0x2c, 0x97, 0xfd, 0xf4, 0x6c, 0xdc, 0xe1, 0xe0,
0x28, 0xd9, 0x89, 0x7b, 0x09, 0xe2, 0xa0, 0x38,
0x74, 0x4a, 0xa6, 0x5e, 0xd2, 0xe2, 0x4d, 0xf3,
0xf4, 0xc6, 0xbc, 0xa2, 0x51, 0x58, 0xe8, 0xae,
0x91, 0x58, 0xb3, 0x31, 0x6c, 0x33, 0xda, 0x88,
};
/****************************************************************************
* Given a number, figure out the nearest power-of-two (16,32,64,128,etc.)
* that can hold that number. We do this so that we can convert multiplies
* into shifts.
****************************************************************************/
static uint64_t
next_power_of_two(uint64_t num)
{
uint64_t power_of_two = 1;
num++;
while ((uint64_t)(1ULL << power_of_two) < num)
power_of_two++;
return (1ULL << power_of_two);
}
static uint64_t
bit_count(uint64_t num)
{
uint64_t bits = 0;
while ((num >> bits) > 1)
bits++;
return bits;
}
/***************************************************************************
***************************************************************************/
void
blackrock2_init(struct BlackRock *br, uint64_t range, uint64_t seed, unsigned rounds)
{
uint64_t a;
uint64_t b;
a = next_power_of_two(
(uint64_t)sqrt(range * 1.0)
);
b = next_power_of_two(range/a);
//printf("a=%llu b=%llu seed = 0x%llu\n", a, b, seed);
br->range = range;
br->a = a;
br->a_bits = bit_count(br->a);
br->a_mask = br->a - 1ULL;
br->b = b;
br->b_bits = bit_count(br->b);
br->b_mask = br->b - 1ULL;
//printf("a: 0x%llx / %llu\n", br->a_mask, br->a_bits);
//printf("b: 0x%llx / %llu\n", br->b_mask, br->b_bits);
br->rounds = rounds;
br->seed = seed;
br->range = range;
}
/***************************************************************************
* The inner round/mixer function. In DES, it's a series of S-box lookups,
* which
***************************************************************************/
static inline uint64_t
ROUND(uint64_t r, uint64_t R, uint64_t seed)
{
#define GETBYTE(R,n) ((uint64_t)(((((R)>>(n*8ULL)))&0xFFULL)))
#if 0
uint64_t r0, r1, r2, r3;
#endif
uint64_t T, Y;
T = R ^ ((seed>>r) | (seed<<(64-r)));
if (r & 1) {
Y = SB8[ (T ) & 0x3F ] ^ \
SB6[ (T >> 8) & 0x3F ] ^ \
SB4[ (T >> 16) & 0x3F ] ^ \
SB2[ (T >> 24) & 0x3F ]; \
} else {
Y = SB7[ (T ) & 0x3F ] ^ \
SB5[ (T >> 8) & 0x3F ] ^ \
SB3[ (T >> 16) & 0x3F ] ^ \
SB1[ (T >> 24) & 0x3F ];
}
return Y;
#if 0
r0 = sbox2[GETBYTE(R,0)]<< 6 | sbox2[GETBYTE(R,1)]<< 0;
r1 = sbox2[GETBYTE(R,2)]<< 6 | sbox2[GETBYTE(R,5)]<< 0;
r2 = sbox2[GETBYTE(R,4)]<< 6 | sbox2[GETBYTE(R,5)]<< 0;
r3 = sbox2[GETBYTE(R,6)]<< 6 | sbox2[GETBYTE(R,7)]<< 0;
R = r0 ^ (r1<<12) * (r2 << 24) ^ (r3 << 36) * r;
return R;
/*return((uint64_t)sbox2[GETBYTE(R,7ULL)]<< 0ULL)
| ((uint64_t)sbox2[GETBYTE(R,6ULL)]<< 8ULL)
| ((uint64_t)sbox2[GETBYTE(R,5ULL)]<<16ULL)
| ((uint64_t)sbox2[GETBYTE(R,4ULL)]<<24ULL)
| ((uint64_t)sbox2[GETBYTE(R,3ULL)]<<32ULL)
| ((uint64_t)sbox2[GETBYTE(R,2ULL)]<<40ULL)
| ((uint64_t)sbox2[GETBYTE(R,1ULL)]<<48ULL)
| ((uint64_t)sbox2[GETBYTE(R,0ULL)]<<56ULL)
;*/
return R;
#endif
}
/***************************************************************************
***************************************************************************/
static inline uint64_t
ENCRYPT(unsigned r, uint64_t a_bits, uint64_t a_mask, uint64_t b_bits, uint64_t b_mask, uint64_t m, uint64_t seed)
{
uint64_t L, R;
unsigned j = 1;
uint64_t tmp;
UNUSEDPARM(b_bits);
L = m & a_mask;
R = m >> a_bits;
for (j=1; j<=r; j++) {
tmp = (L + ROUND(j, R, seed)) & a_mask;
L = R;
R = tmp;
j++;
tmp = (L + ROUND(j, R, seed)) & b_mask;
L = R;
R = tmp;
}
if ((j-1) & 1) {
return (L << (a_bits)) + R;
} else {
return (R << (a_bits)) + L;
}
}
static inline uint64_t
DECRYPT(unsigned r, uint64_t a, uint64_t b, uint64_t m, uint64_t seed)
{
uint64_t L, R;
unsigned j;
uint64_t tmp;
if (r & 1) {
R = m % a;
L = m / a;
} else {
L = m % a;
R = m / a;
}
for (j=r; j>=1; j--) {
if (j & 1) {
tmp = ROUND(j, L, seed);
if (tmp > R) {
tmp = (tmp - R);
tmp = a - (tmp%a);
if (tmp == a)
tmp = 0;
} else {
tmp = (R - tmp);
tmp %= a;
}
} else {
tmp = ROUND(j, L, seed);
if (tmp > R) {
tmp = (tmp - R);
tmp = b - (tmp%b);
if (tmp == b)
tmp = 0;
} else {
tmp = (R - tmp);
tmp %= b;
}
}
R = L;
L = tmp;
}
return a * R + L;
}
/***************************************************************************
***************************************************************************/
uint64_t
blackrock2_shuffle(const struct BlackRock *br, uint64_t m)
{
uint64_t c;
c = ENCRYPT(br->rounds, br->a_bits, br->a_mask, br->b_bits, br->b_mask, m, br->seed);
while (c >= br->range)
c = ENCRYPT(br->rounds, br->a_bits, br->a_mask, br->b_bits, br->b_mask, c, br->seed);
return c;
}
/***************************************************************************
***************************************************************************/
uint64_t
blackrock2_unshuffle(const struct BlackRock *br, uint64_t m)
{
uint64_t c;
c = DECRYPT(br->rounds, br->a, br->b, m, br->seed);
while (c >= br->range)
c = DECRYPT(br->rounds, br->a, br->b, c, br->seed);
return c;
}
/***************************************************************************
* This function called only during selftest/regression-test.
***************************************************************************/
static unsigned
verify(struct BlackRock *br, uint64_t max)
{
unsigned char *list;
uint64_t i;
unsigned is_success = 1;
uint64_t range = br->range;
/* Allocate a list of 1-byte counters */
list = CALLOC(1, (size_t)((range<max)?range:max));
/* For all numbers in the range, verify increment the counter for
* the output. */
for (i=0; i<range; i++) {
uint64_t x = blackrock2_shuffle(br, i);
if (x < max)
list[x]++;
}
/* Now check the output to make sure that every counter is set exactly
* to the value of '1'. */
for (i=0; i<max && i<range; i++) {
if (list[i] != 1)
is_success = 0;
}
free(list);
return is_success;
}
/***************************************************************************
* Benchmarks the crypto function.
***************************************************************************/
void
blackrock2_benchmark(unsigned rounds)
{
struct BlackRock br;
uint64_t range = 0x010356789123ULL;
uint64_t i;
uint64_t result = 0;
uint64_t start, stop;
static const uint64_t ITERATIONS = 5000000ULL;
printf("-- blackrock-2 -- \n");
printf("rounds = %u\n", rounds);
blackrock2_init(&br, range, 1, rounds);
/*printf("range = 0x%10" PRIx64 "\n", range);
printf("rangex= 0x%10" PRIx64 "\n", br.a*br.b);
printf(" a = 0x%10" PRIx64 "\n", br.a);
printf(" b = 0x%10" PRIx64 "\n", br.b);*/
/*
* Time the algorithm
*/
start = pixie_nanotime();
for (i=0; i<ITERATIONS; i++) {
result += blackrock2_shuffle(&br, i);
}
stop = pixie_nanotime();
/*
* Print the results
*/
if (result) {
double elapsed = ((double)(stop - start))/(1000000000.0);
double rate = ITERATIONS/elapsed;
rate /= 1000000.0;
printf("iterations/second = %5.3f-million\n", rate);
}
printf("\n");
}
/***************************************************************************
***************************************************************************/
int
blackrock2_selftest(void)
{
uint64_t i;
int is_success = 0;
uint64_t range;
/* @marshray
* Basic test of decryption. I take the index, encrypt it, then decrypt it,
* which means I should get the original index back again. Only, it's not
* working. The decryption fails. The reason it's failing is obvious -- I'm
* just not seeing it though. The error is probably in the 'unfe()'
* function above.
*/
{
struct BlackRock br;
uint64_t result, result2;
blackrock2_init(&br, 1000, 0, 6);
for (i=0; i<10; i++) {
result = blackrock2_shuffle(&br, i);
result2 = blackrock2_unshuffle(&br, result);
if (i != result2)
return 1; /*fail*/
}
}
range = 3015 * 3;
for (i=0; i<5; i++) {
struct BlackRock br;
range += 11 + i;
range *= 1 + i;
blackrock2_init(&br, range, time(0), 6);
is_success = verify(&br, range);
if (!is_success) {
fprintf(stderr, "BLACKROCK: randomization failed\n");
return 1; /*fail*/
}
}
return 0; /*success*/
}
================================================
FILE: src/crypto-lcg.c
================================================
/*
This is a "linear-congruent-generator", a type of random number
generator.
*/
#include "crypto-lcg.h"
#include "crypto-primegen.h" /* DJB's prime factoring code */
#include "util-safefunc.h"
#include "util-malloc.h"
#include <math.h> /* for 'sqrt()', may need -lm for gcc */
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
/**
* A 64 bit number can't have more than 16 prime factors. The first factors
* are:
* 2*3*5*7*11*13*17*19*23*29*31*37*41*43*47*53 = 0xC443F2F861D29C3A
* 0123456789abcdef
* We zero termiante this list, so we are going to reserve 20 slots.
*/
typedef uint64_t PRIMEFACTORS[20];
/****************************************************************************
* Break down the number into prime factors using DJB's sieve code, which
* is about 5 to 10 times faster than the Sieve of Eratosthenes.
*
* @param number
* The integer that we are factoring. It can be any value up to 64 bits
* in size.
* @param factors
* The list of all the prime factors, zero terminated.
* @param non_factors
* A list of smallest numbers that aren't prime factors. We return
* this because we are going to use prime non-factors for finding
* interesting numbers.
****************************************************************************/
static unsigned
sieve_prime_factors(uint64_t number, PRIMEFACTORS factors,
PRIMEFACTORS non_factors, double *elapsed)
{
primegen pg;
clock_t start;
clock_t stop;
uint64_t prime;
uint64_t max;
unsigned factor_count = 0;
unsigned non_factor_count = 0;
/*
* We only need to sieve up to the square-root of the target number. Only
* one prime factor can be bigger than the square root, so once we find
* all the other primes, the square root is the only one left.
* Note: you have to link to the 'm' math library for some gcc platforms.
*/
max = (uint64_t)sqrt(number + 1.0);
/*
* Init the DJB primegen library.
*/
primegen_init(&pg);
/*
* Enumerate all the primes starting with 2
*/
start = clock();
for (;;) {
/* Sieve the next prime */
prime = primegen_next(&pg);
/* If we've reached the square root, then that's as far as we need
* to go */
if (prime > max)
break;
/* If this prime is not a factor (evenly divisible with no remainder)
* then loop back and get the next prime */
if ((number % prime) != 0) {
if (non_factor_count < 12)
non_factors[non_factor_count++] = prime;
continue;
}
/* Else we've found a prime factor, so add this to the list of primes */
factors[factor_count++] = prime;
/* At the end, we may have one prime factor left that's bigger than the
* sqrt. Therefore, as we go along, divide the original number
* (possibly several times) by the prime factor so that this large
* remaining factor will be the only one left */
while ((number % prime) == 0)
number /= prime;
/* exit early if we've found all prime factors. comment out this
* code if you want to benchmark it */
if (number == 1 && non_factor_count > 10)
break;
}
/*
* See if there is one last prime that's bigger than the square root.
* Note: This is the only number that can be larger than 32-bits in the
* way this code is written.
*/
if (number != 1)
factors[factor_count++] = number;
/*
* Zero terminate the results.
*/
factors[factor_count] = 0;
non_factors[non_factor_count] = 0;
/*
* Since prime factorization takes a long time, especially on slow
* CPUs, we benchmark it to keep track of performance.
*/
stop = clock();
if (elapsed)
*elapsed = ((double)stop - (double)start)/(double)CLOCKS_PER_SEC;
/* should always be at least 1, because if the number itself is prime,
* then that's it's only prime factor */
return factor_count;
}
/****************************************************************************
* Do a pseudo-random 1-to-1 translation of a number within a range to
* another number in that range.
*
* The constants 'a' and 'c' must be chosen to match the LCG algorithm
* to fit 'm' (range).
*
* This the same as the function 'rand()', except all the constants and
* seeds are specified as parameters.
*
* @param index
* The index within the range that we are randomizing.
* @param a
* The 'multiplier' of the LCG algorithm.
* @param c
* The 'increment' of the LCG algorithm.
* @param range
* The 'modulus' of the LCG algorithm.
****************************************************************************/
uint64_t
lcg_rand(uint64_t index, uint64_t a, uint64_t c, uint64_t range)
{
return (index * a + c) % range;
}
/****************************************************************************
* Verify the LCG algorithm. You shouldn't do this for large ranges,
* because we'll run out of memory. Therefore, this algorithm allocates
* a buffer only up to a smaller range. We still have to traverse the
* entire range of numbers, but we only need store values for a smaller
* range. If 10% of the range checks out, then there's a good chance
* it applies to the other 90% as well.
*
* This works by counting the results of rand(), which should be produced
* exactly once.
****************************************************************************/
static unsigned
lcg_verify(uint64_t a, uint64_t c, uint64_t range, uint64_t max)
{
unsigned char *list;
uint64_t i;
unsigned is_success = 1;
/* Allocate a list of 1-byte counters */
list = CALLOC(1, (size_t)((range<max)?range:max));
/* For all numbers in the range, verify increment the counter for the
* the output. */
for (i=0; i<range; i++) {
uint64_t x = lcg_rand(i, a, c, range);
if (x < max)
list[x]++;
}
/* Now check the output to make sure that every counter is set exactly
* to the value of '1'. */
for (i=0; i<max && i<range; i++) {
if (list[i] != 1)
is_success = 0;
}
free(list);
return is_success;
}
/****************************************************************************
* Count the number of digits in a number so that we can pretty-print a
* bunch of numbers in nice columns.
****************************************************************************/
static unsigned
count_digits(uint64_t num)
{
unsigned result = 0;
while (num) {
result++;
num /= 10;
}
return result;
}
/****************************************************************************
* Tell whether the number has any prime factors in common with the list
* of factors. In other words, if it's not coprime with the other number.
* @param c
* The number we want to see has common factors with the other number.
* @param factors
* The factors from the other number
* @return
* !is_coprime(c, factors)
****************************************************************************/
static uint64_t
has_factors_in_common(uint64_t c, PRIMEFACTORS factors)
{
unsigned i;
for (i=0; factors[i]; i++) {
if ((c % factors[i]) == 0)
return factors[i]; /* found a common factor */
}
return 0; /* no factors in common */
}
/****************************************************************************
* Given a range, calculate some possible constants for the LCG algorithm
* for randomizing the order of the array.
* @parm m
* The range for which we'll be finding random numbers. If we are
* looking for random numbers between [0..100), this number will
* be 100.
* @parm a
* The LCG 'a' constant that will be the result of this function.
* @param c
* The LCG 'c' constant that will be the result of this function. This
* should be set to 0 on the input to this function, or a suggested
* value.
****************************************************************************/
void
lcg_calculate_constants(uint64_t m, uint64_t *out_a, uint64_t *inout_c, int is_debug)
{
uint64_t a;
uint64_t c = *inout_c;
double elapsed = 0.0; /* Benchmark of 'sieve' algorithm */
PRIMEFACTORS factors; /* List of prime factors of 'm' */
PRIMEFACTORS non_factors;
unsigned i;
/*
* Find all the prime factors of the number. This step can take several
* seconds for 48 bit numbers, which is why we benchmark how long it
* takes.
gitextract_saggdmr8/
├── .gitattributes
├── .github/
│ └── workflows/
│ └── unittests.yml
├── .gitignore
├── LICENSE
├── Makefile
├── README.md
├── VULNINFO.md
├── bin/
│ └── .gitignore
├── data/
│ ├── afl-http.pcap
│ ├── exclude.conf
│ └── flush_all.pcap
├── debian/
│ ├── .gitignore
│ ├── README.Debian
│ ├── changelog
│ ├── compat
│ ├── control
│ ├── copyright
│ ├── masscan.dirs
│ ├── masscan.docs
│ ├── masscan.install
│ ├── masscan.manpages
│ ├── rules
│ ├── source/
│ │ └── format
│ └── watch
├── doc/
│ ├── algorithm.js
│ ├── bot.html
│ ├── faq/
│ │ ├── FAQ0001-slow.md
│ │ ├── FAQ0002-drops.md
│ │ ├── FAQ0003-excludelist.md
│ │ ├── FAQ0004-serverlogs.md
│ │ └── README.md
│ ├── howto-afl.md
│ ├── masscan.8
│ └── masscan.8.markdown
├── src/
│ ├── crypto-base64.c
│ ├── crypto-base64.h
│ ├── crypto-blackrock.c
│ ├── crypto-blackrock.h
│ ├── crypto-blackrock2.c
│ ├── crypto-lcg.c
│ ├── crypto-lcg.h
│ ├── crypto-primegen.c
│ ├── crypto-primegen.h
│ ├── crypto-siphash24.c
│ ├── crypto-siphash24.h
│ ├── event-timeout.c
│ ├── event-timeout.h
│ ├── in-binary.c
│ ├── in-binary.h
│ ├── in-filter.c
│ ├── in-filter.h
│ ├── in-report.c
│ ├── in-report.h
│ ├── main-conf.c
│ ├── main-dedup.c
│ ├── main-dedup.h
│ ├── main-globals.h
│ ├── main-initadapter.c
│ ├── main-listscan.c
│ ├── main-ptrace.c
│ ├── main-ptrace.h
│ ├── main-readrange.c
│ ├── main-readrange.h
│ ├── main-status.c
│ ├── main-status.h
│ ├── main-throttle.c
│ ├── main-throttle.h
│ ├── main.c
│ ├── masscan-app.c
│ ├── masscan-app.h
│ ├── masscan-status.h
│ ├── masscan-version.h
│ ├── masscan.h
│ ├── massip-addr.c
│ ├── massip-addr.h
│ ├── massip-parse.c
│ ├── massip-parse.h
│ ├── massip-port.h
│ ├── massip-rangesv4.c
│ ├── massip-rangesv4.h
│ ├── massip-rangesv6.c
│ ├── massip-rangesv6.h
│ ├── massip.c
│ ├── massip.h
│ ├── misc-rstfilter.c
│ ├── misc-rstfilter.h
│ ├── out-binary.c
│ ├── out-certs.c
│ ├── out-grepable.c
│ ├── out-hostonly.c
│ ├── out-json.c
│ ├── out-ndjson.c
│ ├── out-null.c
│ ├── out-record.h
│ ├── out-redis.c
│ ├── out-tcp-services.c
│ ├── out-tcp-services.h
│ ├── out-text.c
│ ├── out-unicornscan.c
│ ├── out-xml.c
│ ├── output.c
│ ├── output.h
│ ├── pixie-backtrace.c
│ ├── pixie-backtrace.h
│ ├── pixie-file.c
│ ├── pixie-file.h
│ ├── pixie-sockets.h
│ ├── pixie-threads.c
│ ├── pixie-threads.h
│ ├── pixie-timer.c
│ ├── pixie-timer.h
│ ├── proto-arp.c
│ ├── proto-arp.h
│ ├── proto-banner1.c
│ ├── proto-banner1.h
│ ├── proto-banout.c
│ ├── proto-banout.h
│ ├── proto-coap.c
│ ├── proto-coap.h
│ ├── proto-dns-parse.h
│ ├── proto-dns.c
│ ├── proto-dns.h
│ ├── proto-ftp.c
│ ├── proto-ftp.h
│ ├── proto-http.c
│ ├── proto-http.h
│ ├── proto-icmp.c
│ ├── proto-icmp.h
│ ├── proto-imap4.c
│ ├── proto-imap4.h
│ ├── proto-isakmp.c
│ ├── proto-isakmp.h
│ ├── proto-mc.c
│ ├── proto-mc.h
│ ├── proto-memcached.c
│ ├── proto-memcached.h
│ ├── proto-netbios.c
│ ├── proto-netbios.h
│ ├── proto-ntlmssp.c
│ ├── proto-ntlmssp.h
│ ├── proto-ntp.c
│ ├── proto-ntp.h
│ ├── proto-oproto.c
│ ├── proto-oproto.h
│ ├── proto-pop3.c
│ ├── proto-pop3.h
│ ├── proto-preprocess.c
│ ├── proto-preprocess.h
│ ├── proto-sctp.c
│ ├── proto-sctp.h
│ ├── proto-smb.c
│ ├── proto-smb.h
│ ├── proto-smtp.c
│ ├── proto-smtp.h
│ ├── proto-snmp.c
│ ├── proto-snmp.h
│ ├── proto-spnego.h
│ ├── proto-ssh.c
│ ├── proto-ssh.h
│ ├── proto-ssl-test.c
│ ├── proto-ssl.c
│ ├── proto-ssl.h
│ ├── proto-tcp-rdp.c
│ ├── proto-tcp-rdp.h
│ ├── proto-tcp-telnet.c
│ ├── proto-tcp-telnet.h
│ ├── proto-udp.c
│ ├── proto-udp.h
│ ├── proto-versioning.c
│ ├── proto-versioning.h
│ ├── proto-vnc.c
│ ├── proto-vnc.h
│ ├── proto-x509.c
│ ├── proto-x509.h
│ ├── proto-zeroaccess.c
│ ├── proto-zeroaccess.h
│ ├── rawsock-adapter.h
│ ├── rawsock-getif.c
│ ├── rawsock-getip.c
│ ├── rawsock-getip6.c
│ ├── rawsock-getmac.c
│ ├── rawsock-getroute.c
│ ├── rawsock-pcapfile.c
│ ├── rawsock-pcapfile.h
│ ├── rawsock.c
│ ├── rawsock.h
│ ├── read-service-probes.c
│ ├── read-service-probes.h
│ ├── rte-ring.c
│ ├── rte-ring.h
│ ├── scripting-banner.c
│ ├── scripting-masscan.c
│ ├── scripting.c
│ ├── scripting.h
│ ├── smack.h
│ ├── smack1.c
│ ├── smackqueue.c
│ ├── smackqueue.h
│ ├── stack-arpv4.c
│ ├── stack-arpv4.h
│ ├── stack-if.c
│ ├── stack-ndpv6.c
│ ├── stack-ndpv6.h
│ ├── stack-queue.c
│ ├── stack-queue.h
│ ├── stack-src.c
│ ├── stack-src.h
│ ├── stack-tcp-api.h
│ ├── stack-tcp-app.c
│ ├── stack-tcp-app.h
│ ├── stack-tcp-core.c
│ ├── stack-tcp-core.h
│ ├── stub-lua.c
│ ├── stub-lua.h
│ ├── stub-pcap-dlt.h
│ ├── stub-pcap.c
│ ├── stub-pcap.h
│ ├── stub-pfring.c
│ ├── stub-pfring.h
│ ├── syn-cookie.c
│ ├── syn-cookie.h
│ ├── templ-nmap-payloads.c
│ ├── templ-nmap-payloads.h
│ ├── templ-opts.h
│ ├── templ-payloads.c
│ ├── templ-payloads.h
│ ├── templ-pkt.c
│ ├── templ-pkt.h
│ ├── templ-tcp-hdr.c
│ ├── templ-tcp-hdr.h
│ ├── unusedparm.h
│ ├── util-bool.h
│ ├── util-checksum.c
│ ├── util-checksum.h
│ ├── util-errormsg.c
│ ├── util-errormsg.h
│ ├── util-extract.c
│ ├── util-extract.h
│ ├── util-logger.c
│ ├── util-logger.h
│ ├── util-malloc.c
│ ├── util-malloc.h
│ ├── util-safefunc.c
│ ├── util-safefunc.h
│ ├── vulncheck-heartbleed.c
│ ├── vulncheck-ntp-monlist.c
│ ├── vulncheck-sslv3.c
│ ├── vulncheck.c
│ ├── vulncheck.h
│ ├── xring.c
│ └── xring.h
├── tmp/
│ └── .gitignore
├── vs10/
│ ├── .gitignore
│ ├── masscan.sln
│ ├── masscan.vcxproj
│ └── masscan.vcxproj.filters
└── xcode4/
├── .gitignore
└── masscan.xcodeproj/
├── .gitignore
└── project.pbxproj
SYMBOL INDEX (1750 symbols across 193 files)
FILE: doc/algorithm.js
function Range (line 119) | function Range(begin, end) {
function RangeList (line 151) | function RangeList() {
function Targets (line 177) | function Targets() {
function Blackrock (line 258) | function Blackrock(range, seed) {
function TransmitThread (line 368) | function TransmitThread(targets, transmit, seed) {
function Transmit2Thread (line 385) | function Transmit2Thread(targets, transmit, seed, start, stop, increment) {
function transmit (line 403) | function transmit(ip, port) {
FILE: src/crypto-base64.c
function base64_encode (line 10) | size_t
function base64_decode (line 67) | size_t
function r_rand (line 167) | static unsigned
function base64_selftest (line 179) | int
FILE: src/crypto-blackrock.c
function blackrock_init (line 108) | void
function READ (line 164) | static inline uint64_t
function ENCRYPT (line 192) | static inline uint64_t
function UNENCRYPT (line 220) | static inline uint64_t
function blackrock_shuffle (line 267) | uint64_t
function blackrock_unshuffle (line 281) | uint64_t
function blackrock_verify (line 297) | static unsigned
function blackrock_benchmark (line 330) | void
function blackrock_selftest (line 372) | int
FILE: src/crypto-blackrock.h
type BlackRock (line 5) | struct BlackRock {
type BlackRock (line 26) | struct BlackRock
type BlackRock (line 28) | struct BlackRock
type BlackRock (line 47) | struct BlackRock
type BlackRock (line 49) | struct BlackRock
type BlackRock (line 56) | struct BlackRock
type BlackRock (line 58) | struct BlackRock
FILE: src/crypto-blackrock2.c
function next_power_of_two (line 229) | static uint64_t
function bit_count (line 241) | static uint64_t
function blackrock2_init (line 254) | void
function ROUND (line 290) | static inline uint64_t
function ENCRYPT (line 339) | static inline uint64_t
function DECRYPT (line 368) | static inline uint64_t
function blackrock2_shuffle (line 415) | uint64_t
function blackrock2_unshuffle (line 429) | uint64_t
function verify (line 445) | static unsigned
function blackrock2_benchmark (line 479) | void
function blackrock2_selftest (line 525) | int
FILE: src/crypto-lcg.c
function sieve_prime_factors (line 44) | static unsigned
function lcg_rand (line 155) | uint64_t
function lcg_verify (line 173) | static unsigned
function count_digits (line 208) | static unsigned
function has_factors_in_common (line 231) | static uint64_t
function lcg_calculate_constants (line 258) | void
function lcg_selftest (line 363) | int
FILE: src/crypto-primegen.c
function clear (line 43) | static void clear(register uint32_t (*buf)[B32])
function doit4 (line 55) | static void doit4(register uint32_t *a,register long x,register long y,i...
function doit6 (line 94) | static void doit6(register uint32_t *a,register long x,register long y,i...
function doit12 (line 132) | static void doit12(register uint32_t *a,register long x,register long y,...
function squarefree1big (line 183) | static void squarefree1big(uint32_t (*buf)[B32],uint64_t base,uint32_t q...
function squarefree1 (line 210) | static void squarefree1(register uint32_t (*buf)[B32],uint64_t L,uint32_...
function squarefree49big (line 252) | static void squarefree49big(uint32_t (*buf)[B32],uint64_t base,uint32_t ...
function squarefree49 (line 279) | static void squarefree49(register uint32_t (*buf)[B32],uint64_t L,uint32...
function squarefreetiny (line 339) | static void squarefreetiny(register uint32_t *a,uint32_t *Lmodqq,int d)
type todo (line 365) | typedef struct { char index; char f; char g; char k; } todo;
function primegen_sieve (line 444) | void primegen_sieve(primegen *pg)
function primegen_fill (line 525) | void primegen_fill(primegen *pg)
function primegen_next (line 584) | uint64_t primegen_next(primegen *pg)
function primegen_peek (line 592) | uint64_t primegen_peek(primegen *pg)
function primegen_init (line 600) | void primegen_init(primegen *pg)
function primegen_count (line 640) | uint64_t primegen_count(primegen *pg,uint64_t to)
function primegen_skipto (line 693) | void primegen_skipto(primegen *pg,uint64_t to)
FILE: src/crypto-primegen.h
type primegen (line 26) | typedef struct {
FILE: src/crypto-siphash24.c
type u64 (line 20) | typedef uint64_t u64;
type u32 (line 21) | typedef uint32_t u32;
type u8 (line 22) | typedef uint8_t u8;
function crypto_auth (line 53) | static int crypto_auth( unsigned char *out, const unsigned char *in, uns...
function siphash24 (line 127) | uint64_t
function test_vectors (line 220) | static int
function siphash24_selftest (line 245) | int
FILE: src/event-timeout.c
type Timeouts (line 44) | struct Timeouts {
type Timeouts (line 72) | struct Timeouts
type Timeouts (line 75) | struct Timeouts
function timeouts_add (line 107) | void
type Timeouts (line 142) | struct Timeouts
type TimeoutEntry (line 144) | struct TimeoutEntry
FILE: src/event-timeout.h
type Timeouts (line 11) | struct Timeouts
type TimeoutEntry (line 18) | struct TimeoutEntry {
function timeout_is_unlinked (line 40) | static inline bool
function timeout_unlink (line 50) | static inline void
function timeout_init (line 65) | static inline void
type Timeouts (line 78) | struct Timeouts
type Timeouts (line 101) | struct Timeouts
type TimeoutEntry (line 101) | struct TimeoutEntry
type Timeouts (line 120) | struct Timeouts
FILE: src/in-binary.c
type MasscanRecord (line 27) | struct MasscanRecord {
function parse_status (line 41) | static void
function parse_status2 (line 102) | static void
function _get_byte (line 156) | static unsigned char
function _get_integer (line 168) | static unsigned
function _get_short (line 185) | static unsigned short
function _get_long (line 201) | static unsigned long long
function parse_status6 (line 227) | static void
function parse_banner6 (line 280) | static void
function parse_banner3 (line 339) | static void
function parse_banner4 (line 375) | static void
function parse_banner9 (line 414) | static void
function _binaryfile_parse (line 472) | static uint64_t
function readscan_binary_scanfile (line 655) | void
FILE: src/in-binary.h
type Masscan (line 3) | struct Masscan
type Masscan (line 12) | struct Masscan
FILE: src/in-filter.c
function readscan_filter_pass (line 5) | int
FILE: src/in-filter.h
type RangeList (line 7) | struct RangeList
type Range6List (line 8) | struct Range6List
type MassIP (line 9) | struct MassIP
type MassIP (line 17) | struct MassIP
type RangeList (line 18) | struct RangeList
FILE: src/in-report.c
type CNDB_Entry (line 13) | struct CNDB_Entry {
type CNDB_Database (line 19) | struct CNDB_Database {
type CNDB_Database (line 25) | struct CNDB_Database
type CNDB_Entry (line 32) | struct CNDB_Entry
function cndb_add (line 49) | static void
function cndb_add_cn (line 74) | static void
function found (line 115) | static unsigned
function print_counts (line 155) | static void
type Names (line 174) | struct Names {
type SMACK (line 274) | struct SMACK
function xname_init (line 275) | static void
function found_type (line 302) | static unsigned
function readscan_report (line 327) | void
function readscan_report_init (line 385) | void
function readscan_report_print (line 392) | void
FILE: src/main-conf.c
function masscan_usage (line 67) | void
function print_version (line 89) | static void
function print_nmap_help (line 181) | static void
function count_cidr6_bits (line 243) | static unsigned
function masscan_echo_nic (line 292) | static void
function masscan_save_state (line 393) | void
function ranges_from_file (line 430) | static void
function hexval (line 525) | static unsigned
function parse_mac_address (line 539) | static int
function parseInt (line 574) | static uint64_t
function isBoolean (line 589) | static bool
function parseBoolean (line 655) | static unsigned
function parseTime (line 710) | static uint64_t
function parseSize (line 768) | static uint64_t
function is_power_of_two (line 815) | static int
function EQUALS (line 831) | static int
function EQUALSx (line 850) | static int
function INDEX_OF (line 871) | static unsigned
function ARRAY (line 880) | static unsigned
function config_top_ports (line 894) | static void
function isInteger (line 1064) | static int
type Masscan (line 1080) | struct Masscan
function SET_arpscan (line 1083) | static int SET_arpscan(struct Masscan *masscan, const char *name, const ...
function SET_banners (line 1105) | static int SET_banners(struct Masscan *masscan, const char *name, const ...
function SET_banners_rawudp (line 1117) | static int SET_banners_rawudp(struct Masscan *masscan, const char *name,...
function SET_capture (line 1131) | static int SET_capture(struct Masscan *masscan, const char *name, const ...
function SET_hello (line 1180) | static int SET_hello(struct Masscan *masscan, const char *name, const ch...
function SET_hello_file (line 1206) | static int SET_hello_file(struct Masscan *masscan, const char *name, con...
function SET_hello_string (line 1255) | static int SET_hello_string(struct Masscan *masscan, const char *name, c...
function SET_hello_timeout (line 1287) | static int SET_hello_timeout(struct Masscan *masscan, const char *name, ...
function SET_http_cookie (line 1299) | static int SET_http_cookie(struct Masscan *masscan, const char *name, co...
function SET_http_header (line 1334) | static int SET_http_header(struct Masscan *masscan, const char *name, co...
function SET_http_method (line 1409) | static int SET_http_method(struct Masscan *masscan, const char *name, co...
function SET_http_url (line 1424) | static int SET_http_url(struct Masscan *masscan, const char *name, const...
function SET_http_version (line 1439) | static int SET_http_version(struct Masscan *masscan, const char *name, c...
function SET_http_host (line 1454) | static int SET_http_host(struct Masscan *masscan, const char *name, cons...
function SET_http_user_agent (line 1470) | static int SET_http_user_agent(struct Masscan *masscan, const char *name...
function SET_http_payload (line 1489) | static int SET_http_payload(struct Masscan *masscan, const char *name, c...
function SET_status_ndjson (line 1506) | static int SET_status_ndjson(struct Masscan *masscan, const char *name, ...
function SET_status_json (line 1518) | static int SET_status_json(struct Masscan *masscan, const char *name, co...
function SET_min_packet (line 1532) | static int SET_min_packet(struct Masscan *masscan, const char *name, con...
function SET_nobanners (line 1545) | static int SET_nobanners(struct Masscan *masscan, const char *name, cons...
function SET_noreset (line 1555) | static int SET_noreset(struct Masscan *masscan, const char *name, const ...
function SET_nmap_payloads (line 1567) | static int SET_nmap_payloads(struct Masscan *masscan, const char *name, ...
function SET_nmap_service_probes (line 1584) | static int SET_nmap_service_probes(struct Masscan *masscan, const char *...
function SET_offline (line 1602) | static int SET_offline(struct Masscan *masscan, const char *name, const ...
function SET_output_append (line 1615) | static int SET_output_append(struct Masscan *masscan, const char *name, ...
function SET_output_filename (line 1630) | static int SET_output_filename(struct Masscan *masscan, const char *name...
function SET_output_format (line 1646) | static int SET_output_format(struct Masscan *masscan, const char *name, ...
function SET_output_noshow (line 1702) | static int SET_output_noshow(struct Masscan *masscan, const char *name, ...
function SET_output_show (line 1742) | static int SET_output_show(struct Masscan *masscan, const char *name, co...
function SET_output_show_open (line 1781) | static int SET_output_show_open(struct Masscan *masscan, const char *nam...
function SET_pcap_filename (line 1801) | static int SET_pcap_filename(struct Masscan *masscan, const char *name, ...
function SET_pcap_payloads (line 1819) | static int SET_pcap_payloads(struct Masscan *masscan, const char *name, ...
function SET_randomize_hosts (line 1838) | static int SET_randomize_hosts(struct Masscan *masscan, const char *name...
function SET_rate (line 1850) | static int SET_rate(struct Masscan *masscan, const char *name, const cha...
function SET_resume_count (line 1896) | static int SET_resume_count(struct Masscan *masscan, const char *name, c...
function SET_resume_index (line 1909) | static int SET_resume_index(struct Masscan *masscan, const char *name, c...
function SET_retries (line 1923) | static int SET_retries(struct Masscan *masscan, const char *name, const ...
function SET_rotate_time (line 1943) | static int SET_rotate_time(struct Masscan *masscan, const char *name, co...
function SET_rotate_directory (line 1954) | static int SET_rotate_directory(struct Masscan *masscan, const char *nam...
function SET_rotate_offset (line 1973) | static int SET_rotate_offset(struct Masscan *masscan, const char *name, ...
function SET_rotate_filesize (line 1986) | static int SET_rotate_filesize(struct Masscan *masscan, const char *name...
function SET_script (line 1999) | static int SET_script(struct Masscan *masscan, const char *name, const c...
function SET_seed (line 2021) | static int SET_seed(struct Masscan *masscan, const char *name, const cha...
function SET_space (line 2035) | static int SET_space(struct Masscan *masscan, const char *name, const ch...
function SET_shard (line 2046) | static int SET_shard(struct Masscan *masscan, const char *name, const ch...
function SET_output_stylesheet (line 2079) | static int SET_output_stylesheet(struct Masscan *masscan, const char *na...
function SET_topports (line 2095) | static int SET_topports(struct Masscan *masscan, const char *name, const...
function SET_tcp_mss (line 2128) | static int SET_tcp_mss(struct Masscan *masscan, const char *name, const ...
function SET_tcp_wscale (line 2186) | static int SET_tcp_wscale(struct Masscan *masscan, const char *name, con...
function SET_tcp_tsecho (line 2239) | static int SET_tcp_tsecho(struct Masscan *masscan, const char *name, con...
function SET_tcp_sackok (line 2292) | static int SET_tcp_sackok(struct Masscan *masscan, const char *name, con...
function SET_debug_tcp (line 2335) | static int SET_debug_tcp(struct Masscan *masscan, const char *name, cons...
type ConfigParameter (line 2349) | struct ConfigParameter {
type ConfigParameter (line 2356) | struct ConfigParameter
function masscan_set_parameter (line 2419) | void
function is_numable (line 3027) | static bool
function is_singleton (line 3050) | static int
function masscan_help (line 3095) | static void
function masscan_load_database_files (line 3141) | void
function masscan_command_line (line 3196) | void
function masscan_echo (line 3621) | void
function masscan_echo_cidr (line 3784) | void
function trim (line 3854) | static void
function masscan_read_config_file (line 3868) | void
function masscan_conf_contains (line 3916) | int masscan_conf_contains(const char *x, int argc, char **argv)
function mainconf_selftest (line 3931) | int
FILE: src/main-dedup.c
type DedupEntry_IPv4 (line 37) | struct DedupEntry_IPv4
type DedupEntry_IPv6 (line 45) | struct DedupEntry_IPv6
type DedupTable (line 57) | struct DedupTable
function fnv1a (line 75) | static inline unsigned fnv1a(unsigned char c, unsigned hash)
function fnv1a_string (line 81) | static unsigned fnv1a_string(const void *v_buf, size_t length, unsigned ...
function fnv1a_short (line 90) | static inline unsigned fnv1a_short(unsigned data, unsigned hash)
function fnv1a_longlong (line 96) | static inline unsigned fnv1a_longlong(unsigned long long data, unsigned ...
type DedupTable (line 105) | struct DedupTable
type DedupTable (line 108) | struct DedupTable
function dedup_destroy (line 119) | void
function dedup_hash_ipv6 (line 129) | static inline unsigned
function is_equal6 (line 145) | static inline int
function swap6 (line 155) | static inline void
function dedup_is_duplicate_ipv6 (line 184) | static unsigned
function dedup_is_duplicate_ipv4 (line 232) | static unsigned
function dedup_is_duplicate (line 291) | unsigned
function _rand (line 306) | static unsigned
function dedup_selftest (line 332) | int
FILE: src/main-dedup.h
type DedupTable (line 5) | struct DedupTable
type DedupTable (line 9) | struct DedupTable
type DedupTable (line 12) | struct DedupTable
FILE: src/main-initadapter.c
function masscan_initialize_adapter (line 21) | int
FILE: src/main-listscan.c
function main_listscan (line 6) | void
FILE: src/main-ptrace.c
function packet_trace (line 10) | void
FILE: src/main-readrange.c
function count_cidr6_bits (line 26) | static unsigned
function main_readrange (line 49) | void
FILE: src/main-readrange.h
type Masscan (line 3) | struct Masscan
type Masscan (line 6) | struct Masscan
FILE: src/main-status.c
function status_print (line 25) | void
function status_finish (line 274) | void
function status_start (line 284) | void
FILE: src/main-status.h
type Status (line 7) | struct Status
type Status (line 28) | struct Status
type Status (line 29) | struct Status
type Status (line 30) | struct Status
FILE: src/main-throttle.c
function throttler_start (line 28) | void
function throttler_next_batch (line 58) | uint64_t
FILE: src/main-throttle.h
type Throttler (line 5) | struct Throttler
type Throttler (line 24) | struct Throttler
type Throttler (line 25) | struct Throttler
FILE: src/main.c
type ThreadPair (line 103) | struct ThreadPair {
type source_t (line 161) | struct source_t {
function adapter_get_source_addresses (line 174) | static void
function transmit_thread (line 203) | static void
function is_nic_port (line 504) | static unsigned
function is_ipv6_multicast (line 514) | static unsigned
function receive_thread (line 532) | static void
function control_c_handler (line 1131) | static void control_c_handler(int x)
function main_scan (line 1164) | static int
function main (line 1564) | int main(int argc, char *argv[])
FILE: src/masscan-app.c
type ApplicationProtocol (line 9) | enum ApplicationProtocol
function masscan_string_to_app (line 61) | enum ApplicationProtocol
function masscan_app_selftest (line 114) | int
FILE: src/masscan-app.h
type ApplicationProtocol (line 8) | enum ApplicationProtocol {
type ApplicationProtocol (line 52) | enum ApplicationProtocol
type ApplicationProtocol (line 54) | enum ApplicationProtocol
FILE: src/masscan-status.h
type PortStatus (line 5) | enum PortStatus {
type PortStatus (line 18) | enum PortStatus {
FILE: src/masscan.h
type Adapter (line 16) | struct Adapter
type TemplateSet (line 17) | struct TemplateSet
type Banner1 (line 18) | struct Banner1
type TemplateOptions (line 19) | struct TemplateOptions
type Operation (line 28) | enum Operation {
type OutputFormat (line 49) | enum OutputFormat {
type TcpCfgPayloads (line 73) | struct TcpCfgPayloads
type Masscan (line 98) | struct Masscan
type Masscan (line 499) | struct Masscan
type Masscan (line 500) | struct Masscan
type Masscan (line 502) | struct Masscan
type Masscan (line 503) | struct Masscan
type Masscan (line 511) | struct Masscan
type Masscan (line 523) | struct Masscan
type Masscan (line 535) | struct Masscan
type Masscan (line 546) | struct Masscan
type Masscan (line 552) | struct Masscan
FILE: src/massip-addr.c
type stream_t (line 10) | typedef struct stream_t {
function _append_char (line 21) | static void
function _append_ipv6 (line 32) | static void
function ipv6address_fmt (line 78) | struct ipaddress_formatted ipv6address_fmt(ipv6address a)
function _append_decimal (line 114) | static void
function _append_hex2 (line 134) | static void
function ipv4address_fmt (line 143) | struct ipaddress_formatted ipv4address_fmt(ipv4address ip)
function macaddress_fmt (line 165) | struct ipaddress_formatted macaddress_fmt(macaddress_t mac)
function ipaddress_fmt (line 191) | struct ipaddress_formatted ipaddress_fmt(ipaddress a)
function _count_long (line 219) | static unsigned _count_long(uint64_t number)
function massint128_bitcount (line 237) | unsigned massint128_bitcount(massint128_t number)
function ipv6address_t (line 245) | ipv6address_t ipv6address_add_uint64(ipv6address_t lhs, uint64_t rhs) {
function ipv6address_t (line 253) | ipv6address_t ipv6address_subtract(ipv6address_t lhs, ipv6address_t rhs) {
function ipv6address_t (line 264) | ipv6address_t ipv6address_add(ipv6address_t lhs, ipv6address_t rhs) {
function ipv6address_selftest (line 276) | int ipv6address_selftest(void)
function ipv4address_selftest (line 307) | int ipv4address_selftest(void)
function ipv6address_is_equal_prefixed (line 323) | int ipv6address_is_equal_prefixed(ipv6address_t lhs, ipv6address_t rhs, ...
FILE: src/massip-addr.h
type ipv6address (line 28) | struct ipv6address {uint64_t hi; uint64_t lo;}
type ipv6address (line 29) | typedef struct ipv6address ipv6address;
type ipv6address_t (line 30) | typedef struct ipv6address ipv6address_t;
type ipv4address (line 35) | typedef unsigned ipv4address;
type ipv4address (line 36) | typedef ipv4address ipv4address_t;
type macaddress_t (line 43) | struct macaddress_t {unsigned char addr[6];}
type macaddress_t (line 44) | typedef struct macaddress_t macaddress_t;
type ipv6address (line 52) | typedef ipv6address massint128_t;
type ipaddress (line 61) | struct ipaddress {
type ipaddress (line 68) | typedef struct ipaddress ipaddress;
function ipv6address_is_zero (line 71) | static inline int ipv6address_is_zero(ipv6address_t a) {
function ipv6address_is_invalid (line 78) | static inline int ipv6address_is_invalid(ipv6address_t a) {
function ipv6address_is_equal (line 84) | static inline int ipv6address_is_equal(ipv6address_t a, ipv6address_t b) {
function ipaddress_is_equal (line 88) | static inline int ipaddress_is_equal(ipaddress a, ipaddress b) {
function ipv6address_is_lessthan (line 102) | static inline int ipv6address_is_lessthan(ipv6address_t a, ipv6address_t...
function ipv6address (line 119) | static inline ipv6address ipv6address_from_bytes(const unsigned char *bu...
function macaddress_t (line 144) | static inline macaddress_t macaddress_from_bytes(const void *vbuf)
function macaddress_is_zero (line 158) | static inline int macaddress_is_zero(macaddress_t mac)
function macaddress_is_equal (line 169) | static inline int macaddress_is_equal(macaddress_t lhs, macaddress_t rhs)
type ipaddress_formatted_t (line 182) | typedef struct ipaddress_formatted {
type ipaddress_formatted (line 186) | struct ipaddress_formatted
type ipaddress_formatted (line 187) | struct ipaddress_formatted
type ipaddress_formatted (line 188) | struct ipaddress_formatted
type ipaddress_formatted (line 189) | struct ipaddress_formatted
FILE: src/massip-parse.c
type massip_parser (line 22) | struct massip_parser
type massip_parser (line 45) | struct massip_parser
type massip_parser (line 46) | struct massip_parser
function _parser_destroy (line 56) | static void
function _parser_err (line 64) | static void
function _init_next_address (line 76) | static void
function _parser_finish_ipv6 (line 89) | static unsigned
function _parser_get_ipv6 (line 145) | static void
type parser_state_t (line 152) | enum parser_state_t {
function _switch_to_ipv6 (line 172) | static int
function _ipv4_apply_cidr (line 205) | static void
function _ipv6_apply_cidr (line 233) | static void
function _parser_next (line 274) | static enum {Still_Working, Found_Error, Found_IPv4, Found_IPv6}
function rangefile_test_error (line 770) | static int
function massip_parse_file (line 821) | int
function ipv6address (line 958) | ipv6address
function massip_parse_ipv4 (line 1006) | unsigned
function massip_parse_range (line 1050) | enum RangeParseResult
function selftest_massip_parse_range (line 1111) | static int
function rangefile6_test_buffer (line 1176) | static int
function massip_parse_selftest (line 1274) | int
FILE: src/massip-parse.h
type MassIP (line 14) | struct MassIP
type Range (line 15) | struct Range
type Range6 (line 16) | struct Range6
type MassIP (line 34) | struct MassIP
type RangeParseResult (line 37) | enum RangeParseResult {
type RangeParseResult (line 47) | enum RangeParseResult
type Range (line 48) | struct Range
type Range6 (line 48) | struct Range6
FILE: src/massip-rangesv4.c
type Range (line 51) | struct Range
function rangelist_is_contains (line 59) | int
function range_first_cidr (line 81) | struct Range
function range_is_cidr (line 123) | bool
function selftest_range_first_cidr (line 138) | static int
function range_is_overlap (line 188) | static int
function range_combine (line 216) | static void
function range_compare (line 228) | static int
function rangelist_remove_at (line 244) | static void
function rangelist_sort (line 257) | void
function rangelist_add_range (line 309) | void
function rangelist_add_range_tcp (line 348) | void
function rangelist_add_range_udp (line 357) | void
function rangelist_remove_all (line 369) | void
function rangelist_merge (line 379) | void
function rangelist_remove_range (line 400) | static void
function rangelist_add_range2 (line 453) | static void
function rangelist_remove_range2 (line 458) | static void
function parse_ipv4 (line 469) | static int
function range_parse_ipv4 (line 532) | struct Range
function rangelist_exclude2 (line 644) | static void
function range_apply_exclude (line 673) | static void
function range_is_valid (line 718) | int
function rangelist_exclude (line 729) | void
function rangelist_count (line 797) | uint64_t
function rangelist_pick_linearsearch (line 819) | static unsigned
function rangelist_pick (line 838) | unsigned
function rangelist_optimize (line 883) | void
function r_rand (line 918) | static unsigned
function regress_pick2 (line 930) | static int
type RangeList (line 993) | struct RangeList
function lcgrand (line 1097) | static unsigned
function rangelist_copy (line 1107) | static void
function rangelist_is_equal (line 1124) | static bool
function exclude_selftest (line 1153) | static int
function ranges_selftest (line 1233) | int
FILE: src/massip-rangesv4.h
type Range (line 10) | struct Range
type Range (line 38) | struct Range
type Range (line 39) | struct Range
type Range (line 53) | struct Range
type RangeList (line 61) | struct RangeList
type RangeList (line 82) | struct RangeList
type RangeList (line 85) | struct RangeList
type RangeList (line 87) | struct RangeList
type RangeList (line 101) | struct RangeList
type Range (line 110) | struct Range
type Range (line 125) | struct Range
type RangeList (line 142) | struct RangeList
type RangeList (line 143) | struct RangeList
type RangeList (line 156) | struct RangeList
type RangeList (line 182) | struct RangeList
type RangeList (line 204) | struct RangeList
type RangeList (line 215) | struct RangeList
type RangeList (line 221) | struct RangeList
type RangeList (line 221) | struct RangeList
type RangeList (line 231) | struct RangeList
type RangeList (line 240) | struct RangeList
FILE: src/massip-rangesv6.c
function ipv6address (line 30) | static inline ipv6address
function ipv6address (line 39) | static inline ipv6address
function ipv6address (line 48) | static ipv6address
function massint128_t (line 58) | static inline massint128_t
function LESS (line 99) | static int
function LESSEQ (line 111) | static int
function range6_is_bad_address (line 125) | int range6_is_bad_address(const struct Range6 *range)
function _int128_is_equals (line 130) | static int
function ipv6address (line 136) | static ipv6address
function ipv6address (line 152) | static ipv6address PLUS_ONE(const ipv6address ip)
function massint128_t (line 169) | massint128_t
function range6list_is_contains (line 184) | int
function todo_remove_at (line 201) | static void
function range6_is_overlap (line 218) | static int
function range6_combine (line 263) | static void
function range6_compare (line 276) | static int
function range6list_sort (line 293) | void
function range6list_add_range (line 344) | void
function range6list_remove_all (line 383) | void
function range6list_merge (line 395) | void
function range6list_remove_range (line 407) | void
function range6list_remove_range2 (line 458) | void
function ipv6address (line 466) | ipv6address
function massint128_t (line 490) | massint128_t
function ipv6address (line 512) | ipv6address
function range6list_optimize (line 553) | void
function r_rand (line 591) | static unsigned
function regress_pick2 (line 603) | static int
function ranges6_selftest (line 696) | int
FILE: src/massip-rangesv6.h
type Range (line 11) | struct Range
type Range6 (line 17) | struct Range6
type Range6List (line 26) | struct Range6List
type Range6List (line 47) | struct Range6List
type Range6List (line 61) | struct Range6List
type Range6List (line 68) | struct Range6List
type Range6 (line 68) | struct Range6
type Range6List (line 81) | struct Range6List
type Range6 (line 88) | struct Range6
type Range6List (line 105) | struct Range6List
type Range6List (line 106) | struct Range6List
type Range6List (line 119) | struct Range6List
type Range6List (line 145) | struct Range6List
type Range6List (line 153) | struct Range6List
type Range6List (line 159) | struct Range6List
type Range6List (line 159) | struct Range6List
type Range6List (line 169) | struct Range6List
type Range6List (line 177) | struct Range6List
FILE: src/massip.c
function massip_apply_excludes (line 8) | void massip_apply_excludes(struct MassIP *targets, struct MassIP *exclude)
function massip_optimize (line 15) | void massip_optimize(struct MassIP *targets)
function massip_pick (line 27) | int massip_pick(const struct MassIP *massip, uint64_t index, ipaddress *...
function massip_has_ip (line 45) | int massip_has_ip(const struct MassIP *massip, ipaddress ip)
function massip_has_port (line 53) | int massip_has_port(const struct MassIP *massip, unsigned port)
function massip_has_ipv4_targets (line 58) | int massip_has_ipv4_targets(const struct MassIP *massip)
function massip_has_target_ports (line 62) | int massip_has_target_ports(const struct MassIP *massip)
function massip_has_ipv6_targets (line 66) | int massip_has_ipv6_targets(const struct MassIP *massip)
function massip_add_target_string (line 72) | int massip_add_target_string(struct MassIP *massip, const char *string)
function massip_add_port_string (line 102) | int massip_add_port_string(struct MassIP *targets, const char *string, u...
function massip_selftest (line 112) | int massip_selftest(void)
FILE: src/massip.h
type MassIP (line 7) | struct MassIP {
type MassIP (line 36) | struct MassIP
type MassIP (line 45) | struct MassIP
type MassIP (line 45) | struct MassIP
type MassIP (line 53) | struct MassIP
type MassIP (line 66) | struct MassIP
type MassIP (line 69) | struct MassIP
type MassIP (line 71) | struct MassIP
type MassIP (line 73) | struct MassIP
type MassIP (line 78) | struct MassIP
type MassIP (line 87) | struct MassIP
type MassIP (line 88) | struct MassIP
type MassIP (line 96) | struct MassIP
FILE: src/misc-rstfilter.c
type ResetFilter (line 6) | struct ResetFilter
function next_pow2 (line 15) | static size_t
type ResetFilter (line 37) | struct ResetFilter
type ResetFilter (line 40) | struct ResetFilter
function rstfilter_destroy (line 52) | void
function rstfilter_is_filter (line 61) | int
function rstfilter_selftest (line 137) | int
FILE: src/misc-rstfilter.h
type ResetFilter (line 23) | struct ResetFilter
type ResetFilter (line 36) | struct ResetFilter
type ResetFilter (line 43) | struct ResetFilter
type ResetFilter (line 52) | struct ResetFilter
FILE: src/out-binary.c
function binary_out_open (line 10) | static void
function binary_out_close (line 34) | static void
function _put_byte (line 52) | static void
function _put_short (line 61) | static void
function _put_integer (line 71) | static void
function _put_long (line 83) | static void
function binary_out_status_ipv6 (line 102) | static void
function binary_out_status (line 153) | static void
function binary_out_banner_ipv6 (line 216) | static void
function binary_out_banner (line 293) | static void
type OutputType (line 360) | struct OutputType
FILE: src/out-certs.c
function cert_out_open (line 10) | static void
function cert_out_close (line 20) | static void
function cert_out_status (line 29) | static void
function cert_out_banner (line 49) | static void
type OutputType (line 84) | struct OutputType
FILE: src/out-grepable.c
function count_type (line 12) | static unsigned
function print_port_list (line 41) | static void
function grepable_out_open (line 70) | static void
function grepable_out_close (line 116) | static void
function grepable_out_status (line 139) | static void
function grepable_out_banner (line 178) | static void
type OutputType (line 210) | struct OutputType
FILE: src/out-hostonly.c
function hostonly_out_open (line 12) | static void
function hostonly_out_close (line 20) | static void
function hostonly_out_status (line 27) | static void
function hostonly_out_banner (line 45) | static void
type OutputType (line 71) | struct OutputType
FILE: src/out-json.c
function json_out_open (line 10) | static void
function json_out_close (line 20) | static void
function json_out_status (line 30) | static void
function json_out_banner (line 101) | static void
type OutputType (line 138) | struct OutputType
FILE: src/out-ndjson.c
function ndjson_out_open (line 10) | static void
function ndjson_out_close (line 20) | static void
function ndjson_out_status (line 30) | static void
function ndjson_out_banner (line 97) | static void
type OutputType (line 156) | struct OutputType
FILE: src/out-null.c
function null_out_open (line 9) | static void
function null_out_close (line 21) | static void
function null_out_status (line 32) | static void
function null_out_banner (line 54) | static void
type OutputType (line 78) | struct OutputType
FILE: src/out-record.h
type OutputRecordType (line 4) | enum OutputRecordType {
FILE: src/out-redis.c
function recv_line (line 10) | static size_t
function parse_state_machine (line 33) | static int
function clean_response_queue (line 105) | static int
function redis_out_open (line 149) | static void
function redis_out_close (line 196) | static void
function redis_out_status (line 220) | static void
function redis_out_banner (line 320) | static void
type OutputType (line 342) | struct OutputType
FILE: src/out-tcp-services.c
function my_htons (line 19) | static unsigned short my_htons(unsigned port)
type servent (line 45) | struct servent
type servent (line 46) | struct servent
type servent (line 58) | struct servent
type servent (line 77) | struct servent
type servent (line 78) | struct servent
type servent (line 90) | struct servent
type protoent (line 108) | struct protoent
FILE: src/out-text.c
function text_out_open (line 11) | static void
function text_out_close (line 20) | static void
function text_out_status (line 29) | static void
function text_out_banner (line 51) | static void
type OutputType (line 78) | struct OutputType
FILE: src/out-unicornscan.c
function unicornscan_out_open (line 12) | static void
function unicornscan_out_close (line 20) | static void
function unicornscan_out_status (line 27) | static void
function unicornscan_out_banner (line 61) | static void
type OutputType (line 85) | struct OutputType
FILE: src/out-xml.c
function xml_out_open (line 10) | static void
function xml_out_close (line 34) | static void
function xml_out_status (line 65) | static void
function xml_out_banner (line 94) | static void
type OutputType (line 134) | struct OutputType
FILE: src/output.c
function ftell_x (line 56) | static int64_t ftell_x(FILE *fp)
type PortStatus (line 91) | enum PortStatus
function FILE (line 167) | static FILE *
function close_rotate (line 234) | static void
function time_t (line 267) | static time_t
function ends_with (line 281) | static int
type Output (line 376) | struct Output
type Masscan (line 377) | struct Masscan
type Output (line 379) | struct Output
function FILE (line 509) | static FILE *
function is_rotate_time (line 654) | static int
function output_report_status (line 732) | void
function output_report_banner (line 868) | void
function output_destroy (line 943) | void
function output_selftest (line 975) | int
FILE: src/output.h
type Masscan (line 14) | struct Masscan
type Output (line 15) | struct Output
type ApplicationProtocol (line 16) | enum ApplicationProtocol
type PortStatus (line 17) | enum PortStatus
type OutputType (line 27) | struct OutputType {
type Output (line 46) | struct Output
type PortStatus (line 133) | enum PortStatus
type OutputType (line 139) | struct OutputType
type OutputType (line 140) | struct OutputType
type OutputType (line 141) | struct OutputType
type OutputType (line 142) | struct OutputType
type OutputType (line 143) | struct OutputType
type OutputType (line 144) | struct OutputType
type OutputType (line 145) | struct OutputType
type OutputType (line 146) | struct OutputType
type OutputType (line 147) | struct OutputType
type OutputType (line 148) | struct OutputType
type OutputType (line 149) | struct OutputType
type Output (line 163) | struct Output
type Masscan (line 164) | struct Masscan
type Output (line 166) | struct Output
type Output (line 168) | struct Output
type Output (line 174) | struct Output
type Output (line 180) | struct Output
FILE: src/pixie-backtrace.c
function handle_segfault (line 23) | static void
function pixie_backtrace_finish (line 60) | void
function pixie_backtrace_init (line 67) | void
function pixie_backtrace_init (line 93) | void
type SYMBOL_INFO (line 101) | typedef struct _SYMBOL_INFO {
type BOOL (line 120) | typedef BOOL (__stdcall *FUNC_SymInitialize)(
type BOOL (line 125) | typedef BOOL (__stdcall * FUNC_SymFromAddr)(
type _Dbg (line 133) | struct _Dbg {
function printStack (line 139) | void printStack( void )
function handle_segfault (line 172) | static void
function pixie_backtrace_init (line 185) | void
function pixie_backtrace_init (line 212) | void
FILE: src/pixie-file.c
function pixie_fopen_shareable (line 13) | int
FILE: src/pixie-sockets.h
type SOCKET (line 10) | typedef int SOCKET;
FILE: src/pixie-threads.c
function pixie_cpu_raise_priority (line 31) | void
function pixie_cpu_set_affinity (line 63) | void
function pixie_cpu_get_count (line 99) | unsigned
function pixie_begin_thread (line 186) | size_t
function pixie_thread_join (line 209) | void pixie_thread_join(size_t thread_handle)
FILE: src/pixie-timer.c
function LARGE_INTEGER (line 36) | LARGE_INTEGER
function win_clock_gettime (line 57) | int
function pixie_gettime (line 99) | uint64_t
function pixie_nanotime (line 117) | uint64_t
function pixie_mssleep (line 128) | void
function pixie_usleep (line 134) | void
function pixie_mssleep (line 161) | void
function pixie_usleep (line 167) | void
function pixie_gettime (line 186) | uint64_t
function pixie_nanotime (line 206) | uint64_t
function pixie_usleep (line 227) | void pixie_usleep(uint64_t microseconds)
function pixie_mssleep (line 240) | void
function pixie_gettime (line 245) | uint64_t
function pixie_nanotime (line 250) | uint64_t
function pixie_time_selftest (line 270) | int pixie_time_selftest(void)
FILE: src/proto-arp.c
function arp_recv_response (line 13) | void
FILE: src/proto-arp.h
type Output (line 4) | struct Output
type PreprocessedInfo (line 5) | struct PreprocessedInfo
type Output (line 9) | struct Output
type PreprocessedInfo (line 9) | struct PreprocessedInfo
FILE: src/proto-banner1.c
type Patterns (line 34) | struct Patterns
function banner1_parse (line 113) | unsigned
type ProtocolParserStream (line 334) | struct ProtocolParserStream
type ProtocolParserStream (line 344) | struct ProtocolParserStream
type ProtocolParserStream (line 354) | struct ProtocolParserStream
type ProtocolParserStream (line 364) | struct ProtocolParserStream
type ProtocolParserStream (line 374) | struct ProtocolParserStream
type ProtocolParserStream (line 384) | struct ProtocolParserStream
type ProtocolParserStream (line 394) | struct ProtocolParserStream
type ProtocolParserStream (line 404) | struct ProtocolParserStream
type ProtocolParserStream (line 414) | struct ProtocolParserStream
type ProtocolParserStream (line 424) | struct ProtocolParserStream
type ProtocolParserStream (line 434) | struct ProtocolParserStream
type ProtocolParserStream (line 444) | struct ProtocolParserStream
type ProtocolParserStream (line 454) | struct ProtocolParserStream
type ProtocolParserStream (line 464) | struct ProtocolParserStream
type ProtocolParserStream (line 474) | struct ProtocolParserStream
type ProtocolParserStream (line 484) | struct ProtocolParserStream
type Banner1 (line 495) | struct Banner1
type Banner1 (line 498) | struct Banner1
function banner1_destroy (line 641) | void
function banner1_test (line 660) | void
function banner1_selftest (line 705) | int
FILE: src/proto-banner1.h
type stack_handle_t (line 11) | struct stack_handle_t
type Banner1 (line 12) | struct Banner1
type StreamState (line 13) | struct StreamState
type Banner1 (line 16) | struct Banner1
type StreamState (line 18) | struct StreamState
type BannerOutput (line 20) | struct BannerOutput
type stack_handle_t (line 21) | struct stack_handle_t
type Banner1 (line 22) | struct Banner1
type BannerBase64 (line 47) | struct BannerBase64
type SSL_SERVER_HELLO (line 53) | struct SSL_SERVER_HELLO {
type SSL_SERVER_CERT (line 64) | struct SSL_SERVER_CERT {
type SSL_SERVER_ALERT (line 72) | struct SSL_SERVER_ALERT {
type SSLRECORD (line 77) | struct SSLRECORD {
type PIXEL_FORMAT (line 100) | struct PIXEL_FORMAT {
type VNCSTUFF (line 112) | struct VNCSTUFF {
type FTPSTUFF (line 123) | struct FTPSTUFF {
type MCSTUFF (line 128) | struct MCSTUFF {
type SMTPSTUFF (line 136) | struct SMTPSTUFF {
type POP3STUFF (line 141) | struct POP3STUFF {
type MEMCACHEDSTUFF (line 146) | struct MEMCACHEDSTUFF {
type Smb72_Negotiate (line 150) | struct Smb72_Negotiate {
type Smb73_Setup (line 161) | struct Smb73_Setup {
type SMBSTUFF (line 166) | struct SMBSTUFF {
type RDPSTUFF (line 221) | struct RDPSTUFF {
type SSHSTUFF (line 240) | struct SSHSTUFF{
type StreamState (line 244) | struct StreamState {
type StreamFlags (line 266) | enum StreamFlags {
type ProtocolParserStream (line 277) | struct ProtocolParserStream {
type Patterns (line 310) | struct Patterns {
type Banner1 (line 335) | struct Banner1
type Banner1 (line 340) | struct Banner1
type Banner1 (line 344) | struct Banner1
type StreamState (line 345) | struct StreamState
type BannerOutput (line 347) | struct BannerOutput
type stack_handle_t (line 348) | struct stack_handle_t
FILE: src/proto-banout.c
function banout_init (line 23) | void
function banout_release (line 34) | void
type BannerOutput (line 48) | struct BannerOutput
type BannerOutput (line 49) | struct BannerOutput
type BannerOutput (line 59) | struct BannerOutput
function banout_is_equal (line 72) | unsigned
function banout_is_contains (line 101) | unsigned
function banout_string_length (line 135) | unsigned
function banout_newline (line 149) | void
function banout_end (line 162) | void
function banout_append_char (line 175) | void
function banout_append_hexint (line 184) | void
function banout_append_unicode (line 202) | void
type BannerOutput (line 237) | struct BannerOutput
type BannerOutput (line 238) | struct BannerOutput
type BannerOutput (line 240) | struct BannerOutput
type BannerOutput (line 258) | struct BannerOutput
type BannerOutput (line 259) | struct BannerOutput
type BannerOutput (line 259) | struct BannerOutput
type BannerOutput (line 261) | struct BannerOutput
type BannerOutput (line 264) | struct BannerOutput
type BannerOutput (line 268) | struct BannerOutput
function banout_vprintf (line 295) | static void
function banout_printf (line 317) | void
function banout_append (line 328) | void
function banout_init_base64 (line 376) | void
function banout_append_base64 (line 385) | void
function banout_finalize_base64 (line 421) | void
function banout_string_equals (line 448) | static int
function banout_selftest (line 463) | int
FILE: src/proto-banout.h
type BannerBase64 (line 3) | struct BannerBase64
type BannerOutput (line 15) | struct BannerOutput {
type BannerOutput (line 28) | struct BannerOutput
type BannerOutput (line 36) | struct BannerOutput
type BannerOutput (line 43) | struct BannerOutput
type BannerOutput (line 52) | struct BannerOutput
type BannerOutput (line 59) | struct BannerOutput
type BannerOutput (line 63) | struct BannerOutput
type BannerOutput (line 69) | struct BannerOutput
type BannerOutput (line 76) | struct BannerOutput
type BannerOutput (line 79) | struct BannerOutput
type BannerOutput (line 89) | struct BannerOutput
type BannerOutput (line 96) | struct BannerOutput
type BannerBase64 (line 103) | struct BannerBase64
type BannerOutput (line 113) | struct BannerOutput
type BannerBase64 (line 115) | struct BannerBase64
type BannerOutput (line 122) | struct BannerOutput
type BannerBase64 (line 123) | struct BannerBase64
type BannerOutput (line 131) | struct BannerOutput
type BannerOutput (line 135) | struct BannerOutput
FILE: src/proto-coap.c
type CoapLink (line 49) | struct CoapLink
function is_attr_char (line 106) | static bool
type CoapLink (line 120) | struct CoapLink
type CoapLink (line 123) | struct CoapLink
type CoapLink (line 124) | struct CoapLink
function coap_parse (line 288) | static bool
function coap_handle_response (line 535) | unsigned
function coap_udp_set_cookie (line 593) | unsigned
function test_is_link (line 622) | static int
function proto_coap_selftest (line 645) | int
FILE: src/proto-coap.h
type Output (line 4) | struct Output
type PreprocessedInfo (line 5) | struct PreprocessedInfo
type ProtocolParserStream (line 10) | struct ProtocolParserStream
type Output (line 16) | struct Output
type PreprocessedInfo (line 18) | struct PreprocessedInfo
FILE: src/proto-dns-parse.h
type DomainPointer (line 3) | struct DomainPointer
type DNS_Incoming (line 8) | struct DNS_Incoming
type DNS_Incoming (line 46) | struct DNS_Incoming
FILE: src/proto-dns.c
function dns_name_skip_validate (line 34) | static unsigned
function dns_name_skip (line 97) | unsigned
function dns_extract_name (line 139) | static void
function proto_dns_parse (line 175) | void
function dns_set_cookie (line 333) | unsigned
function handle_dns (line 353) | unsigned
FILE: src/proto-dns.h
type PreprocessedInfo (line 5) | struct PreprocessedInfo
type Output (line 6) | struct Output
type Output (line 8) | struct Output
type PreprocessedInfo (line 9) | struct PreprocessedInfo
FILE: src/proto-ftp.c
function ftp_parse (line 13) | static void
type Banner1 (line 128) | struct Banner1
function ftp_selftest (line 138) | static int
type ProtocolParserStream (line 146) | struct ProtocolParserStream
FILE: src/proto-ftp.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
FILE: src/proto-http.c
type Patterns (line 26) | struct Patterns
type Patterns (line 41) | struct Patterns
type ProtocolParserStream (line 46) | struct ProtocolParserStream
function _http_append (line 52) | static size_t
type What (line 63) | enum What {spaces, notspaces, end_of_line, end_of_field}
function _skip (line 64) | static size_t
function _http_insert (line 103) | static size_t
function http_change_requestline (line 124) | size_t
function _field_length (line 225) | static size_t
function _next_field (line 241) | static size_t _next_field(const unsigned char *hdr, size_t offset, size_...
function _has_field_name (line 256) | static bool
function http_change_field (line 293) | size_t
type BannerOutput (line 402) | struct BannerOutput
type Patterns (line 403) | struct Patterns
function field_name (line 404) | void
type Banner1 (line 433) | struct Banner1
function http_parse (line 487) | static void
function http_selftest_parser (line 712) | static int
function http_selftest_config (line 764) | static int
function http_selftest (line 926) | static int
type ProtocolParserStream (line 946) | struct ProtocolParserStream
FILE: src/proto-http.h
type ProtocolParserStream (line 6) | struct ProtocolParserStream
FILE: src/proto-icmp.c
function matches_me (line 13) | static int
function parse_port_unreachable (line 27) | static int
function handle_icmp (line 56) | void
FILE: src/proto-icmp.h
type PreprocessedInfo (line 5) | struct PreprocessedInfo
type Output (line 6) | struct Output
type Output (line 8) | struct Output
type PreprocessedInfo (line 10) | struct PreprocessedInfo
FILE: src/proto-imap4.c
function imap4_parse (line 20) | static void
type Banner1 (line 198) | struct Banner1
function imap4_selftest (line 207) | static int
type ProtocolParserStream (line 215) | struct ProtocolParserStream
FILE: src/proto-imap4.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
FILE: src/proto-isakmp.c
type payload_t (line 33) | typedef struct payload_t {
function payload_t (line 40) | static payload_t
function _parse_transform (line 54) | static unsigned
function _parse_transforms (line 134) | static unsigned
function _parse_proposal (line 154) | static unsigned
function _parse_proposals (line 179) | static unsigned
function _payload_security_association (line 199) | static unsigned
function _payload_vendor_id (line 227) | static unsigned
function _parse_response (line 255) | static unsigned
function isakmp_parse (line 378) | unsigned
function isakmp_set_cookie (line 445) | unsigned
function _test_sample (line 511) | static int
function proto_isakmp_selftest (line 546) | int
FILE: src/proto-isakmp.h
type Output (line 6) | struct Output
type PreprocessedInfo (line 7) | struct PreprocessedInfo
type Output (line 9) | struct Output
type PreprocessedInfo (line 11) | struct PreprocessedInfo
FILE: src/proto-mc.c
function mc_parse (line 47) | static void
type Banner1 (line 95) | struct Banner1
function mc_selftest (line 108) | static int
type ProtocolParserStream (line 116) | struct ProtocolParserStream
FILE: src/proto-mc.h
type ProtocolParserStream (line 6) | struct ProtocolParserStream
FILE: src/proto-memcached.c
type SMACK (line 22) | struct SMACK
type SMACK (line 23) | struct SMACK
type Patterns (line 47) | struct Patterns
type Patterns (line 87) | struct Patterns
function memcached_tcp_parse (line 106) | static void
type Banner1 (line 228) | struct Banner1
function memcached_udp_parse (line 298) | unsigned
function memcached_udp_set_cookie (line 396) | unsigned
function memcached_selftest (line 421) | static int
type ProtocolParserStream (line 429) | struct ProtocolParserStream
FILE: src/proto-memcached.h
type Output (line 4) | struct Output
type PreprocessedInfo (line 5) | struct PreprocessedInfo
type ProtocolParserStream (line 10) | struct ProtocolParserStream
type Output (line 16) | struct Output
type PreprocessedInfo (line 18) | struct PreprocessedInfo
FILE: src/proto-netbios.c
function append_char (line 18) | static void
function append_name (line 28) | static void
function handle_nbtstat_rr (line 60) | static unsigned
function handle_nbtstat (line 110) | unsigned
FILE: src/proto-netbios.h
type PreprocessedInfo (line 5) | struct PreprocessedInfo
type Output (line 6) | struct Output
type Output (line 8) | struct Output
type PreprocessedInfo (line 10) | struct PreprocessedInfo
FILE: src/proto-ntlmssp.c
function append_unicode_string (line 92) | static void
function ntlmssp_decode (line 105) | void
function ntlmssp_cleanup (line 243) | void
function ntlmssp_decode_init (line 252) | void
FILE: src/proto-ntlmssp.h
type BannerOutput (line 4) | struct BannerOutput
type NtlmsspDecode (line 6) | struct NtlmsspDecode
type NtlmsspDecode (line 14) | struct NtlmsspDecode
type NtlmsspDecode (line 17) | struct NtlmsspDecode
type NtlmsspDecode (line 20) | struct NtlmsspDecode
type BannerOutput (line 22) | struct BannerOutput
FILE: src/proto-ntp.c
function ntp_set_cookie (line 21) | unsigned
type Val2String (line 29) | struct Val2String {
type Val2String (line 34) | struct Val2String
type Val2String (line 75) | struct Val2String
type Val2String (line 88) | struct Val2String
function ntp_modlist_parse (line 100) | static void
function ntp_priv (line 157) | static void
function ntp_v2_parse (line 191) | static void
function ntp_handle_response (line 228) | unsigned
function ntp_selftest (line 288) | int
FILE: src/proto-ntp.h
type Output (line 5) | struct Output
type PreprocessedInfo (line 6) | struct PreprocessedInfo
type Output (line 25) | struct Output
type PreprocessedInfo (line 27) | struct PreprocessedInfo
FILE: src/proto-oproto.c
function handle_oproto (line 4) | void
FILE: src/proto-oproto.h
type Output (line 9) | struct Output
type PreprocessedInfo (line 10) | struct PreprocessedInfo
type Output (line 19) | struct Output
type PreprocessedInfo (line 21) | struct PreprocessedInfo
FILE: src/proto-pop3.c
function pop3_parse (line 20) | static void
type Banner1 (line 157) | struct Banner1
function pop3_selftest (line 166) | static int
type ProtocolParserStream (line 174) | struct ProtocolParserStream
FILE: src/proto-pop3.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
FILE: src/proto-preprocess.c
function preprocess_frame (line 51) | unsigned
FILE: src/proto-preprocess.h
type PreprocessedInfo (line 31) | struct PreprocessedInfo {
type PreprocessedInfo (line 63) | struct PreprocessedInfo
FILE: src/proto-sctp.c
function sctp_checksum (line 84) | unsigned
function handle_sctp (line 136) | void
function sctp_selftest (line 194) | int
FILE: src/proto-sctp.h
type PreprocessedInfo (line 6) | struct PreprocessedInfo
type Output (line 7) | struct Output
type Output (line 20) | struct Output
type PreprocessedInfo (line 23) | struct PreprocessedInfo
FILE: src/proto-smb.c
type SmbParams (line 45) | struct SmbParams {
type InternalType (line 53) | enum InternalType {
type SmbParams (line 61) | struct SmbParams
type Smb72_Negotiate (line 75) | struct Smb72_Negotiate
type Smb72_Negotiate (line 76) | struct Smb72_Negotiate
type Smb72_Negotiate (line 81) | struct Smb72_Negotiate
type Smb72_Negotiate (line 82) | struct Smb72_Negotiate
type Smb72_Negotiate (line 83) | struct Smb72_Negotiate
type Smb72_Negotiate (line 84) | struct Smb72_Negotiate
type Smb72_Negotiate (line 85) | struct Smb72_Negotiate
type Smb73_Setup (line 87) | struct Smb73_Setup
function smb_set_hello_v1 (line 126) | void smb_set_hello_v1(struct ProtocolParserStream *smb)
function smb_params_parse (line 230) | static size_t
function time_t (line 308) | static time_t
function smb1_parse_negotiate1 (line 323) | static size_t
function smb1_parse_setup1 (line 443) | static size_t
function smb1_parse_setup2 (line 618) | static size_t
function smb1_parse_negotiate2 (line 822) | static size_t
function smb2_parse_response (line 853) | static size_t
function smb2_parse_negotiate (line 878) | static size_t
function smb2_parse_setup (line 1059) | static size_t
function smb2_parse_header (line 1120) | static size_t
function smb_parse_smb (line 1241) | static size_t
function smb_parse_record (line 1670) | static void
function negot_add_dialect (line 1817) | static int
type Banner1 (line 1853) | struct Banner1
function smb_do_test (line 1891) | static int
function smb_selftest (line 1922) | static int
function smb_cleanup (line 2071) | static void
type ProtocolParserStream (line 2083) | struct ProtocolParserStream
type ProtocolParserStream (line 2090) | struct ProtocolParserStream
FILE: src/proto-smb.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
type ProtocolParserStream (line 6) | struct ProtocolParserStream
type ProtocolParserStream (line 15) | struct ProtocolParserStream
FILE: src/proto-smtp.c
function smtp_parse (line 34) | static void
type Banner1 (line 174) | struct Banner1
function smtp_selftest (line 183) | static int
type ProtocolParserStream (line 191) | struct ProtocolParserStream
FILE: src/proto-smtp.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
FILE: src/proto-snmp.c
type SMACK (line 52) | struct SMACK
type SNMP (line 58) | struct SNMP
type SnmpOid (line 73) | struct SnmpOid {
function asn1_length (line 105) | static uint64_t
function asn1_integer (line 145) | static uint64_t
function asn1_tag (line 179) | static unsigned
function next_id (line 189) | static uint64_t
function snmp_banner_oid (line 206) | static void
function snmp_banner (line 255) | static void
function snmp_parse (line 301) | static void
function snmp_set_cookie (line 402) | unsigned
function id_prefix_count (line 482) | static unsigned
function convert_oid (line 499) | static unsigned
function handle_snmp (line 536) | unsigned
function snmp_init (line 593) | void
function snmp_selftest_banner (line 627) | static int
function snmp_selftest (line 674) | int
FILE: src/proto-snmp.h
type Output (line 5) | struct Output
type PreprocessedInfo (line 6) | struct PreprocessedInfo
type Output (line 23) | struct Output
type PreprocessedInfo (line 25) | struct PreprocessedInfo
FILE: src/proto-spnego.h
type SpnegoDecode (line 7) | struct SpnegoDecode
type SpnegoDecode (line 20) | struct SpnegoDecode
type SpnegoDecode (line 23) | struct SpnegoDecode
type BannerOutput (line 25) | struct BannerOutput
FILE: src/proto-ssh.c
function ssh_parse (line 52) | static void
type Banner1 (line 183) | struct Banner1
function ssh_selftest (line 192) | static int
type ProtocolParserStream (line 200) | struct ProtocolParserStream
FILE: src/proto-ssh.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
FILE: src/proto-ssl.c
function BANNER_CIPHER (line 70) | static void
function BANNER_VERSION (line 89) | static void
function parse_server_hello (line 127) | static void
function parse_server_cert (line 370) | static void
function parse_handshake (line 522) | static void
function parse_heartbeat (line 668) | static void
function parse_alert (line 788) | static void
function ssl_parse_record (line 892) | static void
type Banner1 (line 1063) | struct Banner1
function ssl_hello_size (line 1211) | unsigned
function ssl_selftest (line 1269) | static int
type ProtocolParserStream (line 1435) | struct ProtocolParserStream
type ProtocolParserStream (line 1442) | struct ProtocolParserStream
FILE: src/proto-ssl.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
type ProtocolParserStream (line 6) | struct ProtocolParserStream
FILE: src/proto-tcp-rdp.c
function cc_parse (line 19) | static size_t
function cotp_parse (line 111) | static size_t
function rdp_parse (line 201) | static void
type Banner1 (line 294) | struct Banner1
function rdp_selftest_item (line 302) | static int
function rdp_selftest (line 346) | static int
type ProtocolParserStream (line 375) | struct ProtocolParserStream
FILE: src/proto-tcp-rdp.h
type ProtocolParserStream (line 6) | struct ProtocolParserStream
FILE: src/proto-tcp-telnet.c
type TelnetOptions (line 11) | struct TelnetOptions {
type TelnetOptions (line 20) | struct TelnetOptions
function telnet_parse (line 93) | static void
type Banner1 (line 257) | struct Banner1
function telnet_selftest_item (line 266) | static int
function telnet_selftest (line 309) | static int
type ProtocolParserStream (line 351) | struct ProtocolParserStream
FILE: src/proto-tcp-telnet.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
FILE: src/proto-udp.c
function default_udp_parse (line 27) | unsigned
function handle_udp (line 54) | void
FILE: src/proto-udp.h
type PreprocessedInfo (line 5) | struct PreprocessedInfo
type Output (line 6) | struct Output
type Output (line 15) | struct Output
type PreprocessedInfo (line 17) | struct PreprocessedInfo
type Output (line 25) | struct Output
type PreprocessedInfo (line 27) | struct PreprocessedInfo
FILE: src/proto-versioning.c
function versioning_tcp_parse (line 25) | static void
type Banner1 (line 50) | struct Banner1
function versioning_udp_parse (line 61) | static unsigned
function versioning_udp_set_cookie (line 76) | static unsigned
function versioning_selftest (line 85) | static int
type ProtocolParserStream (line 93) | struct ProtocolParserStream
FILE: src/proto-versioning.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
FILE: src/proto-vnc.c
function vnc_append_sectype (line 11) | static void
function vnc_parse (line 93) | static void
type Banner1 (line 342) | struct Banner1
function vnc_selftest (line 351) | static int
type ProtocolParserStream (line 359) | struct ProtocolParserStream
FILE: src/proto-vnc.h
type ProtocolParserStream (line 5) | struct ProtocolParserStream
FILE: src/proto-x509.c
type SMACK (line 110) | struct SMACK
type ObjectIdentifer (line 124) | struct ObjectIdentifer {
function id_prefix_count (line 178) | static unsigned
function convert_oid (line 205) | static unsigned
function x509_init (line 250) | void
function ASN1_push (line 304) | static void
function ASN1_pop (line 382) | static unsigned
function ASN1_skip (line 404) | static unsigned
type X509state (line 439) | enum X509state {
function kludge_next (line 485) | static unsigned
function x509_decode (line 544) | void
function spnego_decode (line 1061) | void
function x509_decode_init (line 1378) | void
function spnego_decode_init (line 1384) | void
FILE: src/proto-x509.h
type BannerOutput (line 5) | struct BannerOutput
type CertDecode (line 10) | struct CertDecode {
type CertDecode (line 88) | struct CertDecode
type CertDecode (line 95) | struct CertDecode
type BannerOutput (line 97) | struct BannerOutput
FILE: src/proto-zeroaccess.c
function crc_calc (line 90) | static unsigned
function zadecrypt (line 111) | static unsigned
function generate_getL (line 136) | static unsigned
function handle_zeroaccess (line 170) | unsigned
function zeroaccess_selftest (line 273) | int
FILE: src/proto-zeroaccess.h
type PreprocessedInfo (line 5) | struct PreprocessedInfo
type Output (line 6) | struct Output
type Output (line 9) | struct Output
type PreprocessedInfo (line 11) | struct PreprocessedInfo
FILE: src/rawsock-adapter.h
type Adapter (line 4) | struct Adapter
type Adapter (line 24) | struct Adapter
FILE: src/rawsock-getif.c
type sockaddr (line 35) | struct sockaddr
type rt_msghdr (line 36) | struct rt_msghdr
type sockaddr (line 40) | struct sockaddr
type sockaddr (line 40) | struct sockaddr
type sockaddr (line 46) | struct sockaddr
function rawsock_get_default_interface (line 54) | int
type route_info (line 196) | struct route_info {
function read_netlink (line 204) | static int read_netlink(int fd, char *bufPtr, size_t sizeof_buffer, int ...
function parseRoutes (line 245) | static int parseRoutes(struct nlmsghdr *nlHdr, struct route_info *rtInfo)
function rawsock_get_default_interface (line 298) | int rawsock_get_default_interface(char *ifname, size_t sizeof_ifname)
function rawsock_get_default_interface (line 416) | int rawsock_get_default_interface(char *ifname, size_t sizeof_ifname)
FILE: src/rawsock-getip.c
function rawsock_get_adapter_ip (line 28) | unsigned
function rawsock_get_adapter_ip (line 75) | unsigned
function rawsock_get_adapter_ip (line 162) | unsigned
FILE: src/rawsock-getip6.c
function ipv6address (line 39) | ipv6address
function ipv6address (line 101) | ipv6address
function ipv6address (line 215) | ipv6address
FILE: src/rawsock-getmac.c
function rawsock_get_adapter_mac (line 27) | int
function rawsock_get_adapter_mac (line 95) | int
function rawsock_get_adapter_mac (line 172) | int
FILE: src/rawsock-getroute.c
type sockaddr (line 35) | struct sockaddr
type rt_msghdr (line 36) | struct rt_msghdr
type sockaddr (line 40) | struct sockaddr
type sockaddr (line 40) | struct sockaddr
type sockaddr (line 46) | struct sockaddr
function hexdump (line 54) | static void
type rt_msghdr (line 90) | struct rt_msghdr
function dump_rt_addresses (line 92) | void
function rawsock_get_default_gateway (line 109) | int
type route_info (line 248) | struct route_info {
function read_netlink (line 255) | static int
function parseRoutes (line 297) | static int
function rawsock_get_default_gateway (line 338) | int rawsock_get_default_gateway(const char *ifname, unsigned *ipv4)
function rawsock_get_default_gateway (line 444) | int rawsock_get_default_gateway(const char *ifname, unsigned *ipv4)
FILE: src/rawsock-pcapfile.c
function ftell_x (line 44) | static int64_t ftell_x(FILE *fp)
function fseek_x (line 54) | static int fseek_x(FILE *fp, int64_t offset, int origin)
type PcapFile (line 135) | struct PcapFile
function PCAP16 (line 167) | static unsigned PCAP16(unsigned byte_order, const unsigned char *buf)
function PCAP32 (line 177) | static unsigned PCAP32(unsigned byte_order, const unsigned char *buf)
function pcapfile_datalink (line 189) | int
function smells_like_valid_packet (line 203) | static unsigned
function pcapfile_percentdone (line 259) | unsigned pcapfile_percentdone(struct PcapFile *capfile, uint64_t *r_byte...
function pcapfile_readframe (line 273) | int pcapfile_readframe(
function pcapfile_get_timestamps (line 517) | void pcapfile_get_timestamps(struct PcapFile *capfile, time_t *start, ti...
type PcapFile (line 527) | struct PcapFile
type stat (line 551) | struct stat
type PcapFile (line 647) | struct PcapFile
type PcapFile (line 648) | struct PcapFile
type PcapFile (line 669) | struct PcapFile
type PcapFile (line 697) | struct PcapFile
type PcapFile (line 698) | struct PcapFile
type PcapFile (line 720) | struct PcapFile
type PcapFile (line 722) | struct PcapFile
type PcapFile (line 822) | struct PcapFile
function pcapfile_close (line 843) | void pcapfile_close(struct PcapFile *handle)
function pcapfile_writeframe (line 857) | void pcapfile_writeframe(
FILE: src/rawsock-pcapfile.h
type PcapFile (line 12) | struct PcapFile
type pcapfile_datalink_t (line 14) | enum pcapfile_datalink_t {
type PcapFile (line 19) | struct PcapFile
type PcapFile (line 22) | struct PcapFile
type PcapFile (line 30) | struct PcapFile
type PcapFile (line 31) | struct PcapFile
type PcapFile (line 32) | struct PcapFile
type PcapFile (line 34) | struct PcapFile
type PcapFile (line 36) | struct PcapFile
type PcapFile (line 43) | struct PcapFile
type PcapFile (line 51) | struct PcapFile
type PcapFile (line 61) | struct PcapFile
FILE: src/rawsock.c
type AdapterNames (line 52) | struct AdapterNames
type AdapterNames (line 58) | struct AdapterNames
function pcap_setdirection (line 64) | int pcap_setdirection(pcap_t *pcap, pcap_direction_t direction)
function rawsock_init (line 91) | void
function rawsock_list_adapters (line 198) | void
function rawsock_flush (line 260) | void
function rawsock_send_packet (line 282) | int
function rawsock_recv_packet (line 342) | int rawsock_recv_packet(
function rawsock_send_probe_ipv4 (line 405) | void
function rawsock_send_probe_ipv6 (line 428) | void
function is_numeric_index (line 456) | static int
function rawsock_ignore_transmits (line 506) | void
function rawsock_close_adapter (line 529) | static void
function is_pfring_dna (line 552) | static int
type Adapter (line 592) | struct Adapter
type Adapter (line 602) | struct Adapter
function rawsock_is_adapter_names_equal (line 852) | int
function rawsock_selftest_if (line 868) | int
function rawsock_selftest (line 998) | int
FILE: src/rawsock.h
type Adapter (line 8) | struct Adapter
type TemplateSet (line 9) | struct TemplateSet
type Adapter (line 44) | struct Adapter
type Adapter (line 63) | struct Adapter
type TemplateSet (line 67) | struct TemplateSet
type Adapter (line 71) | struct Adapter
type TemplateSet (line 75) | struct TemplateSet
type Adapter (line 111) | struct Adapter
type Adapter (line 114) | struct Adapter
type Adapter (line 140) | struct Adapter
type Adapter (line 154) | struct Adapter
FILE: src/read-service-probes.c
function parse_type (line 22) | static enum SvcP_RecordType
function is_hexchar (line 74) | static int
function hexval (line 90) | static unsigned
function parse_ports (line 108) | static struct RangeList
function parse_number (line 135) | static unsigned
type ServiceProbeFallback (line 191) | struct ServiceProbeFallback
type NmapServiceProbeList (line 192) | struct NmapServiceProbeList
type ServiceProbeFallback (line 197) | struct ServiceProbeFallback
type ServiceProbeFallback (line 202) | struct ServiceProbeFallback
type ServiceProbeFallback (line 203) | struct ServiceProbeFallback
function parse_probe (line 237) | static void
type ServiceProbeMatch (line 424) | struct ServiceProbeMatch
type NmapServiceProbeList (line 425) | struct NmapServiceProbeList
type ServiceProbeMatch (line 438) | struct ServiceProbeMatch
type SvcV_InfoType (line 528) | enum SvcV_InfoType
type ServiceVersionInfo (line 608) | struct ServiceVersionInfo
type ServiceVersionInfo (line 609) | struct ServiceVersionInfo
type ServiceVersionInfo (line 635) | struct ServiceVersionInfo
function parse_line (line 647) | static void
type NmapServiceProbeList (line 778) | struct NmapServiceProbeList
type NmapServiceProbeList (line 781) | struct NmapServiceProbeList
type NmapServiceProbeList (line 791) | struct NmapServiceProbeList
type NmapServiceProbeList (line 796) | struct NmapServiceProbeList
function nmapserviceprobes_free_record (line 835) | static void
function nmapserviceprobes_print_ports (line 873) | static void
function contains_char (line 928) | static int
function nmapserviceprobes_print_dstring (line 941) | static void
function nmapserviceprobes_print_hello (line 973) | static void
function nmapserviceprobes_print (line 1042) | void
function nmapserviceprobes_free (line 1111) | void
function nmapserviceprobes_selftest (line 1130) | int
FILE: src/read-service-probes.h
type SvcP_RecordType (line 21) | enum SvcP_RecordType {
type SvcV_InfoType (line 35) | enum SvcV_InfoType {
type ServiceVersionInfo (line 46) | struct ServiceVersionInfo {
type ServiceProbeFallback (line 53) | struct ServiceProbeFallback {
type ServiceProbeMatch (line 58) | struct ServiceProbeMatch {
type NmapServiceProbe (line 69) | struct NmapServiceProbe {
type NmapServiceProbeList (line 83) | struct NmapServiceProbeList {
type NmapServiceProbeList (line 93) | struct NmapServiceProbeList
type NmapServiceProbeList (line 97) | struct NmapServiceProbeList
type NmapServiceProbeList (line 106) | struct NmapServiceProbeList
FILE: src/rte-ring.c
type rte_ring (line 110) | struct rte_ring
type rte_ring (line 113) | struct rte_ring
type rte_ring (line 118) | struct rte_ring
type rte_ring (line 120) | struct rte_ring
type rte_ring (line 122) | struct rte_ring
type rte_ring_debug_stats (line 125) | struct rte_ring_debug_stats
type rte_ring (line 127) | struct rte_ring
type rte_ring (line 140) | struct rte_ring
type rte_ring (line 142) | struct rte_ring
function rte_ring_set_water_mark (line 165) | int
function rte_ring_dump (line 180) | void
function rte_ring_list_dump (line 234) | void
type Element (line 258) | typedef size_t Element;
type Test (line 262) | struct Test
function test_consumer_thread (line 276) | static void
function test_producer_thread (line 314) | static void
function run_test (line 336) | static uint64_t
function rte_ring_selftest (line 375) | int
FILE: src/rte-ring.h
type rte_ring_queue_behavior (line 154) | enum rte_ring_queue_behavior {
type rte_ring (line 170) | struct rte_ring {
type rte_ring (line 255) | struct rte_ring
type rte_ring (line 275) | struct rte_ring
type rte_ring (line 283) | struct rte_ring
function __rte_ring_mp_do_enqueue (line 310) | static inline int
function __rte_ring_sp_do_enqueue (line 408) | static inline int
function __rte_ring_mc_do_dequeue (line 493) | static inline int
function __rte_ring_sc_do_dequeue (line 583) | static inline int
function rte_ring_mp_enqueue_bulk (line 649) | static inline int
function rte_ring_sp_enqueue_bulk (line 671) | static inline int
function rte_ring_enqueue_bulk (line 697) | static inline int
function rte_ring_mp_enqueue (line 723) | static inline int
function rte_ring_sp_enqueue (line 742) | static inline int
function rte_ring_enqueue (line 765) | static inline int
function rte_ring_mc_dequeue_bulk (line 791) | static inline int
function rte_ring_sc_dequeue_bulk (line 812) | static inline int
function rte_ring_dequeue_bulk (line 836) | static inline int
function rte_ring_mc_dequeue (line 860) | static inline int
function rte_ring_sc_dequeue (line 878) | static inline int
function rte_ring_dequeue (line 900) | static inline int
function rte_ring_full (line 918) | static inline int
function rte_ring_empty (line 935) | static inline int
function rte_ring_count (line 951) | static inline unsigned
function rte_ring_free_count (line 967) | static inline unsigned
type rte_ring (line 990) | struct rte_ring
function rte_ring_mp_enqueue_burst (line 1007) | static inline int
function rte_ring_sp_enqueue_burst (line 1026) | static inline int
function rte_ring_enqueue_burst (line 1049) | static inline int
function rte_ring_mc_dequeue_burst (line 1076) | static inline int
function rte_ring_sc_dequeue_burst (line 1096) | static inline int
function rte_ring_dequeue_burst (line 1118) | static inline int
FILE: src/scripting-banner.c
function scripting_transmit_hello (line 26) | static void
function scripting_tcp_parse (line 35) | static void
function register_script_for_port (line 59) | static void
function register_script_for_ports (line 68) | static void
type Banner1 (line 95) | struct Banner1
type lua_State (line 97) | struct lua_State
function scripting_udp_parse (line 134) | static unsigned
function scripting_udp_set_cookie (line 149) | static unsigned
function scripting_banner_selftest (line 158) | static int
type ProtocolParserStream (line 166) | struct ProtocolParserStream
FILE: src/scripting-masscan.c
type MasscanWrapper (line 8) | struct MasscanWrapper
function mass_setconfig (line 20) | static int mass_setconfig(struct lua_State *L)
function mass_gc (line 39) | static int mass_gc(struct lua_State *L)
function scripting_masscan_init (line 62) | void scripting_masscan_init(struct Masscan *masscan)
FILE: src/scripting.c
function scripting_init (line 10) | void
FILE: src/scripting.h
type Masscan (line 7) | struct Masscan
type ProtocolParserStream (line 9) | struct ProtocolParserStream
type Masscan (line 15) | struct Masscan
type Masscan (line 20) | struct Masscan
FILE: src/smack.h
type SMACK (line 38) | struct SMACK
type SMACK (line 46) | struct SMACK
type SMACK (line 57) | struct SMACK
type SMACK (line 70) | struct SMACK
type SMACK (line 89) | struct SMACK
type SMACK (line 97) | struct SMACK
type SMACK (line 114) | struct SMACK
type SMACK (line 125) | struct SMACK
type SMACK (line 135) | struct SMACK
FILE: src/smack1.c
function __rdtsc (line 124) | unsigned long long __rdtsc(void)
function __rdtsc (line 142) | unsigned long long __rdtsc(void)
function __rdtsc (line 160) | static __inline__ unsigned long long __rdtsc(void)
type transition_t (line 178) | typedef unsigned short transition_t;
type SmackPattern (line 227) | struct SmackPattern
type SmackRow (line 263) | struct SmackRow
type SmackMatches (line 275) | struct SmackMatches {
type SMACK (line 287) | struct SMACK {
function row_shift_from_symbol_count (line 382) | static unsigned
type SMACK (line 399) | struct SMACK
type SMACK (line 402) | struct SMACK
type SMACK (line 404) | struct SMACK
type SMACK (line 404) | struct SMACK
type SMACK (line 409) | struct SMACK
function create_intermediate_table (line 424) | static void
function destroy_intermediate_table (line 440) | static void
function create_matches_table (line 452) | static void
function destroy_matches_table (line 469) | static void
function destroy_pattern_table (line 503) | static void
function smack_destroy (line 527) | void
function id_already_exists (line 545) | static unsigned
function smack_copy_matches (line 561) | static void
function smack_add_symbol (line 609) | static unsigned
function smack_add_symbols (line 636) | static void
function smack_add_pattern (line 693) | void
function DEBUG_set_name (line 774) | static void
function smack_add_prefixes (line 794) | static void
function smack_stage0_compile_prefixes (line 856) | static void
function smack_stage1_generate_fails (line 898) | static void
function smack_stage2_link_fails (line 958) | static void
function smack_stage4_make_final_table (line 993) | static void
function swap_rows (line 1041) | static void
function smack_stage3_sort (line 1074) | static void
function smack_fixup_wildcards (line 1106) | static void
function smack_compile (line 1151) | void
function handle_match (line 1236) | static unsigned
function smack_search (line 1265) | unsigned
function inner_match (line 1339) | static size_t
function inner_match_shift7 (line 1383) | static size_t
function smack_search_next (line 1409) | size_t
function smack_next_match (line 1492) | size_t
function smack_search_end (line 1518) | unsigned
function smack_search_next_end (line 1544) | size_t
function r_rand (line 1604) | static unsigned
function smack_benchmark (line 1616) | int
function smack_selftest (line 1689) | int
FILE: src/smackqueue.c
type QueueElement (line 10) | struct QueueElement
type Queue (line 15) | struct Queue
type Queue (line 21) | struct Queue
type Queue (line 24) | struct Queue
type Queue (line 25) | struct Queue
function queue_destroy (line 34) | void
function enqueue (line 44) | void
function dequeue (line 69) | unsigned
function queue_has_more_items (line 87) | unsigned queue_has_more_items(struct Queue * queue)
FILE: src/smackqueue.h
type Queue (line 4) | struct Queue
type Queue (line 9) | struct Queue
type Queue (line 13) | struct Queue
type Queue (line 17) | struct Queue
type Queue (line 21) | struct Queue
FILE: src/stack-arpv4.c
type ARP_IncomingRequest (line 34) | struct ARP_IncomingRequest
function proto_arp_parse (line 51) | static void
function stack_arp_resolve (line 102) | int
function stack_arp_incoming_request (line 281) | int
FILE: src/stack-arpv4.h
type Adapter (line 3) | struct Adapter
type stack_t (line 24) | struct stack_t
type Adapter (line 33) | struct Adapter
FILE: src/stack-if.c
function stack_if_datalink (line 6) | int
FILE: src/stack-ndpv6.c
function _append (line 12) | static inline void _append(unsigned char *buf, size_t *r_offset, size_t ...
function _append_bytes (line 18) | static inline void _append_bytes(unsigned char *buf, size_t *r_offset, s...
function _append_short (line 27) | static inline void
function _read_byte (line 38) | static inline unsigned
function _read_short (line 46) | static inline unsigned
function _read_number (line 58) | static inline unsigned
function ipv6address_t (line 72) | static inline ipv6address_t
function stack_ndpv6_incoming_request (line 94) | int
function _extract_router_advertisement (line 186) | static int
function stack_ndpv6_resolve (line 311) | int
FILE: src/stack-ndpv6.h
type PreprocessedInfo (line 18) | struct PreprocessedInfo
type stack_t (line 25) | struct stack_t
type PreprocessedInfo (line 25) | struct PreprocessedInfo
type Adapter (line 31) | struct Adapter
FILE: src/stack-queue.c
type PacketBuffer (line 8) | struct PacketBuffer
type stack_t (line 9) | struct stack_t
type PacketBuffer (line 12) | struct PacketBuffer
function stack_transmit_packetbuffer (line 24) | void
function stack_flush_packets (line 46) | void
type stack_t (line 98) | struct stack_t
type stack_src_t (line 99) | struct stack_src_t
type stack_t (line 101) | struct stack_t
type PacketBuffer (line 115) | struct PacketBuffer
FILE: src/stack-queue.h
type stack_src_t (line 6) | struct stack_src_t
type Adapter (line 7) | struct Adapter
type PACKET_QUEUE (line 9) | typedef struct rte_ring PACKET_QUEUE;
type PacketBuffer (line 11) | struct PacketBuffer {
type stack_t (line 16) | struct stack_t {
type PacketBuffer (line 27) | struct PacketBuffer
type stack_t (line 28) | struct stack_t
type stack_t (line 36) | struct stack_t
type PacketBuffer (line 36) | struct PacketBuffer
type stack_t (line 40) | struct stack_t
type Adapter (line 41) | struct Adapter
type stack_t (line 45) | struct stack_t
type stack_src_t (line 46) | struct stack_src_t
FILE: src/stack-src.c
function is_myself (line 3) | int is_myself(const struct stack_src_t *src, ipaddress ip, unsigned port)
function is_my_ip (line 8) | int is_my_ip(const struct stack_src_t *src, ipaddress ip)
function is_my_port (line 20) | int is_my_port(const struct stack_src_t *src, unsigned port)
FILE: src/stack-src.h
type stack_src_t (line 9) | struct stack_src_t
type stack_src_t (line 29) | struct stack_src_t
type stack_src_t (line 30) | struct stack_src_t
type stack_src_t (line 31) | struct stack_src_t
FILE: src/stack-tcp-api.h
type ProtocolParserStream (line 6) | struct ProtocolParserStream
type TCP__flags (line 8) | enum TCP__flags {
type stack_handle_t (line 20) | typedef struct stack_handle_t {
type stack_handle_t (line 33) | struct stack_handle_t
type stack_handle_t (line 45) | struct stack_handle_t
type stack_handle_t (line 48) | struct stack_handle_t
type TCP__flags (line 50) | enum TCP__flags
type stack_handle_t (line 57) | struct stack_handle_t
type ProtocolParserStream (line 58) | struct ProtocolParserStream
type stack_handle_t (line 66) | struct stack_handle_t
type stack_handle_t (line 76) | struct stack_handle_t
FILE: src/stack-tcp-app.c
type App_Event (line 30) | enum App_Event
function application_event (line 42) | unsigned
FILE: src/stack-tcp-app.h
type stack_handle_t (line 5) | struct stack_handle_t
type ProtocolParserStream (line 6) | struct ProtocolParserStream
type Banner1 (line 7) | struct Banner1
type App_Event (line 10) | enum App_Event {
type stack_handle_t (line 24) | struct stack_handle_t
type App_Event (line 25) | enum App_Event
type ProtocolParserStream (line 26) | struct ProtocolParserStream
type Banner1 (line 27) | struct Banner1
type stack_handle_t (line 32) | struct stack_handle_t
type stack_handle_t (line 35) | struct stack_handle_t
type stack_handle_t (line 38) | struct stack_handle_t
type stack_handle_t (line 41) | struct stack_handle_t
type stack_handle_t (line 45) | struct stack_handle_t
FILE: src/stack-tcp-core.c
type TCP_Segment (line 92) | struct TCP_Segment {
type TCP_Control_Block (line 109) | struct TCP_Control_Block
type TCP_ConnectionTable (line 168) | struct TCP_ConnectionTable {
function vLOGtcb (line 240) | static void
function LOGtcb (line 266) | static void
function tcpcon_timeouts (line 283) | void
function name_equals (line 333) | static int
function parseInt (line 358) | static uint64_t
function tcpcon_set_http_header (line 375) | void
function tcpcon_set_parameter (line 397) | void
function tcpcon_set_banner_flags (line 623) | void
function scripting_init_tcp (line 640) | void scripting_init_tcp(struct TCP_ConnectionTable *tcpcon, struct lua_S...
type TCP_ConnectionTable (line 651) | struct TCP_ConnectionTable
type stack_t (line 653) | struct stack_t
type TemplatePacket (line 654) | struct TemplatePacket
type Output (line 656) | struct Output
type TCP_ConnectionTable (line 661) | struct TCP_ConnectionTable
function TCB_EQUALS (line 721) | static int TCB_EQUALS(const struct TCP_Control_Block *lhs, const struct ...
function _tcb_change_state_to (line 744) | static void
function tcb_hash (line 753) | static unsigned
type DestroyReason (line 784) | enum DestroyReason {
function banner_flush (line 799) | void
function tcpcon_destroy_tcb (line 837) | static void
function tcpcon_destroy_table (line 932) | void
type TCP_Control_Block (line 969) | struct TCP_Control_Block
type TCP_ConnectionTable (line 971) | struct TCP_ConnectionTable
type ProtocolParserStream (line 976) | struct ProtocolParserStream
type TCP_Control_Block (line 980) | struct TCP_Control_Block
type TCP_Control_Block (line 981) | struct TCP_Control_Block
type TCP_Control_Block (line 1038) | struct TCP_Control_Block
type Banner1 (line 1045) | struct Banner1
type TCP_Control_Block (line 1066) | struct TCP_Control_Block
type TCP_ConnectionTable (line 1068) | struct TCP_ConnectionTable
type TCP_Control_Block (line 1073) | struct TCP_Control_Block
type TCP_Control_Block (line 1074) | struct TCP_Control_Block
function tcpcon_send_packet (line 1106) | static void
function tcp_send_RST (line 1175) | void
type TCP_What (line 1227) | enum TCP_What
function LOGSEND (line 1248) | static void
function tcpcon_send_RST (line 1260) | void
function _tcb_seg_resend (line 1289) | static void
function application_notify (line 1316) | static unsigned
function _tcb_seg_send (line 1337) | static void
function _tcp_seg_acknowledge (line 1431) | static int
function banner_set_sslhello (line 1553) | void
function banner_set_small_window (line 1559) | void
function banner_is_heartbleed (line 1565) | bool
function banner_parse (line 1576) | size_t
function _next_IP_port (line 1602) | static void
function _do_reconnect (line 1645) | static void
function _tcb_seg_close (line 1696) | static void
function tcpapi_set_timeout (line 1712) | int
function tcpapi_recv (line 1734) | int
function tcpapi_send (line 1757) | int
function tcpapi_reconnect (line 1780) | int
function tcpapi_change_app_state (line 1795) | unsigned
function tcpapi_close (line 1811) | int
function _tcb_they_have_acked_my_fin (line 1824) | static bool
function _tcb_send_ack (line 1835) | static void
function _tcb_seg_recv (line 1842) | static int
function stack_incoming_tcp (line 1909) | enum TCB_result
FILE: src/stack-tcp-core.h
type Adapter (line 8) | struct Adapter
type TCP_Control_Block (line 9) | struct TCP_Control_Block
type TemplatePacket (line 10) | struct TemplatePacket
type TCP_ConnectionTable (line 11) | struct TCP_ConnectionTable
type lua_State (line 12) | struct lua_State
type ProtocolParserStream (line 13) | struct ProtocolParserStream
type TCP_ConnectionTable (line 30) | struct TCP_ConnectionTable
type http_field_t (line 34) | enum http_field_t {
type TCP_ConnectionTable (line 44) | struct TCP_ConnectionTable
type http_field_t (line 48) | enum http_field_t
type TCP_ConnectionTable (line 50) | struct TCP_ConnectionTable
type lua_State (line 50) | struct lua_State
type TCP_ConnectionTable (line 66) | struct TCP_ConnectionTable
type stack_t (line 68) | struct stack_t
type TemplatePacket (line 69) | struct TemplatePacket
type Output (line 71) | struct Output
type TCP_ConnectionTable (line 76) | struct TCP_ConnectionTable
type TCP_ConnectionTable (line 93) | struct TCP_ConnectionTable
type TCP_ConnectionTable (line 97) | struct TCP_ConnectionTable
type TCP_What (line 99) | enum TCP_What {
type TCB_result (line 109) | enum TCB_result {
type TCB_result (line 114) | enum TCB_result
type TCP_ConnectionTable (line 115) | struct TCP_ConnectionTable
type TCP_Control_Block (line 115) | struct TCP_Control_Block
type TCP_What (line 116) | enum TCP_What
type TCP_Control_Block (line 125) | struct TCP_Control_Block
type TCP_ConnectionTable (line 127) | struct TCP_ConnectionTable
type TCP_Control_Block (line 136) | struct TCP_Control_Block
type TCP_ConnectionTable (line 138) | struct TCP_ConnectionTable
type ProtocolParserStream (line 143) | struct ProtocolParserStream
type TCP_ConnectionTable (line 149) | struct TCP_ConnectionTable
type TemplatePacket (line 160) | struct TemplatePacket
type stack_t (line 161) | struct stack_t
FILE: src/stub-lua.c
function stublua_init (line 21) | int stublua_init(void)
FILE: src/stub-lua.h
type lua_State (line 19) | struct lua_State
type lua_State (line 20) | typedef struct lua_State lua_State;
type lua_Integer (line 21) | typedef long long lua_Integer;
type lua_Number (line 22) | typedef double lua_Number;
type lua_Unsigned (line 23) | typedef unsigned long long lua_Unsigned;
type lua_KContext (line 24) | typedef ptrdiff_t lua_KContext;
type luaL_Reg (line 27) | typedef struct luaL_Reg {
FILE: src/stub-pcap-dlt.h
type pcap_dlt_t (line 4) | typedef enum {
FILE: src/stub-pcap.c
type pcap_if (line 58) | struct pcap_if {
function seterr (line 66) | static void seterr(char *errbuf, const char *msg)
function null_PCAP_CLOSE (line 76) | static void null_PCAP_CLOSE(void *hPcap)
function pcap_t (line 96) | static pcap_t *null_PCAP_CREATE(const char *source, char *errbuf) {retur...
function null_PCAP_SET_SNAPLEN (line 97) | static int null_PCAP_SET_SNAPLEN(pcap_t *p, int snaplen) {return 0;}
function null_PCAP_SET_PROMISC (line 98) | static int null_PCAP_SET_PROMISC(pcap_t *p, int promisc) {return 0;}
function null_PCAP_SET_TIMEOUT (line 99) | static int null_PCAP_SET_TIMEOUT(pcap_t *p, int to_ms) {return 0;}
function null_PCAP_SET_IMMEDIATE_MODE (line 100) | static int null_PCAP_SET_IMMEDIATE_MODE(pcap_t *p, int immediate_mode) ...
function null_PCAP_SET_BUFFER_SIZE (line 101) | static int null_PCAP_SET_BUFFER_SIZE(pcap_t *p, int buffer_size) {return...
function null_PCAP_SET_RFMON (line 102) | static int null_PCAP_SET_RFMON(pcap_t *p, int rfmon) {return 0;}
function null_PCAP_CAN_SET_RFMON (line 103) | static int null_PCAP_CAN_SET_RFMON(pcap_t *p) {return 0;}
function null_PCAP_ACTIVATE (line 104) | static int null_PCAP_ACTIVATE(pcap_t *p) {return 0;}
function null_PCAP_DATALINK (line 107) | static unsigned null_PCAP_DATALINK(void *hPcap)
function null_PCAP_DISPATCH (line 117) | static unsigned null_PCAP_DISPATCH(void *hPcap, unsigned how_many_packet...
function null_PCAP_FINDALLDEVS (line 127) | static int null_PCAP_FINDALLDEVS(pcap_if_t **alldevs, char *errbuf)
function null_PCAP_FREEALLDEVS (line 138) | static void null_PCAP_FREEALLDEVS(pcap_if_t *alldevs)
function null_PCAP_MAJOR_VERSION (line 168) | static int null_PCAP_MAJOR_VERSION(void *p)
function null_PCAP_MINOR_VERSION (line 178) | static int null_PCAP_MINOR_VERSION(void *p)
type PcapFunctions (line 200) | struct PcapFunctions
function pcap_t (line 212) | static pcap_t *null_PCAP_OPEN_OFFLINE(const char *fname, char *errbuf)
function null_PCAP_SENDPACKET (line 219) | static int null_PCAP_SENDPACKET(pcap_t *p, const unsigned char *buf, int...
type pcap_pkthdr (line 228) | struct pcap_pkthdr
function null_PCAP_SETDIRECTION (line 236) | static int null_PCAP_SETDIRECTION(pcap_t *p, pcap_direction_t d)
function null_PCAP_PERROR (line 252) | static void null_PCAP_PERROR(pcap_t *p, char *prefix)
function pcap_if_t (line 278) | static const pcap_if_t *null_PCAP_DEV_NEXT(const pcap_if_t *dev)
function pcap_send_queue (line 287) | static pcap_send_queue *null_PCAP_SENDQUEUE_ALLOC(size_t size)
function null_PCAP_SENDQUEUE_TRANSMIT (line 292) | static unsigned null_PCAP_SENDQUEUE_TRANSMIT(pcap_t *p, pcap_send_queue ...
function null_PCAP_SENDQUEUE_DESTROY (line 297) | static void null_PCAP_SENDQUEUE_DESTROY(pcap_send_queue *queue)
function null_PCAP_SENDQUEUE_QUEUE (line 302) | static int null_PCAP_SENDQUEUE_QUEUE(pcap_send_queue *queue,
function pcap_init (line 318) | int pcap_init(void)
FILE: src/stub-pcap.h
type pcap_timeval (line 30) | struct pcap_timeval {
type pcap (line 37) | struct pcap
type pcap_t (line 38) | typedef struct pcap pcap_t;
type pcap_if (line 41) | struct pcap_if
type pcap_if_t (line 42) | typedef struct pcap_if pcap_if_t;
type pcap_direction_t (line 51) | typedef enum {
type pcap_pkthdr (line 80) | struct pcap_pkthdr {
type pcap_pkthdr (line 94) | struct pcap_pkthdr
type pcap_t (line 105) | typedef pcap_t * (*PCAP_OPEN_OFFLINE)(const char *fname, char *errbuf);
type pcap_pkthdr (line 107) | struct pcap_pkthdr
type pcap_if_t (line 114) | typedef const pcap_if_t *(*PCAP_DEV_NEXT)(const pcap_if_t *dev);
type pcap_t (line 124) | typedef pcap_t *(*PCAP_CREATE)(const char *source, char *errbuf);
type pcap_send_queue (line 141) | struct pcap_send_queue
type pcap_send_queue (line 142) | typedef struct pcap_send_queue pcap_send_queue;
type pcap_send_queue (line 144) | typedef pcap_send_queue *(*PCAP_SENDQUEUE_ALLOC)(size_t size);
type pcap_pkthdr (line 147) | struct pcap_pkthdr
type PcapFunctions (line 153) | struct PcapFunctions {
type PcapFunctions (line 208) | struct PcapFunctions
FILE: src/stub-pfring.c
type PFRING (line 13) | struct PFRING
function PFRING_is_installed (line 25) | int
function PFRING_init (line 59) | int
FILE: src/stub-pfring.h
type __pfring (line 9) | struct __pfring
type pfring (line 10) | typedef struct __pfring pfring;
type packet_direction (line 12) | typedef enum {
type pfring_pkthdr (line 17) | struct pfring_pkthdr {
type pfring (line 53) | typedef pfring*(*PFRING_OPEN)(
type pfring_pkthdr (line 66) | struct pfring_pkthdr
type PFRING (line 77) | struct PFRING {
FILE: src/syn-cookie.c
function get_entropy (line 18) | uint64_t
function murmur (line 72) | static unsigned
function syn_cookie (line 116) | uint64_t
function syn_cookie_ipv4 (line 134) | uint64_t
function syn_cookie_ipv6 (line 154) | uint64_t
FILE: src/templ-nmap-payloads.c
function trim (line 12) | static void
function is_comment (line 26) | static int
function append_byte (line 66) | static void
function isodigit (line 76) | static int
function hexval (line 87) | static unsigned
function read_nmap_payloads (line 190) | void
function templ_nmap_selftest (line 279) | int
FILE: src/templ-nmap-payloads.h
type PayloadsUDP (line 7) | struct PayloadsUDP
type RangeList (line 8) | struct RangeList
type PayloadsUDP (line 11) | struct PayloadsUDP
type RangeList (line 13) | struct RangeList
type PayloadsUDP (line 18) | struct PayloadsUDP
FILE: src/templ-opts.h
type addremove_t (line 14) | typedef enum {Default, Add, Remove} addremove_t;
type TemplateOptions (line 16) | struct TemplateOptions {
FILE: src/templ-payloads.c
type PayloadUDP_Item (line 33) | struct PayloadUDP_Item {
type PayloadUDP_Default (line 42) | struct PayloadUDP_Default {
type PayloadsUDP (line 52) | struct PayloadsUDP {
type PayloadUDP_Default (line 59) | struct PayloadUDP_Default
type PayloadUDP_Default (line 66) | struct PayloadUDP_Default
function partial_checksum (line 480) | static unsigned
function payloads_udp_lookup (line 501) | int
function payloads_udp_destroy (line 536) | void
function payloads_udp_trim (line 558) | void
function payloads_oproto_trim (line 587) | void
function payloads_datagram_add (line 620) | static unsigned
function payloads_datagram_add_nocookie (line 675) | static unsigned
function payloads_read_pcap (line 694) | void
function payloads_udp_readfile (line 810) | void
type PayloadsUDP (line 818) | struct PayloadsUDP
type PayloadsUDP (line 822) | struct PayloadsUDP
type PayloadUDP_Default (line 823) | struct PayloadUDP_Default
type RangeList (line 832) | struct RangeList
type PayloadsUDP (line 863) | struct PayloadsUDP
type PayloadsUDP (line 867) | struct PayloadsUDP
type PayloadUDP_Default (line 868) | struct PayloadUDP_Default
type RangeList (line 877) | struct RangeList
function templ_payloads_selftest (line 902) | int
FILE: src/templ-payloads.h
type MassIP (line 5) | struct MassIP
type PayloadsUDP (line 18) | struct PayloadsUDP
type PayloadsUDP (line 21) | struct PayloadsUDP
type PayloadsUDP (line 29) | struct PayloadsUDP
type PayloadsUDP (line 32) | struct PayloadsUDP
type PayloadsUDP (line 41) | struct PayloadsUDP
type PayloadsUDP (line 47) | struct PayloadsUDP
type PayloadsUDP (line 47) | struct PayloadsUDP
type PayloadsUDP (line 54) | struct PayloadsUDP
type MassIP (line 54) | struct MassIP
type PayloadsUDP (line 57) | struct PayloadsUDP
type MassIP (line 57) | struct MassIP
type PayloadsUDP (line 94) | struct PayloadsUDP
type PayloadsUDP (line 104) | struct PayloadsUDP
FILE: src/templ-pkt.c
function ip_header_checksum (line 183) | static unsigned
function tcp_checksum2 (line 210) | static unsigned
function tcp_ipv4_checksum (line 242) | static unsigned
function udp_checksum2 (line 277) | unsigned
function udp_ipv4_checksum (line 307) | static unsigned
function icmp_checksum2 (line 319) | static unsigned
function icmp_ipv4_checksum (line 340) | static unsigned
function templ_copy (line 352) | struct TemplateSet templ_copy(const struct TemplateSet *templset)
function tcp_set_window (line 373) | void
function tcp_create_packet (line 419) | size_t
function udp_payload_fixup (line 617) | static void
function template_set_target_ipv6 (line 661) | void
function template_set_target_ipv4 (line 876) | void
function _template_init_ipv6 (line 1109) | static void
function _template_init (line 1218) | static void
function template_packet_init (line 1374) | void
function template_set_ttl (line 1473) | void
function template_set_vlan (line 1490) | void
function template_selftest (line 1524) | int
FILE: src/templ-pkt.h
type PayloadsUDP (line 6) | struct PayloadsUDP
type MassVulnCheck (line 7) | struct MassVulnCheck
type TemplateOptions (line 8) | struct TemplateOptions
type TemplateProtocol (line 18) | enum TemplateProtocol {
type TemplatePayload (line 32) | struct TemplatePayload {
type TemplatePacket (line 47) | struct TemplatePacket {
type TemplateSet (line 77) | struct TemplateSet
type TemplateSet (line 85) | struct TemplateSet
type TemplateSet (line 85) | struct TemplateSet
type TemplateSet (line 114) | struct TemplateSet
type PayloadsUDP (line 118) | struct PayloadsUDP
type PayloadsUDP (line 119) | struct PayloadsUDP
type TemplateOptions (line 122) | struct TemplateOptions
type TemplateSet (line 155) | struct TemplateSet
type TemplateSet (line 163) | struct TemplateSet
type TemplatePacket (line 176) | struct TemplatePacket
type TemplateSet (line 193) | struct TemplateSet
type TemplateSet (line 194) | struct TemplateSet
FILE: src/templ-tcp-hdr.c
type tcp_opt_t (line 77) | struct tcp_opt_t {
type tcp_hdr_t (line 84) | struct tcp_hdr_t {
function safe_memmove (line 95) | static void
function safe_memset (line 111) | static void
function _HEXDUMP (line 127) | static void
function _tcp_header_length (line 172) | static unsigned inline
function _consistancy_check (line 183) | static int
function _find_tcp_header (line 277) | static struct tcp_hdr_t
function _opt_begin (line 313) | static inline size_t
function _opt_next (line 326) | static inline size_t
function _HEXDUMPopt (line 346) | static void
function _find_opt (line 362) | static size_t
function tcp_find_opt (line 403) | static struct tcp_opt_t
function _adjust_length (line 438) | static void
function _add_padding (line 500) | static void
function _normalize_padding (line 528) | static bool
function tcp_remove_opt (line 595) | static bool
function _insert_field (line 680) | static int
function _calc_padding (line 726) | static unsigned
function _squeeze_padding (line 760) | static size_t
function tcp_add_opt (line 842) | static bool
function tcp_get_mss (line 990) | static unsigned
function tcp_get_wscale (line 1015) | static unsigned
function tcp_get_sackperm (line 1040) | static unsigned
function templ_tcp_apply_options (line 1065) | void
function _replace_options (line 1126) | static bool
type mytests_t (line 1209) | struct mytests_t {
type mytests_t (line 1231) | struct mytests_t
function _selftests_run (line 1355) | static int
function templ_tcp_selftest (line 1530) | int
FILE: src/templ-tcp-hdr.h
type TemplateOptions (line 5) | struct TemplateOptions
type TemplateOptions (line 16) | struct TemplateOptions
FILE: src/util-checksum.c
function _checksum_calculate (line 23) | static unsigned
function _checksum_finish (line 62) | static unsigned
function checksum_ipv4 (line 74) | unsigned
function checksum_ipv6 (line 117) | unsigned
function checksum_selftest (line 229) | int checksum_selftest(void)
FILE: src/util-errormsg.c
function errmsg_init (line 14) | void errmsg_init(unsigned long long in_entropy) {
function _errmsg (line 18) | static void
function _errmsgip (line 26) | static void
function ERRMSG (line 39) | void
function ERRMSGip (line 63) | void
FILE: src/util-extract.c
function e_next_byte (line 4) | unsigned char
function e_next_short16 (line 12) | unsigned short
function e_next_int32 (line 29) | unsigned e_next_int32(struct ebuf_t *ebuf, int endian) {
function e_next_long64 (line 47) | unsigned long long
FILE: src/util-extract.h
type ebuf_t (line 5) | struct ebuf_t {
type ebuf_t (line 16) | struct ebuf_t
type ebuf_t (line 17) | struct ebuf_t
type ebuf_t (line 18) | struct ebuf_t
type ebuf_t (line 19) | struct ebuf_t
FILE: src/util-logger.c
function LOG_add_level (line 17) | void LOG_add_level(int x)
function vLOG (line 24) | static void
function LOG (line 37) | void
function vLOGnet (line 49) | static void
function LOGnet (line 60) | void
function vLOGip (line 74) | static void
function LOGip (line 87) | void
FILE: src/util-safefunc.c
function memcasecmp (line 19) | int
function safe_strcpy (line 34) | void
function safe_localtime (line 68) | int
function safe_gmtime (line 84) | int
FILE: src/util-safefunc.h
type tm (line 66) | struct tm
type tm (line 67) | struct tm
FILE: src/vulncheck-ntp-monlist.c
function set_target (line 8) | static void
type MassVulnCheck (line 72) | struct MassVulnCheck
FILE: src/vulncheck.c
type MassVulnCheck (line 4) | struct MassVulnCheck
type MassVulnCheck (line 7) | struct MassVulnCheck
FILE: src/vulncheck.h
type TemplatePacket (line 4) | struct TemplatePacket
type MassVulnCheck (line 6) | struct MassVulnCheck
type MassVulnCheck (line 50) | struct MassVulnCheck
FILE: src/xring.c
type Element (line 8) | typedef uint64_t Element;
type XRing (line 12) | struct XRing
function Element (line 23) | static Element
function xring_add (line 54) | static int
type Test (line 86) | struct Test
function test_consumer_thread (line 98) | static void
function test_producer_thread (line 132) | static void
function run_test (line 150) | static uint64_t
function xring_selftest (line 188) | int
Condensed preview — 259 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (2,468K chars).
[
{
"path": ".gitattributes",
"chars": 19,
"preview": "\n\n*.c text eol=lf\n\n"
},
{
"path": ".github/workflows/unittests.yml",
"chars": 606,
"preview": "name: masscan unit tests\n\non:\n push:\n branches: [master]\n pull_request:\n # The branches below must be a subset o"
},
{
"path": ".gitignore",
"chars": 48,
"preview": "paused.conf\r\n.Makefile.swp\r\n.vscode\r\nvs10/.vs/\r\n"
},
{
"path": "LICENSE",
"chars": 34523,
"preview": " GNU AFFERO GENERAL PUBLIC LICENSE\n Version 3, 19 November 2007\n\n Copyright (C)"
},
{
"path": "Makefile",
"chars": 3302,
"preview": "# If Windows, then assume the compiler is `gcc` for the\n# MinGW environment. I can't figure out how to tell if it's\n# ac"
},
{
"path": "README.md",
"chars": 24532,
"preview": "[](htt"
},
{
"path": "VULNINFO.md",
"chars": 2081,
"preview": "# Vulnerability Information and Policy\n\nThis document contains information about robustness of this project against\nhack"
},
{
"path": "bin/.gitignore",
"chars": 16,
"preview": "*\n!.gitignore\n\n\n"
},
{
"path": "data/exclude.conf",
"chars": 11577,
"preview": "# http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml\n# http://tools.ietf.org/ht"
},
{
"path": "debian/.gitignore",
"chars": 54,
"preview": "files\nmasscan\nmasscan.debhelper.log\nmasscan.substvars\n"
},
{
"path": "debian/README.Debian",
"chars": 133,
"preview": "masscan for Debian\n------------------\n\nInitial debianisation\n\n -- Vladimir Vitkov <vvitkov@sdl.com> Fri, 24 Jan 2014 11"
},
{
"path": "debian/changelog",
"chars": 506,
"preview": "masscan (1.0.3-46+gbbadb7b-1) precise; urgency=low\n\n * Rebuild from current git\n * Use propper git hash versioning\n\n -"
},
{
"path": "debian/compat",
"chars": 2,
"preview": "8\n"
},
{
"path": "debian/control",
"chars": 937,
"preview": "Source: masscan\nSection: net\nPriority: extra\nMaintainer: Vladimir Vitkov <vvitkov@sdl.com>\nBuild-Depends: debhelper (>= "
},
{
"path": "debian/copyright",
"chars": 1942,
"preview": "Format: http://dep.debian.net/deps/dep5\nUpstream-Name: masscan\nSource: https://github.com/robertdavidgraham/masscan\n\nFil"
},
{
"path": "debian/masscan.dirs",
"chars": 8,
"preview": "usr/bin\n"
},
{
"path": "debian/masscan.docs",
"chars": 52,
"preview": "README.md\nVULNINFO.md\ndoc/algorithm.js\ndoc/bot.html\n"
},
{
"path": "debian/masscan.install",
"chars": 21,
"preview": "bin/masscan usr/bin/\n"
},
{
"path": "debian/masscan.manpages",
"chars": 14,
"preview": "doc/masscan.8\n"
},
{
"path": "debian/rules",
"chars": 483,
"preview": "#!/usr/bin/make -f\n# -*- makefile -*-\n# Sample debian/rules that uses debhelper.\n# This file was originally written by J"
},
{
"path": "debian/source/format",
"chars": 12,
"preview": "3.0 (quilt)\n"
},
{
"path": "debian/watch",
"chars": 147,
"preview": "version=3\n\n# use the github release pages\nhttps://github.com/robertdavidgraham/masscan/releases .*/(\\d\\S*)\\.(?:tgz|tbz|t"
},
{
"path": "doc/algorithm.js",
"chars": 12793,
"preview": "/*\n\n This is an implementation of the core Masscan scanning algorithm\n in JavaScript/NodeJS. The core scanning alg"
},
{
"path": "doc/bot.html",
"chars": 1009,
"preview": "<html>\n<head>\n<title>Masscan/1.0 - fast port scanner</title>\n</head>\n<body>\n<h1>Masscan/1.0 - fast port scanner</h1>\n\n<p"
},
{
"path": "doc/faq/FAQ0001-slow.md",
"chars": 1239,
"preview": "# Why is it not as fast as I expect?\r\n\r\n## Question\r\n\r\nWhy is scanning speed only around 100,000 packets-per-second inst"
},
{
"path": "doc/faq/FAQ0002-drops.md",
"chars": 1095,
"preview": "# Why are many results missing that I expect?\r\n\r\n# Question\r\n\r\nWhen I do a scan, results are missing that I know are the"
},
{
"path": "doc/faq/FAQ0003-excludelist.md",
"chars": 795,
"preview": "# How can I add my IP address to an exclude list so that people stop scanning me?\r\n\r\n# Question\r\n\r\nI hate everyone probi"
},
{
"path": "doc/faq/FAQ0004-serverlogs.md",
"chars": 1018,
"preview": "# Why is masscan in my server logs?\r\n\r\n## Question\r\n\r\nSome example questions:\r\n* Why is `masscan` appearing in my server"
},
{
"path": "doc/faq/README.md",
"chars": 437,
"preview": "# FAQs (frequently asked questions)\r\n\r\nThis directory contains some documents discussing frequently asked\r\nquestions\r\n\r\n"
},
{
"path": "doc/howto-afl.md",
"chars": 5837,
"preview": "Using afl fuzzer against masscan\n================================\n\nAFL (American-Fuzzy-Lop) is an automated *fuzzer*. It"
},
{
"path": "doc/masscan.8",
"chars": 18843,
"preview": ".\\\" generated with Ronn/v0.7.3\r\n.\\\" http://github.com/rtomayko/ronn/tree/0.7.3\r\n.\r\n.TH \"MASSCAN\" \"8\" \"January 2014\" \"\" \""
},
{
"path": "doc/masscan.8.markdown",
"chars": 22253,
"preview": "masscan(8) -- Fast scan of the Internet\n=======================================\n\n## SYNOPSIS\n\nmasscan \\[options\\] \\[<IP|"
},
{
"path": "src/crypto-base64.c",
"chars": 7284,
"preview": "#include \"crypto-base64.h\"\n#include <ctype.h>\n#include <stdlib.h>\n#include <string.h>\n#include <stdio.h>\n#include <time."
},
{
"path": "src/crypto-base64.h",
"chars": 280,
"preview": "#ifndef CRYPTO_BASE64_H\n#define CRYPTO_BASE64_H\n#include <stdio.h>\n\nsize_t base64_decode(void *dst, size_t sizeof_dst, c"
},
{
"path": "src/crypto-blackrock.c",
"chars": 11910,
"preview": "/*\n BlackRock cipher\n\n (h/t Marsh Ray @marshray for this idea)\n\n This is a randomization/reshuffling function b"
},
{
"path": "src/crypto-blackrock.h",
"chars": 2223,
"preview": "#ifndef RAND_BLACKROCK_H\n#define RAND_BLACKROCK_H\n#include <stdint.h>\n\nstruct BlackRock {\n uint64_t range;\n uint64"
},
{
"path": "src/crypto-blackrock2.c",
"chars": 18449,
"preview": "#include \"crypto-blackrock.h\"\n#include \"pixie-timer.h\"\n#include \"unusedparm.h\"\n#include \"util-malloc.h\"\n#include \"util-s"
},
{
"path": "src/crypto-lcg.c",
"chars": 12069,
"preview": "/*\n This is a \"linear-congruent-generator\", a type of random number\n generator.\n*/\n\n#include \"crypto-lcg.h\"\n#inclu"
},
{
"path": "src/crypto-lcg.h",
"chars": 381,
"preview": "#ifndef RAND_LCG_H\n#define RAND_LCG_H\n#include <stdint.h>\n\n\nvoid\nlcg_calculate_constants(uint64_t m, uint64_t *out_a, ui"
},
{
"path": "src/crypto-primegen.c",
"chars": 19118,
"preview": "/*\n This is DJB's code for calculating primes, with a few modifications,\n such as making it work with Microsoft's "
},
{
"path": "src/crypto-primegen.h",
"chars": 1488,
"preview": "#ifndef PRIMEGEN_H\n#define PRIMEGEN_H\n\n#include <stdint.h>\n\n/**\n * This is B/32: the number of 32-bit words of space use"
},
{
"path": "src/crypto-siphash24.c",
"chars": 8472,
"preview": "/*\n SipHash reference C implementation\n\n Written in 2012 by\n Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.c"
},
{
"path": "src/crypto-siphash24.h",
"chars": 291,
"preview": "#ifndef CRYPTO_SIPHASH24_H\n#define CRYPTO_SIPHASH24_H\n#include <stdint.h>\n\nuint64_t\nsiphash24(const void *in, size_t inl"
},
{
"path": "src/event-timeout.c",
"chars": 5950,
"preview": "/*\n\n Event timeout\n\n This is for the user-mode TCP stack. We need to mark timeouts in the\n future when we'll re"
},
{
"path": "src/event-timeout.h",
"chars": 4484,
"preview": "#ifndef EVENT_TIMEOUT_H\n#define EVENT_TIMEOUT_H\n#include <stdint.h>\n#include <stdio.h>\n#include <stddef.h> /* offsetof*/"
},
{
"path": "src/in-binary.c",
"chars": 20421,
"preview": "/*\n Read in the binary file produced by \"out-binary.c\". This allows you to\n translate the \"binary\" format into any"
},
{
"path": "src/in-binary.h",
"chars": 435,
"preview": "#ifndef IN_BINARY_H\n#define IN_BINARY_H\nstruct Masscan;\n\n/**\n * Read that output of previous scans that were saved in th"
},
{
"path": "src/in-filter.c",
"chars": 557,
"preview": "#include \"in-filter.h\"\n#include \"massip.h\"\n\n\nint\nreadscan_filter_pass(ipaddress ip, unsigned port, unsigned type,\n "
},
{
"path": "src/in-filter.h",
"chars": 435,
"preview": "/*\n This is for filtering input in the \"--readscan\" feature\n*/\n#ifndef IN_FILTER_H\n#define IN_FILTER_H\n#include \"mass"
},
{
"path": "src/in-report.c",
"chars": 11005,
"preview": "#include \"in-report.h\"\n#include \"masscan-app.h\"\n#include \"crypto-base64.h\"\n#include \"proto-x509.h\"\n#include \"proto-banou"
},
{
"path": "src/in-report.h",
"chars": 294,
"preview": "#ifndef IN_REPORT_H\n#define IN_REPORT_H\n#include <stdio.h>\n\nvoid\nreadscan_report( unsigned ip,\n unsign"
},
{
"path": "src/main-conf.c",
"chars": 142122,
"preview": "/*\n Read in the configuration for MASSCAN.\n\n Configuration parameters can be read either from the command-line\n "
},
{
"path": "src/main-dedup.c",
"chars": 14078,
"preview": "/*\n\n Filters duplicate responses\n\n This is an asynchronous and \"stateless\" scanner that spews out probes\n witho"
},
{
"path": "src/main-dedup.h",
"chars": 453,
"preview": "#ifndef MAIN_DEDUP_H\n#define MAIN_DEDUP_H\n#include \"massip-addr.h\"\n\nstruct DedupTable *\ndedup_create(void);\n\nvoid\ndedup_"
},
{
"path": "src/main-globals.h",
"chars": 174,
"preview": "#ifndef MAIN_GLOBALS_H\n#define MAIN_GLOBALS_H\n#include <time.h>\n\nextern unsigned volatile is_tx_done;\nextern unsigned vo"
},
{
"path": "src/main-initadapter.c",
"chars": 11136,
"preview": "#include \"masscan.h\"\n#include \"util-logger.h\"\n#include \"rawsock.h\"\n#include \"rawsock-adapter.h\"\n#include \"stack-arpv4.h\""
},
{
"path": "src/main-listscan.c",
"chars": 2186,
"preview": "#include \"masscan.h\"\n#include \"util-logger.h\"\n#include \"crypto-blackrock.h\"\n\n\nvoid\nmain_listscan(struct Masscan *masscan"
},
{
"path": "src/main-ptrace.c",
"chars": 4423,
"preview": "#include \"main-ptrace.h\"\n#include \"proto-preprocess.h\"\n#include \"pixie-timer.h\"\n#include \"util-safefunc.h\"\n\n\n/**********"
},
{
"path": "src/main-ptrace.h",
"chars": 214,
"preview": "#ifndef masscan_main_ptrace_h\n#define masscan_main_ptrace_h\n#include <stdio.h>\n#include <stdint.h>\n\n\nvoid packet_trace(F"
},
{
"path": "src/main-readrange.c",
"chars": 3286,
"preview": "#include \"main-readrange.h\"\n#include \"masscan.h\"\n#include <assert.h>\n\n/*************************************************"
},
{
"path": "src/main-readrange.h",
"chars": 121,
"preview": "#ifndef MAIN_READRANGE_H\n#define MAIN_READRANGE_H\nstruct Masscan;\n\nvoid\nmain_readrange(struct Masscan *masscan);\n\n#endif"
},
{
"path": "src/main-status.c",
"chars": 8560,
"preview": "/*\n prints \"status\" message once per second to the commandline\n\n The status message indicates:\n - the rate in p"
},
{
"path": "src/main-status.h",
"chars": 707,
"preview": "#ifndef MAIN_STATUS_H\n#define MAIN_STATUS_H\n#include <stdint.h>\n#include <time.h>\n#include \"util-bool.h\"\n\nstruct Status\n"
},
{
"path": "src/main-throttle.c",
"chars": 5969,
"preview": "/*\n\n Rate-limit/throttler: stops us from transmitting too fast.\n\n We can send packets at millions of packets/secon"
},
{
"path": "src/main-throttle.h",
"chars": 488,
"preview": "#ifndef MAIN_THROTTLE_H\n#define MAIN_THROTTLE_H\n#include <stdint.h>\n\nstruct Throttler\n{\n double max_rate;\n double "
},
{
"path": "src/main.c",
"chars": 66640,
"preview": "/*\n\n main\n\n This includes:\n\n * main()\n * transmit_thread() - transmits probe packets\n * receive_thread() "
},
{
"path": "src/masscan-app.c",
"chars": 4948,
"preview": "#include \"masscan-app.h\"\n#include \"util-safefunc.h\"\n\n/******************************************************************"
},
{
"path": "src/masscan-app.h",
"chars": 1773,
"preview": "#ifndef MASSCAN_APP_H\n#define MASSCAN_APP_H\n\n/*\n * WARNING: these constants are used in files, so don't change the value"
},
{
"path": "src/masscan-status.h",
"chars": 400,
"preview": "#ifndef MASSCAN_STATUS_H\n#define MASSCAN_STATUS_H\n\n#if 0\nenum PortStatus {\n Port_Unknown,\n Port_Open,\n Port_Clo"
},
{
"path": "src/masscan-version.h",
"chars": 78,
"preview": "#ifndef MASSCAN_VERSION\n\n#define MASSCAN_VERSION \"1.3.9-integration\"\n\n#endif\n\n"
},
{
"path": "src/masscan.h",
"chars": 16676,
"preview": "#ifndef MASSCAN_H\n#define MASSCAN_H\n#include \"massip-addr.h\"\n#include \"util-safefunc.h\"\n#include \"stack-src.h\"\n#include "
},
{
"path": "src/massip-addr.c",
"chars": 9003,
"preview": "#include \"massip-addr.h\"\n#include <string.h>\n\n\n/**\n * Holds the output string, so that we can append to it without\n * ov"
},
{
"path": "src/massip-addr.h",
"chars": 5997,
"preview": "/*\n Simple module for handling addresses (IPv6, IPv4, MAC).\n Also implements a 128-bit type for dealing with addre"
},
{
"path": "src/massip-parse.c",
"chars": 47110,
"preview": "/*\n massip-parse\n\n This module parses IPv4 and IPv6 addresses.\n\n It's not a typical parser. It's optimized arou"
},
{
"path": "src/massip-parse.h",
"chars": 1838,
"preview": "/*\n massip-parse\n\n This module parses IPv4 and IPv6 addresses.\n\n It's not a typical parser. It's optimized arou"
},
{
"path": "src/massip-port.h",
"chars": 777,
"preview": "#ifndef MASSIP_PORT_H\n#define MASSIP_PORT_H\n\n/*\n * Ports are 16-bit numbers ([0..65535], but different\n * transports (TC"
},
{
"path": "src/massip-rangesv4.c",
"chars": 44492,
"preview": "/*\n IPv4 and port ranges\n \n This is one of the more integral concepts to how masscan works internally.\n We combine al"
},
{
"path": "src/massip-rangesv4.h",
"chars": 8166,
"preview": "#ifndef RANGES_H\n#define RANGES_H\n#include <stdint.h>\n#include <stdio.h>\n#include \"util-bool.h\" /*<stdbool.h>*/\n\n/**\n * "
},
{
"path": "src/massip-rangesv6.c",
"chars": 19435,
"preview": "/*\n for tracking IP/port ranges\n*/\n#include \"massip-rangesv6.h\"\n#include \"massip-rangesv4.h\"\n#include \"util-malloc.h\""
},
{
"path": "src/massip-rangesv6.h",
"chars": 5200,
"preview": "/*\n List of IPv6 ranges.\n\n Sames as the \"ranges.h\" module, but for IPv6 instead of IPv4.\n*/\n#ifndef RANGES6_H\n#def"
},
{
"path": "src/massip.c",
"chars": 4426,
"preview": "#include \"massip.h\"\n#include \"massip-parse.h\"\n#include \"massip-rangesv4.h\"\n#include \"massip-rangesv6.h\"\n#include <string"
},
{
"path": "src/massip.h",
"chars": 3320,
"preview": "#ifndef MASSIP_H\n#define MASSIP_H\n#include <stddef.h>\n#include \"massip-rangesv4.h\"\n#include \"massip-rangesv6.h\"\n\nstruct "
},
{
"path": "src/misc-rstfilter.c",
"chars": 4100,
"preview": "#include \"misc-rstfilter.h\"\n#include \"util-malloc.h\"\n#include \"crypto-siphash24.h\"\n#include <time.h>\n\nstruct ResetFilter"
},
{
"path": "src/misc-rstfilter.h",
"chars": 2043,
"preview": "/*\n RST filter\n \n In theory, we should transmit a RST packet every time we receive an invalid\n TCP packet. In practice, "
},
{
"path": "src/out-binary.c",
"chars": 10963,
"preview": "#include \"output.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"out-record.h\"\n#include \"util-safefunc"
},
{
"path": "src/out-certs.c",
"chars": 2598,
"preview": "#include \"output.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"util-safefunc.h\"\n#include <ctype.h>\n\n"
},
{
"path": "src/out-grepable.c",
"chars": 6873,
"preview": "#include \"output.h\"\n#include \"masscan.h\"\n#include \"masscan-version.h\"\n#include \"masscan-status.h\"\n#include \"out-tcp-serv"
},
{
"path": "src/out-hostonly.c",
"chars": 1886,
"preview": "#include \"output.h\"\n#include \"masscan.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"unusedparm.h\"\n#i"
},
{
"path": "src/out-json.c",
"chars": 4942,
"preview": "#include \"output.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"util-safefunc.h\"\n#include <ctype.h>\n\n"
},
{
"path": "src/out-ndjson.c",
"chars": 5622,
"preview": "#include \"output.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"util-safefunc.h\"\n#include <ctype.h>\n\n"
},
{
"path": "src/out-null.c",
"chars": 2856,
"preview": "#include \"output.h\"\n#include \"masscan.h\"\n\n\n/****************************************************************************"
},
{
"path": "src/out-record.h",
"chars": 299,
"preview": "#ifndef OUT_RECORD_H\n#define OUT_RECORD_H\n\nenum OutputRecordType {\n Out_Open = 1,\n Out_Closed = 2,\n Out_Banner1"
},
{
"path": "src/out-redis.c",
"chars": 9137,
"preview": "#include \"output.h\"\n#include \"masscan.h\"\n#include \"pixie-sockets.h\"\n#include \"util-logger.h\"\n#include <ctype.h>\n\n/******"
},
{
"path": "src/out-tcp-services.c",
"chars": 2849,
"preview": "#include \"out-tcp-services.h\"\n#include <string.h>\n#include <stdlib.h>\n\n#ifndef WIN32\n#include <netdb.h>\n#else\n#include <"
},
{
"path": "src/out-tcp-services.h",
"chars": 198,
"preview": "#ifndef OUT_TCP_SERVICES_H\n#define OUT_TCP_SERVICES_H\n\nconst char *tcp_service_name(int port);\nconst char *udp_service_n"
},
{
"path": "src/out-text.c",
"chars": 2433,
"preview": "#include \"output.h\"\n#include \"masscan.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"unusedparm.h\"\n\n#"
},
{
"path": "src/out-unicornscan.c",
"chars": 2448,
"preview": "#include \"output.h\"\n#include \"masscan.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"unusedparm.h\"\n#i"
},
{
"path": "src/out-xml.c",
"chars": 4712,
"preview": "#include \"output.h\"\n#include \"masscan-app.h\"\n#include \"masscan-status.h\"\n#include \"util-safefunc.h\"\n\n\n\n/****************"
},
{
"path": "src/output.c",
"chars": 31626,
"preview": "/*\n output logging/reporting\n\n This is the file that formats the output files -- that is to say,\n where we repo"
},
{
"path": "src/output.h",
"chars": 5896,
"preview": "#ifndef OUTPUT_H\n#define OUTPUT_H\n#include <stddef.h>\n#include <stdio.h>\n#include <stdint.h>\n#include <time.h>\n#include "
},
{
"path": "src/pixie-backtrace.c",
"chars": 6237,
"preview": "/*\n When program crashes, print backtrace with line numbers\n*/\n#include \"pixie-backtrace.h\"\n#include \"unusedparm.h\"\n#"
},
{
"path": "src/pixie-backtrace.h",
"chars": 364,
"preview": "#ifndef PIXIE_BACKTRACE_H\n#define PIXIE_BACKTRACE_H\n\n/**\n * Call this function at program startup in order to insert a s"
},
{
"path": "src/pixie-file.c",
"chars": 1850,
"preview": "#include \"pixie-file.h\"\n\n#if defined(WIN32)\n#include <Windows.h>\n#include <io.h>\n#include <fcntl.h>\n#define access _acce"
},
{
"path": "src/pixie-file.h",
"chars": 406,
"preview": "#ifndef PIXIE_FILE_H\n#define PIXIE_FILE_H\n#include <stdio.h>\n\n#if defined(WIN32)\n#include <io.h>\n#define access _access\n"
},
{
"path": "src/pixie-sockets.h",
"chars": 223,
"preview": "#ifndef PIXIE_SOCKETS_H\n#define PIXIE_SOCKETS_H\n#include <stddef.h>\n#if defined(WIN32)\n#include <WinSock2.h>\n#else\n#incl"
},
{
"path": "src/pixie-threads.c",
"chars": 5998,
"preview": "#define _GNU_SOURCE\n#include \"pixie-threads.h\"\n\n#if defined(WIN32)\n#include <Windows.h>\n#include <process.h>\n#endif\n\n#if"
},
{
"path": "src/pixie-threads.h",
"chars": 2368,
"preview": "#ifndef PORT_THREADS_H\n#define PORT_THREADS_H\n#include <stdio.h>\n#include <stdint.h>\n#if defined(_MSC_VER)\n#include <int"
},
{
"path": "src/pixie-timer.c",
"chars": 6773,
"preview": "/*\n portability: time\n\n Since this program runs on both Linux and Windows, I need a portable\n way to get a high"
},
{
"path": "src/pixie-timer.h",
"chars": 618,
"preview": "#ifndef PIXIE_TIMER_H\n#define PIXIE_TIMER_H\n#include <stdint.h>\n\n/**\n * The current time, in microseconds\n */\nuint64_t p"
},
{
"path": "src/proto-arp.c",
"chars": 1178,
"preview": "#include \"proto-arp.h\"\n#include \"proto-preprocess.h\"\n#include \"util-logger.h\"\n#include \"output.h\"\n#include \"masscan-stat"
},
{
"path": "src/proto-arp.h",
"chars": 245,
"preview": "#ifndef PROTO_ARP_H\n#define PROTO_ARP_H\n#include <time.h>\nstruct Output;\nstruct PreprocessedInfo;\n\n\nvoid\narp_recv_respon"
},
{
"path": "src/proto-banner1.c",
"chars": 28559,
"preview": "/*\n state machine for receiving banners\n*/\n#include \"smack.h\"\n#include \"rawsock-pcapfile.h\"\n#include \"proto-preproce"
},
{
"path": "src/proto-banner1.h",
"chars": 8695,
"preview": "#ifndef PROTO_BANNER1_H\n#define PROTO_BANNER1_H\n#include <stdint.h>\n\n#include <stdio.h>\n#include \"masscan-app.h\"\n#includ"
},
{
"path": "src/proto-banout.c",
"chars": 16151,
"preview": "/*\n Banner Output\n\n This module remembers \"banners\" from a connection. These are often\n simple strings, like th"
},
{
"path": "src/proto-banout.h",
"chars": 4200,
"preview": "#ifndef PROTO_BANOUT_H\n#define PROTO_BANOUT_H\nstruct BannerBase64;\n\n/**\n * A structure for tracking one or more banners "
},
{
"path": "src/proto-coap.c",
"chars": 25387,
"preview": "/*\n CoAP - Constrained Application Protocol\n https://en.wikipedia.org/wiki/Constrained_Application_Protocol\n \n Thi"
},
{
"path": "src/proto-coap.h",
"chars": 631,
"preview": "#ifndef PROTO_COAP_H\n#define PROTO_COAP_H\n#include \"proto-banner1.h\"\nstruct Output;\nstruct PreprocessedInfo;\n\n/*\n * For "
},
{
"path": "src/proto-dns-parse.h",
"chars": 1432,
"preview": "#ifndef PROTO_DNS_PARSE_H\n#define PROTO_DNS_PARSE_H\nstruct DomainPointer\n{\n const unsigned char *name;\n unsigned l"
},
{
"path": "src/proto-dns.c",
"chars": 15533,
"preview": "/*\n\n Parses DNS response information\n\n The scanner sends a CHAOS TXT query for \"version.bind\". This module parses\n"
},
{
"path": "src/proto-dns.h",
"chars": 359,
"preview": "#ifndef PROTO_DNS_H\n#define PROTO_DNS_H\n#include <time.h>\n#include <stdint.h>\nstruct PreprocessedInfo;\nstruct Output;\n\nu"
},
{
"path": "src/proto-ftp.c",
"chars": 4897,
"preview": "#include \"proto-ftp.h\"\n#include \"proto-banner1.h\"\n#include \"unusedparm.h\"\n#include \"masscan-app.h\"\n#include \"stack-tcp-a"
},
{
"path": "src/proto-ftp.h",
"chars": 129,
"preview": "#ifndef PROTO_FTP_H\n#define PROTO_FTP_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream banner_ftp;"
},
{
"path": "src/proto-http.c",
"chars": 31884,
"preview": "#include \"proto-http.h\"\n#include \"proto-banner1.h\"\n#include \"stack-tcp-api.h\"\n#include \"smack.h\"\n#include \"unusedparm.h\""
},
{
"path": "src/proto-http.h",
"chars": 983,
"preview": "#ifndef PROTO_HTTP_H\n#define PROTO_HTTP_H\n#include \"proto-banner1.h\"\n#include \"util-bool.h\"\n\nextern struct ProtocolParse"
},
{
"path": "src/proto-icmp.c",
"chars": 6426,
"preview": "#include \"proto-icmp.h\"\n#include \"proto-preprocess.h\"\n#include \"syn-cookie.h\"\n#include \"util-logger.h\"\n#include \"output."
},
{
"path": "src/proto-icmp.h",
"chars": 303,
"preview": "#ifndef PROTO_ICMP_H\n#define PROTO_ICMP_H\n#include <time.h>\n#include <stdint.h>\nstruct PreprocessedInfo;\nstruct Output;\n"
},
{
"path": "src/proto-imap4.c",
"chars": 6751,
"preview": "/*\n \n imap4 banner checker\n \n \n */\n\n#include \"proto-imap4.h\"\n#include \"proto-banner1.h\"\n#include \"unusedparm.h\"\n#include"
},
{
"path": "src/proto-imap4.h",
"chars": 135,
"preview": "#ifndef PROTO_IMAP4_H\n#define PROTO_IMAP4_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream banner_"
},
{
"path": "src/proto-isakmp.c",
"chars": 20050,
"preview": "/* ISAKMP protocol support \n \n 1 2 3\n0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3"
},
{
"path": "src/proto-isakmp.h",
"chars": 428,
"preview": "#ifndef PROTO_ISAKMP_H\n#define PROTO_ISAKMP_H\n#include <time.h>\n#include <stdint.h>\n#include <stdlib.h>\nstruct Output;\ns"
},
{
"path": "src/proto-mc.c",
"chars": 4073,
"preview": "#include \"proto-mc.h\"\n#include \"proto-banner1.h\"\n#include \"unusedparm.h\"\n#include \"masscan-app.h\"\n#include \"stack-tcp-ap"
},
{
"path": "src/proto-mc.h",
"chars": 143,
"preview": "#ifndef PROTO_MC_H\n#define PROTO_MC_H\n#include \"proto-banner1.h\"\n#include \"util-bool.h\"\n\nextern struct ProtocolParserStr"
},
{
"path": "src/proto-memcached.c",
"chars": 13711,
"preview": "/*\n memcached banner check \n*/\n\n#include \"proto-memcached.h\"\n#include \"proto-banner1.h\"\n#include \"smack.h\"\n#include \""
},
{
"path": "src/proto-memcached.h",
"chars": 618,
"preview": "#ifndef PROTO_MEMCACHED_H\n#define PROTO_MEMCACHED_H\n#include \"proto-banner1.h\"\nstruct Output;\nstruct PreprocessedInfo;\n\n"
},
{
"path": "src/proto-netbios.c",
"chars": 5253,
"preview": "#include \"proto-netbios.h\"\n#include \"proto-udp.h\"\n#include \"proto-dns-parse.h\"\n#include \"proto-preprocess.h\"\n#include \"s"
},
{
"path": "src/proto-netbios.h",
"chars": 304,
"preview": "#ifndef PROTO_NETBIOS_H\n#define PROTO_NETBIOS_H\n#include <time.h>\n#include <stdint.h>\nstruct PreprocessedInfo;\nstruct Ou"
},
{
"path": "src/proto-ntlmssp.c",
"chars": 8997,
"preview": "#include \"proto-ntlmssp.h\"\n#include \"masscan-app.h\"\n#include \"proto-banout.h\"\n#include \"util-safefunc.h\"\n#include \"util-"
},
{
"path": "src/proto-ntlmssp.h",
"chars": 449,
"preview": "#ifndef PROTO_NTLMSSP_H\n#define PROTO_NTLMSSP_H\n#include <stdio.h>\nstruct BannerOutput;\n\nstruct NtlmsspDecode\n{\n unsi"
},
{
"path": "src/proto-ntp.c",
"chars": 8162,
"preview": "/*\n NTP protocol handler\n*/\n#include \"proto-ntp.h\"\n#include <stdint.h>\n#include <stdlib.h>\n#include \"smack.h\"\n#includ"
},
{
"path": "src/proto-ntp.h",
"chars": 627,
"preview": "#ifndef PROTO_NTP_H\n#define PROTO_NTP_H\n#include <time.h>\n#include <stdint.h>\nstruct Output;\nstruct PreprocessedInfo;\n\n/"
},
{
"path": "src/proto-oproto.c",
"chars": 388,
"preview": "#include \"proto-oproto.h\"\n#include \"unusedparm.h\"\n\nvoid\nhandle_oproto(struct Output *out, time_t timestamp,\n "
},
{
"path": "src/proto-oproto.h",
"chars": 529,
"preview": "/*\n Other IP protocol (not TCP, UDP, TCP, ICMP\n Specifically for scanning things like GRE.\n */\n#ifndef PROTO_OPROTO_H\n#d"
},
{
"path": "src/proto-pop3.c",
"chars": 5382,
"preview": "/*\n \n POP3 banner checker\n \n \n */\n\n#include \"proto-pop3.h\"\n#include \"proto-banner1.h\"\n#include \"unusedparm.h\"\n#includ"
},
{
"path": "src/proto-pop3.h",
"chars": 132,
"preview": "#ifndef PROTO_POP3_H\n#define PROTO_POP3_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream banner_po"
},
{
"path": "src/proto-preprocess.c",
"chars": 19828,
"preview": "/* Copyright: (c) 2009-2010 by Robert David Graham */\n/*****************************************************************"
},
{
"path": "src/proto-preprocess.h",
"chars": 1541,
"preview": "/* Copyright: (c) 2009-2010 by Robert David Graham */\n#ifndef PREPROCESS_H\n#define PREPROCESS_H\n#include \"massip-addr.h\""
},
{
"path": "src/proto-sctp.c",
"chars": 7268,
"preview": "#include \"proto-sctp.h\"\n#include \"proto-preprocess.h\"\n#include \"masscan-status.h\"\n#include \"output.h\"\n#include <stdio.h>"
},
{
"path": "src/proto-sctp.h",
"chars": 606,
"preview": "#ifndef PROTO_SCTP_H\n#define PROTO_SCTP_H\n#include <time.h>\n#include <stdint.h>\n\nstruct PreprocessedInfo;\nstruct Output;"
},
{
"path": "src/proto-smb.c",
"chars": 80037,
"preview": "/*\n SMB parser\n \n */\n#include \"proto-smb.h\"\n#include \"stack-tcp-api.h\"\n#include \"unusedparm.h\"\n#include \"masscan-app."
},
{
"path": "src/proto-smb.h",
"chars": 506,
"preview": "#ifndef PROTO_SMB_H\n#define PROTO_SMB_H\n#include \"proto-banner1.h\"\n\nextern struct ProtocolParserStream banner_smb0;\nexte"
},
{
"path": "src/proto-smtp.c",
"chars": 6581,
"preview": "/*\n\n SMTP banner checker\n \n This file interacts with an SMTP server when it finds a connection on\n an SMTP port like "
},
{
"path": "src/proto-smtp.h",
"chars": 132,
"preview": "#ifndef PROTO_SMTP_H\n#define PROTO_SMTP_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream banner_sm"
},
{
"path": "src/proto-snmp.c",
"chars": 21327,
"preview": "/*\n SNMP protocol handler\n\n This module does two primary things:\n\n #1 track sequence number\n\n Like TCP, "
},
{
"path": "src/proto-snmp.h",
"chars": 592,
"preview": "#ifndef PROTO_SNMP_H\n#define PROTO_SNMP_H\n#include <time.h>\n#include <stdint.h>\nstruct Output;\nstruct PreprocessedInfo;\n"
},
{
"path": "src/proto-spnego.h",
"chars": 652,
"preview": "#ifndef PROTO_SPNEGO_H\n#define PROTO_SPNEGO_H\n\n#include \"proto-x509.h\"\n#include \"proto-ntlmssp.h\"\n\nstruct SpnegoDecode\n{"
},
{
"path": "src/proto-ssh.c",
"chars": 9511,
"preview": "#include \"proto-ssh.h\"\n#include \"proto-banner1.h\"\n#include \"unusedparm.h\"\n#include \"masscan-app.h\"\n#include \"stack-tcp-a"
},
{
"path": "src/proto-ssh.h",
"chars": 129,
"preview": "#ifndef PROTO_SSH_H\n#define PROTO_SSH_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream banner_ssh;"
},
{
"path": "src/proto-ssl-test.c",
"chars": 149226,
"preview": "#include <stddef.h>\nconst char ssl_test_case_1[] =\n\"\\x16\\x03\\x03\\x00\\x50\\x02\\x00\\x00\\x4c\\x03\\x03\\x52\\x78\\x1e\\x3f\\x6d\"\n\"\\"
},
{
"path": "src/proto-ssl.c",
"chars": 47561,
"preview": "/*\n SSL parser\n \n This parses SSL packets from the server. It is built in multiple levels:\n \n RECORDS - ssl_par"
},
{
"path": "src/proto-ssl.h",
"chars": 880,
"preview": "#ifndef PROTO_SSL_H\n#define PROTO_SSL_H\n#include \"proto-banner1.h\"\n\nextern struct ProtocolParserStream banner_ssl;\nexter"
},
{
"path": "src/proto-tcp-rdp.c",
"chars": 13025,
"preview": "\n#include \"proto-tcp-rdp.h\"\n#include \"proto-banner1.h\"\n#include \"stack-tcp-api.h\"\n#include \"unusedparm.h\"\n#include \"mass"
},
{
"path": "src/proto-tcp-rdp.h",
"chars": 138,
"preview": "\n#ifndef PROTO_TCP_RDP_H\n#define PROTO_TCP_RDP_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream ba"
},
{
"path": "src/proto-tcp-telnet.c",
"chars": 12273,
"preview": "#include \"proto-tcp-telnet.h\"\n#include \"proto-banner1.h\"\n#include \"stack-tcp-api.h\"\n#include \"unusedparm.h\"\n#include \"ma"
},
{
"path": "src/proto-tcp-telnet.h",
"chars": 138,
"preview": "#ifndef PROTO_TELNET_H\n#define PROTO_TELNET_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream banne"
},
{
"path": "src/proto-udp.c",
"chars": 4814,
"preview": "#include \"proto-udp.h\"\n#include \"proto-coap.h\"\n#include \"proto-dns.h\"\n#include \"proto-isakmp.h\"\n#include \"proto-netbios."
},
{
"path": "src/proto-udp.h",
"chars": 834,
"preview": "#ifndef PROTO_UDP_H\n#define PROTO_UDP_H\n#include <time.h>\n#include <stdint.h>\nstruct PreprocessedInfo;\nstruct Output;\n\n/"
},
{
"path": "src/proto-versioning.c",
"chars": 2773,
"preview": "/*\n SERVICE VERSIONING\n \n */\n#include \"proto-versioning.h\"\n#include \"proto-banner1.h\"\n#include \"smack.h\"\n#include \"un"
},
{
"path": "src/proto-versioning.h",
"chars": 140,
"preview": "#ifndef VERSIONING_H\n#define VERSIONING_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream banner_ve"
},
{
"path": "src/proto-vnc.c",
"chars": 12946,
"preview": "#include \"proto-vnc.h\"\n#include \"proto-banner1.h\"\n#include \"stack-tcp-api.h\"\n#include \"unusedparm.h\"\n#include \"masscan-a"
},
{
"path": "src/proto-vnc.h",
"chars": 130,
"preview": "#ifndef PROTO_VNC_H\n#define PROTO_VNC_H\n#include \"proto-banner1.h\"\n\nextern const struct ProtocolParserStream banner_vnc;"
},
{
"path": "src/proto-x509.c",
"chars": 50259,
"preview": "/*\n !!!!! BIZZARE CODE ALERT !!!!\n\n This module decodes X.509 public-key certificates using a\n \"state-machine p"
},
{
"path": "src/proto-x509.h",
"chars": 3266,
"preview": "#ifndef PROTO_X509_H\n#define PROTO_X509_H\n#include <time.h>\n#include <stdint.h>\nstruct BannerOutput;\n\n/*****************"
},
{
"path": "src/proto-zeroaccess.c",
"chars": 11231,
"preview": "/*\n ZeroAccess botnet\n\n This scans for the P2P ports on the \"ZeroAccess\" botnet.\n\n http://www.symantec.com/conn"
},
{
"path": "src/proto-zeroaccess.h",
"chars": 579,
"preview": "#ifndef PROTO_ZEROACCESS_H\n#define PROTO_ZEROACCESS_H\n#include <time.h>\n#include <stdint.h>\nstruct PreprocessedInfo;\nstr"
},
{
"path": "src/rawsock-adapter.h",
"chars": 472,
"preview": "#ifndef RAWSOCK_ADAPTER_H\n#define RAWSOCK_ADAPTER_H\n\nstruct Adapter\n{\n struct pcap *pcap;\n struct pcap_send_queue "
},
{
"path": "src/rawsock-getif.c",
"chars": 13061,
"preview": "/*\n get default route (gateway) IPv4 address of the named network\n interface/adapter (like \"eth0\").\n\n This work"
},
{
"path": "src/rawsock-getip.c",
"chars": 4952,
"preview": "/*\n retrieve IPv4 address of the named network interface/adapter\n like \"eth0\"\n\n\n This works on:\n - Windo"
},
{
"path": "src/rawsock-getip6.c",
"chars": 6790,
"preview": "/*\n retrieve IPv4 address of the named network interface/adapter\n like \"eth0\"\n\n\n This works on:\n - Windo"
},
{
"path": "src/rawsock-getmac.c",
"chars": 5616,
"preview": "/*\n get MAC address of named network interface/adapter like \"eth0\"\n\n This works on:\n - Windows\n - Li"
},
{
"path": "src/rawsock-getroute.c",
"chars": 15194,
"preview": "/*\n get default route (gateway) IPv4 address of the named network\n interface/adapter (like \"eth0\").\n\n This work"
},
{
"path": "src/rawsock-pcapfile.c",
"chars": 30005,
"preview": "/* Copyright (c) 2007 by Errata Security, All Rights Reserved\n * Programmer(s): Robert David Graham [rdg]\n */\n/*\n\n PCAP"
},
{
"path": "src/rawsock-pcapfile.h",
"chars": 1721,
"preview": "/* Copyright (c) 2007 by Errata Security, All Rights Reserved\n * Programmer(s): Robert David Graham [rdg]\n */\n#ifndef __"
},
{
"path": "src/rawsock.c",
"chars": 31197,
"preview": "/*\n portable interface to \"raw sockets\"\n\n This uses both \"libpcap\" on systems, but on Linux, we try to use the\n "
},
{
"path": "src/rawsock.h",
"chars": 4886,
"preview": "/*\n raw sockets stuff\n*/\n#ifndef RAWSOCK_H\n#define RAWSOCK_H\n#include \"massip-addr.h\"\n#include <stdio.h>\nstruct Adapt"
},
{
"path": "src/read-service-probes.c",
"chars": 40078,
"preview": "#include \"read-service-probes.h\"\n#include \"util-malloc.h\"\n#include \"massip-port.h\"\n#include \"unusedparm.h\"\n\n#include <ct"
},
{
"path": "src/read-service-probes.h",
"chars": 2249,
"preview": "/*\n Reads the 'nmap-service-probes' file.\n */\n#ifndef READ_SERVICE_PROBES_H\n#define READ_SERVICE_PROBES_H\n#include <s"
},
{
"path": "src/rte-ring.c",
"chars": 12101,
"preview": "/*\n RING\n\n DERIVED FROM INTEL DPDK\n DERIVED FROM FREEBSD BUFRING\n*/\n/*-\n * BSD LICENSE\n *\n * Copyright(c) 2"
},
{
"path": "src/rte-ring.h",
"chars": 35317,
"preview": "#ifndef _RTE_RING_H_\n#define _RTE_RING_H_\n\n\n/*\n RING\n\n DERIVED FROM INTEL DPDK\n DERIVED FROM FREEBSD BUFRING\n*/"
},
{
"path": "src/scripting-banner.c",
"chars": 5205,
"preview": "/*\n Using \"banner\" system for TCP scripting\n */\n#include \"scripting.h\"\n#include \"stub-lua.h\"\n#include \"proto-banner1."
},
{
"path": "src/scripting-masscan.c",
"chars": 2680,
"preview": "#include \"masscan.h\"\n#include \"scripting.h\"\n#include \"stub-lua.h\"\n#include \"unusedparm.h\"\n\n#define MASSCAN_CLASS \"Massca"
},
{
"path": "src/scripting.c",
"chars": 1990,
"preview": "#include \"masscan.h\"\n#include \"scripting.h\"\n#include \"stub-lua.h\"\n#include \"util-logger.h\"\n\n#include <stdlib.h>\n\n/******"
},
{
"path": "src/scripting.h",
"chars": 469,
"preview": "/*\n Masscan scripting subsystem\n*/\n#ifndef SCRIPTING_H\n#define SCRIPTING_H\n#include \"proto-banner1.h\"\nstruct Masscan;"
},
{
"path": "src/smack.h",
"chars": 4673,
"preview": "#ifndef _SMACK_H\n#define _SMACK_H\n#include <stdio.h>\n\n#define SMACK_NOT_FOUND ((size_t)(~0))\n\n/**\n * \"Anchor\" flags are "
},
{
"path": "src/smack1.c",
"chars": 58114,
"preview": "/****************************************************************************\n\n SMACK1 - an Aho-Corasick search"
},
{
"path": "src/smackqueue.c",
"chars": 1995,
"preview": "#include \"smackqueue.h\"\n#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\n\n/***********************************"
},
{
"path": "src/smackqueue.h",
"chars": 277,
"preview": "#ifndef SMACKQUEUE_H\n#define SMACKQUEUE_H\n\nstruct Queue *\nqueue_create(void);\n\n\nvoid\nqueue_destroy(struct Queue *queue);"
},
{
"path": "src/stack-arpv4.c",
"chars": 11456,
"preview": "/*\n handle ARP\n\n Usage #1:\n At startup, we make a synchronous request for the local router.\n We'll w"
},
{
"path": "src/stack-arpv4.h",
"chars": 1139,
"preview": "#ifndef STACK_ARP_H\n#define STACK_ARP_H\nstruct Adapter;\n#include \"stack-queue.h\"\n#include \"massip-addr.h\"\n\n/**\n * Respon"
},
{
"path": "src/stack-if.c",
"chars": 365,
"preview": "#include \"rawsock.h\"\n#include \"rawsock-adapter.h\"\n\n/********************************************************************"
},
{
"path": "src/stack-ndpv6.c",
"chars": 15823,
"preview": "#include \"stack-ndpv6.h\"\n#include \"proto-preprocess.h\"\n#include \"stack-src.h\"\n#include \"util-checksum.h\"\n#include \"rawso"
}
]
// ... and 59 more files (download for full content)
About this extraction
This page contains the full source code of the robertdavidgraham/masscan GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 259 files (2.2 MB), approximately 592.5k tokens, and a symbol index with 1750 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.