mirror of
https://github.com/ivre/masscanned.git
synced 2025-10-02 06:38:21 +00:00
Added option to forbid responding to chosen IP addresses
This commit is contained in:
Unactive
parent
29f89f21e4
commit
0f8ef335a0
15 changed files with 96 additions and 3 deletions
|
|
@ -84,6 +84,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let mut arp_req =
|
||||
|
|
|
|||
|
|
@ -226,6 +226,7 @@ mod tests {
|
|||
mac: mac,
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
for proto in [EtherTypes::Ipv4, EtherTypes::Ipv6, EtherTypes::Arp] {
|
||||
|
|
@ -264,6 +265,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let mut eth_req = MutableEthernetPacket::owned(vec![
|
||||
|
|
|
|||
|
|
@ -53,6 +53,16 @@ pub fn repl<'a, 'b>(
|
|||
return None;
|
||||
}
|
||||
}
|
||||
/* If masscanned is configured with ignored IP addresses, then
|
||||
* check if the src. IP address of the packet is one of
|
||||
* those ignored by masscanned - if so, drop the packet.
|
||||
**/
|
||||
if let Some(ignored_ip_addr_list) = masscanned.ignored_ip_addresses {
|
||||
if ignored_ip_addr_list.contains(&IpAddr::V4(ip_req.get_source())) {
|
||||
masscanned.log.ipv4_drop(&ip_req, &client_info);
|
||||
return None;
|
||||
}
|
||||
}
|
||||
/* Fill client info with transport layer procotol */
|
||||
client_info.transport = Some(ip_req.get_next_level_protocol());
|
||||
let mut ip_repl;
|
||||
|
|
@ -193,6 +203,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
for proto in [
|
||||
|
|
@ -240,6 +251,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let mut ip_req =
|
||||
|
|
|
|||
|
|
@ -41,9 +41,9 @@ pub fn repl<'a, 'b>(
|
|||
masscanned.log.ipv6_recv(ip_req, client_info);
|
||||
let src = ip_req.get_source();
|
||||
let mut dst = ip_req.get_destination();
|
||||
/* If masscanned is configured with IP addresses, check that
|
||||
* the dest. IP address corresponds to one of those
|
||||
* Otherwise, drop the packet.
|
||||
/* If masscanned is configured with IP addresses, then
|
||||
* check that the dest. IP address of the packet is one of
|
||||
* those handled by masscanned - otherwise, drop the packet.
|
||||
**/
|
||||
if let Some(ip_addr_list) = masscanned.ip_addresses {
|
||||
if !ip_addr_list.contains(&IpAddr::V6(dst))
|
||||
|
|
@ -53,6 +53,16 @@ pub fn repl<'a, 'b>(
|
|||
return None;
|
||||
}
|
||||
}
|
||||
/* If masscanned is configured with ignored IP addresses, then
|
||||
* check if the src. IP address of the packet is one of
|
||||
* those ignored by masscanned - if so, drop the packet.
|
||||
**/
|
||||
if let Some(ignored_ip_addr_list) = masscanned.ignored_ip_addresses {
|
||||
if ignored_ip_addr_list.contains(&IpAddr::V6(src)) {
|
||||
masscanned.log.ipv6_drop(ip_req, client_info);
|
||||
return None;
|
||||
}
|
||||
}
|
||||
/* Fill client info with source and dest. IP address */
|
||||
client_info.ip.src = Some(IpAddr::V6(ip_req.get_source()));
|
||||
client_info.ip.dst = Some(IpAddr::V6(ip_req.get_destination()));
|
||||
|
|
@ -206,6 +216,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
for proto in [
|
||||
|
|
@ -255,6 +266,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let mut ip_req =
|
||||
|
|
|
|||
|
|
@ -81,6 +81,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let mut icmp_req =
|
||||
|
|
|
|||
|
|
@ -173,6 +173,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
/* Legitimate solicitation */
|
||||
|
|
@ -246,6 +247,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let mut icmpv6_echo_req = MutableIcmpv6Packet::owned(vec![
|
||||
|
|
|
|||
|
|
@ -146,6 +146,7 @@ mod tests {
|
|||
let masscanned = Masscanned {
|
||||
mac: MacAddr(0, 0, 0, 0, 0, 0),
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
synack_key: [0x06a0a1d63f305e9b, 0xd4d4bcbb7304875f],
|
||||
iface: None,
|
||||
log: MetaLogger::new(),
|
||||
|
|
@ -197,6 +198,7 @@ mod tests {
|
|||
let masscanned = Masscanned {
|
||||
mac: MacAddr(0, 0, 0, 0, 0, 0),
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
synack_key: [0x06a0a1d63f305e9b, 0xd4d4bcbb7304875f],
|
||||
iface: None,
|
||||
log: MetaLogger::new(),
|
||||
|
|
@ -248,6 +250,7 @@ mod tests {
|
|||
let masscanned = Masscanned {
|
||||
mac: MacAddr(0, 0, 0, 0, 0, 0),
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
synack_key: [0x06a0a1d63f305e9b, 0xd4d4bcbb7304875f],
|
||||
iface: None,
|
||||
log: MetaLogger::new(),
|
||||
|
|
@ -298,6 +301,7 @@ mod tests {
|
|||
let masscanned = Masscanned {
|
||||
mac: MacAddr(0, 0, 0, 0, 0, 0),
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
synack_key: [0x06a0a1d63f305e9b, 0xd4d4bcbb7304875f],
|
||||
iface: None,
|
||||
log: MetaLogger::new(),
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ pub struct Masscanned<'a> {
|
|||
/* iface is an Option to make tests easier */
|
||||
pub iface: Option<&'a NetworkInterface>,
|
||||
pub ip_addresses: Option<&'a HashSet<IpAddr>>,
|
||||
pub ignored_ip_addresses: Option<&'a HashSet<IpAddr>>,
|
||||
/* loggers */
|
||||
pub log: MetaLogger,
|
||||
}
|
||||
|
|
@ -133,6 +134,18 @@ fn main() {
|
|||
.help("Inline list of IP addresses to impersonate, comma-separated")
|
||||
.num_args(1),
|
||||
)
|
||||
.arg(
|
||||
Arg::new("ignoredipfile")
|
||||
.long("ignored-ip-addr-file")
|
||||
.help("File with the list of IP addresses to NOT respond to")
|
||||
.num_args(1),
|
||||
)
|
||||
.arg(
|
||||
Arg::new("ignorediplist")
|
||||
.long("ignored-ip-addr")
|
||||
.help("Inline list of IP addresses to NOT respond to, comma-separated")
|
||||
.num_args(1),
|
||||
)
|
||||
.arg(
|
||||
Arg::new("verbosity")
|
||||
.short('v')
|
||||
|
|
@ -217,11 +230,34 @@ fn main() {
|
|||
info!("binding........::");
|
||||
None
|
||||
};
|
||||
let mut ignored_ip_list = if let Some(ref path) = args.get_one::<String>("ignoredipfile") {
|
||||
if let Ok(file) = File::open(path) {
|
||||
info!("parsing ignored ip address file: {}", &path);
|
||||
file.extract_ip_addresses_only(None)
|
||||
} else {
|
||||
HashSet::new()
|
||||
}
|
||||
} else {
|
||||
HashSet::new()
|
||||
};
|
||||
if let Some(ignored_ip_inline_list) = args.get_one::<String>("ignorediplist") {
|
||||
ignored_ip_list.extend(ignored_ip_inline_list.extract_ip_addresses_only(None));
|
||||
}
|
||||
let ignored_ip_addresses = if !ignored_ip_list.is_empty() {
|
||||
for ip in &ignored_ip_list {
|
||||
info!("ignoring.......{}", ip);
|
||||
}
|
||||
Some(&ignored_ip_list)
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
let mut masscanned = Masscanned {
|
||||
synack_key: [0, 0],
|
||||
mac,
|
||||
iface: Some(&iface),
|
||||
ip_addresses,
|
||||
ignored_ip_addresses,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
info!("interface......{}", masscanned.iface.unwrap().name);
|
||||
|
|
|
|||
|
|
@ -293,6 +293,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
@ -316,6 +317,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
@ -340,6 +342,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
@ -364,6 +367,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
|
|||
|
|
@ -629,6 +629,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let mut client_info = ClientInfo::new();
|
||||
|
|
|
|||
|
|
@ -239,6 +239,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let ip_src = IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1));
|
||||
|
|
@ -306,6 +307,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
|
|||
|
|
@ -216,6 +216,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
/***** TEST STUN - MAGIC *****/
|
||||
|
|
@ -276,6 +277,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
/***** TEST SSH *****/
|
||||
|
|
@ -317,6 +319,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
/***** TEST GHOST *****/
|
||||
|
|
@ -350,6 +353,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
/***** TEST COMPLETE REQUEST *****/
|
||||
|
|
@ -371,6 +375,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let mut client_info = ClientInfo::new();
|
||||
|
|
|
|||
|
|
@ -1200,6 +1200,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
@ -1268,6 +1269,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
@ -1331,6 +1333,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
@ -1392,6 +1395,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: None,
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let client_info = ClientInfo::new();
|
||||
|
|
|
|||
|
|
@ -443,6 +443,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let payload_resp = if let Some(r) = repl(payload, &masscanned, &mut client_info, None) {
|
||||
|
|
@ -503,6 +504,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
client_info.ip.src = Some(IpAddr::V6(test_ip_addr));
|
||||
|
|
@ -555,6 +557,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
client_info.ip.src = Some(IpAddr::V4(test_ip_addr));
|
||||
|
|
@ -605,6 +608,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
client_info.ip.src = Some(IpAddr::V4(test_ip_addr));
|
||||
|
|
|
|||
|
|
@ -112,6 +112,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let cookie = synackcookie::generate(&client_info, &masscanned.synack_key).unwrap();
|
||||
|
|
@ -166,6 +167,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let cookie = synackcookie::generate(&client_info, &masscanned.synack_key).unwrap();
|
||||
|
|
@ -226,6 +228,7 @@ mod tests {
|
|||
mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"),
|
||||
iface: None,
|
||||
ip_addresses: Some(&ips),
|
||||
ignored_ip_addresses: None,
|
||||
log: MetaLogger::new(),
|
||||
};
|
||||
let cookie = synackcookie::generate(&client_info, &masscanned.synack_key).unwrap();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue