LINUX C programming three 80banner scanner
One idea:
Usually use the scanner, you can always get the other party's services and server types. In fact, this WWW server from the 80-port is easy to complete. A manual method. Telnet Targetip 80 and then enter Head / HTTP / 1.0 you can get: http / 1.1 400 Bad RequestDate: Tue, 29 Apr 2003 08:54:26 GmtServer: Apache / 1.3.26 (UNIX) PHP / 4.2.2Connection: CloseContent-Type : Text / Html; Charset = ISO-8859-1
400 baUSt </ title> </ head> <body> <h1> bad request </ h1 > Your Browser Sent A Request this Server Could Not Undrestand. <P> The Request Line Contained Invalid Characfollowing The Protocol String. <P> <P> <HR> <address> Apache / 1.3.26 Server at Miu.com Port 80 < / Address> </ body> </ html> knows what is provided and what kind of server, but this is not necessarily very accurate. the reason? Others are amazing! The above knows the Apache version Apache / 1.3.26 system type is the Unix PHP version is PHP / 4.2.2 domain name miu.com Every time it is hand-made, it is more troublesome, it is good now using programming.</p>
<p>Second, function description.</p>
<p>This is to use Socket programming. This is a lot of things: You have to find some special information to learn, here is just simple list: 1. Type of socket Socket_StreamSocket_Dgramsocket_RDMT_SEQPACKETSOCKET_RDM</p>
<p>2. Slim address structure SockAddr_insockAddrin_ADDR</p>
<p>3. The implementation process of TCP socket:</p>
<p>Service-Terminal</p>
<p>Socket () | bind () | client listen () socket () | | accept () <- Coordinate connection ---- connection () | | rv () <--- Data Request -------- Send () <- ---- Data Response ----> Recv () - | | RECV () <---- end connection ------ Close () | CLOSE () Introduce several important functions below:</p>
<p>1. Socket (): 1.1 prototype: #include <sys / types.h> #incldue <sys / socket.h> int design (int domain); 1.2 function description: call the socket function to get a file Descriptor Domain: Protocol clusters and address clusters, the most commonly used AF_INET (IPv4 protocol) and AF_INET6 (IPv6 protocol)</p>
<p>TYPE: Communication Type SOCK_STREAM (byte Jacket Interface), SOCK_DGRAM (Data Support Set) and SOCK_RAW (Original Set Interface)</p>
<p>Protocol: The protocol used is automatically selected for 0 when 0. 1.3 Return value: successfully returned non-zero, failed to return -1.</p>
<p>2.Connect (): 2.1 Prototype: #include <sys / types.h> #include <sys / socket.h> int connection (int name, int namelen); 2.2 Description: Call connection CONNECT Syndrographic indicating the address of the remote end S is the socket () function returned by the socket descriptor name is a pointer containing the remote host IP address and port number is the length of the remote address structure 2.3 Return value to return 0, failed to return -1</p>
<p>3.send (): 3.1 prototype: #include <sys / types.h> #include <sys / socket.h> int send (int SEND (int S, const void * msg, size_t len, int flags); 3.2 Description: s is Accept () returned to the socket descriptor for the client is a socket descriptor returned. The MSG is a data buffer to a transmission information. LEN indicates that the size of the transmitted data buffer is the transfer control flag, which is defined as follows: 0 MSG_DONTROUT Send data by the most direct path, and ignores the routing settings of the underlying protocol. If Flags is 0, then READ Write the same operation 3.3 Return value successfully returns the length of the transmitted data, with bytes, failed to return -1.</p>
<p>4.Recv (): 4.1 Prototy: #include <sys / types.h> #include <sys / socket.h> int RECV (int S, void * buf, size_t len, int flags); 4.2 Description: s is Accept () Returns the socket descriptor, for the customer is a socket descriptor returned. BUF is a data buffer that contains accept information. Len and Flags are the same. 4.3 Return value successfully returns the received data length, failed to return -1.</p>
<p>5.GethostByname (): 5.1 Prototype: String gethostByname (String hostname); 5.2 Description: This function returns an IP URL (IP Address) of a machine name (Domain Name). If the execution fails, return the original machine name. 6. SockAddr_in structure: 6.1 Structure: SockAddr_in defines in Netinet / in.h: struct sockaddr_in {short int sin_family; / * protocol * / unsigned short int sin_port; / * port number * / struct in_addr sin_addr; / * Network address * / unsigned char sin_zero [8]; / * Keep and SOCKADDR Structures * /}; 6.2 Description: Use the SockAddr_in structure to set / obtain address information. SIN_FAMILY refers to the protocol, which can only be AF_INITSIN_PORT storage port number (using network byte order) SIN_ADDR to store IP addresses, using IN_ADDR {UNSIGNED long s_addr;}; this data structure is due to historical reasons The reserved is mainly used as a previous format. S_addr Stores the IP Address SIN_ZERO in the network byte sequence to keep the SockAddr to maintain the same empty byte that remains the same as the SOCKADDR_IN. 6.3 Example: Struct SockAddr_in sa; sa.sin_family = AF_INET; sa.sin_port = HTONS (3490); / * short, nbo * / sa.sin_addr.s_addr = inet_addr ("132.241.5.10"); Bzero (& (SA. SIN_ZERO), 8); Note: If sa.sin_addr.s_addr = INADDR_ANY, the IP address is not specified</p>
<p>7.Hostent Structure 7.1 Structure: This data structure is defined as follows: struct hostent {char * h_name; / * The official name of the host * / char ** h_aliases; / * Host alias * / int h_addrtype; / * Return the address type, Generally AF_INET * / INT H_LENGTH; / * The byte length of the address * / char ** h_addr_list / * host network address * /}</p>
<p>OK understands the above, almost the same can start writing a program, not very understanding. Can use it first. Slowly learn from the usage. In fact, there are still many things to know. I just list the basics used in my program.</p>
<p>3. Programming:</p>
<p>Under Linux: Create a file 80banightcat @ nightcat $ vi 80banner.c Editing the following: / * The www banner scanner .80scanner version 1.0 * * Check for the Enter ip or daem t get the banner * * to complel: * user $ GCC -o 80scaner 80scanner.c * * to use: * user $. / 80scanner somedomain.com (ie ./80scanner antionline.com) * * code by nightcat * march 2004 * * * /</p>
<p>#include <sys / types.h> #include <netinet / in.h> #include <string.h> #include <netdb.h> #include <ctype.h> #include <arpa / nameser.h> #include <strings.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys / socket.h> int main (int Argc, char * argv []) {</p>
<p>INT S; STRUCT IN_ADDR ADDR; STRUCKADDR_IN VICTEM; STRUCT HOSTENT * BAD; Char Buffer [1024];</p>
<p>IF (argc! = 2) {EXIT (Printf ("/ Nusage:% s domain.com / n", argv [0]);}</p>
<p>IF ((BAD = gethostByname) == null) {EXIT (Printf ("Error getting hostname / n");}</p>
<p>Printf ("Check Web Server Version / N"); Printf ("Coded By Nighcat / N");</p>
<p>System ("Sleep 2");</p>
<p>S = socket (AF_INET, SOCK_STREAM, 0); if (s <0) exit (Printf ("Socket Error / N");</p>
<p>Bcopy (Bad-> h_addr, (char *) & victem.sin_addr, bad-> h_length; victem.sin_family = AF_INET; VICTEM.SIN_PORT = HTONS (80);</p>
<p>IF (Connect (Struct SockAddr *) & Victem, SizeOf (VicTem)) <0) {EXIT (Printf ("Connect Error / N");} Printf ("/ Ngetting Http Version / N / N"); Send (S, "HEAD / HTTP / 1.0 / N / N", 17, 0); RECV (S, Buffer, Sizeof (Buffer), 0); Printf ("Version: / N% S", Buffer; Close (s);</p>
<p>} Save file: WQ compilation execution: Nightcat @ Nightcat $ GCC -O 80scaner 80scanner.cnightcat@nightcat $./80scanner somedomain.com results will be output under xterm. Because the output buffer is only 1024 bytes. You can get the following: http / 1.1 400 Bad Requestdate: Tue, 29 Apr 2003 08:54:26 GmtServer: Apache / 1.3.26 (UNIX) PHP / 4.2.2Connection: CloseContent-type: text / html; charset = ISO- 8859-1</p>
<p>I'm late: This article involves Socket programming, the difficulty is high. However, it is actually familiar with several steps. It can also be expanded to multi-thread and remember the results to the file, which is more like a good scanner. It also pays attention to htons (80) this is the transformation of the byte order, detailed look!</p>
<p>Five. Contact me:</p></div><div class="text-center mt-3 text-grey">
转载请注明原文地址:https://www.9cbs.com/read-119312.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>)
</div><div></div></div></div><ul class="postlist list-unstyled">
</ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="119312" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved
</div><div class="col text-right">Processed:
<b>0.031</b>, SQL:
<b>12</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script>
var debug = DEBUG = 0;
var url_rewrite_on = 1;
var url_path = './';
var forumarr = {"1":"Tech"};
var fid = 1;
var uid = 0;
var gid = 0;
xn.options.water_image_url = 'view/img/water-small.png';
</script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script>
var forum_url = 'list-1.html';
var safe_token = 'B7vPyXouMGVxXreCkc7QkZnVemrVfFauTJ1ItQ_2B9Mq6xoGJ1oEJjqF8Iji0TCFFxdFeQPvXm9CnfUzoveKCX1w_3D_3D';
var body = $('body');
body.on('submit', '#form', function() {
var jthis = $(this);
var jsubmit = jthis.find('#submit');
jthis.reset();
jsubmit.button('loading');
var postdata = jthis.serializeObject();
$.xpost(jthis.attr('action'), postdata, function(code, message) {
if(code == 0) {
location.reload();
} else {
$.alert(message);
jsubmit.button('reset');
}
});
return false;
});
function resize_image() {
var jmessagelist = $('div.message');
var first_width = jmessagelist.width();
jmessagelist.each(function() {
var jdiv = $(this);
var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width();
var jmessage_width = Math.min(jdiv.width(), maxwidth);
jdiv.find('img, embed, iframe, video').each(function() {
var jimg = $(this);
var img_width = this.org_width;
var img_height = this.org_height;
if(!img_width) {
var img_width = jimg.attr('width');
var img_height = jimg.attr('height');
this.org_width = img_width;
this.org_height = img_height;
}
if(img_width > jmessage_width) {
if(this.tagName == 'IMG') {
jimg.width(jmessage_width);
jimg.css('height', 'auto');
jimg.css('cursor', 'pointer');
jimg.on('click', function() {
});
} else {
jimg.width(jmessage_width);
var height = (img_height / img_width) * jimg.width();
jimg.height(height);
}
}
});
});
}
function resize_table() {
$('div.message').each(function() {
var jdiv = $(this);
jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>');
});
}
$(function() {
resize_image();
resize_table();
$(window).on('resize', resize_image);
});
var jmessage = $('#message');
jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); });
jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); });
$('#nav li[data-active="fid-1"]').addClass('active');
</script>
