LINUX C programming three 80banner scanner
One idea:
Usually use the scanner, you can always get the other party's services and server types. In fact, this WWW server from the 80-port is easy to complete. A manual method. Telnet Targetip 80 and then enter Head / HTTP / 1.0 you can get: http / 1.1 400 Bad RequestDate: Tue, 29 Apr 2003 08:54:26 GmtServer: Apache / 1.3.26 (UNIX) PHP / 4.2.2Connection: CloseContent-Type : Text / Html; Charset = ISO-8859-1
The Request Line Contained Invalid Characfollowing The Protocol String.
Second, function description.
This is to use Socket programming. This is a lot of things: You have to find some special information to learn, here is just simple list: 1. Type of socket Socket_StreamSocket_Dgramsocket_RDMT_SEQPACKETSOCKET_RDM
2. Slim address structure SockAddr_insockAddrin_ADDR
3. The implementation process of TCP socket:
Service-Terminal
Socket () | bind () | client listen () socket () | | accept () <- Coordinate connection ---- connection () | | rv () <--- Data Request -------- Send () <- ---- Data Response ----> Recv () - | | RECV () <---- end connection ------ Close () | CLOSE () Introduce several important functions below:
1. Socket (): 1.1 prototype: #include
TYPE: Communication Type SOCK_STREAM (byte Jacket Interface), SOCK_DGRAM (Data Support Set) and SOCK_RAW (Original Set Interface)
Protocol: The protocol used is automatically selected for 0 when 0. 1.3 Return value: successfully returned non-zero, failed to return -1.
2.Connect (): 2.1 Prototype: #include
3.send (): 3.1 prototype: #include
4.Recv (): 4.1 Prototy: #include
5.GethostByname (): 5.1 Prototype: String gethostByname (String hostname); 5.2 Description: This function returns an IP URL (IP Address) of a machine name (Domain Name). If the execution fails, return the original machine name. 6. SockAddr_in structure: 6.1 Structure: SockAddr_in defines in Netinet / in.h: struct sockaddr_in {short int sin_family; / * protocol * / unsigned short int sin_port; / * port number * / struct in_addr sin_addr; / * Network address * / unsigned char sin_zero [8]; / * Keep and SOCKADDR Structures * /}; 6.2 Description: Use the SockAddr_in structure to set / obtain address information. SIN_FAMILY refers to the protocol, which can only be AF_INITSIN_PORT storage port number (using network byte order) SIN_ADDR to store IP addresses, using IN_ADDR {UNSIGNED long s_addr;}; this data structure is due to historical reasons The reserved is mainly used as a previous format. S_addr Stores the IP Address SIN_ZERO in the network byte sequence to keep the SockAddr to maintain the same empty byte that remains the same as the SOCKADDR_IN. 6.3 Example: Struct SockAddr_in sa; sa.sin_family = AF_INET; sa.sin_port = HTONS (3490); / * short, nbo * / sa.sin_addr.s_addr = inet_addr ("132.241.5.10"); Bzero (& (SA. SIN_ZERO), 8); Note: If sa.sin_addr.s_addr = INADDR_ANY, the IP address is not specified
7.Hostent Structure 7.1 Structure: This data structure is defined as follows: struct hostent {char * h_name; / * The official name of the host * / char ** h_aliases; / * Host alias * / int h_addrtype; / * Return the address type, Generally AF_INET * / INT H_LENGTH; / * The byte length of the address * / char ** h_addr_list / * host network address * /}
OK understands the above, almost the same can start writing a program, not very understanding. Can use it first. Slowly learn from the usage. In fact, there are still many things to know. I just list the basics used in my program.
3. Programming:
Under Linux: Create a file 80banightcat @ nightcat $ vi 80banner.c Editing the following: / * The www banner scanner .80scanner version 1.0 * * Check for the Enter ip or daem t get the banner * * to complel: * user $ GCC -o 80scaner 80scanner.c * * to use: * user $. / 80scanner somedomain.com (ie ./80scanner antionline.com) * * code by nightcat * march 2004 * * * /
#include
INT S; STRUCT IN_ADDR ADDR; STRUCKADDR_IN VICTEM; STRUCT HOSTENT * BAD; Char Buffer [1024];
IF (argc! = 2) {EXIT (Printf ("/ Nusage:% s domain.com / n", argv [0]);}
IF ((BAD = gethostByname) == null) {EXIT (Printf ("Error getting hostname / n");}
Printf ("Check Web Server Version / N"); Printf ("Coded By Nighcat / N");
System ("Sleep 2");
S = socket (AF_INET, SOCK_STREAM, 0); if (s <0) exit (Printf ("Socket Error / N");
Bcopy (Bad-> h_addr, (char *) & victem.sin_addr, bad-> h_length; victem.sin_family = AF_INET; VICTEM.SIN_PORT = HTONS (80);
IF (Connect (Struct SockAddr *) & Victem, SizeOf (VicTem)) <0) {EXIT (Printf ("Connect Error / N");} Printf ("/ Ngetting Http Version / N / N"); Send (S, "HEAD / HTTP / 1.0 / N / N", 17, 0); RECV (S, Buffer, Sizeof (Buffer), 0); Printf ("Version: / N% S", Buffer; Close (s);
} Save file: WQ compilation execution: Nightcat @ Nightcat $ GCC -O 80scaner 80scanner.cnightcat@nightcat $./80scanner somedomain.com results will be output under xterm. Because the output buffer is only 1024 bytes. You can get the following: http / 1.1 400 Bad Requestdate: Tue, 29 Apr 2003 08:54:26 GmtServer: Apache / 1.3.26 (UNIX) PHP / 4.2.2Connection: CloseContent-type: text / html; charset = ISO- 8859-1
I'm late: This article involves Socket programming, the difficulty is high. However, it is actually familiar with several steps. It can also be expanded to multi-thread and remember the results to the file, which is more like a good scanner. It also pays attention to htons (80) this is the transformation of the byte order, detailed look!
Five. Contact me: