OpenVAS Libraries  9.0.3
nasl_builtin_nmap.c File Reference

Advanced wrapper for nmap. Perform comprehensive network scanning. More...

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <glib.h>
#include "../misc/arglists.h"
#include "../misc/plugutils.h"
#include "../misc/popen.h"
#include "../misc/openvas_logging.h"
#include "../misc/prefs.h"
#include "../base/kb.h"
#include "nasl_lex_ctxt.h"
Include dependency graph for nasl_builtin_nmap.c:

Go to the source code of this file.

Data Structures

struct  nse_script
 Handle the results of a NSE script. More...
 
struct  traceroute_hop
 Describe a detected hop on the route. More...
 
struct  nmap_port
 Store port information. More...
 
struct  nmap_host
 Store host information. More...
 
struct  nmap_parser
 Handle states for XML parsing. More...
 
struct  nmap_t
 Main nmap execution handler. More...
 
struct  nmap_opt_t
 Describe an nmap command line option. More...
 

Macros

#define dbg(...)   do { log_legacy_write (__VA_ARGS__); } while (0)
 
#define err(x)   do { perror (x); } while (0)
 
#define CHUNK_LEN   512
 Input chunks size for the XML parser. More...
 
#define MAX_TRACE_HOPS   64
 Maximum number of hops to the target. More...
 
#define NMAP_CMD   "nmap"
 Nmap command to call. More...
 
#define PREF_TREAT_ALL_HOST_ONLINE   "Treat all hosts as online"
 Plugin parameter description: skip alive hosts discovery phase. More...
 
#define PREF_TRACEROUTE   "Trace hop path to each host"
 Plugin parameter description: perform traceroute. More...
 
#define PREF_NO_DNS   "Disable DNS resolution"
 Plugin parameter description: don't perform reverse resolution on discovered IP addresses. More...
 
#define PREF_TCP_SCANNING_TECHNIQUE   "TCP scanning technique"
 Plugin parameter description: TCP port scanning technique to use. More...
 
#define PREF_SERVICE_SCAN   "Service scan"
 Plugin parameter description: perform service/version detection scan. More...
 
#define PREF_RPC_PORT_SCAN   "RPC port scan"
 Plugin parameter description: perform RPC port scan. More...
 
#define PREF_IDENTIFY_REMOTE_OS   "Identify the remote OS"
 Plugin parameter description: perform remote OS fingerprinting. More...
 
#define PREF_AGGRESSIVE_OS_DETECT   "Aggressive OS detection"
 Plugin parameter description: guess OS from closest match if necessary. More...
 
#define PREF_FRAGMENT_IP   "Fragment IP packets (bypasses firewalls)"
 Plugin parameter description: try to evade defense by fragmenting IP packets. More...
 
#define PREF_SOURCE_PORT   "Source port"
 Plugin parameter description: set source port. More...
 
#define PREF_TIMING_POLICY   "Timing policy"
 Plugin parameter description: select timing template. More...
 
#define PREF_HOST_TIMEOUT   "Host Timeout (ms)"
 Plugin parameter description: give up on host after this time elapsed. More...
 
#define PREF_MIN_RTT_TIMEOUT   "Min RTT Timeout (ms)"
 Plugin parameter description: probe round trip time hint (minimal value) More...
 
#define PREF_MAX_RTT_TIMEOUT   "Max RTT Timeout (ms)"
 Plugin parameter description: probe round trip time hint (maximal value). More...
 
#define PREF_INITIAL_RTT_TIMEOUT   "Initial RTT timeout (ms)"
 Plugin parameter description: probe round trip time hint (initial value). More...
 
#define PREF_MIN_PARALLELISM   "Ports scanned in parallel (min)"
 Plugin parameter description: force minimum number of parallel active probes. More...
 
#define PREF_MAX_PARALLELISM   "Ports scanned in parallel (max)"
 Plugin parameter description: force maximum number of parallel active probes. More...
 
#define PREF_MIN_HOSTGROUP   "Hosts scanned in parallel (min)"
 Plugin parameter description: force minimum number of hosts to scan in parallel. More...
 
#define PREF_MAX_HOSTGROUP   "Hosts scanned in parallel (max)"
 Plugin parameter description: force maximum number of hosts to scan in parallel. More...
 
#define PREF_INTERPROBE_DELAY   "Minimum wait between probes (ms)"
 Plugin parameter description: set idle interval between probes. More...
 
#define PREF_EXCLUDE_HOSTS   "Exclude hosts"
 Plugin parameter description: comma-separated list of hosts to exclude from the scan. More...
 
#define PREF_IMPORT_XML_FILE   "File containing XML results"
 Plugin parameter description: import XML file. More...
 
#define OPT_SET   "yes"
 Checkbox value (when set). More...
 
#define OPT_UNSET   "no"
 Checkbox value (when unset). More...
 
#define list_free(list, dtor, udata)
 
#define PRINT_NOT_NULL(x)   ((x) ? (x) : "")
 

Functions

tree_cellplugin_run_nmap (lex_ctxt *lexic)
 Run the nmap_net subsystem. More...
 

Detailed Description

Advanced wrapper for nmap. Perform comprehensive network scanning.

This plugin was designed to be executed only once per network. It generates the nmap command line according to the specified options, runs nmap, parses the output and stores results for each host in the knowledge base.

Definition in file nasl_builtin_nmap.c.

Macro Definition Documentation

◆ CHUNK_LEN

#define CHUNK_LEN   512

Input chunks size for the XML parser.

Definition at line 85 of file nasl_builtin_nmap.c.

◆ dbg

#define dbg (   ...)    do { log_legacy_write (__VA_ARGS__); } while (0)

Definition at line 74 of file nasl_builtin_nmap.c.

Referenced by plugin_run_nmap().

◆ err

◆ list_free

#define list_free (   list,
  dtor,
  udata 
)
Value:
do { \
if (list) \
{ \
g_slist_foreach (list, (GFunc) dtor, udata); \
g_slist_free (list); \
list = NULL; \
} \
} while (0)

Definition at line 1179 of file nasl_builtin_nmap.c.

◆ MAX_TRACE_HOPS

#define MAX_TRACE_HOPS   64

Maximum number of hops to the target.

Definition at line 90 of file nasl_builtin_nmap.c.

◆ NMAP_CMD

#define NMAP_CMD   "nmap"

Nmap command to call.

Definition at line 95 of file nasl_builtin_nmap.c.

◆ OPT_SET

#define OPT_SET   "yes"

Checkbox value (when set).

Definition at line 227 of file nasl_builtin_nmap.c.

◆ OPT_UNSET

#define OPT_UNSET   "no"

Checkbox value (when unset).

Definition at line 232 of file nasl_builtin_nmap.c.

◆ PREF_AGGRESSIVE_OS_DETECT

#define PREF_AGGRESSIVE_OS_DETECT   "Aggressive OS detection"

Plugin parameter description: guess OS from closest match if necessary.

Definition at line 141 of file nasl_builtin_nmap.c.

◆ PREF_EXCLUDE_HOSTS

#define PREF_EXCLUDE_HOSTS   "Exclude hosts"

Plugin parameter description: comma-separated list of hosts to exclude from the scan.

Definition at line 216 of file nasl_builtin_nmap.c.

◆ PREF_FRAGMENT_IP

#define PREF_FRAGMENT_IP   "Fragment IP packets (bypasses firewalls)"

Plugin parameter description: try to evade defense by fragmenting IP packets.

Definition at line 147 of file nasl_builtin_nmap.c.

◆ PREF_HOST_TIMEOUT

#define PREF_HOST_TIMEOUT   "Host Timeout (ms)"

Plugin parameter description: give up on host after this time elapsed.

Definition at line 163 of file nasl_builtin_nmap.c.

◆ PREF_IDENTIFY_REMOTE_OS

#define PREF_IDENTIFY_REMOTE_OS   "Identify the remote OS"

Plugin parameter description: perform remote OS fingerprinting.

Definition at line 135 of file nasl_builtin_nmap.c.

◆ PREF_IMPORT_XML_FILE

#define PREF_IMPORT_XML_FILE   "File containing XML results"

Plugin parameter description: import XML file.

Definition at line 221 of file nasl_builtin_nmap.c.

◆ PREF_INITIAL_RTT_TIMEOUT

#define PREF_INITIAL_RTT_TIMEOUT   "Initial RTT timeout (ms)"

Plugin parameter description: probe round trip time hint (initial value).

Definition at line 181 of file nasl_builtin_nmap.c.

◆ PREF_INTERPROBE_DELAY

#define PREF_INTERPROBE_DELAY   "Minimum wait between probes (ms)"

Plugin parameter description: set idle interval between probes.

Definition at line 210 of file nasl_builtin_nmap.c.

◆ PREF_MAX_HOSTGROUP

#define PREF_MAX_HOSTGROUP   "Hosts scanned in parallel (max)"

Plugin parameter description: force maximum number of hosts to scan in parallel.

Definition at line 205 of file nasl_builtin_nmap.c.

◆ PREF_MAX_PARALLELISM

#define PREF_MAX_PARALLELISM   "Ports scanned in parallel (max)"

Plugin parameter description: force maximum number of parallel active probes.

Definition at line 193 of file nasl_builtin_nmap.c.

◆ PREF_MAX_RTT_TIMEOUT

#define PREF_MAX_RTT_TIMEOUT   "Max RTT Timeout (ms)"

Plugin parameter description: probe round trip time hint (maximal value).

Definition at line 175 of file nasl_builtin_nmap.c.

◆ PREF_MIN_HOSTGROUP

#define PREF_MIN_HOSTGROUP   "Hosts scanned in parallel (min)"

Plugin parameter description: force minimum number of hosts to scan in parallel.

Definition at line 199 of file nasl_builtin_nmap.c.

◆ PREF_MIN_PARALLELISM

#define PREF_MIN_PARALLELISM   "Ports scanned in parallel (min)"

Plugin parameter description: force minimum number of parallel active probes.

Definition at line 187 of file nasl_builtin_nmap.c.

◆ PREF_MIN_RTT_TIMEOUT

#define PREF_MIN_RTT_TIMEOUT   "Min RTT Timeout (ms)"

Plugin parameter description: probe round trip time hint (minimal value)

Definition at line 169 of file nasl_builtin_nmap.c.

◆ PREF_NO_DNS

#define PREF_NO_DNS   "Disable DNS resolution"

Plugin parameter description: don't perform reverse resolution on discovered IP addresses.

Definition at line 114 of file nasl_builtin_nmap.c.

◆ PREF_RPC_PORT_SCAN

#define PREF_RPC_PORT_SCAN   "RPC port scan"

Plugin parameter description: perform RPC port scan.

Definition at line 130 of file nasl_builtin_nmap.c.

◆ PREF_SERVICE_SCAN

#define PREF_SERVICE_SCAN   "Service scan"

Plugin parameter description: perform service/version detection scan.

Definition at line 125 of file nasl_builtin_nmap.c.

◆ PREF_SOURCE_PORT

#define PREF_SOURCE_PORT   "Source port"

Plugin parameter description: set source port.

Definition at line 152 of file nasl_builtin_nmap.c.

◆ PREF_TCP_SCANNING_TECHNIQUE

#define PREF_TCP_SCANNING_TECHNIQUE   "TCP scanning technique"

Plugin parameter description: TCP port scanning technique to use.

Definition at line 119 of file nasl_builtin_nmap.c.

◆ PREF_TIMING_POLICY

#define PREF_TIMING_POLICY   "Timing policy"

Plugin parameter description: select timing template.

Definition at line 157 of file nasl_builtin_nmap.c.

◆ PREF_TRACEROUTE

#define PREF_TRACEROUTE   "Trace hop path to each host"

Plugin parameter description: perform traceroute.

Definition at line 108 of file nasl_builtin_nmap.c.

◆ PREF_TREAT_ALL_HOST_ONLINE

#define PREF_TREAT_ALL_HOST_ONLINE   "Treat all hosts as online"

Plugin parameter description: skip alive hosts discovery phase.

Definition at line 103 of file nasl_builtin_nmap.c.

◆ PRINT_NOT_NULL

#define PRINT_NOT_NULL (   x)    ((x) ? (x) : "")

Function Documentation

◆ plugin_run_nmap()

tree_cell* plugin_run_nmap ( lex_ctxt lexic)

Run the nmap_net subsystem.

Parameters
[in]lexicNASL state.
Returns
NULL on error, FAKE_CELL on success.

Definition at line 485 of file nasl_builtin_nmap.c.

References dbg.

486 {
487  nmap_t *nmap;
488 
489  dbg ("Starting Nmap builtin wrapper\n");
490 
491  /* Initialize our nmap handler */
492  if ((nmap = nmap_create (lexic)) == NULL)
493  {
494  dbg ("Unable to initialize Nmap\n");
495  return NULL;
496  }
497 
498  /* Execute nmap and store results */
499  nmap_run_and_parse (nmap);
500 
501  /* release resources */
502  nmap_destroy (nmap);
503 
504  return FAKE_CELL;
505 }
#define FAKE_CELL
Definition: nasl_tree.h:120
#define dbg(...)
Main nmap execution handler.