SYN扫描源代码(优选.)

精品精品word.#/19if((ntohl(tcphdr->th_ack)!=(SEQ+1))&&(ntohl(tcphdr->th_ack)!=SEQ))returnfalse;〃if(tcphdr->th_flag==20)returntrue;//SYN/ACK-扫描到一个端口if(tcphdr->th_flag==18){printf("\t%d\topen\n",ntohs(tcphdr->th_sport));returntrue;}returntrue;}voidusage(void){printf("\t===================SYNportscaner======================\n");printf("\t============gxisone@2004/7/6===========\n");printf("\tusage:synscanDomainName[IP]StartPort-EndPort\n");printf("\tExample:synscan1-139\n");printf("\tExample:synscan8000-9000\n");}DWORDWINAPIRecvThread(LPVOIDpara)//接收数据线程函数intiErrorCode;structhostent*hp;charRecvBuf[65535]={0};sockListen=socket(AF_INET,SOCK_RAW,IPPROTO_IP);CheckSockError(sockListen,"socket");//设置IP头操作选项BOOLbOpt=true;iErrorCode = setsockopt(sockRaw,IPPROTO_IP,IP_HDRINCL,(char*)&bOpt,sizeof(bOpt));CheckSockError(iErrorCode,"setsockopt()");〃获得本地IPSOCKADDR_INsa;unsignedcharLocalName[256];iErrorCode=gethostname((char*)LocalName,sizeof(LocalName)-1);CheckSockError(iErrorCode,"gethostname()");if((hp=gethostbyname((char*)LocalName))==NULL){CheckSockError(SOCKET_ERROR,"gethostbyname()");}memcpy(&sa.sin_addr.S_un.S_addr,hp->h_addr_list[1],hp->h_length);sa.sin_family=AF_INET;sa.sin_port=htons(7000);iErrorCode=bind(sockListen,(PSOCKADDR)&sa,sizeof(sa));CheckSockError(iErrorCode,"bind");//设置SOCK_RAW为SIO_RCVALL,以便接收所有的IP包DWORDdwBufferLen[10];DWORDdwBufferInLen=1;DWORDdwBytesReturned=0;iErrorCode=WSAIoctl(sockListen,SIO_RCVALL,&dwBufferInLen,sizeof(dwBufferInLen),&dwBufferLen,sizeof(dwBufferLen),&dwBytesReturned,NULL,NULL);CheckSockError(iErrorCode,"Ioctl");memset(RecvBuf,0,sizeof(RecvBuf));//接收数据for(;;){iErrorCode=recv(sockListen,RecvBuf,sizeof(RecvBuf),0);//CheckSockError(iErrorCode,"recv");DecodeIPHeader(RecvBuf,iErrorCode);}if(ScanOK){closesocket(sockListen);return0;}}voidplayx(void)//定义状态提示函数{//进度条char*plays[12]={"|","/","-","\\","|","/","-","\\","|","/","-","\\",};printf("=%s=\r",plays[play]);play=(play==11)?0:play+1;Sleep(2);}//主函数intmain(intargc,char**argv){char*p;if(argc!=3){usage();return0;}p=argv[2];//处理端口参数if(strstr(argv[2],"-")){DEST_PORT=atoi(argv[2]);for(;*p;)if(*(p++)=='-')break;DEST_PORTEND=atoi(p);if(DEST_PORT<1||DEST_PORTEND>65535){printf("PortError!\n");return0;}}DEST_HOST=argv[1];usage();intiErrorCode;intdatasize;structhostent*hp;IP_HEADERip_header;TCP_HEADERtcp_header;charSendBuf[128]={0};〃初始化SOCKETWSADATAwsaData;iErrorCode=WSAStartup(MAKEWORD(2,2),&wsaData);CheckSockError(iErrorCode,"WSAStartup()");sockRaw=socket(AF_INET,SOCK_RAW,IPPROTO_IP);CheckSockError(sockRaw,"socket()");sockListen=socket(AF_INET,SOCK_RAW,IPPROTO_IP);CheckSockError(sockListen,"socket");//设置IP头操作选项BOOLbOpt=true;iErrorCode = setsockopt(sockRaw,IPPROTO_IP,IP_HDRINCL,(char*)&bOpt,sizeof(bOpt));CheckSockError(iErrorCode,"setsockopt()");〃获得本地IPSOCKADDR_INsa;unsignedcharLocalName[256];iErrorCode=gethostname((char*)LocalName,sizeof(LocalName)-1);CheckSockError(iErrorCode,"gethostname()");if((hp=gethostbyname((char*)LocalName))==NULL){CheckSockError(SOCKET_ERROR,"gethostbyname()");}memcpy(&sa.sin_addr.S_un.S_addr,hp->h_addr_list[1],hp->h_length);sa.sin_family=AF_INET;sa.sin_port=htons(7000);iErrorCode=bind(sockListen,(PSOCKADDR)&sa,sizeof(sa));CheckSockError(iErrorCode,"bind");〃获得目标主机IPmemset(&dest,0,sizeof(dest));dest.sin_family=AF_INET;dest.sin_port=htons(DEST_PORT);if((dest.sin_addr.s_addr=inet_addr(DEST_HOST))==INADDR_NONE){if((hp=gethostbyname(DEST_HOST))!=NULL){memcpy(&(dest.sin_addr),hp->h_addr_list[1],hp->h_length);dest.sin_family=hp->h_addrtype;printf("dest.sin_addr=%s\n",inet_ntoa(dest.sin_addr));}else{CheckSockError(SOCKET_ERROR,"gethostbyname()");}}//开启监听线程HANDLEThread=CreateThread(NULL,0,RecvThread,0,0,0);//填充IP首部ip_header.h_lenver=(4<<4|sizeof(ip_header)/sizeof(unsignedlong));〃高四位IP版本号，低四位首部长度ip_header.total_len=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));//16位总长度(字节)ip_header.ident=1;//16位标识ip_header.frag_and_flags=0;//3位标志位ip_header.ttl=128;//8位生存时间TTLip_to=IPPROTO_TCP;//8位协议(TCP,UDP…)ip_header.checksum=0;〃16位IP首部校验和ip_header.sourceIP=sa.sin_addr.s_addr;〃32位源IP地址ip_header.destIP=dest.sin_addr.s_addr;//32位目的IP地址//填充TCP首部tcp_header.th_sport=htons(7000);//源端口号tcp_header.th_lenres=(sizeof(TCP_HEADER)/4<<4|0);//TCP长度和保留位tcp_header.th_win=htons(16384);//填充TCP伪首部(用于计算校验和，并不真正发送)psd_header.saddr=ip_header.sourceIP;psd_header.daddr=ip_header.destIP;psd_header.mbz=0;psd_header.ptcl=IPPROTO_TCP;psd_header.tcpl=htons(sizeof(tcp_header));Sleep(500);printf("\n");printf("Scaning%s\n",DEST_HOST);start=clock();〃开始计时for(;DEST_PORT<DEST_PORTEND;DEST_PORT++){playx();tcp_header.th_dport=htons(DEST_PORT);//目的端口号tcp_header.th_ack=0;//ACK序列号置为0tcp_header.th_flag=2;//SYN标志tcp_header.th_seq=htonl(SEQ);//SYN序列号tcp_header.th_urp=0;//偏移tcp_header.th_sum=0;//校验和//计算TCP校验和，计算校验和时需要包括TCPpseudoheadermemcpy(SendBuf,&psd_header,sizeof(psd_header));memcpy(SendBuf+sizeof(psd_header),&tcp_header,sizeof(tcp_header));tcp_header.th_sum=checksum((USHORT*)SendBuf,sizeof(psd_header)+sizeof(tcp_header));//计算IP校验和memcpy(SendBuf,&ip_header,sizeof(ip_header));memcpy(SendBuf+sizeof(ip_header),&tcp_header,sizeof(tcp_header));memset(SendBuf+sizeof(ip_header)+sizeof(tcp_header),0,4);datasi