20CN网络安全小组第一代论坛
发表新主题  发表回复

个人资料 | 社区目录 用户登录 | | 论坛搜索 | 常见问题 | 论坛主页
  下一个最老的主题   下一个最新的主题
» 20CN网络安全小组第一代论坛   » 电 脑 技 术   » 编程破解   » SocketStat(转自大鹰主页)

   
作者 标题: SocketStat(转自大鹰主页)
ucr
未注册


图标 1  发表于         编辑/删除帖子   引用原文回复  
这个可以在linux下查出端口开放状态,一个网络连接检测工具

/*
* SocketStat v1.0
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <dirent.h>
#include <ctype.h>
#include <errno.h>
#include <pwd.h>
#include <grp.h>

#define error(x) { fprintf(stderr, "sockstat: %s\n", x); }
#define fatal(x) { fprintf(stderr, "sockstat: %s\n", x); exit(2); }

#define SEARCH_ALL 0 /* 显示所有的sockets信息 */
#define SEARCH_GID 1 /* 根据关键的组或组id来查询 */
#define SEARCH_PID 2 /* 根据关键的进程id来查询 */
#define SEARCH_PNAME 3 /* 根据关键的进程命来查询 */
#define SEARCH_UID 4 /* 根据关键的用户的uid来查询 */

#define PROTOCOL_TCP 3
#define PROTOCOL_UDP 2
#define PROTOCOL_RAW 1

typedef struct {
ino_t inode;
struct in_addr local_addr, remote_addr;
u_int local_port, remote_port;
u_char status, protocol;
uid_t uid;
} ProcNet;

char *states[] = {
"ESTBLSH", "SYNSENT", "SYNRECV", "FWAIT1", "FWAIT2", "TMEWAIT",
"CLOSED", "CLSWAIT", "LASTACK", "LISTEN", "CLOSING", "UNKNOWN"
};

uid_t o_uid;
gid_t o_gid;
pid_t o_pid;
char buf[128], o_pname[8];
DIR *proc, *fd;
FILE *tcp, *udp, *raw;
ProcNet *NetData;
u_char o_search = SEARCH_ALL;
u_int total = 0, stattcp = 0, statudp = 0, statraw = 0;

void usage(char *progname)
{
fprintf(stderr, "usage: %s [-u uid|user] [-g gid|group] [-p pid|process]\n",
progname);
exit(1);
}

int compare(const void *a, const void *b)
{
ProcNet *a_rec, *b_rec;

a_rec = (ProcNet *) a;
b_rec = (ProcNet *) b;

if (a_rec->inode == b_rec->inode)
return 0;
else
return (a_rec->inode > b_rec->inode)?(1) -1);
}

int read_tcp_udp_raw(char *buf, int bufsize)
{
static char fc = PROTOCOL_TCP;
FILE *fileptr;

change:
switch(fc) {
case PROTOCOL_TCP:
fileptr = tcp;
break;
case PROTOCOL_UDP:
fileptr = udp;
break;
case PROTOCOL_RAW:
fileptr = raw;
break;
case 0:
return 0;
default:
fatal("Program go down the hole.");
}

if (fgets(buf, bufsize, fileptr) != NULL)
return fc;

--fc;
goto change;
}

char *get_program_name(char *pid) {
char *ret;
FILE *fp;

if ((ret = malloc(8)) == NULL)
fatal("Unable to allocate memory.");

snprintf(buf, sizeof(buf), "/proc/%s/status", pid);

if ((fp = fopen(buf, "r")) == NULL)
goto error;

if (fgets(buf, sizeof(buf), fp) == NULL)
goto error;

if (sscanf(buf, "Name: %s\n", ret) != 1)
goto error;

fclose(fp);
return ret;

error:
fclose(fp);
return "unknown";
}

void display_record(ProcNet *Record, pid_t pid, char *pname)
{
struct passwd *pwd;

if (Record->protocol == PROTOCOL_TCP) printf("TCP ");
else if (Record->protocol == PROTOCOL_UDP) printf("UDP ");
else printf("RAW ");
pwd = getpwuid(Record->uid);
pname[7] = '\0';
pwd->pw_name[8] = '\0';

printf("%-8s ", pwd->pw_name);
snprintf(buf, sizeof(buf), "%s[%u]", pname, pid);
printf("%s%*s", buf, 15 - strlen(buf), "");
snprintf(buf, sizeof(buf), "%s:%u ", inet_ntoa(Record->local_addr),
Record->local_port);
printf("%s %*s", buf, 21 - strlen(buf), "");
snprintf(buf, sizeof(buf), "%s:%u", inet_ntoa(Record->remote_addr),
Record->remote_port);
printf("%s %*s", buf, 21 - strlen(buf), "");
printf("%s\n", states[Record->status - 1]);

switch(Record->protocol) {
case PROTOCOL_TCP:
++stattcp;
break;
case PROTOCOL_UDP:
++statudp;
break;
case PROTOCOL_RAW:
++statraw;
break;
}
}

void read_proc_net(void)
{
unsigned int i = 0, size = 256;
char protocol;

if ((NetData = calloc(sizeof(ProcNet), size)) == NULL)
fatal("Unable to allocate memory");

while ((protocol = read_tcp_udp_raw(buf, sizeof(buf))) != 0) {
if (i == size) {
size *= 2;
if ((NetData = realloc(NetData, (sizeof(ProcNet) * size))) == NULL)
fatal("Unable to allocate memory");
}

if (sscanf(buf, "%*u: %lX:%x %lX:%x %hx %*X:%*X %*x:%*X %*x %u %*u %u",
(u_long *)&NetData[i].local_addr, &NetData[i].local_port,
(u_long *)&NetData[i].remote_addr, &NetData[i].remote_port,
(u_short *)&NetData[i].status, (u_int *)&NetData[i].uid,
(u_int *)&NetData[i].inode) != 7)
continue;

NetData[i++].protocol = protocol;
}

total = i;
qsort(NetData, total, sizeof(ProcNet), compare);
}

int main(int argc, char *argv[])
{
struct passwd *pwd;
struct group *grp;
struct dirent *procent, *fdent;
int ch, i;

printf("*******************************************************************************\n");
printf("* SocketStat v1.0 from netguard security teams *\n");
printf("* motdify by e4gle *\n");
printf("*******************************************************************************\n");

while ((ch = getopt(argc, argv, "g:u :h")) != EOF)
switch(ch) {
case 'g':
o_search = SEARCH_GID;
if ((grp = getgrnam(optarg)) == NULL)
o_gid = atoi(optarg);
else
o_gid = grp->gr_gid;
o_uid = atoi(optarg);
break;
case 'p':
o_search = SEARCH_PID;
for(i=0;i<strlen(optarg);++i)
if (!isdigit(optarg[i])) {
o_search = SEARCH_PNAME;
strncpy(o_pname, optarg, sizeof(o_pname));
}
if (o_search == SEARCH_PID)
o_pid = (int)strtol(optarg, (char **)NULL, 10);
break;
case 'u':
o_search = SEARCH_UID;
if ((pwd = getpwnam(optarg)) == NULL)
o_uid = atoi(optarg);
else
o_uid = pwd->pw_uid;
break;
case 'h':
default:
usage(argv[0]);
}

if ((tcp = fopen("/proc/net/tcp", "r")) == NULL)
fatal("Cannot open /proc/net/tcp");

if ((udp = fopen("/proc/net/udp", "r")) == NULL)
fatal("Cannot open /proc/net/udp");

if ((raw = fopen("/proc/net/raw", "r")) == NULL)
fatal("Cannot open /proc/net/raw");

if ((proc = opendir("/proc")) == NULL)
fatal("Cannot open /proc/net/tcp");

read_proc_net();

fclose(tcp); fclose(udp); fclose(raw);

printf("Pro User Process Local Address Remote Address State\n");

while ((procent = readdir(proc)) != NULL) {
if (!isdigit(*(procent->d_name)))
continue;

snprintf(buf, sizeof(buf), "/proc/%s/fd/", procent->d_name);

if ((fd = opendir(buf)) == NULL)
continue;

while((fdent = readdir(fd)) != NULL) {
struct passwd *pwd;
struct group *grp;
struct stat st;
ProcNet *ptr;
char *pn;

snprintf(buf, sizeof(buf), "/proc/%s/fd/%s", procent->d_name, fdent->d_name);
if (stat(buf, &st) < 0)
continue;
if (!S_ISSOCK(st.st_mode))
continue;

if ((ptr = bsearch(&st.st_ino, NetData, total, sizeof(ProcNet), compare)) != NULL) {
pn = get_program_name(procent->d_name);

switch(o_search) {
case SEARCH_PID:
if (o_pid == atoi(procent->d_name))
goto display;
break;
case SEARCH_PNAME:
if (!strncasecmp(pn, o_pname, 8))
goto display;
break;
case SEARCH_GID:
grp = getgrgid(o_gid);
while((pwd = getpwnam(*((grp->gr_mem)++))) != NULL)
if (pwd->pw_uid == ptr->uid)
goto display;
break;
case SEARCH_UID:
if (o_uid == ptr->uid)
goto display;
break;
case SEARCH_ALL:
goto display;
default:
fatal("Program go down the hole.");
}

continue;
display:
display_record(ptr, atoi(procent->d_name), pn);
}
}
}

if (stattcp + statudp + statraw)
printf("Total: %d (TCP: %d UDP: %d RAW: %d)\n", stattcp + statudp +
statraw, stattcp, statudp, statraw);
else
printf("None.\n");

exit(0);
}

IP: 已记录
TomyChen
未注册


图标 1  发表于         编辑/删除帖子   引用原文回复  
下次发代码选禁用UBB表情符~~~


一大把的笑脸,让人受不了:)

IP: 已记录
苏樱
未注册


图标 1  发表于         编辑/删除帖子   引用原文回复  
拜托不要再转贴大鹰的帖子了,ok?
改天让他跟我们做个链接得了

不是我不明白,是这世界变化快

IP: 已记录
相思已久
未注册


图标 1  发表于         编辑/删除帖子   引用原文回复  
大鹰还不是个死菜鸟~靠~
这么欣赏大鹰啊!找个亲戚嫁给他啊!
IP: 已记录

 
发表新主题  发表回复 关闭主题 突出主题 移动主题 删除主题 下一个最老的主题   下一个最新的主题
- 适于打印的主题视图
转到:
联系我们 | 20CN网络安全小组

Powered by Infopop Corporation
UBB.classic™ 6.5.0
NetDemon修改版 1.5.0, 20CN网络安全小组 版权所有。