Chargen AMP Scanner - BitchGotRaped Release

1. #include <pthread.h>
2. #include <unistd.h>
3. #include <stdio.h>
4. #include <stdlib.h>
5. #include <string.h>
6. #include <sys/socket.h>
7. #include <netinet/in.h>
8. #include <signal.h>
9. #include <sys/time.h>
10. #include <sys/types.h>
11. #include <math.h>
12. #include <ctype.h>
13. #include <errno.h>
14. #include <arpa/inet.h>
15. #include <netinet/ip.h>
16. #include <netinet/udp.h>
17.  
18. volatile int running_threads = 0;
19. volatile int found_srvs = 0;
20. volatile unsigned long per_thread = 0;
21. volatile unsigned long start = 0;
22. volatile unsigned long scanned = 0;
23. volatile int sleep_between = 0;
24. volatile int bytes_sent = 0;
25. volatile unsigned long hosts_done = 0;
26. FILE *fd;
27.  
28. void *flood(void *par1)
29. {
30. running_threads++;
31. int thread_id = (int)par1;
32. unsigned long start_ip = htonl(ntohl(start)+(per_thread*thread_id));
33. unsigned long end = htonl(ntohl(start)+(per_thread*(thread_id+1)));
34. unsigned long w;
35. int y;
36. unsigned char buf[65536];
37. memset(buf, 0x01, 1);
38. int sizeofpayload = 1;
39. int sock;
40. if((sock=socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP))<0) {
41. perror("cant open socket");
42. exit(-1);
43. }
44. for(w=ntohl(start_ip);w<htonl(end);w++)
45. {
46. struct sockaddr_in servaddr;
47. bzero(&servaddr, sizeof(servaddr));
48. servaddr.sin_family = AF_INET;
49. servaddr.sin_addr.s_addr=htonl(w);
50. servaddr.sin_port=htons(19);
51. sendto(sock,(char *)buf,sizeofpayload,0, (struct sockaddr *)&servaddr,sizeof(servaddr));
52. bytes_sent+=sizeofpayload;
53. scanned++;
54. hosts_done++;
55. }
56. close(sock);
57. running_threads--;
58. return;
59. }
60.  
61. void sighandler(int sig)
62. {
63. fclose(fd);
64. printf("\n");
65. exit(0);
66. }
67.  
68. void *recievethread()
69. {
70. printf("Started Listening Thread\n");
71. int saddr_size, data_size, sock_raw;
72. struct sockaddr_in saddr;
73. struct in_addr in;
74.  
75. unsigned char *buffer = (unsigned char *)malloc(65536);
76. sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);
77. if(sock_raw < 0)
78. {
79. printf("Socket Error\n");
80. exit(1);
81. }
82. while(1)
83. {
84. saddr_size = sizeof saddr;
85. data_size = recvfrom(sock_raw , buffer , 65536 , 0 , (struct sockaddr *)&saddr , &saddr_size);
86. if(data_size <0 )
87. {
88. printf("Recvfrom error , failed to get packets\n");
89. exit(1);
90. }
91. struct iphdr *iph = (struct iphdr*)buffer;
92. if(iph->protocol == 17)
93. {
94. unsigned short iphdrlen = iph->ihl*4;
95. struct udphdr *udph = (struct udphdr*)(buffer + iphdrlen);
96. unsigned char* payload = buffer + iphdrlen + 8;
97. if(ntohs(udph->source) == 19)
98. {
99. int body_length = data_size - iphdrlen - 8;
100. found_srvs++;
101. fprintf(fd,"%s %d\n",inet_ntoa(saddr.sin_addr),body_length);
102. fflush(fd);
103.  
104. }
105. }
106.  
107. }
108. close(sock_raw);
109.  
110. }
111.  
112. int main(int argc, char *argv[ ])
113. {
114.  
115. if(argc < 6){
116. fprintf(stderr, "Invalid parameters!\n");
117. fprintf(stdout, "Usage: %s <ip range start (192.168.0.0)> <ip range end (192.168.255.255)> <outfile> <threads> <scan delay in ms>\n", argv[0]);
118. exit(-1);
119. }
120. fd = fopen(argv[3], "a");
121. sleep_between = atoi(argv[5]);
122.  
123. signal(SIGINT, &sighandler);
124.  
125. int threads = atoi(argv[4]);
126. pthread_t thread;
127.  
128. pthread_t listenthread;
129. pthread_create( &listenthread, NULL, &recievethread, NULL);
130.  
131. char *str_start = malloc(18);
132. memset(str_start, 0, 18);
133. str_start = argv[1];
134. char *str_end = malloc(18);
135. memset(str_end, 0, 18);
136. str_end = argv[2];
137. start = inet_addr(str_start);
138. per_thread = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start))) / threads;
139. unsigned long toscan = (ntohl(inet_addr(str_end)) - ntohl(inet_addr(str_start)));
140. int i;
141. for(i = 0;i<threads;i++){
142. pthread_create( &thread, NULL, &flood, (void *) i);
143. }
144. sleep(1);
145. printf("Starting Scan...\n");
146. char *temp = (char *)malloc(17);
147. memset(temp, 0, 17);
148. sprintf(temp, "Found");
149. printf("%-16s", temp);
150. memset(temp, 0, 17);
151. sprintf(temp, "Host/s");
152. printf("%-16s", temp);
153. memset(temp, 0, 17);
154. sprintf(temp, "B/s");
155. printf("%-16s", temp);
156. memset(temp, 0, 17);
157. sprintf(temp, "Running Thrds");
158. printf("%-16s", temp);
159. memset(temp, 0, 17);
160. sprintf(temp, "Done");
161. printf("%s", temp);
162. printf("\n");
163.  
164. char *new;
165. new = (char *)malloc(16*6);
166. while (running_threads > 0)
167. {
168. printf("\r");
169. memset(new, '\0', 16*6);
170. sprintf(new, "%s|%-15lu", new, found_srvs);
171. sprintf(new, "%s|%-15d", new, scanned);
172. sprintf(new, "%s|%-15d", new, bytes_sent);
173. sprintf(new, "%s|%-15d", new, running_threads);
174. memset(temp, 0, 17);
175. int percent_done=((double)(hosts_done)/(double)(toscan))*100;
176. sprintf(temp, "%d%%", percent_done);
177. sprintf(new, "%s|%s", new, temp);
178. printf("%s", new);
179. fflush(stdout);
180. bytes_sent=0;
181. scanned = 0;
182. sleep(1);
183. }
184. printf("\n");
185. fclose(fd);
186. return 0;
187. }