daily pastebin goal
66%
SHARE
TWEET

DiabloHorn

a guest Jul 10th, 2009 405 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2. """
  3.    Author: DiabloHorn (http://diablohorn.wordpress.com)
  4.    Purpose: Scan for hosts which are suitable to perform an idle scan.
  5.    More info: http://nmap.org/book/idlescan.html
  6. """
  7. import sys
  8. import getopt
  9. from scapy import *
  10.  
  11. def analyzeIPID(lipid):
  12.     """
  13.        Analyze the list of ipids to determine if it's incremental
  14.        Shameless port from:
  15.        https://metasploit.com/trac/browser/framework3/trunk/modules/auxiliary/scanner/ip/ipidseq.rb
  16.    """
  17.     allzeros = True
  18.     allsame = True
  19.     mul256 = True
  20.     inc = True
  21.     diffs = []
  22.     i = 1
  23.     if conf.verb > 0:
  24.         print "[*] Analyzing %s" % lipid
  25.         print "[*] Length  %s" % len(lipid)
  26.     if len(lipid) < 2:
  27.         return "Unknown"
  28.     while i < len(lipid):
  29.         p = lipid[i - 1]
  30.         c = lipid[i]
  31.         if p != 0 or c != 0:
  32.             allzeros = False
  33.  
  34.         if p <= c:
  35.             diffs.append(c - p)
  36.         else:
  37.             diffs.append(c - p + 65536)
  38.  
  39.         if len(lipid) > 2 and diffs[i - 1] > 20000:
  40.             return "Randomized"
  41.  
  42.         i+=1
  43.  
  44.     if allzeros:
  45.         return "All zeros"
  46.  
  47.     for diff in diffs:
  48.         if diff > 1000 and ((diff % 256) != 0 or ((diff  % 256) == 0 and diff >= 25600)):
  49.             return "Random positive increment"
  50.  
  51.         if diff != 0:
  52.             allsame = False
  53.            
  54.         if diff > 5120 or (diff % 256) !=0:
  55.             mul256 = False
  56.            
  57.         if diff >= 10:
  58.             inc = False
  59.  
  60.     if allsame:
  61.         return "Constant"
  62.  
  63.     if mul256:
  64.         return "Broken little-endian incremental"
  65.  
  66.     if inc:
  67.         return "Incemental!"
  68.    
  69.     return "unknown"
  70.  
  71. def txthelp():
  72.     print "[*] DiabloHorn http://diablohorn.wordpress.com"
  73.     print "[*] " + sys.argv[0] + " [-v] -t <target> [-w] <waittime>"
  74.     sys.exit(0)
  75.  
  76. if __name__ == "__main__":
  77.    
  78.     if len(sys.argv) <= 1:
  79.         txthelp()
  80.     print
  81.     rawdata = dict()
  82.     conf.verb=0
  83.     pcktIPID=IP()
  84.     try:
  85.         opts, args = getopt.getopt(sys.argv[1:],"vht:w:",["verbose","help","target=","waittime="])
  86.     except getopt.GetoptError, err:
  87.         print str(err)
  88.         txthelp()
  89.         sys.exit(0)
  90.    
  91.     for o,a in opts:
  92.         if o in ("-h","--help"):
  93.             txthelp()
  94.         elif o in ("-v","--verbose"):
  95.             conf.verb = 2
  96.         elif o in ("-t","--target"):
  97.             pcktIPID.dst=a
  98.         elif o in ("-w","--wait"):
  99.             to = float(a)
  100.         else:
  101.             print "Unknown option"
  102.             sys.exit(1)
  103.     if conf.verb > 0:
  104.         print "[*] verbose set to: " + str(conf.verb)
  105.         print "[*] target set to: " + str(pcktIPID.dst)
  106.     print "[*] Starting scan"
  107.    
  108.     """
  109.        Send the packets
  110.    """
  111.     for i in range(0,5):
  112.         res,unans=sr(pcktIPID/TCP(dport=[80,443]),timeout=to)
  113.         """
  114.        Receive answers
  115.        """
  116.         for s,r in res:
  117.             ipsrc = r[IP].src
  118.             ipsrcid = r[IP].id
  119.             if ipsrc in rawdata:
  120.                 rawdata[ipsrc].append(ipsrcid)
  121.             else:
  122.                 rawdata[ipsrc] = [ipsrcid]
  123.     """
  124.        Analyze and print results
  125.    """
  126.     for k,v in rawdata.iteritems():
  127.         rawdata[k] = analyzeIPID(v)
  128.         print "[*] %s = %s" % (k,rawdata[k])
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top