Nov 02 2002
Anonymous ftp scanner
Scans for anonymous ftp hosts in an IP range. To compile, gcc fatap.c -o fatap.
fatap.c1 /* Pravin Paratey (November 02, 2002) 2 * Searches for anonymous ftp servers in the given range 3 * Range can be of the form 10.2.0-3.* 4 * Wildcards * and range modifier - allowed 5 **/ 6 7 #include <sys/socket.h> 8 #include <sys/types.h> 9 #include <resolv.h> 10 #include <unistd.h> 11 #include <errno.h> 12 #include <signal.h> 13 #include <pthread.h> 14 15 #define TIMEOUT 4 16 #define MAX_THREADS 5 17 extern int errno; 18 19 /* this will handle timeouts */ 20 struct sigaction action; 21 /* Stores the current ip, stderr and alarm problem had to make it global:( */ 22 char conString[20]; 23 24 int numThreads; // Stores the number of threads 25 pthread_cond_t threadFree; // Tells if the no of running threads < MAX_THREADS 26 pthread_mutex_t threadLock; // Mutex which is locked while changing numThreads 27 28 29 void tryConnect (void *address); 30 void fillIP (char *string, int array[4]); 31 void timedOut(); 32 33 int main(int argc, char *argv[]) 34 { 35 int start[4], end[4]; // IP addresses 36 char *pStart, *pEnd; 37 int count; 38 int i,j,k,l; 39 char *bigline="-------------------------------------------------------------------"; 40 pthread_t daThread; 41 42 43 if (argc < 3) { 44 printf ("Usage: %s <start-ip-address> <end-ip-address>\n \ 45 <*ip-address> is of the form x.x.x.x where x is between 0 and 255 both inclusive.\n \ 46 eg. 10.2.1.27\n", argv[0]); 47 exit(2); 48 } 49 50 printf("%s\n fatap v0.2a - A proggy which scans an ip range for open ftp ports\n\ 51 By Pravin Paratey (pravin@iitb.ac.in)\n%s\n", bigline, bigline); 52 53 /* Get the start ip address */ 54 fillIP (argv[1], start); 55 56 /* Get the end ip address */ 57 fillIP (argv[2], end); 58 59 /* Check if the ranges are correct */ 60 if (!(start[0] <= end[0] && start[1] <= end[1] && 61 start[2] <= end[2] && start[3] <= end[3])) { 62 fprintf(stderr, "%s: Invalid range specified\n", argv[0]); 63 exit(2); 64 } 65 66 67 /* Some alarm related stuff */ 68 action.sa_handler = timedOut; 69 action.sa_flags = 0; 70 /* Set sigaction for alarm timeout */ 71 sigaction (SIGALRM, &action, 0); 72 73 /* Initialise threads */ 74 pthread_mutex_init(&threadLock, NULL); 75 pthread_cond_init(&threadFree, NULL); 76 numThreads = 0; 77 78 /* Iterate */ 79 for (i=start[0]; i <= end[0]; i++) { 80 for (j=start[1]; j <= end[1]; j++) { 81 for (k=start[2]; k <= end[2]; k++) { 82 for (l=start[3]; l <= end[3]; l++) { 83 sprintf(conString, "%i.%i.%i.%i",i,j,k,l); 84 if (numThreads > 5) { 85 pthread_cond_wait (&threadFree, &threadLock); 86 } 87 pthread_create(&daThread, NULL, tryConnect, (void*) conString); 88 pthread_mutex_lock(&threadLock); 89 numThreads++; 90 pthread_mutex_unlock(&threadLock); 91 start[3] = start[2] = start[1] = 0; 92 } 93 } 94 } 95 } 96 pthread_cond_destroy(&threadFree); 97 pthread_mutex_destroy(&threadLock); 98 return 0; 99 } 100 101 void fillIP (char *string, int array[4]) 102 { 103 int count; 104 char *pStart, *pEnd; 105 106 count=0; 107 pStart = pEnd = string; 108 while (*pEnd != 0) { 109 if (*pEnd == '.') { 110 *pEnd = 0; 111 array[count++] = atoi(pStart); 112 pStart = pEnd+1; 113 } 114 *pEnd++; 115 } 116 array[count] = atoi(pStart); 117 } 118 119 void tryConnect (void *address) 120 { 121 /* Some variables */ 122 int sock1; 123 struct sockaddr_in sa1; 124 char inbuf[1000]; 125 char outbuf[100]; 126 int retval; 127 128 /* Create socket */ 129 sock1 = socket (AF_INET, SOCK_STREAM, 0); 130 if (sock1 == -1) { 131 perror(address); 132 exit(1); 133 } 134 135 sa1.sin_family = AF_INET; 136 sa1.sin_port = htons(21); 137 inet_aton (address, &sa1.sin_addr.s_addr); 138 139 /* Set timeout */ 140 //alarm(TIMEOUT); 141 142 /* Connect to server and see if alive */ 143 if (connect (sock1,(struct sockaddr *) &sa1, sizeof (sa1)) == -1) { 144 if (errno != 4) // 4 - Interrupted system call (return from signal) 145 fprintf(stderr, "[%s] %s\n",address, strerror(errno)); 146 } 147 else { 148 sprintf(outbuf, "USER anonymous\r\n"); 149 if(send(sock1, outbuf, sizeof(outbuf), 0) == -1) 150 goto CLOSECON; 151 retval = recv(sock1, inbuf, 1000, 0); 152 if(retval == -1) 153 goto CLOSECON; 154 if(send(sock1, "\r\n",2,0) == -1) 155 goto CLOSECON; 156 retval = recv(sock1, inbuf, 1000, 0); 157 sprintf(outbuf,"PASS unknown@unknown.com\r\n"); 158 if(send(sock1, outbuf, sizeof(outbuf), 0) == -1) 159 goto CLOSECON; 160 retval = recv(sock1, inbuf, 1000, 0); 161 if(send(sock1, "\r\n",2,0) == -1) 162 goto CLOSECON; 163 retval = recv(sock1, inbuf, 1000, 0); 164 165 sscanf(inbuf, "%i %s*",&retval); 166 printf("***%i\n",retval); 167 if(retval == 230 || retval == 220) 168 printf("[%s] Anonymous allowed\n", address); 169 else 170 printf("[%s] Anonymous NOT allowed\n", address); 171 send(sock1, "QUIT\r\n", sizeof("QUIT\r\n"), 0); 172 recv(sock1, inbuf, 1000, 0); 173 } 174 /* Reset alarm */ 175 //alarm(0); 176 CLOSECON: 177 close(sock1); 178 pthread_mutex_lock(&threadLock); 179 numThreads--; 180 pthread_cond_signal(&threadFree); 181 pthread_mutex_unlock(&threadLock); 182 pthread_exit(0); 183 } 184 185 void timedOut() 186 { 187 fprintf(stderr,"[%s] Connection timed out\n", conString); 188 }