nmap源代码分析
- 格式:doc
- 大小:107.00 KB
- 文档页数:16
以下代码是对nmap_main()函数基本的分析。
其中以///开头是新添加的注释。而以类似于///
int nmap_main(int argc, char *argv[]) {
int i;
vector
time_t now;
struct hostent *target = NULL;
time_t timep;
char mytime[128];
addrset exclude_group;
#ifndef NOLUA
/* Only NSE scripts can add targets */
NewTargets *new_targets = NULL;///NewTargets为Singleton模式,产生单个实例
/* Pre-Scan and Post-Scan script results datastructure */
ScriptResults *script_scan_results = NULL;
#endif
char **host_exp_group;
int num_host_exp_groups;
HostGroupState *hstate = NULL;
unsigned int ideal_scan_group_sz = 0;
Target *currenths;
char *host_spec = NULL;
char myname[MAXHOSTNAMELEN + 1];
int sourceaddrwarning = 0; /* Have we warned them yet about unguessable source addresses? */
unsigned int targetno;
char hostname[MAXHOSTNAMELEN + 1] = "";
struct sockaddr_storage ss;
size_t sslen;
char **fakeargv = NULL;
now = time(NULL);
local_time = localtime(&now);
///设置错误log输出函数
if(o.debugging)
nbase_set_log(fatal,error);
else
nbase_set_log(fatal,NULL);
if (argc < 2 ) printusage(-1);
/* argv faking silliness */
fakeargv = (char **) safe_malloc(sizeof(char *) * (argc + 1));
for(i=0; i < argc; i++) {
fakeargv[i] = strdup(argv[i]);
}
fakeargv[argc] = NULL;
Targets.reserve(100);
#ifdef WIN32
win_pre_init();
#endif
///调用parse_options进行命令参数的解析
parse_options(argc, fakeargv);
///在Linux下设置终端为只读非阻塞方式,在Windows平台为空函数。
tty_init(); // Put the keyboard in raw mode
///将解析命令时需要延迟执行的操作在此处处理
apply_delayed_options();
#ifdef WIN32
///调用WSAStartup启动Winsock DLL,后续网络解析等需要用到。
win_init();
#endif
///如果用户使用了参数--iflist,那么会在此处打印网卡和路由表信息,然后退出。
///该选项对于显示指定发送网卡非常有帮助,可以提供基本的网络设备信息。 if (delayed_options.iflist) {
print_iflist();
exit(0);
}
///quashargv部分用于修改命令行参数,将程序名字更改为FAKE_ARGV(默认为“pine”),
///并将剩余的各个参数都清空。
///在命令中加入-q可实现quashargv功能。这最初是为了逃避ps等程序名称显示,便于隐蔽Nmap。
///不过在Windows系统上并无实效。
/* more fakeargv junk, BTW malloc'ing extra space in argv[0] doesn't work */
if (o.quashargv) {
size_t fakeargvlen = strlen(FAKE_ARGV), argvlen = strlen(argv[0]);
if (argvlen < fakeargvlen)
fatal("If you want me to fake your argv, you need to call the program with a longer name. Try the full pathname, or rename it fyodorssuperdedouperportscanner");
strncpy(argv[0], FAKE_ARGV, fakeargvlen);
memset(&argv[0][fakeargvlen], '\0', strlen(&argv[0][fakeargvlen]));
for(i=1; i < argc; i++)
memset(argv[i], '\0', strlen(argv[i]));
}
///如果使用FTP bounce scan的扫描方式,那么需要首先保证该FTP网站是可以访问到的。
///关于FTP bounce scan更多介绍,请参考:/nmap_doc.html#bounce
/* If he wants to bounce off of an FTP site, that site better damn well be reachable! */
if (o.bouncescan) {
if (!inet_pton(AF_INET, ftp.server_name, &ftp.server)) {
if ((target = gethostbyname(ftp.server_name)))
memcpy(&ftp.server, target->h_addr_list[0], 4);
else {
fatal("Failed to resolve FTP bounce proxy hostname/IP: %s", ftp.server_name);
}
} else if (o.verbose) {
log_write(LOG_STDOUT, "Resolved FTP bounce attack proxy to %s (%s).\n",
ftp.server_name, inet_ntoa(ftp.server));
}
}
///
fflush(stdout);
fflush(stderr);
timep = time(NULL);
///准备将基本的扫描输出到文件与控制台中
/* Brief info in case they forget what was scanned */
Strncpy(mytime, ctime(&timep), sizeof(mytime));
chomp(mytime); ///去掉字符串末尾换行符
char *xslfname = o.XSLStyleSheet();///XML样式表
xml_start_document();
if (xslfname) {
xml_open_pi("xml-stylesheet");
xml_attribute("href", "%s", xslfname);