static Manifest *parse_manifest(xmlNodePtr element, const unsigned int flags, const gchar *container_filter, const gchar *component_filter)
{
Manifest *manifest = (Manifest*)g_malloc0(sizeof(Manifest));
xmlNodePtr element_children = element->children;
while(element_children != NULL)
{
if((flags & MANIFEST_DISTRIBUTION_FLAG) && xmlStrcmp(element_children->name, (xmlChar*) "distribution") == 0)
manifest->distribution_array = parse_distribution(element_children);
else if((flags & MANIFEST_ACTIVATION_FLAG) && xmlStrcmp(element_children->name, (xmlChar*) "activation") == 0)
manifest->activation_array = parse_activation(element_children);
else if((flags & MANIFEST_SNAPSHOT_FLAG) && xmlStrcmp(element_children->name, (xmlChar*) "snapshots") == 0)
manifest->snapshots_array = parse_snapshots(element_children, container_filter, component_filter);
else if((flags & MANIFEST_TARGETS_FLAG) && xmlStrcmp(element_children->name, (xmlChar*) "targets") == 0)
manifest->target_array = parse_targets(element_children);
element_children = element_children->next;
}
return manifest;
}
/* REMEMBER TO CALL hoststruct_free() on the hoststruct when you are done
with it!!! */
struct hoststruct *nexthost(struct hostgroup_state *hs, struct scan_lists *ports, int *pingtype)
{
int hidx;
char *device;
if (hs->next_batch_no < hs->current_batch_sz) {
/* Woop! This is easy -- we just pass back the next host struct */
return &hs->hostbatch[hs->next_batch_no++];
}
/* Doh, we need to refresh our array */
bzero(hs->hostbatch, hs->max_batch_sz * sizeof(struct hoststruct));
hs->current_batch_sz = hs->next_batch_no = 0;
do {
/* Grab anything we have in our current_expression */
while (hs->current_batch_sz < hs->max_batch_sz && target_struct_get(&hs->current_expression, &(hs->hostbatch[hs->current_batch_sz].host)) != -1) {
hidx = hs->current_batch_sz;
/* Lets figure out what device this IP uses ... */
if (o.source) {
memcpy((char *) &hs->hostbatch[hidx].source_ip, (char *) o.source, sizeof(struct in_addr));
strcpy(hs->hostbatch[hidx].device, o.device);
} else {
/* We figure out the source IP/device IFF
1) We are r00t AND
2) We are doing tcp pingscan OR
3) We are doing a raw-mode portscan or osscan */
if (o.isr00t &&
((*pingtype & PINGTYPE_TCP) ||
o.synscan || o.finscan || o.xmasscan || o.nullscan || o.ipprotscan || o.maimonscan || o.idlescan || o.ackscan || o.udpscan || o.osscan || o.windowscan)) {
device = routethrough(&(hs->hostbatch[hidx].host), &(hs->hostbatch[hidx].source_ip));
if (!device) {
if (*pingtype == PINGTYPE_NONE) {
fatal("Could not determine what interface to route packets through, run again with -e <device>");
} else {
error
("WARNING: Could not determine what interface to route packets through to %s, changing ping scantype to ICMP ping only",
inet_ntoa(hs->hostbatch[hidx].host));
*pingtype = PINGTYPE_ICMP_PING;
}
} else {
strcpy(hs->hostbatch[hidx].device, device);
}
}
}
/* In some cases, we can only allow hosts that use the same device
in a group. */
if (o.isr00t && hidx > 0 && *hs->hostbatch[hidx].device && hs->hostbatch[hidx].source_ip.s_addr != hs->hostbatch[0].source_ip.s_addr) {
/* Cancel everything! This guy must go in the next group and we are
outtof here */
target_struct_return(&(hs->current_expression));
goto batchfull;
}
hs->current_batch_sz++;
}
if (hs->current_batch_sz < hs->max_batch_sz && hs->next_expression < hs->num_expressions) {
/* We are going to have to plop in another expression. */
while (!parse_targets(&(hs->current_expression), hs->target_expressions[hs->next_expression++])) {
if (hs->next_expression >= hs->num_expressions)
break;
}
} else
break;
} while (1);
batchfull:
if (hs->current_batch_sz == 0)
return NULL;
/* OK, now we have our complete batch of entries. The next step is to
randomize them (if requested) */
if (hs->randomize) {
hoststructfry(hs->hostbatch, hs->current_batch_sz);
}
return &hs->hostbatch[hs->next_batch_no++];
}
static int run_pig_run(const char *signatures, const char *targets, const char *timeout, const char *single_test, const char *gw_addr, const char *nt_mask, const char *loiface) {
int timeo = 10000;
pigsty_entry_ctx *pigsty = NULL;
size_t signatures_count = 0, addr_count = 0;
pigsty_entry_ctx *signature = NULL, *sp = NULL;
pig_target_addr_ctx *addr = NULL, *addr_p = NULL;
pig_hwaddr_ctx *hwaddr = NULL;
int sockfd = -1;
int retval = 0;
unsigned int nt_mask_addr[4] = { 0, 0, 0, 0 };
unsigned char *gw_hwaddr = NULL, *temp = NULL;
in_addr_t gw_in_addr = 0;
if (timeout != NULL) {
timeo = atoi(timeout);
}
timeo = timeo * 1000;
if (!should_be_quiet) {
printf("pig INFO: starting up pig engine...\n\n");
}
sockfd = init_raw_socket(loiface);
if (sockfd == -1) {
printf("pig PANIC: unable to create the socket.\npig ERROR: aborted.\n");
return 1;
}
pigsty = load_signatures(signatures);
if (pigsty == NULL) {
printf("pig ERROR: aborted.\n");
deinit_raw_socket(sockfd);
return 1;
}
if (targets != NULL) {
if (!should_be_quiet) {
printf("\npig INFO: parsing the supplied targets...\n");
printf("pig INFO: all targets were parsed.\n");
}
addr = parse_targets(targets);
}
if (is_targets_option_required(pigsty) && addr == NULL) {
printf("pig PANIC: --targets option is required by some loaded signatures.\n");
deinit_raw_socket(sockfd);
del_pigsty_entry(pigsty);
return 1;
}
signatures_count = get_pigsty_entry_count(pigsty);
if (!should_be_quiet) {
printf("\npig INFO: done (%d signature(s) read).\n\n", signatures_count);
}
if (nt_mask == NULL) {
printf("\npig PANIC: --net-mask option is required.\n");
deinit_raw_socket(sockfd);
del_pigsty_entry(pigsty);
return 1;
}
// WARN(Santiago): by now IPv4 only.
if (verify_ipv4_addr(nt_mask) == 0) {
printf("pig PANIC: --net-mask has an invalid ip address.\n");
deinit_raw_socket(sockfd);
del_pigsty_entry(pigsty);
return 1;
}
nt_mask_addr[0] = htonl(inet_addr(nt_mask));
if (gw_addr != NULL && loiface != NULL) {
gw_in_addr = inet_addr(gw_addr);
temp = get_mac_by_addr(gw_in_addr, loiface, 2);
if (!should_be_quiet && temp != NULL) {
gw_hwaddr = mac2byte(temp, strlen(temp));
printf("pig INFO: the gateway's physical address is \"%s\"...\n"
"pig INFO: the local interface is \"%s\"...\n"
"pig INFO: the network mask is \"%s\"...\n\n", temp, loiface, nt_mask);
free(temp);
}
}
if (gw_hwaddr != NULL) {
signature = get_pigsty_entry_by_index(rand() % signatures_count, pigsty);
if (single_test == NULL) {
while (!should_exit) {
if (signature == NULL) {
continue; // WARN(Santiago): It should never happen. However... Sometimes... The World tends to be a rather weird place.
}
if (oink(signature, &hwaddr, addr, sockfd, gw_hwaddr, nt_mask_addr, loiface) != -1) {
if (!should_be_quiet) {
printf("pig INFO: a packet based on signature \"%s\" was sent.\n", signature->signature_name);
}
usleep(timeo);
}
signature = get_pigsty_entry_by_index(rand() % signatures_count, pigsty);
}
} else {
retval = (oink(signature, &hwaddr, addr, sockfd, gw_hwaddr, nt_mask_addr, loiface) != -1 ? 0 : 1);
if (retval == 0) {
if (!should_be_quiet) {
printf("pig INFO: a packet based on signature \"%s\" was sent.\n", signature->signature_name);
}
}
}
free(gw_hwaddr);
} else {
printf("\npig PANIC: unable to get the gateway's physical address.\n");
}
del_pigsty_entry(pigsty);
del_pig_target_addr(addr);
del_pig_hwaddr(hwaddr);
deinit_raw_socket(sockfd);
return retval;
}
/******************************
* this is the function that, when given a proper filename, will
* parse the dimefile and read in the rules
***************/
void parse_file(char* filename) {
fprintf(DEBUG, "\n-----------Parsing Targets/Commands------------\n");
root = parse_targets(filename);
fprintf(DEBUG, "\n-----------Parsing Dependencies------------\n");
root = parse_dependencies(filename);
}
/******************************
* this is the function that, when given a proper filename, will
* parse the dimefile and read in the rules
***************/
void parse_file(char* filename) {
root = parse_targets(filename);
fprintf(stdout, "\n----------------------------------\n");
root = parse_dependencies(filename);
}
