TCP NULL scan

v-byte-cpu · Mar 22, 2021 · b17777d · b17777d
1 parent 7299572
commit b17777d
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ The goal of this project is to create the fastest network scanner with clean and
 Features:
   * ARP scan
   * TCP SYN scan
-  * TCP FIN scan
+  * TCP FIN / NULL scans
 
 ## Building
 

diff --git a/command/tcp.go b/command/tcp.go
@@ -109,5 +109,5 @@ func newTCPScanMethod(ctx context.Context, conf *scanConfig, opts ...tcpScanConf
 	return tcp.NewScanMethod(
 		c.scanName, psrc, results,
 		tcp.WithPacketFilterFunc(c.packetFilter),
-		tcp.WithPacketFlagsFunc(tcp.EmptyFlags))
+		tcp.WithPacketFlagsFunc(c.packetFlags))
 }
diff --git a/command/tcp_null.go b/command/tcp_null.go
@@ -0,0 +1,51 @@
+package command
+
+import (
+	"context"
+	"errors"
+	"os"
+	"os/signal"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"github.com/v-byte-cpu/sx/pkg/scan/tcp"
+)
+
+func init() {
+	tcpCmd.AddCommand(tcpnullCmd)
+}
+
+var tcpnullCmd = &cobra.Command{
+	Use:     "null [flags] subnet",
+	Example: strings.Join([]string{"tcp null -p 22 192.168.0.1/24", "tcp null -p 22-4567 10.0.0.1"}, "\n"),
+	Short:   "Perform TCP NULL scan",
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) != 1 {
+			return errors.New("requires one ip subnet argument")
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) (err error) {
+		var conf *scanConfig
+		if conf, err = parseScanConfig(tcp.NULLScanType, args[0], portsFlag); err != nil {
+			return
+		}
+
+		ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt)
+		defer cancel()
+
+		m := newTCPScanMethod(ctx, conf,
+			withTCPScanName(tcp.NULLScanType),
+			withTCPPacketFiller(tcp.NewPacketFiller()),
+			withTCPPacketFilterFunc(tcp.TrueFilter),
+			withTCPPacketFlags(tcp.AllFlags),
+		)
+
+		return startEngine(ctx, &engineConfig{
+			logger:     conf.logger,
+			scanRange:  conf.scanRange,
+			scanMethod: m,
+			bpfFilter:  tcp.BPFFilter,
+		})
+	},
+}
diff --git a/pkg/scan/tcp/tcp.go b/pkg/scan/tcp/tcp.go
@@ -13,8 +13,9 @@ import (
 )
 
 const (
-	SYNScanType = "syn"
-	FINScanType = "fin"
+	SYNScanType  = "tcpsyn"
+	FINScanType  = "tcpfin"
+	NULLScanType = "tcpnull"
 )
 
 //easyjson:json

diff --git a/pkg/scan/tcp/tcp_test.go b/pkg/scan/tcp/tcp_test.go
@@ -181,7 +181,7 @@ func TestProcessPacketData(t *testing.T) {
 			require.FailNow(t, "results chan is empty")
 		}
 		tcpResult := result.(*ScanResult)
-		assert.Equal(t, "syn", tcpResult.ScanType)
+		assert.Equal(t, SYNScanType, tcpResult.ScanType)
 		assert.Equal(t, net.IPv4(192, 168, 0, 2).To4().String(), tcpResult.IP)
 		assert.Equal(t, uint16(22), tcpResult.Port)