diff -rupN nmap-4.76_ORIG/NmapOps.cc nmap-4.76/NmapOps.cc --- nmap-4.76_ORIG/NmapOps.cc 2008-08-05 21:28:51.000000000 +0200 +++ nmap-4.76/NmapOps.cc 2009-02-02 09:28:48.000000000 +0100 @@ -234,7 +234,7 @@ void NmapOps::Initialize() { override_excludeports = 0; version_intensity = 7; pingtype = PINGTYPE_UNKNOWN; - listscan = pingscan = allowall = ackscan = bouncescan = connectscan = 0; + listscan = pingscan = allowall = ackscan = bouncescan = connectscan = socks4 = socks5 = httpproxy = 0; rpcscan = nullscan = xmasscan = fragscan = synscan = windowscan = 0; maimonscan = idlescan = finscan = udpscan = ipprotscan = noresolve = 0; append_output = 0; @@ -278,7 +278,7 @@ void NmapOps::Initialize() { } bool NmapOps::TCPScan() { - return ackscan|bouncescan|connectscan|finscan|idlescan|maimonscan|nullscan|synscan|windowscan|xmasscan; + return ackscan|bouncescan|connectscan|finscan|idlescan|maimonscan|nullscan|synscan|windowscan|xmasscan|socks4|socks5|httpproxy; } bool NmapOps::UDPScan() { @@ -391,8 +391,8 @@ void NmapOps::ValidateOptions() { if (bouncescan && pingtype != PINGTYPE_NONE) log_write(LOG_STDOUT, "Hint: if your bounce scan target hosts aren't reachable from here, remember to use -PN so we don't try and ping them prior to the scan\n"); - if (ackscan+bouncescan+connectscan+finscan+idlescan+maimonscan+nullscan+synscan+windowscan+xmasscan > 1) - fatal("You specified more than one type of TCP scan. Please choose only one of -sA, -b, -sT, -sF, -sI, -sM, -sN, -sS, -sW, and -sX"); + if (ackscan+bouncescan+socks4+socks5+httpproxy+connectscan+finscan+idlescan+maimonscan+nullscan+synscan+windowscan+xmasscan > 1) + fatal("You specified more than one type of TCP scan. Please choose only one of -sA, -b, -sT, -sF, -sI, -sM, -sN, -sS, -sW, --socks4, --socks5, --http-proxy and -sX"); if (numdecoys > 0 && (bouncescan || connectscan)) { error("WARNING: Decoys are irrelevant to the bounce or connect scans"); diff -rupN nmap-4.76_ORIG/NmapOps.h nmap-4.76/NmapOps.h --- nmap-4.76_ORIG/NmapOps.h 2008-07-30 02:15:57.000000000 +0200 +++ nmap-4.76/NmapOps.h 2009-02-02 09:13:59.000000000 +0100 @@ -299,6 +299,9 @@ class NmapOps { int windowscan; int xmasscan; int noresolve; + int socks4; + int socks5; + int httpproxy; int append_output; /* Append to any output files rather than overwrite */ FILE *logfd[LOG_NUM_FILES]; FILE *nmap_stdout; /* Nmap standard output */ diff -rupN nmap-4.76_ORIG/global_structures.h nmap-4.76/global_structures.h --- nmap-4.76_ORIG/global_structures.h 2008-07-15 22:07:25.000000000 +0200 +++ nmap-4.76/global_structures.h 2009-01-29 14:46:29.000000000 +0100 @@ -241,6 +241,6 @@ struct scan_lists { int prot_count; }; -typedef enum { STYPE_UNKNOWN, HOST_DISCOVERY, ACK_SCAN, SYN_SCAN, FIN_SCAN, XMAS_SCAN, UDP_SCAN, CONNECT_SCAN, NULL_SCAN, WINDOW_SCAN, RPC_SCAN, MAIMON_SCAN, IPPROT_SCAN, PING_SCAN, PING_SCAN_ARP, IDLE_SCAN, BOUNCE_SCAN, SERVICE_SCAN, OS_SCAN, SCRIPT_SCAN, TRACEROUTE, REF_TRACEROUTE}stype; +typedef enum { STYPE_UNKNOWN, HOST_DISCOVERY, ACK_SCAN, SYN_SCAN, FIN_SCAN, XMAS_SCAN, UDP_SCAN, CONNECT_SCAN, NULL_SCAN, WINDOW_SCAN, RPC_SCAN, MAIMON_SCAN, IPPROT_SCAN, PING_SCAN, PING_SCAN_ARP, IDLE_SCAN, BOUNCE_SCAN, SERVICE_SCAN, OS_SCAN, SCRIPT_SCAN, TRACEROUTE, REF_TRACEROUTE, PROXY_TCP }stype; #endif /*GLOBAL_STRUCTURES_H */ diff -rupN nmap-4.76_ORIG/nmap.cc nmap-4.76/nmap.cc --- nmap-4.76_ORIG/nmap.cc 2008-09-10 20:32:35.000000000 +0200 +++ nmap-4.76/nmap.cc 2009-02-03 09:36:39.000000000 +0100 @@ -118,6 +118,11 @@ #include "charpool.h" #include "nmap_error.h" #include "utils.h" +#include "proxy.h" + +struct proxyinfo proxy[MAX_PROXY]; +int get_proxy(struct proxyinfo proxy[MAX_PROXY],proxyt ptype,char *list); +int pcount = 0; #ifndef NOLUA #include "nse_main.h" @@ -241,6 +246,9 @@ printf("%s %s ( %s )\n" " -b : FTP bounce scan\n" " --traceroute: Trace hop path to each host\n" " --reason: Display the reason a port is in a particular state\n" + " --socks4 ,...: Perform scanning through SOCKS4 server\n" + " --socks5 ,...: Perform scanning through SOCKS5 server\n" + " --http-proxy ,...: Perform scanning through http proxy server\n" "PORT SPECIFICATION AND SCAN ORDER:\n" " -p : Only scan specified ports\n" " Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080\n" @@ -544,6 +552,10 @@ int nmap_main(int argc, char *argv[]) { size_t sslen; int option_index; bool iflist = false; + char *s4proxylist = NULL; + char *s5proxylist = NULL; + char *httpproxylist = NULL; + // Pre-specified timing parameters. // These are stored here during the parsing of the arguments so that we can @@ -637,6 +649,9 @@ int nmap_main(int argc, char *argv[]) { {"privileged", no_argument, 0, 0}, {"unprivileged", no_argument, 0, 0}, {"mtu", required_argument, 0, 0}, + {"socks4", required_argument, 0, 0}, + {"socks5", required_argument, 0, 0}, + {"http-proxy", required_argument, 0, 0}, {"append_output", no_argument, 0, 0}, {"append-output", no_argument, 0, 0}, {"noninteractive", no_argument, 0, 0}, @@ -911,6 +926,15 @@ int nmap_main(int argc, char *argv[]) { o.isr00t = 1; } else if (strcmp(long_options[option_index].name, "unprivileged") == 0) { o.isr00t = 0; + } else if (strcmp(long_options[option_index].name, "socks4") == 0) { + o.socks4 = 1; + s4proxylist = optarg; + } else if (strcmp(long_options[option_index].name, "socks5") == 0) { + o.socks5 = 1; + s5proxylist = optarg; + } else if (strcmp(long_options[option_index].name, "http-proxy") == 0) { + o.httpproxy = 1; + httpproxylist = optarg; } else if (strcmp(long_options[option_index].name, "mtu") == 0) { o.fragscan = atoi(optarg); if (o.fragscan <= 0 || o.fragscan % 8 != 0) @@ -1452,7 +1476,17 @@ int nmap_main(int argc, char *argv[]) { #endif o.setSourceSockAddr((struct sockaddr_storage *) &tmpsock, sizeof(tmpsock)); } - + + if(o.socks5){ + o.pingtype = PINGTYPE_NONE; + pcount += get_proxy(&proxy[pcount],SOCKS5,s5proxylist); + }if(o.socks4){ + o.pingtype = PINGTYPE_NONE; + pcount += get_proxy(&proxy[pcount],SOCKS4,s4proxylist); + }if(o.httpproxy){ + o.pingtype = PINGTYPE_NONE; + pcount += get_proxy(&proxy[pcount],HTTP,httpproxylist); + } /* If he wants to bounce off of an FTP site, that site better damn well be reachable! */ if (o.bouncescan) { @@ -1553,7 +1587,7 @@ int nmap_main(int argc, char *argv[]) { /* Before we randomize the ports scanned, we must initialize PortList class. */ if (o.ipprotscan) PortList::initializePortMap(IPPROTO_IP, ports.prots, ports.prot_count); - if (o.TCPScan()) + if (o.TCPScan() || o.socks4 || o.socks5 || o.httpproxy) PortList::initializePortMap(IPPROTO_TCP, ports.tcp_ports, ports.tcp_count); if (o.UDPScan()) PortList::initializePortMap(IPPROTO_UDP, ports.udp_ports, ports.udp_count); @@ -1599,7 +1633,6 @@ int nmap_main(int argc, char *argv[]) { hstate = new HostGroupState(o.ping_group_sz, o.randomize_hosts, host_exp_group, num_host_exp_groups); - do { ideal_scan_group_sz = determineScanGroupSize(o.numhosts_scanned, &ports); while(Targets.size() < ideal_scan_group_sz) { @@ -1741,6 +1774,9 @@ int nmap_main(int argc, char *argv[]) { /* I now have the group for scanning in the Targets vector */ // Ultra_scan sets o.scantype for us so we don't have to worry + if (o.socks4 || o.socks5 || o.httpproxy) + ultra_scan(Targets, &ports, PROXY_TCP); + if (o.synscan) ultra_scan(Targets, &ports, SYN_SCAN); @@ -2512,6 +2548,7 @@ const char *scantype2str(stype scantype) case SCRIPT_SCAN: return "Script Scan"; break; case TRACEROUTE: return "Traceroute" ; break; case REF_TRACEROUTE: return "Reference Traceroute"; break; + case PROXY_TCP: return "Proxy scan (TCP)";break; default: assert(0); break; } @@ -2835,4 +2872,31 @@ int nmap_fetchfile(char *filename_return } +int get_proxy(struct proxyinfo proxy[MAX_PROXY],proxyt ptype,char *list){ + + char delim[] = ","; + char *res = NULL; + char *p; + int i=0; + + res = strtok(list,delim); + p = strchr(res,':'); + *p++ = '\0'; + proxy[i].port = atoi(p); + strncpy(proxy[i].host,res,MAXHOSTNAMELEN); + proxy[i].ptype = ptype; + res = strtok(NULL,delim); + +while(res != NULL && i < (MAX_PROXY - 1)){ + i++; + p = strchr(res,':'); + *p++ = '\0'; + proxy[i].port = atoi(p); + strncpy(proxy[i].host,res,MAXHOSTNAMELEN); + proxy[i].ptype = ptype; + res = strtok(NULL,delim); + } + return (i+1); +} + diff -rupN nmap-4.76_ORIG/proxy.h nmap-4.76/proxy.h --- nmap-4.76_ORIG/proxy.h 1970-01-01 01:00:00.000000000 +0100 +++ nmap-4.76/proxy.h 2009-02-03 10:05:05.000000000 +0100 @@ -0,0 +1,21 @@ +#ifndef _PROXY_H +#define _PROXY_H +#include + +#define MAX_PROXY 30 +#define BUFF_SIZE 1024 +#define USERID "Nmap-scanner" + +enum proxyt {HTTP,SOCKS4,SOCKS5}; + +struct proxyinfo{ + char host[MAXHOSTNAMELEN+1]; + unsigned short port; + proxyt ptype; +}; + +int proxy_connect(struct proxyinfo proxy[MAX_PROXY]); +int recv_time(int s, char *buf, int len, int timeout); + +#endif + diff -rupN nmap-4.76_ORIG/scan_engine.cc nmap-4.76/scan_engine.cc --- nmap-4.76_ORIG/scan_engine.cc 2008-09-08 17:53:32.000000000 +0200 +++ nmap-4.76/scan_engine.cc 2009-01-30 10:27:37.000000000 +0100 @@ -115,6 +115,7 @@ #include "utils.h" #include #include +#include "proxy.h" using namespace std; extern NmapOps o; @@ -358,6 +359,8 @@ public: ConnectScanInfo *CSI; }; +int make_proxy_chain(int sd,struct proxyinfo proxy[MAX_PROXY],int count,HostScanStats *hss,u16 destport); + struct send_delay_nfo { unsigned int delayms; /* Milliseconds to delay between probes */ /* The number of successful and dropped probes since the last time delayms @@ -585,6 +588,7 @@ public: bool ping_scan; /* Includes trad. ping scan & arp scan */ bool ping_scan_arp; /* ONLY includes arp ping scan */ bool noresp_open_scan; /* Whether no response means a port is open */ + bool proxy_tcp_scan; /* massping state. */ /* If ping_scan is true (unless ping_scan_arp is also true), this is the set @@ -1333,7 +1337,7 @@ UltraScanInfo::~UltraScanInfo() { raw socket or ethernet handle to send, or a pcap sniffer to receive. Basically, any scan type except pure TCP connect scans are raw. */ bool UltraScanInfo::isRawScan() { - return scantype != CONNECT_SCAN + return (scantype != CONNECT_SCAN && scantype != PROXY_TCP) && (tcp_scan || udp_scan || prot_scan || ping_scan_arp || (ping_scan && (ptech.rawicmpscan || ptech.rawtcpscan || ptech.rawudpscan || ptech.rawprotoscan))); } @@ -1443,6 +1447,9 @@ void UltraScanInfo::Init(vectortcp_count; } else if (udp_scan) { numprobes = ports->udp_count; + } else if (proxy_tcp_scan){ + numprobes = ports->tcp_count; } else if (prot_scan) { numprobes = ports->prot_count; } else if (ping_scan_arp) { @@ -1789,18 +1798,20 @@ static void init_ultra_timing_vals(ultra static int get_next_target_probe(UltraScanInfo *USI, HostScanStats *hss, probespec *pspec) { assert(pspec); - + if (USI->tcp_scan) { if (hss->next_portidx >= USI->ports->tcp_count) return -1; if (USI->scantype == CONNECT_SCAN) pspec->type = PS_CONNECTTCP; + else if (USI->scantype == PROXY_TCP) + pspec->type = PS_PROXYTCP; else pspec->type = PS_TCP; pspec->proto = IPPROTO_TCP; pspec->pd.tcp.dport = USI->ports->tcp_ports[hss->next_portidx++]; - if (USI->scantype == CONNECT_SCAN) + if (USI->scantype == CONNECT_SCAN || USI->scantype == PROXY_TCP) pspec->pd.tcp.flags = TH_SYN; else if (o.scanflags != -1) pspec->pd.tcp.flags = o.scanflags; @@ -1903,7 +1914,7 @@ static int get_next_target_probe(UltraSc /* Returns the number of ports remaining to probe */ int HostScanStats::freshPortsLeft() { - if (USI->tcp_scan) { + if (USI->tcp_scan || USI->proxy_tcp_scan) { if (next_portidx >= USI->ports->tcp_count) return 0; return USI->ports->tcp_count - next_portidx; @@ -2639,8 +2650,53 @@ static void ultrascan_port_probe_update( hss->destroyOutstandingProbe(probeI); } +/* Proxy scan function */ +static UltraProbe *sendProxyScanProbe(UltraScanInfo *USI, HostScanStats *hss,u16 destport, u8 tryno, u8 pingseq){ + UltraProbe *probe = new UltraProbe(); + list::iterator probeI; + + int pfd; + extern int pcount; // nmap.cc + extern struct proxyinfo proxy[MAX_PROXY]; + struct proxyinfo p[1]; + pfd = proxy_connect(&proxy[0]); + + if(pcount > 1){ + strncpy(proxy[pcount].host, inet_ntoa(hss->target->v4host()), 16); + proxy[pcount].port = destport; + + if(o.socks5){ + proxy[pcount].ptype = SOCKS5; + }else if(o.socks4){ + proxy[pcount].ptype = SOCKS4; + }else { + proxy[pcount].ptype = HTTP; + } + make_proxy_chain(pfd,&proxy[0],(pcount+1),hss,destport); + }else{ + strncpy(p[0].host, inet_ntoa(hss->target->v4host()), 16); + p[0].port = destport; + if(o.socks5){ + p[0].ptype = SOCKS5; + }else if(o.socks4){ + p[0].ptype = SOCKS4; + }else{ + p[0].ptype = HTTP; + } + make_proxy_chain(pfd,&p[0],1,hss,destport); + } + close(pfd); + + + + probe = NULL; + +// hss->target->ports.addPort(destport, IPPROTO_TCP, NULL, PORT_OPEN); + + return probe; +} /* If this is NOT a ping probe, set pingseq to 0. Otherwise it will be the ping sequence number (they start at 1). The probe sent is returned. */ @@ -2659,11 +2715,12 @@ static UltraProbe *sendConnectScanProbe( #endif size_t socklen; ConnectProbe *CP; - + + probe->tryno = tryno; probe->pingseq = pingseq; /* First build the probe */ - probe->setConnect(destport); + probe->setConnect(destport); CP = probe->CP(); /* Initiate the connection */ CP->sd = socket(o.af(), SOCK_STREAM, IPPROTO_TCP); @@ -2684,6 +2741,8 @@ static UltraProbe *sendConnectScanProbe( hss->lastprobe_sent = probe->sent = USI->now; USI->gstats->probeSent(); rc = connect(CP->sd, (struct sockaddr *)&sock, socklen); + + gettimeofday(&USI->now, NULL); if (rc == -1) connect_errno = socket_errno(); PacketTrace::traceConnect(IPPROTO_TCP, (sockaddr *) &sock, socklen, rc, @@ -2991,6 +3050,9 @@ static void sendNextScanProbe(UltraScanI else if (pspec.type == PS_TCP || pspec.type == PS_UDP || pspec.type == PS_PROTO || pspec.type == PS_ICMP) sendIPScanProbe(USI, hss, &pspec, 0, 0); + else if (pspec.type == PS_PROXYTCP){ + sendProxyScanProbe(USI, hss, pspec.pd.tcp.dport, 0, 0); + } else assert(0); } @@ -3009,6 +3071,9 @@ static void sendNextRetryStackProbe(Ultr if (pspec.type == PS_CONNECTTCP) sendConnectScanProbe(USI, hss, pspec.pd.tcp.dport, pspec_tries + 1, 0); + else if (pspec.type == PS_PROXYTCP){ + sendProxyScanProbe(USI, hss, pspec.pd.tcp.dport, pspec_tries + 1, 0); + } else { assert(pspec.type != PS_ARP); sendIPScanProbe(USI, hss, &pspec, pspec_tries + 1, 0); @@ -4784,7 +4849,7 @@ void ultra_scan(vector &Target } #ifdef WIN32 - if (scantype != CONNECT_SCAN && Targets[0]->ifType() == devt_loopback) { + if ((scantype != CONNECT_SCAN || scantype != PROXY_TCP)&& Targets[0]->ifType() == devt_loopback) { log_write(LOG_STDOUT, "Skipping %s against %s because Windows does not support scanning your own machine (localhost) this way.\n", scantype2str(scantype), Targets[0]->NameIP()); return; } @@ -4815,11 +4880,13 @@ void ultra_scan(vector &Target doAnyRetryStackRetransmits(USI); doAnyNewProbes(USI); gettimeofday(&USI->now, NULL); - // printf("TRACE: Finished doAnyNewProbes() at %.4fs\n", o.TimeSinceStartMS(&USI->now) / 1000.0); + // printf("TRACE: Finished doAnyNewProbes() at %.4fs\n", o.TimeSinceStartMS(&USI->now) / 1000.0); printAnyStats(USI); + if(USI->scantype != PROXY_TCP){ waitForResponses(USI); + } gettimeofday(&USI->now, NULL); - // printf("TRACE: Finished waitForResponses() at %.4fs\n", o.TimeSinceStartMS(&USI->now) / 1000.0); + // printf("TRACE: Finished waitForResponses() at %.4fs\n", o.TimeSinceStartMS(&USI->now) / 1000.0); processData(USI); if (keyWasPressed()) { @@ -5347,3 +5414,197 @@ void pos_scan(Target *target, u16 *porta } return; } + +/* Proxy Scan */ + +int make_proxy_chain(int sd,struct proxyinfo proxy[MAX_PROXY],int count,HostScanStats *hss,u16 destport){ + + int len=0; + char buff[BUFF_SIZE]; + char ip[sizeof(struct sockaddr_in)]; + int i=0,j,k; + struct hostent *host; + unsigned short port; + char recv_b[BUFF_SIZE]; + + j = (count == 1)? 0 : 1; + + for(i=j;i<=(count-1);i++){ + memset(buff,0,BUFF_SIZE); + memset(recv_b,0,64); + k = (i == 0)? i : i - 1; + switch(proxy[k].ptype){ + case HTTP: + { + snprintf(buff,(BUFF_SIZE - 1),"CONNECT %s:%d HTTP/1.1\r\n\r\n",proxy[i].host,proxy[i].port); + if(o.verbose)log_write(LOG_STDOUT,"HTTP Connect to %s:%d\n",proxy[i].host,proxy[i].port); + if(send(sd,buff,strlen(buff),0) < 0){ + if(o.verbose)gh_perror("send in %s",__func__); + return -1; + } + if(recv_time(sd,buff,BUFF_SIZE,4) < 0){ + if(o.verbose)gh_perror("HTTP recv error!\n"); + return -1; + } + if(buff[9] != '2'){ + if(o.verbose)log_write(LOG_STDOUT,"HTTP Connect error!\n"); + return -1; + } + if(i == (count -1)){ + hss->target->ports.addPort(destport, IPPROTO_TCP, NULL, PORT_OPEN); + } + memset(buff,0,sizeof(buff)); + } + break; + case SOCKS4: + { + + if((host = gethostbyname(proxy[i].host)) == NULL ){ + perror("gethostbyname"); + exit(1); + } + + buff[0] = 4; + buff[1] = 1; + port = htons(proxy[i].port); + memcpy(&buff[2],&port,2); + + strncpy(&buff[4],host->h_addr_list[0],host->h_length); + // printf("IP: %s\n",inet_ntoa(*((struct in_addr *)host->h_addr))); + len = strlen(USERID); + if(len < (BUFF_SIZE - 9)){ + strncpy(&buff[8],USERID,len); + buff[len+8] = '\0'; + if(send(sd,buff,len+9,0) <0){ + if(o.verbose)perror("SOCKS4 send error\n"); + return -1; + } + if(recv_time(sd,recv_b,8,4) < 0){ + if(o.verbose)perror("SOCKS4 recv error\n"); + return -1; + }else{ + if(recv_b[0] != 0 || recv_b[1] != 90){ + if(o.verbose)log_write(LOG_STDOUT,"SOCKS4 server error code: %x\n",recv_b[1]); + return -1; + } + } + } //if + if(o.verbose){ + log_write(LOG_STDOUT,"SOCKS4 Connection success to %s:%d\n",proxy[i].host,proxy[i].port); + } + if(i == (count -1)){ + hss->target->ports.addPort(destport, IPPROTO_TCP, NULL, PORT_OPEN); + } + memset(recv_b,0,BUFF_SIZE); + } + break; + case SOCKS5: + { + buff[0] = 5; + buff[1] = 1; + buff[2] = 0; + + if(send(sd,buff,3,0) < 0){ + if(o.verbose)perror("SOCKS5 send error\n"); + return -1; + } + if(recv_time(sd,recv_b,2,4) < 0){ + if(o.verbose)perror("SOCKS5 recv error\n"); + return -1; + }else{ + if(recv_b[0] != 5 || recv_b[1] != 0 ){ + if(o.verbose)log_write(LOG_STDOUT,"SOCKS5 error: %x\n",recv_b[1]); + return -1; + } + } + if (inet_pton(AF_INET, proxy[i].host, &ip) > 0) { + buff[3] = 1; + memcpy(buff+4, &ip, 4); + len = 8; + } + /* for the future development...*/ + /* else if (inet_pton(AF_INET6, proxy[i].host, &addr6) > 0) { + buff[3] = 4; + memcpy(buff+4, &addr6.sin6_addr, 16); + len = 20; + }*/ + else{ + buff[3] = 3; + len = strlen(proxy[i].host) % 255; + buff[4] = len; + memcpy(buff+5, proxy[i].host, len); + len += 5; + } + + port = htons(proxy[i].port); + memcpy(&buff[len],&port,2); + + if(send(sd,buff,len+2,0) < 0){ + if(o.verbose)perror("SOCKS5 phase 2 send error!\n"); + return -1; + } + if(recv_time(sd,recv_b,len+2,4) < 0){ + if(o.verbose)perror("SOCKS5 phase 2 recv error!\n"); + return -1; + } + if(recv_b[0] != 5 || recv_b[1] != 0){ + if(o.verbose)log_write(LOG_STDOUT,"SOCKS5 connection error: 0x0%x\n",recv_b[1]); + return -1; + } + if(o.verbose)log_write(LOG_STDOUT,"SOCKS5 Connection success to %s:%d\n",proxy[i].host,proxy[i].port); + if(i == (count -1)){ + hss->target->ports.addPort(destport, IPPROTO_TCP, NULL, PORT_OPEN); + } + } + } //switch +} // for +return sd; +} + +int recv_time(int s, char *buf, int len, int timeout) +{ + fd_set fds; + int n; + struct timeval tv; + + FD_ZERO(&fds); + FD_SET(s, &fds); + + tv.tv_sec = timeout; + tv.tv_usec = 0; + + n = select(s+1, &fds, NULL, NULL, &tv); + if (n == 0) return -2; // timeout! + if (n == -1) return -1; // error + + return recv(s, buf, len, 0); +} + +int proxy_connect(struct proxyinfo proxy[MAX_PROXY]){ + + int sd; + struct sockaddr_in sock; + struct hostent *host; + + if(( sd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP)) < 0){ + return -1; + } + + if((host = gethostbyname(proxy[0].host)) == NULL ){ + perror("gethostbyname"); + exit(1); + } + + + sock.sin_family = AF_INET; + bcopy(host->h_addr_list[0],&sock.sin_addr.s_addr,host->h_length); + sock.sin_port = htons(proxy[0].port); + + if( connect(sd,(struct sockaddr *)&sock,sizeof(struct sockaddr_in)) < 0){ + perror("Connect error!\n"); + } + + if(o.verbose)log_write(LOG_STDOUT,"1st successfully connected to %s:%d\n",proxy[0].host,proxy[0].port); + return sd; +} + diff -rupN nmap-4.76_ORIG/scan_engine.h nmap-4.76/scan_engine.h --- nmap-4.76_ORIG/scan_engine.h 2008-07-11 08:12:38.000000000 +0200 +++ nmap-4.76/scan_engine.h 2009-02-02 09:51:52.000000000 +0100 @@ -128,6 +128,8 @@ struct probespec_icmpdata { #define PS_ICMP 4 #define PS_ARP 5 #define PS_CONNECTTCP 6 +#define PS_PROXYTCP 7 +#define PS_PROXYUDP 8 /* The size of this structure is critical, since there can be tens of thousands of them stored together ... */