*** _nmap.cc Mon Aug 25 12:42:38 2008 --- nmap.cc Mon Aug 25 14:34:21 2008 *************** *** 210,215 **** --- 210,232 ---- return 1; } + static void read_payload(FILE *payloadfd) { + int i = 0, ch; + + /* if user has defined --data-length, then we read that much from the file */ + if (!o.extra_payload_length) { + o.extra_payload = (char *) safe_malloc(sizeof(char) * 1024); + o.extra_payload_length = 1024; + } + + while ((ch = fgetc(payloadfd)) != EOF && i < o.extra_payload_length) + o.extra_payload[i++] = ch; + + o.extra_payload_length = i; + + fclose(payloadfd); + } + static void printusage(char *name, int rc) { printf("%s %s ( %s )\n" *************** *** 504,509 **** --- 521,527 ---- long l; unsigned int targetno; FILE *inputfd = NULL, *excludefd = NULL; + FILE *payloadfd = NULL; char *host_spec = NULL, *exclude_spec = NULL; short randomize=1; short quashargv = 0; *************** *** 619,625 **** {"packet-trace", no_argument, 0, 0}, /* Display all packets sent/rcv */ {"version_trace", no_argument, 0, 0}, /* Display -sV related activity */ {"version-trace", no_argument, 0, 0}, /* Display -sV related activity */ ! {"data_length", required_argument, 0, 0}, {"data-length", required_argument, 0, 0}, {"send_eth", no_argument, 0, 0}, {"send-eth", no_argument, 0, 0}, --- 637,644 ---- {"packet-trace", no_argument, 0, 0}, /* Display all packets sent/rcv */ {"version_trace", no_argument, 0, 0}, /* Display -sV related activity */ {"version-trace", no_argument, 0, 0}, /* Display -sV related activity */ ! {"payload", required_argument, 0, 0}, /* extra payload */ ! {"data_length", required_argument, 0, 0}, /* length of extra payload */ {"data-length", required_argument, 0, 0}, {"send_eth", no_argument, 0, 0}, {"send-eth", no_argument, 0, 0}, *************** *** 838,850 **** } else if (optcmp(long_options[option_index].name, "version-trace") == 0) { o.setVersionTrace(true); o.debugging++; } else if (optcmp(long_options[option_index].name, "data-length") == 0) { o.extra_payload_length = atoi(optarg); if (o.extra_payload_length < 0) { fatal("data-length must be greater than 0"); } else if (o.extra_payload_length > 0) { o.extra_payload = (char *) safe_malloc(o.extra_payload_length); ! get_random_bytes(o.extra_payload, o.extra_payload_length); } } else if (optcmp(long_options[option_index].name, "send-eth") == 0) { o.sendpref = PACKET_SEND_ETH_STRONG; --- 857,875 ---- } else if (optcmp(long_options[option_index].name, "version-trace") == 0) { o.setVersionTrace(true); o.debugging++; + } else if (optcmp(long_options[option_index].name, "payload") == 0) { + o.payload_from_file = true; + payloadfd = fopen(optarg, "r"); + if (!payloadfd) + fatal("Failed to open payload file %s for reading", optarg); } else if (optcmp(long_options[option_index].name, "data-length") == 0) { o.extra_payload_length = atoi(optarg); if (o.extra_payload_length < 0) { fatal("data-length must be greater than 0"); } else if (o.extra_payload_length > 0) { o.extra_payload = (char *) safe_malloc(o.extra_payload_length); ! if (!o.payload_from_file) ! get_random_bytes(o.extra_payload, o.extra_payload_length); } } else if (optcmp(long_options[option_index].name, "send-eth") == 0) { o.sendpref = PACKET_SEND_ETH_STRONG; *************** *** 1272,1277 **** --- 1297,1305 ---- validate_scan_lists(ports,o); o.ValidateOptions(); + if (o.payload_from_file) + read_payload(payloadfd); + // print ip options if((o.debugging || o.packetTrace()) && o.ipoptionslen){ char buf[256]; // 256 > 5*40 *** _NmapOps.h Mon Aug 25 12:57:29 2008 --- NmapOps.h Mon Aug 25 13:45:14 2008 *************** *** 197,202 **** --- 197,203 ---- int min_parallelism; // 0 means it has not been set double topportlevel; // -1 means it has not been set + /* The maximum number of OS detection (gen2) tries we will make without any matches before giving up on a host. We may well give up after fewer tries anyway, particularly if the target isn't *************** *** 246,251 **** --- 247,254 ---- // many IPs to try before stopping. 0 means unlimited. int extra_payload_length; /* These two are for --data-length op */ char *extra_payload; + bool payload_from_file; /* if true, payload comes from file, else it's random */ + unsigned long host_timeout; /* Delay between probes, in milliseconds */ unsigned int scan_delay;