#!/usr/bin/perl -Tw ################################# # Not the xmas scan in the nmap sense, # but in the "lets light 'em up" sense. # Actually, its not even a scan, just a # crap generator. # # Send packets with random settings from # any apparent source/port to any source/port. # # Requires: Net::RawIP (www.cpan.org) # root # # Notes: # Be careful. Aside from the obvious amount # of blatantly bogus traffic you'll generate, # I've seen this thing happily eat a p3-750 while # sending traffic on dummy0. On average, it'll # send 10k packets in ~15 seconds. Regardless of # the validity of the packets, I think thats more # than enough crap you'll wanna see pouring into # your machine. # # Bugs: # 1) It was crashing when the source address was a # multicast address, but for some reason this # problem disappeared. :shrug: # 2) Doesn't check for properly formatted source/destination # hosts. If you can't give it proper arguments, then # thats your own damn fault. # # (jhart@ccs.neu.edu) work/school # and/or # (warchild@spoofed.org) home/play ################################# use strict; use diagnostics; use locale; use Socket; use Net::RawIP; use Getopt::Long; $ENV{'PATH'} = "/usr/bin:/bin"; delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; my $saddr; # source address my $daddr; # destination address my $sport; # source port my $dport; # destination port my $num; # number of packets to send my $delay; # delay between each packet (seconds) my $flags; # flags to set my $data; # data to send with packet my $debug; # get our options in place GetOptions( "src=s" => \(my $opt_saddr), "dest=s" => \(my $opt_daddr), "srcp=i" => \(my $opt_sport), "destp=i" => \(my $opt_dport), "num=i" => \(my $opt_num), "delay=i" => \(my $opt_delay), "flags=s" => \(my $opt_flags), "data=s" => \(my $opt_data), "help" => \(my $opt_help), "debug" => \(my $opt_debug)) or die "$!\n"; # setup defaults if not given any options if (defined($opt_help)) { print OPTIONS: --src (default: random) --srcp (default: random) --destp (default: random) --num (defualt: 5) --delay (default: 2) --flags (default: random) --data (default: none) --debug (Print constructed packet) --help (This message) Example: ./xmas --dest 12.10.116.200 --destp 22 --num 1000 --delay 0 --data "foo" Captured by snort: 06/23-08:49:27.625471 0:0:0:0:0:0 -> 0:0:0:0:0:0 type:0x800 len:0x39 120.81.114.73:57760 -> 12.10.116.200:22 TCP TTL:162 TOS:0x5B ID:36828 IpLen:20 DgmLen:43 DF **U*P*S* Seq: 0xBF330583 Ack: 0x1197D019 Win: 0x21DB TcpLen: 20 UrgPtr: 0x0 foo EOF exit; } # parse the options and set defaults if needed if (!defined($opt_num)) { $num = 5; } else { $num = $opt_num; } if (!defined($opt_delay)) { $delay = 2; } else { $delay = $opt_delay; } if (!defined($opt_data)) { $data = ""; } else { $data = $opt_data; } if (defined($opt_debug)) { $debug = $opt_debug; } if (!defined($opt_daddr)) { print "Try 'xmas --help for options'\n"; } else { # sanity check the destination host first, resolve if needed. if ($opt_daddr =~ /^([\d.]+)$/) { if ($opt_debug) { print "Not resolving $1\n"; } $daddr = $1; } elsif ($opt_daddr =~ /^([\d.\w-]+)$/) { if ($opt_debug) { print "Resolving $1\n"; } my $packedip = gethostbyname($1) or die "Couldn't resolve $1: $!\n"; $daddr = inet_ntoa($packedip); } else { die "Couldn't determine destination host format, wtf!\n"; } # now check the source host, resolve if needed. if (defined($opt_saddr)) { if ($opt_saddr =~ /^([\d.]+)$/) { $saddr = $1; } elsif ($opt_saddr =~ /^([\d.\w-]+)$/) { my $packedip = gethostbyname($1) or die "Coulding resolve $1: $!\n"; $saddr = inet_ntoa($packedip); } else { die "Couldn't determine source host format, wtf!\n"; } } # pick out the flags #if (defined($opt_flags) && ($opt_flags =~ /[a]|[f]|[p]|[s]|[u]/i)) { # my %flag_hash; # foreach (split(//, $opt_flags)) { # print "\l$_\n"; # unless (exists($flag_hash{$_})) { # $flag_hash{$_} = 1; # $flags .= $_; # } # } #} else { $flags = ""; } if (defined($opt_flags)) { my %seen; $opt_flags =~ tr/afprsu//dsc; my @uniq_flags = grep { ! $seen{$_} ++ } split(//, $opt_flags); foreach (@uniq_flags) { $flags .= $_; } } else { $flags = ""; } for(my $i = 0; $i { id => $id, tos => $tos, ttl => $ttl, daddr => $dest, saddr => $source }, tcp => { source => $sport, dest => $dport, seq => $src_isn, ack_seq => $src_ack, window => $window, ack => $ack, syn => $syn, rst => $rst, psh => $psh, fin => $fin, urg => $urg, data => $data } }); $xmas_pack->send; }