get rid of silly top-level trunk dir

COPYING.OpenSSL

@@ -0,0 +1,127 @@
+
+ LICENSE ISSUES
+ ==============
+
+ The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+ the OpenSSL License and the original SSLeay license apply to the toolkit.
+ See below for the actual license texts. Actually both licenses are BSD-style
+ Open Source licenses. In case of any license issues related to OpenSSL
+ please contact [email protected].
+
+ OpenSSL License
+ ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http:https://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * [email protected].
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http:https://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * ([email protected]). This product includes software written by Tim
+ * Hudson ([email protected]).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young ([email protected])
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young ([email protected]).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson ([email protected]).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young ([email protected])"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson ([email protected])"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+

FingerPrintResults.cc

@@ -0,0 +1,214 @@
+
+/***************************************************************************
+ * FingerPrintResults -- The FingerPrintResults class the results of OS *
+ * fingerprint matching against a certain host. *
+ * *
+ ***********************IMPORTANT NMAP LICENSE TERMS************************
+ * *
+ * The Nmap Security Scanner is (C) 1996-2004 Insecure.Com LLC. Nmap *
+ * is also a registered trademark of Insecure.Com LLC. This program is *
+ * free software; you may redistribute and/or modify it under the *
+ * terms of the GNU General Public License as published by the Free *
+ * Software Foundation; Version 2. This guarantees your right to use, *
+ * modify, and redistribute this software under certain conditions. If *
+ * you wish to embed Nmap technology into proprietary software, we may be *
+ * willing to sell alternative licenses (contact [email protected]). *
+ * Many security scanner vendors already license Nmap technology such as *
+ * our remote OS fingerprinting database and code, service/version *
+ * detection system, and port scanning code. *
+ * *
+ * Note that the GPL places important restrictions on "derived works", yet *
+ * it does not provide a detailed definition of that term. To avoid *
+ * misunderstandings, we consider an application to constitute a *
+ * "derivative work" for the purpose of this license if it does any of the *
+ * following: *
+ * o Integrates source code from Nmap *
+ * o Reads or includes Nmap copyrighted data files, such as *
+ * nmap-os-fingerprints or nmap-service-probes. *
+ * o Executes Nmap and parses the results (as opposed to typical shell or *
+ * execution-menu apps, which simply display raw Nmap output and so are *
+ * not derivative works.) * 
+ * o Integrates/includes/aggregates Nmap into a proprietary executable *
+ * installer, such as those produced by InstallShield. *
+ * o Links to a library or executes a program that does any of the above *
+ * *
+ * The term "Nmap" should be taken to also include any portions or derived *
+ * works of Nmap. This list is not exclusive, but is just meant to *
+ * clarify our interpretation of derived works with some common examples. *
+ * These restrictions only apply when you actually redistribute Nmap. For *
+ * example, nothing stops you from writing and selling a proprietary *
+ * front-end to Nmap. Just distribute it by itself, and point people to *
+ * http:https://www.insecure.org/nmap/ to download Nmap. *
+ * *
+ * We don't consider these to be added restrictions on top of the GPL, but *
+ * just a clarification of how we interpret "derived works" as it applies *
+ * to our GPL-licensed Nmap product. This is similar to the way Linus *
+ * Torvalds has announced his interpretation of how "derived works" *
+ * applies to Linux kernel modules. Our interpretation refers only to *
+ * Nmap - we don't speak for any other GPL products. *
+ * *
+ * If you have any questions about the GPL licensing restrictions on using *
+ * Nmap in non-GPL works, we would be happy to help. As mentioned above, *
+ * we also offer alternative license to integrate Nmap into proprietary *
+ * applications and appliances. These contracts have been sold to many *
+ * security vendors, and generally include a perpetual license as well as *
+ * providing for priority support and updates as well as helping to fund *
+ * the continued development of Nmap technology. Please email *
+ * [email protected] for further information. *
+ * *
+ * As a special exception to the GPL terms, Insecure.Com LLC grants *
+ * permission to link the code of this program with any version of the *
+ * OpenSSL library which is distributed under a license identical to that *
+ * listed in the included Copying.OpenSSL file, and distribute linked *
+ * combinations including the two. You must obey the GNU GPL in all *
+ * respects for all of the code used other than OpenSSL. If you modify *
+ * this file, you may extend this exception to your version of the file, *
+ * but you are not obligated to do so. *
+ * *
+ * If you received these files with a written license agreement or *
+ * contract stating terms other than the terms above, then that *
+ * alternative license agreement takes precedence over these comments. *
+ * *
+ * Source is provided to this software because we believe users have a *
+ * right to know exactly what a program is going to do before they run it. *
+ * This also allows you to audit the software for security holes (none *
+ * have been found so far). *
+ * *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, *
+ * and add new features. You are highly encouraged to send your changes *
+ * to [email protected] for possible incorporation into the main *
+ * distribution. By sending these changes to Fyodor or one the *
+ * Insecure.Org development mailing lists, it is assumed that you are *
+ * offering Fyodor and Insecure.Com LLC the unlimited, non-exclusive right *
+ * to reuse, modify, and relicense the code. Nmap will always be *
+ * available Open Source, but this is important because the inability to *
+ * relicense code has caused devastating problems for other Free Software *
+ * projects (such as KDE and NASM). We also occasionally relicense the *
+ * code to third parties as discussed above. If you wish to specify *
+ * special license conditions of your contributions, just say so when you *
+ * send them. *
+ * *
+ * This program is distributed in the hope that it will be useful, but *
+ * WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
+ * General Public License for more details at *
+ * http:https://www.gnu.org/copyleft/gpl.html , or in the COPYING file included *
+ * with Nmap. *
+ * *
+ ***************************************************************************/
+
+/* $Id$ */
+
+#include "FingerPrintResults.h"
+#include "osscan.h"
+#include "NmapOps.h"
+
+extern NmapOps o;
+
+FingerPrintResults::FingerPrintResults() {
+ num_perfect_matches = num_matches = 0;
+ overall_results = OSSCAN_NOMATCHES;
+ memset(accuracy, 0, sizeof(accuracy));
+ isClassified = false;
+ osscan_opentcpport = osscan_closedtcpport = -1;
+ memset(FPs, 0, sizeof(FPs));
+ numFPs = goodFP = 0;
+}
+
+FingerPrintResults::~FingerPrintResults() {
+ int i;
+
+ /* Free OS fingerprints of OS scanning was done */
+ for(i=0; i < numFPs; i++) {
+ freeFingerPrint(FPs[i]);
+ FPs[i] = NULL;
+ }
+ numFPs = 0;
+
+}
+
+const struct OS_Classification_Results *FingerPrintResults::getOSClassification() {
+ if (!isClassified) { populateClassification(); isClassified = true; }
+ return &OSR;
+}
+
+ /* Are the attributes of this fingerprint good enough to warrant submission to the official DB? */
+bool FingerPrintResults::fingerprintSuitableForSubmission() {
+ // TODO: There are many more tests I could (and should) add. Maybe related to
+ // UDP test, TTL, etc.
+ if (o.scan_delay > 500) // This can screw up the sequence timing
+ return false;
+
+ if (osscan_opentcpport < 0 || osscan_closedtcpport < 0 ) // then results won't be complete
+ return false;
+
+ return true;
+}
+
+
+/* Goes through fingerprinting results to populate OSR */
+void FingerPrintResults::populateClassification() {
+ int printno, classno;
+
+ OSR.OSC_num_perfect_matches = OSR.OSC_num_matches = 0;
+ OSR.overall_results = OSSCAN_SUCCESS;
+
+ if (overall_results == OSSCAN_TOOMANYMATCHES) {
+ // The normal classification overflowed so we don't even have all the perfect matches,
+ // I don't see any good reason to do classification.
+ OSR.overall_results = OSSCAN_TOOMANYMATCHES;
+ return;
+ }
+
+ for(printno = 0; printno < num_matches; printno++) {
+ // a single print may have multiple classifications
+ for(classno = 0; classno < prints[printno]->num_OS_Classifications; classno++) {
+ if (!classAlreadyExistsInResults(&(prints[printno]->OS_class[classno]))) {
+ // Then we have to add it ... first ensure we have room
+ if (OSR.OSC_num_matches == MAX_FP_RESULTS) {
+ // Out of space ... if the accuracy of this one is 100%, we have a problem
+ if (accuracy[printno] == 1.0) OSR.overall_results = OSSCAN_TOOMANYMATCHES;
+ return;
+ }
+
+ // We have space, but do we even want this one? No point
+ // including lesser matches if we have 1 or more perfect
+ // matches.
+ if (OSR.OSC_num_perfect_matches > 0 && accuracy[printno] < 1.0) {
+ return;
+ }
+
+ // OK, we will add the new class
+ OSR.OSC[OSR.OSC_num_matches] = &(prints[printno]->OS_class[classno]);
+ OSR.OSC_Accuracy[OSR.OSC_num_matches] = accuracy[printno];
+ if (accuracy[printno] == 1.0) OSR.OSC_num_perfect_matches++;
+ OSR.OSC_num_matches++;
+ }
+ }
+ }
+
+ if (OSR.OSC_num_matches == 0)
+ OSR.overall_results = OSSCAN_NOMATCHES;
+
+ return;
+}
+
+// Go through any previously enterted classes to see if this is a dupe;
+bool FingerPrintResults::classAlreadyExistsInResults(struct OS_Classification *OSC) {
+ int i;
+
+ for (i=0; i < OSR.OSC_num_matches; i++) {
+ if (!strcmp(OSC->OS_Vendor, OSR.OSC[i]->OS_Vendor) &&
+ !strcmp(OSC->OS_Family, OSR.OSC[i]->OS_Family) &&
+ !strcmp(OSC->Device_Type, OSR.OSC[i]->Device_Type) &&
+ !strcmp(OSC->OS_Generation? OSC->OS_Generation : "", 
+ OSR.OSC[i]->OS_Generation? OSR.OSC[i]->OS_Generation : "")) {
+ // Found a duplicate!
+ return true;
+ }
+ }
+
+ // Went through all the results -- no duplicates found
+ return false;
+}
+