/*              \                  /
**     _________))                ((__________
**    /.-------./\\    \    /    //\.--------.\
**   //#######//##\\   ))  ((   //##\\########\\
**  //#######//###((  ((    ))  ))###\\########\\
** ((#######((#####\\  \\  //  //#####))########))
**  \##' `###\######\\  \)(/  //######/####' `##/
**   )'    ``#)'  `##\`->xx<-'/##'  `(#''     `(
**           (       ``\`..'/''       )
**                      \""(
**                       `- )
**     pscan v3.0        / /       by oz0ne
**                      ( /\
**                      /\| \
**                     (  \
**                         )
**                        /
**                       (
**               oz0ne7@hushmail.com
**                     
** 
** pscan v3 is a tcp port scanner that prints the number
** of each open tcp port (within specified range) and the 
** corresponding service name (if its registered) on the target host. 
**
** compile: gcc pscan3.c -o pscan
** usage: ./pscan <target> <start port> <end port>
**
** Warning: scanning unauthorized hosts is illegal.
** I take no responsibility for what you choose to do with this tool.
** This code is free and without warranty
**
** 2000
*/

#include <sys/time.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>

#define MIN_PORT 1
#define MAX_PORT 65535

void usage(char *, char *);

int main(int argc, char *argv[])
{
  struct hostent *hostinfo;
  struct servent *servinfo;
  struct sockaddr_in address;
  int port, end_port, sockfd, len, result;
  char *host, **ipnum, **ipnum_buf, *service;

  if (argc < 4) { 
    usage(argv[0], "pscan v3 by oz0ne (oz0ne7@hushmail.com)"); 
    exit(EXIT_FAILURE); 
  }

  host = argv[1]; 
  hostinfo = gethostbyname(host);
  if (!hostinfo) { 
    usage(argv[0], "pscan: unable to get info for target host");
    exit(EXIT_FAILURE);
  }
  ipnum = hostinfo -> h_addr_list;
  ipnum_buf = hostinfo -> h_addr_list;
  len = sizeof(hostinfo);
  port = atoi(argv[2]);
  end_port = atoi(argv[3]);
  
  printf("\npscan v3 by oz0ne (oz0ne7@hushmail.com)\n");
  if (port < MIN_PORT | port > MAX_PORT) { 
    printf("pscan: invalid start port, using default (%d)\n", MIN_PORT); 
    port = MIN_PORT; 
  }
  if (end_port < port | end_port > MAX_PORT) { 
    printf("pscan: invalid end port, using default (%d)\n", MAX_PORT); 
    end_port = MAX_PORT; 
  }

  printf("\naddress(es): ");
  while(*ipnum) {
    printf("%s", inet_ntoa(*(struct in_addr *)*ipnum));
    ipnum++;
  }
  printf("\nscanning (%s) tcp ports %d - %d\n", 
  inet_ntoa(*(struct in_addr*)*ipnum_buf), port, end_port);

  printf("open ports:\n\n");

  while ( port <= end_port ) {
    sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    address.sin_family = AF_INET;
    address.sin_port = htons(port);
    address.sin_addr = *(struct in_addr *)*hostinfo -> h_addr_list;
    len = sizeof(address);
    result = connect(sockfd, (struct sockaddr *)&address, len);
    
    if (result < 0) { port++; }
    else { 
      servinfo = getservbyport(address.sin_port, "tcp");
      if (servinfo == NULL) { service = " "; }
      else { service = servinfo -> s_name; }
      printf("%d\t%s\n", port, service); 
      port++; 
    }
    close(sockfd);
  }

  printf("\nDone.\n");
  exit(EXIT_SUCCESS);
}


void usage(char *name, char *text) {
  printf("\n%s\n\n", text);
  printf("Usage: %s <target> <start port> <end port>\n", name);
  printf("  target     = ip address or domain name of target host\n");
  printf("  start port = first port to scan\n");
  printf("  end port   = last port to scan\n");
}