Class: Rex::Socket::RangeWalker

Inherits:

Object

• Object
• Rex::Socket::RangeWalker

Defined in:

lib/rex/socket/range_walker.rb

Overview

This class provides an interface to enumerating an IP range

This class uses start,stop pairs to represent ranges of addresses. This is very efficient for large numbers of consecutive addresses, and not show-stoppingly inefficient when storing a bunch of non-consecutive addresses, which should be a somewhat unusual case.

Defined Under Namespace

Classes: UnitTest

Instance Attribute Summary

• #length ⇒ Object (also: #num_ips) readonly

  The total number of IPs within the range.

• #ranges ⇒ Object readonly

  Returns the value of attribute ranges.

Class Method Summary

• .parse(parseme) ⇒ Object

  Calls the instance method.

Instance Method Summary

• #each(&block) ⇒ Object

  Calls the given block with each address.

• #expand_cidr(arg) ⇒ Object

  Returns an array with one element, a Range defined by the given CIDR block.

• #expand_nmap(arg) ⇒ Object

  Expands an nmap-style host range x.x.x.x where x can be simply “*” which means 0-255 or any combination and repitition of: i,n n-m i,n-m n-m,i ensuring that n is never greater than m.

• #include?(addr) ⇒ Boolean

  Returns true if the argument is an ip address that falls within any of the stored ranges.

• #include_range?(range_walker) ⇒ Boolean

  Returns true if this RangeWalker includes all of the addresses in the given RangeWalker.

• #initialize(parseme) ⇒ RangeWalker constructor

  Initializes a walker instance using the supplied range.

• #next_ip ⇒ Object

  Returns the next IP address.

• #parse(parseme) ⇒ Object

  Turn a human-readable range string into ranges we can step through one address at a time.

• #reset ⇒ Object

  Resets the subnet walker back to its original state.

• #valid? ⇒ Boolean

Constructor Details

#initialize(parseme) ⇒ RangeWalker

Initializes a walker instance using the supplied range

# File 'lib/rex/socket/range_walker.rb', line 22

def initialize(parseme)
	if parseme.is_a? RangeWalker
		@ranges = parseme.ranges.dup
	else
		@ranges = parse(parseme)
	end
	reset
end

Instance Attribute Details

#length ⇒ Object (readonly) Also known as: num_ips

The total number of IPs within the range

# File 'lib/rex/socket/range_walker.rb', line 372

def length
  @length
end

#ranges ⇒ Object (readonly)

Returns the value of attribute ranges.

# File 'lib/rex/socket/range_walker.rb', line 377

def ranges
  @ranges
end

Class Method Details

.parse(parseme) ⇒ Object

Calls the instance method

This is basically only useful for determining if a range can be parsed

# File 'lib/rex/socket/range_walker.rb', line 36

def self.parse(parseme)
	self.new.parse(parseme)
end

Instance Method Details

#each(&block) ⇒ Object

Calls the given block with each address. This is basically a wrapper for #next_ip

# File 'lib/rex/socket/range_walker.rb', line 217

def each(&block)
	while (ip = next_ip)
		block.call(ip)
	end
end

#expand_cidr(arg) ⇒ Object

Returns an array with one element, a Range defined by the given CIDR block.

# File 'lib/rex/socket/range_walker.rb', line 227

def expand_cidr(arg)
	start,stop = Rex::Socket.cidr_crack(arg)
	if !start or !stop
		return false
	end
	range = Range.new
	range.start = Rex::Socket.addr_atoi(start)
	range.stop = Rex::Socket.addr_atoi(stop)
	range.ipv6 = (arg.include?(":"))
	range.options = {}

	return range
end

#expand_nmap(arg) ⇒ Object

Expands an nmap-style host range x.x.x.x where x can be simply “*” which means 0-255 or any combination and repitition of:

i,n
n-m
i,n-m
n-m,i

ensuring that n is never greater than m.

non-unique elements will be removed

e.g.:
  10.1.1.1-3,2-2,2 =>  ["10.1.1.1", "10.1.1.2", "10.1.1.3"]
  10.1.1.1-3,7 =>  ["10.1.1.1", "10.1.1.2", "10.1.1.3", "10.1.1.7"]

Returns an array of Ranges

# File 'lib/rex/socket/range_walker.rb', line 257

def expand_nmap(arg)
	# Can't really do anything with IPv6
	return false if arg.include?(":")

	# nmap calls these errors, but it's hard to catch them with our
	# splitting below, so short-cut them here
	return false if arg.include?(",-") or arg.include?("-,")

	bytes = []
	sections = arg.split('.')
	if sections.length != 4
		# Too many or not enough dots
		return false
	end
	sections.each { |section|
		if section.empty?
			# pretty sure this is an unintentional artifact of the C
			# functions that turn strings into ints, but it sort of makes
			# sense, so why not
			#   "10...1" => "10.0.0.1"
			section = "0"
		end

		if section == "*"
			# I think this ought to be 1-254, but this is how nmap does it.
			section = "0-255"
		elsif section.include?("*")
			return false
		end

		# Break down the sections into ranges like so
		# "1-3,5-7" => ["1-3", "5-7"]
		ranges = section.split(',', -1)
		sets = []
		ranges.each { |r|
			bounds = []
			if r.include?('-')
				# Then it's an actual range, break it down into start,stop
				# pairs:
				#   "1-3" => [ 1, 3 ]
				# if the lower bound is empty, start at 0
				# if the upper bound is empty, stop at 255
				#
				bounds = r.split('-', -1)
				return false if (bounds.length > 2)

				bounds[0] = 0   if bounds[0].nil? or bounds[0].empty?
				bounds[1] = 255 if bounds[1].nil? or bounds[1].empty?
				bounds.map!{|b| b.to_i}
				return false if bounds[0] > bounds[1]
			else
				# Then it's a single value
				bounds[0] = r.to_i
			end
			return false if bounds[0] > 255 or (bounds[1] and bounds[1] > 255)
			return false if bounds[1] and bounds[0] > bounds[1]
			if bounds[1]
				bounds[0].upto(bounds[1]) do |i|
					sets.push(i)
				end
			elsif bounds[0]
				sets.push(bounds[0])
			end
		}
		bytes.push(sets.sort.uniq)
	}

	#
	# Combinitorically squish all of the quads together into a big list of
	# ip addresses, stored as ints
	#
	# e.g.:
	#  [[1],[1],[1,2],[1,2]]
	#  =>
	#  [atoi("1.1.1.1"),atoi("1.1.1.2"),atoi("1.1.2.1"),atoi("1.1.2.2")]
	addrs = []
	for a in bytes[0]
		for b in bytes[1]
			for c in bytes[2]
				for d in bytes[3]
					ip = (a << 24) + (b << 16) + (c << 8) + d
					addrs.push ip
				end
			end
		end
	end

	addrs.sort!
	addrs.uniq!

	rng = Range.new
	rng.ipv6 = false
	rng.options = {}
	rng.start = addrs[0]

	ranges = []
	1.upto(addrs.length - 1) do |idx|
		if addrs[idx - 1] + 1 == addrs[idx]
			# Then this address is contained in the current range
			next
		else
			# Then this address is the upper bound for the current range
			rng.stop = addrs[idx - 1]
			ranges.push(rng.dup)
			rng.start = addrs[idx]
		end
	end
	rng.stop = addrs[addrs.length - 1]
	ranges.push(rng.dup)
	return ranges
end

#include?(addr) ⇒ Boolean

Returns true if the argument is an ip address that falls within any of the stored ranges.

Returns:

• (Boolean)

# File 'lib/rex/socket/range_walker.rb', line 184

def include?(addr)
	return false if not @ranges
	if (addr.is_a? String)
		addr = Rex::Socket.addr_atoi(addr)
	end
	@ranges.map { |r|
		if r[0] <= addr and addr <= r[1]
			return true
		end
	}
	return false
end

#include_range?(range_walker) ⇒ Boolean

Returns true if this RangeWalker includes all of the addresses in the given RangeWalker

Returns:

• (Boolean)

# File 'lib/rex/socket/range_walker.rb', line 201

def include_range?(range_walker)
	return false if ((not @ranges) or @ranges.empty?)
	return false if not range_walker.ranges

	range_walker.ranges.all? do |start, stop|
		ranges.any? do |self_start, self_stop|
			r = (self_start..self_stop)
			r.include?(start) and r.include?(stop)
		end
	end
end

#next_ip ⇒ Object

Returns the next IP address.

# File 'lib/rex/socket/range_walker.rb', line 157

def next_ip
	return false if not valid?
	if (@curr_addr > @ranges[@curr_range][1])
		if (@curr_range >= @ranges.length - 1)
			return nil
		end
		@curr_range += 1
		@curr_addr = @ranges[@curr_range][0]
	end
	addr = Rex::Socket.addr_itoa(@curr_addr, @ranges[@curr_range][2])

	if @ranges[@curr_range][3][:scope_id]
		addr = addr + '%' + @ranges[@curr_range][3][:scope_id]
	end

	@curr_addr += 1
	return addr
end

#parse(parseme) ⇒ Object

Turn a human-readable range string into ranges we can step through one address at a time.

Allow the following formats: “a.b.c.d e.f.g.h” “a.b.c.d, e.f.g.h” where each chunk is CIDR notation, (e.g. ‘10.1.1.0/24’) or a range in nmap format (see expand_nmap)

OR this format “a.b.c.d-e.f.g.h” where a.b.c.d and e.f.g.h are single IPs and the second must be bigger than the first.

# File 'lib/rex/socket/range_walker.rb', line 53

def parse(parseme)
	return nil if not parseme
	ranges = []
	parseme.split(', ').map{ |a| a.split(' ') }.flatten.each { |arg|
		opts = {}

		# Handle IPv6 first (support ranges, but not CIDR)
		if arg.include?(":")
			addrs = arg.split('-', 2)

			# Handle a single address
			if addrs.length == 1
				addr, scope_id = addrs[0].split('%')
				opts[:scope_id] = scope_id if scope_id

				return false unless Rex::Socket.is_ipv6?(addr)
				addr = Rex::Socket.addr_atoi(addr)
				ranges.push [addr, addr, true, opts]
				next
			end

			addr1, scope_id = addrs[0].split('%')
			opts[:scope_id] = scope_id if scope_id

			addr2, scope_id = addrs[0].split('%')
			( opts[:scope_id] ||= scope_id ) if scope_id

			return false if not (Rex::Socket.is_ipv6?(addr1) and Rex::Socket.is_ipv6?(addr2))

			# Handle IPv6 ranges in the form of 2001::1-2001::10
			addr1 = Rex::Socket.addr_atoi(addr1)
			addr2 = Rex::Socket.addr_atoi(addr2)

			ranges.push [addr1, addr2, true, opts]
			next

		# Handle IPv4 CIDR
		elsif arg.include?("/")
			# Then it's CIDR notation and needs special case
			return false if arg =~ /[,-]/ # Improper CIDR notation (can't mix with 1,3 or 1-3 style IP ranges)
			return false if arg.scan("/").size > 1 # ..but there are too many slashes
			ip_part,mask_part = arg.split("/")
			return false if ip_part.nil? or ip_part.empty? or mask_part.nil? or mask_part.empty?
			return false if mask_part !~ /^[0-9]{1,2}$/ # Illegal mask -- numerals only
			return false if mask_part.to_i > 32 # This too -- between 0 and 32.
			begin
				Rex::Socket.addr_atoi(ip_part) # This allows for "www.metasploit.com/24" which is fun.
			rescue Resolv::ResolvError
				return false # Can't resolve the ip_part, so bail.
			end

			expanded = expand_cidr(arg)
			if expanded
				ranges.push(expanded)
			else
				return false
			end

		# Handle hostnames
		elsif arg =~ /[^-0-9,.*]/
			# Then it's a domain name and we should send it on to addr_atoi
			# unmolested to force a DNS lookup.
			Rex::Socket.addr_atoi_list(arg).each { |addr| ranges.push [addr, addr, false, opts] }

		# Handle IPv4 ranges
		elsif arg =~ /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/
			# Then it's in the format of 1.2.3.4-5.6.7.8
			# Note, this will /not/ deal with DNS names, or the fancy/obscure 10...1-10...2
			begin
				addrs = [Rex::Socket.addr_atoi($1), Rex::Socket.addr_atoi($2)]
				return false if addrs[0] > addrs[1] # The end is greater than the beginning.
				ranges.push [addrs[0], addrs[1], false, opts]
			rescue Resolv::ResolvError # Something's broken, forget it.
				return false
			end
		else
			# Returns an array of ranges
			expanded = expand_nmap(arg)
			if expanded
				expanded.each { |r| ranges.push(r) }
			end
		end
	}

	# Remove any duplicate ranges
	ranges = ranges.uniq

	return ranges
end

#reset ⇒ Object

Resets the subnet walker back to its original state.

# File 'lib/rex/socket/range_walker.rb', line 146

def reset
	return false if not valid?
	@curr_range = 0
	@curr_addr = @ranges[0][0]
	@length = 0
	@ranges.each { |r| @length += r[1] - r[0] + 1 }
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rex/socket/range_walker.rb', line 176

def valid?
	(@ranges and not @ranges.empty?)
end