IP addresses selection enhancements

[Unactived]

Hello,

at the moment, using the tool one can specify an exact list of IP addresses to impersonate in a file, or it defaults to all of them.

It could be nice to:

• be able to specify them from the command line, maybe in a comma-separated list
• be able to use CIDR notation or another way to specify a range of IP addresses
• be able to ignore specific addresses, when impersonating all of them / a range (e.g. with CIDR)

These last two can probably be achieved by careful routing of what to listen to masscanned, e.g. as done in https://masscanned.readthedocs.io/en/latest/usage.html where it's to ignore tcp on a port, but it still looks to me as an interesting feature to have directly in the tool.

In its current state the related part of the codebase already seems to, at least initially, want to support "blacklisting" IPs, but not fully.

e.g. the function to extract ip addresses from the given file, defined at

masscanned/src/utils/parsers.rs

Lines 97 to 135 in 851a418

	fn extract_ip_addresses_only(self, blacklist: Option<HashSet<IpAddr>>) -> HashSet<IpAddr> {
	let mut ip_addresses = HashSet::new();
	let buf = BufReader::new(self);
	for (i, line) in buf.lines().enumerate() {
	let entry: Vec<&str> = match &line {
	Ok(l) => l.split('\t').collect(),
	Err(e) => {
	warn!("cannot read line {} - {}", i, e);
	continue;
	}
	};
	/* Should never occur */
	if entry.is_empty() {
	warn!("cannot parse line: {}", line.expect("error reading line"));
	continue;
	}
	let ip: IpAddr;
	if let Ok(val) = entry[0].parse::<Ipv4Addr>() {
	ip = IpAddr::V4(val);
	} else if let Ok(val) = entry[0].parse::<Ipv6Addr>() {
	ip = IpAddr::V6(val);
	} else {
	warn!(
	"cannot parse IP address from line: {}",
	line.expect("error reading line")
	);
	continue;
	}
	if let Some(ref b) = blacklist {
	if b.contains(&ip) {
	info!("[blacklist] ignoring {}", &ip);
	continue;
	}
	}
	ip_addresses.insert(ip);
	}
	ip_addresses
	}
	}

takes a blacklist Option argument, likely to ignore ip addresses, but doesn't act on it. And when it's called at

masscanned/src/masscanned.rs

Line 179 in 851a418

file.extract_ip_addresses_only(None)

the argument is hardcoded to None.

Maybe this is written down in some todo/roadmap but since I don't have access to it I'm asking anyway.

[p-l-]

Hi there,

First of all, there is no hidden roadmap or todo list for the project, you have access to everything that exists!

I suppose we never felt the need for another way to configure the IP addresses since the current configuration way allows for things like ivre runscans --output ListAll --net 1.2.3.0/12 > iplist; masscanned -i iplist.

But I do agree having something else might be good, you're right. If you want to submit a patch, I'd advice that you first propose (here for example) the options you would like to introduce before coding, so that it can be discussed.

[Frky]

Hi,

Thanks for the issue. I'll look into it. Blacklists are indeed partially implemented but not used, that is because this portion of code (parsers.rs) is copied/pasted from another small tool that we never published.