centos 6.8 安装 zmap 和 forge-socket 脚本

0x01 添加epel的YUM源,不然很多组件一会会找不到

cd /etc/yum.repos.d/

rpm --import http://mirrors.ustc.edu.cn/fedora/epel/RPM-GPG-KEY-EPEL-6

wget https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/epel?codeblock=0

mv epel?codeblock=0 epel.repo

wget https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/epel?codeblock=1

mv epel?codeblock=1 epel-testing.repo

0x02 更新操作系统

yum makecache

yum update

0x03 安装 zmap 需要的组件

yum install gmp gmp-devel libpcap-devel libunistring-devel gengetopt byacc flex json-c-devel cmake git redis gcc hiredis-devel automake autoconf libtool mlocate

0x04 下载并安装 zmap

git clone https://github.com/zmap/zmap.git

cd zmap

cmake -DENABLE_HARDENING=ON

make && sudo make install

0x05 安装 forge-socket内核模块

git clone https://github.com/ewust/forge_socket.git

cd forge_socket

make

sudo insmod forge_socket.ko     #安装内核模块(测试环境中重启后需要再次安装)

0x06 make 错误

1. .../forge_socket.c:286: error: implicit declaration of function ‘tcp_init_sock’

取消284行的注释，注释286行

282                 // For some reason, tcp_init_congestion_ops doesn't reach us
283                 // so we can just call tcp_init_sock() to set it instead.
284                 icsk->icsk_ca_ops = &tcp_init_congestion_ops;
285                 icsk->icsk_ca_ops = NULL;
286                 //tcp_init_sock(sk);

2. .../forge_socket.c:375: error: too few arguments to function ‘__inet_hash_nolisten’

修改374行的KERNEL_VERSION(2, 6, 33)为KERNEL_VERSION(2, 6, 32)

374 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 32)
375                 __inet_hash_nolisten(sk);
376 #elif LINUX_VERSION_CODE < KERNEL_VERSION(4, 3, 0)
377                 __inet_hash_nolisten(sk, NULL);
378 #else
379                 inet_ehash_nolisten(sk, NULL);
380 #endif

0x07 安装zmap的forge-socket插件

cd ../example/forge-socket

make

0x08 安装forge-socket插件make错误

forge-socket.c:14:19: error: event.h: No such file or directory
forge-socket.c:15:36: error: event2/bufferevent_ssl.h: No such file or directory
forge-socket.c:64: error: expected ‘)’ before ‘fd’
...

1. 下载必须组件libevent，否则无法编译，yum下载的是1.0的版本，无法使用

wget https://github.com/libevent/libevent/archive/release-2.0.21-stable.tar.gz

tar -zxvf release-2.0.21-stable.tar.gz

cd libevent-release-2.0.21-stable

sh autogen.sh

./configure

make && sudo make install

2.make 后运行 forge-socket 出现错误

./forge-socket: error while loading shared libraries: libevent-2.0.so.5: cannot open shared object file: No such file or directory

#执行

LD_DEBUG=libs ./memcached -v

#查看默认路径

/usr/lib/libevent-2.0.so.5

#创建软链接

ln -s /usr/local/lib/libevent-2.0.so.5 /usr/lib/libevent-2.0.so.5

ln -s /usr/local/lib/libevent_extra-2.0.so.5 /usr/lib/libevent_extra-2.0.so.5

0x08 测试forge-socket

echo -e -n "GET / HTTP/1.1\r\nHost: %s\r\n\r\n" > http-req

sudo su

iptables -A OUTPUT -p tcp -m tcp --tcp-flags RST,RST RST,RST -j DROP

ulimit -SHn 1000000 && ulimit -SSn 1000000

zmap -p 80 -B 50M -N 1000 -O extended_file -o - | ./forge-socket -c 8000 -d http-req > http-banners.ou

0x09 悲剧.后记

之前在vps(centos 6.5))上面安装 zmap 和 forge-socket，发现一运行 forge-socket 脚本服务器就重启，因此本地虚拟机搭建 centos 6.8 做测试，发现也是一样的结果，每次运行都重启，VM 提示 虚拟机已禁用CPU，泪奔。有知道原因的朋友还望不吝赐教。

由于无法使用 forge-socket ,所以下载了 zmap1.2.1,将 examples/banner-grab 文件夹复制到 zmap2 的 examples 目录下编译。make 出错，打开 MakeFile 文件，添加lib文件 lockfd.o 。