New port: unicornscan, a UDP and TCP portscanner that can be used

for information gathering using fingerprinting (p0f based) and
banner grabbing techniques.

PR:		ports/72752
Submitted by:	Jon Passki <cykyc(at)yahoo.com>
Approved by:	nectar (mentor)

10 files changed, 334 insertions, 0 deletions

diff --git a/security/unicornscan/Makefile b/security/unicornscan/Makefile
new file mode 100644
index 000000000000..723fd609f70c
--- /dev/null
+++ b/security/unicornscan/Makefile
@@ -0,0 +1,64 @@
+# New ports collection makefile for:	unicornscan
+# Date created:		4 October 2004
+# Whom:			cykyc
+#
+# $FreeBSD$
+#
+
+PORTNAME=	unicornscan
+PORTVERSION=	0.4.2
+CATEGORIES=	security
+MASTER_SITES=	http://www.dyadsecurity.com/unicornscan/
+
+MAINTAINER=	cykyc@yahoo.com
+COMMENT=	Next-generation of udpscan plus a high-speed TCP scanner
+
+BUILD_DEPENDS=	${LOCALBASE}/include/libnet/libnet-types.h:${PORTSDIR}/net/libnet-devel
+
+USE_GMAKE=	yes
+USE_REINPLACE=	yes
+
+MAN1=		unicornscan.1
+
+PKGMESSAGE=     ${WRKDIR}/pkg-message
+
+post-patch:
+.for text in pkg-message
+	@${SED} -e 's,%%PREFIX%%,${PREFIX},g' \
+	${PKGDIR}/${text} >${WRKDIR}/${text}
+.endfor
+
+do-install:
+	${MKDIR} ${PREFIX}/etc/unicornscan
+	${MKDIR} ${PREFIX}/libexec/unicornscan/modules
+	${MKDIR} ${PREFIX}/share/unicornscan
+	${MKDIR} ${PREFIX}/var/unicornscan
+	${INSTALL_PROGRAM} ${WRKSRC}/src/unicornscan ${PREFIX}/bin/
+	${INSTALL_PROGRAM} ${WRKSRC}/src/tools/fantaip ${PREFIX}/bin/
+	${INSTALL_PROGRAM} ${WRKSRC}/src/scan_progs/unisend ${PREFIX}/libexec/unicornscan
+	${INSTALL_PROGRAM} ${WRKSRC}/src/scan_progs/unilisten ${PREFIX}/libexec/unicornscan
+	${REINPLACE_CMD} -e 's|/usr/local/share|${PREFIX}/etc|' \
+		${WRKSRC}/fconf/unicorn.conf
+	for confs in ${WRKSRC}/fconf/*.conf; do\
+		${INSTALL_DATA} $$confs ${PREFIX}/etc/unicornscan/`basename $$confs`.sample ;\
+	done
+	${INSTALL_DATA} ${WRKSRC}/fconf/port-numbers ${PREFIX}/share/unicornscan
+	for mods in ${WRKSRC}/src/payload_modules/*.so; do\
+		${INSTALL_PROGRAM} $$mods ${PREFIX}/libexec/unicornscan/modules/ ;\
+	done
+	for mods in ${WRKSRC}/src/report_modules/shlibs/*.so; do\
+		${INSTALL_PROGRAM} $$mods ${PREFIX}/libexec/unicornscan/modules/ ;\
+	done
+	for pofs in p0f.fp p0fa.fp p0fr.fp; do\
+		${INSTALL_DATA} ${WRKSRC}/src/report_modules/p0f/$$pofs ${PREFIX}/share/unicornscan/ ;\
+	done
+	${INSTALL_PROGRAM} ${WRKSRC}/src/report_modules/shlibs/libp0f.so \
+		${PREFIX}/libexec/unicornscan/modules/
+	${INSTALL_MAN} ${WRKSRC}/docs/unicornscan.1 ${PREFIX}/man/man1/
+	for files in LICENSE README misc/UDP_PAYLOADS_NEEDED \
+	TODO_BUGSTOFIX README.database; do\
+		${INSTALL_DATA} ${WRKSRC}/$$files ${PREFIX}/share/unicornscan/ ;\
+	done
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/unicornscan/distinfo b/security/unicornscan/distinfo
new file mode 100644
index 000000000000..a55e9d5bf9c3
--- /dev/null
+++ b/security/unicornscan/distinfo
@@ -0,0 +1,2 @@
+MD5 (unicornscan-0.4.2.tar.gz) = ead101f91e4897ae08180330eefb8924
+SIZE (unicornscan-0.4.2.tar.gz) = 1911126
diff --git a/security/unicornscan/files/patch-Makefile b/security/unicornscan/files/patch-Makefile
new file mode 100644
index 000000000000..9eaffa984a89
--- /dev/null
+++ b/security/unicornscan/files/patch-Makefile
@@ -0,0 +1,8 @@
+--- Makefile.orig	Mon Oct  4 23:22:49 2004
++++ Makefile	Mon Oct  4 23:22:55 2004
+@@ -1,4 +1,4 @@
+-default:
++all default:
+ 	(cd libs && make)
+ 	(cd src && make)
+ 
diff --git a/security/unicornscan/files/patch-dlerror-bug b/security/unicornscan/files/patch-dlerror-bug
new file mode 100644
index 000000000000..4e4cd66ffc7b
--- /dev/null
+++ b/security/unicornscan/files/patch-dlerror-bug
@@ -0,0 +1,109 @@
+diff -ru src/config.h src/config.h
+--- src/config.h	2004-09-30 03:29:05.000000000 -0700
++++ src/config.h	2004-10-05 18:05:17.000000000 -0700
+@@ -87,6 +87,11 @@
+  * XXX
+  */
+ 
++/*
++ * this really shouldnt matter to much
++ */
++#define DL_ERROR_RET const char *
++
+ /* tuneables */
+ #define SHLIB_EXT ".so"
+ 
+diff -ru src/modules.c src/modules.c
+--- src/modules.c	2004-09-30 03:29:05.000000000 -0700
++++ src/modules.c	2004-10-05 18:02:42.000000000 -0700
+@@ -39,6 +39,7 @@
+ 	DIR *moddir=NULL;
+ 	struct dirent *de=NULL;
+ 	mod_entry_t *mnew=NULL, *last=NULL;
++	DL_ERROR_RET dl_estr=NULL;
+ 
+ 	if (s->verbose > 5) MSG(M_DBG1, "Opening dir `%s'", s->mod_dir);
+ 
+@@ -87,16 +88,18 @@
+ 		}
+ 
+ 		mnew->dl_init_module=(int (*)(mod_entry_t *))dlsym(mnew->handle, "init_module");
+-		if (dlerror() != NULL) {
+-			MSG(M_ERR, "Can't find initialization hook for module `%s': %s", mnew->fname, dlerror());
++		dl_estr=dlerror();
++		if (dl_estr != NULL) {
++			MSG(M_ERR, "Can't find initialization hook for module `%s': %s", mnew->fname, dl_estr);
+ 			dlclose(mnew->handle);
+ 			xfree(mnew);
+ 			continue;
+ 		}
+ 
+ 		mnew->dl_delete_module=(void (*)(void))dlsym(mnew->handle, "delete_module");
+-		if (dlerror() != NULL) {
+-			MSG(M_ERR, "Can't find shutdown hook for module `%s': %s", mnew->fname, dlerror());
++		dl_estr=dlerror();
++		if (dl_estr != NULL) {
++			MSG(M_ERR, "Can't find shutdown hook for module `%s': %s", mnew->fname, dl_estr);
+ 			dlclose(mnew->handle);
+ 			xfree(mnew);
+ 			continue;
+@@ -174,6 +177,7 @@
+ 
+ int init_payload_modules(void) {
+ 	mod_entry_t *walk=NULL;
++	DL_ERROR_RET dl_estr=NULL;
+ 
+ 	if (mod_list_head == NULL) return 1;
+ 
+@@ -182,8 +186,9 @@
+ 	for (walk=mod_list_head ; walk != NULL ; walk=walk->next) {
+ 		if (walk->type == MI_TYPE_PAYLOAD) {
+ 			walk->func_u.dl_create_payload=(int (*)(uint8_t **, uint32_t *))dlsym(walk->handle, "create_payload");
+-			if (dlerror() != NULL) {
+-				MSG(M_ERR, "Can't find payload initialization hook for module `%s': %s", walk->fname, dlerror());
++			dl_estr=dlerror();
++			if (dl_estr != NULL) {
++				MSG(M_ERR, "Can't find payload initialization hook for module `%s': %s", walk->fname, dl_estr);
+ 				dlclose(walk->handle);
+ 				continue;
+ 			}
+@@ -209,6 +214,7 @@
+ 
+ int init_output_modules(void) {
+ 	mod_entry_t *walk=NULL;
++	DL_ERROR_RET dl_estr=NULL;
+ 
+ 	if (mod_list_head == NULL) return 1;
+ 
+@@ -222,8 +228,9 @@
+ 				continue;
+ 			}
+ 
+-			if (dlerror() != NULL) {
+-				MSG(M_ERR, "Can't find output initialization hook for module `%s': %s", walk->fname, dlerror());
++			dl_estr=dlerror();
++			if (dl_estr != NULL) {
++				MSG(M_ERR, "Can't find output initialization hook for module `%s': %s", walk->fname, dl_estr);
+ 				dlclose(walk->handle);
+ 				continue;
+ 			}
+@@ -245,6 +252,7 @@
+ 
+ int init_report_modules(void) {
+ 	mod_entry_t *walk=NULL;
++	DL_ERROR_RET dl_estr=NULL;
+ 
+ 	if (mod_list_head == NULL) return 1;
+ 
+@@ -258,8 +266,9 @@
+ 				continue;
+ 			}
+ 
+-			if (dlerror() != NULL) {
+-				MSG(M_ERR, "Can't find report initialization hook for module `%s': %s", walk->fname, dlerror());
++			dl_estr=dlerror();
++			if (dl_estr != NULL) {
++				MSG(M_ERR, "Can't find report initialization hook for module `%s': %s", walk->fname, dl_estr);
+ 				dlclose(walk->handle);
+ 				continue;
+ 			}
diff --git a/security/unicornscan/files/patch-libs::Makefile b/security/unicornscan/files/patch-libs::Makefile
new file mode 100644
index 000000000000..b5afb29c6ce7
--- /dev/null
+++ b/security/unicornscan/files/patch-libs::Makefile
@@ -0,0 +1,36 @@
+--- libs/Makefile.orig	Thu Sep 30 05:29:05 2004
++++ libs/Makefile	Tue Oct  5 13:36:57 2004
+@@ -6,30 +6,10 @@
+ default: pcap_test libnet_test
+ 
+ pcap_test: pcap_test.c
+-	($(CC) $(CFLAGS) -o pcap_test pcap_test.c -lpcap $(LDADD) 2>/dev/null || $(MAKE) libpcap)
++	$(CC) $(CFLAGS) -o pcap_test pcap_test.c -lpcap $(LDADD)
+ 
+ libnet_test: libnet_test.c
+-	($(CC) $(CFLAGS) -o libnet_test libnet_test.c -lpcap -lnet $(LDADD) 2>/dev/null || $(MAKE) libnet)
+-	
+-
+-libnet: libnet/stamp
+-
+-libnet.tar.gz:
+-	wget http://www.packetfactory.net/libnet/dist/libnet.tar.gz
+-
+-libnet/stamp: libnet.tar.gz
+-	zcat libnet.tar.gz | tar -xvf -
+-	cd libnet && patch -p1 < ../libnet-nosample.patch && CPPFLAGS="-I`pwd`/../fake/include" LDFLAGS="-L`pwd`/../fake/lib" CFLAGS="$(BASECFLAGS)" ./configure --prefix=`pwd`/../fake && CPPFLAGS="-I`pwd`/../fake/include" LDFLAGS="-L`pwd`/../fake/lib" CFLAGS="$(BASECFLAGS)" $(MAKE) && $(MAKE) install && touch stamp
+-	cd ..
+-
+-libpcap: libpcap-$(PCAPVER)/stamp
+-
+-libpcap-$(PCAPVER)/stamp: libpcap-$(PCAPVER).tar.gz
+-	zcat libpcap-$(PCAPVER).tar.gz | tar -xvf -
+-	cd libpcap-$(PCAPVER) && CFLAGS="$(BASECFLAGS)" ./configure --prefix=`pwd`/../fake && CFLAGS="$(BASECFLAGS)" $(MAKE) && $(MAKE) install && touch stamp
+-
+-libpcap-$(PCAPVER).tar.gz:
+-	wget http://tcpdump.org/release/libpcap-$(PCAPVER).tar.gz
++	$(CC) $(CFLAGS) -o libnet_test libnet_test.c -lpcap -lnet $(LDADD)
+ 
+ clean:
+-	rm -rf fake libnet libpcap-$(PCAPVER) pcap_test libnet_test
++	rm -rf fake pcap_test libnet_test
diff --git a/security/unicornscan/files/patch-src::Makefile.inc b/security/unicornscan/files/patch-src::Makefile.inc
new file mode 100644
index 000000000000..a8f1455e4f7c
--- /dev/null
+++ b/security/unicornscan/files/patch-src::Makefile.inc
@@ -0,0 +1,25 @@
+--- src/Makefile.inc.orig	Thu Sep 30 05:29:05 2004
++++ src/Makefile.inc	Tue Oct  5 11:07:49 2004
+@@ -1,8 +1,7 @@
+ # gcc only
+ CC=gcc
+ 
+-PREFIX=/usr/local
+-LOCALSTATEDIR=/var
++LOCALSTATEDIR=${PREFIX}/var
+ TARGETNAME=unicornscan
+ SENDERNAME=unisend
+ LISTENERNAME=unilisten
+@@ -23,10 +22,10 @@
+ #LDADD=-lsocket -lnsl -ldl -lposix4 -lresolv
+ 
+ # freebsd, netbsd example
+-#LDADD=
++LDADD=
+ 
+ # linux example
+-LDADD=-ldl
++#LDADD=-ldl
+ 
+ # selinux example
+ #LDADD=-ldl -lselinux
diff --git a/security/unicornscan/files/patch-src::config.h b/security/unicornscan/files/patch-src::config.h
new file mode 100644
index 000000000000..4e15c5bb09ef
--- /dev/null
+++ b/security/unicornscan/files/patch-src::config.h
@@ -0,0 +1,47 @@
+--- src/config.h.orig	Mon Oct  4 21:42:19 2004
++++ src/config.h	Mon Oct  4 21:45:12 2004
+@@ -47,7 +47,7 @@
+  * and are not running linux, however it likely will not work arp scanning.
+  * side note: dont use this on linux, its broken!
+  */
+-/* #define WITH_IFADDRS */
++#define WITH_IFADDRS 
+ 
+ /*
+  * XXX
+@@ -56,13 +56,13 @@
+  * (HINT: define both of none of WITH_IFADDRS and WITH_IF_DL, if you only define one, expect serious compile errors)
+  * if you have solaris, then you need this, and pray things work out for you.
+  */
+-/* #define WITH_IF_DL */
++#define WITH_IF_DL
+ 
+ /*
+  * bsd'ish boxes with bpf stuff included with the system, otherwise dont use it.
+  * linux people dont need this really even if they think they have this
+  */
+-/*#define HAVE_BPF_H */
++#define HAVE_BPF_H 
+ 
+ /*
+  * most people these days have this file, if you _dont_ have it, then youll need to put the "full path"
+@@ -80,7 +80,7 @@
+  * with linux, define this (or if you have /proc/net/route)
+  * otherwise use we will make due, remeber to use -i if you dont have /proc/net/route
+  */
+-#define HAVE_PROC_NET_ROUTE
++/* #define HAVE_PROC_NET_ROUTE */
+ /*
+  * XXX
+  * you shouldnt have to play with these, most likely
+@@ -123,8 +123,8 @@
+ 
+ #define MODULE_DIR	PREFIX "/libexec/" TARGETNAME "/modules"
+ #define PORT_NUMBERS	PREFIX "/share/" TARGETNAME "/port-numbers"
+-#define CONF_FILE	PREFIX "/share/" TARGETNAME "/unicorn.conf"
+-#define OUI_CONF	PREFIX "/share/" TARGETNAME "/oui.conf"
++#define CONF_FILE	PREFIX "/etc/" TARGETNAME "/unicorn.conf"
++#define OUI_CONF	PREFIX "/etc/" TARGETNAME "/oui.conf"
+ #define SENDER_PATH	PREFIX "/libexec/" TARGETNAME "/" SENDERNAME
+ #define LISTENER_PATH	PREFIX "/libexec/" TARGETNAME "/" LISTENERNAME
+ 
diff --git a/security/unicornscan/pkg-descr b/security/unicornscan/pkg-descr
new file mode 100644
index 000000000000..a46c5cbe8ecc
--- /dev/null
+++ b/security/unicornscan/pkg-descr
@@ -0,0 +1,6 @@
+"Unicornscan is a new information gathering and correlation engine
+built for and by members of the security research and testing
+communities. It was designed to provide an engine that is Scalable,
+Accurate, Flexible, and Efficient."
+
+WWW: http://www.dyadsecurity.com/s_unicornscan.html
diff --git a/security/unicornscan/pkg-message b/security/unicornscan/pkg-message
new file mode 100644
index 000000000000..0889e5aed86e
--- /dev/null
+++ b/security/unicornscan/pkg-message
@@ -0,0 +1,9 @@
+
+##############################################
+unicornscan has been successfully installed!
+
+Check the sample configuration files in 
+%%PREFIX%%/etc/unicornscan
+and rename or copy without the .sample suffix.
+##############################################
+
diff --git a/security/unicornscan/pkg-plist b/security/unicornscan/pkg-plist
new file mode 100644
index 000000000000..85e6dcf056b0
--- /dev/null
+++ b/security/unicornscan/pkg-plist
@@ -0,0 +1,28 @@
+bin/fantaip
+bin/unicornscan
+etc/unicornscan/oui.conf.sample
+etc/unicornscan/payloads.conf.sample
+etc/unicornscan/unicorn.conf.sample
+libexec/unicornscan/modules/libp0f.so
+libexec/unicornscan/modules/libudpstr.so
+libexec/unicornscan/modules/ntalk.so
+libexec/unicornscan/modules/rdns.so
+libexec/unicornscan/modules/sip.so
+libexec/unicornscan/modules/upnp.so
+libexec/unicornscan/unilisten
+libexec/unicornscan/unisend
+share/unicornscan/LICENSE
+share/unicornscan/README
+share/unicornscan/README.database
+share/unicornscan/TODO_BUGSTOFIX
+share/unicornscan/UDP_PAYLOADS_NEEDED
+share/unicornscan/p0f.fp
+share/unicornscan/p0fa.fp
+share/unicornscan/p0fr.fp
+share/unicornscan/port-numbers
+@unexec rmdir %D/var/unicornscan 2>/dev/null || true
+@unexec rmdir %D/var 2>/dev/null || true
+@unexec rmdir %D/share/unicornscan 2>/dev/null || true
+@dirrm libexec/unicornscan/modules
+@dirrm libexec/unicornscan
+@unexec rmdir %D/etc/unicornscan 2>/dev/null || true