| 1 | + | // Copyright (c) 2024 Cryptic Red |
| 2 | + | // Written by Darren McDonald |
| 3 | + | // |
| 4 | + | // All rights reserved. This code and the accompanying application are protected by copyright |
| 5 | + | // and may not be copied, reproduced, or used in any manner without the explicit written |
| 6 | + | // permission of Cryptic Red. |
| 7 | + | |
| 8 | + | const RTP_PORT_RANGE_START: u16 = 16384; |
| 9 | + | const RTP_PORT_RANGE_END: u16 = 32767; |
| 10 | + | |
| 11 | + | #[derive(Clone)] |
| 12 | + | pub struct Args { |
| 13 | + | pub host: IpAddr, |
| 14 | + | pub port_range: (u16, u16), |
| 15 | + | pub output_file: String, |
| 16 | + | pub max_threads: u8, |
| 17 | + | } |
| 18 | + | |
| 19 | + | use std::net::IpAddr; |
| 20 | + | |
| 21 | + | impl Args { |
| 22 | + | pub fn new() -> Result<Args,()> { |
| 23 | + | |
| 24 | + | //get a vector of the command line arguments |
| 25 | + | let mut args: Vec<String> = std::env::args().collect(); |
| 26 | + | |
| 27 | + | //is one of the arguements -h? |
| 28 | + | let host: IpAddr = if args.contains(&String::from("-h")) { |
| 29 | + | //get the index of the -h arguement |
| 30 | + | let index = args.iter().position(|r| r == "-h").unwrap(); |
| 31 | + | //get the next arguement |
| 32 | + | let host = &args[index + 1].clone(); |
| 33 | + | |
| 34 | + | //remove the used arguements |
| 35 | + | args.remove(index); |
| 36 | + | args.remove(index); |
| 37 | + | |
| 38 | + | //parse the host into an IpAddr, check if it is valid |
| 39 | + | match host.parse() { |
| 40 | + | Ok(host) => host, |
| 41 | + | Err(_) => { |
| 42 | + | println!("Invalid host specified, use -h <host>"); |
| 43 | + | return Err(()); |
| 44 | + | } |
| 45 | + | } |
| 46 | + | } else { |
| 47 | + | //if -h is not present, panic |
| 48 | + | println!("No host specified, use -h <host>"); |
| 49 | + | return Err(()); |
| 50 | + | }; |
| 51 | + | |
| 52 | + | //is one of the arguements -p? |
| 53 | + | let port_range: (u16, u16) = if args.contains(&String::from("-p")) { |
| 54 | + | //get the index of the -p arguement |
| 55 | + | let index = args.iter().position(|r| r == "-p").unwrap(); |
| 56 | + | |
| 57 | + | //is there at least one argument after? |
| 58 | + | if args.len() < index + 2 { |
| 59 | + | println!("No port specified, use -p <port>"); |
| 60 | + | return Err(()); |
| 61 | + | } |
| 62 | + | |
| 63 | + | //get the next arguement |
| 64 | + | let port = &args[index + 1].clone(); |
| 65 | + | |
| 66 | + | //remove the used arguements |
| 67 | + | args.remove(index); |
| 68 | + | args.remove(index); |
| 69 | + | |
| 70 | + | if port.contains("-") { |
| 71 | + | //if the port contains a range, split it |
| 72 | + | let port_range: Vec<&str> = port.split("-").collect(); |
| 73 | + | (port_range[0].parse().unwrap(), port_range[1].parse().unwrap()) |
| 74 | + | } else { |
| 75 | + | //parse the port into a tuple of u8 |
| 76 | + | (port.parse().unwrap(), port.parse().unwrap()) |
| 77 | + | } |
| 78 | + | } else { |
| 79 | + | //if -p is not present, use the default port range |
| 80 | + | (RTP_PORT_RANGE_START, RTP_PORT_RANGE_END) |
| 81 | + | }; |
| 82 | + | |
| 83 | + | let output_file = if args.contains(&String::from("-o")) { |
| 84 | + | //get the index of the -o arguement |
| 85 | + | let index = args.iter().position(|r| r == "-o").unwrap(); |
| 86 | + | //get the next arguement |
| 87 | + | let output_file = &args[index + 1].clone(); |
| 88 | + | //remove the used arguements |
| 89 | + | args.remove(index); |
| 90 | + | args.remove(index); |
| 91 | + | output_file.clone() |
| 92 | + | } else { |
| 93 | + | //create a default output file in the form scan-<host>-<datestamp>.raw |
| 94 | + | let date = chrono::Utc::now().format("%Y-%m-%d-%H-%M-%S").to_string(); |
| 95 | + | format!("scan-{}-{}", host, date) |
| 96 | + | }; |
| 97 | + | |
| 98 | + | //is one of the arguements -t? |
| 99 | + | let max_threads: u8 = if args.contains(&String::from("-t")) { |
| 100 | + | //get the index of the -t arguement |
| 101 | + | let index = args.iter().position(|r| r == "-t").unwrap(); |
| 102 | + | //get the next arguement |
| 103 | + | let max_threads = &args[index + 1].clone(); |
| 104 | + | //remove the used arguements |
| 105 | + | args.remove(index); |
| 106 | + | args.remove(index); |
| 107 | + | max_threads.parse().unwrap() |
| 108 | + | } else { |
| 109 | + | //use the default number of threads |
| 110 | + | 8 |
| 111 | + | }; |
| 112 | + | |
| 113 | + | //if there are any unused arguements, print the usage and exit |
| 114 | + | if args.len() > 1 { |
| 115 | + | usage(); |
| 116 | + | std::process::exit(1); |
| 117 | + | } |
| 118 | + | |
| 119 | + | Ok(Args { |
| 120 | + | host, |
| 121 | + | port_range, |
| 122 | + | output_file, |
| 123 | + | max_threads, |
| 124 | + | }) |
| 125 | + | } |
| 126 | + | } |
| 127 | + | |
| 128 | + | pub fn usage() { |
| 129 | + | println!("Example usage"); |
| 130 | + | println!("Scan the RTP default ports"); |
| 131 | + | println!(" ./voipire -h 1.2.3.4"); |
| 132 | + | println!("Scan just one port"); |
| 133 | + | println!(" ./voipire -h 1.2.3.4 -p 18554"); |
| 134 | + | println!(""); |
| 135 | + | println!("Scan a range of ports"); |
| 136 | + | println!(" ./rtpbleedscan -h 1.2.3.4 -p 18554-18560"); |
| 137 | + | println!(""); |
| 138 | + | println!("Specify max threads"); |
| 139 | + | println!(" ./rtpbleedscan -h 1.2.3.4 -p 18554-18560 -t 8"); |
| 140 | + | println!(""); |
| 141 | + | println!("Specify output file"); |
| 142 | + | println!(" ./rtpbleedscan -h 1.2.3.4 -p 18554-18560 -o output.raw"); |
| 143 | + | println!(""); |
| 144 | + | |
| 145 | + | println!("-h <host> - The host or ip address to scan"); |
| 146 | + | println!("-p <port> - The port or range of ports to scan, e.g. 18554 or 18554-18560"); |
| 147 | + | println!("-t <threads> - The number of threads to use, default is 8"); |
| 148 | + | println!("-o <output file> - The prefix of the output files write the raw output to, default is scan-<host>-<date>"); |
| 149 | + | } |
| 150 | + | |
| 151 | + | pub fn banner() { |
| 152 | + | println!("🩸🩸 VOIPIRE v0.1 🩸🩸"); |
| 153 | + | println!(""); |
| 154 | + | println!("A tool to scan and exploit RTP Bleed in SBCs"); |
| 155 | + | println!("Written by Darren McDonald, Cryptic Red Ltd"); |
| 156 | + | println!("Copyright 2024"); |
| 157 | + | println!(""); |
| 158 | + | } |