fix(scan): resolve hanging when provides source-ip (projectdiscovery#1421)

dwisiswant0 · web-flow · commit 121b5a43e1ad · 2025-03-31T20:43:19.000+02:00
with SYN scan

The SYN scan in combination with a specified
source IP would cause to hang indefinitely. This
issue occurred when attempting to create an
ethernet frame w/o proper validation of available
HW addresses.

Signed-off-by: Dwi Siswanto &lt;git@dw1.io&gt;
diff --git a/pkg/scan/scan_unix.go b/pkg/scan/scan_unix.go
@@ -182,7 +182,9 @@ func sendAsyncTCP4(listenHandler *ListenHandler, ip string, p *port.Port, pkgFla
 
 	hasSourceIp := listenHandler.SourceIp4 != nil
 	var iface *net.Interface
-	if hasSourceIp {
+	if hasSourceIp && listenHandler.SourceHW != nil {
+		// NOTE(dwisiswant0): Only attempt to use ethernet framing if we have
+		// both source IP and HW.
 		itf, gateway, _, err := PkgRouter.RouteWithSrc(listenHandler.SourceHW, listenHandler.SourceIp4, ip4.DstIP)
 		if err != nil {
 			gologger.Debug().Msgf("could not find route to host %s:%d: %s\n", ip, p.Port, err)
@@ -202,15 +204,21 @@ func sendAsyncTCP4(listenHandler *ListenHandler, ip string, p *port.Port, pkgFla
 		ip4.SrcIP = listenHandler.SourceIp4
 		iface = itf
 	} else {
-		_, _, sourceIP, err := PkgRouter.Route(ip4.DstIP)
-		if err != nil {
-			gologger.Debug().Msgf("could not find route to host %s:%d: %s\n", ip, p.Port, err)
-			return
-		} else if sourceIP == nil {
-			gologger.Debug().Msgf("could not find correct source ipv4 for %s:%d\n", ip, p.Port)
-			return
+		if hasSourceIp {
+			// NOTE(dwisiswant0): We have source IP but no HW, so use it
+			// regular raw socket
+			ip4.SrcIP = listenHandler.SourceIp4
+		} else {
+			_, _, sourceIP, err := PkgRouter.Route(ip4.DstIP)
+			if err != nil {
+				gologger.Debug().Msgf("could not find route to host %s:%d: %s\n", ip, p.Port, err)
+				return
+			} else if sourceIP == nil {
+				gologger.Debug().Msgf("could not find correct source ipv4 for %s:%d\n", ip, p.Port)
+				return
+			}
+			ip4.SrcIP = sourceIP
 		}
-		ip4.SrcIP = sourceIP
 	}
 
 	tcpOption := layers.TCPOption{
@@ -238,7 +246,7 @@ func sendAsyncTCP4(listenHandler *ListenHandler, ip string, p *port.Port, pkgFla
 		gologger.Debug().Msgf("Can not set network layer for %s:%d port: %s\n", ip, p.Port, err)
 	}
 
-	if hasSourceIp {
+	if hasSourceIp && listenHandler.SourceHW != nil && iface != nil {
 		err = sendWithHandler(ip, iface, &eth, &ip4, &tcp)
 	} else {
 		err = sendWithConn(ip, listenHandler.TcpConn4, &tcp)
