scan

package
v0.0.0-...-dff5bd8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 15, 2015 License: BSD-2-Clause Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// Network is the default network to use.
	Network = "tcp"
	// Dialer is the default dialer to use, with a 1s timeout.
	Dialer = &net.Dialer{Timeout: time.Second}
	// Client is the default HTTP Client.
	Client = &http.Client{Transport: &http.Transport{Dial: Dialer.Dial}}
)
View Source
var Broad = &Family{
	Description: "Large scale scans of TLS hosts",
	Scanners: map[string]*Scanner{
		"IntermediateCAs": {
			"Scans a CIDR IP range for unknown Intermediate CAs",
			intermediateCAScan,
		},
	},
}

Broad contains scanners for large swaths of TLS hosts on the internet.

View Source
var Connectivity = &Family{
	Description: "Scans for basic connectivity with the host through DNS and TCP/TLS dials",
	Scanners: map[string]*Scanner{
		"DNSLookup": {
			"Host can be resolved through DNS",
			dnsLookupScan,
		},
		"CloudFlareStatus": {
			"Host is on CloudFlare",
			onCloudFlareScan,
		},
		"TCPDial": {
			"Host accepts TCP connection",
			tcpDialScan,
		},
		"TLSDial": {
			"Host can perform TLS handshake",
			tlsDialScan,
		},
	},
}

Connectivity contains scanners testing basic connectivity to the host

View Source
var Default = FamilySet{
	"Connectivity": Connectivity,
	"TLSHandshake": TLSHandshake,
	"TLSSession":   TLSSession,
	"PKI":          PKI,
	"Broad":        Broad,
}

Default contains each scan Family that is defined

View Source
var PKI = &Family{
	Description: "Scans for the Public Key Infrastructure",
	Scanners: map[string]*Scanner{
		"ChainExpiration": {
			"Host's chain hasn't expired and won't expire in the next 30 days",
			chainExpiration,
		},
		"ChainValidation": {
			"All certificates in host's chain are valid",
			chainValidation,
		},
		"MultipleCerts": {
			"Host serves same certificate chain across all IPs",
			multipleCerts,
		},
	},
}

PKI contains scanners for the Public Key Infrastructure.

View Source
var TLSHandshake = &Family{
	Description: "Scans for host's SSL/TLS version and cipher suite negotiation",
	Scanners: map[string]*Scanner{
		"CipherSuite": {
			"Determines host's cipher suites accepted and prefered order",
			cipherSuiteScan,
		},
		"SigAlgs": {
			"Determines host's accepted signature and hash algorithms",
			sigAlgsScan,
		},
		"CertsBySigAlgs": {
			"Determines host's certificate signature algorithm matching client's accepted signature and hash algorithms",
			certSigAlgsScan,
		},
		"CertsByCiphers": {
			"Determines host's certificate signature algorithm matching client's accepted ciphers",
			certSigAlgsScanByCipher,
		},
	},
}

TLSHandshake contains scanners testing host cipher suite negotiation

View Source
var TLSSession = &Family{
	Description: "Scans host's implementation of TLS session resumption using session tickets/session IDs",
	Scanners: map[string]*Scanner{
		"SessionResume": {
			"Host is able to resume sessions across all addresses",
			sessionResumeScan,
		},
	},
}

TLSSession contains tests of host TLS Session Resumption via Session Tickets and Session IDs

Functions

This section is empty.

Types

type Family

type Family struct {
	// Description gives a short description of the scans performed scan/scan_common.goon the host.
	Description string `json:"description"`
	// Scanners is a list of scanners that are to be run in sequence.
	Scanners map[string]*Scanner `json:"scanners"`
}

Family defines a set of related scans meant to be run together in sequence.

type FamilyResult

type FamilyResult map[string]ScannerResult

FamilyResult contains a scan response for a single Family

type FamilySet

type FamilySet map[string]*Family

FamilySet contains a set of Families to run Scans from.

func (FamilySet) RunScans

func (fs FamilySet) RunScans(host, family, scanner string, dur time.Duration) (map[string]FamilyResult, error)

RunScans iterates over AllScans, running scans matching the family and scanner regular expressions.

type Grade

type Grade int

Grade gives a subjective rating of the host's success in a scan.

const (
	// Bad describes a host with serious misconfiguration or vulnerability.
	Bad Grade = iota
	// Warning describes a host with non-ideal configuration that maintains support for Warning clients.
	Warning
	// Good describes host performing the expected state-of-the-art.
	Good
	// Skipped descibes the "grade" of a scan that has been skipped.
	Skipped
)

func (Grade) String

func (g Grade) String() string

String gives the name of the Grade as a string.

type Output

type Output interface{}

Output is the result of a scan, to be stored for potential use by later Scanners.

type Scanner

type Scanner struct {
	// Description describes the nature of the scan to be performed.
	Description string `json:"description"`
	// contains filtered or unexported fields
}

Scanner describes a type of scan to perform on a host.

func (*Scanner) Scan

func (s *Scanner) Scan(host string) (Grade, Output, error)

Scan performs the scan to be performed on the given host and stores its result.

type ScannerResult

type ScannerResult struct {
	Grade  string `json:"grade"`
	Output Output `json:"output,omitempty"`
	Error  string `json:"error,omitempty"`
}

ScannerResult contains the result for a single scan.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL