Documentation ¶
Index ¶
- Constants
- Variables
- func AddCommand(command string, shortDescription string, longDescription string, port int, ...) (*flags.Command, error)
- func AddGroup(shortDescription string, longDescription string, data interface{})
- func DialTimeoutConnection(proto string, target string, timeout time.Duration, bytesReadLimit int) (net.Conn, error)
- func DialTimeoutConnectionEx(proto string, target string, ...) (net.Conn, error)
- func EncodeGrab(raw *Grab, includeDebug bool) ([]byte, error)
- func FlagsToSet(flags uint64, mapping map[uint64]string) (map[string]bool, []uint64)
- func GetMetaFile() *os.File
- func GetTargetsCSV(source io.Reader, ch chan<- ScanTarget) error
- func GetTimeoutDialFunc(timeout time.Duration) func(string, string) (net.Conn, error)
- func InputTargetsCSV(ch chan<- ScanTarget) error
- func IsTimeoutError(err error) bool
- func ListFlagsToSet(flags uint64, labels []string) (map[string]bool, []uint64)
- func LogPanic(format string, args ...interface{})
- func MapFlagsToSet(flags uint64, mapping FlagMap) (map[string]bool, []uint64)
- func NewFakeResolver(ipstr string) (*net.Resolver, error)
- func NewIniParser() *flags.IniParser
- func OutputResults(w *bufio.Writer, results <-chan []byte) error
- func ParseCSVTarget(fields []string) (ipnet *net.IPNet, domain string, tag string, err error)
- func PrintScanners()
- func Process(mon *Monitor)
- func ReadAvailable(conn net.Conn) ([]byte, error)
- func ReadAvailableWithOptions(conn net.Conn, bufferSize int, readTimeout time.Duration, ...) ([]byte, error)
- func ReadUntilRegex(connection net.Conn, res []byte, expr *regexp.Regexp) (int, error)
- func RegisterScan(name string, s Scanner)
- func SetInputFunc(f InputTargetsFunc)
- func SetOutputFunc(f OutputResultsFunc)
- func TLDMatches(host1 string, host2 string) bool
- func WidenMapKeys(input map[int]string) map[uint64]string
- func WidenMapKeys16(input map[uint16]string) map[uint64]string
- func WidenMapKeys32(input map[uint32]string) map[uint64]string
- func WidenMapKeys8(input map[uint8]string) map[uint64]string
- type BaseFlags
- type Config
- type Dialer
- type FakeDNSServer
- type FlagMap
- type Grab
- type InputTargetsFunc
- type ModuleSet
- type Monitor
- type MultipleCommand
- type OutputResultsFunc
- type ReadLimitExceededAction
- type ScanError
- type ScanFlags
- type ScanModule
- type ScanResponse
- type ScanStatus
- type ScanTarget
- func (target *ScanTarget) Host() string
- func (target *ScanTarget) Open(flags *BaseFlags) (net.Conn, error)
- func (target *ScanTarget) OpenTLS(baseFlags *BaseFlags, tlsFlags *TLSFlags) (*TLSConnection, error)
- func (target *ScanTarget) OpenUDP(flags *BaseFlags, udp *UDPFlags) (net.Conn, error)
- func (target ScanTarget) String() string
- type Scanner
- type State
- type TLSConnection
- type TLSFlags
- func (t *TLSFlags) Connect(target *ScanTarget, flags *BaseFlags) (*TLSConnection, error)
- func (t *TLSFlags) GetTLSConfig() (*tls.Config, error)
- func (t *TLSFlags) GetTLSConfigForTarget(target *ScanTarget) (*tls.Config, error)
- func (t *TLSFlags) GetTLSConnection(conn net.Conn) (*TLSConnection, error)
- func (t *TLSFlags) GetTLSConnectionForTarget(conn net.Conn, target *ScanTarget) (*TLSConnection, error)
- func (t *TLSFlags) GetWrappedConnection(conn net.Conn, cfg *tls.Config) *TLSConnection
- type TLSLog
- type TimeoutConnection
- func (c *TimeoutConnection) Close() error
- func (c *TimeoutConnection) Read(b []byte) (n int, err error)
- func (c *TimeoutConnection) SetDeadline(deadline time.Time) error
- func (c *TimeoutConnection) SetDefaults() *TimeoutConnection
- func (c *TimeoutConnection) SetReadDeadline(deadline time.Time) error
- func (c *TimeoutConnection) SetWriteDeadline(deadline time.Time) error
- func (c *TimeoutConnection) Write(b []byte) (n int, err error)
- type UDPFlags
Examples ¶
Constants ¶
const ( // ReadLimitExceededActionNotSet is a placeholder for the zero value, so that explicitly set values can be // distinguished from the empty default. ReadLimitExceededActionNotSet = ReadLimitExceededAction("") // ReadLimitExceededActionTruncate causes the connection to truncate at BytesReadLimit bytes and return a bogus // io.EOF error. The fact that a truncation took place is logged at debug level. ReadLimitExceededActionTruncate = ReadLimitExceededAction("truncate") // ReadLimitExceededActionError causes the Read call to return n, ErrReadLimitExceeded (in addition to truncating). ReadLimitExceededActionError = ReadLimitExceededAction("error") // ReadLimitExceededActionPanic causes the Read call to panic(ErrReadLimitExceeded). ReadLimitExceededActionPanic = ReadLimitExceededAction("panic") )
const ( SCAN_SUCCESS = ScanStatus("success") // The protocol in question was positively identified and the scan encountered no errors SCAN_CONNECTION_REFUSED = ScanStatus("connection-refused") // TCP connection was actively rejected SCAN_CONNECTION_TIMEOUT = ScanStatus("connection-timeout") // No response to TCP connection request SCAN_CONNECTION_CLOSED = ScanStatus("connection-closed") // The TCP connection was unexpectedly closed SCAN_IO_TIMEOUT = ScanStatus("io-timeout") // Timed out waiting on data SCAN_PROTOCOL_ERROR = ScanStatus("protocol-error") // Received data incompatible with the target protocol SCAN_APPLICATION_ERROR = ScanStatus("application-error") // The application reported an error SCAN_UNKNOWN_ERROR = ScanStatus("unknown-error") // Catch-all for unrecognized errors )
TODO: Conform to standard string const format (names, capitalization, hyphens/underscores, etc) TODO: Enumerate further status types TODO: lump connection closed / io timeout? TODO: Add SCAN_TLS_PROTOCOL_ERROR? For purely TLS-wrapped protocols, SCAN_PROTOCOL_ERROR is fine -- but for protocols that have a non-TLS bootstrap (e.g. a STARTTLS procedure), SCAN_PROTOCOL_ERROR is misleading, since it did get far-enough into the application protocol to start TLS handshaking -- but a garbled TLS handshake is certainly not a SCAN_APPLICATION_ERROR
const (
ErrTotalTimeout = errTotalTimeout("timeout")
)
Variables ¶
var ( // DefaultBytesReadLimit is the maximum number of bytes to read per connection when no explicit value is provided. DefaultBytesReadLimit = 256 * 1024 * 1024 // DefaultReadLimitExceededAction is the action used when no explicit action is set. DefaultReadLimitExceededAction = ReadLimitExceededActionTruncate // DefaultSessionTimeout is the default maximum time a connection may be used when no explicit value is provided. DefaultSessionTimeout = 1 * time.Minute )
var ErrInvalidArguments = errors.New("invalid arguments")
ErrInvalidArguments is thrown if the command-line arguments invalid.
var ErrInvalidResponse = errors.New("invalid response")
ErrInvalidResponse is returned when the server returns a syntactically-invalid response.
var ErrMismatchedFlags = errors.New("mismatched flag/module")
ErrMismatchedFlags is thrown if the flags for one module type are passed to an incompatible module type.
var ErrReadLimitExceeded = errors.New("read limit exceeded")
ErrReadLimitExceeded is returned / panic'd from Read if the read limit is exceeded when the ReadLimitExceededAction is error / panic.
var ErrUnexpectedResponse = errors.New("unexpected response")
ErrUnexpectedResponse is returned when the server returns a syntactically-valid but unexpected response.
var InsufficientBufferError = errors.New("not enough buffer space")
Functions ¶
func AddCommand ¶
func AddCommand(command string, shortDescription string, longDescription string, port int, m ScanModule) (*flags.Command, error)
AddCommand adds a module to the parser and returns a pointer to a flags.command object or an error
func AddGroup ¶
AddGroup exposes the parser's AddGroup function, allowing extension of the global arguments.
func DialTimeoutConnection ¶
func DialTimeoutConnection(proto string, target string, timeout time.Duration, bytesReadLimit int) (net.Conn, error)
DialTimeoutConnection dials the target and returns a net.Conn that uses the configured single timeout for all operations.
func DialTimeoutConnectionEx ¶
func DialTimeoutConnectionEx(proto string, target string, dialTimeout, sessionTimeout, readTimeout, writeTimeout time.Duration, bytesReadLimit int) (net.Conn, error)
DialTimeoutConnectionEx dials the target and returns a net.Conn that uses the configured timeouts for Read/Write operations.
func EncodeGrab ¶
EncodeGrab serializes a Grab to JSON, handling the debug fields if necessary.
func FlagsToSet ¶
FlagsToSet converts an integer flags variable to a set of string labels corresponding to each bit, in the format described by the wiki (see https://github.com/mattkeeler/zgrab2/wiki/Scanner-details). The mapping maps the bit mask value (i.e. a number of the form (1 << x)) to the label for that bit. Flags not present in mapping are appended to the unknown list.
Example ¶
output, unknowns := FlagsToSet(0x5, WidenMapKeys(map[int]string{ 0x1: "bit0", 0x2: "bit1", 0x8: "bit3", })) for k, v := range output { fmt.Printf("%s: %v\n", k, v) } for _, v := range unknowns { fmt.Printf("Unknown: 0x%01x", v) }
Output: bit0: true Unknown: 0x4
func GetMetaFile ¶
GetMetaFile returns the file to which metadata should be output
func GetTargetsCSV ¶
func GetTargetsCSV(source io.Reader, ch chan<- ScanTarget) error
GetTargetsCSV reads targets from a CSV source, generates ScanTargets, and delivers them to the provided channel.
func GetTimeoutDialFunc ¶
GetTimeoutDialFunc returns a DialFunc that dials with the given timeout
func InputTargetsCSV ¶
func InputTargetsCSV(ch chan<- ScanTarget) error
InputTargetsCSV is an InputTargetsFunc that calls GetTargetsCSV with the CSV file provided on the command line.
func IsTimeoutError ¶
IsTimeoutError checks if the given error corresponds to a timeout (of any type).
func ListFlagsToSet ¶
ListFlagsToSet converts an integer flags variable to a set of string labels corresponding to each bit, in the format described by the wiki (see https://github.com/mattkeeler/zgrab2/wiki/Scanner-details). The ith entry of labels gives the label for the ith bit (i.e. flags & (1<<i)). Empty strings in labels are treated as unknown, as are bits beyond the end of the list. Unknown flags are appended to the unknown list.
Example ¶
output, unknowns := ListFlagsToSet(0x5, []string{ "bit0", "bit1", "", "bit3", }) for k, v := range output { fmt.Printf("%s: %v\n", k, v) } for _, v := range unknowns { fmt.Printf("Unknown: 0x%01x", v) }
Output: bit0: true Unknown: 0x4
func LogPanic ¶
func LogPanic(format string, args ...interface{})
LogPanic is intended to be called from within defer -- if there was no panic, it returns without doing anything. Otherwise, it logs the stacktrace, the panic error, and the provided message before re-raising the original panic. Example:
defer zgrab2.LogPanic("Error decoding body '%x'", body)
func MapFlagsToSet ¶
MapFlagsToSet gets the "set" (map of strings to true) of values corresponding to the bits in flags. For each bit i set in flags, the result will have result[mapping(i << i)] = true. Any bits for which the mapping returns a non-nil error are instead appended to the unknowns list.
Example (Error) ¶
output, unknowns := MapFlagsToSet(0x1b, func(bit uint64) (string, error) { if bit < 0x10 { return fmt.Sprintf("bit0x%01x", bit), nil } else { return "", fmt.Errorf("Unrecognized flag 0x%02x", bit) } }) for k, v := range output { fmt.Printf("%s: %v\n", k, v) } for _, v := range unknowns { fmt.Printf("Unknown: 0x%02x", v) }
Output: bit0x1: true bit0x2: true bit0x8: true Unknown: 0x10
Example (Success) ¶
output, unknowns := MapFlagsToSet(0xb, func(bit uint64) (string, error) { return fmt.Sprintf("bit0x%01x", bit), nil }) for k, v := range output { fmt.Printf("%s: %v\n", k, v) } for _, v := range unknowns { fmt.Printf("Unknown: 0x%01x", v) }
Output: bit0x1: true bit0x2: true bit0x8: true
func NewFakeResolver ¶
Fake DNS Resolver, to force a DNS lookup to return a pinned address Inspired by the golang net/dnsclient_unix_test.go code
For a given IP, create a new Resolver that wraps a fake DNS server. This resolver will always return an IP that is represented by "ipstr", for DNS queries of the same IP type. Otherwise, it will return a DNS lookup error.
func NewIniParser ¶
func NewIniParser() *flags.IniParser
NewIniParser creates and returns a ini parser initialized with the default parser
func OutputResults ¶
OutputResults writes results to a buffered Writer from a channel.
func ParseCSVTarget ¶
ParseCSVTarget takes a record from a CSV-format input file and returns the specified ipnet, domain, and tag, or an error.
ZGrab2 input files have three fields:
IP, DOMAIN, TAG
Each line specifies a target to scan by its IP address, domain name, or both, as well as an optional tag used to determine which scanners will be invoked.
A CIDR block may be provided in the IP field, in which case the framework expands the record into targets for every address in the block.
Trailing empty fields may be omitted. Comment lines begin with #, and empty lines are ignored.
func Process ¶
func Process(mon *Monitor)
Process sets up an output encoder, input reader, and starts grab workers.
func ReadAvailable ¶
ReadAvaiable reads what it can without blocking for more than defaultReadTimeout per read, or defaultTotalTimeout for the whole session. Reads at most defaultMaxReadSize bytes.
func ReadAvailableWithOptions ¶
func ReadAvailableWithOptions(conn net.Conn, bufferSize int, readTimeout time.Duration, totalTimeout time.Duration, maxReadSize int) ([]byte, error)
ReadAvailableWithOptions reads whatever can be read (up to maxReadSize) from conn without blocking for longer than readTimeout per read, or totalTimeout for the entire session. A totalTimeout of 0 means attempt to use the connection's timeout (or, failing that, 1 second). On failure, returns anything it was able to read along with the error.
func ReadUntilRegex ¶
ReadUntilRegex calls connection.Read() until it returns an error, or the cumulatively-read data matches the given regexp
func RegisterScan ¶
RegisterScan registers each individual scanner to be ran by the framework
func SetInputFunc ¶
func SetInputFunc(f InputTargetsFunc)
SetInputFunc sets the target input function to the provided function.
func SetOutputFunc ¶
func SetOutputFunc(f OutputResultsFunc)
SetOutputFunc sets the result output function to the provided function.
func TLDMatches ¶
TLDMatches checks for a strict TLD match
func WidenMapKeys ¶
WidenMapKeys copies a map with int keys into an equivalent map with uint64 keys for use in the FlagsToSet function.
func WidenMapKeys16 ¶
WidenMapKeys16 copies a map with uint8 keys into an equivalent map with uint64 keys for use in the FlagsToSet function.
func WidenMapKeys32 ¶
WidenMapKeys32 copies a map with uint8 keys into an equivalent map with uint64 keys for use in the FlagsToSet function.
Types ¶
type BaseFlags ¶
type BaseFlags struct { Port uint `short:"p" long:"port" description:"Specify port to grab on"` Name string `short:"n" long:"name" description:"Specify name for output json, only necessary if scanning multiple modules"` Timeout time.Duration `short:"t" long:"timeout" description:"Set connection timeout (0 = no timeout)" default:"10s"` Trigger string `short:"g" long:"trigger" description:"Invoke only on targets with specified tag"` BytesReadLimit int `short:"m" long:"maxbytes" description:"Maximum byte read limit per scan (0 = defaults)"` }
BaseFlags contains the options that every flags type must embed
type Config ¶
type Config struct { OutputFileName string `short:"o" long:"output-file" default:"-" description:"Output filename, use - for stdout"` InputFileName string `short:"f" long:"input-file" default:"-" description:"Input filename, use - for stdin"` MetaFileName string `short:"m" long:"metadata-file" default:"-" description:"Metadata filename, use - for stderr"` LogFileName string `short:"l" long:"log-file" default:"-" description:"Log filename, use - for stderr"` Senders int `short:"s" long:"senders" default:"1000" description:"Number of send goroutines to use"` Debug bool `long:"debug" description:"Include debug fields in the output."` Flush bool `long:"flush" description:"Flush after each line of output."` GOMAXPROCS int `long:"gomaxprocs" default:"0" description:"Set GOMAXPROCS"` ConnectionsPerHost int `long:"connections-per-host" default:"1" description:"Number of times to connect to each host (results in more output)"` ReadLimitPerHost int `long:"read-limit-per-host" default:"96" description:"Maximum total kilobytes to read for a single host (default 96kb)"` Prometheus string `long:"prometheus" description:"Address to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disabled."` Multiple MultipleCommand `command:"multiple" description:"Multiple module actions"` // contains filtered or unexported fields }
Config is the high level framework options that will be parsed from the command line
type Dialer ¶
type Dialer struct { // Timeout is the maximum time to wait for the entire session, after which any operations on the // connection will fail. Timeout time.Duration // ConnectTimeout is the maximum time to wait for a connection. ConnectTimeout time.Duration // ReadTimeout is the maximum time to wait for a Read ReadTimeout time.Duration // WriteTimeout is the maximum time to wait for a Write WriteTimeout time.Duration // Dialer is an auxiliary dialer used for DialContext (the result gets wrapped in a // TimeoutConnection). Dialer *net.Dialer // BytesReadLimit is the maximum number of bytes that connections dialed with this dialer will // read before erroring. BytesReadLimit int // ReadLimitExceededAction describes how connections dialed with this dialer deal with exceeding // the BytesReadLimit. ReadLimitExceededAction ReadLimitExceededAction }
Dialer provides Dial and DialContext methods to get connections with the given timeout.
func GetTimeoutConnectionDialer ¶
GetTimeoutConnectionDialer gets a Dialer that dials connections with the given timeout.
func (*Dialer) DialContext ¶
DialContext wraps the connection returned by net.Dialer.DialContext() with a TimeoutConnection.
type FakeDNSServer ¶
type FakeDNSServer struct { // Any domain name will resolve to this IP. It can be either ipv4 or ipv6 IP net.IP }
func (*FakeDNSServer) DialContext ¶
This merely wraps a custom net.Conn, that is only good for DNS messages
type FlagMap ¶
FlagMap is a function that maps a single-bit bitmask (i.e. a number of the form (1 << x)) to a string representing that bit. If the input is not valid / recognized, it should return a non-nil error, which will cause the flag to be added to the "unknowns" list.
func GetFlagMapFromList ¶
GetFlagMapFromList returns a FlagMap function mapping the ith bit to the ith entry of bits. bits is a list of labels for the corresponding bits; any empty strings (and bits beyond the end of the list) are treated as unknown.
func GetFlagMapFromMap ¶
GetFlagMapFromMap returns a FlagMap function that uses mapping to do the mapping. Values not present in the map are treated as unknown, and a non-nil error is returned in those cases.
type Grab ¶
type Grab struct { IP string `json:"ip,omitempty"` Domain string `json:"domain,omitempty"` Data map[string]ScanResponse `json:"data,omitempty"` }
Grab contains all scan responses for a single host
func BuildGrabFromInputResponse ¶
func BuildGrabFromInputResponse(t *ScanTarget, responses map[string]ScanResponse) *Grab
BuildGrabFromInputResponse constructs a Grab object for a target, given the scan responses.
type InputTargetsFunc ¶
type InputTargetsFunc func(ch chan<- ScanTarget) error
InputTargetsFunc is a function type for target input functions.
A function of this type generates ScanTargets on the provided channel. It returns nil if there are no further inputs or error.
type ModuleSet ¶
type ModuleSet map[string]ScanModule
ModuleSet is a container holding named scan modules. It is a wrapper around a map.
func (ModuleSet) AddModule ¶
func (s ModuleSet) AddModule(name string, m ScanModule)
AddModule adds m to the ModuleSet, accessible via the given name. If the name is already in the ModuleSet, it is overwritten.
func (ModuleSet) CopyInto ¶
CopyInto copies the modules in s to destination. The sets will be unique, but the underlying ScanModule instances will be the same.
func (ModuleSet) RemoveModule ¶
RemoveModule removes the module at the specified name. If the name is not in the module set, nothing happens.
type Monitor ¶
type Monitor struct { // Callback is invoked after each scan. Callback func(string) // contains filtered or unexported fields }
Monitor is a collection of states per scans and a channel to communicate those scans to the monitor
func MakeMonitor ¶
MakeMonitor returns a Monitor object that can be used to collect and send the status of a running scan
func (*Monitor) GetStatuses ¶
GetStatuses returns a mapping from scanner names to the current number of successes and failures for that scanner
type MultipleCommand ¶
type MultipleCommand struct { ConfigFileName string `short:"c" long:"config-file" default:"-" description:"Config filename, use - for stdin"` ContinueOnError bool `long:"continue-on-error" description:"If proceeding protocols error, do not run following protocols (default: true)"` BreakOnSuccess bool `long:"break-on-success" description:"If proceeding protocols succeed, do not run following protocols (default: false)"` }
MultipleCommand contains the command line options for running
func (*MultipleCommand) Help ¶
func (x *MultipleCommand) Help() string
Help returns a usage string that will be output at the command line
func (*MultipleCommand) Validate ¶
func (x *MultipleCommand) Validate(args []string) error
Validate the options sent to MultipleCommand
type OutputResultsFunc ¶
OutputResultsFunc is a function type for result output functions.
A function of this type receives results on the provided channel and outputs them somehow. It returns nil if there are no further results or error.
func OutputResultsWriterFunc ¶
func OutputResultsWriterFunc(w io.Writer) OutputResultsFunc
OutputResultsWriterFunc returns an OutputResultsFunc that wraps an io.Writer in a buffered writer, and uses OutputResults.
type ReadLimitExceededAction ¶
type ReadLimitExceededAction string
ReadLimitExceededAction describes how the connection reacts to an attempt to read more data than permitted.
type ScanError ¶
type ScanError struct { Status ScanStatus Err error }
ScanError an error that also includes a ScanStatus.
func DetectScanError ¶
DetectScanError returns a ScanError that attempts to detect the status from the given error.
func NewScanError ¶
func NewScanError(status ScanStatus, err error) *ScanError
NewScanError returns a ScanError with the given status and error.
func (*ScanError) Error ¶
Error is an implementation of the builtin.error interface -- just forward the wrapped error's Error() method
func (*ScanError) Unpack ¶
func (err *ScanError) Unpack(results interface{}) (ScanStatus, interface{}, error)
type ScanFlags ¶
type ScanFlags interface { // Help optionally returns any additional help text, e.g. specifying what empty defaults // are interpreted as. Help() string // Validate enforces all command-line flags and positional arguments have valid values. Validate(args []string) error }
ScanFlags is an interface which must be implemented by all types sent to the flag parser
type ScanModule ¶
type ScanModule interface { // NewFlags is called by the framework to pass to the argument parser. The parsed flags will be passed // to the scanner created by NewScanner(). NewFlags() interface{} // NewScanner is called by the framework for each time an individual scan is specified in the config or on // the command-line. The framework will then call scanner.Init(name, flags). NewScanner() Scanner // Description returns a string suitable for use as an overview of this // module within usage text. Description() string }
ScanModule is an interface which represents a module that the framework can manipulate
func GetModule ¶
func GetModule(name string) ScanModule
GetModule returns the registered module that corresponds to the given name or nil otherwise
type ScanResponse ¶
type ScanResponse struct { // Status is required for all responses. Status ScanStatus `json:"status"` // Protocol is the identifier if the protocol that did the scan. In the case of a complex scan, this may differ from // the scan name. Protocol string `json:"protocol"` Result interface{} `json:"result,omitempty"` Timestamp string `json:"timestamp,omitempty"` Error *string `json:"error,omitempty"` }
ScanResponse is the result of a scan on a single host
func RunScanner ¶
func RunScanner(s Scanner, mon *Monitor, target ScanTarget) (string, ScanResponse)
RunScanner runs a single scan on a target and returns the resulting data
type ScanStatus ¶
type ScanStatus string
ScanStatus is the enum value that states how the scan ended.
func TryGetScanStatus ¶
func TryGetScanStatus(err error) ScanStatus
TryGetScanStatus attempts to get the ScanStatus enum value corresponding to the given error. Mostly supports network errors. A nil error is interpreted as SCAN_SUCCESS. An unrecognized error is interpreted as SCAN_UNKNOWN_ERROR.
type ScanTarget ¶
ScanTarget is the host that will be scanned
func (*ScanTarget) Host ¶
func (target *ScanTarget) Host() string
Host gets the host identifier as a string: the IP address if it is available, or the domain if not.
func (*ScanTarget) Open ¶
func (target *ScanTarget) Open(flags *BaseFlags) (net.Conn, error)
Open connects to the ScanTarget using the configured flags, and returns a net.Conn that uses the configured timeouts for Read/Write operations.
func (*ScanTarget) OpenTLS ¶
func (target *ScanTarget) OpenTLS(baseFlags *BaseFlags, tlsFlags *TLSFlags) (*TLSConnection, error)
OpenTLS connects to the ScanTarget using the configured flags, then performs the TLS handshake. On success error is nil, but the connection can be non-nil even if there is an error (this allows fetching the handshake log).
func (*ScanTarget) OpenUDP ¶
OpenUDP connects to the ScanTarget using the configured flags, and returns a net.Conn that uses the configured timeouts for Read/Write operations. Note that the UDP "connection" does not have an associated timeout.
func (ScanTarget) String ¶
func (target ScanTarget) String() string
type Scanner ¶
type Scanner interface { // Init runs once for this module at library init time Init(flags ScanFlags) error // InitPerSender runs once per Goroutine. A single Goroutine will scan some non-deterministic // subset of the input scan targets InitPerSender(senderID int) error // Returns the name passed at init GetName() string // Returns the trigger passed at init GetTrigger() string // Protocol returns the protocol identifier for the scan. Protocol() string // Scan connects to a host. The result should be JSON-serializable Scan(t ScanTarget) (ScanStatus, interface{}, error) }
Scanner is an interface that represents all functions necessary to run a scan
type TLSConnection ¶
func (*TLSConnection) Close ¶
func (conn *TLSConnection) Close() error
Close the underlying connection.
func (*TLSConnection) GetLog ¶
func (z *TLSConnection) GetLog() *TLSLog
func (*TLSConnection) Handshake ¶
func (z *TLSConnection) Handshake() error
type TLSFlags ¶
type TLSFlags struct { Config *tls.Config // Config is ready to use TLS configuration Heartbleed bool `long:"heartbleed" description:"Check if server is vulnerable to Heartbleed"` SessionTicket bool `long:"session-ticket" description:"Send support for TLS Session Tickets and output ticket if presented" json:"session"` ExtendedMasterSecret bool `long:"extended-master-secret" description:"Offer RFC 7627 Extended Master Secret extension" json:"extended"` ExtendedRandom bool `long:"extended-random" description:"Send TLS Extended Random Extension" json:"extran"` NoSNI bool `long:"no-sni" description:"Do not send domain name in TLS Handshake regardless of whether known" json:"sni"` SCTExt bool `long:"sct" description:"Request Signed Certificate Timestamps during TLS Handshake" json:"sct"` // TODO: Do we just lump this with Verbose (and put Verbose in TLSFlags)? KeepClientLogs bool `long:"keep-client-logs" description:"Include the client-side logs in the TLS handshake"` Time string `long:"time" description:"Explicit request time to use, instead of clock. YYYYMMDDhhmmss format."` // TODO: directory? glob? How to map server name -> certificate? Certificates string `long:"certificates" description:"Set of certificates to present to the server"` // TODO: re-evaluate this, or at least specify the file format CertificateMap string `long:"certificate-map" description:"A file mapping server names to certificates"` // TODO: directory? glob? RootCAs string `long:"root-cas" description:"Set of certificates to use when verifying server certificates"` // TODO: format? NextProtos string `long:"next-protos" description:"A list of supported application-level protocols"` ServerName string `long:"server-name" description:"Server name used for certificate verification and (optionally) SNI"` VerifyServerCertificate bool `` /* 168-byte string literal not displayed */ // TODO: format? mapping? zgrab1 had flags like ChromeOnly, FirefoxOnly, etc... CipherSuite string `long:"cipher-suite" description:"A comma-delimited list of hex cipher suites to advertise."` MinVersion int `long:"min-version" description:"The minimum SSL/TLS version that is acceptable. 0 means that SSLv3 is the minimum."` MaxVersion int `long:"max-version" description:"The maximum SSL/TLS version that is acceptable. 0 means use the highest supported value."` CurvePreferences string `long:"curve-preferences" description:"A list of elliptic curves used in an ECDHE handshake, in order of preference."` NoECDHE bool `long:"no-ecdhe" description:"Do not allow ECDHE handshakes"` // TODO: format? SignatureAlgorithms string `long:"signature-algorithms" description:"Signature and hash algorithms that are acceptable"` HeartbeatEnabled bool `long:"heartbeat-enabled" description:"If set, include the heartbeat extension"` DSAEnabled bool `long:"dsa-enabled" description:"Accept server DSA keys"` // TODO: format? ClientRandom string `long:"client-random" description:"Set an explicit Client Random (base64 encoded)"` // TODO: format? ClientHello string `long:"client-hello" description:"Set an explicit ClientHello (base64 encoded)"` }
Common flags for TLS configuration -- include this in your module's ScanFlags implementation to use the common TLS code Adapted from modules/ssh.go
func (*TLSFlags) Connect ¶
func (t *TLSFlags) Connect(target *ScanTarget, flags *BaseFlags) (*TLSConnection, error)
Connect opens the TCP connection to the target using the given configuration, and then returns the configured wrapped TLS connection. The caller must still call Handshake().
func (*TLSFlags) GetTLSConfigForTarget ¶
func (t *TLSFlags) GetTLSConfigForTarget(target *ScanTarget) (*tls.Config, error)
func (*TLSFlags) GetTLSConnection ¶
func (t *TLSFlags) GetTLSConnection(conn net.Conn) (*TLSConnection, error)
func (*TLSFlags) GetTLSConnectionForTarget ¶
func (t *TLSFlags) GetTLSConnectionForTarget(conn net.Conn, target *ScanTarget) (*TLSConnection, error)
func (*TLSFlags) GetWrappedConnection ¶
type TLSLog ¶
type TLSLog struct { // TODO include TLSFlags? HandshakeLog *tls.ServerHandshake `json:"handshake_log"` // This will be nil if heartbleed is not checked because of client configuration flags HeartbleedLog *tls.Heartbleed `json:"heartbleed_log,omitempty"` }
type TimeoutConnection ¶
type TimeoutConnection struct { net.Conn Timeout time.Duration ReadTimeout time.Duration WriteTimeout time.Duration BytesRead int BytesWritten int BytesReadLimit int ReadLimitExceededAction ReadLimitExceededAction Cancel context.CancelFunc // contains filtered or unexported fields }
TimeoutConnection wraps an existing net.Conn connection, overriding the Read/Write methods to use the configured timeouts TODO: Refactor this into TimeoutConnection, BoundedReader, LoggedReader, etc
func NewTimeoutConnection ¶
func NewTimeoutConnection(ctx context.Context, conn net.Conn, timeout, readTimeout, writeTimeout time.Duration, bytesReadLimit int) *TimeoutConnection
NewTimeoutConnection returns a new TimeoutConnection with the appropriate defaults.
func (*TimeoutConnection) Close ¶
func (c *TimeoutConnection) Close() error
Close the underlying connection.
func (*TimeoutConnection) Read ¶
func (c *TimeoutConnection) Read(b []byte) (n int, err error)
TimeoutConnection.Read calls Read() on the underlying connection, using any configured deadlines
func (*TimeoutConnection) SetDeadline ¶
func (c *TimeoutConnection) SetDeadline(deadline time.Time) error
SetDeadline sets a read / write deadline that will override the deadline for a single read/write. Use deadline = 0 to clear the deadline.
func (*TimeoutConnection) SetDefaults ¶
func (c *TimeoutConnection) SetDefaults() *TimeoutConnection
SetDefaults on the connection.
func (*TimeoutConnection) SetReadDeadline ¶
func (c *TimeoutConnection) SetReadDeadline(deadline time.Time) error
SetReadDeadline sets an explicit ReadDeadline that will override the timeout for one read. Use deadline = 0 to clear the deadline.
func (*TimeoutConnection) SetWriteDeadline ¶
func (c *TimeoutConnection) SetWriteDeadline(deadline time.Time) error
SetWriteDeadline sets an explicit WriteDeadline that will override the WriteDeadline for one write. Use deadline = 0 to clear the deadline.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package bin contains functions useful for creating a binary version of ZGrab2.
|
Package bin contains functions useful for creating a binary version of ZGrab2. |
cmd
|
|
lib
|
|
http
Package http provides HTTP client and server implementations.
|
Package http provides HTTP client and server implementations. |
http/cookiejar
Package cookiejar implements an in-memory RFC 6265-compliant http.CookieJar.
|
Package cookiejar implements an in-memory RFC 6265-compliant http.CookieJar. |
http/httptest
Package httptest provides utilities for HTTP testing.
|
Package httptest provides utilities for HTTP testing. |
http/httptrace
Package httptrace provides mechanisms to trace the events within HTTP client requests.
|
Package httptrace provides mechanisms to trace the events within HTTP client requests. |
mysql
Package mysql is a very basic MySQL connection library.
|
Package mysql is a very basic MySQL connection library. |
output
Package output contains utilities for processing results from zgrab2 scanners for eventual output and consumption by ztag.
|
Package output contains utilities for processing results from zgrab2 scanners for eventual output and consumption by ztag. |
ssh
Package ssh implements an SSH client and server.
|
Package ssh implements an SSH client and server. |
ssh/agent
Package agent implements the ssh-agent protocol, and provides both a client and a server.
|
Package agent implements the ssh-agent protocol, and provides both a client and a server. |
ssh/terminal
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
|
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems. |
ssh/test
This package contains integration tests for the github.com/mattkeeler/zgrab2/lib/ssh.
|
This package contains integration tests for the github.com/mattkeeler/zgrab2/lib/ssh. |
bacnet
Package bacnet provides a zgrab2 module that scans for bacnet.
|
Package bacnet provides a zgrab2 module that scans for bacnet. |
dnp3
Package dnp3 provides a zgrab2 module that scans for dnp3.
|
Package dnp3 provides a zgrab2 module that scans for dnp3. |
fox
Package fox provides a zgrab2 module that scans for fox.
|
Package fox provides a zgrab2 module that scans for fox. |
ftp
Package ftp contains the zgrab2 Module implementation for FTP(S).
|
Package ftp contains the zgrab2 Module implementation for FTP(S). |
http
Package http contains the zgrab2 Module implementation for HTTP(S).
|
Package http contains the zgrab2 Module implementation for HTTP(S). |
imap
Package imap provides a zgrab2 module that scans for IMAP mail servers.
|
Package imap provides a zgrab2 module that scans for IMAP mail servers. |
ipp
Package ipp provides a zgrab2 module that scans for ipp.
|
Package ipp provides a zgrab2 module that scans for ipp. |
jarm
Ref: https://github.com/salesforce/jarm https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a?gi=4dd05e2277e4
|
Ref: https://github.com/salesforce/jarm https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a?gi=4dd05e2277e4 |
modbus
Package modbus provides a zgrab2 module that scans for modbus.
|
Package modbus provides a zgrab2 module that scans for modbus. |
mssql
Package mssql provides the zgrab2 scanner module for the MSSQL protocol.
|
Package mssql provides the zgrab2 scanner module for the MSSQL protocol. |
mysql
Package mysql provides the mysql implementation of the zgrab2.Module.
|
Package mysql provides the mysql implementation of the zgrab2.Module. |
ntp
Package ntp provides a zgrab2 module that probes for the NTP service.
|
Package ntp provides a zgrab2 module that probes for the NTP service. |
oracle
Package oracle provides the zgrab2 scanner module for Oracle's TNS protocol.
|
Package oracle provides the zgrab2 scanner module for Oracle's TNS protocol. |
pop3
Package pop3 provides a zgrab2 module that scans for POP3 mail servers.
|
Package pop3 provides a zgrab2 module that scans for POP3 mail servers. |
postgres
Package postgres contains the postgres zgrab2 Module implementation.
|
Package postgres contains the postgres zgrab2 Module implementation. |
redis
Package redis provides a zgrab2 Module that probes for redis services.
|
Package redis provides a zgrab2 Module that probes for redis services. |
siemens
Package siemens provides a zgrab2 module that scans for Siemens S7.
|
Package siemens provides a zgrab2 module that scans for Siemens S7. |
smb
Package smb provides a zgrab2 module that scans for smb.
|
Package smb provides a zgrab2 module that scans for smb. |
smtp
Package smtp provides a zgrab2 module that scans for SMTP mail servers.
|
Package smtp provides a zgrab2 module that scans for SMTP mail servers. |
telnet
Package telnet provides a zgrab2 module that scans for telnet daemons.
|
Package telnet provides a zgrab2 module that scans for telnet daemons. |
tools
|
|