Documentation ¶
Overview ¶
Package fox provides a zgrab2 module that scans for fox. Default port: 1911 (TCP)
Copied unmodified from the original zgrab. Connects, sends a static query, and reads the banner. Parses out as much of the response as possible.
Index ¶
- Constants
- func GetFoxBanner(logStruct *FoxLog, connection net.Conn) error
- func RegisterModule()
- type Flags
- type FoxLog
- type Module
- type Scanner
- func (scanner *Scanner) GetName() string
- func (scanner *Scanner) GetPort() uint
- func (scanner *Scanner) GetTrigger() string
- func (scanner *Scanner) Init(flags zgrab2.ScanFlags) error
- func (scanner *Scanner) InitPerSender(senderID int) error
- func (scanner *Scanner) Protocol() string
- func (scanner *Scanner) Scan(target zgrab2.ScanTarget) (zgrab2.ScanStatus, interface{}, error)
Constants ¶
const ( // ORIGINAL_QUERY is the hex encoding of the query that will be sent to each server. ORIGINAL_QUERY = "666f7820612031202d3120666f782068656c6c6f0a7b0a" + "666f782e76657273696f6e3d733a312e300a69643d693a310a686f73744e" + "616d653d733a7870766d2d306f6d64633031786d790a686f737441646472" + "6573733d733a3139322e3136382e312e3132350a6170702e6e616d653d73" + "3a576f726b62656e63680a6170702e76657273696f6e3d733a332e372e34" + "340a766d2e6e616d653d733a4a61766120486f7453706f7428544d292053" + "657276657220564d0a766d2e76657273696f6e3d733a32302e342d623032" + "0a6f732e6e616d653d733a57696e646f77732058500a6f732e7665727369" + "6f6e3d733a352e310a6c616e673d733a656e0a74696d655a6f6e653d733a" + "416d65726963612f4c6f735f416e67656c65733b2d32383830303030303b" + "333630303030303b30323a30303a30302e3030302c77616c6c2c6d617263" + "682c382c6f6e206f722061667465722c73756e6461792c756e646566696e" + "65643b30323a30303a30302e3030302c77616c6c2c6e6f76656d6265722c" + "312c6f6e206f722061667465722c73756e6461792c756e646566696e6564" + "0a686f737449643d733a57696e2d393943422d443439442d353434322d30" + "3742420a766d557569643d733a38623533306263382d373663352d343133" + "392d613265612d3066616264333934643330350a6272616e6449643d733a" + "76796b6f6e0a7d3b3b0a" // RESPONSE_PREFIX is the prefix that will identify a Fox service. RESPONSE_PREFIX = "fox a 0 -1 fox hello" )
Variables ¶
This section is empty.
Functions ¶
func GetFoxBanner ¶
GetFoxBanner sends the static query and reads the response, filling out the logStruct with any fields that are present. The IsFox field will identify whether a Fox service was detected, regardless of whether an error was returned.
Types ¶
type Flags ¶
type Flags struct { zgrab2.BaseFlags Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` }
Flags holds the command-line configuration for the fox scan module. Populated by the framework.
type FoxLog ¶
type FoxLog struct { // IsFox should always be true (otherwise, the result should have been nil). IsFox bool `json:"is_fox"` // Version corresponds to the "fox.version" response field. Version string `json:"version"` // Id corresponds to the "id" response field, which is decoded as a decimal integer. Id uint32 `json:"id"` // Hostname corresponds to the "hostName" field. Hostname string `json:"hostname,omitempty"` // HostAddress corresponds to the "hostAddress" field. HostAddress string `json:"host_address,omitempty"` // AppName corresponds to the "app.name" field. AppName string `json:"app_name,omitempty"` // AppVersion corresponds to the "app.version" field. AppVersion string `json:"app_version,omitempty"` // VMName corresponds to the "vm.name" field. VMName string `json:"vm_name,omitempty"` // VMVersion corresponds to the "vm.version" field. VMVersion string `json:"vm_version,omitempty"` // OSName corresponds to the "os.name" field. OSName string `json:"os_name,omitempty"` // OSVersion corresponds to the "os.version" field. OSVersion string `json:"os_version,omitempty"` // StationName corresponds to the "station.name" field. StationName string `json:"station_name,omitempty"` // Language corresponds to the "lang" field. Language string `json:"language,omitempty"` // TimeZone corresponds to the "timeZone" field (or, that portion of it before the first semicolon). TimeZone string `json:"time_zone,omitempty"` // HostId corresponds to the "hostId" field. HostId string `json:"host_id,omitempty"` // VMUuid corresponds to the "vmUuid" field. VMUuid string `json:"vm_uuid,omitempty"` // BrandId corresponds to the "brandId" field. BrandId string `json:"brand_id,omitempty"` // SysInfo corresponds to the "sysInfo" field. SysInfo string `json:"sys_info,omitempty"` // AuthAgentType corresponds to the "authAgentTypeSpecs" field. AuthAgentType string `json:"auth_agent_type,omitempty"` }
FoxLog is the struct returned to the caller.
type Module ¶
type Module struct { }
Module implements the zgrab2.Module interface.
func (*Module) NewFlags ¶
func (module *Module) NewFlags() interface{}
NewFlags returns a default Flags object.
func (*Module) NewScanner ¶
NewScanner returns a new Scanner instance.
type Scanner ¶
type Scanner struct {
// contains filtered or unexported fields
}
Scanner implements the zgrab2.Scanner interface.
func (*Scanner) GetTrigger ¶
GetTrigger returns the Trigger defined in the Flags.
func (*Scanner) InitPerSender ¶
InitPerSender initializes the scanner for a given sender.
func (*Scanner) Scan ¶
func (scanner *Scanner) Scan(target zgrab2.ScanTarget) (zgrab2.ScanStatus, interface{}, error)
Scan probes for a Tridium Fox service. 1. Opens a TCP connection to the configured port (default 1911) 2. Sends a static query 3. Attempt to read the response (up to 8k + 4 bytes -- larger responses trigger an error) 4. If the response has the Fox response prefix, mark the scan as having detected the service. 5. Attempt to read any / all of the data fields from the Log struct