kafkaold

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2023 License: Apache-2.0 Imports: 8 Imported by: 1

Documentation

Index

Constants

View Source
const KAFKA = "kafkaOld"
View Source
const KAFKATLS = "KafkaOldTLS"

Variables

This section is empty.

Functions

func Run

func Run(conn net.Conn, tls bool, timeout time.Duration, target plugins.Target) (*plugins.Service, error)

Run Kafka scanner plugins.

Primary Sources:

Methodology: Scanning for Kafka is a bit tricky, so I've outlined my methodology here. Kafka is harder to detect reliably for a few reasons:

  • Kafka brokers may optionally require authentication via SASL before most commands can be issued.
  • There are many different versions of Kafka, and most API calls work slightly different on each versions (especially for pre-0.9.0.X releases)

Fortunately, Kafka versions 0.10.0.0 and later support the ApiVersions request, which can be sent by an unauthenticated user to check which API requests are supported by the broker. Also versions prior to 0.9.0.0 do not offer any form of authentication. And, all versions of Kafka are compatible with any older client. This means that:

  1. If Kafka version 0.10.0.0 or higher is running, we can confirm with the ApiVersions request regardless of if authentication is required This includes any version of Kafka released since May, 2016.
  2. If Kafka version 0.8.0.X or earlier is running, we can confirm with a simple data query using API version 0.
  3. If Kafka version 0.9.0.X is running and does not require authentication, we can also confirm with a simple v0 data query.

I'm not sure if Kafka brokers running version 0.9.0.X that do require authentication will be detected by any of the above methods. It's possible that strategy 3 will still work in this situation, but I was not able to confirm due to the difficulty of setting up a testing environment for an older version.

Types

type Plugin

type Plugin struct{}

func (*Plugin) Name

func (p *Plugin) Name() string

func (*Plugin) PortPriority

func (p *Plugin) PortPriority(i uint16) bool

func (*Plugin) Priority

func (p *Plugin) Priority() int

func (*Plugin) Run

func (p *Plugin) Run(conn net.Conn, timeout time.Duration, target plugins.Target) (*plugins.Service, error)

func (*Plugin) Type

func (p *Plugin) Type() plugins.Protocol

type TLSPlugin

type TLSPlugin struct{}

func (*TLSPlugin) Name

func (p *TLSPlugin) Name() string

func (*TLSPlugin) PortPriority

func (p *TLSPlugin) PortPriority(i uint16) bool

func (*TLSPlugin) Priority

func (p *TLSPlugin) Priority() int

func (*TLSPlugin) Run

func (p *TLSPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.Target) (*plugins.Service, error)

func (*TLSPlugin) Type

func (p *TLSPlugin) Type() plugins.Protocol

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL