README
¶
zgrab
A Banner Grabber, in Go
Building
You will need to have a valid $GOPATH set up, for more information about $GOPATH, see https://golang.org/doc/code.html.
Once you have a working $GOPATH, run:
go get github.com/zmap/zgrab
This will install zgrab under $GOPATH/src/github.com/zmap/zgrab
$ cd $GOPATH/src/github.com/zmap/zgrab
$ go build
Usage
Usage of ./zgrab:
-bacnet
Send some BACNet data
-banners
Read banner upon connection creation
-ca-file string
List of trusted root certificate authorities in PEM format
-chrome-ciphers
Send Chrome Ordered Cipher Suites
-chrome-no-dhe-ciphers
Send chrome ciphers minus DHE suites
-connections-per-host uint
Number of times to connect to each host (results in more output) (default 1)
-data string
Send a message and read response (%s will be replaced with destination IP)
-dhe-ciphers
Send only DHE ciphers (not ECDHE)
-dnp3
Read DNP3 banners
-ecdhe-ciphers
Send only ECDHE ciphers (not DHE)
-ehlo string
Send an EHLO with the specified domain (implies --smtp)
-export-ciphers
Send only export ciphers
-export-dhe-ciphers
Send only export DHE ciphers
-firefox-ciphers
Send Firefox Ordered Cipher Suites
-follow-localhost-redirects
Follow HTTP redirects to localhost (default true)
-fox
Send some Niagara Fox Tunneling data
-ftp
Read FTP banners
-ftp-authtls
Collect FTPS certificates in addition to FTP banners
-gomaxprocs int
Set GOMAXPROCS (default 3) (default 3)
-heartbleed
Check if server is vulnerable to Heartbleed (implies --tls)
-http string
Send an HTTP request to an endpoint
-http-max-redirects int
Max number of redirects to follow
-http-max-size int
Max kilobytes to read in response to an HTTP request (default 256)
-http-method string
Set HTTP request method type (default "GET")
-http-proxy-domain string
Send a CONNECT <domain> first
-http-user-agent string
Set a custom HTTP user agent (default "Mozilla/5.0 zgrab/0.x")
-imap
Conform to IMAP rules when sending STARTTLS
-input-file string
Input filename, use - for stdin (default "-")
-interface string
Network interface to send on
-log-file string
File to log to, use - for stderr (default "-")
-lookup-domain
Input contains only domain names
-metadata-file string
File to record banner-grab metadata, use - for stdout (default "-")
-modbus
Send some modbus data
-no-sni
Do not send domain name in TLS handshake regardless of whether known
-output-file string
Output filename, use - for stdout (default "-")
-pop3
Conform to POP3 rules when sending STARTTLS
-port uint
Port to grab on (default 80)
-prometheus string
Address to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disabled.
-raw-client-hello string
Provide a raw ClientHello to be sent; only the SNI will be rewritten
-s7
Send some Siemens S7 data
-safari-ciphers
Send Safari Ordered Cipher Suites
-safari-no-dhe-ciphers
Send Safari ciphers minus DHE suites
-senders uint
Number of send coroutines to use (default 1000)
-signed-certificate-timestamp
request SCTs during TLS handshake (default true)
-smb
Scan for SMB
-smb-protocol int
Specify which SMB protocol to scan for (default 1)
-smtp
Conform to SMTP when reading responses and sending STARTTLS
-smtp-help
Send a SMTP help (implies --smtp)
-starttls
Send STARTTLS before negotiating
-telnet
Read telnet banners
-telnet-max-size int
Max bytes to read for telnet banner (default 65536)
-timeout uint
Set connection timeout in seconds (default 10)
-tls
Grab over TLS
-tls-extended-master-secret
Offer RFC 7627 Extended Master Secret extension
-tls-extended-random
send extended random extension
-tls-session-ticket
Send support for TLS Session Tickets and output ticket if presented
-tls-verbose
Add extra TLS information to JSON output (client hello, client KEX, key material, etc)
-tls-version string
Max TLS version to use (implies --tls)
-xssh
Use the x/crypto SSH scanner
-xssh-ciphers value
A comma-separated list of which ciphers to offer (default "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128")
-xssh-client-id string
Specify the client ID string to use (default "SSH-2.0-Go")
-xssh-gex-max-bits uint
The maximum number of bits for the DH GEX prime. (default 8192)
-xssh-gex-min-bits uint
The minimum number of bits for the DH GEX prime. (default 1024)
-xssh-gex-preferred-bits uint
The preferred number of bits for the DH GEX prime. (default 2048)
-xssh-host-key-algorithms value
A comma-separated list of which host key algorithms to offer (default "ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss,ssh-ed25519")
-xssh-kex-algorithms value
A comma-separated list of which DH key exchange algorithms to offer (default "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1")
-xssh-userauth
Use the 'none' authentication request to see what userauth methods are allowed.
-xssh-verbose
Output additional information.
Example
$ zmap -p 443 --output-fields=* | ztee results.csv | zgrab --port 443 --tls --http="/" --output-file=banners.json
Requirements
zgrab requires go version of at least 1.8.1. Please note that this is newer than the version included in Ubuntu 14.04 apt repository. You can install ztee from ZMap Github repository at https://github.com/zmap/zmap.
ZGrab as a library / dependency
ZGrab tends to be very unstable, API's may break at any time, so be sure to vendor ZGrab.
License
ZGrab is licensed under Apache 2.0 and ISC. For more information, see the LICENSE file.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
ztools
|
|
|
http
Package http provides HTTP client and server implementations.
|
Package http provides HTTP client and server implementations. |
|
http/cookiejar
Package cookiejar implements an in-memory RFC 6265-compliant http.CookieJar.
|
Package cookiejar implements an in-memory RFC 6265-compliant http.CookieJar. |
|
http/httptest
Package httptest provides utilities for HTTP testing.
|
Package httptest provides utilities for HTTP testing. |
|
http/httptrace
Package httptrace provides mechanisms to trace the events within HTTP client requests.
|
Package httptrace provides mechanisms to trace the events within HTTP client requests. |
|
smb/gss
* MIT License * * Copyright (c) 2017 stacktitan * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software.
|
* MIT License * * Copyright (c) 2017 stacktitan * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. |
|
xssh
Package ssh implements an SSH client and server.
|
Package ssh implements an SSH client and server. |
|
xssh/agent
Package agent implements the ssh-agent protocol, and provides both a client and a server.
|
Package agent implements the ssh-agent protocol, and provides both a client and a server. |
|
xssh/terminal
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.
|
Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems. |
|
xssh/test
This package contains integration tests for the github.com/zmap/zgrab/ztools/xssh.
|
This package contains integration tests for the github.com/zmap/zgrab/ztools/xssh. |
|
zct/asn1
Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690.
|
Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690. |
|
zct/client
Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances.
|
Package client is a CT log client implementation and contains types and code for interacting with RFC6962-compliant CT Log instances. |
|
zct/x509
Package x509 parses X.509-encoded keys and certificates.
|
Package x509 parses X.509-encoded keys and certificates. |
|
zct/x509/pkix
Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.
|
Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP. |
Click to show internal directories.
Click to hide internal directories.