siemens

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2019 License: Apache-2.0, ISC Imports: 6 Imported by: 3

Documentation

Overview

Package siemens provides a zgrab2 module that scans for Siemens S7. Default port: TCP 102 Ported from the original zgrab. Input and output are identical.

Index

Constants

View Source
const (
	S7_PROTOCOL_ID                  = byte(0x32)
	S7_REQUEST_ID                   = uint16(0)
	S7_REQUEST                      = byte(0x01)
	S7_REQUEST_USER_DATA            = byte(0x07)
	S7_ACKNOWLEDGEMENT              = byte(0x02)
	S7_RESPONSE                     = byte(0x03)
	S7_SZL_REQUEST                  = byte(0x04)
	S7_SZL_FUNCTIONS                = byte(0x04)
	S7_SZL_READ                     = byte(0x01)
	S7_SZL_MODULE_IDENTIFICATION    = uint16(0x11)
	S7_SZL_COMPONENT_IDENTIFICATION = uint16(0x1c)
	S7_DATA_BYTE_OFFSET             = 12 // offset for real data
)

Variables

View Source
var (
	// S7_ERROR_CODES maps error codes to the friendly error string
	S7_ERROR_CODES = map[uint32]string{

		0x05: "address error",
		0x0a: "item not available",

		0x8104: "context not supported",
		0x8500: "wrong PDU size",
	}
)

Functions

func GetS7Banner

func GetS7Banner(logStruct *S7Log, connection net.Conn, reconnect ReconnectFunction) (err error)

GetS7Banner scans the target for S7 information, reconnecting if necessary.

func RegisterModule

func RegisterModule()

RegisterModule registers the zgrab2 module.

Types

type COTPConnectionPacket

type COTPConnectionPacket struct {
	// DestinationRef is the DST-REF TPDU field
	DestinationRef uint16

	// SourceRef is the SCE-REF TPDU field
	SourceRef uint16

	// DestinationTSAP is the destination transport service access point.
	DestinationTSAP uint16

	// SourceTSAP is the source transport service access point.
	SourceTSAP uint16

	// TPDUSize is the size (in bytes) of the TPDU
	TPDUSize byte
}

COTPConnectionPacket is defined in RFC 892.

func (*COTPConnectionPacket) Marshal

func (cotpConnPacket *COTPConnectionPacket) Marshal() ([]byte, error)

Marshal encodes a COTPConnectionPacket to binary.

func (*COTPConnectionPacket) Unmarshal

func (cotpConnPacket *COTPConnectionPacket) Unmarshal(bytes []byte) error

Unmarshal decodes a COTPConnectionPacket from binary that must be a connection confirmation.

type COTPDataPacket

type COTPDataPacket struct {
	Data []byte
}

COTPDataPacket wraps the state / interface for a COTP data packet.

func (*COTPDataPacket) Marshal

func (cotpDataPacket *COTPDataPacket) Marshal() ([]byte, error)

Marshal encodes a COTPDataPacket to binary.

func (*COTPDataPacket) Unmarshal

func (cotpDataPacket *COTPDataPacket) Unmarshal(bytes []byte) error

Unmarshal decodes a COTPDataPacket from binary.

type Flags

type Flags struct {
	zgrab2.BaseFlags
	// TODO: configurable TSAP source / destination, etc
	Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"`
}

Flags holds the command-line configuration for the siemens scan module. Populated by the framework.

func (*Flags) Help

func (flags *Flags) Help() string

Help returns the module's help string.

func (*Flags) Validate

func (flags *Flags) Validate(args []string) error

Validate checks that the flags are valid. On success, returns nil. On failure, returns an error instance describing the error.

type Module

type Module struct {
}

Module implements the zgrab2.Module interface.

func (*Module) NewFlags

func (module *Module) NewFlags() interface{}

NewFlags returns a default Flags object.

func (*Module) NewScanner

func (module *Module) NewScanner() zgrab2.Scanner

NewScanner returns a new Scanner instance.

type ReconnectFunction

type ReconnectFunction func() (net.Conn, error)

ReconnectFunction is used to re-connect to the target to re-try the scan with a different TSAP destination.

type S7Error

type S7Error struct{}

S7Error provides an interface to get S7 errors.

func (*S7Error) New

func (s7Error *S7Error) New(errorCode uint32) error

New gets an S7 error instance for the given error code. TODO: Shouldn't it be sharing a single error instance, rather than returning a new error instance each time?

type S7Log

type S7Log struct {
	// IsS7 indicates that S7 was actually detected, so it should always be true.
	IsS7 bool `json:"is_s7"`

	// System is the first field returned in the component ID response.
	System string `json:"system,omitempty"`

	// Module is the second field returned in the component ID response.
	Module string `json:"module,omitempty"`

	// PlantId is the third field returned in the component ID response.
	PlantId string `json:"plant_id,omitempty"`

	// Copyright is the fourth field returned in the component ID response.
	Copyright string `json:"copyright,omitempty"`

	// SerialNumber is the fifth field returned in the component ID response.
	SerialNumber string `json:"serial_number,omitempty"`

	// ModuleType is the sixth field returned in the component ID response.
	ModuleType string `json:"module_type,omitempty"`

	// ReservedForOS is the seventh field returned in the component ID response.
	ReservedForOS string `json:"reserved_for_os,omitempty"`

	// MemorySerialNumber is the eighth field returned in the component ID response.
	MemorySerialNumber string `json:"memory_serial_number,omitempty"`

	// CpuProfile is the ninth field returned in the component ID response.
	CpuProfile string `json:"cpu_profile,omitempty"`

	// OemId is the tenth field returned in the component ID response.
	OEMId string `json:"oem_id,omitempty"`

	// Location is the eleventh field returned in the component ID response.
	Location string `json:"location,omitempty"`

	// ModuleId is the first field returned in the module identification response.
	ModuleId string `json:"module_id,omitempty"`

	// Hardware is the second field returned in the module identification response.
	Hardware string `json:"hardware,omitempty"`

	// Fiirmware is the third field returned in the module identification response.
	Firmware string `json:"firmware,omitempty"`
}

S7Log is the output type for the Siemens S7 scan.

type S7Packet

type S7Packet struct {
	PDUType    byte
	RequestId  uint16
	Parameters []byte
	Data       []byte
	Error      uint16
}

S7Packet represents an S7 packet.

func (*S7Packet) Marshal

func (s7Packet *S7Packet) Marshal() ([]byte, error)

Marshal encodes a S7Packet to binary.

func (*S7Packet) Unmarshal

func (s7Packet *S7Packet) Unmarshal(bytes []byte) (err error)

Unmarshal decodes a S7Packet from binary.

type Scanner

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner implements the zgrab2.Scanner interface.

func (*Scanner) GetName

func (scanner *Scanner) GetName() string

GetName returns the Scanner name defined in the Flags.

func (*Scanner) GetTrigger

func (scanner *Scanner) GetTrigger() string

GetTrigger returns the Trigger defined in the Flags.

func (*Scanner) Init

func (scanner *Scanner) Init(flags zgrab2.ScanFlags) error

Init initializes the Scanner.

func (*Scanner) InitPerSender

func (scanner *Scanner) InitPerSender(senderID int) error

InitPerSender initializes the scanner for a given sender.

func (*Scanner) Protocol

func (scanner *Scanner) Protocol() string

Protocol returns the protocol identifier of the scan.

func (*Scanner) Scan

func (scanner *Scanner) Scan(target zgrab2.ScanTarget) (zgrab2.ScanStatus, interface{}, error)

Scan probes for Siemens S7 services. 1. Connect to TCP port 102 2. Send a COTP connection packet with destination TSAP 0x0102, source TSAP 0x0100 3. If that fails, reconnect and send a COTP connection packet with destination TSAP 0x0200, source 0x0100 4. Negotiate S7 5. Request to read the module identification (and store it in the output) 6. Request to read the component identification (and store it in the output) 7. Return the output

type TPKTPacket

type TPKTPacket struct {
	// Data is the packet's content
	Data []byte
}

TPKTPacket is defined in RFC 1006

func (*TPKTPacket) Marshal

func (tpktPacket *TPKTPacket) Marshal() ([]byte, error)

Marshal encodes a TPKTPacket to binary.

func (*TPKTPacket) Unmarshal

func (tpktPacket *TPKTPacket) Unmarshal(bytes []byte) error

Unmarshal decodes a TPKTPacket from binary.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL