diff --git a/schemas/__init__.py b/schemas/__init__.py index dbc1813..a026bb0 100644 --- a/schemas/__init__.py +++ b/schemas/__init__.py @@ -1,19 +1,19 @@ # Ensure that all of the modules get executed so that they are registered -import schemas.bacnet -import schemas.dnp3 -import schemas.fox -import schemas.ftp -import schemas.http -import schemas.modbus -import schemas.mssql -import schemas.mysql -import schemas.ntp -import schemas.oracle -import schemas.pop3 -import schemas.postgres -import schemas.redis -import schemas.siemens -import schemas.smb -import schemas.smtp -import schemas.ssh -import schemas.telnet +import bacnet +import dnp3 +import fox +import ftp +import http +import modbus +import mssql +import mysql +import ntp +import oracle +import pop3 +import postgres +import redis +import siemens +import smb +import smtp +import ssh +import telnet diff --git a/schemas/a.diff b/schemas/a.diff new file mode 100644 index 0000000..bccdb5e --- /dev/null +++ b/schemas/a.diff @@ -0,0 +1,591 @@ +diff --git a/schemas/__init__.py b/schemas/__init__.py +index dbc1813..a026bb0 100644 +--- a/schemas/__init__.py ++++ b/schemas/__init__.py +@@ -1,19 +1,19 @@ + # Ensure that all of the modules get executed so that they are registered +-import schemas.bacnet +-import schemas.dnp3 +-import schemas.fox +-import schemas.ftp +-import schemas.http +-import schemas.modbus +-import schemas.mssql +-import schemas.mysql +-import schemas.ntp +-import schemas.oracle +-import schemas.pop3 +-import schemas.postgres +-import schemas.redis +-import schemas.siemens +-import schemas.smb +-import schemas.smtp +-import schemas.ssh +-import schemas.telnet ++import bacnet ++import dnp3 ++import fox ++import ftp ++import http ++import modbus ++import mssql ++import mysql ++import ntp ++import oracle ++import pop3 ++import postgres ++import redis ++import siemens ++import smb ++import smtp ++import ssh ++import telnet +diff --git a/schemas/bacnet.py b/schemas/bacnet.py +index e7326be..5975a2a 100644 +--- a/schemas/bacnet.py ++++ b/schemas/bacnet.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + bacnet_scan_response = SubRecord({ + "result": SubRecord({ +diff --git a/schemas/dnp3.py b/schemas/dnp3.py +index 4b0b12b..5970dab 100644 +--- a/schemas/dnp3.py ++++ b/schemas/dnp3.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + dnp3_scan_response = SubRecord({ + "result": SubRecord({ +diff --git a/schemas/fox.py b/schemas/fox.py +index 12821d2..7e5cd10 100644 +--- a/schemas/fox.py ++++ b/schemas/fox.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + fox_scan_response = SubRecord({ + 'result': SubRecord({ +diff --git a/schemas/ftp.py b/schemas/ftp.py +index 08a2278..aca3c8c 100644 +--- a/schemas/ftp.py ++++ b/schemas/ftp.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + # modules/ftp.go - FTPScanResults + ftp_scan_response = SubRecord({ +diff --git a/schemas/http.py b/schemas/http.py +index bcbdf29..fcd812d 100644 +--- a/schemas/http.py ++++ b/schemas/http.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + # lib/http/header.go: knownHeaders + http_known_headers = [ +diff --git a/schemas/imap.py b/schemas/imap.py +index 7f7c86b..bf0c30a 100644 +--- a/schemas/imap.py ++++ b/schemas/imap.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + imap_scan_response = SubRecord({ + "result": SubRecord({ +diff --git a/schemas/modbus.py b/schemas/modbus.py +index 6c61263..30e8c36 100644 +--- a/schemas/modbus.py ++++ b/schemas/modbus.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + mei_object_names = [ + 'vendor', +diff --git a/schemas/mssql.py b/schemas/mssql.py +index 28d61f7..b854890 100644 +--- a/schemas/mssql.py ++++ b/schemas/mssql.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + ENCRYPT_MODES = [ + "ENCRYPT_OFF", +diff --git a/schemas/mysql.py b/schemas/mysql.py +index b1150eb..84fb9c7 100644 +--- a/schemas/mysql.py ++++ b/schemas/mysql.py +@@ -5,9 +5,9 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + +-from schemas.zgrab2 import DebugOnly ++from zgrab2 import DebugOnly + + # zgrab2/lib/mysql/mysql.go: GetServerStatusFlags() + mysql_server_status_flags = zgrab2.FlagsSet([ +diff --git a/schemas/ntp.py b/schemas/ntp.py +index 482ed91..7412e17 100644 +--- a/schemas/ntp.py ++++ b/schemas/ntp.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + ntp_short = SubRecord({ + "seconds": Unsigned16BitInteger(), +diff --git a/schemas/oracle.py b/schemas/oracle.py +index 1560560..6119a60 100644 +--- a/schemas/oracle.py ++++ b/schemas/oracle.py +@@ -6,7 +6,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + FlagsSet = zgrab2.FlagsSet + +diff --git a/schemas/pop3.py b/schemas/pop3.py +index b01ccef..6de93f0 100644 +--- a/schemas/pop3.py ++++ b/schemas/pop3.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + pop3_scan_response = SubRecord({ + "result": SubRecord({ +diff --git a/schemas/postgres.py b/schemas/postgres.py +index 0a8c37a..db8bb91 100644 +--- a/schemas/postgres.py ++++ b/schemas/postgres.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + # modules/postgres/scanner.go - decodeError() (TODO: Currently an unconstrained + # map[string]string; it is possible to get "unknown (0x%x)" fields, but it +diff --git a/schemas/redis.py b/schemas/redis.py +index 01a630b..c68c6b9 100644 +--- a/schemas/redis.py ++++ b/schemas/redis.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + redis_scan_response = SubRecord({ + "result": SubRecord({ +diff --git a/schemas/siemens.py b/schemas/siemens.py +index ba0ee26..a986401 100644 +--- a/schemas/siemens.py ++++ b/schemas/siemens.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + siemens_scan_response = SubRecord({ + 'result': SubRecord({ +diff --git a/schemas/smb.py b/schemas/smb.py +index 19d9e23..37dc133 100644 +--- a/schemas/smb.py ++++ b/schemas/smb.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + header_log = { + 'protocol_id': Binary(), +diff --git a/schemas/smtp.py b/schemas/smtp.py +index f87514f..003be12 100644 +--- a/schemas/smtp.py ++++ b/schemas/smtp.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + smtp_scan_response = SubRecord({ + "result": SubRecord({ +diff --git a/schemas/ssh.py b/schemas/ssh.py +index b0537c8..a59b0ad 100644 +--- a/schemas/ssh.py ++++ b/schemas/ssh.py +@@ -5,36 +5,117 @@ from zschema.leaves import * + from zschema.compounds import * + import zschema.registry + +-from schemas.zcrypto import * +-import schemas.zgrab2 as zgrab2 ++import schemas.zcrypto as zcrypto ++import zgrab2 as zgrab2 ++ ++# NOTE: Despite the fact that we have e.g. "supportedHostKeyAlgos", ++# "allSupportedCiphers", etc, including a different value is not syntactically ++# incorrect...so all of the following algorithm identifiers are Strings with ++# examples=[...], rather tha Enums with values=[...]. ++ ++# lib/ssh/common.go -- allSupportedKexAlgos ++KexAlgorithm = String.with_args( ++ doc="An ssh key exchange algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-15 for standard values.", ++ examples=[ ++ "diffie-hellman-group1-sha1", ++ "diffie-hellman-group14-sha1", ++ "ecdh-sha2-nistp256", ++ "ecdh-sha2-nistp384", ++ "ecdh-sha2-nistp521", ++ "curve25519-sha256@libssh.org", ++ "diffie-hellman-group-exchange-sha1", ++ "diffie-hellman-group-exchange-sha256", ++ ] ++) ++ ++KexAlgorithms = ListOf.with_args(KexAlgorithm()) ++ ++# Defined in lib/ssh/common.go -- supportedHostKeyAlgos, though they are ++# generated via PublicKey.Type() ++KeyAlgorithm = String.with_args( ++ doc="An ssh public key algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-19 for standard values.", ++ examples=[ ++ "ssh-rsa-cert-v01@openssh.com", ++ "ssh-dss-cert-v01@openssh.com", ++ "ecdsa-sha2-nistp256-cert-v01@openssh.com", ++ "ecdsa-sha2-nistp384-cert-v01@openssh.com", ++ "ecdsa-sha2-nistp521-cert-v01@openssh.com", ++ "ssh-ed25519-cert-v01@openssh.com", ++ "ssh-rsa", ++ "ssh-dss", ++ "ecdsa-sha2-nistp256", ++ "ecdsa-sha2-nistp384", ++ "ecdsa-sha2-nistp521", ++ "ssh-ed25519", ++ ] ++) ++ ++KeyAlgorithms = ListOf.with_args(KeyAlgorithm()) ++ ++# From lib/ssh/common.go -- allSupportedCiphers ++CipherAlgorithm = String.with_args( ++ doc="An ssh cipher algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.", ++ examples=[ ++ "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", ++ "aes128-cbc", "3des-cbc", "arcfour256", "arcfour128", "arcfour", ++ ] ++) ++ ++CipherAlgorithms = ListOf.with_args(CipherAlgorithm()) ++ ++# From lib/ssh/common.go -- supportedMACs. ++MACAlgorithm = String.with_args( ++ doc="An ssh MAC algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.", ++ examples=["hmac-sha2-256", "hmac-sha1", "hmac-sha1-96"] ++) ++MACAlgorithms = ListOf.with_args(MACAlgorithm()) ++ ++# From lib/ssh/common.go -- supportedCompressions ++CompressionAlgorithm = String.with_args( ++ doc="An ssh compression algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.", ++ examples=["none", "zlib"] ++) ++CompressionAlgorithms = ListOf.with_args(CompressionAlgorithm()) ++ ++LanguageTag = String.with_args(doc="A language tag, as defined in https://www.ietf.org/rfc/rfc3066.txt.") ++LanguageTags = ListOf.with_args(LanguageTag(), doc="A name-list of language tags in order of preference.") + + # zgrab2/lib/ssh/messages.go: (Json)kexInitMsg +-zgrab2_ssh_kex_init_message = SubRecord({ ++KexInitMessage = SubRecordType({ + "cookie": Binary(), +- "kex_algorithms": ListOf(String()), +- "host_key_algorithms": ListOf(String()), +- "client_to_server_ciphers": ListOf(String()), +- "server_to_client_ciphers": ListOf(String()), +- "client_to_server_macs": ListOf(String()), +- "server_to_client_macs": ListOf(String()), +- "client_to_server_compression": ListOf(String()), +- "server_to_client_compression": ListOf(String()), +- "client_to_server_languages": ListOf(String()), +- "server_to_client_languages": ListOf(String()), ++ "kex_algorithms": KexAlgorithms(doc="Key exchange algorithms used in the handshake."), ++ "host_key_algorithms": KeyAlgorithms(doc="Asymmetric key algorithms for the host key supported by the client."), ++ "client_to_server_ciphers": CipherAlgorithms(), ++ "server_to_client_ciphers": CipherAlgorithms(), ++ "client_to_server_macs": MACAlgorithms(), ++ "server_to_client_macs": MACAlgorithms(), ++ "client_to_server_compression": CompressionAlgorithms(), ++ "server_to_client_compression": CompressionAlgorithms(), ++ "client_to_server_languages": LanguageTags(), ++ "server_to_client_languages": LanguageTags(), + "first_kex_follows": Boolean(), + "reserved": Unsigned32BitInteger(), + }) + + # zgrab2/lib/ssh/log.go: EndpointId +-zgrab2_ssh_endpoint_id = SubRecord({ ++EndpointID = SubRecordType({ + "raw": String(), + "version": String(), + "software": String(), +- "comment": String() ++ "comment": String(), ++}) ++ ++# This could be merged into a single class with e.g. an analyzed param, ++# but it's probably clearer to just duplicate it. ++AnalyzedEndpointID = SubRecordType({ ++ "raw": AnalyzedString(), ++ "version": String(), ++ "software": AnalyzedString(), ++ "comment": AnalyzedString(), + }) + + # zgrab2/lib/ssh/kex.go: kexResult +-zgrab2_ssh_kex_result = SubRecord({ ++KexResult = SubRecordType({ + "H": Binary(), + "K": Binary(), + "session_id": Binary() +@@ -45,47 +126,53 @@ ED25519PublicKey = SubRecordType({ + "public_bytes": Binary(), + }) + ++# zgrab2/lib/ssh/kex.go: curve25519sha256JsonLogParameters (via curve25519sha256) ++Curve25519SHA256Params = SubRecordType({ ++ "client_public": Binary(required=False), ++ "client_private": Binary(required=False), ++ "server_public": Binary(required=False), ++}) ++ + # zgrab2/lib/ssh/certs.go: JsonSignature +-xssh_signature = SubRecord({ ++Signature = SubRecordType({ + "parsed": SubRecord({ +- "algorithm": String(), ++ "algorithm": KeyAlgorithm(), + "value": Binary(), + }), + "raw": Binary(), + "h": Binary(), + }) + +-# zgrab/ztools/keys/ecdhe.go: ECDHPrivateParams +-golang_crypto_param = SubRecord({ +- "value":Binary(), +- "length":Unsigned32BitInteger() +-}) +- + # lib/ssh/kex.go: PublicKeyJsonLog, sans the certkey_public_key (since that would create a loop) + SSHPublicKey = SubRecordType({ + "raw": Binary(), + "fingerprint_sha256": String(), ++ # TODO: Enum? Obviously must serialize to one of rsa/dsa/ecdsa/ed25519_public_key... + "algorithm": String(), +- "rsa_public_key": RSAPublicKey(), +- "dsa_public_key": DSAPublicKey(), +- "ecdsa_public_key": ECDSAPublicKey(), ++ # For compatiblity with ztag ++ "key_algorithm":String(), ++ "rsa_public_key": zcrypto.RSAPublicKey(), ++ "dsa_public_key": zcrypto.DSAPublicKey(), ++ "ecdsa_public_key": zcrypto.ECDSAPublicKey(), + "ed25519_public_key": ED25519PublicKey(), + }) + ++CertType = SubRecordType({ ++ "id": Enum(values=[1, 2], doc="The numerical certificate type value. 1 identifies user certificates, 2 identifies host certificates."), ++ "name": Enum(values=["USER", "HOST", "unknown"], doc="The human-readable name for the certificate type."), ++}) ++ + # lib/ssh/certs.go: JsonCertificate +-SSHPublicKeyCert = SubRecordType({ ++SSHPublicKeyCert = SubRecord.with_args({ + # TODO: Use / include our cert type here, or maybe somewhere else in the response? + "certkey_public_key": SubRecord({ +- "nonce":Binary(), +- # This works, since SSHPublicKey() does not include certkey_public_key. ++ "nonce": Binary(), ++ # Note that this is not recursive, since SSHPublicKey() does not include certkey_public_key. + "key": SSHPublicKey(), +- "serial": String(), +- "cert_type": SubRecord({ +- "id": Unsigned32BitInteger(), +- "name": String(), +- }), +- "key_id": String(), +- "valid_principals": ListOf(String()), ++ "serial": String(doc="The certificate serial number, encoded as a base-10 string."), ++ "cert_type": CertType(), ++ "key_id": String(doc="A free-form text field filled in by the CA at the time of signing, intended to identify the principal in log messages."), ++ "valid_principals": ListOf(String(), doc="Names for which this certificate is valid; hostnames for cert_type=HOST certificates and usernames for cert_type=USER certificates."), + "validity": SubRecord({ + "valid_after": DateTime(doc="Timestamp of when certificate is first valid. Timezone is UTC."), + "valid_before": DateTime(doc="Timestamp of when certificate expires. Timezone is UTC."), +@@ -93,7 +180,7 @@ SSHPublicKeyCert = SubRecordType({ + }), + "reserved": Binary(), + "signature_key": SSHPublicKey(), +- "signature": xssh_signature, ++ "signature": Signature(), + "parse_error": String(), + "extensions": SubRecord({ + "known": SubRecord({ +@@ -116,53 +203,47 @@ SSHPublicKeyCert = SubRecordType({ + }, extends=SSHPublicKey()) + + ++# zgrab2/lib/ssh/common.go: directionAlgorithms ++DirectionAlgorithms = SubRecordType({ ++ "cipher": CipherAlgorithm(), ++ "mac": MACAlgorithm(), ++ "compression": CompressionAlgorithm(), ++}) ++ ++# zgrab2/lib/ssh/kex.go: interface kexAlgorithm ++# Searching usages of kexAlgorithm turns up: ++# - dhGroup: dh_params, server_signature, server_host_key ++# - ecdh: ecdh_params, server_signature, server_host_key ++# - curve25519sha256: curve25519_sha256_params, server_signature, server_host_key ++# - dhGEXSHA: dh_params, server_signature, server_host_key ++KeyExchange = SubRecordType({ ++ "curve25519_sha256_params": Curve25519SHA256Params(), ++ "ecdh_params": zcrypto.ECDHParams(), ++ "dh_params": zcrypto.DHParams(), ++ "server_signature": Signature(), ++ "server_host_key": SSHPublicKeyCert(), ++}) ++ ++# zgrab2/lib/ssh/common.go: algorithms (aux in MarshalJSON) ++AlgorithmSelection = SubRecordType({ ++ "dh_kex_algorithm": KexAlgorithm(), ++ "host_key_algorithm": KeyAlgorithm(), ++ "client_to_server_alg_group": DirectionAlgorithms(), ++ "server_to_client_alg_group": DirectionAlgorithms(), ++}) ++ + # zgrab2/lib/ssh/log.go: HandshakeLog + # TODO: Can ssh re-use any of the generic TLS model? + ssh_scan_response = SubRecord({ + "result": SubRecord({ +- "server_id": SubRecord({ +- "raw": AnalyzedString(), +- "version": String(), +- "software": AnalyzedString(), +- "comment": AnalyzedString(), +- }), +- "client_id": zgrab2_ssh_endpoint_id, +- "server_key_exchange": zgrab2_ssh_kex_init_message, +- "client_key_exchange": zgrab2_ssh_kex_init_message, +- "algorithm_selection": SubRecord({ +- "dh_kex_algorithm": String(), +- "host_key_algorithm": String(), +- "client_to_server_alg_group": SubRecord({ +- "cipher": String(), +- "mac": String(), +- "compression": String(), +- }), +- "server_to_client_alg_group": SubRecord({ +- "cipher": String(), +- "mac": String(), +- "compression": String(), +- }), +- }), +- "key_exchange": SubRecord({ +- "curve25519_sha256_params": SubRecord({ +- "server_public": Binary(), +- }), +- "ecdh_params": SubRecord({ +- "server_public": SubRecord({ +- "x": golang_crypto_param, +- "y": golang_crypto_param, +- }), +- }), +- "dh_params": SubRecord({ +- "prime": golang_crypto_param, +- "generator": golang_crypto_param, +- "server_public": golang_crypto_param, +- }), +- "server_signature": xssh_signature, +- "server_host_key": SSHPublicKeyCert(), +- }), ++ "server_id": AnalyzedEndpointID(), ++ "client_id": EndpointID(), ++ "server_key_exchange": KexInitMessage(), ++ "client_key_exchange": KexInitMessage(), ++ "algorithm_selection": AlgorithmSelection(), ++ "key_exchange": KeyExchange(), + "userauth": ListOf(String()), +- "crypto": zgrab2_ssh_kex_result ++ "crypto": KexResult(), + }) + }, extends=zgrab2.base_scan_response) + +diff --git a/schemas/telnet.py b/schemas/telnet.py +index 2a28ae4..a06afe8 100644 +--- a/schemas/telnet.py ++++ b/schemas/telnet.py +@@ -5,7 +5,7 @@ from zschema.compounds import * + import zschema.registry + + import schemas.zcrypto as zcrypto +-import schemas.zgrab2 as zgrab2 ++import zgrab2 as zgrab2 + + telnet_option = SubRecord({ + "name": String(), diff --git a/schemas/bacnet.py b/schemas/bacnet.py index e7326be..5975a2a 100644 --- a/schemas/bacnet.py +++ b/schemas/bacnet.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 bacnet_scan_response = SubRecord({ "result": SubRecord({ diff --git a/schemas/dnp3.py b/schemas/dnp3.py index 4b0b12b..5970dab 100644 --- a/schemas/dnp3.py +++ b/schemas/dnp3.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 dnp3_scan_response = SubRecord({ "result": SubRecord({ diff --git a/schemas/fox.py b/schemas/fox.py index 12821d2..7e5cd10 100644 --- a/schemas/fox.py +++ b/schemas/fox.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 fox_scan_response = SubRecord({ 'result': SubRecord({ diff --git a/schemas/ftp.py b/schemas/ftp.py index 08a2278..aca3c8c 100644 --- a/schemas/ftp.py +++ b/schemas/ftp.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 # modules/ftp.go - FTPScanResults ftp_scan_response = SubRecord({ diff --git a/schemas/http.py b/schemas/http.py index bcbdf29..fcd812d 100644 --- a/schemas/http.py +++ b/schemas/http.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 # lib/http/header.go: knownHeaders http_known_headers = [ diff --git a/schemas/imap.py b/schemas/imap.py index 7f7c86b..bf0c30a 100644 --- a/schemas/imap.py +++ b/schemas/imap.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 imap_scan_response = SubRecord({ "result": SubRecord({ diff --git a/schemas/modbus.py b/schemas/modbus.py index 6c61263..30e8c36 100644 --- a/schemas/modbus.py +++ b/schemas/modbus.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 mei_object_names = [ 'vendor', diff --git a/schemas/mssql.py b/schemas/mssql.py index 28d61f7..b854890 100644 --- a/schemas/mssql.py +++ b/schemas/mssql.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 ENCRYPT_MODES = [ "ENCRYPT_OFF", diff --git a/schemas/mysql.py b/schemas/mysql.py index b1150eb..84fb9c7 100644 --- a/schemas/mysql.py +++ b/schemas/mysql.py @@ -5,9 +5,9 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 -from schemas.zgrab2 import DebugOnly +from zgrab2 import DebugOnly # zgrab2/lib/mysql/mysql.go: GetServerStatusFlags() mysql_server_status_flags = zgrab2.FlagsSet([ diff --git a/schemas/ntp.py b/schemas/ntp.py index 482ed91..7412e17 100644 --- a/schemas/ntp.py +++ b/schemas/ntp.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 ntp_short = SubRecord({ "seconds": Unsigned16BitInteger(), diff --git a/schemas/oracle.py b/schemas/oracle.py index 1560560..6119a60 100644 --- a/schemas/oracle.py +++ b/schemas/oracle.py @@ -6,7 +6,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 FlagsSet = zgrab2.FlagsSet diff --git a/schemas/pop3.py b/schemas/pop3.py index b01ccef..6de93f0 100644 --- a/schemas/pop3.py +++ b/schemas/pop3.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 pop3_scan_response = SubRecord({ "result": SubRecord({ diff --git a/schemas/postgres.py b/schemas/postgres.py index 0a8c37a..db8bb91 100644 --- a/schemas/postgres.py +++ b/schemas/postgres.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 # modules/postgres/scanner.go - decodeError() (TODO: Currently an unconstrained # map[string]string; it is possible to get "unknown (0x%x)" fields, but it diff --git a/schemas/redis.py b/schemas/redis.py index 01a630b..c68c6b9 100644 --- a/schemas/redis.py +++ b/schemas/redis.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 redis_scan_response = SubRecord({ "result": SubRecord({ diff --git a/schemas/siemens.py b/schemas/siemens.py index ba0ee26..a986401 100644 --- a/schemas/siemens.py +++ b/schemas/siemens.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 siemens_scan_response = SubRecord({ 'result': SubRecord({ diff --git a/schemas/smb.py b/schemas/smb.py index 19d9e23..37dc133 100644 --- a/schemas/smb.py +++ b/schemas/smb.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 header_log = { 'protocol_id': Binary(), diff --git a/schemas/smtp.py b/schemas/smtp.py index f87514f..003be12 100644 --- a/schemas/smtp.py +++ b/schemas/smtp.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 smtp_scan_response = SubRecord({ "result": SubRecord({ diff --git a/schemas/ssh.py b/schemas/ssh.py index b0537c8..a59b0ad 100644 --- a/schemas/ssh.py +++ b/schemas/ssh.py @@ -5,36 +5,117 @@ from zschema.leaves import * from zschema.compounds import * import zschema.registry -from schemas.zcrypto import * -import schemas.zgrab2 as zgrab2 +import schemas.zcrypto as zcrypto +import zgrab2 as zgrab2 + +# NOTE: Despite the fact that we have e.g. "supportedHostKeyAlgos", +# "allSupportedCiphers", etc, including a different value is not syntactically +# incorrect...so all of the following algorithm identifiers are Strings with +# examples=[...], rather tha Enums with values=[...]. + +# lib/ssh/common.go -- allSupportedKexAlgos +KexAlgorithm = String.with_args( + doc="An ssh key exchange algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-15 for standard values.", + examples=[ + "diffie-hellman-group1-sha1", + "diffie-hellman-group14-sha1", + "ecdh-sha2-nistp256", + "ecdh-sha2-nistp384", + "ecdh-sha2-nistp521", + "curve25519-sha256@libssh.org", + "diffie-hellman-group-exchange-sha1", + "diffie-hellman-group-exchange-sha256", + ] +) + +KexAlgorithms = ListOf.with_args(KexAlgorithm()) + +# Defined in lib/ssh/common.go -- supportedHostKeyAlgos, though they are +# generated via PublicKey.Type() +KeyAlgorithm = String.with_args( + doc="An ssh public key algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-19 for standard values.", + examples=[ + "ssh-rsa-cert-v01@openssh.com", + "ssh-dss-cert-v01@openssh.com", + "ecdsa-sha2-nistp256-cert-v01@openssh.com", + "ecdsa-sha2-nistp384-cert-v01@openssh.com", + "ecdsa-sha2-nistp521-cert-v01@openssh.com", + "ssh-ed25519-cert-v01@openssh.com", + "ssh-rsa", + "ssh-dss", + "ecdsa-sha2-nistp256", + "ecdsa-sha2-nistp384", + "ecdsa-sha2-nistp521", + "ssh-ed25519", + ] +) + +KeyAlgorithms = ListOf.with_args(KeyAlgorithm()) + +# From lib/ssh/common.go -- allSupportedCiphers +CipherAlgorithm = String.with_args( + doc="An ssh cipher algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-16 for standard values.", + examples=[ + "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", + "aes128-cbc", "3des-cbc", "arcfour256", "arcfour128", "arcfour", + ] +) + +CipherAlgorithms = ListOf.with_args(CipherAlgorithm()) + +# From lib/ssh/common.go -- supportedMACs. +MACAlgorithm = String.with_args( + doc="An ssh MAC algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-18 for standard values.", + examples=["hmac-sha2-256", "hmac-sha1", "hmac-sha1-96"] +) +MACAlgorithms = ListOf.with_args(MACAlgorithm()) + +# From lib/ssh/common.go -- supportedCompressions +CompressionAlgorithm = String.with_args( + doc="An ssh compression algorithm identifier, named according to section 6 of https://www.ietf.org/rfc/rfc4251.txt; see https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-20 for standard values.", + examples=["none", "zlib"] +) +CompressionAlgorithms = ListOf.with_args(CompressionAlgorithm()) + +LanguageTag = String.with_args(doc="A language tag, as defined in https://www.ietf.org/rfc/rfc3066.txt.") +LanguageTags = ListOf.with_args(LanguageTag(), doc="A name-list of language tags in order of preference.") # zgrab2/lib/ssh/messages.go: (Json)kexInitMsg -zgrab2_ssh_kex_init_message = SubRecord({ +KexInitMessage = SubRecordType({ "cookie": Binary(), - "kex_algorithms": ListOf(String()), - "host_key_algorithms": ListOf(String()), - "client_to_server_ciphers": ListOf(String()), - "server_to_client_ciphers": ListOf(String()), - "client_to_server_macs": ListOf(String()), - "server_to_client_macs": ListOf(String()), - "client_to_server_compression": ListOf(String()), - "server_to_client_compression": ListOf(String()), - "client_to_server_languages": ListOf(String()), - "server_to_client_languages": ListOf(String()), + "kex_algorithms": KexAlgorithms(doc="Key exchange algorithms used in the handshake."), + "host_key_algorithms": KeyAlgorithms(doc="Asymmetric key algorithms for the host key supported by the client."), + "client_to_server_ciphers": CipherAlgorithms(), + "server_to_client_ciphers": CipherAlgorithms(), + "client_to_server_macs": MACAlgorithms(), + "server_to_client_macs": MACAlgorithms(), + "client_to_server_compression": CompressionAlgorithms(), + "server_to_client_compression": CompressionAlgorithms(), + "client_to_server_languages": LanguageTags(), + "server_to_client_languages": LanguageTags(), "first_kex_follows": Boolean(), "reserved": Unsigned32BitInteger(), }) # zgrab2/lib/ssh/log.go: EndpointId -zgrab2_ssh_endpoint_id = SubRecord({ +EndpointID = SubRecordType({ "raw": String(), "version": String(), "software": String(), - "comment": String() + "comment": String(), +}) + +# This could be merged into a single class with e.g. an analyzed param, +# but it's probably clearer to just duplicate it. +AnalyzedEndpointID = SubRecordType({ + "raw": AnalyzedString(), + "version": String(), + "software": AnalyzedString(), + "comment": AnalyzedString(), }) # zgrab2/lib/ssh/kex.go: kexResult -zgrab2_ssh_kex_result = SubRecord({ +KexResult = SubRecordType({ "H": Binary(), "K": Binary(), "session_id": Binary() @@ -45,47 +126,53 @@ ED25519PublicKey = SubRecordType({ "public_bytes": Binary(), }) +# zgrab2/lib/ssh/kex.go: curve25519sha256JsonLogParameters (via curve25519sha256) +Curve25519SHA256Params = SubRecordType({ + "client_public": Binary(required=False), + "client_private": Binary(required=False), + "server_public": Binary(required=False), +}) + # zgrab2/lib/ssh/certs.go: JsonSignature -xssh_signature = SubRecord({ +Signature = SubRecordType({ "parsed": SubRecord({ - "algorithm": String(), + "algorithm": KeyAlgorithm(), "value": Binary(), }), "raw": Binary(), "h": Binary(), }) -# zgrab/ztools/keys/ecdhe.go: ECDHPrivateParams -golang_crypto_param = SubRecord({ - "value":Binary(), - "length":Unsigned32BitInteger() -}) - # lib/ssh/kex.go: PublicKeyJsonLog, sans the certkey_public_key (since that would create a loop) SSHPublicKey = SubRecordType({ "raw": Binary(), "fingerprint_sha256": String(), + # TODO: Enum? Obviously must serialize to one of rsa/dsa/ecdsa/ed25519_public_key... "algorithm": String(), - "rsa_public_key": RSAPublicKey(), - "dsa_public_key": DSAPublicKey(), - "ecdsa_public_key": ECDSAPublicKey(), + # For compatiblity with ztag + "key_algorithm":String(), + "rsa_public_key": zcrypto.RSAPublicKey(), + "dsa_public_key": zcrypto.DSAPublicKey(), + "ecdsa_public_key": zcrypto.ECDSAPublicKey(), "ed25519_public_key": ED25519PublicKey(), }) +CertType = SubRecordType({ + "id": Enum(values=[1, 2], doc="The numerical certificate type value. 1 identifies user certificates, 2 identifies host certificates."), + "name": Enum(values=["USER", "HOST", "unknown"], doc="The human-readable name for the certificate type."), +}) + # lib/ssh/certs.go: JsonCertificate -SSHPublicKeyCert = SubRecordType({ +SSHPublicKeyCert = SubRecord.with_args({ # TODO: Use / include our cert type here, or maybe somewhere else in the response? "certkey_public_key": SubRecord({ - "nonce":Binary(), - # This works, since SSHPublicKey() does not include certkey_public_key. + "nonce": Binary(), + # Note that this is not recursive, since SSHPublicKey() does not include certkey_public_key. "key": SSHPublicKey(), - "serial": String(), - "cert_type": SubRecord({ - "id": Unsigned32BitInteger(), - "name": String(), - }), - "key_id": String(), - "valid_principals": ListOf(String()), + "serial": String(doc="The certificate serial number, encoded as a base-10 string."), + "cert_type": CertType(), + "key_id": String(doc="A free-form text field filled in by the CA at the time of signing, intended to identify the principal in log messages."), + "valid_principals": ListOf(String(), doc="Names for which this certificate is valid; hostnames for cert_type=HOST certificates and usernames for cert_type=USER certificates."), "validity": SubRecord({ "valid_after": DateTime(doc="Timestamp of when certificate is first valid. Timezone is UTC."), "valid_before": DateTime(doc="Timestamp of when certificate expires. Timezone is UTC."), @@ -93,7 +180,7 @@ SSHPublicKeyCert = SubRecordType({ }), "reserved": Binary(), "signature_key": SSHPublicKey(), - "signature": xssh_signature, + "signature": Signature(), "parse_error": String(), "extensions": SubRecord({ "known": SubRecord({ @@ -116,53 +203,47 @@ SSHPublicKeyCert = SubRecordType({ }, extends=SSHPublicKey()) +# zgrab2/lib/ssh/common.go: directionAlgorithms +DirectionAlgorithms = SubRecordType({ + "cipher": CipherAlgorithm(), + "mac": MACAlgorithm(), + "compression": CompressionAlgorithm(), +}) + +# zgrab2/lib/ssh/kex.go: interface kexAlgorithm +# Searching usages of kexAlgorithm turns up: +# - dhGroup: dh_params, server_signature, server_host_key +# - ecdh: ecdh_params, server_signature, server_host_key +# - curve25519sha256: curve25519_sha256_params, server_signature, server_host_key +# - dhGEXSHA: dh_params, server_signature, server_host_key +KeyExchange = SubRecordType({ + "curve25519_sha256_params": Curve25519SHA256Params(), + "ecdh_params": zcrypto.ECDHParams(), + "dh_params": zcrypto.DHParams(), + "server_signature": Signature(), + "server_host_key": SSHPublicKeyCert(), +}) + +# zgrab2/lib/ssh/common.go: algorithms (aux in MarshalJSON) +AlgorithmSelection = SubRecordType({ + "dh_kex_algorithm": KexAlgorithm(), + "host_key_algorithm": KeyAlgorithm(), + "client_to_server_alg_group": DirectionAlgorithms(), + "server_to_client_alg_group": DirectionAlgorithms(), +}) + # zgrab2/lib/ssh/log.go: HandshakeLog # TODO: Can ssh re-use any of the generic TLS model? ssh_scan_response = SubRecord({ "result": SubRecord({ - "server_id": SubRecord({ - "raw": AnalyzedString(), - "version": String(), - "software": AnalyzedString(), - "comment": AnalyzedString(), - }), - "client_id": zgrab2_ssh_endpoint_id, - "server_key_exchange": zgrab2_ssh_kex_init_message, - "client_key_exchange": zgrab2_ssh_kex_init_message, - "algorithm_selection": SubRecord({ - "dh_kex_algorithm": String(), - "host_key_algorithm": String(), - "client_to_server_alg_group": SubRecord({ - "cipher": String(), - "mac": String(), - "compression": String(), - }), - "server_to_client_alg_group": SubRecord({ - "cipher": String(), - "mac": String(), - "compression": String(), - }), - }), - "key_exchange": SubRecord({ - "curve25519_sha256_params": SubRecord({ - "server_public": Binary(), - }), - "ecdh_params": SubRecord({ - "server_public": SubRecord({ - "x": golang_crypto_param, - "y": golang_crypto_param, - }), - }), - "dh_params": SubRecord({ - "prime": golang_crypto_param, - "generator": golang_crypto_param, - "server_public": golang_crypto_param, - }), - "server_signature": xssh_signature, - "server_host_key": SSHPublicKeyCert(), - }), + "server_id": AnalyzedEndpointID(), + "client_id": EndpointID(), + "server_key_exchange": KexInitMessage(), + "client_key_exchange": KexInitMessage(), + "algorithm_selection": AlgorithmSelection(), + "key_exchange": KeyExchange(), "userauth": ListOf(String()), - "crypto": zgrab2_ssh_kex_result + "crypto": KexResult(), }) }, extends=zgrab2.base_scan_response) diff --git a/schemas/telnet.py b/schemas/telnet.py index 2a28ae4..a06afe8 100644 --- a/schemas/telnet.py +++ b/schemas/telnet.py @@ -5,7 +5,7 @@ from zschema.compounds import * import zschema.registry import schemas.zcrypto as zcrypto -import schemas.zgrab2 as zgrab2 +import zgrab2 as zgrab2 telnet_option = SubRecord({ "name": String(), diff --git a/schemas/testdata/ftp-authtls.json b/schemas/testdata/ftp-authtls.json new file mode 100644 index 0000000..0c56992 --- /dev/null +++ b/schemas/testdata/ftp-authtls.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"ftp":{"status":"success","protocol":"ftp","result":{"banner":"220 (vsFTPd 3.0.3)\r\n","auth_tls":"234 Proceed with negotiation.\r\n","tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"9EzBU2uppr13qygBFiO1h39T2E/8unZul/cUDB2zYPk=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"rc2c6mRtgR2INfEIO4LfvBljnkTN5p48PZ7FKX2BOG8=","session_id":"ZfIvBwBlUW/FVdQmm4iy8yDWqpCRdumrJSUr66y/1C4=","cipher_suite":{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIICvjCCAaagAwIBAgIJAJIop+fx8oy3MA0GCSqGSIb3DQEBCwUAMBcxFTATBgNVBAMMDDdjZGM5ZWY4Y2YzYTAeFw0xODAxMDIyMDMxMjFaFw0yNzEyMzEyMDMxMjFaMBcxFTATBgNVBAMMDDdjZGM5ZWY4Y2YzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN5nPmxK78aZcFgix8DF90lTJejd0eibpFiPpvNZK0nl3dUeryGF4HI52c0JYQLnyHAFcxs8KKX6qwGbv2XUllpLy4K2LNNml0a60J3jGVth+UQ6vD79hFT8PEnoy0RZFd8SmhNYckYLOD8VaRewoJG37X++vhO96TLutJUyxXm6asQfPpYOrnDtSeCCJuz4wuUPveuE3QV00kXNjarysVXuJDHtRoXRGeorzSD3P6lu/t/pmrMzWf0K7MX3CWSB4xPp+d2wFaq6rlpv10p8sDaC/knt8rbnqgDjxo0UKXavLczyw+4+Y3bZHFiw+KI7QoYrqun9YT5NJFw8PKQKoKECAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAzC2fAHjY1P92rzsUJxyj0xMaM5l2cGNS+pyHv6+b2ufI4At/1YQjmqI0l2wk2TyXX3VlNwQgN4tIlDYU7g8TTvN+y+yUtbzxHUABm28g5q7vClHSM1NqOiKlHrvAz+bp05KGY3n4H+fETDj5dLY12KRLyrLO+oTrhaCVds8JKp6SBO1TUO2HTXXom4Z2RcSOebDDAAPLUFwDtv7t+x36pnPkJMste7CPb3+MQy9OrY87OvprEc04yANz9weaYeEHfIcRJhxVb7eM2m1rm/fSFdNFd8ODFtYpiwm/TWyRAr5xIK5VQFWTixNa7n14kRe7AnrQ+yBaL0OsQyyRTT4EHw==","parsed":{"version":3,"serial_number":"10531852343244393655","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["7cdc9ef8cf3a"]},"issuer_dn":"CN=7cdc9ef8cf3a","validity":{"start":"2018-01-02T20:31:21Z","end":"2027-12-31T20:31:21Z","length":315360000},"subject":{"common_name":["7cdc9ef8cf3a"]},"subject_dn":"CN=7cdc9ef8cf3a","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"3mc+bErvxplwWCLHwMX3SVMl6N3R6JukWI+m81krSeXd1R6vIYXgcjnZzQlhAufIcAVzGzwopfqrAZu/ZdSWWkvLgrYs02aXRrrQneMZW2H5RDq8Pv2EVPw8SejLRFkV3xKaE1hyRgs4PxVpF7Cgkbftf76+E73pMu60lTLFebpqxB8+lg6ucO1J4IIm7PjC5Q+964TdBXTSRc2NqvKxVe4kMe1GhdEZ6ivNIPc/qW7+3+maszNZ/QrsxfcJZIHjE+n53bAVqrquWm/XSnywNoL+Se3ytueqAOPGjRQpdq8tzPLD7j5jdtkcWLD4ojtChiuq6f1hPk0kXDw8pAqgoQ==","length":2048},"fingerprint_sha256":"f4cd5dc226edd3df5cde02c1505f47a2f578ea90b08f967c30c3fc4b6147aa3d"},"extensions":{"basic_constraints":{"is_ca":false}},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"zC2fAHjY1P92rzsUJxyj0xMaM5l2cGNS+pyHv6+b2ufI4At/1YQjmqI0l2wk2TyXX3VlNwQgN4tIlDYU7g8TTvN+y+yUtbzxHUABm28g5q7vClHSM1NqOiKlHrvAz+bp05KGY3n4H+fETDj5dLY12KRLyrLO+oTrhaCVds8JKp6SBO1TUO2HTXXom4Z2RcSOebDDAAPLUFwDtv7t+x36pnPkJMste7CPb3+MQy9OrY87OvprEc04yANz9weaYeEHfIcRJhxVb7eM2m1rm/fSFdNFd8ODFtYpiwm/TWyRAr5xIK5VQFWTixNa7n14kRe7AnrQ+yBaL0OsQyyRTT4EHw==","valid":false,"self_signed":true},"fingerprint_md5":"893f005d40060340f3d8798179b62a72","fingerprint_sha1":"d4338a206e141821cae7a0c64010aa96864725e6","fingerprint_sha256":"28452377e32275f10be938dabcb55b011d32e4cd2f9f18dc0d44c6d2fd59145b","tbs_noct_fingerprint":"d3943dc69b3f2aff3216978bb646d8094746d5a6d6bb10997f50cdcd23248550","spki_subject_fingerprint":"89dccfe669ac65aad90c3a04b7e277dd32cd94a0c87a6341e14299cf03e03a70","tbs_fingerprint":"d3943dc69b3f2aff3216978bb646d8094746d5a6d6bb10997f50cdcd23248550","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: unknown error"}},"server_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"server_public":{"x":{"value":"vgMv+eg4Ff/5izjhFS7v3GAZmj14jKTzyxex1jdvcI8=","length":256},"y":{"value":"dukqJOnuDOnDIYJ+Uyz53jQ6JogAXwgAfr4G4qpo7DM=","length":256}}},"digest":"PV8Ixh0ISPi2kms1uRfEEtw+ro4ogu+hEYNcqA71dbY=","signature":{"raw":"suufvW3m6XVqt2tFOhDLrp4wbPTwoq02gdZgw7WwVc+/o3oZ1tfAm+JWbeWJw5YXI3eP/JiMbNIX3xth1Y8PiK4AK1cpmIg2lbzPpgK7jKMV1sYUUgd5NBxCgVGH0Od4aYT0qcN63LF21ilGmVw6ZPIHrbJVxtlNT955HqPwDj2YZe3FjTVTscXnOXT6wNk452Dptc9nCKlt0BsME7VfUhwUDEQ0MRm4lwu7svsFOzvH/ws2CCbiqxcuzlVOzsxduFVuQ8VbmPFZHEO9oRvFNBTTId4oHF0AanQwA5iRE4uaZ+3x9Z4NHRFxiZ3CT3mpUqK77MTixeivg9y+gNV70A==","type":"rsa","valid":true,"signature_and_hash_type":{"signature_algorithm":"rsa","hash_algorithm":"sha256"},"tls_version":{"name":"TLSv1.2","value":771}}},"client_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"client_public":{"x":{"value":"bTDG3MmMQwfLgEPe52AR+HxHR5ZM+VkkIq88olISceE=","length":256},"y":{"value":"xOe0oaRzngcko/sNxVo0Xi1CzMBugpFTC6IQi65zxeY=","length":256}},"client_private":{"value":"7cCfbFH4HbQYTNVW+MiOauCRTc8O2uyPEJfPd5uEMHQ=","length":32}}},"client_finished":{"verify_data":"qcUC/wKbd4fQL3bG"},"server_finished":{"verify_data":"9OnpMn7r7o0Wdp5g"},"key_material":{"master_secret":{"value":"lZnvZcMQw61HgzSpFLIsKrhbOuOvCpoTGk1ZolBW+BbkSOucqqmwUvdJvykiMB8u","length":48},"pre_master_secret":{"value":"DA3VM7XmkuKJm8xNAIzlDDQQz50dJBkxBnpUW2NvfDY=","length":32}}}}},"timestamp":"2018-04-06T19:37:50Z"}}} diff --git a/schemas/testdata/ftp-default.json b/schemas/testdata/ftp-default.json new file mode 100644 index 0000000..568b113 --- /dev/null +++ b/schemas/testdata/ftp-default.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"ftp":{"status":"success","protocol":"ftp","result":{"banner":"220 (vsFTPd 3.0.3)\r\n"},"timestamp":"2018-04-06T19:37:52Z"}}} diff --git a/schemas/testdata/http-http.json b/schemas/testdata/http-http.json new file mode 100644 index 0000000..e49c46b --- /dev/null +++ b/schemas/testdata/http-http.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"http":{"status":"success","protocol":"http","result":{"response":{"status_line":"200 OK","status_code":200,"protocol":{"name":"HTTP/1.1","major":1,"minor":1},"headers":{"accept_ranges":["bytes"],"content_length":["36"],"content_type":["text/html"],"last_modified":["Fri, 09 Feb 2018 20:18:50 GMT"],"server":["lighttpd/1.4.35"],"unknown":[{"key":"etag","value":["\"2262550883\""]},{"key":"date","value":["Fri, 06 Apr 2018 19:38:09 GMT"]}]},"body":"\u003chtml\u003e\u003cbody\u003eHTTP INDEX\u003c/body\u003e\u003c/html\u003e","body_sha256":"c11fdc020dbb3150da741f51dcf0423c5ce93a798e91bd5c1957ea7299f4e103","content_length":36,"request":{"url":{"scheme":"http","host":"target","path":"/"},"method":"GET","headers":{"unknown":[{"key":"accept","value":["*/*"]},{"key":"user_agent","value":["Mozilla/5.0 zgrab/0.x"]}]},"host":"target"}}},"timestamp":"2018-04-06T19:38:09Z"}}} diff --git a/schemas/testdata/http-https.json b/schemas/testdata/http-https.json new file mode 100644 index 0000000..e8482fd --- /dev/null +++ b/schemas/testdata/http-https.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"http":{"status":"success","protocol":"http","result":{"response":{"status_line":"200 OK","status_code":200,"protocol":{"name":"HTTP/1.1","major":1,"minor":1},"headers":{"accept_ranges":["bytes"],"content_length":["37"],"content_type":["text/html"],"last_modified":["Fri, 09 Feb 2018 20:18:50 GMT"],"server":["lighttpd/1.4.35"],"unknown":[{"key":"etag","value":["\"2254173155\""]},{"key":"date","value":["Fri, 06 Apr 2018 19:38:12 GMT"]}]},"body":"\u003chtml\u003e\u003cbody\u003eHTTPS INDEX\u003c/body\u003e\u003c/html\u003e","body_sha256":"47fee80facae2c7f4fa8e040d54882ca12011dd5111defd1d93f8289689998af","content_length":37,"request":{"url":{"scheme":"https","host":"target","path":"/"},"method":"GET","headers":{"unknown":[{"key":"accept","value":["*/*"]},{"key":"user_agent","value":["Mozilla/5.0 zgrab/0.x"]}]},"host":"target","tls_log":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"AjF5I1vpJLNxcpUTLcWBDCTNxgr063DI4oKY75tKPxo=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"dMSeQqY9Hke0rxrwb1h+hPRiJbBdhXjzwoHkGYN+MCg=","session_id":"zb3CuUO8U/HeBfw7supIz/QIjQFqBEd61uvyrCu/LYA=","cipher_suite":{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIC9TCCAd2gAwIBAgIJANNZuLQWaJGfMA0GCSqGSIb3DQEBCwUAMBExDzANBgNVBAMMBnRhcmdldDAeFw0xODAyMDkyMDMxNDBaFw0xODAzMTEyMDMxNDBaMBExDzANBgNVBAMMBnRhcmdldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrBcOdu7j4VfH/abTRyx6TdpgivKdlC74fuH1xTlaaM3Su2+jxS/YdNRFJMBjVIW0Pcxl1SCKLYwZZru4fmylIVZLmbtTDlLe4D9Zi3UX3vAkcZjbqNifSnMN5eo8xoVjD0AKvdTOJ/fv2HGDA4Et6VwdrFyjRS/MVW/SRIFnfQuOVI1pdESgNlEIVEEwOrOF3ZFqNuyPyVWD6MEQ+q5vSzizuA8SeTXrKYWvlIzi0cgZLmhlbVtUq96C1HC4MNElz0m8cd5CC3UVn/T64NPx8NVO0ngUMc+xTaV+N8T+tjz9WN2fJOAs6PhUnqTr4Lk0iFjrDjM2NnFzOzg2TqFO0CAwEAAaNQME4wHQYDVR0OBBYEFNGeLgo9n4qYm6Sfq17x2BAiEOLEMB8GA1UdIwQYMBaAFNGeLgo9n4qYm6Sfq17x2BAiEOLEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADSFnhR5wJqNXrzKSIDx1RU7HZGYyvHoGPzbQUq79BTJfu8J/6oFO86lquUbzNK+tskPI8nfGFHo7WXJlDX+yMXoxklsLnJxJN04I1M0VbhBBAD8XfPLWD0xSYbe+bvxXDA/j7eJKqTZQzRtzEAr8JzLEe5rmOQY7vwSVBUFmToLPKqKgTKuDIR7Jm5pYRWZ+VW9tgV+PaZyoX1RFdBoRijAkD1u2AbW0l3+qniysa5n+L36pqgfIu2wJrIY0TVUAI2fRCZJqYzHCmFAgxA/1ZY8z7WTaCeyfBPCeqxe5K03xRneIUbuurJ7dqdcc3H4dv2cCXahH6oCYksMy9a61ic=","parsed":{"version":3,"serial_number":"15229406698539618719","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["target"]},"issuer_dn":"CN=target","validity":{"start":"2018-02-09T20:31:40Z","end":"2018-03-11T20:31:40Z","length":2592000},"subject":{"common_name":["target"]},"subject_dn":"CN=target","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"usFw527uPhV8f9ptNHLHpN2mCK8p2ULvh+4fXFOVpozdK7b6PFL9h01EUkwGNUhbQ9zGXVIIotjBlmu7h+bKUhVkuZu1MOUt7gP1mLdRfe8CRxmNuo2J9Kcw3l6jzGhWMPQAq91M4n9+/YcYMDgS3pXB2sXKNFL8xVb9JEgWd9C45UjWl0RKA2UQhUQTA6s4XdkWo27I/JVYPowRD6rm9LOLO4DxJ5Nespha+UjOLRyBkuaGVtW1Sr3oLUcLgw0SXPSbxx3kILdRWf9Prg0/Hw1U7SeBQxz7FNpX43xP62PP1Y3Z8k4Czo+FSepOvguTSIWOsOMzY2cXM7ODZOoU7Q==","length":2048},"fingerprint_sha256":"98e8d28229dced7a034aa112a6e7b49671da5c0ac7a10bd74d92d3a98ac2ea35"},"extensions":{"basic_constraints":{"is_ca":true},"authority_key_id":"d19e2e0a3d9f8a989ba49fab5ef1d8102210e2c4","subject_key_id":"d19e2e0a3d9f8a989ba49fab5ef1d8102210e2c4"},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"NIWeFHnAmo1evMpIgPHVFTsdkZjK8egY/NtBSrv0FMl+7wn/qgU7zqWq5RvM0r62yQ8jyd8YUejtZcmUNf7IxejGSWwucnEk3TgjUzRVuEEEAPxd88tYPTFJht75u/FcMD+Pt4kqpNlDNG3MQCvwnMsR7muY5Bju/BJUFQWZOgs8qoqBMq4MhHsmbmlhFZn5Vb22BX49pnKhfVEV0GhGKMCQPW7YBtbSXf6qeLKxrmf4vfqmqB8i7bAmshjRNVQAjZ9EJkmpjMcKYUCDED/VljzPtZNoJ7J8E8J6rF7krTfFGd4hRu66snt2p1xzcfh2/ZwJdqEfqgJiSwzL1rrWJw==","valid":true,"self_signed":true},"fingerprint_md5":"f3ba118b98798e4564f21193555c531c","fingerprint_sha1":"c01879102500381394bd392ef771b0da1837e286","fingerprint_sha256":"fe01d8aaa47e75e281f404ab5e60c3e73da4747b02e558c238cc77cf023586fd","tbs_noct_fingerprint":"6e9e5b0df1c5e70a671f6534f7f7cf8db7a802511cf135226b1147811ee8e741","spki_subject_fingerprint":"2874e9c1bac5733f9e37f681c1f633e6d359b90bdc1adc27e7bb1a86d07f3cca","tbs_fingerprint":"6e9e5b0df1c5e70a671f6534f7f7cf8db7a802511cf135226b1147811ee8e741","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: unknown error"}},"server_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"server_public":{"x":{"value":"3jMjWx6Ojp+szKaRY2LOiFAuwkViiMZuxMitbiTlNmY=","length":256},"y":{"value":"AWbqYory04W+5a7S4RdKqJeyNAoLg6iDbsIiola4000=","length":256}}},"digest":"u7fyKJ3CYWILwsiEw+Hl3msSgNodUVaqRc7bEmIi6X0=","signature":{"raw":"pqYbYjlq4u0+vXhiV2N4WzIAKcEG2pYxOGv0KD3Yzbom5bQND4kv8Rlxmfpoc7fOxdXMC1lBlwUJHhBmPdlKkWLzY/FARgvYfowjtGtabI8KXGJUQwDHM1CweFY67aYgSwsx8OQRmM8SZpzCUWALyyXnh0y5kBxDpQpfoOAP0i4M4/SXSn+OFKQc8UO5U2DXT7WlY21j7Cy7GrUNzvnxl6QhaX2Xth0/XqmSUH6kidMMQSaWiXMdhmd+p4t6lLN7M0seKoRDh9Xn90op9lpMA/IUj0cLLgPwr51W0KM3Q/9+o40RYHBTUTzWVDbSZ23Ll+hiVPhAx075gVgstuc7CA==","type":"rsa","valid":true,"signature_and_hash_type":{"signature_algorithm":"rsa","hash_algorithm":"sha256"},"tls_version":{"name":"TLSv1.2","value":771}}},"client_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"client_public":{"x":{"value":"Z4+yYQNxZTwJbhjYz/DwXSnmKDxYsvW+4YnvGjENgTE=","length":256},"y":{"value":"Mbo6qUy1f1PXYJVWKAH5UD+t1Gp/s8qLqisXh+N1EOY=","length":256}},"client_private":{"value":"3M3boAJRnzz8Yr0Fm2278QStl266TQcrkcQR6/AlkCM=","length":32}}},"client_finished":{"verify_data":"ZGgKeawwlERdftFo"},"server_finished":{"verify_data":"U68jL0a/eBkITI8p"},"key_material":{"master_secret":{"value":"CrqPz5R6iSKpsi93OYx+5NmszFrllORjEzzC2BRtK0Xh65aB2c4Q3MAMrYmX4JdB","length":48},"pre_master_secret":{"value":"npMHqER1PeoTCHAV74VtIJWHSbdOLwnW+nwNQ55TXWA=","length":32}}}}}}},"timestamp":"2018-04-06T19:38:11Z"}}} diff --git a/schemas/testdata/mssql-2017-linux.json b/schemas/testdata/mssql-2017-linux.json new file mode 100644 index 0000000..4876ac6 --- /dev/null +++ b/schemas/testdata/mssql-2017-linux.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"mssql":{"status":"success","protocol":"mssql","result":{"version":"14.0.3015","instance_name":"\u0000","prelogin_options":{"version":{"major":14,"minor":0,"build_number":3015},"encrypt_mode":"ENCRYPT_ON","mars":0},"tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"ViDl+IDE2mFGU2i97bN3NcNQ+H6eQZo0g5b7t38gbnQ=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"mVCabRunvboFmN5DomMOAQwxYGg/McJbo/+BjD1+s2Q=","session_id":"6xgAhJFgNHANbVyYlQkOO5u4iOkZ4++ZSva5gjR5eMA=","cipher_suite":{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIICwTCCAakCCD8klBUEcBs0MA0GCSqGSIb3DQEBCwUAMCMxITAfBgNVBAMMGFNTTF9TZWxmX1NpZ25lZF9GYWxsYmFjazAeFw0xODA0MDYxOTM4MjRaFw00ODA0MDYxOTM4MjRaMCMxITAfBgNVBAMMGFNTTF9TZWxmX1NpZ25lZF9GYWxsYmFjazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLy++M3VaGjVUrEmKsQMPOHzp+kvgQVwR0GmSUAgYv0BatmPtRVG7VyaNOKY4veO6p5dQaiGGh0M42OgW5YEJ7G4IdwuT9jSRmWGc9OqecPyVVPSeMhu9C9BOhhpRx52taGm3ofbyukgoTbRq8OTpXbvjdZOUXi7akIUmTME5ctusB7avvRu8rlDym48Che0FuITxfdnEsZAJxkdDh0D0vENXikF916wM8uLub7wGLGm+1/dKwL2Jcps2WR27XmXGWzoITt7GdUAq8pCH0ObxK4neg3YmOw236YDGIm1gaI9zYDKKimzA+XDxHN9qlAZb6P/IcmGV7NsaWCADrQlcUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgLGlGnIyHFYr7Q3ioTKhrGt1lOt9Oa5o8WWFFWSZOy0g+A56BtIWtbXCQcJhhQzvS/nQWNlJPGO5kWGtdzTxn4bIb5XIm9HxaF+p0RaxdRt317K103fkSqBB9gWgUBoPtvEHhJxtX14NLAKTiU9/5vmaCcX1r5l4EBvFU4zDXJ48H5+UPDx4+EmM+0vTjxgqd2HHAdNsb5vFcdC5YW9kXy09X3JBh50UmW80gsQI241Jo62yAvsRLVsvds99GBVUtCvBLQnSbW8ODP26dfEd853q2/0P0nBqy8jFqGGloE45M4nv7iwEewgxkQGRD9CazGPkumXBkUsWRJ4Zj2synw==","parsed":{"version":1,"serial_number":"4549924341540723508","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["SSL_Self_Signed_Fallback"]},"issuer_dn":"CN=SSL_Self_Signed_Fallback","validity":{"start":"2018-04-06T19:38:24Z","end":"2048-04-06T19:38:24Z","length":946771200},"subject":{"common_name":["SSL_Self_Signed_Fallback"]},"subject_dn":"CN=SSL_Self_Signed_Fallback","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"ovL74zdVoaNVSsSYqxAw84fOn6S+BBXBHQaZJQCBi/QFq2Y+1FUbtXJo04pji947qnl1BqIYaHQzjY6BblgQnsbgh3C5P2NJGZYZz06p5w/JVU9J4yG70L0E6GGlHHna1oabeh9vK6SChNtGrw5Oldu+N1k5ReLtqQhSZMwTly26wHtq+9G7yuUPKbjwKF7QW4hPF92cSxkAnGR0OHQPS8Q1eKQX3XrAzy4u5vvAYsab7X90rAvYlymzZZHbteZcZbOghO3sZ1QCrykIfQ5vErid6DdiY7DbfpgMYibWBoj3NgMoqKbMD5cPEc32qUBlvo/8hyYZXs2xpYIAOtCVxQ==","length":2048},"fingerprint_sha256":"4ad98c59dbbc34669c750fc4a9e7654db840ee6e3f7ab8213cfe03a3f06461c4"},"extensions":{},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"gLGlGnIyHFYr7Q3ioTKhrGt1lOt9Oa5o8WWFFWSZOy0g+A56BtIWtbXCQcJhhQzvS/nQWNlJPGO5kWGtdzTxn4bIb5XIm9HxaF+p0RaxdRt317K103fkSqBB9gWgUBoPtvEHhJxtX14NLAKTiU9/5vmaCcX1r5l4EBvFU4zDXJ48H5+UPDx4+EmM+0vTjxgqd2HHAdNsb5vFcdC5YW9kXy09X3JBh50UmW80gsQI241Jo62yAvsRLVsvds99GBVUtCvBLQnSbW8ODP26dfEd853q2/0P0nBqy8jFqGGloE45M4nv7iwEewgxkQGRD9CazGPkumXBkUsWRJ4Zj2synw==","valid":true,"self_signed":true},"fingerprint_md5":"173792f7e978c676ddd2ca258376476d","fingerprint_sha1":"e2761e528628538b85defc6945dcf40b1d14bd26","fingerprint_sha256":"8d46aea7c0f554a952644ef5cc437047de6db06ee8678854eb942b2f29aa2aa5","tbs_noct_fingerprint":"d5620279737bdcb4cefc630b44a2f15da98acff8a490037566a101b8c1c6475c","spki_subject_fingerprint":"8b9fcf9eacb6d8eccf763d240fb620b52f0081f3e9ba958ac33a5171e223f551","tbs_fingerprint":"9f73e2761e8d67bee272e292937a04930d4a38ac9e37bf4cef30ff53259444d1","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: unknown error"}},"server_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"server_public":{"x":{"value":"j8PgR+V9zMUyQHRlJqjlySGm6UUPAi23Lv/nH8DgpfQ=","length":256},"y":{"value":"xCDVUj3SbuV/BdM7ZCl1HaG64SmYraHgQEyErV+icFM=","length":256}}},"digest":"+tG4lvKbabEyT1SbROkkoLAaAeANEF7ytLigKsDJvO0=","signature":{"raw":"E/Zts5IPzYaQJP/9ycpx2HLzpGE8CA1+F4FrZ+eBWioUtmSZcB2AIim+UEeb+bgM/8ieQBN0yTX2xrEuTXIPwkOH8sdszXqTjJ+tAfJnW3ojMDaeZy3Db0LoS8ZjW97Ul7YT504nLYusj77JfSfxf6+isOFl2jyHUBIBvzn/OQXpS4uUyvIkKWbydYeR1SHUmfX2yuc3cGD0pwbgTlWaBDsBzHrNNFRWwev9jtb23SBbGVTdU8jF0dDFfNnnsXdiaGaoKx1hjld23nKdfNlLlQof5JWB6AAvZTSBMWs1PfgKDZueHXpNciNz0+CP61XYc2RjpQnWsfMj+bypoLSPJg==","type":"rsa","valid":true,"signature_and_hash_type":{"signature_algorithm":"rsa","hash_algorithm":"sha256"},"tls_version":{"name":"TLSv1.2","value":771}}},"client_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"client_public":{"x":{"value":"IoDADqxuMHJjy0Bbg/Cw7623cAL41oo+iH+zOekbfQY=","length":256},"y":{"value":"B+qU5f2WPy4IzFAU5AAkuYATGWNP095MOdd52jets3s=","length":256}},"client_private":{"value":"J7A7ChBAsSSrKF2+cpL21ouDH08HWWHOjq6hX4fy0FQ=","length":32}}},"client_finished":{"verify_data":"Ug80If9YiBZgfXzD"},"server_finished":{"verify_data":"s7nCmiMOuL9EKwSO"},"key_material":{"master_secret":{"value":"GyG/0GQl61/g4YIgP1cauxdKOvV29OmWSSY1zX2nfyuerc1lI7es2VPtvXwkK2Bf","length":48},"pre_master_secret":{"value":"+I7y/YZ8L1UWJjNkZvH2NThBQxLsUlZka1O1fQzcnZg=","length":32}}}}},"timestamp":"2018-04-06T19:38:28Z"}}} diff --git a/schemas/testdata/mysql-5.5.json b/schemas/testdata/mysql-5.5.json new file mode 100644 index 0000000..82f24bb --- /dev/null +++ b/schemas/testdata/mysql-5.5.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"mysql":{"status":"success","protocol":"mysql","result":{"protocol_version":10,"server_version":"5.5.58","connection_id":1,"auth_plugin_data":"aWZFZlJGRm97PVove0FuJ3Q4VzAA","character_set":8,"status_flags":{"SERVER_STATUS_AUTOCOMMIT":true},"capability_flags":{"CLIENT_COMPRESS":true,"CLIENT_CONNECT_WITH_DB":true,"CLIENT_FOUND_ROWS":true,"CLIENT_IGNORE_SIGPIPE":true,"CLIENT_IGNORE_SPACE":true,"CLIENT_INTERACTIVE":true,"CLIENT_LOCAL_FILES":true,"CLIENT_LONG_FLAG":true,"CLIENT_LONG_PASSWORD":true,"CLIENT_MULTI_RESULTS":true,"CLIENT_MULTI_STATEMENTS":true,"CLIENT_NO_SCHEMA":true,"CLIENT_ODBC":true,"CLIENT_PLUGIN_AUTH":true,"CLIENT_PROTOCOL_41":true,"CLIENT_PS_MULTI_RESULTS":true,"CLIENT_RESERVED":true,"CLIENT_SECURE_CONNECTION":true,"CLIENT_TRANSACTIONS":true},"auth_plugin_name":"mysql_native_password","raw_packets":["CjUuNS41OAABAAAAaWZFZlJGRm8A//cIAgAPgBUAAAAAAAAAAAAAez1aL3tBbid0OFcwAG15c3FsX25hdGl2ZV9wYXNzd29yZAA="]},"timestamp":"2018-04-06T19:39:14Z"}}} diff --git a/schemas/testdata/mysql-5.6.json b/schemas/testdata/mysql-5.6.json new file mode 100644 index 0000000..0f21eac --- /dev/null +++ b/schemas/testdata/mysql-5.6.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"mysql":{"status":"success","protocol":"mysql","result":{"protocol_version":10,"server_version":"5.6.38","connection_id":1,"auth_plugin_data":"MEtmQVJZRzkoWGZ4SkdmSyd6WCYA","character_set":8,"status_flags":{"SERVER_STATUS_AUTOCOMMIT":true},"capability_flags":{"CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS":true,"CLIENT_COMPRESS":true,"CLIENT_CONNECT_ATTRS":true,"CLIENT_CONNECT_WITH_DB":true,"CLIENT_FOUND_ROWS":true,"CLIENT_IGNORE_SIGPIPE":true,"CLIENT_IGNORE_SPACE":true,"CLIENT_INTERACTIVE":true,"CLIENT_LOCAL_FILES":true,"CLIENT_LONG_FLAG":true,"CLIENT_LONG_PASSWORD":true,"CLIENT_MULTI_RESULTS":true,"CLIENT_MULTI_STATEMENTS":true,"CLIENT_NO_SCHEMA":true,"CLIENT_ODBC":true,"CLIENT_PLUGIN_AUTH":true,"CLIENT_PLUGIN_AUTH_LEN_ENC_CLIENT_DATA":true,"CLIENT_PROTOCOL_41":true,"CLIENT_PS_MULTI_RESULTS":true,"CLIENT_RESERVED":true,"CLIENT_SECURE_CONNECTION":true,"CLIENT_TRANSACTIONS":true},"auth_plugin_name":"mysql_native_password","raw_packets":["CjUuNi4zOAABAAAAMEtmQVJZRzkA//cIAgB/gBUAAAAAAAAAAAAAKFhmeEpHZksnelgmAG15c3FsX25hdGl2ZV9wYXNzd29yZAA="]},"timestamp":"2018-04-06T19:39:16Z"}}} diff --git a/schemas/testdata/mysql-5.7.json b/schemas/testdata/mysql-5.7.json new file mode 100644 index 0000000..4f6b145 --- /dev/null +++ b/schemas/testdata/mysql-5.7.json @@ -0,0 +1 @@ +{"ip":"172.17.0.5","domain":"target","data":{"mysql":{"status":"success","protocol":"mysql","result":{"protocol_version":10,"server_version":"5.7.20","connection_id":3,"auth_plugin_data":"WGB4GiNwfQZlFWxsZEVENR9EChAA","character_set":8,"status_flags":{"SERVER_STATUS_AUTOCOMMIT":true},"capability_flags":{"CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS":true,"CLIENT_COMPRESS":true,"CLIENT_CONNECT_ATTRS":true,"CLIENT_CONNECT_WITH_DB":true,"CLIENT_DEPRECATED_EOF":true,"CLIENT_FOUND_ROWS":true,"CLIENT_IGNORE_SIGPIPE":true,"CLIENT_IGNORE_SPACE":true,"CLIENT_INTERACTIVE":true,"CLIENT_LOCAL_FILES":true,"CLIENT_LONG_FLAG":true,"CLIENT_LONG_PASSWORD":true,"CLIENT_MULTI_RESULTS":true,"CLIENT_MULTI_STATEMENTS":true,"CLIENT_NO_SCHEMA":true,"CLIENT_ODBC":true,"CLIENT_PLUGIN_AUTH":true,"CLIENT_PLUGIN_AUTH_LEN_ENC_CLIENT_DATA":true,"CLIENT_PROTOCOL_41":true,"CLIENT_PS_MULTI_RESULTS":true,"CLIENT_RESERVED":true,"CLIENT_SECURE_CONNECTION":true,"CLIENT_SESSION_TRACK":true,"CLIENT_SSL":true,"CLIENT_TRANSACTIONS":true},"auth_plugin_name":"mysql_native_password","raw_packets":["CjUuNy4yMAADAAAAWGB4GiNwfQYA//8IAgD/wRUAAAAAAAAAAAAAZRVsbGRFRDUfRAoQAG15c3FsX25hdGl2ZV9wYXNzd29yZAA=","AAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="],"tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"aYDR2gD0E1ekH1b+Y6e/LEuNG4RZ/zKE0w2Eb45A1rw=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.1","value":770},"random":"EZu2axWHEbeJBEreRt5tcQ2CYMmDMY8XNiwVw63wTRs=","session_id":"Dr9LIsnsqf+JQpT4VPtnMYtNCAHHsZWMiSdE6sLLb+4=","cipher_suite":{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":false,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNRTF9TZXJ2ZXJfNS43LjIwX0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4XDTE4MDQwNjE5Mzg1NloXDTI4MDQwMzE5Mzg1NlowQDE+MDwGA1UEAww1TXlTUUxfU2VydmVyXzUuNy4yMF9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIb/FjcnsMp0Wsj3jyv0gtZH5denUQg22v/hjqf2Cn6GY0PuAPWqGuB80MViQKj3uIMbVfh4yHm48LSyYNWaIm24FQqdF9fb4dSPosL3H10mmTY5h97ZOPFSMXda9KcZmP4SzF8kMGpsSJ1dnrEWrdTJQMDoCx17GpSvDCAGNulQiQiV08tK8x/o89K1x/Nm3EIKbYHR/U2WCfoxciYA+GZyZFXe1E2lOqZT23RaWWT15hbjXodBXgUsfiO2tO2D8gqafXkoleJZf1Y4qFLZE3KLnDaZrG2T+OYEO7wWjR6tKdHFPtzHPzjZgGCO+c4JyXUuBLwWa/y0VXXe2GRzKLAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAI0nGNFVx2g6j+a8bteuYR3XXUgnOiGNyrL9msh2G/MKkJmvtRFP09nI3n/cde/ba1vmKoqaYpVxexXT9HMqOI0KHC58YVG13X5+MhDwzi8jkxprYLGoUGUGh5vxehUyk4f+szhe3LjCGrXgS2Tsjec6nqDjRsrB3c7LBMdc8zjeckrLJh0w6SmX9l0AYm0jMQ/kduGFuTrzd1uqDWOdlw8uUCTCADr1FGSFJNyMYvWLCpGzlgObikhc31e4b00FgnSgP3pSEYEHvBVbtcLX2E1DXVnPUqoeOJbyNrlxERFm4+2HovgzahcOpjgn0pJhMgkhXUx4uhMmhsfvKHlYuTE=","parsed":{"version":3,"serial_number":"2","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["MySQL_Server_5.7.20_Auto_Generated_CA_Certificate"]},"issuer_dn":"CN=MySQL_Server_5.7.20_Auto_Generated_CA_Certificate","validity":{"start":"2018-04-06T19:38:56Z","end":"2028-04-03T19:38:56Z","length":315360000},"subject":{"common_name":["MySQL_Server_5.7.20_Auto_Generated_Server_Certificate"]},"subject_dn":"CN=MySQL_Server_5.7.20_Auto_Generated_Server_Certificate","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"yG/xY3J7DKdFrI948r9ILWR+XXp1EINtr/4Y6n9gp+hmND7gD1qhrgfNDFYkCo97iDG1X4eMh5uPC0smDVmiJtuBUKnRfX2+HUj6LC9x9dJpk2OYfe2TjxUjF3WvSnGZj+EsxfJDBqbEidXZ6xFq3UyUDA6AsdexqUrwwgBjbpUIkIldPLSvMf6PPStcfzZtxCCm2B0f1Nlgn6MXImAPhmcmRV3tRNpTqmU9t0Wllk9eYW416HQV4FLH4jtrTtg/IKmn15KJXiWX9WOKhS2RNyi5w2maxtk/jmBDu8Fo0erSnRxT7cxz842YBgjvnOCcl1LgS8Fmv8tFV13thkcyiw==","length":2048},"fingerprint_sha256":"1517542281d9794ed25fe230586feb344d4d80929210f27c3e5b4311c815ff2a"},"extensions":{"basic_constraints":{"is_ca":false}},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"jScY0VXHaDqP5rxu165hHdddSCc6IY3Ksv2ayHYb8wqQma+1EU/T2cjef9x179trW+YqippilXF7FdP0cyo4jQocLnxhUbXdfn4yEPDOLyOTGmtgsahQZQaHm/F6FTKTh/6zOF7cuMIateBLZOyN5zqeoONGysHdzssEx1zzON5ySssmHTDpKZf2XQBibSMxD+R24YW5OvN3W6oNY52XDy5QJMIAOvUUZIUk3Ixi9YsKkbOWA5uKSFzfV7hvTQWCdKA/elIRgQe8FVu1wtfYTUNdWc9Sqh44lvI2uXEREWbj7Yei+DNqFw6mOCfSkmEyCSFdTHi6EyaGx+8oeVi5MQ==","valid":false,"self_signed":false},"fingerprint_md5":"28f05a7562bee8289610ce0a36e68db8","fingerprint_sha1":"73cc526422d9224ef4979a31e9c7d26938e291dc","fingerprint_sha256":"9fc0455b75110b48ef383c153b03dac66698c4a5637e2dd3af89cd99c19e3119","tbs_noct_fingerprint":"2c6e1f3d256c004f3ed80de77898d8d988382966aa004706926950edb6179e82","spki_subject_fingerprint":"448afe1dfd39955c0d86afcf32be8c8d101e9fca30823f9ad96efc0d32c476c6","tbs_fingerprint":"2c6e1f3d256c004f3ed80de77898d8d988382966aa004706926950edb6179e82","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: certificate signed by unknown authority"}},"client_key_exchange":{"rsa_params":{"length":256,"encrypted_pre_master_secret":"D1Db/mcQBgGi97FUlKvF/nlSgDNEKwp904JkFHsvx0J1GIkZgIXM6FFVRYP8N3V/TiIRvnorhwrVIu5LbxBgyeAtOZHHGwYhicufSIy0VfT+Ta4mEThZsQ5f8t1QGRJNtrg2J9Vy+nYb+7o/laL/F1dmYrh4B+eE5dNkytYnF4e5f7lomj6HAoOLRPccL8wodqZOJc4iRCLWAI/Rwg5LC5gFmejTKdWLu1fJAyuN07sGWV9TkHb9kLe9tSgF98ZxCUQjVshs/+xecXU/r+kRaPehvOgtkubq63yuws144/NbtIrmrQ6BbTOutQgKn3vuMQVXni6GjNwhNtHwyOTtxg=="}},"client_finished":{"verify_data":"W6xc73QVTwUHq2Xw"},"server_finished":{"verify_data":"kx5Hm1nNTTOzI9UD"},"key_material":{"master_secret":{"value":"Fg1x01adBw5uel4Ea5WrGMP90sTBkUXWiMgL/e83xoiq40lHMNXXXdB/+dPKYL6A","length":48},"pre_master_secret":{"value":"AwPqMDItr+tRt2jaRtnER+/7MUl7WoEXze8/p+aopi+TExVSwkd6cmMGYHLvfmkt","length":48}}}}},"timestamp":"2018-04-06T19:39:18Z"}}} diff --git a/schemas/testdata/mysql-8.0.json b/schemas/testdata/mysql-8.0.json new file mode 100644 index 0000000..0599c35 --- /dev/null +++ b/schemas/testdata/mysql-8.0.json @@ -0,0 +1 @@ +{"ip":"172.17.0.6","domain":"target","data":{"mysql":{"status":"success","protocol":"mysql","result":{"protocol_version":10,"server_version":"8.0.3-rc-log","connection_id":7,"auth_plugin_data":"DVF8blkrXmMhDGtsfGpnKktjZXYA","character_set":255,"status_flags":{"SERVER_STATUS_AUTOCOMMIT":true},"capability_flags":{"CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS":true,"CLIENT_COMPRESS":true,"CLIENT_CONNECT_ATTRS":true,"CLIENT_CONNECT_WITH_DB":true,"CLIENT_DEPRECATED_EOF":true,"CLIENT_FOUND_ROWS":true,"CLIENT_IGNORE_SIGPIPE":true,"CLIENT_IGNORE_SPACE":true,"CLIENT_INTERACTIVE":true,"CLIENT_LOCAL_FILES":true,"CLIENT_LONG_FLAG":true,"CLIENT_LONG_PASSWORD":true,"CLIENT_MULTI_RESULTS":true,"CLIENT_MULTI_STATEMENTS":true,"CLIENT_NO_SCHEMA":true,"CLIENT_ODBC":true,"CLIENT_PLUGIN_AUTH":true,"CLIENT_PLUGIN_AUTH_LEN_ENC_CLIENT_DATA":true,"CLIENT_PROTOCOL_41":true,"CLIENT_PS_MULTI_RESULTS":true,"CLIENT_RESERVED":true,"CLIENT_SECURE_CONNECTION":true,"CLIENT_SESSION_TRACK":true,"CLIENT_SSL":true,"CLIENT_TRANSACTIONS":true},"auth_plugin_name":"mysql_native_password","raw_packets":["CjguMC4zLXJjLWxvZwAHAAAADVF8blkrXmMA////AgD/wxUAAAAAAAAAAAAAIQxrbHxqZypLY2V2AG15c3FsX25hdGl2ZV9wYXNzd29yZAA=","AAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="],"tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"KJcxPBLDo7oaW/YLbt9uaZL041xHWzZKdMrdvpWeHv0=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.1","value":770},"random":"M927eU55slCwGcXvYslXwik3G9kmJgG3/6NOySjUhoc=","session_id":"+5EDTNoHyaYdE2j2LeI1untuohgQeoJh33UV/8l0GHs=","cipher_suite":{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":false,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIC9DCCAdwCAQIwDQYJKoZIhvcNAQELBQAwPjE8MDoGA1UEAwwzTXlTUUxfU2VydmVyXzguMC4zLXJjX0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4XDTE4MDQwNjE5Mzg1OFoXDTI4MDQwMzE5Mzg1OFowQjFAMD4GA1UEAww3TXlTUUxfU2VydmVyXzguMC4zLXJjX0F1dG9fR2VuZXJhdGVkX1NlcnZlcl9DZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/L2eIPA7MsyZtUr3lY4o18VGSUIlUH+7nFbVfl3cgL0lOdRPONqXdc2fyiURag8VJ3f3TCQZmzxUPP0wcUMnAvj4oQvIBxjMUCBff51GkwX56qc0QHX83Cx0W0hQwtnjeqDIClEZuTEmbSMOUn3lVynqq+IjPud1L/3SZ478GqTZWk9dk9qVnRkdUXWJk4809Lj5QY6saYdr8JpgQ0yqw0O+E+6pnQDjYFtX+sZB94Mk4zDpuT4VcXCrKbQDihipau0YG1KCvukE7Up595IegbV2I51ruIFu7wJ4jKGajyaOer6HPYLJowfDJ5HJKjwuZ+twwJCUsXc4e5HMImxoMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdDks+PoOgc03PWcw5A0PdJUtlGS/IgfJn2TQF5thLa0JxVS/QfYHuFeo+T/rhnYgvWQ/LNqWuwR7b5tvurriDx3wPie5TbRPqiLEt/TeT+WQHouqPUny3zbbES1fgqYmWoYroY2dWT22iYdi1arXoDvVdETGd34GC7g2EQKRvMFkIpXmkLCTr0t57DDoYnraJTAkLx2ePTdCIASLwaDvD8heanRRRyR5XAZAwS/l/euLX9gdxQFDTYEFWcghp5pPPXUvalkPpwe5lx+zG9Uvd+CzcEh8gMHyZItKtt+cYVEnMrcUe7HbefnLUA+RxfjkWZMl87slGxQft+bwux4gbg==","parsed":{"version":1,"serial_number":"2","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["MySQL_Server_8.0.3-rc_Auto_Generated_CA_Certificate"]},"issuer_dn":"CN=MySQL_Server_8.0.3-rc_Auto_Generated_CA_Certificate","validity":{"start":"2018-04-06T19:38:58Z","end":"2028-04-03T19:38:58Z","length":315360000},"subject":{"common_name":["MySQL_Server_8.0.3-rc_Auto_Generated_Server_Certificate"]},"subject_dn":"CN=MySQL_Server_8.0.3-rc_Auto_Generated_Server_Certificate","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"v8vZ4g8DsyzJm1SveVjijXxUZJQiVQf7ucVtV+XdyAvSU51E842pd1zZ/KJRFqDxUnd/dMJBmbPFQ8/TBxQycC+PihC8gHGMxQIF9/nUaTBfnqpzRAdfzcLHRbSFDC2eN6oMgKURm5MSZtIw5SfeVXKeqr4iM+53Uv/dJnjvwapNlaT12T2pWdGR1RdYmTjzT0uPlBjqxph2vwmmBDTKrDQ74T7qmdAONgW1f6xkH3gyTjMOm5PhVxcKsptAOKGKlq7RgbUoK+6QTtSnn3kh6BtXYjnWu4gW7vAniMoZqPJo56voc9gsmjB8MnkckqPC5n63DAkJSxdzh7kcwibGgw==","length":2048},"fingerprint_sha256":"542d60626e0e2c3776967c38d98b157518b33da2fa104588d1e122e7c5f8a3bd"},"extensions":{},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"dDks+PoOgc03PWcw5A0PdJUtlGS/IgfJn2TQF5thLa0JxVS/QfYHuFeo+T/rhnYgvWQ/LNqWuwR7b5tvurriDx3wPie5TbRPqiLEt/TeT+WQHouqPUny3zbbES1fgqYmWoYroY2dWT22iYdi1arXoDvVdETGd34GC7g2EQKRvMFkIpXmkLCTr0t57DDoYnraJTAkLx2ePTdCIASLwaDvD8heanRRRyR5XAZAwS/l/euLX9gdxQFDTYEFWcghp5pPPXUvalkPpwe5lx+zG9Uvd+CzcEh8gMHyZItKtt+cYVEnMrcUe7HbefnLUA+RxfjkWZMl87slGxQft+bwux4gbg==","valid":false,"self_signed":false},"fingerprint_md5":"a459f5519f742b3700b0ea1350b2900f","fingerprint_sha1":"0d477fa7d961c7d7d31bfd5c826ab44361675e8e","fingerprint_sha256":"1956f3e8a68bfdda8ec648e7c6ed14063d6b7ad1cd4afe9f3251b8c98150a066","tbs_noct_fingerprint":"adfed920fe1b5ffb74cc5fc3c42bf1576c859bd43f36a550384cc0c80e39ea2d","spki_subject_fingerprint":"196f5e06afbc065fe6afaed1f56713c6b7b964d96b9e79b0a99920e0870ab20b","tbs_fingerprint":"149dfacadd7ab106f40b5e5ac5bfb654d4eba2e327dc9fc450f0f96ac6a0fc9d","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: certificate signed by unknown authority"}},"client_key_exchange":{"rsa_params":{"length":256,"encrypted_pre_master_secret":"CX/+eARM5h3xUSZYF0EojgAZ+/phXZ+BcAOI+DWa6LAdf/xVw2G/0DihXygnAs2vNjJwAWLFgD50PJtjWRNEKTMe5YvA7jopEufhKJh+KdnakmCKSau3lQQtvdmK3rv5kBlYser0RIim//rLTKVuZAX9hYvO81jpTNLzweC24tWwYU348b3BvrSFgxOEuvEmKEnsKny2NEhrhtIOPgKcEgs9oIB4i8RmzN0avofUo+SxTTvdTdhvC6ySSA/rNOjg1/txhFovz31oM+N7G70b4lGl/Qou8AWItV+ziv6uOUrOo5KUt4FWkLhXTIqcMqpTGX8Km7gXBj2Jx/ViaRm3yg=="}},"client_finished":{"verify_data":"+NA1cTDyC/1PiZfu"},"server_finished":{"verify_data":"J6BtK1pvZin/F+DP"},"key_material":{"master_secret":{"value":"enweB72JdSxEkg+HhaFE5/l9cUvtH9BSF9Lpm/tCg4tUPL69d8Om84AY/1PhypTw","length":48},"pre_master_secret":{"value":"AwOAcdpFcaJAeVkwJDwFOUDrbeuN/6bpYls2mm5jnBhL6zjyILBWVSuZ1BB5qBiD","length":48}}}}},"timestamp":"2018-04-06T19:39:21Z"}}} diff --git a/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST.json b/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST.json new file mode 100644 index 0000000..74120bd --- /dev/null +++ b/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"ntp":{"status":"success","protocol":"ntp","result":{"version":3,"time":"2018-04-06T19:39:54.40363944Z","time_response":{"leap_indicator":3,"version":3,"mode":4,"stratum":0,"poll":3,"precision":-22,"root_delay":{"seconds":0,"fraction":0},"root_dispersion":{"seconds":0,"fraction":16},"reference_id":"SU5JVA==","reference_timestamp":{"seconds":0,"fraction":0},"origin_timestamp":{"seconds":0,"fraction":0},"receive_timestamp":{"seconds":3732032394,"fraction":1733618196},"transmit_timestamp":{"seconds":3732032394,"fraction":1738320156}},"monlist_response":"AAAAAgAAAAAAAAAAAAAABKwRAAWlHQMDAAAAAJTbAwMAAAAAAAAAAAAAAAAAAAAA","monlist_header":{"is_response":true,"has_more":false,"version":3,"mode":7,"is_authenticated":false,"sequence_number":0,"implementation_number":"IMPL_XNTPD","request_code":"REQ_MON_GETLIST","error":"INFO_OKAY","num_items":1,"mbz":0,"item_size":48}},"timestamp":"2018-04-06T19:39:54Z"}}} diff --git a/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_1.json b/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_1.json new file mode 100644 index 0000000..a49cfdc --- /dev/null +++ b/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_1.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"ntp":{"status":"success","protocol":"ntp","result":{"version":3,"time":"2018-04-06T19:39:50.515312746Z","time_response":{"leap_indicator":3,"version":3,"mode":4,"stratum":0,"poll":3,"precision":-22,"root_delay":{"seconds":0,"fraction":0},"root_dispersion":{"seconds":0,"fraction":12},"reference_id":"SU5JVA==","reference_timestamp":{"seconds":0,"fraction":0},"origin_timestamp":{"seconds":0,"fraction":0},"receive_timestamp":{"seconds":3732032390,"fraction":2213251392},"transmit_timestamp":{"seconds":3732032390,"fraction":2214061226}},"monlist_response":"AAAAAQAAAAAAAAAAAAAAA6wRAAWsEQAEAAAAAZTbAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA","monlist_header":{"is_response":true,"has_more":false,"version":3,"mode":7,"is_authenticated":false,"sequence_number":0,"implementation_number":"IMPL_XNTPD","request_code":"REQ_MON_GETLIST_1","error":"INFO_OKAY","num_items":1,"mbz":0,"item_size":72}},"timestamp":"2018-04-06T19:39:50Z"}}} diff --git a/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_1_solo.json b/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_1_solo.json new file mode 100644 index 0000000..7861167 --- /dev/null +++ b/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_1_solo.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"ntp":{"status":"success","protocol":"ntp","result":{"monlist_response":"AAAAAgAAAAIAAAAAAAAAA6wRAAWsEQAEAAAAAZTbAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA","monlist_header":{"is_response":true,"has_more":false,"version":3,"mode":7,"is_authenticated":false,"sequence_number":0,"implementation_number":"IMPL_XNTPD","request_code":"REQ_MON_GETLIST_1","error":"INFO_OKAY","num_items":1,"mbz":0,"item_size":72}},"timestamp":"2018-04-06T19:39:52Z"}}} diff --git a/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_solo.json b/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_solo.json new file mode 100644 index 0000000..cd990d3 --- /dev/null +++ b/schemas/testdata/ntp-4.2.6_REQ_MON_GETLIST_solo.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"ntp":{"status":"success","protocol":"ntp","result":{"monlist_response":"AAAAAgAAAAIAAAAAAAAABKwRAAWlHQMDAAAAAJTbAwMAAAAAAAAAAAAAAAAAAAAA","monlist_header":{"is_response":true,"has_more":false,"version":3,"mode":7,"is_authenticated":false,"sequence_number":0,"implementation_number":"IMPL_XNTPD","request_code":"REQ_MON_GETLIST","error":"INFO_OKAY","num_items":1,"mbz":0,"item_size":48}},"timestamp":"2018-04-06T19:39:56Z"}}} diff --git a/schemas/testdata/ntp-4.2.6_monlist.json b/schemas/testdata/ntp-4.2.6_monlist.json new file mode 100644 index 0000000..fc368c1 --- /dev/null +++ b/schemas/testdata/ntp-4.2.6_monlist.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"ntp":{"status":"success","protocol":"ntp","result":{"version":3,"time":"2018-04-06T19:39:48.515473906Z","time_response":{"leap_indicator":3,"version":3,"mode":4,"stratum":0,"poll":3,"precision":-22,"root_delay":{"seconds":0,"fraction":0},"root_dispersion":{"seconds":0,"fraction":10},"reference_id":"SU5JVA==","reference_timestamp":{"seconds":0,"fraction":0},"origin_timestamp":{"seconds":0,"fraction":0},"receive_timestamp":{"seconds":3732032388,"fraction":2213943570},"transmit_timestamp":{"seconds":3732032388,"fraction":2215576491}},"monlist_response":"AAAAAQAAAAAAAAAAAAAAAqwRAAWpLQMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA","monlist_header":{"is_response":true,"has_more":false,"version":3,"mode":7,"is_authenticated":false,"sequence_number":0,"implementation_number":"IMPL_XNTPD","request_code":"REQ_MON_GETLIST","error":"INFO_OKAY","num_items":1,"mbz":0,"item_size":48}},"timestamp":"2018-04-06T19:39:48Z"}}} diff --git a/schemas/testdata/ntp-4.2.6_normal.json b/schemas/testdata/ntp-4.2.6_normal.json new file mode 100644 index 0000000..4bf96cc --- /dev/null +++ b/schemas/testdata/ntp-4.2.6_normal.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"ntp":{"status":"success","protocol":"ntp","result":{"version":3,"time":"2018-04-06T19:39:46.56800099Z","time_response":{"leap_indicator":3,"version":3,"mode":4,"stratum":0,"poll":3,"precision":-22,"root_delay":{"seconds":0,"fraction":0},"root_dispersion":{"seconds":0,"fraction":8},"reference_id":"SU5JVA==","reference_timestamp":{"seconds":0,"fraction":0},"origin_timestamp":{"seconds":0,"fraction":0},"receive_timestamp":{"seconds":3732032386,"fraction":2439545680},"transmit_timestamp":{"seconds":3732032386,"fraction":2441496926}}},"timestamp":"2018-04-06T19:39:46Z"}}} diff --git a/schemas/testdata/ntp-openntp.json b/schemas/testdata/ntp-openntp.json new file mode 100644 index 0000000..54d0125 --- /dev/null +++ b/schemas/testdata/ntp-openntp.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"ntp":{"status":"success","protocol":"ntp","result":{"version":3,"time":"2018-04-06T19:39:39.477943897Z","time_response":{"leap_indicator":3,"version":3,"mode":4,"stratum":0,"poll":0,"precision":-29,"root_delay":{"seconds":0,"fraction":0},"root_dispersion":{"seconds":0,"fraction":0},"reference_id":"AAAAAA==","reference_timestamp":{"seconds":0,"fraction":0},"origin_timestamp":{"seconds":0,"fraction":0},"receive_timestamp":{"seconds":3732032379,"fraction":2052753407},"transmit_timestamp":{"seconds":3732032379,"fraction":2052788223}}},"timestamp":"2018-04-06T19:39:39Z"}}} diff --git a/schemas/testdata/pop3-banner.json b/schemas/testdata/pop3-banner.json new file mode 100644 index 0000000..174c07d --- /dev/null +++ b/schemas/testdata/pop3-banner.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"pop3":{"status":"success","protocol":"pop3","result":{"banner":"+OK\r\n"},"timestamp":"2018-04-06T19:40:08Z"}}} diff --git a/schemas/testdata/pop3-banner.quit.json b/schemas/testdata/pop3-banner.quit.json new file mode 100644 index 0000000..da70f2e --- /dev/null +++ b/schemas/testdata/pop3-banner.quit.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"pop3":{"status":"success","protocol":"pop3","result":{"banner":"+OK\r\n","quit":"+OK\r\n"},"timestamp":"2018-04-06T19:40:10Z"}}} diff --git a/schemas/testdata/pop3-help.banner.quit.json b/schemas/testdata/pop3-help.banner.quit.json new file mode 100644 index 0000000..a018c10 --- /dev/null +++ b/schemas/testdata/pop3-help.banner.quit.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"pop3":{"status":"success","protocol":"pop3","result":{"banner":"+OK\r\n","help":"-ERR\r\n","quit":"+OK\r\n"},"timestamp":"2018-04-06T19:40:12Z"}}} diff --git a/schemas/testdata/pop3-noop.help.banner.quit.json b/schemas/testdata/pop3-noop.help.banner.quit.json new file mode 100644 index 0000000..77a1e14 --- /dev/null +++ b/schemas/testdata/pop3-noop.help.banner.quit.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"pop3":{"status":"success","protocol":"pop3","result":{"banner":"+OK\r\n","noop":"-ERR\r\n","help":"-ERR\r\n","quit":"+OK\r\n"},"timestamp":"2018-04-06T19:40:14Z"}}} diff --git a/schemas/testdata/postgres-10.1-nossl.json b/schemas/testdata/postgres-10.1-nossl.json new file mode 100644 index 0000000..0035820 --- /dev/null +++ b/schemas/testdata/postgres-10.1-nossl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.12","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 2.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"2065","message":"unsupported frontend protocol 255.255: server supports 2.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL","severity_v":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2175","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL","severity_v":"FATAL"},"is_ssl":false},"timestamp":"2018-04-06T19:41:29Z"}}} diff --git a/schemas/testdata/postgres-10.1-ssl.json b/schemas/testdata/postgres-10.1-ssl.json new file mode 100644 index 0000000..6706df1 --- /dev/null +++ b/schemas/testdata/postgres-10.1-ssl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.11","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"kJf8oQmR3eOiv5ryGl0HPZJIQfQbGODMToyvi7A6J1c=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"oVGMZBqZBLeP4jINb86QzwqxOGexEPHY6JJuri5i4XM=","session_id":"","cipher_suite":{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIC/jCCAeagAwIBAgIJAJCR45QltD3NMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA0MDYxOTQwNDdaFw0xODA1MDYxOTQwNDdaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMjhO2YBEHClg4uXpd8Fk2UpKGIcl6UXpG8E8tjKmvGSnicevmiz/siOJN6w0AYUHuYmVsb4JMdlPc3saCvtHSofO9J+e4YkpI1nPZdj83qsAGyM032sjoxhnX/oBF7+GBfm5vVk9k4hzyra78xabqrlNPHBooLzFvFW5HK6SYZdeh5X757BEqbCdtI3/HsOldhRQaKR1TQEwzn4AhZOzi+RuY1n2Z7cRl3ukngpzAgkk2UasOr7V9vPCoJf0b5m3ySZYn9p93Eta44HBjXH07zrCuW/WlnUDLA1yneEtqJbh0ek5YgMdkcCI35iNufoD4pUOF/jde5rAzXcLhjTwssCAwEAAaNTMFEwHQYDVR0OBBYEFNo5c2SKDUlEzyu9h2hRRbLibZeoMB8GA1UdIwQYMBaAFNo5c2SKDUlEzyu9h2hRRbLibZeoMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALKpQKl+VPjQol3V6pVLZT2r5qTbnzydjJKyV5xR4kckMFFwyR1EEH18lNhmqd0Uf7CbbNoFdcHRVy3/de0ulCSYXxXNmZz0BLV2cCbjc1P7mhyt/ymymGkocbqhga36UiMcIibOgyrkT8qlGoq7gwP/5kkwSi06s3WtCp27ysGw+yl7irRPf/qnPQrgxjAotRXJKgpCyYHupuPDiQK6uPaUcqY8pRYuVBCAGctjp9Kkd/uWUxnet2fbRXYrSNz0R3bO4Mf0c177XbE85XuzP5gEondL1PvxDIUCpqNvWa0bGCSgEUsOCCSDyN9+Iuz4DQjro7ycYWEzcgoJUIEXreU=","parsed":{"version":3,"serial_number":"10417357638511902157","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["localhost"]},"issuer_dn":"CN=localhost","validity":{"start":"2018-04-06T19:40:47Z","end":"2018-05-06T19:40:47Z","length":2592000},"subject":{"common_name":["localhost"]},"subject_dn":"CN=localhost","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"yOE7ZgEQcKWDi5el3wWTZSkoYhyXpRekbwTy2Mqa8ZKeJx6+aLP+yI4k3rDQBhQe5iZWxvgkx2U9zexoK+0dKh870n57hiSkjWc9l2PzeqwAbIzTfayOjGGdf+gEXv4YF+bm9WT2TiHPKtrvzFpuquU08cGigvMW8VbkcrpJhl16HlfvnsESpsJ20jf8ew6V2FFBopHVNATDOfgCFk7OL5G5jWfZntxGXe6SeCnMCCSTZRqw6vtX288Kgl/RvmbfJJlif2n3cS1rjgcGNcfTvOsK5b9aWdQMsDXKd4S2oluHR6TliAx2RwIjfmI25+gPilQ4X+N17msDNdwuGNPCyw==","length":2048},"fingerprint_sha256":"95c3c3cfb5c609bb31ca1279cacb717471732ffbf4cbb711267d0f808d596691"},"extensions":{"basic_constraints":{"is_ca":true},"authority_key_id":"da3973648a0d4944cf2bbd87685145b2e26d97a8","subject_key_id":"da3973648a0d4944cf2bbd87685145b2e26d97a8"},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"sqlAqX5U+NCiXdXqlUtlPavmpNufPJ2MkrJXnFHiRyQwUXDJHUQQfXyU2Gap3RR/sJts2gV1wdFXLf917S6UJJhfFc2ZnPQEtXZwJuNzU/uaHK3/KbKYaShxuqGBrfpSIxwiJs6DKuRPyqUairuDA//mSTBKLTqzda0KnbvKwbD7KXuKtE9/+qc9CuDGMCi1FckqCkLJge6m48OJArq49pRypjylFi5UEIAZy2On0qR3+5ZTGd63Z9tFditI3PRHds7gx/RzXvtdsTzle7M/mASid0vU+/EMhQKmo29ZrRsYJKARSw4IJIPI334i7PgNCOujvJxhYTNyCglQgRet5Q==","valid":true,"self_signed":true},"fingerprint_md5":"88d38e83e3feb01625a466f4ab806d55","fingerprint_sha1":"976aa395db150aade84b86397a2aae0089194041","fingerprint_sha256":"c9edabed51588ccb7c9482dfee7db4533a4dea515420a0bf7e8ddaaeb06a62be","tbs_noct_fingerprint":"dd61284cf998f5ce18ff837839cc24f93e927375a5658c6f2461ffaa8eb4312f","spki_subject_fingerprint":"6f31351802dafc9008ec123e06727026b3305c97f934cdc906b32e14a1774239","tbs_fingerprint":"dd61284cf998f5ce18ff837839cc24f93e927375a5658c6f2461ffaa8eb4312f","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: unknown error"}},"server_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"server_public":{"x":{"value":"Nr+9ZViT3b7BTjVzegcmfHXVUgvVnlD0nNSrxQ0T+C0=","length":256},"y":{"value":"d6Vc9JKw9GSzdBpfn1R5wxTy3/ci/nzEta3Z2O4SeAw=","length":256}}},"digest":"knp5WgAZzfEZffHDqdMBfuQfm6DJsrjBTOMD+FYMb7s=","signature":{"raw":"RAwK61bJYvo8Hq34vAgiqkFeRzLRTjUYe273KsSCClQnIiUlAF81xHn0RJblRlV65VgKq2gzIaOYUXA/wZIC5Q2R5BkgqdVT5FqiukTfT4gDKW2pwJ1MlPmbVdr3oFGifFLIOWv7teWeHIbe4WquIQEWrvMkzuaxRPyb3Ute5UVWlmZtII0WHknIYgixC4Ww6hKWlIGKyiNM+3x9SwoBx7NBbeJA37BURsjIwmAM8d6uMZe/JAjNY989Sda3PR4RnIHDukCRr9SWrbxS7w55fq+6tu4tt+ye9cri8rUOnQElLwqPZRFa8Ga/rB24LQq+DXuHdLSB8RKLmso0YbtVig==","type":"rsa","valid":true,"signature_and_hash_type":{"signature_algorithm":"rsa","hash_algorithm":"sha256"},"tls_version":{"name":"TLSv1.2","value":771}}},"client_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"client_public":{"x":{"value":"HO0gyjPH+77iP3vZxBSaoHGlnAc2UEiwkfFIK+RrjeE=","length":256},"y":{"value":"vEp1LgrBikXzs5l7yyYq0VrxGfxaCYJuCwB1YTP8F9Q=","length":256}},"client_private":{"value":"HTKLe1QGe3dEJ915XIreT2XJE4chCUVy4RF9MA7YOes=","length":32}}},"client_finished":{"verify_data":"x+x4xzgD7oHdFDKe"},"server_finished":{"verify_data":"3ioi/MBNUsNGeiYP"},"key_material":{"master_secret":{"value":"vhIVjZlC/PIi8kWi31+oROtOEhEC+zS7T8L+QTPgoyTyjt+XULnm7DenqxIQjTM0","length":48},"pre_master_secret":{"value":"4Qc0BadSjEkx4JR2MBXNm4/tsf8mxW8m6dDWiVH8zOU=","length":32}}}},"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 2.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"2065","message":"unsupported frontend protocol 255.255: server supports 2.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL","severity_v":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2175","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL","severity_v":"FATAL"},"is_ssl":true},"timestamp":"2018-04-06T19:41:25Z"}}} diff --git a/schemas/testdata/postgres-9.3-nossl.json b/schemas/testdata/postgres-9.3-nossl.json new file mode 100644 index 0000000..bdd3660 --- /dev/null +++ b/schemas/testdata/postgres-9.3-nossl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 1.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"1995","message":"unsupported frontend protocol 255.255: server supports 1.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2090","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL"},"is_ssl":false},"timestamp":"2018-04-06T19:41:06Z"}}} diff --git a/schemas/testdata/postgres-9.3-ssl.json b/schemas/testdata/postgres-9.3-ssl.json new file mode 100644 index 0000000..e5ca608 --- /dev/null +++ b/schemas/testdata/postgres-9.3-ssl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"RYWbMSrvburzNCh5VB+xFE3nuC/4D35URtocZl3fjk4=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"5c2KHwsAgHMcHrmvVsS4rRg4+IFTzQaiV3KF/YkNhbg=","session_id":"","cipher_suite":{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIC+zCCAeOgAwIBAgIJAPKaoWPtKscDMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA0MDYxOTQwMzVaFw0xODA1MDYxOTQwMzVaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3p//A+w3jtR/MbYBtXbovJ7brM6EjSl/DYkRwTwPnh/sLkgQLZJXshTE4K2tykibZY4i80fpdEURl5Ftn9LFjLmRQXvjp1CXRXKa0o2gC6i/F18aLlry0OYh/nIUgwbRjYI70GsECbYOCoqW4LZcZDNkMbg5AnVtMOhbTWOctSjr8Y/eoMvOYHFXMcz9J2OlEXzAi29jiv890nSqzaFLZ5P7Fh2oMPEnDXNatlBa7dEP/Dheuvsv0fvQljepgQlEoyTVsIrQDFzjmGwmiH5PHhE4YRz2cAvo6VpwnO6VJjDPlZk1V7i1J05YpIzKoK6SUxplTq3gK5apqhkEDoXjsCAwEAAaNQME4wHQYDVR0OBBYEFHx+pI0ntKzwPObg6+zMO/3QS31TMB8GA1UdIwQYMBaAFHx+pI0ntKzwPObg6+zMO/3QS31TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACp6YtftXA3tBWLO3GD7GJE2qe3K3+niqIXTFaNIoesTi9bh1T6AGPsCxTvIHCBdv40KhzrL/poy9mxRo+3V7N63K5BCT21/OT03z9FU75+8Y4LqzvPFJEHx2DdZU0yRby+7dlDWybHrKM0akYox8tDLW02sObkou+vSxOALZ7pCOR3AciroIedHmbOR48Mjl6NW2xMzzEAMsUFqjhk8viYf70E5jnBpjBCV114uk+FJ6aLj2LfNVZ4C0zz9QmFdiyG5OJDCJzU2fhhfwBC62ib4YkDfYoyaVi0wXMG0opW4XppF5Ih9JsSr+om0KaxFGfZEqf5LYHq75SPCLtgnWXA=","parsed":{"version":3,"serial_number":"17481462354144839427","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["localhost"]},"issuer_dn":"CN=localhost","validity":{"start":"2018-04-06T19:40:35Z","end":"2018-05-06T19:40:35Z","length":2592000},"subject":{"common_name":["localhost"]},"subject_dn":"CN=localhost","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"ven/8D7DeO1H8xtgG1dui8ntuszoSNKX8NiRHBPA+eH+wuSBAtkleyFMTgra3KSJtljiLzR+l0RRGXkW2f0sWMuZFBe+OnUJdFcprSjaALqL8XXxouWvLQ5iH+chSDBtGNgjvQawQJtg4KipbgtlxkM2QxuDkCdW0w6FtNY5y1KOvxj96gy85gcVcxzP0nY6URfMCLb2OK/z3SdKrNoUtnk/sWHagw8ScNc1q2UFrt0Q/8OF66+y/R+9CWN6mBCUSjJNWwitAMXOOYbCaIfk8eEThhHPZwC+jpWnCc7pUmMM+VmTVXuLUnTlikjMqgrpJTGmVOreArlqmqGQQOheOw==","length":2048},"fingerprint_sha256":"53793a122dfc7863e6c34e11a4f1dd7bbbb7099108dd354d0ffebe7af4117a2c"},"extensions":{"basic_constraints":{"is_ca":true},"authority_key_id":"7c7ea48d27b4acf03ce6e0ebeccc3bfdd04b7d53","subject_key_id":"7c7ea48d27b4acf03ce6e0ebeccc3bfdd04b7d53"},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"Knpi1+1cDe0FYs7cYPsYkTap7crf6eKohdMVo0ih6xOL1uHVPoAY+wLFO8gcIF2/jQqHOsv+mjL2bFGj7dXs3rcrkEJPbX85PTfP0VTvn7xjgurO88UkQfHYN1lTTJFvL7t2UNbJsesozRqRijHy0MtbTaw5uSi769LE4AtnukI5HcByKugh50eZs5HjwyOXo1bbEzPMQAyxQWqOGTy+Jh/vQTmOcGmMEJXXXi6T4UnpouPYt81VngLTPP1CYV2LIbk4kMInNTZ+GF/AELraJvhiQN9ijJpWLTBcwbSilbhemkXkiH0mxKv6ibQprEUZ9kSp/ktgervlI8Iu2CdZcA==","valid":true,"self_signed":true},"fingerprint_md5":"394760cf86bddcbd8a02065c6176a403","fingerprint_sha1":"3bbe17fb151fb08d0d3738218897e8a97c815e3b","fingerprint_sha256":"cde15da29f9771281f5b43ae745baa92b0ad4e6d523c76ba1e53529dbe6513e1","tbs_noct_fingerprint":"19df72fc670bea684f816fc6db41b1df6d636ec59ca292dc5554d50b64e9dc7e","spki_subject_fingerprint":"4e5f991259a86a45e51ef5c7646a3e2e7beb4f744d80aefd810ad74161cac6b5","tbs_fingerprint":"19df72fc670bea684f816fc6db41b1df6d636ec59ca292dc5554d50b64e9dc7e","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: unknown error"}},"client_key_exchange":{"rsa_params":{"length":256,"encrypted_pre_master_secret":"RxgSm+70PgnCgUAOOa8lyxiQ6mxBzU9g1ZikxAqf/WPlzAzo/YkODUy2vUKQwvd8VAPO8LVkyYk/RPh0MdGtPJ4ZPD0f3VOZHbhAPLeEvdTp2diLnNNQRp2J3uYxaxpuwFt1t1EdnFVgHgbc0v+9owG08ZDuyDXsOBfGT6f2l+grnSj2tMH3GwBr8S/fEYZRL1ler7qa8ZdE4jJTYJkuzFLRi3v3hUnf1Yiq6JGBrWpMcu01JGAhEdrifBuY1FGP+Pa8JHUMOTRy0Erfh70Lti65T7KdlxOrxamObLWXcDcnUZ9H0s8+5hdctFFi6VbsYha9AeiyQOhcpnH72UgTaw=="}},"client_finished":{"verify_data":"XLsX1MVjVaqdWdzh"},"server_finished":{"verify_data":"pVPglT6uxB87IH3g"},"key_material":{"master_secret":{"value":"OpwII5gehRZRLFn/vVpvZgZ4U2TRjoe7EQLCzjiJS6IZ4L0P6/UHgOdcIK58j2NG","length":48},"pre_master_secret":{"value":"AwPxC16FrZuh/ci7doPSPTkkMu+7mmhF7+urTTReU8/qA8HcM4+2cMBExocpDQ8e","length":48}}}},"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 1.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"1995","message":"unsupported frontend protocol 255.255: server supports 1.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2090","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL"},"is_ssl":true},"timestamp":"2018-04-06T19:41:02Z"}}} diff --git a/schemas/testdata/postgres-9.4-nossl.json b/schemas/testdata/postgres-9.4-nossl.json new file mode 100644 index 0000000..8c13cee --- /dev/null +++ b/schemas/testdata/postgres-9.4-nossl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.6","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 1.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"2010","message":"unsupported frontend protocol 255.255: server supports 1.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2118","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL"},"is_ssl":false},"timestamp":"2018-04-06T19:41:11Z"}}} diff --git a/schemas/testdata/postgres-9.4-ssl.json b/schemas/testdata/postgres-9.4-ssl.json new file mode 100644 index 0000000..561d267 --- /dev/null +++ b/schemas/testdata/postgres-9.4-ssl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.5","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"eEDEjXie55+serF9fGxhIEtMavvsNlasKjeM7hu7bNU=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"dSkY6kPTT7Ok2hB+o1gyYUO1cu5Lf4z/HJfeJDYq2O0=","session_id":"","cipher_suite":{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIC+zCCAeOgAwIBAgIJAN+TvguNLYbIMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA0MDYxOTQwMzlaFw0xODA1MDYxOTQwMzlaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaMuK+jeEdb7LJUsNDGjewgYalwZ2pXsa8rfWJisZWMEe1+p92mwv2kaOal7W0tCukG9I/KfywbMmE3tzXLG8TKrZc1mORJrm4xcYtW3fcT6EzgjvBDkk8KcRm0DWOz15tCAgcXpsoC+/+UmJOSYXgrayeFRAdogARUVsAxPxHyMcqkl65yCVfjvD9f4k+RdMOHAEC+8+/HE0lH1aAnDoIC8rPqwzPKyC33Gob/XYXYr0LGPTDCR9TmJBfouvDVJmqfKUIM8jegVd0tWUalSOULOeCoAi59Us4FICdgt85+sK/2AqDxbUo60s4HGEneO7Q+w7KMA8t3DtG2hw26An8CAwEAAaNQME4wHQYDVR0OBBYEFLxAOzH6P8JBHuYIQNkl2h7C3pghMB8GA1UdIwQYMBaAFLxAOzH6P8JBHuYIQNkl2h7C3pghMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIUFMmABUpafR8hTlsRrx3uK+DhkipZyhXj7M8SoVODDkOD/sA27s+zK+Xxbcc0tfDfnQFXjWKJI+gp/REq5tShevTYSoXJ6We0yvQxyUDwGV//DGdQBKOEitsuYXANJIHUoeF/FnB5K+dMsPeIdl62eyMha8yq6pGoSJxMBN3Lp+lqnDGsknP4c04VI3nQ50kdD9fCdDTbKFy04SFoYQnG3ruqYmmSqReICkdSMIoHzxVx0795FRmfLdTUHd0AgPrJ2+nYahnUGx/uy/gVTUQJaozjsqKS9HrwT6XJbzd9tEHC0dJnqGzA7iOX0LG9LRbAbFj+ZGCDzvgj++mxRidA=","parsed":{"version":3,"serial_number":"16110429248856884936","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["localhost"]},"issuer_dn":"CN=localhost","validity":{"start":"2018-04-06T19:40:39Z","end":"2018-05-06T19:40:39Z","length":2592000},"subject":{"common_name":["localhost"]},"subject_dn":"CN=localhost","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"5oy4r6N4R1vsslSw0MaN7CBhqXBnalexryt9YmKxlYwR7X6n3abC/aRo5qXtbS0K6Qb0j8p/LBsyYTe3NcsbxMqtlzWY5EmubjFxi1bd9xPoTOCO8EOSTwpxGbQNY7PXm0ICBxemygL7/5SYk5JheCtrJ4VEB2iABFRWwDE/EfIxyqSXrnIJV+O8P1/iT5F0w4cAQL7z78cTSUfVoCcOggLys+rDM8rILfcahv9dhdivQsY9MMJH1OYkF+i68NUmap8pQgzyN6BV3S1ZRqVI5Qs54KgCLn1SzgUgJ2C3zn6wr/YCoPFtSjrSzgcYSd47tD7DsowDy3cO0baHDboCfw==","length":2048},"fingerprint_sha256":"1f92d69344d94234c0d8fe751673f5f7b1aaca57823b06109d42e69243af277a"},"extensions":{"basic_constraints":{"is_ca":true},"authority_key_id":"bc403b31fa3fc2411ee60840d925da1ec2de9821","subject_key_id":"bc403b31fa3fc2411ee60840d925da1ec2de9821"},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"hQUyYAFSlp9HyFOWxGvHe4r4OGSKlnKFePszxKhU4MOQ4P+wDbuz7Mr5fFtxzS18N+dAVeNYokj6Cn9ESrm1KF69NhKhcnpZ7TK9DHJQPAZX/8MZ1AEo4SK2y5hcA0kgdSh4X8WcHkr50yw94h2XrZ7IyFrzKrqkahInEwE3cun6WqcMaySc/hzThUjedDnSR0P18J0NNsoXLThIWhhCcbeu6piaZKpF4gKR1IwigfPFXHTv3kVGZ8t1NQd3QCA+snb6dhqGdQbH+7L+BVNRAlqjOOyopL0evBPpclvN320QcLR0meobMDuI5fQsb0tFsBsWP5kYIPO+CP76bFGJ0A==","valid":true,"self_signed":true},"fingerprint_md5":"f8b949ae4948192476ce75a6336a2033","fingerprint_sha1":"55e850fe576c74687d1456d908a4d500a2db5dfb","fingerprint_sha256":"8a0556d82317911c81a493cb10698eb9a5c8a21d82c893d11577414e0fb4ee92","tbs_noct_fingerprint":"cd4102b6dd80fb99f27895406123cad8690c56009ab17caaeaaa0ee55f7d1763","spki_subject_fingerprint":"fbb242d818380040be06ccd1d356f895b0b4b53b5770799402a2663eb5f8882e","tbs_fingerprint":"cd4102b6dd80fb99f27895406123cad8690c56009ab17caaeaaa0ee55f7d1763","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: unknown error"}},"server_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"server_public":{"x":{"value":"HpG2CKIcYbTN/yXzZq4xd9FsBpopDRiEqrGxk6Px+dI=","length":256},"y":{"value":"uhXH4iVeI7S7FVDnhXk7o346DBjreKMAmtknfrj3ziw=","length":256}}},"digest":"DdLkjQeWnEbVbsyzHdSK4qMU7yx5KDljvjsNOF353u8=","signature":{"raw":"siQexQqgDc8bmQyOO/WmBdar0AQuVYd8PHfHOPWuiE9s/vU7QCNNWGRjHm5dnHxC3R3yxAr6ycOVIOT3wFk0tZM6fXWW1M9EaRJH3HFR7CvEWJJTM3LLFTTTgo2ZtvtInk052h3VGg0xlYjhhnS56N5os5o7aTIzfRZJV5sv62rMBE2RdNWS/3E/oaRgsZ8U81j3MHTCHuAue/agvlyhDPa8bO4AgYnHKvdmIy/fzvNYlGBVxclPgIgRabDajXfjE1acsyXCbiuVwsSrWvSN+aa4BwJNVPjGrFNmYz+GA49CcZ/3Z0rzp12iP75gVYOXOYm2UrG1VxyiHBolL40jyA==","type":"rsa","valid":true,"signature_and_hash_type":{"signature_algorithm":"rsa","hash_algorithm":"sha256"},"tls_version":{"name":"TLSv1.2","value":771}}},"client_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"client_public":{"x":{"value":"VpgHPKp1MEcVP5XHQi/Q322nkiawCyEY/1i1/rfE6iM=","length":256},"y":{"value":"B75dnf/0qxtSz2ck3hq+gssxKK2DCMMZk8pYKW+BaXk=","length":256}},"client_private":{"value":"oqddFQjbm9boB38I1zyr5a+EALVKotewpEPPG/nIptU=","length":32}}},"client_finished":{"verify_data":"k/LS2b19vLZRHx3/"},"server_finished":{"verify_data":"kYksHYwSkxHwy/MM"},"key_material":{"master_secret":{"value":"oVt7tNNjOX7BM1p4o2nU9cY6wqrXs7Ld6vB9mOZRAW5H1V9chOvwHUUtAwnTxHgv","length":48},"pre_master_secret":{"value":"QL1UjrtZEe3ojzHY1zXN5w1PuXUpna3QNvT9hH5Oq7A=","length":32}}}},"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 1.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"2010","message":"unsupported frontend protocol 255.255: server supports 1.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2118","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL"},"is_ssl":true},"timestamp":"2018-04-06T19:41:08Z"}}} diff --git a/schemas/testdata/postgres-9.5-nossl.json b/schemas/testdata/postgres-9.5-nossl.json new file mode 100644 index 0000000..d440e1d --- /dev/null +++ b/schemas/testdata/postgres-9.5-nossl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.8","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 1.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"2015","message":"unsupported frontend protocol 255.255: server supports 1.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2125","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL"},"is_ssl":false},"timestamp":"2018-04-06T19:41:17Z"}}} diff --git a/schemas/testdata/postgres-9.5-ssl.json b/schemas/testdata/postgres-9.5-ssl.json new file mode 100644 index 0000000..46194ba --- /dev/null +++ b/schemas/testdata/postgres-9.5-ssl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.7","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"1ut5u2GZbPUdirQ9BVxooNcVYqA+PrVFff9hbLIfjEg=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"nSCGhrcNvpWUJ14yrL0yvzmqSBcQ49PjeI0DPASmm5o=","session_id":"","cipher_suite":{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIC+zCCAeOgAwIBAgIJAKYYAJdK8Yx8MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA0MDYxOTQwNDJaFw0xODA1MDYxOTQwNDJaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIs9q1Ijkrp4S4Ah6baSW+Jgt1+CI4SCGd36ef+6DjmEI9eQuDQR8xrCs889b3TtoGlviH+vIaP2FBX5hPD/zywOD8jZCHJdrRe583wUYRRdOMxbonPEaAkrzDxuz0bsTFiETJOrWXkvPgrXmVbCxZ/eug0weOcTIdM5Ws3dciYVLo6JdMwEH3Hs/ORk9+8Uy6MJkxXaQz3utsrSleodixvhabXgKNognoyVX2vHy837vQO2lAVUWpNpvsp+C70RasMKpM7DOjGWbWCpnLU/OxIMD0UDeMAesHpEx7jw4fT1AUzMGAZQP4UqJsoxkaKuSRavuz44zqIMM6GkRKpbD8CAwEAAaNQME4wHQYDVR0OBBYEFJjMX08Bnx7h82CqjAaDvzNni082MB8GA1UdIwQYMBaAFJjMX08Bnx7h82CqjAaDvzNni082MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAeanqe+oVp9M3wuWi+EeDP1gr9hVy+kQNiVsXmdudCaQUYEiT/6zQgdChXf8WPflx2V3rla+lyqsekjosElsxvpn0na0w/2R9Z/g4s+51NKJqcIV7St34mucsMfrUHTB5t2oZYaKw7ySIVlQ24AJ20YX+9wttpm056y2vjIykQbYVZdGv963cq/ZX5LOK8kBUj6ycOl/wdV5LyBaeEN41Hvuho1uyrDRnk9nPm/ZP95iuji/rgP2Uqa0XYBj45RG0HXf15b4BKHGIzaVzTk+GCuzD/5Q5kUg3oxVfXjAB2T5PkI9hlI9o8MnELSYW7ddVWph4PO8noRKmimnhne0DI=","parsed":{"version":3,"serial_number":"11968316659534498940","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["localhost"]},"issuer_dn":"CN=localhost","validity":{"start":"2018-04-06T19:40:42Z","end":"2018-05-06T19:40:42Z","length":2592000},"subject":{"common_name":["localhost"]},"subject_dn":"CN=localhost","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"0iz2rUiOSunhLgCHptpJb4mC3X4IjhIIZ3fp5/7oOOYQj15C4NBHzGsKzzz1vdO2gaW+If68ho/YUFfmE8P/PLA4PyNkIcl2tF7nzfBRhFF04zFuic8RoCSvMPG7PRuxMWIRMk6tZeS8+CteZVsLFn966DTB45xMh0zlazd1yJhUujol0zAQfcez85GT37xTLowmTFdpDPe62ytKV6h2LG+FpteAo2iCejJVfa8fLzfu9A7aUBVRak2m+yn4LvRFqwwqkzsM6MZZtYKmctT87EgwPRQN4wB6wekTHuPDh9PUBTMwYBlA/hSomyjGRoq5JFq+7PjjOogwzoaREqlsPw==","length":2048},"fingerprint_sha256":"88793f96d8192f5371dc4c5496cf12372dd4bbd0ce235eeb89f042dee7be2b25"},"extensions":{"basic_constraints":{"is_ca":true},"authority_key_id":"98cc5f4f019f1ee1f360aa8c0683bf33678b4f36","subject_key_id":"98cc5f4f019f1ee1f360aa8c0683bf33678b4f36"},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"B5qep76hWn0zfC5aL4R4M/WCv2FXL6RA2JWxeZ250JpBRgSJP/rNCB0KFd/xY9+XHZXeuVr6XKqx6SOiwSWzG+mfSdrTD/ZH1n+Diz7nU0ompwhXtK3fia5ywx+tQdMHm3ahlhorDvJIhWVDbgAnbRhf73C22mbTnrLa+MjKRBthVl0a/3rdyr9lfks4ryQFSPrJw6X/B1XkvIFp4Q3jUe+6GjW7KsNGeT2c+b9k/3mK6OL+uA/ZSprRdgGPjlEbQdd/XlvgEocYjNpXNOT4YK7MP/lDmRSDejFV9eMAHZPk+Qj2GUj2jwycQtJhbt11VamHg87yehEqaKaeGd7QMg==","valid":true,"self_signed":true},"fingerprint_md5":"2edc84e3f94d0e7994ba4a6f9d97f7cd","fingerprint_sha1":"fedbb7b01b85c9fbebd0daa26c84ed9b4634eae3","fingerprint_sha256":"0a3cf86311457ce9ada7f64b4dcf70396c1cb7b842c2091bc9a926f4d02111e2","tbs_noct_fingerprint":"0afe14a7bd2b3b314b047fe048ea7b6a09f0cda946abc6de2ce0c13969849634","spki_subject_fingerprint":"da97a1bf15847b113c499309178d36a4131ec62d65173e2209571c9bdc203e20","tbs_fingerprint":"0afe14a7bd2b3b314b047fe048ea7b6a09f0cda946abc6de2ce0c13969849634","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: unknown error"}},"server_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"server_public":{"x":{"value":"8KFepW1w7AzCniEeRcHZCyyeyC225Pe06e9rA2UW7RA=","length":256},"y":{"value":"4Zj6i9JCUoKVRCAodeMt5aJ7trYWzXIbPvyZtq080Lo=","length":256}}},"digest":"yMCmrbZzqiYIGtceaxMcD473kSyt08GIu5/U66eAG1s=","signature":{"raw":"YLUjBR2ooEhyXAx4PYXcuaeo9FiCBXYEnT7GucZqm76Kr4b34bLSBGQA3K5g3+96Tfy0ZyyR3NP+54zpMvBKFCkrXKUkY6eqJo1NcE1VHgRKXZQ7J0OH4h11CCSttrwtK9p9YmkN7KMR34GQBLqja9drneahlutxX65OG4iwuKxcvbHocSi0522E+bPz3l3W6TfNG2JMWUimhil7pXbOE3evVe3Pur/cHKrWYtlJYhltTJwF5/F/v/pmUVrq8CDVJuu+YXygK81hnJf0+lr+FqJReih7lCNCAidUpiKqwZ3TVdBSBGv5cfg5I6jj3Pj0brUejVoiUXaMHF/kNET9lQ==","type":"rsa","valid":true,"signature_and_hash_type":{"signature_algorithm":"rsa","hash_algorithm":"sha256"},"tls_version":{"name":"TLSv1.2","value":771}}},"client_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"client_public":{"x":{"value":"M+yvh1Ej9tNigqmuTH+VxXkkScmx4ExRhO+sNUnaNE0=","length":256},"y":{"value":"CE5R8/uvaw99jLULNLTc39+UFTMYn5yN/VYsXX8EfDQ=","length":256}},"client_private":{"value":"ddPlEnA3nkQiUlgxOpxPJ50IVSvxcfWTf85LOqw5s+w=","length":32}}},"client_finished":{"verify_data":"rdJbv1o6LA7vsv14"},"server_finished":{"verify_data":"vWrHFqRzVbTiB8e0"},"key_material":{"master_secret":{"value":"3F//M4+1AxUe8mb9sAv9eQifgO6sX1atlf+TQ8Pbmq5pN6roYLW2LLKHbyxB1pze","length":48},"pre_master_secret":{"value":"2IH2KtfEUoP48Opdx/Jj+fx4mq0GAKvKt7ySrnoYI7E=","length":32}}}},"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 1.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"2015","message":"unsupported frontend protocol 255.255: server supports 1.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2125","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL"},"is_ssl":true},"timestamp":"2018-04-06T19:41:14Z"}}} diff --git a/schemas/testdata/postgres-9.6-nossl.json b/schemas/testdata/postgres-9.6-nossl.json new file mode 100644 index 0000000..3981921 --- /dev/null +++ b/schemas/testdata/postgres-9.6-nossl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.10","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 1.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"2031","message":"unsupported frontend protocol 255.255: server supports 1.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL","severity_v":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2141","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL","severity_v":"FATAL"},"is_ssl":false},"timestamp":"2018-04-06T19:41:23Z"}}} diff --git a/schemas/testdata/postgres-9.6-ssl.json b/schemas/testdata/postgres-9.6-ssl.json new file mode 100644 index 0000000..ce8e335 --- /dev/null +++ b/schemas/testdata/postgres-9.6-ssl.json @@ -0,0 +1 @@ +{"ip":"172.17.0.9","domain":"target","data":{"postgres":{"status":"success","protocol":"postgres","result":{"tls":{"handshake_log":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"Uhzn7PrqQ3BagNz4euYJFY/VGo/n6x/Uv4tfhlXnf/k=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"vRkil/dzuepgHqIsz9PPNRFOqs1402S2aIL4tquGvfE=","session_id":"","cipher_suite":{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIC+zCCAeOgAwIBAgIJAN8H5BJFRTa7MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA0MDYxOTQwNDRaFw0xODA1MDYxOTQwNDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOGoMlp4lm/+gfR7r2edJ6lusHAvY0sEB/zGmjUM3hXrGNW657eL74JadP6DO3GgGBdk+TQafomE1GNF8GGG9DsB7Ryq5HDDnIm2k97lsOYqzcVeNj3ooF3J6ddRZ/ZfGJbBOl21ecdQgU5B/CQXum6jZBThZ8S+hpMcZj7p4T3Xfp/k6c8N6mX7Y0ZezxkAHbUp/8E+x+1DA3eSjjrmheef0PIIGhbbD7uKkTXzMcsDPpsb9Fy3NRphay1iPMPOS3Smyzy0shRoC3bpbWimsUBdfARRkxC4Om84SqcbG9gArIotNu0PrqssnrudXf9aKEK25vF78XI5uTRUZ+GzrBMCAwEAAaNQME4wHQYDVR0OBBYEFPzsUMTFViEOtxtecIb0tDTtuXg/MB8GA1UdIwQYMBaAFPzsUMTFViEOtxtecIb0tDTtuXg/MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAN8EY4DhWvP75f+sWxTDyDBxyhKfQEBp2aE0dnOxmNhkebHsK3Bs4wSlSTcxBjM7k/kwjCBBa3iiXs9oRWitHdJHbSjStcWzQ2ULRZDnL9GePXtJdTgrt37mp0sqMFStY2YH7EOU8zEVMv2cBJKcEK0dSxQ+1bIeZEgjTkHN0aKgUoLG3GWpGbXNzcK4DwXjdBWy0/zAwq1gh0GCP5XxI3qmUszkvD/X3KAGGe9Yvg5augf7Ut/SHphXo3P5MqCrK3lltHJs2psIYNtvSM+1swT3NZmRCU9jvvdlAcU+K7hNLtJz7G5P2zDsf+dEphVICcHfGCyXXRcRE61jsYl/g5I=","parsed":{"version":3,"serial_number":"16071064562417612475","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["localhost"]},"issuer_dn":"CN=localhost","validity":{"start":"2018-04-06T19:40:44Z","end":"2018-05-06T19:40:44Z","length":2592000},"subject":{"common_name":["localhost"]},"subject_dn":"CN=localhost","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"4agyWniWb/6B9HuvZ50nqW6wcC9jSwQH/MaaNQzeFesY1brnt4vvglp0/oM7caAYF2T5NBp+iYTUY0XwYYb0OwHtHKrkcMOcibaT3uWw5irNxV42PeigXcnp11Fn9l8YlsE6XbV5x1CBTkH8JBe6bqNkFOFnxL6GkxxmPunhPdd+n+Tpzw3qZftjRl7PGQAdtSn/wT7H7UMDd5KOOuaF55/Q8ggaFtsPu4qRNfMxywM+mxv0XLc1GmFrLWI8w85LdKbLPLSyFGgLdultaKaxQF18BFGTELg6bzhKpxsb2ACsii027Q+uqyyeu51d/1ooQrbm8Xvxcjm5NFRn4bOsEw==","length":2048},"fingerprint_sha256":"883724421cba2201f93d71306d4435dcb0450edb699aa927232088af3b19ce23"},"extensions":{"basic_constraints":{"is_ca":true},"authority_key_id":"fcec50c4c556210eb71b5e7086f4b434edb9783f","subject_key_id":"fcec50c4c556210eb71b5e7086f4b434edb9783f"},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"3wRjgOFa8/vl/6xbFMPIMHHKEp9AQGnZoTR2c7GY2GR5sewrcGzjBKVJNzEGMzuT+TCMIEFreKJez2hFaK0d0kdtKNK1xbNDZQtFkOcv0Z49e0l1OCu3fuanSyowVK1jZgfsQ5TzMRUy/ZwEkpwQrR1LFD7Vsh5kSCNOQc3RoqBSgsbcZakZtc3NwrgPBeN0FbLT/MDCrWCHQYI/lfEjeqZSzOS8P9fcoAYZ71i+Dlq6B/tS39IemFejc/kyoKsreWW0cmzamwhg229Iz7WzBPc1mZEJT2O+92UBxT4ruE0u0nPsbk/bMOx/50SmFUgJwd8YLJddFxETrWOxiX+Dkg==","valid":true,"self_signed":true},"fingerprint_md5":"920ba8420b5aa3aa3ba4c96dad0c09ca","fingerprint_sha1":"0cdd5946085b252e01de5e242a628f281a4f5c1a","fingerprint_sha256":"295c84f7b82e587573a6bcc7f82bebfdf7360f011b2583768f51aeb6ef2fece0","tbs_noct_fingerprint":"a5ca46e511221d42380f16857230ec8c336c68ef040004232201c2bf101fc41c","spki_subject_fingerprint":"126895379b5beeb4230be26ac3c0ab353646c4184a76afd78c360f4c59ac5c2c","tbs_fingerprint":"a5ca46e511221d42380f16857230ec8c336c68ef040004232201c2bf101fc41c","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: unknown error"}},"server_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"server_public":{"x":{"value":"A7u+Ut8i/od5KQqPPP/VGfYke2YRY7wWv9tAIOWkkE4=","length":256},"y":{"value":"ksNIh0/9PbXex3sWgD4jpI2UCIm0uktD/28EeAUVVWc=","length":256}}},"digest":"OmxMjz6O0oJGqJnv0M+mvIK9hW8Q69zgIw0daIsbHC0=","signature":{"raw":"3BX3vMdPyBiwf3/9me+JuWv54Ly6rifanSr+X8e7btFRZxjBYoAVSDyHE+jYmqbVI6zuqhzKtfwuJohgb8hZ7Peq7TCUWq5w/iXVYYkvPE2y3zEbIrz3cUYmO3CRl8F/Rs+/z/qvO1bazVbAp47bLbwHaMXo8UohkBs70Hjrk4dLvJ6fI/y1UWpBzG4ww/rx5dGzluMQ9ZY9V11CbBCnbnxpYgGeWnk75q5H/rZki+Uh+nuDjIlbBSEI3fFJbCNiRRoPWv+MTzl8HNqQ4eRvkmh0dl2CdTWl/OQHOhnO4RQpJ5YC/rIvrXO+TXTg9osSPoTg+JUaiCiy8Hpj13Ywsw==","type":"rsa","valid":true,"signature_and_hash_type":{"signature_algorithm":"rsa","hash_algorithm":"sha256"},"tls_version":{"name":"TLSv1.2","value":771}}},"client_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"client_public":{"x":{"value":"oPi1JpftDIVQPUZmpRY5VshiUKXZ+E979ba10J7JBPo=","length":256},"y":{"value":"0lo4axTbcp2Eq19plyJx522u+cHOEXIlraZ2xGwiQdM=","length":256}},"client_private":{"value":"UqIhemkwyioT/IEDhwPrpdYxHCgtwQLcQxbx3tG5Rrc=","length":32}}},"client_finished":{"verify_data":"ipAQUJP5GU4Q3GmN"},"server_finished":{"verify_data":"H9IbilpE7z932lf3"},"key_material":{"master_secret":{"value":"J37MJPNOrKHOdLC+MB5NNbkVzkKB+xzVAKHxhUjCwGg74IhKTSaE8pKzJSyflEiU","length":48},"pre_master_secret":{"value":"ZuMEUF4wW8Fz0uPT/YItFRQNv4lVRaTXn03zd15Fmjw=","length":32}}}},"supported_versions":"FATAL: unsupported frontend protocol 0.0: server supports 1.0 to 3.0","protocol_error":{"code":"0A000","file":"postmaster.c","line":"2031","message":"unsupported frontend protocol 255.255: server supports 1.0 to 3.0","routine":"ProcessStartupPacket","severity":"FATAL","severity_v":"FATAL"},"startup_error":{"code":"28000","file":"postmaster.c","line":"2141","message":"no PostgreSQL user name specified in startup packet","routine":"ProcessStartupPacket","severity":"FATAL","severity_v":"FATAL"},"is_ssl":true},"timestamp":"2018-04-06T19:41:20Z"}}} diff --git a/schemas/testdata/redis-default-inline.json b/schemas/testdata/redis-default-inline.json new file mode 100644 index 0000000..1ca9a8e --- /dev/null +++ b/schemas/testdata/redis-default-inline.json @@ -0,0 +1 @@ +{"ip":"172.17.0.5","domain":"target","data":{"redis":{"status":"success","protocol":"redis","result":{"commands":["PING","INFO","NONEXISTENT","QUIT"],"raw_command_output":["K1BPTkcNCg==","JDI2NzQNCiMgU2VydmVyDQpyZWRpc192ZXJzaW9uOjQuMC43DQpyZWRpc19naXRfc2hhMTowMDAwMDAwMA0KcmVkaXNfZ2l0X2RpcnR5OjANCnJlZGlzX2J1aWxkX2lkOmI2OTU5YzEwNDI5MDE3NTcNCnJlZGlzX21vZGU6c3RhbmRhbG9uZQ0Kb3M6TGludXggNC45Ljg3LWxpbnV4a2l0LWF1ZnMgeDg2XzY0DQphcmNoX2JpdHM6NjQNCm11bHRpcGxleGluZ19hcGk6ZXBvbGwNCmF0b21pY3Zhcl9hcGk6YXRvbWljLWJ1aWx0aW4NCmdjY192ZXJzaW9uOjQuOS4yDQpwcm9jZXNzX2lkOjENCnJ1bl9pZDo2MDk3YTBjM2UxYzRjYzMxY2U2YjEyZWE0YjZhNjE2NmExZTc1MTA0DQp0Y3BfcG9ydDo2Mzc5DQp1cHRpbWVfaW5fc2Vjb25kczozDQp1cHRpbWVfaW5fZGF5czowDQpoejoxMA0KbHJ1X2Nsb2NrOjEzMDk0MjY3DQpleGVjdXRhYmxlOi9kYXRhL3JlZGlzLXNlcnZlcg0KY29uZmlnX2ZpbGU6Ly91c3IvbG9jYWwvZXRjL3JlZGlzL2RlZmF1bHQuY29uZg0KDQojIENsaWVudHMNCmNvbm5lY3RlZF9jbGllbnRzOjENCmNsaWVudF9sb25nZXN0X291dHB1dF9saXN0OjANCmNsaWVudF9iaWdnZXN0X2lucHV0X2J1ZjowDQpibG9ja2VkX2NsaWVudHM6MA0KDQojIE1lbW9yeQ0KdXNlZF9tZW1vcnk6ODI4NDU2DQp1c2VkX21lbW9yeV9odW1hbjo4MDkuMDRLDQp1c2VkX21lbW9yeV9yc3M6NDEwMDA5Ng0KdXNlZF9tZW1vcnlfcnNzX2h1bWFuOjMuOTFNDQp1c2VkX21lbW9yeV9wZWFrOjgyODQ1Ng0KdXNlZF9tZW1vcnlfcGVha19odW1hbjo4MDkuMDRLDQp1c2VkX21lbW9yeV9wZWFrX3BlcmM6MTAwLjAwJQ0KdXNlZF9tZW1vcnlfb3ZlcmhlYWQ6ODE1MjE0DQp1c2VkX21lbW9yeV9zdGFydHVwOjc2NTU4NA0KdXNlZF9tZW1vcnlfZGF0YXNldDoxMzI0Mg0KdXNlZF9tZW1vcnlfZGF0YXNldF9wZXJjOjIxLjA2JQ0KdG90YWxfc3lzdGVtX21lbW9yeToyMDc2NDM0NDMyDQp0b3RhbF9zeXN0ZW1fbWVtb3J5X2h1bWFuOjEuOTNHDQp1c2VkX21lbW9yeV9sdWE6Mzc4ODgNCnVzZWRfbWVtb3J5X2x1YV9odW1hbjozNy4wMEsNCm1heG1lbW9yeTowDQptYXhtZW1vcnlfaHVtYW46MEINCm1heG1lbW9yeV9wb2xpY3k6bm9ldmljdGlvbg0KbWVtX2ZyYWdtZW50YXRpb25fcmF0aW86NC45NQ0KbWVtX2FsbG9jYXRvcjpqZW1hbGxvYy00LjAuMw0KYWN0aXZlX2RlZnJhZ19ydW5uaW5nOjANCmxhenlmcmVlX3BlbmRpbmdfb2JqZWN0czowDQoNCiMgUGVyc2lzdGVuY2UNCmxvYWRpbmc6MA0KcmRiX2NoYW5nZXNfc2luY2VfbGFzdF9zYXZlOjANCnJkYl9iZ3NhdmVfaW5fcHJvZ3Jlc3M6MA0KcmRiX2xhc3Rfc2F2ZV90aW1lOjE1MjMwNDM3MDQNCnJkYl9sYXN0X2Jnc2F2ZV9zdGF0dXM6b2sNCnJkYl9sYXN0X2Jnc2F2ZV90aW1lX3NlYzotMQ0KcmRiX2N1cnJlbnRfYmdzYXZlX3RpbWVfc2VjOi0xDQpyZGJfbGFzdF9jb3dfc2l6ZTowDQphb2ZfZW5hYmxlZDowDQphb2ZfcmV3cml0ZV9pbl9wcm9ncmVzczowDQphb2ZfcmV3cml0ZV9zY2hlZHVsZWQ6MA0KYW9mX2xhc3RfcmV3cml0ZV90aW1lX3NlYzotMQ0KYW9mX2N1cnJlbnRfcmV3cml0ZV90aW1lX3NlYzotMQ0KYW9mX2xhc3RfYmdyZXdyaXRlX3N0YXR1czpvaw0KYW9mX2xhc3Rfd3JpdGVfc3RhdHVzOm9rDQphb2ZfbGFzdF9jb3dfc2l6ZTowDQoNCiMgU3RhdHMNCnRvdGFsX2Nvbm5lY3Rpb25zX3JlY2VpdmVkOjINCnRvdGFsX2NvbW1hbmRzX3Byb2Nlc3NlZDozDQppbnN0YW50YW5lb3VzX29wc19wZXJfc2VjOjANCnRvdGFsX25ldF9pbnB1dF9ieXRlczo3Ng0KdG90YWxfbmV0X291dHB1dF9ieXRlczoyNzM1DQppbnN0YW50YW5lb3VzX2lucHV0X2ticHM6MC4wMA0KaW5zdGFudGFuZW91c19vdXRwdXRfa2JwczowLjAwDQpyZWplY3RlZF9jb25uZWN0aW9uczowDQpzeW5jX2Z1bGw6MA0Kc3luY19wYXJ0aWFsX29rOjANCnN5bmNfcGFydGlhbF9lcnI6MA0KZXhwaXJlZF9rZXlzOjANCmV2aWN0ZWRfa2V5czowDQprZXlzcGFjZV9oaXRzOjANCmtleXNwYWNlX21pc3NlczowDQpwdWJzdWJfY2hhbm5lbHM6MA0KcHVic3ViX3BhdHRlcm5zOjANCmxhdGVzdF9mb3JrX3VzZWM6MA0KbWlncmF0ZV9jYWNoZWRfc29ja2V0czowDQpzbGF2ZV9leHBpcmVzX3RyYWNrZWRfa2V5czowDQphY3RpdmVfZGVmcmFnX2hpdHM6MA0KYWN0aXZlX2RlZnJhZ19taXNzZXM6MA0KYWN0aXZlX2RlZnJhZ19rZXlfaGl0czowDQphY3RpdmVfZGVmcmFnX2tleV9taXNzZXM6MA0KDQojIFJlcGxpY2F0aW9uDQpyb2xlOm1hc3Rlcg0KY29ubmVjdGVkX3NsYXZlczowDQptYXN0ZXJfcmVwbGlkOmU5ODQ0MGU1YTZjNmZjNjA1ZTBlZDEyNmYxMDBiNGY5OTU5NDQyMjYNCm1hc3Rlcl9yZXBsaWQyOjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDANCm1hc3Rlcl9yZXBsX29mZnNldDowDQpzZWNvbmRfcmVwbF9vZmZzZXQ6LTENCnJlcGxfYmFja2xvZ19hY3RpdmU6MA0KcmVwbF9iYWNrbG9nX3NpemU6MTA0ODU3Ng0KcmVwbF9iYWNrbG9nX2ZpcnN0X2J5dGVfb2Zmc2V0OjANCnJlcGxfYmFja2xvZ19oaXN0bGVuOjANCg0KIyBDUFUNCnVzZWRfY3B1X3N5czowLjAyDQp1c2VkX2NwdV91c2VyOjAuMDUNCnVzZWRfY3B1X3N5c19jaGlsZHJlbjowLjAwDQp1c2VkX2NwdV91c2VyX2NoaWxkcmVuOjAuMDANCg0KIyBDbHVzdGVyDQpjbHVzdGVyX2VuYWJsZWQ6MA0KDQojIEtleXNwYWNlDQoNCg==","LUVSUiB1bmtub3duIGNvbW1hbmQgJ05PTkVYSVNURU5UJw0K","K09LDQo="],"ping_response":"PONG","info_response":"# Server\r\nredis_version:4.0.7\r\nredis_git_sha1:00000000\r\nredis_git_dirty:0\r\nredis_build_id:b6959c1042901757\r\nredis_mode:standalone\r\nos:Linux 4.9.87-linuxkit-aufs x86_64\r\narch_bits:64\r\nmultiplexing_api:epoll\r\natomicvar_api:atomic-builtin\r\ngcc_version:4.9.2\r\nprocess_id:1\r\nrun_id:6097a0c3e1c4cc31ce6b12ea4b6a6166a1e75104\r\ntcp_port:6379\r\nuptime_in_seconds:3\r\nuptime_in_days:0\r\nhz:10\r\nlru_clock:13094267\r\nexecutable:/data/redis-server\r\nconfig_file://usr/local/etc/redis/default.conf\r\n\r\n# Clients\r\nconnected_clients:1\r\nclient_longest_output_list:0\r\nclient_biggest_input_buf:0\r\nblocked_clients:0\r\n\r\n# Memory\r\nused_memory:828456\r\nused_memory_human:809.04K\r\nused_memory_rss:4100096\r\nused_memory_rss_human:3.91M\r\nused_memory_peak:828456\r\nused_memory_peak_human:809.04K\r\nused_memory_peak_perc:100.00%\r\nused_memory_overhead:815214\r\nused_memory_startup:765584\r\nused_memory_dataset:13242\r\nused_memory_dataset_perc:21.06%\r\ntotal_system_memory:2076434432\r\ntotal_system_memory_human:1.93G\r\nused_memory_lua:37888\r\nused_memory_lua_human:37.00K\r\nmaxmemory:0\r\nmaxmemory_human:0B\r\nmaxmemory_policy:noeviction\r\nmem_fragmentation_ratio:4.95\r\nmem_allocator:jemalloc-4.0.3\r\nactive_defrag_running:0\r\nlazyfree_pending_objects:0\r\n\r\n# Persistence\r\nloading:0\r\nrdb_changes_since_last_save:0\r\nrdb_bgsave_in_progress:0\r\nrdb_last_save_time:1523043704\r\nrdb_last_bgsave_status:ok\r\nrdb_last_bgsave_time_sec:-1\r\nrdb_current_bgsave_time_sec:-1\r\nrdb_last_cow_size:0\r\naof_enabled:0\r\naof_rewrite_in_progress:0\r\naof_rewrite_scheduled:0\r\naof_last_rewrite_time_sec:-1\r\naof_current_rewrite_time_sec:-1\r\naof_last_bgrewrite_status:ok\r\naof_last_write_status:ok\r\naof_last_cow_size:0\r\n\r\n# Stats\r\ntotal_connections_received:2\r\ntotal_commands_processed:3\r\ninstantaneous_ops_per_sec:0\r\ntotal_net_input_bytes:76\r\ntotal_net_output_bytes:2735\r\ninstantaneous_input_kbps:0.00\r\ninstantaneous_output_kbps:0.00\r\nrejected_connections:0\r\nsync_full:0\r\nsync_partial_ok:0\r\nsync_partial_err:0\r\nexpired_keys:0\r\nevicted_keys:0\r\nkeyspace_hits:0\r\nkeyspace_misses:0\r\npubsub_channels:0\r\npubsub_patterns:0\r\nlatest_fork_usec:0\r\nmigrate_cached_sockets:0\r\nslave_expires_tracked_keys:0\r\nactive_defrag_hits:0\r\nactive_defrag_misses:0\r\nactive_defrag_key_hits:0\r\nactive_defrag_key_misses:0\r\n\r\n# Replication\r\nrole:master\r\nconnected_slaves:0\r\nmaster_replid:e98440e5a6c6fc605e0ed126f100b4f995944226\r\nmaster_replid2:0000000000000000000000000000000000000000\r\nmaster_repl_offset:0\r\nsecond_repl_offset:-1\r\nrepl_backlog_active:0\r\nrepl_backlog_size:1048576\r\nrepl_backlog_first_byte_offset:0\r\nrepl_backlog_histlen:0\r\n\r\n# CPU\r\nused_cpu_sys:0.02\r\nused_cpu_user:0.05\r\nused_cpu_sys_children:0.00\r\nused_cpu_user_children:0.00\r\n\r\n# Cluster\r\ncluster_enabled:0\r\n\r\n# Keyspace\r\n","quit_response":"OK","nonexistent_response":"(Error: ERR unknown command 'NONEXISTENT')","version":"4.0.7"},"timestamp":"2018-04-06T19:41:47Z"}}} diff --git a/schemas/testdata/redis-default-normal.json b/schemas/testdata/redis-default-normal.json new file mode 100644 index 0000000..ae0c100 --- /dev/null +++ b/schemas/testdata/redis-default-normal.json @@ -0,0 +1 @@ +{"ip":"172.17.0.5","domain":"target","data":{"redis":{"status":"success","protocol":"redis","result":{"commands":["PING","INFO","NONEXISTENT","QUIT"],"raw_command_output":["K1BPTkcNCg==","JDI2NzENCiMgU2VydmVyDQpyZWRpc192ZXJzaW9uOjQuMC43DQpyZWRpc19naXRfc2hhMTowMDAwMDAwMA0KcmVkaXNfZ2l0X2RpcnR5OjANCnJlZGlzX2J1aWxkX2lkOmI2OTU5YzEwNDI5MDE3NTcNCnJlZGlzX21vZGU6c3RhbmRhbG9uZQ0Kb3M6TGludXggNC45Ljg3LWxpbnV4a2l0LWF1ZnMgeDg2XzY0DQphcmNoX2JpdHM6NjQNCm11bHRpcGxleGluZ19hcGk6ZXBvbGwNCmF0b21pY3Zhcl9hcGk6YXRvbWljLWJ1aWx0aW4NCmdjY192ZXJzaW9uOjQuOS4yDQpwcm9jZXNzX2lkOjENCnJ1bl9pZDo2MDk3YTBjM2UxYzRjYzMxY2U2YjEyZWE0YjZhNjE2NmExZTc1MTA0DQp0Y3BfcG9ydDo2Mzc5DQp1cHRpbWVfaW5fc2Vjb25kczoxDQp1cHRpbWVfaW5fZGF5czowDQpoejoxMA0KbHJ1X2Nsb2NrOjEzMDk0MjY2DQpleGVjdXRhYmxlOi9kYXRhL3JlZGlzLXNlcnZlcg0KY29uZmlnX2ZpbGU6Ly91c3IvbG9jYWwvZXRjL3JlZGlzL2RlZmF1bHQuY29uZg0KDQojIENsaWVudHMNCmNvbm5lY3RlZF9jbGllbnRzOjENCmNsaWVudF9sb25nZXN0X291dHB1dF9saXN0OjANCmNsaWVudF9iaWdnZXN0X2lucHV0X2J1ZjowDQpibG9ja2VkX2NsaWVudHM6MA0KDQojIE1lbW9yeQ0KdXNlZF9tZW1vcnk6ODI4NDQ4DQp1c2VkX21lbW9yeV9odW1hbjo4MDkuMDNLDQp1c2VkX21lbW9yeV9yc3M6NDEwMDA5Ng0KdXNlZF9tZW1vcnlfcnNzX2h1bWFuOjMuOTFNDQp1c2VkX21lbW9yeV9wZWFrOjgyODQ0OA0KdXNlZF9tZW1vcnlfcGVha19odW1hbjo4MDkuMDNLDQp1c2VkX21lbW9yeV9wZWFrX3BlcmM6MTA4LjIxJQ0KdXNlZF9tZW1vcnlfb3ZlcmhlYWQ6ODE1MjE0DQp1c2VkX21lbW9yeV9zdGFydHVwOjc2NTU4NA0KdXNlZF9tZW1vcnlfZGF0YXNldDoxMzIzNA0KdXNlZF9tZW1vcnlfZGF0YXNldF9wZXJjOjIxLjA1JQ0KdG90YWxfc3lzdGVtX21lbW9yeToyMDc2NDM0NDMyDQp0b3RhbF9zeXN0ZW1fbWVtb3J5X2h1bWFuOjEuOTNHDQp1c2VkX21lbW9yeV9sdWE6Mzc4ODgNCnVzZWRfbWVtb3J5X2x1YV9odW1hbjozNy4wMEsNCm1heG1lbW9yeTowDQptYXhtZW1vcnlfaHVtYW46MEINCm1heG1lbW9yeV9wb2xpY3k6bm9ldmljdGlvbg0KbWVtX2ZyYWdtZW50YXRpb25fcmF0aW86NC45NQ0KbWVtX2FsbG9jYXRvcjpqZW1hbGxvYy00LjAuMw0KYWN0aXZlX2RlZnJhZ19ydW5uaW5nOjANCmxhenlmcmVlX3BlbmRpbmdfb2JqZWN0czowDQoNCiMgUGVyc2lzdGVuY2UNCmxvYWRpbmc6MA0KcmRiX2NoYW5nZXNfc2luY2VfbGFzdF9zYXZlOjANCnJkYl9iZ3NhdmVfaW5fcHJvZ3Jlc3M6MA0KcmRiX2xhc3Rfc2F2ZV90aW1lOjE1MjMwNDM3MDQNCnJkYl9sYXN0X2Jnc2F2ZV9zdGF0dXM6b2sNCnJkYl9sYXN0X2Jnc2F2ZV90aW1lX3NlYzotMQ0KcmRiX2N1cnJlbnRfYmdzYXZlX3RpbWVfc2VjOi0xDQpyZGJfbGFzdF9jb3dfc2l6ZTowDQphb2ZfZW5hYmxlZDowDQphb2ZfcmV3cml0ZV9pbl9wcm9ncmVzczowDQphb2ZfcmV3cml0ZV9zY2hlZHVsZWQ6MA0KYW9mX2xhc3RfcmV3cml0ZV90aW1lX3NlYzotMQ0KYW9mX2N1cnJlbnRfcmV3cml0ZV90aW1lX3NlYzotMQ0KYW9mX2xhc3RfYmdyZXdyaXRlX3N0YXR1czpvaw0KYW9mX2xhc3Rfd3JpdGVfc3RhdHVzOm9rDQphb2ZfbGFzdF9jb3dfc2l6ZTowDQoNCiMgU3RhdHMNCnRvdGFsX2Nvbm5lY3Rpb25zX3JlY2VpdmVkOjENCnRvdGFsX2NvbW1hbmRzX3Byb2Nlc3NlZDoxDQppbnN0YW50YW5lb3VzX29wc19wZXJfc2VjOjANCnRvdGFsX25ldF9pbnB1dF9ieXRlczoyOA0KdG90YWxfbmV0X291dHB1dF9ieXRlczo3DQppbnN0YW50YW5lb3VzX2lucHV0X2ticHM6MC4wMA0KaW5zdGFudGFuZW91c19vdXRwdXRfa2JwczowLjAwDQpyZWplY3RlZF9jb25uZWN0aW9uczowDQpzeW5jX2Z1bGw6MA0Kc3luY19wYXJ0aWFsX29rOjANCnN5bmNfcGFydGlhbF9lcnI6MA0KZXhwaXJlZF9rZXlzOjANCmV2aWN0ZWRfa2V5czowDQprZXlzcGFjZV9oaXRzOjANCmtleXNwYWNlX21pc3NlczowDQpwdWJzdWJfY2hhbm5lbHM6MA0KcHVic3ViX3BhdHRlcm5zOjANCmxhdGVzdF9mb3JrX3VzZWM6MA0KbWlncmF0ZV9jYWNoZWRfc29ja2V0czowDQpzbGF2ZV9leHBpcmVzX3RyYWNrZWRfa2V5czowDQphY3RpdmVfZGVmcmFnX2hpdHM6MA0KYWN0aXZlX2RlZnJhZ19taXNzZXM6MA0KYWN0aXZlX2RlZnJhZ19rZXlfaGl0czowDQphY3RpdmVfZGVmcmFnX2tleV9taXNzZXM6MA0KDQojIFJlcGxpY2F0aW9uDQpyb2xlOm1hc3Rlcg0KY29ubmVjdGVkX3NsYXZlczowDQptYXN0ZXJfcmVwbGlkOmU5ODQ0MGU1YTZjNmZjNjA1ZTBlZDEyNmYxMDBiNGY5OTU5NDQyMjYNCm1hc3Rlcl9yZXBsaWQyOjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDANCm1hc3Rlcl9yZXBsX29mZnNldDowDQpzZWNvbmRfcmVwbF9vZmZzZXQ6LTENCnJlcGxfYmFja2xvZ19hY3RpdmU6MA0KcmVwbF9iYWNrbG9nX3NpemU6MTA0ODU3Ng0KcmVwbF9iYWNrbG9nX2ZpcnN0X2J5dGVfb2Zmc2V0OjANCnJlcGxfYmFja2xvZ19oaXN0bGVuOjANCg0KIyBDUFUNCnVzZWRfY3B1X3N5czowLjAyDQp1c2VkX2NwdV91c2VyOjAuMDUNCnVzZWRfY3B1X3N5c19jaGlsZHJlbjowLjAwDQp1c2VkX2NwdV91c2VyX2NoaWxkcmVuOjAuMDANCg0KIyBDbHVzdGVyDQpjbHVzdGVyX2VuYWJsZWQ6MA0KDQojIEtleXNwYWNlDQoNCg==","LUVSUiB1bmtub3duIGNvbW1hbmQgJ05PTkVYSVNURU5UJw0K","K09LDQo="],"ping_response":"PONG","info_response":"# Server\r\nredis_version:4.0.7\r\nredis_git_sha1:00000000\r\nredis_git_dirty:0\r\nredis_build_id:b6959c1042901757\r\nredis_mode:standalone\r\nos:Linux 4.9.87-linuxkit-aufs x86_64\r\narch_bits:64\r\nmultiplexing_api:epoll\r\natomicvar_api:atomic-builtin\r\ngcc_version:4.9.2\r\nprocess_id:1\r\nrun_id:6097a0c3e1c4cc31ce6b12ea4b6a6166a1e75104\r\ntcp_port:6379\r\nuptime_in_seconds:1\r\nuptime_in_days:0\r\nhz:10\r\nlru_clock:13094266\r\nexecutable:/data/redis-server\r\nconfig_file://usr/local/etc/redis/default.conf\r\n\r\n# Clients\r\nconnected_clients:1\r\nclient_longest_output_list:0\r\nclient_biggest_input_buf:0\r\nblocked_clients:0\r\n\r\n# Memory\r\nused_memory:828448\r\nused_memory_human:809.03K\r\nused_memory_rss:4100096\r\nused_memory_rss_human:3.91M\r\nused_memory_peak:828448\r\nused_memory_peak_human:809.03K\r\nused_memory_peak_perc:108.21%\r\nused_memory_overhead:815214\r\nused_memory_startup:765584\r\nused_memory_dataset:13234\r\nused_memory_dataset_perc:21.05%\r\ntotal_system_memory:2076434432\r\ntotal_system_memory_human:1.93G\r\nused_memory_lua:37888\r\nused_memory_lua_human:37.00K\r\nmaxmemory:0\r\nmaxmemory_human:0B\r\nmaxmemory_policy:noeviction\r\nmem_fragmentation_ratio:4.95\r\nmem_allocator:jemalloc-4.0.3\r\nactive_defrag_running:0\r\nlazyfree_pending_objects:0\r\n\r\n# Persistence\r\nloading:0\r\nrdb_changes_since_last_save:0\r\nrdb_bgsave_in_progress:0\r\nrdb_last_save_time:1523043704\r\nrdb_last_bgsave_status:ok\r\nrdb_last_bgsave_time_sec:-1\r\nrdb_current_bgsave_time_sec:-1\r\nrdb_last_cow_size:0\r\naof_enabled:0\r\naof_rewrite_in_progress:0\r\naof_rewrite_scheduled:0\r\naof_last_rewrite_time_sec:-1\r\naof_current_rewrite_time_sec:-1\r\naof_last_bgrewrite_status:ok\r\naof_last_write_status:ok\r\naof_last_cow_size:0\r\n\r\n# Stats\r\ntotal_connections_received:1\r\ntotal_commands_processed:1\r\ninstantaneous_ops_per_sec:0\r\ntotal_net_input_bytes:28\r\ntotal_net_output_bytes:7\r\ninstantaneous_input_kbps:0.00\r\ninstantaneous_output_kbps:0.00\r\nrejected_connections:0\r\nsync_full:0\r\nsync_partial_ok:0\r\nsync_partial_err:0\r\nexpired_keys:0\r\nevicted_keys:0\r\nkeyspace_hits:0\r\nkeyspace_misses:0\r\npubsub_channels:0\r\npubsub_patterns:0\r\nlatest_fork_usec:0\r\nmigrate_cached_sockets:0\r\nslave_expires_tracked_keys:0\r\nactive_defrag_hits:0\r\nactive_defrag_misses:0\r\nactive_defrag_key_hits:0\r\nactive_defrag_key_misses:0\r\n\r\n# Replication\r\nrole:master\r\nconnected_slaves:0\r\nmaster_replid:e98440e5a6c6fc605e0ed126f100b4f995944226\r\nmaster_replid2:0000000000000000000000000000000000000000\r\nmaster_repl_offset:0\r\nsecond_repl_offset:-1\r\nrepl_backlog_active:0\r\nrepl_backlog_size:1048576\r\nrepl_backlog_first_byte_offset:0\r\nrepl_backlog_histlen:0\r\n\r\n# CPU\r\nused_cpu_sys:0.02\r\nused_cpu_user:0.05\r\nused_cpu_sys_children:0.00\r\nused_cpu_user_children:0.00\r\n\r\n# Cluster\r\ncluster_enabled:0\r\n\r\n# Keyspace\r\n","quit_response":"OK","nonexistent_response":"(Error: ERR unknown command 'NONEXISTENT')","version":"4.0.7"},"timestamp":"2018-04-06T19:41:46Z"}}} diff --git a/schemas/testdata/redis-password-inline.json b/schemas/testdata/redis-password-inline.json new file mode 100644 index 0000000..fb9cf9b --- /dev/null +++ b/schemas/testdata/redis-password-inline.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"redis":{"status":"success","protocol":"redis","result":{"commands":["PING","INFO","NONEXISTENT","QUIT"],"raw_command_output":["LU5PQVVUSCBBdXRoZW50aWNhdGlvbiByZXF1aXJlZC4NCg==","LU5PQVVUSCBBdXRoZW50aWNhdGlvbiByZXF1aXJlZC4NCg==","LUVSUiB1bmtub3duIGNvbW1hbmQgJ05PTkVYSVNURU5UJw0K","K09LDQo="],"ping_response":"(Error: NOAUTH Authentication required.)","info_response":"(Error: NOAUTH Authentication required.)","quit_response":"OK","nonexistent_response":"(Error: ERR unknown command 'NONEXISTENT')"},"timestamp":"2018-04-06T19:41:52Z"}}} diff --git a/schemas/testdata/redis-password-normal.json b/schemas/testdata/redis-password-normal.json new file mode 100644 index 0000000..30cfe44 --- /dev/null +++ b/schemas/testdata/redis-password-normal.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"redis":{"status":"success","protocol":"redis","result":{"commands":["PING","INFO","NONEXISTENT","QUIT"],"raw_command_output":["LU5PQVVUSCBBdXRoZW50aWNhdGlvbiByZXF1aXJlZC4NCg==","LU5PQVVUSCBBdXRoZW50aWNhdGlvbiByZXF1aXJlZC4NCg==","LUVSUiB1bmtub3duIGNvbW1hbmQgJ05PTkVYSVNURU5UJw0K","K09LDQo="],"ping_response":"(Error: NOAUTH Authentication required.)","info_response":"(Error: NOAUTH Authentication required.)","quit_response":"OK","nonexistent_response":"(Error: ERR unknown command 'NONEXISTENT')"},"timestamp":"2018-04-06T19:41:50Z"}}} diff --git a/schemas/testdata/redis-renamed-inline.json b/schemas/testdata/redis-renamed-inline.json new file mode 100644 index 0000000..8133b29 --- /dev/null +++ b/schemas/testdata/redis-renamed-inline.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"redis":{"status":"success","protocol":"redis","result":{"commands":["PING","INFO","NONEXISTENT","QUIT"],"raw_command_output":["LUVSUiB1bmtub3duIGNvbW1hbmQgJ1BJTkcnDQo=","JDI2NzUNCiMgU2VydmVyDQpyZWRpc192ZXJzaW9uOjQuMC43DQpyZWRpc19naXRfc2hhMTowMDAwMDAwMA0KcmVkaXNfZ2l0X2RpcnR5OjANCnJlZGlzX2J1aWxkX2lkOmI2OTU5YzEwNDI5MDE3NTcNCnJlZGlzX21vZGU6c3RhbmRhbG9uZQ0Kb3M6TGludXggNC45Ljg3LWxpbnV4a2l0LWF1ZnMgeDg2XzY0DQphcmNoX2JpdHM6NjQNCm11bHRpcGxleGluZ19hcGk6ZXBvbGwNCmF0b21pY3Zhcl9hcGk6YXRvbWljLWJ1aWx0aW4NCmdjY192ZXJzaW9uOjQuOS4yDQpwcm9jZXNzX2lkOjENCnJ1bl9pZDplMDQ4ODFjNGM3YWFhZjk1MWJjMjk2YjMxMTA2NWMzYTkxNDU2OGRkDQp0Y3BfcG9ydDo2Mzc5DQp1cHRpbWVfaW5fc2Vjb25kczoxMw0KdXB0aW1lX2luX2RheXM6MA0KaHo6MTANCmxydV9jbG9jazoxMzA5NDI3Ng0KZXhlY3V0YWJsZTovZGF0YS9yZWRpcy1zZXJ2ZXINCmNvbmZpZ19maWxlOi8vdXNyL2xvY2FsL2V0Yy9yZWRpcy9yZW5hbWVkLmNvbmYNCg0KIyBDbGllbnRzDQpjb25uZWN0ZWRfY2xpZW50czoxDQpjbGllbnRfbG9uZ2VzdF9vdXRwdXRfbGlzdDowDQpjbGllbnRfYmlnZ2VzdF9pbnB1dF9idWY6MA0KYmxvY2tlZF9jbGllbnRzOjANCg0KIyBNZW1vcnkNCnVzZWRfbWVtb3J5OjgyODQ0MA0KdXNlZF9tZW1vcnlfaHVtYW46ODA5LjAySw0KdXNlZF9tZW1vcnlfcnNzOjQxMTY0ODANCnVzZWRfbWVtb3J5X3Jzc19odW1hbjozLjkzTQ0KdXNlZF9tZW1vcnlfcGVhazo4Mjg0NDANCnVzZWRfbWVtb3J5X3BlYWtfaHVtYW46ODA5LjAySw0KdXNlZF9tZW1vcnlfcGVha19wZXJjOjEwMC4wMCUNCnVzZWRfbWVtb3J5X292ZXJoZWFkOjgxNTE5OA0KdXNlZF9tZW1vcnlfc3RhcnR1cDo3NjU1NjgNCnVzZWRfbWVtb3J5X2RhdGFzZXQ6MTMyNDINCnVzZWRfbWVtb3J5X2RhdGFzZXRfcGVyYzoyMS4wNiUNCnRvdGFsX3N5c3RlbV9tZW1vcnk6MjA3NjQzNDQzMg0KdG90YWxfc3lzdGVtX21lbW9yeV9odW1hbjoxLjkzRw0KdXNlZF9tZW1vcnlfbHVhOjM3ODg4DQp1c2VkX21lbW9yeV9sdWFfaHVtYW46MzcuMDBLDQptYXhtZW1vcnk6MA0KbWF4bWVtb3J5X2h1bWFuOjBCDQptYXhtZW1vcnlfcG9saWN5Om5vZXZpY3Rpb24NCm1lbV9mcmFnbWVudGF0aW9uX3JhdGlvOjQuOTcNCm1lbV9hbGxvY2F0b3I6amVtYWxsb2MtNC4wLjMNCmFjdGl2ZV9kZWZyYWdfcnVubmluZzowDQpsYXp5ZnJlZV9wZW5kaW5nX29iamVjdHM6MA0KDQojIFBlcnNpc3RlbmNlDQpsb2FkaW5nOjANCnJkYl9jaGFuZ2VzX3NpbmNlX2xhc3Rfc2F2ZTowDQpyZGJfYmdzYXZlX2luX3Byb2dyZXNzOjANCnJkYl9sYXN0X3NhdmVfdGltZToxNTIzMDQzNzAzDQpyZGJfbGFzdF9iZ3NhdmVfc3RhdHVzOm9rDQpyZGJfbGFzdF9iZ3NhdmVfdGltZV9zZWM6LTENCnJkYl9jdXJyZW50X2Jnc2F2ZV90aW1lX3NlYzotMQ0KcmRiX2xhc3RfY293X3NpemU6MA0KYW9mX2VuYWJsZWQ6MA0KYW9mX3Jld3JpdGVfaW5fcHJvZ3Jlc3M6MA0KYW9mX3Jld3JpdGVfc2NoZWR1bGVkOjANCmFvZl9sYXN0X3Jld3JpdGVfdGltZV9zZWM6LTENCmFvZl9jdXJyZW50X3Jld3JpdGVfdGltZV9zZWM6LTENCmFvZl9sYXN0X2JncmV3cml0ZV9zdGF0dXM6b2sNCmFvZl9sYXN0X3dyaXRlX3N0YXR1czpvaw0KYW9mX2xhc3RfY293X3NpemU6MA0KDQojIFN0YXRzDQp0b3RhbF9jb25uZWN0aW9uc19yZWNlaXZlZDoyDQp0b3RhbF9jb21tYW5kc19wcm9jZXNzZWQ6MQ0KaW5zdGFudGFuZW91c19vcHNfcGVyX3NlYzowDQp0b3RhbF9uZXRfaW5wdXRfYnl0ZXM6NzYNCnRvdGFsX25ldF9vdXRwdXRfYnl0ZXM6Mjc4MQ0KaW5zdGFudGFuZW91c19pbnB1dF9rYnBzOjAuMDANCmluc3RhbnRhbmVvdXNfb3V0cHV0X2ticHM6MC4wMA0KcmVqZWN0ZWRfY29ubmVjdGlvbnM6MA0Kc3luY19mdWxsOjANCnN5bmNfcGFydGlhbF9vazowDQpzeW5jX3BhcnRpYWxfZXJyOjANCmV4cGlyZWRfa2V5czowDQpldmljdGVkX2tleXM6MA0Ka2V5c3BhY2VfaGl0czowDQprZXlzcGFjZV9taXNzZXM6MA0KcHVic3ViX2NoYW5uZWxzOjANCnB1YnN1Yl9wYXR0ZXJuczowDQpsYXRlc3RfZm9ya191c2VjOjANCm1pZ3JhdGVfY2FjaGVkX3NvY2tldHM6MA0Kc2xhdmVfZXhwaXJlc190cmFja2VkX2tleXM6MA0KYWN0aXZlX2RlZnJhZ19oaXRzOjANCmFjdGl2ZV9kZWZyYWdfbWlzc2VzOjANCmFjdGl2ZV9kZWZyYWdfa2V5X2hpdHM6MA0KYWN0aXZlX2RlZnJhZ19rZXlfbWlzc2VzOjANCg0KIyBSZXBsaWNhdGlvbg0Kcm9sZTptYXN0ZXINCmNvbm5lY3RlZF9zbGF2ZXM6MA0KbWFzdGVyX3JlcGxpZDpiNzYzYzExOTQ1YTc2MTcxMWIxZjc2MDkwOTE3ZjY5OWU0ZTY3MDhkDQptYXN0ZXJfcmVwbGlkMjowMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwDQptYXN0ZXJfcmVwbF9vZmZzZXQ6MA0Kc2Vjb25kX3JlcGxfb2Zmc2V0Oi0xDQpyZXBsX2JhY2tsb2dfYWN0aXZlOjANCnJlcGxfYmFja2xvZ19zaXplOjEwNDg1NzYNCnJlcGxfYmFja2xvZ19maXJzdF9ieXRlX29mZnNldDowDQpyZXBsX2JhY2tsb2dfaGlzdGxlbjowDQoNCiMgQ1BVDQp1c2VkX2NwdV9zeXM6MC4wMA0KdXNlZF9jcHVfdXNlcjowLjA4DQp1c2VkX2NwdV9zeXNfY2hpbGRyZW46MC4wMA0KdXNlZF9jcHVfdXNlcl9jaGlsZHJlbjowLjAwDQoNCiMgQ2x1c3Rlcg0KY2x1c3Rlcl9lbmFibGVkOjANCg0KIyBLZXlzcGFjZQ0KDQo=","LUVSUiB1bmtub3duIGNvbW1hbmQgJ05PTkVYSVNURU5UJw0K","K09LDQo="],"ping_response":"(Error: ERR unknown command 'PING')","info_response":"# Server\r\nredis_version:4.0.7\r\nredis_git_sha1:00000000\r\nredis_git_dirty:0\r\nredis_build_id:b6959c1042901757\r\nredis_mode:standalone\r\nos:Linux 4.9.87-linuxkit-aufs x86_64\r\narch_bits:64\r\nmultiplexing_api:epoll\r\natomicvar_api:atomic-builtin\r\ngcc_version:4.9.2\r\nprocess_id:1\r\nrun_id:e04881c4c7aaaf951bc296b311065c3a914568dd\r\ntcp_port:6379\r\nuptime_in_seconds:13\r\nuptime_in_days:0\r\nhz:10\r\nlru_clock:13094276\r\nexecutable:/data/redis-server\r\nconfig_file://usr/local/etc/redis/renamed.conf\r\n\r\n# Clients\r\nconnected_clients:1\r\nclient_longest_output_list:0\r\nclient_biggest_input_buf:0\r\nblocked_clients:0\r\n\r\n# Memory\r\nused_memory:828440\r\nused_memory_human:809.02K\r\nused_memory_rss:4116480\r\nused_memory_rss_human:3.93M\r\nused_memory_peak:828440\r\nused_memory_peak_human:809.02K\r\nused_memory_peak_perc:100.00%\r\nused_memory_overhead:815198\r\nused_memory_startup:765568\r\nused_memory_dataset:13242\r\nused_memory_dataset_perc:21.06%\r\ntotal_system_memory:2076434432\r\ntotal_system_memory_human:1.93G\r\nused_memory_lua:37888\r\nused_memory_lua_human:37.00K\r\nmaxmemory:0\r\nmaxmemory_human:0B\r\nmaxmemory_policy:noeviction\r\nmem_fragmentation_ratio:4.97\r\nmem_allocator:jemalloc-4.0.3\r\nactive_defrag_running:0\r\nlazyfree_pending_objects:0\r\n\r\n# Persistence\r\nloading:0\r\nrdb_changes_since_last_save:0\r\nrdb_bgsave_in_progress:0\r\nrdb_last_save_time:1523043703\r\nrdb_last_bgsave_status:ok\r\nrdb_last_bgsave_time_sec:-1\r\nrdb_current_bgsave_time_sec:-1\r\nrdb_last_cow_size:0\r\naof_enabled:0\r\naof_rewrite_in_progress:0\r\naof_rewrite_scheduled:0\r\naof_last_rewrite_time_sec:-1\r\naof_current_rewrite_time_sec:-1\r\naof_last_bgrewrite_status:ok\r\naof_last_write_status:ok\r\naof_last_cow_size:0\r\n\r\n# Stats\r\ntotal_connections_received:2\r\ntotal_commands_processed:1\r\ninstantaneous_ops_per_sec:0\r\ntotal_net_input_bytes:76\r\ntotal_net_output_bytes:2781\r\ninstantaneous_input_kbps:0.00\r\ninstantaneous_output_kbps:0.00\r\nrejected_connections:0\r\nsync_full:0\r\nsync_partial_ok:0\r\nsync_partial_err:0\r\nexpired_keys:0\r\nevicted_keys:0\r\nkeyspace_hits:0\r\nkeyspace_misses:0\r\npubsub_channels:0\r\npubsub_patterns:0\r\nlatest_fork_usec:0\r\nmigrate_cached_sockets:0\r\nslave_expires_tracked_keys:0\r\nactive_defrag_hits:0\r\nactive_defrag_misses:0\r\nactive_defrag_key_hits:0\r\nactive_defrag_key_misses:0\r\n\r\n# Replication\r\nrole:master\r\nconnected_slaves:0\r\nmaster_replid:b763c11945a761711b1f76090917f699e4e6708d\r\nmaster_replid2:0000000000000000000000000000000000000000\r\nmaster_repl_offset:0\r\nsecond_repl_offset:-1\r\nrepl_backlog_active:0\r\nrepl_backlog_size:1048576\r\nrepl_backlog_first_byte_offset:0\r\nrepl_backlog_histlen:0\r\n\r\n# CPU\r\nused_cpu_sys:0.00\r\nused_cpu_user:0.08\r\nused_cpu_sys_children:0.00\r\nused_cpu_user_children:0.00\r\n\r\n# Cluster\r\ncluster_enabled:0\r\n\r\n# Keyspace\r\n","quit_response":"OK","nonexistent_response":"(Error: ERR unknown command 'NONEXISTENT')","version":"4.0.7"},"timestamp":"2018-04-06T19:41:56Z"}}} diff --git a/schemas/testdata/redis-renamed-normal.json b/schemas/testdata/redis-renamed-normal.json new file mode 100644 index 0000000..d049187 --- /dev/null +++ b/schemas/testdata/redis-renamed-normal.json @@ -0,0 +1 @@ +{"ip":"172.17.0.4","domain":"target","data":{"redis":{"status":"success","protocol":"redis","result":{"commands":["PING","INFO","NONEXISTENT","QUIT"],"raw_command_output":["LUVSUiB1bmtub3duIGNvbW1hbmQgJ1BJTkcnDQo=","JDI2NzMNCiMgU2VydmVyDQpyZWRpc192ZXJzaW9uOjQuMC43DQpyZWRpc19naXRfc2hhMTowMDAwMDAwMA0KcmVkaXNfZ2l0X2RpcnR5OjANCnJlZGlzX2J1aWxkX2lkOmI2OTU5YzEwNDI5MDE3NTcNCnJlZGlzX21vZGU6c3RhbmRhbG9uZQ0Kb3M6TGludXggNC45Ljg3LWxpbnV4a2l0LWF1ZnMgeDg2XzY0DQphcmNoX2JpdHM6NjQNCm11bHRpcGxleGluZ19hcGk6ZXBvbGwNCmF0b21pY3Zhcl9hcGk6YXRvbWljLWJ1aWx0aW4NCmdjY192ZXJzaW9uOjQuOS4yDQpwcm9jZXNzX2lkOjENCnJ1bl9pZDplMDQ4ODFjNGM3YWFhZjk1MWJjMjk2YjMxMTA2NWMzYTkxNDU2OGRkDQp0Y3BfcG9ydDo2Mzc5DQp1cHRpbWVfaW5fc2Vjb25kczoxMQ0KdXB0aW1lX2luX2RheXM6MA0KaHo6MTANCmxydV9jbG9jazoxMzA5NDI3NA0KZXhlY3V0YWJsZTovZGF0YS9yZWRpcy1zZXJ2ZXINCmNvbmZpZ19maWxlOi8vdXNyL2xvY2FsL2V0Yy9yZWRpcy9yZW5hbWVkLmNvbmYNCg0KIyBDbGllbnRzDQpjb25uZWN0ZWRfY2xpZW50czoxDQpjbGllbnRfbG9uZ2VzdF9vdXRwdXRfbGlzdDowDQpjbGllbnRfYmlnZ2VzdF9pbnB1dF9idWY6MA0KYmxvY2tlZF9jbGllbnRzOjANCg0KIyBNZW1vcnkNCnVzZWRfbWVtb3J5OjgyODQzMg0KdXNlZF9tZW1vcnlfaHVtYW46ODA5LjAySw0KdXNlZF9tZW1vcnlfcnNzOjQxMTY0ODANCnVzZWRfbWVtb3J5X3Jzc19odW1hbjozLjkzTQ0KdXNlZF9tZW1vcnlfcGVhazo4Mjg0MzINCnVzZWRfbWVtb3J5X3BlYWtfaHVtYW46ODA5LjAySw0KdXNlZF9tZW1vcnlfcGVha19wZXJjOjEwOC4yMSUNCnVzZWRfbWVtb3J5X292ZXJoZWFkOjgxNTE5OA0KdXNlZF9tZW1vcnlfc3RhcnR1cDo3NjU1NjgNCnVzZWRfbWVtb3J5X2RhdGFzZXQ6MTMyMzQNCnVzZWRfbWVtb3J5X2RhdGFzZXRfcGVyYzoyMS4wNSUNCnRvdGFsX3N5c3RlbV9tZW1vcnk6MjA3NjQzNDQzMg0KdG90YWxfc3lzdGVtX21lbW9yeV9odW1hbjoxLjkzRw0KdXNlZF9tZW1vcnlfbHVhOjM3ODg4DQp1c2VkX21lbW9yeV9sdWFfaHVtYW46MzcuMDBLDQptYXhtZW1vcnk6MA0KbWF4bWVtb3J5X2h1bWFuOjBCDQptYXhtZW1vcnlfcG9saWN5Om5vZXZpY3Rpb24NCm1lbV9mcmFnbWVudGF0aW9uX3JhdGlvOjQuOTcNCm1lbV9hbGxvY2F0b3I6amVtYWxsb2MtNC4wLjMNCmFjdGl2ZV9kZWZyYWdfcnVubmluZzowDQpsYXp5ZnJlZV9wZW5kaW5nX29iamVjdHM6MA0KDQojIFBlcnNpc3RlbmNlDQpsb2FkaW5nOjANCnJkYl9jaGFuZ2VzX3NpbmNlX2xhc3Rfc2F2ZTowDQpyZGJfYmdzYXZlX2luX3Byb2dyZXNzOjANCnJkYl9sYXN0X3NhdmVfdGltZToxNTIzMDQzNzAzDQpyZGJfbGFzdF9iZ3NhdmVfc3RhdHVzOm9rDQpyZGJfbGFzdF9iZ3NhdmVfdGltZV9zZWM6LTENCnJkYl9jdXJyZW50X2Jnc2F2ZV90aW1lX3NlYzotMQ0KcmRiX2xhc3RfY293X3NpemU6MA0KYW9mX2VuYWJsZWQ6MA0KYW9mX3Jld3JpdGVfaW5fcHJvZ3Jlc3M6MA0KYW9mX3Jld3JpdGVfc2NoZWR1bGVkOjANCmFvZl9sYXN0X3Jld3JpdGVfdGltZV9zZWM6LTENCmFvZl9jdXJyZW50X3Jld3JpdGVfdGltZV9zZWM6LTENCmFvZl9sYXN0X2JncmV3cml0ZV9zdGF0dXM6b2sNCmFvZl9sYXN0X3dyaXRlX3N0YXR1czpvaw0KYW9mX2xhc3RfY293X3NpemU6MA0KDQojIFN0YXRzDQp0b3RhbF9jb25uZWN0aW9uc19yZWNlaXZlZDoxDQp0b3RhbF9jb21tYW5kc19wcm9jZXNzZWQ6MA0KaW5zdGFudGFuZW91c19vcHNfcGVyX3NlYzowDQp0b3RhbF9uZXRfaW5wdXRfYnl0ZXM6MjgNCnRvdGFsX25ldF9vdXRwdXRfYnl0ZXM6MjkNCmluc3RhbnRhbmVvdXNfaW5wdXRfa2JwczowLjAwDQppbnN0YW50YW5lb3VzX291dHB1dF9rYnBzOjAuMDANCnJlamVjdGVkX2Nvbm5lY3Rpb25zOjANCnN5bmNfZnVsbDowDQpzeW5jX3BhcnRpYWxfb2s6MA0Kc3luY19wYXJ0aWFsX2VycjowDQpleHBpcmVkX2tleXM6MA0KZXZpY3RlZF9rZXlzOjANCmtleXNwYWNlX2hpdHM6MA0Ka2V5c3BhY2VfbWlzc2VzOjANCnB1YnN1Yl9jaGFubmVsczowDQpwdWJzdWJfcGF0dGVybnM6MA0KbGF0ZXN0X2ZvcmtfdXNlYzowDQptaWdyYXRlX2NhY2hlZF9zb2NrZXRzOjANCnNsYXZlX2V4cGlyZXNfdHJhY2tlZF9rZXlzOjANCmFjdGl2ZV9kZWZyYWdfaGl0czowDQphY3RpdmVfZGVmcmFnX21pc3NlczowDQphY3RpdmVfZGVmcmFnX2tleV9oaXRzOjANCmFjdGl2ZV9kZWZyYWdfa2V5X21pc3NlczowDQoNCiMgUmVwbGljYXRpb24NCnJvbGU6bWFzdGVyDQpjb25uZWN0ZWRfc2xhdmVzOjANCm1hc3Rlcl9yZXBsaWQ6Yjc2M2MxMTk0NWE3NjE3MTFiMWY3NjA5MDkxN2Y2OTllNGU2NzA4ZA0KbWFzdGVyX3JlcGxpZDI6MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMA0KbWFzdGVyX3JlcGxfb2Zmc2V0OjANCnNlY29uZF9yZXBsX29mZnNldDotMQ0KcmVwbF9iYWNrbG9nX2FjdGl2ZTowDQpyZXBsX2JhY2tsb2dfc2l6ZToxMDQ4NTc2DQpyZXBsX2JhY2tsb2dfZmlyc3RfYnl0ZV9vZmZzZXQ6MA0KcmVwbF9iYWNrbG9nX2hpc3RsZW46MA0KDQojIENQVQ0KdXNlZF9jcHVfc3lzOjAuMDANCnVzZWRfY3B1X3VzZXI6MC4wOA0KdXNlZF9jcHVfc3lzX2NoaWxkcmVuOjAuMDANCnVzZWRfY3B1X3VzZXJfY2hpbGRyZW46MC4wMA0KDQojIENsdXN0ZXINCmNsdXN0ZXJfZW5hYmxlZDowDQoNCiMgS2V5c3BhY2UNCg0K","LUVSUiB1bmtub3duIGNvbW1hbmQgJ05PTkVYSVNURU5UJw0K","K09LDQo="],"ping_response":"(Error: ERR unknown command 'PING')","info_response":"# Server\r\nredis_version:4.0.7\r\nredis_git_sha1:00000000\r\nredis_git_dirty:0\r\nredis_build_id:b6959c1042901757\r\nredis_mode:standalone\r\nos:Linux 4.9.87-linuxkit-aufs x86_64\r\narch_bits:64\r\nmultiplexing_api:epoll\r\natomicvar_api:atomic-builtin\r\ngcc_version:4.9.2\r\nprocess_id:1\r\nrun_id:e04881c4c7aaaf951bc296b311065c3a914568dd\r\ntcp_port:6379\r\nuptime_in_seconds:11\r\nuptime_in_days:0\r\nhz:10\r\nlru_clock:13094274\r\nexecutable:/data/redis-server\r\nconfig_file://usr/local/etc/redis/renamed.conf\r\n\r\n# Clients\r\nconnected_clients:1\r\nclient_longest_output_list:0\r\nclient_biggest_input_buf:0\r\nblocked_clients:0\r\n\r\n# Memory\r\nused_memory:828432\r\nused_memory_human:809.02K\r\nused_memory_rss:4116480\r\nused_memory_rss_human:3.93M\r\nused_memory_peak:828432\r\nused_memory_peak_human:809.02K\r\nused_memory_peak_perc:108.21%\r\nused_memory_overhead:815198\r\nused_memory_startup:765568\r\nused_memory_dataset:13234\r\nused_memory_dataset_perc:21.05%\r\ntotal_system_memory:2076434432\r\ntotal_system_memory_human:1.93G\r\nused_memory_lua:37888\r\nused_memory_lua_human:37.00K\r\nmaxmemory:0\r\nmaxmemory_human:0B\r\nmaxmemory_policy:noeviction\r\nmem_fragmentation_ratio:4.97\r\nmem_allocator:jemalloc-4.0.3\r\nactive_defrag_running:0\r\nlazyfree_pending_objects:0\r\n\r\n# Persistence\r\nloading:0\r\nrdb_changes_since_last_save:0\r\nrdb_bgsave_in_progress:0\r\nrdb_last_save_time:1523043703\r\nrdb_last_bgsave_status:ok\r\nrdb_last_bgsave_time_sec:-1\r\nrdb_current_bgsave_time_sec:-1\r\nrdb_last_cow_size:0\r\naof_enabled:0\r\naof_rewrite_in_progress:0\r\naof_rewrite_scheduled:0\r\naof_last_rewrite_time_sec:-1\r\naof_current_rewrite_time_sec:-1\r\naof_last_bgrewrite_status:ok\r\naof_last_write_status:ok\r\naof_last_cow_size:0\r\n\r\n# Stats\r\ntotal_connections_received:1\r\ntotal_commands_processed:0\r\ninstantaneous_ops_per_sec:0\r\ntotal_net_input_bytes:28\r\ntotal_net_output_bytes:29\r\ninstantaneous_input_kbps:0.00\r\ninstantaneous_output_kbps:0.00\r\nrejected_connections:0\r\nsync_full:0\r\nsync_partial_ok:0\r\nsync_partial_err:0\r\nexpired_keys:0\r\nevicted_keys:0\r\nkeyspace_hits:0\r\nkeyspace_misses:0\r\npubsub_channels:0\r\npubsub_patterns:0\r\nlatest_fork_usec:0\r\nmigrate_cached_sockets:0\r\nslave_expires_tracked_keys:0\r\nactive_defrag_hits:0\r\nactive_defrag_misses:0\r\nactive_defrag_key_hits:0\r\nactive_defrag_key_misses:0\r\n\r\n# Replication\r\nrole:master\r\nconnected_slaves:0\r\nmaster_replid:b763c11945a761711b1f76090917f699e4e6708d\r\nmaster_replid2:0000000000000000000000000000000000000000\r\nmaster_repl_offset:0\r\nsecond_repl_offset:-1\r\nrepl_backlog_active:0\r\nrepl_backlog_size:1048576\r\nrepl_backlog_first_byte_offset:0\r\nrepl_backlog_histlen:0\r\n\r\n# CPU\r\nused_cpu_sys:0.00\r\nused_cpu_user:0.08\r\nused_cpu_sys_children:0.00\r\nused_cpu_user_children:0.00\r\n\r\n# Cluster\r\ncluster_enabled:0\r\n\r\n# Keyspace\r\n","quit_response":"OK","nonexistent_response":"(Error: ERR unknown command 'NONEXISTENT')","version":"4.0.7"},"timestamp":"2018-04-06T19:41:54Z"}}} diff --git a/schemas/testdata/smtp-00.json b/schemas/testdata/smtp-00.json new file mode 100644 index 0000000..053a597 --- /dev/null +++ b/schemas/testdata/smtp-00.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"smtp":{"status":"success","protocol":"smtp","result":{"banner":"220 ba06a6536f7e ESMTP qpsmtpd 0.94 ready; send us your mail, but not your spam.\r\n"},"timestamp":"2018-04-06T19:42:03Z"}}} diff --git a/schemas/testdata/smtp-ehlo.03.json b/schemas/testdata/smtp-ehlo.03.json new file mode 100644 index 0000000..0efaf48 --- /dev/null +++ b/schemas/testdata/smtp-ehlo.03.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"smtp":{"status":"success","protocol":"smtp","result":{"banner":"220 ba06a6536f7e ESMTP qpsmtpd 0.94 ready; send us your mail, but not your spam.\r\n","ehlo":"501 ehlo requires domain/address - see RFC-2821 4.1.1.1\r\n"},"timestamp":"2018-04-06T19:42:10Z"}}} diff --git a/schemas/testdata/smtp-ehlo.04.json b/schemas/testdata/smtp-ehlo.04.json new file mode 100644 index 0000000..057707c --- /dev/null +++ b/schemas/testdata/smtp-ehlo.04.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"smtp":{"status":"success","protocol":"smtp","result":{"banner":"220 ba06a6536f7e ESMTP qpsmtpd 0.94 ready; send us your mail, but not your spam.\r\n","ehlo":"250-ba06a6536f7e Hi Unknown [172.17.0.4]\r\n250-PIPELINING\r\n250 8BITMIME\r\n"},"timestamp":"2018-04-06T19:42:12Z"}}} diff --git a/schemas/testdata/smtp-ehlo.quit.05.json b/schemas/testdata/smtp-ehlo.quit.05.json new file mode 100644 index 0000000..58b1969 --- /dev/null +++ b/schemas/testdata/smtp-ehlo.quit.05.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"smtp":{"status":"success","protocol":"smtp","result":{"banner":"220 ba06a6536f7e ESMTP qpsmtpd 0.94 ready; send us your mail, but not your spam.\r\n","ehlo":"250-ba06a6536f7e Hi Unknown [172.17.0.4]\r\n250-PIPELINING\r\n250 8BITMIME\r\n","quit":"221 ba06a6536f7e closing connection. Have a wonderful day.\r\n"},"timestamp":"2018-04-06T19:42:14Z"}}} diff --git a/schemas/testdata/smtp-helo.01.json b/schemas/testdata/smtp-helo.01.json new file mode 100644 index 0000000..b5ffd03 --- /dev/null +++ b/schemas/testdata/smtp-helo.01.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"smtp":{"status":"success","protocol":"smtp","result":{"banner":"220 ba06a6536f7e ESMTP qpsmtpd 0.94 ready; send us your mail, but not your spam.\r\n","helo":"501 helo requires domain/address - see RFC-2821 4.1.1.1\r\n"},"timestamp":"2018-04-06T19:42:05Z"}}} diff --git a/schemas/testdata/smtp-helo.02.json b/schemas/testdata/smtp-helo.02.json new file mode 100644 index 0000000..a490a0a --- /dev/null +++ b/schemas/testdata/smtp-helo.02.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"smtp":{"status":"success","protocol":"smtp","result":{"banner":"220 ba06a6536f7e ESMTP qpsmtpd 0.94 ready; send us your mail, but not your spam.\r\n","helo":"250 ba06a6536f7e Hi Unknown [172.17.0.4]; I am so happy to meet you.\r\n"},"timestamp":"2018-04-06T19:42:08Z"}}} diff --git a/schemas/testdata/smtp-help.quit.06.json b/schemas/testdata/smtp-help.quit.06.json new file mode 100644 index 0000000..c72b813 --- /dev/null +++ b/schemas/testdata/smtp-help.quit.06.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"smtp":{"status":"success","protocol":"smtp","result":{"banner":"220 ba06a6536f7e ESMTP qpsmtpd 0.94 ready; send us your mail, but not your spam.\r\n","help":"214-This is qpsmtpd 0.94\r\n214-See http://smtpd.develooper.com/\r\n214 To report bugs or send comments, mail to \u003cask@develooper.com\u003e.\r\n","quit":"221 ba06a6536f7e closing connection. Have a wonderful day.\r\n"},"timestamp":"2018-04-06T19:42:16Z"}}} diff --git a/schemas/testdata/ssh-ssh.json b/schemas/testdata/ssh-ssh.json new file mode 100644 index 0000000..109256b --- /dev/null +++ b/schemas/testdata/ssh-ssh.json @@ -0,0 +1 @@ +{"ip":"172.17.0.3","domain":"target","data":{"ssh":{"status":"success","protocol":"ssh","result":{"server_id":{"raw":"SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4","version":"2.0","software":"OpenSSH_7.2p2","comment":"Ubuntu-4ubuntu2.4"},"server_key_exchange":{"cookie":"dl2LAEeZ7cvx0xQrjs3PXw==","kex_algorithms":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha1"],"host_key_algorithms":["ssh-rsa","rsa-sha2-512","rsa-sha2-256","ecdsa-sha2-nistp256","ssh-ed25519"],"client_to_server_ciphers":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"server_to_client_ciphers":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"client_to_server_macs":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"server_to_client_macs":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"client_to_server_compression":["none","zlib@openssh.com"],"server_to_client_compression":["none","zlib@openssh.com"],"first_kex_follows":false,"reserved":0},"algorithm_selection":{"dh_kex_algorithm":"curve25519-sha256@libssh.org","host_key_algorithm":"ecdsa-sha2-nistp256","client_to_server_alg_group":{"cipher":"aes128-ctr","mac":"hmac-sha2-256","compression":"none"},"server_to_client_alg_group":{"cipher":"aes128-ctr","mac":"hmac-sha2-256","compression":"none"}},"key_exchange":{"curve25519_sha256_params":{"server_public":"d4LbboNPD+8feM4s2PjROJW07xbSpBq/rQSldP8SnAI="},"server_signature":{"parsed":{"algorithm":"ecdsa-sha2-nistp256","value":"AAAAIFqqEqz8qdIqvCHDUQzepCw/fRpyQFHaHjkLvg9C+NJ7AAAAIFRVKDWwRPnaRlrvL3147jTgAf4qAehT4D3Q/RW/LvlX"},"raw":"AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABIAAAAIFqqEqz8qdIqvCHDUQzepCw/fRpyQFHaHjkLvg9C+NJ7AAAAIFRVKDWwRPnaRlrvL3147jTgAf4qAehT4D3Q/RW/LvlX","h":"haFWxro3i4labGImawWJNSwaYHLTXHuGPkftgpn2/Fw="},"server_host_key":{"ecdsa_public_key":{"b":"WsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEs=","curve":"P-256","gx":"axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpY=","gy":"T+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfU=","length":256,"n":"/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVE=","p":"/////wAAAAEAAAAAAAAAAAAAAAD///////////////8=","x":"3QgLyFDQbJyY6jJjNOzE4CzMaNC4Yd7Kg94UehDQ+2w=","y":"qKKVU7Mj4ISCphTGoa/fpv9XVVP9EPJ4tXmYdvAbzgs="},"raw":"AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN0IC8hQ0GycmOoyYzTsxOAszGjQuGHeyoPeFHoQ0PtsqKKVU7Mj4ISCphTGoa/fpv9XVVP9EPJ4tXmYdvAbzgs=","algorithm":"ecdsa-sha2-nistp256","fingerprint_sha256":"691e8c65d86720d072fc5610f8976df184af64a91aea986a2de55a1abc0179dc"}}},"timestamp":"2018-04-06T19:42:32Z"}}} diff --git a/schemas/testdata/telnet-telnet.json b/schemas/testdata/telnet-telnet.json new file mode 100644 index 0000000..5e97dda --- /dev/null +++ b/schemas/testdata/telnet-telnet.json @@ -0,0 +1 @@ +{"ip":"172.17.0.2","domain":"target","data":{"telnet":{"status":"success","protocol":"telnet","result":{"banner":"Ubuntu 16.04.3 LTS\r\n5a3511f30de7 login: ","will":[{"name":"Suppress Go Ahead","value":3},{"name":"Status","value":5},{"name":"Suppress Go Ahead","value":3},{"name":"Echo","value":1}],"do":[{"name":"Terminal Type","value":24},{"name":"Terminal Speed","value":32},{"name":"X Display Location","value":35},{"name":"New Environment Option","value":39},{"name":"Echo","value":1},{"name":"Negotiate About Window Size","value":31},{"name":"Remote Flow Control","value":33}]},"timestamp":"2018-04-06T19:42:46Z"}}} diff --git a/schemas/tests.py b/schemas/tests.py new file mode 100644 index 0000000..3ca2787 --- /dev/null +++ b/schemas/tests.py @@ -0,0 +1,59 @@ +import logging +import sys +import collections +import itertools +import json +import os +import pprint +import os.path +from imp import load_source +import unittest +import zgrab2 + +logging.basicConfig(stream=sys.stderr) + +logger = logging.getLogger("zgrab2-schema-tests") + +import zschema +import zschema.registry + +def get_data_dir(): + return os.path.join(os.path.dirname(os.path.abspath(__file__)), 'testdata') + +def get_data_file(file): + return os.path.join(get_data_dir(), file) + +def get_data_files(): + dir = get_data_dir() + files = os.listdir(dir) + return [ + file for file in files if file.endswith(".json") + ] + +def get_schemas(): + return [ item for item in zgrab2.scan_response_types ] + +class SchemaTests(unittest.TestCase): + + def test_schema(self): + for schema in get_schemas(): + logger.error("checking schema %s", schema) + recname = "zgrab2-" + schema + record = zschema.registry.get_schema(recname) + record.to_bigquery(recname) + record.to_es() + record.to_flat("zgrab", schema) + + def test_docs(self): + for schema in get_schemas(): + logger.error("checking docs %s", schema) + recname = "zgrab2-" + schema + record = zschema.registry.get_schema(recname) + record.docs_es(recname) + record.docs_bq(recname) + + def test_validate(self): + record = zschema.registry.get_schema("zgrab2") + for file in get_data_files(): + with open(get_data_file(file)) as fp: + record.validate(json.load(fp))