add --retry-https flag to work with unknown HTTP/HTTPS servers; remove unused request.tls field from zschema (only used for HTTP servers, caused zschema errors because of ListOf(ListOf()))
This commit is contained in:
parent
b4ac16e630
commit
42ae30babe
@ -41,6 +41,7 @@ type Flags struct {
|
||||
Method string `long:"method" default:"GET" description:"Set HTTP request method type"`
|
||||
Endpoint string `long:"endpoint" default:"/" description:"Send an HTTP request to an endpoint"`
|
||||
UserAgent string `long:"user-agent" default:"Mozilla/5.0 zgrab/0.x" description:"Set a custom user agent"`
|
||||
RetryHTTPS bool `long:"retry-https" description:"If the initial request fails, reconnect and try with HTTPS."`
|
||||
MaxSize int `long:"max-size" default:"256" description:"Max kilobytes to read in response to an HTTP request"`
|
||||
MaxRedirects int `long:"max-redirects" default:"0" description:"Max number of redirects to follow"`
|
||||
|
||||
@ -133,6 +134,7 @@ func (scan *scan) Cleanup() {
|
||||
for _, conn := range scan.connections {
|
||||
defer conn.Close()
|
||||
}
|
||||
scan.connections = nil
|
||||
}
|
||||
}
|
||||
|
||||
@ -307,6 +309,17 @@ func (scanner *Scanner) Scan(t zgrab2.ScanTarget) (zgrab2.ScanStatus, interface{
|
||||
defer scan.Cleanup()
|
||||
err := scan.Grab()
|
||||
if err != nil {
|
||||
if scanner.config.RetryHTTPS && !scanner.config.UseHTTPS {
|
||||
scan.Cleanup()
|
||||
scanner.config.UseHTTPS = true
|
||||
retry := scanner.newHTTPScan(&t)
|
||||
defer retry.Cleanup()
|
||||
retryError := retry.Grab()
|
||||
if retryError != nil {
|
||||
return retryError.Unpack(&retry.results)
|
||||
}
|
||||
return zgrab2.SCAN_SUCCESS, &retry.results, nil
|
||||
}
|
||||
return err.Unpack(&scan.results)
|
||||
}
|
||||
return zgrab2.SCAN_SUCCESS, &scan.results, nil
|
||||
|
@ -123,8 +123,6 @@ http_request_full = SubRecord({
|
||||
"post_form": http_form_values,
|
||||
"multipart_form": http_form_values,
|
||||
"trailers": http_headers,
|
||||
# For compatibility, left tls -> tls.ConnectionState
|
||||
"tls": zcrypto.tls_connection_state,
|
||||
# The new field tls_log contains the zgrab2 TLS logs.
|
||||
"tls_log": zgrab2.tls_log
|
||||
})
|
||||
|
@ -558,16 +558,3 @@ heartbleed_log = SubRecord({
|
||||
|
||||
# zcrypto/x509/chain.go: type CertificateChain []*Certificate
|
||||
certificate_chain = ListOf(parsed_certificate)
|
||||
|
||||
# zcrypto/tls/common.go: ConnectionState (note: no `json` tags)
|
||||
tls_connection_state = SubRecord({
|
||||
"Version": Unsigned16BitInteger(),
|
||||
"HandshakeComplete": Boolean(),
|
||||
"DidResume": Boolean(),
|
||||
"CipherSuite": Unsigned16BitInteger(),
|
||||
"NegotiatedProtocol": String(),
|
||||
"NegotiatedProtocolIsMutual": Boolean(),
|
||||
"ServerName": String(),
|
||||
"PeerCertificate": parsed_certificate,
|
||||
"VerifiedChains": ListOf(certificate_chain),
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user