nameLength is used for slice allocation. If the value is unmarshaled
as a negative value, then a runtime error will occur:
runtime error: makeslice: len out of range
(this commit also includes some minor formatting cleanup)
* smb: panic in ntlmssp when unmarshaling
There are two errors here:
1. The offsets to the ParentBuf are not checked to be in-bounds
2. Types are uint64, but subtracted and compared to > 0. This allows
underflow during subtraction of the size.
* smb: check offset/length/size are positive after cast
* Add `--fail-http-to-https` to retry as HTTPS when --retry-https is used and certain known responses are encountered indicating HTTPS should be used
* Apache: HTTP/400, substring "You're speaking plain HTTP to an SSL-enabled server port"
* NGINX: HTTP/400, substring "The plain HTTP request was sent to HTTPS port"
* Add additional substring observed indicating http->https
* Add another observed substring, adjust whitespace
* Use go-ism for slicing implicitly from index 0
Co-authored-by: Adam Greene <copyright@mzpqnxow.com>
* Add support for specifying arbitrary HTTP headers
* * (Minor, Comment) Fix incorrect comment, replace with more helpful (and accurate) comment
* (Minor, Linting) Rename raw_hash => rawHash, 4 occurences (linter)
* (Minor, Linting) Rename s -> scanner, 1 occurence (linter)
* (Sanity Checking) Prevent duplicate custom headers
* (Sanity Checking) Prevent attempts to set known immutable headers (host, content-length)
* Add --custom-header-delimeter for convenience, in practice, quoting the header values that contain comma can be problematic
* Make the separator consistent for both custom-headers-names and custom-headers-values. It's just weird having them be different :>
* Spelling delimiter correctly would probably help...
* Update modules/http/scanner.go
Co-authored-by: engn33r <engn33r@users.noreply.github.com>
Co-authored-by: Adam Greene <copyright@mzpqnxow.com>
Co-authored-by: Zakir Durumeric <zakird@gmail.com>
Co-authored-by: engn33r <engn33r@users.noreply.github.com>
* Set SNI explicitly, in case it's a redirect (fix for #300)
* Fix the SNI issue correctly, using the host portion of addr, while respecting --server-name and --no-sni
* Clean up double error logging pointed out by dadrien
* Comply with RFC4366, do not set SNI server name for IP address
Co-authored-by: Adam Greene <copyright@mzpqnxow.com>
https://github.com/zmap/zgrab2/pull/306
* add smbv1 session setup scan
* remove unused values
* rename os_name to native_os to match smb documentation
* remove superfluous comment
* update zschema to include new SMB fields
* improve clarity on bounds checking for SMBv1 requests
The SMTP module was matching on "STMP" when verifying the contents of the scan response. This PR fixes the typo and adds a test for the VerifySMTPContents() function.
Even if the server does not respond to the telnet commands, the
banner may have useful information. Add the option "--force-banner"
so that the banner string may be returned even on failure.
kayos@tcp.direct
dabdine