* add smbv1 session setup scan
* remove unused values
* rename os_name to native_os to match smb documentation
* remove superfluous comment
* update zschema to include new SMB fields
* improve clarity on bounds checking for SMBv1 requests
If the probe for SMB2 fails, close the connection and then try probing
for SMB1 as a backup.
Since there are more SMB2 servers in the wild, that is the first
attempt.
Send SMB1 header, and Negotiation Request message for SMB1.
This brings the zgrab2 smb1 scanner to parity with the zgrab smb1
scanner, with presence detection via smbv1_support.
We check the ProtocolID in the raw data response, for two reasons:
1. Even if the full unmarshal fails for the message, we will log
that it is an smbv1 server
2. We need to add more response types structs, because the format
is different for various SMB1 dialects.
The negotiation response v1 structure is for the SMB1 "NT LM 0.12"
dialect, and is essentially placeholder for now for future parsing.
TODO: Unmarshal into the appropriate message struct based on
SMB1 dialect, and parse dialect and capabilities, and return those
results.
These two functions are largely duplicates, and only differ in the
boolean option passed to LoggedNegotiateProtocol(). Combine the
functions, and just take that option in as an argument to pass along.
The smb library bounds checks for a message size that is too large, but
does not check for a message size that is way too small. Error out if
the message size is not at least as large as the ProtocolID 4-byte
preamble.
This fixes slice out of bound panics when checking the buffer for the
protID string for certain hosts.
Signed-off-by: Jeff Cody <jcody@censys.io>
This parses the capabilities flags for the server, masking off invalid
flags based on dialect.
While both the NegotiationLogs and SessionSetupLog contain capabilities
flags, we extract the flags from the NegotiationLogs to represent the
server, as it is explicitly stated in [MS-SMB2] that those are the ones
that represent the capabilities of the server.
This parses the SMB Version response, and the dialect, to determine the
full SMB version. This is done in accordance to "[MS-SMB2] - v20190430"
from Microsoft, Section 2.2.4.
* remove unnecessary indirection on net.Conn
* Ignore *.pyc
* fix NPE on nil handshake
* refactoring -- move status to status.go; add Open() methods for ScanTarget
* cherry-pick .gitignore fix
* pull in TLS fix
* status.go comments
* trim over-generalizations
* use /usr/bin/env bash instead of absolute path
* remove debug tcpwrap
* add integration tests for postgres
* hack for cleanup.sh to work on mingw -- use //var/lib instead of /var/lib
* cleanup should actually stop the process though
* comments / rearrange
* Bump up timeout in postgres tests; only pass user if explicitly requested to do so
* add schema stubs to new.sh
* Integration test fixes -- use /usr/bin/env bash; log all validation failures
* add postgres schemas
* fill out zcrypto.client_hello schema
* handle early get of TLSLog
* postgres: return SCAN_SUCCESS on success
* cleanup
* fix new.sh
* fix typo
* postgres container cleanup
* build.sh docs
* standardize container/image names
* add not to check for success
* shift mysql's connection management to ScanTarget.Open(); wrap Read/Write methods returned by ScanTarget.Open() to enforce timeouts
* catch schematically-valid but non-successful scans
* postgres: clean up output format; more scanning
* cleanup; better error handling; get detailed protocol version error
* refactor modules
* clean up dangling connections
* split gigantic postgres.go
* remove unused
* ServerParams gets its own type
* refactor integration tests: run zgrab2 in its own container, which is linked to the service containers, so that we don't need to keep track of unique ports on the host any more
* rename entrypoint; remove duplicate postgres tests
* comments for postgres schema
* Use param expansion to check for env variable [minor]
This is a *very* minor change to `docker-runner/docker-run.sh` checks to
see if the environment variable required to run the script has been set
to a non-empty string. If not, the script exits with a non-zero status
code and displays a default message:
```
❯ docker-runner/docker-run.sh
docker-runner/docker-run.sh: line 7: CONTAINER_NAME: parameter null or not set
```
This was the behavior before, but just uses a one-liner declarative bash
idiom.
For further reading on parameter expansion, see
https://stackoverflow.com/a/307735.
@justinbastress can tell me if I did something wrong and broke the
intent of the script :-)
* Add integration_test targets to makefile; use makefile instead of directly calling go build everywhere; run postgres schema through PEP8 linter
* use make in docker-runner entrypoint
* add .integration_test_setup to .gitignore
* more .gitignore items
* Makefile updates: Windows support; add docker-runner target; better cleanup.
* docker-runner Dockerfile: start from zgrab2_runner_base image
* cleanup postgres setup
* make travis use make
* add .gitattributes, try to prevent it from overriding lfs with crlfs in shell scripts at least
* fix folder name in Makefile
* update go (one of our dependencies now works only with >= 1.9)
* From travis: `I don't have any idea what to do with '1.9.0'.`
* explicit clean make
* fix dep order
* fix build.sh location
* popd
* use make to ensure zgrab2_runner exists
* Make docker-runner an order-dependency for integration-test-cleanup; don't do a cleanup after each integration test
* use explicit tag name for zgrab2_runner
* Add container-clean target to Makefile, to remove cyclic dependency on docker; use .id files to track docker images; add servce-base image; use Make to build / track images
* use LF in Makefiles; update .gitignore; use zgrab_service_base image in ssh container; fix line endings (?)
* remove overzealous cleanup
* let setup continue even if some containers are already running
* zgrab depends on *.go
* docker-runner depends on zgrab2 binary
* clean output before running integration tests
