Jeff Cody
fb49609733
Remove GetPort()
from modules
...
The previous patch allows the port to be specified in the
`ScanTarget{}`.
Since the port option in the Config may not be the port currently being
scanned, delete the `GetPort()` function provided by each module.
The `GetPort()` function is also not used. While we could just change
the meaning of this function, to mean "Return the port in the Config",
it is probably better to go ahead and just remove all references to it
as there are no users.
2019-08-21 14:55:14 -04:00
Zakir Durumeric
28cde1a5a6
Add SSH Client Hello Only flag ( #215 )
2019-08-15 17:01:24 -07:00
Ricky Diaz Gomez
98b142ec2e
Redis: Made major, minor, and patchlevel be pointers to ints so that they're correctly omitted
2019-06-28 16:30:12 -04:00
Ricky Diaz Gomez
67fbf1facb
Redis: Store the major, minor, and patchlevel as ints as well as the whole version as a string
2019-06-28 15:54:11 -04:00
Ricky Diaz Gomez
7c651c0be5
Redis: Updated setting suffix -- zero value is already empty string
2019-06-25 12:57:40 -04:00
Ricky Diaz Gomez
31788624f2
Redis: Added max file size check
2019-06-25 11:57:47 -04:00
Ricky Diaz Gomez
41df4251b6
Redis: Removed break statement when iterating through INFO response
2019-06-21 16:37:55 -04:00
Ricky Diaz Gomez
bcaf844200
Redis: Made check so that if line_prefix_suffix only contains prefix, adds empty string to suffix index
2019-06-21 16:14:13 -04:00
Ricky Diaz Gomez
f71548ed94
Redis: Missed an old bool check
2019-06-20 17:14:30 -04:00
Ricky Diaz Gomez
84ffc2c667
Redis: Updated the break condition when looking for fields within info_response
2019-06-20 12:17:26 -04:00
Ricky Diaz Gomez
4446024636
Redis: Changed commandMappings to map[string]string, fixed QUIT err=io.EOF bug, and capture redis_mode now
2019-06-19 16:06:43 -04:00
Ricky Diaz Gomez
e12f32b521
Redis: Now gather the OS the server is running
2019-06-19 09:51:40 -04:00
Ricky Diaz Gomez
5be58b2b0d
Redis: Actually send the custom commands and store the responses. Also updated the zschema
2019-06-17 17:32:51 -04:00
Ricky Diaz Gomez
f0d9070733
Redis: Takes JSON/YAML file that allows for renaming of commands
2019-06-17 15:23:56 -04:00
Jeff Cody
b69c22c532
SMB: Probe for SMB1 in addition to SMB2
...
If the probe for SMB2 fails, close the connection and then try probing
for SMB1 as a backup.
Since there are more SMB2 servers in the wild, that is the first
attempt.
2019-06-10 17:17:20 -04:00
Jeff Cody
f2b76412fb
SMB: Combine 'GetSMBLog()' and 'GetSMBBanner()'
...
These two functions are largely duplicates, and only differ in the
boolean option passed to LoggedNegotiateProtocol(). Combine the
functions, and just take that option in as an argument to pass along.
2019-06-07 16:54:26 -04:00
AnthraX1
bcc4b05d6c
Add custom regexp banner grabber ( #199 )
...
https://github.com/zmap/zgrab2/pull/199
2019-04-11 17:29:34 -04:00
Benjamin VanderSloot
93f30ef698
Use Target Domain name in SNI when using HTTP
...
Previous addition of GetTLSConfigForTarget (811eb38) did not modify
HTTP module to use SNI. This let to the very cryptic unknown-error:
remote error: internal error. Some servers give Fatal alerts when
they don't get an SNI extension. Discovered on a `Pagely-ARES/1.3.21`
Server
2019-03-01 21:29:22 -05:00
justinbastress
9f19df743e
Merge pull request #176 from sdnewhop/master
...
SSH: Add banner grabbing
2019-01-23 15:25:29 -05:00
justinbastress
4a6dfdbcc4
Merge pull request #146 from zmap/jb/fixSNI
...
TLS SNI fixes / API cleanup
2019-01-23 13:43:31 -05:00
Justin Bastress
fd322d3ecd
fix missing format specifier
2018-12-18 16:32:44 -05:00
Jeff Cody
ec59b49540
Add support for BytesReadLimit parameter in BaseFlags
...
Some protocols may require more data than others. To accomodate those,
allow the BytesReadLimit to be changed by means of BaseFlags.
By setting BaseFlags.BytesReadLimit prior to calling .Open(), scanners
can override the default limit to one that is appropriate for the data
collected.
2018-10-22 21:59:01 -04:00
Oleg Broslavsky
d5aaeca283
Add SSH banner grabbing when userauth
enabled
...
- Bump lib/ssh from golang.org/x/crypto/ssh (just banner hadling)
- Add a banner field to the SSH module info
2018-10-20 03:39:24 -04:00
Justin Bastress
8c71100b9e
gofmt it
2018-10-08 11:27:06 -04:00
cy
2e94480cce
To ensure that the HTTP connection is not blocked!
2018-10-05 14:59:28 +08:00
cy
d5258bdc6e
To ensure that the HTTP connection is not blocked!
...
https://github.com/zmap/zgrab2/issues/171
2018-10-05 14:51:14 +08:00
Justin Bastress
65a7c8a578
Merge branch 'jb/session-wide-timeout' into jb/mssqlBoundsChecking
2018-10-01 14:25:04 -04:00
Justin Bastress
6618920234
add some tighter bounds checking in MSSQL scanner, and if there is an uncaught panic, log the body that caused it
2018-10-01 11:08:26 -04:00
Justin Bastress
900b0d5912
add bytelimit tests
2018-09-27 14:00:26 -04:00
Paul A. Parkanzky
04fa04a413
Omit empty build_info elm on mongodb output
...
Fixes CEN-817
2018-09-25 11:41:07 -04:00
Paul A. Parkanzky
122f945fb1
MongoDB - fix isMaster message length check.
...
Needs to account for OP_REPLY header
2018-09-14 16:09:36 -04:00
Justin Bastress
45a4cb0e90
re #163 -- add outer whole-connection timeout to TimeoutConnection, and add scan-target-wide timeout to HTTP scanner (adding a max time spent across redirects, too)
2018-09-05 14:33:59 -04:00
Paul A. Parkanzky
bb9324e00d
BSON tag is case sensitive - s/isMaster/ismaster
2018-08-29 16:45:27 -04:00
Paul A. Parkanzky
1a1aa96793
Put upper limit on buffer size alloc
2018-08-28 16:13:35 -04:00
Paul A. Parkanzky
a7ddf61d74
Fix possible index error on malformed msg
2018-08-28 14:34:18 -04:00
Paul A. Parkanzky
d9aec0ae40
Improve partial results for mongodb scanner
...
* Separate out isMaster and buildInfo commands
* Return results of both in separate sub-structs
* Include isMaster results regardless of whether buildInfo succeeds
2018-08-22 11:49:17 -04:00
Paul A. Parkanzky
68bb3e9790
Return appropriate short write error
2018-08-21 17:08:01 -04:00
Paul A. Parkanzky
7419796cfc
Address more PR comments
...
* Add error message to invalid BSON log msg
* Use snake case for json output
* Update affect integration tests
2018-08-21 16:34:35 -04:00
Paul A. Parkanzky
8b9c23f122
Fix typo and integration test which tested for it
2018-08-21 16:01:40 -04:00
Paul A. Parkanzky
f891880db4
Make some PR-requested changes
...
* Generate static messages in Scanner Init()
* s/panic/log.Fatal/
* Remove unnecessary casting
* Use stack var and pass slice to avoid unnecessary alloc
2018-08-21 14:51:48 -04:00
Paul A. Parkanzky
2f316b2242
Add mongodb integration tests.
2018-08-21 13:11:34 -04:00
Paul A. Parkanzky
72cbe9ae63
Add support for mongodb >= 4.1
2018-08-20 16:16:05 -04:00
Paul A. Parkanzky
becec08234
Call the wrapped Write() method.
2018-08-17 15:17:26 -04:00
Paul A. Parkanzky
784a186b39
Add MongoDB scanner.
2018-08-17 12:04:38 -04:00
Clayton Zimmerman
26e22bad97
Makes redirect response chain (currently unused) a debug field.
2018-07-12 16:47:26 -04:00
Clayton Zimmerman
dc3d7d1cb7
Adds bounds checks to avoid panic when value-less attributes have the correct name to be recorded directly in results.
2018-07-11 14:57:22 -04:00
Clayton Zimmerman
9d1265db8b
Avoids skipping retry when an application error is encountered.
2018-07-11 14:45:46 -04:00
Clayton Zimmerman
2c47dfc1f2
Makes Attributes default output (rather than debug).
2018-07-11 11:52:13 -04:00
Clayton Zimmerman
f9eb6e00db
Rename tls-retry option to ipps-retry
2018-07-11 10:38:42 -04:00
clayzim
1fa9b886e4
Changes TLS-Retry to attempt TLS before plaintext, ideally gathering more information.
2018-07-10 16:07:28 -04:00