kayos/zgrab2
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
490 Commits 1 Branch 0 Tags 2.8 MiB
fb49609733
Commit Graph

182 Commits

Author SHA1 Message Date
Jeff Cody
fb49609733
Remove GetPort() from modules 
The previous patch allows the port to be specified in the
`ScanTarget{}`.

Since the port option in the Config may not be the port currently being
scanned, delete the `GetPort()` function provided by each module.

The `GetPort()` function is also not used.  While we could just change
the meaning of this function, to mean "Return the port in the Config",
it is probably better to go ahead and just remove all references to it
as there are no users.
 2019-08-21 14:55:14 -04:00
Zakir Durumeric
28cde1a5a6
Add SSH Client Hello Only flag (#215) 2019-08-15 17:01:24 -07:00
Ricky Diaz Gomez
98b142ec2e Redis: Made major, minor, and patchlevel be pointers to ints so that they're correctly omitted 2019-06-28 16:30:12 -04:00
Ricky Diaz Gomez
67fbf1facb Redis: Store the major, minor, and patchlevel as ints as well as the whole version as a string 2019-06-28 15:54:11 -04:00
Ricky Diaz Gomez
7c651c0be5 Redis: Updated setting suffix -- zero value is already empty string 2019-06-25 12:57:40 -04:00
Ricky Diaz Gomez
31788624f2 Redis: Added max file size check 2019-06-25 11:57:47 -04:00
Ricky Diaz Gomez
41df4251b6 Redis: Removed break statement when iterating through INFO response 2019-06-21 16:37:55 -04:00
Ricky Diaz Gomez
bcaf844200 Redis: Made check so that if line_prefix_suffix only contains prefix, adds empty string to suffix index 2019-06-21 16:14:13 -04:00
Ricky Diaz Gomez
f71548ed94 Redis: Missed an old bool check 2019-06-20 17:14:30 -04:00
Ricky Diaz Gomez
84ffc2c667 Redis: Updated the break condition when looking for fields within info_response 2019-06-20 12:17:26 -04:00
Ricky Diaz Gomez
4446024636 Redis: Changed commandMappings to map[string]string, fixed QUIT err=io.EOF bug, and capture redis_mode now 2019-06-19 16:06:43 -04:00
Ricky Diaz Gomez
e12f32b521 Redis: Now gather the OS the server is running 2019-06-19 09:51:40 -04:00
Ricky Diaz Gomez
5be58b2b0d Redis: Actually send the custom commands and store the responses. Also updated the zschema 2019-06-17 17:32:51 -04:00
Ricky Diaz Gomez
f0d9070733 Redis: Takes JSON/YAML file that allows for renaming of commands 2019-06-17 15:23:56 -04:00
Jeff Cody
b69c22c532
SMB: Probe for SMB1 in addition to SMB2 
If the probe for SMB2 fails, close the connection and then try probing
for SMB1 as a backup.

Since there are more SMB2 servers in the wild, that is the first
attempt.
 2019-06-10 17:17:20 -04:00
Jeff Cody
f2b76412fb
SMB: Combine 'GetSMBLog()' and 'GetSMBBanner()' 
These two functions are largely duplicates, and only differ in the
boolean option passed to LoggedNegotiateProtocol().  Combine the
functions, and just take that option in as an argument to pass along.
 2019-06-07 16:54:26 -04:00
AnthraX1
bcc4b05d6c Add custom regexp banner grabber (#199) 
https://github.com/zmap/zgrab2/pull/199
 2019-04-11 17:29:34 -04:00
Benjamin VanderSloot
93f30ef698 Use Target Domain name in SNI when using HTTP 
Previous addition of GetTLSConfigForTarget (811eb38) did not modify
HTTP module to use SNI. This let to the very cryptic unknown-error:
remote error: internal error. Some servers give Fatal alerts when
they don't get an SNI extension. Discovered on a `Pagely-ARES/1.3.21`
Server
 2019-03-01 21:29:22 -05:00
justinbastress
9f19df743e
Merge pull request #176 from sdnewhop/master 
SSH: Add banner grabbing
 2019-01-23 15:25:29 -05:00
justinbastress
4a6dfdbcc4
Merge pull request #146 from zmap/jb/fixSNI 
TLS SNI fixes / API cleanup
 2019-01-23 13:43:31 -05:00
Justin Bastress
fd322d3ecd fix missing format specifier 2018-12-18 16:32:44 -05:00
Jeff Cody
ec59b49540
Add support for BytesReadLimit parameter in BaseFlags 
Some protocols may require more data than others.  To accomodate those,
allow the BytesReadLimit to be changed by means of BaseFlags.

By setting BaseFlags.BytesReadLimit prior to calling .Open(), scanners
can override the default limit to one that is appropriate for the data
collected.
 2018-10-22 21:59:01 -04:00
Oleg Broslavsky
d5aaeca283 Add SSH banner grabbing when userauth enabled 
- Bump lib/ssh from golang.org/x/crypto/ssh (just banner hadling)
- Add a banner field to the SSH module info
 2018-10-20 03:39:24 -04:00
Justin Bastress
8c71100b9e gofmt it 2018-10-08 11:27:06 -04:00
cy
2e94480cce
To ensure that the HTTP connection is not blocked! 2018-10-05 14:59:28 +08:00
cy
d5258bdc6e
To ensure that the HTTP connection is not blocked! 
https://github.com/zmap/zgrab2/issues/171
 2018-10-05 14:51:14 +08:00
Justin Bastress
65a7c8a578 Merge branch 'jb/session-wide-timeout' into jb/mssqlBoundsChecking 2018-10-01 14:25:04 -04:00
Justin Bastress
6618920234 add some tighter bounds checking in MSSQL scanner, and if there is an uncaught panic, log the body that caused it 2018-10-01 11:08:26 -04:00
Justin Bastress
900b0d5912 add bytelimit tests 2018-09-27 14:00:26 -04:00
Paul A. Parkanzky
04fa04a413 Omit empty build_info elm on mongodb output 
Fixes CEN-817
 2018-09-25 11:41:07 -04:00
Paul A. Parkanzky
122f945fb1 MongoDB - fix isMaster message length check. 
Needs to account for OP_REPLY header
 2018-09-14 16:09:36 -04:00
Justin Bastress
45a4cb0e90 re #163 -- add outer whole-connection timeout to TimeoutConnection, and add scan-target-wide timeout to HTTP scanner (adding a max time spent across redirects, too) 2018-09-05 14:33:59 -04:00
Paul A. Parkanzky
bb9324e00d BSON tag is case sensitive - s/isMaster/ismaster 2018-08-29 16:45:27 -04:00
Paul A. Parkanzky
1a1aa96793 Put upper limit on buffer size alloc 2018-08-28 16:13:35 -04:00
Paul A. Parkanzky
a7ddf61d74 Fix possible index error on malformed msg 2018-08-28 14:34:18 -04:00
Paul A. Parkanzky
d9aec0ae40 Improve partial results for mongodb scanner 
* Separate out isMaster and buildInfo commands
* Return results of both in separate sub-structs
* Include isMaster results regardless of whether buildInfo succeeds
 2018-08-22 11:49:17 -04:00
Paul A. Parkanzky
68bb3e9790 Return appropriate short write error 2018-08-21 17:08:01 -04:00
Paul A. Parkanzky
7419796cfc Address more PR comments 
* Add error message to invalid BSON log msg
* Use snake case for json output
* Update affect integration tests
 2018-08-21 16:34:35 -04:00
Paul A. Parkanzky
8b9c23f122 Fix typo and integration test which tested for it 2018-08-21 16:01:40 -04:00
Paul A. Parkanzky
f891880db4 Make some PR-requested changes 
* Generate static messages in Scanner Init()
* s/panic/log.Fatal/
* Remove unnecessary casting
* Use stack var and pass slice to avoid unnecessary alloc
 2018-08-21 14:51:48 -04:00
Paul A. Parkanzky
2f316b2242 Add mongodb integration tests. 2018-08-21 13:11:34 -04:00
Paul A. Parkanzky
72cbe9ae63 Add support for mongodb >= 4.1 2018-08-20 16:16:05 -04:00
Paul A. Parkanzky
becec08234 Call the wrapped Write() method. 2018-08-17 15:17:26 -04:00
Paul A. Parkanzky
784a186b39 Add MongoDB scanner. 2018-08-17 12:04:38 -04:00
Clayton Zimmerman
26e22bad97 Makes redirect response chain (currently unused) a debug field. 2018-07-12 16:47:26 -04:00
Clayton Zimmerman
dc3d7d1cb7 Adds bounds checks to avoid panic when value-less attributes have the correct name to be recorded directly in results. 2018-07-11 14:57:22 -04:00
Clayton Zimmerman
9d1265db8b Avoids skipping retry when an application error is encountered. 2018-07-11 14:45:46 -04:00
Clayton Zimmerman
2c47dfc1f2 Makes Attributes default output (rather than debug). 2018-07-11 11:52:13 -04:00
Clayton Zimmerman
f9eb6e00db Rename tls-retry option to ipps-retry 2018-07-11 10:38:42 -04:00
clayzim
1fa9b886e4 Changes TLS-Retry to attempt TLS before plaintext, ideally gathering more information. 2018-07-10 16:07:28 -04:00