/
syn_scan_reader.go
76 lines (60 loc) · 1.55 KB
/
syn_scan_reader.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package syn_scan
import (
"sync/atomic"
"github.com/bettercap/bettercap/network"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/evilsocket/islazy/async"
)
type OpenPort struct {
Proto string `json:"proto"`
Banner string `json:"banner"`
Service string `json:"service"`
Port int `json:"port"`
}
func (mod *SynScanner) onPacket(pkt gopacket.Packet) {
if pkt == nil || pkt.Data() == nil {
return
}
var eth layers.Ethernet
var ip layers.IPv4
var tcp layers.TCP
foundLayerTypes := []gopacket.LayerType{}
parser := gopacket.NewDecodingLayerParser(
layers.LayerTypeEthernet,
ð,
&ip,
&tcp,
)
err := parser.DecodeLayers(pkt.Data(), &foundLayerTypes)
if err != nil {
return
}
if tcp.DstPort == synSourcePort && tcp.SYN && tcp.ACK {
atomic.AddUint64(&mod.stats.openPorts, 1)
from := ip.SrcIP.String()
port := int(tcp.SrcPort)
openPort := &OpenPort{
Proto: "tcp",
Port: port,
Service: network.GetServiceByPort(port, "tcp"),
}
var host *network.Endpoint
if ip.SrcIP.Equal(mod.Session.Interface.IP) {
host = mod.Session.Interface
} else if ip.SrcIP.Equal(mod.Session.Gateway.IP) {
host = mod.Session.Gateway
} else {
host = mod.Session.Lan.GetByIp(from)
}
if host != nil {
ports := host.Meta.GetOr("ports", map[int]*OpenPort{}).(map[int]*OpenPort)
if _, found := ports[port]; !found {
ports[port] = openPort
}
host.Meta.Set("ports", ports)
}
mod.bannerQueue.Add(async.Job(grabberJob{from, openPort}))
NewSynScanEvent(from, host, port).Push()
}
}