forked from bettercap/bettercap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
net_sniff_ftp.go
42 lines (34 loc) · 827 Bytes
/
net_sniff_ftp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package net_sniff
import (
"regexp"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/evilsocket/islazy/str"
"github.com/evilsocket/islazy/tui"
)
var (
ftpRe = regexp.MustCompile(`^(USER|PASS) (.+)[\n\r]+$`)
)
func ftpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
data := string(tcp.Payload)
if matches := ftpRe.FindAllStringSubmatch(data, -1); matches != nil {
what := str.Trim(matches[0][1])
cred := str.Trim(matches[0][2])
NewSnifferEvent(
pkt.Metadata().Timestamp,
"ftp",
ip.SrcIP.String(),
ip.DstIP.String(),
nil,
"%s %s > %s:%s - %s %s",
tui.Wrap(tui.BACKYELLOW+tui.FOREWHITE, "ftp"),
vIP(ip.SrcIP),
vIP(ip.DstIP),
vPort(tcp.DstPort),
tui.Bold(what),
tui.Yellow(cred),
).Push()
return true
}
return false
}