General cleanup tasks

Changelog.md

@@ -7,8 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ### Added
 * Customise the size of captured images with the `--size` option (web & RDP). Does not work on VNC because the server generally specifies the screen size [36](https://github.com/nccgroup/scrying/issues/36)
+* Optionally provide RDP credentials
 
 ### Changed
+* Disable RDP certificate verification
 
 ### Deprecated
 

src/argparse.rs

@@ -27,7 +27,7 @@ lazy_static! {
     static ref SIZE_REGEX: Regex = Regex::new(r"^(\d+)x(\d+)$").unwrap();
 }
 
-#[derive(Copy, Clone, PartialEq, Debug)]
+#[derive(Copy, Clone, PartialEq, Eq, Debug)]
 pub enum Mode {
     Auto,
     Web,
@@ -150,7 +150,7 @@ pub fn parse() -> Result<Opts> {
                 .help("Force targets to be parsed as `web`, `rdp`, `vnc`")
                 .default_value("auto")
                 .long("mode")
-                .possible_values(&["web", "rdp", "vnc", "auto"])
+                .possible_values(["web", "rdp", "vnc", "auto"])
                 .short('m')
                 .takes_value(true),
         )
@@ -377,28 +377,18 @@ pub fn parse() -> Result<Opts> {
         mode: args.value_of_t("MODE").unwrap(),
         rdp_timeout: args.value_of_t("RDP TIMEOUT").unwrap(),
         threads: args.value_of_t("THREADS").unwrap(),
-        log_file: args
-            .value_of("LOG FILE")
-            .map_or_else(|| None, |s| Some(s.to_string())),
+        log_file: args.value_of("LOG FILE").map(String::from),
         nmaps,
         nessus,
         output_dir: args.value_of_t("OUTPUT DIR").unwrap(),
         web_proxy,
         rdp_proxy,
-        vnc_auth: args
-            .value_of("VNC AUTH")
-            .map_or_else(|| None, |s| Some(s.to_string())),
-        rdp_domain: args
-            .value_of("RDP DOMAIN")
-            .map_or_else(|| None, |s| Some(s.to_string())),
-        rdp_user: args
-            .value_of("RDP USER")
-            .map_or_else(|| None, |s| Some(s.to_string())),
-        rdp_pass: args
-            .value_of("RDP PASS")
-            .map_or_else(|| None, |s| Some(s.to_string())),
+        vnc_auth: args.value_of("VNC AUTH").map(String::from),
+        rdp_domain: args.value_of("RDP DOMAIN").map(String::from),
+        rdp_user: args.value_of("RDP USER").map(String::from),
+        rdp_pass: args.value_of("RDP PASS").map(String::from),
         web_path: if let Some(paths) = args.values_of("WEB PATH") {
-            paths.map(|p| p.to_string()).collect()
+            paths.map(String::from).collect()
         } else {
             Vec::new()
         },

src/rdp/mod.rs

@@ -293,33 +293,30 @@ fn capture_worker(
         debug!(target, "Connecting to Socks proxy");
         SocketType::Socks5(Socks5Stream::connect(proxy, *addr)?)
     } else {
-        SocketType::Tcp(TcpStream::connect(&addr)?)
+        SocketType::Tcp(TcpStream::connect(addr)?)
     };
 
-    let rdpdomain = &opts.rdp_domain;
-    let s_rdpdomain = rdpdomain.as_deref().unwrap_or("");
-    let rdpuser = &opts.rdp_user;
-    let s_rdpuser = rdpuser.as_deref().unwrap_or("");
-    let rdppass = &opts.rdp_pass;
-    let s_rdppass = rdppass.as_deref().unwrap_or("");
-
-    debug!(target, "RDP domain: {:?}", s_rdpdomain);
-    debug!(target, "RDP username: {:?}", s_rdpuser);
-    debug!(target, "RDP password: {:?}", s_rdppass);
+    debug!(target, "RDP domain: {:?}", opts.rdp_domain);
+    debug!(target, "RDP username: {:?}", opts.rdp_user);
+    debug!(target, "RDP password set: {}", opts.rdp_pass.is_some());
 
     let mut connector = Connector::new()
         .screen(opts.size.0 as u16, opts.size.1 as u16)
         .check_certificate(false);
 
-    if s_rdpuser.len() > 0 && s_rdppass.len() > 0 {
-        connector = connector
-            .credentials(s_rdpdomain.to_string(), s_rdpuser.to_string(), s_rdppass.to_string());
+    if let (Some(user), Some(pass)) = (&opts.rdp_user, &opts.rdp_pass) {
+        connector = connector.credentials(
+            opts.rdp_domain.as_ref().cloned().unwrap_or_default(),
+            user.to_string(),
+            pass.to_string(),
+        );
     } else {
-        warn!(target, "Using blank credentials");
-        connector = connector
-            .use_nla(false)
-            .blank_creds(true)
-            .credentials("".to_string(), "".to_string(), "".to_string());
+        warn!(target, "Using blank RDP credentials");
+        connector = connector.use_nla(false).blank_creds(true).credentials(
+            "".to_string(),
+            "".to_string(),
+            "".to_string(),
+        );
     };
 
     let client = connector.connect(stream).map_err(|e| eyre!("{e:?}"))?;

src/util.rs

@@ -40,11 +40,12 @@ pub fn target_to_filename(target: &Target) -> String {
             // rather than underscores
             let mut converted: String = String::from(u.as_str())
                 .replace("://", "_") // Replace the scheme separator with -
-                .replace('/', "-") // replace all slashes with /
-                .replace(':', "_") // replace colon (probably port, could be uname)
-                .replace('[', "") // Remove the square brackets as they are not
-                .replace(']', "") // needed for uniqueness
-                ;
+                .replace('/', "-") // replace all slashes with -
+                // replace colon (probably port, could be uname)
+                .replace(':', "_")
+                // Remove the square brackets as they are not needed for
+                // uniqueness
+                .replace(['[', ']'], "");
             while converted.ends_with('-') {
                 // remove the trailing - if the URL had a trailing /
                 converted.pop();