-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding asnmap info #427
Adding asnmap info #427
Conversation
SonarCloud Quality Gate failed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
During testing, I noticed asninfo is generated for some IP and not for some, I also tried running the same IP locally with asnmap and it worked.
{
"protocol": "dns",
"unique-id": "ceuh4mfkobjik76i6l40w3gbkk9yud5g7",
"full-id": "ceuh4mfkobjik76i6l40w3gbkk9yud5g7",
"q-type": "AAAA",
"raw-request": ";; opcode: QUERY, status: NOERROR, id: 18658\n;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags: do; udp: 1400\n; SUBNET: [2402:e280:2316::]/56/0\n\n;; QUESTION SECTION:\n;ceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\tIN\t AAAA\n",
"raw-response": ";; opcode: QUERY, status: NOERROR, id: 18658\n;; flags: qr aa cd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2\n\n;; QUESTION SECTION:\n;ceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\tIN\t AAAA\n\n;; ANSWER SECTION:\nceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\t3600\tIN\tA\t157.230.223.165\n\n;; AUTHORITY SECTION:\nceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\t3600\tIN\tNS\tns1.hackwithautomation.com.\nceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\t3600\tIN\tNS\tns2.hackwithautomation.com.\n\n;; ADDITIONAL SECTION:\nns1.hackwithautomation.com.\t3600\tIN\tA\t157.230.223.165\nns2.hackwithautomation.com.\t3600\tIN\tA\t157.230.223.165\n",
"remote-address": "74.125.16.164",
"timestamp": "2023-01-10T07:23:22.925377493Z",
"asninfo": [
{
"country": "US",
"org": "GOOGLE",
"first-ip": "74.125.7.0",
"last-ip": "74.125.26.255",
"asn": "AS15169"
}
]
}
{
"protocol": "dns",
"unique-id": "ceuh4mfkobjik76i6l40w3gbkk9yud5g7",
"full-id": "ceuh4mfkobjik76i6l40w3gbkk9yud5g7",
"q-type": "AAAA",
"raw-request": ";; opcode: QUERY, status: NOERROR, id: 42650\n;; flags: cd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags: do; udp: 1400\n\n;; QUESTION SECTION:\n;ceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\tIN\t AAAA\n",
"raw-response": ";; opcode: QUERY, status: NOERROR, id: 42650\n;; flags: qr aa cd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2\n\n;; QUESTION SECTION:\n;ceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\tIN\t AAAA\n\n;; ANSWER SECTION:\nceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\t3600\tIN\tA\t157.230.223.165\n\n;; AUTHORITY SECTION:\nceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\t3600\tIN\tNS\tns1.hackwithautomation.com.\nceuh4mfkobjik76i6l40w3gbkk9yud5g7.hackwithautomation.com.\t3600\tIN\tNS\tns2.hackwithautomation.com.\n\n;; ADDITIONAL SECTION:\nns1.hackwithautomation.com.\t3600\tIN\tA\t157.230.223.165\nns2.hackwithautomation.com.\t3600\tIN\tA\t157.230.223.165\n",
"remote-address": "172.253.204.197",
"timestamp": "2023-01-10T07:23:23.245888518Z"
}
It looks like a bug in asnmap. Multiple calls to hash := string(out)
if _, ok := c.sync.dedup.Load(hash); !ok {
c.sync.dedup.Store(hash, resultList)
outC = insertInputInResponse(reflect.ValueOf(input).String(), resultList)
} Tracked at projectdiscovery/asnmap#48 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- debug info being printed while running the server
./interactsh-server -d hackwithautomation.com
_ __ __ __
(_)___ / /____ _________ ______/ /______/ /_
/ / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
/ / / / / /_/ __/ / / /_/ / /__/ /_(__ ) / / /
/_/_/ /_/\__/\___/_/ \__,_/\___/\__/____/_/ /_/ 1.0.7
projectdiscovery.io
[INF] Public IP: 157.230.223.165
[INF] Outbound IP: 157.230.223.165
+ 1.6766246680096781e+09 info maintenance started background certificate maintenance {"cache": "0xc000194070"}
[INF] Loading existing SSL Certificate for: [*.hackwithautomation.com, hackwithautomation.com]
[INF] Listening with the following services:
[DNS] Listening on UDP 157.230.223.165:53
[LDAP] Listening on TCP 157.230.223.165:389
[DNS] Listening on TCP 157.230.223.165:53
[HTTP] Listening on TCP 157.230.223.165:80
[SMTP] Listening on TCP 157.230.223.165:25
[HTTPS] Listening on TCP 157.230.223.165:443
[SMTPS] Listening on TCP 157.230.223.165:587
- asn info not being populated after latest commit
{
"protocol": "http",
"unique-id": "cfnk7hnkobjoas9d5720pr97mwigcsgf9",
"full-id": "cfnk7hnkobjoas9d5720pr97mwigcsgf9",
"raw-request": "GET /robots.txt HTTP/2.0\r\nHost: cfnk7hnkobjoas9d5720pr97mwigcsgf9.hackwithautomation.com\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en-IN,en;q=0.9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: none\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36\r\n\r\n",
"raw-response": "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain; charset=utf-8\r\nServer: hackwithautomation.com\r\nX-Interactsh-Version: 1.0.7\r\n\r\nUser-agent: *\nDisallow: / # 9fgscgiwm79rp0275d9saojboknh7knfc",
"remote-address": "103.59.75.4",
"timestamp": "2023-02-17T09:07:36.261229995Z"
}
- since the information being populated on the client side, we can make it optional.
-asn include asn information of remote ip in json output
Description
This PR adds asn info related to the remote address origin of the interaction. The enrichment happens client side to avoid further pressure and resource consumption on the server.
The info is available in JSON format; I don't know if it should be printed by default to stdout.