From 9917e412c0af203b279727c201630df52cf0d120 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Thu, 20 Oct 2016 21:58:54 -0400 Subject: [PATCH 01/11] Remote Desktop Protocol --- onionscan/onionscan.go | 67 +++++++++++++++++++++++++++++++++++++++ protocol/rdp_scanner.go | 28 ++++++++++++++++ report/onionscanreport.go | 18 +++++++++-- 3 files changed, 111 insertions(+), 2 deletions(-) create mode 100644 protocol/rdp_scanner.go diff --git a/onionscan/onionscan.go b/onionscan/onionscan.go index 9b03451..8153b01 100644 --- a/onionscan/onionscan.go +++ b/onionscan/onionscan.go @@ -20,6 +20,7 @@ func (os *OnionScan) GetAllActions() []string { "tls", "ssh", "irc", + "rdp", "ricochet", "ftp", "smtp", @@ -47,6 +48,9 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport, nextActio case "irc": ips := new(protocol.IRCProtocolScanner) ips.ScanProtocol(report.HiddenService, os.Config, report) + case "rdp": + ips := new(protocol.RDPProtocolScanner) + ips.ScanProtocol(report.HiddenService, os.Config, report) case "ricochet": rps := new(protocol.RicochetProtocolScanner) rps.ScanProtocol(report.HiddenService, os.Config, report) @@ -76,6 +80,59 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport, nextActio return nil } +func (os *OnionScan) PerformNextAction(report *report.OnionScanReport) { + switch report.NextAction { + case "web": + wps := new(protocol.HTTPProtocolScanner) + wps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "tls" + case "tls": + tps := new(protocol.TLSProtocolScanner) + tps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "ssh" + case "ssh": + sps := new(protocol.SSHProtocolScanner) + sps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "irc" + case "irc": + ips := new(protocol.IRCProtocolScanner) + ips.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "ricochet" + case "ricochet": + rps := new(protocol.RicochetProtocolScanner) + rps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "ftp" + case "ftp": + fps := new(protocol.FTPProtocolScanner) + fps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "smtp" + case "smtp": + smps := new(protocol.SMTPProtocolScanner) + smps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "mongodb" + case "mongodb": + mdbps := new(protocol.MongoDBProtocolScanner) + mdbps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "vnc" + case "vnc": + vncps := new(protocol.VNCProtocolScanner) + vncps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "xmpp" + case "xmpp": + xmppps := new(protocol.XMPPProtocolScanner) + xmppps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "bitcoin" + case "bitcoin": + bps := new(protocol.BitcoinProtocolScanner) + bps.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "none" + case "none": + return + default: + report.NextAction = "web" + } +} + func (os *OnionScan) Scan(hiddenService string, out chan *report.OnionScanReport) { // Remove Extra Prefix @@ -87,6 +144,7 @@ func (os *OnionScan) Scan(hiddenService string, out chan *report.OnionScanReport report := report.NewOnionScanReport(hiddenService) +<<<<<<< HEAD for _, nextAction := range os.Config.Scans { err := os.PerformNextAction(report, nextAction) if err != nil { @@ -103,6 +161,15 @@ func (os *OnionScan) Scan(hiddenService string, out chan *report.OnionScanReport } else { report.NextAction = "none" } +======= + for report.NextAction != "none" { + os.PerformNextAction(report) + if time.Now().Sub(report.DateScanned).Seconds() > os.Config.Timeout.Seconds() { + report.TimedOut = true + report.NextAction = "none" + } + } +>>>>>>> upstream/master out <- report } diff --git a/protocol/rdp_scanner.go b/protocol/rdp_scanner.go new file mode 100644 index 0000000..5fb07e4 --- /dev/null +++ b/protocol/rdp_scanner.go @@ -0,0 +1,28 @@ +package protocol + +import ( + "fmt" + "github.com/s-rah/onionscan/config" + "github.com/s-rah/onionscan/report" + "github.com/s-rah/onionscan/utils" +) + +type RDPProtocolScanner struct { +} + +func (rdpps *RDPProtocolScanner) ScanProtocol(hiddenService string, osc *config.OnionScanConfig, report *report.OnionScanReport) { + // RDP + osc.LogInfo(fmt.Sprintf("Checking %s RDP(3389)\n", hiddenService)) + conn, err := utils.GetNetworkConnection(hiddenService, 3389, osc.TorProxyAddress, osc.Timeout) + if err != nil { + osc.LogInfo("Failed to connect to service on port 3389\n") + report.RDPDetected = false + } else { + osc.LogInfo("Detected possible RDP instance\n") + // TODO: Actual Analysis + report.RDPDetected = true + } + if conn != nil { + conn.Close() + } +} diff --git a/report/onionscanreport.go b/report/onionscanreport.go index 9b30065..2e60c24 100644 --- a/report/onionscanreport.go +++ b/report/onionscanreport.go @@ -30,6 +30,7 @@ type OnionScanReport struct { WebDetected bool `json:"webDetected"` TLSDetected bool `json:"tlsDetected"` SSHDetected bool `json:"sshDetected"` + RDPDetected bool `json:"rdpDetected"` RicochetDetected bool `json:"ricochetDetected"` IRCDetected bool `json:"ircDetected"` FTPDetected bool `json:"ftpDetected"` @@ -50,7 +51,8 @@ type OnionScanReport struct { Certificates []x509.Certificate `json:"certificates"` // Bitcoin - BitcoinServices map[string]*BitcoinService `json:"bitcoinServices"` + BitcoinAddresses []string `json:"bitcoinAddresses"` + BitcoinServices map[string]*BitcoinService `json:"bitcoinServices"` // SSH SSHKey string `json:"sshKey"` @@ -64,8 +66,20 @@ type OnionScanReport struct { SMTPFingerprint string `json:"smtpFingerprint"` SMTPBanner string `json:"smtpBanner"` + ProtocolInfoList []ProtocolInfo `json::"protocolInfoList"` + NextAction string `json:"lastAction"` - TimedOut bool + TimedOut bool `json:"timedOut"` +} + +type ProtocolInfo struct { + Type string `json:"type"` + Port uint `json:"port:` + Info interface{} `json:"info"` +} + +func (osr *OnionScanReport) AddProtocolInfo(protocolType string, protocolPort uint, protocolInfo interface{}) { + osr.ProtocolInfoList = append(osr.ProtocolInfoList, ProtocolInfo{protocolType, protocolPort, protocolInfo}) } func LoadReportFromFile(filename string) (OnionScanReport, error) { From 583dcea0d9d50a4391cf8644df3deb97227fbd17 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Fri, 21 Oct 2016 06:39:10 -0400 Subject: [PATCH 02/11] Hypertext Transfer Protocol --- protocol/http_scanner.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/protocol/http_scanner.go b/protocol/http_scanner.go index fac29f0..3a6c291 100644 --- a/protocol/http_scanner.go +++ b/protocol/http_scanner.go @@ -31,4 +31,18 @@ func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, osc *config.O wps := new(spider.OnionSpider) wps.Crawl(report.HiddenService, osc, report) } + osc.LogInfo(fmt.Sprintf("Checking %s http(8080)\n", hiddenService)) + conn, err := utils.GetNetworkConnection(hiddenService, 8080, osc.TorProxyAddress, osc.Timeout) + if conn != nil { + conn.Close() + } + if err != nil { + osc.LogInfo("Failed to connect to service on port 8080\n") + report.WebDetected = false + } else { + osc.LogInfo("Found potential service on http(8080)\n") + report.WebDetected = true + wps := new(spider.OnionSpider) + wps.Crawl(report.HiddenService, osc, report) + } } From 6da11bac16573d0997808a9a8e0aadecc5691014 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Fri, 21 Oct 2016 06:40:11 -0400 Subject: [PATCH 03/11] Secure Shell --- protocol/ssh_scanner.go | 49 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/protocol/ssh_scanner.go b/protocol/ssh_scanner.go index e298cbd..d32ad73 100644 --- a/protocol/ssh_scanner.go +++ b/protocol/ssh_scanner.go @@ -66,4 +66,53 @@ func (sps *SSHProtocolScanner) ScanProtocol(hiddenService string, osc *config.On conn.Close() } } + osc.LogInfo(fmt.Sprintf("Checking %s ssh(2222)\n", hiddenService)) + conn, err := utils.GetNetworkConnection(hiddenService, 2222, osc.TorProxyAddress, osc.Timeout) + if err != nil { + osc.LogInfo("Failed to connect to service on port 2222\n") + report.SSHDetected = false + if conn != nil { + conn.Close() + } + } else { + // TODO SSH Checking + report.SSHDetected = true + + config := &ssh.ClientConfig{ + HostKeyCallback: func(hostname string, addr net.Addr, key ssh.PublicKey) error { + h := md5.New() + h.Write(key.Marshal()) + + fBytes := h.Sum(nil) + fingerprint := string("") + for i := 0; i < len(fBytes); i++ { + if i+1 != len(fBytes) { + fingerprint = fmt.Sprintf("%s%0.2x:", fingerprint, fBytes[i]) + } else { + fingerprint = fmt.Sprintf("%s%0.2x", fingerprint, fBytes[i]) + } + } + report.SSHKey = fingerprint + osc.LogInfo(fmt.Sprintf("Found SSH Key %s\n", fingerprint)) + // We don't want to continue + return errors.New("error") + }, + } + ssh.NewClientConn(conn, hiddenService+":2222", config) + if conn != nil { + conn.Close() + } + conn, err = utils.GetNetworkConnection(hiddenService, 2222, osc.TorProxyAddress, osc.Timeout) + if err == nil { + reader := bufio.NewReader(conn) + banner, err := reader.ReadString('\n') + if err == nil { + report.SSHBanner = banner + osc.LogInfo(fmt.Sprintf("Found SSH Banner: %s", banner)) + } + } + if conn != nil { + conn.Close() + } + } } From 612fd5118c92f0be48b9f417b8429f4658b89d22 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Fri, 21 Oct 2016 06:41:09 -0400 Subject: [PATCH 04/11] Transport Layer Security --- protocol/tls_scanner.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/protocol/tls_scanner.go b/protocol/tls_scanner.go index d8974d7..4161907 100644 --- a/protocol/tls_scanner.go +++ b/protocol/tls_scanner.go @@ -33,4 +33,21 @@ func (sps *TLSProtocolScanner) ScanProtocol(hiddenService string, osc *config.On if conn != nil { conn.Close() } + osc.LogInfo(fmt.Sprintf("Checking %s TLS(8443)\n", hiddenService)) + conn, err := utils.GetNetworkConnection(hiddenService, 8443, osc.TorProxyAddress, osc.Timeout) + if err != nil { + osc.LogInfo("Failed to connect to service on port 8443\n") + report.TLSDetected = false + } else { + osc.LogInfo("Found TLS Endpoint\n") + report.TLSDetected = true + config := &tls.Config{ + InsecureSkipVerify: true, + } + tlsConn := tls.Client(conn, config) + tlsConn.Write([]byte("GET / HTTP/1.1\r\n\r\n")) + for _, certificate := range tlsConn.ConnectionState().PeerCertificates { + report.Certificates = append(report.Certificates, *certificate) + } + tlsConn.Close() } From b16cb639ba9fcb4753c23e1ce92d5c7f65279a71 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Fri, 21 Oct 2016 10:51:57 -0400 Subject: [PATCH 05/11] Remote Desktop Protocol --- onionscan/onionscan.go | 8 ++++++-- protocol/rdp_scanner.go | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/onionscan/onionscan.go b/onionscan/onionscan.go index 8153b01..0960dcb 100644 --- a/onionscan/onionscan.go +++ b/onionscan/onionscan.go @@ -49,8 +49,8 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport, nextActio ips := new(protocol.IRCProtocolScanner) ips.ScanProtocol(report.HiddenService, os.Config, report) case "rdp": - ips := new(protocol.RDPProtocolScanner) - ips.ScanProtocol(report.HiddenService, os.Config, report) + rdps := new(protocol.RDPProtocolScanner) + rdps.ScanProtocol(report.HiddenService, os.Config, report) case "ricochet": rps := new(protocol.RicochetProtocolScanner) rps.ScanProtocol(report.HiddenService, os.Config, report) @@ -97,6 +97,10 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport) { case "irc": ips := new(protocol.IRCProtocolScanner) ips.ScanProtocol(report.HiddenService, os.Config, report) + report.NextAction = "rdp" + case "rdp": + rdps := new(protocol.RDPProtocolScanner) + rdps.ScanProtocol(report.HiddenService, os.Config, report) report.NextAction = "ricochet" case "ricochet": rps := new(protocol.RicochetProtocolScanner) diff --git a/protocol/rdp_scanner.go b/protocol/rdp_scanner.go index 5fb07e4..98e8719 100644 --- a/protocol/rdp_scanner.go +++ b/protocol/rdp_scanner.go @@ -10,7 +10,7 @@ import ( type RDPProtocolScanner struct { } -func (rdpps *RDPProtocolScanner) ScanProtocol(hiddenService string, osc *config.OnionScanConfig, report *report.OnionScanReport) { +func (rdps *RDPProtocolScanner) ScanProtocol(hiddenService string, osc *config.OnionScanConfig, report *report.OnionScanReport) { // RDP osc.LogInfo(fmt.Sprintf("Checking %s RDP(3389)\n", hiddenService)) conn, err := utils.GetNetworkConnection(hiddenService, 3389, osc.TorProxyAddress, osc.Timeout) From 3dd5e89128c7fb38369dd32abe71136a6924c0b2 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Fri, 21 Oct 2016 16:56:20 -0400 Subject: [PATCH 06/11] Merge remote-tracking branch 'upstream/onionscan-0.2' --- onionscan/onionscan.go | 57 ------------------------------------------ 1 file changed, 57 deletions(-) diff --git a/onionscan/onionscan.go b/onionscan/onionscan.go index 0960dcb..a75c32f 100644 --- a/onionscan/onionscan.go +++ b/onionscan/onionscan.go @@ -80,63 +80,6 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport, nextActio return nil } -func (os *OnionScan) PerformNextAction(report *report.OnionScanReport) { - switch report.NextAction { - case "web": - wps := new(protocol.HTTPProtocolScanner) - wps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "tls" - case "tls": - tps := new(protocol.TLSProtocolScanner) - tps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "ssh" - case "ssh": - sps := new(protocol.SSHProtocolScanner) - sps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "irc" - case "irc": - ips := new(protocol.IRCProtocolScanner) - ips.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "rdp" - case "rdp": - rdps := new(protocol.RDPProtocolScanner) - rdps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "ricochet" - case "ricochet": - rps := new(protocol.RicochetProtocolScanner) - rps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "ftp" - case "ftp": - fps := new(protocol.FTPProtocolScanner) - fps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "smtp" - case "smtp": - smps := new(protocol.SMTPProtocolScanner) - smps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "mongodb" - case "mongodb": - mdbps := new(protocol.MongoDBProtocolScanner) - mdbps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "vnc" - case "vnc": - vncps := new(protocol.VNCProtocolScanner) - vncps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "xmpp" - case "xmpp": - xmppps := new(protocol.XMPPProtocolScanner) - xmppps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "bitcoin" - case "bitcoin": - bps := new(protocol.BitcoinProtocolScanner) - bps.ScanProtocol(report.HiddenService, os.Config, report) - report.NextAction = "none" - case "none": - return - default: - report.NextAction = "web" - } -} - func (os *OnionScan) Scan(hiddenService string, out chan *report.OnionScanReport) { // Remove Extra Prefix From 3e54284902f3229e81f2e5578215f5760c0a8673 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Fri, 21 Oct 2016 19:32:09 -0400 Subject: [PATCH 07/11] Remote Desktop Protocol --- onionscan/onionscan.go | 12 +----------- report/onionscanreport.go | 19 +++---------------- 2 files changed, 4 insertions(+), 27 deletions(-) diff --git a/onionscan/onionscan.go b/onionscan/onionscan.go index a75c32f..49f6e51 100644 --- a/onionscan/onionscan.go +++ b/onionscan/onionscan.go @@ -48,7 +48,7 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport, nextActio case "irc": ips := new(protocol.IRCProtocolScanner) ips.ScanProtocol(report.HiddenService, os.Config, report) - case "rdp": + case "irc": rdps := new(protocol.RDPProtocolScanner) rdps.ScanProtocol(report.HiddenService, os.Config, report) case "ricochet": @@ -91,7 +91,6 @@ func (os *OnionScan) Scan(hiddenService string, out chan *report.OnionScanReport report := report.NewOnionScanReport(hiddenService) -<<<<<<< HEAD for _, nextAction := range os.Config.Scans { err := os.PerformNextAction(report, nextAction) if err != nil { @@ -108,15 +107,6 @@ func (os *OnionScan) Scan(hiddenService string, out chan *report.OnionScanReport } else { report.NextAction = "none" } -======= - for report.NextAction != "none" { - os.PerformNextAction(report) - if time.Now().Sub(report.DateScanned).Seconds() > os.Config.Timeout.Seconds() { - report.TimedOut = true - report.NextAction = "none" - } - } ->>>>>>> upstream/master out <- report } diff --git a/report/onionscanreport.go b/report/onionscanreport.go index 2e60c24..79540ee 100644 --- a/report/onionscanreport.go +++ b/report/onionscanreport.go @@ -30,8 +30,8 @@ type OnionScanReport struct { WebDetected bool `json:"webDetected"` TLSDetected bool `json:"tlsDetected"` SSHDetected bool `json:"sshDetected"` - RDPDetected bool `json:"rdpDetected"` RicochetDetected bool `json:"ricochetDetected"` + RDPDetected bool `json:"rdpDetected"` IRCDetected bool `json:"ircDetected"` FTPDetected bool `json:"ftpDetected"` SMTPDetected bool `json:"smtpDetected"` @@ -51,8 +51,7 @@ type OnionScanReport struct { Certificates []x509.Certificate `json:"certificates"` // Bitcoin - BitcoinAddresses []string `json:"bitcoinAddresses"` - BitcoinServices map[string]*BitcoinService `json:"bitcoinServices"` + BitcoinServices map[string]*BitcoinService `json:"bitcoinServices"` // SSH SSHKey string `json:"sshKey"` @@ -66,20 +65,8 @@ type OnionScanReport struct { SMTPFingerprint string `json:"smtpFingerprint"` SMTPBanner string `json:"smtpBanner"` - ProtocolInfoList []ProtocolInfo `json::"protocolInfoList"` - NextAction string `json:"lastAction"` - TimedOut bool `json:"timedOut"` -} - -type ProtocolInfo struct { - Type string `json:"type"` - Port uint `json:"port:` - Info interface{} `json:"info"` -} - -func (osr *OnionScanReport) AddProtocolInfo(protocolType string, protocolPort uint, protocolInfo interface{}) { - osr.ProtocolInfoList = append(osr.ProtocolInfoList, ProtocolInfo{protocolType, protocolPort, protocolInfo}) + TimedOut bool } func LoadReportFromFile(filename string) (OnionScanReport, error) { From b70d6806332625cbf6ebde1a5fc712b34f678cc8 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Fri, 21 Oct 2016 19:40:12 -0400 Subject: [PATCH 08/11] Remote Desktop Protocol --- onionscan/onionscan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/onionscan/onionscan.go b/onionscan/onionscan.go index 49f6e51..496e9f8 100644 --- a/onionscan/onionscan.go +++ b/onionscan/onionscan.go @@ -48,7 +48,7 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport, nextActio case "irc": ips := new(protocol.IRCProtocolScanner) ips.ScanProtocol(report.HiddenService, os.Config, report) - case "irc": + case "rdp": rdps := new(protocol.RDPProtocolScanner) rdps.ScanProtocol(report.HiddenService, os.Config, report) case "ricochet": From dafdc82ef4995fadb58840aa8b81ed893e40ce38 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Sat, 22 Oct 2016 16:40:17 -0400 Subject: [PATCH 09/11] Hypertext Transfer Protocol --- protocol/http_scanner.go | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/protocol/http_scanner.go b/protocol/http_scanner.go index 3a6c291..1eb6a41 100644 --- a/protocol/http_scanner.go +++ b/protocol/http_scanner.go @@ -4,7 +4,6 @@ import ( "fmt" "github.com/s-rah/onionscan/config" "github.com/s-rah/onionscan/report" - "github.com/s-rah/onionscan/spider" "github.com/s-rah/onionscan/utils" "net/http" @@ -31,18 +30,4 @@ func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, osc *config.O wps := new(spider.OnionSpider) wps.Crawl(report.HiddenService, osc, report) } - osc.LogInfo(fmt.Sprintf("Checking %s http(8080)\n", hiddenService)) - conn, err := utils.GetNetworkConnection(hiddenService, 8080, osc.TorProxyAddress, osc.Timeout) - if conn != nil { - conn.Close() - } - if err != nil { - osc.LogInfo("Failed to connect to service on port 8080\n") - report.WebDetected = false - } else { - osc.LogInfo("Found potential service on http(8080)\n") - report.WebDetected = true - wps := new(spider.OnionSpider) - wps.Crawl(report.HiddenService, osc, report) - } } From 1427b0287250acd52890a170531a3bdac472df75 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Sat, 22 Oct 2016 16:41:07 -0400 Subject: [PATCH 10/11] Secure Shell --- protocol/ssh_scanner.go | 49 ----------------------------------------- 1 file changed, 49 deletions(-) diff --git a/protocol/ssh_scanner.go b/protocol/ssh_scanner.go index d32ad73..e298cbd 100644 --- a/protocol/ssh_scanner.go +++ b/protocol/ssh_scanner.go @@ -66,53 +66,4 @@ func (sps *SSHProtocolScanner) ScanProtocol(hiddenService string, osc *config.On conn.Close() } } - osc.LogInfo(fmt.Sprintf("Checking %s ssh(2222)\n", hiddenService)) - conn, err := utils.GetNetworkConnection(hiddenService, 2222, osc.TorProxyAddress, osc.Timeout) - if err != nil { - osc.LogInfo("Failed to connect to service on port 2222\n") - report.SSHDetected = false - if conn != nil { - conn.Close() - } - } else { - // TODO SSH Checking - report.SSHDetected = true - - config := &ssh.ClientConfig{ - HostKeyCallback: func(hostname string, addr net.Addr, key ssh.PublicKey) error { - h := md5.New() - h.Write(key.Marshal()) - - fBytes := h.Sum(nil) - fingerprint := string("") - for i := 0; i < len(fBytes); i++ { - if i+1 != len(fBytes) { - fingerprint = fmt.Sprintf("%s%0.2x:", fingerprint, fBytes[i]) - } else { - fingerprint = fmt.Sprintf("%s%0.2x", fingerprint, fBytes[i]) - } - } - report.SSHKey = fingerprint - osc.LogInfo(fmt.Sprintf("Found SSH Key %s\n", fingerprint)) - // We don't want to continue - return errors.New("error") - }, - } - ssh.NewClientConn(conn, hiddenService+":2222", config) - if conn != nil { - conn.Close() - } - conn, err = utils.GetNetworkConnection(hiddenService, 2222, osc.TorProxyAddress, osc.Timeout) - if err == nil { - reader := bufio.NewReader(conn) - banner, err := reader.ReadString('\n') - if err == nil { - report.SSHBanner = banner - osc.LogInfo(fmt.Sprintf("Found SSH Banner: %s", banner)) - } - } - if conn != nil { - conn.Close() - } - } } From f95df2ae804eeaf402b131c3e183cb8406fcfa86 Mon Sep 17 00:00:00 2001 From: Scott Ainslie Date: Sat, 22 Oct 2016 16:41:52 -0400 Subject: [PATCH 11/11] Transport Layer Security --- protocol/tls_scanner.go | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/protocol/tls_scanner.go b/protocol/tls_scanner.go index 4161907..d8974d7 100644 --- a/protocol/tls_scanner.go +++ b/protocol/tls_scanner.go @@ -33,21 +33,4 @@ func (sps *TLSProtocolScanner) ScanProtocol(hiddenService string, osc *config.On if conn != nil { conn.Close() } - osc.LogInfo(fmt.Sprintf("Checking %s TLS(8443)\n", hiddenService)) - conn, err := utils.GetNetworkConnection(hiddenService, 8443, osc.TorProxyAddress, osc.Timeout) - if err != nil { - osc.LogInfo("Failed to connect to service on port 8443\n") - report.TLSDetected = false - } else { - osc.LogInfo("Found TLS Endpoint\n") - report.TLSDetected = true - config := &tls.Config{ - InsecureSkipVerify: true, - } - tlsConn := tls.Client(conn, config) - tlsConn.Write([]byte("GET / HTTP/1.1\r\n\r\n")) - for _, certificate := range tlsConn.ConnectionState().PeerCertificates { - report.Certificates = append(report.Certificates, *certificate) - } - tlsConn.Close() }