-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add custom regexp banner grabber #199
Conversation
modules/banner/scanner.go
Outdated
return zgrab2.TryGetScanStatus(err), nil, err | ||
} | ||
defer conn.Close() | ||
r := strings.NewReplacer(`\n`, "\n", `\r`, "\r", `\t`, "\t") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason for replacing just these, and not using e.g. JSON or another standard special-characters-in-strings format? I could see wanting to send a hex string, for example.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sending hex string would make sense. Initially I was just using it to send weird HTTP requests. The problem is refection.tag.get will convert everything to literal string. I can't seem to find a good way around it. Any suggestions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Repacling \x to non-literal in the last commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What you have is probably preferable to forcing hex input -- I was picturing something like json.Unmarshal([]byte("\"" + scanner.config.Probe + "\""), &scanner.config.Probe)
, so you could do e.g. --probe="GET /\r\n\r\n"
or --probe="GET /\u000A\u000D\u000A\u000D"
, but that may be more complicated than necessary.
The type of issue with the current implementation (as opposed to a standard escaped-string-decoding library call) is that e.g. "\\n"
-- which one would expect to send a literal \n
-- would here send a slash followed by a linebreak.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the problem with unmarshalled json is it only accepts unicode encoded hex string such as \u0000 not \x00. I'll work on it from another angle maybe using regexp replace
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright, problem fixed. Although triple escape is a bit annoying but I like this solution much better.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it possible to send binary data as a probe request? For example, [most] RDP services can be identified by sending and receiving a specific value. echo 0300000b06e0000000000 | xxd -r -p | nc 192.168.1.2 3389
. Listening servers respond with \x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00
copy paste mistake Co-Authored-By: AnthraX1 <AnthraX1@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ummm does not seem to work this way.
Co-Authored-By: AnthraX1 <AnthraX1@users.noreply.github.com>
Sometimes the solution is much simpler and elegant than you thought...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
merge? |
New Banner module that can grab banner and match against a custom regexp. It will still get the banner and create protocol error If "--pattern" is defined and the results did not match.
options:
How to Test
echo 'google.com'|./zgrab2 banner -p 80 --pattern="asfgqwg" --probe "GET / \n\n"
Should output {"domain":"google.com","data":{"banner":{"status":"protocol-error","protocol":"banner","result":{"banner":"HTTP/1.0 .... ","error":"pattern did not match"}}}
echo 'google.com'|./zgrab2 banner -p 80 --pattern="HTTP" --probe "GET / \n\n"
Should output ... "data":{"banner":{"status":"success" ....
Notes & Caveats
Still work in progress and I haven't got time to write proper tests...
Issue Tracking
Use issues page.