Add custom regexp banner grabber

[AnthraX1]

New Banner module that can grab banner and match against a custom regexp. It will still get the banner and create protocol error If "--pattern" is defined and the results did not match.

options:

      --probe=            Probe to send to the server. Use triple slashes
                                to escape, for example \\\n is literal \n
                                (default: \n)
      --pattern=          Pattern to match, must be valid regexp.
      --max-tries=       Number of tries for timeouts and connection
                                errors before giving up. (default: 1)

How to Test

echo 'google.com'|./zgrab2 banner -p 80 --pattern="asfgqwg" --probe "GET / \n\n"

Should output {"domain":"google.com","data":{"banner":{"status":"protocol-error","protocol":"banner","result":{"banner":"HTTP/1.0 .... ","error":"pattern did not match"}}}

echo 'google.com'|./zgrab2 banner -p 80 --pattern="HTTP" --probe "GET / \n\n"

Should output ... "data":{"banner":{"status":"success" ....

Notes & Caveats

Still work in progress and I haven't got time to write proper tests...

Issue Tracking

Use issues page.

[justinbastress]

Any reason for replacing just these, and not using e.g. JSON or another standard special-characters-in-strings format? I could see wanting to send a hex string, for example.

[AnthraX1]

Sending hex string would make sense. Initially I was just using it to send weird HTTP requests. The problem is refection.tag.get will convert everything to literal string. I can't seem to find a good way around it. Any suggestions?

[AnthraX1]

Repacling \x to non-literal in the last commit.

[justinbastress]

What you have is probably preferable to forcing hex input -- I was picturing something like json.Unmarshal([]byte("\"" + scanner.config.Probe + "\""), &scanner.config.Probe), so you could do e.g. --probe="GET /\r\n\r\n" or --probe="GET /\u000A\u000D\u000A\u000D", but that may be more complicated than necessary.

The type of issue with the current implementation (as opposed to a standard escaped-string-decoding library call) is that e.g. "\\n" -- which one would expect to send a literal \n -- would here send a slash followed by a linebreak.

[AnthraX1]

the problem with unmarshalled json is it only accepts unicode encoded hex string such as \u0000 not \x00. I'll work on it from another angle maybe using regexp replace

[AnthraX1]

Alright, problem fixed. Although triple escape is a bit annoying but I like this solution much better.

[aPatinthehat]

Would it possible to send binary data as a probe request? For example, [most] RDP services can be identified by sending and receiving a specific value. echo 0300000b06e0000000000 | xxd -r -p | nc 192.168.1.2 3389. Listening servers respond with \x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00

[AnthraX1]

ummm does not seem to work this way.

[justinbastress]

Looks good to me.

[AnthraX1]

merge?