add MySQL module

[justinbastress]

What it does:

• Add mysql zgrab2 module
• Generic TLS grab
  • Add tls.go, abstracting TLS configuration / scanning / output
  • Let ZGrab drive the TLS handshake
    1. The module's Scan() method uses the mysql driver
    2. If the server supports TLS, use the zgrab2 TLS APIs to do the scan based on the input flags
• Add zschema schemas
• Add travis integration
  • Pull down mysql docker containers to test against
  • Run zschema validation on output

How to test

When changes are published, Travis will automatically run the integration tests, but it's straightforward to run them manually:

1. Pull down any requirements (see before_install and before_scripts in .travis.yml)

• e.g. https://github.com/jmespath/jp

2. Run start_mysql.sh
3. Run integration_tests.sh
4. Run cleanup_mysql.sh

Or, to directly run zgrab, set up a mysql container (see e.g. launch_mysql_container.sh), and run e.g.

• echo 127.0.0.1 | zgrab2 mysql --heartbleed --keep-client-logs --heartbeat-enabled

Notes / Caveats

• The debug-only tags are present in the mysql structs, but not in zcrypto or ssh
  • There is no custom JSON Marshaller to interpret these, either
• Only the mysql module has integration tests
• The scan statuses are currently very rudimentary (just success/fail)
• The TLS command-line flags are almost certainly not in their final form (e.g. array values take a comma-separated list, which is processed via a naive split)
• Future TODO: Include input configuration
  • It seems like this would be a good candidate for a zgrab-level result...i.e. drop the ScanFlags next to the result?

[justinbastress]

<removed ridiculously-long, no-longer-relevant snippets>

[zakird]

Do we need the "result" layer?

…

On Mon, Nov 27, 2017 at 4:13 PM, justinbastress ***@***.***> wrote: Sample output (SSL): time="2017-11-27T14:23:44-05:00" level=info msg="started grab at 2017-11-27T14:23:44-05:00" {"ip":"10.0.0.18","data":{"mysql":{"result":{"packet_log":[{"length":91,"sequence_number":0,"raw":"CjUuNy4yMC0wdWJ1bnR1MC4xNy4wNC4xACcAAAA8Dy5gDUZPAQD//wgCAP/BFQAAAAAAAAAAAAA3AXVXTRMmVmMDcX4AbXlzcWxfbmF0aXZlX3Bhc3N3b3JkAA==","parsed":{"protocol_version":10,"server_version":"5.7.20-0ubuntu0.17.04.1","connection_id":39,"auth_plugin_data_part_1":"\u003c\u000f.`\rFO\u0001","character_set":8,"short_handshake":false,"status_flags":2,"auth_plugin_data_len":21,"reserved":"AAAAAAAAAAAAAA==","auth_plugin_data_part_2":"7\u0001uWM\u0013\u0026Vc\u0003q~\u0000","auth_plugin_name":"mysql_native_password\u0000","capability_flags":3254779903}},{"length":32,"sequence_number":1,"raw":"AAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=","parsed":{"capability_flags":2048,"max_packet_size":0,"character_set":0,"reserved":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}}],"tls_handshake":{"client_hello":{"version":{"name":"TLSv1.2","value":771},"random":"IbFyoL21jlI83+LmD7OYEPpL+uXaOlY3LPNptHkjkVo=","cipher_suites":[{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},{"hex":"0xC02B","name":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","value":49195},{"hex":"0xC011","name":"TLS_ECDHE_RSA_WITH_RC4_128_SHA","value":49169},{"hex":"0xC007","name":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","value":49159},{"hex":"0xC013","name":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","value":49171},{"hex":"0xC009","name":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","value":49161},{"hex":"0xC014","name":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","value":49172},{"hex":"0xC00A","name":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","value":49162},{"hex":"0x0005","name":"TLS_RSA_WITH_RC4_128_SHA","value":5},{"hex":"0x002F","name":"TLS_RSA_WITH_AES_128_CBC_SHA","value":47},{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},{"hex":"0xC012","name":"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","value":49170},{"hex":"0x000A","name":"TLS_RSA_WITH_3DES_EDE_CBC_SHA","value":10}],"compression_methods":[{"hex":"0x00","name":"NULL","value":0}],"ocsp_stapling":true,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false,"next_protocol_negotiation":false,"scts":false,"supported_curves":[{"hex":"0x0017","name":"secp256r1","value":23},{"hex":"0x0018","name":"secp384r1","value":24},{"hex":"0x0019","name":"secp521r1","value":25}],"supported_point_formats":[{"hex":"0x00","name":"uncompressed","value":0}],"signature_and_hashes":[{"signature_algorithm":"rsa","hash_algorithm":"sha256"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha256"},{"signature_algorithm":"rsa","hash_algorithm":"sha1"},{"signature_algorithm":"ecdsa","hash_algorithm":"sha1"}],"sct_enabled":false},"server_hello":{"version":{"name":"TLSv1.1","value":770},"random":"pjbg3GBkfJn9U9rVaAK+UZCIgzNIDbhWvr0y+qSEFyM=","session_id":"TvxBrT8wqBVq7vTM00D9Y/un7XcWlZaXwYWAToqfiVw=","cipher_suite":{"hex":"0x0035","name":"TLS_RSA_WITH_AES_256_CBC_SHA","value":53},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":false,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNRTF9TZXJ2ZXJfNS43LjIwX0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4XDTE3MTEyMTE5MDMyMloXDTI3MTExOTE5MDMyMlowQDE+MDwGA1UEAww1TXlTUUxfU2VydmVyXzUuNy4yMF9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfowhTqdZHY9lfSNy7vUovK10IkUmPxX1RKScsI5QXXqmF3JkhSIXzJCUqmD1i6Nvq0X/kmkB6FLyUjJlbqPAbzKgknSDlWsegbKgGCJV4n3Q6PAw034o0zQDZ43zdWQzBQzw606zMJMmSe1iQ/5SQtNG005B8O8UrPAg9rggpdHSq2TLqlexLJaVl3yg2qHYn0SIp8sMbt5LzeygnzvR4gvtDnY8mlagEYZQL0TBTVTQW057EEXBVrE/xswcfYDvs2iUO8pzGkEI/uxzkjvr6oCsTY7rW3F2VK2JhllIB9nV5BfUZ1Qr0lWEHqjp8/qBzjd/5tmJ8rpCPaqTIcDuVAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBACfEQGRbYK5HSWtgFLGbEJfXjdZgOyb9NSQtwcE9XHaFLqPXCsgqr7XNIaoYDu5OR5G3Fazxh2c1X2LSHTDzv5BRvzDf1/apfG2HUCRQKRKaTSGYxzrH1luwh4EJQiJ6NoaLK16Nxg00Sse59Cq3fuJ10+ELlSnIgy+1BSyGmZOmhzsMIDCYlKeAkwy/mg5YrrrJtPgNbBuLmZwnA1FCk6DtqNX2aFEcalLbSAZUv5aBfqWKlOfc3zL/+J0okYeffvdpdu58eHfnOKS0g0O1iJuYDWvhcoTyy38PybMnj+OGwfuW0RLjby52pqGwkMV36+5Faclnsyn+4xdRJ7NZ6xw=","parsed":{"version":3,"serial_number":"2","signature_algorithm":{"name":"SHA256WithRSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["MySQL_Server_5.7.20_Auto_Generated_CA_Certificate"]},"issuer_dn":"CN=MySQL_Server_5.7.20_Auto_Generated_CA_Certificate","validity":{"start":"2017-11-21T19:03:22Z","end":"2027-11-19T19:03:22Z","length":315360000},"subject":{"common_name":["MySQL_Server_5.7.20_Auto_Generated_Server_Certificate"]},"subject_dn":"CN=MySQL_Server_5.7.20_Auto_Generated_Server_Certificate","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"36MIU6nWR2PZX0jcu71KLytdCJFJj8V9USknLCOUF16phdyZIUiF8yQlKpg9Yujb6tF/5JpAehS8lIyZW6jwG8yoJJ0g5VrHoGyoBgiVeJ90OjwMNN+KNM0A2eN83VkMwUM8OtOszCTJkntYkP+UkLTRtNOQfDvFKzwIPa4IKXR0qtky6pXsSyWlZd8oNqh2J9EiKfLDG7eS83soJ870eIL7Q52PJpWoBGGUC9EwU1U0FtOexBFwVaxP8bMHH2A77NolDvKcxpBCP7sc5I76+qArE2O61txdlStiYZZSAfZ1eQX1GdUK9JVhB6o6fP6gc43f+bZifK6Qj2qkyHA7lQ==","length":2048},"fingerprint_sha256":"6d26b9eb1f011811c34415c0f321370ecd385769034ca19b7777d9cf2ed5040d"},"extensions":{"basic_constraints":{"is_ca":false}},"signature":{"signature_algorithm":{"name":"SHA256WithRSA","oid":"1.2.840.113549.1.1.11"},"value":"J8RAZFtgrkdJa2AUsZsQl9eN1mA7Jv01JC3BwT1cdoUuo9cKyCqvtc0hqhgO7k5HkbcVrPGHZzVfYtIdMPO/kFG/MN/X9ql8bYdQJFApEppNIZjHOsfWW7CHgQlCIno2hosrXo3GDTRKx7n0Krd+4nXT4QuVKciDL7UFLIaZk6aHOwwgMJiUp4CTDL+aDliuusm0+A1sG4uZnCcDUUKToO2o1fZoURxqUttIBlS/loF+pYqU59zfMv/4nSiRh59+92l27nx4d+c4pLSDQ7WIm5gNa+FyhPLLfw/JsyeP44bB+5bREuNvLnamobCQxXfr7kVpyWezKf7jF1Ens1nrHA==","valid":false,"self_signed":false},"fingerprint_md5":"7e75ed7ea7484e8d4e56c03080e58278","fingerprint_sha1":"498e5ff2968e28536b9f07830681264e8aaba0f4","fingerprint_sha256":"2510d5cd6e260d4c045bb2b8fec7b91015b8c9a5d6b56399b207356c7cd401ea","tbs_noct_fingerprint":"87756e5985f5939ff53f9b46c03672ba31286ef687b68318a9559006833be796","spki_subject_fingerprint":"f7273be2102c5d76f743928ea787104f6b35203fa8c294be208213bca015d8f8","tbs_fingerprint":"87756e5985f5939ff53f9b46c03672ba31286ef687b68318a9559006833be796","validation_level":"unknown","redacted":false}},"validation":{"browser_trusted":false,"browser_error":"x509: failed to load system roots and no roots provided"}},"client_key_exchange":{"rsa_params":{"length":256,"encrypted_pre_master_secret":"xblN2ZXNEss27HRwIBrO1ISldbe52/efA0BY9yt8TqKNSnB7mw4WFiCBXElPYKpt5m7BUakczctXSQInsjurlZafTZO7C39WNruOytcg8njzXErxYFDpV/9ERrSaim+R4wIucHOljRcA9mBTrXbFrhL0f2Ax8WHfRsvq0OfIFEde3Ju9hmYZDc5ZHVCgF/+dMM/esmcynkM70O/ojGxLm4rUmdkHnaT9oEjSl4Z8GeCvQm9PphlrWdlGC34t4c0oQb24CJWWb6a3wKCHqB8zkHdUrg7cInEvuePg5R4vO4kPnHko8ITddRfGSGyh++uNXqnmCYLFUbJfCRJCAX28Dg=="}},"client_finished":{"verify_data":"S0NRJPaRtPOVu7wy"},"server_finished":{"verify_data":"AfHvMUrheXTzg16s"},"key_material":{"master_secret":{"value":"JLetZ7mYwLWmFzsvLPTBD3Rd37LyAS07nB4OA4ThVtQ17tVjcBmHE2Rb68sF+cTA","length":48},"pre_master_secret":{"value":"AwO9xTGN7+fTKjD9f/d4Ulw5KCP+bWzIIR9LfD9kc9kVDouooRbvSEmjQTb9OB4z","length":48}}}},"time":"2017-11-27T14:23:44-05:00"}}} time="2017-11-27T14:23:44-05:00" level=info msg="finished grab at 2017-11-27T14:23:44-05:00" {"statuses":{"mysql":{"successes":1,"failures":0}},"start":"2017-11-27T14:23:44-05:00","end":"2017-11-27T14:23:44-05:00","duration":"32.5882ms"} Pretty-printed: { "ip": "10.0.0.18", "data": { "mysql": { "result": { "packet_log": [ { "length": 91, "sequence_number": 0, "raw": "CjUuNy4yMC0wdWJ1bnR1MC4xNy4wNC4xACcAAAA8Dy5gDUZPAQD\/\/wgCAP\/BFQAAAAAAAAAAAAA3AXVXTRMmVmMDcX4AbXlzcWxfbmF0aXZlX3Bhc3N3b3JkAA==", "parsed": { "protocol_version": 10, "server_version": "5.7.20-0ubuntu0.17.04.1", "connection_id": 39, "auth_plugin_data_part_1": "<\u000f.`\rFO\u0001", "character_set": 8, "short_handshake": false, "status_flags": 2, "auth_plugin_data_len": 21, "reserved": "AAAAAAAAAAAAAA==", "auth_plugin_data_part_2": "7\u0001uWM\u0013&Vc\u0003q~\u0000", "auth_plugin_name": "mysql_native_password\u0000", "capability_flags": 3254779903 } }, { "length": 32, "sequence_number": 1, "raw": "AAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", "parsed": { "capability_flags": 2048, "max_packet_size": 0, "character_set": 0, "reserved": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } } ], "tls_handshake": { "client_hello": { "version": { "name": "TLSv1.2", "value": 771 }, "random": "IbFyoL21jlI83+LmD7OYEPpL+uXaOlY3LPNptHkjkVo=", "cipher_suites": [ { "hex": "0xC02F", "name": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "value": 49199 }, { "hex": "0xC02B", "name": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "value": 49195 }, { "hex": "0xC011", "name": "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "value": 49169 }, { "hex": "0xC007", "name": "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "value": 49159 }, { "hex": "0xC013", "name": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "value": 49171 }, { "hex": "0xC009", "name": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "value": 49161 }, { "hex": "0xC014", "name": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "value": 49172 }, { "hex": "0xC00A", "name": "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "value": 49162 }, { "hex": "0x0005", "name": "TLS_RSA_WITH_RC4_128_SHA", "value": 5 }, { "hex": "0x002F", "name": "TLS_RSA_WITH_AES_128_CBC_SHA", "value": 47 }, { "hex": "0x0035", "name": "TLS_RSA_WITH_AES_256_CBC_SHA", "value": 53 }, { "hex": "0xC012", "name": "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "value": 49170 }, { "hex": "0x000A", "name": "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "value": 10 } ], "compression_methods": [ { "hex": "0x00", "name": "NULL", "value": 0 } ], "ocsp_stapling": true, "ticket": false, "secure_renegotiation": true, "heartbeat": false, "extended_master_secret": false, "next_protocol_negotiation": false, "scts": false, "supported_curves": [ { "hex": "0x0017", "name": "secp256r1", "value": 23 }, { "hex": "0x0018", "name": "secp384r1", "value": 24 }, { "hex": "0x0019", "name": "secp521r1", "value": 25 } ], "supported_point_formats": [ { "hex": "0x00", "name": "uncompressed", "value": 0 } ], "signature_and_hashes": [ { "signature_algorithm": "rsa", "hash_algorithm": "sha256" }, { "signature_algorithm": "ecdsa", "hash_algorithm": "sha256" }, { "signature_algorithm": "rsa", "hash_algorithm": "sha1" }, { "signature_algorithm": "ecdsa", "hash_algorithm": "sha1" } ], "sct_enabled": false }, "server_hello": { "version": { "name": "TLSv1.1", "value": 770 }, "random": "pjbg3GBkfJn9U9rVaAK+UZCIgzNIDbhWvr0y+qSEFyM=", "session_id": "TvxBrT8wqBVq7vTM00D9Y\/un7XcWlZaXwYWAToqfiVw=", "cipher_suite": { "hex": "0x0035", "name": "TLS_RSA_WITH_AES_256_CBC_SHA", "value": 53 }, "compression_method": 0, "ocsp_stapling": false, "ticket": false, "secure_renegotiation": false, "heartbeat": false, "extended_master_secret": false }, "server_certificates": { "certificate": { "raw": "MIIDBDCCAeygAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNRTF9TZXJ2ZXJfNS43LjIwX0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4XDTE3MTEyMTE5MDMyMloXDTI3MTExOTE5MDMyMlowQDE+MDwGA1UEAww1TXlTUUxfU2VydmVyXzUuNy4yMF9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfowhTqdZHY9lfSNy7vUovK10IkUmPxX1RKScsI5QXXqmF3JkhSIXzJCUqmD1i6Nvq0X\/kmkB6FLyUjJlbqPAbzKgknSDlWsegbKgGCJV4n3Q6PAw034o0zQDZ43zdWQzBQzw606zMJMmSe1iQ\/5SQtNG005B8O8UrPAg9rggpdHSq2TLqlexLJaVl3yg2qHYn0SIp8sMbt5LzeygnzvR4gvtDnY8mlagEYZQL0TBTVTQW057EEXBVrE\/xswcfYDvs2iUO8pzGkEI\/uxzkjvr6oCsTY7rW3F2VK2JhllIB9nV5BfUZ1Qr0lWEHqjp8\/qBzjd\/5tmJ8rpCPaqTIcDuVAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBACfEQGRbYK5HSWtgFLGbEJfXjdZgOyb9NSQtwcE9XHaFLqPXCsgqr7XNIaoYDu5OR5G3Fazxh2c1X2LSHTDzv5BRvzDf1\/apfG2HUCRQKRKaTSGYxzrH1luwh4EJQiJ6NoaLK16Nxg00Sse59Cq3fuJ10+ELlSnIgy+1BSyGmZOmhzsMIDCYlKeAkwy\/mg5YrrrJtPgNbBuLmZwnA1FCk6DtqNX2aFEcalLbSAZUv5aBfqWKlOfc3zL\/+J0okYeffvdpdu58eHfnOKS0g0O1iJuYDWvhcoTyy38PybMnj+OGwfuW0RLjby52pqGwkMV36+5Faclnsyn+4xdRJ7NZ6xw=", "parsed": { "version": 3, "serial_number": "2", "signature_algorithm": { "name": "SHA256WithRSA", "oid": "1.2.840.113549.1.1.11" }, "issuer": { "common_name": [ "MySQL_Server_5.7.20_Auto_Generated_CA_Certificate" ] }, "issuer_dn": "CN=MySQL_Server_5.7.20_Auto_Generated_CA_Certificate", "validity": { "start": "2017-11-21T19:03:22Z", "end": "2027-11-19T19:03:22Z", "length": 315360000 }, "subject": { "common_name": [ "MySQL_Server_5.7.20_Auto_Generated_Server_Certificate" ] }, "subject_dn": "CN=MySQL_Server_5.7.20_Auto_Generated_Server_Certificate", "subject_key_info": { "key_algorithm": { "name": "RSA" }, "rsa_public_key": { "exponent": 65537, "modulus": "36MIU6nWR2PZX0jcu71KLytdCJFJj8V9USknLCOUF16phdyZIUiF8yQlKpg9Yujb6tF\/5JpAehS8lIyZW6jwG8yoJJ0g5VrHoGyoBgiVeJ90OjwMNN+KNM0A2eN83VkMwUM8OtOszCTJkntYkP+UkLTRtNOQfDvFKzwIPa4IKXR0qtky6pXsSyWlZd8oNqh2J9EiKfLDG7eS83soJ870eIL7Q52PJpWoBGGUC9EwU1U0FtOexBFwVaxP8bMHH2A77NolDvKcxpBCP7sc5I76+qArE2O61txdlStiYZZSAfZ1eQX1GdUK9JVhB6o6fP6gc43f+bZifK6Qj2qkyHA7lQ==", "length": 2048 }, "fingerprint_sha256": "6d26b9eb1f011811c34415c0f321370ecd385769034ca19b7777d9cf2ed5040d" }, "extensions": { "basic_constraints": { "is_ca": false } }, "signature": { "signature_algorithm": { "name": "SHA256WithRSA", "oid": "1.2.840.113549.1.1.11" }, "value": "J8RAZFtgrkdJa2AUsZsQl9eN1mA7Jv01JC3BwT1cdoUuo9cKyCqvtc0hqhgO7k5HkbcVrPGHZzVfYtIdMPO\/kFG\/MN\/X9ql8bYdQJFApEppNIZjHOsfWW7CHgQlCIno2hosrXo3GDTRKx7n0Krd+4nXT4QuVKciDL7UFLIaZk6aHOwwgMJiUp4CTDL+aDliuusm0+A1sG4uZnCcDUUKToO2o1fZoURxqUttIBlS\/loF+pYqU59zfMv\/4nSiRh59+92l27nx4d+c4pLSDQ7WIm5gNa+FyhPLLfw\/JsyeP44bB+5bREuNvLnamobCQxXfr7kVpyWezKf7jF1Ens1nrHA==", "valid": false, "self_signed": false }, "fingerprint_md5": "7e75ed7ea7484e8d4e56c03080e58278", "fingerprint_sha1": "498e5ff2968e28536b9f07830681264e8aaba0f4", "fingerprint_sha256": "2510d5cd6e260d4c045bb2b8fec7b91015b8c9a5d6b56399b207356c7cd401ea", "tbs_noct_fingerprint": "87756e5985f5939ff53f9b46c03672ba31286ef687b68318a9559006833be796", "spki_subject_fingerprint": "f7273be2102c5d76f743928ea787104f6b35203fa8c294be208213bca015d8f8", "tbs_fingerprint": "87756e5985f5939ff53f9b46c03672ba31286ef687b68318a9559006833be796", "validation_level": "unknown", "redacted": false } }, "validation": { "browser_trusted": false, "browser_error": "x509: failed to load system roots and no roots provided" } }, "client_key_exchange": { "rsa_params": { "length": 256, "encrypted_pre_master_secret": "xblN2ZXNEss27HRwIBrO1ISldbe52\/efA0BY9yt8TqKNSnB7mw4WFiCBXElPYKpt5m7BUakczctXSQInsjurlZafTZO7C39WNruOytcg8njzXErxYFDpV\/9ERrSaim+R4wIucHOljRcA9mBTrXbFrhL0f2Ax8WHfRsvq0OfIFEde3Ju9hmYZDc5ZHVCgF\/+dMM\/esmcynkM70O\/ojGxLm4rUmdkHnaT9oEjSl4Z8GeCvQm9PphlrWdlGC34t4c0oQb24CJWWb6a3wKCHqB8zkHdUrg7cInEvuePg5R4vO4kPnHko8ITddRfGSGyh++uNXqnmCYLFUbJfCRJCAX28Dg==" } }, "client_finished": { "verify_data": "S0NRJPaRtPOVu7wy" }, "server_finished": { "verify_data": "AfHvMUrheXTzg16s" }, "key_material": { "master_secret": { "value": "JLetZ7mYwLWmFzsvLPTBD3Rd37LyAS07nB4OA4ThVtQ17tVjcBmHE2Rb68sF+cTA", "length": 48 }, "pre_master_secret": { "value": "AwO9xTGN7+fTKjD9f\/d4Ulw5KCP+bWzIIR9LfD9kc9kVDouooRbvSEmjQTb9OB4z", "length": 48 } } } }, "time": "2017-11-27T14:23:44-05:00" } } } — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#23 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAMSUN9AZrklq0D9MnRYj6fGc_zvtgyEks5s6yX0gaJpZM4QsDOm> .

[justinbastress]

@zakird You mean, could the SSL / MySQL transaction dump be pushed a layer up, or actually removing/paring down the content contained in result?

The former would require refactoring zgrab2; it takes the JSON object returned by the Scan() method and drops it into the "result" field.

Paring it down on the other hand would of course be simople -- e.g. it could be something as simple as { "mysql_server_version": "5.7.20-0ubuntu0.17.04.1", "tls_allowed": true }; I went for the shotgun approach and included everything I could, under the assumption that any unneeded data would just be ignored.

[dadrian]

Some initial comments.

Could you give a quick description of the relationships between the interfaces in mysql.go and what they're used for?

[dadrian]

Where did the MySQL code come from? Is it largely copy-pasted from one of the libraries, or is it written yourself based on the RFC?

[justinbastress]

This was all written myself, though the consts were copied from the go mysql driver.

[dadrian]

Are these in an RFC, or are they just a construct in this "library"?

[justinbastress]

These were copied from the go driver, and referenced in the client spec (I should have added a link to that, will do)

• Add link to reference guide

[dadrian]

This isn't really a new config given that it modifies base.

[justinbastress]

True. InitConfig is probably less misleading.

• Rename

[dadrian]

This could maybe be a function return TLSHandshake != nil? I could see either way

[justinbastress]

That’s probably safer. Less opportunity for forgetting to set/reset it.

• Make IsSecure a method

[dadrian]

There aren't normally underscores in types. Are you matching to an RFC or something here?

[justinbastress]

Sort of — the OK_Packet/ERR_Packet had underscores in the reference manual, but Handshake did not. Since it’s already straying from the spec, it sounds like OKPacket, ERRPacket (or ErrPacket, or ErrorPacket), HandshakePacket would be just as consistent with the spec, and more consistent with Go

• Rename

[dadrian]

Is protocol version zero a thing? Otherwise I'd omitempty

[dadrian]

Is there anything in Handshake_Packet that really shouldn't have omitempty?

[justinbastress]

Certainly the non-length integers (character set, protocol version, etc) should be included even if they are 0, right?

For length integers and strings, my thinking is as above — but omitting empties there wouldn’t be a serious problem.

[dadrian]

s/buily/built

[justinbastress]

• Fix this

[dadrian]

I'm not sure I follow why this exists. What's the goal with GetDescription()?

[justinbastress]

After looking at some other zgrab code, it probably shouldn’t. The JSON attributes in the struct definition achieve what I was going for here.

• Remove

[dadrian]

I would probably ignore reserved, and/or only output it if it's not 00000....

[justinbastress]

• Selectively output

[dadrian]

We'll need to convert packet_log to be a dict instead of a list, but aside from that looks pretty good. I'll try to get you copyright information.

[dadrian]

@ajholland If you want to do a quick pass on this and confirm we're using the framework correctly, that'd be great.

[justinbastress]

@dadrian The ConnectionLog is now a dict rather than a list; and now MySQLScanResults is just an alias for that (so you get results: { handshake: { ... }, tls_handshake: { ... }, ... } instead of e.g. results: { connection_log: { handshake :{ ... }, tls_handshake: { ... }, ... } })

[ajholland]

lgtm

[zakird]

@justinbastress can you paste the current output structure?

[justinbastress]

@zakird
Latest format, with a variety of scenarios (I tossed the individual responses into a JSON array to do the pretty-print in one shot):

[zakird]

Some notes:

                     "sql_state_marker":"",
                     "sql_state":"",

looks like both of those should be ignore if null

[zakird]

"time":"2017-12-05T15:48:58-05:00"

Is that timestamp needed, or do we already have that in an outer record?

[justinbastress]

@zakird Last push added omitempty to a few more optional string fields (including the two you called out).
As for that time field, @dadrian noted that as well - that is added by the zgrab2 framework, presumably to get the time of that particular scan of that node/service. The result / error are what get returned by the module; the framework constructs the data object containing the results for each scan, containing the result/time/error for each service.

[justinbastress]

Tasks from meeting with @zakird and @dadrian:

• Add struct-field annotation to mark fields as debug-only (zgrab:"debug"?)
• Omit default reserved in SSLRequest
• Remove null terminator from strings (even those that are not defined to be NUL-terminated)
• Make StatusFlags, CapabilityFlags lists of consts rather than flags (e.g. "capability_flags": [ "CLIENT_SSL", "CLIENT_PROTOCOL_41" ] instead of "capability_flags": 0x82)

The following would probably be better suited to #25:

• Rename tls_handshake to tls
• Move heartbleed flags into their own object (similar to existing zgrab) that is omitted if heartbleed is not checked
• Include input configuration

And this would be a framework change (pretty small, but still beyond the scope of any single module):

• Instead of { result, error, time }, use { result, error, status, timestamp }, where status is one of a finite set of enumerated strings (connection timeout, connection rejected, IO timeout after connecting, TLS handshake failure, application error, ...)

[justinbastress]

Updated format, with items mentioned above:
removed

[andrewsardone]

Question (pull request commenting with a purpose)

@justinbastress, what's the purpose of this empty integration_tests.py?

[andrewsardone]

This is all really cool, @justinbastress! The code reads well and is put together quite nicely. 😻 seeing TravisCI run through these containers and validating the output.

If you're interested, I committed some minor changes up on origin/aps/feature/addMySQLZGrabModule. They're just some stylistic project hygiene around the gitignore, consolidating test scripts into a single directory, and adding a new protocl test scripts generator.

If you want these changes, feel free to pull them in from my branch:

# on your local feature/addMySQLZGrabModule branch
git fetch origin && git merge origin/aps/feature/addMySQLZGrabModule

[dadrian]

We should think about a better way to keep the ZCrypto and ZGrab schemas in sync.

[zakird]

@dadrian I started to build dependency management into ZSchema at one point. But it's not ready for use yet.

[zakird]

@andrewsardone anything you'd like to see, or this seem good from your perspective?

[andrewsardone]

@andrewsardone anything you'd like to see, or this seem good from your perspective?

This seems solid to me! Merge it in.