2016-04-12 06:02:06 +00:00
|
|
|
package protocol
|
|
|
|
|
|
|
|
|
|
import (
|
2016-05-03 14:31:56 +00:00
|
|
|
"github.com/s-rah/onionscan/config"
|
2016-04-12 06:02:06 +00:00
|
|
|
"github.com/s-rah/onionscan/report"
|
2016-04-24 17:28:59 +00:00
|
|
|
"github.com/s-rah/onionscan/scans"
|
|
|
|
|
"github.com/s-rah/onionscan/utils"
|
2016-04-12 06:02:06 +00:00
|
|
|
"h12.me/socks"
|
2016-04-24 17:28:59 +00:00
|
|
|
"io/ioutil"
|
2016-04-12 06:02:06 +00:00
|
|
|
"log"
|
2016-04-24 17:28:59 +00:00
|
|
|
"net/http"
|
2016-04-25 09:29:27 +00:00
|
|
|
"strings"
|
2016-04-12 06:02:06 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type HTTPProtocolScanner struct {
|
2016-04-24 17:28:59 +00:00
|
|
|
Client *http.Client
|
2016-04-12 06:02:06 +00:00
|
|
|
}
|
|
|
|
|
|
2016-04-24 17:28:59 +00:00
|
|
|
var (
|
|
|
|
|
CommonDirectories = []string{"/style", "/styles", "/css", "/uploads", "/images", "/img", "/static",
|
|
|
|
|
// Lots of Wordpress installs which don't lock down directory listings
|
|
|
|
|
"/wp-content/uploads",
|
|
|
|
|
// Common with torshops created onions
|
|
|
|
|
"/products", "/products/cat"}
|
|
|
|
|
)
|
|
|
|
|
|
2016-05-03 14:31:56 +00:00
|
|
|
func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, onionscanConfig *config.OnionscanConfig, report *report.OnionScanReport) {
|
2016-04-12 06:02:06 +00:00
|
|
|
|
|
|
|
|
// HTTP
|
|
|
|
|
log.Printf("Checking %s http(80)\n", hiddenService)
|
2016-06-07 06:29:29 +00:00
|
|
|
_, err := utils.GetNetworkConnection(hiddenService, 80, onionscanConfig.TorProxyAddress, onionscanConfig.Timeout)
|
2016-04-12 06:02:06 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Printf("Failed to connect to service on port 80\n")
|
2016-05-23 08:38:10 +00:00
|
|
|
report.WebDetected = false
|
|
|
|
|
return
|
2016-04-12 06:02:06 +00:00
|
|
|
} else {
|
|
|
|
|
log.Printf("Found potential service on http(80)\n")
|
2016-04-25 02:46:28 +00:00
|
|
|
report.WebDetected = true
|
2016-05-03 14:31:56 +00:00
|
|
|
dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)
|
2016-04-12 06:02:06 +00:00
|
|
|
transportConfig := &http.Transport{
|
|
|
|
|
Dial: dialSocksProxy,
|
|
|
|
|
}
|
2016-06-07 06:29:29 +00:00
|
|
|
hps.Client = &http.Client{Transport: transportConfig, Timeout: onionscanConfig.Timeout}
|
2016-04-12 06:02:06 +00:00
|
|
|
// FIXME This should probably be moved to it's own file now.
|
|
|
|
|
response, err := hps.Client.Get("http://" + hiddenService)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Printf("Failed to connect to service on port 80\n")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-25 09:29:27 +00:00
|
|
|
// Reading all http headers
|
|
|
|
|
log.Printf("HTTP response headers: %s\n", report.ServerVersion)
|
|
|
|
|
responseHeaders := response.Header
|
|
|
|
|
for key := range responseHeaders {
|
|
|
|
|
value := responseHeaders.Get(key)
|
2016-04-25 09:29:27 +00:00
|
|
|
// normalize by strings.ToUpper(key) to avoid case sensitive checking
|
|
|
|
|
report.AddResponseHeader(strings.ToUpper(key), value)
|
|
|
|
|
log.Printf("\t%s : %s\n", strings.ToUpper(key), value)
|
2016-04-25 09:29:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
report.ServerVersion = responseHeaders.Get("Server")
|
2016-04-12 06:02:06 +00:00
|
|
|
|
|
|
|
|
// Apache mod-status Check
|
|
|
|
|
hps.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus)
|
|
|
|
|
hps.ScanPage(hiddenService, "/", report, scans.StandardPageScan)
|
|
|
|
|
|
2016-06-05 18:54:01 +00:00
|
|
|
if onionscanConfig.Fingerprint == false {
|
|
|
|
|
log.Printf("\tScanning Common and Referenced Directories\n")
|
|
|
|
|
directories := append(CommonDirectories, report.PageReferencedDirectories...)
|
|
|
|
|
utils.RemoveDuplicates(&directories)
|
|
|
|
|
|
|
|
|
|
for _, directory := range directories {
|
|
|
|
|
hps.ScanPage(hiddenService, directory, report, scans.CheckDirectoryListing(onionscanConfig.DirectoryDepth))
|
|
|
|
|
}
|
2016-04-24 17:28:59 +00:00
|
|
|
}
|
2016-04-12 06:02:06 +00:00
|
|
|
}
|
|
|
|
|
log.Printf("\n")
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-24 17:28:59 +00:00
|
|
|
func (hps *HTTPProtocolScanner) ScanPage(hiddenService string, page string, report *report.OnionScanReport, f func(scans.Scanner, string, int, string, *report.OnionScanReport)) {
|
2016-05-26 09:44:55 +00:00
|
|
|
_, contents, responseCode := hps.ScrapePage(hiddenService, page)
|
|
|
|
|
f(hps, page, responseCode, string(contents), report)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (hps *HTTPProtocolScanner) ScrapePage(hiddenService string, page string) (error, []byte, int) {
|
2016-05-24 10:13:00 +00:00
|
|
|
if !strings.Contains(page, utils.WithoutSubdomains(hiddenService)) {
|
2016-05-26 09:44:55 +00:00
|
|
|
if !strings.HasPrefix(page, "/") {
|
|
|
|
|
page = "/" + page
|
|
|
|
|
}
|
2016-05-24 10:13:00 +00:00
|
|
|
page = hiddenService + page
|
|
|
|
|
}
|
|
|
|
|
response, err := hps.Client.Get("http://" + page)
|
2016-04-12 06:02:06 +00:00
|
|
|
if err != nil {
|
2016-05-24 10:13:00 +00:00
|
|
|
log.Printf("Error connecting to http://%s %s\n", page, err)
|
2016-05-26 09:44:55 +00:00
|
|
|
return err, nil, -1
|
2016-04-12 06:02:06 +00:00
|
|
|
}
|
|
|
|
|
defer response.Body.Close()
|
|
|
|
|
contents, _ := ioutil.ReadAll(response.Body)
|
2016-05-26 09:44:55 +00:00
|
|
|
return nil, contents, response.StatusCode
|
2016-04-12 06:02:06 +00:00
|
|
|
}
|
