FTP,SMTP,VNC Fingerprints
This commit is contained in:
parent
49095c586a
commit
56c267c66e
|
@ -1,15 +1,15 @@
|
|||
package config
|
||||
|
||||
import ()
|
||||
|
||||
type OnionscanConfig struct {
|
||||
TorProxyAddress string
|
||||
DirectoryDepth int
|
||||
Fingerprint bool
|
||||
}
|
||||
|
||||
func Configure(torProxyAddress string, directoryDepth int) *OnionscanConfig {
|
||||
func Configure(torProxyAddress string, directoryDepth int, fingerprint bool) *OnionscanConfig {
|
||||
onionScan := new(OnionscanConfig)
|
||||
onionScan.TorProxyAddress = torProxyAddress
|
||||
onionScan.DirectoryDepth = directoryDepth
|
||||
onionScan.Fingerprint = fingerprint
|
||||
return onionScan
|
||||
}
|
||||
|
|
12
main.go
12
main.go
|
@ -24,6 +24,7 @@ func main() {
|
|||
jsonReport := flag.Bool("jsonReport", false, "print out a json report providing a detailed report of the scan.")
|
||||
verbose := flag.Bool("verbose", false, "print out a verbose log output of the scan")
|
||||
directoryDepth := flag.Int("depth", 100, "depth of directory scan recursion (default: 100)")
|
||||
fingerprint := flag.Bool("fingerprint", true, "whether to conduct a full scan, or just fingerprint possible ports")
|
||||
|
||||
flag.Parse()
|
||||
|
||||
|
@ -42,13 +43,9 @@ func main() {
|
|||
}
|
||||
|
||||
onionScan := new(OnionScan)
|
||||
onionScan.Config = config.Configure(*torProxyAddress, *directoryDepth)
|
||||
onionScan.Config = config.Configure(*torProxyAddress, *directoryDepth, *fingerprint)
|
||||
scanReport, err := onionScan.Scan(hiddenService)
|
||||
|
||||
if err != nil {
|
||||
log.Fatalf("Error running scanner: %s", err)
|
||||
}
|
||||
|
||||
if *jsonReport {
|
||||
report.GenerateJsonReport(*reportFile, scanReport)
|
||||
}
|
||||
|
@ -56,4 +53,9 @@ func main() {
|
|||
if *simpleReport {
|
||||
report.GenerateSimpleReport(*reportFile, scanReport)
|
||||
}
|
||||
|
||||
if !*jsonReport && err != nil {
|
||||
log.Fatalf("Error running scanner: %s", err)
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -2,11 +2,11 @@ package main
|
|||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/s-rah/onionscan/config"
|
||||
"github.com/s-rah/onionscan/protocol"
|
||||
"github.com/s-rah/onionscan/report"
|
||||
"github.com/s-rah/onionscan/utils"
|
||||
"log"
|
||||
"strings"
|
||||
)
|
||||
|
||||
|
@ -57,8 +57,12 @@ func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error)
|
|||
mdbps := new(protocol.MongoDBProtocolScanner)
|
||||
mdbps.ScanProtocol(hiddenService, os.Config, report)
|
||||
|
||||
//VNC
|
||||
vncps := new(protocol.VNCProtocolScanner)
|
||||
vncps.ScanProtocol(hiddenService, os.Config, report)
|
||||
|
||||
if !report.WebDetected && !report.SSHDetected && !report.RicochetDetected && !report.BitcoinDetected && !report.IRCDetected && !report.FTPDetected && !report.SMTPDetected && !report.MongoDBDetected {
|
||||
fmt.Printf("Unable to connect to this Tor Hidden Service on any known protocol.\n")
|
||||
log.Printf("Unable to connect to this Tor Hidden Service on any known protocol.\n")
|
||||
return nil, errors.New("Unable to connect to this Tor Hidden Service on any known protocol.")
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
package protocol
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"crypto/sha1"
|
||||
"encoding/hex"
|
||||
"github.com/s-rah/onionscan/config"
|
||||
"github.com/s-rah/onionscan/report"
|
||||
"h12.me/socks"
|
||||
|
@ -12,14 +15,22 @@ type FTPProtocolScanner struct {
|
|||
|
||||
func (sps *FTPProtocolScanner) ScanProtocol(hiddenService string, onionscanConfig *config.OnionscanConfig, report *report.OnionScanReport) {
|
||||
// FTP
|
||||
log.Printf("Checking %s FTP(22)\n", hiddenService)
|
||||
_, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":21")
|
||||
log.Printf("Checking %s FTP(21)\n", hiddenService)
|
||||
conn, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":21")
|
||||
if err != nil {
|
||||
log.Printf("Failed to connect to service on port 21\n")
|
||||
report.FTPDetected = false
|
||||
} else {
|
||||
// TODO FTP Checking
|
||||
report.FTPDetected = true
|
||||
reader := bufio.NewReader(conn)
|
||||
banner, err := reader.ReadString('\n')
|
||||
if err == nil {
|
||||
report.FTPBanner = banner
|
||||
hash := sha1.Sum([]byte(banner))
|
||||
report.FTPFingerprint = hex.EncodeToString(hash[:])
|
||||
log.Printf("Found FTP Banner: %s (%s)", banner, report.FTPFingerprint)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -65,11 +65,14 @@ func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, onionscanConf
|
|||
hps.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus)
|
||||
hps.ScanPage(hiddenService, "/", report, scans.StandardPageScan)
|
||||
|
||||
log.Printf("\tScanning Common and Referenced Directories\n")
|
||||
directories := append(CommonDirectories, report.PageReferencedDirectories...)
|
||||
utils.RemoveDuplicates(&directories)
|
||||
for _, directory := range directories {
|
||||
hps.ScanPage(hiddenService, directory, report, scans.CheckDirectoryListing(onionscanConfig.DirectoryDepth))
|
||||
if onionscanConfig.Fingerprint == false {
|
||||
log.Printf("\tScanning Common and Referenced Directories\n")
|
||||
directories := append(CommonDirectories, report.PageReferencedDirectories...)
|
||||
utils.RemoveDuplicates(&directories)
|
||||
|
||||
for _, directory := range directories {
|
||||
hps.ScanPage(hiddenService, directory, report, scans.CheckDirectoryListing(onionscanConfig.DirectoryDepth))
|
||||
}
|
||||
}
|
||||
}
|
||||
log.Printf("\n")
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
package protocol
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"crypto/sha1"
|
||||
"encoding/hex"
|
||||
"github.com/s-rah/onionscan/config"
|
||||
"github.com/s-rah/onionscan/report"
|
||||
"h12.me/socks"
|
||||
|
@ -13,13 +16,21 @@ type SMTPProtocolScanner struct {
|
|||
func (sps *SMTPProtocolScanner) ScanProtocol(hiddenService string, onionscanConfig *config.OnionscanConfig, report *report.OnionScanReport) {
|
||||
// SMTP
|
||||
log.Printf("Checking %s SMTP(25)\n", hiddenService)
|
||||
_, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":25")
|
||||
conn, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":25")
|
||||
if err != nil {
|
||||
log.Printf("Failed to connect to service on port 25\n")
|
||||
report.SMTPDetected = false
|
||||
} else {
|
||||
// TODO SMTP Checking
|
||||
report.SMTPDetected = true
|
||||
reader := bufio.NewReader(conn)
|
||||
banner, err := reader.ReadString('\n')
|
||||
if err == nil {
|
||||
report.SMTPBanner = banner
|
||||
hash := sha1.Sum([]byte(banner))
|
||||
report.SMTPFingerprint = hex.EncodeToString(hash[:])
|
||||
log.Printf("Found SMTP Banner: %s (%s)", banner, report.SMTPFingerprint)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
package protocol
|
||||
|
||||
import (
|
||||
"github.com/s-rah/onionscan/config"
|
||||
"github.com/s-rah/onionscan/report"
|
||||
"h12.me/socks"
|
||||
"log"
|
||||
)
|
||||
|
||||
type VNCProtocolScanner struct {
|
||||
}
|
||||
|
||||
func (vncps *VNCProtocolScanner) ScanProtocol(hiddenService string, onionscanConfig *config.OnionscanConfig, report *report.OnionScanReport) {
|
||||
// MongoDB
|
||||
log.Printf("Checking %s VNC(5900)\n", hiddenService)
|
||||
_, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":5900")
|
||||
if err != nil {
|
||||
log.Printf("Failed to connect to service on port 5900\n")
|
||||
report.VNCDetected = false
|
||||
} else {
|
||||
log.Printf("Detected possible VNC instance\n")
|
||||
// TODO: Actual Analysis
|
||||
report.VNCDetected = true
|
||||
}
|
||||
|
||||
}
|
|
@ -17,36 +17,48 @@ type ExifImage struct {
|
|||
}
|
||||
|
||||
type OnionScanReport struct {
|
||||
HiddenService string `json:"hiddenService"`
|
||||
|
||||
// Summary
|
||||
WebDetected bool `json:"webDetected"`
|
||||
SSHDetected bool `json:"sshDetected"`
|
||||
RicochetDetected bool `json:"ricochetDetected"`
|
||||
IRCDetected bool `json:"ircDetected"`
|
||||
FTPDetected bool `json:"ftpDetected"`
|
||||
SMTPDetected bool `json:"smtpDetected"`
|
||||
BitcoinDetected bool `json:"bitcoinDetected"`
|
||||
MongoDBDetected bool `json:"mongodbDetected"`
|
||||
VNCDetected bool `json:"vncDetected"`
|
||||
|
||||
BitcoinDetected bool `json:"bitcoinDetected"`
|
||||
MongoDBDetected bool `json:"mongodbDetected"`
|
||||
// Web Specific
|
||||
ServerPoweredBy string `json:"serverPoweredBy"`
|
||||
ServerVersion string `json:"serverVersion"`
|
||||
FoundApacheModStatus bool `json:"foundApacheModStatus"`
|
||||
RelatedOnionServices []string `json:"relatedOnionServices"`
|
||||
RelatedClearnetDomains []string `json:"relatedOnionDomains"`
|
||||
LinkedSites []string `json:"linkedSites"`
|
||||
InternalPages []string `json:"internalPages"`
|
||||
IP []string `json:"ipAddresses"`
|
||||
OpenDirectories []string `json:"openDirectories"`
|
||||
ExifImages []ExifImage `json:"exifImages"`
|
||||
InterestingFiles []string `json:"interestingFiles"`
|
||||
PageReferencedDirectories []string `json:"pageReferencedDirectories"`
|
||||
PGPKeys []string `json:"pgpKeys"`
|
||||
Hashes []string `json:"hashes"`
|
||||
Snapshot string `json:"snapshot"`
|
||||
PageTitle string `json:"pageTitle"`
|
||||
ResponseHeaders map[string]string `json:"responseHeaders"`
|
||||
|
||||
HiddenService string `json:"hiddenService"`
|
||||
ServerPoweredBy string `json:"serverPoweredBy"`
|
||||
ServerVersion string `json:"serverVersion"`
|
||||
FoundApacheModStatus bool `json:"foundApacheModStatus"`
|
||||
RelatedOnionServices []string `json:"relatedOnionServices"`
|
||||
RelatedClearnetDomains []string `json:"relatedOnionDomains"`
|
||||
LinkedSites []string `json:"linkedSites"`
|
||||
InternalPages []string `json:"InternalPages"`
|
||||
IP []string `json:"ipAddresses"`
|
||||
OpenDirectories []string `json:"openDirectories"`
|
||||
ExifImages []ExifImage `json:"exifImages"`
|
||||
InterestingFiles []string `json:"interestingFiles"`
|
||||
PageReferencedDirectories []string `json:"pageReferencedDirectories"`
|
||||
PGPKeys []string `json:"pgpKeys"`
|
||||
// SSH
|
||||
SSHKey string `json:"sshKey"`
|
||||
|
||||
Hashes []string `json:"hashes"`
|
||||
SSHKey string `json:"sshKey"`
|
||||
Snapshot string `json:"snapshot"`
|
||||
PageTitle string `json:"pageTitle"`
|
||||
ResponseHeaders map[string]string `json:"responseHeaders"`
|
||||
// FTP
|
||||
FTPFingerprint string `json:"ftpFingerprint"`
|
||||
FTPBanner string `json:"ftpBanner"`
|
||||
|
||||
// SMTP
|
||||
SMTPFingerprint string `json:"smtpFingerprint"`
|
||||
SMTPBanner string `json:"smtpBanner"`
|
||||
}
|
||||
|
||||
func LoadReportFromFile(filename string) (OnionScanReport, error) {
|
||||
|
|
|
@ -79,6 +79,7 @@ func StandardPageScan(scan Scanner, page string, status int, contents string, re
|
|||
}
|
||||
|
||||
log.Printf("\tScanning for CSS Fonts and Background Images\n")
|
||||
utils.RemoveDuplicates(&cssLinks)
|
||||
for _, cssUrl := range cssLinks {
|
||||
log.Printf("\tScanning CSS file: %s\n", cssUrl)
|
||||
_, cssContents, _ := scan.ScrapePage(report.HiddenService, utils.WithoutProtocol(cssUrl))
|
||||
|
@ -87,6 +88,7 @@ func StandardPageScan(scan Scanner, page string, status int, contents string, re
|
|||
|
||||
log.Printf("\tScanning for Links\n")
|
||||
domains = append(domains, utils.ExtractDomains(contents)...)
|
||||
utils.RemoveDuplicates(&domains)
|
||||
for _, domain := range domains {
|
||||
baseUrl, _ := url.Parse(domain)
|
||||
if baseUrl.Host != "" && utils.WithoutSubdomains(baseUrl.Host) != utils.WithoutSubdomains(report.HiddenService) {
|
||||
|
|
Loading…
Reference in New Issue