FTP,SMTP,VNC Fingerprints

This commit is contained in:
Sarah Jamie Lewis 2016-06-05 11:54:01 -07:00
parent 49095c586a
commit 56c267c66e
9 changed files with 110 additions and 39 deletions

View File

@ -1,15 +1,15 @@
package config
import ()
type OnionscanConfig struct {
TorProxyAddress string
DirectoryDepth int
Fingerprint bool
}
func Configure(torProxyAddress string, directoryDepth int) *OnionscanConfig {
func Configure(torProxyAddress string, directoryDepth int, fingerprint bool) *OnionscanConfig {
onionScan := new(OnionscanConfig)
onionScan.TorProxyAddress = torProxyAddress
onionScan.DirectoryDepth = directoryDepth
onionScan.Fingerprint = fingerprint
return onionScan
}

12
main.go
View File

@ -24,6 +24,7 @@ func main() {
jsonReport := flag.Bool("jsonReport", false, "print out a json report providing a detailed report of the scan.")
verbose := flag.Bool("verbose", false, "print out a verbose log output of the scan")
directoryDepth := flag.Int("depth", 100, "depth of directory scan recursion (default: 100)")
fingerprint := flag.Bool("fingerprint", true, "whether to conduct a full scan, or just fingerprint possible ports")
flag.Parse()
@ -42,13 +43,9 @@ func main() {
}
onionScan := new(OnionScan)
onionScan.Config = config.Configure(*torProxyAddress, *directoryDepth)
onionScan.Config = config.Configure(*torProxyAddress, *directoryDepth, *fingerprint)
scanReport, err := onionScan.Scan(hiddenService)
if err != nil {
log.Fatalf("Error running scanner: %s", err)
}
if *jsonReport {
report.GenerateJsonReport(*reportFile, scanReport)
}
@ -56,4 +53,9 @@ func main() {
if *simpleReport {
report.GenerateSimpleReport(*reportFile, scanReport)
}
if !*jsonReport && err != nil {
log.Fatalf("Error running scanner: %s", err)
}
}

View File

@ -2,11 +2,11 @@ package main
import (
"errors"
"fmt"
"github.com/s-rah/onionscan/config"
"github.com/s-rah/onionscan/protocol"
"github.com/s-rah/onionscan/report"
"github.com/s-rah/onionscan/utils"
"log"
"strings"
)
@ -57,8 +57,12 @@ func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error)
mdbps := new(protocol.MongoDBProtocolScanner)
mdbps.ScanProtocol(hiddenService, os.Config, report)
//VNC
vncps := new(protocol.VNCProtocolScanner)
vncps.ScanProtocol(hiddenService, os.Config, report)
if !report.WebDetected && !report.SSHDetected && !report.RicochetDetected && !report.BitcoinDetected && !report.IRCDetected && !report.FTPDetected && !report.SMTPDetected && !report.MongoDBDetected {
fmt.Printf("Unable to connect to this Tor Hidden Service on any known protocol.\n")
log.Printf("Unable to connect to this Tor Hidden Service on any known protocol.\n")
return nil, errors.New("Unable to connect to this Tor Hidden Service on any known protocol.")
}

View File

@ -1,6 +1,9 @@
package protocol
import (
"bufio"
"crypto/sha1"
"encoding/hex"
"github.com/s-rah/onionscan/config"
"github.com/s-rah/onionscan/report"
"h12.me/socks"
@ -12,14 +15,22 @@ type FTPProtocolScanner struct {
func (sps *FTPProtocolScanner) ScanProtocol(hiddenService string, onionscanConfig *config.OnionscanConfig, report *report.OnionScanReport) {
// FTP
log.Printf("Checking %s FTP(22)\n", hiddenService)
_, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":21")
log.Printf("Checking %s FTP(21)\n", hiddenService)
conn, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":21")
if err != nil {
log.Printf("Failed to connect to service on port 21\n")
report.FTPDetected = false
} else {
// TODO FTP Checking
report.FTPDetected = true
reader := bufio.NewReader(conn)
banner, err := reader.ReadString('\n')
if err == nil {
report.FTPBanner = banner
hash := sha1.Sum([]byte(banner))
report.FTPFingerprint = hex.EncodeToString(hash[:])
log.Printf("Found FTP Banner: %s (%s)", banner, report.FTPFingerprint)
}
}
}

View File

@ -65,13 +65,16 @@ func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, onionscanConf
hps.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus)
hps.ScanPage(hiddenService, "/", report, scans.StandardPageScan)
if onionscanConfig.Fingerprint == false {
log.Printf("\tScanning Common and Referenced Directories\n")
directories := append(CommonDirectories, report.PageReferencedDirectories...)
utils.RemoveDuplicates(&directories)
for _, directory := range directories {
hps.ScanPage(hiddenService, directory, report, scans.CheckDirectoryListing(onionscanConfig.DirectoryDepth))
}
}
}
log.Printf("\n")
}

View File

@ -1,6 +1,9 @@
package protocol
import (
"bufio"
"crypto/sha1"
"encoding/hex"
"github.com/s-rah/onionscan/config"
"github.com/s-rah/onionscan/report"
"h12.me/socks"
@ -13,13 +16,21 @@ type SMTPProtocolScanner struct {
func (sps *SMTPProtocolScanner) ScanProtocol(hiddenService string, onionscanConfig *config.OnionscanConfig, report *report.OnionScanReport) {
// SMTP
log.Printf("Checking %s SMTP(25)\n", hiddenService)
_, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":25")
conn, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":25")
if err != nil {
log.Printf("Failed to connect to service on port 25\n")
report.SMTPDetected = false
} else {
// TODO SMTP Checking
report.SMTPDetected = true
reader := bufio.NewReader(conn)
banner, err := reader.ReadString('\n')
if err == nil {
report.SMTPBanner = banner
hash := sha1.Sum([]byte(banner))
report.SMTPFingerprint = hex.EncodeToString(hash[:])
log.Printf("Found SMTP Banner: %s (%s)", banner, report.SMTPFingerprint)
}
}
}

26
protocol/vnc_scanner.go Normal file
View File

@ -0,0 +1,26 @@
package protocol
import (
"github.com/s-rah/onionscan/config"
"github.com/s-rah/onionscan/report"
"h12.me/socks"
"log"
)
type VNCProtocolScanner struct {
}
func (vncps *VNCProtocolScanner) ScanProtocol(hiddenService string, onionscanConfig *config.OnionscanConfig, report *report.OnionScanReport) {
// MongoDB
log.Printf("Checking %s VNC(5900)\n", hiddenService)
_, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":5900")
if err != nil {
log.Printf("Failed to connect to service on port 5900\n")
report.VNCDetected = false
} else {
log.Printf("Detected possible VNC instance\n")
// TODO: Actual Analysis
report.VNCDetected = true
}
}

View File

@ -17,36 +17,48 @@ type ExifImage struct {
}
type OnionScanReport struct {
HiddenService string `json:"hiddenService"`
// Summary
WebDetected bool `json:"webDetected"`
SSHDetected bool `json:"sshDetected"`
RicochetDetected bool `json:"ricochetDetected"`
IRCDetected bool `json:"ircDetected"`
FTPDetected bool `json:"ftpDetected"`
SMTPDetected bool `json:"smtpDetected"`
BitcoinDetected bool `json:"bitcoinDetected"`
MongoDBDetected bool `json:"mongodbDetected"`
VNCDetected bool `json:"vncDetected"`
HiddenService string `json:"hiddenService"`
// Web Specific
ServerPoweredBy string `json:"serverPoweredBy"`
ServerVersion string `json:"serverVersion"`
FoundApacheModStatus bool `json:"foundApacheModStatus"`
RelatedOnionServices []string `json:"relatedOnionServices"`
RelatedClearnetDomains []string `json:"relatedOnionDomains"`
LinkedSites []string `json:"linkedSites"`
InternalPages []string `json:"InternalPages"`
InternalPages []string `json:"internalPages"`
IP []string `json:"ipAddresses"`
OpenDirectories []string `json:"openDirectories"`
ExifImages []ExifImage `json:"exifImages"`
InterestingFiles []string `json:"interestingFiles"`
PageReferencedDirectories []string `json:"pageReferencedDirectories"`
PGPKeys []string `json:"pgpKeys"`
Hashes []string `json:"hashes"`
SSHKey string `json:"sshKey"`
Snapshot string `json:"snapshot"`
PageTitle string `json:"pageTitle"`
ResponseHeaders map[string]string `json:"responseHeaders"`
// SSH
SSHKey string `json:"sshKey"`
// FTP
FTPFingerprint string `json:"ftpFingerprint"`
FTPBanner string `json:"ftpBanner"`
// SMTP
SMTPFingerprint string `json:"smtpFingerprint"`
SMTPBanner string `json:"smtpBanner"`
}
func LoadReportFromFile(filename string) (OnionScanReport, error) {

View File

@ -79,6 +79,7 @@ func StandardPageScan(scan Scanner, page string, status int, contents string, re
}
log.Printf("\tScanning for CSS Fonts and Background Images\n")
utils.RemoveDuplicates(&cssLinks)
for _, cssUrl := range cssLinks {
log.Printf("\tScanning CSS file: %s\n", cssUrl)
_, cssContents, _ := scan.ScrapePage(report.HiddenService, utils.WithoutProtocol(cssUrl))
@ -87,6 +88,7 @@ func StandardPageScan(scan Scanner, page string, status int, contents string, re
log.Printf("\tScanning for Links\n")
domains = append(domains, utils.ExtractDomains(contents)...)
utils.RemoveDuplicates(&domains)
for _, domain := range domains {
baseUrl, _ := url.Parse(domain)
if baseUrl.Host != "" && utils.WithoutSubdomains(baseUrl.Host) != utils.WithoutSubdomains(report.HiddenService) {