From 58094f810c782d1e16ebbfd0ca55a8bc94afa0f2 Mon Sep 17 00:00:00 2001 From: Dan Ballard Date: Fri, 29 Apr 2016 10:34:05 -0700 Subject: [PATCH] add command line argument limiting directory recursion depth --- main.go | 3 ++- onionscan.go | 6 ++++-- protocol/http_scanner.go | 4 ++-- scans/check_directory_listing.go | 12 ++++++++++-- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/main.go b/main.go index 94cb08e..7a86cd0 100644 --- a/main.go +++ b/main.go @@ -20,6 +20,7 @@ func main() { simpleReport := flag.Bool("simpleReport", true, "print out a simple report detailing what is wrong and how to fix it, true by default") jsonReport := flag.Bool("jsonReport", false, "print out a json report providing a detailed report of the scan.") verbose := flag.Bool("verbose", false, "print out a verbose log output of the scan") + directoryDepth := flag.Int("d", 0, "depth of directory scan recursion (default: 0)") flag.Parse() @@ -37,7 +38,7 @@ func main() { log.SetOutput(ioutil.Discard) } - onionScan := Configure(*torProxyAddress) + onionScan := Configure(*torProxyAddress, *directoryDepth) report, err := onionScan.Scan(hiddenService) if err != nil { diff --git a/onionscan.go b/onionscan.go index 469a396..764d468 100644 --- a/onionscan.go +++ b/onionscan.go @@ -8,11 +8,13 @@ import ( type OnionScan struct { TorProxyAddress string + DirectoryDepth int } -func Configure(torProxyAddress string) *OnionScan { +func Configure(torProxyAddress string, directoryDepth int) *OnionScan { onionScan := new(OnionScan) onionScan.TorProxyAddress = torProxyAddress + onionScan.DirectoryDepth = directoryDepth return onionScan } @@ -32,7 +34,7 @@ func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error) // HTTP hps := new(protocol.HTTPProtocolScanner) - hps.ScanProtocol(hiddenService, os.TorProxyAddress, report) + hps.ScanProtocol(hiddenService, os.TorProxyAddress, os.DirectoryDepth, report) // SSH sps := new(protocol.SSHProtocolScanner) diff --git a/protocol/http_scanner.go b/protocol/http_scanner.go index b026551..d8056f5 100644 --- a/protocol/http_scanner.go +++ b/protocol/http_scanner.go @@ -22,7 +22,7 @@ var ( "/products", "/products/cat"} ) -func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport) { +func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, proxyAddress string, directoryDepth int, report *report.OnionScanReport) { // HTTP log.Printf("Checking %s http(80)\n", hiddenService) @@ -64,7 +64,7 @@ func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, proxyAddress directories := append(CommonDirectories, report.PageReferencedDirectories...) utils.RemoveDuplicates(&directories) for _, directory := range directories { - hps.ScanPage(hiddenService, directory, report, scans.CheckDirectoryListing) + hps.ScanPage(hiddenService, directory, report, scans.CheckDirectoryListing(directoryDepth)) } } log.Printf("\n") diff --git a/scans/check_directory_listing.go b/scans/check_directory_listing.go index 60a530a..98a3d7a 100644 --- a/scans/check_directory_listing.go +++ b/scans/check_directory_listing.go @@ -7,7 +7,13 @@ import ( "strings" ) -func CheckDirectoryListing(scan Scanner, dir string, status int, contents string, report *report.OnionScanReport) { +func CheckDirectoryListing(depth int) func(Scanner, string, int, string, *report.OnionScanReport) { + return func(scan Scanner, dir string, status int, contents string, report *report.OnionScanReport) { + CheckDirectoryListingDepth(scan, dir, status, depth, contents, report) + } +} + +func CheckDirectoryListingDepth(scan Scanner, dir string, status int, depth int, contents string, report *report.OnionScanReport) { if status == 200 && strings.Contains(string(contents), "Index of "+dir) { log.Printf("Detected Open Directory %s...\033[091mAlert!\033[0m\n", dir) @@ -33,7 +39,9 @@ func CheckDirectoryListing(scan Scanner, dir string, status int, contents string for _, file := range subDir { log.Printf("\t Found subdir %s/%s\n", dir, file[1]) //TODO: We can do further analysis here, for now, just report them. - scan.ScanPage(report.HiddenService, dir+"/"+file[1], report, CheckDirectoryListing) + if depth > 0 { + scan.ScanPage(report.HiddenService, dir+"/"+file[1], report, CheckDirectoryListing(depth-1)) + } } } else {