Adding TLS Scanning

This commit adds support for scanning tls endpoints (:443)
and extracts all the certificate data to report for further analysis
This commit is contained in:
Sarah Jamie Lewis 2016-07-31 11:30:53 -07:00
parent 872555c1df
commit 76ffa74b5d
6 changed files with 54 additions and 3 deletions

View File

@ -90,7 +90,10 @@ func main() {
onionScan.Config.LogError(errors.New(scanReport.HiddenService + " timed out")) onionScan.Config.LogError(errors.New(scanReport.HiddenService + " timed out"))
} }
file := *reportFile
if file != "" {
file := scanReport.HiddenService + "." + *reportFile file := scanReport.HiddenService + "." + *reportFile
}
if *jsonReport { if *jsonReport {
report.GenerateJsonReport(file, scanReport) report.GenerateJsonReport(file, scanReport)

View File

@ -18,6 +18,10 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport) {
case "web": case "web":
wps := new(protocol.HTTPProtocolScanner) wps := new(protocol.HTTPProtocolScanner)
wps.ScanProtocol(report.HiddenService, os.Config, report) wps.ScanProtocol(report.HiddenService, os.Config, report)
report.NextAction = "tls"
case "tls":
tps := new(protocol.TLSProtocolScanner)
tps.ScanProtocol(report.HiddenService, os.Config, report)
report.NextAction = "ssh" report.NextAction = "ssh"
case "ssh": case "ssh":
sps := new(protocol.SSHProtocolScanner) sps := new(protocol.SSHProtocolScanner)

View File

@ -21,7 +21,6 @@ func (sps *FTPProtocolScanner) ScanProtocol(hiddenService string, osc *config.On
osc.LogInfo("Failed to connect to service on port 21\n") osc.LogInfo("Failed to connect to service on port 21\n")
report.FTPDetected = false report.FTPDetected = false
} else { } else {
// TODO FTP Checking
report.FTPDetected = true report.FTPDetected = true
reader := bufio.NewReader(conn) reader := bufio.NewReader(conn)
banner, err := reader.ReadString('\n') banner, err := reader.ReadString('\n')

View File

@ -10,6 +10,7 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"strings" "strings"
"crypto/tls"
) )
type HTTPProtocolScanner struct { type HTTPProtocolScanner struct {
@ -40,8 +41,12 @@ func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, osc *config.O
dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, osc.TorProxyAddress) dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, osc.TorProxyAddress)
transportConfig := &http.Transport{ transportConfig := &http.Transport{
Dial: dialSocksProxy, Dial: dialSocksProxy,
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
hps.Client = &http.Client{
Transport: transportConfig,
} }
hps.Client = &http.Client{Transport: transportConfig}
// FIXME This should probably be moved to it's own file now. // FIXME This should probably be moved to it's own file now.
response, err := hps.Client.Get("http://" + hiddenService) response, err := hps.Client.Get("http://" + hiddenService)
if err == nil { if err == nil {

35
protocol/tls_scanner.go Normal file
View File

@ -0,0 +1,35 @@
package protocol
import (
"crypto/tls"
"fmt"
"github.com/s-rah/onionscan/config"
"github.com/s-rah/onionscan/report"
"github.com/s-rah/onionscan/utils"
)
type TLSProtocolScanner struct {
}
func (sps *TLSProtocolScanner) ScanProtocol(hiddenService string, osc *config.OnionscanConfig, report *report.OnionScanReport) {
osc.LogInfo(fmt.Sprintf("Checking %s TLS(443)\n", hiddenService))
conn, err := utils.GetNetworkConnection(hiddenService, 443, osc.TorProxyAddress, osc.Timeout)
if err != nil {
osc.LogInfo("Failed to connect to service on port 443\n")
report.TLSDetected = false
} else {
osc.LogInfo("Found TLS Endpoint\n")
report.TLSDetected = true
config := &tls.Config{
InsecureSkipVerify:true,
}
tlsConn := tls.Client(conn, config)
tlsConn.Write([]byte("GET / HTTP/1.1\r\n\r\n"))
for _, certificate := range tlsConn.ConnectionState().PeerCertificates {
osc.LogInfo(fmt.Sprintf("Found Certificate %v \n", certificate))
report.Certificates = append(report.Certificates, *certificate)
}
tlsConn.Close()
}
conn.Close()
}

View File

@ -5,6 +5,7 @@ import (
"github.com/s-rah/onionscan/utils" "github.com/s-rah/onionscan/utils"
"io/ioutil" "io/ioutil"
"time" "time"
"crypto/x509"
) )
type ExifTag struct { type ExifTag struct {
@ -29,6 +30,7 @@ type OnionScanReport struct {
// Summary // Summary
WebDetected bool `json:"webDetected"` WebDetected bool `json:"webDetected"`
TLSDetected bool `json:"tlsDetected"`
SSHDetected bool `json:"sshDetected"` SSHDetected bool `json:"sshDetected"`
RicochetDetected bool `json:"ricochetDetected"` RicochetDetected bool `json:"ricochetDetected"`
IRCDetected bool `json:"ircDetected"` IRCDetected bool `json:"ircDetected"`
@ -60,6 +62,9 @@ type OnionScanReport struct {
PageTitle string `json:"pageTitle"` PageTitle string `json:"pageTitle"`
ResponseHeaders map[string]string `json:"responseHeaders"` ResponseHeaders map[string]string `json:"responseHeaders"`
// TLS
Certificates []x509.Certificate `json:"certificates"`
//Bitcoin //Bitcoin
BitcoinAddresses []string `json:"bitcoinAddresses"` BitcoinAddresses []string `json:"bitcoinAddresses"`