Adding TLS Scanning
This commit adds support for scanning tls endpoints (:443) and extracts all the certificate data to report for further analysis
This commit is contained in:
parent
872555c1df
commit
76ffa74b5d
3
main.go
3
main.go
|
@ -90,7 +90,10 @@ func main() {
|
|||
onionScan.Config.LogError(errors.New(scanReport.HiddenService + " timed out"))
|
||||
}
|
||||
|
||||
file := *reportFile
|
||||
if file != "" {
|
||||
file := scanReport.HiddenService + "." + *reportFile
|
||||
}
|
||||
|
||||
if *jsonReport {
|
||||
report.GenerateJsonReport(file, scanReport)
|
||||
|
|
|
@ -18,6 +18,10 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport) {
|
|||
case "web":
|
||||
wps := new(protocol.HTTPProtocolScanner)
|
||||
wps.ScanProtocol(report.HiddenService, os.Config, report)
|
||||
report.NextAction = "tls"
|
||||
case "tls":
|
||||
tps := new(protocol.TLSProtocolScanner)
|
||||
tps.ScanProtocol(report.HiddenService, os.Config, report)
|
||||
report.NextAction = "ssh"
|
||||
case "ssh":
|
||||
sps := new(protocol.SSHProtocolScanner)
|
||||
|
|
|
@ -21,7 +21,6 @@ func (sps *FTPProtocolScanner) ScanProtocol(hiddenService string, osc *config.On
|
|||
osc.LogInfo("Failed to connect to service on port 21\n")
|
||||
report.FTPDetected = false
|
||||
} else {
|
||||
// TODO FTP Checking
|
||||
report.FTPDetected = true
|
||||
reader := bufio.NewReader(conn)
|
||||
banner, err := reader.ReadString('\n')
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"strings"
|
||||
"crypto/tls"
|
||||
)
|
||||
|
||||
type HTTPProtocolScanner struct {
|
||||
|
@ -40,8 +41,12 @@ func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, osc *config.O
|
|||
dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, osc.TorProxyAddress)
|
||||
transportConfig := &http.Transport{
|
||||
Dial: dialSocksProxy,
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
}
|
||||
hps.Client = &http.Client{
|
||||
Transport: transportConfig,
|
||||
|
||||
}
|
||||
hps.Client = &http.Client{Transport: transportConfig}
|
||||
// FIXME This should probably be moved to it's own file now.
|
||||
response, err := hps.Client.Get("http://" + hiddenService)
|
||||
if err == nil {
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
package protocol
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"github.com/s-rah/onionscan/config"
|
||||
"github.com/s-rah/onionscan/report"
|
||||
"github.com/s-rah/onionscan/utils"
|
||||
)
|
||||
|
||||
type TLSProtocolScanner struct {
|
||||
}
|
||||
|
||||
func (sps *TLSProtocolScanner) ScanProtocol(hiddenService string, osc *config.OnionscanConfig, report *report.OnionScanReport) {
|
||||
osc.LogInfo(fmt.Sprintf("Checking %s TLS(443)\n", hiddenService))
|
||||
conn, err := utils.GetNetworkConnection(hiddenService, 443, osc.TorProxyAddress, osc.Timeout)
|
||||
if err != nil {
|
||||
osc.LogInfo("Failed to connect to service on port 443\n")
|
||||
report.TLSDetected = false
|
||||
} else {
|
||||
osc.LogInfo("Found TLS Endpoint\n")
|
||||
report.TLSDetected = true
|
||||
config := &tls.Config{
|
||||
InsecureSkipVerify:true,
|
||||
}
|
||||
tlsConn := tls.Client(conn, config)
|
||||
tlsConn.Write([]byte("GET / HTTP/1.1\r\n\r\n"))
|
||||
for _, certificate := range tlsConn.ConnectionState().PeerCertificates {
|
||||
osc.LogInfo(fmt.Sprintf("Found Certificate %v \n", certificate))
|
||||
report.Certificates = append(report.Certificates, *certificate)
|
||||
}
|
||||
tlsConn.Close()
|
||||
}
|
||||
conn.Close()
|
||||
}
|
|
@ -5,6 +5,7 @@ import (
|
|||
"github.com/s-rah/onionscan/utils"
|
||||
"io/ioutil"
|
||||
"time"
|
||||
"crypto/x509"
|
||||
)
|
||||
|
||||
type ExifTag struct {
|
||||
|
@ -29,6 +30,7 @@ type OnionScanReport struct {
|
|||
|
||||
// Summary
|
||||
WebDetected bool `json:"webDetected"`
|
||||
TLSDetected bool `json:"tlsDetected"`
|
||||
SSHDetected bool `json:"sshDetected"`
|
||||
RicochetDetected bool `json:"ricochetDetected"`
|
||||
IRCDetected bool `json:"ircDetected"`
|
||||
|
@ -60,6 +62,9 @@ type OnionScanReport struct {
|
|||
PageTitle string `json:"pageTitle"`
|
||||
ResponseHeaders map[string]string `json:"responseHeaders"`
|
||||
|
||||
// TLS
|
||||
Certificates []x509.Certificate `json:"certificates"`
|
||||
|
||||
//Bitcoin
|
||||
BitcoinAddresses []string `json:"bitcoinAddresses"`
|
||||
|
||||
|
|
Loading…
Reference in New Issue