diff --git a/onionscan.go b/onionscan.go index a87de92..f32c0fa 100644 --- a/onionscan.go +++ b/onionscan.go @@ -1,28 +1,18 @@ package main import ( + "github.com/s-rah/onionscan/protocol" "github.com/s-rah/onionscan/report" - "github.com/s-rah/onionscan/scans" - "h12.me/socks" - "io/ioutil" - "log" - "net/http" "strings" ) type OnionScan struct { TorProxyAddress string - Client *http.Client } func Configure(torProxyAddress string) *OnionScan { onionScan := new(OnionScan) onionScan.TorProxyAddress = torProxyAddress - dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, onionScan.TorProxyAddress) - transportConfig := &http.Transport{ - Dial: dialSocksProxy, - } - onionScan.Client = &http.Client{Transport: transportConfig} return onionScan } @@ -40,63 +30,17 @@ func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error) report := report.NewOnionScanReport(hiddenService) - // It's Port Scanning Time. - log.Printf("Checking %s ssh(22)\n", hiddenService) - _, err := socks.DialSocksProxy(socks.SOCKS5, os.TorProxyAddress)("", hiddenService+":22") - if err != nil { - log.Printf("Failed to connect to service on port 22\n") - } else { - // TODO SSH Checking - } + // HTTP + hps := new(protocol.HTTPProtocolScanner) + hps.ScanProtocol(hiddenService, os.TorProxyAddress, report) - log.Printf("Checking %s http(80)\n", hiddenService) - // It's Port Scanning Time. - _, err = socks.DialSocksProxy(socks.SOCKS5, os.TorProxyAddress)("", hiddenService+":80") - if err != nil { - log.Printf("Failed to connect to service on port 80\n") - } else { - // FIXME This should probably be moved to it's own file now. - response, err := os.Client.Get("http://" + hiddenService) + // SSH + sps := new(protocol.SSHProtocolScanner) + sps.ScanProtocol(hiddenService, os.TorProxyAddress, report) - if err != nil { - return report, err - } - - // Initial Attempt at Resolving Server Type - log.Printf("Attempting to Derive Server Type from Headers..\n") - report.ServerVersion = response.Header.Get("Server") - log.Printf("\tServer Version: %s\n", report.ServerVersion) - - // Apache mod-status Check - os.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus) - os.ScanPage(hiddenService, "/", report, scans.StandardPageScan) - - os.ScanPage(hiddenService, "/style", report, scans.CheckDirectoryListing) - os.ScanPage(hiddenService, "/styles", report, scans.CheckDirectoryListing) - os.ScanPage(hiddenService, "/css", report, scans.CheckDirectoryListing) - os.ScanPage(hiddenService, "/uploads", report, scans.CheckDirectoryListing) - os.ScanPage(hiddenService, "/images", report, scans.CheckDirectoryListing) - os.ScanPage(hiddenService, "/img", report, scans.CheckDirectoryListing) - os.ScanPage(hiddenService, "/static", report, scans.CheckDirectoryListing) - - // Lots of Wordpress installs which don't lock down directory listings - os.ScanPage(hiddenService, "/wp-content/uploads", report, scans.CheckDirectoryListing) - - // Common with torshops created onions - os.ScanPage(hiddenService, "/products", report, scans.CheckDirectoryListing) - os.ScanPage(hiddenService, "/products/cat", report, scans.CheckDirectoryListing) - } + // Ricochet + rps := new(protocol.RicochetProtocolScanner) + rps.ScanProtocol(hiddenService, os.TorProxyAddress, report) return report, nil } - -func (os *OnionScan) ScanPage(hiddenService string, page string, report *report.OnionScanReport, f func(scans.Scanner, string, int, string, *report.OnionScanReport)) { - response, err := os.Client.Get("http://" + hiddenService + page) - if err != nil { - log.Printf("Error connecting to %s%s %s\n", hiddenService, page, err) - return - } - defer response.Body.Close() - contents, _ := ioutil.ReadAll(response.Body) - f(os, page, response.StatusCode, string(contents), report) -} diff --git a/protocol/http_scanner.go b/protocol/http_scanner.go new file mode 100644 index 0000000..df1a496 --- /dev/null +++ b/protocol/http_scanner.go @@ -0,0 +1,74 @@ +package protocol + +import ( + "github.com/s-rah/onionscan/scans" + "github.com/s-rah/onionscan/report" + "net/http" + "io/ioutil" + "h12.me/socks" + "log" +) + +type HTTPProtocolScanner struct { + Client *http.Client +} + +func (hps * HTTPProtocolScanner) ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport) { + + // HTTP + log.Printf("Checking %s http(80)\n", hiddenService) + _, err := socks.DialSocksProxy(socks.SOCKS5, proxyAddress)("", hiddenService+":80") + if err != nil { + log.Printf("Failed to connect to service on port 80\n") + } else { + log.Printf("Found potential service on http(80)\n") + dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, proxyAddress) + transportConfig := &http.Transport{ + Dial: dialSocksProxy, + } + hps.Client = &http.Client{Transport: transportConfig} + // FIXME This should probably be moved to it's own file now. + response, err := hps.Client.Get("http://" + hiddenService) + + if err != nil { + log.Printf("Failed to connect to service on port 80\n") + return + } + + // Initial Attempt at Resolving Server Type + log.Printf("Attempting to Derive Server Type from Headers..\n") + report.ServerVersion = response.Header.Get("Server") + log.Printf("\tServer Version: %s\n", report.ServerVersion) + + // Apache mod-status Check + hps.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus) + hps.ScanPage(hiddenService, "/", report, scans.StandardPageScan) + + hps.ScanPage(hiddenService, "/style", report, scans.CheckDirectoryListing) + hps.ScanPage(hiddenService, "/styles", report, scans.CheckDirectoryListing) + hps.ScanPage(hiddenService, "/css", report, scans.CheckDirectoryListing) + hps.ScanPage(hiddenService, "/uploads", report, scans.CheckDirectoryListing) + hps.ScanPage(hiddenService, "/images", report, scans.CheckDirectoryListing) + hps.ScanPage(hiddenService, "/img", report, scans.CheckDirectoryListing) + hps.ScanPage(hiddenService, "/static", report, scans.CheckDirectoryListing) + + // Lots of Wordpress installs which don't lock down directory listings + hps.ScanPage(hiddenService, "/wp-content/uploads", report, scans.CheckDirectoryListing) + + // Common with torshops created onions + hps.ScanPage(hiddenService, "/products", report, scans.CheckDirectoryListing) + hps.ScanPage(hiddenService, "/products/cat", report, scans.CheckDirectoryListing) + } + log.Printf("\n") +} + +func (hps * HTTPProtocolScanner) ScanPage(hiddenService string, page string, report *report.OnionScanReport, f func(scans.Scanner, string, int, string, *report.OnionScanReport)) { + response, err := hps.Client.Get("http://" + hiddenService + page) + if err != nil { + log.Printf("Error connecting to %s%s %s\n", hiddenService, page, err) + return + } + defer response.Body.Close() + contents, _ := ioutil.ReadAll(response.Body) + f(hps, page, response.StatusCode, string(contents), report) +} diff --git a/protocol/protocol_scanner.go b/protocol/protocol_scanner.go new file mode 100644 index 0000000..133352b --- /dev/null +++ b/protocol/protocol_scanner.go @@ -0,0 +1,9 @@ +package protocol + +import ( + "github.com/s-rah/onionscan/report" +) + +type ProtocolScanner interface { + ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport) +} diff --git a/protocol/ricochet_scanner.go b/protocol/ricochet_scanner.go new file mode 100644 index 0000000..1949d9a --- /dev/null +++ b/protocol/ricochet_scanner.go @@ -0,0 +1,24 @@ +package protocol + +import ( + "github.com/s-rah/onionscan/report" + "h12.me/socks" + "log" +) + +type RicochetProtocolScanner struct { + +} + +func (rps *RicochetProtocolScanner) ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport) { + // Ricochet + log.Printf("Checking %s ricochet(9878)\n", hiddenService) + _, err := socks.DialSocksProxy(socks.SOCKS5, proxyAddress)("", hiddenService+":9878") + if err != nil { + log.Printf("Failed to connect to service on port 9878\n") + } else { + log.Printf("Detected possible ricochet instance\n") + // TODO: Actual Analysis + } + +} diff --git a/protocol/ssh_scanner.go b/protocol/ssh_scanner.go new file mode 100644 index 0000000..c4fb140 --- /dev/null +++ b/protocol/ssh_scanner.go @@ -0,0 +1,23 @@ +package protocol + +import ( + "github.com/s-rah/onionscan/report" + "h12.me/socks" + "log" +) + +type SSHProtocolScanner struct { + +} + +func (sps *SSHProtocolScanner) ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport) { + // SSH + log.Printf("Checking %s ssh(22)\n", hiddenService) + _, err := socks.DialSocksProxy(socks.SOCKS5, proxyAddress)("", hiddenService+":22") + if err != nil { + log.Printf("Failed to connect to service on port 22\n") + } else { + // TODO SSH Checking + } + +}