Refactoring to allow for scans on other ports

This commit is contained in:
Sarah Jamie Lewis 2016-04-11 23:02:06 -07:00
parent c15840886d
commit 8ba57b7618
5 changed files with 140 additions and 66 deletions

View File

@ -1,28 +1,18 @@
package main package main
import ( import (
"github.com/s-rah/onionscan/protocol"
"github.com/s-rah/onionscan/report" "github.com/s-rah/onionscan/report"
"github.com/s-rah/onionscan/scans"
"h12.me/socks"
"io/ioutil"
"log"
"net/http"
"strings" "strings"
) )
type OnionScan struct { type OnionScan struct {
TorProxyAddress string TorProxyAddress string
Client *http.Client
} }
func Configure(torProxyAddress string) *OnionScan { func Configure(torProxyAddress string) *OnionScan {
onionScan := new(OnionScan) onionScan := new(OnionScan)
onionScan.TorProxyAddress = torProxyAddress onionScan.TorProxyAddress = torProxyAddress
dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, onionScan.TorProxyAddress)
transportConfig := &http.Transport{
Dial: dialSocksProxy,
}
onionScan.Client = &http.Client{Transport: transportConfig}
return onionScan return onionScan
} }
@ -40,63 +30,17 @@ func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error)
report := report.NewOnionScanReport(hiddenService) report := report.NewOnionScanReport(hiddenService)
// It's Port Scanning Time. // HTTP
log.Printf("Checking %s ssh(22)\n", hiddenService) hps := new(protocol.HTTPProtocolScanner)
_, err := socks.DialSocksProxy(socks.SOCKS5, os.TorProxyAddress)("", hiddenService+":22") hps.ScanProtocol(hiddenService, os.TorProxyAddress, report)
if err != nil {
log.Printf("Failed to connect to service on port 22\n")
} else {
// TODO SSH Checking
}
log.Printf("Checking %s http(80)\n", hiddenService) // SSH
// It's Port Scanning Time. sps := new(protocol.SSHProtocolScanner)
_, err = socks.DialSocksProxy(socks.SOCKS5, os.TorProxyAddress)("", hiddenService+":80") sps.ScanProtocol(hiddenService, os.TorProxyAddress, report)
if err != nil {
log.Printf("Failed to connect to service on port 80\n")
} else {
// FIXME This should probably be moved to it's own file now.
response, err := os.Client.Get("http://" + hiddenService)
if err != nil { // Ricochet
return report, err rps := new(protocol.RicochetProtocolScanner)
} rps.ScanProtocol(hiddenService, os.TorProxyAddress, report)
// Initial Attempt at Resolving Server Type
log.Printf("Attempting to Derive Server Type from Headers..\n")
report.ServerVersion = response.Header.Get("Server")
log.Printf("\tServer Version: %s\n", report.ServerVersion)
// Apache mod-status Check
os.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus)
os.ScanPage(hiddenService, "/", report, scans.StandardPageScan)
os.ScanPage(hiddenService, "/style", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/styles", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/css", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/uploads", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/images", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/img", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/static", report, scans.CheckDirectoryListing)
// Lots of Wordpress installs which don't lock down directory listings
os.ScanPage(hiddenService, "/wp-content/uploads", report, scans.CheckDirectoryListing)
// Common with torshops created onions
os.ScanPage(hiddenService, "/products", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/products/cat", report, scans.CheckDirectoryListing)
}
return report, nil return report, nil
} }
func (os *OnionScan) ScanPage(hiddenService string, page string, report *report.OnionScanReport, f func(scans.Scanner, string, int, string, *report.OnionScanReport)) {
response, err := os.Client.Get("http://" + hiddenService + page)
if err != nil {
log.Printf("Error connecting to %s%s %s\n", hiddenService, page, err)
return
}
defer response.Body.Close()
contents, _ := ioutil.ReadAll(response.Body)
f(os, page, response.StatusCode, string(contents), report)
}

74
protocol/http_scanner.go Normal file
View File

@ -0,0 +1,74 @@
package protocol
import (
"github.com/s-rah/onionscan/scans"
"github.com/s-rah/onionscan/report"
"net/http"
"io/ioutil"
"h12.me/socks"
"log"
)
type HTTPProtocolScanner struct {
Client *http.Client
}
func (hps * HTTPProtocolScanner) ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport) {
// HTTP
log.Printf("Checking %s http(80)\n", hiddenService)
_, err := socks.DialSocksProxy(socks.SOCKS5, proxyAddress)("", hiddenService+":80")
if err != nil {
log.Printf("Failed to connect to service on port 80\n")
} else {
log.Printf("Found potential service on http(80)\n")
dialSocksProxy := socks.DialSocksProxy(socks.SOCKS5, proxyAddress)
transportConfig := &http.Transport{
Dial: dialSocksProxy,
}
hps.Client = &http.Client{Transport: transportConfig}
// FIXME This should probably be moved to it's own file now.
response, err := hps.Client.Get("http://" + hiddenService)
if err != nil {
log.Printf("Failed to connect to service on port 80\n")
return
}
// Initial Attempt at Resolving Server Type
log.Printf("Attempting to Derive Server Type from Headers..\n")
report.ServerVersion = response.Header.Get("Server")
log.Printf("\tServer Version: %s\n", report.ServerVersion)
// Apache mod-status Check
hps.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus)
hps.ScanPage(hiddenService, "/", report, scans.StandardPageScan)
hps.ScanPage(hiddenService, "/style", report, scans.CheckDirectoryListing)
hps.ScanPage(hiddenService, "/styles", report, scans.CheckDirectoryListing)
hps.ScanPage(hiddenService, "/css", report, scans.CheckDirectoryListing)
hps.ScanPage(hiddenService, "/uploads", report, scans.CheckDirectoryListing)
hps.ScanPage(hiddenService, "/images", report, scans.CheckDirectoryListing)
hps.ScanPage(hiddenService, "/img", report, scans.CheckDirectoryListing)
hps.ScanPage(hiddenService, "/static", report, scans.CheckDirectoryListing)
// Lots of Wordpress installs which don't lock down directory listings
hps.ScanPage(hiddenService, "/wp-content/uploads", report, scans.CheckDirectoryListing)
// Common with torshops created onions
hps.ScanPage(hiddenService, "/products", report, scans.CheckDirectoryListing)
hps.ScanPage(hiddenService, "/products/cat", report, scans.CheckDirectoryListing)
}
log.Printf("\n")
}
func (hps * HTTPProtocolScanner) ScanPage(hiddenService string, page string, report *report.OnionScanReport, f func(scans.Scanner, string, int, string, *report.OnionScanReport)) {
response, err := hps.Client.Get("http://" + hiddenService + page)
if err != nil {
log.Printf("Error connecting to %s%s %s\n", hiddenService, page, err)
return
}
defer response.Body.Close()
contents, _ := ioutil.ReadAll(response.Body)
f(hps, page, response.StatusCode, string(contents), report)
}

View File

@ -0,0 +1,9 @@
package protocol
import (
"github.com/s-rah/onionscan/report"
)
type ProtocolScanner interface {
ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport)
}

View File

@ -0,0 +1,24 @@
package protocol
import (
"github.com/s-rah/onionscan/report"
"h12.me/socks"
"log"
)
type RicochetProtocolScanner struct {
}
func (rps *RicochetProtocolScanner) ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport) {
// Ricochet
log.Printf("Checking %s ricochet(9878)\n", hiddenService)
_, err := socks.DialSocksProxy(socks.SOCKS5, proxyAddress)("", hiddenService+":9878")
if err != nil {
log.Printf("Failed to connect to service on port 9878\n")
} else {
log.Printf("Detected possible ricochet instance\n")
// TODO: Actual Analysis
}
}

23
protocol/ssh_scanner.go Normal file
View File

@ -0,0 +1,23 @@
package protocol
import (
"github.com/s-rah/onionscan/report"
"h12.me/socks"
"log"
)
type SSHProtocolScanner struct {
}
func (sps *SSHProtocolScanner) ScanProtocol(hiddenService string, proxyAddress string, report *report.OnionScanReport) {
// SSH
log.Printf("Checking %s ssh(22)\n", hiddenService)
_, err := socks.DialSocksProxy(socks.SOCKS5, proxyAddress)("", hiddenService+":22")
if err != nil {
log.Printf("Failed to connect to service on port 22\n")
} else {
// TODO SSH Checking
}
}