Adding framework for different port scans
This commit is contained in:
parent
ef4611b810
commit
c15840886d
81
onionscan.go
81
onionscan.go
|
@ -7,6 +7,7 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
type OnionScan struct {
|
type OnionScan struct {
|
||||||
|
@ -27,42 +28,64 @@ func Configure(torProxyAddress string) *OnionScan {
|
||||||
|
|
||||||
func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error) {
|
func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error) {
|
||||||
|
|
||||||
report := report.NewOnionScanReport(hiddenService)
|
// Remove Extra Prefix
|
||||||
|
// TODO: Add support for HTTPS?
|
||||||
response, err := os.Client.Get("http://" + hiddenService)
|
if strings.HasPrefix(hiddenService, "http://") {
|
||||||
|
hiddenService = hiddenService[7:]
|
||||||
if err != nil {
|
|
||||||
return report, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initial Attempt at Resolving Server Type
|
if strings.HasSuffix(hiddenService, "/") {
|
||||||
log.Printf("Attempting to Derive Server Type from Headers..\n")
|
hiddenService = hiddenService[0 : len(hiddenService)-1]
|
||||||
report.ServerVersion = response.Header.Get("Server")
|
}
|
||||||
log.Printf("\tServer Version: %s\n", report.ServerVersion)
|
|
||||||
|
|
||||||
// Initial attempt at grabbing X-Powered-By header response
|
report := report.NewOnionScanReport(hiddenService)
|
||||||
log.Printf("Attempting to grab additional header information..\n")
|
|
||||||
report.ServerPoweredBy = response.Header.Get("X-Powered-By")
|
|
||||||
log.Printf("\tX-Powered-By: %s\n", report.ServerPoweredBy)
|
|
||||||
|
|
||||||
// Apache mod-status Check
|
// It's Port Scanning Time.
|
||||||
os.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus)
|
log.Printf("Checking %s ssh(22)\n", hiddenService)
|
||||||
os.ScanPage(hiddenService, "/", report, scans.StandardPageScan)
|
_, err := socks.DialSocksProxy(socks.SOCKS5, os.TorProxyAddress)("", hiddenService+":22")
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Failed to connect to service on port 22\n")
|
||||||
|
} else {
|
||||||
|
// TODO SSH Checking
|
||||||
|
}
|
||||||
|
|
||||||
os.ScanPage(hiddenService, "/style", report, scans.CheckDirectoryListing)
|
log.Printf("Checking %s http(80)\n", hiddenService)
|
||||||
os.ScanPage(hiddenService, "/styles", report, scans.CheckDirectoryListing)
|
// It's Port Scanning Time.
|
||||||
os.ScanPage(hiddenService, "/css", report, scans.CheckDirectoryListing)
|
_, err = socks.DialSocksProxy(socks.SOCKS5, os.TorProxyAddress)("", hiddenService+":80")
|
||||||
os.ScanPage(hiddenService, "/uploads", report, scans.CheckDirectoryListing)
|
if err != nil {
|
||||||
os.ScanPage(hiddenService, "/images", report, scans.CheckDirectoryListing)
|
log.Printf("Failed to connect to service on port 80\n")
|
||||||
os.ScanPage(hiddenService, "/img", report, scans.CheckDirectoryListing)
|
} else {
|
||||||
os.ScanPage(hiddenService, "/static", report, scans.CheckDirectoryListing)
|
// FIXME This should probably be moved to it's own file now.
|
||||||
|
response, err := os.Client.Get("http://" + hiddenService)
|
||||||
|
|
||||||
// Lots of Wordpress installs which don't lock down directory listings
|
if err != nil {
|
||||||
os.ScanPage(hiddenService, "/wp-content/uploads", report, scans.CheckDirectoryListing)
|
return report, err
|
||||||
|
}
|
||||||
|
|
||||||
// Common with torshops created onions
|
// Initial Attempt at Resolving Server Type
|
||||||
os.ScanPage(hiddenService, "/products", report, scans.CheckDirectoryListing)
|
log.Printf("Attempting to Derive Server Type from Headers..\n")
|
||||||
os.ScanPage(hiddenService, "/products/cat", report, scans.CheckDirectoryListing)
|
report.ServerVersion = response.Header.Get("Server")
|
||||||
|
log.Printf("\tServer Version: %s\n", report.ServerVersion)
|
||||||
|
|
||||||
|
// Apache mod-status Check
|
||||||
|
os.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus)
|
||||||
|
os.ScanPage(hiddenService, "/", report, scans.StandardPageScan)
|
||||||
|
|
||||||
|
os.ScanPage(hiddenService, "/style", report, scans.CheckDirectoryListing)
|
||||||
|
os.ScanPage(hiddenService, "/styles", report, scans.CheckDirectoryListing)
|
||||||
|
os.ScanPage(hiddenService, "/css", report, scans.CheckDirectoryListing)
|
||||||
|
os.ScanPage(hiddenService, "/uploads", report, scans.CheckDirectoryListing)
|
||||||
|
os.ScanPage(hiddenService, "/images", report, scans.CheckDirectoryListing)
|
||||||
|
os.ScanPage(hiddenService, "/img", report, scans.CheckDirectoryListing)
|
||||||
|
os.ScanPage(hiddenService, "/static", report, scans.CheckDirectoryListing)
|
||||||
|
|
||||||
|
// Lots of Wordpress installs which don't lock down directory listings
|
||||||
|
os.ScanPage(hiddenService, "/wp-content/uploads", report, scans.CheckDirectoryListing)
|
||||||
|
|
||||||
|
// Common with torshops created onions
|
||||||
|
os.ScanPage(hiddenService, "/products", report, scans.CheckDirectoryListing)
|
||||||
|
os.ScanPage(hiddenService, "/products/cat", report, scans.CheckDirectoryListing)
|
||||||
|
}
|
||||||
|
|
||||||
return report, nil
|
return report, nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue