Adding framework for different port scans

This commit is contained in:
Sarah Jamie Lewis 2016-04-11 22:10:59 -07:00
parent ef4611b810
commit c15840886d
1 changed files with 53 additions and 30 deletions

View File

@ -7,6 +7,7 @@ import (
"io/ioutil" "io/ioutil"
"log" "log"
"net/http" "net/http"
"strings"
) )
type OnionScan struct { type OnionScan struct {
@ -27,42 +28,64 @@ func Configure(torProxyAddress string) *OnionScan {
func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error) { func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error) {
report := report.NewOnionScanReport(hiddenService) // Remove Extra Prefix
// TODO: Add support for HTTPS?
response, err := os.Client.Get("http://" + hiddenService) if strings.HasPrefix(hiddenService, "http://") {
hiddenService = hiddenService[7:]
if err != nil {
return report, err
} }
// Initial Attempt at Resolving Server Type if strings.HasSuffix(hiddenService, "/") {
log.Printf("Attempting to Derive Server Type from Headers..\n") hiddenService = hiddenService[0 : len(hiddenService)-1]
report.ServerVersion = response.Header.Get("Server") }
log.Printf("\tServer Version: %s\n", report.ServerVersion)
// Initial attempt at grabbing X-Powered-By header response report := report.NewOnionScanReport(hiddenService)
log.Printf("Attempting to grab additional header information..\n")
report.ServerPoweredBy = response.Header.Get("X-Powered-By")
log.Printf("\tX-Powered-By: %s\n", report.ServerPoweredBy)
// Apache mod-status Check // It's Port Scanning Time.
os.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus) log.Printf("Checking %s ssh(22)\n", hiddenService)
os.ScanPage(hiddenService, "/", report, scans.StandardPageScan) _, err := socks.DialSocksProxy(socks.SOCKS5, os.TorProxyAddress)("", hiddenService+":22")
if err != nil {
log.Printf("Failed to connect to service on port 22\n")
} else {
// TODO SSH Checking
}
os.ScanPage(hiddenService, "/style", report, scans.CheckDirectoryListing) log.Printf("Checking %s http(80)\n", hiddenService)
os.ScanPage(hiddenService, "/styles", report, scans.CheckDirectoryListing) // It's Port Scanning Time.
os.ScanPage(hiddenService, "/css", report, scans.CheckDirectoryListing) _, err = socks.DialSocksProxy(socks.SOCKS5, os.TorProxyAddress)("", hiddenService+":80")
os.ScanPage(hiddenService, "/uploads", report, scans.CheckDirectoryListing) if err != nil {
os.ScanPage(hiddenService, "/images", report, scans.CheckDirectoryListing) log.Printf("Failed to connect to service on port 80\n")
os.ScanPage(hiddenService, "/img", report, scans.CheckDirectoryListing) } else {
os.ScanPage(hiddenService, "/static", report, scans.CheckDirectoryListing) // FIXME This should probably be moved to it's own file now.
response, err := os.Client.Get("http://" + hiddenService)
// Lots of Wordpress installs which don't lock down directory listings if err != nil {
os.ScanPage(hiddenService, "/wp-content/uploads", report, scans.CheckDirectoryListing) return report, err
}
// Common with torshops created onions // Initial Attempt at Resolving Server Type
os.ScanPage(hiddenService, "/products", report, scans.CheckDirectoryListing) log.Printf("Attempting to Derive Server Type from Headers..\n")
os.ScanPage(hiddenService, "/products/cat", report, scans.CheckDirectoryListing) report.ServerVersion = response.Header.Get("Server")
log.Printf("\tServer Version: %s\n", report.ServerVersion)
// Apache mod-status Check
os.ScanPage(hiddenService, "/server-status", report, scans.ApacheModStatus)
os.ScanPage(hiddenService, "/", report, scans.StandardPageScan)
os.ScanPage(hiddenService, "/style", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/styles", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/css", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/uploads", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/images", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/img", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/static", report, scans.CheckDirectoryListing)
// Lots of Wordpress installs which don't lock down directory listings
os.ScanPage(hiddenService, "/wp-content/uploads", report, scans.CheckDirectoryListing)
// Common with torshops created onions
os.ScanPage(hiddenService, "/products", report, scans.CheckDirectoryListing)
os.ScanPage(hiddenService, "/products/cat", report, scans.CheckDirectoryListing)
}
return report, nil return report, nil
} }