onionscan/scans/apache_mod_status.go

package scans

import (
	"github.com/s-rah/onionscan/report"
	"github.com/s-rah/onionscan/utils"
	"log"
	"regexp"
	"strings"
)

func ApacheModStatus(scan Scanner, page string, status int, contents string, report *report.OnionScanReport) {
	if status == 200 {
		r := regexp.MustCompile(`Server Version: (.*)</dt>`)
		serverVersion := r.FindStringSubmatch(string(contents))

		// Check if this looks like a mod_status page. Sometimes sites simply load their index.
		if len(serverVersion) > 1 {
			log.Printf("Detected Apache mod_status Exposed...\033[091mAlert!\033[0m\n")
			report.FoundApacheModStatus = true

			log.Printf("\t Using mod_status Server Version: %s\n", serverVersion[1])
			report.ServerVersion = serverVersion[1]

			// Check for co-hosted onion services.
			log.Printf("Scanning for Co-Hosted Onions\n")
			r = regexp.MustCompile(`[a-z0-9]+.onion(:[0-9]{0-5})?`)
			foundServices := r.FindAllString(string(contents), -1)
			utils.RemoveDuplicates(&foundServices)
			for _, onion := range foundServices {
				if onion != report.HiddenService {
					log.Printf("\t \033[091mAlert!\033[0m Found Co-Hosted Onions: %s\n", onion)
					report.AddRelatedOnionService(onion)
				}
			}

			// Check for co-hosted onion services.
			log.Printf("Scanning for Co-Hosted Clearnet Domains\n")
			r = regexp.MustCompile(`>(([a-zA-Z]{1})|([a-zA-Z]{1}[a-zA-Z]{1})|([a-zA-Z]{1}[0-9]{1})|([0-9]{1}[a-zA-Z]{1})|([a-zA-Z0-9][a-zA-Z0-9-_]{1,61}[a-zA-Z0-9]))\.([a-zA-Z]{2,6}|[a-zA-Z0-9-]{2,30}\.[a-zA-Z]{2,3})`)
			foundServices = r.FindAllString(string(contents), -1)
			utils.RemoveDuplicates(&foundServices)
			for _, domain := range foundServices {
				if strings.Contains(domain, ".onion") == false {
					log.Printf("\t \033[091mAlert!\033[0m Found Co-Hosted Service: %s\n", domain[1:])
					report.AddRelatedClearnetDomain(domain[4:])
				}
			}

			// Check for IP Addresses
			log.Printf("Scanning for IP Addresses (clearweb clients, and servers)\n")
			r = regexp.MustCompile(`(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)`)
			foundIPs := r.FindAllString(string(contents), -1)
			utils.RemoveDuplicates(&foundIPs)
			for _, ip := range foundIPs {
				if ip != "127.0.0.1" {
					log.Printf("\t \033[091mAlert!\033[0m Found IP Address : %s\n", ip)
					report.AddIPAddress(ip)
				}
			}

		}
	}
	if !report.FoundApacheModStatus {
		log.Printf("\tApache mod_status Not Exposed...\033[92mGood!\033[0m\n")
		report.FoundApacheModStatus = false
	}
}