github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-15 01:23:42 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

refact: refactored syn.scan open port log as proper event

Browse source
This commit is contained in:
evilsocket 2018-02-22 21:35:19 +01:00
parent ce76c7258d
commit 42b08db0b0
3 changed files with 38 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/events_view.go
View file

@ -94,6 +94,15 @@ func (s EventsStream) viewSnifferEvent(e session.Event) {
se.Message) se.Message)
} }
func (s EventsStream) viewSynScanEvent(e session.Event) {
se := e.Data.(SynScanEvent)
fmt.Printf("[%s] [%s] Found open port %d for %s\n",
e.Time.Format(eventTimeFormat),
core.Green(e.Tag),
se.Port,
core.Bold(se.Host.IpAddress))
}
func (s *EventsStream) View(e session.Event, refresh bool) { func (s *EventsStream) View(e session.Event, refresh bool) {
if s.filter == "" || strings.Contains(e.Tag, s.filter) { if s.filter == "" || strings.Contains(e.Tag, s.filter) {
if e.Tag == "sys.log" { if e.Tag == "sys.log" {
@ -106,6 +115,8 @@ func (s *EventsStream) View(e session.Event, refresh bool) {
s.viewModuleEvent(e) s.viewModuleEvent(e)
} else if strings.HasPrefix(e.Tag, "net.sniff.") { } else if strings.HasPrefix(e.Tag, "net.sniff.") {
s.viewSnifferEvent(e) s.viewSnifferEvent(e)
} else if strings.HasPrefix(e.Tag, "syn.scan") {
s.viewSynScanEvent(e)
} else { } else {
fmt.Printf("[%s] [%s] %v\n", e.Time.Format(eventTimeFormat), core.Green(e.Tag), e) fmt.Printf("[%s] [%s] %v\n", e.Time.Format(eventTimeFormat), core.Green(e.Tag), e)
} }

8
modules/syn_scan.go
View file

@ -164,11 +164,9 @@ func (s *SynScanner) onPacket(pkt gopacket.Packet) {
if s.inRange(ip.SrcIP) && tcp.DstPort == synSourcePort && tcp.SYN && tcp.ACK { if s.inRange(ip.SrcIP) && tcp.DstPort == synSourcePort && tcp.SYN && tcp.ACK {
from := ip.SrcIP.String() from := ip.SrcIP.String()
port := int(tcp.SrcPort)
log.Info("Found open port %d for %s", tcp.SrcPort, core.Bold(from))
var host *network.Endpoint var host *network.Endpoint
if ip.SrcIP.Equal(s.Session.Interface.IP) { if ip.SrcIP.Equal(s.Session.Interface.IP) {
host = s.Session.Interface host = s.Session.Interface
} else if ip.SrcIP.Equal(s.Session.Gateway.IP) { } else if ip.SrcIP.Equal(s.Session.Gateway.IP) {
@ -179,7 +177,7 @@ func (s *SynScanner) onPacket(pkt gopacket.Packet) {
if host != nil { if host != nil {
sports := strings.Split(host.Meta.Get("tcp-ports").(string), ",") sports := strings.Split(host.Meta.Get("tcp-ports").(string), ",")
ports := []int{int(tcp.SrcPort)} ports := []int{port}
for _, s := range sports { for _, s := range sports {
n, err := strconv.Atoi(s) n, err := strconv.Atoi(s)
@ -195,6 +193,8 @@ func (s *SynScanner) onPacket(pkt gopacket.Packet) {
} }
host.Meta.Set("tcp-ports", strings.Join(list, ",")) host.Meta.Set("tcp-ports", strings.Join(list, ","))
NewSynScanEvent(host, port).Push()
} }
} }
} }

23
modules/syn_scan_event.go Normal file
View file

@ -0,0 +1,23 @@
package modules
import (
"github.com/evilsocket/bettercap-ng/network"
"github.com/evilsocket/bettercap-ng/session"
)
type SynScanEvent struct {
Host *network.Endpoint
Port int
}
func NewSynScanEvent(h *network.Endpoint, port int) SynScanEvent {
return SynScanEvent{
Host: h,
Port: port,
}
}
func (e SynScanEvent) Push() {
session.I.Events.Add("syn.scan", e)
session.I.Refresh()
}