new: syn.scan will now perform basic tcp banner grabbing

2025-08-21 05:53:20 -07:00 · 2019-04-21 15:45:32 +02:00 · 2019-04-21 15:45:32 +02:00 · aea68460c8
commit aea68460c8
parent 5a62546c50
5 changed files with 160 additions and 3 deletions
--- a/modules/syn_scan/banner_grabbing.go
+++ b/modules/syn_scan/banner_grabbing.go
@ -0,0 +1,41 @@
+package syn_scan
+
+import (
+	"github.com/bettercap/bettercap/network"
+
+	"github.com/evilsocket/islazy/async"
+)
+
+type bannerGrabberFn func(mod *SynScanner, ip string, port int) string
+
+type grabberJob struct {
+	Host *network.Endpoint
+	Port *OpenPort
+}
+
+var tcpBannerGrabbers = map[int]bannerGrabberFn{
+	80:   httpGrabber,
+	8080: httpGrabber,
+	443:  httpGrabber,
+	8443: httpGrabber,
+}
+
+func (mod *SynScanner) bannerGrabber(arg async.Job) {
+	job := arg.(grabberJob)
+	if job.Port.Proto != "tcp" {
+		return
+	}
+
+	ip := job.Host.IpAddress
+	port := job.Port.Port
+	fn, found := tcpBannerGrabbers[port]
+	if !found {
+		fn = tcpGrabber
+	}
+
+	mod.Debug("grabbing banner for %s:%d", ip, port)
+	job.Port.Banner = fn(mod, ip, port)
+	if job.Port.Banner != "" {
+		mod.Info("found banner for %s:%d -> %s", ip, port, job.Port.Banner)
+	}
+}