new: syn.scan will now perform basic tcp banner grabbing

2025-08-21 05:53:20 -07:00 · 2019-04-21 15:45:32 +02:00 · 2019-04-21 15:45:32 +02:00 · aea68460c8
commit aea68460c8
parent 5a62546c50
5 changed files with 160 additions and 3 deletions
--- a/modules/syn_scan/http_grabber.go
+++ b/modules/syn_scan/http_grabber.go
@ -0,0 +1,89 @@
+package syn_scan
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"golang.org/x/net/html"
+	"net/http"
+	"strings"
+	"time"
+)
+
+func isTitleElement(n *html.Node) bool {
+	return n.Type == html.ElementNode && strings.ToLower(n.Data) == "title"
+}
+
+func searchForTitle(n *html.Node) string {
+	if isTitleElement(n) {
+		return n.FirstChild.Data
+	}
+
+	for c := n.FirstChild; c != nil; c = c.NextSibling {
+		if result := searchForTitle(c); result != "" {
+			return result
+		}
+	}
+
+	return ""
+}
+
+func httpGrabber(mod *SynScanner, ip string, port int) string {
+	schema := "http"
+	timeout := time.Duration(10 * time.Second)
+	client := &http.Client{
+		Timeout: timeout,
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return nil
+		},
+	}
+
+	if port == 443 || port == 8443 {
+		schema = "https"
+		client = &http.Client{
+			Timeout: timeout,
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: true,
+					VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+						return nil
+					},
+				},
+			},
+			CheckRedirect: func(req *http.Request, via []*http.Request) error {
+				return nil
+			},
+		}
+	}
+
+	url := fmt.Sprintf("%s://%s:%d/", schema, ip, port)
+	resp, err := client.Get(url)
+	if err != nil {
+		mod.Debug("error while grabbing banner from %s: %v", url, err)
+		return ""
+	}
+	defer resp.Body.Close()
+
+	fallback := ""
+	for name, values := range resp.Header {
+		for _, value := range values {
+			header := strings.ToLower(name)
+			if len(value) > len(fallback) && (header == "x-powered-by" || header == "server") {
+				mod.Debug("found header %s for %s:%d -> %s", header, ip, port, value)
+				fallback = value
+			}
+		}
+	}
+
+	doc, err := html.Parse(resp.Body)
+	if err != nil {
+		mod.Debug("error while reading and parsing response from %s: %v", url, err)
+		return fallback
+	}
+
+	if title := searchForTitle(doc); title != "" {
+		return title
+	}
+
+	return fallback
+}