github/bettercap
1
0
Fork 0
mirror of https://github.com/bettercap/bettercap synced 2025-07-30 11:40:33 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

new: net.probe on uses both NBNS and MDNS queries to fetch endpoints metadata and hostnames

Browse source
This commit is contained in:
evilsocket 2018-09-09 12:35:00 +03:00
parent 36999813c4
commit e2cc4574c4
No known key found for this signature in database
GPG key ID: 1564D7F30393A456
8 changed files with 127 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

36
packets/nbns.go Normal file
View file

@ -0,0 +1,36 @@
package packets
import (
"github.com/bettercap/bettercap/core"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
)
const (
NBNSPort = 137
NBNSMinRespSize = 73
)
var (
// NBNS hostname resolution request buffer.
NBNSRequest = []byte{
0x82, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x20, 0x43, 0x4B, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x0,
0x0, 0x21, 0x0, 0x1,
}
)
func NBNSGetMeta(pkt gopacket.Packet) map[string]string {
if ludp := pkt.Layer(layers.LayerTypeUDP); ludp != nil {
if udp := ludp.(*layers.UDP); udp != nil && udp.SrcPort == NBNSPort && len(udp.Payload) >= NBNSMinRespSize {
return map[string]string{
"nbns:hostname": core.Trim(string(udp.Payload[57:72])),
}
}
}
return nil
}