Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge master into fork #1

Merged
merged 144 commits into from
Aug 25, 2020
Merged

Merge master into fork #1

merged 144 commits into from
Aug 25, 2020

Conversation

mzpqnxow
Copy link
Owner

Add a description of your changes here.

How to Test

Add brief instructions on how to test your changes.

Notes & Caveats

If necessary, explain the motivation for this PR, and note any caveats that apply to your changes or future work that will be needed.

Issue Tracking

Add a link to the relevant GitHub issue(s) if the pull request resolves it.

justinbastress and others added 30 commits July 5, 2018 14:34
…wing SNI to work without an explicit --server-name); Add scanTarget.OpenTLS() to give a uniform interface; Document TLS scan; use target.OpenTLS(), correctly report successful/failed detections
This causes problems when trying to load data into BigQuery if, for example, an entire protocol or subrecord is unpopulated.
* Generate static messages in Scanner Init()
* s/panic/log.Fatal/
* Remove unnecessary casting
* Use stack var and pass slice to avoid unnecessary alloc
* Add error message to invalid BSON log msg
* Use snake case for json output
* Update affect integration tests
add missing 'constraint' field for postgres_error
* Separate out isMaster and buildInfo commands
* Return results of both in separate sub-structs
* Include isMaster results regardless of whether buildInfo succeeds
Fix possible index error on malformed msg
BSON tag is case sensitive - s/isMaster/ismaster
…nd add scan-target-wide timeout to HTTP scanner (adding a max time spent across redirects, too)
Needs to account for OP_REPLY header
MongoDB - fix isMaster message length check.
thegwan and others added 29 commits November 2, 2019 11:51
prevent running key exchange if hello-only flag set
* Add support to HTTP for setting local interface

* Add net import

* use correct flag

* better CLI flag name

* Remove logged `\n`

* Remove extranneous if statement
Commit a38194a added an optional port override as part of the
scan target.  The HTTP and IPP modules, however, still compose
the URL (and select http vs https) by ignoring the override.

This checks for the override, and if present uses the scan target
port.  Otherwise, it falls back to the config port.

#233
This adds a custom resolver, that will always resolve to the specified
ip address.  The intended usage is for when doing name-based scans,
but have a specified IP address as well.  This will provide a resolver
that can be added to a Dialer, that will cause all DNS lookups to match
the specified IP address.
If both an IP address and a domain are specified for a scan, have the
HTTP scanner use a fake resolver in the DialContext, so that we always
scan the intended IP and Domain name pair.

However, make sure redirects still function as normal, so only use our
fake resolver if the domain name matches the original targeted domain
name.

In addition, the custom resolver is only used if the network specified
is one that supports domain names.
Add the ability to use a custom (fake) DNS resolver
this avoids to have \r\n in the error message
Eventually this can be used to replace AddCommand, allowing the use of a
non-global config object.

#247
This abstracts more of the help text into the ScanModule definition,
removing some more of the need for `zgrab2.AddCommand()`

#248
This updates MakeMonitor() to take the channel size as a parameter,
instead of reading it from the global `config` object. Unfortunately,
the caller of MakeMonitor() doesn't actually have access to the global,
since it's in a different package (bin vs the root package). Luckily,
there doesn't appear to be a reason to have a buffer in this channel.
This updates the caller to pass a hardcoded size of 1.
The goroutine running the monitor isn't actually closed. This PR updates
the API to allow that Goroutine to properly block program exit. This can
be leveraged as we continue to make the configuration non-global.
Refactor the output handlers to take the necessary writers as arguments.

#250
The Scanner.config struct is a configuration for all instances of
Scanner.  Scanner.Scan() is called concurrently by multiple worker
goroutines; while Scanner is dereferenced before the call, the config
struct is a pointer, and so modifications to it will affect all other
running scans done with that Scanner.

Make sure we treat it as immutable during anything invoked by
Scanner.Scan() in the http module.

#245
…ed (#253)

If the --max-redirects value is exceeded, we return
SCAN_APPLICATION_ERROR with "Too many redirect" as the error message.

Add an option to suppress this error, and return success even if we
exceed the maximum specified number of redirects.
This allows these steps to be reusable outside of the context of the
grabTarget function.

#256
So that we can advertise a slightly more expansive default set of
signature/hash algorithms in the signature_algorithms extension of
the TLS Client Hello, provide an option to use a pre-defined override.

This also splits up the TLS connection helper in tls.go, so that the
tls.Config can be modified by a scanner module.
http/tls: Add option to override SignatureAndHashes
* Check message and body length in in GetModbusResponse()

* add timeout to waiting when PSQL container to start

#265
The command line option `--implicit-tls` will attempt connecting via
TLS before intiating the FTP handshake.
* telnet module should not return success when it finds something other than telnet

* telnet module should not return success when it finds something other than telnet

* Adds verification step for POP3 banners

* Add validation for IMAP banners & fix some formatting problems

* Verify SMTP banners exist and are successful

* Add check for is_dnp3 flag which seems to be working as expected

* Fix dropping SCAN_APPLICATION_ERROR in IMAP

* Fix dropping SCAN_APPLICATION_ERROR in POP3

* Fix dropping SCAN_APPLICATION_ERROR in SMTP

* Add protocol and blacklist indicators to email protocols

Co-authored-by: Elliot Cubit <elliotcubit@elliots-mbp.lan>
@mzpqnxow mzpqnxow merged commit 8c89205 into mzpqnxow:master Aug 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.