Skip to content

Commit

Permalink
Add TCP probe in output file (XML, greppable)
Browse files Browse the repository at this point in the history
  • Loading branch information
you committed Jun 7, 2024
1 parent 2d0a256 commit a9af461
Show file tree
Hide file tree
Showing 30 changed files with 235 additions and 43 deletions.
4 changes: 4 additions & 0 deletions src/in-binary.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,6 +325,7 @@ parse_banner6(struct Output *out, unsigned char *buf, size_t length,
record.port,
record.app_proto, /* HTTP, SSL, SNMP, etc. */
record.ttl, /* ttl */
NULL, 0,
buf+offset, (unsigned)(length-offset)
);
}
Expand Down Expand Up @@ -364,6 +365,7 @@ parse_banner3(struct Output *out, unsigned char *buf, size_t buf_length)
record.port,
record.app_proto,
0, /* ttl */
NULL, 0,
buf+12, (unsigned)buf_length-12
);
}
Expand Down Expand Up @@ -404,6 +406,7 @@ parse_banner4(struct Output *out, unsigned char *buf, size_t buf_length)
record.port,
record.app_proto, /* HTTP, SSL, SNMP, etc. */
0, /* ttl */
NULL, 0,
buf+13, (unsigned)buf_length-13
);
}
Expand Down Expand Up @@ -462,6 +465,7 @@ parse_banner9(struct Output *out, unsigned char *buf, size_t buf_length,
record.port,
record.app_proto, /* HTTP, SSL, SNMP, etc. */
record.ttl, /* ttl */
NULL, 0,
data, (unsigned)data_length
);
}
Expand Down
14 changes: 14 additions & 0 deletions src/main-conf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2345,6 +2345,19 @@ static int SET_debug_tcp(struct Masscan *masscan, const char *name, const char *
}


static int SET_output_probes(struct Masscan *masscan, const char *name, const char *value)
{
UNUSEDPARM(name);
if (masscan->echo) {
if (masscan->is_output_probes || masscan->echo_all)
fprintf(masscan->echo, "output-probes = %s\n", masscan->is_output_probes?"true":"false");
return 0;
}
masscan->is_output_probes = parseBoolean(value);
return CONF_OK;
}



struct ConfigParameter {
const char *name;
Expand Down Expand Up @@ -2395,6 +2408,7 @@ struct ConfigParameter config_parameters[] = {
{"output-noshow", SET_output_noshow, 0, {"noshow",0}},
{"output-show-open",SET_output_show_open, F_BOOL, {"open", "open-only", 0}},
{"output-append", SET_output_append, 0, {"append-output",0}},
{"output-probes", SET_output_probes, F_BOOL, {0}},
{"rotate", SET_rotate_time, 0, {"output-rotate", "rotate-output", "rotate-time", 0}},
{"rotate-dir", SET_rotate_directory, 0, {"output-rotate-dir", "rotate-directory", 0}},
{"rotate-offset", SET_rotate_offset, 0, {"output-rotate-offset", 0}},
Expand Down
1 change: 1 addition & 0 deletions src/masscan.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,7 @@ struct Masscan
unsigned is_hello_http:1; /* --hello=http, use HTTP on all ports */
unsigned is_scripting:1; /* whether scripting is needed */
unsigned is_capture_servername:1; /* --capture servername */
unsigned is_output_probes:1; /* --output-probes */

/** Packet template options, such as whether we should add a TCP MSS
* value, or remove it from the packet */
Expand Down
4 changes: 3 additions & 1 deletion src/out-binary.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,7 @@ static void
binary_out_banner_ipv6(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto, unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
unsigned char foo[32768];
Expand Down Expand Up @@ -294,6 +295,7 @@ static void
binary_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto, unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
unsigned char foo[32768];
Expand All @@ -302,7 +304,7 @@ binary_out_banner(struct Output *out, FILE *fp, time_t timestamp,
static const unsigned HeaderLength = 14;

if (ip.version == 6) {
binary_out_banner_ipv6(out, fp, timestamp, ip, ip_proto, port, proto, ttl, px, length);
binary_out_banner_ipv6(out, fp, timestamp, ip, ip_proto, port, proto, ttl, probe, probe_length, px, length);
return;
}

Expand Down
3 changes: 3 additions & 0 deletions src/out-certs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ cert_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto,
unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
unsigned i;
Expand All @@ -63,6 +64,8 @@ cert_out_banner(struct Output *out, FILE *fp, time_t timestamp,
UNUSEDPARM(ttl);
UNUSEDPARM(proto);
UNUSEDPARM(port);
UNUSEDPARM(probe);
UNUSEDPARM(probe_length);

if (length > 5 && memcmp(px, "cert:", 5) == 0) {
px += 5;
Expand Down
8 changes: 8 additions & 0 deletions src/out-grepable.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,9 +179,11 @@ static void
grepable_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto, unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
char banner_buffer[MAX_BANNER_LENGTH];
char probe_buffer[MAX_PROBE_LENGTH];
ipaddress_formatted_t fmt;

UNUSEDPARM(ttl);
Expand All @@ -195,6 +197,12 @@ grepable_out_banner(struct Output *out, FILE *fp, time_t timestamp,

fprintf(fp, "\tService: %s", masscan_app_to_string(proto));

if (out->masscan->is_output_probes) {
normalize_string(probe, probe_length, probe_buffer, sizeof(probe_buffer));

fprintf(fp, "\tProbe: %s\n", probe_buffer);
}

normalize_string(px, length, banner_buffer, sizeof(banner_buffer));

fprintf(fp, "\tBanner: %s\n", banner_buffer);
Expand Down
3 changes: 3 additions & 0 deletions src/out-hostonly.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ static void
hostonly_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto, unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{ /* SYN only - no banner */
ipaddress_formatted_t fmt = ipaddress_fmt(ip);
Expand All @@ -57,6 +58,8 @@ hostonly_out_banner(struct Output *out, FILE *fp, time_t timestamp,
UNUSEDPARM(ip);
UNUSEDPARM(ip_proto);
UNUSEDPARM(proto);
UNUSEDPARM(probe);
UNUSEDPARM(probe_length);
UNUSEDPARM(px);
UNUSEDPARM(length);
fprintf(fp, "%s\n", fmt.string);
Expand Down
26 changes: 19 additions & 7 deletions src/out-json.c
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "output.h"
#include "masscan.h"
#include "masscan-app.h"
#include "masscan-status.h"
#include "util-safefunc.h"
Expand Down Expand Up @@ -103,6 +104,7 @@ json_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto,
unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
char banner_buffer[65536];
Expand All @@ -121,13 +123,23 @@ json_out_banner(struct Output *out, FILE *fp, time_t timestamp,
fprintf(fp, "{ ");
fmt = ipaddress_fmt(ip);
fprintf(fp, " \"ip\": \"%s\", ", fmt.string);
fprintf(fp, " \"timestamp\": \"%d\", \"ports\": [ {\"port\": %u, \"proto\": \"%s\", \"service\": {\"name\": \"%s\", \"banner\": \"%s\"} } ] ",
(int) timestamp,
port,
name_from_ip_proto(ip_proto),
masscan_app_to_string(proto),
normalize_json_string(px, length, banner_buffer, sizeof(banner_buffer))
);
if (out->masscan->is_output_probes)
fprintf(fp, " \"timestamp\": \"%d\", \"ports\": [ {\"port\": %u, \"proto\": \"%s\", \"service\": {\"name\": \"%s\", \"probe\": \"%s\", \"banner\": \"%s\"} } ] ",
(int) timestamp,
port,
name_from_ip_proto(ip_proto),
masscan_app_to_string(proto),
normalize_json_string(probe, probe_length, banner_buffer, sizeof(banner_buffer)),
normalize_json_string(px, length, banner_buffer, sizeof(banner_buffer))
);
else
fprintf(fp, " \"timestamp\": \"%d\", \"ports\": [ {\"port\": %u, \"proto\": \"%s\", \"service\": {\"name\": \"%s\", \"banner\": \"%s\"} } ] ",
(int) timestamp,
port,
name_from_ip_proto(ip_proto),
masscan_app_to_string(proto),
normalize_json_string(px, length, banner_buffer, sizeof(banner_buffer))
);
fprintf(fp, "}\n");

UNUSEDPARM(out);
Expand Down
26 changes: 19 additions & 7 deletions src/out-ndjson.c
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "output.h"
#include "masscan.h"
#include "masscan-app.h"
#include "masscan-status.h"
#include "util-safefunc.h"
Expand Down Expand Up @@ -99,6 +100,7 @@ ndjson_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto,
unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
char banner_buffer[65536];
Expand All @@ -110,13 +112,23 @@ ndjson_out_banner(struct Output *out, FILE *fp, time_t timestamp,
fprintf(fp, "{");
fmt = ipaddress_fmt(ip);
fprintf(fp, "\"ip\":\"%s\",", fmt.string);
fprintf(fp, "\"timestamp\":\"%d\",\"port\":%u,\"proto\":\"%s\",\"rec_type\":\"banner\",\"data\":{\"service_name\":\"%s\",\"banner\":\"%s\"}",
(int) timestamp,
port,
name_from_ip_proto(ip_proto),
masscan_app_to_string(proto),
normalize_ndjson_string(px, length, banner_buffer, sizeof(banner_buffer))
);
if (out->masscan->is_output_probes)
fprintf(fp, "\"timestamp\":\"%d\",\"port\":%u,\"proto\":\"%s\",\"rec_type\":\"banner\",\"data\":{\"service_name\":\"%s\", \"probe\": \"%s\", \"banner\":\"%s\"}",
(int) timestamp,
port,
name_from_ip_proto(ip_proto),
masscan_app_to_string(proto),
normalize_ndjson_string(probe, probe_length, banner_buffer, sizeof(banner_buffer)),
normalize_ndjson_string(px, length, banner_buffer, sizeof(banner_buffer))
);
else
fprintf(fp, "\"timestamp\":\"%d\",\"port\":%u,\"proto\":\"%s\",\"rec_type\":\"banner\",\"data\":{\"service_name\":\"%s\", \"banner\":\"%s\"}",
(int) timestamp,
port,
name_from_ip_proto(ip_proto),
masscan_app_to_string(proto),
normalize_ndjson_string(px, length, banner_buffer, sizeof(banner_buffer))
);
// fprintf(fp, "\"timestamp\":\"%d\",\"ports\":[{\"port\":%u,\"proto\":\"%s\",\"service\":{\"name\":\"%s\",\"banner\":\"%s\"}}]",
// (int) timestamp,
// port,
Expand Down
3 changes: 3 additions & 0 deletions src/out-null.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ static void
null_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto, unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
UNUSEDPARM(ttl);
Expand All @@ -65,6 +66,8 @@ null_out_banner(struct Output *out, FILE *fp, time_t timestamp,
UNUSEDPARM(ip_proto);
UNUSEDPARM(port);
UNUSEDPARM(proto);
UNUSEDPARM(probe);
UNUSEDPARM(probe_length);
UNUSEDPARM(px);
UNUSEDPARM(length);

Expand Down
3 changes: 3 additions & 0 deletions src/out-redis.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@ static void
redis_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto, unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
UNUSEDPARM(ttl);
Expand All @@ -331,6 +332,8 @@ redis_out_banner(struct Output *out, FILE *fp, time_t timestamp,
UNUSEDPARM(ip_proto);
UNUSEDPARM(port);
UNUSEDPARM(proto);
UNUSEDPARM(probe);
UNUSEDPARM(probe_length);
UNUSEDPARM(px);
UNUSEDPARM(length);

Expand Down
33 changes: 24 additions & 9 deletions src/out-text.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,24 +52,39 @@ static void
text_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto, unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{
char banner_buffer[MAX_BANNER_LENGTH];
char probe_buffer[MAX_PROBE_LENGTH];
ipaddress_formatted_t fmt = ipaddress_fmt(ip);


UNUSEDPARM(out);
UNUSEDPARM(ttl);

fprintf(fp, "%s %s %u %s %u %s %s\n",
"banner",
name_from_ip_proto(ip_proto),
port,
fmt.string,
(unsigned)timestamp,
masscan_app_to_string(proto),
normalize_string(px, length, banner_buffer, sizeof(banner_buffer))
);
if (out->masscan->is_output_probes)
fprintf(fp, "%s %s %u %s %u %s %s %s\n",
"banner",
name_from_ip_proto(ip_proto),
port,
fmt.string,
(unsigned)timestamp,
masscan_app_to_string(proto),
normalize_string(probe, probe_length, probe_buffer, sizeof(probe_buffer)),
normalize_string(px, length, banner_buffer, sizeof(banner_buffer))
);
else
fprintf(fp, "%s %s %u %s %u %s %s\n",
"banner",
name_from_ip_proto(ip_proto),
port,
fmt.string,
(unsigned)timestamp,
masscan_app_to_string(proto),
normalize_string(px, length, banner_buffer, sizeof(banner_buffer))
);

}


Expand Down
3 changes: 3 additions & 0 deletions src/out-unicornscan.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ static void
unicornscan_out_banner(struct Output *out, FILE *fp, time_t timestamp,
ipaddress ip, unsigned ip_proto, unsigned port,
enum ApplicationProtocol proto, unsigned ttl,
const unsigned char *probe, unsigned probe_length,
const unsigned char *px, unsigned length)
{ /* SYN only - no banner */
UNUSEDPARM(out);
Expand All @@ -72,6 +73,8 @@ unicornscan_out_banner(struct Output *out, FILE *fp, time_t timestamp,
UNUSEDPARM(ip);
UNUSEDPARM(ip_proto);
UNUSEDPARM(proto);
UNUSEDPARM(probe);
UNUSEDPARM(probe_length);
UNUSEDPARM(px);
UNUSEDPARM(length);

Expand Down
Loading

0 comments on commit a9af461

Please sign in to comment.