2018-08-13 07:48:32 +00:00
|
|
|
package ssh
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bufio"
|
|
|
|
"bytes"
|
|
|
|
"strings"
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
osm "git.loafle.net/overflow/service_matcher-go"
|
2018-08-13 07:48:32 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type SSHMatcher struct {
|
2018-08-15 07:17:18 +00:00
|
|
|
osm.Matchers
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
2018-10-23 04:31:25 +00:00
|
|
|
func (m *SSHMatcher) Key(matchCtx *osm.MatchCtx) string {
|
2018-08-13 07:48:32 +00:00
|
|
|
return "SSH"
|
|
|
|
}
|
|
|
|
|
2018-10-23 04:31:25 +00:00
|
|
|
func (m *SSHMatcher) Type(matchCtx *osm.MatchCtx) string {
|
2018-09-12 04:26:27 +00:00
|
|
|
return "NETWORK"
|
|
|
|
}
|
|
|
|
|
2018-09-13 08:31:11 +00:00
|
|
|
func (m *SSHMatcher) Vendor(matchCtx *osm.MatchCtx) string {
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *SSHMatcher) Version(matchCtx *osm.MatchCtx) string {
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *SSHMatcher) OsType(matchCtx *osm.MatchCtx) string {
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *SSHMatcher) OsVersion(matchCtx *osm.MatchCtx) string {
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SSHMatcher) Name(matchCtx *osm.MatchCtx) string {
|
2018-08-13 07:48:32 +00:00
|
|
|
name := "SSH"
|
2018-09-03 13:36:57 +00:00
|
|
|
if v, ok := matchCtx.GetAttribute("softwareversion"); ok {
|
2018-09-03 13:52:01 +00:00
|
|
|
name = name + " (" + v + ")"
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
return name
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:41:28 +00:00
|
|
|
func (m *SSHMatcher) IsPrePacket() bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SSHMatcher) HasResponse(matchCtx *osm.MatchCtx, index int) bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SSHMatcher) IsError(matchCtx *osm.MatchCtx, index int, packet *osm.Packet) bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SSHMatcher) Match(matchCtx *osm.MatchCtx, index int, packet *osm.Packet) error {
|
2018-08-13 07:48:32 +00:00
|
|
|
|
2018-09-03 06:42:56 +00:00
|
|
|
if packet == nil || !packet.Valid() {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NoPacketReceivedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// SSH-protoversion-softwareversion SP comments CR LF
|
|
|
|
// e.g. ) SSH-2.0-OpenSSH_7.5p1 Ubuntu-10ubuntu0.1\n
|
2018-09-03 07:23:25 +00:00
|
|
|
scanner := bufio.NewScanner(bytes.NewReader(packet.Buffer))
|
2018-08-13 07:48:32 +00:00
|
|
|
for scanner.Scan() {
|
|
|
|
exchange := scanner.Text()
|
|
|
|
|
|
|
|
if !strings.HasPrefix(exchange, "SSH") {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
temp := strings.Split(exchange, " ")
|
|
|
|
versions := strings.Split(temp[0], "-")
|
|
|
|
|
|
|
|
protoversion := versions[1]
|
|
|
|
softwareversion := versions[2]
|
|
|
|
|
|
|
|
if strings.HasPrefix(protoversion, "1") || strings.HasPrefix(protoversion, "2") {
|
2018-09-03 13:36:57 +00:00
|
|
|
matchCtx.SetAttribute("protoversion", protoversion)
|
|
|
|
matchCtx.SetAttribute("softwareversion", softwareversion)
|
2018-08-13 07:48:32 +00:00
|
|
|
|
|
|
|
if len(temp) > 1 {
|
2018-09-03 13:36:57 +00:00
|
|
|
matchCtx.SetAttribute("comments", temp[1])
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
func NewMatcher() osm.Matcher {
|
2018-08-13 07:48:32 +00:00
|
|
|
m := &SSHMatcher{}
|
2018-09-03 13:36:57 +00:00
|
|
|
|
2018-08-13 07:48:32 +00:00
|
|
|
return m
|
|
|
|
}
|