service_matcher-go/ssh/ssh.go
crusader 704ba5cc5d ing
2018-09-03 16:23:25 +09:00

86 lines
1.6 KiB
Go

package ssh
import (
"bufio"
"bytes"
"strings"
osm "git.loafle.net/overflow/service_matcher-go"
)
type SSHMatcher struct {
osm.Matchers
meta osm.Metadata
}
func (ssh *SSHMatcher) Key() string {
return "SSH"
}
func (ssh *SSHMatcher) Name() string {
name := "SSH"
if v, ok := ssh.meta["softwareversion"]; ok {
name = name + " (" + v + ")"
}
return name
}
func (ssh *SSHMatcher) Meta() osm.Metadata {
return ssh.meta
}
func (ssh *SSHMatcher) IsPrePacket() bool {
return true
}
func (ssh *SSHMatcher) HasResponse(index int) bool {
return true
}
func (ssh *SSHMatcher) IsError(info osm.MatchInfo, index int, packet *osm.Packet) bool {
return false
}
func (ssh *SSHMatcher) Match(info osm.MatchInfo, index int, packet *osm.Packet) error {
if packet == nil || !packet.Valid() {
return osm.NoPacketReceivedError()
}
// SSH-protoversion-softwareversion SP comments CR LF
// e.g. ) SSH-2.0-OpenSSH_7.5p1 Ubuntu-10ubuntu0.1\n
scanner := bufio.NewScanner(bytes.NewReader(packet.Buffer))
for scanner.Scan() {
exchange := scanner.Text()
if !strings.HasPrefix(exchange, "SSH") {
return osm.NotMatchedError()
}
temp := strings.Split(exchange, " ")
versions := strings.Split(temp[0], "-")
protoversion := versions[1]
softwareversion := versions[2]
if strings.HasPrefix(protoversion, "1") || strings.HasPrefix(protoversion, "2") {
ssh.meta["protoversion"] = protoversion
ssh.meta["softwareversion"] = softwareversion
if len(temp) > 1 {
ssh.meta["comments"] = temp[1]
}
return nil
}
break
}
return osm.NotMatchedError()
}
func NewMatcher() osm.Matcher {
m := &SSHMatcher{}
m.meta = osm.NewMetadata()
return m
}