ing

service/matcher/mongodb/mongodb.go

@@ -0,0 +1,114 @@
+package mongodb
+
+import (
+	"bytes"
+	"encoding/binary"
+	"math/rand"
+
+	"git.loafle.net/overflow/overflow_discovery/service/matcher"
+)
+
+const (
+	MONGO_OP_REQUEST uint32 = 2004
+	MONGO_OP_REPLY   uint32 = 1
+	MONGO_FCNAME     string = "admin.$cmd"
+	MONGO_ELEMENT    string = "ismaster"
+)
+
+var MONGO_REQUEST_ID uint32
+
+type mongo struct {
+	MessageLength      uint32
+	RequestId          uint32
+	ResponseTo         uint32
+	OpCode             uint32
+	Flags              uint32
+	FullCollectionName [11]byte
+	NumberToSkip       uint32
+	NumberToReturn     int32
+	DocumentLength     uint32
+	Type_              uint8
+	Element            [9]byte
+	Value              uint8
+	_                  uint8
+}
+
+type MongoDBMatcher struct {
+	matcher.Matchers
+}
+
+func (t *MongoDBMatcher) ServiceName() string {
+	return "MongoDB"
+}
+
+func (t *MongoDBMatcher) IsPrePacket() bool {
+	return false
+}
+
+func (t *MongoDBMatcher) HasResponse(index int) bool {
+	return true
+}
+
+func (t *MongoDBMatcher) IsError(info matcher.MatchInfo, index int, packet *matcher.Packet) bool {
+	return false
+}
+
+func (t *MongoDBMatcher) Match(info matcher.MatchInfo, index int, packet *matcher.Packet) bool {
+
+	if packet == nil {
+		return false
+	}
+
+	reader := new(bytes.Buffer)
+	reader.Write(packet.Buffer)
+
+	m := mongo{}
+	if err := binary.Read(reader, binary.LittleEndian, &m); err != nil {
+		return false
+	}
+
+	if uint32(packet.Len) != m.MessageLength ||
+		m.ResponseTo != MONGO_REQUEST_ID ||
+		m.OpCode != MONGO_OP_REPLY {
+		return false
+	}
+
+	return true
+
+}
+
+func NewMatcher() matcher.Matcher {
+
+	mm := &MongoDBMatcher{}
+
+	tempBuf := new(bytes.Buffer)
+	binary.Write(tempBuf, binary.BigEndian, mongo{})
+
+	var fcn [11]byte
+	copy(fcn[:], MONGO_FCNAME)
+
+	var elem [9]byte
+	copy(elem[:], MONGO_ELEMENT)
+
+	MONGO_REQUEST_ID = rand.Uint32()
+	m := mongo{
+		MessageLength:      uint32(len(tempBuf.Bytes())),
+		RequestId:          MONGO_REQUEST_ID,
+		ResponseTo:         0,
+		OpCode:             MONGO_OP_REQUEST,
+		Flags:              0,
+		FullCollectionName: fcn,
+		NumberToSkip:       0,
+		NumberToReturn:     -1,
+		DocumentLength:     16,
+		Type_:              0x08,
+		Element:            elem,
+		Value:              1,
+	}
+	writer := new(bytes.Buffer)
+	binary.Write(writer, binary.LittleEndian, m)
+
+	mm.AddPacket(matcher.NewPacket(writer.Bytes(), writer.Len()))
+
+	return mm
+}

service/matcher/mongodb/mongodb_test.go

@@ -0,0 +1,56 @@
+package mongodb
+
+import (
+	"crypto/tls"
+	"net"
+	"testing"
+
+	"git.loafle.net/overflow/overflow_discovery/service/matcher"
+)
+
+func TestMongoNor(t *testing.T) {
+
+	conn, _ := net.Dial("tcp", "192.168.1.16:37017")
+
+	defer conn.Close()
+
+	MongoRun(conn, t)
+
+}
+
+func TestMongoTLS(t *testing.T) {
+	conn, _ := tls.Dial(
+		"tcp",
+		"192.168.1.16:47017",
+		&tls.Config{
+			InsecureSkipVerify: true,
+			ServerName:         "192.168.1.16",
+		},
+	)
+
+	defer conn.Close()
+
+	MongoRun(conn, t)
+}
+
+func MongoRun(conn net.Conn, t *testing.T) {
+
+	m := NewMatcher()
+
+	for i := 0; i < m.PacketCount(); i++ {
+
+		pack := m.Packet(i)
+		conn.Write(pack.Buffer)
+		bytes := make([]byte, 1024)
+		n, _ := conn.Read(bytes)
+		p := matcher.NewPacket(bytes, n)
+
+		if m.Match(nil, i, p) {
+			t.Log("MongoDB found")
+			return
+		}
+
+		t.Error("MongoDB not found")
+	}
+
+}