From 46be2aa395eee3564cefc13b5acb060f5a2e3022 Mon Sep 17 00:00:00 2001 From: crusader Date: Tue, 21 Nov 2017 21:52:45 +0900 Subject: [PATCH] ing --- .../activedirectory/activedirectory_test.go | 4 +- .../match}/cassandra/cassandra_test.go | 6 +- .../service/match}/dns/dns_test.go | 4 +- .../service/match}/ftp/ftp_test.go | 6 +- .../service/match}/http/http_test.go | 4 +- .../service/match}/http/https_test.go | 4 +- .../service/match}/imap/imap_test.go | 12 +- .../service/match}/mongodb/mongodb_test.go | 4 +- .../service/match}/mssql/mssql_test.go | 4 +- .../service/match}/mysql/mysql_test.go | 6 +- .../service/match}/netbios/netbios_test.go | 4 +- .../service/match}/oracle/oracle_test.go | 4 +- .../service/match}/pgsql/pgsql_test.go | 6 +- .../service/match}/pop/pop_test.go | 6 +- .../match/redis/redisProtected_test.go | 33 +++ .../service/match}/redis/redis_test.go | 4 +- .../service/match}/rmi/rmi_test.go | 4 +- .../service/match}/smb/smb_test.go | 4 +- .../service/match}/snmp/snmpv2_test.go | 4 +- .../service/match}/snmp/snmpv3_test.go | 4 +- .../service/match}/ssh/ssh_test.go | 4 +- .../service/match}/telnet/telnet_test.go | 4 +- .../service/match}/wmi/wmi_test.go | 4 +- matcher/dhcp/dhcp.go | 190 ------------- matcher/ftp/ftp.go | 142 ---------- matcher/imap/imap.go | 87 ------ matcher/ldap/ldap.go | 198 -------------- matcher/ldap/ldap_test.go | 115 -------- matcher/mongodb/mongodb.go | 122 --------- matcher/mssql/mssql.go | 173 ------------ matcher/mysql/mysql.go | 151 ----------- matcher/netbios/netbios.go | 109 -------- matcher/oracle/oracle.go | 191 ------------- matcher/pgsql/pgsql.go | 182 ------------- matcher/pop/pop.go | 73 ----- matcher/redis/redis.go | 76 ------ matcher/redis/redisProtected.go | 78 ------ matcher/rmi/rmi.go | 111 -------- matcher/smb/smb.go | 161 ----------- matcher/smtp/smtp.go | 71 ----- matcher/ssh/ssh.go | 66 ----- matcher/telnet/telnet.go | 79 ------ matcher/wmi/wmi.go | 250 ------------------ .../activedirectory/activedirectory_test.go | 79 ++++++ service/match/cassandra/cassandra_test.go | 73 +++++ service/match/dns/dns_test.go | 33 +++ service/match/ftp/ftp_test.go | 234 ++++++++++++++++ service/match/http/http_test.go | 49 ++++ service/match/http/https_test.go | 55 ++++ service/match/imap/imap_test.go | 153 +++++++++++ service/match/mongodb/mongodb_test.go | 54 ++++ service/match/mssql/mssql_test.go | 63 +++++ service/match/mysql/mysql_test.go | 71 +++++ service/match/netbios/netbios_test.go | 34 +++ service/match/oracle/oracle_test.go | 53 ++++ service/match/pgsql/pgsql_test.go | 70 +++++ service/match/pop/pop_test.go | 86 ++++++ service/match/redis/redisProtected_test.go | 33 +++ service/match/redis/redis_test.go | 37 +++ service/match/rmi/rmi_test.go | 52 ++++ service/match/smb/smb_test.go | 42 +++ service/match/snmp/snmpv2_test.go | 37 +++ service/match/snmp/snmpv3_test.go | 37 +++ service/match/ssh/ssh_test.go | 35 +++ service/match/telnet/telnet_test.go | 33 +++ service/match/wmi/wmi_test.go | 51 ++++ service/matcher/oracle/oracle_test.go | 4 +- service/matcher/pgsql/pgsql_test.go | 6 +- service/matcher/pop/pop_test.go | 6 +- service/matcher/redis/redis_test.go | 9 +- service/matcher/rmi/rmi_test.go | 4 +- service/matcher/smb/smb_test.go | 9 +- service/matcher/ssh/ssh_test.go | 4 +- service/matcher/telnet/telnet_test.go | 4 +- service/matcher/wmi/wmi_test.go | 4 +- 75 files changed, 1576 insertions(+), 2702 deletions(-) rename {matcher => discovery/service/match}/activedirectory/activedirectory_test.go (89%) rename {matcher => discovery/service/match}/cassandra/cassandra_test.go (88%) rename {matcher => discovery/service/match}/dns/dns_test.go (82%) rename {matcher => discovery/service/match}/ftp/ftp_test.go (96%) rename {matcher => discovery/service/match}/http/http_test.go (87%) rename {matcher => discovery/service/match}/http/https_test.go (86%) rename {matcher => discovery/service/match}/imap/imap_test.go (86%) rename {matcher => discovery/service/match}/mongodb/mongodb_test.go (88%) rename {matcher => discovery/service/match}/mssql/mssql_test.go (90%) rename {matcher => discovery/service/match}/mysql/mysql_test.go (88%) rename {matcher => discovery/service/match}/netbios/netbios_test.go (81%) rename {matcher => discovery/service/match}/oracle/oracle_test.go (84%) rename {matcher => discovery/service/match}/pgsql/pgsql_test.go (88%) rename {matcher => discovery/service/match}/pop/pop_test.go (86%) create mode 100644 discovery/service/match/redis/redisProtected_test.go rename {matcher => discovery/service/match}/redis/redis_test.go (82%) rename {matcher => discovery/service/match}/rmi/rmi_test.go (87%) rename {matcher => discovery/service/match}/smb/smb_test.go (83%) rename {matcher => discovery/service/match}/snmp/snmpv2_test.go (82%) rename {matcher => discovery/service/match}/snmp/snmpv3_test.go (82%) rename {matcher => discovery/service/match}/ssh/ssh_test.go (82%) rename {matcher => discovery/service/match}/telnet/telnet_test.go (78%) rename {matcher => discovery/service/match}/wmi/wmi_test.go (87%) delete mode 100644 matcher/dhcp/dhcp.go delete mode 100644 matcher/ftp/ftp.go delete mode 100644 matcher/imap/imap.go delete mode 100644 matcher/ldap/ldap.go delete mode 100644 matcher/ldap/ldap_test.go delete mode 100644 matcher/mongodb/mongodb.go delete mode 100644 matcher/mssql/mssql.go delete mode 100644 matcher/mysql/mysql.go delete mode 100644 matcher/netbios/netbios.go delete mode 100644 matcher/oracle/oracle.go delete mode 100644 matcher/pgsql/pgsql.go delete mode 100644 matcher/pop/pop.go delete mode 100644 matcher/redis/redis.go delete mode 100644 matcher/redis/redisProtected.go delete mode 100644 matcher/rmi/rmi.go delete mode 100644 matcher/smb/smb.go delete mode 100644 matcher/smtp/smtp.go delete mode 100644 matcher/ssh/ssh.go delete mode 100644 matcher/telnet/telnet.go delete mode 100644 matcher/wmi/wmi.go create mode 100644 service/match/activedirectory/activedirectory_test.go create mode 100644 service/match/cassandra/cassandra_test.go create mode 100644 service/match/dns/dns_test.go create mode 100644 service/match/ftp/ftp_test.go create mode 100644 service/match/http/http_test.go create mode 100644 service/match/http/https_test.go create mode 100644 service/match/imap/imap_test.go create mode 100644 service/match/mongodb/mongodb_test.go create mode 100644 service/match/mssql/mssql_test.go create mode 100644 service/match/mysql/mysql_test.go create mode 100644 service/match/netbios/netbios_test.go create mode 100644 service/match/oracle/oracle_test.go create mode 100644 service/match/pgsql/pgsql_test.go create mode 100644 service/match/pop/pop_test.go create mode 100644 service/match/redis/redisProtected_test.go create mode 100644 service/match/redis/redis_test.go create mode 100644 service/match/rmi/rmi_test.go create mode 100644 service/match/smb/smb_test.go create mode 100644 service/match/snmp/snmpv2_test.go create mode 100644 service/match/snmp/snmpv3_test.go create mode 100644 service/match/ssh/ssh_test.go create mode 100644 service/match/telnet/telnet_test.go create mode 100644 service/match/wmi/wmi_test.go diff --git a/matcher/activedirectory/activedirectory_test.go b/discovery/service/match/activedirectory/activedirectory_test.go similarity index 89% rename from matcher/activedirectory/activedirectory_test.go rename to discovery/service/match/activedirectory/activedirectory_test.go index ccf4bdc..083b546 100644 --- a/matcher/activedirectory/activedirectory_test.go +++ b/discovery/service/match/activedirectory/activedirectory_test.go @@ -5,7 +5,7 @@ import ( "net" "testing" "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" ) func TestADNor(t *testing.T) { @@ -67,7 +67,7 @@ func dDRun(client net.Conn, t *testing.T) { fmt.Println(bytes) - b := lm.Match(ii, packet.NewPacket(bytes, read), nil) + b := lm.Match(ii, matcher.NewPacket(bytes, read), nil) if b { fmt.Println("Good") diff --git a/matcher/cassandra/cassandra_test.go b/discovery/service/match/cassandra/cassandra_test.go similarity index 88% rename from matcher/cassandra/cassandra_test.go rename to discovery/service/match/cassandra/cassandra_test.go index 4936345..7f71306 100644 --- a/matcher/cassandra/cassandra_test.go +++ b/discovery/service/match/cassandra/cassandra_test.go @@ -2,7 +2,7 @@ package cassandra import ( "crypto/tls" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -24,7 +24,7 @@ func TestCassandra(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("Cassandra found") @@ -60,7 +60,7 @@ func TestCassandraTLS(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("Cassandra found") diff --git a/matcher/dns/dns_test.go b/discovery/service/match/dns/dns_test.go similarity index 82% rename from matcher/dns/dns_test.go rename to discovery/service/match/dns/dns_test.go index bc86cc6..0e869b0 100644 --- a/matcher/dns/dns_test.go +++ b/discovery/service/match/dns/dns_test.go @@ -1,7 +1,7 @@ package dns import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -21,7 +21,7 @@ func TestDns(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("dns found") diff --git a/matcher/ftp/ftp_test.go b/discovery/service/match/ftp/ftp_test.go similarity index 96% rename from matcher/ftp/ftp_test.go rename to discovery/service/match/ftp/ftp_test.go index fe034c2..9a28a00 100644 --- a/matcher/ftp/ftp_test.go +++ b/discovery/service/match/ftp/ftp_test.go @@ -4,7 +4,7 @@ import ( "fmt" "testing" "git.loafle.net/overflow/overflow_discovery/model/scaninfo" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" ) @@ -206,7 +206,7 @@ func TestMatchFTP(t *testing.T) { fmt.Println(bytes) - b := ftm.Match(0, packet.NewPacket(bytes, le), nil) + b := ftm.Match(0, matcher.NewPacket(bytes, le), nil) fmt.Println(b) @@ -224,7 +224,7 @@ func TestMatchFTP(t *testing.T) { //fmt.Println(bytes) - b := ftm.Match(ii+1, packet.NewPacket(bytes, l), info) + b := ftm.Match(ii+1, matcher.NewPacket(bytes, l), info) fmt.Println(b) diff --git a/matcher/http/http_test.go b/discovery/service/match/http/http_test.go similarity index 87% rename from matcher/http/http_test.go rename to discovery/service/match/http/http_test.go index b2bb4be..dc3ddd0 100644 --- a/matcher/http/http_test.go +++ b/discovery/service/match/http/http_test.go @@ -2,7 +2,7 @@ package http import ( "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" //"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types" "net" "testing" @@ -44,6 +44,6 @@ func TestHTTPMatcher_Match(t *testing.T) { //fmt.Println(bytes) - hm.Match(0, packet.NewPacket(bytes, l), nil) + hm.Match(0, matcher.NewPacket(bytes, l), nil) } diff --git a/matcher/http/https_test.go b/discovery/service/match/http/https_test.go similarity index 86% rename from matcher/http/https_test.go rename to discovery/service/match/http/https_test.go index 1a80e4c..2b07dd0 100644 --- a/matcher/http/https_test.go +++ b/discovery/service/match/http/https_test.go @@ -3,7 +3,7 @@ package http import ( "crypto/tls" "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "log" "net" "testing" @@ -49,7 +49,7 @@ func TestHTTPSMatcher_Match(t *testing.T) { fmt.Println(string(buf)) fmt.Println(l) - is := h.Match(0, packet.NewPacket(buf, l), nil) + is := h.Match(0, matcher.NewPacket(buf, l), nil) fmt.Println(is) } diff --git a/matcher/imap/imap_test.go b/discovery/service/match/imap/imap_test.go similarity index 86% rename from matcher/imap/imap_test.go rename to discovery/service/match/imap/imap_test.go index fe105da..d47953b 100644 --- a/matcher/imap/imap_test.go +++ b/discovery/service/match/imap/imap_test.go @@ -5,7 +5,7 @@ import ( "crypto/tls" "fmt" //"git.loafle.net/overflow/overflow_discovery/collector/core/scan/port" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" //"git.loafle.net/overflow/overflow_discovery/collector/core/scan/service/matcher/scaninfo" //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" "net" @@ -32,7 +32,7 @@ func ImapRun(client net.Conn, t *testing.T) { rr, _ := client.Read(bytett) - bb := lm.Match(0, packet.NewPacket(bytett, rr), nil) + bb := lm.Match(0, matcher.NewPacket(bytett, rr), nil) if bb { t.Log("good!") @@ -56,7 +56,7 @@ func ImapRun(client net.Conn, t *testing.T) { //fmt.Println(bytes) - b := lm.Match(ii+1, packet.NewPacket(bytes, read), nil) + b := lm.Match(ii+1, matcher.NewPacket(bytes, read), nil) if b { t.Log("send Good!") @@ -117,8 +117,8 @@ func TestImap(t *testing.T) { rr, _ := client.Read(bytett) - //bb := lm.Match(0, packet.NewPacket(bytett, rr), scanInfo) - bb := lm.Match(0, packet.NewPacket(bytett, rr), nil) + //bb := lm.Match(0, matcher.NewPacket(bytett, rr), scanInfo) + bb := lm.Match(0, matcher.NewPacket(bytett, rr), nil) if bb { t.Log("good!") @@ -142,7 +142,7 @@ func TestImap(t *testing.T) { //fmt.Println(bytes) - b := lm.Match(ii+1, packet.NewPacket(bytes, read), nil) + b := lm.Match(ii+1, matcher.NewPacket(bytes, read), nil) if b { t.Log("send Good!") diff --git a/matcher/mongodb/mongodb_test.go b/discovery/service/match/mongodb/mongodb_test.go similarity index 88% rename from matcher/mongodb/mongodb_test.go rename to discovery/service/match/mongodb/mongodb_test.go index 2b901f6..8958765 100644 --- a/matcher/mongodb/mongodb_test.go +++ b/discovery/service/match/mongodb/mongodb_test.go @@ -2,7 +2,7 @@ package mongodb import ( "crypto/tls" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -41,7 +41,7 @@ func MongoRun(conn net.Conn, t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("MongoDB found") diff --git a/matcher/mssql/mssql_test.go b/discovery/service/match/mssql/mssql_test.go similarity index 90% rename from matcher/mssql/mssql_test.go rename to discovery/service/match/mssql/mssql_test.go index 0742dc6..214ca7a 100644 --- a/matcher/mssql/mssql_test.go +++ b/discovery/service/match/mssql/mssql_test.go @@ -1,7 +1,7 @@ package mssql import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -50,7 +50,7 @@ func sqlServerRun(conn net.Conn, t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log(m.ServiceName()) diff --git a/matcher/mysql/mysql_test.go b/discovery/service/match/mysql/mysql_test.go similarity index 88% rename from matcher/mysql/mysql_test.go rename to discovery/service/match/mysql/mysql_test.go index a2b23ad..2f325d3 100644 --- a/matcher/mysql/mysql_test.go +++ b/discovery/service/match/mysql/mysql_test.go @@ -3,7 +3,7 @@ package mysql import ( "crypto/tls" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -23,7 +23,7 @@ func TestMySql(t *testing.T) { bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(0, p, nil) { t.Log(m.ServiceName()) @@ -58,7 +58,7 @@ func TestCassandraTLS(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log(m.ServiceName()) diff --git a/matcher/netbios/netbios_test.go b/discovery/service/match/netbios/netbios_test.go similarity index 81% rename from matcher/netbios/netbios_test.go rename to discovery/service/match/netbios/netbios_test.go index 5733ca9..44be41d 100644 --- a/matcher/netbios/netbios_test.go +++ b/discovery/service/match/netbios/netbios_test.go @@ -2,7 +2,7 @@ package netbios import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -21,7 +21,7 @@ func TestNBSS(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("NBSS found") diff --git a/matcher/oracle/oracle_test.go b/discovery/service/match/oracle/oracle_test.go similarity index 84% rename from matcher/oracle/oracle_test.go rename to discovery/service/match/oracle/oracle_test.go index afa1079..7556782 100644 --- a/matcher/oracle/oracle_test.go +++ b/discovery/service/match/oracle/oracle_test.go @@ -3,7 +3,7 @@ package oracle import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" @@ -40,7 +40,7 @@ func TestOracle(t *testing.T) { t.Log(bytes) - b := lm.Match(ii, packet.NewPacket(bytes, read), nil) + b := lm.Match(ii, matcher.NewPacket(bytes, read), nil) if b { t.Log("Good") diff --git a/matcher/pgsql/pgsql_test.go b/discovery/service/match/pgsql/pgsql_test.go similarity index 88% rename from matcher/pgsql/pgsql_test.go rename to discovery/service/match/pgsql/pgsql_test.go index 7d69550..70e30cd 100644 --- a/matcher/pgsql/pgsql_test.go +++ b/discovery/service/match/pgsql/pgsql_test.go @@ -2,7 +2,7 @@ package pgsql import ( "crypto/tls" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -23,7 +23,7 @@ func TestPG(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("PostgreSQL found") @@ -58,7 +58,7 @@ func TestSqlTLS(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("PostgreSQL found") diff --git a/matcher/pop/pop_test.go b/discovery/service/match/pop/pop_test.go similarity index 86% rename from matcher/pop/pop_test.go rename to discovery/service/match/pop/pop_test.go index ecf4291..fbc9850 100644 --- a/matcher/pop/pop_test.go +++ b/discovery/service/match/pop/pop_test.go @@ -4,7 +4,7 @@ package pop import ( "crypto/tls" "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" @@ -51,7 +51,7 @@ func pop3Run(client net.Conn, t *testing.T) { read, _ := client.Read(bytett) - bb := lm.Match(0, packet.NewPacket(bytett, read), nil) + bb := lm.Match(0, matcher.NewPacket(bytett, read), nil) if bb { t.Log("good!") @@ -73,7 +73,7 @@ func pop3Run(client net.Conn, t *testing.T) { //fmt.Println(bytes) - b := lm.Match(ii+1, packet.NewPacket(bytes, rr), nil) + b := lm.Match(ii+1, matcher.NewPacket(bytes, rr), nil) if b { t.Log("send Good!") diff --git a/discovery/service/match/redis/redisProtected_test.go b/discovery/service/match/redis/redisProtected_test.go new file mode 100644 index 0000000..8f4e78e --- /dev/null +++ b/discovery/service/match/redis/redisProtected_test.go @@ -0,0 +1,33 @@ +package redis + +//import ( +// "git.loafle.net/overflow/overflow_discovery/collector/core/scan/service/matcher/packet" +// "net" +// "testing" +//) +// +//func TestRedisProtected(t *testing.T) { +// +// m := NewRedisProtectedMatcher() +// +// conn, err := net.Dial("tcp", "192.168.1.215:8379") +// +// if err != nil { +// t.Log(err) +// return +// } +// +// defer conn.Close() +// +// bytes := make([]byte, 1024) +// n, _ := conn.Read(bytes) +// +// //fmt.Println(string(bytes[:n])) +// +// b := m.Match(0, matcher.NewPacket(bytes, n), nil) +// +// if b { +// t.Log("good!") +// } +// +//} diff --git a/matcher/redis/redis_test.go b/discovery/service/match/redis/redis_test.go similarity index 82% rename from matcher/redis/redis_test.go rename to discovery/service/match/redis/redis_test.go index d83266a..f0d2e9d 100644 --- a/matcher/redis/redis_test.go +++ b/discovery/service/match/redis/redis_test.go @@ -1,7 +1,7 @@ package redis import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -24,7 +24,7 @@ func TestRedisMatcher(t *testing.T) { bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("Redis found.") diff --git a/matcher/rmi/rmi_test.go b/discovery/service/match/rmi/rmi_test.go similarity index 87% rename from matcher/rmi/rmi_test.go rename to discovery/service/match/rmi/rmi_test.go index db560aa..f579c8c 100644 --- a/matcher/rmi/rmi_test.go +++ b/discovery/service/match/rmi/rmi_test.go @@ -2,7 +2,7 @@ package rmi import ( "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" //"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types" "net" "testing" @@ -46,7 +46,7 @@ func TestRMIMatcher_Match(t *testing.T) { //fmt.Println(bytes) - t1 := hm.Match(0, packet.NewPacket(bytes, l), nil) + t1 := hm.Match(0, matcher.NewPacket(bytes, l), nil) fmt.Println(t1) } diff --git a/matcher/smb/smb_test.go b/discovery/service/match/smb/smb_test.go similarity index 83% rename from matcher/smb/smb_test.go rename to discovery/service/match/smb/smb_test.go index f215b12..58ff870 100644 --- a/matcher/smb/smb_test.go +++ b/discovery/service/match/smb/smb_test.go @@ -1,7 +1,7 @@ package smb import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -29,7 +29,7 @@ func TestSMBMatcher(t *testing.T) { bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("SMB found.") diff --git a/matcher/snmp/snmpv2_test.go b/discovery/service/match/snmp/snmpv2_test.go similarity index 82% rename from matcher/snmp/snmpv2_test.go rename to discovery/service/match/snmp/snmpv2_test.go index 159ec9a..00742a7 100644 --- a/matcher/snmp/snmpv2_test.go +++ b/discovery/service/match/snmp/snmpv2_test.go @@ -2,7 +2,7 @@ package snmp import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -24,7 +24,7 @@ func TestSNMP2(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("SNMP found") diff --git a/matcher/snmp/snmpv3_test.go b/discovery/service/match/snmp/snmpv3_test.go similarity index 82% rename from matcher/snmp/snmpv3_test.go rename to discovery/service/match/snmp/snmpv3_test.go index 6b2932f..0f7f545 100644 --- a/matcher/snmp/snmpv3_test.go +++ b/discovery/service/match/snmp/snmpv3_test.go @@ -2,7 +2,7 @@ package snmp import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -24,7 +24,7 @@ func TestSNMP3(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("SNMP found") diff --git a/matcher/ssh/ssh_test.go b/discovery/service/match/ssh/ssh_test.go similarity index 82% rename from matcher/ssh/ssh_test.go rename to discovery/service/match/ssh/ssh_test.go index d02e788..5fd72fc 100644 --- a/matcher/ssh/ssh_test.go +++ b/discovery/service/match/ssh/ssh_test.go @@ -3,7 +3,7 @@ package ssh import ( "fmt" //"git.loafle.net/overflow/overflow_discovery/match/ssh" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" "net" "testing" @@ -28,7 +28,7 @@ func TestSSHMatcher_Match(t *testing.T) { fmt.Println(bytes) - b := NewSSHMatcher().Match(0, packet.NewPacket(bytes, l), nil) + b := NewSSHMatcher().Match(0, matcher.NewPacket(bytes, l), nil) fmt.Println(b) diff --git a/matcher/telnet/telnet_test.go b/discovery/service/match/telnet/telnet_test.go similarity index 78% rename from matcher/telnet/telnet_test.go rename to discovery/service/match/telnet/telnet_test.go index bca53fc..d7ca223 100644 --- a/matcher/telnet/telnet_test.go +++ b/discovery/service/match/telnet/telnet_test.go @@ -2,7 +2,7 @@ package telnet import ( "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" @@ -27,7 +27,7 @@ func TestTelnetMatcher_Match(t *testing.T) { fmt.Println("length :", l) fmt.Println(bytes) - b := NewTelnetMatcher().Match(0, packet.NewPacket(bytes, l), nil) + b := NewTelnetMatcher().Match(0, matcher.NewPacket(bytes, l), nil) fmt.Println(b) } diff --git a/matcher/wmi/wmi_test.go b/discovery/service/match/wmi/wmi_test.go similarity index 87% rename from matcher/wmi/wmi_test.go rename to discovery/service/match/wmi/wmi_test.go index bbeff29..ecadd53 100644 --- a/matcher/wmi/wmi_test.go +++ b/discovery/service/match/wmi/wmi_test.go @@ -2,7 +2,7 @@ package wmi import ( "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" //"git.loafle.net/overflow/overflow_discovery/collector/discovery/scan/matcher/scaninfo" //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" "net" @@ -39,7 +39,7 @@ func TestWMI(t *testing.T) { //fmt.Println(bytes) - b := lm.Match(ii, packet.NewPacket(bytes, read), nil) + b := lm.Match(ii, matcher.NewPacket(bytes, read), nil) if b { fmt.Println("Good") diff --git a/matcher/dhcp/dhcp.go b/matcher/dhcp/dhcp.go deleted file mode 100644 index 0182e26..0000000 --- a/matcher/dhcp/dhcp.go +++ /dev/null @@ -1,190 +0,0 @@ -package dhcp - -import ( - "bytes" - "encoding/binary" - "fmt" - log "github.com/cihub/seelog" - //"git.loafle.net/overflow/overflow_discovery/match" - "net" - "time" - - "git.loafle.net/overflow/overflow_discovery/discovery/discovery/types" -) - -const ( - MAGIC_COOKIE uint32 = 0x63825363 - OPT_CODE_SERVER_IDENTIFIER uint8 = 54 - OPT_CODE_SUBNET_MASK uint8 = 1 - OPT_CODE_ROUTER uint8 = 3 - OPT_CODE_DNS uint8 = 6 -) - -type dhcpDiscover struct { - MsgType byte - HwType byte - HwAddrLen byte - Hops byte - Xid uint32 - Secs uint16 - BootpFlags uint16 - ClientIp uint32 - YourIp uint32 - NextServerIp uint32 - RelayAgentIp uint32 - ClientMacAddr [6]byte - ClientHwAddrPadding [10]byte - ServerHostName [64]byte - BootFileName [128]byte - MagicCookie uint32 - Mtype byte - MtypeLen byte - MtypeVal byte - Opts [200]byte - End byte - Padding [16]byte -} - -func DiscoverDHCP(zone *types.DiscoveryZone) { - err := sendDHCPDiscovery() - if err != nil { - log.Error(err) - return - } - recvDHCPOffer(zone) -} - -func sendDHCPDiscovery() error { - dhcp := dhcpDiscover{ - MsgType: 0x01, - HwType: 0x01, - HwAddrLen: 0x06, - Hops: 0x00, - Xid: 0x00000000, - Secs: 0x0000, - ClientIp: 0x00000000, - YourIp: 0x00000000, - NextServerIp: 0x00000000, - RelayAgentIp: 0x00000000, - MagicCookie: MAGIC_COOKIE, - Mtype: 0x35, - MtypeLen: 0x01, - MtypeVal: 0x01, - End: 0xff, - } - - var flag uint16 = 0 - dhcp.BootpFlags = ^flag // flag = unicast , ^flag = broadcast - - //TODO : getting mac addr from zone - //dhcp.ClientMacAddr[0] = 0x50 - //dhcp.ClientMacAddr[1] = 0xe5 - //dhcp.ClientMacAddr[2] = 0x49 - //dhcp.ClientMacAddr[3] = 0x46 - //dhcp.ClientMacAddr[4] = 0x93 - //dhcp.ClientMacAddr[5] = 0x28 - - writer := new(bytes.Buffer) - binary.Write(writer, binary.BigEndian, dhcp) - conn, err := net.Dial("udp", "255.255.255.255:67") - if err != nil { - return err - } - conn.Write(writer.Bytes()) - defer conn.Close() - - return nil -} - -func recvDHCPOffer(zone *types.DiscoveryZone) { - - socket, err := net.ListenUDP("udp4", &net.UDPAddr{ - IP: net.IPv4(255, 255, 255, 255), - Port: 68, - }) - if err != nil { - log.Error(err) - return - } - err = socket.SetDeadline(time.Now().Add(3 * time.Second)) - if err != nil { - log.Error(err) - return - } - - buf := make([]byte, 4096) - n, _, err := socket.ReadFromUDP(buf) - if err != nil { - log.Error(err) - return - } - if n <= 0 { - log.Error("No DHCP offer.") - return - } - - offer := dhcpDiscover{} - - reader := new(bytes.Buffer) - reader.Write(buf) - if err := binary.Read(reader, binary.BigEndian, &offer); err != nil { - log.Error(err) - return - } - if offer.MagicCookie != MAGIC_COOKIE { - log.Error("Not a DHCP packet.") - return - } - - //option searching - r := new(bytes.Buffer) - r.Write(offer.Opts[:]) - - for i := 0; i < r.Len(); i++ { - v := r.Next(1)[0] - - if v == OPT_CODE_SUBNET_MASK && r.Next(1)[0] == 4 { - ipStr := byteToIpString(r.Next(4)) - log.Infof("SUBNET MASK: %s", ipStr) - } - - if v == OPT_CODE_ROUTER && r.Next(1)[0] == 4 { - ipStr := byteToIpString(r.Next(4)) - log.Infof("ROUTER: %s", ipStr) - } - - if v == OPT_CODE_DNS { - len := r.Next(1)[0] - var dns []string = make([]string, 0) - var ipStr string - ipStr = byteToIpString(r.Next(4)) - dns = append(dns, ipStr) - if len == 8 { - ipStr = byteToIpString(r.Next(4)) - dns = append(dns, ipStr) - } - log.Infof("DNS: %s", dns) - } - - if v == OPT_CODE_SERVER_IDENTIFIER && r.Next(1)[0] == 4 { - ipStr := byteToIpString(r.Next(4)) - log.Infof("DHCP SERVER: %s", ipStr) - } - } - log.Flush() - -} - -func byteToIpString(b []byte) string { - var ipStr string - len := len(b) - for i := 0; i < len; i++ { - v := b[i] - ipStr += fmt.Sprintf("%d", v) - if i < len-1 { - ipStr += "." - } - } - - return ipStr -} diff --git a/matcher/ftp/ftp.go b/matcher/ftp/ftp.go deleted file mode 100644 index 6b8a876..0000000 --- a/matcher/ftp/ftp.go +++ /dev/null @@ -1,142 +0,0 @@ -package ftp - -import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" - log "github.com/cihub/seelog" -) - -// FTP Status codes, defined in RFC 959 -const ( - statusReadyServer = "120" - statusOK = "200" - statusNewConnectOK = "220" - statusSystemNameOK = "215" - statusCloseConnect = "221" - statusUnkownCMD = "202" - statusTlsUseOK = "234" - statusCloseControlConnect = "421" - statusSyntaxErr = "500" - statusParamSyntaxErr = "501" - statusNotUseCMD = "502" - statusIncorrectCMD = "503" - statusTlsNotUse = "534" - statusNeedUserId = "332" -) - -type FTPMatcher struct { - sendPackets []*packet.Packet - isFtps bool -} - -func (ftp *FTPMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - result := false - - if packet == nil || packet.Buffer == nil || packet.Len == 0 { - log.Error("Packet nil") - return result - } - - str := string(packet.Buffer) - //fmt.Println(str) - code := str[:3] - - if index == 0 { - switch code { - case statusNewConnectOK, statusReadyServer: - //fmt.Println(code) - result = true - break - } - } else if index == 1 { - switch code { - case statusSystemNameOK, statusSyntaxErr, statusParamSyntaxErr, statusNotUseCMD: - //fmt.Println(code) - result = true - break - } - } else if index == 2 { - switch code { - case statusIncorrectCMD, statusParamSyntaxErr, statusNotUseCMD, statusNeedUserId: - //fmt.Println(code) - result = true - break - } - } else if index == 3 { - switch code { - case statusCloseConnect, statusSyntaxErr: - //fmt.Println(code) - result = true - break - } - } - - if index == 3 && result == true { - var err error - var isfs bool - - //fmt.Println(info.Port.Host.Ip, info.Port.Port) - - isfs, err = StartCheckFTPS(info.GetIP(), info.GetPort()) - - if isfs && err == nil { - ftp.isFtps = isfs - } else if err != nil { - log.Warn("FTPS Check Error : ", err.Error()) - } - } - - return result -} - -func (ftp *FTPMatcher) PacketCount() int { - return len(ftp.sendPackets) -} - -func (ftp *FTPMatcher) Packet(index int) *packet.Packet { - return ftp.sendPackets[index] -} - -func (ftp *FTPMatcher) ServiceName() string { - re := "" - if ftp.isFtps { - re = "FTPS" - } else { - re = "FTP" - } - return re -} - -func (ftp *FTPMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (ftp *FTPMatcher) HasResponse(index int) bool { - return false -} - -func (ftp *FTPMatcher) IsPrePacket() bool { - return true -} - -func NewFTPMatcher() *FTPMatcher { - - ftm := FTPMatcher{} - - sysStr := "SYST\r\n" - systByte := make([]byte, len(sysStr)) - copy(systByte[:], sysStr) - ftm.sendPackets = append(ftm.sendPackets, packet.NewPacket(systByte, len(sysStr))) - - passStr := "PASS \r\n" - passByte := make([]byte, len(passStr)) - copy(passByte[:], passStr) - ftm.sendPackets = append(ftm.sendPackets, packet.NewPacket(passByte, len(passStr))) - - quitStr := "QUIT\r\n" - quitByte := make([]byte, len(quitStr)) - copy(quitByte[:], quitStr) - ftm.sendPackets = append(ftm.sendPackets, packet.NewPacket(quitByte, len(quitStr))) - - return &ftm -} diff --git a/matcher/imap/imap.go b/matcher/imap/imap.go deleted file mode 100644 index 93251bb..0000000 --- a/matcher/imap/imap.go +++ /dev/null @@ -1,87 +0,0 @@ -package imap - -import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - PRE_COMPARE_STR = "* OK" - SEND_COMPARE_STR = "* BYE" -) - -type IMAPMatcher struct { - sendPackets []*packet.Packet -} - -func (i *IMAPMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - switch index { - case 0: - - recvStr := string(packet.Buffer) - - if len(recvStr) < 3 { - return false - } - - compareStr := recvStr[0:4] - - if compareStr == PRE_COMPARE_STR { - return true - } - - case 1: - - recvStr := string(packet.Buffer) - - if len(recvStr) < 5 { - return false - } - - compareStr := recvStr[0:5] - - if compareStr == SEND_COMPARE_STR { - return true - } - - } - - return false -} - -func (i *IMAPMatcher) PacketCount() int { - return len(i.sendPackets) -} -func (i *IMAPMatcher) Packet(index int) *packet.Packet { - return i.sendPackets[index] -} -func (i *IMAPMatcher) ServiceName() string { - return "IMAP" -} - -func (i *IMAPMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} -func (i *IMAPMatcher) HasResponse(index int) bool { - - return false -} - -func (i *IMAPMatcher) IsPrePacket() bool { - return true -} - -func NewIMAPMatcher() *IMAPMatcher { - - im := IMAPMatcher{} - - reqStr := "A0001 LOGOUT\r\n" - byte := make([]byte, len(reqStr)) - copy(byte[:], reqStr) - - im.sendPackets = append(im.sendPackets, packet.NewPacket(byte, len(reqStr))) - - return &im - -} diff --git a/matcher/ldap/ldap.go b/matcher/ldap/ldap.go deleted file mode 100644 index 34ab1d0..0000000 --- a/matcher/ldap/ldap.go +++ /dev/null @@ -1,198 +0,0 @@ -package ldap - -import ( - "bytes" - "encoding/binary" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -type LDAPMatcher struct { - sendPackets []*packet.Packet -} - -func (l *LDAPMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - buf := new(bytes.Buffer) - buf.Write(packet.Buffer) - - ldapRecv := LDAP_RECV{} - - binary.Read(buf, binary.LittleEndian, &ldapRecv) - - if ldapRecv.MessageId != LDAP_MESSAGE_ID { - return false - } - - if ldapRecv.ProtocolOp != LDAP_RES_BIND { - return false - } - - if ldapRecv.ResultCode != LDAP_SUCCESS { - return false - } - - return true -} - -func (l *LDAPMatcher) PacketCount() int { - return len(l.sendPackets) -} -func (l *LDAPMatcher) Packet(index int) *packet.Packet { - return l.sendPackets[index] -} -func (l *LDAPMatcher) ServiceName() string { - return "LDAP" -} - -func (l *LDAPMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} -func (l *LDAPMatcher) HasResponse(index int) bool { - - if index == 1 { - return true - } - - return false -} - -func (l *LDAPMatcher) IsPrePacket() bool { - return false -} - -func NewLDAPMatcher() *LDAPMatcher { - - ls := LDAP_SEND{ - DefaultCode: 0x30, - PacketLength: 0x0c, // size -2 - NextType1: 0x02, - NextTypeLength1: 0x01, - MessageId: LDAP_MESSAGE_ID, - ProtocolOp: LDAP_REQ_BIND, - ProtocolOpLength: 0x07, - NextType2: 0x02, - NextTypeLength2: 0x01, - Version: LDAP_VERSION3, - NextType3: 0x04, - NextTypeLength3: 0x00, - Auth: LDAP_AUTH_SIMPLE, - AuthLength: 0x00, - } - - mCache := new(bytes.Buffer) - binary.Write(mCache, binary.LittleEndian, ls) - - sendByte1 := mCache.Bytes() - - lm := LDAPMatcher{ - //sendPackets: make([][]byte, 2), - } - - pp := packet.NewPacket(sendByte1, len(sendByte1)) - - lm.sendPackets = append(lm.sendPackets, pp) - - lq := LDAP_QUIT{ - DefaultCode: 0x30, - UnknwonCode1: 0x84, - PacketLength: 0x05, - NextType1: 0x02, - NextTypeLength1: 0x01, - MessageId: LDAP_MESSAGE_ID_QUIT, - ProtocolOp: LDAP_REQ_UNBIND, - protocolOpLength: 0x00, - } - - lqBuffer := new(bytes.Buffer) - binary.Write(lqBuffer, binary.BigEndian, lq) - - sendByte2 := lqBuffer.Bytes() - - pp2 := packet.NewPacket(sendByte2, len(sendByte2)) - - lm.sendPackets = append(lm.sendPackets, pp2) - - return &lm - -} - -type LDAP_SEND struct { - DefaultCode uint8 - PacketLength uint8 - - NextType1 uint8 - NextTypeLength1 uint8 - - MessageId uint8 - - ProtocolOp uint8 - ProtocolOpLength uint8 - NextType2 uint8 - NextTypeLength2 uint8 - - Version uint8 - - NextType3 uint8 - NextTypeLength3 uint8 - Auth uint8 - AuthLength uint8 -} - -type LDAP_RECV struct { - DefaultCode uint8 - UnknwonCode1 uint8 - EndCode11 uint8 - EndCode12 uint8 - - MessageId uint8 - - ProtocolOp uint8 - UnknwonCode2 uint8 - EndCode21 uint8 - EndCode22 uint8 - - ResultCode uint8 - - UnknwonCode3 uint8 - UnknwonCode4 uint8 - Auth uint8 - UnknwonCode5 uint8 -} - -type LDAP_QUIT struct { - DefaultCode uint8 - UnknwonCode1 uint8 - - PacketLength uint32 - - NextType1 uint8 - NextTypeLength1 uint8 - - MessageId uint8 - - ProtocolOp uint8 - - protocolOpLength uint8 -} - -const ( - LDAP_MESSAGE_ID = 0x99 - LDAP_MESSAGE_ID_QUIT = 0x89 - - LDAP_VERSION3 = 3 - - LDAP_SUCCESS = 0x00 - - LDAP_REQ_BIND = 0x60 - - LDAP_REQ_UNBIND = 0x42 - - LDAP_RES_BIND = 0x61 - - LDAP_AUTH_SIMPLE = 0x80 -) diff --git a/matcher/ldap/ldap_test.go b/matcher/ldap/ldap_test.go deleted file mode 100644 index 4423057..0000000 --- a/matcher/ldap/ldap_test.go +++ /dev/null @@ -1,115 +0,0 @@ -package ldap - - -import ( - "crypto/tls" - "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" - //"git.loafle.net/overflow/overflow_discovery/collector/discovery/scan/matcher/scaninfo" - //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" - "net" - "testing" - -) - -//func SetUp() { -// fmt.Println("SetUp") -//} -// -//func TearDown() { -// fmt.Println("TearDown") -//} - -//func TestMain(m *testing.M) { -// SetUp() -// m.Run() -// TearDown() -//} - -func TestAAAA(t *testing.T) { - ///animals := []Animal{Dog{}, Cat{}, Llama{}, JavaProgrammer{}} - - var ttt [][]int = make([][]int, 10) - - var aaa []int - aaa = append(aaa, 111) - - ttt = append(ttt, aaa) - - fmt.Println(cap(ttt)) - -} - -func ldapRun(client net.Conn, t *testing.T) { - lm := NewLDAPMatcher() - - //port := types.NewPort("389", types.NewHost("192.168.1.215"), types.TYPE_TCP) - //scanInfo := scaninfo.NewServiceScanInfo(port) - //var ipport string - //ipport = port.Host.Ip + ":" + string(port.Port) - // - //fmt.Println(ipport) - //client, _ := net.Dial("tcp", ipport) - //defer client.Close() - - fmt.Println(lm.PacketCount()) - - for ii := 0; ii < lm.PacketCount(); ii++ { - - pack := lm.Packet(ii) - - bytes := make([]byte, 1024) - - client.Write(pack.Buffer) - - read, _ := client.Read(bytes) - - if read <= 0 { - bb := lm.HasResponse(ii) - if bb { - - t.Log("HasResponse good") - break - } - - } - - fmt.Println(bytes) - - b := lm.Match(ii, packet.NewPacket(bytes, read), nil) - - if b { - t.Log("Good") - } - - } - - -} - -func TestLdapTls(t *testing.T) { - conn, err := tls.Dial( - "tcp", - "192.168.1.15:636", - &tls.Config{ - InsecureSkipVerify: true, - ServerName: "192.168.1.15", - }, - ) - - if err != nil { - t.Fatal(err) - } - - defer conn.Close() - - ldapRun(conn, t) -} - -func TestLdapNormal(t *testing.T) { - client, _ := net.Dial("tcp", "192.168.1.15:389") - - defer client.Close() - - ldapRun(client, t) -} diff --git a/matcher/mongodb/mongodb.go b/matcher/mongodb/mongodb.go deleted file mode 100644 index c651c12..0000000 --- a/matcher/mongodb/mongodb.go +++ /dev/null @@ -1,122 +0,0 @@ -package mongodb - -import ( - "bytes" - "encoding/binary" - "math/rand" - - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - MONGO_OP_REQUEST uint32 = 2004 - MONGO_OP_REPLY uint32 = 1 - MONGO_FCNAME string = "admin.$cmd" - MONGO_ELEMENT string = "ismaster" -) - -var MONGO_REQUEST_ID uint32 - -type mongo struct { - MessageLength uint32 - RequestId uint32 - ResponseTo uint32 - OpCode uint32 - Flags uint32 - FullCollectionName [11]byte - NumberToSkip uint32 - NumberToReturn int32 - DocumentLength uint32 - Type_ uint8 - Element [9]byte - Value uint8 - _ uint8 -} - -type MongoDBMatcher struct { - packets []*packet.Packet -} - -func NewMongoDBMatcher() *MongoDBMatcher { - - mongoMatcher := &MongoDBMatcher{} - - tempBuf := new(bytes.Buffer) - binary.Write(tempBuf, binary.BigEndian, mongo{}) - - var fcn [11]byte - copy(fcn[:], MONGO_FCNAME) - - var elem [9]byte - copy(elem[:], MONGO_ELEMENT) - - MONGO_REQUEST_ID = rand.Uint32() - m := mongo{ - MessageLength: uint32(len(tempBuf.Bytes())), - RequestId: MONGO_REQUEST_ID, - ResponseTo: 0, - OpCode: MONGO_OP_REQUEST, - Flags: 0, - FullCollectionName: fcn, - NumberToSkip: 0, - NumberToReturn: -1, - DocumentLength: 16, - Type_: 0x08, - Element: elem, - Value: 1, - } - writer := new(bytes.Buffer) - binary.Write(writer, binary.LittleEndian, m) - - mongoMatcher.packets = append(mongoMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len())) - - return mongoMatcher -} - -func (t *MongoDBMatcher) ServiceName() string { - return "MongoDB" -} - -func (t *MongoDBMatcher) PacketCount() int { - return len(t.packets) -} -func (t *MongoDBMatcher) Packet(index int) *packet.Packet { - return t.packets[index] -} - -func (t *MongoDBMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (t *MongoDBMatcher) HasResponse(index int) bool { - return false -} - -func (t *MongoDBMatcher) IsPrePacket() bool { - return false -} - -func (t *MongoDBMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - reader := new(bytes.Buffer) - reader.Write(packet.Buffer) - - m := mongo{} - if err := binary.Read(reader, binary.LittleEndian, &m); err != nil { - return false - } - - if uint32(packet.Len) != m.MessageLength || - m.ResponseTo != MONGO_REQUEST_ID || - m.OpCode != MONGO_OP_REPLY { - return false - } - - return true - -} diff --git a/matcher/mssql/mssql.go b/matcher/mssql/mssql.go deleted file mode 100644 index 55c8af3..0000000 --- a/matcher/mssql/mssql.go +++ /dev/null @@ -1,173 +0,0 @@ -package mssql - -import ( - "bytes" - "encoding/binary" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - HEADER_TYPE_PRELOGIN uint8 = 0x12 - HEADER_TYPE_RESPONSE uint8 = 0x4 - PL_OPTION_TOKEN_VERSION uint8 = 0x00 - PL_OPTION_TOKEN_ENCRYPTION uint8 = 0x01 - PL_OPTION_TOKEN_TRACEID uint8 = 0x05 - PL_OPTION_TOKEN_TERMINATOR uint8 = 0xff - - ENCRYPT_OFF string = "Encryption is available but off." - ENCRYPT_ON string = "Encryption is available and on." - ENCRYPT_NOT_SUP string = "Encryption is not available." - ENCRYPT_REQ string = "Encryption is required." -) - -type PreloginMsg struct { - VersionToken uint8 - VersionOffset uint16 - VersionLength uint16 - - EncryptionToken uint8 - EncryptionOffset uint16 - EncryptionLength uint16 - - TraceIdToken uint8 - TraceIdOffset uint16 - TraceIdLength uint16 - - Terminator uint8 - Options [7]uint8 - TraceId [36]uint8 -} - -type mssql struct { - Type_ uint8 - Status uint8 - Length uint16 - Channel uint16 - PacketNum uint8 - Window uint8 - Prelogin PreloginMsg -} - -type PreloginResponse struct { - Msg [256]uint8 -} - -type mssqlResponse struct { - Type_ uint8 - Status uint8 - Length uint16 - Channel uint16 - PacketNum uint8 - Window uint8 - PreLoginResp PreloginResponse -} - -type MSSqlMatcher struct { - packets []*packet.Packet - isSSL bool -} - -func NewMSSqlMatcher() *MSSqlMatcher { - - mssqlMatcher := &MSSqlMatcher{} - - tempBuf := new(bytes.Buffer) - binary.Write(tempBuf, binary.BigEndian, mssql{}) - - m := mssql{ - Type_: HEADER_TYPE_PRELOGIN, - Status: 0x01, - Length: uint16(len(tempBuf.Bytes())), - Channel: 0, - PacketNum: 0, - Window: 0, - Prelogin: PreloginMsg{ - VersionToken: PL_OPTION_TOKEN_VERSION, - VersionOffset: 0x0010, - VersionLength: 0x0006, - EncryptionToken: PL_OPTION_TOKEN_ENCRYPTION, - EncryptionOffset: 0x0016, - EncryptionLength: 0x0001, - TraceIdToken: PL_OPTION_TOKEN_TRACEID, - TraceIdOffset: 0x0017, - TraceIdLength: 0x0024, - Terminator: PL_OPTION_TOKEN_TERMINATOR, - }, - } - - writer := new(bytes.Buffer) - binary.Write(writer, binary.BigEndian, m) - - mssqlMatcher.packets = append(mssqlMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len())) - - return mssqlMatcher -} - -func (t *MSSqlMatcher) ServiceName() string { - if t.isSSL { - return "SQL Server (SSL)" - } - return "SQL Server" -} - -func (t *MSSqlMatcher) PacketCount() int { - return len(t.packets) -} -func (t *MSSqlMatcher) Packet(index int) *packet.Packet { - return t.packets[index] -} - -func (t *MSSqlMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (t *MSSqlMatcher) HasResponse(index int) bool { - return false -} - -func (t *MSSqlMatcher) IsPrePacket() bool { - return false -} - -func (t *MSSqlMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - reader := new(bytes.Buffer) - reader.Write(packet.Buffer) - - m := mssqlResponse{} - - if err := binary.Read(reader, binary.BigEndian, &m); err != nil { - return false - } - - if m.Type_ != HEADER_TYPE_RESPONSE { - return false - } - - if m.Length != uint16(packet.Len) { - return false - } - - switch m.PreLoginResp.Msg[m.Length-9 : m.Length-8][0] { - case 0: - return true - case 1: - t.isSSL = true - return true - case 2: - return true - case 3: - t.isSSL = true - return true - default: - return false - } - - return false - -} diff --git a/matcher/mysql/mysql.go b/matcher/mysql/mysql.go deleted file mode 100644 index 907a91b..0000000 --- a/matcher/mysql/mysql.go +++ /dev/null @@ -1,151 +0,0 @@ -package mysql - -import ( - "bytes" - "encoding/binary" - "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" - "strconv" - "strings" -) - -type PacketSize struct { - PacketLength [3]byte - PacketNumber byte -} - -type mySql struct { - Payload PacketSize - Protocol byte - Version [256]byte - - TreadId uint32 - Salt1 [9]byte - ServerCapa uint16 - ServerLang uint8 - ServerStat uint16 - ExtServerCapa uint16 - AuthPlugLen uint8 - _ [10]uint8 - Salt2 [13]uint8 - AuthPlugName [64]uint8 -} - -type MySqlMatcher struct { - packets []*packet.Packet - version string - isErrResp bool - errCode int - errMsg string - isSSL bool -} - -func NewMySqlMatcher() *MySqlMatcher { - return &MySqlMatcher{} -} - -func (t *MySqlMatcher) ServiceName() string { - if t.isErrResp { - return "MySQL" + "(Err-" + strconv.Itoa(t.errCode) + " : " + t.errMsg + ")" - } - if t.isSSL { - return "MySQL" + "-" + t.version + "(SSL)" - } - return "MySQL" + "(" + t.version + ")" -} - -func (t *MySqlMatcher) PacketCount() int { - return len(t.packets) -} - -func (t *MySqlMatcher) Packet(index int) *packet.Packet { - return t.packets[index] -} - -func (t *MySqlMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (t *MySqlMatcher) HasResponse(index int) bool { - return false -} - -func (t *MySqlMatcher) IsPrePacket() bool { - return true -} - -func (t *MySqlMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil || len(packet.Buffer) <= 0 { - return false - } - - r := new(bytes.Buffer) - r.Write(packet.Buffer) - - m := mySql{} - if err := binary.Read(r, binary.LittleEndian, &m); err != nil { - return false - } - - buf := bytes.NewBuffer(m.Payload.PacketLength[:]) - packetLen, _ := binary.ReadUvarint(buf) - - if packetLen != uint64(packet.Len-4) { - return false - } - - if m.Protocol == 0xff { - //MySQL error response - var code [2]uint8 - copy(code[:], m.Version[:2]) - - var msg [256]uint8 - copy(msg[:], m.Version[2:]) - - errCode := binary.LittleEndian.Uint16(code[:]) - if errCode < 1000 || errCode > 1727 { - return false - } - errMsg := bytes.Trim(msg[:], "\x00") - - t.isErrResp = true - t.errCode = int(errCode) - t.errMsg = string(errMsg) - - return true - } - - if m.Protocol != 10 && m.Protocol != 9 { - return false - } - - t.checkSSL(packet) - - return true -} - -func (t *MySqlMatcher) checkSSL(packet *packet.Packet) { - - temp := make([]byte, packet.Len) - r := new(bytes.Buffer) - r.Write(packet.Buffer) - - if err := binary.Read(r, binary.LittleEndian, &temp); err != nil { - return - } - - t.version = strings.Split(string(packet.Buffer)[5:packet.Len], "\x00")[0] - versionLen := len(t.version) + 1 - data := binary.LittleEndian.Uint16(temp[18+versionLen : 20+versionLen]) - s := fmt.Sprintf("%b", data) - - for i, b := range s { - if i == 4 { - if b == 49 { - t.isSSL = true - } - } - } -} diff --git a/matcher/netbios/netbios.go b/matcher/netbios/netbios.go deleted file mode 100644 index f485f24..0000000 --- a/matcher/netbios/netbios.go +++ /dev/null @@ -1,109 +0,0 @@ -package netbios - -import ( - "bytes" - "encoding/binary" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - NBSS_SESSION_REQUEST uint8 = 0x81 - NBSS_POSITIVE_SESSION_RESPONSE uint8 = 0x82 - NBSS_NEGATIVE_SESSION_RESPONSE uint8 = 0x83 - ADDR string = "192.168.1.202:139" -) - -type netBios struct { - MsgType uint8 - Flags uint8 //0-6 : Reserved, must be zero. 7 : Length extension. - Length uint16 - CalledNameLen uint8 - CalledName [16]uint16 - _ uint8 - CallingNameLen uint8 - CallingName [16]uint16 - _ uint8 -} - -type NetBiosMatcher struct { - packets []*packet.Packet -} - -func NewNetBiosMatcher() *NetBiosMatcher { - - nbssMatcher := &NetBiosMatcher{} - - tempBuf := new(bytes.Buffer) - binary.Write(tempBuf, binary.BigEndian, netBios{}) - - query := netBios{ - MsgType: NBSS_SESSION_REQUEST, - Flags: 0x00, - Length: 0x4400, - CalledNameLen: 0x20, - CallingNameLen: 0x20, - } - - query.CalledName[0] = 0x4D45 // L - query.CalledName[1] = 0x4745 // F - - query.CallingName[0] = 0x4D45 - query.CallingName[1] = 0x4745 - - for i := 2; i < 16; i++ { - query.CalledName[i] = 0x4143 //Space - query.CallingName[i] = 0x4143 - } - writer := new(bytes.Buffer) - binary.Write(writer, binary.LittleEndian, query) - - nbssMatcher.packets = append(nbssMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len())) - - return nbssMatcher -} - -func (t *NetBiosMatcher) ServiceName() string { - return "NBSS" -} - -func (t *NetBiosMatcher) PacketCount() int { - return len(t.packets) -} -func (t *NetBiosMatcher) Packet(index int) *packet.Packet { - return t.packets[index] -} - -func (t *NetBiosMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (t *NetBiosMatcher) HasResponse(index int) bool { - return false -} - -func (t *NetBiosMatcher) IsPrePacket() bool { - return false -} - -func (t *NetBiosMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - reader := new(bytes.Buffer) - reader.Write(packet.Buffer) - - n := netBios{} - if err := binary.Read(reader, binary.LittleEndian, &n); err != nil { - return false - } - - if NBSS_NEGATIVE_SESSION_RESPONSE != n.MsgType { - return false - } - - return true - -} diff --git a/matcher/oracle/oracle.go b/matcher/oracle/oracle.go deleted file mode 100644 index 507b65c..0000000 --- a/matcher/oracle/oracle.go +++ /dev/null @@ -1,191 +0,0 @@ -package oracle - -import ( - "bytes" - "encoding/binary" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -type OracleMatcher struct { - sendPackets []*packet.Packet -} - -func (o *OracleMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - header := header_packet{} - refuse := body_refuse{} - - buf := new(bytes.Buffer) - buf.Write(packet.Buffer) - - binary.Read(buf, binary.BigEndian, &header) - binary.Read(buf, binary.BigEndian, &refuse) - - //fmt.Println(header) - //fmt.Println(refuse) - - if header.Check_sum != 0 { - return false - } - if header.Types != 4 { - return false - } - if header.Reserved_byte != 0 { - return false - } - if header.Header_sum != 0 { - return false - } - if refuse.Reason_user != 34 { - return false - } - if refuse.Reason_system != 0 { - return false - } - - var dataLen int = int(refuse.Data_len) - if dataLen != packet.Len-12 { // - if dataLen != packet.Len-22 { // morformed packet error not user not service - return false - } - } - - return true -} - -func (o *OracleMatcher) PacketCount() int { - return len(o.sendPackets) -} -func (o *OracleMatcher) Packet(index int) *packet.Packet { - return o.sendPackets[index] -} -func (o *OracleMatcher) ServiceName() string { - return "OracleMatcher" -} - -func (o *OracleMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} -func (o *OracleMatcher) HasResponse(index int) bool { - - return false -} - -func (o *OracleMatcher) IsPrePacket() bool { - return false -} - -func NewOracleMatcher() *OracleMatcher { - - pm := OracleMatcher{} - - hp := header_packet{ - Length: 247, - Check_sum: 0, - Types: 1, - Reserved_byte: 0, - Header_sum: 0, - } - - bc := body_connect{ - Version: 315, - Version_compatible: 300, - //Service_options: - Session_unit_size: 8192, - Maxumum_trans_data_unit_size: 65535, - //Nt_protocol_characteristics: - Line_turnaround_value: 0, - Value_of_1_in_hardware: 1, - Length_of_connect_data: 177, - Offset_to_connect_data: 70, - Maximum_receivable_connect_data: 0, - //Connect_flag0: - //Connect_flag1: - Trace_cross_facility_item_1: 0, - Trace_cross_facility_item_2: 0, - Trace_unique_connection_id: 0, - //Unknown_data: - //Connect_data: - - } - - bc.Service_options[0] = 0x0c - bc.Service_options[1] = 0x41 - - bc.Nt_protocol_characteristics[0] = 0x4f - bc.Nt_protocol_characteristics[1] = 0x98 - - bc.Connect_flag0 = 0x81 - bc.Connect_flag1 = 0x81 - - bc.Unknown_data[10] = 0x20 - bc.Unknown_data[13] = 0x20 - - conDataStr := "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.30)(PORT=1521))(CONNECT_DATA=(CID=(PROGRAM=JDBC Thin Client)(HOST=__jdbc__)(USER=loafle.match))(SERVICE_NAME=oracle.loafle.com1)))" - //conDataStr := "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.30)(PORT=1521))(CONNECT_DATA=(CID=(PROGRAM=JDBC Thin Client)(HOST=__jdbc__)(USER=Jackdaw))(SERVICE_NAME=oracle.loafle.co1m)))" - - connect_data := make([]byte, len(conDataStr)) - copy(connect_data, conDataStr) - - hpBuf := new(bytes.Buffer) - binary.Write(hpBuf, binary.BigEndian, hp) - - hpBt := hpBuf.Bytes() - - bcBuf := new(bytes.Buffer) - binary.Write(bcBuf, binary.BigEndian, bc) - bcBt := bcBuf.Bytes() - - byteSize := len(hpBt) + len(bcBt) + len(conDataStr) - sendByte := make([]byte, byteSize) - - copy(sendByte[0:], hpBt) - copy(sendByte[len(hpBt):], bcBt) - copy(sendByte[len(hpBt)+len(bcBt):], connect_data) - - pm.sendPackets = append(pm.sendPackets, packet.NewPacket(sendByte, byteSize)) - - return &pm - -} - -type header_packet struct { - Length uint16 - Check_sum uint16 - Types byte - Reserved_byte byte - Header_sum uint16 -} - -type body_connect struct { - Version uint16 - Version_compatible uint16 - Service_options [2]byte - Session_unit_size uint16 - Maxumum_trans_data_unit_size uint16 - Nt_protocol_characteristics [2]byte - Line_turnaround_value uint16 - Value_of_1_in_hardware uint16 - Length_of_connect_data uint16 - Offset_to_connect_data uint16 - Maximum_receivable_connect_data uint32 - Connect_flag0 byte - Connect_flag1 byte - Trace_cross_facility_item_1 uint32 - Trace_cross_facility_item_2 uint32 - Trace_unique_connection_id uint64 - Unknown_data [20]byte - //Connect_data []byte -} - -type body_refuse struct { - Reason_user byte - Reason_system byte - Data_len uint16 - //Data []byte -} diff --git a/matcher/pgsql/pgsql.go b/matcher/pgsql/pgsql.go deleted file mode 100644 index 45cebfd..0000000 --- a/matcher/pgsql/pgsql.go +++ /dev/null @@ -1,182 +0,0 @@ -package pgsql - -import ( - "bytes" - "encoding/binary" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" - "strings" -) - -const ( - RESPONSE_TYPE_ERR uint8 = 0x45 -) - -type pgsql struct { - Len uint32 - MessageType uint16 - _ uint16 - Name [5]byte - NameValue byte - Db [9]byte - DBValue byte - Encoding [16]byte - EncodingValue [5]byte - DateStyle [10]byte - DateStyleValue [4]byte - TimeZone [9]byte - TimeZoneValue [11]byte - ExtraDigits [19]byte - ExtraDigitsValue uint16 - End byte -} - -type pgsqlErrResponse struct { - ResponseType uint8 - Len [4]byte - Severity [6]byte - _ byte - Code [6]byte - _ byte - Message [53]byte -} - -type pgsqlErrResponse2 struct { - ResponseType uint8 - Len [4]byte - Data [128]byte - //Severity [6]byte - //_ byte - //Code [6]byte - //_ byte - //Message [53]byte -} - -type PostgreSQLMatcher struct { - packets []*packet.Packet -} - -func NewPostgreSQLMatcher() *PostgreSQLMatcher { - - pgSqlMatcher := &PostgreSQLMatcher{} - - pg := pgsql{} - - pg.Len = 0x00000065 - pg.MessageType = 0x0003 - - var name [5]byte - copy(name[:], "user") - pg.Name = name - pg.NameValue = 0x00 - - var db [9]byte - copy(db[:], "database") - pg.Db = db - pg.DBValue = 0x00 - - var encoding [16]byte - copy(encoding[:], "client_encoding") - pg.Encoding = encoding - - var encodingValue [5]byte - copy(encodingValue[:], "UTF8") - pg.EncodingValue = encodingValue - - var dateStyle [10]byte - copy(dateStyle[:], "DateStyle") - pg.DateStyle = dateStyle - - var dateStyleValue [4]byte - copy(dateStyleValue[:], "ISO") - pg.DateStyleValue = dateStyleValue - - var timeZone [9]byte - copy(timeZone[:], "TimeZone") - pg.TimeZone = timeZone - - var timeZoneValue [11]byte - copy(timeZoneValue[:], "Asia/Seoul") - pg.TimeZoneValue = timeZoneValue - - var extraDigit [19]byte - copy(extraDigit[:], "extra_float_digits") - pg.ExtraDigits = extraDigit - - pg.ExtraDigitsValue = 0x3200 - - writer := new(bytes.Buffer) - binary.Write(writer, binary.BigEndian, pg) - - pgSqlMatcher.packets = append(pgSqlMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len())) - - return pgSqlMatcher -} - -func (t *PostgreSQLMatcher) ServiceName() string { - return "PostgreSQL" -} - -func (t *PostgreSQLMatcher) PacketCount() int { - return len(t.packets) -} -func (t *PostgreSQLMatcher) Packet(index int) *packet.Packet { - return t.packets[index] -} - -func (t *PostgreSQLMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (t *PostgreSQLMatcher) HasResponse(index int) bool { - return false -} - -func (t *PostgreSQLMatcher) IsPrePacket() bool { - return false -} - -func (t *PostgreSQLMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - reader := new(bytes.Buffer) - reader.Write(packet.Buffer) - - pg := pgsqlErrResponse2{} - if err := binary.Read(reader, binary.BigEndian, &pg); err != nil { - return false - } - - if pg.ResponseType != RESPONSE_TYPE_ERR { - return false - } - - length := binary.BigEndian.Uint32(pg.Len[:]) - if length+1 != uint32(packet.Len) { - return false - } - - data := string(pg.Data[:]) - splits := strings.Split(data, "\x00") - - var findSeverity bool = false - var findErrorCode bool = false - for _, s := range splits { - if strings.Contains(s, "FATAL") { - findSeverity = true - } - if strings.Contains(s, "28000") { - findErrorCode = true - } - } - - if !findSeverity || !findErrorCode { - return false - } - - return true - -} diff --git a/matcher/pop/pop.go b/matcher/pop/pop.go deleted file mode 100644 index d66fabf..0000000 --- a/matcher/pop/pop.go +++ /dev/null @@ -1,73 +0,0 @@ -package pop - -import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - COMPARE_STR = "+OK" -) - -type POPMatcher struct { - sendPackets []*packet.Packet -} - -func (p *POPMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - switch index { - case 0: - fallthrough - case 1: - - recvStr := string(packet.Buffer) - - if len(recvStr) < 3 { - return false - } - - compareStr := recvStr[0:3] - - if compareStr == COMPARE_STR { - return true - } - - } - - return false -} - -func (p *POPMatcher) PacketCount() int { - return len(p.sendPackets) -} -func (p *POPMatcher) Packet(index int) *packet.Packet { - return p.sendPackets[index] -} -func (p *POPMatcher) ServiceName() string { - return "POPMatcher" -} - -func (p *POPMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} -func (p *POPMatcher) HasResponse(index int) bool { - - return false -} - -func (p *POPMatcher) IsPrePacket() bool { - return true -} - -func NewPOPMatcher() *POPMatcher { - - pm := POPMatcher{} - - reqStr := "QUIT\r\n" - byte := make([]byte, len(reqStr)) - copy(byte[:], reqStr) - pm.sendPackets = append(pm.sendPackets, packet.NewPacket(byte, len(reqStr))) - - return &pm - -} diff --git a/matcher/redis/redis.go b/matcher/redis/redis.go deleted file mode 100644 index 87b84f4..0000000 --- a/matcher/redis/redis.go +++ /dev/null @@ -1,76 +0,0 @@ -package redis - -import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" - "strings" -) - -const REDIS_PING string = "*1\r\n$4\r\nping\r\n" - -type RedisMatcher struct { - packets []*packet.Packet -} - -func NewRedisMatcher() *RedisMatcher { - - redisMatcher := &RedisMatcher{} - - redisMatcher.packets = append(redisMatcher.packets, packet.NewPacket([]byte(REDIS_PING), len(REDIS_PING))) - - return redisMatcher -} - -func (t *RedisMatcher) ServiceName() string { - return "Redis" -} - -func (t *RedisMatcher) PacketCount() int { - return len(t.packets) -} -func (t *RedisMatcher) Packet(index int) *packet.Packet { - return t.packets[index] -} - -func (t *RedisMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (t *RedisMatcher) HasResponse(index int) bool { - return false -} - -func (t *RedisMatcher) IsPrePacket() bool { - return false -} - -func (t *RedisMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - resp := strings.Split(string(packet.Buffer), "\r\n")[0] - if len(resp) <= 0 { - return false - } - - sign := string([]rune(resp)[0]) - if len(sign) <= 0 { - return false - } - - if sign == "+" { - if resp == "+PONG" || resp == "+OK" { - return true - } - } - if sign == "-" { - if resp == "-NOAUTH" || resp == "-ERR" { - return true - } - } - - return false - -} diff --git a/matcher/redis/redisProtected.go b/matcher/redis/redisProtected.go deleted file mode 100644 index 74e4265..0000000 --- a/matcher/redis/redisProtected.go +++ /dev/null @@ -1,78 +0,0 @@ -package redis - -import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - COMPARE_STR_1 = "-" - COMPARE_STR_2 = "DENIED" -) - -type RedisProtectedMatcher struct { -} - -func NewRedisProtectedMatcher() *RedisProtectedMatcher { - - redisMatcher := &RedisProtectedMatcher{} - - return redisMatcher -} - -func (r *RedisProtectedMatcher) ServiceName() string { - return "RedisProtectedMatcher" -} - -func (r *RedisProtectedMatcher) PacketCount() int { - return 0 -} -func (r *RedisProtectedMatcher) Packet(index int) *packet.Packet { - return nil -} - -func (r *RedisProtectedMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (r *RedisProtectedMatcher) HasResponse(index int) bool { - return false -} - -func (r *RedisProtectedMatcher) IsPrePacket() bool { - return true -} - -func (r *RedisProtectedMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - switch index { - case 0: - str := string(packet.Buffer[:packet.Len]) - - if str == "" { - return false - } - if len(str) <= 0 { - return false - } - - firstCompare := str[0:1] - seconcdCompare := str[1 : len(COMPARE_STR_2)+1] - - if firstCompare != COMPARE_STR_1 { - return false - } - if seconcdCompare != COMPARE_STR_2 { - return false - } - - return true - } - - return false - -} diff --git a/matcher/rmi/rmi.go b/matcher/rmi/rmi.go deleted file mode 100644 index 361f4ba..0000000 --- a/matcher/rmi/rmi.go +++ /dev/null @@ -1,111 +0,0 @@ -package rmi - -import ( - "bytes" - "encoding/binary" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - MAGIC_NUMBER = 0x4a524d49 - STREAM_PROTOCOL = 0x4b - VERSION = 0x0002 - ACK_PROTOCOL = 0x4e -) - -type RMI_SEND_MESSAGE struct { - magic uint32 - version uint16 - protocol uint8 -} - -type RMI_RECV_MESSAGE struct { - streamMessage uint8 - packetLen uint16 - host []byte - port [2]byte -} -type RMIMatcher struct { - sendPackets []*packet.Packet -} - -func (r *RMIMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - result := false - - if packet == nil || packet.Buffer == nil || packet.Len == 0 { - return result - } - - //fmt.Println("packet :", packet) - rmiRecv := RMI_RECV_MESSAGE{} - - buf := bytes.NewReader(packet.Buffer) - binary.Read(buf, binary.BigEndian, &rmiRecv.streamMessage) - binary.Read(buf, binary.BigEndian, &rmiRecv.packetLen) - - lenInt := int(rmiRecv.packetLen) - - var tempHost = make([]byte, lenInt, lenInt) - copy(rmiRecv.host, tempHost) - - rmiRecv.host = tempHost - - binary.Read(buf, binary.BigEndian, &rmiRecv.host) - binary.Read(buf, binary.BigEndian, &rmiRecv.port) - - hostIp := string(rmiRecv.host[:lenInt]) - //fmt.Println(hostIp) - - //hostPort := binary.BigEndian.Uint16(rmiRecv.port[:2]) - - if rmiRecv.streamMessage == ACK_PROTOCOL && lenInt == len(hostIp) { - result = true - } - - return result -} - -func (r *RMIMatcher) PacketCount() int { - return len(r.sendPackets) -} - -func (r *RMIMatcher) Packet(index int) *packet.Packet { - return r.sendPackets[index] -} - -func (r *RMIMatcher) ServiceName() string { - return "RMI" -} - -func (r *RMIMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (r *RMIMatcher) HasResponse(index int) bool { - return false -} - -func (r *RMIMatcher) IsPrePacket() bool { - return false -} - -func NewRMIMatcher() *RMIMatcher { - - r := RMIMatcher{} - rsm := RMI_SEND_MESSAGE{ - magic: MAGIC_NUMBER, - version: VERSION, - protocol: STREAM_PROTOCOL, - } - - mCache := new(bytes.Buffer) - binary.Write(mCache, binary.BigEndian, rsm) - - sendByte1 := mCache.Bytes() - pp := packet.NewPacket(sendByte1, len(sendByte1)) - - r.sendPackets = append(r.sendPackets, pp) - - return &r -} diff --git a/matcher/smb/smb.go b/matcher/smb/smb.go deleted file mode 100644 index b29967a..0000000 --- a/matcher/smb/smb.go +++ /dev/null @@ -1,161 +0,0 @@ -package smb - -import ( - "bytes" - "encoding/binary" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" - "strings" -) - -const ( - SMB_COM_NEGOTIATE uint8 = 0x72 - SMB_SUCCESS uint8 = 0x00 -) - -type netBIOS struct { - MsgType byte - MsgLength [3]uint8 -} - -type smb struct { - NetBios netBIOS - Component [4]uint8 - SmbCommand uint8 - NtStatus [4]uint8 - Flags uint8 - Flags2 [2]uint8 - ProcessId uint16 - Signature uint64 - Reserved uint16 - Tid uint16 - Pid uint16 - Uid uint16 - Mid uint16 - Wct uint8 - Bcc uint16 - Bf1 uint8 - Name1 [23]uint8 - Bf2 uint8 - Name2 [10]uint8 - Bf3 uint8 - Name3 [28]uint8 - Bf4 uint8 - Name4 [10]uint8 - Bf5 uint8 - Name5 [10]uint8 - Bf6 uint8 - Name6 [11]uint8 -} - -type SMBMatcher struct { - packets []*packet.Packet -} - -func NewSMBMatcher() *SMBMatcher { - - nbssMatcher := &SMBMatcher{} - - query := smb{} - query.NetBios.MsgType = 0x00 - query.NetBios.MsgLength[2] = 0x85 - - query.Component[0] = 0xff - query.Component[1] = 'S' - query.Component[2] = 'M' - query.Component[3] = 'B' - - query.SmbCommand = SMB_COM_NEGOTIATE - query.NtStatus[3] = SMB_SUCCESS - query.Flags = 0x18 - query.Flags2[0] = 0x53 - query.Flags2[1] = 0xC8 - - query.ProcessId = 0x00 - query.Signature = 0x00 - query.Reserved = 0 - query.Tid = 0 - query.Pid = 0xfeff - query.Uid = 0 - query.Mid = 0 - query.Wct = 0 - query.Bcc = 0x0062 - - query.Bf1 = 0x02 - copy(query.Name1[:], "PC NETWORK PROGRAM 1.0") - - query.Bf2 = 0x02 - copy(query.Name2[:], "LANMAN1.0") - - query.Bf3 = 0x02 - copy(query.Name3[:], "Windows for Workgroups 3.1a") - - query.Bf4 = 0x02 - copy(query.Name4[:], "LM1.2X002") - - query.Bf5 = 0x02 - copy(query.Name5[:], "LANMAN2.1") - - query.Bf6 = 0x02 - copy(query.Name6[:], "NT LM 0.12") - - writer := new(bytes.Buffer) - binary.Write(writer, binary.LittleEndian, query) - - nbssMatcher.packets = append(nbssMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len())) - - return nbssMatcher -} - -func (t *SMBMatcher) ServiceName() string { - return "SMB" -} - -func (t *SMBMatcher) PacketCount() int { - return len(t.packets) -} -func (t *SMBMatcher) Packet(index int) *packet.Packet { - return t.packets[index] -} - -func (t *SMBMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (t *SMBMatcher) HasResponse(index int) bool { - return false -} - -func (t *SMBMatcher) IsPrePacket() bool { - return false -} - -func (t *SMBMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - reader := new(bytes.Buffer) - reader.Write(packet.Buffer) - - s := smb{} - if err := binary.Read(reader, binary.BigEndian, &s); err != nil { - return false - } - - var des [4]byte - copy(des[1:], s.NetBios.MsgLength[:]) - packetLen := binary.BigEndian.Uint32(des[:]) - - if packetLen != uint32(packet.Len-4) { - return false - } - - if !strings.Contains(string(s.Component[:]), "SMB") { - return false - } - - return true - -} diff --git a/matcher/smtp/smtp.go b/matcher/smtp/smtp.go deleted file mode 100644 index 4189a75..0000000 --- a/matcher/smtp/smtp.go +++ /dev/null @@ -1,71 +0,0 @@ -package smtp - -import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" - "strings" -) - -type SmtpMatcher struct { - packets []*packet.Packet -} - -func NewSmtpMatcher() *SmtpMatcher { - - m := &SmtpMatcher{} - b := []byte("helo test\r\n") - m.packets = append(m.packets, packet.NewPacket(b, len(b))) - b = []byte("quit\r\n") - m.packets = append(m.packets, packet.NewPacket(b, len(b))) - return m -} - -func (t *SmtpMatcher) ServiceName() string { - return "SMTP" -} - -func (t *SmtpMatcher) PacketCount() int { - return len(t.packets) -} -func (t *SmtpMatcher) Packet(index int) *packet.Packet { - return t.packets[index] -} - -func (t *SmtpMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (t *SmtpMatcher) HasResponse(index int) bool { - return false -} - -func (t *SmtpMatcher) IsPrePacket() bool { - return true -} - -func (t *SmtpMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - if packet == nil { - return false - } - buf := string(packet.Buffer) - if len(buf) == 0 || len(buf) < 5 { - return false - } - - splits := strings.Split(buf, "\r\n") - splits = strings.Split(buf, " ") - if index == 0 { - if splits[0] == "220" { - return true - } - } else if index == 1 { - if splits[0] == "250" { - return true - } - } else if index == 2 { - if splits[0] == "221" { - return true - } - } - return false -} diff --git a/matcher/ssh/ssh.go b/matcher/ssh/ssh.go deleted file mode 100644 index 269bc43..0000000 --- a/matcher/ssh/ssh.go +++ /dev/null @@ -1,66 +0,0 @@ -package ssh - -import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" - "strings" -) - -type SSHMatcher struct { - sendPackets []*packet.Packet -} - -func (ssh *SSHMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - result := false - - if packet == nil || packet.Buffer == nil || packet.Len == 0 { - return result - } - - str := string(packet.Buffer) - - //fmt.Println(str) - temps := strings.Split(str, " ") - protocol := strings.Split(temps[0], "-") - //osType := temps[1] - - if 0 == strings.Compare(protocol[0], "SSH") { - majorVersion := protocol[1] - //fmt.Println(majorVersion) - if 0 == strings.Compare(majorVersion, "2.0") || 0 == strings.Compare(majorVersion, "1.0") { - result = true - } - } - - return result -} - -func (ssh *SSHMatcher) PacketCount() int { - return len(ssh.sendPackets) -} - -func (ssh *SSHMatcher) Packet(index int) *packet.Packet { - return ssh.sendPackets[index] -} - -func (ssh *SSHMatcher) ServiceName() string { - return "SSH" -} - -func (ssh *SSHMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (ssh *SSHMatcher) HasResponse(index int) bool { - return false -} - -func (ssh *SSHMatcher) IsPrePacket() bool { - return true -} - -func NewSSHMatcher() *SSHMatcher { - r := SSHMatcher{} - - return &r -} diff --git a/matcher/telnet/telnet.go b/matcher/telnet/telnet.go deleted file mode 100644 index 1756a1c..0000000 --- a/matcher/telnet/telnet.go +++ /dev/null @@ -1,79 +0,0 @@ -package telnet - -import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - DO = 0xfd - WONT = 0x4b - WILL = 0xfb - DONT = 0xfe - CMD = 0xff -) - -type TelnetMatcher struct { - sendPackets []*packet.Packet -} - -func (tel *TelnetMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - result := false - - if packet == nil || packet.Buffer == nil || packet.Len == 0 { - return result - } - - buf := make([]byte, 0, 0) - count := 0 - - for i := 0; i < len(packet.Buffer); i++ { - if packet.Buffer[i] > 0 { - buf = append(buf, packet.Buffer[i]) - } else if count > 2 { - break - } else { - count++ - } - } - - for idx := 0; idx < len(buf); idx += 3 { - if buf[idx] == CMD && (buf[idx+1] == DO || buf[idx+1] == WONT || buf[idx+1] == WILL || buf[idx+1] == DONT) { - result = true - } else { - result = false - } - } - - return result -} - -func (tel *TelnetMatcher) PacketCount() int { - return len(tel.sendPackets) -} - -func (tel *TelnetMatcher) Packet(index int) *packet.Packet { - return tel.sendPackets[index] -} - -func (tel *TelnetMatcher) ServiceName() string { - return "Telnet" -} - -func (tel *TelnetMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} - -func (tel *TelnetMatcher) HasResponse(index int) bool { - return false -} - -func (tel *TelnetMatcher) IsPrePacket() bool { - return true -} - -func NewTelnetMatcher() *TelnetMatcher { - r := TelnetMatcher{} - - return &r -} diff --git a/matcher/wmi/wmi.go b/matcher/wmi/wmi.go deleted file mode 100644 index 8b05be8..0000000 --- a/matcher/wmi/wmi.go +++ /dev/null @@ -1,250 +0,0 @@ -package wmi - -import ( - "bytes" - "encoding/binary" - "git.loafle.net/overflow/overflow_discovery/match/packet" - "git.loafle.net/overflow/overflow_discovery/model/scaninfo" -) - -const ( - PDU_BIND = 11 - PDU_BIND_ACK = 12 - PDU_REQ = 0 - PDU_RESP = 2 - - WMI_CALL_ID_1 = 0x95 - WMI_CALL_ID_2 = 0x96 -) - -type WMIMatcher struct { - sendPackets []*packet.Packet -} - -func (w *WMIMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - - if packet == nil { - return false - } - - buf := new(bytes.Buffer) - buf.Write(packet.Buffer) - - wmiRecv := DCERPC_DEFAULT{} - - binary.Read(buf, binary.LittleEndian, &wmiRecv) - - switch index { - case 0: - if wmiRecv.Call_id != WMI_CALL_ID_1 { - return false - } - - if wmiRecv.Ptype != PDU_BIND_ACK { - return false - } - - return true - case 1: - - if wmiRecv.Call_id != WMI_CALL_ID_2 { - return false - } - - if wmiRecv.Ptype != PDU_RESP { - return false - } - - return true - } - - return false -} - -func (w *WMIMatcher) PacketCount() int { - return len(w.sendPackets) -} -func (w *WMIMatcher) Packet(index int) *packet.Packet { - return w.sendPackets[index] -} -func (w *WMIMatcher) ServiceName() string { - return "WMI" -} - -func (w *WMIMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool { - return false -} -func (w *WMIMatcher) HasResponse(index int) bool { - - return false -} - -func (w *WMIMatcher) IsPrePacket() bool { - return false -} - -func NewWMIMatcher() *WMIMatcher { - - wm := WMIMatcher{} - - ds1 := DCERPC_DEFAULT{ - Rpc_ver: 5, - Rpc_ver_minor: 0, - Ptype: PDU_BIND, - Flags: 0x03, - Drep: 0x10, - Frag_len: 16 + 56, - Auth_len: 0, - Call_id: WMI_CALL_ID_1, - } - - ds2 := DCERPC_DEFAULT{ - Rpc_ver: 5, - Rpc_ver_minor: 0, - Ptype: PDU_REQ, - Flags: 0x03, - Drep: 0x10, - Frag_len: 16 + 8, - Auth_len: 0, - Call_id: WMI_CALL_ID_2, - } - - ioxidr := DCERPC_IOXIDResolver{ - MaxXmitFrag: 0x16d0, - MaxRecvFrag: 0x16d0, - - AssocGroup: 0, - NumCtxItem: 1, - - ContextId: 0, - NumTransItem: 1, - - //interfaces - - InterfaceVer: 0, - InterfaceVerMinor: 0, - - //transSyntax - - TransSyntaxVer: 2, - } - - ioxidr.Interfaces[0] = 0xc4 - ioxidr.Interfaces[1] = 0xfe - ioxidr.Interfaces[2] = 0xfc - ioxidr.Interfaces[3] = 0x99 - - ioxidr.Interfaces[4] = 0x60 - ioxidr.Interfaces[5] = 0x52 - - ioxidr.Interfaces[6] = 0x1b - ioxidr.Interfaces[7] = 0x10 - - ioxidr.Interfaces[8] = 0xbb - ioxidr.Interfaces[9] = 0xcb - - ioxidr.Interfaces[10] = 0x00 - ioxidr.Interfaces[11] = 0xaa - ioxidr.Interfaces[12] = 0x00 - ioxidr.Interfaces[13] = 0x21 - ioxidr.Interfaces[14] = 0x34 - ioxidr.Interfaces[15] = 0x7a - - ioxidr.TransSyntax[0] = 0x04 - ioxidr.TransSyntax[1] = 0x5d - ioxidr.TransSyntax[2] = 0x88 - ioxidr.TransSyntax[3] = 0x8a - - ioxidr.TransSyntax[4] = 0xeb - ioxidr.TransSyntax[5] = 0x1c - - ioxidr.TransSyntax[6] = 0xc9 - ioxidr.TransSyntax[7] = 0x11 - - ioxidr.TransSyntax[8] = 0x9f - ioxidr.TransSyntax[9] = 0xe8 - - ioxidr.TransSyntax[10] = 0x08 - ioxidr.TransSyntax[11] = 0x00 - ioxidr.TransSyntax[12] = 0x2b - ioxidr.TransSyntax[13] = 0x10 - ioxidr.TransSyntax[14] = 0x48 - ioxidr.TransSyntax[15] = 0x60 - - da := DCERPC_ALIVE{ - AllocHint: 0, - ContextId: 0, - OpNum: 3, - } - - buf1 := new(bytes.Buffer) - - binary.Write(buf1, binary.LittleEndian, ds1) - ds1Bytes := buf1.Bytes() - - buf2 := new(bytes.Buffer) - - binary.Write(buf2, binary.LittleEndian, ds2) - ds2Bytes := buf2.Bytes() - - buf3 := new(bytes.Buffer) - - binary.Write(buf3, binary.LittleEndian, ioxidr) - ioxidrBytes := buf3.Bytes() - - buf4 := new(bytes.Buffer) - - binary.Write(buf4, binary.LittleEndian, da) - daBytes := buf4.Bytes() - - firstByte := make([]byte, len(ds1Bytes)+len(ioxidrBytes)) - - copy(firstByte[0:], ds1Bytes) - copy(firstByte[len(ds1Bytes):], ioxidrBytes) - - secondByte := make([]byte, len(ds2Bytes)+len(daBytes)) - - copy(secondByte[0:], ds2Bytes) - copy(secondByte[len(ds2Bytes):], daBytes) - - wm.sendPackets = append(wm.sendPackets, packet.NewPacket(firstByte, len(ds1Bytes)+len(ioxidrBytes))) - wm.sendPackets = append(wm.sendPackets, packet.NewPacket(secondByte, len(ds2Bytes)+len(daBytes))) - - return &wm - -} - -type DCERPC_DEFAULT struct { - Rpc_ver uint8 - Rpc_ver_minor uint8 - Ptype uint8 - Flags uint8 - Drep uint32 - Frag_len uint16 - Auth_len uint16 - Call_id uint32 -} - -type DCERPC_ALIVE struct { - AllocHint uint32 - ContextId uint16 - OpNum uint16 -} - -type DCERPC_IOXIDResolver struct { - MaxXmitFrag uint16 - MaxRecvFrag uint16 - AssocGroup uint32 - NumCtxItem uint8 - UnknownCode [3]uint8 - - ContextId uint16 - NumTransItem uint8 - UnknownCode2 uint8 - - Interfaces [16]uint8 - InterfaceVer uint16 - InterfaceVerMinor uint16 - TransSyntax [16]uint8 - TransSyntaxVer uint32 -} diff --git a/service/match/activedirectory/activedirectory_test.go b/service/match/activedirectory/activedirectory_test.go new file mode 100644 index 0000000..083b546 --- /dev/null +++ b/service/match/activedirectory/activedirectory_test.go @@ -0,0 +1,79 @@ +package activedirectory + +import ( + "crypto/tls" + "net" + "testing" + "fmt" + "git.loafle.net/overflow/overflow_discovery/service/matcher" +) + +func TestADNor(t *testing.T) { + client, err := net.Dial("tcp", "192.168.1.15:389") + + if err != nil { + t.Log(err) + } + + defer client.Close() + + dDRun(client, t) +} + +func TestADTLS(t *testing.T) { + conn, err := tls.Dial( + "tcp", + "192.168.1.1:636", + &tls.Config{ + InsecureSkipVerify: true, + ServerName: "192.168.1.1", + }, + ) + + if err != nil { + t.Log(err) + return + } + + defer conn.Close() + + dDRun(conn, t) +} + +func dDRun(client net.Conn, t *testing.T) { + + lm := NewActiveDirectoryMatcher() + + //port := types.NewPort("389", types.NewHost("192.168.1.1"), types.TYPE_TCP) + // + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + // + //fmt.Println(ipport) + // + //fmt.Println(lm.PacketCount()) + + for ii := 0; ii < lm.PacketCount(); ii++ { + + pack := lm.Packet(ii) + + fmt.Println(pack) + + client.Write(pack.Buffer) + + bytes := make([]byte, 1024) + + read, _ := client.Read(bytes) + + fmt.Println(bytes) + + b := lm.Match(ii, matcher.NewPacket(bytes, read), nil) + + if b { + fmt.Println("Good") + } + + } + + +} diff --git a/service/match/cassandra/cassandra_test.go b/service/match/cassandra/cassandra_test.go new file mode 100644 index 0000000..7f71306 --- /dev/null +++ b/service/match/cassandra/cassandra_test.go @@ -0,0 +1,73 @@ +package cassandra + +import ( + "crypto/tls" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +func TestCassandra(t *testing.T) { + + m := NewCassandraMatcher() + + conn, err := net.Dial("tcp", "192.168.1.16:19042") + if err != nil { + t.Error(err) + return + } + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("Cassandra found") + return + } + + t.Error("Cassandra not found") + } + +} + +func TestCassandraTLS(t *testing.T) { + + m := NewCassandraMatcher() + + conn, err := tls.Dial( + "tcp", + "192.168.1.16:19042", + &tls.Config{ + InsecureSkipVerify: true, + ServerName: "192.168.1.16", + }, + ) + if err != nil { + t.Fatal(err) + } + + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("Cassandra found") + return + } + + t.Error("Cassandra not found") + } + +} diff --git a/service/match/dns/dns_test.go b/service/match/dns/dns_test.go new file mode 100644 index 0000000..0e869b0 --- /dev/null +++ b/service/match/dns/dns_test.go @@ -0,0 +1,33 @@ +package dns + +import ( + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +func TestDns(t *testing.T) { + m := NewDnsMatcher() + + conn, _ := net.Dial("udp", "168.126.63.1:53") + + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + if m.IsSend(53) != true { + t.Error("not port") + } + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("dns found") + return + } + + t.Error("dns not found") + } +} diff --git a/service/match/ftp/ftp_test.go b/service/match/ftp/ftp_test.go new file mode 100644 index 0000000..9a28a00 --- /dev/null +++ b/service/match/ftp/ftp_test.go @@ -0,0 +1,234 @@ +package ftp + +import ( + "fmt" + "testing" + "git.loafle.net/overflow/overflow_discovery/model/scaninfo" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + + "net" +) + +//type FTP struct { +// conn net.Conn +// addr string +// +// reader *bufio.Reader +// writer *bufio.Writer +//} +// +//func (ftp *FTP) Close() { +// ftp.conn.Close() +//} +// +//func Connect(addr string) (*FTP, error) { +// var err error +// var conn net.Conn +// +// if conn, err = net.Dial("tcp", addr); err != nil { +// return nil, err +// } +// +// writer := bufio.NewWriter(conn) +// reader := bufio.NewReader(conn) +// +// obj := &FTP{ +// conn:conn, +// addr:addr, +// reader:reader, +// writer:writer, +// } +// recv, _ := obj.receive() +// +// fmt.Println(recv) +// +// return obj, nil +// +//} +// +//func (ftp *FTP) receive() (string, error) { +// line, err := ftp.receiveLine() +// +// if err != nil { +// return line, err +// } +// +// fmt.Println("len : ", len(line)) +// fmt.Println("line[3] :", line[3]) +// // +// //if (len(line) >= 4) && (line[3] == '-') { +// // closingCode := line[:3] + " " +// // +// // for { +// // str, err := ftp.receiveLine() +// // fmt.Println("str pre: ", str) +// // line = line + str +// // fmt.Println("str after: ", line) +// // if err != nil { +// // return line, err +// // } +// // +// // if len(str) < 4 { +// // fmt.Println("Uncorrectly terminated response") +// // }else { +// // if str[:4] == closingCode { +// // break +// // } +// // } +// // } +// //} +// +// ftp.ReadAndDiscard() +// +// fmt.Println("receive line: ", line) +// return line, err +//} +// +//func (ftp *FTP) ReadAndDiscard() (int, error) { +// var i int +// bufferSize := ftp.reader.Buffered() +// +// for i = 0; i < bufferSize ; i++ { +// if _, err := ftp.reader.ReadByte(); err != nil { +// return i, err +// } +// } +// +// return i, nil +//} +// +//func (ftp *FTP) send(command string, arguments ...interface{}) error { +// +// command = fmt.Sprintf(command) +// command += "\r\n" +// +// if _, err := ftp.writer.WriteString(command); err != nil { +// return err +// } +// +// if err := ftp.writer.Flush(); err != nil { +// return err +// } +// +// return nil +//} +// +//func (ftp *FTP) cmd(expects string, command string, args ...interface{}) (line string, err error) { +// +// if err = ftp.send(command, args); err != nil { +// return +// } +// +// if line, err = ftp.receive(); err != nil { +// return +// } +// +// +// if !strings.HasPrefix(line, expects) { +// err = errors.New(line) +// return +// } +// +// return +//} +// +//func (ftp *FTP) receiveLine() (string, error) { +// line, err := ftp.reader.ReadString('\n') +// +// log.Printf("< %s", line) +// +// return line, err +//} +// +//func (ftp *FTP) Syst() (line string, err error) { +// if err := ftp.send("SYST"); err != nil { +// return "", err +// } +// +// if line, err = ftp.receive(); err != nil { +// return +// } +// +// if !strings.HasPrefix(line, "215") { +// err = errors.New(line) +// return +// } +// +// return strings.SplitN(strings.TrimSpace(line), " ", 2)[1], nil +//} + +//func TestFtp(t *testing.T) { +// var err error +// var ftp *FTP +// //var f *FTPMatcher +// +// if ftp, err = Connect("192.168.1.202:21"); err != nil { +// panic(err) +// } +// +// //f.Match(0, nil,nil) +// ftp.Syst() +// ftp.cmd("503","PASS ") +// ftp.cmd("221","QUIT") +// defer ftp.Close() +//} + +func TestMatchFTP(t *testing.T) { + ftm := NewFTPMatcher() + //fmt.Println(ftm) + //fmt.Println(ftm.sendPackets[0]) + + //log.LoadLogConfig("../../../../../../../../bin/log.xml") + //defer log.Flush() + + //port := types.NewPort("21", types.NewHost("192.168.1.202"), types.TYPE_TCP) + + info := scaninfo.NewScanInfoImpl("192.168.1.15","21") + // + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + // + //log.Debug(ipport) + + client, _ := net.Dial("tcp", "192.168.1.15:21") + + defer client.Close() + + //reader := bufio.NewReader(client) + //writer := bufio.NewWriter(client) + + fmt.Println(ftm.PacketCount()) + //fmt.Println(reader.ReadString('\n')) + + bytes := make([]byte, 512) + + le, _ := client.Read(bytes) + + fmt.Println(bytes) + + b := ftm.Match(0, matcher.NewPacket(bytes, le), nil) + + fmt.Println(b) + + for ii := 0; ii < ftm.PacketCount(); ii++ { + pack := ftm.Packet(ii) + + fmt.Println(pack) + + //writer.WriteString(pack) + client.Write(pack.Buffer) + //fmt.Println(reader.ReadString('\n')) + bytes := make([]byte, 512) + + l, _ := client.Read(bytes) + + //fmt.Println(bytes) + + b := ftm.Match(ii+1, matcher.NewPacket(bytes, l), info) + + fmt.Println(b) + + } + + fmt.Println("Service Name : ", ftm.ServiceName()) +} diff --git a/service/match/http/http_test.go b/service/match/http/http_test.go new file mode 100644 index 0000000..dc3ddd0 --- /dev/null +++ b/service/match/http/http_test.go @@ -0,0 +1,49 @@ +package http + +import ( + "fmt" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + //"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types" + "net" + "testing" +) + +func TestHTTPMatcher_Packet(t *testing.T) { + hm := NewHTTPMatcher() + fmt.Println(hm) + fmt.Println(hm.sendPackets[0]) + +} + +func TestHTTPMatcher_Match(t *testing.T) { + fmt.Println("Match") + + hm := NewHTTPMatcher() + + //port := types.NewPort("80", types.NewHost("192.168.1.103"), types.TYPE_TCP) + // + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + + //fmt.Println(ipport) + + client, _ := net.Dial("tcp", "192.168.1.15:38980") + + defer client.Close() + + pack := hm.Packet(0) + + //fmt.Println(pack) + + //writer.WriteString(pack) + client.Write(pack.Buffer) + + bytes := make([]byte, 512) + + l, _ := client.Read(bytes) + + //fmt.Println(bytes) + + hm.Match(0, matcher.NewPacket(bytes, l), nil) + +} diff --git a/service/match/http/https_test.go b/service/match/http/https_test.go new file mode 100644 index 0000000..2b07dd0 --- /dev/null +++ b/service/match/http/https_test.go @@ -0,0 +1,55 @@ +package http + +import ( + "crypto/tls" + "fmt" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "log" + "net" + "testing" + "time" +) + +func TestHTTPSMatcher_Match(t *testing.T) { + netinfo := "192.168.1.10:10443" + dialer := &net.Dialer{ + Timeout: 5 * time.Second, + } + + conn, err := tls.DialWithDialer( + dialer, + "tcp", + netinfo, + &tls.Config{ + InsecureSkipVerify: true, + ServerName: "192.168.1.103", + }, + ) + + if err != nil { + log.Println(err) + return + } + defer conn.Close() + + //fmt.Println(conn) + h := NewHTTPMatcher() + + pac := h.Packet(0) + + //fmt.Println(pac) + //fmt.Println(pac.Buffer) + + //bytes := make([]byte, 1024) + + l, _ := conn.Write(pac.Buffer) + + buf := make([]byte, 1024) + l, _ = conn.Read(buf) + + fmt.Println(string(buf)) + fmt.Println(l) + is := h.Match(0, matcher.NewPacket(buf, l), nil) + fmt.Println(is) + +} diff --git a/service/match/imap/imap_test.go b/service/match/imap/imap_test.go new file mode 100644 index 0000000..d47953b --- /dev/null +++ b/service/match/imap/imap_test.go @@ -0,0 +1,153 @@ +package imap + + +import ( + "crypto/tls" + "fmt" + //"git.loafle.net/overflow/overflow_discovery/collector/core/scan/port" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + //"git.loafle.net/overflow/overflow_discovery/collector/core/scan/service/matcher/scaninfo" + //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" + "net" + "testing" +) + +func ImapRun(client net.Conn, t *testing.T) { + + lm := NewIMAPMatcher() + + //port := types.NewPort("143", types.NewHost("192.168.1.215"), types.TYPE_TCP) + // + //scanInfo := types.NewServiceScanInfo(port) + // + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + // + //fmt.Println(ipport) + //client, _ := net.Dial("tcp", ipport) + + //defer client.Close() + + bytett := make([]byte, 1024) + + rr, _ := client.Read(bytett) + + bb := lm.Match(0, matcher.NewPacket(bytett, rr), nil) + + if bb { + t.Log("good!") + } + + fmt.Println(lm.PacketCount()) + + for ii := 0; ii < lm.PacketCount(); ii++ { + + pack := lm.Packet(ii) + + //fmt.Println(pack) + + client.Write(pack.Buffer) + + bytes := make([]byte, 1024) + + read, _ := client.Read(bytes) + + fmt.Println(cap(bytes)) + + //fmt.Println(bytes) + + b := lm.Match(ii+1, matcher.NewPacket(bytes, read), nil) + + if b { + t.Log("send Good!") + } + + } + + +} + +func TestIMapTls(t *testing.T) { + + conn, _ := tls.Dial( + "tcp", + "192.168.1.15:993", + &tls.Config{ + InsecureSkipVerify: true, + ServerName: "192.168.1.15", + }, + ) + + defer conn.Close() + + ImapRun(conn, t) + +} + +func TestIMapNormal(t *testing.T) { + + client, err := net.Dial("tcp", "192.168.1.15:143") + if err != nil { + t.Fatal(err) + } + + defer client.Close() + + ImapRun(client, t) + +} + +func TestImap(t *testing.T) { + + lm := NewIMAPMatcher() + + //port := types.NewPort("143", types.NewHost("192.168.1.215"), types.TYPE_TCP) + + //scanInfo := scaninfo.NewServiceScanInfo(port) + + var ipport string + //ipport = port.Host.Ip + ":" + port.Port_ + + fmt.Println(ipport) + client, _ := net.Dial("tcp", ipport) + + defer client.Close() + + bytett := make([]byte, 1024) + + rr, _ := client.Read(bytett) + + //bb := lm.Match(0, matcher.NewPacket(bytett, rr), scanInfo) + bb := lm.Match(0, matcher.NewPacket(bytett, rr), nil) + + if bb { + t.Log("good!") + } + + fmt.Println(lm.PacketCount()) + + for ii := 0; ii < lm.PacketCount(); ii++ { + + pack := lm.Packet(ii) + + //fmt.Println(pack) + + client.Write(pack.Buffer) + + bytes := make([]byte, 1024) + + read, _ := client.Read(bytes) + + fmt.Println(cap(bytes)) + + //fmt.Println(bytes) + + b := lm.Match(ii+1, matcher.NewPacket(bytes, read), nil) + + if b { + t.Log("send Good!") + } + + } + //t.Log(scanInfo) +} diff --git a/service/match/mongodb/mongodb_test.go b/service/match/mongodb/mongodb_test.go new file mode 100644 index 0000000..8958765 --- /dev/null +++ b/service/match/mongodb/mongodb_test.go @@ -0,0 +1,54 @@ +package mongodb + +import ( + "crypto/tls" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +func TestMongoNor(t *testing.T) { + + conn, _ := net.Dial("tcp", "192.168.1.16:37017") + + defer conn.Close() + + MongoRun(conn, t) + +} +func TestMongoTLS(t *testing.T) { + conn, _ := tls.Dial( + "tcp", + "192.168.1.16:47017", + &tls.Config{ + InsecureSkipVerify: true, + ServerName: "192.168.1.16", + }, + ) + + defer conn.Close() + + MongoRun(conn, t) +} + +func MongoRun(conn net.Conn, t *testing.T) { + + m := NewMongoDBMatcher() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("MongoDB found") + return + } + + t.Error("MongoDB not found") + } + +} diff --git a/service/match/mssql/mssql_test.go b/service/match/mssql/mssql_test.go new file mode 100644 index 0000000..214ca7a --- /dev/null +++ b/service/match/mssql/mssql_test.go @@ -0,0 +1,63 @@ +package mssql + +import ( + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +/* +192.168.1.106:1433 - normal +192.168.1.103:1433 - ssl +*/ +func TestSqlNor(t *testing.T) { + + conn, _ := net.Dial("tcp", "192.168.1.16:11433") + + defer conn.Close() + + sqlServerRun(conn, t) + +} + +//func TestSqlTLS(t *testing.T) { +// conn, err := tls.Dial( +// "tcp", +// "192.168.1.103:7680", +// &tls.Config{ +// InsecureSkipVerify: true, +// ServerName: "192.168.1.103", +// }, +// ) +// +// if err != nil { +// t.Log(err) +// return +// } +// +// defer conn.Close() +// +// sqlServerRun(conn, t) +//} + +func sqlServerRun(conn net.Conn, t *testing.T) { + + m := NewMSSqlMatcher() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log(m.ServiceName()) + return + } + + t.Error("MSSQL not found") + } + +} diff --git a/service/match/mysql/mysql_test.go b/service/match/mysql/mysql_test.go new file mode 100644 index 0000000..2f325d3 --- /dev/null +++ b/service/match/mysql/mysql_test.go @@ -0,0 +1,71 @@ +package mysql + + +import ( + "crypto/tls" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +func TestMySql(t *testing.T) { + + m := NewMySqlMatcher() + + /* + 192.168.1.103:3306 - normal + 192.168.1.105:8306 - ssl + 192.168.1.203:3306 - mysql with error code + */ + conn, _ := net.Dial("tcp", "192.168.1.15:33068") + + defer conn.Close() + + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(0, p, nil) { + t.Log(m.ServiceName()) + return + } + + t.Error("MySQL not found") + +} + +func TestCassandraTLS(t *testing.T) { + + m := NewMySqlMatcher() + + conn, err := tls.Dial( + "tcp", + "192.168.1.105:8306", + &tls.Config{ + InsecureSkipVerify: true, + ServerName: "192.168.1.105", + }, + ) + if err != nil { + t.Fatal(err) + } + + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log(m.ServiceName()) + return + } + + t.Error("MySQL not found") + } + +} diff --git a/service/match/netbios/netbios_test.go b/service/match/netbios/netbios_test.go new file mode 100644 index 0000000..44be41d --- /dev/null +++ b/service/match/netbios/netbios_test.go @@ -0,0 +1,34 @@ +package netbios + + +import ( + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +func TestNBSS(t *testing.T) { + + m := NewNetBiosMatcher() + + conn, _ := net.Dial("tcp", "192.168.1.106:139") + + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("NBSS found") + return + } + + t.Error("NBSS not found") + } + +} diff --git a/service/match/oracle/oracle_test.go b/service/match/oracle/oracle_test.go new file mode 100644 index 0000000..7556782 --- /dev/null +++ b/service/match/oracle/oracle_test.go @@ -0,0 +1,53 @@ +package oracle + + +import ( + + "git.loafle.net/overflow/overflow_discovery/service/matcher" + + + "net" + "testing" +) + +func TestOracle(t *testing.T) { + + lm := NewOracleMatcher() + + //port := types.NewPort("1521", types.NewHost("192.168.1.30"), types.TYPE_TCP) + //scanInfo := scaninfo.NewServiceScanInfo(port) + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + + + client, _ := net.Dial("tcp", "192.168.1.15:1521") + + defer client.Close() + + t.Log(lm.PacketCount()) + + for ii := 0; ii < lm.PacketCount(); ii++ { + + pack := lm.Packet(ii) + + t.Log(pack) + + client.Write(pack.Buffer) + + bytes := make([]byte, 1024) + + read, _ := client.Read(bytes) + + t.Log(bytes) + + b := lm.Match(ii, matcher.NewPacket(bytes, read), nil) + + if b { + t.Log("Good") + } + + } + + + +} diff --git a/service/match/pgsql/pgsql_test.go b/service/match/pgsql/pgsql_test.go new file mode 100644 index 0000000..70e30cd --- /dev/null +++ b/service/match/pgsql/pgsql_test.go @@ -0,0 +1,70 @@ +package pgsql + +import ( + "crypto/tls" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +func TestPG(t *testing.T) { + m := NewPostgreSQLMatcher() + + conn, err := net.Dial("tcp", "192.168.1.106:5432") //107 + if err != nil { + t.Error(err) + return + } + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("PostgreSQL found") + return + } + + t.Error("PostgreSQL not found") + } +} + +func TestSqlTLS(t *testing.T) { + conn, err := tls.Dial( + "tcp", + "192.168.1.107:5432", + &tls.Config{ + InsecureSkipVerify: true, + ServerName: "192.168.1.107", + }, + ) + + if err != nil { + t.Error(err) + return + } + + defer conn.Close() + + m := NewPostgreSQLMatcher() + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("PostgreSQL found") + return + } + + t.Error("PostgreSQL not found") + } +} diff --git a/service/match/pop/pop_test.go b/service/match/pop/pop_test.go new file mode 100644 index 0000000..fbc9850 --- /dev/null +++ b/service/match/pop/pop_test.go @@ -0,0 +1,86 @@ +package pop + + +import ( + "crypto/tls" + "fmt" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + + + "net" + "testing" +) + +func TestPopTLS(t *testing.T) { + conn, _ := tls.Dial( + "tcp", + "192.168.1.15:995", + &tls.Config{ + InsecureSkipVerify: true, + ServerName: "192.168.1.15", + }, + ) + + defer conn.Close() + + pop3Run(conn, t) +} + +func TestPopNor(t *testing.T) { + + client, _ := net.Dial("tcp", "192.168.1.15:110") + + defer client.Close() + + pop3Run(client, t) + +} + +func pop3Run(client net.Conn, t *testing.T) { + + lm := NewPOPMatcher() + + //port := types.NewPort("110", types.NewHost("192.168.1.215"), types.TYPE_TCP) + //scanInfo := scaninfo.NewServiceScanInfo(port) + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + // + //fmt.Println(ipport) + + bytett := make([]byte, 1024) + + read, _ := client.Read(bytett) + + bb := lm.Match(0, matcher.NewPacket(bytett, read), nil) + + if bb { + t.Log("good!") + } + + fmt.Println(lm.PacketCount()) + + for ii := 0; ii < lm.PacketCount(); ii++ { + + pack := lm.Packet(ii) + + //fmt.Println(pack) + + client.Write(pack.Buffer) + + bytes := make([]byte, 1024) + + rr, _ := client.Read(bytes) + + //fmt.Println(bytes) + + b := lm.Match(ii+1, matcher.NewPacket(bytes, rr), nil) + + if b { + t.Log("send Good!") + } + + } + + + +} diff --git a/service/match/redis/redisProtected_test.go b/service/match/redis/redisProtected_test.go new file mode 100644 index 0000000..8f4e78e --- /dev/null +++ b/service/match/redis/redisProtected_test.go @@ -0,0 +1,33 @@ +package redis + +//import ( +// "git.loafle.net/overflow/overflow_discovery/collector/core/scan/service/matcher/packet" +// "net" +// "testing" +//) +// +//func TestRedisProtected(t *testing.T) { +// +// m := NewRedisProtectedMatcher() +// +// conn, err := net.Dial("tcp", "192.168.1.215:8379") +// +// if err != nil { +// t.Log(err) +// return +// } +// +// defer conn.Close() +// +// bytes := make([]byte, 1024) +// n, _ := conn.Read(bytes) +// +// //fmt.Println(string(bytes[:n])) +// +// b := m.Match(0, matcher.NewPacket(bytes, n), nil) +// +// if b { +// t.Log("good!") +// } +// +//} diff --git a/service/match/redis/redis_test.go b/service/match/redis/redis_test.go new file mode 100644 index 0000000..f0d2e9d --- /dev/null +++ b/service/match/redis/redis_test.go @@ -0,0 +1,37 @@ +package redis + +import ( + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +const ( + ADDR string = "192.168.1.16:26379" +) + +func TestRedisMatcher(t *testing.T) { + + m := NewRedisMatcher() + + conn, _ := net.Dial("tcp", ADDR) + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("Redis found.") + return + } + + t.Error("Redis not found") + } + +} diff --git a/service/match/rmi/rmi_test.go b/service/match/rmi/rmi_test.go new file mode 100644 index 0000000..f579c8c --- /dev/null +++ b/service/match/rmi/rmi_test.go @@ -0,0 +1,52 @@ +package rmi + +import ( + "fmt" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + //"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types" + "net" + "testing" +) + +func TestNew(t *testing.T) { + r := NewRMIMatcher() + fmt.Println("TestNew: ", r) +} +func TestRMIMatcher_Match(t *testing.T) { + + fmt.Println("Match") + + hm := NewRMIMatcher() + + //port := types.NewPort("9840", types.NewHost("192.168.1.101"), types.TYPE_TCP) + // + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + + //fmt.Println(ipport) + + client, err := net.Dial("tcp", "192.168.1.101:9840") + + if err != nil { + t.Fatal(err) + } + + defer client.Close() + + pack := hm.Packet(0) + + fmt.Println(pack.Buffer) + + //writer.WriteString(pack) + client.Write(pack.Buffer) + + bytes := make([]byte, 512) + + l, _ := client.Read(bytes) + + //fmt.Println(bytes) + + t1 := hm.Match(0, matcher.NewPacket(bytes, l), nil) + + fmt.Println(t1) +} diff --git a/service/match/smb/smb_test.go b/service/match/smb/smb_test.go new file mode 100644 index 0000000..58ff870 --- /dev/null +++ b/service/match/smb/smb_test.go @@ -0,0 +1,42 @@ +package smb + +import ( + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +const ( + ADDR string = "192.168.1.106:445" +) + +func TestSMBMatcher(t *testing.T) { + + m := NewSMBMatcher() + + conn, err := net.Dial("tcp", ADDR) + + if err != nil { + t.Fatal(err) + } + + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("SMB found.") + return + } + + t.Error("SMB not found") + } + +} diff --git a/service/match/snmp/snmpv2_test.go b/service/match/snmp/snmpv2_test.go new file mode 100644 index 0000000..00742a7 --- /dev/null +++ b/service/match/snmp/snmpv2_test.go @@ -0,0 +1,37 @@ +package snmp + + +import ( + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +func TestSNMP2(t *testing.T) { + + m := NewSNMPv2Matcher() + + conn, err := net.Dial("udp", "192.168.1.15:161") + if err != nil { + t.Error(err) + return + } + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("SNMP found") + return + } + + t.Error("SNMP not found") + } + +} diff --git a/service/match/snmp/snmpv3_test.go b/service/match/snmp/snmpv3_test.go new file mode 100644 index 0000000..0f7f545 --- /dev/null +++ b/service/match/snmp/snmpv3_test.go @@ -0,0 +1,37 @@ +package snmp + + +import ( + "git.loafle.net/overflow/overflow_discovery/service/matcher" + "net" + "testing" +) + +func TestSNMP3(t *testing.T) { + + m := NewSNMPv3Matcher() + + conn, err := net.Dial("udp", "192.168.1.15:161") + if err != nil { + t.Error(err) + return + } + defer conn.Close() + + for i := 0; i < m.PacketCount(); i++ { + + pack := m.Packet(i) + conn.Write(pack.Buffer) + bytes := make([]byte, 1024) + n, _ := conn.Read(bytes) + p := matcher.NewPacket(bytes, n) + + if m.Match(i, p, nil) { + t.Log("SNMP found") + return + } + + t.Error("SNMP not found") + } + +} diff --git a/service/match/ssh/ssh_test.go b/service/match/ssh/ssh_test.go new file mode 100644 index 0000000..5fd72fc --- /dev/null +++ b/service/match/ssh/ssh_test.go @@ -0,0 +1,35 @@ +package ssh + +import ( + "fmt" + //"git.loafle.net/overflow/overflow_discovery/match/ssh" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" + "net" + "testing" + +) + +func TestSSHMatcher_Match(t *testing.T) { + + //port := types.NewPort("22", types.NewHost("192.168.1.103"), types.TYPE_TCP) + //ssh := NewSSHMatcher() + // + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + + client, _ := net.Dial("tcp", "192.168.1.10:22") + + defer client.Close() + + bytes := make([]byte, 512) + + l, _ := client.Read(bytes) + + fmt.Println(bytes) + + b := NewSSHMatcher().Match(0, matcher.NewPacket(bytes, l), nil) + + fmt.Println(b) + +} diff --git a/service/match/telnet/telnet_test.go b/service/match/telnet/telnet_test.go new file mode 100644 index 0000000..d7ca223 --- /dev/null +++ b/service/match/telnet/telnet_test.go @@ -0,0 +1,33 @@ +package telnet + +import ( + "fmt" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + + "net" + "testing" +) + +func TestTelnetMatcher_Match(t *testing.T) { + + //port := types.NewPort("23", types.NewHost("192.168.1.210"), types.TYPE_TCP) + //telnet := NewTelnetMatcher() + // + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + + client, _ := net.Dial("tcp", "192.168.1.105:23") + + defer client.Close() + + bytes := make([]byte, 512) + + l, _ := client.Read(bytes) + + fmt.Println("length :", l) + fmt.Println(bytes) + + b := NewTelnetMatcher().Match(0, matcher.NewPacket(bytes, l), nil) + + fmt.Println(b) +} diff --git a/service/match/wmi/wmi_test.go b/service/match/wmi/wmi_test.go new file mode 100644 index 0000000..ecadd53 --- /dev/null +++ b/service/match/wmi/wmi_test.go @@ -0,0 +1,51 @@ +package wmi + +import ( + "fmt" + "git.loafle.net/overflow/overflow_discovery/service/matcher" + //"git.loafle.net/overflow/overflow_discovery/collector/discovery/scan/matcher/scaninfo" + //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" + "net" + "testing" +) + +func TestWMI(t *testing.T) { + + lm := NewWMIMatcher() + + //port := types.NewPort("135", types.NewHost("192.168.1.1"), types.TYPE_TCP) + //scanInfo := scaninfo.NewServiceScanInfo(port) + //var ipport string + //ipport = port.Host.Ip + ":" + string(port.Port) + + //fmt.Println(ipport) + client, _ := net.Dial("tcp", "192.168.1.106:135") + + defer client.Close() + + fmt.Println(lm.PacketCount()) + + for ii := 0; ii < lm.PacketCount(); ii++ { + + pack := lm.Packet(ii) + + fmt.Println(pack) + + client.Write(pack.Buffer) + + bytes := make([]byte, 1024) + + read, _ := client.Read(bytes) + + //fmt.Println(bytes) + + b := lm.Match(ii, matcher.NewPacket(bytes, read), nil) + + if b { + fmt.Println("Good") + } + + } + + +} diff --git a/service/matcher/oracle/oracle_test.go b/service/matcher/oracle/oracle_test.go index afa1079..7556782 100644 --- a/service/matcher/oracle/oracle_test.go +++ b/service/matcher/oracle/oracle_test.go @@ -3,7 +3,7 @@ package oracle import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" @@ -40,7 +40,7 @@ func TestOracle(t *testing.T) { t.Log(bytes) - b := lm.Match(ii, packet.NewPacket(bytes, read), nil) + b := lm.Match(ii, matcher.NewPacket(bytes, read), nil) if b { t.Log("Good") diff --git a/service/matcher/pgsql/pgsql_test.go b/service/matcher/pgsql/pgsql_test.go index 7d69550..70e30cd 100644 --- a/service/matcher/pgsql/pgsql_test.go +++ b/service/matcher/pgsql/pgsql_test.go @@ -2,7 +2,7 @@ package pgsql import ( "crypto/tls" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" ) @@ -23,7 +23,7 @@ func TestPG(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("PostgreSQL found") @@ -58,7 +58,7 @@ func TestSqlTLS(t *testing.T) { conn.Write(pack.Buffer) bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) if m.Match(i, p, nil) { t.Log("PostgreSQL found") diff --git a/service/matcher/pop/pop_test.go b/service/matcher/pop/pop_test.go index ecf4291..fbc9850 100644 --- a/service/matcher/pop/pop_test.go +++ b/service/matcher/pop/pop_test.go @@ -4,7 +4,7 @@ package pop import ( "crypto/tls" "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" @@ -51,7 +51,7 @@ func pop3Run(client net.Conn, t *testing.T) { read, _ := client.Read(bytett) - bb := lm.Match(0, packet.NewPacket(bytett, read), nil) + bb := lm.Match(0, matcher.NewPacket(bytett, read), nil) if bb { t.Log("good!") @@ -73,7 +73,7 @@ func pop3Run(client net.Conn, t *testing.T) { //fmt.Println(bytes) - b := lm.Match(ii+1, packet.NewPacket(bytes, rr), nil) + b := lm.Match(ii+1, matcher.NewPacket(bytes, rr), nil) if b { t.Log("send Good!") diff --git a/service/matcher/redis/redis_test.go b/service/matcher/redis/redis_test.go index d83266a..484e3b7 100644 --- a/service/matcher/redis/redis_test.go +++ b/service/matcher/redis/redis_test.go @@ -1,9 +1,10 @@ package redis import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" "net" "testing" + + "git.loafle.net/overflow/overflow_discovery/service/matcher" ) const ( @@ -12,7 +13,7 @@ const ( func TestRedisMatcher(t *testing.T) { - m := NewRedisMatcher() + m := NewMatcher() conn, _ := net.Dial("tcp", ADDR) defer conn.Close() @@ -24,9 +25,9 @@ func TestRedisMatcher(t *testing.T) { bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) - if m.Match(i, p, nil) { + if m.Match(nil, i, p) { t.Log("Redis found.") return } diff --git a/service/matcher/rmi/rmi_test.go b/service/matcher/rmi/rmi_test.go index db560aa..f579c8c 100644 --- a/service/matcher/rmi/rmi_test.go +++ b/service/matcher/rmi/rmi_test.go @@ -2,7 +2,7 @@ package rmi import ( "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" //"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types" "net" "testing" @@ -46,7 +46,7 @@ func TestRMIMatcher_Match(t *testing.T) { //fmt.Println(bytes) - t1 := hm.Match(0, packet.NewPacket(bytes, l), nil) + t1 := hm.Match(0, matcher.NewPacket(bytes, l), nil) fmt.Println(t1) } diff --git a/service/matcher/smb/smb_test.go b/service/matcher/smb/smb_test.go index f215b12..4e26414 100644 --- a/service/matcher/smb/smb_test.go +++ b/service/matcher/smb/smb_test.go @@ -1,9 +1,10 @@ package smb import ( - "git.loafle.net/overflow/overflow_discovery/match/packet" "net" "testing" + + "git.loafle.net/overflow/overflow_discovery/service/matcher" ) const ( @@ -12,7 +13,7 @@ const ( func TestSMBMatcher(t *testing.T) { - m := NewSMBMatcher() + m := NewMatcher() conn, err := net.Dial("tcp", ADDR) @@ -29,9 +30,9 @@ func TestSMBMatcher(t *testing.T) { bytes := make([]byte, 1024) n, _ := conn.Read(bytes) - p := packet.NewPacket(bytes, n) + p := matcher.NewPacket(bytes, n) - if m.Match(i, p, nil) { + if m.Match(nil, i, p) { t.Log("SMB found.") return } diff --git a/service/matcher/ssh/ssh_test.go b/service/matcher/ssh/ssh_test.go index d02e788..5fd72fc 100644 --- a/service/matcher/ssh/ssh_test.go +++ b/service/matcher/ssh/ssh_test.go @@ -3,7 +3,7 @@ package ssh import ( "fmt" //"git.loafle.net/overflow/overflow_discovery/match/ssh" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" "net" "testing" @@ -28,7 +28,7 @@ func TestSSHMatcher_Match(t *testing.T) { fmt.Println(bytes) - b := NewSSHMatcher().Match(0, packet.NewPacket(bytes, l), nil) + b := NewSSHMatcher().Match(0, matcher.NewPacket(bytes, l), nil) fmt.Println(b) diff --git a/service/matcher/telnet/telnet_test.go b/service/matcher/telnet/telnet_test.go index bca53fc..d7ca223 100644 --- a/service/matcher/telnet/telnet_test.go +++ b/service/matcher/telnet/telnet_test.go @@ -2,7 +2,7 @@ package telnet import ( "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" "net" "testing" @@ -27,7 +27,7 @@ func TestTelnetMatcher_Match(t *testing.T) { fmt.Println("length :", l) fmt.Println(bytes) - b := NewTelnetMatcher().Match(0, packet.NewPacket(bytes, l), nil) + b := NewTelnetMatcher().Match(0, matcher.NewPacket(bytes, l), nil) fmt.Println(b) } diff --git a/service/matcher/wmi/wmi_test.go b/service/matcher/wmi/wmi_test.go index bbeff29..ecadd53 100644 --- a/service/matcher/wmi/wmi_test.go +++ b/service/matcher/wmi/wmi_test.go @@ -2,7 +2,7 @@ package wmi import ( "fmt" - "git.loafle.net/overflow/overflow_discovery/match/packet" + "git.loafle.net/overflow/overflow_discovery/service/matcher" //"git.loafle.net/overflow/overflow_discovery/collector/discovery/scan/matcher/scaninfo" //"git.loafle.net/overflow/overflow_discovery/collector/discovery/types" "net" @@ -39,7 +39,7 @@ func TestWMI(t *testing.T) { //fmt.Println(bytes) - b := lm.Match(ii, packet.NewPacket(bytes, read), nil) + b := lm.Match(ii, matcher.NewPacket(bytes, read), nil) if b { fmt.Println("Good")