overflow_backup_2018_0455/overflow_discovery
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ing

Browse Source
This commit is contained in:
crusader 2017-11-21 21:52:45 +09:00
parent 3dd6cb79ca
commit 46be2aa395
75 changed files with 1576 additions and 2702 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
matcher/activedirectory/activedirectory_test.go → discovery/service/match/activedirectory/activedirectory_test.go
View File

@ -5,7 +5,7 @@ import (
"net"
"testing"
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
)
func TestADNor(t *testing.T) {
@ -67,7 +67,7 @@ func dDRun(client net.Conn, t *testing.T) {
fmt.Println(bytes)
b := lm.Match(ii, packet.NewPacket(bytes, read), nil)
b := lm.Match(ii, matcher.NewPacket(bytes, read), nil)
if b {
fmt.Println("Good")

6
matcher/cassandra/cassandra_test.go → discovery/service/match/cassandra/cassandra_test.go
View File

@ -2,7 +2,7 @@ package cassandra
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -24,7 +24,7 @@ func TestCassandra(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("Cassandra found")
@ -60,7 +60,7 @@ func TestCassandraTLS(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("Cassandra found")

4
matcher/dns/dns_test.go → discovery/service/match/dns/dns_test.go
View File

@ -1,7 +1,7 @@
package dns
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -21,7 +21,7 @@ func TestDns(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("dns found")

6
matcher/ftp/ftp_test.go → discovery/service/match/ftp/ftp_test.go
View File

@ -4,7 +4,7 @@ import (
"fmt"
"testing"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
)
@ -206,7 +206,7 @@ func TestMatchFTP(t *testing.T) {
fmt.Println(bytes)
b := ftm.Match(0, packet.NewPacket(bytes, le), nil)
b := ftm.Match(0, matcher.NewPacket(bytes, le), nil)
fmt.Println(b)
@ -224,7 +224,7 @@ func TestMatchFTP(t *testing.T) {
//fmt.Println(bytes)
b := ftm.Match(ii+1, packet.NewPacket(bytes, l), info)
b := ftm.Match(ii+1, matcher.NewPacket(bytes, l), info)
fmt.Println(b)

4
matcher/http/http_test.go → discovery/service/match/http/http_test.go
View File

@ -2,7 +2,7 @@ package http
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types"
"net"
"testing"
@ -44,6 +44,6 @@ func TestHTTPMatcher_Match(t *testing.T) {
//fmt.Println(bytes)
hm.Match(0, packet.NewPacket(bytes, l), nil)
hm.Match(0, matcher.NewPacket(bytes, l), nil)
}

4
matcher/http/https_test.go → discovery/service/match/http/https_test.go
View File

@ -3,7 +3,7 @@ package http
import (
"crypto/tls"
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"log"
"net"
"testing"
@ -49,7 +49,7 @@ func TestHTTPSMatcher_Match(t *testing.T) {
fmt.Println(string(buf))
fmt.Println(l)
is := h.Match(0, packet.NewPacket(buf, l), nil)
is := h.Match(0, matcher.NewPacket(buf, l), nil)
fmt.Println(is)
}

12
matcher/imap/imap_test.go → discovery/service/match/imap/imap_test.go
View File

@ -5,7 +5,7 @@ import (
"crypto/tls"
"fmt"
//"git.loafle.net/overflow/overflow_discovery/collector/core/scan/port"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/collector/core/scan/service/matcher/scaninfo"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
@ -32,7 +32,7 @@ func ImapRun(client net.Conn, t *testing.T) {
rr, _ := client.Read(bytett)
bb := lm.Match(0, packet.NewPacket(bytett, rr), nil)
bb := lm.Match(0, matcher.NewPacket(bytett, rr), nil)
if bb {
t.Log("good!")
@ -56,7 +56,7 @@ func ImapRun(client net.Conn, t *testing.T) {
//fmt.Println(bytes)
b := lm.Match(ii+1, packet.NewPacket(bytes, read), nil)
b := lm.Match(ii+1, matcher.NewPacket(bytes, read), nil)
if b {
t.Log("send Good!")
@ -117,8 +117,8 @@ func TestImap(t *testing.T) {
rr, _ := client.Read(bytett)
//bb := lm.Match(0, packet.NewPacket(bytett, rr), scanInfo)
bb := lm.Match(0, packet.NewPacket(bytett, rr), nil)
//bb := lm.Match(0, matcher.NewPacket(bytett, rr), scanInfo)
bb := lm.Match(0, matcher.NewPacket(bytett, rr), nil)
if bb {
t.Log("good!")
@ -142,7 +142,7 @@ func TestImap(t *testing.T) {
//fmt.Println(bytes)
b := lm.Match(ii+1, packet.NewPacket(bytes, read), nil)
b := lm.Match(ii+1, matcher.NewPacket(bytes, read), nil)
if b {
t.Log("send Good!")

4
matcher/mongodb/mongodb_test.go → discovery/service/match/mongodb/mongodb_test.go
View File

@ -2,7 +2,7 @@ package mongodb
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -41,7 +41,7 @@ func MongoRun(conn net.Conn, t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("MongoDB found")

4
matcher/mssql/mssql_test.go → discovery/service/match/mssql/mssql_test.go
View File

@ -1,7 +1,7 @@
package mssql
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -50,7 +50,7 @@ func sqlServerRun(conn net.Conn, t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log(m.ServiceName())

6
matcher/mysql/mysql_test.go → discovery/service/match/mysql/mysql_test.go
View File

@ -3,7 +3,7 @@ package mysql
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -23,7 +23,7 @@ func TestMySql(t *testing.T) {
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(0, p, nil) {
t.Log(m.ServiceName())
@ -58,7 +58,7 @@ func TestCassandraTLS(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log(m.ServiceName())

4
matcher/netbios/netbios_test.go → discovery/service/match/netbios/netbios_test.go
View File

@ -2,7 +2,7 @@ package netbios
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -21,7 +21,7 @@ func TestNBSS(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("NBSS found")

4
matcher/oracle/oracle_test.go → discovery/service/match/oracle/oracle_test.go
View File

@ -3,7 +3,7 @@ package oracle
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
@ -40,7 +40,7 @@ func TestOracle(t *testing.T) {
t.Log(bytes)
b := lm.Match(ii, packet.NewPacket(bytes, read), nil)
b := lm.Match(ii, matcher.NewPacket(bytes, read), nil)
if b {
t.Log("Good")

6
matcher/pgsql/pgsql_test.go → discovery/service/match/pgsql/pgsql_test.go
View File

@ -2,7 +2,7 @@ package pgsql
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -23,7 +23,7 @@ func TestPG(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("PostgreSQL found")
@ -58,7 +58,7 @@ func TestSqlTLS(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("PostgreSQL found")

6
matcher/pop/pop_test.go → discovery/service/match/pop/pop_test.go
View File

@ -4,7 +4,7 @@ package pop
import (
"crypto/tls"
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
@ -51,7 +51,7 @@ func pop3Run(client net.Conn, t *testing.T) {
read, _ := client.Read(bytett)
bb := lm.Match(0, packet.NewPacket(bytett, read), nil)
bb := lm.Match(0, matcher.NewPacket(bytett, read), nil)
if bb {
t.Log("good!")
@ -73,7 +73,7 @@ func pop3Run(client net.Conn, t *testing.T) {
//fmt.Println(bytes)
b := lm.Match(ii+1, packet.NewPacket(bytes, rr), nil)
b := lm.Match(ii+1, matcher.NewPacket(bytes, rr), nil)
if b {
t.Log("send Good!")

33
discovery/service/match/redis/redisProtected_test.go Normal file
View File

@ -0,0 +1,33 @@
package redis
//import (
// "git.loafle.net/overflow/overflow_discovery/collector/core/scan/service/matcher/packet"
// "net"
// "testing"
//)
//
//func TestRedisProtected(t *testing.T) {
//
// m := NewRedisProtectedMatcher()
//
// conn, err := net.Dial("tcp", "192.168.1.215:8379")
//
// if err != nil {
// t.Log(err)
// return
// }
//
// defer conn.Close()
//
// bytes := make([]byte, 1024)
// n, _ := conn.Read(bytes)
//
// //fmt.Println(string(bytes[:n]))
//
// b := m.Match(0, matcher.NewPacket(bytes, n), nil)
//
// if b {
// t.Log("good!")
// }
//
//}

4
matcher/redis/redis_test.go → discovery/service/match/redis/redis_test.go
View File

@ -1,7 +1,7 @@
package redis
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -24,7 +24,7 @@ func TestRedisMatcher(t *testing.T) {
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("Redis found.")

4
matcher/rmi/rmi_test.go → discovery/service/match/rmi/rmi_test.go
View File

@ -2,7 +2,7 @@ package rmi
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types"
"net"
"testing"
@ -46,7 +46,7 @@ func TestRMIMatcher_Match(t *testing.T) {
//fmt.Println(bytes)
t1 := hm.Match(0, packet.NewPacket(bytes, l), nil)
t1 := hm.Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(t1)
}

4
matcher/smb/smb_test.go → discovery/service/match/smb/smb_test.go
View File

@ -1,7 +1,7 @@
package smb
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -29,7 +29,7 @@ func TestSMBMatcher(t *testing.T) {
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("SMB found.")

4
matcher/snmp/snmpv2_test.go → discovery/service/match/snmp/snmpv2_test.go
View File

@ -2,7 +2,7 @@ package snmp
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -24,7 +24,7 @@ func TestSNMP2(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("SNMP found")

4
matcher/snmp/snmpv3_test.go → discovery/service/match/snmp/snmpv3_test.go
View File

@ -2,7 +2,7 @@ package snmp
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -24,7 +24,7 @@ func TestSNMP3(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("SNMP found")

4
matcher/ssh/ssh_test.go → discovery/service/match/ssh/ssh_test.go
View File

@ -3,7 +3,7 @@ package ssh
import (
"fmt"
//"git.loafle.net/overflow/overflow_discovery/match/ssh"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
"testing"
@ -28,7 +28,7 @@ func TestSSHMatcher_Match(t *testing.T) {
fmt.Println(bytes)
b := NewSSHMatcher().Match(0, packet.NewPacket(bytes, l), nil)
b := NewSSHMatcher().Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(b)

4
matcher/telnet/telnet_test.go → discovery/service/match/telnet/telnet_test.go
View File

@ -2,7 +2,7 @@ package telnet
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
@ -27,7 +27,7 @@ func TestTelnetMatcher_Match(t *testing.T) {
fmt.Println("length :", l)
fmt.Println(bytes)
b := NewTelnetMatcher().Match(0, packet.NewPacket(bytes, l), nil)
b := NewTelnetMatcher().Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(b)
}

4
matcher/wmi/wmi_test.go → discovery/service/match/wmi/wmi_test.go
View File

@ -2,7 +2,7 @@ package wmi
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/scan/matcher/scaninfo"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
@ -39,7 +39,7 @@ func TestWMI(t *testing.T) {
//fmt.Println(bytes)
b := lm.Match(ii, packet.NewPacket(bytes, read), nil)
b := lm.Match(ii, matcher.NewPacket(bytes, read), nil)
if b {
fmt.Println("Good")

190
matcher/dhcp/dhcp.go
View File

@ -1,190 +0,0 @@
package dhcp
import (
"bytes"
"encoding/binary"
"fmt"
log "github.com/cihub/seelog"
//"git.loafle.net/overflow/overflow_discovery/match"
"net"
"time"
"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types"
)
const (
MAGIC_COOKIE uint32 = 0x63825363
OPT_CODE_SERVER_IDENTIFIER uint8 = 54
OPT_CODE_SUBNET_MASK uint8 = 1
OPT_CODE_ROUTER uint8 = 3
OPT_CODE_DNS uint8 = 6
)
type dhcpDiscover struct {
MsgType byte
HwType byte
HwAddrLen byte
Hops byte
Xid uint32
Secs uint16
BootpFlags uint16
ClientIp uint32
YourIp uint32
NextServerIp uint32
RelayAgentIp uint32
ClientMacAddr [6]byte
ClientHwAddrPadding [10]byte
ServerHostName [64]byte
BootFileName [128]byte
MagicCookie uint32
Mtype byte
MtypeLen byte
MtypeVal byte
Opts [200]byte
End byte
Padding [16]byte
}
func DiscoverDHCP(zone *types.DiscoveryZone) {
err := sendDHCPDiscovery()
if err != nil {
log.Error(err)
return
}
recvDHCPOffer(zone)
}
func sendDHCPDiscovery() error {
dhcp := dhcpDiscover{
MsgType: 0x01,
HwType: 0x01,
HwAddrLen: 0x06,
Hops: 0x00,
Xid: 0x00000000,
Secs: 0x0000,
ClientIp: 0x00000000,
YourIp: 0x00000000,
NextServerIp: 0x00000000,
RelayAgentIp: 0x00000000,
MagicCookie: MAGIC_COOKIE,
Mtype: 0x35,
MtypeLen: 0x01,
MtypeVal: 0x01,
End: 0xff,
}
var flag uint16 = 0
dhcp.BootpFlags = ^flag // flag = unicast , ^flag = broadcast
//TODO : getting mac addr from zone
//dhcp.ClientMacAddr[0] = 0x50
//dhcp.ClientMacAddr[1] = 0xe5
//dhcp.ClientMacAddr[2] = 0x49
//dhcp.ClientMacAddr[3] = 0x46
//dhcp.ClientMacAddr[4] = 0x93
//dhcp.ClientMacAddr[5] = 0x28
writer := new(bytes.Buffer)
binary.Write(writer, binary.BigEndian, dhcp)
conn, err := net.Dial("udp", "255.255.255.255:67")
if err != nil {
return err
}
conn.Write(writer.Bytes())
defer conn.Close()
return nil
}
func recvDHCPOffer(zone *types.DiscoveryZone) {
socket, err := net.ListenUDP("udp4", &net.UDPAddr{
IP: net.IPv4(255, 255, 255, 255),
Port: 68,
})
if err != nil {
log.Error(err)
return
}
err = socket.SetDeadline(time.Now().Add(3 * time.Second))
if err != nil {
log.Error(err)
return
}
buf := make([]byte, 4096)
n, _, err := socket.ReadFromUDP(buf)
if err != nil {
log.Error(err)
return
}
if n <= 0 {
log.Error("No DHCP offer.")
return
}
offer := dhcpDiscover{}
reader := new(bytes.Buffer)
reader.Write(buf)
if err := binary.Read(reader, binary.BigEndian, &offer); err != nil {
log.Error(err)
return
}
if offer.MagicCookie != MAGIC_COOKIE {
log.Error("Not a DHCP packet.")
return
}
//option searching
r := new(bytes.Buffer)
r.Write(offer.Opts[:])
for i := 0; i < r.Len(); i++ {
v := r.Next(1)[0]
if v == OPT_CODE_SUBNET_MASK && r.Next(1)[0] == 4 {
ipStr := byteToIpString(r.Next(4))
log.Infof("SUBNET MASK: %s", ipStr)
}
if v == OPT_CODE_ROUTER && r.Next(1)[0] == 4 {
ipStr := byteToIpString(r.Next(4))
log.Infof("ROUTER: %s", ipStr)
}
if v == OPT_CODE_DNS {
len := r.Next(1)[0]
var dns []string = make([]string, 0)
var ipStr string
ipStr = byteToIpString(r.Next(4))
dns = append(dns, ipStr)
if len == 8 {
ipStr = byteToIpString(r.Next(4))
dns = append(dns, ipStr)
}
log.Infof("DNS: %s", dns)
}
if v == OPT_CODE_SERVER_IDENTIFIER && r.Next(1)[0] == 4 {
ipStr := byteToIpString(r.Next(4))
log.Infof("DHCP SERVER: %s", ipStr)
}
}
log.Flush()
}
func byteToIpString(b []byte) string {
var ipStr string
len := len(b)
for i := 0; i < len; i++ {
v := b[i]
ipStr += fmt.Sprintf("%d", v)
if i < len-1 {
ipStr += "."
}
}
return ipStr
}

142
matcher/ftp/ftp.go
View File

@ -1,142 +0,0 @@
package ftp
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
log "github.com/cihub/seelog"
)
// FTP Status codes, defined in RFC 959
const (
statusReadyServer = "120"
statusOK = "200"
statusNewConnectOK = "220"
statusSystemNameOK = "215"
statusCloseConnect = "221"
statusUnkownCMD = "202"
statusTlsUseOK = "234"
statusCloseControlConnect = "421"
statusSyntaxErr = "500"
statusParamSyntaxErr = "501"
statusNotUseCMD = "502"
statusIncorrectCMD = "503"
statusTlsNotUse = "534"
statusNeedUserId = "332"
)
type FTPMatcher struct {
sendPackets []*packet.Packet
isFtps bool
}
func (ftp *FTPMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
result := false
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
log.Error("Packet nil")
return result
}
str := string(packet.Buffer)
//fmt.Println(str)
code := str[:3]
if index == 0 {
switch code {
case statusNewConnectOK, statusReadyServer:
//fmt.Println(code)
result = true
break
}
} else if index == 1 {
switch code {
case statusSystemNameOK, statusSyntaxErr, statusParamSyntaxErr, statusNotUseCMD:
//fmt.Println(code)
result = true
break
}
} else if index == 2 {
switch code {
case statusIncorrectCMD, statusParamSyntaxErr, statusNotUseCMD, statusNeedUserId:
//fmt.Println(code)
result = true
break
}
} else if index == 3 {
switch code {
case statusCloseConnect, statusSyntaxErr:
//fmt.Println(code)
result = true
break
}
}
if index == 3 && result == true {
var err error
var isfs bool
//fmt.Println(info.Port.Host.Ip, info.Port.Port)
isfs, err = StartCheckFTPS(info.GetIP(), info.GetPort())
if isfs && err == nil {
ftp.isFtps = isfs
} else if err != nil {
log.Warn("FTPS Check Error : ", err.Error())
}
}
return result
}
func (ftp *FTPMatcher) PacketCount() int {
return len(ftp.sendPackets)
}
func (ftp *FTPMatcher) Packet(index int) *packet.Packet {
return ftp.sendPackets[index]
}
func (ftp *FTPMatcher) ServiceName() string {
re := ""
if ftp.isFtps {
re = "FTPS"
} else {
re = "FTP"
}
return re
}
func (ftp *FTPMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (ftp *FTPMatcher) HasResponse(index int) bool {
return false
}
func (ftp *FTPMatcher) IsPrePacket() bool {
return true
}
func NewFTPMatcher() *FTPMatcher {
ftm := FTPMatcher{}
sysStr := "SYST\r\n"
systByte := make([]byte, len(sysStr))
copy(systByte[:], sysStr)
ftm.sendPackets = append(ftm.sendPackets, packet.NewPacket(systByte, len(sysStr)))
passStr := "PASS \r\n"
passByte := make([]byte, len(passStr))
copy(passByte[:], passStr)
ftm.sendPackets = append(ftm.sendPackets, packet.NewPacket(passByte, len(passStr)))
quitStr := "QUIT\r\n"
quitByte := make([]byte, len(quitStr))
copy(quitByte[:], quitStr)
ftm.sendPackets = append(ftm.sendPackets, packet.NewPacket(quitByte, len(quitStr)))
return &ftm
}

87
matcher/imap/imap.go
View File

@ -1,87 +0,0 @@
package imap
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
PRE_COMPARE_STR = "* OK"
SEND_COMPARE_STR = "* BYE"
)
type IMAPMatcher struct {
sendPackets []*packet.Packet
}
func (i *IMAPMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
switch index {
case 0:
recvStr := string(packet.Buffer)
if len(recvStr) < 3 {
return false
}
compareStr := recvStr[0:4]
if compareStr == PRE_COMPARE_STR {
return true
}
case 1:
recvStr := string(packet.Buffer)
if len(recvStr) < 5 {
return false
}
compareStr := recvStr[0:5]
if compareStr == SEND_COMPARE_STR {
return true
}
}
return false
}
func (i *IMAPMatcher) PacketCount() int {
return len(i.sendPackets)
}
func (i *IMAPMatcher) Packet(index int) *packet.Packet {
return i.sendPackets[index]
}
func (i *IMAPMatcher) ServiceName() string {
return "IMAP"
}
func (i *IMAPMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (i *IMAPMatcher) HasResponse(index int) bool {
return false
}
func (i *IMAPMatcher) IsPrePacket() bool {
return true
}
func NewIMAPMatcher() *IMAPMatcher {
im := IMAPMatcher{}
reqStr := "A0001 LOGOUT\r\n"
byte := make([]byte, len(reqStr))
copy(byte[:], reqStr)
im.sendPackets = append(im.sendPackets, packet.NewPacket(byte, len(reqStr)))
return &im
}

198
matcher/ldap/ldap.go
View File

@ -1,198 +0,0 @@
package ldap
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
type LDAPMatcher struct {
sendPackets []*packet.Packet
}
func (l *LDAPMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
buf := new(bytes.Buffer)
buf.Write(packet.Buffer)
ldapRecv := LDAP_RECV{}
binary.Read(buf, binary.LittleEndian, &ldapRecv)
if ldapRecv.MessageId != LDAP_MESSAGE_ID {
return false
}
if ldapRecv.ProtocolOp != LDAP_RES_BIND {
return false
}
if ldapRecv.ResultCode != LDAP_SUCCESS {
return false
}
return true
}
func (l *LDAPMatcher) PacketCount() int {
return len(l.sendPackets)
}
func (l *LDAPMatcher) Packet(index int) *packet.Packet {
return l.sendPackets[index]
}
func (l *LDAPMatcher) ServiceName() string {
return "LDAP"
}
func (l *LDAPMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (l *LDAPMatcher) HasResponse(index int) bool {
if index == 1 {
return true
}
return false
}
func (l *LDAPMatcher) IsPrePacket() bool {
return false
}
func NewLDAPMatcher() *LDAPMatcher {
ls := LDAP_SEND{
DefaultCode: 0x30,
PacketLength: 0x0c, // size -2
NextType1: 0x02,
NextTypeLength1: 0x01,
MessageId: LDAP_MESSAGE_ID,
ProtocolOp: LDAP_REQ_BIND,
ProtocolOpLength: 0x07,
NextType2: 0x02,
NextTypeLength2: 0x01,
Version: LDAP_VERSION3,
NextType3: 0x04,
NextTypeLength3: 0x00,
Auth: LDAP_AUTH_SIMPLE,
AuthLength: 0x00,
}
mCache := new(bytes.Buffer)
binary.Write(mCache, binary.LittleEndian, ls)
sendByte1 := mCache.Bytes()
lm := LDAPMatcher{
//sendPackets: make([][]byte, 2),
}
pp := packet.NewPacket(sendByte1, len(sendByte1))
lm.sendPackets = append(lm.sendPackets, pp)
lq := LDAP_QUIT{
DefaultCode: 0x30,
UnknwonCode1: 0x84,
PacketLength: 0x05,
NextType1: 0x02,
NextTypeLength1: 0x01,
MessageId: LDAP_MESSAGE_ID_QUIT,
ProtocolOp: LDAP_REQ_UNBIND,
protocolOpLength: 0x00,
}
lqBuffer := new(bytes.Buffer)
binary.Write(lqBuffer, binary.BigEndian, lq)
sendByte2 := lqBuffer.Bytes()
pp2 := packet.NewPacket(sendByte2, len(sendByte2))
lm.sendPackets = append(lm.sendPackets, pp2)
return &lm
}
type LDAP_SEND struct {
DefaultCode uint8
PacketLength uint8
NextType1 uint8
NextTypeLength1 uint8
MessageId uint8
ProtocolOp uint8
ProtocolOpLength uint8
NextType2 uint8
NextTypeLength2 uint8
Version uint8
NextType3 uint8
NextTypeLength3 uint8
Auth uint8
AuthLength uint8
}
type LDAP_RECV struct {
DefaultCode uint8
UnknwonCode1 uint8
EndCode11 uint8
EndCode12 uint8
MessageId uint8
ProtocolOp uint8
UnknwonCode2 uint8
EndCode21 uint8
EndCode22 uint8
ResultCode uint8
UnknwonCode3 uint8
UnknwonCode4 uint8
Auth uint8
UnknwonCode5 uint8
}
type LDAP_QUIT struct {
DefaultCode uint8
UnknwonCode1 uint8
PacketLength uint32
NextType1 uint8
NextTypeLength1 uint8
MessageId uint8
ProtocolOp uint8
protocolOpLength uint8
}
const (
LDAP_MESSAGE_ID = 0x99
LDAP_MESSAGE_ID_QUIT = 0x89
LDAP_VERSION3 = 3
LDAP_SUCCESS = 0x00
LDAP_REQ_BIND = 0x60
LDAP_REQ_UNBIND = 0x42
LDAP_RES_BIND = 0x61
LDAP_AUTH_SIMPLE = 0x80
)

115
matcher/ldap/ldap_test.go
View File

@ -1,115 +0,0 @@
package ldap
import (
"crypto/tls"
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/scan/matcher/scaninfo"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
"testing"
)
//func SetUp() {
// fmt.Println("SetUp")
//}
//
//func TearDown() {
// fmt.Println("TearDown")
//}
//func TestMain(m *testing.M) {
// SetUp()
// m.Run()
// TearDown()
//}
func TestAAAA(t *testing.T) {
///animals := []Animal{Dog{}, Cat{}, Llama{}, JavaProgrammer{}}
var ttt [][]int = make([][]int, 10)
var aaa []int
aaa = append(aaa, 111)
ttt = append(ttt, aaa)
fmt.Println(cap(ttt))
}
func ldapRun(client net.Conn, t *testing.T) {
lm := NewLDAPMatcher()
//port := types.NewPort("389", types.NewHost("192.168.1.215"), types.TYPE_TCP)
//scanInfo := scaninfo.NewServiceScanInfo(port)
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
//
//fmt.Println(ipport)
//client, _ := net.Dial("tcp", ipport)
//defer client.Close()
fmt.Println(lm.PacketCount())
for ii := 0; ii < lm.PacketCount(); ii++ {
pack := lm.Packet(ii)
bytes := make([]byte, 1024)
client.Write(pack.Buffer)
read, _ := client.Read(bytes)
if read <= 0 {
bb := lm.HasResponse(ii)
if bb {
t.Log("HasResponse good")
break
}
}
fmt.Println(bytes)
b := lm.Match(ii, packet.NewPacket(bytes, read), nil)
if b {
t.Log("Good")
}
}
}
func TestLdapTls(t *testing.T) {
conn, err := tls.Dial(
"tcp",
"192.168.1.15:636",
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.15",
},
)
if err != nil {
t.Fatal(err)
}
defer conn.Close()
ldapRun(conn, t)
}
func TestLdapNormal(t *testing.T) {
client, _ := net.Dial("tcp", "192.168.1.15:389")
defer client.Close()
ldapRun(client, t)
}

122
matcher/mongodb/mongodb.go
View File

@ -1,122 +0,0 @@
package mongodb
import (
"bytes"
"encoding/binary"
"math/rand"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
MONGO_OP_REQUEST uint32 = 2004
MONGO_OP_REPLY uint32 = 1
MONGO_FCNAME string = "admin.$cmd"
MONGO_ELEMENT string = "ismaster"
)
var MONGO_REQUEST_ID uint32
type mongo struct {
MessageLength uint32
RequestId uint32
ResponseTo uint32
OpCode uint32
Flags uint32
FullCollectionName [11]byte
NumberToSkip uint32
NumberToReturn int32
DocumentLength uint32
Type_ uint8
Element [9]byte
Value uint8
_ uint8
}
type MongoDBMatcher struct {
packets []*packet.Packet
}
func NewMongoDBMatcher() *MongoDBMatcher {
mongoMatcher := &MongoDBMatcher{}
tempBuf := new(bytes.Buffer)
binary.Write(tempBuf, binary.BigEndian, mongo{})
var fcn [11]byte
copy(fcn[:], MONGO_FCNAME)
var elem [9]byte
copy(elem[:], MONGO_ELEMENT)
MONGO_REQUEST_ID = rand.Uint32()
m := mongo{
MessageLength: uint32(len(tempBuf.Bytes())),
RequestId: MONGO_REQUEST_ID,
ResponseTo: 0,
OpCode: MONGO_OP_REQUEST,
Flags: 0,
FullCollectionName: fcn,
NumberToSkip: 0,
NumberToReturn: -1,
DocumentLength: 16,
Type_: 0x08,
Element: elem,
Value: 1,
}
writer := new(bytes.Buffer)
binary.Write(writer, binary.LittleEndian, m)
mongoMatcher.packets = append(mongoMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len()))
return mongoMatcher
}
func (t *MongoDBMatcher) ServiceName() string {
return "MongoDB"
}
func (t *MongoDBMatcher) PacketCount() int {
return len(t.packets)
}
func (t *MongoDBMatcher) Packet(index int) *packet.Packet {
return t.packets[index]
}
func (t *MongoDBMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (t *MongoDBMatcher) HasResponse(index int) bool {
return false
}
func (t *MongoDBMatcher) IsPrePacket() bool {
return false
}
func (t *MongoDBMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
m := mongo{}
if err := binary.Read(reader, binary.LittleEndian, &m); err != nil {
return false
}
if uint32(packet.Len) != m.MessageLength ||
m.ResponseTo != MONGO_REQUEST_ID ||
m.OpCode != MONGO_OP_REPLY {
return false
}
return true
}

173
matcher/mssql/mssql.go
View File

@ -1,173 +0,0 @@
package mssql
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
HEADER_TYPE_PRELOGIN uint8 = 0x12
HEADER_TYPE_RESPONSE uint8 = 0x4
PL_OPTION_TOKEN_VERSION uint8 = 0x00
PL_OPTION_TOKEN_ENCRYPTION uint8 = 0x01
PL_OPTION_TOKEN_TRACEID uint8 = 0x05
PL_OPTION_TOKEN_TERMINATOR uint8 = 0xff
ENCRYPT_OFF string = "Encryption is available but off."
ENCRYPT_ON string = "Encryption is available and on."
ENCRYPT_NOT_SUP string = "Encryption is not available."
ENCRYPT_REQ string = "Encryption is required."
)
type PreloginMsg struct {
VersionToken uint8
VersionOffset uint16
VersionLength uint16
EncryptionToken uint8
EncryptionOffset uint16
EncryptionLength uint16
TraceIdToken uint8
TraceIdOffset uint16
TraceIdLength uint16
Terminator uint8
Options [7]uint8
TraceId [36]uint8
}
type mssql struct {
Type_ uint8
Status uint8
Length uint16
Channel uint16
PacketNum uint8
Window uint8
Prelogin PreloginMsg
}
type PreloginResponse struct {
Msg [256]uint8
}
type mssqlResponse struct {
Type_ uint8
Status uint8
Length uint16
Channel uint16
PacketNum uint8
Window uint8
PreLoginResp PreloginResponse
}
type MSSqlMatcher struct {
packets []*packet.Packet
isSSL bool
}
func NewMSSqlMatcher() *MSSqlMatcher {
mssqlMatcher := &MSSqlMatcher{}
tempBuf := new(bytes.Buffer)
binary.Write(tempBuf, binary.BigEndian, mssql{})
m := mssql{
Type_: HEADER_TYPE_PRELOGIN,
Status: 0x01,
Length: uint16(len(tempBuf.Bytes())),
Channel: 0,
PacketNum: 0,
Window: 0,
Prelogin: PreloginMsg{
VersionToken: PL_OPTION_TOKEN_VERSION,
VersionOffset: 0x0010,
VersionLength: 0x0006,
EncryptionToken: PL_OPTION_TOKEN_ENCRYPTION,
EncryptionOffset: 0x0016,
EncryptionLength: 0x0001,
TraceIdToken: PL_OPTION_TOKEN_TRACEID,
TraceIdOffset: 0x0017,
TraceIdLength: 0x0024,
Terminator: PL_OPTION_TOKEN_TERMINATOR,
},
}
writer := new(bytes.Buffer)
binary.Write(writer, binary.BigEndian, m)
mssqlMatcher.packets = append(mssqlMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len()))
return mssqlMatcher
}
func (t *MSSqlMatcher) ServiceName() string {
if t.isSSL {
return "SQL Server (SSL)"
}
return "SQL Server"
}
func (t *MSSqlMatcher) PacketCount() int {
return len(t.packets)
}
func (t *MSSqlMatcher) Packet(index int) *packet.Packet {
return t.packets[index]
}
func (t *MSSqlMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (t *MSSqlMatcher) HasResponse(index int) bool {
return false
}
func (t *MSSqlMatcher) IsPrePacket() bool {
return false
}
func (t *MSSqlMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
m := mssqlResponse{}
if err := binary.Read(reader, binary.BigEndian, &m); err != nil {
return false
}
if m.Type_ != HEADER_TYPE_RESPONSE {
return false
}
if m.Length != uint16(packet.Len) {
return false
}
switch m.PreLoginResp.Msg[m.Length-9 : m.Length-8][0] {
case 0:
return true
case 1:
t.isSSL = true
return true
case 2:
return true
case 3:
t.isSSL = true
return true
default:
return false
}
return false
}

151
matcher/mysql/mysql.go
View File

@ -1,151 +0,0 @@
package mysql
import (
"bytes"
"encoding/binary"
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
"strconv"
"strings"
)
type PacketSize struct {
PacketLength [3]byte
PacketNumber byte
}
type mySql struct {
Payload PacketSize
Protocol byte
Version [256]byte
TreadId uint32
Salt1 [9]byte
ServerCapa uint16
ServerLang uint8
ServerStat uint16
ExtServerCapa uint16
AuthPlugLen uint8
_ [10]uint8
Salt2 [13]uint8
AuthPlugName [64]uint8
}
type MySqlMatcher struct {
packets []*packet.Packet
version string
isErrResp bool
errCode int
errMsg string
isSSL bool
}
func NewMySqlMatcher() *MySqlMatcher {
return &MySqlMatcher{}
}
func (t *MySqlMatcher) ServiceName() string {
if t.isErrResp {
return "MySQL" + "(Err-" + strconv.Itoa(t.errCode) + " : " + t.errMsg + ")"
}
if t.isSSL {
return "MySQL" + "-" + t.version + "(SSL)"
}
return "MySQL" + "(" + t.version + ")"
}
func (t *MySqlMatcher) PacketCount() int {
return len(t.packets)
}
func (t *MySqlMatcher) Packet(index int) *packet.Packet {
return t.packets[index]
}
func (t *MySqlMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (t *MySqlMatcher) HasResponse(index int) bool {
return false
}
func (t *MySqlMatcher) IsPrePacket() bool {
return true
}
func (t *MySqlMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil || len(packet.Buffer) <= 0 {
return false
}
r := new(bytes.Buffer)
r.Write(packet.Buffer)
m := mySql{}
if err := binary.Read(r, binary.LittleEndian, &m); err != nil {
return false
}
buf := bytes.NewBuffer(m.Payload.PacketLength[:])
packetLen, _ := binary.ReadUvarint(buf)
if packetLen != uint64(packet.Len-4) {
return false
}
if m.Protocol == 0xff {
//MySQL error response
var code [2]uint8
copy(code[:], m.Version[:2])
var msg [256]uint8
copy(msg[:], m.Version[2:])
errCode := binary.LittleEndian.Uint16(code[:])
if errCode < 1000 || errCode > 1727 {
return false
}
errMsg := bytes.Trim(msg[:], "\x00")
t.isErrResp = true
t.errCode = int(errCode)
t.errMsg = string(errMsg)
return true
}
if m.Protocol != 10 && m.Protocol != 9 {
return false
}
t.checkSSL(packet)
return true
}
func (t *MySqlMatcher) checkSSL(packet *packet.Packet) {
temp := make([]byte, packet.Len)
r := new(bytes.Buffer)
r.Write(packet.Buffer)
if err := binary.Read(r, binary.LittleEndian, &temp); err != nil {
return
}
t.version = strings.Split(string(packet.Buffer)[5:packet.Len], "\x00")[0]
versionLen := len(t.version) + 1
data := binary.LittleEndian.Uint16(temp[18+versionLen : 20+versionLen])
s := fmt.Sprintf("%b", data)
for i, b := range s {
if i == 4 {
if b == 49 {
t.isSSL = true
}
}
}
}

109
matcher/netbios/netbios.go
View File

@ -1,109 +0,0 @@
package netbios
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
NBSS_SESSION_REQUEST uint8 = 0x81
NBSS_POSITIVE_SESSION_RESPONSE uint8 = 0x82
NBSS_NEGATIVE_SESSION_RESPONSE uint8 = 0x83
ADDR string = "192.168.1.202:139"
)
type netBios struct {
MsgType uint8
Flags uint8 //0-6 : Reserved, must be zero. 7 : Length extension.
Length uint16
CalledNameLen uint8
CalledName [16]uint16
_ uint8
CallingNameLen uint8
CallingName [16]uint16
_ uint8
}
type NetBiosMatcher struct {
packets []*packet.Packet
}
func NewNetBiosMatcher() *NetBiosMatcher {
nbssMatcher := &NetBiosMatcher{}
tempBuf := new(bytes.Buffer)
binary.Write(tempBuf, binary.BigEndian, netBios{})
query := netBios{
MsgType: NBSS_SESSION_REQUEST,
Flags: 0x00,
Length: 0x4400,
CalledNameLen: 0x20,
CallingNameLen: 0x20,
}
query.CalledName[0] = 0x4D45 // L
query.CalledName[1] = 0x4745 // F
query.CallingName[0] = 0x4D45
query.CallingName[1] = 0x4745
for i := 2; i < 16; i++ {
query.CalledName[i] = 0x4143 //Space
query.CallingName[i] = 0x4143
}
writer := new(bytes.Buffer)
binary.Write(writer, binary.LittleEndian, query)
nbssMatcher.packets = append(nbssMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len()))
return nbssMatcher
}
func (t *NetBiosMatcher) ServiceName() string {
return "NBSS"
}
func (t *NetBiosMatcher) PacketCount() int {
return len(t.packets)
}
func (t *NetBiosMatcher) Packet(index int) *packet.Packet {
return t.packets[index]
}
func (t *NetBiosMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (t *NetBiosMatcher) HasResponse(index int) bool {
return false
}
func (t *NetBiosMatcher) IsPrePacket() bool {
return false
}
func (t *NetBiosMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
n := netBios{}
if err := binary.Read(reader, binary.LittleEndian, &n); err != nil {
return false
}
if NBSS_NEGATIVE_SESSION_RESPONSE != n.MsgType {
return false
}
return true
}

191
matcher/oracle/oracle.go
View File

@ -1,191 +0,0 @@
package oracle
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
type OracleMatcher struct {
sendPackets []*packet.Packet
}
func (o *OracleMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
header := header_packet{}
refuse := body_refuse{}
buf := new(bytes.Buffer)
buf.Write(packet.Buffer)
binary.Read(buf, binary.BigEndian, &header)
binary.Read(buf, binary.BigEndian, &refuse)
//fmt.Println(header)
//fmt.Println(refuse)
if header.Check_sum != 0 {
return false
}
if header.Types != 4 {
return false
}
if header.Reserved_byte != 0 {
return false
}
if header.Header_sum != 0 {
return false
}
if refuse.Reason_user != 34 {
return false
}
if refuse.Reason_system != 0 {
return false
}
var dataLen int = int(refuse.Data_len)
if dataLen != packet.Len-12 { //
if dataLen != packet.Len-22 { // morformed packet error not user not service
return false
}
}
return true
}
func (o *OracleMatcher) PacketCount() int {
return len(o.sendPackets)
}
func (o *OracleMatcher) Packet(index int) *packet.Packet {
return o.sendPackets[index]
}
func (o *OracleMatcher) ServiceName() string {
return "OracleMatcher"
}
func (o *OracleMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (o *OracleMatcher) HasResponse(index int) bool {
return false
}
func (o *OracleMatcher) IsPrePacket() bool {
return false
}
func NewOracleMatcher() *OracleMatcher {
pm := OracleMatcher{}
hp := header_packet{
Length: 247,
Check_sum: 0,
Types: 1,
Reserved_byte: 0,
Header_sum: 0,
}
bc := body_connect{
Version: 315,
Version_compatible: 300,
//Service_options:
Session_unit_size: 8192,
Maxumum_trans_data_unit_size: 65535,
//Nt_protocol_characteristics:
Line_turnaround_value: 0,
Value_of_1_in_hardware: 1,
Length_of_connect_data: 177,
Offset_to_connect_data: 70,
Maximum_receivable_connect_data: 0,
//Connect_flag0:
//Connect_flag1:
Trace_cross_facility_item_1: 0,
Trace_cross_facility_item_2: 0,
Trace_unique_connection_id: 0,
//Unknown_data:
//Connect_data:
}
bc.Service_options[0] = 0x0c
bc.Service_options[1] = 0x41
bc.Nt_protocol_characteristics[0] = 0x4f
bc.Nt_protocol_characteristics[1] = 0x98
bc.Connect_flag0 = 0x81
bc.Connect_flag1 = 0x81
bc.Unknown_data[10] = 0x20
bc.Unknown_data[13] = 0x20
conDataStr := "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.30)(PORT=1521))(CONNECT_DATA=(CID=(PROGRAM=JDBC Thin Client)(HOST=__jdbc__)(USER=loafle.match))(SERVICE_NAME=oracle.loafle.com1)))"
//conDataStr := "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.30)(PORT=1521))(CONNECT_DATA=(CID=(PROGRAM=JDBC Thin Client)(HOST=__jdbc__)(USER=Jackdaw))(SERVICE_NAME=oracle.loafle.co1m)))"
connect_data := make([]byte, len(conDataStr))
copy(connect_data, conDataStr)
hpBuf := new(bytes.Buffer)
binary.Write(hpBuf, binary.BigEndian, hp)
hpBt := hpBuf.Bytes()
bcBuf := new(bytes.Buffer)
binary.Write(bcBuf, binary.BigEndian, bc)
bcBt := bcBuf.Bytes()
byteSize := len(hpBt) + len(bcBt) + len(conDataStr)
sendByte := make([]byte, byteSize)
copy(sendByte[0:], hpBt)
copy(sendByte[len(hpBt):], bcBt)
copy(sendByte[len(hpBt)+len(bcBt):], connect_data)
pm.sendPackets = append(pm.sendPackets, packet.NewPacket(sendByte, byteSize))
return &pm
}
type header_packet struct {
Length uint16
Check_sum uint16
Types byte
Reserved_byte byte
Header_sum uint16
}
type body_connect struct {
Version uint16
Version_compatible uint16
Service_options [2]byte
Session_unit_size uint16
Maxumum_trans_data_unit_size uint16
Nt_protocol_characteristics [2]byte
Line_turnaround_value uint16
Value_of_1_in_hardware uint16
Length_of_connect_data uint16
Offset_to_connect_data uint16
Maximum_receivable_connect_data uint32
Connect_flag0 byte
Connect_flag1 byte
Trace_cross_facility_item_1 uint32
Trace_cross_facility_item_2 uint32
Trace_unique_connection_id uint64
Unknown_data [20]byte
//Connect_data []byte
}
type body_refuse struct {
Reason_user byte
Reason_system byte
Data_len uint16
//Data []byte
}

182
matcher/pgsql/pgsql.go
View File

@ -1,182 +0,0 @@
package pgsql
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
"strings"
)
const (
RESPONSE_TYPE_ERR uint8 = 0x45
)
type pgsql struct {
Len uint32
MessageType uint16
_ uint16
Name [5]byte
NameValue byte
Db [9]byte
DBValue byte
Encoding [16]byte
EncodingValue [5]byte
DateStyle [10]byte
DateStyleValue [4]byte
TimeZone [9]byte
TimeZoneValue [11]byte
ExtraDigits [19]byte
ExtraDigitsValue uint16
End byte
}
type pgsqlErrResponse struct {
ResponseType uint8
Len [4]byte
Severity [6]byte
_ byte
Code [6]byte
_ byte
Message [53]byte
}
type pgsqlErrResponse2 struct {
ResponseType uint8
Len [4]byte
Data [128]byte
//Severity [6]byte
//_ byte
//Code [6]byte
//_ byte
//Message [53]byte
}
type PostgreSQLMatcher struct {
packets []*packet.Packet
}
func NewPostgreSQLMatcher() *PostgreSQLMatcher {
pgSqlMatcher := &PostgreSQLMatcher{}
pg := pgsql{}
pg.Len = 0x00000065
pg.MessageType = 0x0003
var name [5]byte
copy(name[:], "user")
pg.Name = name
pg.NameValue = 0x00
var db [9]byte
copy(db[:], "database")
pg.Db = db
pg.DBValue = 0x00
var encoding [16]byte
copy(encoding[:], "client_encoding")
pg.Encoding = encoding
var encodingValue [5]byte
copy(encodingValue[:], "UTF8")
pg.EncodingValue = encodingValue
var dateStyle [10]byte
copy(dateStyle[:], "DateStyle")
pg.DateStyle = dateStyle
var dateStyleValue [4]byte
copy(dateStyleValue[:], "ISO")
pg.DateStyleValue = dateStyleValue
var timeZone [9]byte
copy(timeZone[:], "TimeZone")
pg.TimeZone = timeZone
var timeZoneValue [11]byte
copy(timeZoneValue[:], "Asia/Seoul")
pg.TimeZoneValue = timeZoneValue
var extraDigit [19]byte
copy(extraDigit[:], "extra_float_digits")
pg.ExtraDigits = extraDigit
pg.ExtraDigitsValue = 0x3200
writer := new(bytes.Buffer)
binary.Write(writer, binary.BigEndian, pg)
pgSqlMatcher.packets = append(pgSqlMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len()))
return pgSqlMatcher
}
func (t *PostgreSQLMatcher) ServiceName() string {
return "PostgreSQL"
}
func (t *PostgreSQLMatcher) PacketCount() int {
return len(t.packets)
}
func (t *PostgreSQLMatcher) Packet(index int) *packet.Packet {
return t.packets[index]
}
func (t *PostgreSQLMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (t *PostgreSQLMatcher) HasResponse(index int) bool {
return false
}
func (t *PostgreSQLMatcher) IsPrePacket() bool {
return false
}
func (t *PostgreSQLMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
pg := pgsqlErrResponse2{}
if err := binary.Read(reader, binary.BigEndian, &pg); err != nil {
return false
}
if pg.ResponseType != RESPONSE_TYPE_ERR {
return false
}
length := binary.BigEndian.Uint32(pg.Len[:])
if length+1 != uint32(packet.Len) {
return false
}
data := string(pg.Data[:])
splits := strings.Split(data, "\x00")
var findSeverity bool = false
var findErrorCode bool = false
for _, s := range splits {
if strings.Contains(s, "FATAL") {
findSeverity = true
}
if strings.Contains(s, "28000") {
findErrorCode = true
}
}
if !findSeverity || !findErrorCode {
return false
}
return true
}

73
matcher/pop/pop.go
View File

@ -1,73 +0,0 @@
package pop
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
COMPARE_STR = "+OK"
)
type POPMatcher struct {
sendPackets []*packet.Packet
}
func (p *POPMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
switch index {
case 0:
fallthrough
case 1:
recvStr := string(packet.Buffer)
if len(recvStr) < 3 {
return false
}
compareStr := recvStr[0:3]
if compareStr == COMPARE_STR {
return true
}
}
return false
}
func (p *POPMatcher) PacketCount() int {
return len(p.sendPackets)
}
func (p *POPMatcher) Packet(index int) *packet.Packet {
return p.sendPackets[index]
}
func (p *POPMatcher) ServiceName() string {
return "POPMatcher"
}
func (p *POPMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (p *POPMatcher) HasResponse(index int) bool {
return false
}
func (p *POPMatcher) IsPrePacket() bool {
return true
}
func NewPOPMatcher() *POPMatcher {
pm := POPMatcher{}
reqStr := "QUIT\r\n"
byte := make([]byte, len(reqStr))
copy(byte[:], reqStr)
pm.sendPackets = append(pm.sendPackets, packet.NewPacket(byte, len(reqStr)))
return &pm
}

76
matcher/redis/redis.go
View File

@ -1,76 +0,0 @@
package redis
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
"strings"
)
const REDIS_PING string = "*1\r\n$4\r\nping\r\n"
type RedisMatcher struct {
packets []*packet.Packet
}
func NewRedisMatcher() *RedisMatcher {
redisMatcher := &RedisMatcher{}
redisMatcher.packets = append(redisMatcher.packets, packet.NewPacket([]byte(REDIS_PING), len(REDIS_PING)))
return redisMatcher
}
func (t *RedisMatcher) ServiceName() string {
return "Redis"
}
func (t *RedisMatcher) PacketCount() int {
return len(t.packets)
}
func (t *RedisMatcher) Packet(index int) *packet.Packet {
return t.packets[index]
}
func (t *RedisMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (t *RedisMatcher) HasResponse(index int) bool {
return false
}
func (t *RedisMatcher) IsPrePacket() bool {
return false
}
func (t *RedisMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
resp := strings.Split(string(packet.Buffer), "\r\n")[0]
if len(resp) <= 0 {
return false
}
sign := string([]rune(resp)[0])
if len(sign) <= 0 {
return false
}
if sign == "+" {
if resp == "+PONG" || resp == "+OK" {
return true
}
}
if sign == "-" {
if resp == "-NOAUTH" || resp == "-ERR" {
return true
}
}
return false
}

78
matcher/redis/redisProtected.go
View File

@ -1,78 +0,0 @@
package redis
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
COMPARE_STR_1 = "-"
COMPARE_STR_2 = "DENIED"
)
type RedisProtectedMatcher struct {
}
func NewRedisProtectedMatcher() *RedisProtectedMatcher {
redisMatcher := &RedisProtectedMatcher{}
return redisMatcher
}
func (r *RedisProtectedMatcher) ServiceName() string {
return "RedisProtectedMatcher"
}
func (r *RedisProtectedMatcher) PacketCount() int {
return 0
}
func (r *RedisProtectedMatcher) Packet(index int) *packet.Packet {
return nil
}
func (r *RedisProtectedMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (r *RedisProtectedMatcher) HasResponse(index int) bool {
return false
}
func (r *RedisProtectedMatcher) IsPrePacket() bool {
return true
}
func (r *RedisProtectedMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
switch index {
case 0:
str := string(packet.Buffer[:packet.Len])
if str == "" {
return false
}
if len(str) <= 0 {
return false
}
firstCompare := str[0:1]
seconcdCompare := str[1 : len(COMPARE_STR_2)+1]
if firstCompare != COMPARE_STR_1 {
return false
}
if seconcdCompare != COMPARE_STR_2 {
return false
}
return true
}
return false
}

111
matcher/rmi/rmi.go
View File

@ -1,111 +0,0 @@
package rmi
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
MAGIC_NUMBER = 0x4a524d49
STREAM_PROTOCOL = 0x4b
VERSION = 0x0002
ACK_PROTOCOL = 0x4e
)
type RMI_SEND_MESSAGE struct {
magic uint32
version uint16
protocol uint8
}
type RMI_RECV_MESSAGE struct {
streamMessage uint8
packetLen uint16
host []byte
port [2]byte
}
type RMIMatcher struct {
sendPackets []*packet.Packet
}
func (r *RMIMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
result := false
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
return result
}
//fmt.Println("packet :", packet)
rmiRecv := RMI_RECV_MESSAGE{}
buf := bytes.NewReader(packet.Buffer)
binary.Read(buf, binary.BigEndian, &rmiRecv.streamMessage)
binary.Read(buf, binary.BigEndian, &rmiRecv.packetLen)
lenInt := int(rmiRecv.packetLen)
var tempHost = make([]byte, lenInt, lenInt)
copy(rmiRecv.host, tempHost)
rmiRecv.host = tempHost
binary.Read(buf, binary.BigEndian, &rmiRecv.host)
binary.Read(buf, binary.BigEndian, &rmiRecv.port)
hostIp := string(rmiRecv.host[:lenInt])
//fmt.Println(hostIp)
//hostPort := binary.BigEndian.Uint16(rmiRecv.port[:2])
if rmiRecv.streamMessage == ACK_PROTOCOL && lenInt == len(hostIp) {
result = true
}
return result
}
func (r *RMIMatcher) PacketCount() int {
return len(r.sendPackets)
}
func (r *RMIMatcher) Packet(index int) *packet.Packet {
return r.sendPackets[index]
}
func (r *RMIMatcher) ServiceName() string {
return "RMI"
}
func (r *RMIMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (r *RMIMatcher) HasResponse(index int) bool {
return false
}
func (r *RMIMatcher) IsPrePacket() bool {
return false
}
func NewRMIMatcher() *RMIMatcher {
r := RMIMatcher{}
rsm := RMI_SEND_MESSAGE{
magic: MAGIC_NUMBER,
version: VERSION,
protocol: STREAM_PROTOCOL,
}
mCache := new(bytes.Buffer)
binary.Write(mCache, binary.BigEndian, rsm)
sendByte1 := mCache.Bytes()
pp := packet.NewPacket(sendByte1, len(sendByte1))
r.sendPackets = append(r.sendPackets, pp)
return &r
}

161
matcher/smb/smb.go
View File

@ -1,161 +0,0 @@
package smb
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
"strings"
)
const (
SMB_COM_NEGOTIATE uint8 = 0x72
SMB_SUCCESS uint8 = 0x00
)
type netBIOS struct {
MsgType byte
MsgLength [3]uint8
}
type smb struct {
NetBios netBIOS
Component [4]uint8
SmbCommand uint8
NtStatus [4]uint8
Flags uint8
Flags2 [2]uint8
ProcessId uint16
Signature uint64
Reserved uint16
Tid uint16
Pid uint16
Uid uint16
Mid uint16
Wct uint8
Bcc uint16
Bf1 uint8
Name1 [23]uint8
Bf2 uint8
Name2 [10]uint8
Bf3 uint8
Name3 [28]uint8
Bf4 uint8
Name4 [10]uint8
Bf5 uint8
Name5 [10]uint8
Bf6 uint8
Name6 [11]uint8
}
type SMBMatcher struct {
packets []*packet.Packet
}
func NewSMBMatcher() *SMBMatcher {
nbssMatcher := &SMBMatcher{}
query := smb{}
query.NetBios.MsgType = 0x00
query.NetBios.MsgLength[2] = 0x85
query.Component[0] = 0xff
query.Component[1] = 'S'
query.Component[2] = 'M'
query.Component[3] = 'B'
query.SmbCommand = SMB_COM_NEGOTIATE
query.NtStatus[3] = SMB_SUCCESS
query.Flags = 0x18
query.Flags2[0] = 0x53
query.Flags2[1] = 0xC8
query.ProcessId = 0x00
query.Signature = 0x00
query.Reserved = 0
query.Tid = 0
query.Pid = 0xfeff
query.Uid = 0
query.Mid = 0
query.Wct = 0
query.Bcc = 0x0062
query.Bf1 = 0x02
copy(query.Name1[:], "PC NETWORK PROGRAM 1.0")
query.Bf2 = 0x02
copy(query.Name2[:], "LANMAN1.0")
query.Bf3 = 0x02
copy(query.Name3[:], "Windows for Workgroups 3.1a")
query.Bf4 = 0x02
copy(query.Name4[:], "LM1.2X002")
query.Bf5 = 0x02
copy(query.Name5[:], "LANMAN2.1")
query.Bf6 = 0x02
copy(query.Name6[:], "NT LM 0.12")
writer := new(bytes.Buffer)
binary.Write(writer, binary.LittleEndian, query)
nbssMatcher.packets = append(nbssMatcher.packets, packet.NewPacket(writer.Bytes(), writer.Len()))
return nbssMatcher
}
func (t *SMBMatcher) ServiceName() string {
return "SMB"
}
func (t *SMBMatcher) PacketCount() int {
return len(t.packets)
}
func (t *SMBMatcher) Packet(index int) *packet.Packet {
return t.packets[index]
}
func (t *SMBMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (t *SMBMatcher) HasResponse(index int) bool {
return false
}
func (t *SMBMatcher) IsPrePacket() bool {
return false
}
func (t *SMBMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
s := smb{}
if err := binary.Read(reader, binary.BigEndian, &s); err != nil {
return false
}
var des [4]byte
copy(des[1:], s.NetBios.MsgLength[:])
packetLen := binary.BigEndian.Uint32(des[:])
if packetLen != uint32(packet.Len-4) {
return false
}
if !strings.Contains(string(s.Component[:]), "SMB") {
return false
}
return true
}

71
matcher/smtp/smtp.go
View File

@ -1,71 +0,0 @@
package smtp
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
"strings"
)
type SmtpMatcher struct {
packets []*packet.Packet
}
func NewSmtpMatcher() *SmtpMatcher {
m := &SmtpMatcher{}
b := []byte("helo test\r\n")
m.packets = append(m.packets, packet.NewPacket(b, len(b)))
b = []byte("quit\r\n")
m.packets = append(m.packets, packet.NewPacket(b, len(b)))
return m
}
func (t *SmtpMatcher) ServiceName() string {
return "SMTP"
}
func (t *SmtpMatcher) PacketCount() int {
return len(t.packets)
}
func (t *SmtpMatcher) Packet(index int) *packet.Packet {
return t.packets[index]
}
func (t *SmtpMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (t *SmtpMatcher) HasResponse(index int) bool {
return false
}
func (t *SmtpMatcher) IsPrePacket() bool {
return true
}
func (t *SmtpMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
buf := string(packet.Buffer)
if len(buf) == 0 || len(buf) < 5 {
return false
}
splits := strings.Split(buf, "\r\n")
splits = strings.Split(buf, " ")
if index == 0 {
if splits[0] == "220" {
return true
}
} else if index == 1 {
if splits[0] == "250" {
return true
}
} else if index == 2 {
if splits[0] == "221" {
return true
}
}
return false
}

66
matcher/ssh/ssh.go
View File

@ -1,66 +0,0 @@
package ssh
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
"strings"
)
type SSHMatcher struct {
sendPackets []*packet.Packet
}
func (ssh *SSHMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
result := false
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
return result
}
str := string(packet.Buffer)
//fmt.Println(str)
temps := strings.Split(str, " ")
protocol := strings.Split(temps[0], "-")
//osType := temps[1]
if 0 == strings.Compare(protocol[0], "SSH") {
majorVersion := protocol[1]
//fmt.Println(majorVersion)
if 0 == strings.Compare(majorVersion, "2.0") || 0 == strings.Compare(majorVersion, "1.0") {
result = true
}
}
return result
}
func (ssh *SSHMatcher) PacketCount() int {
return len(ssh.sendPackets)
}
func (ssh *SSHMatcher) Packet(index int) *packet.Packet {
return ssh.sendPackets[index]
}
func (ssh *SSHMatcher) ServiceName() string {
return "SSH"
}
func (ssh *SSHMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (ssh *SSHMatcher) HasResponse(index int) bool {
return false
}
func (ssh *SSHMatcher) IsPrePacket() bool {
return true
}
func NewSSHMatcher() *SSHMatcher {
r := SSHMatcher{}
return &r
}

79
matcher/telnet/telnet.go
View File

@ -1,79 +0,0 @@
package telnet
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
DO = 0xfd
WONT = 0x4b
WILL = 0xfb
DONT = 0xfe
CMD = 0xff
)
type TelnetMatcher struct {
sendPackets []*packet.Packet
}
func (tel *TelnetMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
result := false
if packet == nil || packet.Buffer == nil || packet.Len == 0 {
return result
}
buf := make([]byte, 0, 0)
count := 0
for i := 0; i < len(packet.Buffer); i++ {
if packet.Buffer[i] > 0 {
buf = append(buf, packet.Buffer[i])
} else if count > 2 {
break
} else {
count++
}
}
for idx := 0; idx < len(buf); idx += 3 {
if buf[idx] == CMD && (buf[idx+1] == DO || buf[idx+1] == WONT || buf[idx+1] == WILL || buf[idx+1] == DONT) {
result = true
} else {
result = false
}
}
return result
}
func (tel *TelnetMatcher) PacketCount() int {
return len(tel.sendPackets)
}
func (tel *TelnetMatcher) Packet(index int) *packet.Packet {
return tel.sendPackets[index]
}
func (tel *TelnetMatcher) ServiceName() string {
return "Telnet"
}
func (tel *TelnetMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (tel *TelnetMatcher) HasResponse(index int) bool {
return false
}
func (tel *TelnetMatcher) IsPrePacket() bool {
return true
}
func NewTelnetMatcher() *TelnetMatcher {
r := TelnetMatcher{}
return &r
}

250
matcher/wmi/wmi.go
View File

@ -1,250 +0,0 @@
package wmi
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
)
const (
PDU_BIND = 11
PDU_BIND_ACK = 12
PDU_REQ = 0
PDU_RESP = 2
WMI_CALL_ID_1 = 0x95
WMI_CALL_ID_2 = 0x96
)
type WMIMatcher struct {
sendPackets []*packet.Packet
}
func (w *WMIMatcher) Match(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
if packet == nil {
return false
}
buf := new(bytes.Buffer)
buf.Write(packet.Buffer)
wmiRecv := DCERPC_DEFAULT{}
binary.Read(buf, binary.LittleEndian, &wmiRecv)
switch index {
case 0:
if wmiRecv.Call_id != WMI_CALL_ID_1 {
return false
}
if wmiRecv.Ptype != PDU_BIND_ACK {
return false
}
return true
case 1:
if wmiRecv.Call_id != WMI_CALL_ID_2 {
return false
}
if wmiRecv.Ptype != PDU_RESP {
return false
}
return true
}
return false
}
func (w *WMIMatcher) PacketCount() int {
return len(w.sendPackets)
}
func (w *WMIMatcher) Packet(index int) *packet.Packet {
return w.sendPackets[index]
}
func (w *WMIMatcher) ServiceName() string {
return "WMI"
}
func (w *WMIMatcher) IsError(index int, packet *packet.Packet, info scaninfo.ServiceScanInfo) bool {
return false
}
func (w *WMIMatcher) HasResponse(index int) bool {
return false
}
func (w *WMIMatcher) IsPrePacket() bool {
return false
}
func NewWMIMatcher() *WMIMatcher {
wm := WMIMatcher{}
ds1 := DCERPC_DEFAULT{
Rpc_ver: 5,
Rpc_ver_minor: 0,
Ptype: PDU_BIND,
Flags: 0x03,
Drep: 0x10,
Frag_len: 16 + 56,
Auth_len: 0,
Call_id: WMI_CALL_ID_1,
}
ds2 := DCERPC_DEFAULT{
Rpc_ver: 5,
Rpc_ver_minor: 0,
Ptype: PDU_REQ,
Flags: 0x03,
Drep: 0x10,
Frag_len: 16 + 8,
Auth_len: 0,
Call_id: WMI_CALL_ID_2,
}
ioxidr := DCERPC_IOXIDResolver{
MaxXmitFrag: 0x16d0,
MaxRecvFrag: 0x16d0,
AssocGroup: 0,
NumCtxItem: 1,
ContextId: 0,
NumTransItem: 1,
//interfaces
InterfaceVer: 0,
InterfaceVerMinor: 0,
//transSyntax
TransSyntaxVer: 2,
}
ioxidr.Interfaces[0] = 0xc4
ioxidr.Interfaces[1] = 0xfe
ioxidr.Interfaces[2] = 0xfc
ioxidr.Interfaces[3] = 0x99
ioxidr.Interfaces[4] = 0x60
ioxidr.Interfaces[5] = 0x52
ioxidr.Interfaces[6] = 0x1b
ioxidr.Interfaces[7] = 0x10
ioxidr.Interfaces[8] = 0xbb
ioxidr.Interfaces[9] = 0xcb
ioxidr.Interfaces[10] = 0x00
ioxidr.Interfaces[11] = 0xaa
ioxidr.Interfaces[12] = 0x00
ioxidr.Interfaces[13] = 0x21
ioxidr.Interfaces[14] = 0x34
ioxidr.Interfaces[15] = 0x7a
ioxidr.TransSyntax[0] = 0x04
ioxidr.TransSyntax[1] = 0x5d
ioxidr.TransSyntax[2] = 0x88
ioxidr.TransSyntax[3] = 0x8a
ioxidr.TransSyntax[4] = 0xeb
ioxidr.TransSyntax[5] = 0x1c
ioxidr.TransSyntax[6] = 0xc9
ioxidr.TransSyntax[7] = 0x11
ioxidr.TransSyntax[8] = 0x9f
ioxidr.TransSyntax[9] = 0xe8
ioxidr.TransSyntax[10] = 0x08
ioxidr.TransSyntax[11] = 0x00
ioxidr.TransSyntax[12] = 0x2b
ioxidr.TransSyntax[13] = 0x10
ioxidr.TransSyntax[14] = 0x48
ioxidr.TransSyntax[15] = 0x60
da := DCERPC_ALIVE{
AllocHint: 0,
ContextId: 0,
OpNum: 3,
}
buf1 := new(bytes.Buffer)
binary.Write(buf1, binary.LittleEndian, ds1)
ds1Bytes := buf1.Bytes()
buf2 := new(bytes.Buffer)
binary.Write(buf2, binary.LittleEndian, ds2)
ds2Bytes := buf2.Bytes()
buf3 := new(bytes.Buffer)
binary.Write(buf3, binary.LittleEndian, ioxidr)
ioxidrBytes := buf3.Bytes()
buf4 := new(bytes.Buffer)
binary.Write(buf4, binary.LittleEndian, da)
daBytes := buf4.Bytes()
firstByte := make([]byte, len(ds1Bytes)+len(ioxidrBytes))
copy(firstByte[0:], ds1Bytes)
copy(firstByte[len(ds1Bytes):], ioxidrBytes)
secondByte := make([]byte, len(ds2Bytes)+len(daBytes))
copy(secondByte[0:], ds2Bytes)
copy(secondByte[len(ds2Bytes):], daBytes)
wm.sendPackets = append(wm.sendPackets, packet.NewPacket(firstByte, len(ds1Bytes)+len(ioxidrBytes)))
wm.sendPackets = append(wm.sendPackets, packet.NewPacket(secondByte, len(ds2Bytes)+len(daBytes)))
return &wm
}
type DCERPC_DEFAULT struct {
Rpc_ver uint8
Rpc_ver_minor uint8
Ptype uint8
Flags uint8
Drep uint32
Frag_len uint16
Auth_len uint16
Call_id uint32
}
type DCERPC_ALIVE struct {
AllocHint uint32
ContextId uint16
OpNum uint16
}
type DCERPC_IOXIDResolver struct {
MaxXmitFrag uint16
MaxRecvFrag uint16
AssocGroup uint32
NumCtxItem uint8
UnknownCode [3]uint8
ContextId uint16
NumTransItem uint8
UnknownCode2 uint8
Interfaces [16]uint8
InterfaceVer uint16
InterfaceVerMinor uint16
TransSyntax [16]uint8
TransSyntaxVer uint32
}

79
service/match/activedirectory/activedirectory_test.go Normal file
View File

@ -0,0 +1,79 @@
package activedirectory
import (
"crypto/tls"
"net"
"testing"
"fmt"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
)
func TestADNor(t *testing.T) {
client, err := net.Dial("tcp", "192.168.1.15:389")
if err != nil {
t.Log(err)
}
defer client.Close()
dDRun(client, t)
}
func TestADTLS(t *testing.T) {
conn, err := tls.Dial(
"tcp",
"192.168.1.1:636",
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.1",
},
)
if err != nil {
t.Log(err)
return
}
defer conn.Close()
dDRun(conn, t)
}
func dDRun(client net.Conn, t *testing.T) {
lm := NewActiveDirectoryMatcher()
//port := types.NewPort("389", types.NewHost("192.168.1.1"), types.TYPE_TCP)
//
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
//
//fmt.Println(ipport)
//
//fmt.Println(lm.PacketCount())
for ii := 0; ii < lm.PacketCount(); ii++ {
pack := lm.Packet(ii)
fmt.Println(pack)
client.Write(pack.Buffer)
bytes := make([]byte, 1024)
read, _ := client.Read(bytes)
fmt.Println(bytes)
b := lm.Match(ii, matcher.NewPacket(bytes, read), nil)
if b {
fmt.Println("Good")
}
}
}

73
service/match/cassandra/cassandra_test.go Normal file
View File

@ -0,0 +1,73 @@
package cassandra
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestCassandra(t *testing.T) {
m := NewCassandraMatcher()
conn, err := net.Dial("tcp", "192.168.1.16:19042")
if err != nil {
t.Error(err)
return
}
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("Cassandra found")
return
}
t.Error("Cassandra not found")
}
}
func TestCassandraTLS(t *testing.T) {
m := NewCassandraMatcher()
conn, err := tls.Dial(
"tcp",
"192.168.1.16:19042",
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.16",
},
)
if err != nil {
t.Fatal(err)
}
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("Cassandra found")
return
}
t.Error("Cassandra not found")
}
}

33
service/match/dns/dns_test.go Normal file
View File

@ -0,0 +1,33 @@
package dns
import (
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestDns(t *testing.T) {
m := NewDnsMatcher()
conn, _ := net.Dial("udp", "168.126.63.1:53")
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
if m.IsSend(53) != true {
t.Error("not port")
}
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("dns found")
return
}
t.Error("dns not found")
}
}

234
service/match/ftp/ftp_test.go Normal file
View File

@ -0,0 +1,234 @@
package ftp
import (
"fmt"
"testing"
"git.loafle.net/overflow/overflow_discovery/model/scaninfo"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
)
//type FTP struct {
// conn net.Conn
// addr string
//
// reader *bufio.Reader
// writer *bufio.Writer
//}
//
//func (ftp *FTP) Close() {
// ftp.conn.Close()
//}
//
//func Connect(addr string) (*FTP, error) {
// var err error
// var conn net.Conn
//
// if conn, err = net.Dial("tcp", addr); err != nil {
// return nil, err
// }
//
// writer := bufio.NewWriter(conn)
// reader := bufio.NewReader(conn)
//
// obj := &FTP{
// conn:conn,
// addr:addr,
// reader:reader,
// writer:writer,
// }
// recv, _ := obj.receive()
//
// fmt.Println(recv)
//
// return obj, nil
//
//}
//
//func (ftp *FTP) receive() (string, error) {
// line, err := ftp.receiveLine()
//
// if err != nil {
// return line, err
// }
//
// fmt.Println("len : ", len(line))
// fmt.Println("line[3] :", line[3])
// //
// //if (len(line) >= 4) && (line[3] == '-') {
// // closingCode := line[:3] + " "
// //
// // for {
// // str, err := ftp.receiveLine()
// // fmt.Println("str pre: ", str)
// // line = line + str
// // fmt.Println("str after: ", line)
// // if err != nil {
// // return line, err
// // }
// //
// // if len(str) < 4 {
// // fmt.Println("Uncorrectly terminated response")
// // }else {
// // if str[:4] == closingCode {
// // break
// // }
// // }
// // }
// //}
//
// ftp.ReadAndDiscard()
//
// fmt.Println("receive line: ", line)
// return line, err
//}
//
//func (ftp *FTP) ReadAndDiscard() (int, error) {
// var i int
// bufferSize := ftp.reader.Buffered()
//
// for i = 0; i < bufferSize ; i++ {
// if _, err := ftp.reader.ReadByte(); err != nil {
// return i, err
// }
// }
//
// return i, nil
//}
//
//func (ftp *FTP) send(command string, arguments ...interface{}) error {
//
// command = fmt.Sprintf(command)
// command += "\r\n"
//
// if _, err := ftp.writer.WriteString(command); err != nil {
// return err
// }
//
// if err := ftp.writer.Flush(); err != nil {
// return err
// }
//
// return nil
//}
//
//func (ftp *FTP) cmd(expects string, command string, args ...interface{}) (line string, err error) {
//
// if err = ftp.send(command, args); err != nil {
// return
// }
//
// if line, err = ftp.receive(); err != nil {
// return
// }
//
//
// if !strings.HasPrefix(line, expects) {
// err = errors.New(line)
// return
// }
//
// return
//}
//
//func (ftp *FTP) receiveLine() (string, error) {
// line, err := ftp.reader.ReadString('\n')
//
// log.Printf("< %s", line)
//
// return line, err
//}
//
//func (ftp *FTP) Syst() (line string, err error) {
// if err := ftp.send("SYST"); err != nil {
// return "", err
// }
//
// if line, err = ftp.receive(); err != nil {
// return
// }
//
// if !strings.HasPrefix(line, "215") {
// err = errors.New(line)
// return
// }
//
// return strings.SplitN(strings.TrimSpace(line), " ", 2)[1], nil
//}
//func TestFtp(t *testing.T) {
// var err error
// var ftp *FTP
// //var f *FTPMatcher
//
// if ftp, err = Connect("192.168.1.202:21"); err != nil {
// panic(err)
// }
//
// //f.Match(0, nil,nil)
// ftp.Syst()
// ftp.cmd("503","PASS ")
// ftp.cmd("221","QUIT")
// defer ftp.Close()
//}
func TestMatchFTP(t *testing.T) {
ftm := NewFTPMatcher()
//fmt.Println(ftm)
//fmt.Println(ftm.sendPackets[0])
//log.LoadLogConfig("../../../../../../../../bin/log.xml")
//defer log.Flush()
//port := types.NewPort("21", types.NewHost("192.168.1.202"), types.TYPE_TCP)
info := scaninfo.NewScanInfoImpl("192.168.1.15","21")
//
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
//
//log.Debug(ipport)
client, _ := net.Dial("tcp", "192.168.1.15:21")
defer client.Close()
//reader := bufio.NewReader(client)
//writer := bufio.NewWriter(client)
fmt.Println(ftm.PacketCount())
//fmt.Println(reader.ReadString('\n'))
bytes := make([]byte, 512)
le, _ := client.Read(bytes)
fmt.Println(bytes)
b := ftm.Match(0, matcher.NewPacket(bytes, le), nil)
fmt.Println(b)
for ii := 0; ii < ftm.PacketCount(); ii++ {
pack := ftm.Packet(ii)
fmt.Println(pack)
//writer.WriteString(pack)
client.Write(pack.Buffer)
//fmt.Println(reader.ReadString('\n'))
bytes := make([]byte, 512)
l, _ := client.Read(bytes)
//fmt.Println(bytes)
b := ftm.Match(ii+1, matcher.NewPacket(bytes, l), info)
fmt.Println(b)
}
fmt.Println("Service Name : ", ftm.ServiceName())
}

49
service/match/http/http_test.go Normal file
View File

@ -0,0 +1,49 @@
package http
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types"
"net"
"testing"
)
func TestHTTPMatcher_Packet(t *testing.T) {
hm := NewHTTPMatcher()
fmt.Println(hm)
fmt.Println(hm.sendPackets[0])
}
func TestHTTPMatcher_Match(t *testing.T) {
fmt.Println("Match")
hm := NewHTTPMatcher()
//port := types.NewPort("80", types.NewHost("192.168.1.103"), types.TYPE_TCP)
//
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
//fmt.Println(ipport)
client, _ := net.Dial("tcp", "192.168.1.15:38980")
defer client.Close()
pack := hm.Packet(0)
//fmt.Println(pack)
//writer.WriteString(pack)
client.Write(pack.Buffer)
bytes := make([]byte, 512)
l, _ := client.Read(bytes)
//fmt.Println(bytes)
hm.Match(0, matcher.NewPacket(bytes, l), nil)
}

55
service/match/http/https_test.go Normal file
View File

@ -0,0 +1,55 @@
package http
import (
"crypto/tls"
"fmt"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"log"
"net"
"testing"
"time"
)
func TestHTTPSMatcher_Match(t *testing.T) {
netinfo := "192.168.1.10:10443"
dialer := &net.Dialer{
Timeout: 5 * time.Second,
}
conn, err := tls.DialWithDialer(
dialer,
"tcp",
netinfo,
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.103",
},
)
if err != nil {
log.Println(err)
return
}
defer conn.Close()
//fmt.Println(conn)
h := NewHTTPMatcher()
pac := h.Packet(0)
//fmt.Println(pac)
//fmt.Println(pac.Buffer)
//bytes := make([]byte, 1024)
l, _ := conn.Write(pac.Buffer)
buf := make([]byte, 1024)
l, _ = conn.Read(buf)
fmt.Println(string(buf))
fmt.Println(l)
is := h.Match(0, matcher.NewPacket(buf, l), nil)
fmt.Println(is)
}

153
service/match/imap/imap_test.go Normal file
View File

@ -0,0 +1,153 @@
package imap
import (
"crypto/tls"
"fmt"
//"git.loafle.net/overflow/overflow_discovery/collector/core/scan/port"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/collector/core/scan/service/matcher/scaninfo"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
"testing"
)
func ImapRun(client net.Conn, t *testing.T) {
lm := NewIMAPMatcher()
//port := types.NewPort("143", types.NewHost("192.168.1.215"), types.TYPE_TCP)
//
//scanInfo := types.NewServiceScanInfo(port)
//
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
//
//fmt.Println(ipport)
//client, _ := net.Dial("tcp", ipport)
//defer client.Close()
bytett := make([]byte, 1024)
rr, _ := client.Read(bytett)
bb := lm.Match(0, matcher.NewPacket(bytett, rr), nil)
if bb {
t.Log("good!")
}
fmt.Println(lm.PacketCount())
for ii := 0; ii < lm.PacketCount(); ii++ {
pack := lm.Packet(ii)
//fmt.Println(pack)
client.Write(pack.Buffer)
bytes := make([]byte, 1024)
read, _ := client.Read(bytes)
fmt.Println(cap(bytes))
//fmt.Println(bytes)
b := lm.Match(ii+1, matcher.NewPacket(bytes, read), nil)
if b {
t.Log("send Good!")
}
}
}
func TestIMapTls(t *testing.T) {
conn, _ := tls.Dial(
"tcp",
"192.168.1.15:993",
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.15",
},
)
defer conn.Close()
ImapRun(conn, t)
}
func TestIMapNormal(t *testing.T) {
client, err := net.Dial("tcp", "192.168.1.15:143")
if err != nil {
t.Fatal(err)
}
defer client.Close()
ImapRun(client, t)
}
func TestImap(t *testing.T) {
lm := NewIMAPMatcher()
//port := types.NewPort("143", types.NewHost("192.168.1.215"), types.TYPE_TCP)
//scanInfo := scaninfo.NewServiceScanInfo(port)
var ipport string
//ipport = port.Host.Ip + ":" + port.Port_
fmt.Println(ipport)
client, _ := net.Dial("tcp", ipport)
defer client.Close()
bytett := make([]byte, 1024)
rr, _ := client.Read(bytett)
//bb := lm.Match(0, matcher.NewPacket(bytett, rr), scanInfo)
bb := lm.Match(0, matcher.NewPacket(bytett, rr), nil)
if bb {
t.Log("good!")
}
fmt.Println(lm.PacketCount())
for ii := 0; ii < lm.PacketCount(); ii++ {
pack := lm.Packet(ii)
//fmt.Println(pack)
client.Write(pack.Buffer)
bytes := make([]byte, 1024)
read, _ := client.Read(bytes)
fmt.Println(cap(bytes))
//fmt.Println(bytes)
b := lm.Match(ii+1, matcher.NewPacket(bytes, read), nil)
if b {
t.Log("send Good!")
}
}
//t.Log(scanInfo)
}

54
service/match/mongodb/mongodb_test.go Normal file
View File

@ -0,0 +1,54 @@
package mongodb
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestMongoNor(t *testing.T) {
conn, _ := net.Dial("tcp", "192.168.1.16:37017")
defer conn.Close()
MongoRun(conn, t)
}
func TestMongoTLS(t *testing.T) {
conn, _ := tls.Dial(
"tcp",
"192.168.1.16:47017",
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.16",
},
)
defer conn.Close()
MongoRun(conn, t)
}
func MongoRun(conn net.Conn, t *testing.T) {
m := NewMongoDBMatcher()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("MongoDB found")
return
}
t.Error("MongoDB not found")
}
}

63
service/match/mssql/mssql_test.go Normal file
View File

@ -0,0 +1,63 @@
package mssql
import (
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
/*
192.168.1.106:1433 - normal
192.168.1.103:1433 - ssl
*/
func TestSqlNor(t *testing.T) {
conn, _ := net.Dial("tcp", "192.168.1.16:11433")
defer conn.Close()
sqlServerRun(conn, t)
}
//func TestSqlTLS(t *testing.T) {
// conn, err := tls.Dial(
// "tcp",
// "192.168.1.103:7680",
// &tls.Config{
// InsecureSkipVerify: true,
// ServerName: "192.168.1.103",
// },
// )
//
// if err != nil {
// t.Log(err)
// return
// }
//
// defer conn.Close()
//
// sqlServerRun(conn, t)
//}
func sqlServerRun(conn net.Conn, t *testing.T) {
m := NewMSSqlMatcher()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log(m.ServiceName())
return
}
t.Error("MSSQL not found")
}
}

71
service/match/mysql/mysql_test.go Normal file
View File

@ -0,0 +1,71 @@
package mysql
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestMySql(t *testing.T) {
m := NewMySqlMatcher()
/*
192.168.1.103:3306 - normal
192.168.1.105:8306 - ssl
192.168.1.203:3306 - mysql with error code
*/
conn, _ := net.Dial("tcp", "192.168.1.15:33068")
defer conn.Close()
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(0, p, nil) {
t.Log(m.ServiceName())
return
}
t.Error("MySQL not found")
}
func TestCassandraTLS(t *testing.T) {
m := NewMySqlMatcher()
conn, err := tls.Dial(
"tcp",
"192.168.1.105:8306",
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.105",
},
)
if err != nil {
t.Fatal(err)
}
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log(m.ServiceName())
return
}
t.Error("MySQL not found")
}
}

34
service/match/netbios/netbios_test.go Normal file
View File

@ -0,0 +1,34 @@
package netbios
import (
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestNBSS(t *testing.T) {
m := NewNetBiosMatcher()
conn, _ := net.Dial("tcp", "192.168.1.106:139")
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("NBSS found")
return
}
t.Error("NBSS not found")
}
}

53
service/match/oracle/oracle_test.go Normal file
View File

@ -0,0 +1,53 @@
package oracle
import (
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestOracle(t *testing.T) {
lm := NewOracleMatcher()
//port := types.NewPort("1521", types.NewHost("192.168.1.30"), types.TYPE_TCP)
//scanInfo := scaninfo.NewServiceScanInfo(port)
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
client, _ := net.Dial("tcp", "192.168.1.15:1521")
defer client.Close()
t.Log(lm.PacketCount())
for ii := 0; ii < lm.PacketCount(); ii++ {
pack := lm.Packet(ii)
t.Log(pack)
client.Write(pack.Buffer)
bytes := make([]byte, 1024)
read, _ := client.Read(bytes)
t.Log(bytes)
b := lm.Match(ii, matcher.NewPacket(bytes, read), nil)
if b {
t.Log("Good")
}
}
}

70
service/match/pgsql/pgsql_test.go Normal file
View File

@ -0,0 +1,70 @@
package pgsql
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestPG(t *testing.T) {
m := NewPostgreSQLMatcher()
conn, err := net.Dial("tcp", "192.168.1.106:5432") //107
if err != nil {
t.Error(err)
return
}
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("PostgreSQL found")
return
}
t.Error("PostgreSQL not found")
}
}
func TestSqlTLS(t *testing.T) {
conn, err := tls.Dial(
"tcp",
"192.168.1.107:5432",
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.107",
},
)
if err != nil {
t.Error(err)
return
}
defer conn.Close()
m := NewPostgreSQLMatcher()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("PostgreSQL found")
return
}
t.Error("PostgreSQL not found")
}
}

86
service/match/pop/pop_test.go Normal file
View File

@ -0,0 +1,86 @@
package pop
import (
"crypto/tls"
"fmt"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestPopTLS(t *testing.T) {
conn, _ := tls.Dial(
"tcp",
"192.168.1.15:995",
&tls.Config{
InsecureSkipVerify: true,
ServerName: "192.168.1.15",
},
)
defer conn.Close()
pop3Run(conn, t)
}
func TestPopNor(t *testing.T) {
client, _ := net.Dial("tcp", "192.168.1.15:110")
defer client.Close()
pop3Run(client, t)
}
func pop3Run(client net.Conn, t *testing.T) {
lm := NewPOPMatcher()
//port := types.NewPort("110", types.NewHost("192.168.1.215"), types.TYPE_TCP)
//scanInfo := scaninfo.NewServiceScanInfo(port)
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
//
//fmt.Println(ipport)
bytett := make([]byte, 1024)
read, _ := client.Read(bytett)
bb := lm.Match(0, matcher.NewPacket(bytett, read), nil)
if bb {
t.Log("good!")
}
fmt.Println(lm.PacketCount())
for ii := 0; ii < lm.PacketCount(); ii++ {
pack := lm.Packet(ii)
//fmt.Println(pack)
client.Write(pack.Buffer)
bytes := make([]byte, 1024)
rr, _ := client.Read(bytes)
//fmt.Println(bytes)
b := lm.Match(ii+1, matcher.NewPacket(bytes, rr), nil)
if b {
t.Log("send Good!")
}
}
}

33
service/match/redis/redisProtected_test.go Normal file
View File

@ -0,0 +1,33 @@
package redis
//import (
// "git.loafle.net/overflow/overflow_discovery/collector/core/scan/service/matcher/packet"
// "net"
// "testing"
//)
//
//func TestRedisProtected(t *testing.T) {
//
// m := NewRedisProtectedMatcher()
//
// conn, err := net.Dial("tcp", "192.168.1.215:8379")
//
// if err != nil {
// t.Log(err)
// return
// }
//
// defer conn.Close()
//
// bytes := make([]byte, 1024)
// n, _ := conn.Read(bytes)
//
// //fmt.Println(string(bytes[:n]))
//
// b := m.Match(0, matcher.NewPacket(bytes, n), nil)
//
// if b {
// t.Log("good!")
// }
//
//}

37
service/match/redis/redis_test.go Normal file
View File

@ -0,0 +1,37 @@
package redis
import (
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
const (
ADDR string = "192.168.1.16:26379"
)
func TestRedisMatcher(t *testing.T) {
m := NewRedisMatcher()
conn, _ := net.Dial("tcp", ADDR)
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("Redis found.")
return
}
t.Error("Redis not found")
}
}

52
service/match/rmi/rmi_test.go Normal file
View File

@ -0,0 +1,52 @@
package rmi
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types"
"net"
"testing"
)
func TestNew(t *testing.T) {
r := NewRMIMatcher()
fmt.Println("TestNew: ", r)
}
func TestRMIMatcher_Match(t *testing.T) {
fmt.Println("Match")
hm := NewRMIMatcher()
//port := types.NewPort("9840", types.NewHost("192.168.1.101"), types.TYPE_TCP)
//
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
//fmt.Println(ipport)
client, err := net.Dial("tcp", "192.168.1.101:9840")
if err != nil {
t.Fatal(err)
}
defer client.Close()
pack := hm.Packet(0)
fmt.Println(pack.Buffer)
//writer.WriteString(pack)
client.Write(pack.Buffer)
bytes := make([]byte, 512)
l, _ := client.Read(bytes)
//fmt.Println(bytes)
t1 := hm.Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(t1)
}

42
service/match/smb/smb_test.go Normal file
View File

@ -0,0 +1,42 @@
package smb
import (
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
const (
ADDR string = "192.168.1.106:445"
)
func TestSMBMatcher(t *testing.T) {
m := NewSMBMatcher()
conn, err := net.Dial("tcp", ADDR)
if err != nil {
t.Fatal(err)
}
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("SMB found.")
return
}
t.Error("SMB not found")
}
}

37
service/match/snmp/snmpv2_test.go Normal file
View File

@ -0,0 +1,37 @@
package snmp
import (
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestSNMP2(t *testing.T) {
m := NewSNMPv2Matcher()
conn, err := net.Dial("udp", "192.168.1.15:161")
if err != nil {
t.Error(err)
return
}
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("SNMP found")
return
}
t.Error("SNMP not found")
}
}

37
service/match/snmp/snmpv3_test.go Normal file
View File

@ -0,0 +1,37 @@
package snmp
import (
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestSNMP3(t *testing.T) {
m := NewSNMPv3Matcher()
conn, err := net.Dial("udp", "192.168.1.15:161")
if err != nil {
t.Error(err)
return
}
defer conn.Close()
for i := 0; i < m.PacketCount(); i++ {
pack := m.Packet(i)
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("SNMP found")
return
}
t.Error("SNMP not found")
}
}

35
service/match/ssh/ssh_test.go Normal file
View File

@ -0,0 +1,35 @@
package ssh
import (
"fmt"
//"git.loafle.net/overflow/overflow_discovery/match/ssh"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
"testing"
)
func TestSSHMatcher_Match(t *testing.T) {
//port := types.NewPort("22", types.NewHost("192.168.1.103"), types.TYPE_TCP)
//ssh := NewSSHMatcher()
//
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
client, _ := net.Dial("tcp", "192.168.1.10:22")
defer client.Close()
bytes := make([]byte, 512)
l, _ := client.Read(bytes)
fmt.Println(bytes)
b := NewSSHMatcher().Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(b)
}

33
service/match/telnet/telnet_test.go Normal file
View File

@ -0,0 +1,33 @@
package telnet
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
func TestTelnetMatcher_Match(t *testing.T) {
//port := types.NewPort("23", types.NewHost("192.168.1.210"), types.TYPE_TCP)
//telnet := NewTelnetMatcher()
//
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
client, _ := net.Dial("tcp", "192.168.1.105:23")
defer client.Close()
bytes := make([]byte, 512)
l, _ := client.Read(bytes)
fmt.Println("length :", l)
fmt.Println(bytes)
b := NewTelnetMatcher().Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(b)
}

51
service/match/wmi/wmi_test.go Normal file
View File

@ -0,0 +1,51 @@
package wmi
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/scan/matcher/scaninfo"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
"testing"
)
func TestWMI(t *testing.T) {
lm := NewWMIMatcher()
//port := types.NewPort("135", types.NewHost("192.168.1.1"), types.TYPE_TCP)
//scanInfo := scaninfo.NewServiceScanInfo(port)
//var ipport string
//ipport = port.Host.Ip + ":" + string(port.Port)
//fmt.Println(ipport)
client, _ := net.Dial("tcp", "192.168.1.106:135")
defer client.Close()
fmt.Println(lm.PacketCount())
for ii := 0; ii < lm.PacketCount(); ii++ {
pack := lm.Packet(ii)
fmt.Println(pack)
client.Write(pack.Buffer)
bytes := make([]byte, 1024)
read, _ := client.Read(bytes)
//fmt.Println(bytes)
b := lm.Match(ii, matcher.NewPacket(bytes, read), nil)
if b {
fmt.Println("Good")
}
}
}

4
service/matcher/oracle/oracle_test.go
View File

@ -3,7 +3,7 @@ package oracle
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
@ -40,7 +40,7 @@ func TestOracle(t *testing.T) {
t.Log(bytes)
b := lm.Match(ii, packet.NewPacket(bytes, read), nil)
b := lm.Match(ii, matcher.NewPacket(bytes, read), nil)
if b {
t.Log("Good")

6
service/matcher/pgsql/pgsql_test.go
View File

@ -2,7 +2,7 @@ package pgsql
import (
"crypto/tls"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
)
@ -23,7 +23,7 @@ func TestPG(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("PostgreSQL found")
@ -58,7 +58,7 @@ func TestSqlTLS(t *testing.T) {
conn.Write(pack.Buffer)
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
t.Log("PostgreSQL found")

6
service/matcher/pop/pop_test.go
View File

@ -4,7 +4,7 @@ package pop
import (
"crypto/tls"
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
@ -51,7 +51,7 @@ func pop3Run(client net.Conn, t *testing.T) {
read, _ := client.Read(bytett)
bb := lm.Match(0, packet.NewPacket(bytett, read), nil)
bb := lm.Match(0, matcher.NewPacket(bytett, read), nil)
if bb {
t.Log("good!")
@ -73,7 +73,7 @@ func pop3Run(client net.Conn, t *testing.T) {
//fmt.Println(bytes)
b := lm.Match(ii+1, packet.NewPacket(bytes, rr), nil)
b := lm.Match(ii+1, matcher.NewPacket(bytes, rr), nil)
if b {
t.Log("send Good!")

9
service/matcher/redis/redis_test.go
View File

@ -1,9 +1,10 @@
package redis
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"net"
"testing"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
)
const (
@ -12,7 +13,7 @@ const (
func TestRedisMatcher(t *testing.T) {
m := NewRedisMatcher()
m := NewMatcher()
conn, _ := net.Dial("tcp", ADDR)
defer conn.Close()
@ -24,9 +25,9 @@ func TestRedisMatcher(t *testing.T) {
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
if m.Match(nil, i, p) {
t.Log("Redis found.")
return
}

4
service/matcher/rmi/rmi_test.go
View File

@ -2,7 +2,7 @@ package rmi
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/discovery/discovery/types"
"net"
"testing"
@ -46,7 +46,7 @@ func TestRMIMatcher_Match(t *testing.T) {
//fmt.Println(bytes)
t1 := hm.Match(0, packet.NewPacket(bytes, l), nil)
t1 := hm.Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(t1)
}

9
service/matcher/smb/smb_test.go
View File

@ -1,9 +1,10 @@
package smb
import (
"git.loafle.net/overflow/overflow_discovery/match/packet"
"net"
"testing"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
)
const (
@ -12,7 +13,7 @@ const (
func TestSMBMatcher(t *testing.T) {
m := NewSMBMatcher()
m := NewMatcher()
conn, err := net.Dial("tcp", ADDR)
@ -29,9 +30,9 @@ func TestSMBMatcher(t *testing.T) {
bytes := make([]byte, 1024)
n, _ := conn.Read(bytes)
p := packet.NewPacket(bytes, n)
p := matcher.NewPacket(bytes, n)
if m.Match(i, p, nil) {
if m.Match(nil, i, p) {
t.Log("SMB found.")
return
}

4
service/matcher/ssh/ssh_test.go
View File

@ -3,7 +3,7 @@ package ssh
import (
"fmt"
//"git.loafle.net/overflow/overflow_discovery/match/ssh"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
"testing"
@ -28,7 +28,7 @@ func TestSSHMatcher_Match(t *testing.T) {
fmt.Println(bytes)
b := NewSSHMatcher().Match(0, packet.NewPacket(bytes, l), nil)
b := NewSSHMatcher().Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(b)

4
service/matcher/telnet/telnet_test.go
View File

@ -2,7 +2,7 @@ package telnet
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
"net"
"testing"
@ -27,7 +27,7 @@ func TestTelnetMatcher_Match(t *testing.T) {
fmt.Println("length :", l)
fmt.Println(bytes)
b := NewTelnetMatcher().Match(0, packet.NewPacket(bytes, l), nil)
b := NewTelnetMatcher().Match(0, matcher.NewPacket(bytes, l), nil)
fmt.Println(b)
}

4
service/matcher/wmi/wmi_test.go
View File

@ -2,7 +2,7 @@ package wmi
import (
"fmt"
"git.loafle.net/overflow/overflow_discovery/match/packet"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/scan/matcher/scaninfo"
//"git.loafle.net/overflow/overflow_discovery/collector/discovery/types"
"net"
@ -39,7 +39,7 @@ func TestWMI(t *testing.T) {
//fmt.Println(bytes)
b := lm.Match(ii, packet.NewPacket(bytes, read), nil)
b := lm.Match(ii, matcher.NewPacket(bytes, read), nil)
if b {
fmt.Println("Good")