service scan is in progress

2018-08-15 16:46:52 +09:00 · 2018-08-15 16:46:52 +09:00 · 1dcb5f8438
commit 1dcb5f8438
parent 20eea426b3
5 changed files with 51 additions and 240 deletions
--- a/discoverer/discoverer_test.go
+++ b/discoverer/discoverer_test.go
@ -3,19 +3,14 @@ package discoverer_test
 import (
 	"encoding/json"
 	"log"
-	"net"
 	"strconv"
 	"testing"
-	"time"

 	logging "git.loafle.net/commons/logging-go"
 	omd "git.loafle.net/overflow/model/discovery"
 	omm "git.loafle.net/overflow/model/meta"
 	omu "git.loafle.net/overflow/model/util"
 	"git.loafle.net/overflow_scanner/probe/discoverer"
-	"github.com/google/gopacket"
-	"github.com/google/gopacket/layers"
-	"github.com/google/gopacket/pcap"
 )

 var (
@ -52,40 +47,9 @@ var (
 	p = &omd.Port{
 		Host:           h,
 		MetaPortType:   omm.ToMetaPortType(omm.MetaPortTypeEnumTCP),
-		PortNumber:     json.Number(strconv.Itoa(21)),
+		PortNumber:     json.Number(strconv.Itoa(80)),
 		DiscoveredDate: omu.NowPtr(),
 	}
-	ds = &omd.DiscoverService{
-		IncludeServices: []string{
-			"ACTIVEDIRECTORY",
-			"CASSANDRA",
-			"DHCP",
-			"DNS",
-			"FTP",
-			"HTTP",
-			"IMAP",
-			"LDAP",
-			"MONGODB",
-			"MSSQL",
-			"MYSQL",
-			"NETBIOS",
-			"ORACLE",
-			"POP",
-			"POSTGRESQL",
-			"REDIS",
-			"RMI",
-			"SMB",
-			"SMTP",
-			"SNMP",
-			"SSH",
-			"TELNET",
-			"WMI",
-			"UNKNOWN",
-			"SSH",
-			"WMI",
-			"SNMP V3",
-		},
-	}

 	dha = &omd.DiscoverHost{
 		MetaIPType:     omm.ToMetaIPType(omm.MetaIPTypeEnumV4),
@ -99,7 +63,7 @@ var (
 			},
 			IncludeTCP:      true,
 			IncludeUDP:      false,
-			DiscoverService: ds,
+			DiscoverService: nil,
 		},
 	}
 )
@ -137,7 +101,7 @@ func TestDiscoverService(t *testing.T) {
 	_discoverer := discoverer.GetDiscoverer()

 	handleDiscovery(_discoverer, func(dataChan chan *discoverer.DiscoveryData) {
-		_discoverer.DiscoverSerice(dataChan, p, ds)
+		_discoverer.DiscoverSerice(dataChan, p, nil)
 	})
 }

@ -196,148 +160,3 @@ func handleDiscovery(_discoverer discoverer.Discoverer, discoveryFunc func(dataC
 		}
 	}
 }
-
-type scanner struct {
-	// iface is the interface to send packets on.
-	iface *net.Interface
-	// destination, gateway (if applicable), and source IP addresses to use.
-	dst, gw, src net.IP
-
-	handle *pcap.Handle
-
-	// opts and buf allow us to easily serialize packets in the send()
-	// method.
-	opts gopacket.SerializeOptions
-	buf  gopacket.SerializeBuffer
-}
-
-func TestTCP(t *testing.T) {
-	s, err := newScanner()
-	if err != nil {
-		log.Printf("unable to create scanner for : %v", err)
-		return
-	}
-	if err := s.scan(); err != nil {
-		log.Printf("unable to scan %v: %v", err)
-	}
-	s.close()
-}
-
-// newScanner creates a new scanner for a given destination IP address, using
-// router to determine how to route packets to that IP.
-func newScanner() (*scanner, error) {
-	s := &scanner{
-		dst: net.ParseIP("192.168.1.229"),
-		src: net.ParseIP("192.168.1.201"),
-		opts: gopacket.SerializeOptions{
-			FixLengths:       true,
-			ComputeChecksums: true,
-		},
-		buf: gopacket.NewSerializeBuffer(),
-	}
-	// Open the handle for reading/writing.
-	// Note we could very easily add some BPF filtering here to greatly
-	// decrease the number of packets we have to look at when getting back
-	// scan results.
-	handle, err := pcap.OpenLive("\\Device\\NPF_{1924FA2B-6927-4BA5-AF43-876C3F8853CE}", 65536, true, pcap.BlockForever)
-	if err != nil {
-		return nil, err
-	}
-	s.handle = handle
-	return s, nil
-}
-
-// close cleans up the handle.
-func (s *scanner) close() {
-	s.handle.Close()
-}
-
-func (s *scanner) scan() error {
-	// First off, get the MAC address we should be sending packets to.
-
-	srcMac, err := net.ParseMAC("30:9C:23:15:A3:09")
-	if nil != err {
-		return err
-	}
-
-	dstMac, err := net.ParseMAC("50:E5:49:46:93:28")
-	if nil != err {
-		return err
-	}
-
-	eth := layers.Ethernet{
-		SrcMAC:       srcMac,
-		DstMAC:       dstMac,
-		EthernetType: layers.EthernetTypeIPv4,
-	}
-
-	ip4 := layers.IPv4{
-		SrcIP:    s.src,
-		DstIP:    s.dst,
-		Version:  4,
-		TTL:      64,
-		Protocol: layers.IPProtocolTCP,
-	}
-	tcp := layers.TCP{
-		SrcPort: 60000,
-		DstPort: 0, // will be incremented during the scan
-		SYN:     true,
-		Seq:     0,
-	}
-	if err := tcp.SetNetworkLayerForChecksum(&ip4); err != nil {
-		log.Println(err)
-		return err
-	}
-
-	// Create the flow we expect returning packets to have, so we can check
-	// against it and discard useless packets.
-	//ipFlow := gopacket.NewFlow(layers.EndpointIPv4, s.dst, s.src)
-	start := time.Now()
-	for {
-		// Send one packet per loop iteration until we've sent packets
-		// to all of ports [1, 65535].
-		if tcp.DstPort < 65535 {
-			start = time.Now()
-			tcp.DstPort++
-			if err := s.send(&eth, &ip4, &tcp); err != nil {
-				log.Printf("error sending to port %v: %v", tcp.DstPort, err)
-			}
-		}
-		// Time out 5 seconds after the last packet we sent.
-		if time.Since(start) > time.Second*60 {
-			log.Printf("timed out for %v, assuming we've seen all we can", s.dst)
-			return nil
-		}
-
-		// Read in the next packet.
-		data, _, err := s.handle.ReadPacketData()
-		if err == pcap.NextErrorTimeoutExpired {
-			continue
-		} else if err != nil {
-			log.Printf("error reading packet: %v", err)
-			continue
-		}
-
-		// Parse the packet.  We'd use DecodingLayerParser here if we
-		// wanted to be really fast.
-		packet := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.NoCopy)
-		if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer == nil {
-			continue
-		} else if tcp, ok := tcpLayer.(*layers.TCP); !ok {
-			continue
-		} else if tcp.DstPort != 60000 {
-			continue
-		} else if tcp.SYN && tcp.ACK {
-			log.Println("OPENED: ", tcp.SrcPort)
-		}
-
-	}
-}
-
-// send sends the given layers as a single packet on the network.
-func (s *scanner) send(l ...gopacket.SerializableLayer) error {
-	if err := gopacket.SerializeLayers(s.buf, s.opts, l...); err != nil {
-		return err
-	}
-	return s.handle.WritePacketData(s.buf.Bytes())
-}
--- a/discoverer/ipv4/service_tcp.go
+++ b/discoverer/ipv4/service_tcp.go
@ -6,11 +6,11 @@ import (
 	"time"

 	logging "git.loafle.net/commons/logging-go"
-	csm "git.loafle.net/commons/service_matcher-go"
 	cuej "git.loafle.net/commons/util-go/encoding/json"
 	omd "git.loafle.net/overflow/model/discovery"
 	omm "git.loafle.net/overflow/model/meta"
 	omu "git.loafle.net/overflow/model/util"
+	osm "git.loafle.net/overflow/service_matcher-go"
 	"git.loafle.net/overflow_scanner/probe/matcher"
 )

@ -22,7 +22,7 @@ func scanServiceTCP(port *omd.Port, ds *omd.DiscoverService, resultChan chan int
 		return false
 	}

-	info := csm.NewMatchInfo(hostIP, portNumber)
+	info := osm.NewMatchInfo(hostIP, portNumber)
 	var s *omd.Service

 	scs := []serviceConnector{
@ -56,7 +56,7 @@ LOOP:
 			rn = 0
 		}
 		if rn != 0 {
-			s = hadlePrePacket(info, sc, conn, csm.NewPacket(buf, rn))
+			s = hadlePrePacket(info, sc, conn, osm.NewPacket(buf, rn))
 		} else {
 			conn.Close()
 			s = hadlePostPacket(info, sc)
@ -82,7 +82,7 @@ LOOP:
 	return false
 }

-func hadlePrePacket(info csm.MatchInfo, sc serviceConnector, conn net.Conn, packet *csm.Packet) *omd.Service {
+func hadlePrePacket(info osm.MatchInfo, sc serviceConnector, conn net.Conn, packet *osm.Packet) *omd.Service {
 	defer func() {
 		conn.Close()
 	}()
@ -102,11 +102,7 @@ LOOP:
 			packetCount := m.PacketCount()

 			if 0 == packetCount {
-				s = &omd.Service{
-					Key:            m.Key(),
-					MetaCryptoType: sc.MetaCryptoType(),
-					DiscoveredDate: omu.NowPtr(),
-				}
+				s = discoveredService(m, sc)
 				break LOOP
 			}

@ -141,7 +137,7 @@ LOOP:
 					break LOOP
 				}

-				if err := m.Match(info, j+1, csm.NewPacket(buf, rn)); err == nil {
+				if err := m.Match(info, j+1, osm.NewPacket(buf, rn)); err == nil {
 					// logging.Logger().Debugf("Discovery: Service scan receive match length[%d], buf[%v]", rn, buf)
 					logging.Logger().Debugf("Discovery: Service scan[%s] on %s:%d receive match length[%d]", sc.MetaCryptoType().Key, info.IP(), info.Port(), rn)
 					found = true
@ -154,13 +150,7 @@ LOOP:
 			}

 			if found {
-				s = &omd.Service{
-					Key:            m.Key(),
-					MetaCryptoType: sc.MetaCryptoType(),
-					DiscoveredDate: omu.NowPtr(),
-					Metadata:       m.Meta(),
-					Name:           m.Name(),
-				}
+				s = discoveredService(m, sc)
 				break LOOP
 			}
 		}
@ -169,7 +159,7 @@ LOOP:
 	return s
 }

-func hadlePostPacket(info csm.MatchInfo, sc serviceConnector) *omd.Service {
+func hadlePostPacket(info osm.MatchInfo, sc serviceConnector) *omd.Service {
 	defer func() {
 	}()

@ -214,11 +204,7 @@ LOOP:
 			rn, err := conn.Read(buf)
 			if nil != err {
 				if !m.HasResponse(j) {
-					s = &omd.Service{
-						Key:            m.Key(),
-						MetaCryptoType: sc.MetaCryptoType(),
-						DiscoveredDate: omu.NowPtr(),
-					}
+					s = discoveredService(m, sc)
 					break
 				}

@ -226,13 +212,9 @@ LOOP:
 				break
 			}

-			if err := m.Match(info, j, csm.NewPacket(buf, rn)); err == nil {
+			if err := m.Match(info, j, osm.NewPacket(buf, rn)); err == nil {
 				if packetCount-1 == j {
-					s = &omd.Service{
-						Key:            m.Key(),
-						MetaCryptoType: sc.MetaCryptoType(),
-						DiscoveredDate: omu.NowPtr(),
-					}
+					s = discoveredService(m, sc)
 					break
 				}

@ -254,3 +236,13 @@ LOOP:

 	return s
 }
+
+func discoveredService(m osm.Matcher, sc serviceConnector) *omd.Service {
+	return &omd.Service{
+		Key:            m.Key(),
+		MetaCryptoType: sc.MetaCryptoType(),
+		DiscoveredDate: omu.NowPtr(),
+		Metadata:       m.Meta(),
+		Name:           m.Name(),
+	}
+}
--- a/discoverer/ipv4/service_udp.go
+++ b/discoverer/ipv4/service_udp.go
@ -3,11 +3,11 @@ package ipv4
 import (
 	"fmt"

-	csm "git.loafle.net/commons/service_matcher-go"
 	cuej "git.loafle.net/commons/util-go/encoding/json"
 	omd "git.loafle.net/overflow/model/discovery"
 	omm "git.loafle.net/overflow/model/meta"
 	omu "git.loafle.net/overflow/model/util"
+	osm "git.loafle.net/overflow/service_matcher-go"
 	"git.loafle.net/overflow_scanner/probe/matcher"
 )

@ -19,11 +19,11 @@ func scanServiceUDP(port *omd.Port, ds *omd.DiscoverService, resultChan chan int
 	}

 	ms := matcher.GetUDPMatchers()
-	mi := csm.NewMatchInfo(port.Host.Address, portNumber)
+	mi := osm.NewMatchInfo(port.Host.Address, portNumber)

 	for i := 0; i < len(ms); i++ {
 		m := ms[i]
-		p := csm.NewPacket(port.UDPLayer.LayerPayload(), len(port.UDPLayer.LayerPayload()))
+		p := osm.NewPacket(port.UDPLayer.LayerPayload(), len(port.UDPLayer.LayerPayload()))

 		if err := m.Match(mi, 0, p); err == nil {
 			s := &omd.Service{
--- a/matcher/matcher.go
+++ b/matcher/matcher.go
@ -1,29 +1,29 @@
 package matcher

 import (
-	csm "git.loafle.net/commons/service_matcher-go"
-	"git.loafle.net/commons/service_matcher-go/elasticsearch"
-	"git.loafle.net/commons/service_matcher-go/ftp"
-	"git.loafle.net/commons/service_matcher-go/http"
-	"git.loafle.net/commons/service_matcher-go/ldap"
-	"git.loafle.net/commons/service_matcher-go/lpd"
-	"git.loafle.net/commons/service_matcher-go/mongodb"
-	"git.loafle.net/commons/service_matcher-go/mysql"
-	"git.loafle.net/commons/service_matcher-go/nbss"
-	"git.loafle.net/commons/service_matcher-go/postgresql"
-	"git.loafle.net/commons/service_matcher-go/redis"
-	"git.loafle.net/commons/service_matcher-go/ssh"
-	"git.loafle.net/commons/service_matcher-go/telnet"
+	osm "git.loafle.net/overflow/service_matcher-go"
+	"git.loafle.net/overflow/service_matcher-go/elasticsearch"
+	"git.loafle.net/overflow/service_matcher-go/ftp"
+	"git.loafle.net/overflow/service_matcher-go/http"
+	"git.loafle.net/overflow/service_matcher-go/ldap"
+	"git.loafle.net/overflow/service_matcher-go/lpd"
+	"git.loafle.net/overflow/service_matcher-go/mongodb"
+	"git.loafle.net/overflow/service_matcher-go/mysql"
+	"git.loafle.net/overflow/service_matcher-go/nbss"
+	"git.loafle.net/overflow/service_matcher-go/postgresql"
+	"git.loafle.net/overflow/service_matcher-go/redis"
+	"git.loafle.net/overflow/service_matcher-go/ssh"
+	"git.loafle.net/overflow/service_matcher-go/telnet"
 )

 var (
-	AllMatchers []csm.Matcher
+	AllMatchers []osm.Matcher

-	TCPMatchers []csm.Matcher
-	UDPMatchers []csm.UDPMatcher
+	TCPMatchers []osm.Matcher
+	UDPMatchers []osm.UDPMatcher

-	TCPPrePacketMatchers    []csm.Matcher
-	TCPNotPrePacketMatchers []csm.Matcher
+	TCPPrePacketMatchers    []osm.Matcher
+	TCPNotPrePacketMatchers []osm.Matcher
 )

 func init() {
@ -45,7 +45,7 @@ func init() {
 	// UDP
 }

-func addTCPMatcher(m csm.Matcher) {
+func addTCPMatcher(m osm.Matcher) {
 	AllMatchers = append(AllMatchers, m)
 	TCPMatchers = append(TCPMatchers, m)
 	if m.IsPrePacket() {
@ -55,12 +55,12 @@ func addTCPMatcher(m csm.Matcher) {
 	}
 }

-func addUDPMatcher(m csm.UDPMatcher) {
+func addUDPMatcher(m osm.UDPMatcher) {
 	AllMatchers = append(AllMatchers, m)
 	UDPMatchers = append(UDPMatchers, m)
 }

-func GetTCPMatchers(isPrePacket bool) []csm.Matcher {
+func GetTCPMatchers(isPrePacket bool) []osm.Matcher {
 	if isPrePacket {
 		return TCPPrePacketMatchers
 	}
@ -68,11 +68,11 @@ func GetTCPMatchers(isPrePacket bool) []csm.Matcher {
 	return TCPNotPrePacketMatchers
 }

-func GetUDPMatchers() []csm.UDPMatcher {
+func GetUDPMatchers() []osm.UDPMatcher {
 	return UDPMatchers
 }

-func GetMatcherByKey(key string) csm.Matcher {
+func GetMatcherByKey(key string) osm.Matcher {
 	for _, m := range AllMatchers {
 		if m.Key() == key {
 			return m
--- a/ping/ping.go
+++ b/ping/ping.go
@ -7,7 +7,7 @@ import (
 	"strings"
 	"time"

-	csm "git.loafle.net/commons/service_matcher-go"
+	csm "git.loafle.net/overflow/service_matcher-go"
 	opm "git.loafle.net/overflow_scanner/probe/matcher"
 )