From 9bf87c1264948483517ef735c8285bc97da554d7 Mon Sep 17 00:00:00 2001 From: CyberRoute Date: Mon, 25 Mar 2024 14:57:51 +0100 Subject: [PATCH] adding bind.version grabber --- README.md | 21 +++++++++++---------- examples/synscan.go | 2 +- go.mod | 11 +++++++++-- go.sum | 19 ++++++++++++++----- scanme/grabbers.go | 34 +++++++++++++++++++++++++++++++++- 5 files changed, 68 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 640fe2e..680b841 100644 --- a/README.md +++ b/README.md @@ -22,18 +22,19 @@ nmap -vvv -sT -p 1-65535 {target_IP} - **SYN Scan:** Perform SYN scans to identify open ports on a target host (supports IPv4 and IPv6). - **Connect Scan:** Perform a full TCP handshake on a target host (supports IPv4 and IPv6). - **ICMP Echo Request:** Send ICMP Echo Requests to discover live hosts on the network. -- **Banners Grabbing:** An experimental feature so far on FTP, SSH, IRC, MYSQL, LDAPS, HTTP, HTTPS, NNTP, IMAP, POP. +- **Banners Grabbing:** An experimental feature so far on FTP, SSH, DNS, IRC, MYSQL, LDAPS, HTTP, HTTPS, NNTP, IMAP, POP. ``` -2024/03/07 14:20:34 Port 21(ftp) open Version: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- -2024/03/06 16:42:16 Port 22(ssh) open Version: SSH-2.0-OpenSSH_7.4 -2024/03/07 14:20:34 Port 25(smtp) open Version: 220-tomasi.dnshigh.com ESMTP Exim 4.96.2 #2 Thu, 07 Mar 2024 14:20:34 +0100 -2024/03/07 14:20:34 Port 80(http) open Version: Apache -2024/03/12 14:50:39 Port 443(https) open Version: Microsoft-IIS/10.0 -2024/03/07 14:20:34 Port 110(pop3) open Version: +OK Dovecot ready. -2024/03/07 14:20:34 Port 143(imap) open Version: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. -2024/03/06 16:43:36 Port 3306(mysql) open Version: 8.0.36 -2024/03/07 14:15:59 Port 636(ldaps) open Version: objectClass: [top vmwDseRoot]cn: [DSE Root]supportedLDAPVersion: [3]vmwPlatformServicesControllerVersion: [6.5.0]msDS-SiteName: [Default-First-Site]subSchemaSubEntry: [cn=aggregate,cn=schemacontext]defaultNamingContext: [dc=vsphere,dc=local] +2024/03/07 14:20:34 Port 21(ftp) open Banner: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- +2024/03/06 16:42:16 Port 22(ssh) open Banner: SSH-2.0-OpenSSH_7.4 +2024/03/07 14:20:34 Port 25(smtp) open Banner: 220-tomasi.dnshigh.com ESMTP Exim 4.96.2 #2 Thu, 07 Mar 2024 14:20:34 +0100 +2024/03/25 14:48:49 Port 53(domain) open Banner: dnsmasq-2.84rc2 +2024/03/07 14:20:34 Port 80(http) open Banner: Apache +2024/03/12 14:50:39 Port 443(https) open Banner: Microsoft-IIS/10.0 +2024/03/07 14:20:34 Port 110(pop3) open Banner: +OK Dovecot ready. +2024/03/07 14:20:34 Port 143(imap) open Banner: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. +2024/03/06 16:43:36 Port 3306(mysql) open Banner: 8.0.36 +2024/03/07 14:15:59 Port 636(ldaps) open Banner: objectClass: [top vmwDseRoot]cn: [DSE Root]supportedLDAPVersion: [3]vmwPlatformServicesControllerVersion: [6.5.0]msDS-SiteName: [Default-First-Site]subSchemaSubEntry: [cn=aggregate,cn=schemacontext]defaultNamingContext: [dc=vsphere,dc=local] ``` ## Example Simple scanner diff --git a/examples/synscan.go b/examples/synscan.go index 0b4d0af..4fd79b3 100644 --- a/examples/synscan.go +++ b/examples/synscan.go @@ -60,7 +60,7 @@ func main() { continue } if banner != "" { - log.Printf("Port %v %v Version: %s", port, service, banner) + log.Printf("Port %v %v Banner: %s", port, service, banner) } else { log.Printf("Port %v %v", port, service) } diff --git a/go.mod b/go.mod index 7452d5d..6802cef 100644 --- a/go.mod +++ b/go.mod @@ -7,10 +7,17 @@ require ( github.com/google/gopacket v1.1.19 ) +require ( + golang.org/x/mod v0.14.0 // indirect + golang.org/x/net v0.20.0 // indirect + golang.org/x/tools v0.17.0 // indirect +) + require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect github.com/google/uuid v1.3.1 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/sys v0.15.0 // indirect + github.com/miekg/dns v1.1.58 + golang.org/x/crypto v0.18.0 // indirect + golang.org/x/sys v0.16.0 // indirect ) diff --git a/go.sum b/go.sum index 0ce4d6b..c36af30 100644 --- a/go.sum +++ b/go.sum @@ -13,6 +13,8 @@ github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= +github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -25,22 +27,27 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -50,8 +57,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -68,6 +75,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/scanme/grabbers.go b/scanme/grabbers.go index 669ddc9..5c25f79 100644 --- a/scanme/grabbers.go +++ b/scanme/grabbers.go @@ -4,12 +4,14 @@ import ( "bufio" "crypto/tls" "fmt" - "github.com/go-ldap/ldap/v3" "net" "regexp" "strconv" "strings" "time" + + "github.com/go-ldap/ldap/v3" + "github.com/miekg/dns" ) func GetHeader(ipAddress string, port int) (string, error) { @@ -110,6 +112,30 @@ func GetLDAPBanner(ipAddress string, port int) (string, error) { return serverInfo, nil } +func GetDNSBanner(ipAddress string, port int) (string, error) { + c := new(dns.Client) + m := new(dns.Msg) + m.Question = make([]dns.Question, 1) + m.Question[0] = dns.Question{"version.bind.", dns.TypeTXT, dns.ClassCHAOS} + + addr := fmt.Sprintf("%s:%d", ipAddress, port) + in, _, err := c.Exchange(m, addr) + if err != nil { + return "", err + } + + if in != nil && len(in.Answer) > 0 { + s := in.Answer[0].String() + re := regexp.MustCompile(".*\"([^\"]+)\".*") + match := re.FindStringSubmatch(s) + if len(match) > 0 { + return match[1], nil + } + } + + return "", nil +} + func GrabBanner(ipAddress string, port int) string { switch port { case 21: // FTP @@ -143,6 +169,12 @@ func GrabBanner(ipAddress string, port int) string { } return serverHeader case 6667: // IRC + case 53: // DNS + dnsBanner, err := GetDNSBanner(ipAddress, port) + if err != nil { + return "" + } + return dnsBanner default: return "" }