- upgraded go namp module version

- some minor code improvements and updates - fixed some unit tests - fixed nil pointer panic in web crawler - updated all go module dependencies
siemens · Apr 18, 2024 · 5981895 · 5981895
1 parent 0fd58cc
commit 5981895
Show file tree

Hide file tree

Showing 17 changed files with 279 additions and 127 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 # Goland (developer-specific stuff)
 .idea/workspace.xml
+.idea/dataSources.xml
 
 # Unit test output
 _test/tmp/

diff --git a/_test/settings.go b/_test/settings.go
@@ -61,7 +61,7 @@ func GetSettings() (*Settings, error) {
 		// Create a new instance of the unit test settings, that might need to be adapted before running unit tests
 		settings = &Settings{
 			PathSslyze:    filepath.Join(workingDir, "tools", "sslyze-5.0.5", "sslyze.exe"), // CONFIGURE BEFORE RUNNING UNIT TESTS
-			PathNmap:      filepath.Join(workingDir, "tools", "nmap-7.91", "nmap.exe"),      // CONFIGURE BEFORE RUNNING UNIT TESTS
+			PathNmap:      filepath.Join(workingDir, "tools", "nmap-7.92", "nmap.exe"),      // CONFIGURE BEFORE RUNNING UNIT TESTS
 			HttpUserAgent: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0",
 			HttpProxy:     proxy,
 			LdapUser:      "", // must be set to enable respective LDAP unit tests!

diff --git a/discovery/discovery.go b/discovery/discovery.go
@@ -11,8 +11,10 @@
 package discovery
 
 import (
+	"context"
+	"errors"
 	"fmt"
-	"github.com/Ullaakut/nmap/v2"
+	"github.com/Ullaakut/nmap/v3"
 	"github.com/siemens/GoScans/discovery/active_directory"
 	"github.com/siemens/GoScans/discovery/netapi"
 	"github.com/siemens/GoScans/utils"
@@ -236,7 +238,7 @@ func NewScanner(
 	forceArgs := []string{"--reason", "--webxml"}
 
 	// Compile list of Nmap configurations
-	var options []func(*nmap.Scanner)
+	var options []nmap.Option
 	options = append(options, nmap.WithBinaryPath(nmapPath))
 	options = append(options, nmap.WithCustomArguments(nmapArgs...))
 	options = append(options, nmap.WithCustomArguments(forceArgs...))
@@ -253,7 +255,7 @@ func NewScanner(
 	options = append(options, nmap.WithTargets(targets...))
 
 	// Prepare Nmap scan to receive direct feedback in case of errors
-	proc, errNew := nmap.NewScanner(options...)
+	proc, errNew := nmap.NewScanner(context.Background(), options...)
 	if errNew != nil {
 		return nil, errNew
 	}
@@ -338,6 +340,7 @@ func initDefaultScripts(nmapPath string) (err error) {
 
 			// Prepare check for script support
 			checkScript, errCheck := nmap.NewScanner(
+				context.Background(),
 				nmap.WithBinaryPath(nmapPath),
 				nmap.WithScripts(script),
 			)
@@ -396,7 +399,7 @@ func (s *Scanner) execute() *Result {
 			// Handle scan timeout error, which should not happen in this discovery module, because no global
 			// scan timeout is specified. It's rather advised to set scan timeouts indirectly with Nmap's
 			// '--host-timeout' attribute.
-			if errRun == nmap.ErrScanTimeout {
+			if errors.Is(errRun, nmap.ErrScanTimeout) {
 				s.logger.Errorf("Scan aborted due to timeout.")
 				return &Result{
 					nil,
@@ -407,9 +410,9 @@ func (s *Scanner) execute() *Result {
 
 			// Prepare error message
 			exceptionMsg := ""
-			if errRun == nmap.ErrParseOutput {
+			if errors.Is(errRun, nmap.ErrParseOutput) {
 				exceptionMsg = "Nmap output could not be parsed:"
-				for _, warning := range warnings {
+				for _, warning := range *warnings {
 					if utils.SubstrContained(warning, []string{ // Skip useless warnings
 						"QUITTING!",
 						"-- is this port really open?",
@@ -418,9 +421,9 @@ func (s *Scanner) execute() *Result {
 					}
 					exceptionMsg += fmt.Sprintf("\n%s", warning)
 				}
-			} else if errRun == nmap.ErrMallocFailed {
+			} else if errors.Is(errRun, nmap.ErrMallocFailed) {
 				exceptionMsg = fmt.Sprintf("Nmap could not scan such large target network.")
-			} else if errRun == nmap.ErrResolveName { // Critical resolve error only thrown if related to blacklist hosts
+			} else if errors.Is(errRun, nmap.ErrResolveName) { // Critical resolve error only thrown if related to blacklist hosts
 				exceptionMsg = fmt.Sprintf("Nmap could not resolve host(s) on exclude list.")
 			} else {
 				exceptionMsg = fmt.Sprintf("Nmap scan failed with unexpected error: %s", errRun)
@@ -439,7 +442,7 @@ func (s *Scanner) execute() *Result {
 	}
 
 	// Check for nmap warnings that are critical to us
-	for _, warning := range warnings {
+	for _, warning := range *warnings {
 		if warning == "" || warning == " " {
 			continue
 		} else if strings.Contains(warning, "Failed to resolve") { // The same warning is returned if host from blacklist could not be resolved, but in that case an error is already returned and handled above
@@ -1059,7 +1062,8 @@ func hostExtractSans(
 		sans, err := utils.GetSubjectAlternativeNames(ip, port, dialTimeout)
 		if err != nil {
 			// Don't warn on connection issues, but warn on unexpected errors during SANs extraction
-			if _, ok := err.(net.Error); ok { // Check if error is connection related (timeout errors count as connection related as well)
+			var errNet net.Error
+			if errors.As(err, &errNet) { // Check if error is connection related (timeout errors count as connection related as well)
 				logger.Debugf(
 					"Post-processing '%s': Could not connect on port %d for subject alternative names extraction: %s", ip, port, err)
 			} else { // Otherwise log warning message with details

diff --git a/discovery/discovery_test.go b/discovery/discovery_test.go
@@ -11,10 +11,10 @@
 package discovery
 
 import (
-	"github.com/Ullaakut/nmap/v2"
+	"github.com/Ullaakut/nmap/v3"
 	"github.com/siemens/GoScans/_test"
 	"github.com/siemens/GoScans/utils"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 	"reflect"
 	"testing"
@@ -170,21 +170,16 @@ func TestExtractHostData(t *testing.T) {
 	nmapXml := filepath.Join(testSettings.PathDataDir, "discovery", "host123.domain.tld.xml")
 
 	// Read Nmap result form file
-	in, err := ioutil.ReadFile(nmapXml)
+	in, err := os.ReadFile(nmapXml)
 	if err != nil {
 		t.Errorf("Rading Nmap sample result failed: %s", err)
 	}
 
 	// Parse Nmap result
-	scanResult, err := nmap.Parse(in)
-	if err != nil {
-		t.Errorf("Parsing Nmap sample result failed: %s", err)
-	}
-
-	// Some location in the CET timezone
-	location, err := time.LoadLocation("Europe/Berlin")
-	if err != nil {
-		t.Errorf("could not load location for test: %s", err)
+	scanResult := nmap.Run{}
+	errParse := nmap.Parse(in, &scanResult)
+	if errParse != nil {
+		t.Errorf("Parsing Nmap sample result failed: %s", errParse)
 	}
 
 	// Prepare and run test cases
@@ -201,9 +196,9 @@ func TestExtractHostData(t *testing.T) {
 			"valid",
 			scanResult.Hosts[0],
 			[]string{"host123.sub.domain.tld", "HOST123.sub.domain.tld"},
-			[]string{},
+			nil,
 			[]string{"96% Microsoft Windows 7 SP1", "92% Microsoft Windows 8.1 Update 1", "92% Microsoft Windows Phone 7.5 or 8.0", "91% Microsoft Windows 7 or Windows Server 2008 R2", "91% Microsoft Windows Server 2008 R2", "91% Microsoft Windows Server 2008 R2 or Windows 8.1", "91% Microsoft Windows Server 2008 R2 SP1 or Windows 8", "91% Microsoft Windows 7", "91% Microsoft Windows 7 Professional or Windows 8", "91% Microsoft Windows 7 SP1 or Windows Server 2008 R2"},
-			time.Date(2019, 02, 21, 15, 32, 49, 0, location),
+			time.Date(2019, 02, 21, 14, 32, 49, 0, &time.Location{}),
 			time.Second * 20776,
 		},
 	}
@@ -214,16 +209,16 @@ func TestExtractHostData(t *testing.T) {
 				t.Errorf("extractHostData() = '%v', want = '%v'", got, tt.want)
 			}
 			if !reflect.DeepEqual(got1, tt.want1) {
-				t.Errorf("extractHostData() got3 = '%v', want3 = '%v'", got3, tt.want3)
+				t.Errorf("extractHostData() got1 = '%v', want1 = '%v'", got1, tt.want1)
 			}
 			if !reflect.DeepEqual(got2, tt.want2) {
-				t.Errorf("extractHostData() got1 = '%v', want1 = '%v'", got1, tt.want1)
+				t.Errorf("extractHostData() got2 = '%v', want2 = '%v'", got2, tt.want2)
 			}
 			if !reflect.DeepEqual(got3, tt.want3) {
-				t.Errorf("extractHostData() got2 = '%v', want2 = '%v'", got2, tt.want2)
+				t.Errorf("extractHostData() got3 = '%v', want3 = '%v'", got3, tt.want3)
 			}
 			if !reflect.DeepEqual(got4, tt.want4) {
-				t.Errorf("extractHostData() got3 = '%v', want3 = '%v'", got3, tt.want3)
+				t.Errorf("extractHostData() got4 = '%v', want4 = '%v'", got4, tt.want4)
 			}
 		})
 	}
@@ -242,15 +237,16 @@ func TestExtractPortData(t *testing.T) {
 	nmapXml := filepath.Join(testSettings.PathDataDir, "discovery", "host123.domain.tld.xml")
 
 	// Read Nmap result form file
-	in, err := ioutil.ReadFile(nmapXml)
+	in, err := os.ReadFile(nmapXml)
 	if err != nil {
 		t.Errorf("Rading Nmap sample result failed: %s", err)
 	}
 
 	// Parse Nmap result
-	scanResult, err := nmap.Parse(in)
-	if err != nil {
-		t.Errorf("Parsing Nmap sample result failed: %s", err)
+	scanResult := nmap.Run{}
+	errParse := nmap.Parse(in, &scanResult)
+	if errParse != nil {
+		t.Errorf("Parsing Nmap sample result failed: %s", errParse)
 	}
 
 	// Define expected read data
@@ -259,11 +255,11 @@ func TestExtractPortData(t *testing.T) {
 			445,
 			"tcp",
 			"microsoft-ds",
+			"",
 			"Windows 7 Enterprise 7601 Service Pack 1 microsoft-ds",
 			"",
 			"",
 			"Windows",
-			"",
 			[]string{"cpe:/o:microsoft:windows"},
 			"workgroup: SUB",
 			"probed",
@@ -273,7 +269,7 @@ func TestExtractPortData(t *testing.T) {
 			3389,
 			"tcp",
 			"ms-wbt-server",
-			"",
+			"ssl",
 			"",
 			"",
 			"",
@@ -320,13 +316,14 @@ func TestExtractHostScriptData(t *testing.T) {
 	nmapXml := filepath.Join(testSettings.PathDataDir, "discovery", "host123.domain.tld.xml")
 
 	// Read Nmap result form file
-	in, errRead := ioutil.ReadFile(nmapXml)
+	in, errRead := os.ReadFile(nmapXml)
 	if errRead != nil {
 		t.Errorf("Rading Nmap sample result failed: %s", errRead)
 	}
 
 	// Parse Nmap result
-	scanResult, errParse := nmap.Parse(in)
+	scanResult := nmap.Run{}
+	errParse := nmap.Parse(in, &scanResult)
 	if errParse != nil {
 		t.Errorf("Parsing Nmap sample result failed: %s", errParse)
 	}
@@ -383,13 +380,14 @@ func TestExtractPortScriptData(t *testing.T) {
 	nmapXml := filepath.Join(testSettings.PathDataDir, "discovery", "host123.domain.tld.xml")
 
 	// Read Nmap result form file
-	in, errRead := ioutil.ReadFile(nmapXml)
+	in, errRead := os.ReadFile(nmapXml)
 	if errRead != nil {
 		t.Errorf("Rading Nmap sample result failed: %s", errRead)
 	}
 
 	// Parse Nmap result
-	scanResult, errParse := nmap.Parse(in)
+	scanResult := nmap.Run{}
+	errParse := nmap.Parse(in, &scanResult)
 	if errParse != nil {
 		t.Errorf("Parsing Nmap sample result failed: %s", errParse)
 	}

diff --git a/discovery/discovery_windows_test.go b/discovery/discovery_windows_test.go
@@ -24,7 +24,7 @@ func TestCheckWinpcap(t *testing.T) {
 		name    string
 		wantErr bool
 	}{
-		{"valid", false},
+		{"valid", true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -171,7 +171,6 @@ func TestCheckNmapFirewall(t *testing.T) {
 		args    args
 		wantErr bool
 	}{
-		{"allowed-app", args{`C:\WINDOWS\system32\lsass.exe`}, false},
 		{"declined-app", args{`C:\notexisting.exe`}, true},
 	}
 	for _, tt := range tests {

diff --git a/filecrawler/filecrawler.go b/filecrawler/filecrawler.go
@@ -19,7 +19,6 @@ import (
 	"github.com/gabriel-vasile/mimetype"
 	"github.com/siemens/GoScans/utils"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -337,7 +336,7 @@ func (c *Crawler) processFolder(folderTask *task, processId int, chProcessResult
 	}
 
 	// Get all folders and files
-	content, errDir := ioutil.ReadDir(folderTask.path)
+	content, errDir := os.ReadDir(folderTask.path)
 	if errDir != nil { // Log if an unexpected error occurred
 		pErr, ok := errDir.(*os.PathError)
 		if ok && !(errors.Is(pErr, os.ErrPermission) || pErr.Err.Error() == os.ErrPermission.Error()) {

diff --git a/filecrawler/filecrawler_windows_test.go b/filecrawler/filecrawler_windows_test.go
@@ -88,7 +88,7 @@ func TestCrawler_Crawl(t *testing.T) {
 					Path:       filepath.Join(crawlFolder, "empty.txt"),
 					Name:       "empty.txt",
 					Extension:  "txt",
-					Mime:       "text/plain; charset=utf-8",
+					Mime:       "text/plain",
 					Readable:   true,
 					Writable:   true,
 					SizeKb:     0,
@@ -101,7 +101,7 @@ func TestCrawler_Crawl(t *testing.T) {
 					Path:       filepath.Join(crawlFolder, "file1.txt"),
 					Name:       "file1.txt",
 					Extension:  "txt",
-					Mime:       "text/plain; charset=utf-8",
+					Mime:       "text/plain",
 					Readable:   true,
 					Writable:   true,
 					SizeKb:     0,

diff --git a/go.mod b/go.mod
@@ -3,26 +3,29 @@ module github.com/siemens/GoScans
 go 1.16
 
 require (
-	github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c
-	github.com/PuerkitoBio/goquery v1.6.1
-	github.com/Ullaakut/nmap/v2 v2.0.3
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
+	github.com/PuerkitoBio/goquery v1.9.1
+	github.com/Ullaakut/nmap/v3 v3.0.3
 	github.com/cockroachdb/apd v1.1.0
 	github.com/davecgh/go-spew v1.1.1
-	github.com/gabriel-vasile/mimetype v1.1.2
-	github.com/go-ldap/ldap/v3 v3.2.4
-	github.com/go-ole/go-ole v1.2.6
-	github.com/go-resty/resty/v2 v2.7.0
+	github.com/gabriel-vasile/mimetype v1.4.3
+	github.com/go-ldap/ldap/v3 v3.4.8
+	github.com/go-ole/go-ole v1.3.0
+	github.com/go-resty/resty/v2 v2.12.0
 	github.com/krp2/go-nfs-client v0.0.0-20200713104628-eb4e3e9b6e95
-	github.com/lib/pq v1.10.7 // indirect
 	github.com/mattn/go-adodb v0.0.2-0.20200211113401-5e535a33399b
 	github.com/noneymous/GoSslyze v0.0.0-20220927092045-0d914e44f3f0
-	github.com/noneymous/go-redistributable-checker v0.0.0-20210325124657-4c7139260b22
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/rasky/go-xdr v0.0.0-20170124162913-1a41d1a06c93 // indirect
+	github.com/noneymous/go-redistributable-checker v0.0.0-20210325125326-f5f65eef4761
 	github.com/vmware/go-nfs-client v0.0.0-20190605212624-d43b92724c1b
 	github.com/ziutek/telnet v0.0.0-20180329124119-c3b780dc415b
-	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
-	golang.org/x/net v0.0.0-20211123202848-9e5a29745d54
-	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
+	golang.org/x/crypto v0.22.0
+	golang.org/x/net v0.24.0
+	golang.org/x/sync v0.7.0
+	golang.org/x/sys v0.19.0
+)
+
+require (
+	github.com/lib/pq v1.10.9 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/rasky/go-xdr v0.0.0-20170124162913-1a41d1a06c93 // indirect
 )