Closed Ali-Razmjoo closed 3 years ago
@Ali-Razmjoo, I was trying to perform the same operation on my localhost and results were different everytime.
In [1]: from lib.payload.scanner.service.engine import discovery
In [2]: discovery("127.0.0.1")
Out[2]: {443: 'UNKNOWN', 3306: 'UNKNOWN'}
In [3]: discovery("127.0.0.1")
Out[3]:
{80: 'http',
443: 'UNKNOWN',
631: 'UNKNOWN',
3306: 'UNKNOWN',
5432: 'UNKNOWN',
8002: 'http'}
In [4]: discovery("127.0.0.1")
Out[4]:
{80: 'http',
139: 'UNKNOWN',
443: 'UNKNOWN',
445: 'UNKNOWN',
631: 'UNKNOWN',
3306: 'UNKNOWN',
5432: 'UNKNOWN',
8001: 'UNKNOWN',
8002: 'http'}
In [5]: discovery("127.0.0.1")
Out[5]:
{80: 'http',
139: 'UNKNOWN',
443: 'UNKNOWN',
445: 'UNKNOWN',
631: 'UNKNOWN',
3306: 'UNKNOWN',
5432: 'UNKNOWN',
8001: 'UNKNOWN',
8002: 'http'}
Am I doing anything wrong or is it some problem with the module!! Performing a port scan however works fine for me.
When trying out ports as inputs, it is giving me this output:
In [1]: from lib.payload.scanner.service.engine import discovery
In [2]: discovery("127.0.0.1", [5000,8002])
Out[2]: {}
In [3]: discovery("127.0.0.1", [5000,8002])
Out[3]: {5000: 'http'}
In [4]: discovery("127.0.0.1", [5000,8002])
Out[4]: {5000: 'http', 8002: 'http'}
In [5]: discovery("127.0.0.1", [5000,8002,8001])
Out[5]: {5000: 'http', 8002: 'http'}
In [6]: discovery("127.0.0.1", [5000,8002,8001])
Out[6]: {5000: 'http', 8002: 'http'}
In [7]: discovery("127.0.0.1", [5000,8002,8001])
Out[7]: {5000: 'http', 8002: 'http'}
In [8]: discovery("127.0.0.1", [5000,8002,8001])
Out[8]: {5000: 'http', 8001: 'UNKNOWN', 8002: 'http'}
Why do I have to run discovery
for more than 2 to 3 times to get a result?
And now I have this. I tried printing the data. The data got printed after it returned a {}. I think this is due to non closing of socket connections. The previous sockets are waiting for results and are interfering into my newer scans.
I think this is due to the function returning data without waiting for the thread to complete, I will work on this issue.
@pradeepjairamani, I have opened a new issue regarding this #171.
Hello,
Thanks to @pradeepjairamani for contribution #148, now we have a service scanner, which we need to improve by adding more signatures in it! there are a few documents for its usage in here and also its implemented in
port_scan
module!To add signatures, you may take a look at the conditions in engine.py.
there are two types of conditions, first one is
and
conditions. it contains an array of conditions, conditions type could be a string or an array. if the condition type is the string, then it must be in the response data, if it's array, one of the strings in the array must be in the response data. for instance:a real example condition:
the second type of condition is
or
, it contains an array of conditions, conditions type could be a string or an array. if the condition is a string, one of the strings must be in response data or if it's an array, all of the strings in the array must be in the response data. for instance:a real example condition:
You can collect the data and find services from shodan.io, or use
discovery()
on your network and find out which port/service isUNKNOWN
. then grab some signatures and add it to the framework.Regards.