search

robertdavidgraham / masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
GNU Affero General Public License v3.0
22.97k stars 3.02k forks source link

Specify multiple http urls to probe #781

Open Frky opened 1 month ago

Frky commented 1 month ago

This PR aims to bring the possibility to hit multiple HTTP endpoints with --banners for open ports. The multiple endpoints can be specified in command-line with the option --http-url "/endpoint1,/endpoint2,/endpoint3".

It uses the linked-list of banners introduced to try multiple protocols on one port.

In addition, it add an option (--output-probes) to output in some formats the probe used to get a banner. This allows to keep info about what banner corresponds to what probe.

For example:

# masscan --banners -p 80 --http-url "/index.html,/index.php" -oX output.xml --output-probes X.Y.Z.T

In the output XML, we will have two different lines:

<host endtime="1717406668"><address addr="X.Y.Z.T" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="response" reason_ttl="64" /><service name="http" probe="GET /index.html HTTP/1.0\x0d\x0aUser-Agent: ivre-masscan/1.3 https://github.com/robertdavidgraham/\x0d\x0aAccept: */*\x0d\x0a\x0d\x0a" banner="HTTP/1.0 200 OK\x0d\x0a[...]"></service></port></ports></host>
<host endtime="1717406668"><address addr="X.Y.Z.T" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="response" reason_ttl="255" /><service name="http" probe="GET /index.php HTTP/1.0\x0d\x0aUser-Agent: ivre-masscan/1.3 https://github.com/robertdavidgraham/\x0d\x0aAccept: */*\x0d\x0a\x0d\x0a" banner="HTTP/1.0 404 File not found\x0d\x0a[...]"></service></port></ports></host>

In this example, the HTTP GET request to /index.html gives a HTTP 200 OK while /index.php gives a HTTP 404 File not found.

Note that without --output-probes, masscan output is not modified, which ensures compatibility with current parsing tools.

Disclaimers:

Finally, note that @p-l- already drafted the support of this new output format in Ivre (see https://github.com/ivre/ivre/pull/1574).