"dh_kex_algorithm": KexAlgorithm(), "host_key_algorithm": KeyAlgorithm(), "client_to_server_alg_group": DirectionAlgorithms(), "server_to_client_alg_group": DirectionAlgorithms(), }) # zgrab2/lib/ssh/log.go: HandshakeLog # TODO: Can ssh re-use any of the generic TLS model? ssh_scan_response = SubRecord( { "result": SubRecord({ "server_id": AnalyzedEndpointID(), "client_id": EndpointID(), "server_key_exchange": KexInitMessage(), "client_key_exchange": KexInitMessage(), "algorithm_selection": AlgorithmSelection(), "key_exchange": KeyExchange(), "userauth": ListOf(String()), "crypto": KexResult(), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-ssh", ssh_scan_response) zgrab2.register_scan_response_type("ssh", ssh_scan_response)
"fed_auth_required": Unsigned8BitInteger(), "nonce": Binary(), "unknown": ListOf(unknown_prelogin_option), }) mssql_scan_response = SubRecord( { "result": SubRecord({ "version": WhitespaceAnalyzedString(), "instance_name": WhitespaceAnalyzedString(), "prelogin_options": prelogin_options, "encrypt_mode": Enum(values=ENCRYPT_MODES, doc="The negotiated ENCRYPT_MODE with the server."), "tls": zgrab2.tls_log, }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-mssql", mssql_scan_response) zgrab2.register_scan_response_type("mssql", mssql_scan_response)
"mimeMediaType": String(), "memberAttrName": String(), }) ipp_attribute = SubRecord({ "name": String(), "values": ListOf(ipp_attribute_value), "tag": Unsigned8BitInteger(), }) ipp_scan_response = SubRecord({ "result": SubRecord({ "version_major": Signed8BitInteger(doc="Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request."), "version_minor": Signed8BitInteger(doc="Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request."), "version_string": String(doc="The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y'", examples=["IPP/1.0", "IPP/2.1"]), "cups_version": String(doc="The CUPS version, if any, specified in the Server header of an IPP get-attributes response.", examples=["CUPS/1.7", "CUPS/2.2"]), "attributes": ListOf(ipp_attribute, doc="All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted."), "attr_cups_version": String(doc="The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'.", examples=["1.7.5", "2.2.7"]), "attr_ipp_versions": ListOf(String(), doc="Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'.", examples=["1.0", "1.1", "2.0", "2.1"]), "attr_printer_uris": ListOf(String(), doc="Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer.", examples=["ipp://201.6.251.191:631/printers/Etiqueta", "http://163.212.253.14/ipp", "ipp://BRNB8763F84DD6A.local./ipp/port1"]), "response": http_response_full, "cups_response": http_response_full, "tls": zgrab2.tls_log, "redirect_response_chain": ListOf(http_response_full, doc="Each response returned while following a series of redirects."), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-ipp", ipp_scan_response) zgrab2.register_scan_response_type("ipp", ipp_scan_response)
# zschema sub-schema for zgrab2's telnet module # Registers zgrab2-telnet globally, and telnet with the main zgrab2 schema. from zschema.leaves import * from zschema.compounds import * import zschema.registry import zcrypto_schemas.zcrypto as zcrypto import zgrab2 telnet_option = SubRecord({ "name": String(), "value": Unsigned16BitInteger(), }) telnet_scan_response = SubRecord({ "result": SubRecord({ "banner": String(), "will": ListOf(telnet_option), "do": ListOf(telnet_option), "wont": ListOf(telnet_option), "dont": ListOf(telnet_option), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-telnet", telnet_scan_response) zgrab2.register_scan_response_type("telnet", telnet_scan_response)
for url in urls: fp.write('# %s\n' % url) fp.write('mysql_error_code_to_id = {\n') for code in sorted(codes): id = codes[code] fp.write(' 0x%04x: "%s",\n' % (code, id)) fp.write('}\n') with open(os.path.join(root, "lib/mysql/errors.go"), "w") as fp: fp.write('package mysql\n\n') fp.write('// Auto-generated at %s using data aggregated from:\n' % timestamp) for url in urls: fp.write('// %s\n' % url) fp.write('\n') fp.write( '// ErrorCodes maps the 16-bit error codes to the "ErrorID"s defined in the docs.\n' ) fp.write('var ErrorCodes = map[uint16]string {\n') for code in sorted(codes): id = codes[code] fp.write(' 0x%04x: "%s",\n' % (code, id)) fp.write('}\n') zschema.registry.register_schema("zgrab2-mysql", mysql_scan_response) zgrab2.register_scan_response_type('mysql', mysql_scan_response)
# zschema sub-schema for zgrab2's ftp module # Registers zgrab2-ftp globally, and ftp with the main zgrab2 schema. from zschema.leaves import * from zschema.compounds import * import zschema.registry import zcrypto_schemas.zcrypto as zcrypto import zgrab2 # modules/ftp.go - FTPScanResults ftp_scan_response = SubRecord({ "result": SubRecord({ "tls": zgrab2.tls_log, "banner": String(), "auth_tls": String(), "auth_ssl": String(), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-ftp", ftp_scan_response) zgrab2.register_scan_response_type("ftp", ftp_scan_response)
# zschema sub-schema for zgrab2's pop3 module # Registers zgrab2-pop3 globally, and pop3 with the main zgrab2 schema. from zschema.leaves import * from zschema.compounds import * import zschema.registry import zcrypto_schemas.zcrypto as zcrypto import zgrab2 pop3_scan_response = SubRecord({ "result": SubRecord({ "banner": String(doc="The POP3 banner."), "noop": String(doc="The server's response to the NOOP command."), "help": String(doc="The server's response to the HELP command."), "starttls": String(doc="The server's response to the STARTTLS command."), "quit": String(doc="The server's response to the QUIT command."), "tls": zgrab2.tls_log, }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-pop3", pop3_scan_response) zgrab2.register_scan_response_type("pop3", pop3_scan_response)
# zschema sub-schema for zgrab2's checkpoint module # Registers zgrab2-checkpoint globally, and checkpoint with the main zgrab2 schema. from zschema.leaves import * from zschema.compounds import * import zschema.registry import zcrypto_schemas.zcrypto as zcrypto import zgrab2 checkpoint_scan_response = SubRecord( {"result": SubRecord({ "firewall_host": String(), "host": String() })}, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-checkpoint", checkpoint_scan_response) zgrab2.register_scan_response_type("checkpoint", checkpoint_scan_response)
negotiate_log = SubRecord(extended(header_log, { 'security_mode': Unsigned16BitInteger(), 'dialect_revision': Unsigned16BitInteger(), 'server_guid': Binary(), 'capabilities': Unsigned32BitInteger(), 'system_time': Unsigned32BitInteger(), 'server_start_time': Unsigned32BitInteger(), 'authentication_types': ListOf(String()), })) session_setup_log = SubRecord(extended(header_log, { 'setup_flags': Unsigned16BitInteger(), 'target_name': String(), 'negotiate_flags': Unsigned32BitInteger(), })) smb_scan_response = SubRecord({ 'result': SubRecord({ 'smbv1_support': Boolean(), 'negotiation_log': negotiate_log, 'has_ntlm': Boolean(), 'session_setup_log': session_setup_log, }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema('zgrab2-smb', smb_scan_response) zgrab2.register_scan_response_type('smb', smb_scan_response)
'conformity_level': Unsigned8BitInteger(), 'more_follows': Boolean(), 'next_object_id': Unsigned8BitInteger(), 'object_count': Unsigned8BitInteger(), 'objects': mei_object_set, }) exception_response = SubRecord({ 'exception_function': Unsigned8BitInteger(), 'exception_type': Unsigned8BitInteger(), }) modbus_scan_response = SubRecord( { 'result': SubRecord({ 'length': Unsigned16BitInteger(), 'unit_id': Unsigned8BitInteger(), 'function_code': Unsigned8BitInteger(), 'raw_response': Binary(), 'mei_response': mei_response, 'exception_response': exception_response, 'raw': Binary(), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema('zgrab2-modbus', modbus_scan_response) zgrab2.register_scan_response_type('modbus', modbus_scan_response)
# zschema sub-schema for zgrab2's dnp3 module # Registers zgrab2-dnp3 globally, and dnp3 with the main zgrab2 schema. from zschema.leaves import * from zschema.compounds import * import zschema.registry import zcrypto_schemas.zcrypto as zcrypto import zgrab2 dnp3_scan_response = SubRecord( {"result": SubRecord({ "is_dnp3": Boolean(), "raw_response": Binary(), })}, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-dnp3", dnp3_scan_response) zgrab2.register_scan_response_type("dnp3", dnp3_scan_response)
]), "info_response": String( doc= "The response from the INFO command. Should be a series of key:value pairs separated by CRLFs.", examples=[ "# Server\r\nredis_version:4.0.7\r\nkey2:value2\r\n", "(Error: NOAUTH Authentication required.)", ]), "auth_response": String(doc="The response from the AUTH command, if sent."), "nonexistent_response": String("The response from the NONEXISTENT command.", examples=[ "(Error: ERR unknown command 'NONEXISTENT')", ]), "quit_response": String(doc="The response to the QUIT command.", examples=["OK"]), "version": String( doc= "The version string, read from the the info_response (if available)." ), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-redis", redis_scan_response) zgrab2.register_scan_response_type("redis", redis_scan_response)
SubRecord({ "dist_mod": String(), "dist_arch": String(), "cc": String(), "cc_flags": String(), "cxx": String(), "cxx_flags": String(), "link_flags": String(), "target_arch": String(), "target_os": String() }) }), "is_master": SubRecord({ "is_master": Boolean(), "max_wire_version": Signed32BitInteger(), "min_wire_version": Signed32BitInteger(), "max_bson_object_size": Signed32BitInteger(), "max_write_batch_size": Signed32BitInteger(), "logical_session_timeout_minutes": Signed32BitInteger(), "max_message_size_bytes": Signed32BitInteger(), "read_only": Boolean() }) }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-mongodb", mongodb_scan_response) zgrab2.register_scan_response_type("mongodb", mongodb_scan_response)
import zcrypto_schemas.zcrypto as zcrypto import zgrab2 siemens_scan_response = SubRecord( { 'result': SubRecord({ 'is_s7': Boolean(), 'system': String(), 'module': String(), 'plant_id': String(), 'copyright': String(), 'serial_number': String(), 'module_type': String(), 'reserved_for_os': String(), 'memory_serial_number': String(), 'cpu_profile': String(), 'oem_id': String(), 'location': String(), 'module_id': String(), 'hardware': String(), 'firmware': String(), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema('zgrab2-siemens', siemens_scan_response) zgrab2.register_scan_response_type('siemens', siemens_scan_response)
import zcrypto_schemas.zcrypto as zcrypto import zgrab2 fox_scan_response = SubRecord({ 'result': SubRecord({ 'is_fox': Boolean(), 'version': String(), 'id': Unsigned32BitInteger(), 'hostname': String(), 'host_address': String(), 'app_name': String(), 'app_version': String(), 'vm_name': String(), 'vm_version': String(), 'os_name': String(), 'os_version': String(), 'station_name': String(), 'language': String(), 'time_zone': String(), 'host_id': String(), 'vm_uuid': String(), 'brand_id': String(), 'sys_info': String(), 'agent_auth_type': String(), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema('zgrab2-fox', fox_scan_response) zgrab2.register_scan_response_type('fox', fox_scan_response)
# zschema sub-schema for zgrab2's imap module # Registers zgrab2-imap globally, and imap with the main zgrab2 schema. from zschema.leaves import * from zschema.compounds import * import zschema.registry import zcrypto_schemas.zcrypto as zcrypto import zgrab2 imap_scan_response = SubRecord( { "result": SubRecord({ "banner": String(doc="The IMAP banner."), "starttls": String(doc="The server's response to the STARTTLS command."), "close": String(doc="The server's response to the CLOSE command."), "tls": zgrab2.tls_log, }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-imap", imap_scan_response) zgrab2.register_scan_response_type("imap", imap_scan_response)
"result": SubRecord({ "handshake": SubRecord({ "accept_version": Unsigned16BitInteger(doc="The protocol version number from the Accept packet."), "global_service_options": FlagsSet(global_service_options, doc="Set of flags that the server returns in the Accept packet."), "connect_flags0": FlagsSet(connect_flags, doc="The first set of ConnectFlags returned in the Accept packet."), "connect_flags1": FlagsSet(connect_flags, doc="The second set of ConnectFlags returned in the Accept packet."), "did_resend": Boolean(doc="True if the server sent a Resend packet request in response to the client's first Connect packet."), "redirect_target_raw": String(doc="The connect descriptor returned by the server in the Redirect packet, if one is sent. Otherwise, omitted.", examples=[ "(DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=theServiceName)(CID=(PROGRAM=zgrab2)(HOST=targethost)(USER=targetuser)))(ADDRESS=(PROTOCOL=TCP)(HOST=1.2.3.4)(PORT=1521)))" ]), "redirect_target": ListOf(descriptor_entry, doc="The parsed connect descriptor returned by the server in the redirect packet, if one is sent. Otherwise, omitted. The parsed descriptor is a list of objects with key and value, where the keys strings like 'DESCRIPTION.CONNECT_DATA.SERVICE_NAME'."), "refuse_error_raw": String(doc="The data from the Refuse packet returned by the server; it is empty if the server does not return a Refuse packet.", examples=[ "(DESCRIPTION=(ERR=1153)(VSNNUM=186647040)(ERROR_STACK=(ERROR=(CODE=1153)(EMFI=4)(ARGS='()'))(ERROR=(CODE=303)(EMFI=1))))" ]), "refuse_error": ListOf(descriptor_entry, doc="The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE'."), "refuse_version": String(doc="The parsed DESCRIPTION.VSNNUM field from the RefuseError descriptor returned by the server in the Refuse packet, in dotted-decimal format.", examples=["11.2.0.2.0"]), "refuse_reason_app": String(doc="The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string. Omitted if the server did not send a Refuse packet.", examples=["0x22", "0x04"]), "refuse_reason_sys": String(doc="The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string. Omitted if the server did not send a Refuse packet.", examples=["0x00", "0x04"]), "nsn_version": String(doc="The ReleaseVersion string (in dotted-decimal format) in the root of the Native Service Negotiation packet.", examples=["11.2.0.2.0"]), "nsn_service_versions": SubRecord({ service: String() for service in nsn_services }, doc="A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet."), }, doc="The log of the Oracle / TDS handshake process."), "tls": zgrab2.tls_log, }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-oracle", oracle_scan_response) zgrab2.register_scan_response_type("oracle", oracle_scan_response)
}) # modules/postgres/scanner.go: BackendKeyData postgres_key_data = SubRecord({ "process_id": Unsigned32BitInteger(), "secret_key": Unsigned32BitInteger(), }) # modules/postgres/scanner.go: PostgresResults postgres_scan_response = SubRecord( { "result": SubRecord({ "tls": zgrab2.tls_log, "supported_versions": String(), "protocol_error": postgres_error, "startup_error": postgres_error, "is_ssl": Boolean(required=True), "authentication_mode": postgres_auth_mode, # TODO FIXME: This is currendly an unconstrained map[string]string "server_parameters": String(), "backend_key_data": postgres_key_data, "transaction_status": String(), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-postgres", postgres_scan_response) zgrab2.register_scan_response_type("postgres", postgres_scan_response)
# zschema sub-schema for zgrab2's smtp module # Registers zgrab2-smtp globally, and smtp with the main zgrab2 schema. from zschema.leaves import * from zschema.compounds import * import zschema.registry import zcrypto_schemas.zcrypto as zcrypto import zgrab2 smtp_scan_response = SubRecord({ "result": SubRecord({ "banner": String(), "ehlo": String(), "helo": String(), "help": String(), "starttls": String(), "quit": String(), "tls": zgrab2.tls_log, }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-smtp", smtp_scan_response) zgrab2.register_scan_response_type("smtp", smtp_scan_response)
# zschema sub-schema for zgrab2's bacnet module # Registers zgrab2-bacnet globally, and bacnet with the main zgrab2 schema. from zschema.leaves import * from zschema.compounds import * import zschema.registry import zcrypto_schemas import zgrab2 bacnet_scan_response = SubRecord( { "result": SubRecord({ "is_bacnet": Boolean(), "instance_number": Unsigned32BitInteger(), "vendor_id": Unsigned16BitInteger(), "vendor_name": String(), "firmware_revision": String(), "application_software_revision": String(), "object_name": String(), "model_name": String(), "description": String(), "location": String(), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-bacnet", bacnet_scan_response) zgrab2.register_scan_response_type("bacnet", bacnet_scan_response)
"status_line": String(), "status_code": Unsigned32BitInteger(), # lib/http/protocol.go: http.Protocol "protocol": SubRecord({ "name": String(), "major": Unsigned32BitInteger(), "minor": Unsigned32BitInteger(), }), "headers": http_headers, "body": String(), "body_sha256": Binary(), "content_length": Signed64BitInteger(), "transfer_encoding": ListOf(String()), "trailers": http_headers, "request": http_request_full }) # modules/http.go: HTTPResults http_scan_response = SubRecord({ "result": SubRecord({ "connect_request": http_request, "connect_response": http_response, "response": http_response_full, "redirect_response_chain": ListOf(http_response_full), }) }, extends=zgrab2.base_scan_response) zschema.registry.register_schema("zgrab2-http", http_scan_response) zgrab2.register_scan_response_type("http", http_scan_response)