def _parse_mssql(self, sj: dict, task: IscoutTask, level: int,
portinfo: PortInfo):
"""
解析mssql的banner和一些其他的信息
暂时未使用
:param sj:
:param task:
:param level:
:param portinfo:
:return:
"""
res = False
if not sj.__contains__("data") or not sj["data"].__contains__("mssql"):
return
try:
sjmssql = sj['data']['mssql']
succ = sjmssql["status"]
if succ != "success":
return
protocol = sjmssql["protocol"]
if protocol != "mssql":
return
if portinfo.service != protocol:
portinfo.service = protocol
self._get_port_timestamp(sjmssql, portinfo)
# 开始构建mssql的banner
msdata = Mssql()
mres = sjmssql.get('result')
if mres is None:
return
# 就只构建有的吧,模仿的shodan的https://www.shodan.io/host/119.18.55.104
instancename = mres.get('instance_name', '')
msdata.instance_name = instancename
msdata.version = mres.get('version')
portinfo.banner = msdata.build_banner()
msdata.banner = portinfo.banner
res = True
# 开始解析tls
sjtls = mres.pop('tls', None)
portinfo.extrainfo = json.dumps(mres)
if sjtls is not None:
sjhandshake = sjtls.get("handshake_log")
if sjhandshake is None or len(sjhandshake) < 1:
return
self._parser_tls._parse_cert(sjhandshake, portinfo)
portinfo.set_mssql(msdata)
except:
self._logger.error(
f"Parse mssql protocal error, err:{traceback.format_exc()}")
return res
def _parse_imap(self, sj: dict, task: IscanTask, level: int,
portinfo: PortInfo):
"""
解析imap的banner和一些其他的信息
总之就是port里的信息
:param sj:
:param task:
:param level:
:param portinfo:
:return:
"""
res = False
if not sj.__contains__("data") or not sj["data"].__contains__("imap"):
return
try:
sjimap = sj['data']['imap']
succ = sjimap["status"]
if succ != "success":
return
protocol = sjimap["protocol"]
if protocol != "imap":
return
if portinfo.service != protocol:
portinfo.service = protocol
self._get_port_timestamp(sjimap, portinfo)
# 开始构建imap的banner
mres = sjimap.get('result')
if mres is None:
return
idata = Imap()
idata.banner = mres.get('banner')
idata.starttls = mres.get('starttls')
idata.close = mres.get('close')
portinfo.banner = idata.build_banner()
res = True
# 开始解析tls
sjtls = mres.get('tls')
if sjtls is not None:
sjhandshake = sjtls.get("handshake_log")
if sjhandshake is None or len(sjhandshake) < 1:
return
self._parser_tls._parse_cert(sjhandshake, portinfo)
portinfo.set_imap(idata)
except:
self._logger.error(
f"Parse imap protocal error, err:{traceback.format_exc()}")
return res
def _parse_ftp(self, sj: dict, task: IscoutTask, level: int,
portinfo: PortInfo):
"""
解析ftp的banner和一些其他的信息
总之就是port里的信息
:param sj:
:param task:
:param level:
:param portinfo:
:return:
"""
res = False
if not sj.__contains__("data") or not sj["data"].__contains__("ftp"):
return
try:
sjftp = sj['data']['ftp']
succ = sjftp["status"]
if succ != "success":
return
protocol = sjftp["protocol"]
if protocol != "ftp":
return
if portinfo.service != protocol:
portinfo.service = protocol
self._get_port_timestamp(sjftp, portinfo)
# 开始构建ftp的banner
mres = sjftp.get('result')
if mres is None:
return
fdata = FTP()
banr = mres.get('banner')
fdata.banner = banr
auth_tls = mres.get('auth_tls')
fdata.auth_tls = auth_tls
portinfo.banner = fdata.build_banner()
res = True
# 开始解析tls
sjtls = mres.get('tls')
if sjtls is not None:
sjhandshake = sjtls.get("handshake_log")
if sjhandshake is None or len(sjhandshake) < 1:
return
self._parser_tls._parse_cert(sjhandshake, portinfo)
portinfo.set_ftp(fdata)
except:
self._logger.error(
f"Parse ftp protocal error, err:{traceback.format_exc()}")
return res
def _parse_mongodb(self, sj: dict, task: IscoutTask, level: int,
portinfo: PortInfo):
"""
解析mongodb的banner和一些其他的信息
总之就是port里的信息
:param sj:
:param task:
:param level:
:param portinfo:
:return:
"""
res = False
if not sj.__contains__("data") or not sj["data"].__contains__(
"mongodb"):
return
try:
sjmongodb = sj['data']['mongodb']
succ = sjmongodb["status"]
if succ != "success":
return
protocol = sjmongodb["protocol"]
if protocol != "mongodb":
return
if portinfo.service != protocol:
portinfo.service = protocol
self._get_port_timestamp(sjmongodb, portinfo)
# 开始构建mongodb的banner
mres = sjmongodb.get('result')
if mres is None:
return
mdata = MongoDB()
ismaster = mres.get('is_master')
mdata.is_master = ismaster
buildinfo = mres.get('build_info')
mdata.build_info = buildinfo
# 因为port里面有version,所以对version赋值
version = buildinfo.get('version')
portinfo.version = version
portinfo.banner = mdata.build_banner()
# mongodb的banner
mdata.banner = portinfo.banner
res = True
portinfo.set_mongodb(mdata)
except:
self._logger.error(
f"Parse mongodb protocal error, err:{traceback.format_exc()}")
return res
def _parse_telnet(self, sj: dict, task: IscanTask, level: int,
portinfo: PortInfo):
"""
解析telnet的banner和一些其他的信息
总之就是port里的信息
:param sj:
:param task:
:param level:
:param portinfo:
:return:
"""
res = False
if not sj.__contains__("data") or not sj["data"].__contains__(
"telnet"):
return
try:
sjtelnet = sj['data']['telnet']
succ = sjtelnet["status"]
if succ != "success":
return
protocol = sjtelnet["protocol"]
if protocol != "telnet":
return
if portinfo.service != protocol:
portinfo.service = protocol
self._get_port_timestamp(sjtelnet, portinfo)
# 开始构建telnet的banner
mres = sjtelnet.get('result')
if mres is None:
return
tdata = Telnet()
tdata.banner = mres.get('banner')
portinfo.banner = tdata.build_banner()
res = True
portinfo.set_telnet(tdata)
except:
self._logger.error(
f"Parse banner protocal error, err:{traceback.format_exc()}")
return res
def _parse_redis(self, sj: dict, task: IscoutTask, level: int,
portinfo: PortInfo):
"""
解析redis的banner和一些其他的信息
总之就是port里的信息
:param sj:
:param task:
:param level:
:param portinfo:
:return:
"""
res = False
if not sj.__contains__("data") or not sj["data"].__contains__("redis"):
return
try:
sjredis = sj['data']['redis']
succ = sjredis["status"]
if succ != "success":
return
protocol = sjredis["protocol"]
if protocol != "redis":
return
if portinfo.service != protocol:
portinfo.service = protocol
self._get_port_timestamp(sjredis, portinfo)
# 开始构建redis的banner
result = sjredis.get('result', {})
rdata = Redis()
rdata.info_response = result.pop('info_response', None)
rdata.ping_response = result.pop('ping_response', None)
portinfo.banner = rdata.build_banner()
rdata.banner = portinfo.banner
portinfo.version = result.pop('version')
portinfo.os = result.pop('os')
portinfo.extrainfo = json.dumps(result)
res = True
portinfo.set_redis(rdata)
except:
self._logger.error(
f"Parse redis protocal error, err:{traceback.format_exc()}")
return res
def _parse_ntp(self, sj: dict, task: IscoutTask, level: int,
portinfo: PortInfo):
"""
解析ntp的banner和一些其他的信息
总之就是port里的信息
:param sj:
:param task:
:param level:
:param portinfo:
:return:
"""
res = False
if not sj.__contains__("data") or not sj["data"].__contains__("ntp"):
return
try:
sjntp = sj['data']['ntp']
succ = sjntp["status"]
if succ != "success":
return
protocol = sjntp["protocol"]
if protocol != "ntp":
return
if portinfo.service != protocol:
portinfo.service = protocol
self._get_port_timestamp(sjntp, portinfo)
# 开始构建ntp的banner
mres = sjntp.get('result')
if mres is None:
return
ndata = Ntp()
ndata.version = mres.get('version')
ndata.stratum = mres.get('stratum')
ndata.leap_indicator = mres.get('leap_indicator')
ndata.precision = mres.get('precision')
ndata.root_delay = mres.get('root_delay', {})
ndata.root_dispersion = mres.get('root_dispersion', {})
ndata.reference_id = mres.get('reference_id')
ndata.reference_timestamp = mres.get('reference_timestamp')
ndata.poll = mres.get('poll')
portinfo.banner = ndata.build_banner()
res = True
portinfo.set_ntp(ndata)
except:
self._logger.error(
f"Parse ntp protocal error, err:{traceback.format_exc()}")
return res
def _get_port_timestamp(self, sj: dict, portinfo: PortInfo) -> str:
"""Get the timestamp field of current protocol json value, return str.
:sj: the protocol json value"""
if sj.__contains__("timestamp"):
portinfo.timestamp = sj["timestamp"]
def _parse_pop3(self, sj: dict, task: IscanTask, level: int,
portinfo: PortInfo):
"""
解析pop3的banner和一些其他的信息
总之就是port里的信息
:param sj:
:param task:
:param level:
:param portinfo:
:return:
"""
res = False
if not sj.__contains__("data") or not sj["data"].__contains__("pop3"):
return
try:
sjpop3 = sj['data']['pop3']
succ = sjpop3["status"]
if succ != "success":
return
protocol = sjpop3["protocol"]
if protocol != "pop3":
return
if portinfo.service != protocol:
portinfo.service = protocol
self._get_port_timestamp(sjpop3, portinfo)
# 开始构建pop3的banner
mres = sjpop3.get('result')
if mres is None:
return
popdata = POP3()
popdata.banner = mres.get('banner')
popdata.noop = mres.get('noop')
popdata.help = mres.get('help')
popdata.starttls = mres.get('starttls')
popdata.quit = mres.get('quit')
portinfo.banner = popdata.build_banner()
res = True
# 开始解析tls
sjtls = mres.get('tls')
if sjtls is not None:
sjhandshake = sjtls.get("handshake_log")
if sjhandshake is None or len(sjhandshake) < 1:
return
self._parser_tls._parse_cert(sjhandshake, portinfo)
portinfo.set_pop3(popdata)
except:
self._logger.error(
f"Parse pop3 protocal error, err:{traceback.format_exc()}")
return res