"dh_kex_algorithm":
KexAlgorithm(),
"host_key_algorithm":
KeyAlgorithm(),
"client_to_server_alg_group":
DirectionAlgorithms(),
"server_to_client_alg_group":
DirectionAlgorithms(),
})
# zgrab2/lib/ssh/log.go: HandshakeLog
# TODO: Can ssh re-use any of the generic TLS model?
ssh_scan_response = SubRecord(
{
"result":
SubRecord({
"server_id": AnalyzedEndpointID(),
"client_id": EndpointID(),
"server_key_exchange": KexInitMessage(),
"client_key_exchange": KexInitMessage(),
"algorithm_selection": AlgorithmSelection(),
"key_exchange": KeyExchange(),
"userauth": ListOf(String()),
"crypto": KexResult(),
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-ssh", ssh_scan_response)
zgrab2.register_scan_response_type("ssh", ssh_scan_response)
"fed_auth_required":
Unsigned8BitInteger(),
"nonce":
Binary(),
"unknown":
ListOf(unknown_prelogin_option),
})
mssql_scan_response = SubRecord(
{
"result":
SubRecord({
"version":
WhitespaceAnalyzedString(),
"instance_name":
WhitespaceAnalyzedString(),
"prelogin_options":
prelogin_options,
"encrypt_mode":
Enum(values=ENCRYPT_MODES,
doc="The negotiated ENCRYPT_MODE with the server."),
"tls":
zgrab2.tls_log,
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-mssql", mssql_scan_response)
zgrab2.register_scan_response_type("mssql", mssql_scan_response)
"mimeMediaType": String(),
"memberAttrName": String(),
})
ipp_attribute = SubRecord({
"name": String(),
"values": ListOf(ipp_attribute_value),
"tag": Unsigned8BitInteger(),
})
ipp_scan_response = SubRecord({
"result": SubRecord({
"version_major": Signed8BitInteger(doc="Major component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request."),
"version_minor": Signed8BitInteger(doc="Minor component of IPP version listed in the Server header of a response to an IPP get-printer-attributes request."),
"version_string": String(doc="The specific IPP version returned in response to an IPP get-printer-attributes request. Always in the form 'IPP/x.y'", examples=["IPP/1.0", "IPP/2.1"]),
"cups_version": String(doc="The CUPS version, if any, specified in the Server header of an IPP get-attributes response.", examples=["CUPS/1.7", "CUPS/2.2"]),
"attributes": ListOf(ipp_attribute, doc="All IPP attributes included in any contentful responses obtained. Each has a name, list of values (potentially only one), and a tag denoting how the value should be interpreted."),
"attr_cups_version": String(doc="The CUPS version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Generally in the form 'x.y.z'.", examples=["1.7.5", "2.2.7"]),
"attr_ipp_versions": ListOf(String(), doc="Each IPP version, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Always in the form 'x.y'.", examples=["1.0", "1.1", "2.0", "2.1"]),
"attr_printer_uris": ListOf(String(), doc="Each printer URI, if any, specified in the list of attributes returned in a get-printer-attributes response or CUPS-get-printers response. Uses ipp(s) or http(s) scheme, followed by a hostname or IP, and then the path to a particular printer.", examples=["ipp://201.6.251.191:631/printers/Etiqueta", "http://163.212.253.14/ipp", "ipp://BRNB8763F84DD6A.local./ipp/port1"]),
"response": http_response_full,
"cups_response": http_response_full,
"tls": zgrab2.tls_log,
"redirect_response_chain": ListOf(http_response_full, doc="Each response returned while following a series of redirects."),
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-ipp", ipp_scan_response)
zgrab2.register_scan_response_type("ipp", ipp_scan_response)
# zschema sub-schema for zgrab2's telnet module
# Registers zgrab2-telnet globally, and telnet with the main zgrab2 schema.
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
telnet_option = SubRecord({
"name": String(),
"value": Unsigned16BitInteger(),
})
telnet_scan_response = SubRecord({
"result": SubRecord({
"banner": String(),
"will": ListOf(telnet_option),
"do": ListOf(telnet_option),
"wont": ListOf(telnet_option),
"dont": ListOf(telnet_option),
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-telnet", telnet_scan_response)
zgrab2.register_scan_response_type("telnet", telnet_scan_response)
for url in urls:
fp.write('# %s\n' % url)
fp.write('mysql_error_code_to_id = {\n')
for code in sorted(codes):
id = codes[code]
fp.write(' 0x%04x: "%s",\n' % (code, id))
fp.write('}\n')
with open(os.path.join(root, "lib/mysql/errors.go"), "w") as fp:
fp.write('package mysql\n\n')
fp.write('// Auto-generated at %s using data aggregated from:\n' %
timestamp)
for url in urls:
fp.write('// %s\n' % url)
fp.write('\n')
fp.write(
'// ErrorCodes maps the 16-bit error codes to the "ErrorID"s defined in the docs.\n'
)
fp.write('var ErrorCodes = map[uint16]string {\n')
for code in sorted(codes):
id = codes[code]
fp.write(' 0x%04x: "%s",\n' % (code, id))
fp.write('}\n')
zschema.registry.register_schema("zgrab2-mysql", mysql_scan_response)
zgrab2.register_scan_response_type('mysql', mysql_scan_response)
# zschema sub-schema for zgrab2's ftp module
# Registers zgrab2-ftp globally, and ftp with the main zgrab2 schema.
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
# modules/ftp.go - FTPScanResults
ftp_scan_response = SubRecord({
"result": SubRecord({
"tls": zgrab2.tls_log,
"banner": String(),
"auth_tls": String(),
"auth_ssl": String(),
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-ftp", ftp_scan_response)
zgrab2.register_scan_response_type("ftp", ftp_scan_response)
# zschema sub-schema for zgrab2's pop3 module
# Registers zgrab2-pop3 globally, and pop3 with the main zgrab2 schema.
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
pop3_scan_response = SubRecord({
"result": SubRecord({
"banner": String(doc="The POP3 banner."),
"noop": String(doc="The server's response to the NOOP command."),
"help": String(doc="The server's response to the HELP command."),
"starttls": String(doc="The server's response to the STARTTLS command."),
"quit": String(doc="The server's response to the QUIT command."),
"tls": zgrab2.tls_log,
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-pop3", pop3_scan_response)
zgrab2.register_scan_response_type("pop3", pop3_scan_response)
# zschema sub-schema for zgrab2's checkpoint module
# Registers zgrab2-checkpoint globally, and checkpoint with the main zgrab2 schema.
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
checkpoint_scan_response = SubRecord(
{"result": SubRecord({
"firewall_host": String(),
"host": String()
})},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-checkpoint", checkpoint_scan_response)
zgrab2.register_scan_response_type("checkpoint", checkpoint_scan_response)
negotiate_log = SubRecord(extended(header_log, {
'security_mode': Unsigned16BitInteger(),
'dialect_revision': Unsigned16BitInteger(),
'server_guid': Binary(),
'capabilities': Unsigned32BitInteger(),
'system_time': Unsigned32BitInteger(),
'server_start_time': Unsigned32BitInteger(),
'authentication_types': ListOf(String()),
}))
session_setup_log = SubRecord(extended(header_log, {
'setup_flags': Unsigned16BitInteger(),
'target_name': String(),
'negotiate_flags': Unsigned32BitInteger(),
}))
smb_scan_response = SubRecord({
'result': SubRecord({
'smbv1_support': Boolean(),
'negotiation_log': negotiate_log,
'has_ntlm': Boolean(),
'session_setup_log': session_setup_log,
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema('zgrab2-smb', smb_scan_response)
zgrab2.register_scan_response_type('smb', smb_scan_response)
'conformity_level': Unsigned8BitInteger(),
'more_follows': Boolean(),
'next_object_id': Unsigned8BitInteger(),
'object_count': Unsigned8BitInteger(),
'objects': mei_object_set,
})
exception_response = SubRecord({
'exception_function': Unsigned8BitInteger(),
'exception_type': Unsigned8BitInteger(),
})
modbus_scan_response = SubRecord(
{
'result':
SubRecord({
'length': Unsigned16BitInteger(),
'unit_id': Unsigned8BitInteger(),
'function_code': Unsigned8BitInteger(),
'raw_response': Binary(),
'mei_response': mei_response,
'exception_response': exception_response,
'raw': Binary(),
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema('zgrab2-modbus', modbus_scan_response)
zgrab2.register_scan_response_type('modbus', modbus_scan_response)
# zschema sub-schema for zgrab2's dnp3 module
# Registers zgrab2-dnp3 globally, and dnp3 with the main zgrab2 schema.
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
dnp3_scan_response = SubRecord(
{"result": SubRecord({
"is_dnp3": Boolean(),
"raw_response": Binary(),
})},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-dnp3", dnp3_scan_response)
zgrab2.register_scan_response_type("dnp3", dnp3_scan_response)
]),
"info_response":
String(
doc=
"The response from the INFO command. Should be a series of key:value pairs separated by CRLFs.",
examples=[
"# Server\r\nredis_version:4.0.7\r\nkey2:value2\r\n",
"(Error: NOAUTH Authentication required.)",
]),
"auth_response":
String(doc="The response from the AUTH command, if sent."),
"nonexistent_response":
String("The response from the NONEXISTENT command.",
examples=[
"(Error: ERR unknown command 'NONEXISTENT')",
]),
"quit_response":
String(doc="The response to the QUIT command.", examples=["OK"]),
"version":
String(
doc=
"The version string, read from the the info_response (if available)."
),
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-redis", redis_scan_response)
zgrab2.register_scan_response_type("redis", redis_scan_response)
SubRecord({
"dist_mod": String(),
"dist_arch": String(),
"cc": String(),
"cc_flags": String(),
"cxx": String(),
"cxx_flags": String(),
"link_flags": String(),
"target_arch": String(),
"target_os": String()
})
}),
"is_master":
SubRecord({
"is_master": Boolean(),
"max_wire_version": Signed32BitInteger(),
"min_wire_version": Signed32BitInteger(),
"max_bson_object_size": Signed32BitInteger(),
"max_write_batch_size": Signed32BitInteger(),
"logical_session_timeout_minutes": Signed32BitInteger(),
"max_message_size_bytes": Signed32BitInteger(),
"read_only": Boolean()
})
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-mongodb", mongodb_scan_response)
zgrab2.register_scan_response_type("mongodb", mongodb_scan_response)
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
siemens_scan_response = SubRecord(
{
'result':
SubRecord({
'is_s7': Boolean(),
'system': String(),
'module': String(),
'plant_id': String(),
'copyright': String(),
'serial_number': String(),
'module_type': String(),
'reserved_for_os': String(),
'memory_serial_number': String(),
'cpu_profile': String(),
'oem_id': String(),
'location': String(),
'module_id': String(),
'hardware': String(),
'firmware': String(),
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema('zgrab2-siemens', siemens_scan_response)
zgrab2.register_scan_response_type('siemens', siemens_scan_response)
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
fox_scan_response = SubRecord({
'result': SubRecord({
'is_fox': Boolean(),
'version': String(),
'id': Unsigned32BitInteger(),
'hostname': String(),
'host_address': String(),
'app_name': String(),
'app_version': String(),
'vm_name': String(),
'vm_version': String(),
'os_name': String(),
'os_version': String(),
'station_name': String(),
'language': String(),
'time_zone': String(),
'host_id': String(),
'vm_uuid': String(),
'brand_id': String(),
'sys_info': String(),
'agent_auth_type': String(),
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema('zgrab2-fox', fox_scan_response)
zgrab2.register_scan_response_type('fox', fox_scan_response)
# zschema sub-schema for zgrab2's imap module
# Registers zgrab2-imap globally, and imap with the main zgrab2 schema.
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
imap_scan_response = SubRecord(
{
"result":
SubRecord({
"banner":
String(doc="The IMAP banner."),
"starttls":
String(doc="The server's response to the STARTTLS command."),
"close":
String(doc="The server's response to the CLOSE command."),
"tls":
zgrab2.tls_log,
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-imap", imap_scan_response)
zgrab2.register_scan_response_type("imap", imap_scan_response)
"result": SubRecord({
"handshake": SubRecord({
"accept_version": Unsigned16BitInteger(doc="The protocol version number from the Accept packet."),
"global_service_options": FlagsSet(global_service_options, doc="Set of flags that the server returns in the Accept packet."),
"connect_flags0": FlagsSet(connect_flags, doc="The first set of ConnectFlags returned in the Accept packet."),
"connect_flags1": FlagsSet(connect_flags, doc="The second set of ConnectFlags returned in the Accept packet."),
"did_resend": Boolean(doc="True if the server sent a Resend packet request in response to the client's first Connect packet."),
"redirect_target_raw": String(doc="The connect descriptor returned by the server in the Redirect packet, if one is sent. Otherwise, omitted.", examples=[
"(DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=theServiceName)(CID=(PROGRAM=zgrab2)(HOST=targethost)(USER=targetuser)))(ADDRESS=(PROTOCOL=TCP)(HOST=1.2.3.4)(PORT=1521)))"
]),
"redirect_target": ListOf(descriptor_entry, doc="The parsed connect descriptor returned by the server in the redirect packet, if one is sent. Otherwise, omitted. The parsed descriptor is a list of objects with key and value, where the keys strings like 'DESCRIPTION.CONNECT_DATA.SERVICE_NAME'."),
"refuse_error_raw": String(doc="The data from the Refuse packet returned by the server; it is empty if the server does not return a Refuse packet.", examples=[
"(DESCRIPTION=(ERR=1153)(VSNNUM=186647040)(ERROR_STACK=(ERROR=(CODE=1153)(EMFI=4)(ARGS='()'))(ERROR=(CODE=303)(EMFI=1))))"
]),
"refuse_error": ListOf(descriptor_entry, doc="The parsed descriptor returned by the server in the Refuse packet; it is empty if the server does not return a Refuse packet. The keys are strings like 'DESCRIPTION.ERROR_STACK.ERROR.CODE'."),
"refuse_version": String(doc="The parsed DESCRIPTION.VSNNUM field from the RefuseError descriptor returned by the server in the Refuse packet, in dotted-decimal format.", examples=["11.2.0.2.0"]),
"refuse_reason_app": String(doc="The 'AppReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string. Omitted if the server did not send a Refuse packet.", examples=["0x22", "0x04"]),
"refuse_reason_sys": String(doc="The 'SysReason' returned by the server in the RefusePacket, as an 8-bit unsigned hex string. Omitted if the server did not send a Refuse packet.", examples=["0x00", "0x04"]),
"nsn_version": String(doc="The ReleaseVersion string (in dotted-decimal format) in the root of the Native Service Negotiation packet.", examples=["11.2.0.2.0"]),
"nsn_service_versions": SubRecord({
service: String() for service in nsn_services
}, doc="A map from the native Service Negotation service names to the ReleaseVersion (in dotted-decimal format) in that service packet."),
}, doc="The log of the Oracle / TDS handshake process."),
"tls": zgrab2.tls_log,
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-oracle", oracle_scan_response)
zgrab2.register_scan_response_type("oracle", oracle_scan_response)
})
# modules/postgres/scanner.go: BackendKeyData
postgres_key_data = SubRecord({
"process_id": Unsigned32BitInteger(),
"secret_key": Unsigned32BitInteger(),
})
# modules/postgres/scanner.go: PostgresResults
postgres_scan_response = SubRecord(
{
"result":
SubRecord({
"tls": zgrab2.tls_log,
"supported_versions": String(),
"protocol_error": postgres_error,
"startup_error": postgres_error,
"is_ssl": Boolean(required=True),
"authentication_mode": postgres_auth_mode,
# TODO FIXME: This is currendly an unconstrained map[string]string
"server_parameters": String(),
"backend_key_data": postgres_key_data,
"transaction_status": String(),
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-postgres", postgres_scan_response)
zgrab2.register_scan_response_type("postgres", postgres_scan_response)
# zschema sub-schema for zgrab2's smtp module
# Registers zgrab2-smtp globally, and smtp with the main zgrab2 schema.
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
import zcrypto_schemas.zcrypto as zcrypto
import zgrab2
smtp_scan_response = SubRecord({
"result": SubRecord({
"banner": String(),
"ehlo": String(),
"helo": String(),
"help": String(),
"starttls": String(),
"quit": String(),
"tls": zgrab2.tls_log,
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-smtp", smtp_scan_response)
zgrab2.register_scan_response_type("smtp", smtp_scan_response)
# zschema sub-schema for zgrab2's bacnet module
# Registers zgrab2-bacnet globally, and bacnet with the main zgrab2 schema.
from zschema.leaves import *
from zschema.compounds import *
import zschema.registry
import zcrypto_schemas
import zgrab2
bacnet_scan_response = SubRecord(
{
"result":
SubRecord({
"is_bacnet": Boolean(),
"instance_number": Unsigned32BitInteger(),
"vendor_id": Unsigned16BitInteger(),
"vendor_name": String(),
"firmware_revision": String(),
"application_software_revision": String(),
"object_name": String(),
"model_name": String(),
"description": String(),
"location": String(),
})
},
extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-bacnet", bacnet_scan_response)
zgrab2.register_scan_response_type("bacnet", bacnet_scan_response)
"status_line": String(),
"status_code": Unsigned32BitInteger(),
# lib/http/protocol.go: http.Protocol
"protocol": SubRecord({
"name": String(),
"major": Unsigned32BitInteger(),
"minor": Unsigned32BitInteger(),
}),
"headers": http_headers,
"body": String(),
"body_sha256": Binary(),
"content_length": Signed64BitInteger(),
"transfer_encoding": ListOf(String()),
"trailers": http_headers,
"request": http_request_full
})
# modules/http.go: HTTPResults
http_scan_response = SubRecord({
"result": SubRecord({
"connect_request": http_request,
"connect_response": http_response,
"response": http_response_full,
"redirect_response_chain": ListOf(http_response_full),
})
}, extends=zgrab2.base_scan_response)
zschema.registry.register_schema("zgrab2-http", http_scan_response)
zgrab2.register_scan_response_type("http", http_scan_response)
