Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Make banner read options configurable via CLI #468

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

svbatalov
Copy link
Contributor

Currently the banner module waits 10ms before closing connection. In my use case an XMPP server sends an initial response immediately and some additional data after a delay of about 300ms. With netcat we get the full response (note the <stream:features> at the end)

$ cat /tmp/xmpp_probe.txt | nc -w 1 -v 186.28.231.211 5222
Connection to 186.28.231.211 5222 port [tcp/xmpp-client] succeeded!
<?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="taxserver" id="8sah4gmt6i" xml:lang="en" version="1.0"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><register xmlns="http://jabber.org/features/iq-register"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="HGEf1bz7upaMudXxphDOpv49az0="/></stream:features>

while with zgrab2 we get only the initial response:

$ echo 186.28.231.211 | ./zgrab2 banner -p 5222 --probe-file /tmp/xmpp_probe.txt 2>/dev/null | jq -r .data.banner.result.banner
<?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="taxserver" id="1w7w1fs3id" xml:lang="en" version="1.0">

In both cases the following request was sent:

$ cat /tmp/xmpp_probe.txt
<?xml version='1.0'?>
        <stream:stream
        from='juliet@im.example.com'
        to='im.example.com'
        version='1.0'
        xml:lang='en'
        xmlns='jabber:client'
        xmlns:stream='http://etherx.jabber.org/streams'>

The proposed change introduces a new command line flag --read-timeout, which allows to change the default read timeout:

$ echo 186.28.231.211 | ./zgrab2 banner -p 5222 --probe-file /tmp/xmpp_probe.txt --read-timeout=400 2>/dev/null | jq -r .data.banner.result.banner
<?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="taxserver" id="ansjqzpech" xml:lang="en" version="1.0"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><register xmlns="http://jabber.org/features/iq-register"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="HGEf1bz7upaMudXxphDOpv49az0="/></stream:features>

Since banner module is a generic way to handle protocols not already built into zgrab2, I though that it makes sense to make other read options configurable as well. Namely, in addition to --read-timeout, this PR introduces options --buffer-size and --max-read-size. Relevant part of zgrab2 banner --help:

     --read-timeout=              Read timeout in milliseconds (default: 10)
     --buffer-size=               Read buffer size in bytes (default: 8209)
     --max-read-size=             Maximum amount of data to read in KiB (1024 bytes) (default: 512)

Default values are kept the same, so this should not have unintended side effects.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant