Skip to content

Refactor HTTP scanning/fingerprinting #2136

New issue
New issue
Closed
#3002
Closed
Refactor HTTP scanning/fingerprinting#2136
#3002
Labels
Complexity: HighImpact: HighPluginsRefactorsp/8
Milestone
v2.1.0
@mssalvatore

Description

@mssalvatore
mssalvatore
opened on Jul 27, 2022

Refactor

Component(s) to be refactored

  • AgentConfiguration
  • HTTPFingerprinter

Explanation

Web exploiters, configuration, and fingerprinters are coupled in a strange way. The configuration specifies which ports are HTTP ports, the HTTPFingerprinter confirms this, and the web exploiters exploit any ports that the fingerprinter has confirmed are HTTP ports. This means both exploiters and fingerprinters need access to the list of pre-approved HTTP ports. It also means if HTTP ports exist outside the preordained set, they won't be exploited.

Instead, the scanner should be responsible for determining whether or not a port is an HTTP port. There's no need to configure this information. If we want to allow exploiters to exploit only certain ports, then only those ports should be scanned, or we should specify the allowed ports in the exploiter's configuration.

Tasks

  • Update PortScanData (0d) - @shreyamalviya
    • Rename PortScanData.service to PortScanData.service_deprecated
    • Add PortScanData.service as a NetworkService
  • Update TargetHost (0d) - @shreyamalviya
    • Add NetworkProtocol enum with TCP, UDP, and ICMP
    • Add TargetHost.port_status: Dict[Union[NetworkProtocol.TCP, NetworkProtocol.UDP], Dict[NetworkPort, PortScanData]]
  • Redefine FingerprintData with pydantic (0d) - @ilija-lazoroski
    • Change FingerprintData.services to FingerprintData.service: [NetworkService]
  • Modify each fingerprinter to return the new FingerPrintData, add services to NetworkService enum as necessary (0d) - @ilija-lazoroski
    • HTTP
    • MSSQL
    • SMB
    • SSH
  • Modify master.propagator to populate the TargetHost.port_status dict based on the port scan and fingerprint results (0d) - @shreyamalviya @cakekoa
  • Replace all uses of TargetHost.services with TargetHost.port_status (0d) @cakekoa @shreyamalviya
    • Remove TargetHost.services
  • Modify hadoop exploiter with the following options (0d): @cakekoa
    • Boolean option to try all HTTP ports
  • Modify hadoop exploiter to skip configured ports if they are closed (try if the status is unknown) (0d) @cakekoa

Metadata

Metadata

Assignees

No one assigned

    Labels

    Complexity: HighImpact: HighPluginsRefactorsp/8

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions