Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var CommonPorts = map[int]string{
21: "ftp",
22: "ssh",
23: "telnet",
25: "smtp",
53: "dns",
80: "http",
110: "pop3",
111: "rpcbind",
135: "msrpc",
139: "netbios-ssn",
143: "imap",
443: "https",
445: "microsoft-ds",
993: "imaps",
995: "pop3s",
1433: "mssql",
1521: "oracle",
2049: "nfs",
3306: "mysql",
3389: "rdp",
5432: "postgresql",
5900: "vnc",
6379: "redis",
8080: "http-proxy",
8443: "https-alt",
8888: "http-alt",
9090: "http-alt",
9200: "elasticsearch",
27017: "mongodb",
}
CommonPorts are the most commonly scanned ports with their typical services.
var UDPPorts = map[int]struct { service string probe []byte // payload to elicit a response }{ 53: {"dns", []byte{0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 'v', 'e', 'r', 's', 'i', 'o', 'n', 0x04, 'b', 'i', 'n', 'd', 0x00, 0x00, 0x10, 0x00, 0x03}}, 123: {"ntp", []byte{0x1b, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}, 161: {"snmp", []byte{0x30, 0x26, 0x02, 0x01, 0x01, 0x04, 0x06, 'p', 'u', 'b', 'l', 'i', 'c', 0xa0, 0x19, 0x02, 0x04, 0x00, 0x00, 0x00, 0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, 0x0b, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x05, 0x00}}, 500: {"isakmp", []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01, 0x10, 0x02, 0x00, 0, 0, 0, 0, 0, 0, 0, 0}}, }
UDPPorts are common UDP services worth probing.
Functions ¶
This section is empty.
Types ¶
type DefaultCredResult ¶
type DefaultCredResult struct {
Host string `json:"host"`
Port int `json:"port"`
Service string `json:"service"`
Detail string `json:"detail"`
}
DefaultCredResult represents the result of a default credential check.
func CheckDefaultCredentials ¶
func CheckDefaultCredentials(hosts []Host, timeout time.Duration) []DefaultCredResult
CheckDefaultCredentials probes discovered services for no-auth or default credentials. Only checks well-known defaults — this is NOT brute-forcing.
type Host ¶
type Host struct {
IP string `json:"ip"`
Hostname string `json:"hostname,omitempty"`
Ports []Port `json:"ports"`
OS string `json:"os,omitempty"`
}
Host represents a discovered network host.
type Port ¶
type Port struct {
Number int `json:"number"`
Protocol string `json:"protocol"` // "tcp", "udp"
State string `json:"state"` // "open", "closed", "filtered"
Service string `json:"service"` // "http", "ssh", "mysql", etc.
Version string `json:"version"` // "Apache/2.4.49", "OpenSSH 8.2p1"
Banner string `json:"banner,omitempty"`
}
Port represents an open port with service info.
type ScanResult ¶
type ScanResult struct {
Target string `json:"target"`
ScannedAt time.Time `json:"scanned_at"`
Duration string `json:"duration"`
Hosts []Host `json:"hosts"`
Findings []cve.Finding `json:"findings,omitempty"`
DefaultCreds []DefaultCredResult `json:"default_creds,omitempty"`
}
ScanResult holds network scan results.
type Scanner ¶
type Scanner struct {
CheckCreds bool
// contains filtered or unexported fields
}
Scanner performs network reconnaissance: host discovery, port scanning, service fingerprinting, and CVE matching.
func New ¶
func New(agg *cve.Aggregator) *Scanner
type ServiceCVEMatcher ¶
type ServiceCVEMatcher struct {
// contains filtered or unexported fields
}
ServiceCVEMatcher maps discovered service versions to CVEs via CPE strings.
func NewServiceCVEMatcher ¶
func NewServiceCVEMatcher(agg *cve.Aggregator) *ServiceCVEMatcher
func (*ServiceCVEMatcher) MatchServices ¶
MatchServices queries NVD for CVEs affecting discovered service versions.
Source Files