From 6cd6955a0df21959fe0b9c8dde004e72015c2855 Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Wed, 8 Sep 2021 21:30:07 -0400 Subject: [PATCH] Proxychains bug fixes. Removed UDP port scans from proxychains. Fixed bug where running nmap through proxychains as sudo wouldn't work. --- autorecon.py | 14 ++++++++++---- autorecon/plugins.py | 7 +++++++ autorecon/targets.py | 5 +++-- plugins/default-port-scan.py | 25 ++++++++++++++++++++----- 4 files changed, 40 insertions(+), 11 deletions(-) diff --git a/autorecon.py b/autorecon.py index 3e8a8a9..0ba4e71 100644 --- a/autorecon.py +++ b/autorecon.py @@ -183,8 +183,8 @@ async def port_scan(plugin, target): target.ports['tcp'] = ','.join(config['ports']['tcp']) if config['ports']['udp']: target.ports['udp'] = ','.join(config['ports']['udp']) - if plugin.type is None: - warn('Port scan {bblue}' + plugin.name + ' {green}(' + plugin.slug + '){rst} does not have a type set, and --ports was used. Skipping.') + if plugin.specific_ports is False: + warn('Port scan {bblue}' + plugin.name + ' {green}(' + plugin.slug + '){rst} cannot be used to scan specific ports, and --ports was used. Skipping.') return {'type':'port', 'plugin':plugin, 'result':[]} else: if plugin.type == 'tcp' and not config['ports']['tcp']: @@ -278,7 +278,7 @@ async def service_scan(plugin, service): addressv6 = '[' + addressv6 + ']' ipaddressv6 = '[' + ipaddressv6 + ']' - if config['proxychains']: + if config['proxychains'] and protocol == 'tcp': nmap_extra += ' -sT' tag = service.tag() + '/' + plugin.slug @@ -391,6 +391,9 @@ async def scan_target(target): match = re.search('(?P(tcp|udp))\/(?P\d+)\/(?P[\w\-\/]+)\/(?Psecure|insecure)', forced_service) if match: protocol = match.group('protocol') + if config['proxychains'] and protocol == 'udp': + error('The service ' + forced_service + ' uses UDP and --proxychains is enabled. Skipping.') + continue port = int(match.group('port')) service = match.group('service') secure = True if match.group('secure') == 'secure' else False @@ -408,6 +411,9 @@ async def scan_target(target): return else: for plugin in target.autorecon.plugin_types['port']: + if config['proxychains'] and plugin.type == 'udp': + continue + plugin_tag_set = set(plugin.tags) matching_tags = False @@ -503,7 +509,7 @@ async def scan_target(target): addressv6 = '[' + addressv6 + ']' ipaddressv6 = '[' + ipaddressv6 + ']' - if config['proxychains']: + if config['proxychains'] and protocol == 'tcp': nmap_extra += ' -sT' service_match = False diff --git a/autorecon/plugins.py b/autorecon/plugins.py index 4f97811..e3eb295 100644 --- a/autorecon/plugins.py +++ b/autorecon/plugins.py @@ -95,6 +95,7 @@ class PortScan(Plugin): def __init__(self): super().__init__() self.type = None + self.specific_ports = False async def run(self, target): raise NotImplementedError @@ -307,6 +308,12 @@ class AutoRecon(object): fail('Error: the plugin "' + plugin.name + '" in ' + filename + ' needs either a "manual" function, a "run" coroutine, or both.', file=sys.stderr) if issubclass(plugin.__class__, PortScan): + if plugin.type is None: + fail('Error: the PortScan plugin "' + plugin.name + '" in ' + filename + ' requires a type (either tcp or udp).') + else: + plugin.type = plugin.type.lower() + if plugin.type not in ['tcp', 'udp']: + fail('Error: the PortScan plugin "' + plugin.name + '" in ' + filename + ' has an invalid type (should be tcp or udp).') self.plugin_types["port"].append(plugin) elif issubclass(plugin.__class__, ServiceScan): self.plugin_types["service"].append(plugin) diff --git a/autorecon/targets.py b/autorecon/targets.py index 40476f7..1cc03e7 100644 --- a/autorecon/targets.py +++ b/autorecon/targets.py @@ -51,10 +51,11 @@ class Target: addressv6 = '[' + addressv6 + ']' ipaddressv6 = '[' + ipaddressv6 + ']' + plugin = inspect.currentframe().f_back.f_locals['self'] + if config['proxychains']: nmap_extra += ' -sT' - plugin = inspect.currentframe().f_back.f_locals['self'] cmd = e(cmd) tag = plugin.slug @@ -155,7 +156,7 @@ class Service: addressv6 = '[' + addressv6 + ']' ipaddressv6 = '[' + ipaddressv6 + ']' - if config['proxychains']: + if config['proxychains'] and protocol == 'tcp': nmap_extra += ' -sT' plugin = inspect.currentframe().f_back.f_locals['self'] diff --git a/plugins/default-port-scan.py b/plugins/default-port-scan.py index 137d950..f9ff930 100644 --- a/plugins/default-port-scan.py +++ b/plugins/default-port-scan.py @@ -1,5 +1,6 @@ from autorecon.plugins import PortScan from autorecon.io import info, error +from autorecon.config import config import os, re class QuickTCPPortScan(PortScan): @@ -9,17 +10,23 @@ class QuickTCPPortScan(PortScan): self.name = 'Top TCP Ports' self.description = 'Performs an Nmap scan of the top 1000 TCP ports.' self.type = 'tcp' + self.specific_ports = True self.tags = ['default', 'default-port-scan'] self.priority = 0 async def run(self, target): + if config['proxychains']: + traceroute_os = '' + else: + traceroute_os = ' -A --osscan-guess' + if target.ports: if target.ports['tcp']: - process, stdout, stderr = await target.execute('nmap {nmap_extra} -A --osscan-guess --version-all -p ' + target.ports['tcp'] + ' -oN "{scandir}/_custom_ports_tcp_nmap.txt" -oX "{scandir}/xml/_custom_ports_tcp_nmap.xml" {address}', blocking=False) + process, stdout, stderr = await target.execute('nmap {nmap_extra} -sV -sC --version-all' + traceroute_os + ' -p ' + target.ports['tcp'] + ' -oN "{scandir}/_custom_ports_tcp_nmap.txt" -oX "{scandir}/xml/_custom_ports_tcp_nmap.xml" {address}', blocking=False) else: return [] else: - process, stdout, stderr = await target.execute('nmap {nmap_extra} -A --osscan-guess --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}', blocking=False) + process, stdout, stderr = await target.execute('nmap {nmap_extra} -sV -sC --version-all' + traceroute_os + ' -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}', blocking=False) services = await target.extract_services(stdout) await process.wait() return services @@ -30,12 +37,19 @@ class AllTCPPortScan(PortScan): super().__init__() self.name = 'All TCP Ports' self.description = 'Performs an Nmap scan of all TCP ports.' + self.type = 'tcp' self.tags = ['default', 'default-port-scan', 'long'] async def run(self, target): if target.ports: # Don't run this plugin if there are custom ports. return [] - process, stdout, stderr = await target.execute('nmap {nmap_extra} -A --osscan-guess --version-all -p- -oN "{scandir}/_full_tcp_nmap.txt" -oX "{scandir}/xml/_full_tcp_nmap.xml" {address}', blocking=False) + + if config['proxychains']: + traceroute_os = '' + else: + traceroute_os = ' -A --osscan-guess' + + process, stdout, stderr = await target.execute('nmap {nmap_extra} -sV -sC --version-all' + traceroute_os + ' -p- -oN "{scandir}/_full_tcp_nmap.txt" -oX "{scandir}/xml/_full_tcp_nmap.xml" {address}', blocking=False) services = [] while True: line = await stdout.readline() @@ -58,6 +72,7 @@ class Top100UDPPortScan(PortScan): self.name = 'Top 100 UDP Ports' self.description = 'Performs an Nmap scan of the top 100 UDP ports.' self.type = 'udp' + self.specific_ports = True self.tags = ['default', 'default-port-scan', 'long'] async def run(self, target): @@ -65,11 +80,11 @@ class Top100UDPPortScan(PortScan): if os.getuid() == 0: if target.ports: if target.ports['udp']: - process, stdout, stderr = await target.execute('nmap {nmap_extra} -sU -A --version-all -p ' + target.ports['udp'] + ' -oN "{scandir}/_custom_ports_udp_nmap.txt" -oX "{scandir}/xml/_custom_ports_udp_nmap.xml" {address}', blocking=False) + process, stdout, stderr = await target.execute('nmap {nmap_extra} -sU -A --osscan-guess -p ' + target.ports['udp'] + ' -oN "{scandir}/_custom_ports_udp_nmap.txt" -oX "{scandir}/xml/_custom_ports_udp_nmap.xml" {address}', blocking=False) else: return [] else: - process, stdout, stderr = await target.execute('nmap {nmap_extra} -sU -A --version-all --top-ports 100 -oN "{scandir}/_top_100_udp_nmap.txt" -oX "{scandir}/xml/_top_100_udp_nmap.xml" {address}', blocking=False) + process, stdout, stderr = await target.execute('nmap {nmap_extra} -sU -A --top-ports 100 -oN "{scandir}/_top_100_udp_nmap.txt" -oX "{scandir}/xml/_top_100_udp_nmap.xml" {address}', blocking=False) services = [] while True: line = await stdout.readline()