Updated requirements and added check for WinRM
Since Nmap reports WinRM as HTTP, the port scan plugins now do a few additional checks on ports 5985 and 5986 to avoid running needless HTTP plugins if the services are just WinRM. Updated the project dependencies to match.
This commit is contained in:
Tib3rius
parent
28521f6e00
commit
ef53ebb01d
|
|
@ -1,6 +1,6 @@
|
||||||
from autorecon.plugins import PortScan
|
from autorecon.plugins import PortScan
|
||||||
from autorecon.config import config
|
from autorecon.config import config
|
||||||
import re
|
import re, requests
|
||||||
|
|
||||||
class AllTCPPortScan(PortScan):
|
class AllTCPPortScan(PortScan):
|
||||||
|
|
||||||
|
|
@ -33,7 +33,18 @@ class AllTCPPortScan(PortScan):
|
||||||
if match:
|
if match:
|
||||||
target.info('Discovered open port {bmagenta}tcp/' + match.group(1) + '{rst} on {byellow}' + target.address + '{rst}', verbosity=1)
|
target.info('Discovered open port {bmagenta}tcp/' + match.group(1) + '{rst} on {byellow}' + target.address + '{rst}', verbosity=1)
|
||||||
service = target.extract_service(line)
|
service = target.extract_service(line)
|
||||||
|
|
||||||
if service:
|
if service:
|
||||||
|
# Check if HTTP service appears to be WinRM. If so, override service name as wsman.
|
||||||
|
if service.name == 'http' and service.port in [5985, 5986]:
|
||||||
|
wsman = requests.get(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False)
|
||||||
|
if wsman.status_code == 405:
|
||||||
|
service.name = 'wsman'
|
||||||
|
wsman = requests.post(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False)
|
||||||
|
else:
|
||||||
|
if wsman.status_code == 401:
|
||||||
|
service.name = 'wsman'
|
||||||
|
|
||||||
services.append(service)
|
services.append(service)
|
||||||
else:
|
else:
|
||||||
break
|
break
|
||||||
|
|
|
||||||
|
|
@ -22,5 +22,17 @@ class QuickTCPPortScan(PortScan):
|
||||||
|
|
||||||
process, stdout, stderr = await target.execute('nmap {nmap_extra} -sV -sC --version-all' + traceroute_os + ' -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}', blocking=False)
|
process, stdout, stderr = await target.execute('nmap {nmap_extra} -sV -sC --version-all' + traceroute_os + ' -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}', blocking=False)
|
||||||
services = await target.extract_services(stdout)
|
services = await target.extract_services(stdout)
|
||||||
|
|
||||||
|
for service in services:
|
||||||
|
# Check if HTTP service appears to be WinRM. If so, override service name as wsman.
|
||||||
|
if service.name == 'http' and service.port in [5985, 5986]:
|
||||||
|
wsman = requests.get(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False)
|
||||||
|
if wsman.status_code == 405:
|
||||||
|
service.name = 'wsman'
|
||||||
|
wsman = requests.post(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False)
|
||||||
|
else:
|
||||||
|
if wsman.status_code == 401:
|
||||||
|
service.name = 'wsman'
|
||||||
|
|
||||||
await process.wait()
|
await process.wait()
|
||||||
return services
|
return services
|
||||||
|
|
|
||||||
|
|
@ -10,9 +10,11 @@ packages = [
|
||||||
]
|
]
|
||||||
|
|
||||||
[tool.poetry.dependencies]
|
[tool.poetry.dependencies]
|
||||||
python = "^3.7"
|
python = "^3.8"
|
||||||
appdirs = "^1.4.4"
|
appdirs = "^1.4.4"
|
||||||
colorama = "^0.4.4"
|
colorama = "^0.4.5"
|
||||||
|
impacket = "^0.10.0"
|
||||||
|
requests = "^2.28.1"
|
||||||
toml = "^0.10.2"
|
toml = "^0.10.2"
|
||||||
Unidecode = "^1.3.1"
|
Unidecode = "^1.3.1"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,6 @@
|
||||||
appdirs
|
appdirs
|
||||||
colorama
|
colorama
|
||||||
|
impacket
|
||||||
|
requests
|
||||||
toml
|
toml
|
||||||
unidecode
|
unidecode
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue