From fcdad3a6857f8aed6cfde41b1fd326b1840bece4 Mon Sep 17 00:00:00 2001 From: phillip-stephens Date: Thu, 16 Jan 2025 14:23:34 -0800 Subject: [PATCH] add flag groupings to clean up CLI --- modules/amqp091/scanner.go | 14 +++++++------- modules/bacnet/scanner.go | 5 +++-- modules/banner/scanner.go | 5 +++-- modules/dnp3/scanner.go | 5 ++--- modules/fox/scanner.go | 9 ++++----- modules/ftp/scanner.go | 4 ++-- modules/http/scanner.go | 18 +++++++++--------- modules/imap/scanner.go | 4 ++-- modules/ipp/scanner.go | 6 +++--- modules/jarm/scanner.go | 5 +++-- modules/modbus/scanner.go | 13 ++++++------- modules/mongodb/scanner.go | 2 +- modules/mssql/scanner.go | 8 ++++---- modules/mysql/scanner.go | 6 +++--- modules/ntp/scanner.go | 3 ++- modules/oracle/scanner.go | 4 ++-- modules/pop3/scanner.go | 4 ++-- modules/postgres/scanner.go | 16 ++++++++-------- modules/siemens/scanner.go | 5 ++--- modules/smb/scanner.go | 3 +-- modules/smtp/scanner.go | 4 ++-- modules/ssh.go | 3 ++- modules/telnet/scanner.go | 9 +++++---- modules/tls.go | 4 ++-- 24 files changed, 80 insertions(+), 79 deletions(-) diff --git a/modules/amqp091/scanner.go b/modules/amqp091/scanner.go index 26d23c73..60973978 100644 --- a/modules/amqp091/scanner.go +++ b/modules/amqp091/scanner.go @@ -7,20 +7,20 @@ import ( amqpLib "github.com/rabbitmq/amqp091-go" log "github.com/sirupsen/logrus" + "github.com/zmap/zgrab2" ) // Flags holds the command-line configuration for the smb scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - - Vhost string `long:"vhost" description:"The vhost to connect to" default:"/"` - AuthUser string `long:"auth-user" description:"Username to use for authentication. Must be used with --auth-pass. No auth is attempted if not provided."` - AuthPass string `long:"auth-pass" description:"Password to use for authentication. Must be used with --auth-user. No auth is attempted if not provided."` + zgrab2.BaseFlags `group:"Basic Options"` + Vhost string `long:"vhost" description:"The vhost to connect to" default:"/"` + AuthUser string `long:"auth-user" description:"Username to use for authentication. Must be used with --auth-pass. No auth is attempted if not provided."` + AuthPass string `long:"auth-pass" description:"Password to use for authentication. Must be used with --auth-user. No auth is attempted if not provided."` - UseTLS bool `long:"use-tls" description:"Use TLS to connect to the server. Note that AMQPS uses a different default port (5671) than AMQP (5672) and you will need to specify that port manually with -p."` - zgrab2.TLSFlags + UseTLS bool `long:"use-tls" description:"Use TLS to connect to the server. Note that AMQPS uses a different default port (5671) than AMQP (5672) and you will need to specify that port manually with -p."` + zgrab2.TLSFlags `group:"TLS Options"` } // Module implements the zgrab2.Module interface. diff --git a/modules/bacnet/scanner.go b/modules/bacnet/scanner.go index c04aefd2..12a77c46 100644 --- a/modules/bacnet/scanner.go +++ b/modules/bacnet/scanner.go @@ -6,6 +6,7 @@ package bacnet import ( log "github.com/sirupsen/logrus" + "github.com/zmap/zgrab2" ) @@ -14,8 +15,8 @@ import ( // Flags holds the command-line configuration for the bacnet scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - zgrab2.UDPFlags + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.UDPFlags `group:"UDP Options"` Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` } diff --git a/modules/banner/scanner.go b/modules/banner/scanner.go index 42f56158..9486d5d9 100644 --- a/modules/banner/scanner.go +++ b/modules/banner/scanner.go @@ -23,7 +23,9 @@ import ( // Flags give the command-line flags for the banner module. type Flags struct { - zgrab2.BaseFlags + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` + Probe string `long:"probe" default:"\\n" description:"Probe to send to the server. Use triple slashes to escape, for example \\\\\\n is literal \\n. Mutually exclusive with --probe-file."` ProbeFile string `long:"probe-file" description:"Read probe from file as byte array (hex). Mutually exclusive with --probe."` Pattern string `long:"pattern" description:"Pattern to match, must be valid regexp."` @@ -34,7 +36,6 @@ type Flags struct { MD5 bool `long:"md5" description:"Calculate MD5 hash of banner value."` SHA1 bool `long:"sha1" description:"Calculate SHA1 hash of banner value."` SHA256 bool `long:"sha256" description:"Calculate SHA256 hash of banner value."` - zgrab2.TLSFlags } // Module is the implementation of the zgrab2.Module interface. diff --git a/modules/dnp3/scanner.go b/modules/dnp3/scanner.go index e11d5ee4..66f38086 100644 --- a/modules/dnp3/scanner.go +++ b/modules/dnp3/scanner.go @@ -13,9 +13,8 @@ import ( // Flags holds the command-line configuration for the dnp3 scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - // TODO: Support UDP? - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + zgrab2.BaseFlags `group:"Basic Options"` // TODO: Support UDP? + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` } // Module implements the zgrab2.Module interface. diff --git a/modules/fox/scanner.go b/modules/fox/scanner.go index a07a7876..ffadcb45 100644 --- a/modules/fox/scanner.go +++ b/modules/fox/scanner.go @@ -15,11 +15,10 @@ import ( // Flags holds the command-line configuration for the fox scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` - UseTLS bool `long:"use-tls" description:"Sends probe with a TLS connection. Loads TLS module command options."` - zgrab2.TLSFlags + zgrab2.BaseFlags `group:"Basic Options"` + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + UseTLS bool `long:"use-tls" description:"Sends probe with a TLS connection. Loads TLS module command options."` + zgrab2.TLSFlags `group:"TLS Options"` } // Module implements the zgrab2.Module interface. diff --git a/modules/ftp/scanner.go b/modules/ftp/scanner.go index a4bbd3a9..23f9ce53 100644 --- a/modules/ftp/scanner.go +++ b/modules/ftp/scanner.go @@ -46,8 +46,8 @@ type ScanResults struct { // Flags are the FTP-specific command-line flags. Taken from the original zgrab. // (TODO: should FTPAuthTLS be on by default?). type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` FTPAuthTLS bool `long:"authtls" description:"Collect FTPS certificates in addition to FTP banners"` diff --git a/modules/http/scanner.go b/modules/http/scanner.go index fa4e0a5e..0e32d320 100644 --- a/modules/http/scanner.go +++ b/modules/http/scanner.go @@ -45,15 +45,15 @@ var ( // // TODO: Custom headers? type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags - Method string `long:"method" default:"GET" description:"Set HTTP request method type"` - Endpoint string `long:"endpoint" default:"/" description:"Send an HTTP request to an endpoint"` - FailHTTPToHTTPS bool `long:"fail-http-to-https" description:"Trigger retry-https logic on known HTTP/400 protocol mismatch responses"` - UserAgent string `long:"user-agent" default:"Mozilla/5.0 zgrab/0.x" description:"Set a custom user agent"` - RetryHTTPS bool `long:"retry-https" description:"If the initial request fails, reconnect and try with HTTPS."` - MaxSize int `long:"max-size" default:"256" description:"Max kilobytes to read in response to an HTTP request"` - MaxRedirects int `long:"max-redirects" default:"0" description:"Max number of redirects to follow"` + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` + Method string `long:"method" default:"GET" description:"Set HTTP request method type"` + Endpoint string `long:"endpoint" default:"/" description:"Send an HTTP request to an endpoint"` + FailHTTPToHTTPS bool `long:"fail-http-to-https" description:"Trigger retry-https logic on known HTTP/400 protocol mismatch responses"` + UserAgent string `long:"user-agent" default:"Mozilla/5.0 zgrab/0.x" description:"Set a custom user agent"` + RetryHTTPS bool `long:"retry-https" description:"If the initial request fails, reconnect and try with HTTPS."` + MaxSize int `long:"max-size" default:"256" description:"Max kilobytes to read in response to an HTTP request"` + MaxRedirects int `long:"max-redirects" default:"0" description:"Max number of redirects to follow"` // FollowLocalhostRedirects overrides the default behavior to return // ErrRedirLocalhost whenever a redirect points to localhost. diff --git a/modules/imap/scanner.go b/modules/imap/scanner.go index dcb8e0c5..d2aba9f4 100644 --- a/modules/imap/scanner.go +++ b/modules/imap/scanner.go @@ -50,8 +50,8 @@ type ScanResults struct { // Flags holds the command-line configuration for the IMAP scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` // SendCLOSE indicates that the CLOSE command should be sent. SendCLOSE bool `long:"send-close" description:"Send the CLOSE command before closing."` diff --git a/modules/ipp/scanner.go b/modules/ipp/scanner.go index 2c0142a6..207d53c2 100644 --- a/modules/ipp/scanner.go +++ b/modules/ipp/scanner.go @@ -92,9 +92,9 @@ type ScanResults struct { // Flags holds the command-line configuration for the ipp scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` //FIXME: Borrowed from http module, determine whether this is all needed MaxSize int `long:"max-size" default:"256" description:"Max kilobytes to read in response to an IPP request"` diff --git a/modules/jarm/scanner.go b/modules/jarm/scanner.go index 960523a7..db74e1d2 100644 --- a/modules/jarm/scanner.go +++ b/modules/jarm/scanner.go @@ -10,13 +10,14 @@ import ( "time" jarm "github.com/hdm/jarm-go" + "github.com/zmap/zgrab2" ) // Flags give the command-line flags for the banner module. type Flags struct { - zgrab2.BaseFlags - MaxTries int `long:"max-tries" default:"1" description:"Number of tries for timeouts and connection errors before giving up."` + zgrab2.BaseFlags `group:"Basic Options"` + MaxTries int `long:"max-tries" default:"1" description:"Number of tries for timeouts and connection errors before giving up."` } // Module is the implementation of the zgrab2.Module interface. diff --git a/modules/modbus/scanner.go b/modules/modbus/scanner.go index aba17804..762db206 100644 --- a/modules/modbus/scanner.go +++ b/modules/modbus/scanner.go @@ -31,13 +31,12 @@ import ( // Flags holds the command-line configuration for the modbus scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - // Protocols that support TLS should include zgrab2.TLSFlags - UnitID uint8 `long:"unit-id" description:"The UnitID / Station ID to probe"` - ObjectID uint8 `long:"object-id" description:"The ObjectID of the object to be read." default:"0x00"` - Strict bool `long:"strict" description:"If set, perform stricter checks on the response data to get fewer false positives"` - RequestID uint16 `long:"request-id" description:"Override the default request ID." default:"0x5A47"` - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + zgrab2.BaseFlags `group:"Basic Options"` // Protocols that support TLS should include zgrab2.TLSFlags + UnitID uint8 `long:"unit-id" description:"The UnitID / Station ID to probe"` + ObjectID uint8 `long:"object-id" description:"The ObjectID of the object to be read." default:"0x00"` + Strict bool `long:"strict" description:"If set, perform stricter checks on the response data to get fewer false positives"` + RequestID uint16 `long:"request-id" description:"Override the default request ID." default:"0x5A47"` + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` } // Module implements the zgrab2.Module interface. diff --git a/modules/mongodb/scanner.go b/modules/mongodb/scanner.go index 85cad769..a2889722 100644 --- a/modules/mongodb/scanner.go +++ b/modules/mongodb/scanner.go @@ -16,7 +16,7 @@ type Module struct { // Flags contains mongodb-specific command-line flags. type Flags struct { - zgrab2.BaseFlags + zgrab2.BaseFlags `group:"Basic Options"` } // Scanner implements the zgrab2.Scanner interface diff --git a/modules/mssql/scanner.go b/modules/mssql/scanner.go index fcc17d15..118f73ba 100644 --- a/modules/mssql/scanner.go +++ b/modules/mssql/scanner.go @@ -43,10 +43,10 @@ type ScanResults struct { // Flags defines the command-line configuration options for the module. type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags - EncryptMode string `long:"encrypt-mode" description:"The type of encryption to request in the pre-login step. One of ENCRYPT_ON, ENCRYPT_OFF, ENCRYPT_NOT_SUP." default:"ENCRYPT_ON"` - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` + EncryptMode string `long:"encrypt-mode" description:"The type of encryption to request in the pre-login step. One of ENCRYPT_ON, ENCRYPT_OFF, ENCRYPT_NOT_SUP." default:"ENCRYPT_ON"` + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` } // Module is the implementation of zgrab2.Module for the MSSQL protocol. diff --git a/modules/mysql/scanner.go b/modules/mysql/scanner.go index ea749c51..1f9d3ebf 100644 --- a/modules/mysql/scanner.go +++ b/modules/mysql/scanner.go @@ -132,9 +132,9 @@ func readResultsFromConnectionLog(connectionLog *mysql.ConnectionLog) *ScanResul // Flags give the command-line flags for the MySQL module. type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` } // Module is the implementation of the zgrab2.Module interface. diff --git a/modules/ntp/scanner.go b/modules/ntp/scanner.go index ebfdfc89..6ea617a1 100644 --- a/modules/ntp/scanner.go +++ b/modules/ntp/scanner.go @@ -24,6 +24,7 @@ import ( "time" log "github.com/sirupsen/logrus" + "github.com/zmap/zgrab2" ) @@ -793,7 +794,7 @@ type Results struct { // Flags holds the command-line flags for the scanner. type Flags struct { - zgrab2.BaseFlags + zgrab2.BaseFlags `group:"Basic Options"` zgrab2.UDPFlags Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` Version uint8 `long:"version" description:"The version number to pass to the Server." default:"3"` diff --git a/modules/oracle/scanner.go b/modules/oracle/scanner.go index 02f5992e..2ff02630 100644 --- a/modules/oracle/scanner.go +++ b/modules/oracle/scanner.go @@ -41,8 +41,8 @@ type ScanResults struct { // Flags holds the command-line configuration for the HTTP scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` // Version is the client version number sent to the server in the Connect // packet. TODO: Find version number mappings. diff --git a/modules/pop3/scanner.go b/modules/pop3/scanner.go index ac0cebab..7fac659e 100644 --- a/modules/pop3/scanner.go +++ b/modules/pop3/scanner.go @@ -57,8 +57,8 @@ type ScanResults struct { // Flags holds the command-line configuration for the POP3 scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` // SendHELP indicates that the client should send the HELP command. SendHELP bool `long:"send-help" description:"Send the HELP command"` diff --git a/modules/postgres/scanner.go b/modules/postgres/scanner.go index cb08f32b..b86a18c4 100644 --- a/modules/postgres/scanner.go +++ b/modules/postgres/scanner.go @@ -116,14 +116,14 @@ type AuthenticationMode struct { // Flags sets the module-specific flags that can be passed in from the // command line. type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags - SkipSSL bool `long:"skip-ssl" description:"If set, do not attempt to negotiate an SSL connection"` - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` - ProtocolVersion string `long:"protocol-version" description:"The protocol to use in the StartupPacket" default:"3.0"` - User string `long:"user" description:"Username to pass to StartupMessage. If omitted, no user will be sent." default:""` - Database string `long:"database" description:"Database to pass to StartupMessage. If omitted, none will be sent." default:""` - ApplicationName string `long:"application-name" description:"application_name value to pass in StartupMessage. If omitted, none will be sent." default:""` + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` + SkipSSL bool `long:"skip-ssl" description:"If set, do not attempt to negotiate an SSL connection"` + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + ProtocolVersion string `long:"protocol-version" description:"The protocol to use in the StartupPacket" default:"3.0"` + User string `long:"user" description:"Username to pass to StartupMessage. If omitted, no user will be sent." default:""` + Database string `long:"database" description:"Database to pass to StartupMessage. If omitted, none will be sent." default:""` + ApplicationName string `long:"application-name" description:"application_name value to pass in StartupMessage. If omitted, none will be sent." default:""` } // Scanner is the zgrab2 scanner type for the postgres protocol diff --git a/modules/siemens/scanner.go b/modules/siemens/scanner.go index 5aea10ba..8197dbb3 100644 --- a/modules/siemens/scanner.go +++ b/modules/siemens/scanner.go @@ -13,9 +13,8 @@ import ( // Flags holds the command-line configuration for the siemens scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - // TODO: configurable TSAP source / destination, etc - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + zgrab2.BaseFlags `group:"Basic Options"` // TODO: configurable TSAP source / destination, etc + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` } // Module implements the zgrab2.Module interface. diff --git a/modules/smb/scanner.go b/modules/smb/scanner.go index c88b1005..e0b66ca7 100644 --- a/modules/smb/scanner.go +++ b/modules/smb/scanner.go @@ -11,8 +11,7 @@ import ( // Flags holds the command-line configuration for the smb scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - + zgrab2.BaseFlags `group:"Basic Options"` // SetupSession tells the client to continue the handshake up to the point where credentials would be needed. SetupSession bool `long:"setup-session" description:"After getting the response from the negotiation request, send a setup session packet."` diff --git a/modules/smtp/scanner.go b/modules/smtp/scanner.go index b3b8713d..fa3aa49c 100644 --- a/modules/smtp/scanner.go +++ b/modules/smtp/scanner.go @@ -69,8 +69,8 @@ type ScanResults struct { // Flags holds the command-line configuration for the HTTP scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` // SendEHLO indicates that the EHLO command should be set. SendEHLO bool `long:"send-ehlo" description:"Send the EHLO command; use --ehlo-domain to set a domain."` diff --git a/modules/ssh.go b/modules/ssh.go index c5a3ce29..2eb5223a 100644 --- a/modules/ssh.go +++ b/modules/ssh.go @@ -6,12 +6,13 @@ import ( "strings" log "github.com/sirupsen/logrus" + "github.com/zmap/zgrab2" "github.com/zmap/zgrab2/lib/ssh" ) type SSHFlags struct { - zgrab2.BaseFlags + zgrab2.BaseFlags `group:"Basic Options"` ClientID string `long:"client" description:"Specify the client ID string to use" default:"SSH-2.0-Go"` KexAlgorithms string `long:"kex-algorithms" description:"Set SSH Key Exchange Algorithms"` HostKeyAlgorithms string `long:"host-key-algorithms" description:"Set SSH Host Key Algorithms"` diff --git a/modules/telnet/scanner.go b/modules/telnet/scanner.go index ecc77c77..352800d9 100644 --- a/modules/telnet/scanner.go +++ b/modules/telnet/scanner.go @@ -13,16 +13,17 @@ package telnet import ( log "github.com/sirupsen/logrus" + "github.com/zmap/zgrab2" ) // Flags holds the command-line configuration for the Telnet scan module. // Populated by the framework. type Flags struct { - zgrab2.BaseFlags - MaxReadSize int `long:"max-read-size" description:"Set the maximum number of bytes to read when grabbing the banner" default:"65536"` - Banner bool `long:"force-banner" description:"Always return banner if it has non-zero bytes"` - Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` + zgrab2.BaseFlags `group:"Basic Options"` + MaxReadSize int `long:"max-read-size" description:"Set the maximum number of bytes to read when grabbing the banner" default:"65536"` + Banner bool `long:"force-banner" description:"Always return banner if it has non-zero bytes"` + Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"` } // Module implements the zgrab2.Module interface. diff --git a/modules/tls.go b/modules/tls.go index 230e5cc9..5ff10e0d 100644 --- a/modules/tls.go +++ b/modules/tls.go @@ -6,8 +6,8 @@ import ( ) type TLSFlags struct { - zgrab2.BaseFlags - zgrab2.TLSFlags + zgrab2.BaseFlags `group:"Basic Options"` + zgrab2.TLSFlags `group:"TLS Options"` } type TLSModule struct {