Remote Desktop Protocol

onionscan/onionscan.go

@@ -20,6 +20,7 @@ func (os *OnionScan) GetAllActions() []string {
 		"tls",
 		"ssh",
 		"irc",
+		"rdp",
 		"ricochet",
 		"ftp",
 		"smtp",
@@ -47,6 +48,9 @@ func (os *OnionScan) PerformNextAction(report *report.OnionScanReport, nextActio
 	case "irc":
 		ips := new(protocol.IRCProtocolScanner)
 		ips.ScanProtocol(report.HiddenService, os.Config, report)
+	case "rdp":
+		rdps := new(protocol.RDPProtocolScanner)
+		rdps.ScanProtocol(report.HiddenService, os.Config, report)
 	case "ricochet":
 		rps := new(protocol.RicochetProtocolScanner)
 		rps.ScanProtocol(report.HiddenService, os.Config, report)
@@ -87,6 +91,7 @@ func (os *OnionScan) Scan(hiddenService string, out chan *report.OnionScanReport
 
 	report := report.NewOnionScanReport(hiddenService)
 
+<<<<<<< HEAD
 	for _, nextAction := range os.Config.Scans {
 		err := os.PerformNextAction(report, nextAction)
 		if err != nil {
@@ -103,6 +108,15 @@ func (os *OnionScan) Scan(hiddenService string, out chan *report.OnionScanReport
 	} else {
 		report.NextAction = "none"
 	}
+=======
+	for report.NextAction != "none" {
+		os.PerformNextAction(report)
+		if time.Now().Sub(report.DateScanned).Seconds() > os.Config.Timeout.Seconds() {
+			report.TimedOut = true
+			report.NextAction = "none"
+		}
+	}
+>>>>>>> upstream/master
 
 	out <- report
 }

protocol/http_scanner.go

@@ -31,4 +31,18 @@ func (hps *HTTPProtocolScanner) ScanProtocol(hiddenService string, osc *config.O
 		wps := new(spider.OnionSpider)
 		wps.Crawl(report.HiddenService, osc, report)
 	}
+	osc.LogInfo(fmt.Sprintf("Checking %s http(8080)\n", hiddenService))
+	conn, err := utils.GetNetworkConnection(hiddenService, 8080, osc.TorProxyAddress, osc.Timeout)
+	if conn != nil {
+		conn.Close()
+	}
+	if err != nil {
+		osc.LogInfo("Failed to connect to service on port 8080\n")
+		report.WebDetected = false
+	} else {
+		osc.LogInfo("Found potential service on http(8080)\n")
+		report.WebDetected = true
+		wps := new(spider.OnionSpider)
+		wps.Crawl(report.HiddenService, osc, report)
+	}
 }

protocol/rdp_scanner.go

@@ -0,0 +1,28 @@
+package protocol
+
+import (
+	"fmt"
+	"github.com/s-rah/onionscan/config"
+	"github.com/s-rah/onionscan/report"
+	"github.com/s-rah/onionscan/utils"
+)
+
+type RDPProtocolScanner struct {
+}
+
+func (rdps *RDPProtocolScanner) ScanProtocol(hiddenService string, osc *config.OnionScanConfig, report *report.OnionScanReport) {
+	// RDP
+	osc.LogInfo(fmt.Sprintf("Checking %s RDP(3389)\n", hiddenService))
+	conn, err := utils.GetNetworkConnection(hiddenService, 3389, osc.TorProxyAddress, osc.Timeout)
+	if err != nil {
+		osc.LogInfo("Failed to connect to service on port 3389\n")
+		report.RDPDetected = false
+	} else {
+		osc.LogInfo("Detected possible RDP instance\n")
+		// TODO: Actual Analysis
+		report.RDPDetected = true
+	}
+	if conn != nil {
+		conn.Close()
+	}
+}

protocol/ssh_scanner.go

@@ -66,4 +66,53 @@ func (sps *SSHProtocolScanner) ScanProtocol(hiddenService string, osc *config.On
 			conn.Close()
 		}
 	}
+	osc.LogInfo(fmt.Sprintf("Checking %s ssh(2222)\n", hiddenService))
+	conn, err := utils.GetNetworkConnection(hiddenService, 2222, osc.TorProxyAddress, osc.Timeout)
+	if err != nil {
+		osc.LogInfo("Failed to connect to service on port 2222\n")
+		report.SSHDetected = false
+		if conn != nil {
+			conn.Close()
+		}
+	} else {
+		// TODO SSH Checking
+		report.SSHDetected = true
+
+		config := &ssh.ClientConfig{
+			HostKeyCallback: func(hostname string, addr net.Addr, key ssh.PublicKey) error {
+				h := md5.New()
+				h.Write(key.Marshal())
+
+				fBytes := h.Sum(nil)
+				fingerprint := string("")
+				for i := 0; i < len(fBytes); i++ {
+					if i+1 != len(fBytes) {
+						fingerprint = fmt.Sprintf("%s%0.2x:", fingerprint, fBytes[i])
+					} else {
+						fingerprint = fmt.Sprintf("%s%0.2x", fingerprint, fBytes[i])
+					}
+				}
+				report.SSHKey = fingerprint
+				osc.LogInfo(fmt.Sprintf("Found SSH Key %s\n", fingerprint))
+				// We don't want to continue
+				return errors.New("error")
+			},
+		}
+		ssh.NewClientConn(conn, hiddenService+":2222", config)
+		if conn != nil {
+			conn.Close()
+		}
+		conn, err = utils.GetNetworkConnection(hiddenService, 2222, osc.TorProxyAddress, osc.Timeout)
+		if err == nil {
+			reader := bufio.NewReader(conn)
+			banner, err := reader.ReadString('\n')
+			if err == nil {
+				report.SSHBanner = banner
+				osc.LogInfo(fmt.Sprintf("Found SSH Banner: %s", banner))
+			}
+		}
+		if conn != nil {
+			conn.Close()
+		}
+	}
 }

protocol/tls_scanner.go

@@ -33,4 +33,21 @@ func (sps *TLSProtocolScanner) ScanProtocol(hiddenService string, osc *config.On
 	if conn != nil {
 		conn.Close()
 	}
+	osc.LogInfo(fmt.Sprintf("Checking %s TLS(8443)\n", hiddenService))
+	conn, err := utils.GetNetworkConnection(hiddenService, 8443, osc.TorProxyAddress, osc.Timeout)
+	if err != nil {
+		osc.LogInfo("Failed to connect to service on port 8443\n")
+		report.TLSDetected = false
+	} else {
+		osc.LogInfo("Found TLS Endpoint\n")
+		report.TLSDetected = true
+		config := &tls.Config{
+			InsecureSkipVerify: true,
+		}
+		tlsConn := tls.Client(conn, config)
+		tlsConn.Write([]byte("GET / HTTP/1.1\r\n\r\n"))
+		for _, certificate := range tlsConn.ConnectionState().PeerCertificates {
+			report.Certificates = append(report.Certificates, *certificate)
+		}
+		tlsConn.Close()
 }

report/onionscanreport.go

@@ -30,6 +30,7 @@ type OnionScanReport struct {
 	WebDetected      bool `json:"webDetected"`
 	TLSDetected      bool `json:"tlsDetected"`
 	SSHDetected      bool `json:"sshDetected"`
+	RDPDetected	 bool `json:"rdpDetected"`
 	RicochetDetected bool `json:"ricochetDetected"`
 	IRCDetected      bool `json:"ircDetected"`
 	FTPDetected      bool `json:"ftpDetected"`
@@ -50,7 +51,8 @@ type OnionScanReport struct {
 	Certificates []x509.Certificate `json:"certificates"`
 
 	// Bitcoin
-	BitcoinServices map[string]*BitcoinService `json:"bitcoinServices"`
+	BitcoinAddresses []string                   `json:"bitcoinAddresses"`
+	BitcoinServices  map[string]*BitcoinService `json:"bitcoinServices"`
 
 	// SSH
 	SSHKey    string `json:"sshKey"`
@@ -64,8 +66,20 @@ type OnionScanReport struct {
 	SMTPFingerprint string `json:"smtpFingerprint"`
 	SMTPBanner      string `json:"smtpBanner"`
 
+	ProtocolInfoList []ProtocolInfo `json::"protocolInfoList"`
+
 	NextAction string `json:"lastAction"`
-	TimedOut   bool
+	TimedOut   bool   `json:"timedOut"`
+}
+
+type ProtocolInfo struct {
+	Type string      `json:"type"`
+	Port uint        `json:"port:`
+	Info interface{} `json:"info"`
+}
+
+func (osr *OnionScanReport) AddProtocolInfo(protocolType string, protocolPort uint, protocolInfo interface{}) {
+	osr.ProtocolInfoList = append(osr.ProtocolInfoList, ProtocolInfo{protocolType, protocolPort, protocolInfo})
 }
 
 func LoadReportFromFile(filename string) (OnionScanReport, error) {