wdes/security
1
0
Fork 0
Code Actions Packages Releases Activity

Compare commits

base: wdes:7189909c68cbc4fbfbbb9fb0259d207f7fa9a2ef
Branches Tags
wdes:main
wdes:snow-scanner/1.1.0 wdes:snow-scanner/1.0.0 wdes:news/2025-03-01-1 wdes:news/2024-10-19-1
...
compare: wdes:3f3e069aaba7c143d43d5af77b2b3ac73d4d4523
Branches Tags
wdes:main
wdes:snow-scanner/1.1.0 wdes:snow-scanner/1.0.0 wdes:news/2025-03-01-1 wdes:news/2024-10-19-1

7 Commits
7189909c68 ... 3f3e069aab

Author SHA1 Message Date
William Desportes
3f3e069aab Add an ENV for SERVER_ADDRESS
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 6m51s
Details
2024-06-23 11:16:04 +02:00
William Desportes
2be2d1b451 Avoid unwrap on result 2024-06-23 11:13:32 +02:00
William Desportes
1220c14d8f First working version with a worker 2024-06-23 11:06:08 +02:00
William Desportes
854d457caf Move to a mutex 2024-06-22 20:58:35 +02:00
William Desportes
dfdc1db11a Extract the code into functions 2024-06-22 20:32:59 +02:00
William Desportes
642ae6e714 First working version with reporting 2024-06-22 20:15:40 +02:00
William Desportes
0cb4688d03 First implementation of snow-scanner 2024-06-22 16:15:07 +02:00
5 changed files with 566 additions and 0 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/target

17
snow-scanner/.gitignore vendored Normal file
View File

@ -0,0 +1,17 @@
# Generated by Cargo
# will have compiled files and executables
debug/
target/
# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
Cargo.lock
# These are backup files generated by rustfmt
**/*.rs.bk
# MSVC Windows builds of rustc generate these, which store debugging information
*.pdb
# Database files
*.sqlite*

42
snow-scanner/Cargo.toml Normal file
View File

@ -0,0 +1,42 @@
[package]
name = "snow-scanner"
version = "0.1.0"
authors = ["William Desportes <williamdes@wdes.fr>"]
edition = "2021"
rust-version = "1.78.0" # MSRV
description = "A program to scan internet and find scanners"
homepage = "https://github.com/wdes/snow-scanner/tree/v1.2.0-dev#readme"
repository = "https://github.com/wdes/snow-scanner"
readme = "README.md"
keywords = ["dns", "validator"]
categories = ["command-line-utilities"]
license = "MPL-2.0"
include = [
"/src/**/*.rs",
"/Cargo.toml",
"/LICENSE",
]
[badges]
github = { repository = "security", branch = "master" }
is-it-maintained-issue-resolution = { repository = "security" }
is-it-maintained-open-issues = { repository = "security" }
maintenance = { status = "passively-maintained" }
[[bin]]
name = "snow-scanner"
path = "src/main.rs"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
rouille = "3.6.2"
hmac = "0.12.1"
sha2 = "0.10.8"
hex = "0.4.3"
rusqlite = { version = "0.31.0", features = ["bundled"] }
dns-ptr-resolver = "1.2.0"
hickory-client = { version = "0.24.1", default-features = false }
chrono = "0.4.38"
uuid7 = "1.0.0"
cidr = "0.2.2"

9
snow-scanner/README.md Normal file
View File

@ -0,0 +1,9 @@
# Snow scanner
This project name is inspired by the Netflix series "The Snowpiercer"
## Run it
```sh
cargo run --release
```

497
snow-scanner/src/main.rs Normal file
View File

@ -0,0 +1,497 @@
#[macro_use]
extern crate rouille;
use chrono::{DateTime, Utc};
use cidr::IpCidr;
use hmac::{Hmac, Mac};
use rouille::{Request, Response, ResponseBody};
use rusqlite::types::ToSqlOutput;
use rusqlite::Error as RusqliteError;
use rusqlite::{named_params, Connection, OpenFlags, Result, ToSql};
use sha2::Sha256;
use std::str::FromStr;
use std::sync::Mutex;
use std::time::Duration;
use std::{env, fmt, thread};
use uuid7::Uuid;
use hickory_client::client::SyncClient;
use hickory_client::rr::Name;
use hickory_client::tcp::TcpClientConnection;
use dns_ptr_resolver::{get_ptr, ResolvedResult, ResolvingError};
// Create alias for HMAC-SHA256
type HmacSha256 = Hmac<Sha256>;
#[derive(Debug, Clone)]
enum Scanners {
Strechoid,
Binaryedge,
}
impl fmt::Display for Scanners {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(
f,
"{}",
match self {
Self::Strechoid => "strechoid",
Self::Binaryedge => "binaryedge",
}
)
}
}
impl ToSql for Scanners {
/// Converts Rust value to SQLite value
fn to_sql(&self) -> Result<ToSqlOutput<'_>> {
match self {
Self::Strechoid => Ok("strechoid".into()),
Self::Binaryedge => Ok("binaryedge".into()),
}
}
}
#[derive(Debug)]
struct Scanner {
ip: String,
ip_type: u8,
scanner_name: Scanners,
ip_ptr: Option<String>,
created_at: DateTime<Utc>,
updated_at: Option<DateTime<Utc>>,
last_seen_at: Option<DateTime<Utc>>,
last_checked_at: Option<DateTime<Utc>>,
}
#[derive(Debug)]
struct ScanTask {
task_group_id: Uuid,
cidr: String,
created_by_username: String,
created_at: DateTime<Utc>,
updated_at: Option<DateTime<Utc>>,
started_at: Option<DateTime<Utc>>,
still_processing_at: Option<DateTime<Utc>>,
ended_at: Option<DateTime<Utc>>,
}
fn save_scanner(conn: &Connection, scanner: &Scanner) -> Result<(), ()> {
match conn.execute(
"INSERT INTO scanners (ip, ip_type, scanner_name, created_at, updated_at, last_seen_at, last_checked_at)
VALUES (:ip, :ip_type, :scanner_name, :created_at, :updated_at, :last_seen_at, :last_checked_at)
ON CONFLICT(ip, ip_type) DO UPDATE SET updated_at = :updated_at, last_seen_at = :last_seen_at, last_checked_at = :last_checked_at;",
named_params! {
":ip": &scanner.ip,
":ip_type": &scanner.ip_type,
":scanner_name": &scanner.scanner_name,
":created_at": &scanner.created_at.to_string(),
":updated_at": serialize_dt(scanner.updated_at),
":last_seen_at": serialize_dt(scanner.last_seen_at),
":last_checked_at": serialize_dt(scanner.last_checked_at)
},
) {
Ok(_) => {
Ok(())
},
Err(_) => {
Err(())
},
}
}
fn serialize_dt(dt: Option<DateTime<Utc>>) -> Option<String> {
match dt {
Some(dt) => Some(dt.to_string()),
None => None,
}
}
fn save_scan_task(conn: &Connection, scan_task: &ScanTask) -> Result<(), RusqliteError> {
match conn.execute(
"INSERT INTO scan_tasks (task_group_id, cidr, created_by_username, created_at, updated_at, started_at, ended_at, still_processing_at)
VALUES (:task_group_id, :cidr, :created_by_username, :created_at, :updated_at, :started_at, :ended_at, :still_processing_at)
ON CONFLICT(cidr, task_group_id) DO UPDATE SET updated_at = :updated_at, started_at = :started_at, ended_at = :ended_at, still_processing_at = :still_processing_at;",
named_params! {
":task_group_id": &scan_task.task_group_id.to_string(),
":cidr": &scan_task.cidr,
":created_by_username": &scan_task.created_by_username,
":created_at": &scan_task.created_at.to_string(),
":updated_at": serialize_dt(scan_task.updated_at),
":started_at": serialize_dt(scan_task.started_at),
":ended_at": serialize_dt(scan_task.ended_at),
":still_processing_at": serialize_dt(scan_task.still_processing_at),
},
) {
Ok(_) => {
Ok(())
},
Err(err) => Err(err),
}
}
fn detect_scanner(ptr_result: &ResolvedResult) -> Result<Scanners, ()> {
match ptr_result.result {
Some(ref x)
if x.trim_to(2)
.eq_case(&Name::from_str("binaryedge.ninja.").expect("Should parse")) =>
{
Ok(Scanners::Binaryedge)
}
Some(ref x)
if x.trim_to(2)
.eq_case(&Name::from_str("stretchoid.com").expect("Should parse")) =>
{
Ok(Scanners::Strechoid)
}
_ => Err(()),
}
}
fn handle_ip2(conn: &Connection, ip: String) -> Result<Scanner, Option<ResolvedResult>> {
let query_address = ip.parse().expect(format!("To parse: {}", ip).as_str());
let client = get_dns_client();
let ptr_result: ResolvedResult = if let Ok(res) = get_ptr(query_address, client) {
res
} else {
return Err(None);
};
match detect_scanner(&ptr_result) {
Ok(scanner_name) => {
let ip_type = if ip.contains(':') { 6 } else { 4 };
let scanner = Scanner {
ip: ip,
ip_type: ip_type,
scanner_name: scanner_name.clone(),
ip_ptr: match ptr_result.result {
Some(ptr) => Some(ptr.to_string()),
None => None,
},
created_at: Utc::now(),
updated_at: None,
last_seen_at: None,
last_checked_at: None,
};
let db = conn;
save_scanner(&db, &scanner).unwrap();
Ok(scanner)
}
Err(_) => Err(Some(ptr_result)),
}
}
fn handle_ip(conn: &Mutex<Connection>, ip: String) -> Result<Scanner, Option<ResolvedResult>> {
let query_address = ip.parse().expect("To parse");
let client = get_dns_client();
let ptr_result: ResolvedResult = if let Ok(res) = get_ptr(query_address, client) {
res
} else {
return Err(None);
};
match detect_scanner(&ptr_result) {
Ok(scanner_name) => {
let ip_type = if ip.contains(':') { 6 } else { 4 };
let scanner = Scanner {
ip: ip,
ip_type: ip_type,
scanner_name: scanner_name.clone(),
ip_ptr: match ptr_result.result {
Some(ptr) => Some(ptr.to_string()),
None => None,
},
created_at: Utc::now(),
updated_at: None,
last_seen_at: None,
last_checked_at: None,
};
let db = conn.lock().unwrap();
save_scanner(&db, &scanner).unwrap();
Ok(scanner)
}
Err(_) => Err(Some(ptr_result)),
}
}
static FORM: &str = r#"
<html>
<head>
<title>Wdes - snow scanner</title>
</head>
<body>
<form action="/register" method="POST">
<p><input type="email" name="email" placeholder="Your email" /></p>
<p><button>Get an API key</button></p>
</form>
<form action="/report" method="POST">
<p><input type="ip" name="ip" placeholder="An IPv4 or IPv6" /></p>
<p><button>Report this IP</button></p>
</form>
<form action="/scan" method="POST">
<p><input type="text" name="username" placeholder="Your username for logging purposes" /></p>
<p><textarea name="ips"></textarea></p>
<p><button>Scan</button></p>
</form>
</body>
</html>
"#;
fn handle_scan(conn: &Mutex<Connection>, request: &Request) -> Response {
let data = try_or_400!(post_input!(request, {
username: String,
ips: String,
}));
let db = conn.lock().unwrap();
let task_group_id = uuid7::uuid7();
for ip in data.ips.lines() {
let scan_task = ScanTask {
task_group_id: task_group_id,
cidr: ip.to_string(),
created_by_username: data.username.clone(),
created_at: Utc::now(),
updated_at: None,
started_at: None,
still_processing_at: None,
ended_at: None,
};
match save_scan_task(&db, &scan_task) {
Ok(_) => println!("Added {}", ip.to_string()),
Err(err) => eprintln!("Not added: {:?}", err),
}
}
rouille::Response::html(format!("New task added: {} !", task_group_id))
}
fn handle_report(conn: &Mutex<Connection>, request: &Request) -> Response {
let data = try_or_400!(post_input!(request, {
ip: String,
}));
match handle_ip(conn, data.ip.clone()) {
Ok(scanner) => rouille::Response::html(match scanner.scanner_name {
Scanners::Binaryedge => format!(
"Reported an escaped ninja! <b>{}</a> known as {:?}.",
scanner.ip, scanner.ip_ptr
),
Scanners::Strechoid => format!(
"Reported a stretchoid agent! <b>{}</a> known as {:?}.",
scanner.ip, scanner.ip_ptr
),
}),
Err(ptr_result) => rouille::Response::html(format!(
"The IP <b>{}</a> resolved as {:?} did not match known scanners patterns.",
data.ip,
match ptr_result {
Some(res) => res.result,
None => None,
}
)),
}
}
fn handle_list_scanners(conn: &Mutex<Connection>, scanner_name: String) -> Response {
let db = conn.lock().unwrap();
let mut stmt = db.prepare("SELECT ip FROM scanners WHERE scanner_name = :scanner_name ORDER BY ip_type, created_at").unwrap();
let mut rows = stmt
.query(named_params! { ":scanner_name": scanner_name })
.unwrap();
let mut ips: Vec<String> = vec![];
while let Some(row) = rows.next().unwrap() {
ips.push(row.get(0).unwrap());
}
Response {
status_code: 200,
headers: vec![("Content-Type".into(), "text/plain; charset=utf-8".into())],
data: ResponseBody::from_string(ips.join("\n")),
upgrade: None,
}
}
fn get_connection() -> Connection {
let path = "./snow-scanner.sqlite";
let conn = Connection::open_with_flags(
path,
OpenFlags::SQLITE_OPEN_READ_WRITE
| OpenFlags::SQLITE_OPEN_CREATE
| OpenFlags::SQLITE_OPEN_FULL_MUTEX,
)
.unwrap();
conn.execute(
"CREATE TABLE IF NOT EXISTS scanners (
ip VARCHAR(255)NOT NULL,
ip_type TINYINT(1) NOT NULL,
scanner_name VARCHAR(255),
ip_ptr VARCHAR(255) NULL,
created_at DATETIME NOT NULL,
updated_at DATETIME NULL,
last_seen_at DATETIME NULL,
last_checked_at DATETIME NULL,
PRIMARY KEY (ip, ip_type)
)",
(), // empty list of parameters.
)
.unwrap();
conn.execute(
"CREATE TABLE IF NOT EXISTS scan_tasks (
task_group_id VARCHAR(255)NOT NULL,
cidr VARCHAR(255)NOT NULL,
created_by_username VARCHAR(255)NOT NULL,
created_at DATETIMENOT NULL,
updated_at DATETIME NULL,
started_at DATETIME NOT NULL,
still_processing_at DATETIME NULL,
ended_at DATETIME NULL,
PRIMARY KEY (task_group_id, cidr)
)",
(), // empty list of parameters.
)
.unwrap();
conn.pragma_update_and_check(None, "journal_mode", &"WAL", |_| Ok(()))
.unwrap();
conn
}
fn get_dns_client() -> SyncClient<TcpClientConnection> {
let server = "1.1.1.1:53".parse().expect("To parse");
let dns_conn =
TcpClientConnection::with_timeout(server, std::time::Duration::new(5, 0)).unwrap();
SyncClient::new(dns_conn)
}
fn main() -> Result<()> {
let server_address: String = if let Ok(env) = env::var("SERVER_ADDRESS") {
env
} else {
"localhost:8000".to_string()
};
println!("Now listening on {}", server_address);
let conn = Mutex::new(get_connection());
conn.lock()
.unwrap()
.execute("SELECT 0 WHERE 0;", named_params! {})
.expect("Failed to initialize database");
thread::spawn(|| loop {
let conn = get_connection();
let mut stmt = conn.prepare("SELECT task_group_id, cidr FROM scan_tasks WHERE started_at = 'NULL' ORDER BY created_at ASC").unwrap();
let mut rows = stmt.query(named_params! {}).unwrap();
println!("Waiting for jobs");
while let Some(row) = rows.next().unwrap() {
let task_group_id: String = row.get(0).unwrap();
let cidr_str: String = row.get(1).unwrap();
let cidr: IpCidr = cidr_str.parse().expect("Should parse CIDR");
println!("Picking up: {} -> {}", task_group_id, cidr);
println!("Range, from {} to {}", cidr.first(), cidr.last());
let _ = conn.execute("UPDATE scan_tasks SET updated_at = :updated_at, started_at = :started_at WHERE cidr = :cidr AND task_group_id = :task_group_id",
named_params! {
":updated_at": Utc::now().to_string(),
":started_at": Utc::now().to_string(),
":cidr": cidr_str,
":task_group_id": task_group_id,
}).unwrap();
for addr in cidr.iter().addresses() {
match handle_ip2(&conn, addr.to_string()) {
Ok(scanner) => println!("Processed {}", scanner.ip),
Err(_) => println!("Processed {}", addr),
}
}
let _ = conn.execute("UPDATE scan_tasks SET updated_at = :updated_at, ended_at = :ended_at WHERE cidr = :cidr AND task_group_id = :task_group_id",
named_params! {
":updated_at": Utc::now().to_string(),
":ended_at": Utc::now().to_string(),
":cidr": cidr_str,
":task_group_id": task_group_id,
}).unwrap();
}
let two_hundred_millis = Duration::from_millis(500);
thread::sleep(two_hundred_millis);
});
rouille::start_server(server_address, move |request| {
router!(request,
(GET) (/) => {
rouille::Response::html(FORM)
},
(GET) (/ping) => {
rouille::Response::text("pong")
},
(POST) (/report) => {handle_report(&conn, &request)},
(POST) (/scan) => {handle_scan(&conn, &request)},
(POST) (/register) => {
let data = try_or_400!(post_input!(request, {
email: String,
}));
// We just print what was received on stdout. Of course in a real application
// you probably want to process the data, eg. store it in a database.
println!("Received data: {:?}", data);
let mut mac = HmacSha256::new_from_slice(b"my secret and secure key")
.expect("HMAC can take key of any size");
mac.update(data.email.as_bytes());
// `result` has type `CtOutput` which is a thin wrapper around array of
// bytes for providing constant time equality check
let result = mac.finalize();
// To get underlying array use `into_bytes`, but be careful, since
// incorrect use of the code value may permit timing attacks which defeats
// the security provided by the `CtOutput`
let code_bytes = result.into_bytes();
rouille::Response::html(format!("Success! <b>{}</a>.", hex::encode(code_bytes)))
},
(GET) (/scanners/{scanner_name: String}) => {
handle_list_scanners(&conn, scanner_name)
},
(GET) (/{api_key: String}/scanners/{scanner_name: String}) => {
let mut mac = HmacSha256::new_from_slice(b"my secret and secure key")
.expect("HMAC can take key of any size");
mac.update(b"williamdes@wdes.fr");
println!("{}", api_key);
let hex_key = hex::decode(&api_key).unwrap();
// `verify_slice` will return `Ok(())` if code is correct, `Err(MacError)` otherwise
mac.verify_slice(&hex_key).unwrap();
if let Some(request) = request.remove_prefix(format!("/{}", api_key).as_str()) {
// The `match_assets` function tries to find a file whose name corresponds to the URL
// of the request. The second parameter (`"."`) tells where the files to look for are
// located.
// In order to avoid potential security threats, `match_assets` will never return any
// file outside of this directory even if the URL is for example `/../../foo.txt`.
let response = rouille::match_assets(&request, "../data/");
// If a file is found, the `match_assets` function will return a response with a 200
// status code and the content of the file. If no file is found, it will instead return
// an empty 404 response.
// Here we check whether if a file is found, and if so we return the response.
if response.is_success() {
return response;
}
}
rouille::Response::empty_404()
},
// The code block is called if none of the other blocks matches the request.
// We return an empty response with a 404 status code.
_ => rouille::Response::empty_404()
)
});
}