5 Commits

5 changed files with 34 additions and 41 deletions

View File

@ -244,7 +244,7 @@ async fn handle_scan(
let msg = EventBusWriterEvent::BroadcastMessage( let msg = EventBusWriterEvent::BroadcastMessage(
WorkerMessages::DoWorkRequest { WorkerMessages::DoWorkRequest {
neworks: vec![Network(cidr)], networks: vec![Network(cidr)],
} }
.into(), .into(),
); );

View File

@ -271,7 +271,7 @@ impl<'a> Worker<'a> {
Ok(()) Ok(())
} }
WorkerMessages::GetWorkRequest {} => { WorkerMessages::GetWorkRequest {} => {
worker_reply = Some(WorkerMessages::DoWorkRequest { neworks: vec![] }); worker_reply = Some(WorkerMessages::DoWorkRequest { networks: vec![] });
Ok(()) Ok(())
} }
WorkerMessages::DoWorkRequest { .. } | WorkerMessages::Invalid { .. } => { WorkerMessages::DoWorkRequest { .. } | WorkerMessages::Invalid { .. } => {

View File

@ -15,7 +15,7 @@ pub enum WorkerMessages {
#[serde(rename = "get_work")] #[serde(rename = "get_work")]
GetWorkRequest {}, GetWorkRequest {},
#[serde(rename = "do_work")] #[serde(rename = "do_work")]
DoWorkRequest { neworks: Vec<Network> }, DoWorkRequest { networks: Vec<Network> },
#[serde(rename = "scanner_found")] #[serde(rename = "scanner_found")]
ScannerFoundResponse { name: String, address: IpAddr }, ScannerFoundResponse { name: String, address: IpAddr },
#[serde(rename = "")] #[serde(rename = "")]
@ -95,25 +95,25 @@ mod tests {
#[test] #[test]
fn deserialize_do_work_empty() { fn deserialize_do_work_empty() {
let data = "{\"type\":\"do_work\",\"request\":{\"neworks\":[]}}"; let data = "{\"type\":\"do_work\",\"request\":{\"networks\":[]}}";
let result: WorkerMessages = data.to_string().into(); let result: WorkerMessages = data.to_string().into();
assert_eq!( assert_eq!(
result, result,
WorkerMessages::DoWorkRequest { WorkerMessages::DoWorkRequest {
neworks: [].to_vec() networks: [].to_vec()
} }
); );
} }
#[test] #[test]
fn deserialize_do_work() { fn deserialize_do_work() {
let data = "{\"type\":\"do_work\",\"request\":{\"neworks\":[\"127.0.0.0/31\"]}}"; let data = "{\"type\":\"do_work\",\"request\":{\"networks\":[\"127.0.0.0/31\"]}}";
let result: WorkerMessages = data.to_string().into(); let result: WorkerMessages = data.to_string().into();
let cidr: IpCidr = IpCidr::from_str("127.0.0.0/31").unwrap(); let cidr: IpCidr = IpCidr::from_str("127.0.0.0/31").unwrap();
assert_eq!( assert_eq!(
result, result,
WorkerMessages::DoWorkRequest { WorkerMessages::DoWorkRequest {
neworks: [Network(cidr)].to_vec() networks: [Network(cidr)].to_vec()
} }
); );
} }

View File

@ -19,6 +19,7 @@ pub enum Scanners {
Shadowserver, Shadowserver,
Censys, Censys,
InternetMeasurement, InternetMeasurement,
Anssi,
} }
pub trait ScannerMethods { pub trait ScannerMethods {
@ -29,17 +30,14 @@ pub trait ScannerMethods {
impl ScannerMethods for Scanners { impl ScannerMethods for Scanners {
fn is_static(self: &Self) -> bool { fn is_static(self: &Self) -> bool {
match self { self.static_file_name().is_some()
Self::Censys => true,
Self::InternetMeasurement => true,
_ => false,
}
} }
fn static_file_name(self: &Self) -> Option<&str> { fn static_file_name(self: &Self) -> Option<&str> {
match self { match self {
Self::Censys => Some("censys.txt"), Self::Censys => Some("censys.txt"),
Self::InternetMeasurement => Some("internet-measurement.com.txt"), Self::InternetMeasurement => Some("internet-measurement.com.txt"),
Self::Anssi => Some("anssi.txt"),
_ => None, _ => None,
} }
} }
@ -51,6 +49,7 @@ impl ScannerMethods for Scanners {
Self::Censys => "Censys node", Self::Censys => "Censys node",
Self::InternetMeasurement => "internet measurement probe", Self::InternetMeasurement => "internet measurement probe",
Self::Shadowserver => "cloudy shadowserver", Self::Shadowserver => "cloudy shadowserver",
_ => (*self).into(),
} }
} }
} }
@ -79,20 +78,28 @@ impl<'de> Deserialize<'de> for Scanners {
impl ToString for Scanners { impl ToString for Scanners {
fn to_string(&self) -> String { fn to_string(&self) -> String {
let res: &str = (*self).into();
res.to_string()
}
}
impl Into<&str> for Scanners {
fn into(self) -> &'static str {
match self { match self {
Self::Stretchoid => "stretchoid", Self::Stretchoid => "stretchoid",
Self::Binaryedge => "binaryedge", Self::Binaryedge => "binaryedge",
Self::Censys => "censys", Self::Censys => "censys",
Self::InternetMeasurement => "internet-measurement.com", Self::InternetMeasurement => "internet-measurement.com",
Self::Shadowserver => "shadowserver", Self::Shadowserver => "shadowserver",
Self::Anssi => "anssi",
} }
.to_string()
} }
} }
impl serialize::ToSql<Text, Mysql> for Scanners { impl serialize::ToSql<Text, Mysql> for Scanners {
fn to_sql(&self, out: &mut serialize::Output<Mysql>) -> serialize::Result { fn to_sql(&self, out: &mut serialize::Output<Mysql>) -> serialize::Result {
out.write_all(self.to_string().as_bytes())?; let res: &str = (*self).into();
out.write_all(res.as_bytes())?;
Ok(IsNull::No) Ok(IsNull::No)
} }
@ -121,6 +128,7 @@ impl TryInto<Scanners> for &str {
"internet-measurement.com" => Ok(Scanners::InternetMeasurement), "internet-measurement.com" => Ok(Scanners::InternetMeasurement),
"shadowserver" => Ok(Scanners::Shadowserver), "shadowserver" => Ok(Scanners::Shadowserver),
"censys" => Ok(Scanners::Censys), "censys" => Ok(Scanners::Censys),
"anssi" => Ok(Scanners::Anssi),
value => Err(format!("Invalid value: {value}")), value => Err(format!("Invalid value: {value}")),
} }
} }
@ -171,20 +179,4 @@ mod test {
assert_eq!(res.unwrap(), Scanners::Shadowserver); assert_eq!(res.unwrap(), Scanners::Shadowserver);
} }
#[test]
fn test_detect_scanner() {
let cname_ptr = Name::from_str("111.0-24.197.62.64.in-addr.arpa.").unwrap();
let ptr = Name::from_str("scan-47e.shadowserver.org.").unwrap();
assert_eq!(
detect_scanner(&ResolvedResult {
query: cname_ptr,
result: Some(ptr),
error: None
})
.unwrap(),
Some(Scanners::Shadowserver)
);
}
} }

View File

@ -2,7 +2,6 @@ use std::{env, net::IpAddr};
use chrono::{Duration, NaiveDateTime, Utc}; use chrono::{Duration, NaiveDateTime, Utc};
use cidr::IpCidr; use cidr::IpCidr;
use detection::detect_scanner;
use dns_ptr_resolver::{get_ptr, ResolvedResult}; use dns_ptr_resolver::{get_ptr, ResolvedResult};
use log2::*; use log2::*;
use scanners::Scanners; use scanners::Scanners;
@ -160,14 +159,16 @@ impl Worker {
for addr in addresses { for addr in addresses {
let client = get_dns_client(&get_dns_server_config(&rr_dns_servers.next().unwrap())); let client = get_dns_client(&get_dns_server_config(&rr_dns_servers.next().unwrap()));
match get_ptr(addr, client) { match get_ptr(addr, client) {
Ok(result) => match detect_scanner(&result) { Ok(result) => {
Ok(Some(scanner_name)) => { let scanner: Result<Scanners, String> = result.query.clone().try_into();
self.report_detection(scanner_name, addr, result);
}
Ok(None) => {}
Err(err) => error!("Error detecting for {addr}: {:?}", err), match scanner {
}, Ok(scanner_name) => {
self.report_detection(scanner_name, addr, result);
}
Err(err) => error!("Error detecting for {addr}: {:?}", err),
}
}
Err(_) => { Err(_) => {
//debug!("Error processing {addr}: {err}") //debug!("Error processing {addr}: {err}")
} }
@ -195,9 +196,9 @@ impl Worker {
pub fn receive_request(&mut self, server_request: WorkerMessages) -> &Worker { pub fn receive_request(&mut self, server_request: WorkerMessages) -> &Worker {
match server_request { match server_request {
WorkerMessages::DoWorkRequest { neworks } => { WorkerMessages::DoWorkRequest { networks } => {
info!("Work request received for neworks: {:?}", neworks); info!("Work request received for networks: {:?}", networks);
for cidr in neworks { for cidr in networks {
let cidr = cidr.0; let cidr = cidr.0;
self.work_on_cidr(cidr); self.work_on_cidr(cidr);
} }