new: several improvements to the port.scanner banner grabbing and protocol detection

evilsocket · evilsocket · commit 37b7f2baa45c · 2025-08-29T16:11:13.000+02:00
diff --git a/src/plugins/port_scanner/grabbers/http.rs b/src/plugins/port_scanner/grabbers/http.rs
@@ -46,6 +46,121 @@ pub(crate) fn is_http_port(opts: &options::Options, port: u16) -> (bool, bool) {
     (false, false)
 }
 
+pub(crate) async fn parse_http_response(
+    opts: &options::Options,
+    response: reqwest::Response,
+    banner: &mut Banner,
+    address: &str,
+    port: u16,
+) {
+    let headers_of_interest: Vec<&str> = opts
+        .port_scanner_http_headers
+        .split(',')
+        .map(|s| s.trim())
+        .filter(|s| !s.is_empty())
+        .collect();
+    let mut content_type = String::from("text/html");
+
+    // collect headers
+    for (name, value) in response.headers() {
+        let name = name.to_string();
+        let mut value = value.to_str().unwrap();
+
+        if name == "content-type" {
+            if value.contains(';') {
+                value = value.split(';').next().unwrap();
+            }
+            value.clone_into(&mut content_type);
+        }
+
+        if headers_of_interest.contains(&name.as_str()) {
+            banner.insert(name, value.to_owned());
+        }
+    }
+
+    // collect info from html
+    let body = response.text().await;
+    if let Ok(body) = body {
+        if content_type.contains("text/html") {
+            if let Some(caps) = HTML_TITLE_PARSER.captures(&body) {
+                banner.insert(
+                    "html.title".to_owned(),
+                    caps.get(1).unwrap().as_str().trim().to_owned(),
+                );
+            }
+        } else if content_type.contains("application/") || content_type.contains("text/") {
+            banner.insert("body".to_owned(), body.to_owned());
+        }
+    } else {
+        log::debug!(
+            "can't read response body from {}:{}: {:?}",
+            address,
+            port,
+            body.err()
+        );
+    }
+}
+
+pub(crate) async fn parse_http_raw_response(
+    opts: &options::Options,
+    response: &str,
+    banner: &mut Banner,
+) {
+    let headers_of_interest: Vec<&str> = opts
+        .port_scanner_http_headers
+        .split(',')
+        .map(|s| s.trim())
+        .filter(|s| !s.is_empty())
+        .collect();
+    let mut content_type = String::from("text/html");
+
+    // split response into headers and body
+    let lines = response.lines();
+    let mut headers_section = true;
+    let mut body_lines = Vec::new();
+
+    for line in lines {
+        if headers_section {
+            if line.trim().is_empty() {
+                // empty line indicates end of headers
+                headers_section = false;
+            } else if let Some(colon_pos) = line.find(':') {
+                let name = line[..colon_pos].trim().to_lowercase();
+                let value = line[colon_pos + 1..].trim();
+
+                if name == "content-type" {
+                    let mut ct_value = value;
+                    if ct_value.contains(';') {
+                        ct_value = ct_value.split(';').next().unwrap();
+                    }
+                    ct_value.clone_into(&mut content_type);
+                }
+
+                if headers_of_interest.contains(&name.as_str()) {
+                    banner.insert(name, value.to_owned());
+                }
+            }
+        } else {
+            body_lines.push(line);
+        }
+    }
+
+    // process body
+    if !body_lines.is_empty() {
+        let body = body_lines.join("\n");
+        if content_type.contains("text/html") {
+            if let Some(caps) = HTML_TITLE_PARSER.captures(&body) {
+                banner.insert(
+                    "html.title".to_owned(),
+                    caps.get(1).unwrap().as_str().trim().to_owned(),
+                );
+            }
+        } else if content_type.contains("application/") || content_type.contains("text/") {
+            banner.insert("body".to_owned(), body);
+        }
+    }
+}
+
 pub(crate) async fn http_grabber(
     opts: &options::Options,
     host: &str,
@@ -161,52 +276,7 @@ pub(crate) async fn http_grabber(
         .await;
 
     if let Ok(resp) = resp {
-        let headers_of_interest: Vec<&str> = opts
-            .port_scanner_http_headers
-            .split(',')
-            .map(|s| s.trim())
-            .filter(|s| !s.is_empty())
-            .collect();
-        let mut content_type = String::from("text/html");
-
-        // collect headers
-        for (name, value) in resp.headers() {
-            let name = name.to_string();
-            let mut value = value.to_str().unwrap();
-
-            if name == "content-type" {
-                if value.contains(';') {
-                    value = value.split(';').next().unwrap();
-                }
-                value.clone_into(&mut content_type);
-            }
-
-            if headers_of_interest.contains(&name.as_str()) {
-                banner.insert(name, value.to_owned());
-            }
-        }
-
-        // collect info from html
-        let body = resp.text().await;
-        if let Ok(body) = body {
-            if content_type.contains("text/html") {
-                if let Some(caps) = HTML_TITLE_PARSER.captures(&body) {
-                    banner.insert(
-                        "html.title".to_owned(),
-                        caps.get(1).unwrap().as_str().trim().to_owned(),
-                    );
-                }
-            } else if content_type.contains("application/") || content_type.contains("text/") {
-                banner.insert("body".to_owned(), body.to_owned());
-            }
-        } else {
-            log::debug!(
-                "can't read response body from {}:{}: {:?}",
-                address,
-                port,
-                body.err()
-            );
-        }
+        parse_http_response(opts, resp, &mut banner, address, port).await;
     } else {
         log::debug!(
             "can't connect via http client to {}:{}: {:?}",
diff --git a/src/plugins/port_scanner/grabbers/line.rs b/src/plugins/port_scanner/grabbers/line.rs
@@ -1,32 +1,39 @@
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 
 use super::Banner;
-use crate::utils::net::StreamLike;
-use std::time::Duration;
+use crate::{
+    plugins::port_scanner::{grabbers::http::parse_http_raw_response, options},
+    utils::net::StreamLike,
+};
+use std::time::{Duration, Instant};
 
-async fn read_line_from(mut stream: Box<dyn StreamLike>) -> String {
-    let mut line = String::new();
+async fn read_response_from(mut stream: Box<dyn StreamLike>, timeout: Duration) -> String {
+    let mut response = String::new();
     let mut buf: [u8; 1] = [0];
-    let max = 1024;
+    let max = 1024 * 4;
+    let started = Instant::now();
 
     for _ in 0..max {
-        let read = stream.read_exact(&mut buf).await;
-        if read.is_ok() {
-            let c = buf[0] as char;
-            if c == '\n' {
+        if let Ok(read) = tokio::time::timeout(timeout, stream.read_exact(&mut buf)).await {
+            if read.is_ok() {
+                response.push(buf[0] as char);
+            } else {
+                log::debug!("{:?}", read);
                 break;
             }
-            line.push(c);
-        } else {
-            log::debug!("{:?}", read);
+        }
+
+        if started.elapsed() > timeout {
+            log::debug!("timeout={:?} after {} bytes", timeout, response.len());
             break;
         }
     }
 
-    line
+    response
 }
 
 pub(crate) async fn line_grabber(
+    opts: &options::Options,
     address: &str,
     port: u16,
     mut stream: Box<dyn StreamLike>,
@@ -37,13 +44,25 @@ pub(crate) async fn line_grabber(
     let mut banner = Banner::default();
 
     // send something
-    let _ = stream.write_all("hello\r\n\r\n".as_bytes()).await;
+    let _ = stream
+        .write_all(format!("GET / HTTP/1.1\r\nHost: {}\r\n\r\n", address).as_bytes())
+        .await;
 
-    let timeout = std::time::Duration::from_millis((timeout.as_millis() / 2) as u64);
-    if let Ok(line) = tokio::time::timeout(timeout, read_line_from(stream)).await
-        && !line.is_empty()
-    {
-        banner.insert("line".to_owned(), line);
+    let response = read_response_from(stream, timeout).await;
+    if !response.is_empty() {
+        // if we have an http response ...
+        if response.contains("HTTP/") {
+            banner.insert("protocol".to_owned(), "http".to_owned());
+            parse_http_raw_response(opts, &response, &mut banner).await;
+        } else {
+            banner.insert(
+                "data".to_owned(),
+                response
+                    .trim()
+                    .replace("\r\n", "<crlf>")
+                    .replace("\n", "<lf>"),
+            );
+        }
     }
 
     banner
diff --git a/src/plugins/port_scanner/grabbers/mod.rs b/src/plugins/port_scanner/grabbers/mod.rs
@@ -29,7 +29,7 @@ pub(crate) async fn grab_tcp_banner(
         http::http_grabber(opts, host, address, port, stream, with_ssl, timeout).await
     } else {
         // default to an attempt at line grabbing
-        line::line_grabber(address, port, stream, timeout).await
+        line::line_grabber(opts, address, port, stream, timeout).await
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ pub(crate) async fn grab_tcp_banner(`
`29`	`29`	`http::http_grabber(opts, host, address, port, stream, with_ssl, timeout).await`
`30`	`30`	`} else {`
`31`	`31`	`// default to an attempt at line grabbing`
`32`		`- line::line_grabber(address, port, stream, timeout).await`
	`32`	`+ line::line_grabber(opts, address, port, stream, timeout).await`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`