new: using tcp_nodelay and single http client for port.scanner

Author: evilsocket

src/plugins/port_scanner/grabbers/http.rs

@@ -161,7 +161,9 @@ pub(crate) async fn parse_http_raw_response(
     }
 }
 
+#[allow(clippy::too_many_arguments)]
 pub(crate) async fn http_grabber(
+    http_client: &reqwest::Client,
     opts: &options::Options,
     host: &str,
     address: &str,
@@ -252,23 +254,7 @@ pub(crate) async fn http_grabber(
 
     log::debug!("grabbing http banner for {} ...", &url);
 
-    let cli = reqwest::Client::builder()
-        .no_proxy() // used to set auto_sys_proxy to false, see https://github.com/evilsocket/legba/issues/8
-        .danger_accept_invalid_certs(true)
-        .build();
-    let cli = if let Ok(c) = cli {
-        c
-    } else {
-        log::error!(
-            "can't create http client for {}:{}: {:?}",
-            address,
-            port,
-            cli.err()
-        );
-        return banner;
-    };
-
-    let resp = cli
+    let resp = http_client
         .get(&url)
         .header("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36")
         .timeout(timeout)

src/plugins/port_scanner/grabbers/line.rs

@@ -45,7 +45,13 @@ pub(crate) async fn line_grabber(
 
     // send something
     let _ = stream
-        .write_all(format!("GET / HTTP/1.1\r\nHost: {}\r\n\r\n", address).as_bytes())
+        .write_all(
+            format!(
+                "GET / HTTP/1.1\r\nHost: {}\r\nConnection: close\r\n\r\n",
+                address
+            )
+            .as_bytes(),
+        )
         .await;
 
     let response = read_response_from(stream, timeout).await;

src/plugins/port_scanner/grabbers/mod.rs

@@ -14,6 +14,7 @@ mod mysql;
 pub(crate) type Banner = HashMap<String, String>;
 
 pub(crate) async fn grab_tcp_banner(
+    http_client: &reqwest::Client,
     opts: &options::Options,
     host: &str,
     address: &str,
@@ -26,7 +27,17 @@ pub(crate) async fn grab_tcp_banner(
     } else if dns::is_dns_port(port) {
         dns::tcp_grabber(address, port, stream, timeout).await
     } else if let (true, with_ssl) = http::is_http_port(opts, port) {
-        http::http_grabber(opts, host, address, port, stream, with_ssl, timeout).await
+        http::http_grabber(
+            http_client,
+            opts,
+            host,
+            address,
+            port,
+            stream,
+            with_ssl,
+            timeout,
+        )
+        .await
     } else {
         // default to an attempt at line grabbing
         line::line_grabber(opts, address, port, stream, timeout).await

src/plugins/port_scanner/mod.rs

@@ -25,13 +25,20 @@ super::manager::register_plugin! {
 pub(crate) struct PortScanner {
     ports: Expression,
     opts: options::Options,
+    http_client: reqwest::Client,
 }
 
 impl PortScanner {
     pub fn new() -> Self {
         PortScanner {
             ports: Expression::default(),
             opts: options::Options::default(),
+            http_client: reqwest::Client::builder()
+                .no_proxy() // used to set auto_sys_proxy to false, see https://github.com/evilsocket/legba/issues/8
+                .danger_accept_invalid_certs(true)
+                .tcp_nodelay(true)
+                .build()
+                .unwrap(),
         }
     }
 
@@ -58,6 +65,7 @@ impl PortScanner {
 
             if !self.opts.port_scanner_no_banners {
                 let banner = grabbers::grab_tcp_banner(
+                    &self.http_client,
                     &self.opts,
                     &target,
                     &target,

src/session/mod.rs

@@ -59,31 +59,34 @@ pub(crate) struct Statistics {
     done_percent: f32,
     errors: usize,
     reqs_per_sec: usize,
+    timeout: u64,
 }
 
 impl Statistics {
     pub fn to_text(&self) -> String {
         if self.errors > 0 {
             format!(
-                "tasks={} mem={} targets={} attempts={} done={} ({:.2?}%) errors={} speed={:.2?} reqs/s",
+                "tasks={} mem={} targets={} attempts={} done={} ({:.2?}%) errors={} timeout={}ms speed={:.2?} reqs/s",
                 self.tasks,
                 human_bytes(self.memory),
                 self.targets,
                 self.attempts,
                 self.done,
                 self.done_percent,
                 self.errors,
+                self.timeout,
                 self.reqs_per_sec,
             )
         } else {
             format!(
-                "tasks={} mem={} targets={} attempts={} done={} ({:.2?}%) speed={:.2?} reqs/s",
+                "tasks={} mem={} targets={} attempts={} done={} ({:.2?}%) timeout={}ms speed={:.2?} reqs/s",
                 self.tasks,
                 human_bytes(self.memory),
                 self.targets,
                 self.attempts,
                 self.done,
                 self.done_percent,
+                self.timeout,
                 self.reqs_per_sec,
             )
         }
@@ -362,6 +365,7 @@ impl Session {
                 done_percent: perc,
                 errors,
                 reqs_per_sec: speed,
+                timeout: self.runtime.get_timeout_ms(),
             };
 
             if self.options.json {

src/session/runtime.rs

@@ -64,8 +64,12 @@ impl Runtime {
         Duration::from_millis(self.timeout_ms.load(Ordering::Relaxed))
     }
 
+    pub fn get_timeout_ms(&self) -> u64 {
+        self.timeout_ms.load(Ordering::Relaxed)
+    }
+
     pub fn set_timeout(&self, timeout_ms: u64) {
-        log::info!(
+        log::debug!(
             "adjusting timeout from {:?} to {}ms",
             self.get_timeout(),
             timeout_ms

src/utils/net.rs

@@ -50,6 +50,8 @@ pub(crate) async fn async_tcp_stream(
         .map_err(|e| e.to_string())?
         .map_err(|e| e.to_string())?;
 
+    tcp_stream.set_nodelay(true).map_err(|e| e.to_string())?;
+
     if ssl {
         upgrade_tcp_stream_to_ssl(Box::new(tcp_stream), host, timeout).await
     } else {