@@ -3,7 +3,6 @@ package modules
33import (
44 "context"
55 "errors"
6- "fmt"
76
87 log "github.com/sirupsen/logrus"
98
@@ -85,22 +84,30 @@ func (s *TLSScanner) InitPerSender(senderID int) error {
8584// heartbleed, if enabled).
8685func (s * TLSScanner ) Scan (ctx context.Context , dialerGroup * zgrab2.DialerGroup , target * zgrab2.ScanTarget ) (zgrab2.ScanStatus , any , error ) {
8786 conn , err := dialerGroup .Dial (ctx , target )
87+ if conn != nil {
88+ defer zgrab2 .CloseConnAndHandleError (conn )
89+ }
8890 if err != nil {
89- return zgrab2 .TryGetScanStatus (err ), nil , fmt .Errorf ("failed to dial target %s: %w" , target .String (), err )
91+ // Even on an error, we want to give the TLS Log if we have it.
92+ if conn != nil {
93+ if tlsConn , ok := conn .(* zgrab2.TLSConnection ); ok {
94+ if tlsLog := tlsConn .GetLog (); tlsLog != nil {
95+ if tlsLog .HandshakeLog .ServerHello != nil {
96+ // If we got far enough to get a valid ServerHello, then
97+ // consider it to be a positive TLS detection.
98+ return zgrab2 .TryGetScanStatus (err ), tlsLog , err
99+ }
100+ // Otherwise, detection failed.
101+ }
102+ }
103+ }
104+ return zgrab2 .TryGetScanStatus (err ), nil , err
90105 }
91- defer zgrab2 .CloseConnAndHandleError (conn )
92106 tlsConn , ok := conn .(* zgrab2.TLSConnection )
93107 if ! ok {
94- return zgrab2 .SCAN_INVALID_INPUTS , nil , errors .New ("tls scanner requires a default dialer that creates TLS connections" )
95- }
96- tlsLog := tlsConn .GetLog ()
97- if tlsLog != nil && tlsLog .HandshakeLog .ServerHello != nil {
98- // If we got far enough to get a valid ServerHello, then
99- // consider it to be a positive TLS detection.
100- return zgrab2 .SCAN_SUCCESS , tlsLog , nil
108+ return zgrab2 .SCAN_UNKNOWN_ERROR , nil , errors .New ("scan returned non-TLS connection" )
101109 }
102- // Otherwise detection failed
103- return zgrab2 .SCAN_HANDSHAKE_ERROR , nil , errors .New ("tls handshake failed" )
110+ return zgrab2 .SCAN_SUCCESS , tlsConn .GetLog (), nil
104111}
105112
106113// Protocol returns the protocol identifer for the scanner.
0 commit comments