ssh_scan_worker 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +29 -0
- data/.rspec +2 -0
- data/.travis.yml +25 -0
- data/CONTRIBUTING.md +47 -0
- data/Gemfile +7 -0
- data/README.md +5 -0
- data/Rakefile +16 -0
- data/bin/ssh_scan_worker +21 -0
- data/lib/ssh_scan_worker.rb +6 -0
- data/lib/ssh_scan_worker/version.rb +3 -0
- data/lib/ssh_scan_worker/worker.rb +136 -0
- data/ssh_scan_worker.gemspec +35 -0
- metadata +143 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 7dbd0c6b82769e9e8cfd7d6e42205d982f4d0045f0bb9950867bc7b5788de7e4
|
4
|
+
data.tar.gz: d4d42f223d5b1c2b6b91395b55fcbe50943f1858a7704f99742efe9afbf7d103
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 7a151f5ea8a343fceb523c2fd2bc8190c17221121bfa4ae2fc5d34b66ad52be794a6b9ac114f101ff5418cb185a3b825184e8c226840bebae742e9ee37e152fa
|
7
|
+
data.tar.gz: a2db50cbdab9175ac80d056541d159715aa082670439edded80315fc68a353f7fbfbc527f6274ce89ae650f1fd203d71f79774a3791f5f1c4827de36f6db2274
|
data/.gitignore
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
*.gem
|
2
|
+
*.db
|
3
|
+
/coverage/
|
4
|
+
|
5
|
+
config/api/config.yml
|
6
|
+
config/policies/mozilla_modern.yml
|
7
|
+
config/worker/config.yml
|
8
|
+
postgres-data/*
|
9
|
+
|
10
|
+
## Documentation cache and generated files:
|
11
|
+
/.yardoc/
|
12
|
+
/_yardoc/
|
13
|
+
/doc/
|
14
|
+
/rdoc/
|
15
|
+
|
16
|
+
## Environment normalization:
|
17
|
+
/.bundle/
|
18
|
+
/vendor/bundle
|
19
|
+
/lib/bundler/man/
|
20
|
+
|
21
|
+
# for a library or gem, you might want to ignore these files since the code is
|
22
|
+
# intended to run in multiple environments; otherwise, check them in:
|
23
|
+
Gemfile.lock
|
24
|
+
# .ruby-version
|
25
|
+
# .ruby-gemset
|
26
|
+
|
27
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
28
|
+
.rvmrc
|
29
|
+
gh-pages/
|
data/.rspec
ADDED
data/.travis.yml
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
language: ruby
|
2
|
+
sudo: false
|
3
|
+
dist: trusty
|
4
|
+
before_install: gem update --system
|
5
|
+
matrix:
|
6
|
+
include:
|
7
|
+
- rvm: ruby-head
|
8
|
+
env:
|
9
|
+
- LABEL=unit_tests
|
10
|
+
- rvm: 2.5.0
|
11
|
+
env:
|
12
|
+
- LABEL=unit_tests
|
13
|
+
- rvm: 2.3.6
|
14
|
+
env:
|
15
|
+
- LABEL=unit_tests
|
16
|
+
- rvm: 2.2.9
|
17
|
+
env:
|
18
|
+
- LABEL=unit_tests
|
19
|
+
# - rvm: 2.5.0
|
20
|
+
# env:
|
21
|
+
# - LABEL=docker_build_tests
|
22
|
+
# services:
|
23
|
+
# - docker
|
24
|
+
# script:
|
25
|
+
# - docker-compose build
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,47 @@
|
|
1
|
+
# Contributing to ssh_scan_worker
|
2
|
+
|
3
|
+
Thanks for your interest in contributing to ssh_scan_worker.
|
4
|
+
|
5
|
+
If you could follow the following guidelines, you will make it much easier for
|
6
|
+
us to give feedback, help you find whatever problem you have and fix it.
|
7
|
+
|
8
|
+
## Issues
|
9
|
+
|
10
|
+
If you have questions of any kind, or are unsure of how something works, please
|
11
|
+
[create an issue](https://github.com/claudijd/ssh_scan_worker/issues/new).
|
12
|
+
|
13
|
+
Please try to answer the following questions in your issue:
|
14
|
+
|
15
|
+
- What did you do?
|
16
|
+
- What did you expect to happen?
|
17
|
+
- What happened instead?
|
18
|
+
|
19
|
+
If you have identified a bug, it would be very helpful if you could include a
|
20
|
+
way to replicate the bug. Ideally a failing test would be perfect, but even a
|
21
|
+
simple script demonstrating the error would suffice.
|
22
|
+
|
23
|
+
Feature requests are great and if submitted they will be considered for
|
24
|
+
inclusion, but sending a pull request is much more awesome.
|
25
|
+
|
26
|
+
## Pull Requests
|
27
|
+
|
28
|
+
If you want your pull requests to be accepted, please follow the following guidelines:
|
29
|
+
|
30
|
+
- [**Add tests!**](http://rspec.info/) Your patch won't be accepted (or will be delayed) if it doesn't have tests.
|
31
|
+
|
32
|
+
- [**Document any change in behaviour**](http://yardoc.org/) Make sure the README and any other
|
33
|
+
relevant documentation are kept up-to-date.
|
34
|
+
|
35
|
+
- [**Create topic branches**](https://github.com/dchelimsky/rspec/wiki/Topic-Branches) Don't ask us to pull from your master branch.
|
36
|
+
|
37
|
+
- [**One pull request per feature**](https://help.github.com/articles/using-pull-requests) If you want to do more than one thing, send
|
38
|
+
multiple pull requests.
|
39
|
+
|
40
|
+
- [**Send coherent history**](http://stackoverflow.com/questions/6934752/git-combining-multiple-commits-before-pushing) Make sure each individual commit in your pull
|
41
|
+
request is meaningful. If you had to make multiple intermediate commits while
|
42
|
+
developing, please squash them before sending them to us.
|
43
|
+
|
44
|
+
- [**Follow coding conventions**](https://github.com/styleguide/ruby) The standard Ruby stuff, two spaces indent,
|
45
|
+
don't omit parens unless you have a good reason.
|
46
|
+
|
47
|
+
Thank you so much for contributing!
|
data/Gemfile
ADDED
data/README.md
ADDED
data/Rakefile
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
require 'rubygems/package_task'
|
4
|
+
require 'rspec'
|
5
|
+
require 'rspec/core'
|
6
|
+
require 'rspec/core/rake_task'
|
7
|
+
require 'bundler/setup'
|
8
|
+
|
9
|
+
$:.unshift File.join(File.dirname(__FILE__), "lib")
|
10
|
+
|
11
|
+
require 'ssh_scan_worker'
|
12
|
+
|
13
|
+
task :default => :spec
|
14
|
+
|
15
|
+
desc "Run all specs in spec directory"
|
16
|
+
RSpec::Core::RakeTask.new(:spec)
|
data/bin/ssh_scan_worker
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
$:.unshift File.join(File.dirname(__FILE__), "../lib")
|
4
|
+
|
5
|
+
require 'ssh_scan'
|
6
|
+
require 'ssh_scan_worker/worker'
|
7
|
+
|
8
|
+
# Usage: ruby ./bin/ssh_scan_worker [test/development/production]
|
9
|
+
|
10
|
+
# Set defaults for config items
|
11
|
+
opts = {
|
12
|
+
"server" => "127.0.0.1",
|
13
|
+
"scheme" => "http",
|
14
|
+
"verify" => "false", # this is done for testing/development purposes, the expectation is that you will be setting this to true in a production setup
|
15
|
+
"port" => 8000,
|
16
|
+
"token" => "EXAMPLE_API_TOKEN", # this is done for testing/development purposes, the expectation is that you will be setting this to a real API token in a production setup
|
17
|
+
"poll_interval" => 3,
|
18
|
+
}
|
19
|
+
|
20
|
+
worker = SSHScan::Worker.new(opts)
|
21
|
+
worker.run!
|
@@ -0,0 +1,136 @@
|
|
1
|
+
require 'ssh_scan/scan_engine'
|
2
|
+
require 'ssh_scan_worker/version'
|
3
|
+
require 'openssl'
|
4
|
+
require 'net/https'
|
5
|
+
|
6
|
+
module SSHScan
|
7
|
+
class Worker
|
8
|
+
def initialize(opts = {})
|
9
|
+
raise ArgumentError.new("API server not specified") unless ENV['sshscan.api.host'] || opts["server"]
|
10
|
+
@server = ENV['SSHSCAN_API_HOST'] || opts["server"]
|
11
|
+
|
12
|
+
raise ArgumentError.new("API scheme not specified") unless ENV['sshscan.api.host'] || opts["scheme"]
|
13
|
+
@scheme = ENV['SSHSCAN_API_SCHEME'] || opts["scheme"]
|
14
|
+
|
15
|
+
raise ArgumentError.new("API verify not specified") unless ENV['sshscan.api.verify'] || opts["verify"]
|
16
|
+
@verify = ENV['SSHSCAN_API_VERIFY'] || opts["verify"]
|
17
|
+
|
18
|
+
raise ArgumentError.new("API port not specified") unless ENV['sshscan.api.port'] || opts["port"]
|
19
|
+
@port = ENV['SSHSCAN_API_PORT'] || opts["port"]
|
20
|
+
|
21
|
+
raise ArgumentError.new("API auth token not specified") unless ENV['sshscan.api.token'] || opts["token"]
|
22
|
+
@auth_token = ENV['SSHSCAN_API_TOKEN'] || opts["token"]
|
23
|
+
|
24
|
+
@logger = setup_logger(opts["logger"])
|
25
|
+
@poll_interval = opts["poll_interval"] || 5 # in seconds
|
26
|
+
@poll_restore_interval = opts["poll_restore_interval"] || 5 # in seconds
|
27
|
+
@worker_id = SecureRandom.uuid
|
28
|
+
end
|
29
|
+
|
30
|
+
def setup_logger(logger)
|
31
|
+
case logger
|
32
|
+
when Logger
|
33
|
+
return logger
|
34
|
+
when String
|
35
|
+
return Logger.new(logger)
|
36
|
+
end
|
37
|
+
|
38
|
+
return Logger.new(STDOUT)
|
39
|
+
end
|
40
|
+
|
41
|
+
def run!
|
42
|
+
loop do
|
43
|
+
begin
|
44
|
+
response = retrieve_work
|
45
|
+
|
46
|
+
if response["work"]
|
47
|
+
work = response["work"]
|
48
|
+
results = perform_work(work)
|
49
|
+
post_results(results, work)
|
50
|
+
elsif response["error"]
|
51
|
+
@logger.info("Error: #{response["error"]}")
|
52
|
+
sleep @poll_interval
|
53
|
+
next
|
54
|
+
else
|
55
|
+
@logger.info("No jobs available from #{@server}:#{@port} (waiting #{@poll_interval} seconds)")
|
56
|
+
sleep @poll_interval
|
57
|
+
next
|
58
|
+
end
|
59
|
+
rescue Errno::ECONNREFUSED
|
60
|
+
@logger.error("Cannot reach API endpoint #{@server}:#{@port}, waiting #{@poll_restore_interval} seconds")
|
61
|
+
sleep @poll_restore_interval
|
62
|
+
#rescue RuntimeError => e
|
63
|
+
@logger.error(e.inspect)
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
def retrieve_work
|
69
|
+
(Net::HTTP::SSL_IVNAMES << :@ssl_options).uniq!
|
70
|
+
(Net::HTTP::SSL_ATTRIBUTES << :options).uniq!
|
71
|
+
|
72
|
+
Net::HTTP.class_eval do
|
73
|
+
attr_accessor :ssl_options
|
74
|
+
end
|
75
|
+
|
76
|
+
uri = URI(
|
77
|
+
"#{@scheme}://#{@server}:#{@port}/api/v1/\
|
78
|
+
work?worker_id=#{@worker_id}"
|
79
|
+
)
|
80
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
81
|
+
|
82
|
+
if @scheme == "https"
|
83
|
+
http.use_ssl = true
|
84
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
|
85
|
+
options_mask =
|
86
|
+
OpenSSL::SSL::OP_NO_SSLv2 +
|
87
|
+
OpenSSL::SSL::OP_NO_SSLv3 +
|
88
|
+
OpenSSL::SSL::OP_NO_COMPRESSION
|
89
|
+
http.ssl_options = options_mask
|
90
|
+
end
|
91
|
+
|
92
|
+
request = Net::HTTP::Get.new(uri.path)
|
93
|
+
request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
|
94
|
+
response = http.request(request)
|
95
|
+
JSON.parse(response.body)
|
96
|
+
end
|
97
|
+
|
98
|
+
def perform_work(work)
|
99
|
+
@logger.info("Started job: #{work["uuid"]}")
|
100
|
+
work["sockets"] = [work["target"] + ":" + work["port"].to_s]
|
101
|
+
scan_engine = SSHScan::ScanEngine.new
|
102
|
+
work["fingerprint_database"] = File.join(File.dirname(__FILE__),"../../data/fingerprints.yml")
|
103
|
+
work["policy"] = File.join(File.dirname(__FILE__),"../../config/policies/mozilla_modern.yml")
|
104
|
+
work["timeout"] = 5
|
105
|
+
results = scan_engine.scan(work)
|
106
|
+
@logger.info("Completed job: #{work["uuid"]}")
|
107
|
+
return results
|
108
|
+
end
|
109
|
+
|
110
|
+
def post_results(results, job)
|
111
|
+
uri = URI(
|
112
|
+
"#{@scheme}://#{@server}:#{@port}/api/v1/\
|
113
|
+
work/results/#{@worker_id}/#{job["uuid"]}"
|
114
|
+
)
|
115
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
116
|
+
|
117
|
+
if @scheme == "https"
|
118
|
+
http.use_ssl = true
|
119
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
|
120
|
+
options_mask =
|
121
|
+
OpenSSL::SSL::OP_NO_SSLv2 +
|
122
|
+
OpenSSL::SSL::OP_NO_SSLv3 +
|
123
|
+
OpenSSL::SSL::OP_NO_COMPRESSION
|
124
|
+
http.ssl_options = options_mask
|
125
|
+
end
|
126
|
+
|
127
|
+
request = Net::HTTP::Post.new(uri.path)
|
128
|
+
request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
|
129
|
+
request.add_field("Content-Type", "application/json")
|
130
|
+
|
131
|
+
request.body = results.to_json
|
132
|
+
http.request(request)
|
133
|
+
@logger.info("Posted job: #{job["uuid"]}")
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
$: << "lib"
|
2
|
+
require 'ssh_scan_worker/version'
|
3
|
+
require 'date'
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = 'ssh_scan_worker'
|
7
|
+
s.version = SSHScan::WORKER_VERSION
|
8
|
+
s.authors = ["Harsh Vardhan", "Rishabh Saxena", "Ashish Gaurav", "Jonathan Claudius" ]
|
9
|
+
s.date = Date.today.to_s
|
10
|
+
s.email = 'jclaudius@mozilla.com'
|
11
|
+
s.platform = Gem::Platform::RUBY
|
12
|
+
s.files = Dir.glob("lib/**/*") +
|
13
|
+
Dir.glob("bin/**/*") +
|
14
|
+
[".gitignore",
|
15
|
+
".rspec",
|
16
|
+
".travis.yml",
|
17
|
+
"CONTRIBUTING.md",
|
18
|
+
"Gemfile",
|
19
|
+
"Rakefile",
|
20
|
+
"README.md",
|
21
|
+
"ssh_scan_worker.gemspec"]
|
22
|
+
s.license = "ruby"
|
23
|
+
s.require_paths = ["lib"]
|
24
|
+
s.executables = s.files.grep(%r{^bin/[^\/]+$}) { |f| File.basename(f) }
|
25
|
+
s.summary = 'ssh_scan worker'
|
26
|
+
s.description = 'The worker component for performing SSH scans using ssh_scan_api'
|
27
|
+
s.homepage = 'http://rubygems.org/gems/ssh_scan_worker'
|
28
|
+
|
29
|
+
s.add_dependency('ssh_scan', '0.0.35')
|
30
|
+
s.add_development_dependency('rack-test')
|
31
|
+
s.add_development_dependency('pry')
|
32
|
+
s.add_development_dependency('rspec', '~> 3.0')
|
33
|
+
s.add_development_dependency('rspec-its', '~> 1.2')
|
34
|
+
s.add_development_dependency('rake')
|
35
|
+
end
|
metadata
ADDED
@@ -0,0 +1,143 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ssh_scan_worker
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Harsh Vardhan
|
8
|
+
- Rishabh Saxena
|
9
|
+
- Ashish Gaurav
|
10
|
+
- Jonathan Claudius
|
11
|
+
autorequire:
|
12
|
+
bindir: bin
|
13
|
+
cert_chain: []
|
14
|
+
date: 2018-06-25 00:00:00.000000000 Z
|
15
|
+
dependencies:
|
16
|
+
- !ruby/object:Gem::Dependency
|
17
|
+
name: ssh_scan
|
18
|
+
requirement: !ruby/object:Gem::Requirement
|
19
|
+
requirements:
|
20
|
+
- - '='
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 0.0.35
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - '='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: 0.0.35
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: rack-test
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
requirements:
|
34
|
+
- - ">="
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: '0'
|
37
|
+
type: :development
|
38
|
+
prerelease: false
|
39
|
+
version_requirements: !ruby/object:Gem::Requirement
|
40
|
+
requirements:
|
41
|
+
- - ">="
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: '0'
|
44
|
+
- !ruby/object:Gem::Dependency
|
45
|
+
name: pry
|
46
|
+
requirement: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - ">="
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '0'
|
51
|
+
type: :development
|
52
|
+
prerelease: false
|
53
|
+
version_requirements: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - ">="
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: '0'
|
58
|
+
- !ruby/object:Gem::Dependency
|
59
|
+
name: rspec
|
60
|
+
requirement: !ruby/object:Gem::Requirement
|
61
|
+
requirements:
|
62
|
+
- - "~>"
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '3.0'
|
65
|
+
type: :development
|
66
|
+
prerelease: false
|
67
|
+
version_requirements: !ruby/object:Gem::Requirement
|
68
|
+
requirements:
|
69
|
+
- - "~>"
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
version: '3.0'
|
72
|
+
- !ruby/object:Gem::Dependency
|
73
|
+
name: rspec-its
|
74
|
+
requirement: !ruby/object:Gem::Requirement
|
75
|
+
requirements:
|
76
|
+
- - "~>"
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
version: '1.2'
|
79
|
+
type: :development
|
80
|
+
prerelease: false
|
81
|
+
version_requirements: !ruby/object:Gem::Requirement
|
82
|
+
requirements:
|
83
|
+
- - "~>"
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: '1.2'
|
86
|
+
- !ruby/object:Gem::Dependency
|
87
|
+
name: rake
|
88
|
+
requirement: !ruby/object:Gem::Requirement
|
89
|
+
requirements:
|
90
|
+
- - ">="
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
version: '0'
|
93
|
+
type: :development
|
94
|
+
prerelease: false
|
95
|
+
version_requirements: !ruby/object:Gem::Requirement
|
96
|
+
requirements:
|
97
|
+
- - ">="
|
98
|
+
- !ruby/object:Gem::Version
|
99
|
+
version: '0'
|
100
|
+
description: The worker component for performing SSH scans using ssh_scan_api
|
101
|
+
email: jclaudius@mozilla.com
|
102
|
+
executables:
|
103
|
+
- ssh_scan_worker
|
104
|
+
extensions: []
|
105
|
+
extra_rdoc_files: []
|
106
|
+
files:
|
107
|
+
- ".gitignore"
|
108
|
+
- ".rspec"
|
109
|
+
- ".travis.yml"
|
110
|
+
- CONTRIBUTING.md
|
111
|
+
- Gemfile
|
112
|
+
- README.md
|
113
|
+
- Rakefile
|
114
|
+
- bin/ssh_scan_worker
|
115
|
+
- lib/ssh_scan_worker.rb
|
116
|
+
- lib/ssh_scan_worker/version.rb
|
117
|
+
- lib/ssh_scan_worker/worker.rb
|
118
|
+
- ssh_scan_worker.gemspec
|
119
|
+
homepage: http://rubygems.org/gems/ssh_scan_worker
|
120
|
+
licenses:
|
121
|
+
- ruby
|
122
|
+
metadata: {}
|
123
|
+
post_install_message:
|
124
|
+
rdoc_options: []
|
125
|
+
require_paths:
|
126
|
+
- lib
|
127
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
133
|
+
requirements:
|
134
|
+
- - ">="
|
135
|
+
- !ruby/object:Gem::Version
|
136
|
+
version: '0'
|
137
|
+
requirements: []
|
138
|
+
rubyforge_project:
|
139
|
+
rubygems_version: 2.6.13
|
140
|
+
signing_key:
|
141
|
+
specification_version: 4
|
142
|
+
summary: ssh_scan worker
|
143
|
+
test_files: []
|