ssl_scan 0.0.1

data/lib/ssl_scan/socket/ip.rb

@@ -0,0 +1,131 @@
+# -*- coding: binary -*-
+require 'ssl_scan/socket'
+
+###
+#
+# This class provides methods for interacting with a IP socket.
+#
+###
+module SSLScan::Socket::Ip
+
+  include SSLScan::Socket
+
+  ##
+  #
+  # Factory
+  #
+  ##
+
+  #
+  # Creates the client using the supplied hash.
+  #
+  def self.create(hash = {})
+    hash['Proto'] = 'ip'
+    self.create_param(SSLScan::Socket::Parameters.from_hash(hash))
+  end
+
+  #
+  # Wrapper around the base socket class' creation method that automatically
+  # sets the parameter's protocol to IP.
+  #
+  def self.create_param(param)
+    param.proto = 'ip'
+    SSLScan::Socket.create_param(param)
+  end
+
+  ##
+  #
+  # IP connected state methods
+  #
+  ##
+
+  #
+  # Write the supplied datagram to the connected IP socket.
+  #
+  def write(gram)
+    raise RuntimeError, "IP sockets must use sendto(), not write()"
+  end
+
+  alias put write
+
+  #
+  # Read a datagram from the IP socket.
+  #
+  def read(length = 65535)
+    raise RuntimeError, "IP sockets must use recvfrom(), not read()"
+  end
+
+  ##
+  #
+  # IP non-connected state methods
+  #
+  ##
+
+  #
+  # Sends a datagram to the supplied host:port with optional flags.
+  #
+  def sendto(gram, peerhost, flags = 0)
+    dest = ::Socket.pack_sockaddr_in(0, peerhost)
+
+    # Some BSDs require byteswap for len and offset
+    if(
+      SSLScan::Compat.is_freebsd or
+      SSLScan::Compat.is_netbsd or
+      SSLScan::Compat.is_bsdi or
+      SSLScan::Compat.is_macosx
+      )
+      gram=gram.dup
+      gram[2,2]=gram[2,2].unpack("n").pack("s")
+      gram[6,2]=gram[6,2].unpack("n").pack("s")
+    end
+
+    begin
+      send(gram, flags, dest)
+    rescue  ::Errno::EHOSTUNREACH,::Errno::ENETDOWN,::Errno::ENETUNREACH,::Errno::ENETRESET,::Errno::EHOSTDOWN,::Errno::EACCES,::Errno::EINVAL,::Errno::EADDRNOTAVAIL
+      return nil
+    end
+
+  end
+
+  #
+  # Receives a datagram and returns the data and host of the requestor
+  # as [ data, host ].
+  #
+  def recvfrom(length = 65535, timeout=def_read_timeout)
+    begin
+      if ((rv = ::IO.select([ fd ], nil, nil, timeout)) and
+          (rv[0]) and (rv[0][0] == fd)
+         )
+          data, saddr    = super(length)
+          af, host       = SSLScan::Socket.from_sockaddr(saddr)
+
+          return [ data, host ]
+      else
+        return [ '', nil ]
+      end
+    rescue Exception
+      return [ '', nil ]
+    end
+  end
+
+  #
+  # Calls recvfrom and only returns the data
+  #
+  def get(timeout=nil)
+    data, saddr = recvfrom(65535, timeout)
+    return data
+  end
+
+  #
+  # The default number of seconds to wait for a read operation to timeout.
+  #
+  def def_read_timeout
+    10
+  end
+
+  def type?
+    return 'ip'
+  end
+
+end
+

data/lib/ssl_scan/socket/parameters.rb

@@ -0,0 +1,363 @@
+# -*- coding: binary -*-
+require 'ssl_scan/socket'
+
+###
+#
+# This class represents the set of parameters that are used to create
+# a socket, whether it be a server or client socket.
+#
+# @example
+#   nsock = SSLScan::Socket::Tcp.create(
+#     'PeerHost'  =>  opts['RHOST'] || rhost,
+#     'PeerPort'  => (opts['RPORT'] || rport).to_i,
+#     'LocalHost' =>  opts['CHOST'] || chost || "0.0.0.0",
+#     'LocalPort' => (opts['CPORT'] || cport || 0).to_i,
+#     'SSL'       =>  dossl,
+#     'SSLVersion'=>  opts['SSLVersion'] || ssl_version,
+#     'Proxies'   => proxies,
+#     'Timeout'   => (opts['ConnectTimeout'] || connect_timeout || 10).to_i,
+#     'Context'   =>
+#       {
+#         'Msf'        => framework,
+#         'MsfExploit' => self,
+#       })
+#
+###
+class SSLScan::Socket::Parameters
+
+  ##
+  #
+  # Factory
+  #
+  ##
+
+  #
+  # Creates an instance of the Parameters class using the supplied hash.
+  #
+  def self.from_hash(hash)
+    return self.new(hash)
+  end
+
+  ##
+  #
+  # Constructor
+  #
+  ##
+
+  #
+  # Initializes the attributes from the supplied hash.  The following hash
+  # keys can be specified.
+  #
+  # @option hash [String] 'PeerHost' The remote host to connect to
+  # @option hash [String] 'PeerAddr' (alias for 'PeerHost')
+  # @option hash [Fixnum] 'PeerPort' The remote port to connect to
+  # @option hash [String] 'LocalHost' The local host to communicate from, if any
+  # @option hash [String] 'LocalPort' The local port to communicate from, if any
+  # @option hash [Bool] 'Bool' Create a bare socket
+  # @option hash [Bool] 'Server' Whether or not this should be a server
+  # @option hash [Bool] 'SSL' Whether or not SSL should be used
+  # @option hash [String] 'SSLVersion' Specify SSL2, SSL3, or TLS1 (SSL3 is
+  #   default)
+  # @option hash [String] 'SSLCert' A file containing an SSL certificate (for
+  #   server sockets)
+  # @option hash [String] 'SSLCipher' see {#ssl_cipher}
+  # @option hash [Bool] 'SSLCompression' enable SSL-level compression where available
+  # @option hash [String] 'SSLVerifyMode' SSL certificate verification
+  #   mechanism. One of 'NONE' (default), 'CLIENT_ONCE', 'FAIL_IF_NO_PEER_CERT ', 'PEER'
+  # @option hash [String] 'Proxies' List of proxies to use.
+  # @option hash [String] 'Proto' The underlying protocol to use.
+  # @option hash [String] 'IPv6' Force the use of IPv6.
+  # @option hash [String] 'Comm' The underlying {Comm} object to use to create
+  #   the socket for this parameter set.
+  # @option hash [Hash] 'Context' A context hash that can allow users of
+  #   this parameter class instance to determine who is responsible for
+  #   requesting that a socket be created.
+  # @option hash [String] 'Retries' The number of times a connection should be
+  #   retried.
+  # @option hash [Fixnum] 'Timeout' The number of seconds before a connection
+  #   should time out
+  def initialize(hash)
+    if (hash['PeerHost'])
+      self.peerhost = hash['PeerHost']
+    elsif (hash['PeerAddr'])
+      self.peerhost = hash['PeerAddr']
+    else
+      self.peerhost = nil
+    end
+
+    if (hash['LocalHost'])
+      self.localhost = hash['LocalHost']
+    elsif (hash['LocalAddr'])
+      self.localhost = hash['LocalAddr']
+    else
+      self.localhost = '0.0.0.0'
+    end
+
+    if (hash['PeerPort'])
+      self.peerport = hash['PeerPort'].to_i
+    else
+      self.peerport = 0
+    end
+
+    if (hash['LocalPort'])
+      self.localport = hash['LocalPort'].to_i
+    else
+      self.localport = 0
+    end
+
+    if (hash['Bare'])
+      self.bare = hash['Bare']
+    else
+      self.bare = false
+    end
+
+    if (hash['SSL'] and hash['SSL'].to_s =~ /^(t|y|1)/i)
+      self.ssl = true
+    else
+      self.ssl = false
+    end
+
+    supported_ssl_versions = ['SSL2', 'SSL23', 'TLS1', 'SSL3', :SSLv2, :SSLv3, :SSLv23, :TLSv1]
+    if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion'])
+      self.ssl_version = hash['SSLVersion']
+    end
+
+    supported_ssl_verifiers = %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}
+    if (hash['SSLVerifyMode'] and supported_ssl_verifiers.include? hash['SSLVerifyMode'])
+      self.ssl_verify_mode = hash['SSLVerifyMode']
+    end
+
+    if hash['SSLCompression']
+      self.ssl_compression = hash['SSLCompression']
+    end
+
+    if (hash['SSLCipher'])
+      self.ssl_cipher = hash['SSLCipher']
+    end
+
+    if (hash['SSLCert'] and ::File.file?(hash['SSLCert']))
+      begin
+        self.ssl_cert = ::File.read(hash['SSLCert'])
+      rescue ::Exception => e
+        elog("Failed to read cert: #{e.class}: #{e}", LogSource)
+      end
+    end
+
+    if hash['Proxies']
+      self.proxies = hash['Proxies'].split('-').map{|a| a.strip}.map{|a| a.split(':').map{|b| b.strip}}
+    end
+
+    # The protocol this socket will be using
+    if (hash['Proto'])
+      self.proto = hash['Proto'].downcase
+    else
+      self.proto = 'tcp'
+    end
+
+    # Whether or not the socket should be a server
+    self.server    = hash['Server'] || false
+
+    # The communication subsystem to use to create the socket
+    self.comm      = hash['Comm']
+
+    # The context that was passed in, if any.
+    self.context   = hash['Context'] || {}
+
+    # If no comm was supplied, try to use the comm that is best fit to
+    # handle the provided host based on the current routing table.
+    if( self.server )
+      if (self.comm == nil and self.localhost)
+        self.comm  = SSLScan::Socket::SwitchBoard.best_comm(self.localhost)
+      end
+    else
+      if (self.comm == nil and self.peerhost)
+        self.comm  = SSLScan::Socket::SwitchBoard.best_comm(self.peerhost)
+      end
+    end
+
+    # If we still haven't found a comm, we default to the local comm.
+    self.comm      = SSLScan::Socket::Comm::Local if (self.comm == nil)
+
+    # If we are a UDP server, turn off the server flag as it was only set when
+    # creating the UDP socket in order to avail of the switch board above.
+    if( self.server and self.proto == 'udp' )
+      self.server = false
+    end
+
+    # The number of connection retries to make (client only)
+    if hash['Retries']
+      self.retries = hash['Retries'].to_i
+    else
+      self.retries = 0
+    end
+
+    # The number of seconds before a connect attempt times out (client only)
+    if hash['Timeout']
+      self.timeout = hash['Timeout'].to_i
+    else
+      self.timeout = 5
+    end
+
+    # Whether to force IPv6 addressing
+    self.v6        = hash['IPv6'] || false
+  end
+
+  ##
+  #
+  # Conditionals
+  #
+  ##
+
+  #
+  # Returns true if this represents parameters for a server.
+  #
+  def server?
+    return (server == true)
+  end
+
+  #
+  # Returns true if this represents parameters for a client.
+  #
+  def client?
+    return (server == false)
+  end
+
+  #
+  # Returns true if the protocol for the parameters is TCP.
+  #
+  def tcp?
+    return (proto == 'tcp')
+  end
+
+  #
+  # Returns true if the protocol for the parameters is UDP.
+  #
+  def udp?
+    return (proto == 'udp')
+  end
+
+  #
+  # Returns true if the protocol for the parameters is IP.
+  #
+  def ip?
+    return (proto == 'ip')
+  end
+
+  #
+  # Returns true if the socket is a bare socket that does not inherit from
+  # any extended Rex classes.
+  #
+  def bare?
+    return (bare == true)
+  end
+
+  #
+  # Returns true if SSL has been requested.
+  #
+  def ssl?
+    return ssl
+  end
+
+  #
+  # Returns true if IPv6 has been enabled
+  #
+  def v6?
+    return v6
+  end
+
+
+  ##
+  #
+  # Attributes
+  #
+  ##
+
+  # The remote host information, equivalent to the PeerHost parameter hash
+  # key.
+  # @return [String]
+  attr_accessor :peerhost
+
+  # The remote port.  Equivalent to the PeerPort parameter hash key.
+  # @return [Fixnum]
+  attr_accessor :peerport
+
+  # The local host.  Equivalent to the LocalHost parameter hash key.
+  # @return [String]
+  attr_accessor :localhost
+
+  # The local port.  Equivalent to the LocalPort parameter hash key.
+  # @return [Fixnum]
+  attr_accessor :localport
+
+  # The protocol to to use, such as TCP.  Equivalent to the Proto parameter
+  # hash key.
+  # @return [String]
+  attr_accessor :proto
+
+  # Whether or not this is a server.  Equivalent to the Server parameter
+  # hash key.
+  # @return [Bool]
+  attr_accessor :server
+
+  # The {Comm} instance that should be used to create the underlying socket.
+  # @return [Comm]
+  attr_accessor :comm
+
+  # The context hash that was passed in to the structure.  (default: {})
+  # @return [Hash]
+  attr_accessor :context
+
+  # The number of attempts that should be made.
+  # @return [Fixnum]
+  attr_accessor :retries
+
+  # The number of seconds before a connection attempt should time out.
+  # @return [Fixnum]
+  attr_accessor :timeout
+
+  # Whether or not this is a bare (non-extended) socket instance that should
+  # be created.
+  # @return [Bool]
+  attr_accessor :bare
+
+  # Whether or not SSL should be used to wrap the connection.
+  # @return [Bool]
+  attr_accessor :ssl
+
+  # What version of SSL to use (SSL2, SSL3, SSL23, TLS1)
+  # @return [String,Symbol]
+  attr_accessor :ssl_version
+
+  # What specific SSL Cipher(s) to use, may be a string containing the cipher
+  # name or an array of strings containing cipher names e.g.
+  # ["DHE-RSA-AES256-SHA", "DHE-DSS-AES256-SHA"]
+  # @return [String,Array]
+  attr_accessor :ssl_cipher
+
+  # The SSL certificate, in pem format, stored as a string.  See
+  # {SSLScan::Socket::SslTcpServer#makessl}
+  # @return [String]
+  attr_accessor :ssl_cert
+
+  # Enables SSL/TLS-level compression
+  # @return [Bool]
+  attr_accessor :ssl_compression
+
+  #
+  # The SSL context verification mechanism
+  #
+  attr_accessor :ssl_verify_mode
+
+  #
+  # Whether we should use IPv6
+  # @return [Bool]
+  attr_accessor :v6
+
+
+  # List of proxies to use
+  # @return [String]
+  attr_accessor :proxies
+
+  alias peeraddr  peerhost
+  alias localaddr localhost
+end