Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to compute http BodySHA256 on decoded BodyText #275

Merged
merged 10 commits into from
Sep 18, 2020
Merged

Add option to compute http BodySHA256 on decoded BodyText #275

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
4775cf8
Add option to compute http BodySHA256 on decoded BodyText
twschum Sep 17, 2020
30e6cdb
Add BodyHash field with hash type prefix
twschum Sep 17, 2020
8f4f1bb
Types
twschum Sep 17, 2020
f96339b
Add BodyHashAlgorithm option
twschum Sep 17, 2020
7c61e14
Fix test
twschum Sep 17, 2020
40ebf2a
Spelling
twschum Sep 17, 2020
a7ad9a2
Combine to single option
twschum Sep 17, 2020
fc82b6b
Capture BodyTextLength
twschum Sep 17, 2020
c034bb2
Use hash setting on getCheckRedirect
twschum Sep 17, 2020
66c842d
Put body_length behind flag to zschema
twschum Sep 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add BodyHashAlgorithm option
  • Loading branch information
@twschum
twschum committed Sep 17, 2020
commit f96339b30b5e965b9810397a0370d3d0518e383b
23 changes: 21 additions & 2 deletions modules/http/scanner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ package http
import (
"bytes"
"context"
"crypto/sha1"
"crypto/sha256"
"encoding/hex"
"errors"
Expand Down Expand Up @@ -66,6 +67,9 @@ type Flags struct {
// ComputeDecodedBodyHash computes the hash later than the default, allowing a user
// of the response to recompute a matching hash
ComputeDecodedBodyHash bool `long:"compute-decoded-body-hash" description:"Compute the BodySHA256 on the decoded BodyText that is returned instead of on the raw bytes"`

// BodyHashAlgorithm
BodyHashAlgorithm string `long:"body-hash-algorithm" default:"sha256" choice:"sha256" choice:"sha1" description:"Choose algorithm for BodyHash field"`
}

// A Results object is returned by the HTTP module's Scanner.Scan()
Expand All @@ -86,6 +90,7 @@ type Module struct {
// Scanner is the implementation of the zgrab2.Scanner interface.
type Scanner struct {
config *Flags
hashFn func([]byte) string
}

// scan holds the state for a single scan. This may entail multiple connections.
Expand Down Expand Up @@ -135,6 +140,21 @@ func (s *Scanner) Protocol() string {
func (scanner *Scanner) Init(flags zgrab2.ScanFlags) error {
fl, _ := flags.(*Flags)
scanner.config = fl

if fl.BodyHashAlgorithm == "sha1" {
scanner.hashFn = func(body []byte) string {
raw_hash := sha1.Sum(body)
return fmt.Sprintf("sha1:%s", hex.EncodeToString(raw_hash[:]))
}
} else if fl.BodyHashAlgorithm == "sha256" {
scanner.hashFn = func(body []byte) string {
raw_hash := sha256.Sum256(body)
return fmt.Sprintf("sha256:%s", hex.EncodeToString(raw_hash[:]))
}
} else {
log.Panicf("Invalid BodhHashAlgorithm choice made it throug zflags: %s", scanner.config.BodyHashAlgorithm)
}

return nil
}

Expand Down Expand Up @@ -417,8 +437,7 @@ func (scan *scan) Grab() *zgrab2.ScanError {

if len(scan.results.Response.BodyText) > 0 {
if scan.scanner.config.ComputeDecodedBodyHash {
raw_hash := sha256.Sum256([]byte(scan.results.Response.BodyText))
scan.results.Response.BodyHash = fmt.Sprintf("sha256:%s", hex.EncodeToString(raw_hash[:]))
scan.results.Response.BodyHash = scan.scanner.hashFn([]byte(scan.results.Response.BodyText))
} else {
m := sha256.New()
m.Write(buf.Bytes())
Expand Down