zgrab2

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2025 License: Apache-2.0, ISC Imports: 34 Imported by: 66

README

ZGrab 2.0

ZGrab is a fast, modular application-layer network scanner designed for completing large Internet-wide surveys. ZGrab is built to work with ZMap (ZMap identifies L4 responsive hosts, ZGrab performs in-depth, follow-up L7 handshakes). Unlike many other network scanners, ZGrab outputs detailed transcripts of network handshakes (e.g., all messages exchanged in a TLS handshake) for offline analysis.

ZGrab 2.0 contains a new, modular ZGrab framework, which fully supersedes https://github.com/zmap/zgrab.

ZGrab offers modules for a variety of protocols. Currently, we offer:

AMQPBACnetBannerDNP3FoxFTPHTTPIMAPIPP
JARMManageSieveMemcachedModbusMongoDBMQTTMSSQLMySQLNTP
OraclePOP3PostgreSQLPPTPRedisSiemensSMBSMTPSOCKS5
SSHTelnetTLS

More details are available in the Modules section below.

For default behavior, you can pipe a list of target IPs or hostnames (one per line) into ZGrab2 via stdin to check out a modules' output.

echo "pool.ntp.org" | zgrab2 ntp

{"ip":"23.143.196.199","domain":"pool.ntp.org","data":{"ntp":{"status":"success","protocol":"ntp","port":123,"result":{"version":3,"time":"2025-11-07T00:58:45.13740072Z"},"timestamp":"2025-11-06T16:58:45-08:00"}}}
00h:00m:00s; Scan Complete; 1 targets scanned; 33.01 targets/sec; 100.0% success rate

[!NOTE] Ethical Scanning

ZGrab will only collect information that is available to any standard application client without authenticating. We will not accept contributions that attempt to gain access to systems by exploiting vulnerabilities or attempting to brute-force credentials. Application handshakes are always aborted before authentication is attempted.

Installation

Building from Source

We recommend installing ZGrab2 from source to ensure you have the latest version.

Prerequisites

If you do not already have Go installed, follow the instructions on the Go installation page to install Go 1.23 or later.

Clone and Build ZGrab2
git clone https://github.com/zmap/zgrab2.git
cd zgrab2
make
./zgrab2 http --help # to see the http module's help message

This will create the zgrab2 binary in the current directory.

You can also install ZGrab2 so it can be used system-wide:

make install; zgrab2 --help

If there are no errors, the zgrab2 binary should now be available system-wide.

Troubleshooting Install

Usually, installation issues are because Go will put the binary in your $GOPATH/bin directory, which may not be in your system's PATH meaning your shell cannot find it.

If you run into issues with command not found: zgrab2, ensure that your $GOPATH/bin is in your PATH environment variable. Add the following line to your shell configuration file (e.g., ~/.bashrc, ~/.zshrc):

export PATH=$PATH:$GOPATH/bin

Then, reload your shell configuration:

source ~/.bashrc  # or source ~/.zshrc
With Docker

You can run ZGrab 2.0 with our official Docker image. For example, to scan a single website using the HTTP module, you can use:

echo 'example.com' | docker run --rm -i ghcr.io/zmap/zgrab2 http

For more complex scanning scenarios, such as using multiple modules or custom configurations, you can create a configuration file and pass it to the container:

docker run --rm -i -v /path/to/your/config.ini:/config.ini ghcr.io/zmap/zgrab2 multiple -c /config.ini

Replace /path/to/your/config.ini with the path to your configuration file on the host machine. See Multiple Module Usage for more details on configurations.

Single Module Usage

ZGrab2 supports modules. For example, to run the ssh module use

./zgrab2 ssh

To retrieve detailed command-line usage and options for a specific module, append -h to the command:

./zgrab2 [module] -h

This will display the module-specific options, as well as the application-wide options, including usage examples, available flags, and descriptions for each option.

Module specific options must be included after the module. Application specific options can be specified at any time.

Input Format

Targets are specified with input files or from stdin, in CSV format. Each input line has up to four fields:

IP, DOMAIN, TAG, PORT

Each line must specify IP, DOMAIN, or both. If only DOMAIN is provided, scanners perform a DNS hostname lookup to determine the IP address. If both IP and DOMAIN are provided, scanners connect to IP but use DOMAIN in protocol-specific contexts, such as the HTTP HOST header and TLS SNI extension.

If the IP field contains a CIDR block, the framework will expand it to one target for each IP address in the block.

The TAG field is optional and used with the --trigger scanner argument. The PORT field is also optional, and acts as a per-line override for the -p/--port option.

Unused fields can be blank, and trailing unused fields can be omitted entirely. For backwards compatibility, the parser allows lines with only one field to contain DOMAIN.

These are examples of valid input lines:

10.0.0.1
domain.com
10.0.0.1, domain.com
10.0.0.1, domain.com, tag
10.0.0.1, domain.com, tag, 1234
10.0.0.1, , tag
10.0.0.1, , , 5678
, domain.com, tag
192.168.0.0/24, , tag

And an example of calling zgrab2 with input:

echo "en.wikipedia.org" | ./zgrab2 http --max-redirects=1 --endpoint="/wiki/New_York_City"

Multiple Module Usage

To run a scan with multiple modules, a .ini file must be used with the multiple module. Below is an example .ini file with the corresponding zgrab2 command.

multiple.ini

[Application Options]
output-file="output.txt"
input-file="input.txt"
[http]
name="http80"
port=80
endpoint="/"
[http]
name="http8080"
port=8080
endpoint="/"
[ssh]
port=22

./zgrab2 multiple -c multiple.ini

Application Options must be the initial section name. Other section names should correspond exactly to the relevant zgrab2 module name. The default name for each module is the command name. If the same module is to be used multiple times then name must be specified and unique.

Multiple module support is particularly powerful when combined with input tags and the --trigger scanner argument. For example, this input contains targets with two different tags:

141.212.113.199, , tagA
216.239.38.21, censys.io, tagB

Invoking zgrab2 with the following multiple configuration will perform an SSH grab on the first target above and an HTTP grab on the second target:

[ssh]
trigger="tagA"
name="ssh22"
port=22

[http]
trigger="tagB"
name="http80"
port=80

You can run with this configuration using the following:

cat input.csv | ./zgrab2 multiple -c config.ini

Adding New Protocols

Add module to modules/ that satisfies the following interfaces: Scanner, ScanModule, ScanFlags.

The flags struct must embed zgrab2.BaseFlags. In the modules init() function the following must be included.

func init() {
    var newModule NewModule
    _, err := zgrab2.AddCommand("module", "short description", "long description of module", portNumber, &newModule)
    if err != nil {
        log.Fatal(err)
    }
}
Output schema

To add a schema for the new module, add a module under schemas, and update zgrab2_schemas/zgrab2/__init__.py to ensure that it is loaded.

See zgrab2_schemas/README.md for details.

Integration tests

To add integration tests for the new module, you'll need to add a test service to scan against to integration_tests/docker-compose.yml and a test.sh in a folder named after your module. Follow the examples in integration_tests/.template to create the necessary files. See integration_tests/mysql/* for an example. The only hard requirement is that the test.sh script drops its output in $ZGRAB_OUTPUT/[your-module]/*.json, so that it can be validated against the schema.

How to Run Integration Tests

To run integration tests, you must have Docker and Python 3 on host installed. Then, you can follow the following steps to run integration tests:

# Install Python dependencies
sudo apt update
sudo apt install -y python3 jp python3-pip
python3 -m venv venv
source venv/bin/activate
# Install Python dependencies
pip install zschema
pip install -r requirements.txt
make integration-test-clean; make integration-test

Running the integration tests will generate quite a bit of debug output. To ensure that tests completed successfully, you can check for a successful exit code after the tests complete:

echo $?
0

To just run a single/few module's integration tests, you can use the TEST_MODULES env. var.:

make integration-test-clean; TEST_MODULES="http" make integration-test
make integration-test-clean; TEST_MODULES="http ssh" make integration-test

Refer to our Github Actions workflow for an example of how to prepare environment for integration tests.

License

ZGrab2.0 is licensed under Apache 2.0 and ISC. For more information, see the LICENSE file.

Documentation

Index

Examples

Constants

View Source 
const (
	IPVersionCapabilityTimeout     = 10 * time.Second
	IPVersionCapabilityIPv4Address = "1.1.1.1:80"              // Cloudflare has this IP/Port redirect to https://one.one.one.one. We can use it to test if this host has IPv4 connectivity
	IPVersionCapabilityIPv6Address = "2606:4700:4700::1111:80" // Same as above for IPv6
)
View Source 
const (
	// ReadLimitExceededActionNotSet is a placeholder for the zero value, so that explicitly set values can be
	// distinguished from the empty default.
	ReadLimitExceededActionNotSet = ReadLimitExceededAction("")

	// ReadLimitExceededActionTruncate causes the connection to truncate at BytesReadLimit bytes and return a bogus
	// io.EOF error. The fact that a truncation took place is logged at debug level.
	ReadLimitExceededActionTruncate = ReadLimitExceededAction("truncate")

	// ReadLimitExceededActionError causes the Read call to return n, ErrReadLimitExceeded (in addition to truncating).
	ReadLimitExceededActionError = ReadLimitExceededAction("error")

	// ReadLimitExceededActionPanic causes the Read call to panic(ErrReadLimitExceeded).
	ReadLimitExceededActionPanic = ReadLimitExceededAction("panic")
)
View Source 
const (
	SCAN_SUCCESS            = ScanStatus("success")            // The protocol in question was positively identified and the scan encountered no errors
	SCAN_CONNECTION_REFUSED = ScanStatus("connection-refused") // TCP connection was actively rejected
	SCAN_CONNECTION_TIMEOUT = ScanStatus("connection-timeout") // No response to TCP connection request
	SCAN_CONNECTION_CLOSED  = ScanStatus("connection-closed")  // The TCP connection was unexpectedly closed
	SCAN_HANDSHAKE_ERROR    = ScanStatus("handshake-error")    // The security (TLS, etc) handshake failed
	SCAN_IO_TIMEOUT         = ScanStatus("io-timeout")         // Timed out waiting on data
	SCAN_PROTOCOL_ERROR     = ScanStatus("protocol-error")     // Received data incompatible with the target protocol
	SCAN_APPLICATION_ERROR  = ScanStatus("application-error")  // The application reported an error
	SCAN_INVALID_INPUTS     = ScanStatus("invalid-inputs")     // The inputs to the scan were invalid
	SCAN_BLOCKLISTED_TARGET = ScanStatus("blocklisted-target") // The target was blocklisted
	SCAN_UNKNOWN_ERROR      = ScanStatus("unknown-error")      // Catch-all for unrecognized errors
)

TODO: Conform to standard string const format (names, capitalization, hyphens/underscores, etc) TODO: Enumerate further status types TODO: lump connection closed / io timeout? TODO: Add SCAN_TLS_PROTOCOL_ERROR? For purely TLS-wrapped protocols, SCAN_PROTOCOL_ERROR is fine -- but for protocols that have a non-TLS bootstrap (e.g. a STARTTLS procedure), SCAN_PROTOCOL_ERROR is misleading, since it did get far-enough into the application protocol to start TLS handshaking -- but a garbled TLS handshake is certainly not a SCAN_APPLICATION_ERROR

View Source 
const (
	ErrTotalTimeout = errTotalTimeout("timeout")
)

Variables

View Source 
var (
	// DefaultBytesReadLimit is the maximum number of bytes to read per connection when no explicit value is provided.
	DefaultBytesReadLimit = 256 * 1024 * 1024

	// DefaultReadLimitExceededAction is the action used when no explicit action is set.
	DefaultReadLimitExceededAction = ReadLimitExceededActionTruncate

	// DefaultSessionTimeout is the default maximum time a connection may be used when no explicit value is provided.
	DefaultSessionTimeout = 1 * time.Minute
)
View Source 
var ErrInsufficientBuffer = errors.New("not enough buffer space")
View Source 
var ErrInvalidArguments = errors.New("invalid arguments")

ErrInvalidArguments is thrown if the command-line arguments invalid.

View Source 
var ErrInvalidResponse = errors.New("invalid response")

ErrInvalidResponse is returned when the server returns a syntactically-invalid response.

View Source 
var ErrMismatchedFlags = errors.New("mismatched flag/module")

ErrMismatchedFlags is thrown if the flags for one module type are passed to an incompatible module type.

View Source 
var ErrReadLimitExceeded = errors.New("read limit exceeded")

ErrReadLimitExceeded is returned / panic'd from Read if the read limit is exceeded when the ReadLimitExceededAction is error / panic.

View Source 
var ErrUnexpectedResponse = errors.New("unexpected response")

ErrUnexpectedResponse is returned when the server returns a syntactically-valid but unexpected response.

Functions

func AddCommand 

func AddCommand(command string, shortDescription string, longDescription string, port int, m ScanModule) (*flags.Command, error)

AddCommand adds a module to the parser and returns a pointer to a flags.command object or an error

func CloseConnAndHandleError added in v0.2.0 

func CloseConnAndHandleError(conn net.Conn)

CloseConnAndHandleError closes the connection and logs an error if it fails. Convenience function for code-reuse.

func EncodeGrab added in v0.1.5 

func EncodeGrab(raw *Grab, includeDebug bool) ([]byte, error)

EncodeGrab serializes a Grab to JSON, handling the debug fields if necessary.

func FlagsToSet 

func FlagsToSet(flags uint64, mapping map[uint64]string) (map[string]bool, []uint64)

FlagsToSet converts an integer flags variable to a set of string labels corresponding to each bit, in the format described by the wiki (see https://github.com/zmap/zgrab2/wiki/Scanner-details). The mapping maps the bit mask value (i.e. a number of the form (1 << x)) to the label for that bit. Flags not present in mapping are appended to the unknown list.

Example 
output, unknowns := FlagsToSet(0x5, WidenMapKeys(map[int]string{
	0x1: "bit0",
	0x2: "bit1",
	0x8: "bit3",
}))
for k, v := range output {
	fmt.Printf("%s: %v\n", k, v)
}
for _, v := range unknowns {
	fmt.Printf("Unknown: 0x%01x", v)
}

Output:

bit0: true
Unknown: 0x4

func GetDefaultTCPDialer added in v0.2.0 

func GetDefaultTCPDialer(flags *BaseFlags) func(ctx context.Context, t *ScanTarget, addr string) (net.Conn, error)

GetDefaultTCPDialer returns a TCP dialer suitable for modules with default TCP behavior

func GetDefaultTLSDialer added in v0.2.0 

func GetDefaultTLSDialer(flags *BaseFlags, tlsFlags *TLSFlags) func(ctx context.Context, t *ScanTarget, addr string) (net.Conn, error)

GetDefaultTLSDialer returns a TLS-over-TCP dialer suitable for modules with default TLS behavior

func GetDefaultTLSWrapper added in v0.2.0 

func GetDefaultTLSWrapper(tlsFlags *TLSFlags) func(ctx context.Context, t *ScanTarget, conn net.Conn) (*TLSConnection, error)

GetDefaultTLSWrapper uses the TLS flags to create a wrapper that upgrades a TCP connection to a TLS connection.

func GetDefaultUDPDialer added in v0.2.0 

func GetDefaultUDPDialer(flags *BaseFlags) func(ctx context.Context, t *ScanTarget, addr string) (net.Conn, error)

GetDefaultUDPDialer returns a UDP dialer suitable for modules with default UDP behavior

func GetMetaFile 

func GetMetaFile() *os.File

GetMetaFile returns the file to which metadata should be output

func GetTargetsCSV 

func GetTargetsCSV(source io.Reader, ch chan<- ScanTarget) error

GetTargetsCSV reads targets from a CSV source, generates ScanTargets, and delivers them to the provided channel.

func HasCtxExpired added in v0.2.0 

func HasCtxExpired(ctx context.Context) bool

HasCtxExpired checks if the context has expired. Common function used in various places.

func InputTargetsCSV 

func InputTargetsCSV(ch chan<- ScanTarget) error

InputTargetsCSV is an InputTargetsFunc that calls GetTargetsCSV with the CSV file provided on the command line.

func IsTimeoutError 

func IsTimeoutError(err error) bool

IsTimeoutError checks if the given error corresponds to a timeout (of any type).

func ListFlagsToSet 

func ListFlagsToSet(flags uint64, labels []string) (map[string]bool, []uint64)

ListFlagsToSet converts an integer flags variable to a set of string labels corresponding to each bit, in the format described by the wiki (see https://github.com/zmap/zgrab2/wiki/Scanner-details). The ith entry of labels gives the label for the ith bit (i.e. flags & (1<<i)). Empty strings in labels are treated as unknown, as are bits beyond the end of the list. Unknown flags are appended to the unknown list.

Example 
output, unknowns := ListFlagsToSet(0x5, []string{
	"bit0",
	"bit1",
	"",
	"bit3",
})
for k, v := range output {
	fmt.Printf("%s: %v\n", k, v)
}
for _, v := range unknowns {
	fmt.Printf("Unknown: 0x%01x", v)
}

Output:

bit0: true
Unknown: 0x4

func LogPanic 

func LogPanic(format string, args ...any)

LogPanic is intended to be called from within defer -- if there was no panic, it returns without doing anything. Otherwise, it logs the stacktrace, the panic error, and the provided message before re-raising the original panic. Example: 

defer zgrab2.LogPanic("Error decoding body '%x'", body)

func MapFlagsToSet 

func MapFlagsToSet(flags uint64, mapping FlagMap) (map[string]bool, []uint64)

MapFlagsToSet gets the "set" (map of strings to true) of values corresponding to the bits in flags. For each bit i set in flags, the result will have result[mapping(i << i)] = true. Any bits for which the mapping returns a non-nil error are instead appended to the unknowns list.

Example (Error) 
output, unknowns := MapFlagsToSet(0x1b, func(bit uint64) (string, error) {
	if bit < 0x10 {
		return fmt.Sprintf("bit0x%01x", bit), nil
	} else {
		return "", fmt.Errorf("Unrecognized flag 0x%02x", bit)
	}
})
for k, v := range output {
	fmt.Printf("%s: %v\n", k, v)
}
for _, v := range unknowns {
	fmt.Printf("Unknown: 0x%02x", v)
}

Output:

bit0x1: true
bit0x2: true
bit0x8: true
Unknown: 0x10
Example (Success) 
output, unknowns := MapFlagsToSet(0xb, func(bit uint64) (string, error) {
	return fmt.Sprintf("bit0x%01x", bit), nil
})
for k, v := range output {
	fmt.Printf("%s: %v\n", k, v)
}
for _, v := range unknowns {
	fmt.Printf("Unknown: 0x%01x", v)
}

Output:

bit0x1: true
bit0x2: true
bit0x8: true

func NewFakeResolver added in v0.1.2 

func NewFakeResolver(ipstr string) (*net.Resolver, error)

Fake DNS Resolver, to force a DNS lookup to return a pinned address Inspired by the golang net/dnsclient_unix_test.go code

For a given IP, create a new Resolver that wraps a fake DNS server. This resolver will always return an IP that is represented by "ipstr", for DNS queries of the same IP type. Otherwise, it will return a DNS lookup error.

func NewIniParser 

func NewIniParser() *flags.IniParser

NewIniParser creates and returns a ini parser initialized with the default parser

func OutputResults added in v0.1.4 

func OutputResults(w *bufio.Writer, results <-chan []byte) error

OutputResults writes results to a buffered Writer from a channel.

func ParseCSVTarget 

func ParseCSVTarget(fields []string) (ipnet *net.IPNet, domain string, tag string, port string, err error)

ParseCSVTarget takes a record from a CSV-format input file and returns the specified ipnet, domain, tag and port or an error.

ZGrab2 input files have four fields: 

IP, DOMAIN, TAG, PORT

Each line specifies a target to scan by its IP address, domain name or both, as well as an optional tag used to determine which scanners will be invoked.

Port number has been added to the end of the line for compatibility reasons. A CIDR block may be provided in the IP field, in which case the framework expands the record into targets for every address in the block.

Trailing empty fields may be omitted. Comment lines begin with #, and empty lines are ignored.

func PrintScanners 

func PrintScanners()

PrintScanners prints all registered scanners

func Process 

func Process(mon *Monitor)

Process sets up an output encoder, input reader, and starts grab workers.

func ReadAvailable 

func ReadAvailable(conn net.Conn) ([]byte, error)

ReadAvaiable reads what it can without blocking for more than defaultReadTimeout per read, or defaultTotalTimeout for the whole session. Reads at most defaultMaxReadSize bytes.

func ReadAvailableWithOptions 

func ReadAvailableWithOptions(conn net.Conn, bufferSize int, readTimeout time.Duration, totalTimeout time.Duration, maxReadSize int) ([]byte, error)

ReadAvailableWithOptions reads whatever can be read (up to maxReadSize) from conn without blocking for longer than readTimeout per read, or totalTimeout for the entire session. A totalTimeout of 0 means attempt to use the connection's timeout (or, failing that, 1 second). On failure, returns anything it was able to read along with the error.

func ReadUntilRegex 

func ReadUntilRegex(connection net.Conn, res []byte, expr *regexp.Regexp) (int, error)

ReadUntilRegex calls connection.Read() until it returns an error, or the cumulatively-read data matches the given regexp

func RegisterScan 

func RegisterScan(name string, scanner Scanner)

RegisterScan registers each individual scanner to be ran by the framework

func SetInputFunc 

func SetInputFunc(f InputTargetsFunc)

SetInputFunc sets the target input function to the provided function.

func SetOutputFunc 

func SetOutputFunc(f OutputResultsFunc)

SetOutputFunc sets the result output function to the provided function.

func TLDMatches 

func TLDMatches(host1 string, host2 string) bool

TLDMatches checks for a strict TLD match

func ValidateAndHandleFrameworkConfiguration added in v1.0.0 

func ValidateAndHandleFrameworkConfiguration()

ValidateAndHandleFrameworkConfiguration configures and validates the ZGrab2 config struct, e.g. taking the --input-file string and opening the file, or starting the Prometheus server, if configured. It is safe to call this function multiple times (and this occurs when using the --multiple command: 1) for parsing the command line flags, and 2) for parsing the INI file). Actions which should only be done once, such as starting the Prometheus server, are guarded by a sync.Once variable.

func WidenMapKeys 

func WidenMapKeys(input map[int]string) map[uint64]string

WidenMapKeys copies a map with int keys into an equivalent map with uint64 keys for use in the FlagsToSet function.

func WidenMapKeys16 

func WidenMapKeys16(input map[uint16]string) map[uint64]string

WidenMapKeys16 copies a map with uint8 keys into an equivalent map with uint64 keys for use in the FlagsToSet function.

func WidenMapKeys32 

func WidenMapKeys32(input map[uint32]string) map[uint64]string

WidenMapKeys32 copies a map with uint8 keys into an equivalent map with uint64 keys for use in the FlagsToSet function.

func WidenMapKeys8 

func WidenMapKeys8(input map[uint8]string) map[uint64]string

WidenMapKeys8 copies a map with uint8 keys into an equivalent map with uint64 keys for use in the FlagsToSet function.

Types

type BaseFlags 

type BaseFlags struct {
	Port           uint          `short:"p" long:"port" description:"Specify port to grab on"`
	Name           string        `short:"n" long:"name" description:"Specify name for output json, only necessary if scanning multiple modules"`
	ConnectTimeout time.Duration `` /* 133-byte string literal not displayed */
	TargetTimeout  time.Duration `` /* 150-byte string literal not displayed */
	Trigger        string        `short:"g" long:"trigger" description:"Invoke only on targets with specified tag"`
	Verbose        bool          `short:"v" long:"verbose" description:"More verbose logging, include debug fields in the scan results if implemented"`
}

BaseFlags contains the options that every flags type must embed

func (*BaseFlags) GetName 

func (b *BaseFlags) GetName() string

GetName returns the name of the respective scanner

type Config 

type Config struct {
	GeneralOptions                     // CLI Options related to general framework configuration. Don't fit into any other category
	InputOutputOptions                 // CLI Options related to I/O. Just affects organization of --help
	NetworkingOptions                  // CLI Options related to networking. Just affects organization of --help
	Multiple           MultipleCommand `command:"multiple" description:"Multiple module actions"`
	// contains filtered or unexported fields
}

Config is the high level framework options that will be parsed from the command line

type Dialer 

type Dialer struct {
	// SessionTimeout is the maximum time to wait for the entire session, after which any operations on the
	// connection will fail. Dial-specific timeouts are set on the net.Dialer.
	SessionTimeout time.Duration

	// ReadTimeout is the maximum time to wait for a Read
	ReadTimeout time.Duration

	// WriteTimeout is the maximum time to wait for a Write
	WriteTimeout time.Duration

	// Dialer is an auxiliary dialer used for DialContext (the result gets wrapped in a
	// TimeoutConnection).
	*net.Dialer

	// BytesReadLimit is the maximum number of bytes that connections dialed with this dialer will
	// read before erroring.
	BytesReadLimit int

	// ReadLimitExceededAction describes how connections dialed with this dialer deal with exceeding
	// the BytesReadLimit.
	ReadLimitExceededAction ReadLimitExceededAction

	// Blocklist of IPs we should not dial.
	Blocklist cidranger.Ranger
}

Dialer provides Dial and DialContext methods to get connections with the given timeout.

func GetTimeoutConnectionDialer 

func GetTimeoutConnectionDialer(dialTimeout, sessionTimeout time.Duration) *Dialer

GetTimeoutConnectionDialer gets a Dialer that dials connections with the given timeout.

func NewDialer 

func NewDialer(value *Dialer) *Dialer

NewDialer creates a new Dialer with default settings. Blocklist, if provided, is used to prevent dialing certain IPs.

func (*Dialer) Dial 

func (d *Dialer) Dial(proto string, target string) (net.Conn, error)

Dial returns a connection with the configured timeout.

func (*Dialer) DialContext 

func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error)

DialContext wraps the connection returned by net.Dialer.DialContext() with a TimeoutConnection.

func (*Dialer) SetDefaults 

func (d *Dialer) SetDefaults() *Dialer

SetDefaults for the Dialer.

func (*Dialer) SetRandomLocalAddr added in v0.2.0 

func (d *Dialer) SetRandomLocalAddr(network string, localIPs []net.IP, localPorts []uint16) error

SetRandomLocalAddr sets a random local address and port for the dialer. If either localIPs or localPorts are empty, the IP or port, respectively, will be un-set and the system will choose.

type DialerGroup added in v0.2.0 

type DialerGroup struct {
	// TransportAgnosticDialer should be used by most modules that do not need control over the transport layer.
	// It abstracts the underlying transport protocol so a module can  deal with just the L7 logic. Any protocol that
	// doesn't need to know about the underlying transport should use this.
	// If the transport is a TLS connection, the dialer should return a zgrab2.TLSConnection so the underlying log can be
	// accessed.
	TransportAgnosticDialer func(ctx context.Context, target *ScanTarget) (net.Conn, error)
	// L4Dialer will be used by any module that needs to have a TCP/UDP connection. Think of following a redirect to an
	// http:// server, or a module that needs to start with a TCP connection and then upgrade to TLS as part of the protocol.
	// The layered function is needed since we set DialerGroups at Scanner.Init, but modules like HTTP will modify the
	// Dialer based on the target, for example to use a fake DNS resolver based on the domain name.
	L4Dialer func(target *ScanTarget) func(ctx context.Context, network, addr string) (net.Conn, error)
	// TLSWrapper is a function that takes an existing net.Conn and upgrades it to a TLS connection. This is useful for
	// modules that need to start with a TCP connection and then upgrade to TLS later as part of the protocol.
	// Cannot be used for QUIC connections, as QUIC connections are not "upgraded" from a L4 connection
	TLSWrapper func(ctx context.Context, target *ScanTarget, l4Conn net.Conn) (*TLSConnection, error)
	Blocklist  *cidranger.Ranger // Blocklist is a list of CIDR ranges that should be blocked
}

DialerGroup wraps various dialer functions for a module to use. A module will usually only use a subset of these, and will indicate which ones it needs in the DialerGroupConfig.

func (*DialerGroup) Dial added in v0.2.0 

func (d *DialerGroup) Dial(ctx context.Context, target *ScanTarget) (net.Conn, error)

Dial is used to access the transport agnostic dialer

func (*DialerGroup) GetTLSDialer added in v0.2.0 

func (d *DialerGroup) GetTLSDialer(ctx context.Context, t *ScanTarget) func(network, addr string) (*TLSConnection, error)

GetTLSDialer returns a function that can be used as a standalone TLS dialer. This is useful for modules like HTTP that require this for handling redirects to https://

type DialerGroupConfig added in v0.2.0 

type DialerGroupConfig struct {
	// TransportAgnosticDialerProtocol is the L4 transport the module uses by convention (ex: SSH over TCP).
	// This is only used to configure the DialerGroup.TransportAgnosticDialer. The L4Dialer can handle both UDP and TCP.
	TransportAgnosticDialerProtocol TransportProtocol
	// NeedSeparateL4Dialer indicates whether the module needs a dedicated L4 dialer in its DialerGroup.
	// Some modules' protocols need to send some command (STARTTLS) after L4 connection and before TLS handshake.
	// Others like http need to follow redirects to https:// and http:// servers, which requires both a TLS and L4 (TCP) conn.
	// Still others may require a dialer that can handle both TCP and UDP.
	// If this is true, the framework will ensure dialerGroup.L4Dialer is set.
	// If false, the framework will set the TransportAgnosticDialer
	NeedSeparateL4Dialer bool
	BaseFlags            *BaseFlags
	// TLSEnabled indicates whether the module needs a TLS connection. The behavior depends on if NeedsL4Dialer is true.
	// If NeedsL4Dialer is true, the framework will set up a TLSWrapper in the DialerGroup so a module can access both.
	// If NeedsL4Dialer is false, the framework will set up a TLS dialer as the TransportAgnosticDialer since the module
	// has indicated it only needs a TLS connection.
	TLSEnabled bool
	TLSFlags   *TLSFlags // must be non-nil if TLSEnabled is true
}

DialerGroupConfig lets modules communicate what they'd need in a dialer group. The framework uses this to configure a default dialer group for the module.

func (*DialerGroupConfig) GetDefaultDialerGroupFromConfig added in v0.2.0 

func (config *DialerGroupConfig) GetDefaultDialerGroupFromConfig() (*DialerGroup, error)

func (*DialerGroupConfig) Validate added in v0.2.0 

func (config *DialerGroupConfig) Validate() error

Validate checks for various incompatibilities in the DialerGroupConfig

type FakeDNSServer added in v0.1.2 

type FakeDNSServer struct {
	// Any domain name will resolve to this IP.  It can be either ipv4 or ipv6
	IP net.IP
}

func (*FakeDNSServer) DialContext added in v0.1.2 

func (f *FakeDNSServer) DialContext(ctx context.Context, network,
	address string) (net.Conn, error)

This merely wraps a custom net.Conn, that is only good for DNS messages

type FlagMap 

type FlagMap func(uint64) (string, error)

FlagMap is a function that maps a single-bit bitmask (i.e. a number of the form (1 << x)) to a string representing that bit. If the input is not valid / recognized, it should return a non-nil error, which will cause the flag to be added to the "unknowns" list.

func GetFlagMapFromList 

func GetFlagMapFromList(bits []string) FlagMap

GetFlagMapFromList returns a FlagMap function mapping the ith bit to the ith entry of bits. bits is a list of labels for the corresponding bits; any empty strings (and bits beyond the end of the list) are treated as unknown.

func GetFlagMapFromMap 

func GetFlagMapFromMap(mapping map[uint64]string) FlagMap

GetFlagMapFromMap returns a FlagMap function that uses mapping to do the mapping. Values not present in the map are treated as unknown, and a non-nil error is returned in those cases.

type GeneralOptions added in v1.0.0 

type GeneralOptions struct {
	Senders          int    `short:"s" long:"senders" description:"Number of send goroutines to use"`
	GOMAXPROCS       int    `long:"gomaxprocs" description:"Set GOMAXPROCS to set the number of CPU cores to use. 0 uses all available. (default: 0)"`
	Prometheus       string `long:"prometheus" description:"Address to use for Prometheus server (e.g. localhost:8080). If empty, Prometheus is disabled."`
	ReadLimitPerHost int    `long:"read-limit-per-host" description:"Maximum total kilobytes to read for a single host"`
}

type Grab 

type Grab struct {
	IP     string                  `json:"ip,omitempty"`
	Port   uint                    `json:"port,omitempty"`
	Domain string                  `json:"domain,omitempty"`
	Data   map[string]ScanResponse `json:"data,omitempty"`
	Error  string                  `json:"error,omitempty"` // an error that affects the entire grab, preventing any data from being returned
}

Grab contains all scan responses for a single host

func BuildGrabFromInputResponse added in v0.1.5 

func BuildGrabFromInputResponse(t *ScanTarget, responses map[string]ScanResponse) *Grab

BuildGrabFromInputResponse constructs a Grab object for a target, given the scan responses.

type InputOutputOptions added in v1.0.0 

type InputOutputOptions struct {
	BlocklistFileName     string `short:"b" long:"blocklist-file" description:"Blocklist filename, use - for $(HOME)/.config/zgrab2/blocklist.conf."`
	InputFileName         string `short:"f" long:"input-file" description:"Input filename, use - for stdin."`
	LogFileName           string `short:"l" long:"log-file" description:"Log filename, use - for stderr."`
	MetaFileName          string `short:"m" long:"metadata-file" description:"Metadata filename, use - for stderr."`
	OutputFileName        string `short:"o" long:"output-file" description:"Output filename, use - for stdout."`
	StatusUpdatesFileName string `short:"u" long:"status-updates-file" description:"Status updates filename, use - for stderr."`
	Debug                 bool   `long:"debug" description:"Include debug fields in the output."`
	Flush                 bool   `long:"flush" description:"Flush after each line of output."`
}

type InputTargetsFunc 

type InputTargetsFunc func(ch chan<- ScanTarget) error

InputTargetsFunc is a function type for target input functions.

A function of this type generates ScanTargets on the provided channel. It returns nil if there are no further inputs or error.

type ModuleMetadata added in v1.0.0 

type ModuleMetadata struct {
	Successes      uint `json:"successes"` // number of successful scans for this module
	Failures       uint `json:"failures"`
	CustomMetadata any  `json:"custom_metadata,omitempty"` // module-specific metadata, each module can implement this as they see fit
}

ModuleMetadata contains information of the status of a particular module's scan

type ModuleSet added in v0.1.3 

type ModuleSet map[string]ScanModule

ModuleSet is a container holding named scan modules. It is a wrapper around a map.

func NewModuleSet added in v0.1.3 

func NewModuleSet() ModuleSet

NewModuleSet returns an empty ModuleSet.

func (ModuleSet) AddModule added in v0.1.3 

func (s ModuleSet) AddModule(name string, m ScanModule)

AddModule adds m to the ModuleSet, accessible via the given name. If the name is already in the ModuleSet, it is overwritten.

func (ModuleSet) CopyInto added in v0.1.3 

func (s ModuleSet) CopyInto(destination ModuleSet)

CopyInto copies the modules in s to destination. The sets will be unique, but the underlying ScanModule instances will be the same.

func (ModuleSet) RemoveModule added in v0.1.3 

func (s ModuleSet) RemoveModule(name string)

RemoveModule removes the module at the specified name. If the name is not in the module set, nothing happens.

type Monitor 

type Monitor struct {

	// Callback is invoked after each scan.
	Callback func(string)
	// contains filtered or unexported fields
}

Monitor is a collection of states per scans and a channel to communicate those scans to the monitor

func MakeMonitor 

func MakeMonitor(statusChanSize int, wg *sync.WaitGroup, moduleNames []string) *Monitor

MakeMonitor returns a Monitor object that can be used to collect and send the status of a running scan

func (*Monitor) GetStatuses 

func (m *Monitor) GetStatuses() map[string]*ModuleMetadata

GetStatuses returns a mapping from scanner names to the current number of successes and failures for that scanner

func (*Monitor) Stop added in v0.1.4 

func (m *Monitor) Stop()

Stop indicates the monitor is done and the internal channel should be closed. This function does not block, but will allow a call to Wait() on the WaitGroup passed to MakeMonitor to return.

type MultipleCommand 

type MultipleCommand struct {
	ConfigFileName  string `short:"c" long:"config-file" default:"-" description:"Config filename, use - for stdin"`
	ContinueOnError bool   `long:"continue-on-error" description:"If proceeding protocols error, do not run following protocols (default: true)"`
	BreakOnSuccess  bool   `long:"break-on-success" description:"If proceeding protocols succeed, do not run following protocols (default: false)"`
}

MultipleCommand contains the command line options for running

func (*MultipleCommand) Help 

func (x *MultipleCommand) Help() string

Help returns a usage string that will be output at the command line

func (*MultipleCommand) Validate 

func (x *MultipleCommand) Validate(_ []string) error

Validate the options sent to MultipleCommand

type NetworkingOptions added in v1.0.0 

type NetworkingOptions struct {
	ConnectionsPerHost   int           `long:"connections-per-host" description:"Number of times to connect to each host (results in more output)"`
	DNSServerRateLimit   int           `long:"dns-rate-limit"  description:"Rate limit for DNS lookups per second."`
	DNSResolutionTimeout time.Duration `long:"dns-resolution-timeout" description:"Timeout for DNS resolution of target hostnames."`
	CustomDNS            string        `` /* 184-byte string literal not displayed */
	LocalAddrString      string        `` /* 201-byte string literal not displayed */
	LocalPortString      string        `` /* 158-byte string literal not displayed */
	UserIPv4Choice       *bool         `` /* 209-byte string literal not displayed */
	UserIPv6Choice       *bool         `` /* 246-byte string literal not displayed */
	ServerRateLimit      int           `long:"server-rate-limit" description:"Per-IP rate limit for connections to targets per second."`
}

type OutputResultsFunc 

type OutputResultsFunc func(results <-chan []byte) error

OutputResultsFunc is a function type for result output functions.

A function of this type receives results on the provided channel and outputs them somehow. It returns nil if there are no further results or error.

func OutputResultsWriterFunc added in v0.1.4 

func OutputResultsWriterFunc(w io.Writer) OutputResultsFunc

OutputResultsWriterFunc returns an OutputResultsFunc that wraps an io.Writer in a buffered writer, and uses OutputResults.

type ReadLimitExceededAction 

type ReadLimitExceededAction string

ReadLimitExceededAction describes how the connection reacts to an attempt to read more data than permitted.

type ScanError 

type ScanError struct {
	Status ScanStatus
	Err    error
}

ScanError an error that also includes a ScanStatus.

func DetectScanError 

func DetectScanError(err error) *ScanError

DetectScanError returns a ScanError that attempts to detect the status from the given error.

func NewScanError 

func NewScanError(status ScanStatus, err error) *ScanError

NewScanError returns a ScanError with the given status and error.

func (*ScanError) Error 

func (err *ScanError) Error() string

Error is an implementation of the builtin.error interface -- just forward the wrapped error's Error() method

func (*ScanError) Unpack 

func (err *ScanError) Unpack(results any) (ScanStatus, any, error)

type ScanFlags 

type ScanFlags interface {
	// Help optionally returns any additional help text, e.g. specifying what empty defaults are interpreted as.
	Help() string

	// Validate enforces all command-line flags and positional arguments have valid values.
	Validate([]string) error
}

ScanFlags is an interface which must be implemented by all types sent to the flag parser

func ParseCommandLine 

func ParseCommandLine(flags []string) ([]string, string, ScanFlags, error)

ParseCommandLine parses the commands given on the command line and validates the framework configuration (global options) immediately after parsing

type ScanModule 

type ScanModule interface {
	// NewFlags is called by the framework to pass to the argument parser. The parsed flags will be passed
	// to the scanner created by NewScanner().
	NewFlags() any

	// NewScanner is called by the framework for each time an individual scan is specified in the config or on
	// the command-line. The framework will then call scanner.Init(name, flags).
	NewScanner() Scanner

	// Description returns a string suitable for use as an overview of this module within usage text.
	Description() string
}

ScanModule is an interface which represents a module that the framework can manipulate

func GetModule 

func GetModule(name string) ScanModule

GetModule returns the registered module that corresponds to the given name or nil otherwise

type ScanResponse 

type ScanResponse struct {
	// Status is required for all responses.
	Status ScanStatus `json:"status"`

	// Protocol is the identifier if the protocol that did the scan. In the case of a complex scan, this may differ from
	// the scan name.
	Protocol string `json:"protocol"`

	Port uint `json:"port"`

	Result    any     `json:"result,omitempty"`
	Timestamp string  `json:"timestamp,omitempty"`
	Error     *string `json:"error,omitempty"`
}

ScanResponse is the result of a scan on a single host

func RunScanner 

func RunScanner(ctx context.Context, scanner Scanner, mon *Monitor, target ScanTarget) (string, ScanResponse)

RunScanner runs a single scan on a target and returns the resulting data

type ScanStatus 

type ScanStatus string

ScanStatus is the enum value that states how the scan ended.

func TryGetScanStatus 

func TryGetScanStatus(err error) ScanStatus

TryGetScanStatus attempts to get the ScanStatus enum value corresponding to the given error. Mostly supports network errors. A nil error is interpreted as SCAN_SUCCESS. An unrecognized error is interpreted as SCAN_UNKNOWN_ERROR.

type ScanTarget 

type ScanTarget struct {
	IP     net.IP
	Domain string
	Tag    string
	Port   uint
}

ScanTarget is the host that will be scanned

func (*ScanTarget) Host 

func (target *ScanTarget) Host() string

Host gets the host identifier as a string: the IP address if it is available, or the domain if not.

func (ScanTarget) String 

func (target ScanTarget) String() string

type Scanner 

type Scanner interface {
	// Init runs once for this module at library init time
	Init(flags ScanFlags) error

	// InitPerSender runs once per Goroutine. A single Goroutine will scan some non-deterministic
	// subset of the input scan targets
	InitPerSender(senderID int) error

	// Returns the name passed at init
	GetName() string

	// Returns the trigger passed at init
	GetTrigger() string

	// Protocol returns the protocol identifier for the scan.
	Protocol() string

	// Scan connects to a host. The result should be JSON-serializable. If a scan requires a dialer that isn't set in
	// the dialer group, an error will return.
	// ctx - The context for a scan, can be used to set timeouts or cancel scans
	// dialerGroup - A collection of connection dialers that the module will call to establish L4 and L6 (TLS, typically)
	//               connections before doing any protocol-specific logic.
	// t - The target to scan, including IP or domain, port, and any tags.
	// Returns a ScanStatus, the result (or nil) of the protocol scan (entirely protocol dependent), and any error that occurred
	Scan(ctx context.Context, dialerGroup *DialerGroup, t *ScanTarget) (ScanStatus, any, error)

	// GetDialerGroupConfig returns a DialerGroupConfig that the framework will use to set up the dialer group using the module's
	// desired dialer configuration.
	GetDialerGroupConfig() *DialerGroupConfig

	// GetScanMetadata returns any module-specific metadata that should be included in the final output
	// Including json struct tags is up to the module
	// If no metadata is needed, return nil
	GetScanMetadata() any
}

Scanner exposes the functions for an application module to implement in order to be used by the ZGrab2 scanning framework

type TLSConnection 

type TLSConnection struct {
	tls.Conn
	// contains filtered or unexported fields
}

func (*TLSConnection) Close 

func (conn *TLSConnection) Close() error

Close the underlying connection.

func (*TLSConnection) GetLog 

func (z *TLSConnection) GetLog() *TLSLog

func (*TLSConnection) Handshake 

func (z *TLSConnection) Handshake() error

type TLSFlags 

type TLSFlags struct {
	Config *tls.Config // Config is ready to use TLS configuration

	SessionTicket        bool `long:"session-ticket" description:"Send support for TLS Session Tickets and output ticket if presented" json:"session"`
	ExtendedMasterSecret bool `long:"extended-master-secret" description:"Offer RFC 7627 Extended Master Secret extension" json:"extended"`
	ExtendedRandom       bool `long:"extended-random" description:"Send TLS Extended Random Extension" json:"extran"`
	NoSNI                bool `long:"no-sni" description:"Do not send domain name in TLS Handshake regardless of whether known" json:"sni"`
	SCTExt               bool `long:"sct" description:"Request Signed Certificate Timestamps during TLS Handshake" json:"sct"`

	// TODO: Do we just lump this with Verbose (and put Verbose in TLSFlags)?
	KeepClientLogs bool `long:"keep-client-logs" description:"Include the client-side logs in the TLS handshake"`

	Time string `long:"time" description:"Explicit request time to use, instead of clock. YYYYMMDDhhmmss format."`
	// TODO: directory? glob? How to map server name -> certificate?
	Certificates string `long:"certificates" description:"Set of certificates to present to the server"`
	// TODO: re-evaluate this, or at least specify the file format
	CertificateMap string `long:"certificate-map" description:"A file mapping server names to certificates"`
	// TODO: directory? glob?
	RootCAs string `long:"root-cas" description:"Set of certificates to use when verifying server certificates"`
	// TODO: format?
	NextProtos              string `long:"next-protos" description:"A list of supported application-level protocols"`
	ServerName              string `long:"server-name" description:"Server name used for certificate verification and (optionally) SNI"`
	VerifyServerCertificate bool   `` /* 168-byte string literal not displayed */
	// TODO: format? mapping? zgrab1 had flags like ChromeOnly, FirefoxOnly, etc...
	CipherSuite      string `long:"cipher-suite" description:"A comma-delimited list of hex cipher suites to advertise."`
	MinVersion       int    `long:"min-version" description:"The minimum SSL/TLS version that is acceptable. 0 means that TLS1.0 is the minimum."`
	MaxVersion       int    `long:"max-version" description:"The maximum SSL/TLS version that is acceptable. 0 means use the highest supported value."`
	CurvePreferences string `long:"curve-preferences" description:"A list of elliptic curves used in an ECDHE handshake, in order of preference."`
	NoECDHE          bool   `long:"no-ecdhe" description:"Do not allow ECDHE handshakes"`
	// TODO: format?
	SignatureAlgorithms string `long:"signature-algorithms" description:"Signature and hash algorithms that are acceptable"`
	DSAEnabled          bool   `long:"dsa-enabled" description:"Accept server DSA keys"`
	// TODO: format?
	ClientRandom string `long:"client-random" description:"Set an explicit Client Random (base64 encoded)"`
	// TODO: format?
	ClientHello string `long:"client-hello" description:"Set an explicit ClientHello (base64 encoded)"`
	OverrideSH  bool   `long:"override-sig-hash" description:"Override the default SignatureAndHashes TLS option with more expansive default"`
}

Common flags for TLS configuration -- include this in your module's ScanFlags implementation to use the common TLS code Adapted from modules/ssh.go

func (*TLSFlags) GetTLSConfig 

func (t *TLSFlags) GetTLSConfig() (*tls.Config, error)

func (*TLSFlags) GetTLSConfigForTarget 

func (t *TLSFlags) GetTLSConfigForTarget(target *ScanTarget) (*tls.Config, error)

type TLSLog 

type TLSLog struct {
	// TODO include TLSFlags?
	HandshakeLog *tls.ServerHandshake `json:"handshake_log"`
}

type TimeoutConnection 

type TimeoutConnection struct {
	net.Conn

	SessionTimeout          time.Duration // used to set the connection deadline, set once
	ReadTimeout             time.Duration // used to set the read deadline, set fresh for each read
	WriteTimeout            time.Duration // used to set the write deadline, set fresh for each write
	BytesRead               int
	BytesWritten            int
	BytesReadLimit          int
	ReadLimitExceededAction ReadLimitExceededAction
	Cancel                  context.CancelFunc
	// contains filtered or unexported fields
}

TimeoutConnection wraps an existing net.Conn connection, overriding the Read/Write methods to use the configured timeouts TODO: Refactor this into TimeoutConnection, BoundedReader, LoggedReader, etc

func NewTimeoutConnection 

func NewTimeoutConnection(ctx context.Context, conn net.Conn, sessionTimeout, readTimeout, writeTimeout time.Duration, bytesReadLimit int) *TimeoutConnection

NewTimeoutConnection returns a new TimeoutConnection with the appropriate defaults.

func (*TimeoutConnection) Close 

func (c *TimeoutConnection) Close() error

Close the underlying connection.

func (*TimeoutConnection) Read 

func (c *TimeoutConnection) Read(b []byte) (n int, err error)

TimeoutConnection.Read calls Read() on the underlying connection, using any configured deadlines

func (*TimeoutConnection) SaturateTimeoutsToReadAndWriteTimeouts added in v0.2.0 

func (c *TimeoutConnection) SaturateTimeoutsToReadAndWriteTimeouts()

SaturateTimeoutsToReadAndWriteTimeouts gets the minimum of the context deadline, the timeout, and the read/write timeouts and sets the read/write timeouts accordingly. This is necessary because the underlying connection only supports a deadline on reads and a deadline on writes, so we need to compute the minimum of all these to find what to set the underlying conn's read/write deadlines to.

func (*TimeoutConnection) SetDeadline 

func (c *TimeoutConnection) SetDeadline(deadline time.Time) error

SetDeadline sets a read / write deadline that will override the deadline for a single read/write.

func (*TimeoutConnection) SetReadDeadline 

func (c *TimeoutConnection) SetReadDeadline(deadline time.Time) error

SetReadDeadline sets an explicit ReadDeadline that will override the timeout for one read.

func (*TimeoutConnection) SetWriteDeadline 

func (c *TimeoutConnection) SetWriteDeadline(deadline time.Time) error

SetWriteDeadline sets an explicit WriteDeadline that will override the WriteDeadline for one write.

func (*TimeoutConnection) Write 

func (c *TimeoutConnection) Write(b []byte) (n int, err error)

TimeoutConnection.Write calls Write() on the underlying connection, using any configured deadlines.

type TransportProtocol added in v0.2.0 

type TransportProtocol uint

TransportProtocol is an enum for the transport layer protocol of a module 

const (
	TransportTCP TransportProtocol
	TransportUDP
)

Source Files

View all Source files

Directories

Path Synopsis
Package bin contains functions useful for creating a binary version of ZGrab2.
 Package bin contains functions useful for creating a binary version of ZGrab2.
cmd
zgrab2 command
lib
http
Package http provides HTTP client and server implementations.
 Package http provides HTTP client and server implementations.
http/cookiejar
Package cookiejar implements an in-memory RFC 6265-compliant http.CookieJar.
 Package cookiejar implements an in-memory RFC 6265-compliant http.CookieJar.
http/httptest
Package httptest provides utilities for HTTP testing.
 Package httptest provides utilities for HTTP testing.
http/httptrace
Phillip - This was origianally from internal/nettrace, but I moved it here so tests would function
 Phillip - This was origianally from internal/nettrace, but I moved it here so tests would function
http/httputil
Package httputil provides HTTP utility functions, complementing the more common ones in the net/http package.
 Package httputil provides HTTP utility functions, complementing the more common ones in the net/http package.
http/internal
Package internal contains HTTP internals shared by net/http and net/http/httputil.
 Package internal contains HTTP internals shared by net/http and net/http/httputil.
http/internal/ascii
http/internal/testcert
Package testcert contains a test-only localhost certificate.
 Package testcert contains a test-only localhost certificate.
http2
// Copyright 2024 The Go Authors.
 // Copyright 2024 The Go Authors.
http2/gate
http2/h2c
Package h2c implements the unencrypted "h2c" form of HTTP/2.
 Package h2c implements the unencrypted "h2c" form of HTTP/2.
http2/h2i command
The h2i command is an interactive HTTP/2 console.
 The h2i command is an interactive HTTP/2 console.
http2/hpack
Package hpack implements HPACK, a compression format for efficiently representing HTTP header fields in the context of HTTP/2.
 Package hpack implements HPACK, a compression format for efficiently representing HTTP header fields in the context of HTTP/2.
http2/internal/httpcommon
mysql
Package mysql is a very basic MySQL connection library.
 Package mysql is a very basic MySQL connection library.
output
Package output contains utilities for processing results from zgrab2 scanners for eventual output and consumption by ztag.
 Package output contains utilities for processing results from zgrab2 scanners for eventual output and consumption by ztag.
smb/gss
smb/ntlmssp
smb/smb
smb/smb/encoder
ssh
Package ssh implements an SSH client and server.
 Package ssh implements an SSH client and server.
ssh/internal/bcrypt_pbkdf
Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD.
 Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD.
ssh/internal/poly1305
Package poly1305 implements Poly1305 one-time message authentication code as specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
 Package poly1305 implements Poly1305 one-time message authentication code as specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
ssh/knownhosts
Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
 Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.
ssh/test
Package test contains integration tests for the github.com/zmap/zgrab2/lib/ssh package.
 Package test contains integration tests for the github.com/zmap/zgrab2/lib/ssh package.
amqp091
bacnet
Package bacnet provides a zgrab2 module that scans for bacnet.
 Package bacnet provides a zgrab2 module that scans for bacnet.
banner
dnp3
Package dnp3 provides a zgrab2 module that scans for dnp3.
 Package dnp3 provides a zgrab2 module that scans for dnp3.
fox
Package fox provides a zgrab2 module that scans for fox.
 Package fox provides a zgrab2 module that scans for fox.
ftp
Package ftp contains the zgrab2 Module implementation for FTP(S).
 Package ftp contains the zgrab2 Module implementation for FTP(S).
http
Package http contains the zgrab2 Module implementation for HTTP(S).
 Package http contains the zgrab2 Module implementation for HTTP(S).
imap
Package imap provides a zgrab2 module that scans for IMAP mail servers.
 Package imap provides a zgrab2 module that scans for IMAP mail servers.
ipp
Package ipp provides a zgrab2 module that scans for ipp.
 Package ipp provides a zgrab2 module that scans for ipp.
jarm
Ref: https://github.com/salesforce/jarm https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a?gi=4dd05e2277e4
 Ref: https://github.com/salesforce/jarm https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a?gi=4dd05e2277e4
managesieve
Package main provides a zgrab2 module that scans for ManageSieve servers.
 Package main provides a zgrab2 module that scans for ManageSieve servers.
memcached
modbus
Package modbus provides a zgrab2 module that scans for modbus.
 Package modbus provides a zgrab2 module that scans for modbus.
mongodb
mqtt
mssql
Package mssql provides the zgrab2 scanner module for the MSSQL protocol.
 Package mssql provides the zgrab2 scanner module for the MSSQL protocol.
mysql
Package mysql provides the mysql implementation of the zgrab2.Module.
 Package mysql provides the mysql implementation of the zgrab2.Module.
ntp
Package ntp provides a zgrab2 module that probes for the NTP service.
 Package ntp provides a zgrab2 module that probes for the NTP service.
oracle
Package oracle provides the zgrab2 scanner module for Oracle's TNS protocol.
 Package oracle provides the zgrab2 scanner module for Oracle's TNS protocol.
pop3
Package pop3 provides a zgrab2 module that scans for POP3 mail servers.
 Package pop3 provides a zgrab2 module that scans for POP3 mail servers.
postgres
Package postgres contains the postgres zgrab2 Module implementation.
 Package postgres contains the postgres zgrab2 Module implementation.
pptp
Package pptp contains the zgrab2 Module implementation for PPTP.
 Package pptp contains the zgrab2 Module implementation for PPTP.
redis
Package redis provides a zgrab2 Module that probes for redis services.
 Package redis provides a zgrab2 Module that probes for redis services.
siemens
Package siemens provides a zgrab2 module that scans for Siemens S7.
 Package siemens provides a zgrab2 module that scans for Siemens S7.
smb
Package smb provides a zgrab2 module that scans for smb.
 Package smb provides a zgrab2 module that scans for smb.
smtp
Package smtp provides a zgrab2 module that scans for SMTP mail servers.
 Package smtp provides a zgrab2 module that scans for SMTP mail servers.
socks5
Package socks5 contains the zgrab2 Module implementation for SOCKS5.
 Package socks5 contains the zgrab2 Module implementation for SOCKS5.
telnet
Package telnet provides a zgrab2 module that scans for telnet daemons.
 Package telnet provides a zgrab2 module that scans for telnet daemons.
tools
keys

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.