ftp

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2025 License: Apache-2.0, ISC Imports: 9 Imported by: 3

Documentation

Overview

Package ftp contains the zgrab2 Module implementation for FTP(S).

Setting the --authtls flag will cause the scanner to attempt a upgrade the connection to TLS. Settings for the TLS handshake / probe can be set with the standard TLSFlags.

The scan performs a banner grab and (optionally) a TLS handshake.

The output is the banner, any responses to the AUTH TLS/AUTH SSL commands, and any TLS logs.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterModule 

func RegisterModule()

RegisterModule registers the ftp zgrab2 module.

Types

type Connection 

type Connection struct {
	// contains filtered or unexported fields
}

Connection holds the state for a single connection to the FTP server.

func (*Connection) GetFTPBanner 

func (ftp *Connection) GetFTPBanner() (bool, error)

GetFTPBanner reads the data sent by the server immediately after connecting. Returns true if and only if the server returns a success status code. Taken over from the original zgrab.

func (*Connection) GetFTPSCertificates 

func (ftp *Connection) GetFTPSCertificates(ctx context.Context, target *zgrab2.ScanTarget, tlsWrapper func(ctx context.Context, target *zgrab2.ScanTarget, l4Conn net.Conn) (*zgrab2.TLSConnection, error)) error

GetFTPSCertificates attempts to perform a TLS handshake with the server so that the TLS certificates will end up in the TLSLog. First sends the AUTH TLS/AUTH SSL command to tell the server we want to do a TLS handshake. If that fails, break. Otherwise, perform the handshake. Taken over from the original zgrab.

func (*Connection) SetupFTPS 

func (ftp *Connection) SetupFTPS() (bool, error)

SetupFTPS returns true if and only if the server reported support for FTPS. First attempt AUTH TLS; if that fails, try AUTH SSL. Taken over from the original zgrab.

type Flags 

type Flags struct {
	zgrab2.BaseFlags `group:"Basic Options"`
	zgrab2.TLSFlags  `group:"TLS Options"`

	FTPAuthTLS  bool `long:"authtls" description:"Collect FTPS certificates in addition to FTP banners"`
	ImplicitTLS bool `long:"implicit-tls" description:"Attempt to connect via a TLS wrapped connection"`
}

Flags are the FTP-specific command-line flags. Taken from the original zgrab. (TODO: should FTPAuthTLS be on by default?).

func (*Flags) Help 

func (f *Flags) Help() string

Help returns this module's help string.

func (*Flags) Validate 

func (f *Flags) Validate(_ []string) (err error)

Validate flags

type Module 

type Module struct {
}

Module implements the zgrab2.Module interface.

func (*Module) Description added in v0.1.3 

func (m *Module) Description() string

Description returns an overview of this module.

func (*Module) NewFlags 

func (m *Module) NewFlags() any

NewFlags returns the default flags object to be filled in with the command-line arguments.

func (*Module) NewScanner 

func (m *Module) NewScanner() zgrab2.Scanner

NewScanner returns a new Scanner instance.

type ScanResults 

type ScanResults struct {
	// Banner is the initial data banner sent by the server.
	Banner string `json:"banner,omitempty"`

	// AuthTLSResp is the response to the AUTH TLS command.
	// Only present if the FTPAuthTLS flag is set.
	AuthTLSResp string `json:"auth_tls,omitempty"`

	// AuthSSLResp is the response to the AUTH SSL command.
	// Only present if the FTPAuthTLS flag is set and AUTH TLS failed.
	AuthSSLResp string `json:"auth_ssl,omitempty"`

	// ImplicitTLS is true if the connection is wrapped in TLS, as opposed
	// to via AUTH TLS or AUTH SSL.
	ImplicitTLS bool `json:"implicit_tls,omitempty"`

	// TLSLog is the standard shared TLS handshake log.
	// Only present if the FTPAuthTLS flag is set.
	TLSLog *zgrab2.TLSLog `json:"tls,omitempty"`
}

ScanResults is the output of the scan. Identical to the original from zgrab, with the addition of TLSLog.

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner implements the zgrab2.Scanner interface, and holds the state for a single scan.

func (*Scanner) GetDialerGroupConfig added in v0.2.0 

func (scanner *Scanner) GetDialerGroupConfig() *zgrab2.DialerGroupConfig

func (*Scanner) GetName 

func (scanner *Scanner) GetName() string

GetName returns the configured name for the Scanner.

func (*Scanner) GetScanMetadata added in v1.0.0 

func (scanner *Scanner) GetScanMetadata() any

GetScanMetadata returns any metadata on the scan itself from this module.

func (*Scanner) GetTrigger 

func (scanner *Scanner) GetTrigger() string

GetTrigger returns the Trigger defined in the Flags.

func (*Scanner) Init 

func (scanner *Scanner) Init(flags zgrab2.ScanFlags) error

Init initializes the Scanner instance with the flags from the command line.

func (*Scanner) InitPerSender 

func (scanner *Scanner) InitPerSender(senderID int) error

InitPerSender does nothing in this module.

func (*Scanner) Protocol 

func (scanner *Scanner) Protocol() string

Protocol returns the protocol identifer for the scanner.

func (*Scanner) Scan 

func (scanner *Scanner) Scan(ctx context.Context, dialGroup *zgrab2.DialerGroup, target *zgrab2.ScanTarget) (zgrab2.ScanStatus, any, error)

Scan performs the configured scan on the FTP server, as follows:

  • Read the banner into results.Banner (if it is not a 2XX response, bail)
  • If the FTPAuthTLS flag is not set, finish.
  • Send the AUTH TLS command to the server. If the response is not 2XX, then send the AUTH SSL command. If the response is not 2XX, then finish.
  • Perform ths TLS handshake / any configured TLS scans, populating results.TLSLog.
  • Return SCAN_SUCCESS, &results, nil

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.