Update #1
Merged
Update #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds a custom resolver, that will always resolve to the specified ip address. The intended usage is for when doing name-based scans, but have a specified IP address as well. This will provide a resolver that can be added to a Dialer, that will cause all DNS lookups to match the specified IP address.
If both an IP address and a domain are specified for a scan, have the HTTP scanner use a fake resolver in the DialContext, so that we always scan the intended IP and Domain name pair. However, make sure redirects still function as normal, so only use our fake resolver if the domain name matches the original targeted domain name. In addition, the custom resolver is only used if the network specified is one that supports domain names.
Add the ability to use a custom (fake) DNS resolver
this avoids to have \r\n in the error message
Eventually this can be used to replace AddCommand, allowing the use of a non-global config object. #247
This abstracts more of the help text into the ScanModule definition, removing some more of the need for `zgrab2.AddCommand()` #248
This updates MakeMonitor() to take the channel size as a parameter, instead of reading it from the global `config` object. Unfortunately, the caller of MakeMonitor() doesn't actually have access to the global, since it's in a different package (bin vs the root package). Luckily, there doesn't appear to be a reason to have a buffer in this channel. This updates the caller to pass a hardcoded size of 1.
The goroutine running the monitor isn't actually closed. This PR updates the API to allow that Goroutine to properly block program exit. This can be leveraged as we continue to make the configuration non-global.
Refactor the output handlers to take the necessary writers as arguments. #250
The Scanner.config struct is a configuration for all instances of Scanner. Scanner.Scan() is called concurrently by multiple worker goroutines; while Scanner is dereferenced before the call, the config struct is a pointer, and so modifications to it will affect all other running scans done with that Scanner. Make sure we treat it as immutable during anything invoked by Scanner.Scan() in the http module. #245
…ed (#253) If the --max-redirects value is exceeded, we return SCAN_APPLICATION_ERROR with "Too many redirect" as the error message. Add an option to suppress this error, and return success even if we exceed the maximum specified number of redirects.
This allows these steps to be reusable outside of the context of the grabTarget function. #256
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.