-
Notifications
You must be signed in to change notification settings - Fork 45
Module Implementation
Content:
Scannerl has been designed and implemented with modularity in mind. It is easy to add new modules to it:
- Fingerprinting module: to query a specific protocol or service. As an example, the fp_httpbg.erl module allows to retrieve the server entry in the HTTP response.
- Output module: to output to a specific database/filesystem or output the result in a specific format. For example, the out_file.erl and out_stdout.erl modules allow respectively to output to a file and to standard out. Per default out_stdout is used when no output module is provided on the CLI.
To add new modules, simply follow the behavior (fp_module.erl for fingerprinting modules and out_behavior.erl for output module) and implement your modules. For more information on how to implement your own module, see the following pages:
New modules can be either compiled with scannerl or loaded from an external file. See below for both integration possibilities.
To add new modules at compile time, they need to be pushed to their respective directories
-
src/fpmodules/for fingerprinting modules -
src/outmodules/for output modules
Any files found in one of the above directories will be built and integrated in scannerl when calling build.sh.
To add utilities (like for example the src/utils/utils_http.erl used by fp_httpbg.erl) in scannerl, these must be put in the directory src/utils/ and a new entry must be added in the SLMODULES list in the src/scannerl.erl file so that they get compiled (see https://github.com/kudelskisecurity/scannerl/blob/master/src/scannerl.erl#L40).
When adding new modules (fpmodules or outmodules) make sure new modules get listed (using the -l switch) and then use them with their respective switch (-m for fingerprinting module and -o for output modules).
Modules can be used without being compiled in scannerl. This can be done for fingerprinting module and output modules. This is especially useful when a binary version of scannerl is deployed and new modules have to be used that were not compiled with scannerl.
Scannerl is able to use any module that is compiled as long as those follow the requirements (see Fingerprinting module and Output module).
To use an external module, provide the path to the compiled module file (the one with the .beam extension) to its respective switch (-m for fingerprinting module and -o for output module).
In order to compile a fingerprinting module, the args records definition is needed. It should be included in your module through the -include("<some-path>/args.hrl"). directive (see an example in the fp_httpbg module).
The args record used by scannerl can be directly extracted from the compiled version through the -A switch.
$ scannerl -A > /tmp/args.hrlThe new module can then be simply compiled with erlc, for example
$ pwd
/tmp/newmodule
$ ls -1
args.hrl
fp_mynewmodule.erl
$ erlc fp_mynewmodule.erl
Warning: behaviour fp_module undefined
$ ls -1
args.hrl
fp_mynewmodule.beam
fp_mynewmodule.erlThe warning behaviour fp_module undefined can be safely ignored.
Scannerl can then be called by passing the path to the new module directly, for example
$ scannerl -m /tmp/newmodule/fp_mynewmodule.beam -f 127.0.0.1Compile your module with erlc <file>.erl and then pass the beam file path to the -o switch to use it.
Skeletons are available in the skeletons directory.