diff --git a/modules/amqp091/scanner.go b/modules/amqp091/scanner.go index dc77df33..ce436f9c 100644 --- a/modules/amqp091/scanner.go +++ b/modules/amqp091/scanner.go @@ -3,6 +3,8 @@ package amqp091 import ( "fmt" + "encoding/json" + amqpLib "github.com/rabbitmq/amqp091-go" log "github.com/sirupsen/logrus" "github.com/zmap/zgrab2" @@ -36,13 +38,52 @@ type connectionTune struct { Heartbeat int `json:"heartbeat"` } +// https://www.rabbitmq.com/amqp-0-9-1-reference#connection.start.server-properties +type knownServerProperties struct { + Product string `json:"product"` + Version string `json:"version"` + Platform string `json:"platform"` + Copyright string `json:"copyright"` + Information string `json:"information"` + UnknownProps string `json:"unknown_props"` +} + +// copy known properties, and store unknown properties in serialized json string +// if known properties are not found, set fields to empty strings +func (p *knownServerProperties) populate(props amqpLib.Table) { + if product, ok := props["product"].(string); ok { + p.Product = product + delete(props, "product") + } + if version, ok := props["version"].(string); ok { + p.Version = version + delete(props, "version") + } + if platform, ok := props["platform"].(string); ok { + p.Platform = platform + delete(props, "platform") + } + if copyright, ok := props["copyright"].(string); ok { + p.Copyright = copyright + delete(props, "copyright") + } + if information, ok := props["information"].(string); ok { + p.Information = information + delete(props, "information") + } + + if unknownProps, err := json.Marshal(props); err == nil { + p.UnknownProps = string(unknownProps) + } +} + type Result struct { Failure string `json:"failure"` - VersionMajor int `json:"version_major"` - VersionMinor int `json:"version_minor"` - ServerProperties map[string]interface{} `json:"server_properties"` - Locales []string `json:"locales"` + VersionMajor int `json:"version_major"` + VersionMinor int `json:"version_minor"` + ServerProperties knownServerProperties `json:"server_properties"` + Locales []string `json:"locales"` AuthSuccess bool `json:"auth_success"` @@ -121,7 +162,7 @@ func (scanner *Scanner) GetTrigger() string { // Protocol returns the protocol identifier of the scan. func (scanner *Scanner) Protocol() string { - return "amqp" + return "amqp091" } func (scanner *Scanner) Scan(target zgrab2.ScanTarget) (zgrab2.ScanStatus, interface{}, error) { @@ -149,6 +190,11 @@ func (scanner *Scanner) Scan(target zgrab2.ScanTarget) (zgrab2.ScanStatus, inter if err != nil { return zgrab2.TryGetScanStatus(err), nil, err } + + if err := tlsConn.Handshake(); err != nil { + return zgrab2.TryGetScanStatus(err), nil, err + } + conn = tlsConn } @@ -193,8 +239,8 @@ func (scanner *Scanner) Scan(target zgrab2.ScanTarget) (zgrab2.ScanStatus, inter // Following is basic server information that can be gathered without authentication result.VersionMajor = amqpConn.Major result.VersionMinor = amqpConn.Minor - result.ServerProperties = amqpConn.Properties result.Locales = amqpConn.Locales + result.ServerProperties.populate(amqpConn.Properties) // Heuristic to see if we're authenticated. // These values are expected to be non-zero if and only if a tune is received and we're authenticated. diff --git a/output.json b/output.json new file mode 100644 index 00000000..a2108239 --- /dev/null +++ b/output.json @@ -0,0 +1 @@ +{"ip":"165.227.114.176","data":{"amqp091":{"status":"success","protocol":"amqp091","result":{"failure":"Exception (403) Reason: \"SASL could not negotiate a shared mechanism\"","version_major":0,"version_minor":9,"server_properties":{"product":"RabbitMQ","version":"3.8.16","platform":"Erlang/OTP 24.0.2","copyright":"Copyright (c) 2007-2021 VMware, Inc. or its affiliates.","information":"Licensed under the MPL 2.0. Website: https://rabbitmq.com","unknown_props":"{\"capabilities\":{\"authentication_failure_close\":true,\"basic.nack\":true,\"connection.blocked\":true,\"consumer_cancel_notify\":true,\"consumer_priorities\":true,\"direct_reply_to\":true,\"exchange_exchange_bindings\":true,\"per_consumer_qos\":true,\"publisher_confirms\":true},\"cluster_name\":\"speedy-red-elephant\"}"},"locales":["en_US"],"auth_success":false,"tls":{"handshake_log":{"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"ZkReGV9XxyHJdhvR5YvbXWoxZaqOD+F7RE9XTkdSRAE=","session_id":"ienBC9iUZ0TDvYsQK4E3wAhhGPds9QyKfK2+8ZHH10E=","cipher_suite":{"hex":"0xC02F","name":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","value":49199},"compression_method":0,"ocsp_stapling":false,"ticket":false,"secure_renegotiation":true,"heartbeat":false,"extended_master_secret":false},"server_certificates":{"certificate":{"raw":"MIIFDzCCA/egAwIBAgISBAameeroCAfXEX+P6HjPx4o3MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yNDA0MTkwOTA0MTNaFw0yNDA3MTgwOTA0MTJaMB8xHTAbBgNVBAMMFCoucm1xMi5jbG91ZGFtcXAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzm4SlktbWfAFiUh5x1gHz0ZwocaIrcWlsRNk5iYP33NvQmFNAwv5kGq//BDU62IIEaRvKlXOMvn+1e62TSwQ65RUYpZRlHAOJ64+64adfiGUrIvif2i0VaK5kQrbsPzlm50GNKU3AJtD30bQZnAsrguudGWp8XrHz7smc/+oSiP2TfU0pWyZh94mtx18xMRRBGRCkSY3GiMWHO0zRUVpH0Rdh0U40SdMfqUCOaIo8hEM6q1qmECvm4hAtlqKpW3bvDKFQytb/jqgWomuqQ4TyLL/4In7Ecac01bxrMpUglM18mSNdXfRdrzWMKRb7i8sTsRX9MxhmHJNErDpT5nEwIDAQABo4ICMDCCAiwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTM/XXvsow84DPre+rCCefZyorEODAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzA4BgNVHREEMTAvghcqLmluLnJtcTIuY2xvdWRhbXFwLmNvbYIUKi5ybXEyLmNsb3VkYW1xcC5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAY710E/6AAAEAwBIMEYCIQCU6Hlu2rXR9kA1JVGA/tT6h9cs10zJ5jKmpQkDd/NakQIhAK3MKAvRLe+C1qmS9E/BJV1wcsV2VDhXSFzKTQx7VpafAHYAGZgQcQnw1lIuMIDSnj9ku4NuKMz5D1KO7t/OSj8WtMoAAAGO9dBQdgAABAMARzBFAiEAvjIwxkWSNlmj3V5vz5RC9gNeryKRVMSANdcRu4bml7ACIDqzkLl38EdQKxqY1sNLEo9GCpoKoQwxJ/PUo1avmj2lMA0GCSqGSIb3DQEBCwUAA4IBAQB/WnVLyFClipmQTP/5cnkwx5vPK2ijc745zNX16CCdoOEnUKOsQkOKhv/7v4/Hl61BIj/sDb+jlxlbN07Uzbsd54fha/KPcwSnVEgOwuPVA4ruYPRhfPrU4zSCeMp0i0LdbsFMVNRaXIfsQvWGRhlEmmL3i8FTDUV4cWQRvK6U80sCwxyWhkKckvT2qOnjjL2iL16zEJkhIfQ68rFr0lUrpb7Jh6hWonUHQxA4j6/jM0Ath+haBudjH4HqcR/gsAXK5sw7n9vVcFPv74dO0xqJN7q6Erouzht4tfvZxfkVItVzo30SQ7FzGBYCwUT839mhPElCRVTbdp6gvJw6K8sk","parsed":{"version":3,"serial_number":"350712122808254062432312023692293498702391","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["R3"],"country":["US"],"organization":["Let's Encrypt"]},"issuer_dn":"C=US, O=Let's Encrypt, CN=R3","validity":{"start":"2024-04-19T09:04:13Z","end":"2024-07-18T09:04:12Z","length":7775999},"subject":{"common_name":["*.rmq2.cloudamqp.com"]},"subject_dn":"CN=*.rmq2.cloudamqp.com","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"vzm4SlktbWfAFiUh5x1gHz0ZwocaIrcWlsRNk5iYP33NvQmFNAwv5kGq//BDU62IIEaRvKlXOMvn+1e62TSwQ65RUYpZRlHAOJ64+64adfiGUrIvif2i0VaK5kQrbsPzlm50GNKU3AJtD30bQZnAsrguudGWp8XrHz7smc/+oSiP2TfU0pWyZh94mtx18xMRRBGRCkSY3GiMWHO0zRUVpH0Rdh0U40SdMfqUCOaIo8hEM6q1qmECvm4hAtlqKpW3bvDKFQytb/jqgWomuqQ4TyLL/4In7Ecac01bxrMpUglM18mSNdXfRdrzWMKRb7i8sTsRX9MxhmHJNErDpT5nEw==","length":2048},"fingerprint_sha256":"760c92c9f2b79f1eb9ae2dcf33a08699de785fd394ba9177ed3cb5f962a81ce9"},"extensions":{"key_usage":{"digital_signature":true,"key_encipherment":true,"value":5},"basic_constraints":{"is_ca":false},"subject_alt_name":{"dns_names":["*.in.rmq2.cloudamqp.com","*.rmq2.cloudamqp.com"]},"authority_key_id":"142eb317b75856cbae500940e61faf9d8b14c2c6","subject_key_id":"ccfd75efb28c3ce033eb7beac209e7d9ca8ac438","extended_key_usage":{"server_auth":true,"client_auth":true},"certificate_policies":[{"id":"2.23.140.1.2.1"}],"authority_info_access":{"ocsp_urls":["http://r3.o.lencr.org"],"issuer_urls":["http://r3.i.lencr.org/"]},"signed_certificate_timestamps":[{"version":0,"log_id":"SLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHM=","timestamp":1713521053,"signature":"BAMASDBGAiEAlOh5btq10fZANSVRgP7U+ofXLNdMyeYypqUJA3fzWpECIQCtzCgL0S3vgtapkvRPwSVdcHLFdlQ4V0hcyk0Me1aWnw=="},{"version":0,"log_id":"GZgQcQnw1lIuMIDSnj9ku4NuKMz5D1KO7t/OSj8WtMo=","timestamp":1713521053,"signature":"BAMARzBFAiEAvjIwxkWSNlmj3V5vz5RC9gNeryKRVMSANdcRu4bml7ACIDqzkLl38EdQKxqY1sNLEo9GCpoKoQwxJ/PUo1avmj2l"}]},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"f1p1S8hQpYqZkEz/+XJ5MMebzytoo3O+OczV9eggnaDhJ1CjrEJDiob/+7+Px5etQSI/7A2/o5cZWzdO1M27HeeH4Wvyj3MEp1RIDsLj1QOK7mD0YXz61OM0gnjKdItC3W7BTFTUWlyH7EL1hkYZRJpi94vBUw1FeHFkEbyulPNLAsMcloZCnJL09qjp44y9oi9esxCZISH0OvKxa9JVK6W+yYeoVqJ1B0MQOI+v4zNALYfoWgbnYx+B6nEf4LAFyubMO5/b1XBT7++HTtMaiTe6uhK6Ls4beLX72cX5FSLVc6N9EkOxcxgWAsFE/N/ZoTxJQkVU23aeoLycOivLJA==","valid":false,"self_signed":false},"fingerprint_md5":"50d77a385bb3556dd99074550ea0f664","fingerprint_sha1":"8e85228d704ac0972817d43f5f0f22264e2e7654","fingerprint_sha256":"eda0b0b8a9c28fbbeac1781eb1a8fa49df8480befefa1654cfcebcd7cf3d0891","tbs_noct_fingerprint":"da8a7597d6f3e3ad6a584804f7146a9e38cbd4189035612946b0b2bafe2ce192","spki_subject_fingerprint":"9a3ae45305db9efc51adaddf15ed499f9ef338706c9f9c3d84be359c1ede3305","tbs_fingerprint":"766514440cf4512aeaf14e153dd4acf143f1cf5fa5a7f36a9c02e6c7ba9a85fb","validation_level":"DV","names":["*.in.rmq2.cloudamqp.com","*.rmq2.cloudamqp.com"],"redacted":false}},"chain":[{"raw":"MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAwWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cPR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdxsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8ZutmNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxgZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaAFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQBgt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6WPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wlikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQzCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BImlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1OyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90IdshCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6ZvMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqXnLRbwHOoq7hHwg==","parsed":{"version":3,"serial_number":"192961496339968674994309121183282847578","signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"issuer":{"common_name":["ISRG Root X1"],"country":["US"],"organization":["Internet Security Research Group"]},"issuer_dn":"C=US, O=Internet Security Research Group, CN=ISRG Root X1","validity":{"start":"2020-09-04T00:00:00Z","end":"2025-09-15T16:00:00Z","length":158774400},"subject":{"common_name":["R3"],"country":["US"],"organization":["Let's Encrypt"]},"subject_dn":"C=US, O=Let's Encrypt, CN=R3","subject_key_info":{"key_algorithm":{"name":"RSA"},"rsa_public_key":{"exponent":65537,"modulus":"uwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQ==","length":2048},"fingerprint_sha256":"8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d"},"extensions":{"key_usage":{"digital_signature":true,"certificate_sign":true,"crl_sign":true,"value":97},"basic_constraints":{"is_ca":true,"max_path_len":0},"crl_distribution_points":["http://x1.c.lencr.org/"],"authority_key_id":"79b459e67bb6e5e40173800888c81a58f6e99b6e","subject_key_id":"142eb317b75856cbae500940e61faf9d8b14c2c6","extended_key_usage":{"server_auth":true,"client_auth":true},"certificate_policies":[{"id":"2.23.140.1.2.1"},{"id":"1.3.6.1.4.1.44947.1.1.1"}],"authority_info_access":{"issuer_urls":["http://x1.i.lencr.org/"]}},"signature":{"signature_algorithm":{"name":"SHA256-RSA","oid":"1.2.840.113549.1.1.11"},"value":"hcpORz6j94VEhbzVZ3iymGOtdU0elj0zZXJULYGg6sPt+CC/X8y3cAC3bjv2XpTe5CCfpu+LsgPnorUWPJHOtO05Aud8JYpH5mVuP0b02fDOlCvuVM4SvIwnS7jBmC+ir81xkUoIt8i4I3sELQj5CFc+g9kEMwpHIXgJgifDKsibuc5c8mTIwL55wE+ObUQMXpK7LveLEOHoHUQp21kg7WO5IfgSJpSTV6AdZQTBCiKuEA1Dl6EYH37g4IY3tVqxvTC/h24rKv8hThsFw/UYl/BerMOluGrwLrw7M7nuS97M/OSvhAuGP8BVQzb2aOE2F2qOmdH/pUCnNLfA0GM5NTl1bvK6dsiTAumpS2wXzgwC2b2B+5+3aNQGZbOCPXdT+I55A60KMQd1KkPYVZdyxCkO98RdTsiuRoQw1/KFXxihebvnXnCLB+GGk8O5j9xhcSUqr9/tJVBSaIuS3OXWtePafdCHbIQhMa6C9fu5q8iJFz3hTOU4Dva9K72WgRTr1ds9IKd+WdPi+Fj5W7hIzf5cTxYp/h5VI6/IEbCN6nyTkBcv/ayiCUdGP/DpsLf/KE1oMtZnXh5po5O49Z2LLwvSUkOmbzJXZU0ygd84U4Vdfl1mKeq43eSVtc21VhJCzcROxiU4RFBt7M4AVRj+6Ulk1E7Kl5y0W8BzqKu4R8I=","valid":false,"self_signed":false},"fingerprint_md5":"e829e65d7c4307d6fbc13c179e037a36","fingerprint_sha1":"a053375bfe84e8b748782c7cee15827a6af5a405","fingerprint_sha256":"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd","tbs_noct_fingerprint":"444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce","spki_subject_fingerprint":"390bc358202771a65e7be7a87924d7f2a079de04feb5ffd4163fae4fbf9b11e9","tbs_fingerprint":"444ebd67bb83f8807b3921e938ac9178b882bd50aadb11231f044cf5f08df7ce","validation_level":"DV","redacted":false}}],"validation":{"browser_trusted":false,"browser_error":"x509: failed to load system roots and no roots provided"}},"server_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"server_public":{"x":{"value":"nfV5Z/BX7NG6WAK+7CohY1MI1m76yGrhm3/omzRkRJc=","length":256},"y":{"value":"thOt8w1Yaw5zhmo9+NS8PgjHdlMMPn8Zl1aLvwC7z50=","length":256}}},"digest":"zsHfGj/e8lFwyqqn61neIIhm25oyABuTofdOq4bdi8s=","signature":{"raw":"E+2Fz4oduylrlhqaLHqImJ5IuJ3/RQwyENA9q+o6U9VQsfXvbRw/4ndY5zfyypoFjzOoGRc0Dhx8nz8T4zqui0SPgChSTzCStt1KIfvaVIHWntVa5uWODCjgorji9b4XCrh4hszutMzeV8NXlMMIerTiluTEAiYlsACgArPG0YFoyBLb6ohDTKGeaEq296DxRCaJI1jNfRwbY9z+EBmlfaekjPucPcjnzlEAhMsPlrzEzHPEg8XkGBPGYcadHSbl/9CqOMGws7acR1JTyJAtyKVaJkauZorzsGSN5ZW2lEF/2eqTBal0431dNygx4nuoz1CpqGfAamQbqnLAbTPDZQ==","type":"rsa","valid":true,"signature_and_hash_type":{"signature_algorithm":"rsa","hash_algorithm":"sha256"},"tls_version":{"name":"TLSv1.2","value":771}}},"client_key_exchange":{"ecdh_params":{"curve_id":{"name":"secp256r1","id":23},"client_public":{"x":{"value":"FphxrWdXsuFxMSAu4nK1QkL5gmakbxp3ZFoVgoDKiyk=","length":256},"y":{"value":"n4YXrWbOELzor2eB9sddXjeRmzF8t1++mYnI9yWIe0k=","length":256}},"client_private":{"value":"aD2Kcjp9xdUNcx+j5N7NXxlvxBKFj1vAVc3pnXt7B04=","length":32}}},"client_finished":{"verify_data":"ZwBhDZRd2iJW/Dmf"},"server_finished":{"verify_data":"CIXmEd1/E8gMxmNi"},"key_material":{"master_secret":{"value":"+ZA70wONtgCIJMTd+oATK8EkbqXZLeEV0kv0iGMKmmM6R9BgQlFoYlr6LDTKdG0w","length":48},"pre_master_secret":{"value":"sxkQa0ePkbyP4un9hzAF+jJuLP4XExZq3QC5HjeIQek=","length":32}}}}},"timestamp":"2024-05-15T00:02:49-07:00"}}} diff --git a/zgrab2_schemas/zgrab2/__init__.py b/zgrab2_schemas/zgrab2/__init__.py index 5d510400..aa5890a0 100644 --- a/zgrab2_schemas/zgrab2/__init__.py +++ b/zgrab2_schemas/zgrab2/__init__.py @@ -21,3 +21,4 @@ from . import telnet from . import ipp from . import banner +from . import amqp091 \ No newline at end of file diff --git a/zgrab2_schemas/zgrab2/amqp091.py b/zgrab2_schemas/zgrab2/amqp091.py new file mode 100644 index 00000000..98d7b21c --- /dev/null +++ b/zgrab2_schemas/zgrab2/amqp091.py @@ -0,0 +1,39 @@ +# zschema sub-schema for zgrab2's AMQP091 module +# Registers zgrab2-amqp091 globally, and amqp091 with the main zgrab2 schema. +from zschema.leaves import * +from zschema.compounds import * +import zschema.registry + +from . import zgrab2 + +# Schema for connectionTune struct +connection_tune = SubRecord({ + "channel_max": Unsigned32BitInteger(), + "frame_max": Unsigned32BitInteger(), + "heartbeat": Unsigned32BitInteger(), +}) + +# Schema for knownServerProperties struct +known_server_properties = SubRecord({ + "product": String(), + "version": String(), + "platform": String(), + "copyright": String(), + "information": String(), + "unknown_props": String(), +}) + +# Schema for Result struct +result_schema = SubRecord({ + "result": SubRecord ({ "failure": String(), + "version_major": Unsigned32BitInteger(), + "version_minor": Unsigned32BitInteger(), + "server_properties": known_server_properties, + "locales": ListOf(String()), + "auth_success": Boolean(), + "tune": connection_tune, + "tls": zgrab2.tls_log, +})}, extends=zgrab2.base_scan_response) + +zschema.registry.register_schema("zgrab2-amqp091", result_schema) +zgrab2.register_scan_response_type("amqp091", result_schema)