liamg / furious Goto Github PK

Hi, came across this tool for port scanning and it works well with external sites:

Do you know why local ones fail?

`
(base) ip-192-168-86-35:apk_decompile jack$ sudo furious 192.168.86.35

Starting scan at 2020-02-06 13:01:51.335325 -0800 PST m=+0.008516310

panic: router only implemented in linux

goroutine 41 [running]:
github.com/liamg/furious/vendor/github.com/google/gopacket/routing.New(...)
/Users/jack/go/src/github.com/liamg/furious/vendor/github.com/google/gopacket/routing/other.go:14
github.com/liamg/furious/scan.(*SynScanner).scanHost(0xc000306000, 0xc000692020, 0x10, 0x10, 0xc0002a8000, 0x16b4, 0x1c00, 0xc000694000, 0xc000694120, 0x43c9060, ...)
/Users/jack/go/src/github.com/liamg/furious/scan/scan-syn.go:242 +0x2ab
github.com/liamg/furious/scan.(*SynScanner).Start.func1(0xc000306000)
/Users/jack/go/src/github.com/liamg/furious/scan/scan-syn.go:74 +0x173
created by github.com/liamg/furious/scan.(*SynScanner).Start
/Users/jack/go/src/github.com/liamg/furious/scan/scan-syn.go:68 +0x43
`

Thanks!

We need to switch to libpcap for syn scanning on osx.

Nice info here: https://www.devdungeon.com/content/packet-capture-injection-and-analysis-gopacket

Does not support windows

furious 192.168.218.149

00 CST m=+0.031451601

panic: router only implemented in linux

goroutine 26 [running]:
github.com/liamg/furious/vendor/github.com/googl
e/gopacket/routing.New(...)
        C:/Users/sxuec/go/src/github.com/liamg/f
urious/vendor/github.com/google/gopacket/routing
/other.go:14
github.com/liamg/furious/scan.(*SynScanner).scan
Host(0xc00005eba0, 0xc000056a40, 0x10, 0x10, 0xc
000268000, 0x16b4, 0x1c00, 0xc000041740, 0xc0000
41860, 0x7b5580, ...)
        C:/Users/sxuec/go/src/github.com/liamg/f
urious/scan/scan-syn.go:242 +0x2b2
github.com/liamg/furious/scan.(*SynScanner).Star
t.func1(0xc00005eba0)
        C:/Users/sxuec/go/src/github.com/liamg/f
urious/scan/scan-syn.go:74 +0x17a
created by github.com/liamg/furious/scan.(*SynSc
anner).Start
        C:/Users/sxuec/go/src/github.com/liamg/f
urious/scan/scan-syn.go:68 +0x4a```

Thank for your hard work on this. I thinking about using it for a project so giving it a thorough testing. I'm new to go so please forgive me if I've missed something obvious here. I've been coding for 20 years, but the go routines and channels are going to take a while to get my head around!

Looking at scan-syn.go, it looks like the filtered ports are never assessed or sent to the filtered channel to be added to the filtered array. Is that right?

Since we are not expecting a response, would it be right in thinking that after a timeout any port that isn't open, or closed would be essentially confirmed as filtered (unless it was just lost in the network)?

Any idea why both furious and masscan cannot detect port 80 on: 104.36.195.221?

Exactly as mentioned in the title the command always returns Host is down output.

❯ furious -s connect github.com

Starting scan at 2020-08-29 01:04:42.530665 +0300 +03 m=+0.019277855

Scan results for host 140.82.121.4
	Host is down

Scan complete in 2.110237526s.

Environment Information

❯ go version
go version go1.15 darwin/amd64

❯ brew info libpcap
libpcap: stable 1.9.1 (bottled), HEAD [keg-only]

Added Homebrew libpcap to path

❯ furious --version
furious development version

Hello there.

Its not a real issue, but since I would like to implement my own golang based network scanner, I wish to adjoin discussion about scilent port scans.

From my point of view, a scilent, half-open port scan, cuts the connection after receiving the SYN-ACK Flag package. Therefore, no real connection is established to the host and the port scan is actual a lot harder to detect.

You had implemented your port scan with the net package and the connectTimeout Function. As I understood, this establishes a real TCP connection. It's a lot easier to implement, but my ambition is thrilled: Is it also possible in go, to implement a real hald-open port scan?

I do some more research and maybe in closer future, I get an answer.

I'm attempting to reference your project as a library, it seems like a really well thought out project. I'm currently running into an issue I don't understand. When I try to reference your code from a different project I get the response of:

Scan results for host 192.168.3.5
	Host is down

Where if I run the furious tool:

sudo ./furious -s connect 192.168.3.5

Starting scan at 2019-12-17 20:55:56.545097688 +0000 UTC m=+0.026920458

Scan results for host 192.168.3.5
	Host is up with 56.66663ms latency
	PORT	STATE	SERVICE
	22/tcp    	OPEN      	ssh

Scan complete in 2.418170027s.

It seems to work fine. The code I'm using looks like this and semantically doesn't seem any different what what your project is running.

if os.Getuid() > 0 {
		fmt.Println("Access Denied: You must be a priviliged user to run this type of scan.")
		os.Exit(1)
	}
	targetIterator := scan.NewTargetIterator("192.168.3.5")
	scanner := scan.NewConnectScanner(targetIterator, 6000, 1000)
	if err := scanner.Start(); err != nil {
		fmt.Println(err)
		os.Exit(1)
	}
	ctx, _ := context.WithCancel(context.Background())
	results, err := scanner.Scan(ctx, scan.DefaultPorts)
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}

	for _, result := range results {
		scanner.OutputResult(result)
	}

I tried to run this from my macOS iMac (bit silly of me?):

(⎈ |local:default)
prologic@Jamess-iMac
Tue Oct 20 08:32:02
~
 1
$ sudo furious 10.0.0.7
Password:

Starting scan at 2020-10-20 08:32:15.415617 +1000 AEST m=+0.005401962

panic: router only implemented in linux

goroutine 31 [running]:
github.com/liamg/furious/vendor/github.com/google/gopacket/routing.New(...)
	/Users/prologic/go/src/github.com/liamg/furious/vendor/github.com/google/gopacket/routing/other.go:14
github.com/liamg/furious/scan.(*SynScanner).scanHost(0xc000184c90, 0xc00018a330, 0x10, 0x10, 0xc000356000, 0x16b4, 0x1c00, 0xc00018c1e0, 0xc00018c300, 0x43d40c0, ...)
	/Users/prologic/go/src/github.com/liamg/furious/scan/scan-syn.go:242 +0x274
github.com/liamg/furious/scan.(*SynScanner).Start.func1(0xc000184c90)
	/Users/prologic/go/src/github.com/liamg/furious/scan/scan-syn.go:74 +0x173
created by github.com/liamg/furious/scan.(*SynScanner).Start
	/Users/prologic/go/src/github.com/liamg/furious/scan/scan-syn.go:68 +0x43

Is it possible to add support for macOS here? Is there an equivalent implementation that can be added?

please add an option to generate json or xml structured output, something like that in nmap.

I compiled furious for Windows using "go get github.com/liamg/furious"

There are two problems: on "furious -s device host" it gives a DOWN response, but it also shows the MAC address and open ports.
The second problem: when executing "furious host" produces

C:\Users\i.eremeev\go\bin>furious 192.168.2.35

Starting scan at 2019-09-17 09:33:42.3653148 +0700 +07 m=+0.017996401

panic: router only implemented in linux

goroutine 23 [running]:
github.com/google/gopacket/routing.New(...)
C:/Users/i.eremeev/go/pkg/mod/github.com/google/[email protected]/routing/other.go:14
github.com/liamg/furious/scan.(*SynScanner).scanHost(0xc0002aa000, 0xc000280110, 0x10, 0x10, 0xc00025a000, 0x16b4, 0x1c00, 0xc00027c240, 0xc000b0e000, 0x7c6b80, ...)
C:/Users/i.eremeev/go/pkg/mod/github.com/liamg/[email protected]/scan/scan-syn.go:242 +0x269
github.com/liamg/furious/scan.(*SynScanner).Start.func1(0xc0002aa000)
C:/Users/i.eremeev/go/pkg/mod/github.com/liamg/[email protected]/scan/scan-syn.go:74 +0x17a
created by github.com/liamg/furious/scan.(*SynScanner).Start
C:/Users/i.eremeev/go/pkg/mod/github.com/liamg/[email protected]/scan/scan-syn.go:68 +0x4a

Would be great to have json to stdout