added a more precise scan response and modified .json like asked
This commit is contained in:
parent
1caa9a1e7d
commit
a9ce32c262
|
@ -5,10 +5,10 @@
|
|||
"description": "Scan user when they connect",
|
||||
"version": "0.1",
|
||||
"settings": {
|
||||
"REVERSE_SCAN": {
|
||||
"USE_REVERSE_SCAN": {
|
||||
"context": "multisite",
|
||||
"default": "no",
|
||||
"help": "Activate reverse_scan feature.",
|
||||
"help": "Enable the 'reverse_scan' feature to attempt establishing a TCP connection on a list of ports defined in 'PORT_SCAN'.",
|
||||
"id": "use-Reverse-scan",
|
||||
"label": "port scanning",
|
||||
"regex": "^(no|yes)$",
|
||||
|
@ -16,21 +16,21 @@
|
|||
|
||||
|
||||
},
|
||||
"PORT_SCAN": {
|
||||
"REVERSE_SCAN_PORT_SCAN": {
|
||||
"context": "multisite",
|
||||
"default": "22 23 25 80 443 3389 1433 3306",
|
||||
"help": "Choose port to scan",
|
||||
"help": "Specify a list of ports to scan. Default is '22 23 25 80 443 3389 1433 3306'.",
|
||||
"id": "port_scanning",
|
||||
"label": "port_number",
|
||||
"label": "List of port that will be scanned",
|
||||
"regex": "^.*$",
|
||||
"type": "text"
|
||||
},
|
||||
"TIMEOUT": {
|
||||
"REVERSE_SCAN_TIMEOUT": {
|
||||
"context": "multisite",
|
||||
"default": "0.5",
|
||||
"help": "choose maximum timeout when scan a port",
|
||||
"help": "Specify the maximum timeout (in seconds) when scanning a port. Default is '0.5'.",
|
||||
"id": "timeout_scanning",
|
||||
"label": "Second",
|
||||
"label": "Time before connection request is aborded",
|
||||
"regex": "^.*$",
|
||||
"type": "number"
|
||||
}
|
||||
|
|
|
@ -52,7 +52,7 @@ function _M:access()
|
|||
if cached_ip=="denied" then
|
||||
return true, "client IP " .. ngx.var.remote_addr .. " is suspicious : port open", true, utils.get_deny_status()
|
||||
elseif cached_ip=="clean" then
|
||||
return true , "Ip already scanned and is clean" , nil , nil
|
||||
return true , "Ip already scanned and is safe" , nil , nil
|
||||
elseif cached_ip ~= false then
|
||||
return false, err , nil , nil
|
||||
end
|
||||
|
@ -66,7 +66,7 @@ function _M:access()
|
|||
--call scan function
|
||||
local sus = nil
|
||||
for i = 1, #port_List do
|
||||
if _M:scan(port_List[i]) then
|
||||
if _M:scan(port_List[i])==true then
|
||||
|
||||
sus = true
|
||||
self:add_to_cache("ip" .. ngx.var.remote_addr, "denied")
|
||||
|
@ -78,28 +78,26 @@ function _M:access()
|
|||
return nil, "client IP " .. ngx.var.remote_addr .. " is safe ", true, nil
|
||||
end
|
||||
|
||||
function _M:scan(prt)
|
||||
local time, err = utils.get_variable("TIMEOUT")
|
||||
logger.log(ngx.NOTICE, "REVERSE_SCAN", " scan called on port " .. prt)
|
||||
if prt == nil then
|
||||
return false , "port is null"
|
||||
end
|
||||
function _M.scan(port)
|
||||
local client = socket.tcp()
|
||||
client:settimeout(time)
|
||||
local status, err = client:connect(ngx.var.remote_addr, prt)
|
||||
local time, err = utils.get_variable("TIMEOUT")
|
||||
client:settimeout(time)
|
||||
|
||||
local status, err = client:connect(ngx.var.remote_addr, port)
|
||||
if not status then
|
||||
if err == "timeout" then
|
||||
return false, "timeout"
|
||||
else
|
||||
return false, err
|
||||
local peername, peerport = client:getpeername()
|
||||
if not peername then
|
||||
--
|
||||
return false , err
|
||||
end
|
||||
end
|
||||
client:close()
|
||||
return true
|
||||
end
|
||||
client:close()
|
||||
return true , err
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
function _M:is_in_cache(ele)
|
||||
local kind, err = datastore:get("plug_scan_port" .. ngx.var.server_name .. ele)
|
||||
if not kind then
|
||||
|
|
Loading…
Reference in New Issue