Skip to content

Commit

Permalink
Merge pull request #30 from praetorian-inc/redis-tls
Browse files Browse the repository at this point in the history
detect redis over tls
  • Loading branch information
praetorian-thendrickson authored Dec 18, 2023
2 parents f716710 + 54ced3f commit 6d4f779
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 3 deletions.
32 changes: 31 additions & 1 deletion pkg/plugins/services/redis/redis.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,14 @@ import (
)

type REDISPlugin struct{}
type REDISTLSPlugin struct{}

type Info struct {
AuthRequired bool
}

const REDIS = "redis"
const REDISTLS = "redis"

// Check if the response is from a Redis server
// returns an error if it's not validated as a Redis server
Expand Down Expand Up @@ -70,13 +72,22 @@ func checkRedis(data []byte) (Info, error) {

func init() {
plugins.RegisterPlugin(&REDISPlugin{})
plugins.RegisterPlugin(&REDISTLSPlugin{})
}

func (p *REDISPlugin) PortPriority(port uint16) bool {
return port == 6379
}

func (p *REDISPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.Target) (*plugins.Service, error) {
func (p *REDISTLSPlugin) PortPriority(port uint16) bool {
return port == 6380
}

func (p *REDISTLSPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.Target) (*plugins.Service, error) {
return DetectRedis(conn, target, timeout, true)
}

func DetectRedis(conn net.Conn, target plugins.Target, timeout time.Duration, tls bool) (*plugins.Service, error) {
//https://redis.io/commands/ping/
// PING is a supported command since 1.0.0
// [*1(CR)(NL)$4(CR)(NL)PING(CR)(NL)]
Expand Down Expand Up @@ -112,17 +123,36 @@ func (p *REDISPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.T
payload := plugins.ServiceRedis{
AuthRequired: result.AuthRequired,
}
if tls {
return plugins.CreateServiceFrom(target, payload, true, "", plugins.TCPTLS), nil
}
return plugins.CreateServiceFrom(target, payload, false, "", plugins.TCP), nil
}

func (p *REDISPlugin) Run(conn net.Conn, timeout time.Duration, target plugins.Target) (*plugins.Service, error) {
return DetectRedis(conn, target, timeout, false)
}

func (p *REDISPlugin) Name() string {
return REDIS
}

func (p *REDISTLSPlugin) Name() string {
return REDISTLS
}

func (p *REDISPlugin) Type() plugins.Protocol {
return plugins.TCP
}

func (p *REDISTLSPlugin) Type() plugins.Protocol {
return plugins.TCPTLS
}

func (p *REDISPlugin) Priority() int {
return 413
}

func (p *REDISTLSPlugin) Priority() int {
return 414
}
1 change: 1 addition & 0 deletions pkg/plugins/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ const (
ProtoRDP = "rdp"
ProtoRPC = "rpc"
ProtoRedis = "redis"
ProtoRedisTLS = "redis"
ProtoRsync = "rsync"
ProtoRtsp = "rtsp"
ProtoSMB = "smb"
Expand Down
12 changes: 10 additions & 2 deletions pkg/runner/report.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,17 @@ func Report(services []plugins.Service) error {
csvWriter.Flush()
default:
if len(service.Host) > 0 {
log.Printf("%s://%s:%d (%s)\n", strings.ToLower(service.Protocol), service.Host, service.Port, service.IP)
if service.TLS {
log.Printf("%s://%s:%d (%s) (tls)\n", strings.ToLower(service.Protocol), service.Host, service.Port, service.IP)
} else {
log.Printf("%s://%s:%d (%s)\n", strings.ToLower(service.Protocol), service.Host, service.Port, service.IP)
}
} else {
log.Printf("%s://%s:%d\n", strings.ToLower(service.Protocol), service.IP, service.Port)
if service.TLS {
log.Printf("%s://%s:%d (tls)\n", strings.ToLower(service.Protocol), service.IP, service.Port)
} else {
log.Printf("%s://%s:%d\n", strings.ToLower(service.Protocol), service.IP, service.Port)
}
}
}
}
Expand Down

0 comments on commit 6d4f779

Please sign in to comment.