Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow public ip #112

Merged
merged 5 commits into from
Dec 19, 2021
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 17 additions & 6 deletions cmd/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,15 @@ For example: log4jScanner scan --cidr "192.168.0.1/24`,
cmd.Usage()
return
}
publicIPAllowed, err := cmd.Flags().GetBool("allow-public-ips")
if err != nil {
pterm.Error.Println("allow-public-ip flag error")
cmd.Usage()
return
}
if publicIPAllowed {
pterm.Warning.Println("Scanning public IPs should be done with care, use at your own risk")
}
// TODO: add cancel context
cidr, err := cmd.Flags().GetString("cidr")
if err != nil {
Expand Down Expand Up @@ -99,7 +108,7 @@ For example: log4jScanner scan --cidr "192.168.0.1/24`,
if !disableServer {
StartServer(ctx, serverUrl, serverTimeout)
}
ScanCIDR(ctx, cidr, ports, serverUrl)
ScanCIDR(ctx, cidr, ports, serverUrl, publicIPAllowed)
},
}

Expand All @@ -113,6 +122,7 @@ func init() {
scanCmd.Flags().String("cidr", "", "IP subnet to scan in CIDR notation (e.g. 192.168.1.0/24)")
scanCmd.Flags().Bool("noserver", false, "Do not use the internal TCP server, this overrides the server flag if present")
scanCmd.Flags().Bool("nocolor", false, "remove colors from output")
scanCmd.Flags().Bool("allow-public-ips",false,"allowing to scan public IPs")
scanCmd.Flags().String("server", "", "Callback server IP and port (e.g. 192.168.1.100:5555)")
scanCmd.Flags().String("ports", "top10",
"Ports to scan. By default scans top 10 ports; 'top100' will scan the top 100 ports, 'slow' will scan all possible ports")
Expand All @@ -122,8 +132,8 @@ func init() {
createPrivateIPBlocks()
}

func ScanCIDR(ctx context.Context, cidr string, portsFlag string, serverUrl string) {
hosts, err := Hosts(cidr)
func ScanCIDR(ctx context.Context, cidr string, portsFlag string, serverUrl string, allowPublicIPs bool) {
hosts, err := Hosts(cidr, allowPublicIPs)
//if err is not nil cidr wasn't parse correctly or ip isn't private
if err != nil {
pterm.Error.Println("Failed to get hosts, what:", err)
Expand Down Expand Up @@ -233,16 +243,17 @@ func ScanPorts(ip, server string, ports []int, resChan chan string, wg *sync.Wai

}

func Hosts(cidr string) ([]string, error) {
func Hosts(cidr string, allowPublicIPs bool) ([]string, error) {
ip, ipnet, err := net.ParseCIDR(cidr)
if err != nil {
return nil, err
}

var ips []string
for ip := ip.Mask(ipnet.Mask); ipnet.Contains(ip); inc(ip) {
// Only scan for private IP addresses. If IP is not private, skip.
if !isPrivateIP(ip) {

//if public ip scanning isn't allowed Only scan for private IP addresses. If IP is not private, terminate with error.
if !allowPublicIPs && !isPrivateIP(ip) {
badIPStatus := ip.String() + " IP address is not private"
pterm.Error.Println(badIPStatus)
log.Fatal(badIPStatus)
Expand Down