From 3b082ea736d21b76dcd1fa8fa9599235cfa06e04 Mon Sep 17 00:00:00 2001 From: Ullaakut Date: Sat, 6 Apr 2019 12:56:15 +0200 Subject: [PATCH] Update to disgo 0.3.0 --- cameradar/cameradar.go | 74 ++++++++++++++++++++---------------------- go.mod | 2 +- go.sum | 2 ++ 3 files changed, 38 insertions(+), 40 deletions(-) diff --git a/cameradar/cameradar.go b/cameradar/cameradar.go index 444f43f..bd51ef9 100644 --- a/cameradar/cameradar.go +++ b/cameradar/cameradar.go @@ -12,9 +12,8 @@ import ( "github.com/spf13/pflag" "github.com/spf13/viper" cmrdr "github.com/ullaakut/cameradar" - "github.com/ullaakut/disgo/logger" - log "github.com/ullaakut/disgo/logger" - "github.com/ullaakut/disgo/symbol" + log "github.com/ullaakut/disgo" + "github.com/ullaakut/disgo/style" curl "github.com/ullaakut/go-curl" ) @@ -68,14 +67,11 @@ func parseArguments() error { func main() { var options options - logger, err := log.New(os.Stdout, log.WithErrorOutput(os.Stderr)) - if err != nil { - fmt.Fprintf(os.Stderr, "Unable to create logger: %v", err) - } + term := log.NewTerminal() - err = parseArguments() + err := parseArguments() if err != nil { - printErr(logger, err) + printErr(term, err) } options.Credentials = viper.GetString("custom-credentials") @@ -91,14 +87,14 @@ func main() { if len(options.Targets) == 1 { options.Targets, err = cmrdr.ParseTargetsFile(options.Targets[0]) if err != nil { - printErr(logger, err) + printErr(term, err) } } err = curl.GlobalInit(curl.GLOBAL_ALL) handle := curl.EasyInit() if err != nil || handle == nil { - printErr(logger, errors.New("libcurl initialization failed")) + printErr(term, errors.New("libcurl initialization failed")) } c := &cmrdr.Curl{CURL: handle} @@ -111,33 +107,33 @@ func main() { credentials, err := cmrdr.LoadCredentials(options.Credentials) if err != nil { - printErr(logger, fmt.Errorf("Invalid credentials dictionary %q: %v", options.Credentials, err)) + printErr(term, fmt.Errorf("Invalid credentials dictionary %q: %v", options.Credentials, err)) return } routes, err := cmrdr.LoadRoutes(options.Routes) if err != nil { - printErr(logger, fmt.Errorf("Invalid routes dictionary %q: %v", options.Routes, err)) + printErr(term, fmt.Errorf("Invalid routes dictionary %q: %v", options.Routes, err)) return } updateSpinner(w, "Scanning the network...", options.EnableLogs) streams, err := cmrdr.Discover(options.Targets, options.Ports, options.Speed) if err != nil && len(streams) > 0 { - printErr(logger, err) + printErr(term, err) } // Most cameras will be accessed successfully with these two attacks updateSpinner(w, "Found "+fmt.Sprint(len(streams))+" streams. Attacking their routes...", options.EnableLogs) streams, err = cmrdr.AttackRoute(c, streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs) if err != nil && len(streams) > 0 { - printErr(logger, err) + printErr(term, err) } updateSpinner(w, "Found "+fmt.Sprint(len(streams))+" streams. Attacking their credentials...", options.EnableLogs) streams, err = cmrdr.AttackCredentials(c, streams, credentials, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs) if err != nil && len(streams) > 0 { - printErr(logger, err) + printErr(term, err) } // But some cameras run GST RTSP Server which prioritizes 401 over 404 contrary to most cameras. @@ -147,7 +143,7 @@ func main() { updateSpinner(w, "Found "+fmt.Sprint(len(streams))+" streams. Final attack...", options.EnableLogs) streams, err = cmrdr.AttackRoute(c, streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs) if err != nil && len(streams) > 0 { - printErr(logger, err) + printErr(term, err) } break @@ -157,62 +153,62 @@ func main() { updateSpinner(w, "Found "+fmt.Sprint(len(streams))+" streams. Validating their availability...", options.EnableLogs) streams, err = cmrdr.ValidateStreams(c, streams, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs) if err != nil && len(streams) > 0 { - printErr(logger, err) + printErr(term, err) } clearOutput(w, options.EnableLogs) - prettyPrint(logger, streams) + prettyPrint(term, streams) } -func prettyPrint(logger *logger.Logger, streams []cmrdr.Stream) { +func prettyPrint(term *log.Terminal, streams []cmrdr.Stream) { success := 0 if len(streams) > 0 { for _, stream := range streams { if stream.CredentialsFound && stream.RouteFound && stream.Available { - logger.Infof("%s\tDevice RTSP URL:\t%s\n", log.Success(symbol.RightTriangle), log.Link(cmrdr.GetCameraRTSPURL(stream))) + term.Infof("%s\tDevice RTSP URL:\t%s\n", style.Success(style.SymbolRightTriangle), style.Link(cmrdr.GetCameraRTSPURL(stream))) success++ } else { - logger.Infof("%s\tAdmin panel URL:\t%s You can use this URL to try attacking the camera's admin panel instead.\n", log.Failure(symbol.Cross), log.Link(cmrdr.GetCameraAdminPanelURL(stream))) + term.Infof("%s\tAdmin panel URL:\t%s You can use this URL to try attacking the camera's admin panel instead.\n", style.Failure(style.SymbolCross), style.Link(cmrdr.GetCameraAdminPanelURL(stream))) } - logger.Infof("\tDevice model:\t\t%s\n\n", stream.Device) + term.Infof("\tDevice model:\t\t%s\n\n", stream.Device) if stream.Available { - logger.Infof("\tAvailable:\t\t%s\n", log.Success(symbol.Check)) + term.Infof("\tAvailable:\t\t%s\n", style.Success(style.SymbolCheck)) } else { - logger.Infof("\tAvailable:\t\t%s\n", log.Failure(symbol.Cross)) + term.Infof("\tAvailable:\t\t%s\n", style.Failure(style.SymbolCross)) } - logger.Infof("\tIP address:\t\t%s\n", stream.Address) - logger.Infof("\tRTSP port:\t\t%d\n", stream.Port) + term.Infof("\tIP address:\t\t%s\n", stream.Address) + term.Infof("\tRTSP port:\t\t%d\n", stream.Port) if stream.CredentialsFound { - logger.Infof("\tUsername:\t\t%s\n", log.Success(stream.Username)) - logger.Infof("\tPassword:\t\t%s\n", log.Success(stream.Password)) + term.Infof("\tUsername:\t\t%s\n", style.Success(stream.Username)) + term.Infof("\tPassword:\t\t%s\n", style.Success(stream.Password)) } else { - logger.Infof("\tUsername:\t\t%s\n", log.Failure("not found")) - logger.Infof("\tPassword:\t\t%s\n", log.Failure("not found")) + term.Infof("\tUsername:\t\t%s\n", style.Failure("not found")) + term.Infof("\tPassword:\t\t%s\n", style.Failure("not found")) } if stream.RouteFound { - logger.Infof("\tRTSP route:\t\t%s\n\n\n", log.Success("/"+stream.Route)) + term.Infof("\tRTSP route:\t\t%s\n\n\n", style.Success("/"+stream.Route)) } else { - logger.Infof("\tRTSP route:\t\t%s\n\n\n", log.Failure("not found")) + term.Infof("\tRTSP route:\t\t%s\n\n\n", style.Failure("not found")) } } if success > 1 { - logger.Infof("%s Successful attack: %s devices were accessed", log.Success(symbol.Check), log.Success(len(streams))) + term.Infof("%s Successful attack: %s devices were accessed", style.Success(style.SymbolCheck), style.Success(len(streams))) } else if success == 1 { - logger.Infof("%s Successful attack: %s device was accessed", log.Success(symbol.Check), log.Success(len(streams))) + term.Infof("%s Successful attack: %s device was accessed", style.Success(style.SymbolCheck), style.Success(len(streams))) } else { - logger.Infof("%s Streams were found but none were accessed. They are most likely configured with secure credentials and routes. You can try adding entries to the dictionary or generating your own in order to attempt a bruteforce attack on the cameras.\n", log.Failure("\xE2\x9C\x96")) + term.Infof("%s Streams were found but none were accessed. They are most likely configured with secure credentials and routes. You can try adding entries to the dictionary or generating your own in order to attempt a bruteforce attack on the cameras.\n", style.Failure("\xE2\x9C\x96")) } } else { - logger.Infof("%s No streams were found. Please make sure that your target is on an accessible network.\n", log.Failure(symbol.Cross)) + term.Infof("%s No streams were found. Please make sure that your target is on an accessible network.\n", style.Failure(style.SymbolCross)) } } -func printErr(logger *logger.Logger, err error) { - logger.Errorln(log.Failure(symbol.Cross), err) +func printErr(term *log.Terminal, err error) { + term.Errorln(style.Failure(style.SymbolCross), err) os.Exit(1) } diff --git a/go.mod b/go.mod index af7f36e..5916e7d 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/mattn/go-isatty v0.0.6 // indirect github.com/pkg/errors v0.8.1 github.com/spf13/viper v1.3.1 // indirect - github.com/ullaakut/disgo v0.0.0-20190310161027-e17c43d71b3d // indirect + github.com/ullaakut/disgo v0.3.0 // indirect github.com/ullaakut/go-curl v0.0.0-20190310175419-50acab4cef70 github.com/ullaakut/nmap v0.0.0-20190306183004-e38898a9bead gopkg.in/go-playground/validator.v9 v9.27.0 diff --git a/go.sum b/go.sum index d0ffdc3..a57676d 100644 --- a/go.sum +++ b/go.sum @@ -47,6 +47,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ullaakut/disgo v0.0.0-20190310161027-e17c43d71b3d h1:tObr2ILgSQwrhpQRiVUKHtXF+0V5gYnnd/zBQGAmfuQ= github.com/ullaakut/disgo v0.0.0-20190310161027-e17c43d71b3d/go.mod h1:UOgLVyqihzJ7yihrHjYZikivT+AHb9NhT3r1OyPCJqg= +github.com/ullaakut/disgo v0.3.0 h1:2zrEyNBfPRgDVDgzM/qLXZ4Yqt3Lxz7ERvZUSmqSY2M= +github.com/ullaakut/disgo v0.3.0/go.mod h1:UOgLVyqihzJ7yihrHjYZikivT+AHb9NhT3r1OyPCJqg= github.com/ullaakut/go-curl v0.0.0-20190310175419-50acab4cef70 h1:3q4hgRu9NT894aYmnoMFl5wPvdNhpHYmdi2+Njyxq5U= github.com/ullaakut/go-curl v0.0.0-20190310175419-50acab4cef70/go.mod h1:FTfXm4jC9Ff1yqc3/HMXCyr+SGO03vJyijJCQlNyF10= github.com/ullaakut/nmap v0.0.0-20190306183004-e38898a9bead h1:Pw5wKSAfxi8GcYJSc3GdcwtPG5tyg7zg9E3hAHbLPO0=