Scripting engine implementation.

Author: bergabman

Cargo.lock

@@ -36,6 +36,9 @@ serde_derive = "1.0.116"
 cidr-utils = "0.5.0"
 itertools = "0.9.0"
 trust-dns-resolver = { version = "0.19.5", features = ["dns-over-rustls"] }
+anyhow = "1.0.32"
+subprocess = "0.2.6"
+text_placeholder = { version = "0.3", features = ["struct_context"] }
 
 [dev-dependencies]
 wait-timeout = "0.2"

Cargo.toml

@@ -0,0 +1,14 @@
+# Test/Example ScriptConfig file
+
+# Tags to filter on scripts. Only scripts containing all these tags will run.
+tags = ["core_approved", "example"]
+
+# If it's present then only those scripts will run which has a tag ports = "80". Not yet implemented.
+#
+# ex.:
+# ports = [80]
+# ports = [80,81,8080]
+ports = [80]
+
+# Only this developer(s) scripts to run. Not yet implemented.
+developer = ["example"]

fixtures/test_rustscan_scripts.toml

@@ -0,0 +1,23 @@
+#!/usr/bin/perl
+#tags = ["core_approved", "example",]
+#developer = [ "example", "https://example.org" ]
+#join_ports = ","
+#call_format = "perl {{script}} {{ip}} {{port}}"
+
+# Sriptfile parser stops at the first blank line with parsing.
+# This script will run itself as an argument with the system installed perl interpreter, ports will be concatenated with "," .
+# Unused field: port = "80"
+# get total arg passed to this script
+my $total = $#ARGV + 1;
+my $counter = 1;
+ 
+# get script name
+my $scriptname = $0;
+ 
+print "Total args passed to $scriptname : $total\n";
+ 
+# Use loop to print all args stored in an array called @ARGV
+foreach my $a(@ARGV) {
+	print "Arg # $counter : $a\n";
+	$counter++;
+}

fixtures/test_script.pl

@@ -0,0 +1,13 @@
+#!/usr/bin/python3
+#tags = ["core_approved", "example",]
+#developer = [ "example", "https://example.org" ]
+#port = "80"
+#call_format = "python3 {{script}} {{ip}} {{port}}"
+
+# Sriptfile parser stops at the first blank line with parsing.
+# This script will run itself as an argument with the system installed python interpreter, only scanning port 80.
+# Unused filed: join_ports = ","
+
+import sys
+
+print('Python script ran with arguments', str(sys.argv))

fixtures/test_script.py

@@ -0,0 +1,12 @@
+#!/bin/bash 
+#tags = ["core_approved", "example",]
+#developer = [ "example", "https://example.org" ]
+#join_ports = ","
+#call_format = "bash {{script}} {{ip}} {{port}}"
+
+# Sriptfile parser stops at the first blank line with parsing.
+# This script will run itself as an argument with the system installed bash interpreter, scanning all ports concatenated with "," .
+# Unused filed: port = "80"
+
+# print all arguments passed to the script
+echo $@

fixtures/test_script.sh

@@ -0,0 +1,9 @@
+#!intentional_blank_line
+#tags = ["core_approved", "example"]
+#developer = [ "example", "https://example.org" ]
+#join_ports = ","
+#call_format = "nmap -vvv -p {{port}} {{ip}}"
+
+# Sriptfile parser stops at the first blank line with parsing.
+# This script will run the system installed nmap, ports will be concatenated with "," .
+# Unused field: port = "80"

fixtures/test_script.txt

@@ -80,10 +80,6 @@ pub struct Opts {
     #[structopt(long)]
     pub accessible: bool,
 
-    /// Turns off Nmap.
-    #[structopt(long)]
-    pub no_nmap: bool,
-
     /// The batch size for port scanning, it increases or slows the speed of
     /// scanning. Depends on the open file limit of your OS.  If you do 65535
     /// it will do every port at the same time. Although, your OS may not
@@ -105,17 +101,21 @@ pub struct Opts {
     #[structopt(long, possible_values = &ScanOrder::variants(), case_insensitive = true, default_value = "serial")]
     pub scan_order: ScanOrder,
 
-    /// The Nmap arguments to run.
+    /// Use scriptconfig file and available scripts. Default value will run the embedded basic nmap scan.
+    #[structopt(long, possible_values = &["none", "default", "custom"], case_insensitive = true, default_value = "default")]
+    pub scripts: String,
+
+    /// Use the top 1000 ports.
+    #[structopt(long)]
+    pub top: bool,
+
+    /// The extra arguments to run.
     /// To use the argument -A, end RustScan's args with '-- -A'.
     /// Example: 'rustscan -T 1500 127.0.0.1 -- -A -sC'.
     /// This command adds -Pn -vvv -p $PORTS automatically to nmap.
     /// For things like --script '(safe and vuln)' enclose it in quotations marks \"'(safe and vuln)'\"")
     #[structopt(last = true)]
     pub command: Vec<String>,
-
-    /// Use the top 1000 ports.
-    #[structopt(long)]
-    pub top: bool,
 }
 
 #[cfg(not(tarpaulin_include))]
@@ -153,7 +153,9 @@ impl Opts {
             }
         }
 
-        merge_required!(addresses, greppable, accessible, batch_size, timeout, scan_order, command);
+        merge_required!(
+            addresses, greppable, accessible, batch_size, timeout, scan_order, scripts, command
+        );
     }
 
     fn merge_optional(&mut self, config: &Config) {
@@ -199,6 +201,7 @@ pub struct Config {
     ulimit: Option<rlimit::rlim>,
     scan_order: Option<ScanOrder>,
     command: Option<Vec<String>>,
+    scripts: Option<String>,
 }
 
 #[cfg(not(tarpaulin_include))]
@@ -257,6 +260,7 @@ mod tests {
                 command: Some(vec!["-A".to_owned()]),
                 accessible: Some(true),
                 scan_order: Some(ScanOrder::Random),
+                scripts: None,
             }
         }
     }
@@ -273,9 +277,9 @@ mod tests {
                 ulimit: None,
                 command: vec![],
                 accessible: false,
-                no_nmap: false,
                 scan_order: ScanOrder::Serial,
                 no_config: true,
+                scripts: "default".into(),
                 top: false,
             }
         }