Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ftp: Add support for implicit TLS #264

Merged
merged 1 commit into from
May 29, 2020
Merged

ftp: Add support for implicit TLS #264

merged 1 commit into from
May 29, 2020

Conversation

codyprime
Copy link
Member

The command line option --implicit-tls will attempt connecting via
TLS before intiating the FTP handshake.

How to Test

You need to find a server that is using TLS around FTP (but not auth-tls or auth-ssl), and run:

echo ip_address | zgrab2 ftp --port 990 --implicit-tls

Notes & Caveats

Issue Tracking

bwireman
bwireman reviewed May 27, 2020
View reviewed changes
modules/ftp/scanner.go Outdated
FTPAuthTLS bool `long:"authtls" description:"Collect FTPS certificates in addition to FTP banners"`
Verbose bool `long:"verbose" description:"More verbose logging, include debug fields in the scan results"`
FTPAuthTLS bool `long:"authtls" description:"Collect FTPS certificates in addition to FTP banners"`
ImplicitTLS bool `long:"implicit-tls" description:"Attempt to connect via a TLS wrapped connection first"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attempt to connect via a TLS wrapped connection first implies it will attempt plain text next, which doesn't appear to be the case

bwireman
bwireman approved these changes May 27, 2020
View reviewed changes
Copy link
Contributor

@bwireman bwireman left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming that not retrying w/ plaintext is the intended behaviour

CI timed out but FTP tests seem to have worked

@codyprime codyprime mentioned this pull request May 29, 2020
Closed
@lambdafu lambdafu mentioned this pull request May 29, 2020
Closed
@codyprime codyprime force-pushed the jcody/ftp-implicit-tls-opt branch 2 times, most recently from 4ae6898 to 84a8b32 Compare May 29, 2020 20:10
@codyprime
ftp: Add support for implicit TLS
f6fbfc5 
The command line option `--implicit-tls` will attempt connecting via
TLS before intiating the FTP handshake.
@codyprime
Copy link
Member Author

rebased to master

@codyprime codyprime merged commit 475c103 into master May 29, 2020
@codyprime codyprime deleted the jcody/ftp-implicit-tls-opt branch May 29, 2020 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwireman bwireman bwireman approved these changes

@dadrian dadrian Awaiting requested review from dadrian

@justinbastress justinbastress Awaiting requested review from justinbastress

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@codyprime @bwireman