grab.js - npm Package Compare versions
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
+86
| # grab.js [](https://coveralls.io/github/ChiChou/grab.js?branch=master) [](https://travis-ci.org/ChiChou/grab.js) | ||
| ## Usage | ||
| ### Quick Example | ||
| ```js | ||
| const grabber = require('grab.js'); | ||
| grabber.grab(ip, port) | ||
| .run() | ||
| .then(result => { /* process the result */ }) | ||
| .catch(err => { /* error handling */ }) | ||
| ``` | ||
| ## Api | ||
| ### grabber.grab(ip, port, options} | ||
| Returns a `Grab` object. You need to call `run` method to execute it. | ||
| * `ip`: target ip | ||
| * `port` port number | ||
| * `options` (optional): An object contains initial settings for the `Grab`, supports `tls` and `payload` and both of them are optional. | ||
| ### Grab#run() | ||
| Exeute the task, returns a Promise which yields a record. The record can have following fields: | ||
| * `record.banner`: the banner Buffer | ||
| * `record.certificate`: certificate information (only avaliable when TLS is enabled) | ||
| ### Grab.tls | ||
| Enable TLS. | ||
| ### Grab.payload | ||
| The `Buffer` to send when connection established. Payload file can be found under `nmap/paylaods`. | ||
| ### grabber.escape(buffer) | ||
| Escape buffer to printable chars. | ||
| ### grabber.parser(service) | ||
| Returns a promise that loads a parser function with given parser rule name. Rule names can be found under `nmap/parsers`. | ||
| ### Parser.parse(buffer) | ||
| Parse buffer to fingerprints. Fingerprint could have following fields: | ||
| * cpes: common platform enumeration | ||
| * os: operating system | ||
| * product: product name | ||
| * device: device type | ||
| * service: service name, same as the only arguments for `grabber.parser` | ||
| * version: software version | ||
| Notice that a `Parser` object instance is not exported. This is by design. | ||
| ## Command util | ||
| This project provides a cli tool for quick banner grab like [zgrab](http://github.com/zmap/zgrab) | ||
| For example, scanning ftp banner on given CIDR: | ||
| `sudo zmap -p 80 [cidr] | node cli.js -p 80 --payload=tcp/GetRequest --parse http > http.json` | ||
| Leave cidr blank to scan `0.0.0.0/20` | ||
| `find nmap` to checkout all avaliable parsers and payloads. | ||
| ### Options | ||
| * `-p, --port` the port | ||
| * `-s, --tls` use tls (https, imaps, etc) | ||
| * `--payload` send a payload upon connection. `ls -R nmap/payloads` to see all supported parsers. | ||
| * `--parser` parse banner with nmap's rule. `ls nmap/parsers` to see all supported parsers. | ||
| ## Special thanks | ||
| Thanks to the marvellous [nmap project](https://nmap.org) who has collected so many rules for fingerprinting. | ||
| ## License | ||
| GPLv2 |
+4
-3
@@ -9,2 +9,3 @@ #!/usr/bin/env node | ||
| const path = require('path') | ||
| const readline = require('readline') | ||
@@ -51,5 +52,5 @@ const read = filename => fs.readFileSync(grabber.payload(filename), 'utf8') | ||
| process.stdin | ||
| .on('data', buf => buf.toString().split('\n').filter(ip => ip).forEach(grab)) | ||
| readline | ||
| .createInterface({ input: process.stdin }) | ||
| .on('line', grab) | ||
| } | ||
@@ -56,0 +57,0 @@ |
+1
-1
| { | ||
| "name": "grab.js", | ||
| "version": "2.0.1", | ||
| "version": "2.1.0", | ||
| "description": "zgrab in node.js", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
Sorry, the diff of this file is not supported yet
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
No README
QualityPackage does not have a README. This may indicate a failed publish or a low quality package.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
2643093
0.11%- Number of package files
1249
1.22%- Lines of code
204
0.99%- Number of medium quality alerts
1
-50%- Number of lines in readme file
87
Infinity%