Skip to content

Fix: ports scanning #368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
toderian wants to merge 25 commits into
base: develop
Choose a base branch
from
Open

Fix: ports scanning #368

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
85cc099
fix: add pass and job duration
Feb 16, 2026
b73755b
feat: add deep ssh check, try login
Feb 17, 2026
47d0f19
fix: 21 ftp check
Feb 17, 2026
b8dd846
fix: improve telnet & 80 check
Feb 19, 2026
0b2fc5b
feat: format pentester under OWASP format
Feb 19, 2026
ffbfbf5
fix: add finding class | add cve_db | ensure severity is plain string…
Feb 19, 2026
266d038
fix: collect findings for services
Feb 19, 2026
3ad4490
fix: migrate remaining methods to findings structure
Feb 19, 2026
e6b6838
feat: add security hardening controls: credential redaction, ICS safe…
Feb 20, 2026
70bb588
feat: use timeline for saving all job-level events
Feb 26, 2026
8927e82
refactor: rename methods to use service name instead of port
Feb 26, 2026
3ef0a64
fix: ports without services detection
Feb 26, 2026
1e932b4
fix: extend CVE checks
Feb 26, 2026
4d7f4fa
feat: extend cve database and tests we run
Feb 26, 2026
a2a1d3a
fix: modbus
Feb 26, 2026
4edc92b
fix: services fingering
Feb 26, 2026
3366787
fix: extend services scan | honeypot detection
Feb 26, 2026
594fdfb
fix: port 81 vulnerabilities detection
Feb 26, 2026
bf2de9d
fix: timelines wordings
Feb 26, 2026
96e04e9
feat: save username when creating a job
Feb 27, 2026
d856a79
feat: add quick AI summary
Feb 27, 2026
00f7395
feat: add risc score
Feb 27, 2026
67d81a6
feat: add delete for dev env
Mar 1, 2026
fc3b6d0
fix: optimize dashboard loading
Mar 1, 2026
eed0975
fix: port 42 detection
Mar 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .devcontainer/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ decentra-vision
python-telegram-bot[rate-limiter]
protobuf==5.28.3
vectordb
ngrok
ngrok
paramiko
170 changes: 121 additions & 49 deletions extensions/business/cybersec/red_mesh/constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,17 @@
"description": "Collect banner and version data for common network services.",
"category": "service",
"methods": [
"_service_info_80",
"_service_info_443",
"_service_info_8080",
"_service_info_21",
"_service_info_22",
"_service_info_23",
"_service_info_25",
"_service_info_53",
"_service_info_161",
"_service_info_445",
"_service_info_http",
"_service_info_https",
"_service_info_http_alt",
"_service_info_ftp",
"_service_info_ssh",
"_service_info_telnet",
"_service_info_smtp",
"_service_info_dns",
"_service_info_snmp",
"_service_info_smb",
"_service_info_wins",
"_service_info_generic"
]
},
Expand All @@ -29,54 +30,59 @@
"category": "service",
"methods": [
"_service_info_tls",
"_service_info_1433",
"_service_info_3306",
"_service_info_3389",
"_service_info_5432",
"_service_info_5900",
"_service_info_6379",
"_service_info_9200",
"_service_info_11211",
"_service_info_27017",
"_service_info_502"
"_service_info_mssql",
"_service_info_mysql",
"_service_info_rdp",
"_service_info_postgresql",
"_service_info_vnc",
"_service_info_redis",
"_service_info_elasticsearch",
"_service_info_memcached",
"_service_info_mongodb",
"_service_info_modbus"
]
},
{
"id": "web_test_common",
"label": "Common exposure scan",
"description": "Probe default admin panels, disclosed files, and common misconfigurations.",
"id": "web_discovery",
"label": "Discovery",
"description": "Enumerate exposed files, admin panels, homepage secrets, tech fingerprinting, and VPN endpoints (OWASP WSTG-INFO).",
"category": "web",
"methods": [
"_web_test_common",
"_web_test_homepage",
"_web_test_flags",
"_web_test_graphql_introspection",
"_web_test_metadata_endpoints"
]
"methods": ["_web_test_common", "_web_test_homepage", "_web_test_tech_fingerprint", "_web_test_vpn_endpoints"]
},
{
"id": "web_test_security_headers",
"label": "Security headers audit",
"description": "Check HSTS, CSP, X-Frame-Options, and other critical response headers.",
"id": "web_hardening",
"label": "Hardening audit",
"description": "Audit cookie flags, security headers, CORS policy, redirect handling, and HTTP methods (OWASP WSTG-CONF).",
"category": "web",
"methods": [
"_web_test_security_headers",
"_web_test_cors_misconfiguration",
"_web_test_open_redirect",
"_web_test_http_methods"
]
"methods": ["_web_test_flags", "_web_test_security_headers", "_web_test_cors_misconfiguration", "_web_test_open_redirect", "_web_test_http_methods"]
},
{
"id": "web_test_vulnerability",
"label": "Vulnerability probes",
"description": "Non-destructive probes for common web vulnerabilities.",
"id": "web_api_exposure",
"label": "API exposure",
"description": "Detect GraphQL introspection leaks, cloud metadata endpoints, and API auth bypass (OWASP WSTG-APIT).",
"category": "web",
"methods": [
"_web_test_path_traversal",
"_web_test_xss",
"_web_test_sql_injection",
"_web_test_api_auth_bypass"
]
"methods": ["_web_test_graphql_introspection", "_web_test_metadata_endpoints", "_web_test_api_auth_bypass"]
},
{
"id": "web_injection",
"label": "Injection probes",
"description": "Non-destructive probes for path traversal, reflected XSS, and SQL injection (OWASP WSTG-INPV).",
"category": "web",
"methods": ["_web_test_path_traversal", "_web_test_xss", "_web_test_sql_injection"]
},
{
"id": "active_auth",
"label": "Credential testing",
"description": "Test default/weak credentials on database and remote access services. May trigger account lockout.",
"category": "service",
"methods": ["_service_info_mysql_creds", "_service_info_postgresql_creds"]
},
{
"id": "post_scan_correlation",
"label": "Cross-service correlation",
"description": "Post-scan analysis: honeypot detection, OS consistency, infrastructure leak aggregation.",
"category": "correlation",
"methods": ["_post_scan_correlate"]
}
]

Expand Down Expand Up @@ -106,4 +112,70 @@
# LLM Analysis types
LLM_ANALYSIS_SECURITY_ASSESSMENT = "security_assessment"
LLM_ANALYSIS_VULNERABILITY_SUMMARY = "vulnerability_summary"
LLM_ANALYSIS_REMEDIATION_PLAN = "remediation_plan"
LLM_ANALYSIS_REMEDIATION_PLAN = "remediation_plan"
LLM_ANALYSIS_QUICK_SUMMARY = "quick_summary"

# =====================================================================
# Protocol fingerprinting and probe routing
# =====================================================================

# Fingerprint configuration
FINGERPRINT_TIMEOUT = 2 # seconds — passive banner grab timeout
FINGERPRINT_MAX_BANNER = 512 # bytes — max banner stored per port
FINGERPRINT_HTTP_TIMEOUT = 4 # seconds — active HTTP probe timeout (honeypots may be slow)
FINGERPRINT_NUDGE_TIMEOUT = 3 # seconds — generic \r\n nudge probe timeout

# Well-known TCP port → protocol (fallback when banner is unrecognized)
WELL_KNOWN_PORTS = {
21: "ftp", 22: "ssh", 23: "telnet", 25: "smtp", 42: "wins",
53: "dns", 80: "http", 81: "http", 110: "pop3", 137: "nbns", 143: "imap",
161: "snmp", 443: "https", 445: "smb", 465: "smtp", # SMTPS
502: "modbus", 587: "smtp", 993: "imap", 995: "pop3", # TLS-wrapped mail
1433: "mssql", 3306: "mysql", 3389: "rdp", 5432: "postgresql",
5900: "vnc", 6379: "redis", 8000: "http", 8008: "http",
8080: "http", 8081: "http", 8443: "https", 8888: "http",
9200: "http", 11211: "memcached", 27017: "mongodb",
}

# Protocols where web vulnerability tests are applicable
WEB_PROTOCOLS = frozenset({"http", "https"})

# Which protocols each service probe is designed to test.
# Probes not listed here run unconditionally (forward-compatible with new probes).
PROBE_PROTOCOL_MAP = {
"_service_info_ftp": frozenset({"ftp"}),
"_service_info_ssh": frozenset({"ssh"}),
"_service_info_telnet": frozenset({"telnet"}),
"_service_info_smtp": frozenset({"smtp"}),
"_service_info_dns": frozenset({"dns"}),
"_service_info_http": frozenset({"http"}),
"_service_info_https": frozenset({"https"}),
"_service_info_http_alt": frozenset({"http"}),
"_service_info_tls": frozenset({"https", "unknown"}),
"_service_info_mssql": frozenset({"mssql"}),
"_service_info_mysql": frozenset({"mysql"}),
"_service_info_rdp": frozenset({"rdp"}),
"_service_info_postgresql": frozenset({"postgresql"}),
"_service_info_vnc": frozenset({"vnc"}),
"_service_info_redis": frozenset({"redis"}),
"_service_info_elasticsearch": frozenset({"http", "https"}),
"_service_info_memcached": frozenset({"memcached"}),
"_service_info_mongodb": frozenset({"mongodb"}),
"_service_info_snmp": frozenset({"snmp"}),
"_service_info_smb": frozenset({"smb"}),
"_service_info_modbus": frozenset({"modbus"}),
"_service_info_wins": frozenset({"wins", "nbns"}),
"_service_info_generic": frozenset({"unknown"}),
"_service_info_mysql_creds": frozenset({"mysql"}),
"_service_info_postgresql_creds": frozenset({"postgresql"}),
}

# =====================================================================
# Risk score computation
# =====================================================================

RISK_SEVERITY_WEIGHTS = {"CRITICAL": 40, "HIGH": 25, "MEDIUM": 10, "LOW": 2, "INFO": 0}
RISK_CONFIDENCE_MULTIPLIERS = {"certain": 1.0, "firm": 0.8, "tentative": 0.5}
RISK_SIGMOID_K = 0.02
RISK_CRED_PENALTY_PER = 15
RISK_CRED_PENALTY_CAP = 30
Loading