$ go run main.go --host <HOST> --port <PORT>A --host (default: localhost) and --port (default: 3306) can be specified.
It will output a formatted json list of all information learned about the server from the initial handshape.
The error code will be zero if and only if the service was response and replied with the expected format.
A docker compose file to spin up a MySQL server is included for testing.
A Makefile is included to build, clean, lint, and format.
Unit tests can be run with make test.
$ docker compose up -d
$ make run
go run . --host=127.0.0.1 --port=3306
{
"host_port": "127.0.0.1:3306",
"success": true,
"server_version": "8.4.7",
"protocol_version": 10,
"connection_id": 34,
"raw_capability_flags": "0xDFFFFFFF",
"charset_id": 255,
"raw_status_flags": "0x2",
"server_status": [
"SERVER_STATUS_AUTOCOMMIT"
],
"salt_hex": "1A3449225E287F677B4E14476141425E51621C1400",
"auth_plugin_name": "caching_sha2_password",
"capabilities": [
"CLIENT_COMPRESS",
"CLIENT_IGNORE_SIGPIPE",
...
"CLIENT_NO_SCHEMA"
]
}We open a TCP connection and parse the Server Greeting message.
Other message types are not implemented.
After that, we close the socket.
Note that when the connection is closed, the server sends a response error 1158.
It is also possible to end the session more gracefully by sending a COM_QUIT command at the expense of an additional round trip.
There are two versions of the classic MySQL protocol: V9 and V10. We only implement V10, which is used since MySQL 3.21.0. There is also an newer "X" protocol, which is available as a plugin since MySQL 5.7.12. This protocol is not implemented in this scanner.
There is a basic validation of the values and their lengths. We do not validate whether the combination of values supplied by the server is legal. We also accept missing or malformed authentication names.
We included some unit tests to illustrate testing, but these are not exhaustive.