Light

Scans network shares on macOS about local-log4j-vuln-scanner HOT 9 CLOSED

staze commented on August 19, 2024

Scans network shares on macOS

from local-log4j-vuln-scanner.

Comments (9)

hillu commented on August 19, 2024 2

@staze With the help of a few colleagues, I think I have found a reliable way to exclude specific filesystems. If a filesystem type is still missing in the code, feel free to open a pull request or reopen this issue. (The output of the mount command would be helpful in that case.)

from local-log4j-vuln-scanner.

hillu commented on August 19, 2024 1

You'll have to build it as described in the README.

from local-log4j-vuln-scanner.

hillu commented on August 19, 2024

Sure. I suppose we could just determine the fs type for each directory and skip the directory if it's something weird.

The thing is: I have no idea what the actual values on MacOSX are. Could you please run the program (with the problematic paths as command line parameters) and paste its output? Thanks.

package main

import (
	"log"
	"os"
	"syscall"
)

func main() {
	var buf syscall.Statfs_t
	for _, path := range os.Args[1:] {
		if err := syscall.Statfs(path, &buf); err != nil {
			log.Fatalf("statfs: %s: %v", path, err)
		}
		log.Printf("path=%s: type=%08x\n", path, buf.Type)
	}
}

from local-log4j-vuln-scanner.

staze commented on August 19, 2024

ahhh... though this was python but it's actually go.

Here it is against the Data partition (standard Big Sur/Monterey partition):
go run test_path.go /System/Volumes/
2022/01/05 16:09:36 path=/System/Volumes/: type=0000001c

Here it is against a fileshare "GROUPS"
go run test_path.go /System/Volumes/Data/Volumes/GROUPS
2022/01/05 16:11:19 path=/System/Volumes/Data/Volumes/GROUPS: type=0000001e

from local-log4j-vuln-scanner.

hillu commented on August 19, 2024

@staze Could you try the change I just pushed?

from local-log4j-vuln-scanner.

staze commented on August 19, 2024

Hi @hillu I don't see a binary, just the go files. How would I test with those? Sorry...

from local-log4j-vuln-scanner.

staze commented on August 19, 2024

Got it!

Okay, so it ignored one share, then started looking at another. it show as:

2022/01/05 17:05:28 path=/System/Volumes/Data/Volumes/fsdp: type=0000001f

Not sure if you want to just keep adding exceptions though.

from local-log4j-vuln-scanner.

hillu commented on August 19, 2024

Can you build and run the following test program? It's likle the first but should give more output.

package main

import (
	"log"
	"os"
	"syscall"
)

import "C"

func main() {
	var buf syscall.Statfs_t
	for _, path := range os.Args[1:] {
		if err := syscall.Statfs(path, &buf); err != nil {
			log.Fatalf("statfs: %s: %v", path, err)
		}
		log.Printf("path=%s: type=%08x subtype=%08x typename=%s\n", path, buf.Type, buf.Fssubtype,
			C.GoString((*C.char)(&buf.Fstypename[0])))
	}
}

If that does not work, try this:

package main

import (
	"log"
	"os"
	"syscall"
	"unsafe"
)

func main() {
	var buf syscall.Statfs_t
	for _, path := range os.Args[1:] {
		if err := syscall.Statfs(path, &buf); err != nil {
			log.Fatalf("statfs: %s: %v", path, err)
		}
		log.Printf("path=%s: type=%08x subtype=%08x typename=%s\n", path, buf.Type, buf.Fssubtype,
			string((*[16]byte)((unsafe.Pointer(&buf.Fstypename[0])))[:]))
	}
}

from local-log4j-vuln-scanner.

staze commented on August 19, 2024

Sorry for delay, I had left work before last test you gave. running new code now, can confirm it's skipping both afp and smb fileshares. Thanks!

from local-log4j-vuln-scanner.

Related Issues (20)

command line option for jar file matching HOT 7
Misnamed executable for patching HOT 1
Can't read magic from JAR file member HOT 1
Detection flags jar files with JndiLookup.class removed (but JndiManager.class present) HOT 8
Treat 2.12.2 as fixed version
New magic number check failure HOT 2
Strange "indicator" message from scanner HOT 1
Patcher does not seem to fix WAR files HOT 1
apache log4j 2.17 already out, please add HOT 1
Even with exclude, tool scans folders HOT 4
CVE-2021-45105 should mark 2.16 as vulnerable HOT 4
How to use filter.go HOT 4
Feature request: -exclude with wildcards HOT 1
Just curious - why do you do f.Seek(0, END) twice? HOT 1
Unable to scan network filesystems HOT 5
x86 support? HOT 3
installation with go install HOT 2
Crash when jar file is zero bytes HOT 2
Virustotal 2 security vendors and no sandboxes flagged this file as malicious HOT 1

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs