Merge pull request #88 from secureCodeBox/ncrack

Add ncrack scanner implementation

Author: SebieF

.github/workflows/ci.yaml

@@ -131,6 +131,16 @@ jobs:
           tag_with_ref: true
           tag_with_sha: true
           build_args: baseImageTag=ci-local
+      - uses: docker/build-push-action@v1
+        name: "Build & Push Ncrack Parser Image"
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          repository: scbexperimental/parser-ncrack
+          path: ./scanners/ncrack/parser/
+          tag_with_ref: true
+          tag_with_sha: true
+          build_args: baseImageTag=ci-local
       - uses: docker/build-push-action@v1
         name: "Build & Push Nikto Parser Image"
         with:
@@ -278,6 +288,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
+      - uses: docker/build-push-action@v1
+        name: "Build & Push Ncrack Scanner Image"
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          repository: scbexperimental/ncrack
+          path: ./scanners/ncrack/scanner/
+          # Note: not prefixed with a "v" as this seems to match ncrack versioning standards
+          tags: "0.7,latest"
       - uses: docker/build-push-action@v1
         name: "Build & Push Nmap Scanner Image"
         with:
@@ -380,11 +399,20 @@ jobs:
           cd tests/integration/
           npx jest --ci --color read-only-hook
           helm -n integration-tests uninstall test-scan http-webhook ro-hook
+      - name: "Install Demo Apps"
+        run: |
+          # Install dummy-ssh app
+          helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --wait
       - name: "nmap Integration Tests"
         run: |
           helm -n integration-tests install nmap ./scanners/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
           cd tests/integration/
           npx jest --ci --color nmap
+      - name: "ncrack Integration Tests"
+        run: |
+          helm -n integration-tests install ncrack ./scanners/ncrack/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
+          cd tests/integration/
+          npx jest --ci --color ncrack
       - name: "kube-hunter Integration Tests"
         run: |
           helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
@@ -393,8 +421,6 @@ jobs:
       - name: "ssh-scan Integration Tests"
         run: |
           helm -n integration-tests install ssh-scan ./scanners/ssh_scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
-          # Install dummy-ssh app
-          helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --wait
           cd tests/integration/
           npx jest --ci --color ssh-scan
       - name: Inspect Post Failure

scanners/ncrack/.helmignore

@@ -0,0 +1,6 @@
+.DS_Store
+
+parser/
+scanner/
+examples/
+

scanners/ncrack/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: ncrack
+description: A Helm chart for the NCRACK security Scanner that integrates with the secureCodeBox.
+
+type: application
+version: 0.1.0
+appVersion: 0.7
+
+keywords:
+- security
+- ncrack
+- scanner
+- secureCodeBox
+home: https://www.securecodebox.io/scanners/ncrack
+icon: https://www.securecodebox.io/scannerIcons/Ncrack.svg
+sources:
+- https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+- name: iteratec GmbH
+  email: security@iteratec.com

scanners/ncrack/examples/dummy-ssh/README.md

@@ -0,0 +1,12 @@
+In this example we execute an ncrack scan against the intentional vulnerable ssh service (dummy-ssh)
+
+### Install dummy-ssh
+
+Before executing the scan, make sure to have dummy-ssh installed:
+
+```bash
+helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait
+```
+
+
+

scanners/ncrack/examples/dummy-ssh/scan.yaml

@@ -0,0 +1,12 @@
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "dummy-ssh"
+spec:
+  scanType: "ncrack"
+  parameters:
+    - -v
+    - --user=root,admin
+    - --pass=THEPASSWORDYOUCREATED,12345
+    - ssh://dummy-ssh
+

scanners/ncrack/parser/.dockerignore

@@ -0,0 +1,2 @@
+node_modules/
+

scanners/ncrack/parser/.gitignore

@@ -0,0 +1,2 @@
+node_modules/
+

scanners/ncrack/parser/Dockerfile

@@ -0,0 +1,11 @@
+ARG baseImageTag
+FROM node:12-alpine as build
+RUN mkdir -p /home/app
+WORKDIR /home/app
+COPY package.json package-lock.json ./
+RUN npm ci --production
+
+FROM scbexperimental/parser-sdk-nodejs:${baseImageTag:-latest}
+WORKDIR /home/app/parser-wrapper/parser/
+COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/
+COPY --chown=app:app ./parser.js ./parser.js

scanners/ncrack/parser/__testFiles__/ncrack_no_results.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ncrackrun>
+<!-- Ncrack 0.7 scan initiated Wed Dec  4 22:50:34 2019 as: ncrack -p ftp:3210 -oX /tmp/ncrack.xml scanme.nmap.org -->
+<ncrackrun scanner="ncrack" args="ncrack -p ftp:3210 -oX /tmp/ncrack.xml scanme.nmap.org" start="1575496234" startstr="Wed Dec  4 22:50:34 2019" version="0.7" xmloutputversion="1.00">
+<verbose level="0"/>
+<debugging level="0"/>
+<service starttime="1575496234" endtime="1575496234">
+<address addr="45.33.32.156" addrtype="ipv4"/>
+<port protocol="tcp" portid="3210" name="ftp"></port>
+</service>
+</ncrackrun>
+

scanners/ncrack/parser/__testFiles__/ncrack_two_services_no_results.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ncrackrun>
+<!-- Ncrack 0.7 scan initiated Wed Dec 11 17:44:38 2019 as: ncrack -p ssh,http -oX ncrackResults2.xml -vv -P passwords.txt -U usernames.txt scanme.nmap.org -->
+<ncrackrun scanner="ncrack" args="ncrack -p ssh,http -oX ncrackResults2.xml -vv -P passwords.txt -U usernames.txt scanme.nmap.org" start="1576082678" startstr="Wed Dec 11 17:44:38 2019" version="0.7" xmloutputversion="1.00">
+<verbose level="2"/>
+<debugging level="0"/>
+<service starttime="1576082678" endtime="1576082712">
+<address addr="45.33.32.156" addrtype="ipv4"/>
+<port protocol="tcp" portid="22" name="ssh"></port>
+</service>
+<service starttime="1576082678" endtime="1576082678">
+<address addr="45.33.32.156" addrtype="ipv4"/>
+<port protocol="tcp" portid="80" name="http"></port>
+</service>
+</ncrackrun>