astatin3/rust-scan
1
0
Fork 0
mirror of https://github.com/Astatin3/rust-scan.git synced 2026-06-09 08:38:00 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add services

Browse Source
This commit is contained in:
Michael Mikovsky
2025-04-17 23:39:14 -06:00
parent ddfee03266
commit d6c9afb131
12 changed files with 1279 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/service_scan/mod.rs
+4
View File
@@ -0,0 +1,4 @@
pub mod service_scan;
pub mod services;
pub mod tcp_http;
pub mod tcp_https;
src/service_scan/service_scan.rs
+241
View File
@@ -0,0 +1,241 @@
use std::{
collections::HashMap,
io::{Read, Write},
net::{IpAddr, SocketAddr, TcpStream},
sync::{Arc, Mutex},
thread,
time::Duration,
};
use indicatif::ProgressBar;
use crate::{
database::DatabaseResult, port_scan::port_scan::PortScanResult, service_scan::tcp_http,
};
use super::{services::SERVICE_PATTERNS, tcp_https};
#[derive(Debug, Clone)]
pub struct ServiceScanResult {
pub ip: IpAddr,
pub open_ports: Vec<i32>,
pub services: HashMap<i32, (String, String)>,
}
impl ServiceScanResult {
fn new(ip: IpAddr) -> Self {
ServiceScanResult {
ip,
open_ports: Vec::new(),
services: HashMap::new(),
}
}
pub fn to_database(&self) -> DatabaseResult {
DatabaseResult {
id: self.ip.to_string(),
ports: self.open_ports.clone(),
services: serde_json::to_string(&self.services).unwrap_or(String::new()),
}
}
}
pub fn identify(ip: IpAddr, port: &i32, timeout: Duration) -> (String, String) {
let e = || basic_identify(ip, port, timeout).unwrap_or(("tcp".to_string(), "".to_string()));
match port {
80 | 8080 | 8081 | 8082 | 8083 | 8084 | 8085 | 8086 | 8087 | 8088 | 8089 => {
tuple_or_none("http", tcp_http::scan(ip, port, timeout)).unwrap_or(e())
}
443 | 8443 => tuple_or_none("https", tcp_https::scan(ip, port, timeout)).unwrap_or(e()),
_ => e(),
}
}
fn tuple_or_none(
tag: &str,
data: Result<String, Box<dyn std::error::Error>>,
) -> Option<(String, String)> {
if let Ok(data) = data {
Some((tag.to_string(), data))
} else {
None
}
}
pub fn scan_services(
port_scan_results: Vec<PortScanResult>,
num_threads: usize,
timeout: Duration,
) -> Vec<ServiceScanResult> {
let mut host_port_count: u64 = 0;
let results: Arc<Mutex<Vec<ServiceScanResult>>> = Arc::new(Mutex::new(
port_scan_results
.iter()
.map(|result| {
host_port_count += result.open_ports.len() as u64;
ServiceScanResult::new(result.ip)
})
.collect(),
));
let mut handles = Vec::new();
let pb = Arc::new(ProgressBar::new(host_port_count));
// Create a thread for each chunk of IPs
let chunks = split_ips_into_chunks(port_scan_results, num_threads);
for chunk in chunks {
let chunk_hosts = chunk.clone();
let thread_results = Arc::clone(&results);
let thread_timeout = timeout;
let thread_pb = Arc::clone(&pb);
handles.push(thread::spawn(move || {
for host in chunk_hosts {
let ports = &host.open_ports;
for port in ports {
// Try to identify the service on the port
let (service_name, banner) = identify(host.ip, port, thread_timeout);
let mut results_guard = thread_results.lock().unwrap();
if let Some(result) = results_guard.iter_mut().find(|r| r.ip == host.ip) {
result.open_ports.push(*port);
result.services.insert(*port, (service_name, banner));
}
thread_pb.inc(1);
}
}
}));
}
for handle in handles {
handle.join().unwrap();
}
pb.clone().finish_and_clear();
Arc::try_unwrap(results)
.expect("Arc still has multiple owners")
.into_inner()
.expect("Mutex poisoned")
.into_iter()
.map(|a| {
println!("{:?}", a);
a
})
.collect()
}
// Helper function to split the IPs into roughly equal chunks for threading
fn split_ips_into_chunks(ips: Vec<PortScanResult>, num_chunks: usize) -> Vec<Vec<PortScanResult>> {
let chunk_size = (ips.len() + num_chunks - 1) / num_chunks;
let mut chunks = Vec::new();
for chunk_idx in 0..num_chunks {
let start = chunk_idx * chunk_size;
if start >= ips.len() {
break;
}
let end = (start + chunk_size).min(ips.len());
chunks.push(ips[start..end].to_vec());
}
chunks
}
// Connect to an IP:port and send a probe
fn try_connect(ip: IpAddr, port: &i32, timeout: Duration, probe: &[u8]) -> Option<Vec<u8>> {
let addr = SocketAddr::new(ip, *port as u16);
match TcpStream::connect_timeout(&addr, timeout) {
Ok(mut stream) => {
// Set read/write timeouts
let _ = stream.set_read_timeout(Some(timeout));
let _ = stream.set_write_timeout(Some(timeout));
// Send the probe if it's not empty
if !probe.is_empty() {
if stream.write(probe).is_err() {
return None;
}
}
// Read the response
let mut buffer = [0; 4096]; // Larger buffer for service banners
let mut response = Vec::new();
// Try to read multiple times to get a complete banner
for _ in 0..3 {
match stream.read(&mut buffer) {
Ok(0) => break, // End of stream
Ok(bytes_read) => {
response.extend_from_slice(&buffer[0..bytes_read]);
if bytes_read < buffer.len() {
break; // Likely got all data if we read less than buffer size
}
}
Err(_) => break, // Error reading
}
// Small delay between reads
thread::sleep(Duration::from_millis(50));
}
Some(response)
}
Err(_) => None, // Connection failed
}
}
fn basic_identify(ip: IpAddr, port: &i32, timeout: Duration) -> Option<(String, String)> {
// Try a simple connection with no probe as last resort
if let Some(response) = try_connect(ip, port, timeout, b"\x00\n") {
if !response.is_empty() {
if let Some(service_name) = identify_service_from_response(&response) {
return Some((
service_name.to_string(),
String::from_utf8_lossy(response.as_slice()).to_string(),
));
}
}
// Port is open but service couldn't be identified
return Some(("tcp".to_string(), "".to_string()));
}
None
}
fn identify_service_from_response(response: &[u8]) -> Option<&str> {
// Convert response to string if possible
if let Ok(response_str) = std::str::from_utf8(response) {
// Try to match against known patterns
for (pattern, service_name) in SERVICE_PATTERNS.iter() {
if pattern.is_match(response_str) {
return Some(service_name);
}
}
}
// For binary responses, check for pattern matches
// Check for SSL/TLS
if response.len() >= 3 && response[0] == 0x16 && (response[1] == 0x03 || response[1] == 0x02) {
return Some("ssl/tls");
}
// Check for MySQL protocol
if response.len() >= 5 && response[0] == 0x4a && response[1] == 0x00 {
return Some("mysql");
}
// Check for MongoDB wire protocol
if response.len() >= 4
&& response[0] == 0x02
&& response[1] == 0x00
&& response[2] == 0x00
&& response[3] == 0x00
{
return Some("mongodb");
}
None
}
src/service_scan/services.rs
+664
View File
@@ -0,0 +1,664 @@
use lazy_static::lazy_static;
use regex::Regex;
lazy_static! {
pub static ref SERVICE_PATTERNS: Vec<(Regex, &'static str)> = vec![
// HTTP and Web Services
(Regex::new(r"^HTTP/\d").unwrap(), "http"),
(Regex::new(r"Server:").unwrap(), "http"),
(Regex::new(r"<html.*>").unwrap(), "http"),
(Regex::new(r"<title>.*</title>").unwrap(), "http"),
(Regex::new(r"^HTTP/\d+\.\d+ 4\d\d").unwrap(), "http"),
(Regex::new(r"^HTTP/\d+\.\d+ 5\d\d").unwrap(), "http"),
(Regex::new(r"404 Not Found").unwrap(), "http"),
(Regex::new(r"301 Moved Permanently").unwrap(), "http"),
(Regex::new(r"Content-Type: text/html").unwrap(), "http"),
(Regex::new(r"WebSocket").unwrap(), "websocket"),
(Regex::new(r"^WebSphere Application Server").unwrap(), "websphere"),
(Regex::new(r"Apache Tomcat").unwrap(), "tomcat"),
(Regex::new(r"JBoss").unwrap(), "jboss"),
(Regex::new(r"nginx").unwrap(), "nginx"),
(Regex::new(r"Ruby on Rails").unwrap(), "rails"),
(Regex::new(r"Django").unwrap(), "django"),
(Regex::new(r"Express").unwrap(), "express"),
(Regex::new(r"Microsoft-IIS").unwrap(), "iis"),
(Regex::new(r"Litespeed").unwrap(), "litespeed"),
(Regex::new(r"lighttpd").unwrap(), "lighttpd"),
(Regex::new(r"^Jetty").unwrap(), "jetty"),
(Regex::new(r"^GlassFish Server").unwrap(), "glassfish"),
(Regex::new(r"^Oracle-Application-Server").unwrap(), "oracle-as"),
(Regex::new(r"WAF/\d").unwrap(), "waf"),
(Regex::new(r"Resin/\d").unwrap(), "resin"),
// SSH
(Regex::new(r"^SSH-\d").unwrap(), "ssh"),
(Regex::new(r"^SSH-1\.").unwrap(), "ssh1"),
(Regex::new(r"^SSH-2\.").unwrap(), "ssh2"),
(Regex::new(r"OpenSSH").unwrap(), "openssh"),
(Regex::new(r"Dropbear").unwrap(), "dropbear-ssh"),
(Regex::new(r"libssh").unwrap(), "libssh"),
// Email Protocols
(Regex::new(r"^220.*SMTP").unwrap(), "smtp"),
(Regex::new(r"^220.*ESMTP").unwrap(), "smtp"),
(Regex::new(r"^220.*mail").unwrap(), "smtp"),
(Regex::new(r"^220.*Email").unwrap(), "smtp"),
(Regex::new(r"^220.*Simple Mail").unwrap(), "smtp"),
(Regex::new(r"^250[ -]").unwrap(), "smtp"),
(Regex::new(r"^554 ").unwrap(), "smtp"),
(Regex::new(r"^550 ").unwrap(), "smtp"),
(Regex::new(r"^220 .*Exchange").unwrap(), "smtp-exchange"),
(Regex::new(r"^220 .*Postfix").unwrap(), "smtp-postfix"),
(Regex::new(r"^220 .*Sendmail").unwrap(), "smtp-sendmail"),
(Regex::new(r"^\+OK").unwrap(), "pop3"),
(Regex::new(r"^\* OK").unwrap(), "imap"),
(Regex::new(r"^\* OK .*IMAP").unwrap(), "imap"),
(Regex::new(r"^\* OK .*Courier-IMAP").unwrap(), "courier-imap"),
(Regex::new(r"^\* OK .*Dovecot").unwrap(), "dovecot-imap"),
(Regex::new(r"^\* OK .*UW IMAP").unwrap(), "uw-imap"),
(Regex::new(r"^\* PREAUTH").unwrap(), "imap"),
(Regex::new(r"^OK LOGIN").unwrap(), "pop3"),
(Regex::new(r"^OK CAPA").unwrap(), "pop3"),
(Regex::new(r"^\+OK Dovecot").unwrap(), "dovecot-pop3"),
(Regex::new(r"^\+OK Courier").unwrap(), "courier-pop3"),
(Regex::new(r"^501 5\.5\.4").unwrap(), "smtp"),
// FTP
(Regex::new(r"^220.*FTP").unwrap(), "ftp"),
(Regex::new(r"^220 .*FileZilla").unwrap(), "filezilla-ftp"),
(Regex::new(r"^220 .*ProFTPD").unwrap(), "proftpd"),
(Regex::new(r"^220 .*Pure-FTPd").unwrap(), "pure-ftpd"),
(Regex::new(r"^220 .*vsFTPd").unwrap(), "vsftpd"),
(Regex::new(r"^220 .*WU-FTPD").unwrap(), "wu-ftpd"),
(Regex::new(r"^220 Welcome to Pure-FTPd").unwrap(), "pure-ftpd"),
(Regex::new(r"^220-FileZilla Server").unwrap(), "filezilla-ftp"),
(Regex::new(r"^220 Microsoft FTP").unwrap(), "microsoft-ftp"),
(Regex::new(r"^220 .*FRITZ!Box").unwrap(), "fritzbox-ftp"),
(Regex::new(r"^220 .*IIS .* FTP").unwrap(), "iis-ftp"),
(Regex::new(r"^220 .*FTP server \(GNU").unwrap(), "gnu-inetutils-ftpd"),
(Regex::new(r"^220 .*FTP server ready").unwrap(), "generic-ftp"),
(Regex::new(r"^331 ").unwrap(), "ftp"),
(Regex::new(r"^530 ").unwrap(), "ftp"),
// Database Servers
(Regex::new(r"^S\x00\x00\x01\x55\x00\x00").unwrap(), "mysql"),
(Regex::new(r"^\x5b\x00\x00\x00").unwrap(), "postgres"),
(Regex::new(r"^220 PostgreSQL").unwrap(), "postgres"),
(Regex::new(r"PostgreSQL SCRAM-SHA-256").unwrap(), "postgres"),
(Regex::new(r"^@REDICULOUS").unwrap(), "redis"),
(Regex::new(r"^@REDISJSON").unwrap(), "redis"),
(Regex::new(r"^-ERR\sERROR").unwrap(), "redis"),
(Regex::new(r"^-ERR\s").unwrap(), "redis"),
(Regex::new(r"^-DENIED\s").unwrap(), "redis"),
(Regex::new(r"^\\-ERR").unwrap(), "redis"),
(Regex::new(r"^\\+OK").unwrap(), "redis"),
(Regex::new(r"^[+]PONG").unwrap(), "redis"),
(Regex::new(r"^-NOAUTH\s").unwrap(), "redis"),
(Regex::new(r"^-BUSY\s").unwrap(), "redis"),
(Regex::new(r"^[$]").unwrap(), "redis"),
(Regex::new(r"^(\*)").unwrap(), "redis"),
(Regex::new(r"^redis_version").unwrap(), "redis"),
(Regex::new(r"Oracle Transparent Network Substrate Protocol").unwrap(), "oracle-tns"),
(Regex::new(r"^\x00\x00\x00\x00\x04\x00\x00\x00").unwrap(), "oracle-tns"),
(Regex::new(r"^@\(#\)sybase").unwrap(), "sybase"),
(Regex::new(r"^\x04\x01\x00").unwrap(), "sybase-ase"),
(Regex::new(r"^MongoDB").unwrap(), "mongodb"),
(Regex::new(r"^\x02\x00\x00\x00").unwrap(), "mongodb"),
// (Regex::new(r#"^{\"ok\":"#).unwrap(), "mongodb-rest"),
(Regex::new(r"^3 ").unwrap(), "mongodb-shell"),
(Regex::new(r"^MemCache").unwrap(), "memcached"),
(Regex::new(r"^VERSION ").unwrap(), "memcached"),
(Regex::new(r"^(?:ERROR|CLIENT_ERROR|SERVER_ERROR)$").unwrap(), "memcached"),
// (Regex::new(r"^\\(\\s+\(\\s+FLUSHDB").unwrap(), "db2"),
(Regex::new(r"^SQLite format 3\x00").unwrap(), "sqlite"),
(Regex::new(r"CouchDB").unwrap(), "couchdb"),
(Regex::new(r"^(?:HBase|ZooKeeper)").unwrap(), "hbase"),
(Regex::new(r"^Cassandra").unwrap(), "cassandra"),
(Regex::new(r"^\\x00\\x58\\x01\\x00\\x19\\x00\\x00\\x00\\x11\\x00\\x00\\x00\\x00").unwrap(), "cassandra"),
(Regex::new(r"^DSN=").unwrap(), "odbc"),
(Regex::new(r"^DLPX-").unwrap(), "delphix"),
(Regex::new(r"^RIAK").unwrap(), "riak"),
(Regex::new(r"^neo4j").unwrap(), "neo4j"),
(Regex::new(r"^\\x00\\x00\\x00\\x78\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00").unwrap(), "influxdb"),
// Telnet and Terminal Servers
(Regex::new(r"^220.*telnet").unwrap(), "telnet"),
(Regex::new(r"^\xff\xfb\x01\xff\xfb\x03").unwrap(), "telnet"),
(Regex::new(r"^\xff\xfb").unwrap(), "telnet"),
// (Regex::new(r"^\\x1B\\[").unwrap(), "telnet"),
(Regex::new(r"Welcome to the Telnet Server").unwrap(), "telnet"),
(Regex::new(r"BusyBox v").unwrap(), "busybox-telnet"),
(Regex::new(r"^Login:").unwrap(), "telnet"),
(Regex::new(r"^\r\nlogin: ").unwrap(), "telnet"),
(Regex::new(r"username:").unwrap(), "telnet"),
(Regex::new(r"password:").unwrap(), "terminal"),
(Regex::new(r"You are on a Router").unwrap(), "router-terminal"),
(Regex::new(r"^\r\n\r\nRTSP/1.0").unwrap(), "rtsp"),
// Remote Desktop and VNC
(Regex::new(r"^RFB \d").unwrap(), "vnc"),
(Regex::new(r"^RFB 003.").unwrap(), "vnc"),
(Regex::new(r"^RFB 004.").unwrap(), "vnc"),
(Regex::new(r"^\x03\x00\x00").unwrap(), "rdp"),
(Regex::new(r"^\x03\x00\x00\x0b\x06").unwrap(), "rdp"),
(Regex::new(r"^\x03\x00\x00\x13").unwrap(), "rdp"),
(Regex::new(r"^\x03\x00\x00\x03\x0e\x00\x00\x00").unwrap(), "rdp"),
(Regex::new(r"^Remote Desktop Protocol").unwrap(), "rdp"),
(Regex::new(r"Microsoft Terminal Server").unwrap(), "rdp"),
(Regex::new(r"^\x30\x64\xa0").unwrap(), "pcAnywhere"),
(Regex::new(r"^CONNECTREQUEST").unwrap(), "teamviewer"),
// LDAP and Directory Services
(Regex::new(r"^\x30\x0c\x02\x01\x01\x61").unwrap(), "ldap"),
(Regex::new(r"^\x30\x84").unwrap(), "ldap"),
(Regex::new(r"Microsoft Active Directory LDAP").unwrap(), "active-directory"),
(Regex::new(r"^objectClass").unwrap(), "ldap"),
(Regex::new(r"OpenLDAP").unwrap(), "openldap"),
(Regex::new(r"389 Directory Server").unwrap(), "389-ds"),
(Regex::new(r"^NDS version").unwrap(), "novell-nds"),
// Web Services and APIs
(Regex::new(r#"^\{"jsonrpc"#).unwrap(), "jsonrpc"),
(Regex::new(r#"^\{"result"#).unwrap(), "json-api"),
(Regex::new(r"^<\?xml").unwrap(), "xml-service"),
(Regex::new(r"<SOAP").unwrap(), "soap"),
(Regex::new(r"<soap").unwrap(), "soap"),
(Regex::new(r"<wsdl").unwrap(), "wsdl"),
(Regex::new(r"^<\\?xml version").unwrap(), "xml-rpc"),
(Regex::new(r"xmlns:soap").unwrap(), "soap"),
(Regex::new(r"<faultcode>").unwrap(), "soap"),
(Regex::new(r"graphql").unwrap(), "graphql"),
(Regex::new(r"<GraphQLResponse>").unwrap(), "graphql"),
(Regex::new(r"REST API").unwrap(), "rest-api"),
(Regex::new(r"Swagger").unwrap(), "swagger-api"),
(Regex::new(r"OpenAPI").unwrap(), "openapi"),
(Regex::new(r"^\\d{3} MCom_Perl").unwrap(), "perl-webservice"),
// Message Queues and Streaming
(Regex::new(r"^AMQP").unwrap(), "amqp"),
(Regex::new(r"^AMQP\x00\x01\x00\x00").unwrap(), "amqp-0-10"),
(Regex::new(r"^AMQP\x01\x01\x00\x0A").unwrap(), "amqp-1-0"),
(Regex::new(r"^AMQP\x00\x00\x09\x01").unwrap(), "amqp-0-9-1"),
(Regex::new(r"RabbitMQ").unwrap(), "rabbitmq"),
(Regex::new(r"Apache Kafka").unwrap(), "kafka"),
(Regex::new(r"^JMQ").unwrap(), "jms"),
(Regex::new(r"ActiveMQ").unwrap(), "activemq"),
(Regex::new(r"Apache ActiveMQ").unwrap(), "activemq"),
(Regex::new(r"MQTT").unwrap(), "mqtt"),
(Regex::new(r"^\\x10\\x").unwrap(), "mqtt"),
(Regex::new(r"^\\x20\\x").unwrap(), "mqtt"),
(Regex::new(r"Redis Pub/Sub").unwrap(), "redis-pubsub"),
(Regex::new(r"ZeroMQ").unwrap(), "zeromq"),
(Regex::new(r"Apache Pulsar").unwrap(), "pulsar"),
(Regex::new(r"NSQ").unwrap(), "nsq"),
// SSL/TLS
(Regex::new(r"^\x16\x03").unwrap(), "ssl/tls"),
(Regex::new(r"^\x16\x03\x00").unwrap(), "ssl-3.0"),
(Regex::new(r"^\x16\x03\x01").unwrap(), "tls-1.0"),
(Regex::new(r"^\x16\x03\x02").unwrap(), "tls-1.1"),
(Regex::new(r"^\x16\x03\x03").unwrap(), "tls-1.2"),
(Regex::new(r"^\x16\x03\x04").unwrap(), "tls-1.3"),
(Regex::new(r"^\x80\x80").unwrap(), "ssl-2.0"),
(Regex::new(r"^SSL").unwrap(), "ssl"),
(Regex::new(r"TLSv1").unwrap(), "tls"),
(Regex::new(r"StartTLS").unwrap(), "starttls"),
// RTSP/SIP/Media Streaming
(Regex::new(r"^RTSP/\d").unwrap(), "rtsp"),
(Regex::new(r"^SIP/\d").unwrap(), "sip"),
(Regex::new(r"^INVITE sip:").unwrap(), "sip"),
(Regex::new(r"^REGISTER sip:").unwrap(), "sip"),
(Regex::new(r"User-Agent: .*Asterisk").unwrap(), "asterisk-sip"),
(Regex::new(r"User-Agent: .*FreeSWITCH").unwrap(), "freeswitch-sip"),
(Regex::new(r"Server: .*Asterisk").unwrap(), "asterisk"),
(Regex::new(r"Server: .*FreeSWITCH").unwrap(), "freeswitch"),
(Regex::new(r"^ICY \d").unwrap(), "shoutcast"),
(Regex::new(r"^ICE/1\.0").unwrap(), "icecast"),
(Regex::new(r"Server: Icecast").unwrap(), "icecast"),
(Regex::new(r"Server: Shoutcast").unwrap(), "shoutcast"),
(Regex::new(r"^\$\$\$\$\$:").unwrap(), "rtmp"),
(Regex::new(r"^RTMP/\d").unwrap(), "rtmp"),
// Network and Routing
(Regex::new(r"^RIP").unwrap(), "rip"),
(Regex::new(r"^OSPF").unwrap(), "ospf"),
(Regex::new(r"^BGP").unwrap(), "bgp"),
(Regex::new(r"^220.*SNMP").unwrap(), "snmp"),
(Regex::new(r"public\x02\x01\x00\x02\x01\x00").unwrap(), "snmp"),
(Regex::new(r"^\x30\x2c\x02\x01\x00\x04").unwrap(), "snmp"),
(Regex::new(r"X-Openstackinternaltoken").unwrap(), "openstack"),
(Regex::new(r"zabbix").unwrap(), "zabbix-agent"),
(Regex::new(r"^\\x00\\x00\\x00\\x00\\x00\\x07\\x72\\x").unwrap(), "elasticsearch"),
// File Sharing
(Regex::new(r"^\\x00\\x00.*SAMBA").unwrap(), "samba"),
(Regex::new(r"^SMB").unwrap(), "smb"),
(Regex::new(r"^\\xff\\x53\\x4d\\x42").unwrap(), "smb"),
(Regex::new(r"NFS server").unwrap(), "nfs"),
(Regex::new(r"^\\x80\\x00\\x00\\x18").unwrap(), "nfs"),
(Regex::new(r"^\\x80\\x00\\x00\\x28").unwrap(), "nfs"),
(Regex::new(r"^\\x05\\x00\\x0b\\x03\\x10\\x00\\x00\\x00").unwrap(), "dcerpc"),
(Regex::new(r"AFP").unwrap(), "afp"),
(Regex::new(r"AFPX").unwrap(), "afp"),
(Regex::new(r"Apple Filing Protocol").unwrap(), "afp"),
(Regex::new(r"^\\x00\\x00\\x00\\d.\\xc2\\x80\\x80\\x80").unwrap(), "webdav"),
// Version Control
(Regex::new(r"^git://").unwrap(), "git"),
(Regex::new(r"git version").unwrap(), "git"),
(Regex::new(r"\\x30\\x30").unwrap(), "git"),
(Regex::new(r"git-upload-pack").unwrap(), "git"),
(Regex::new(r"^\\d{3} <SVN").unwrap(), "svn"),
// (Regex::new(r"^\\( success").unwrap(), "svn"),
(Regex::new(r"Subversion").unwrap(), "svn"),
(Regex::new(r"Mercurial").unwrap(), "mercurial"),
// Gaming and Game Servers
(Regex::new(r"^\\xff\\xff\\xff\\xff.*cstrikeHalf-Life").unwrap(), "counter-strike"),
(Regex::new(r"^\\xff\\xff\\xff\\xffinfo").unwrap(), "quake"),
(Regex::new(r"^\\xff\\xff\\xff\\xffstatusResponse").unwrap(), "minecraft"),
(Regex::new(r"^\\x01splitnum").unwrap(), "doom"),
(Regex::new(r"^\\xa1\\x12\\xa1\\x00").unwrap(), "doom"),
(Regex::new(r"MineCraft").unwrap(), "minecraft"),
(Regex::new(r"^MC|").unwrap(), "minecraft"),
(Regex::new(r"^\\x01player_").unwrap(), "minecraft"),
(Regex::new(r"^\\xff\\xff\\xff\\xff.*SourceEngine").unwrap(), "source-engine"),
(Regex::new(r"^\\xff\\xff\\xff\\xff.*Team Fortress").unwrap(), "team-fortress"),
(Regex::new(r"^\\xff\\xff\\xff\\xff.*Left 4 Dead").unwrap(), "left-4-dead"),
(Regex::new(r"^\\xff\\xff\\xff\\xff.*Portal").unwrap(), "portal"),
(Regex::new(r"^\\xff\\xff\\xff\\xff.*Half-Life").unwrap(), "half-life"),
(Regex::new(r"^\\xff\\xff\\xff\\xff.*Day of Defeat").unwrap(), "day-of-defeat"),
(Regex::new(r"^\\xff\\xff\\xff\\xff.*L\\.A\\. Noire").unwrap(), "la-noire"),
(Regex::new(r"^\\xff\\xff\\xff\\xff.*Dota 2").unwrap(), "dota2"),
(Regex::new(r"^\\x01ping").unwrap(), "arma"),
(Regex::new(r"^\\x01pong").unwrap(), "arma"),
// IoT and Smart Home
(Regex::new(r"CoAP").unwrap(), "coap"),
(Regex::new(r"^\\x40\\x01").unwrap(), "coap"),
(Regex::new(r"^\\x44\\x01").unwrap(), "coap"),
(Regex::new(r"MQTT").unwrap(), "mqtt"),
(Regex::new(r"^\\x10\\x..\\x00\\x04MQTT").unwrap(), "mqtt"),
(Regex::new(r"Sonos").unwrap(), "sonos"),
(Regex::new(r"Phillips Hue").unwrap(), "philips-hue"),
(Regex::new(r"Nest").unwrap(), "nest"),
(Regex::new(r"Z-Wave").unwrap(), "zwave"),
(Regex::new(r"ZigBee").unwrap(), "zigbee"),
(Regex::new(r"^\\x01\\x00\\x5e").unwrap(), "hue-api"),
(Regex::new(r"^\\xd0\\x00\\x01\\x04").unwrap(), "insteon"),
// Time Protocols
(Regex::new(r"^\\xd3").unwrap(), "ntp"),
(Regex::new(r"NTP").unwrap(), "ntp"),
(Regex::new(r"Stratum").unwrap(), "ntp"),
(Regex::new(r"^\\xe3").unwrap(), "ntp"),
(Regex::new(r"^\\x24").unwrap(), "ntp-control"),
(Regex::new(r"chronyd").unwrap(), "chrony"),
(Regex::new(r"timedatectl").unwrap(), "systemd-timesyncd"),
// Blockchain and Cryptocurrency
(Regex::new(r"Bitcoin").unwrap(), "bitcoin"),
(Regex::new(r"\\xf9\\xbe\\xb4\\xd9").unwrap(), "bitcoin"),
(Regex::new(r"blockchain").unwrap(), "blockchain"),
(Regex::new(r"Ethereum").unwrap(), "ethereum"),
(Regex::new(r"geth").unwrap(), "ethereum"),
(Regex::new(r"Ripple").unwrap(), "ripple"),
(Regex::new(r"XRP").unwrap(), "ripple"),
(Regex::new(r"Monero").unwrap(), "monero"),
(Regex::new(r"Litecoin").unwrap(), "litecoin"),
// Machine Learning and AI Services
(Regex::new(r"TensorFlow").unwrap(), "tensorflow-serving"),
(Regex::new(r"PyTorch").unwrap(), "pytorch-serving"),
(Regex::new(r"ONNX").unwrap(), "onnx-runtime"),
(Regex::new(r"MLFlow").unwrap(), "mlflow"),
(Regex::new(r"Jupyter").unwrap(), "jupyter"),
// Storage and Backup
(Regex::new(r"Ceph").unwrap(), "ceph"),
(Regex::new(r"GlusterFS").unwrap(), "glusterfs"),
(Regex::new(r"Hadoop").unwrap(), "hadoop"),
(Regex::new(r"HDFS").unwrap(), "hdfs"),
(Regex::new(r"Rsync").unwrap(), "rsync"),
(Regex::new(r"\\x40\\x52\\x53\\x59\\x4e\\x43\\x44").unwrap(), "rsync"),
(Regex::new(r"BackupPC").unwrap(), "backuppc"),
(Regex::new(r"Bacula").unwrap(), "bacula"),
(Regex::new(r"^Hello Bacula").unwrap(), "bacula"),
(Regex::new(r"Borg Backup").unwrap(), "borg"),
(Regex::new(r"Veeam").unwrap(), "veeam"),
(Regex::new(r"Amanda Backup").unwrap(), "amanda"),
(Regex::new(r"ZFS").unwrap(), "zfs"),
(Regex::new(r"^\\x00\\x00\\x00\\x2c\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14rquota").unwrap(), "rquota"),
// Monitoring and Management
(Regex::new(r"Nagios").unwrap(), "nagios"),
(Regex::new(r"Zabbix").unwrap(), "zabbix"),
(Regex::new(r"Prometheus").unwrap(), "prometheus"),
(Regex::new(r"Grafana").unwrap(), "grafana"),
(Regex::new(r"Munin").unwrap(), "munin"),
(Regex::new(r"Cacti").unwrap(), "cacti"),
(Regex::new(r"PRTG").unwrap(), "prtg"),
(Regex::new(r"^\\x00bgp").unwrap(), "bgp"),
(Regex::new(r"^\\xff\\xff.*BGP").unwrap(), "bgp"),
(Regex::new(r"Icinga").unwrap(), "icinga"),
(Regex::new(r"collectd").unwrap(), "collectd"),
(Regex::new(r"netdata").unwrap(), "netdata"),
(Regex::new(r"Elastic").unwrap(), "elasticsearch"),
(Regex::new(r"opentsdb").unwrap(), "opentsdb"),
// News and Discussion
(Regex::new(r"220 .*(NNTP|Network News)").unwrap(), "nntp"),
(Regex::new(r"^200 .*NNTP").unwrap(), "nntp"),
(Regex::new(r"^200 .*news").unwrap(), "nntp"),
(Regex::new(r"^200 .*ready").unwrap(), "nntp"),
(Regex::new(r"^201 ").unwrap(), "nntp"),
(Regex::new(r"^IHAVE ").unwrap(), "nntp"),
(Regex::new(r"^GROUP ").unwrap(), "nntp"),
(Regex::new(r"^MODE READER").unwrap(), "nntp"),
(Regex::new(r"NNTP-Posting-").unwrap(), "nntp"),
(Regex::new(r"^502 ").unwrap(), "nntp"),
// Additional service detection patterns for various protocols
// Add these patterns to your existing SERVICE_PATTERNS vector
// Container Orchestration
(Regex::new(r"Kubernetes").unwrap(), "kubernetes"),
(Regex::new(r"^apiVersion: v\d+").unwrap(), "kubernetes-api"),
(Regex::new(r"Docker").unwrap(), "docker"),
(Regex::new(r"docker-registry").unwrap(), "docker-registry"),
(Regex::new(r"Swarm").unwrap(), "docker-swarm"),
(Regex::new(r"Mesos").unwrap(), "mesos"),
(Regex::new(r"Nomad").unwrap(), "nomad"),
(Regex::new(r"containerd").unwrap(), "containerd"),
(Regex::new(r"OpenShift").unwrap(), "openshift"),
// Cloud Providers
(Regex::new(r"AmazonS3").unwrap(), "aws-s3"),
(Regex::new(r"EC2").unwrap(), "aws-ec2"),
(Regex::new(r"Lambda").unwrap(), "aws-lambda"),
(Regex::new(r"Azure").unwrap(), "azure"),
(Regex::new(r"Blob Storage").unwrap(), "azure-blob"),
(Regex::new(r"Google Cloud").unwrap(), "gcp"),
(Regex::new(r"Compute Engine").unwrap(), "gcp-compute"),
(Regex::new(r"Cloud Storage").unwrap(), "gcp-storage"),
(Regex::new(r"Firebase").unwrap(), "firebase"),
(Regex::new(r"Heroku").unwrap(), "heroku"),
(Regex::new(r"Digital Ocean").unwrap(), "digitalocean"),
// CI/CD Systems
(Regex::new(r"Jenkins").unwrap(), "jenkins"),
(Regex::new(r"GitLab").unwrap(), "gitlab"),
(Regex::new(r"Travis CI").unwrap(), "travis-ci"),
(Regex::new(r"CircleCI").unwrap(), "circleci"),
(Regex::new(r"TeamCity").unwrap(), "teamcity"),
(Regex::new(r"Bamboo").unwrap(), "bamboo"),
(Regex::new(r"Drone").unwrap(), "drone-ci"),
(Regex::new(r"Buildkite").unwrap(), "buildkite"),
// Search Engines
(Regex::new(r"Elasticsearch").unwrap(), "elasticsearch"),
// (Regex::new(r#"^{"cluster_name":"#).unwrap(), "elasticsearch"),
// (Regex::new(r#"^{"name":"[^"]+","cluster_name":"#).unwrap(), "elasticsearch"),
(Regex::new(r"Solr").unwrap(), "solr"),
(Regex::new(r"Lucene").unwrap(), "lucene"),
(Regex::new(r"Sphinx").unwrap(), "sphinx"),
// (Regex::new(r#"^{"took":d+,"timed_out":"#).unwrap(), "elasticsearch"),
(Regex::new(r"OpenSearch").unwrap(), "opensearch"),
// Additional Databases
(Regex::new(r"InfluxDB").unwrap(), "influxdb"),
(Regex::new(r"CrateDB").unwrap(), "cratedb"),
(Regex::new(r"Cockroach").unwrap(), "cockroachdb"),
(Regex::new(r"TimescaleDB").unwrap(), "timescaledb"),
(Regex::new(r"MariaDB").unwrap(), "mariadb"),
(Regex::new(r"SingleStore").unwrap(), "singlestore"),
(Regex::new(r"TiDB").unwrap(), "tidb"),
(Regex::new(r"Fauna").unwrap(), "faunadb"),
(Regex::new(r"DynamoDB").unwrap(), "dynamodb"),
(Regex::new(r"Clickhouse").unwrap(), "clickhouse"),
(Regex::new(r"ArangoDB").unwrap(), "arangodb"),
(Regex::new(r"ScyllaDB").unwrap(), "scylladb"),
(Regex::new(r"^\x83h\x03").unwrap(), "riak"),
(Regex::new(r"^\x83h\x02").unwrap(), "riak"),
// Advanced Network Protocols
(Regex::new(r"QUIC").unwrap(), "quic"),
(Regex::new(r"HTTP/3").unwrap(), "http3"),
(Regex::new(r"gRPC").unwrap(), "grpc"),
(Regex::new(r"^PRI \* HTTP/2").unwrap(), "http2"),
(Regex::new(r"Thrift").unwrap(), "thrift"),
(Regex::new(r"^\x00\x00\x00\x13\x06\x01").unwrap(), "tftp"),
(Regex::new(r"SCTP").unwrap(), "sctp"),
(Regex::new(r"DTLS").unwrap(), "dtls"),
(Regex::new(r"^\x17\xfe").unwrap(), "dtls"),
(Regex::new(r"^\x16\xfe").unwrap(), "dtls"),
// Identity and Access Management
(Regex::new(r"OAuth").unwrap(), "oauth"),
(Regex::new(r"SAML").unwrap(), "saml"),
(Regex::new(r"Keycloak").unwrap(), "keycloak"),
(Regex::new(r"^\\x30\\x84.*starttls").unwrap(), "ldaps"),
(Regex::new(r"Okta").unwrap(), "okta"),
(Regex::new(r"Auth0").unwrap(), "auth0"),
(Regex::new(r"OpenID").unwrap(), "openid"),
(Regex::new(r"Kerberos").unwrap(), "kerberos"),
(Regex::new(r"^\x60\x82").unwrap(), "kerberos"),
(Regex::new(r"^\x05\x02").unwrap(), "gssapi"),
// Cache Services
(Regex::new(r"^ERROR\r\n").unwrap(), "memcached"),
(Regex::new(r"^STAT pid \d+").unwrap(), "memcached"),
(Regex::new(r"^END\r\n").unwrap(), "memcached"),
(Regex::new(r"^CLIENT_ERROR").unwrap(), "memcached"),
(Regex::new(r"^SERVER_ERROR").unwrap(), "memcached"),
(Regex::new(r"Varnish").unwrap(), "varnish"),
(Regex::new(r"Squid").unwrap(), "squid"),
(Regex::new(r"HAProxy").unwrap(), "haproxy"),
(Regex::new(r"^\\*\\d+\\r\\n\\$\\d+\\r\\n").unwrap(), "redis-resp"),
// IoT/Industrial Protocols
(Regex::new(r"Modbus").unwrap(), "modbus"),
(Regex::new(r"BACnet").unwrap(), "bacnet"),
(Regex::new(r"MQTT-SN").unwrap(), "mqtt-sn"),
(Regex::new(r"DNP3").unwrap(), "dnp3"),
(Regex::new(r"^\x05\x64").unwrap(), "dnp3"),
(Regex::new(r"^\x0a\x00").unwrap(), "modbus-tcp"),
(Regex::new(r"OPC UA").unwrap(), "opcua"),
(Regex::new(r"^\x47\x77").unwrap(), "bacnet"),
(Regex::new(r"EtherNet/IP").unwrap(), "ethernet-ip"),
(Regex::new(r"PROFINET").unwrap(), "profinet"),
// Security Services
(Regex::new(r"^.*\sOPENVPN\s").unwrap(), "openvpn"),
(Regex::new(r"Wireguard").unwrap(), "wireguard"),
(Regex::new(r"IPsec").unwrap(), "ipsec"),
(Regex::new(r"^\x00\x00\x00\x00\x00\x00\x00\x01").unwrap(), "isakmp"),
(Regex::new(r"^SSH-1\.[5-9]").unwrap(), "ssh"),
(Regex::new(r"^\\xff\\x01\\x00").unwrap(), "ipsec-isakmp"),
(Regex::new(r"IKE").unwrap(), "ike"),
(Regex::new(r"Fortinet").unwrap(), "fortinet-vpn"),
(Regex::new(r"Palo Alto").unwrap(), "paloalto"),
(Regex::new(r"CheckPoint").unwrap(), "checkpoint"),
// Additional Web Technologies
(Regex::new(r"Wordpress").unwrap(), "wordpress"),
(Regex::new(r"Drupal").unwrap(), "drupal"),
(Regex::new(r"Joomla").unwrap(), "joomla"),
(Regex::new(r"Magento").unwrap(), "magento"),
(Regex::new(r"Laravel").unwrap(), "laravel"),
(Regex::new(r"Spring Boot").unwrap(), "spring-boot"),
(Regex::new(r"Next.js").unwrap(), "nextjs"),
(Regex::new(r"ASP.NET").unwrap(), "aspnet"),
(Regex::new(r"^HTTP/\\d\\.\\d 5\\d\\d .*cloudflare").unwrap(), "cloudflare"),
(Regex::new(r"Fastly").unwrap(), "fastly"),
(Regex::new(r"Akamai").unwrap(), "akamai"),
// Service Discovery
(Regex::new(r"Consul").unwrap(), "consul"),
(Regex::new(r"etcd").unwrap(), "etcd"),
(Regex::new(r"ZooKeeper").unwrap(), "zookeeper"),
(Regex::new(r"^RO,").unwrap(), "zookeeper"),
(Regex::new(r"^Zookeeper version").unwrap(), "zookeeper"),
(Regex::new(r"^notWatching").unwrap(), "zookeeper"),
(Regex::new(r"Eureka").unwrap(), "eureka"),
(Regex::new(r"Istio").unwrap(), "istio"),
(Regex::new(r"Envoy").unwrap(), "envoy"),
(Regex::new(r"Service Mesh").unwrap(), "service-mesh"),
// Embedded/IoT Systems
(Regex::new(r"DD-WRT").unwrap(), "dd-wrt"),
(Regex::new(r"OpenWrt").unwrap(), "openwrt"),
(Regex::new(r"pfSense").unwrap(), "pfsense"),
(Regex::new(r"Mikrotik").unwrap(), "mikrotik"),
(Regex::new(r"RouterOS").unwrap(), "routeros"),
(Regex::new(r"Ubiquiti").unwrap(), "ubiquiti"),
(Regex::new(r"UniFi").unwrap(), "unifi"),
(Regex::new(r"Synology").unwrap(), "synology"),
(Regex::new(r"QNAP").unwrap(), "qnap"),
(Regex::new(r"Netgear").unwrap(), "netgear"),
(Regex::new(r"TP-Link").unwrap(), "tp-link"),
(Regex::new(r"Asus").unwrap(), "asus"),
// Industrial Control Systems
(Regex::new(r"Siemens").unwrap(), "siemens"),
(Regex::new(r"S7Comm").unwrap(), "s7comm"),
(Regex::new(r"^\x03\x00\x00\x16").unwrap(), "s7comm"),
(Regex::new(r"Allen-Bradley").unwrap(), "allen-bradley"),
(Regex::new(r"Rockwell").unwrap(), "rockwell"),
(Regex::new(r"Schneider").unwrap(), "schneider"),
(Regex::new(r"Honeywell").unwrap(), "honeywell"),
(Regex::new(r"ABB").unwrap(), "abb"),
(Regex::new(r"SCADA").unwrap(), "scada"),
(Regex::new(r"PLC").unwrap(), "plc"),
// Additional RPC
(Regex::new(r"^\x4e\x00\x00\x00").unwrap(), "rpc-nfs"),
(Regex::new(r"^\x01\x86\xa0").unwrap(), "portmap-rpc"),
(Regex::new(r"JsonRPC").unwrap(), "jsonrpc"),
(Regex::new(r"XML-RPC").unwrap(), "xmlrpc"),
(Regex::new(r"^content-length: ").unwrap(), "http-rpc"),
(Regex::new(r"^POST /RPC2").unwrap(), "xmlrpc"),
// Distributed Systems
(Regex::new(r"Apache Beam").unwrap(), "apache-beam"),
(Regex::new(r"Apache Flink").unwrap(), "apache-flink"),
(Regex::new(r"Apache Spark").unwrap(), "apache-spark"),
(Regex::new(r"Dask").unwrap(), "dask"),
(Regex::new(r"Ray").unwrap(), "ray"),
(Regex::new(r"Akka").unwrap(), "akka"),
(Regex::new(r"Actor System").unwrap(), "actor-system"),
(Regex::new(r"Celery").unwrap(), "celery"),
(Regex::new(r"RQ").unwrap(), "rq"),
// Legacy Protocols
(Regex::new(r"^\\+OK POP").unwrap(), "pop3"),
(Regex::new(r"^\\+OK Dovecot").unwrap(), "dovecot-pop3"),
(Regex::new(r"^gopher:/").unwrap(), "gopher"),
(Regex::new(r"^1Service").unwrap(), "gopher"),
(Regex::new(r"^finger:").unwrap(), "finger"),
(Regex::new(r"Whois").unwrap(), "whois"),
(Regex::new(r"^%.*whois").unwrap(), "whois"),
(Regex::new(r"^\\* rlogin").unwrap(), "rlogin"),
(Regex::new(r"^\\* login").unwrap(), "rlogin"),
(Regex::new(r"X-Gopher-Menu").unwrap(), "gopher"),
(Regex::new(r"^150 Opening BINARY mode data").unwrap(), "ftp-data"),
(Regex::new(r"^\xff\xfb\x01\xff\xfb\x03\xff\xfb\x00\xff\xfd\x18").unwrap(), "telnet"),
// Network Services
(Regex::new(r"^DHCP").unwrap(), "dhcp"),
(Regex::new(r"bootp").unwrap(), "bootp"),
(Regex::new(r"TFTP").unwrap(), "tftp"),
(Regex::new(r"^Domain Name Server").unwrap(), "dns"),
(Regex::new(r"^\\x00\\x00\\x10\\x00\\x01").unwrap(), "dns-request"),
(Regex::new(r"^\\x00\\x00\\x84\\x00\\x01").unwrap(), "dns-response"),
(Regex::new(r"^PROXY").unwrap(), "proxy-protocol"),
(Regex::new(r"^\x5b\x62\x69\x6e\x64").unwrap(), "dns-bind"),
(Regex::new(r"^\\x13\\x03\\x00\\x00").unwrap(), "radius"),
(Regex::new(r"^\\x01\\x06\\x00").unwrap(), "radius"),
// Calendar and Scheduling
(Regex::new(r"^\\* OK.*CalDAV").unwrap(), "caldav"),
(Regex::new(r"^\\* OK.*CardDAV").unwrap(), "carddav"),
(Regex::new(r"BEGIN:VCALENDAR").unwrap(), "ical"),
(Regex::new(r"BEGIN:VCARD").unwrap(), "vcard"),
(Regex::new(r"iCalendar").unwrap(), "icalendar"),
(Regex::new(r"Exchange Calendar").unwrap(), "exchange-calendar"),
(Regex::new(r"Google Calendar").unwrap(), "google-calendar"),
(Regex::new(r"Microsoft Exchange").unwrap(), "ms-exchange"),
// Instant Messaging
(Regex::new(r"XMPP").unwrap(), "xmpp"),
(Regex::new(r"^<\\?xml.*jabber").unwrap(), "jabber"),
(Regex::new(r"^<stream:stream").unwrap(), "xmpp"),
(Regex::new(r"Slack API").unwrap(), "slack-api"),
(Regex::new(r"Discord").unwrap(), "discord"),
(Regex::new(r"Matrix").unwrap(), "matrix"),
// (Regex::new(r#"^\\{"errcode"#).unwrap(), "matrix"),
(Regex::new(r"IRC").unwrap(), "irc"),
(Regex::new(r"^:[a-zA-Z0-9.]+\\s\\d{3}").unwrap(), "irc"),
(Regex::new(r"^ERROR :Closing Link:").unwrap(), "irc"),
(Regex::new(r"^PING :").unwrap(), "irc"),
(Regex::new(r"^:\\S+ NOTICE Auth :").unwrap(), "irc"),
// Content Management
(Regex::new(r"Alfresco").unwrap(), "alfresco"),
(Regex::new(r"SharePoint").unwrap(), "sharepoint"),
(Regex::new(r"Documentum").unwrap(), "documentum"),
(Regex::new(r"FileNet").unwrap(), "filenet"),
(Regex::new(r"OpenText").unwrap(), "opentext"),
(Regex::new(r"Box API").unwrap(), "box-api"),
(Regex::new(r"Dropbox API").unwrap(), "dropbox-api"),
(Regex::new(r"Google Drive").unwrap(), "google-drive"),
(Regex::new(r"OneDrive").unwrap(), "onedrive"),
// Network Storage (Additional)
(Regex::new(r"iSCSI").unwrap(), "iscsi"),
(Regex::new(r"^\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00").unwrap(), "iscsi-discovery"),
(Regex::new(r"Fibre Channel").unwrap(), "fibre-channel"),
(Regex::new(r"NetApp").unwrap(), "netapp"),
(Regex::new(r"EMC").unwrap(), "emc"),
(Regex::new(r"\\x02\\x01\\x00\\x01\\x00").unwrap(), "fibrechannel"),
(Regex::new(r"NDMP").unwrap(), "ndmp"),
// Systems Management
(Regex::new(r"^\\xfe\\x54").unwrap(), "syslog"),
(Regex::new(r"<\\d+>\\w{3}\\s+\\d+\\s\\d+:\\d+:\\d+").unwrap(), "syslog"),
(Regex::new(r"WMI").unwrap(), "wmi"),
(Regex::new(r"WBEM").unwrap(), "wbem"),
(Regex::new(r"WS-Management").unwrap(), "ws-man"),
(Regex::new(r"^M-SEARCH").unwrap(), "ssdp"),
(Regex::new(r"NOTIFY").unwrap(), "ssdp-notify"),
(Regex::new(r"UPnP").unwrap(), "upnp"),
(Regex::new(r"DLNA").unwrap(), "dlna"),
// Print Services
(Regex::new(r"IPP/").unwrap(), "ipp"),
(Regex::new(r"CUPS").unwrap(), "cups"),
(Regex::new(r"LPD").unwrap(), "lpd"),
(Regex::new(r"JetDirect").unwrap(), "jetdirect"),
(Regex::new(r"^\\x01\\x01\\x00\\x").unwrap(), "ipp"),
// Hardware Management
(Regex::new(r"IPMI").unwrap(), "ipmi"),
(Regex::new(r"BMC").unwrap(), "bmc"),
(Regex::new(r"iDRAC").unwrap(), "idrac"),
(Regex::new(r"iLO").unwrap(), "ilo"),
(Regex::new(r"DRAC").unwrap(), "drac"),
(Regex::new(r"Lights Out").unwrap(), "lights-out"),
(Regex::new(r"\\x06\\x00\\xff\\x07").unwrap(), "ipmi"),
(Regex::new(r"RMCP").unwrap(), "ipmi-rmcp"),
// Additional Crypto/Blockchain
(Regex::new(r"Cardano").unwrap(), "cardano"),
(Regex::new(r"Polkadot").unwrap(), "polkadot"),
(Regex::new(r"Solana").unwrap(), "solana"),
(Regex::new(r"Chainlink").unwrap(), "chainlink"),
(Regex::new(r"Near Protocol").unwrap(), "near"),
(Regex::new(r"Avalanche").unwrap(), "avalanche"),
(Regex::new(r"Binance").unwrap(), "binance"),
(Regex::new(r"Hyperledger").unwrap(), "hyperledger"),
(Regex::new(r"Corda").unwrap(), "corda"),
(Regex::new(r"^\\xfa\\xce\\xb0\\x0c").unwrap(), "cardano"),
];
}
src/service_scan/tcp_http.rs
+21
View File
@@ -0,0 +1,21 @@
use std::{io::Read, net::IpAddr, time::Duration};
use reqwest::redirect::Policy;
pub fn scan(
ip: IpAddr,
port: &i32,
timeout: Duration,
) -> Result<String, Box<dyn std::error::Error>> {
let mut result = String::new();
let _ = reqwest::blocking::Client::builder()
.redirect(Policy::none())
.timeout(timeout)
.build()
.unwrap()
.get(format!("http://{}:{}", ip.to_string(), port))
.send()?
.read_to_string(&mut result);
Ok(result)
}
src/service_scan/tcp_https.rs
+24
View File
@@ -0,0 +1,24 @@
use std::{io::Read, net::IpAddr, time::Duration};
use reqwest::redirect::Policy;
pub fn scan(
ip: IpAddr,
port: &i32,
timeout: Duration,
) -> Result<String, Box<dyn std::error::Error>> {
let mut result = String::new();
let _response = reqwest::blocking::Client::builder()
.danger_accept_invalid_certs(true)
.redirect(Policy::none())
.timeout(timeout)
.build()
.unwrap()
.get(format!("https://{}:{}", ip.to_string(), port))
.send()?
.read_to_string(&mut result);
// println!("{}", result);
Ok(result)
}