mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 16:48:19 +00:00
b307cbbe64
- Scripts now use the full path for @load to remove the subpaths from the shipped BROPATH. - Some script sets have been reorganized to make optional loads more obvious.
28 lines
563 B
Text
28 lines
563 B
Text
##! Software detection with the FTP protocol.
|
|
##!
|
|
##! TODO:
|
|
##!
|
|
##! * Detect server software with initial 220 message
|
|
##! * Detect client software with password given for anonymous users
|
|
##! (e.g. cyberduck@example.net)
|
|
|
|
@load protocols/ftp
|
|
@load frameworks/software
|
|
|
|
module FTP;
|
|
|
|
export {
|
|
redef enum Software::Type += {
|
|
FTP_CLIENT,
|
|
FTP_SERVER,
|
|
};
|
|
}
|
|
|
|
event ftp_request(c: connection, command: string, arg: string) &priority=4
|
|
{
|
|
if ( command == "CLNT" )
|
|
{
|
|
local si = Software::parse(arg, c$id$orig_h, FTP_CLIENT);
|
|
Software::found(c$id, si);
|
|
}
|
|
}
|