mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
26 lines
530 B
Text
26 lines
530 B
Text
##! Software detection with the FTP protocol.
|
|
|
|
# TODO:
|
|
#
|
|
# * Detect server software with initial 220 message
|
|
# * Detect client software with password given for anonymous users
|
|
# (e.g. cyberduck@example.net)
|
|
|
|
@load base/frameworks/software
|
|
|
|
module FTP;
|
|
|
|
export {
|
|
redef enum Software::Type += {
|
|
FTP_CLIENT,
|
|
FTP_SERVER,
|
|
};
|
|
}
|
|
|
|
event ftp_request(c: connection, command: string, arg: string) &priority=4
|
|
{
|
|
if ( command == "CLNT" )
|
|
{
|
|
Software::found([$id=c$id, $banner=arg, $host=c$id$orig_h, $sw_type=FTP_CLIENT]);
|
|
}
|
|
}
|