From 730963eb57f56c4d2cb4e9ea4776dcead5611b6d Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Thu, 11 Jan 2024 22:02:25 +0700 Subject: [PATCH] Use ssh_timeout for dns timeout, slightly less gnu-ism, and finish if no dests. --- Snake.nocomments.sh | 10 +++++----- Snake.sh | 18 ++++++++++-------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/Snake.nocomments.sh b/Snake.nocomments.sh index 250af2c..7d42d6d 100755 --- a/Snake.nocomments.sh +++ b/Snake.nocomments.sh @@ -259,14 +259,15 @@ printf "[%s]" "$(date +%s)" printf "%s\n" "$line" done < <(echo 'printf "%s" "$1" | base64 -d | stdbuf -o0 bash --noprofile --norc -s $1' | stdbuf -o0 bash --noprofile --norc -s "$(printf "%s" "$local_script" | base64 | tr -d '\n')" 2>&1 | grep -v -F 'INTERNAL_MSG') [[ $use_retry_all_dests -eq 1 ]] || return -printf "\n\n---------------------------------------\n\n" -printf "use_retry_all_dests=1. Re-starting.\n" local retried_interesting_dests retried_interesting_dests="$(gen_retried_interesting_dests | sort -u)" +[[ "${#retried_interesting_dests}" -gt 0 ]] || return +printf "\n\n---------------------------------------\n\n" +printf "use_retry_all_dests=1. Re-starting.\n" printf "%s destinations (from %s unique servers) added to interesting_dests.\n" "$(echo "$retried_interesting_dests" | wc -l)" "${#root_ssh_hostnames_dests[@]}" retried_interesting_dests="$(echo "$retried_interesting_dests" | tr '\n' ' ')" printf "\n---------------------------------------\n\n\n" -local_script="$(printf "%s" "$local_script" | sed '/^interesting_dests=(/c\interesting_dests=('"$retried_interesting_dests"')')" +local_script="$(printf "%s" "$local_script" | sed 's/^interesting_dests=(/interesting_dests=('"$retried_interesting_dests"'/')" local_script="$(printf "%s" "$local_script" | sed 's/^use_retry_all_dests=1/use_retry_all_dests=2/')" remove_function="find_from_authorized_keys find_from_hosts find_from_last find_arp_neighbours find_d_block find_from_ignore_list find_from_known_hosts find_from_hashed_known_hosts find_from_prev_dest combinate_users_hosts_aggressive combinate_interesting_users_hosts interesting_users interesting_hosts deduplicate_resolved_hosts_keys init_ignored ignored_users ignored_hosts ignored_dests find_user_from_file " local_script="$(remove_functions "$local_script" "$remove_function")" @@ -997,7 +998,7 @@ local res local use_mac local to if command -v timeout >/dev/null 2>&1; then -to="timeout 5" +to="timeout $ssh_timeout" fi if getent ahostsv4 -- 1.1.1.1 >/dev/null 2>&1; then res="$to getent ahostsv4 --" @@ -1022,7 +1023,6 @@ for ssh_dest in "${!ssh_dests[@]}"; do local ssh_user local ssh_host local resolved_ssh_host -ssh_dest="${ssh_dest,,}" is_ssh_dest "$ssh_dest" || continue ssh_user="${ssh_dest%%@*}" ssh_host="${ssh_dest#*@}" diff --git a/Snake.sh b/Snake.sh index 89a33c3..e6825cb 100755 --- a/Snake.sh +++ b/Snake.sh @@ -25,7 +25,7 @@ ignore_user=0 # [0|1]: Consider a dest already scanned based only on the ip addr use_sudo=1 # [1|0]: Attempt to use sudo on the dest. This may generate a large amount of security-related logs and can be extremely noisy. -ssh_timeout=3 # [3|n]: The connection timeout for ssh. See ssh_config(5)'s ConnectTimeout. +ssh_timeout=3 # [3|n]: The connection timeout for ssh and DNS resolution. See ssh_config(5)'s ConnectTimeout. retry_count=3 # [3|n]: In some cases, a recoverable error in ssh may be encountered (such as trying to access an an AWS instance with a disabled username). This number corresponds to the maximum amount of times the destination is tried again. It's generally advised to set this to at least 1. @@ -482,18 +482,21 @@ shape_script() { [[ $use_retry_all_dests -eq 1 ]] || return + local retried_interesting_dests + retried_interesting_dests="$(gen_retried_interesting_dests | sort -u)" + + [[ "${#retried_interesting_dests}" -gt 0 ]] || return + printf "\n\n---------------------------------------\n\n" printf "use_retry_all_dests=1. Re-starting.\n" - local retried_interesting_dests - retried_interesting_dests="$(gen_retried_interesting_dests | sort -u)" printf "%s destinations (from %s unique servers) added to interesting_dests.\n" "$(echo "$retried_interesting_dests" | wc -l)" "${#root_ssh_hostnames_dests[@]}" retried_interesting_dests="$(echo "$retried_interesting_dests" | tr '\n' ' ')" printf "\n---------------------------------------\n\n\n" - local_script="$(printf "%s" "$local_script" | sed '/^interesting_dests=(/c\interesting_dests=('"$retried_interesting_dests"')')" + local_script="$(printf "%s" "$local_script" | sed 's/^interesting_dests=(/interesting_dests=('"$retried_interesting_dests"'/')" local_script="$(printf "%s" "$local_script" | sed 's/^use_retry_all_dests=1/use_retry_all_dests=2/')" # We do not want to find any new dests and so on, so remove all of the non-key functions. @@ -1682,7 +1685,7 @@ deduplicate_resolved_hosts_keys() { # DNS timeout of 5 seconds per address (bleh, hack). if command -v timeout >/dev/null 2>&1; then - to="timeout 5" + to="timeout $ssh_timeout" fi # Use getent if it's available. @@ -1720,9 +1723,6 @@ deduplicate_resolved_hosts_keys() { local ssh_host local resolved_ssh_host - # Make everything lower case. - ssh_dest="${ssh_dest,,}" - is_ssh_dest "$ssh_dest" || continue # Checks if the host has been ignored in this loop ssh_user="${ssh_dest%%@*}" @@ -1900,7 +1900,9 @@ add_ssh_dest() { local ssh_user ssh_dest="$1" + ssh_dest="${ssh_dest,,}" + ssh_user="${ssh_dest%%@*}" ssh_host="${ssh_dest#*@}"