From 5e949204ddeb9d6c07f76c11f68b6903ad754558 Mon Sep 17 00:00:00 2001 From: Aliaksandr Nikitsin Date: Fri, 19 Sep 2025 19:25:03 +0200 Subject: [PATCH 1/3] refactor https_detect --- modules/test/tls/python/src/http_scan.py | 45 +++++++++++++++++------- 1 file changed, 33 insertions(+), 12 deletions(-) diff --git a/modules/test/tls/python/src/http_scan.py b/modules/test/tls/python/src/http_scan.py index 86b6c0439..5d7aa9acc 100644 --- a/modules/test/tls/python/src/http_scan.py +++ b/modules/test/tls/python/src/http_scan.py @@ -53,27 +53,48 @@ def scan_http_ports(self, ip): return http_ports def is_https(self, ip, port): - """Attempts a TLS handshake to determine if the port serves HTTPS.""" + """Detects if the port serves HTTPS, HTTP, or neither. Logs errors.""" try: + # Try HTTPS first context = ssl.create_default_context() context.check_hostname = False context.verify_mode = ssl.CERT_NONE + with socket.create_connection((ip, port), timeout=5) as sock: + try: + with context.wrap_socket(sock, server_hostname=ip): + LOGGER.info(f"Port {port} supports HTTPS.") + return 'HTTPS' + except ssl.SSLError as e: + LOGGER.info(f"Port {port} does not support HTTPS: {e}") + except Exception as e: + LOGGER.error(f"Unexpected error during HTTPS check on {port}:{e}") + # If HTTPS fails, try HTTP by sending a simple request with socket.create_connection((ip, port), timeout=2) as sock: - with context.wrap_socket(sock, server_hostname=ip): - return True - except ssl.SSLError: - return False - except Exception: # pylint: disable=W0718 - return False + try: + http_request = ( + f'GET / HTTP/1.1\r\n' + f'Host: {ip}\r\n' + 'Connection: close\r\n\r\n' + ) + sock.sendall(http_request.encode()) + response = sock.recv(1024) + if response.startswith(b'HTTP/'): + LOGGER.info(f"Port {port} on {ip} supports HTTP.") + return 'HTTP' + else: + LOGGER.info(f"Port {port} did not return HTTP response header.") + except Exception as e: + LOGGER.error(f"Error during HTTP check on {port}: {e}") + except Exception as e: + LOGGER.error(f"Connection error on {port}: {e}") + return 'UNKNOWN' def verify_http_or_https(self, ip, ports): - """Classifies each port as HTTP or HTTPS.""" + """Classifies each port as HTTP, HTTPS, or UNKNOWN.""" results = {} for port in ports: - if self.is_https(ip, port): - results[port] = 'HTTPS' - else: - results[port] = 'HTTP' + protocol = self.is_https(ip, port) + results[port] = protocol return results def scan_for_http_services(self, ip_address): From c024a9a955c4c073226bbb75e587b6fcdbfcd478 Mon Sep 17 00:00:00 2001 From: Aliaksandr Nikitsin Date: Fri, 19 Sep 2025 19:27:19 +0200 Subject: [PATCH 2/3] set timeout to 5 seconds --- modules/test/tls/python/src/http_scan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/test/tls/python/src/http_scan.py b/modules/test/tls/python/src/http_scan.py index 5d7aa9acc..e344668b9 100644 --- a/modules/test/tls/python/src/http_scan.py +++ b/modules/test/tls/python/src/http_scan.py @@ -69,7 +69,7 @@ def is_https(self, ip, port): except Exception as e: LOGGER.error(f"Unexpected error during HTTPS check on {port}:{e}") # If HTTPS fails, try HTTP by sending a simple request - with socket.create_connection((ip, port), timeout=2) as sock: + with socket.create_connection((ip, port), timeout=5) as sock: try: http_request = ( f'GET / HTTP/1.1\r\n' From 68aa87237f51987fd73bd9e8a2ecb0ee842dd02c Mon Sep 17 00:00:00 2001 From: Aliaksandr Nikitsin Date: Fri, 19 Sep 2025 19:30:41 +0200 Subject: [PATCH 3/3] pylint --- modules/test/tls/python/src/http_scan.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/test/tls/python/src/http_scan.py b/modules/test/tls/python/src/http_scan.py index e344668b9..3a0e56cf1 100644 --- a/modules/test/tls/python/src/http_scan.py +++ b/modules/test/tls/python/src/http_scan.py @@ -62,12 +62,12 @@ def is_https(self, ip, port): with socket.create_connection((ip, port), timeout=5) as sock: try: with context.wrap_socket(sock, server_hostname=ip): - LOGGER.info(f"Port {port} supports HTTPS.") + LOGGER.info(f'Port {port} supports HTTPS.') return 'HTTPS' except ssl.SSLError as e: - LOGGER.info(f"Port {port} does not support HTTPS: {e}") + LOGGER.info(f'Port {port} does not support HTTPS: {e}') except Exception as e: - LOGGER.error(f"Unexpected error during HTTPS check on {port}:{e}") + LOGGER.error(f'Unexpected error during HTTPS check on {port}:{e}') # If HTTPS fails, try HTTP by sending a simple request with socket.create_connection((ip, port), timeout=5) as sock: try: @@ -79,14 +79,14 @@ def is_https(self, ip, port): sock.sendall(http_request.encode()) response = sock.recv(1024) if response.startswith(b'HTTP/'): - LOGGER.info(f"Port {port} on {ip} supports HTTP.") + LOGGER.info(f'Port {port} on {ip} supports HTTP.') return 'HTTP' else: - LOGGER.info(f"Port {port} did not return HTTP response header.") + LOGGER.info(f'Port {port} did not return HTTP response header.') except Exception as e: - LOGGER.error(f"Error during HTTP check on {port}: {e}") + LOGGER.error(f'Error during HTTP check on {port}: {e}') except Exception as e: - LOGGER.error(f"Connection error on {port}: {e}") + LOGGER.error(f'Connection error on {port}: {e}') return 'UNKNOWN' def verify_http_or_https(self, ip, ports):