Skip to content

refactor https_detect #1364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hitnik merged 3 commits into from
Sep 22, 2025
Merged

refactor https_detect #1364

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5e94920
refactor https_detect
hitnik Sep 19, 2025
c024a9a
set timeout to 5 seconds
hitnik Sep 19, 2025
68aa872
pylint
hitnik Sep 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 34 additions & 13 deletions modules/test/tls/python/src/http_scan.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,27 +53,48 @@
return http_ports

def is_https(self, ip, port):
"""Attempts a TLS handshake to determine if the port serves HTTPS."""
"""Detects if the port serves HTTPS, HTTP, or neither. Logs errors."""
try:
# Try HTTPS first
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
with socket.create_connection((ip, port), timeout=2) as sock:
with context.wrap_socket(sock, server_hostname=ip):
return True
except ssl.SSLError:
return False
except Exception: # pylint: disable=W0718
return False
with socket.create_connection((ip, port), timeout=5) as sock:
try:
with context.wrap_socket(sock, server_hostname=ip):
LOGGER.info(f'Port {port} supports HTTPS.')
return 'HTTPS'
except ssl.SSLError as e:
LOGGER.info(f'Port {port} does not support HTTPS: {e}')
except Exception as e:
LOGGER.error(f'Unexpected error during HTTPS check on {port}:{e}')
# If HTTPS fails, try HTTP by sending a simple request
with socket.create_connection((ip, port), timeout=5) as sock:
try:
http_request = (
f'GET / HTTP/1.1\r\n'
f'Host: {ip}\r\n'
'Connection: close\r\n\r\n'
)
sock.sendall(http_request.encode())
response = sock.recv(1024)
if response.startswith(b'HTTP/'):
LOGGER.info(f'Port {port} on {ip} supports HTTP.')
return 'HTTP'
else:
LOGGER.info(f'Port {port} did not return HTTP response header.')
except Exception as e:
LOGGER.error(f'Error during HTTP check on {port}: {e}')
except Exception as e:
LOGGER.error(f'Connection error on {port}: {e}')
return 'UNKNOWN'

def verify_http_or_https(self, ip, ports):
"""Classifies each port as HTTP or HTTPS."""
"""Classifies each port as HTTP, HTTPS, or UNKNOWN."""
results = {}
for port in ports:
if self.is_https(ip, port):
results[port] = 'HTTPS'
else:
results[port] = 'HTTP'
protocol = self.is_https(ip, port)
results[port] = protocol
return results

def scan_for_http_services(self, ip_address):
Expand Down