[WIP] Running all remote scans via Tor

cmd/scanGithub.go

@@ -25,6 +25,16 @@ var scanGithubCmd = &cobra.Command{
 		// Set the scan type and start a new session
 		scanType := "github"
 		sess := core.NewSession(scanType)
+		enableTor := core.InitilizeTor(true)
+
+		if enableTor {
+			fmt.Println("Tor is enabled")
+			os.Exit(0)
+		} else {
+			fmt.Println("Tor is not running")
+			os.Exit(666)
+		}
+
 
 		// Ensure user input exists and validate it
 		sess.ValidateUserInput()

core/tor.go

@@ -0,0 +1,217 @@
+package core
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+
+	"golang.org/x/net/proxy"
+	"log"
+	"net"
+	"strings"
+
+	"net/http"
+
+	"github.com/PuerkitoBio/goquery"
+)
+
+func InitilizeTor(enableTor bool) bool {
+
+	// The site that we want to scrape for data
+	//var site string
+
+	// Do we want to proxy through tor
+	tor := true
+
+	// Debugging
+	debug := true
+
+	// set the tor bits
+	proxyAddress := "127.0.0.1"
+	proxyPort := 9050
+
+	if debug {
+
+		//fmt.Println("site: ", site)
+		fmt.Println("tor: ", tor)
+		fmt.Println("debugging: ", debug)
+		fmt.Println("Tor Address: ", proxyAddress)
+		fmt.Println("Tor Port: ", proxyPort)
+	}
+
+	if tor {
+
+		// Check to see if we running requests through tor
+		torStatus, ipAddr := checkTorConnection(proxyAddress, proxyPort)
+
+		//siteStatus := scrapeSite(site, proxyAddress, proxyPort)
+
+		fmt.Println("Connection Status: ", torStatus)
+		fmt.Println("IP Address: ", ipAddr)
+
+		//fmt.Println(siteStatus)
+		return true
+	} else {
+		return false
+	}
+}
+
+// Check the proxy connection details
+func checkTorConnection(address string, port int) (string, string) {
+
+	torAddress := "https://check.torproject.org/"
+
+	// create a socks5 dialer
+	dialer := CreateDialer(address, port)
+
+	// setup a http client
+	httpTransport := &http.Transport{}
+	httpClient := &http.Client{Transport: httpTransport}
+	// set our socks5 as the dialer
+	httpTransport.Dial = dialer.Dial
+	// create a request
+	req, err := http.NewRequest("GET", torAddress, nil)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "can't create request:", err)
+		os.Exit(2)
+	}
+	// use the http client to fetch the page
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "can't GET page:", err)
+		os.Exit(3)
+	}
+	defer resp.Body.Close()
+
+	// return statement for tor connection
+	var stmt string
+
+	// scrape the tor page to check if the connection is being sent over the proxy
+	secure, ipAddr := checkTorResponse(resp)
+	if secure {
+		stmt = "Secure"
+	} else {
+		stmt = "Not Secure"
+	}
+
+	return stmt, ipAddr
+
+}
+
+func CreateDialer(ip string, port int) proxy.Dialer {
+	address := ip + ":" + strconv.Itoa(port)
+
+	// create a socks5 dialer
+	dialer, err := proxy.SOCKS5("tcp", address, nil, proxy.Direct)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "can't connect to the proxy:", err)
+		os.Exit(1)
+	}
+
+	return dialer
+}
+
+// Parse the tor project site to ensure that the proxy is working. This will return a bool and the ip address
+func checkTorResponse(resp *http.Response) (bool, string) {
+
+	var secure = false
+	var address string
+
+	// Load the HTML document
+	doc, err := goquery.NewDocumentFromReader(resp.Body)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Find the review items
+	doc.Find(".content").Each(func(i int, s *goquery.Selection) {
+		ans := s.Text()
+		if strings.Contains(ans, "Congratulations.") {
+			secure = true
+		}
+
+		ipAddr := net.ParseIP(s.Find("strong").Text())
+		if ipAddr != nil {
+			address = ipAddr.String()
+		} else {
+			address = ""
+		}
+	})
+
+	return secure, address
+}
+
+// scrapeSite is a general purpose function to pull a site
+//func scrapeSite(site string, address string, port int) string {
+//	// TODO need to create the dialer once and then pass it around
+//	torAddress := site
+//
+//	// create a socks5 dialer
+//	dialer := CreateDialer(address, port)
+//
+//	// setup a http client
+//	httpTransport := &http.Transport{}
+//	httpClient := &http.Client{Transport: httpTransport}
+//	// set our socks5 as the dialer
+//	httpTransport.Dial = dialer.Dial
+//	// create a request
+//	req, err := http.NewRequest("GET", torAddress, nil)
+//	if err != nil {
+//		fmt.Fprintln(os.Stderr, "can't create request:", err)
+//		os.Exit(2)
+//	}
+//	// use the http client to fetch the page
+//	resp, err := httpClient.Do(req)
+//	if err != nil {
+//		fmt.Fprintln(os.Stderr, "can't GET page:", err)
+//		os.Exit(3)
+//	}
+//	defer resp.Body.Close()
+//
+//	// return statment for tor connection
+//	var stmt string
+//
+//	// scrape the site for the required data info
+//	pullData(resp)
+//
+//	return stmt
+//
+//}
+
+// pullData will find specific necessary site keywords
+//func pullData(resp *http.Response) string {
+//
+//	buf := new(bytes.Buffer)
+//	buf.ReadFrom(resp.Body)
+//	s := buf.String() // Does a complete copy of the bytes in the buffer.
+//
+//	foo := findEmail(s)
+//	bar := findBitcoin(s)
+//
+//	fmt.Println(foo)
+//	fmt.Println(bar)
+//
+//	return "all done"
+//
+//	// // Load the HTML document
+//	// doc, err := goquery.NewDocumentFromReader(resp.Body)
+//	// if err != nil {
+//	// 	log.Fatal(err)
+//	// }
+//
+//	// Find the review items
+//	// doc.Find(".content").Each(func(i int, s *goquery.Selection) {
+//	// 	ans := s.Text()
+//	// 	if strings.Contains(ans, "Congratulations.") {
+//	// 		secure = true
+//	// 	}
+//
+//	// 	ipAddr := net.ParseIP(s.Find("strong").Text())
+//	// 	if ipAddr != nil {
+//	// 		address = ipAddr.String()
+//	// 	} else {
+//	// 		address = ""
+//	// 	}
+//	// })
+//
+//}

go.mod

@@ -3,6 +3,7 @@ module github.com/N0MoreSecr3ts/wraith
 go 1.18
 
 require (
+	github.com/PuerkitoBio/goquery v1.8.0
 	github.com/elazarl/go-bindata-assetfs v1.0.1
 	github.com/fatih/color v1.13.0
 	github.com/gin-contrib/secure v0.0.1
@@ -16,6 +17,7 @@ require (
 	github.com/spf13/viper v1.12.0
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/go-gitlab v0.68.0
+	golang.org/x/net v0.0.0-20220621193019-9d032be2e588
 	golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb
 	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
 	gopkg.in/src-d/go-git.v4 v4.13.1
@@ -24,6 +26,7 @@ require (
 
 require (
 	github.com/Microsoft/go-winio v0.5.2 // indirect
+	github.com/andybalholm/cascadia v1.3.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
@@ -63,7 +66,6 @@ require (
 	github.com/xanzy/ssh-agent v0.3.1 // indirect
 	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/net v0.0.0-20220621193019-9d032be2e588 // indirect
 	golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect

go.sum

@@ -41,8 +41,12 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
+github.com/PuerkitoBio/goquery v1.8.0 h1:PJTF7AmFCFKk1N6V6jmKfrNH9tV5pNE6lZMkG0gta/U=
+github.com/PuerkitoBio/goquery v1.8.0/go.mod h1:ypIiRMtY7COPGk+I/YbZLbxsxn9g5ejnI2HSMtkjZvI=
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs=
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
+github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
+github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
@@ -397,6 +401,7 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220621193019-9d032be2e588 h1:9ubFuySsnAJYGyJrZ3koiEv8FyqofCBdz3G9Mbf2YFc=