implements mqtt module

go.mod

@@ -3,34 +3,41 @@ module github.com/zmap/zgrab2
 go 1.22
 
 require (
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/hdm/jarm-go v0.0.7
-	github.com/prometheus/client_golang v1.19.0
-	github.com/prometheus/common v0.51.1 // indirect
-	github.com/prometheus/procfs v0.13.0 // indirect
-	github.com/rabbitmq/amqp091-go v1.9.0
-	github.com/sirupsen/logrus v1.9.0
-	github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300
+	github.com/prometheus/client_golang v1.19.1
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/rabbitmq/amqp091-go v1.10.0
+	github.com/sirupsen/logrus v1.9.3
+	github.com/zmap/zcrypto v0.0.0-20240512203510-0fef58d9a9db
 	github.com/zmap/zflags v1.4.0-beta.1.0.20200204220219-9d95409821b6
-	golang.org/x/crypto v0.23.0
-	golang.org/x/net v0.25.0
-	golang.org/x/sys v0.20.0
-	golang.org/x/text v0.15.0
-	google.golang.org/protobuf v1.33.0 // indirect
+	golang.org/x/crypto v0.25.0
+	golang.org/x/net v0.27.0
+	golang.org/x/sys v0.22.0
+	golang.org/x/text v0.16.0
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
 	gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22
 	gopkg.in/yaml.v2 v2.4.0
 )
 
-require golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8
+require golang.org/x/exp v0.0.0-20240707233637-46b078467d37
+
+require (
+	github.com/gorilla/websocket v1.5.3 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+)
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/eclipse/paho.mqtt.golang v1.4.3
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/prometheus/client_model v0.6.0 // indirect
-	github.com/rogpeppe/go-internal v1.10.0 // indirect
-	github.com/weppos/publicsuffix-go v0.30.2 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
+	github.com/weppos/publicsuffix-go v0.40.0 // indirect
 	github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248 // indirect
 )

modules/amqp091/scanner.go

@@ -14,13 +14,13 @@ import (
 // Populated by the framework.
 type Flags struct {
 	zgrab2.BaseFlags
+	zgrab2.TLSFlags
 
 	Vhost    string `long:"vhost" description:"The vhost to connect to" default:"/"`
 	AuthUser string `long:"auth-user" description:"Username to use for authentication. Must be used with --auth-pass. No auth is attempted if not provided."`
 	AuthPass string `long:"auth-pass" description:"Password to use for authentication. Must be used with --auth-user. No auth is attempted if not provided."`
 
 	UseTLS bool `long:"use-tls" description:"Use TLS to connect to the server. Note that AMQPS uses a different default port (5671) than AMQP (5672) and you will need to specify that port manually with -p."`
-	zgrab2.TLSFlags
 }
 
 // Module implements the zgrab2.Module interface.
@@ -247,7 +247,7 @@ func (scanner *Scanner) Scan(target zgrab2.ScanTarget) (zgrab2.ScanStatus, inter
 	if err != amqpLib.ErrSASL && err != amqpLib.ErrCredentials && amqpConn.Config.ChannelMax > 0 {
 		result.AuthSuccess = true
 		result.Tune = &connectionTune{
-			ChannelMax: amqpConn.Config.ChannelMax,
+			ChannelMax: int(amqpConn.Config.ChannelMax),
 			FrameMax:   amqpConn.Config.FrameSize,
 			Heartbeat:  int(amqpConn.Config.Heartbeat.Seconds()),
 		}

modules/mqtt.go

@@ -0,0 +1,7 @@
+package modules
+
+import "github.com/zmap/zgrab2/modules/mqtt"
+
+func init() {
+	mqtt.RegisterModule()
+}

modules/mqtt/mqtt_test.go

@@ -0,0 +1,80 @@
+// Run this test with a Docker container running a standard broker to test the validity of the probe
+package mqtt
+
+import (
+	"net"
+	"testing"
+	"time"
+
+	"github.com/zmap/zgrab2"
+)
+
+type mqttTester struct {
+	port           int
+	expectedStatus zgrab2.ScanStatus
+}
+
+func (t *mqttTester) getScanner() (*Scanner, error) {
+	var module Module
+	flags := module.NewFlags().(*Flags)
+	flags.Port = uint(t.port)
+
+	// Identifiers
+	flags.ClientID = "testClient" // MQTT-specific
+	flags.ClientRandom = "blabla" // on the TCP handshake
+
+	// Client and user
+	flags.SubscribeTopics = "#,$SYS/#"
+	flags.SubscribeTimeout = 10 * time.Second
+	flags.TopicsSeparator = ","
+
+	// Attempt anonymous auth with
+	// an empty user and password as the
+	flags.UserAuth = true
+	flags.Username = ""
+	flags.Password = ""
+
+	scanner := module.NewScanner()
+	if err := scanner.Init(flags); err != nil {
+		return nil, err
+	}
+
+	return scanner.(*Scanner), nil
+}
+
+func (t *mqttTester) runTest(test *testing.T, name string) {
+	scanner, err := t.getScanner()
+	if err != nil {
+		test.Fatalf("[%s] Unexpected error: %v", name, err)
+	}
+
+	target := zgrab2.ScanTarget{
+		IP: net.ParseIP("127.0.0.1"),
+	}
+
+	status, ret, err := scanner.Scan(target)
+	if status != t.expectedStatus {
+		test.Errorf("[%s] Wrong status: expected %s, got %s", name, t.expectedStatus, status)
+	}
+
+	if err != nil {
+		test.Errorf("[%s] Unexpected error: %v", name, err)
+	}
+
+	if ret == nil {
+		test.Errorf("[%s] Got empty response", name)
+	}
+}
+
+var tests = map[string]*mqttTester{
+	"success": {
+		port:           1883,
+		expectedStatus: zgrab2.SCAN_SUCCESS,
+	},
+}
+
+func TestMQTT(t *testing.T) {
+	for tname, cfg := range tests {
+		cfg.runTest(t, tname)
+	}
+}