When trying to compile under Windows with regular go install <...> there is an error:

>go install github.com/v-byte-cpu/sx@latest
go: downloading github.com/v-byte-cpu/sx v0.5.0
go: downloading github.com/google/gopacket v1.1.20-0.20210304165259-20562ffb40f8
go: downloading github.com/spf13/cobra v1.5.0
go: downloading github.com/docker/docker v20.10.7+incompatible
go: downloading github.com/moby/moby v20.10.7+incompatible
go: downloading go.uber.org/zap v1.23.0
go: downloading github.com/docker/go-units v0.4.0
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/docker/distribution v2.7.1+incompatible
go: downloading github.com/containerd/containerd v1.4.4
go: downloading github.com/Microsoft/go-winio v0.4.16
go: downloading github.com/konsorten/go-windows-terminal-sequences v1.0.1
# github.com/v-byte-cpu/sx/command
go\pkg\mod\github.com\v-byte-cpu\[email protected]\command\root.go:168:56: too many arguments in call to afpacket.NewPacketSource
        have (string, bool)
        want (string)

sx arp xxx can only get mac address of servers which in local network, and sx tcp xxx scan mode can only be used with arp scan result before. so how can i scan internet servers, i cannot get its mac address.

I'm seeing 100+ IP addresses sharing a Mac address during an ARP scan.

I check my managed switch and those do not appear.

Is this an issue with my network or a problem with the way sx is scanning ARP?

TCP scans are failing with Error: stdin is from a terminal exception.

Environment information:

• OS: Kali 2021.2
• Console & shell: XFCE TerminalEmulator + zsh
• sx: pre-built binary release (tested on v0.2 & 0.3)

Some sx snippets I tested with (I renamed sx binary to sxscanner, because Kali already has some tool named sx):

sxscanner tcp fin -p 80 10.10.10.230
sxscanner tcp -p 1-65535 10.10.10.230

Issues might be somewhere here: sx/command/config.go#L288, but I don't know Go, so now sure what can cause the issue.

$ podman build -t sx .
STEP 1: FROM golang:1.16-alpine AS builder
✔ docker.io/library/golang:1.16-alpine
Getting image source signatures
Copying blob 540db60ca938 done
Copying blob 0510c868ecb4 done
Copying blob 4c4ab2625f07 done
Copying blob afea3b2eda06 done
Copying blob adcc1eea9eea done
Copying config 270727b8fd done
Writing manifest to image destination
Storing signatures
STEP 2: RUN apk add --no-cache libpcap-dev libc-dev gcc linux-headers
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
(1/17) Installing libgcc (10.2.1_pre1-r3)
(2/17) Installing libstdc++ (10.2.1_pre1-r3)
(3/17) Installing binutils (2.35.2-r1)
(4/17) Installing libgomp (10.2.1_pre1-r3)
(5/17) Installing libatomic (10.2.1_pre1-r3)
(6/17) Installing libgphobos (10.2.1_pre1-r3)
(7/17) Installing gmp (6.2.1-r0)
(8/17) Installing isl22 (0.22-r0)
(9/17) Installing mpfr4 (4.1.0-r0)
(10/17) Installing mpc1 (1.2.0-r0)
(11/17) Installing gcc (10.2.1_pre1-r3)
(12/17) Installing musl-dev (1.2.2-r0)
(13/17) Installing libc-dev (0.7.2-r3)
(14/17) Installing libpcap (1.10.0-r0)
(15/17) Installing pkgconf (1.7.3-r0)
(16/17) Installing libpcap-dev (1.10.0-r0)
(17/17) Installing linux-headers (5.7.8-r0)
Executing busybox-1.32.1-r6.trigger
OK: 135 MiB in 32 packages
--> 5af35877a00
STEP 3: ADD . /app
--> 67e808a4805
STEP 4: WORKDIR /app
--> 93f4d5205ce
STEP 5: RUN go build -ldflags "-w -s" -o /sx
go: github.com/docker/[email protected]+incompatible: Get "https://proxy.golang.org/github.com/docker/docker/@v/v20.10.6+incompatible.mod": dial tcp: lookup proxy.golang.org: Try again
STEP 6: FROM alpine:3.13
Error: error building at STEP "RUN go build -ldflags "-w -s" -o /sx": error while running runtime: exit status 1

Hi, I'm experimenting with "sx" and found an interesting issue.

Well, I was trying to ICMP scan a local WiFi network. First of all, I generated the ARP cache file. After that I run the ICMP Scan. Everything seems to work, but the interesting thing that I'm talking about is: I generated a PCAP file while I was scanning the network and noted that even though I had just provided an ARP cache of 3 entries, sx had sent ICMP packets for all the subnet I provided in the command line.

I was expecting ICMP packets only for the 3 IP addresses/MACs listed in the ARP cache file. This is the ARP cache I used:

{"ip":"192.168.15.1","mac":"d8:c6:78:1f:bc:90","vendor":"MitraStar Technology Corp."} {"ip":"192.168.15.250","mac":"c8:5d:38:29:6b:08","vendor":"HUMAX Co., Ltd."} {"ip":"192.168.15.238","mac":"c8:5d:38:29:77:2f","vendor":"HUMAX Co., Ltd."}

Another thing that I noticed was that for each ICMP packet sent and which the MAC was not listed in the ARP cache, "sx" included the MAC address of the first entry in the ARP cache as the Ethernet frame destination address.

For example, for the IPs:

• 192.168.15.10 -> MAC d8:c6:78:1f:bc:90
• 192.168.15.20 -> MAC d8:c6:78:1f:bc:90
• 192.168.15.30 -> MAC d8:c6:78:1f:bc:90

Is it how it's supposed to work?

p.s) I'm using a development version. sx version dev

Thanks for any feedback.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/moby/moby | require | patch | v20.10.7+incompatible -> v20.10.18+incompatible |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/docker/docker | require | patch | v20.10.7+incompatible -> v20.10.18+incompatible |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

Hi,

It looks like the sx command returns a usage statement for most everything. For example, "sx arp 192.168.1.0/24" displays a usage statement.

Thanks, -G

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/jinzhu/copier | require | minor | v0.2.9 -> v0.3.0 |

Release Notes

Configuration

:date: Schedule: At any time (no schedule defined).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

The signature of afpacket.NewPacketSource was updated in readwriter.go (29ca59d5) for GOOS=linux, but the signature for that same function in readwriter_other.go for GOOS!=linux was not updated to match. This causes a build failure when GOOS!=linux. The build failure is not critical since only GOOS=linux is supported .

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | alpine | final | minor | 3.16 -> 3.17 |

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/moby/moby | require | patch | v20.10.7+incompatible -> v20.10.20+incompatible |

GitHub Vulnerability Alerts

GHSA-vp35-85q5-9f25

Description

Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime (formerly Docker EE), and Docker Desktop. Moby allows for building container images using a set of build instructions (usually named and referred to as a "Dockerfile"), and a build context, which is not unlike the CWD in which the Dockerfile instructions are executed.

Containers may be built using a variety of tools and build backends available in the Moby ecosystem; in all cases, builds may not include files outside of the build context (such as using absolute or relative-parent paths). This is enforced through both checks in the build backends, and the containerization of the build process itself.

Versions of Git where CVE-2022-39253 is present and exploited by a malicious repository, when used in combination with Moby, are subject to an unexpected inclusion of arbitrary filesystem paths in the build context, without any visible warning to the user.

This issue was originally reported by Wenxiang Qian of Tencent Blade Team, and the root-cause analysis was performed by Cory Snider of Mirantis, with assistance from Bjorn Neergaard of the same. The issue was then reported to the Git project, and Taylor Blau led the process resolving the root issue in Git.

Impact

This vulnerability originates in Git, but can be used to violate assumptions that may have security implications for users of Moby and related components. Users may rely on the fact that a build context ensures that outside files cannot be referenced or incorporated using multiple enforcement mechanisms, or expect a warning if this does not hold true. A maliciously crafted Git repository exploiting CVE-2022-39253 can violate this assumption, and potentially include sensitive files that are subsequently uploaded to a container image repository, or disclosed by code inside the resulting container image.

As this issue cannot be triggered remotely, except by users who already have full control over the daemon through the API, and it requires exploiting a vulnerability in Git by convincing a user to build a maliciously crafted repository, the impact in Moby is considered low.

Patches

Moby 20.10.20, and Mirantis Container Runtime (formerly Docker Enterprise Edition) 20.10.14 will contain mitigations for CVE-2022-39253 when a Git clone is performed by Moby components (on either the daemon or API client side). However, as these mitigations only apply to certain scenarios (build of git+<protocol>://... URL contexts) and cannot protect against a malicious repository already on disk, users should update to a version of Git containing patches for CVE-2022-39253 on all their systems running both API clients and daemons.

Specifically, patches in Moby (including patches incorporated from BuildKit) protect against the following:

• docker build with the legacy builder (e.g. DOCKER_BUILDKIT unset or set to 0) of a Git URL context. Note that depending on available API versions and the CLI version, the Git clone operation can take place on either the client or the daemon side. Both must be updated (or have Git updated) to fully protect this build method.
• docker build with the BuildKit builder (e.g. DOCKER_BUILDKIT=1) of a Git URL context.
• docker buildx build with BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 of a Git URL context.

Patches in BuildKit incorporated into Docker Compose protect against CVE-2022-39253 during Compose-driven builds of Git URL contexts.

Patches in Moby and related projects such as BuildKit, the Docker CLI, and Docker Compose cannot fully protect against CVE-2022-39253, as it may be triggered by a malicious repository already on disk that a unpatched Git client has interacted with (specifically, commands that check out submodules such as git clone --recursive, git submodule update, etc. may have already triggered the Git vulnerability).

Workarounds

While this behavior is unexpected and undesirable, and has resulted in this security advisory, users should keep in mind that building a container entails arbitrary code execution. Users should not build a repository/build context they do not trust, as containerization cannot protect against all possible attacks.

When building with BuildKit (e.g. docker buildx build or docker build with DOCKER_BUILDKIT=1), this issue cannot be exploited unless --build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 was also passed, as by default BuildKit will discard the .git directory of a Git URL context immediately after cloning and checking out the repository.

For more information

If you have any questions or comments about this advisory:

• Open an issue
• Email us at [email protected]

Release Notes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/stretchr/testify | require | patch | v1.8.0 -> v1.8.1 |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/docker/docker | require | patch | v20.10.7+incompatible -> v20.10.21+incompatible |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/spf13/cobra | require | minor | v1.5.0 -> v1.6.1 |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@v-byte-cpu hi, Why this error come to me help me plz... {"level":"error","ts":1665350624.2440908,"caller":"log/logger.go:76","msg":"socks","error":"dial tcp 192.168.0.241:1080: i/o timeout","stacktrace":"github.com/v-byte-cpu/sx/command/log.(*logger).Error\n\t/home/creedx/sx/command/log/logger.go:76\ngithub.com/v-byte-cpu/sx/command.startScanEngine.func3\n\t/home/creedx/sx/command/root.go:214"}