recon-headers

command module

v0.0.0-...-98dceb1 Latest Latest Go to latest Published: Jun 9, 2018 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jeffxf/recon-headers

Links

Open Source Insights

README ¶

recon-headers

A web server that replies to requests with a unique png image and logs the details of every request.

Jeff Ferrell (@jeffxf)
Garrett Whittaker

Purpose

This was put together for active recon purposes during a pentest engagement to gather info such as someone's IP address, user agent (depends on the software they use to load the image), and track who's opened a document or email.

There are existing services that provide the capability of tracking when an email you have sent has been opened. One of which is the service MailTracker. These services are great for what they do but aren't really aimed towards recon purposes and can't be self-hosted. Also, those services typically use static known-hashed images such as 1x1.png which you can see the negative community score and tracker relationships of here: https://www.virustotal.com/#/file/3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517/detection)

How To Use

Start the web server and come up with URI's to send out. The server will respond with a randomly generated png image to any URI requested. You can take advantage of the wildcard by providing each recipient a different URI path that identifies each individual. Then wait for requests to the image URI which will be logged to the logfile.

It's up to your creativity as to how you send the URI in a way that it will be opened by the recipient. Examples could be an email or word document with an image attached using the URI. When the email or word doc is opened, their host will make a request to the URI to get the image. The generated images are almost completely transparent and relatively small so the recipient shouldn't notice it.

Demo / Example

A demo is running at: https://recon-headers.herokuapp.com/ (Thanks Heroku). Just append whatever URI you want after the domain and it will respond with a random png while logging the request.

A page was setup to tail the most recent (IP redacted) logs at: https://recon-headers.herokuapp.com/logs

Additionally, there is a word document in the examples/ directory that will load an image from https://recon-headers.herokuapp.com/example.png when opened.

Features

Can reply back to wildcard URI's
Replies with randomly generated images
Attempts to prevent caching
Logs:
- Date/time
- Source IP
- Source port
- Returned status code
- Request URI
- Request headers
Only uses standard go packages

Default Settings

- ip: listens on all interfaces
- port: 8080
- uri: /*
- logfile: recon-headers.log

Help

$ ./recon-headers.linux -h
Usage of recon-headers.linux:
  -ip string
        The local IP address the web server should listen on (default "All interfaces")
  -logfile string
        The name of the log file (default "recon-headers.log")
  -port string
        The port number the web server should listen on (default "8080")
  -uri string
        The URI that returns an image
        Examples:
                "/"             =       Respond to any path or file name (wildcard path and file name)
                "/recon"        =       Only respond to exact match of "/recon"
                "/recon.png"    =       Only respond to exact match of "/recon.png"
                "/recon/"       =       Respond to "/recon/" and anything after (wildcard file name)
        (default "/")

Running Example

$ ./recon-headers.linux -port 3333 -logfile engagement01.log -uri "/eng01/"
[*] Starting web server (:3333)

Binaries

The 3 binaries in this repo are for x86 Windows, OSX, and Linux. They are located in the bin/ directory and were built using Docker following the "Building Your Own" section below. You of course only need one of the binaries for whichever OS you'll be running this server on.

File hashes:

# md5sum ./bin/recon-headers.*
796a0f1d42b8846ab8bf529c75c45c56  ./bin/recon-headers.linux
c8fdc8e06a7884f553f064bc4b33bd65  ./bin/recon-headers.osx
0b308b5747e217e9771003f4777eb573  ./bin/recon-headers.win

Building Your Own

Building the binary yourself is easy using the go compiler:

go build -v -o recon-headers recon-headers.go

Or, if you prefer to use Docker to build, the following will compile the source for x86 Windows, OSX, and Linux:

$ docker run --rm -it -v "$PWD":/usr/src/recon-headers -w /usr/src/recon-headers golang:1.10 bash

# GOOS=linux GOARCH=386 go build -v -ldflags "-s -w" -o bin/recon-headers.linux recon-headers.go

# GOOS=darwin GOARCH=386 go build -v -ldflags "-s -w" -o bin/recon-headers.osx recon-headers.go

# GOOS=windows GOARCH=386 go build -v -ldflags "-s -w" -o bin/recon-headers.win recon-headers.go

Why Golang?

I've been using go a lot recently and enjoy it, so here we are. I understand you probably would rather this be written using an interpreted lanuage like python. A few reasons could be:

Easier to modify a python script and quickly run it without having to install go and recompile
- I agree and might write this in python as well if I get around to it since it shouldn't take long at all. (But also, building in docker instead of installing go locally is super easy...)
Downloading a python script and running it is less sketchy than a binary
- Meh.. just compile it yourself then (again, you should be using docker these days anyways)

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

recon-headers.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL