nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard
verified publisher icon projectdiscovery

CheckRDPEncryption function

Open pussycat0x opened this issue 8 months ago • 2 comments

Proposed changes

Detect RDP encryption using CheckRDPEncryption()

javascript:
  - code: |
      let m = require('nuclei/rdp');
      let response = m.CheckRDPEncryption(Host,Port);
      Export(response);

Checklist

  • [ ] Pull request is created against the dev branch
  • [ ] All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • [ ] I have added necessary documentation (if appropriate)

Summary by CodeRabbit

  • New Features
    • Added the ability to check supported security layers and encryption levels of an RDP server, including detailed reporting of protocol and cipher support.
    • Introduced caching for RDP encryption checks to improve performance on repeated queries.

pussycat0x avatar May 01 '25 12:05 pussycat0x

Walkthrough

Adds RDP probing: a new RDPEncryptionResponse type and CheckRDPEncryption(ctx, host, port) that actively probes RDP security layers and cipher strengths, plus a memoized wrapper memoizedcheckRDPEncryption(executionId, host, port) to cache probe results.

Changes

Cohort / File(s) Change Summary
RDP probing logic
pkg/js/libs/rdp/rdp.go		 Added RDPEncryptionResponse type and CheckRDPEncryption(ctx context.Context, host string, port int) public API; implemented probing (checkRDPEncryption, testRDPProtocol, testRDPCipher) that performs TCP connects, sends probe packets, and interprets responses to populate security layer and encryption flags.
Memoization wrapper
pkg/js/libs/rdp/memo.rdp.go		 Added memoizedcheckRDPEncryption(executionId string, host string, port int) that builds a cache key and delegates to protocolstate.Memoizer.Do to return cached or freshly computed RDPEncryptionResponse.

Sequence Diagram(s)

sequenceDiagram
    participant Caller
    participant RDPpkg as RDP package
    participant Memoizer
    participant Target as RDP Server

    Caller->>RDPpkg: CheckRDPEncryption(ctx, host, port)
    RDPpkg->>Memoizer: Do("checkRDPEncryption", executionId, host, port)
    alt cache hit
        Memoizer-->>RDPpkg: cached RDPEncryptionResponse
    else cache miss
        Memoizer-->>RDPpkg: callback -> checkRDPEncryption()
        RDPpkg->>Target: TCP connect + probe (protocol/cipher)
        Target-->>RDPpkg: probe responses
        RDPpkg->>RDPpkg: analyze -> RDPEncryptionResponse
        RDPpkg-->>Memoizer: store RDPEncryptionResponse
        Memoizer-->>RDPpkg: stored
    end
    RDPpkg-->>Caller: RDPEncryptionResponse

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I hop the nets at dusk and dawn,
I tap each port from lawn to lawn.
I test the ciphers, note each layer,
Then stash results safe with care.
A rabbit's cache — quick, quiet, keen. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 71.43% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title clearly identifies the primary change introduced by the pull request, namely the addition of the CheckRDPEncryption function, and does so concisely without extraneous detail. It directly reflects the content of the diff and will be understandable to anyone scanning the project history.
✨ Finishing touches
  • [ ] 📝 Generate Docstrings
🧪 Generate unit tests
  • [ ] Create PR with unit tests
  • [ ] Post copyable unit tests in a comment
  • [ ] Commit unit tests in branch RDP-Enc-func

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar May 01 '25 12:05 coderabbitai[bot]

Debug Data

./nuclei -u 127.0.0.1  -t rdp.yaml

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.4.2

                projectdiscovery.io

[INF] Current nuclei version: v3.4.2 (latest)
[INF] Current nuclei-templates version: v10.2.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 268
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[rdp-enc-check] [javascript] [info] 127.0.0.1:3389 ["{\n  "SecurityLayer": {\n    "NativeRDP": false,\n    "SSL": true,\n    "CredSSP": false,\n    "RDSTLS": true,\n    "CredSSPWithEarlyUserAuth": false\n  },\n  "EncryptionLevel": {\n    "RC4_40bit": false,\n    "RC4_56bit": false,\n    "RC4_128bit": false,\n    "FIPS140_1": false\n  }\n}"]

pussycat0x avatar May 01 '25 12:05 pussycat0x

@dogancanbakir any blockers on this? We can merge it with any required changes to get it ready.

ehsandeep avatar Jul 18 '25 18:07 ehsandeep

@coderabbit resolve

Mzack9999 avatar Sep 25 '25 23:09 Mzack9999

✅ Actions performed

Comments resolved.

coderabbitai[bot] avatar Sep 25 '25 23:09 coderabbitai[bot]