Skip to content

Output module

Jump to bottom
deadc0de edited this page Dec 1, 2017 · 9 revisions

Content:

Implement an output module

Scannerl is modular and one can add his/her own output module(s).

Output modules can be selected using the -o switch from the CLI:

./scannerl -m fp_httpbg -d google.com -o out_stdout,out_file:/tmp/results

Per default, the out_stdout module is used which outputs the results to standard out. Output modules can be combined by joining them with a , on the CLI. Their arguments are to be given using a :.

Each provided output module uses the out_behavior behavior. An output module must then have the following functions:

  • init/2: is called before the scan begins to initialize the output module. Its first argument is Scaninfo (see opts.hrl) and its second argument is a list of option provided on the CLI (if any). This function returns an object which is then used as an opaque pointer and passed along for subsequent calls to this output modules (functions clean and output).
  • clean/2: is called at the end of the scan and will be called with the returned value of init and the updated Scaninfo record (see opts.hrl).
  • output/2: is called on each result with the first argument being the returned value of init.
  • get_description/0: is called when the -l switch is provided to show a short description of the modules.
  • get_arguments/0: is called when the -l switch is provided to get the arguments.

Only results are sent to the output function of the output module. See the readme for more info on result formats.

Skeletons are available in this folder to get started.

Output modes

Besides using different output modules, several modes can be chosen. The option from the CLI is -O --outmode and requires an integer:

  • -outmode 0: output on master which means every result is sent through message passing to the master node by each fingerprinting process. The results are sent one by one, as they're received, to the output module(s)
  • --outmode 1: output on the fingerprinting process which means every erlang process (children of the supervisor) takes care of outputting the result itself. If for example you choose out_file with this mode, the output file will be written in each node and you'll have to aggregate them by hand.
  • --outmode greater than 1: results are sent to the broker by the fingeprinting process. The value (greater than 1) will define the buffering that will be used before outputting. This is typically used for outputting to a databases.

Examples

See the existing modules under https://github.com/kudelskisecurity/scannerl/tree/master/src/outmodules

Clone this wiki locally