feat: integrate nerva

cmd/naabu/main.go

@@ -90,33 +90,40 @@ func main() {
 	c := make(chan os.Signal, 1)
 	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
 	go func() {
-		sig := <-c
-		gologger.Info().Msgf("Received signal: %s, exiting gracefully...\n", sig)
+		shutdownStarted := false
+		for sig := range c {
+			if shutdownStarted {
+				gologger.Warning().Msg("Received additional interrupt, forcing exit")
+				os.Exit(1)
+			}
 
-		// Cancel context to stop ongoing tasks
-		cancel()
+			shutdownStarted = true
+			gologger.Info().Msgf("Received signal: %s, exiting gracefully...\n", sig)
 
-		// Try to save resume config if needed
-		if options.ResumeCfg != nil && options.ResumeCfg.ShouldSaveResume() {
-			gologger.Info().Msgf("Creating resume file: %s\n", runner.DefaultResumeFilePath())
-			if err := options.ResumeCfg.SaveResumeConfig(); err != nil {
-				gologger.Error().Msgf("Couldn't create resume file: %s\n", err)
-			}
-		}
+			go func() {
+				// Cancel context to stop ongoing tasks
+				cancel()
 
-		// Show scan result if runner is available
-		if naabuRunner != nil {
-			naabuRunner.ShowScanResultOnExit()
+				// Try to save resume config if needed
+				if options.ResumeCfg != nil && options.ResumeCfg.ShouldSaveResume() {
+					gologger.Info().Msgf("Creating resume file: %s\n", runner.DefaultResumeFilePath())
+					if err := options.ResumeCfg.SaveResumeConfig(); err != nil {
+						gologger.Error().Msgf("Couldn't create resume file: %s\n", err)
+					}
+				}
 
-			if err := naabuRunner.Close(); err != nil {
-				gologger.Error().Msgf("Couldn't close runner: %s\n", err)
-			}
-		}
+				// Show scan result if runner is available
+				if naabuRunner != nil {
+					naabuRunner.ShowScanResultOnExit()
 
-		// Final flush if gologger has a Close method (placeholder if exists)
-		// Example: gologger.Close()
+					if err := naabuRunner.Close(); err != nil {
+						gologger.Error().Msgf("Couldn't close runner: %s\n", err)
+					}
+				}
 
-		os.Exit(1)
+				os.Exit(1)
+			}()
+		}
 	}()
 
 	// Start enumeration

go.mod

@@ -11,6 +11,7 @@ require (
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/miekg/dns v1.1.62
 	github.com/pkg/errors v0.9.1
+	github.com/praetorian-inc/nerva v1.0.0
 	github.com/projectdiscovery/blackrock v0.0.1
 	github.com/projectdiscovery/cdncheck v1.2.19
 	github.com/projectdiscovery/clistats v0.1.1
@@ -67,9 +68,10 @@ require (
 	github.com/google/go-github/v30 v30.1.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/ishidawataru/sctp v0.0.0-20251114114122-19ddcbc6aae2 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.2 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
@@ -97,6 +99,7 @@ require (
 	github.com/projectdiscovery/hmap v0.0.99 // indirect
 	github.com/projectdiscovery/machineid v0.0.0-20250715113114-c77eb3567582 // indirect
 	github.com/projectdiscovery/retryabledns v1.0.112 // indirect
+	github.com/projectdiscovery/wappalyzergo v0.2.17 // indirect
 	github.com/refraction-networking/utls v1.7.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
@@ -127,12 +130,15 @@ require (
 	go.etcd.io/bbolt v1.3.7 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	golang.org/x/crypto v0.46.0 // indirect
-	golang.org/x/mod v0.30.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
+	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/oauth2 v0.32.0 // indirect
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/term v0.38.0 // indirect
-	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/text v0.33.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.39.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda // indirect
+	google.golang.org/grpc v1.78.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

pkg/runner/nerva.go

@@ -0,0 +1,256 @@
+package runner
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/netip"
+	"strings"
+
+	"github.com/praetorian-inc/nerva/pkg/plugins"
+	"github.com/praetorian-inc/nerva/pkg/scan"
+	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/naabu/v2/pkg/port"
+	"github.com/projectdiscovery/naabu/v2/pkg/protocol"
+	"github.com/projectdiscovery/naabu/v2/pkg/result"
+)
+
+func (r *Runner) handleServiceFingerprinting() error {
+	if !r.options.ServiceDiscovery && !r.options.ServiceVersion {
+		return nil
+	}
+
+	var tcpTargets, udpTargets []plugins.Target
+	for hostResult := range r.scanner.ScanResults.GetIPsPorts() {
+		for _, p := range hostResult.Ports {
+			if p.Port <= 0 || p.Port > 65535 {
+				continue
+			}
+
+			target := plugins.Target{
+				Host:    hostResult.IP,
+				Address: joinAddrPort(hostResult.IP, p.Port),
+			}
+			if !target.Address.IsValid() {
+				continue
+			}
+
+			switch p.Protocol {
+			case protocol.UDP:
+				udpTargets = append(udpTargets, target)
+			default:
+				tcpTargets = append(tcpTargets, target)
+			}
+		}
+	}
+
+	if len(tcpTargets) == 0 && len(udpTargets) == 0 {
+		// gologger.Info().Msg("No hosts with open ports found for service fingerprinting")
+		return nil
+	}
+
+	baseCfg := scan.Config{
+		DefaultTimeout: r.options.Timeout,
+		Verbose:        r.options.Verbose || r.options.Debug,
+	}
+
+	run := func(targets []plugins.Target, udp bool) {
+		if len(targets) == 0 {
+			return
+		}
+
+		cfg := baseCfg
+		cfg.UDP = udp
+
+		results, err := scan.ScanTargets(targets, cfg)
+		if err != nil {
+			transport := "tcp"
+			if udp {
+				transport = "udp"
+			}
+			gologger.Warning().Msgf("Could not fingerprint %s services: %s", transport, err)
+			return
+		}
+
+		r.integrateNervaResults(results)
+	}
+
+	run(tcpTargets, false)
+	run(udpTargets, true)
+
+	return nil
+}
+
+func joinAddrPort(ip string, portNum int) netip.AddrPort {
+	addr, err := netip.ParseAddr(ip)
+	if err != nil {
+		return netip.AddrPort{}
+	}
+
+	if portNum <= 0 || portNum > 65535 {
+		return netip.AddrPort{}
+	}
+
+	return netip.AddrPortFrom(addr, uint16(portNum))
+}
+
+func (r *Runner) integrateNervaResults(services []plugins.Service) {
+	for _, service := range services {
+		enhancedPort, ip, ok := r.convertNervaServiceToPort(service)
+		if !ok {
+			continue
+		}
+
+		r.updatePortWithServiceInfo(ip, enhancedPort)
+	}
+}
+
+func (r *Runner) convertNervaServiceToPort(service plugins.Service) (*port.Port, string, bool) {
+	if service.Port <= 0 {
+		return nil, "", false
+	}
+
+	proto := protocol.TCP
+	if strings.EqualFold(service.Transport, "udp") {
+		proto = protocol.UDP
+	}
+
+	enhancedPort := &port.Port{
+		Port:     service.Port,
+		Protocol: proto,
+		TLS:      service.TLS,
+		Service: &port.Service{
+			Name: service.Protocol,
+		},
+	}
+
+	if r.options.ServiceVersion {
+		enhancedPort.Service.Version = service.Version
+		enhancedPort.Service.Product = service.Protocol
+		enhancedPort.Service.ExtraInfo = normalizeServiceRawMetadata(service.Raw)
+	}
+
+	ip := service.IP
+	if ip == "" {
+		ip = service.Host
+	}
+	if ip == "" {
+		return nil, "", false
+	}
+
+	return enhancedPort, ip, true
+}
+
+func normalizeServiceRawMetadata(raw json.RawMessage) string {
+	trimmed := strings.TrimSpace(string(raw))
+	if trimmed == "" {
+		return ""
+	}
+
+	if !json.Valid(raw) {
+		return trimmed
+	}
+
+	var compact bytes.Buffer
+	if err := json.Compact(&compact, raw); err != nil {
+		return trimmed
+	}
+
+	return compact.String()
+}
+
+func (r *Runner) enrichHostResultPorts(hostResult *result.HostResult) []*port.Port {
+	if hostResult == nil || len(hostResult.Ports) == 0 {
+		return hostResult.Ports
+	}
+	if !r.options.ServiceDiscovery && !r.options.ServiceVersion {
+		return hostResult.Ports
+	}
+
+	baseCfg := scan.Config{
+		DefaultTimeout: r.options.Timeout,
+		Verbose:        r.options.Verbose || r.options.Debug,
+	}
+
+	var tcpTargets, udpTargets []plugins.Target
+	for _, p := range hostResult.Ports {
+		if p.Port <= 0 || p.Port > 65535 {
+			continue
+		}
+
+		target := plugins.Target{
+			Host:    hostResult.IP,
+			Address: joinAddrPort(hostResult.IP, p.Port),
+		}
+		if !target.Address.IsValid() {
+			continue
+		}
+
+		switch p.Protocol {
+		case protocol.UDP:
+			udpTargets = append(udpTargets, target)
+		default:
+			tcpTargets = append(tcpTargets, target)
+		}
+	}
+
+	resultsByPort := make(map[string]*port.Port)
+	key := func(proto protocol.Protocol, portNum int) string {
+		return fmt.Sprintf("%s:%d", proto.String(), portNum)
+	}
+	run := func(targets []plugins.Target, udp bool) {
+		if len(targets) == 0 {
+			return
+		}
+
+		cfg := baseCfg
+		cfg.UDP = udp
+
+		services, err := scan.ScanTargets(targets, cfg)
+		if err != nil {
+			transport := "tcp"
+			if udp {
+				transport = "udp"
+			}
+			gologger.Debug().Msgf("Could not fingerprint %s services for %s: %s", transport, hostResult.IP, err)
+			return
+		}
+
+		for _, service := range services {
+			enhancedPort, ip, ok := r.convertNervaServiceToPort(service)
+			if !ok {
+				continue
+			}
+			if ip != hostResult.IP {
+				continue
+			}
+
+			resultsByPort[key(enhancedPort.Protocol, enhancedPort.Port)] = enhancedPort
+			r.updatePortWithServiceInfo(ip, enhancedPort)
+		}
+	}
+
+	run(tcpTargets, false)
+	run(udpTargets, true)
+
+	for _, p := range hostResult.Ports {
+		if enhanced, ok := resultsByPort[key(p.Protocol, p.Port)]; ok {
+			p.TLS = enhanced.TLS
+			p.Service = enhanced.Service
+		}
+	}
+
+	return hostResult.Ports
+}
+
+func (r *Runner) handleFingerprinting() error {
+	if err := r.handleServiceFingerprinting(); err != nil {
+		return err
+	}
+
+	if err := r.handleNmap(); err != nil {
+		return err
+	}
+
+	return nil
+}