Skip to content

πŸ›‘οΈ High-performance network reconnaissance with fiber-based concurrency and compile-time macros - Crystal

Notifications You must be signed in to change notification settings

bad-antics/nullsec-crystalrecon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
Β 
Β 
Β 
Β 

Repository files navigation

NullSec CrystalRecon

Network Reconnaissance Engine written in Crystal

Version Language License

Part of the NullSec offensive security toolkit
Discord: discord.gg/killers
Portal: bad-antics.github.io

Overview

CrystalRecon is a high-performance network reconnaissance engine featuring parallel port scanning, service fingerprinting, and risk assessment. Built with Crystal's fiber-based concurrency and compile-time metaprogramming for speed and type safety.

Crystal Features Showcased

  • Fibers: Lightweight concurrent scanning
  • Channels: CSP-style communication
  • Macros: Compile-time code generation
  • Structs: Stack-allocated value types
  • Enums: Type-safe enumerations
  • Union Types: Nullable types (String?)
  • Named Tuples: Compile-time typed hashes
  • Method Overloading: Multiple dispatch

Detection Capabilities

Service Port Risk MITRE
FTP/Telnet 21/23 HIGH T1021
SMB 445/139 HIGH T1021.002
RDP 3389 MEDIUM T1021.001
Redis 6379 CRITICAL T1190
MongoDB 27017 CRITICAL T1190
MySQL/PostgreSQL 3306/5432 HIGH T1190
LDAP 389/636 MEDIUM T1018

Installation

# Clone
git clone https://github.com/bad-antics/nullsec-crystalrecon.git
cd nullsec-crystalrecon

# Build
crystal build --release crystalrecon.cr

# Or run directly
crystal run crystalrecon.cr

Usage

# Run demo mode
./crystalrecon

# Scan single host
./crystalrecon -h 192.168.1.1

# Scan network range
./crystalrecon -r 192.168.1.0/24

# Custom ports
./crystalrecon -h 192.168.1.1 -p 22,80,443,8080

# JSON output
./crystalrecon -h 192.168.1.1 --json

Options

USAGE:
    crystalrecon [OPTIONS]

OPTIONS:
    -h, --host       Target host to scan
    -r, --range      CIDR range to scan
    -p, --ports      Comma-separated ports
    -t, --timeout    Connection timeout (seconds)
    --json           JSON output format
    -v, --verbose    Verbose output

Sample Output

╔══════════════════════════════════════════════════════════════════╗
β•‘        NullSec CrystalRecon - Network Reconnaissance Engine      β•‘
β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

[Demo Mode]

Simulating network reconnaissance...

═══════════════════════════════════════════════════════════════════
  Host: 192.168.1.10
  OS:   Linux/Unix
  Scan: 2.5s

  Open Ports:
    22    SSH          (12.5ms) - SSH-2.0-OpenSSH_8.2
    80    HTTP         (8.3ms) - nginx/1.18.0
    443   HTTPS        (15.2ms)
    3306  MySQL        (22.1ms) - MySQL 8.0.25

  Security Findings:

  [HIGH]     Database Exposed
      Port:        3306
      Description: Port 3306 is open on 192.168.1.10
      MITRE:       T1190
      Fix:         Restrict database access to app servers

═══════════════════════════════════════════════════════════════════
  Host: 192.168.1.20
  OS:   Linux/Unix
  Scan: 3.1s

  Open Ports:
    22    SSH          (10.2ms) - SSH-2.0-OpenSSH_7.9
    5432  PostgreSQL   (18.5ms)
    6379  Redis        (8.1ms) - Redis 6.2.3
    27017 MongoDB      (25.3ms)

  Security Findings:

  [CRITICAL] Redis Exposed
      Port:        6379
      Description: Port 6379 is open on 192.168.1.20
      MITRE:       T1190
      Fix:         Enable authentication, bind to localhost

  [CRITICAL] MongoDB Exposed
      Port:        27017
      Description: Port 27017 is open on 192.168.1.20
      MITRE:       T1190
      Fix:         Enable authentication, bind to localhost

═══════════════════════════════════════════════════════════════════

  Summary:
    Hosts Scanned:    4
    Total Open Ports: 15
    Total Findings:   10
    Critical:         2
    High:             5
    Medium:           2
    Low:              1

Code Highlights

Fiber-based Concurrent Scanning

def self.scan_host(host : String, ports : Array(UInt16)) : HostInfo
  channel = Channel(PortResult).new(ports.size)
  
  # Spawn fibers for concurrent scanning
  ports.each do |port|
    spawn do
      result = scan_port(host, port)
      channel.send(result)
    end
  end
  
  # Collect results
  results = [] of PortResult
  ports.size.times do
    results << channel.receive
  end
  
  # ...
end

Compile-time Macros

macro generate_risk_rules
  [
    {
      ports: [21_u16, 23_u16],
      severity: RiskLevel::High,
      title: "Insecure Protocol Detected",
      mitre: "T1021",
      remediation: "Disable FTP/Telnet, use SFTP/SSH"
    },
    # ... more rules generated at compile time
  ]
end

RISK_RULES = generate_risk_rules

Structs - Value Types

struct PortResult
  property port : UInt16
  property state : PortState
  property service : ServiceType
  property banner : String?      # Union type (nullable)
  property response_ms : Float64
  
  def initialize(@port, @state, @service = ServiceType::Unknown, 
                 @banner = nil, @response_ms = 0.0)
  end
end

Pattern Matching with Case

def self.identify_service(port : UInt16) : ServiceType
  case port
  when 21    then ServiceType::FTP
  when 22    then ServiceType::SSH
  when 80    then ServiceType::HTTP
  when 443   then ServiceType::HTTPS
  when 3306  then ServiceType::MySQL
  when 5432  then ServiceType::PostgreSQL
  when 6379  then ServiceType::Redis
  else            ServiceType::Unknown
  end
end

Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚               CrystalRecon Architecture                        β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚                                                                β”‚
β”‚   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”                                        β”‚
β”‚   β”‚  Target Hosts    β”‚  IP addresses or CIDR ranges           β”‚
β”‚   β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                                        β”‚
β”‚            β”‚                                                   β”‚
β”‚            β–Ό                                                   β”‚
β”‚   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”        β”‚
β”‚   β”‚           Scanner Module (Fibers)                 β”‚        β”‚
β”‚   β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”            β”‚        β”‚
β”‚   β”‚  β”‚ Fiber 1 β”‚ β”‚ Fiber 2 β”‚ β”‚ Fiber N β”‚ ...        β”‚        β”‚
β”‚   β”‚  β”‚ Port 22 β”‚ β”‚ Port 80 β”‚ β”‚ Port X  β”‚            β”‚        β”‚
β”‚   β”‚  β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”˜            β”‚        β”‚
β”‚   β”‚       β”‚           β”‚           β”‚                  β”‚        β”‚
β”‚   β”‚       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                  β”‚        β”‚
β”‚   β”‚                   β–Ό                              β”‚        β”‚
β”‚   β”‚           β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”                     β”‚        β”‚
β”‚   β”‚           β”‚   Channel     β”‚  CSP communication  β”‚        β”‚
β”‚   β”‚           β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                     β”‚        β”‚
β”‚   β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜        β”‚
β”‚                        β”‚                                       β”‚
β”‚                        β–Ό                                       β”‚
β”‚   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”        β”‚
β”‚   β”‚         Risk Analyzer (Macro-generated rules)    β”‚        β”‚
β”‚   β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚        β”‚
β”‚   β”‚  β”‚ Port Rules  β”‚ β”‚ Service     β”‚ β”‚ Banner      β”‚ β”‚        β”‚
β”‚   β”‚  β”‚ (compile)   β”‚ β”‚ Detection   β”‚ β”‚ Analysis    β”‚ β”‚        β”‚
β”‚   β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚        β”‚
β”‚   β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜        β”‚
β”‚                            β”‚                                   β”‚
β”‚                            β–Ό                                   β”‚
β”‚                   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”                        β”‚
β”‚                   β”‚  Report Output   β”‚                        β”‚
β”‚                   β”‚  (JSON / Text)   β”‚                        β”‚
β”‚                   β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                        β”‚
β”‚                                                                β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Why Crystal?

Requirement Crystal Advantage
Performance C-level speed
Concurrency Lightweight fibers
Type Safety Compile-time checks
Productivity Ruby-like syntax
Metaprogramming Compile-time macros
Memory Low footprint

License

MIT License - See LICENSE for details.

Related Tools

About

πŸ›‘οΈ High-performance network reconnaissance with fiber-based concurrency and compile-time macros - Crystal

Resources

Stars

Watchers

Forks

Packages

No packages published