1
mirror of git://git.acid.vegas/IRCP.git synced 2024-11-26 01:46:39 +00:00
IRCP/README.md

5.7 KiB

Internet Relay Chat Probe (IRCP)

A robust information gathering tool for large scale reconnaissance on Internet Relay Chat servers, made for future usage with internetrelaychat.org for public statistics on the protocol.

Meant to be used in combination with masscan checking 0.0.0.0/0 (the entire IPv4 range) for port 6667.

The idea is to create a proof-of-concept documenting how large-scale information gathering on the IRC protocol can be malicious & invasive to privacy.

Order of Operations

First, an attempt to connect using SSL/TLS on port 6697 is made, which if it fails, will fall back to a standard connection on port 6667.

Once connected, server information is gathered from LUSERS, VERSION, LINKS, MAP, ADMIN, MOTD, LIST, replies.

An attempt to register a nickname is then made by trying to contact NickServ.

Next, every channel is joined with a WHO command sent & every new nick found gets a WHOIS.

Everything is done in a heavily throttled manner for stealth to avoid detection.

Opt-out

The IRC networks we scanned are PUBLIC networks...any person can freely connect & parse the same information. Send your hate mail to scan@internetrelaychat.org

Config

Settings
Setting Default Value Description
errors False Show errors in console
nickname "IRCP" IRC nickname (None = random)
username "ircp" IRC username (None = random)
realname "internetrelaychat.org" IRC realname (None = random)
ns_mail "scan@internetrelaychat.org" NickServ email address (None = random)
ns_pass "changeme" NickServ password (None = random)
vhost None Bind to a specific IP address
Throttle
Setting Default Value Description
channels 3 Maximum number of channels to scan at once
delay 120 Delay before registering nick (if enabled) & sending LIST
join 10 Delay between channel JOIN
nick 300 Delay between every random NICK change
part 3 Delay before PART from channel
threads 100 Maximum number of threads running
timeout 15 Timeout for all sockets
whois 3 Delay between WHOIS requests
ztimeout 200 Timeout for zero data from server

Collected Information

All of the raw data from a server is logged & stored. The categories below are stored seperately & hilight the key information we are after:

Server Information
Numeric Title
001 RPL_WELCOME
002 RPL_YOURHOST
003 RPL_CREATED
004 RPL_MYINFO
005 RPL_ISUPPORT
372 RPL_MOTD
351 RPL_VERSION
364 RPL_LINKS
006 RPL_MAP
018 RPL_MAPUSERS
257 RPL_ADMINLOC1
258 RPL_ADMINLOC2
259 RPL_ADMINEMAIL
Statistics Information (LUSERS)
Numeric Title
250 RPL_STATSCONN
251 RPL_LUSERCLIENT
252 RPL_LUSEROP
254 RPL_LUSERCHANNELS
255 RPL_LUSERME
265 RPL_LOCALUSERS
266 RPL_GLOBALUSERS
Channel Information
Numeric Title
332 RPL_TOPIC
353 RPL_NAMREPLY
322 RPL_LIST
User Information (WHOIS/WHO)
Numeric Title
311 RPL_WHOISUSER
307 RPL_WHOISREGNICK
312 RPL_WHOISSERVER
671 RPL_WHOISSECURE
319 RPL_WHOISCHANNELS
320 RPL_WHOISSPECIAL
276 RPL_WHOISCERTFP
330 RPL_WHOISACCOUNT
338 RPL_WHOISACTUALLY
352 RPL_WHOREPLY
Bad Numerics
Numeric Title
470 ERR_LINKCHANNEL
471 ERR_CHANNELISFULL
473 ERR_INVITEONLYCHAN
474 ERR_BANNEDFROMCHAN
475 ERR_BADCHANNELKEY
477 ERR_NEEDREGGEDNICK
489 ERR_SECUREONLYCHAN
519 ERR_TOOMANYUSERS
520 ERR_OPERONLY
464 ERR_PASSWDMISMATCH
465 ERR_YOUREBANNEDCREEP
466 ERR_YOUWILLBEBANNED
421 ERR_UNKNOWNCOMMAND

Preview

Todo

  • Capture IRCOPS & STATS p command outputs
  • Built in identd
  • Checking for IPv6 availability (SSL= in 005 responses may help verify IPv6)
  • Support for IRC servers using old versions of SSL

Mirrors