fscan/Plugins/scanner.go

package Plugins

import (
	"fmt"
	"reflect"
	"strconv"
	"strings"
	"sync"

	"github.com/fatih/color"
	"github.com/shadow1ng/fscan/WebScan/lib"
	"github.com/shadow1ng/fscan/common"
)

func Scan(info common.HostInfo, flags common.Flags) {
	fmt.Println("start infoscan")
	Hosts, err := common.ParseIP(&info.HostPort, info.Host, flags.HostFile, flags.NoHosts)
	if err != nil {
		fmt.Println("len(hosts)==0", err)
		return
	}
	lib.Inithttp(flags)
	var ch = make(chan struct{}, flags.Threads)
	var wg = sync.WaitGroup{}
	web := strconv.Itoa(common.PORTList["web"])
	ms17010 := strconv.Itoa(common.PORTList["ms17010"])
	if len(Hosts) > 0 || len(info.HostPort) > 0 {
		if flags.NoPing == false && len(Hosts) > 0 {
			Hosts = CheckLive(Hosts, flags.Ping, flags.LiveTop)
			color.Cyan("[*] Icmp alive hosts len is: %d", len(Hosts))
		}
		if flags.Scantype == "icmp" {
			common.LogWG.Wait()
			return
		}

		var AlivePorts []string
		if flags.Scantype == "webonly" || flags.Scantype == "webpoc" {
			AlivePorts = NoPortScan(Hosts, info.Ports, flags)
		} else if flags.Scantype == "hostname" {
			info.Ports = "139"
			AlivePorts = NoPortScan(Hosts, info.Ports, flags)
		} else if len(Hosts) > 0 {
			AlivePorts = PortScan(Hosts, info.Ports, flags)
			color.Cyan("[*] alive ports len is: %d", len(AlivePorts))
			if flags.Scantype == "portscan" {
				common.LogWG.Wait()
				return
			}
		}
		if len(info.HostPort) > 0 {
			AlivePorts = append(AlivePorts, info.HostPort...)
			AlivePorts = common.RemoveDuplicate(AlivePorts)
			info.HostPort = nil
			color.Cyan("[*] AlivePorts len is:", len(AlivePorts))
		}

		var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
		for _, port := range common.PORTList {
			severports = append(severports, strconv.Itoa(port))
		}
		fmt.Println("start vulscan")
		for _, targetIP := range AlivePorts {
			info.Host, info.Ports = strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1]
			if flags.Scantype == "all" || flags.Scantype == "main" {
				switch {
				case info.Ports == "135":
					AddScan(info.Ports, info, flags, &ch, &wg) //findnet
					if flags.IsWmi {
						AddScan("1000005", info, flags, &ch, &wg) //wmiexec
					}
				case info.Ports == "445":
					AddScan(ms17010, info, flags, &ch, &wg) //ms17010
					//AddScan(info.Ports, info, ch, &wg)  //smb
					//AddScan("1000002", info, ch, &wg) //smbghost
				case info.Ports == "9000":
					AddScan(web, info, flags, &ch, &wg)        //http
					AddScan(info.Ports, info, flags, &ch, &wg) //fcgiscan
				case IsContain(severports, info.Ports):
					AddScan(info.Ports, info, flags, &ch, &wg) //plugins scan
				default:
					AddScan(web, info, flags, &ch, &wg) //webtitle
				}
			} else {
				scantype := strconv.Itoa(common.PORTList[flags.Scantype])
				AddScan(scantype, info, flags, &ch, &wg)
			}
		}
	}

	for _, url := range flags.Urls {
		info.Url = url
		AddScan(web, info, flags, &ch, &wg)
	}

	wg.Wait()
	common.LogWG.Wait()
	close(common.Results)

	fmt.Printf("Finished %d/%d", common.End, common.Num)
}

var Mutex = &sync.Mutex{}

func AddScan(scantype string, info common.HostInfo, flags common.Flags, ch *chan struct{}, wg *sync.WaitGroup) {
	*ch <- struct{}{}
	wg.Add(1)
	go func() {
		Mutex.Lock()
		common.Num += 1
		Mutex.Unlock()
		ScanFunc(scantype, info, flags)
		Mutex.Lock()
		common.End += 1
		Mutex.Unlock()
		wg.Done()
		<-*ch
	}()
}

func ScanFunc(name string, info common.HostInfo, flags common.Flags) {
	f := reflect.ValueOf(PluginList[name])
	in := []reflect.Value{reflect.ValueOf(info), reflect.ValueOf(flags)}
	f.Call(in)
}

func IsContain(items []string, item string) bool {
	for _, eachItem := range items {
		if eachItem == item {
			return true
		}
	}
	return false
}
commit message 2020-12-29 17:17:10 +08:00			`package Plugins`

			`import (`
			`"fmt"`
			`"reflect"`
			`"strconv"`
			`"strings"`
			`"sync"`
initial cleanup 2023-06-05 19:02:55 +03:00
Merge remote-tracking branch 'au/main' into refactoring 2023-07-26 12:10:27 +03:00			`"github.com/fatih/color"`
initial cleanup 2023-06-05 19:02:55 +03:00			`"github.com/shadow1ng/fscan/WebScan/lib"`
			`"github.com/shadow1ng/fscan/common"`
commit message 2020-12-29 17:17:10 +08:00			`)`

flags to struct 2023-06-09 08:13:56 -04:00			`func Scan(info common.HostInfo, flags common.Flags) {`
修改线程处理机制 2021-03-30 22:30:16 +08:00			`fmt.Println("start infoscan")`
flags to struct 2023-06-09 08:13:56 -04:00			`Hosts, err := common.ParseIP(&info.HostPort, info.Host, flags.HostFile, flags.NoHosts)`
优化ip解析模块 2021-12-01 15:22:48 +08:00			`if err != nil {`
			`fmt.Println("len(hosts)==0", err)`
			`return`
			`}`
flags to struct 2023-06-09 08:13:56 -04:00			`lib.Inithttp(flags)`
			`var ch = make(chan struct{}, flags.Threads)`
commit message 2020-12-29 17:17:10 +08:00			`var wg = sync.WaitGroup{}`
增加-dns参数启用dnslog poc 2022-08-16 11:18:09 +08:00			`web := strconv.Itoa(common.PORTList["web"])`
			`ms17010 := strconv.Itoa(common.PORTList["ms17010"])`
flags to struct 2023-06-09 08:13:56 -04:00			`if len(Hosts) > 0 \|\| len(info.HostPort) > 0 {`
Merge remote-tracking branch 'au/main' into refactoring 2023-07-26 12:10:27 +03:00			`if flags.NoPing == false && len(Hosts) > 0 {`
flags to struct 2023-06-09 08:13:56 -04:00			`Hosts = CheckLive(Hosts, flags.Ping, flags.LiveTop)`
add colored output 2023-07-18 13:43:11 +03:00			`color.Cyan("[*] Icmp alive hosts len is: %d", len(Hosts))`
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`}`
flags to struct 2023-06-09 08:13:56 -04:00			`if flags.Scantype == "icmp" {`
新增LiveTop功能,检测存活时,默认会输出top10的b、c段ip存活数量 2022-01-07 13:38:38 +08:00			`common.LogWG.Wait()`
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`return`
			`}`
initial cleanup 2023-06-05 19:02:55 +03:00
新增-m webonly,跳过端口扫描,直接访问http。致谢@AgeloVito 2022-02-25 15:29:45 +08:00			`var AlivePorts []string`
flags to struct 2023-06-09 08:13:56 -04:00			`if flags.Scantype == "webonly" \|\| flags.Scantype == "webpoc" {`
			`AlivePorts = NoPortScan(Hosts, info.Ports, flags)`
			`} else if flags.Scantype == "hostname" {`
加入hash碰撞、wmiiexec无回显命令执行 2022-11-19 17:04:13 +08:00			`info.Ports = "139"`
flags to struct 2023-06-09 08:13:56 -04:00			`AlivePorts = NoPortScan(Hosts, info.Ports, flags)`
-hf 支持host:port和host/xx:port格式 2022-07-14 12:04:47 +08:00			`} else if len(Hosts) > 0 {`
flags to struct 2023-06-09 08:13:56 -04:00			`AlivePorts = PortScan(Hosts, info.Ports, flags)`
add colored output 2023-07-18 13:43:11 +03:00			`color.Cyan("[*] alive ports len is: %d", len(AlivePorts))`
flags to struct 2023-06-09 08:13:56 -04:00			`if flags.Scantype == "portscan" {`
新增-m webonly,跳过端口扫描,直接访问http。致谢@AgeloVito 2022-02-25 15:29:45 +08:00			`common.LogWG.Wait()`
			`return`
			`}`
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`}`
flags to struct 2023-06-09 08:13:56 -04:00			`if len(info.HostPort) > 0 {`
			`AlivePorts = append(AlivePorts, info.HostPort...)`
-hf 支持host:port和host/xx:port格式 2022-07-14 12:04:47 +08:00			`AlivePorts = common.RemoveDuplicate(AlivePorts)`
flags to struct 2023-06-09 08:13:56 -04:00			`info.HostPort = nil`
add colored output 2023-07-18 13:43:11 +03:00			`color.Cyan("[*] AlivePorts len is:", len(AlivePorts))`
-hf 支持host:port和host/xx:port格式 2022-07-14 12:04:47 +08:00			`}`
initial cleanup 2023-06-05 19:02:55 +03:00
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}`
			`for _, port := range common.PORTList {`
			`severports = append(severports, strconv.Itoa(port))`
			`}`
修改线程处理机制 2021-03-30 22:30:16 +08:00			`fmt.Println("start vulscan")`
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`for _, targetIP := range AlivePorts {`
			`info.Host, info.Ports = strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1]`
flags to struct 2023-06-09 08:13:56 -04:00			`if flags.Scantype == "all" \|\| flags.Scantype == "main" {`
加入fcgi协议未授权命令执行扫描,优化poc模块 2021-05-29 12:13:10 +08:00			`switch {`
加入hash碰撞、wmiiexec无回显命令执行 2022-11-19 17:04:13 +08:00			`case info.Ports == "135":`
flags to struct 2023-06-09 08:13:56 -04:00			`AddScan(info.Ports, info, flags, &ch, &wg) //findnet`
			`if flags.IsWmi {`
			`AddScan("1000005", info, flags, &ch, &wg) //wmiexec`
加入hash碰撞、wmiiexec无回显命令执行 2022-11-19 17:04:13 +08:00			`}`
加入fcgi协议未授权命令执行扫描,优化poc模块 2021-05-29 12:13:10 +08:00			`case info.Ports == "445":`
flags to struct 2023-06-09 08:13:56 -04:00			`AddScan(ms17010, info, flags, &ch, &wg) //ms17010`
加入fcgi协议未授权命令执行扫描,优化poc模块 2021-05-29 12:13:10 +08:00			`//AddScan(info.Ports, info, ch, &wg) //smb`
poc模块加入指定目录或文件 -pocpath poc路径,端口可以指定文件-portf port.txt,rdp模块加入多线程爆破demo, -br xx指定线程 2022-04-20 17:45:27 +08:00			`//AddScan("1000002", info, ch, &wg) //smbghost`
加入fcgi协议未授权命令执行扫描,优化poc模块 2021-05-29 12:13:10 +08:00			`case info.Ports == "9000":`
flags to struct 2023-06-09 08:13:56 -04:00			`AddScan(web, info, flags, &ch, &wg) //http`
			`AddScan(info.Ports, info, flags, &ch, &wg) //fcgiscan`
加入fcgi协议未授权命令执行扫描,优化poc模块 2021-05-29 12:13:10 +08:00			`case IsContain(severports, info.Ports):`
flags to struct 2023-06-09 08:13:56 -04:00			`AddScan(info.Ports, info, flags, &ch, &wg) //plugins scan`
加入fcgi协议未授权命令执行扫描,优化poc模块 2021-05-29 12:13:10 +08:00			`default:`
flags to struct 2023-06-09 08:13:56 -04:00			`AddScan(web, info, flags, &ch, &wg) //webtitle`
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`}`
ftp默认列出前5个目录 2020-12-30 21:30:36 +08:00			`} else {`
flags to struct 2023-06-09 08:13:56 -04:00			`scantype := strconv.Itoa(common.PORTList[flags.Scantype])`
			`AddScan(scantype, info, flags, &ch, &wg)`
commit message 2020-12-29 17:17:10 +08:00			`}`
			`}`
			`}`
initial cleanup 2023-06-05 19:02:55 +03:00
flags to struct 2023-06-09 08:13:56 -04:00			`for _, url := range flags.Urls {`
加入手工gc回收,尝试节省无用内存。 -url 支持逗号隔开。修复一个poc模块bug。 2022-07-06 21:42:00 +08:00			`info.Url = url`
flags to struct 2023-06-09 08:13:56 -04:00			`AddScan(web, info, flags, &ch, &wg)`
支持-u url或者-uf url.txt,进行url批量扫描 2021-03-04 14:42:10 +08:00			`}`
initial cleanup 2023-06-05 19:02:55 +03:00
commit message 2020-12-29 17:17:10 +08:00			`wg.Wait()`
更新mod库、编码、poc等 2021-05-06 11:37:29 +08:00			`common.LogWG.Wait()`
修改线程处理机制 2021-03-30 22:30:16 +08:00			`close(common.Results)`
initial cleanup 2023-06-05 19:02:55 +03:00
			`fmt.Printf("Finished %d/%d", common.End, common.Num)`
commit message 2020-12-29 17:17:10 +08:00			`}`

修改线程处理机制 2021-03-30 18:12:54 +08:00			`var Mutex = &sync.Mutex{}`

flags to struct 2023-06-09 08:13:56 -04:00			`func AddScan(scantype string, info common.HostInfo, flags common.Flags, ch chan struct{}, wg sync.WaitGroup) {`
增加-dns参数启用dnslog poc 2022-08-16 11:18:09 +08:00			`*ch <- struct{}{}`
commit message 2020-12-29 17:17:10 +08:00			`wg.Add(1)`
			`go func() {`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Lock()`
			`common.Num += 1`
			`Mutex.Unlock()`
flags to struct 2023-06-09 08:13:56 -04:00			`ScanFunc(scantype, info, flags)`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Lock()`
			`common.End += 1`
			`Mutex.Unlock()`
update 2022-05-12 17:56:32 +08:00			`wg.Done()`
增加-dns参数启用dnslog poc 2022-08-16 11:18:09 +08:00			`<-*ch`
commit message 2020-12-29 17:17:10 +08:00			`}()`
			`}`

flags to struct 2023-06-09 08:13:56 -04:00			`func ScanFunc(name string, info common.HostInfo, flags common.Flags) {`
			`f := reflect.ValueOf(PluginList[name])`
			`in := []reflect.Value{reflect.ValueOf(info), reflect.ValueOf(flags)}`
增加-dns参数启用dnslog poc 2022-08-16 11:18:09 +08:00			`f.Call(in)`
commit message 2020-12-29 17:17:10 +08:00			`}`

			`func IsContain(items []string, item string) bool {`
			`for _, eachItem := range items {`
			`if eachItem == item {`
			`return true`
			`}`
			`}`
			`return false`
			`}`