fscan/Core/Scanner.go

package Core

import (
	"fmt"
	"github.com/shadow1ng/fscan/Common"
	"github.com/shadow1ng/fscan/WebScan/lib"
	"strconv"
	"strings"
	"sync"
)

func Scan(info Common.HostInfo) {
	fmt.Println("[*] 开始信息扫描...")

	// 本地信息收集模块
	if Common.Scantype == "localinfo" {
		ch := make(chan struct{}, Common.Threads)
		wg := sync.WaitGroup{}
		AddScan("localinfo", info, &ch, &wg)
		wg.Wait()
		Common.LogWG.Wait()
		close(Common.Results)
		fmt.Printf("[✓] 扫描完成 %v/%v\n", Common.End, Common.Num)
		return
	}

	// 解析目标主机IP
	Hosts, err := Common.ParseIP(info.Host, Common.HostFile, Common.NoHosts)
	if err != nil {
		fmt.Printf("[!] 解析主机错误: %v\n", err)
		return
	}

	// 初始化配置
	lib.Inithttp()
	ch := make(chan struct{}, Common.Threads)
	wg := sync.WaitGroup{}
	var AlivePorts []string

	if len(Hosts) > 0 || len(Common.HostPort) > 0 {
		// ICMP存活性检测
		if (Common.NoPing == false && len(Hosts) > 1) || Common.Scantype == "icmp" {
			Hosts = CheckLive(Hosts, Common.Ping)
			fmt.Printf("[+] ICMP存活主机数量: %d\n", len(Hosts))
			if Common.Scantype == "icmp" {
				Common.LogWG.Wait()
				return
			}
		}

		// 端口扫描策略
		AlivePorts = executeScanStrategy(Hosts, Common.Scantype)

		// 处理自定义端口
		if len(Common.HostPort) > 0 {
			AlivePorts = append(AlivePorts, Common.HostPort...)
			AlivePorts = Common.RemoveDuplicate(AlivePorts)
			Common.HostPort = nil
			fmt.Printf("[+] 总计存活端口: %d\n", len(AlivePorts))
		}

		// 执行扫描任务
		fmt.Println("[*] 开始漏洞扫描...")
		for _, targetIP := range AlivePorts {
			hostParts := strings.Split(targetIP, ":")
			if len(hostParts) != 2 {
				fmt.Printf("[!] 无效的目标地址格式: %s\n", targetIP)
				continue
			}
			info.Host, info.Ports = hostParts[0], hostParts[1]

			executeScanTasks(info, Common.Scantype, &ch, &wg)
		}
	}

	// URL扫描
	for _, url := range Common.Urls {
		info.Url = url
		AddScan("web", info, &ch, &wg)
	}

	// 等待所有任务完成
	wg.Wait()
	Common.LogWG.Wait()
	close(Common.Results)
	fmt.Printf("[+] 扫描已完成: %v/%v\n", Common.End, Common.Num)
}

// executeScanStrategy 执行端口扫描策略
func executeScanStrategy(Hosts []string, scanType string) []string {
	switch scanType {
	case "webonly", "webpoc":
		return NoPortScan(Hosts, Common.Ports)
	case "hostname":
		Common.Ports = "139"
		return NoPortScan(Hosts, Common.Ports)
	default:
		if len(Hosts) > 0 {
			ports := PortScan(Hosts, Common.Ports, Common.Timeout)
			fmt.Printf("[+] 存活端口数量: %d\n", len(ports))
			if scanType == "portscan" {
				Common.LogWG.Wait()
				return nil
			}
			return ports
		}
	}
	return nil
}

// executeScanTasks 执行扫描任务
func executeScanTasks(info Common.HostInfo, scanType string, ch *chan struct{}, wg *sync.WaitGroup) {
	if scanType == "all" || scanType == "main" {
		// 根据端口选择扫描插件
		switch info.Ports {
		case "135":
			AddScan("findnet", info, ch, wg)
			if Common.IsWmi {
				AddScan("wmiexec", info, ch, wg)
			}
		case "445":
			AddScan("ms17010", info, ch, wg)
		case "9000":
			AddScan("web", info, ch, wg)
			AddScan("fcgi", info, ch, wg)
		default:
			// 查找对应端口的插件
			for name, plugin := range Common.PluginManager {
				if strconv.Itoa(plugin.Port) == info.Ports {
					AddScan(name, info, ch, wg)
					return
				}
			}
			// 默认执行Web扫描
			AddScan("web", info, ch, wg)
		}
	} else {
		// 直接使用指定的扫描类型
		AddScan(scanType, info, ch, wg)
	}
}

// Mutex用于保护共享资源的并发访问
var Mutex = &sync.Mutex{}

// AddScan 添加扫描任务到并发队列
func AddScan(scantype string, info Common.HostInfo, ch *chan struct{}, wg *sync.WaitGroup) {
	// 获取信号量，控制并发数
	*ch <- struct{}{}
	// 添加等待组计数
	wg.Add(1)

	// 启动goroutine执行扫描任务
	go func() {
		defer func() {
			wg.Done() // 完成任务后减少等待组计数
			<-*ch     // 释放信号量
		}()

		// 增加总任务数
		Mutex.Lock()
		Common.Num += 1
		Mutex.Unlock()

		// 执行扫描
		ScanFunc(&scantype, &info)

		// 增加已完成任务数
		Mutex.Lock()
		Common.End += 1
		Mutex.Unlock()
	}()
}

// ScanFunc 执行扫描插件
func ScanFunc(name *string, info *Common.HostInfo) {
	defer func() {
		if err := recover(); err != nil {
			fmt.Printf("[!] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err)
		}
	}()

	// 检查插件是否存在
	plugin, exists := Common.PluginManager[*name]
	if !exists {
		fmt.Printf("[*] 扫描类型 %v 无对应插件，已跳过\n", *name)
		return
	}

	// 直接调用扫描函数
	if err := plugin.ScanFunc(info); err != nil {
		fmt.Printf("[!] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err)
	}
}

// IsContain 检查切片中是否包含指定元素
func IsContain(items []string, item string) bool {
	for _, eachItem := range items {
		if eachItem == item {
			return true
		}
	}
	return false
}
refacor: 结构化更改 2024-12-19 15:24:10 +08:00			`package Core`
commit message 2020-12-29 17:17:10 +08:00
			`import (`
			`"fmt"`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`"github.com/shadow1ng/fscan/Common"`
加入fcgi协议未授权命令执行扫描,优化poc模块 2021-05-29 12:13:10 +08:00			`"github.com/shadow1ng/fscan/WebScan/lib"`
commit message 2020-12-29 17:17:10 +08:00			`"strconv"`
			`"strings"`
			`"sync"`
			`)`

refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`func Scan(info Common.HostInfo) {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`fmt.Println("[*] 开始信息扫描...")`

			`// 本地信息收集模块`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`if Common.Scantype == "localinfo" {`
			`ch := make(chan struct{}, Common.Threads)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`wg := sync.WaitGroup{}`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`AddScan("localinfo", info, &ch, &wg)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`wg.Wait()`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.LogWG.Wait()`
			`close(Common.Results)`
			`fmt.Printf("[✓] 扫描完成 %v/%v\n", Common.End, Common.Num)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`return`
			`}`

			`// 解析目标主机IP`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Hosts, err := Common.ParseIP(info.Host, Common.HostFile, Common.NoHosts)`
优化ip解析模块 2021-12-01 15:22:48 +08:00			`if err != nil {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`fmt.Printf("[!] 解析主机错误: %v\n", err)`
优化ip解析模块 2021-12-01 15:22:48 +08:00			`return`
			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 初始化配置`
Update 2023-11-15 10:40:17 +08:00			`lib.Inithttp()`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`ch := make(chan struct{}, Common.Threads)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`wg := sync.WaitGroup{}`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`var AlivePorts []string`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`if len(Hosts) > 0 \|\| len(Common.HostPort) > 0 {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// ICMP存活性检测`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`if (Common.NoPing == false && len(Hosts) > 1) \|\| Common.Scantype == "icmp" {`
			`Hosts = CheckLive(Hosts, Common.Ping)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`fmt.Printf("[+] ICMP存活主机数量: %d\n", len(Hosts))`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`if Common.Scantype == "icmp" {`
			`Common.LogWG.Wait()`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`return`
			`}`
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 端口扫描策略`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`AlivePorts = executeScanStrategy(Hosts, Common.Scantype)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 处理自定义端口`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`if len(Common.HostPort) > 0 {`
			`AlivePorts = append(AlivePorts, Common.HostPort...)`
			`AlivePorts = Common.RemoveDuplicate(AlivePorts)`
			`Common.HostPort = nil`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`fmt.Printf("[+] 总计存活端口: %d\n", len(AlivePorts))`
-hf 支持host:port和host/xx:port格式 2022-07-14 12:04:47 +08:00			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`// 执行扫描任务`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`fmt.Println("[*] 开始漏洞扫描...")`
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`for _, targetIP := range AlivePorts {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`hostParts := strings.Split(targetIP, ":")`
			`if len(hostParts) != 2 {`
			`fmt.Printf("[!] 无效的目标地址格式: %s\n", targetIP)`
			`continue`
			`}`
			`info.Host, info.Ports = hostParts[0], hostParts[1]`

refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`executeScanTasks(info, Common.Scantype, &ch, &wg)`
commit message 2020-12-29 17:17:10 +08:00			`}`
			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// URL扫描`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`for _, url := range Common.Urls {`
加入手工gc回收,尝试节省无用内存。 -url 支持逗号隔开。修复一个poc模块bug。 2022-07-06 21:42:00 +08:00			`info.Url = url`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`AddScan("web", info, &ch, &wg)`
支持-u url或者-uf url.txt,进行url批量扫描 2021-03-04 14:42:10 +08:00			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 等待所有任务完成`
commit message 2020-12-29 17:17:10 +08:00			`wg.Wait()`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.LogWG.Wait()`
			`close(Common.Results)`
perf: 优化部分输出 2024-12-19 19:30:54 +08:00			`fmt.Printf("[+] 扫描已完成: %v/%v\n", Common.End, Common.Num)`
commit message 2020-12-29 17:17:10 +08:00			`}`

refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`// executeScanStrategy 执行端口扫描策略`
			`func executeScanStrategy(Hosts []string, scanType string) []string {`
			`switch scanType {`
			`case "webonly", "webpoc":`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`return NoPortScan(Hosts, Common.Ports)`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`case "hostname":`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.Ports = "139"`
			`return NoPortScan(Hosts, Common.Ports)`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`default:`
			`if len(Hosts) > 0 {`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`ports := PortScan(Hosts, Common.Ports, Common.Timeout)`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`fmt.Printf("[+] 存活端口数量: %d\n", len(ports))`
			`if scanType == "portscan" {`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.LogWG.Wait()`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`return nil`
			`}`
			`return ports`
			`}`
			`}`
			`return nil`
			`}`

			`// executeScanTasks 执行扫描任务`
refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`func executeScanTasks(info Common.HostInfo, scanType string, ch chan struct{}, wg sync.WaitGroup) {`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`if scanType == "all" \|\| scanType == "main" {`
			`// 根据端口选择扫描插件`
			`switch info.Ports {`
			`case "135":`
			`AddScan("findnet", info, ch, wg)`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`if Common.IsWmi {`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`AddScan("wmiexec", info, ch, wg)`
			`}`
			`case "445":`
			`AddScan("ms17010", info, ch, wg)`
			`case "9000":`
			`AddScan("web", info, ch, wg)`
			`AddScan("fcgi", info, ch, wg)`
			`default:`
			`// 查找对应端口的插件`
refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`for name, plugin := range Common.PluginManager {`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`if strconv.Itoa(plugin.Port) == info.Ports {`
			`AddScan(name, info, ch, wg)`
			`return`
			`}`
			`}`
			`// 默认执行Web扫描`
			`AddScan("web", info, ch, wg)`
			`}`
			`} else {`
			`// 直接使用指定的扫描类型`
			`AddScan(scanType, info, ch, wg)`
			`}`
			`}`

refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// Mutex用于保护共享资源的并发访问`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`var Mutex = &sync.Mutex{}`

refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// AddScan 添加扫描任务到并发队列`
refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`func AddScan(scantype string, info Common.HostInfo, ch chan struct{}, wg sync.WaitGroup) {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// 获取信号量，控制并发数`
增加-dns参数启用dnslog poc 2022-08-16 11:18:09 +08:00			`*ch <- struct{}{}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// 添加等待组计数`
commit message 2020-12-29 17:17:10 +08:00			`wg.Add(1)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 启动goroutine执行扫描任务`
commit message 2020-12-29 17:17:10 +08:00			`go func() {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`defer func() {`
			`wg.Done() // 完成任务后减少等待组计数`
			`<-*ch // 释放信号量`
			`}()`

			`// 增加总任务数`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Lock()`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.Num += 1`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Unlock()`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 执行扫描`
增加-dns参数启用dnslog poc 2022-08-16 11:18:09 +08:00			`ScanFunc(&scantype, &info)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 增加已完成任务数`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Lock()`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.End += 1`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Unlock()`
commit message 2020-12-29 17:17:10 +08:00			`}()`
			`}`

refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`// ScanFunc 执行扫描插件`
refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`func ScanFunc(name string, info Common.HostInfo) {`
优化报错处理 2024-05-11 16:04:02 +08:00			`defer func() {`
			`if err := recover(); err != nil {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`fmt.Printf("[!] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err)`
优化报错处理 2024-05-11 16:04:02 +08:00			`}`
			`}()`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`// 检查插件是否存在`
refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`plugin, exists := Common.PluginManager[*name]`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`if !exists {`
			`fmt.Printf("[] 扫描类型 %v 无对应插件，已跳过\n", name)`
			`return`
			`}`

			`// 直接调用扫描函数`
			`if err := plugin.ScanFunc(info); err != nil {`
			`fmt.Printf("[!] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err)`
			`}`
commit message 2020-12-29 17:17:10 +08:00			`}`

refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// IsContain 检查切片中是否包含指定元素`
commit message 2020-12-29 17:17:10 +08:00			`func IsContain(items []string, item string) bool {`
			`for _, eachItem := range items {`
			`if eachItem == item {`
			`return true`
			`}`
			`}`
			`return false`
			`}`