fscan/Core/Scanner.go

package Core

import (
	"fmt"
	"github.com/shadow1ng/fscan/Common"
	"github.com/shadow1ng/fscan/WebScan/lib"
	"strconv"
	"strings"
	"sync"
)

// Scan 执行扫描主流程
func Scan(info Common.HostInfo) {
	fmt.Println("[*] 开始信息扫描...")

	Common.ParseScanMode(Common.ScanMode)

	ch := make(chan struct{}, Common.ThreadNum)
	wg := sync.WaitGroup{}

	// 本地信息收集模式
	if Common.LocalScan {
		executeScans([]Common.HostInfo{info}, &ch, &wg)
		finishScan(&wg)
		return
	}

	// 初始化并解析目标
	hosts, err := Common.ParseIP(info.Host, Common.HostsFile, Common.ExcludeHosts)
	if err != nil {
		fmt.Printf("[-] 解析主机错误: %v\n", err)
		return
	}
	lib.Inithttp()

	// 执行目标扫描
	executeScan(hosts, info, &ch, &wg)
	finishScan(&wg)
}

// executeScan 执行主扫描流程
func executeScan(hosts []string, info Common.HostInfo, ch *chan struct{}, wg *sync.WaitGroup) {
	var targetInfos []Common.HostInfo

	// 处理主机和端口扫描
	if len(hosts) > 0 || len(Common.HostPort) > 0 {
		// ICMP存活性检测
		if (Common.DisablePing == false && len(hosts) > 1) || Common.IsICMPScan() {
			hosts = CheckLive(hosts, Common.UsePing)
			fmt.Printf("[+] ICMP存活主机数量: %d\n", len(hosts))
			if Common.IsICMPScan() {
				return
			}
		}

		// 获取存活端口
		var alivePorts []string
		if Common.IsWebScan() {
			alivePorts = NoPortScan(hosts, Common.Ports)
		} else if len(hosts) > 0 {
			alivePorts = PortScan(hosts, Common.Ports, Common.Timeout)
			fmt.Printf("[+] 存活端口数量: %d\n", len(alivePorts))
			if Common.IsPortScan() {
				return
			}
		}

		// 处理自定义端口
		if len(Common.HostPort) > 0 {
			alivePorts = append(alivePorts, Common.HostPort...)
			alivePorts = Common.RemoveDuplicate(alivePorts)
			Common.HostPort = nil
			fmt.Printf("[+] 总计存活端口: %d\n", len(alivePorts))
		}

		targetInfos = prepareTargetInfos(alivePorts, info)
	}

	// 准备URL扫描目标
	for _, url := range Common.URLs {
		urlInfo := info
		urlInfo.Url = url
		targetInfos = append(targetInfos, urlInfo)
	}

	// 执行扫描任务
	if len(targetInfos) > 0 {
		fmt.Println("[*] 开始漏洞扫描...")
		executeScans(targetInfos, ch, wg)
	}
}

// prepareTargetInfos 准备扫描目标信息
func prepareTargetInfos(alivePorts []string, baseInfo Common.HostInfo) []Common.HostInfo {
	var infos []Common.HostInfo
	for _, targetIP := range alivePorts {
		hostParts := strings.Split(targetIP, ":")
		if len(hostParts) != 2 {
			fmt.Printf("[-] 无效的目标地址格式: %s\n", targetIP)
			continue
		}
		info := baseInfo
		info.Host = hostParts[0]
		info.Ports = hostParts[1]
		infos = append(infos, info)
	}
	return infos
}

func executeScans(targets []Common.HostInfo, ch *chan struct{}, wg *sync.WaitGroup) {
	mode := Common.GetScanMode()
	var pluginsToRun []string

	// 获取要执行的插件列表
	if plugins := Common.GetPluginsForMode(mode); plugins != nil {
		// 预设模式下使用配置的插件组
		pluginsToRun = plugins
	} else {
		// 单插件模式下只包含指定的插件
		pluginsToRun = []string{mode}
	}

	// 统一处理所有目标和插件
	for _, target := range targets {
		targetPort, _ := strconv.Atoi(target.Ports)

		for _, pluginName := range pluginsToRun {
			// 获取插件信息
			plugin, exists := Common.PluginManager[pluginName]
			if !exists {
				continue
			}

			// 本地扫描模式的特殊处理
			if Common.LocalScan {
				// 只执行没有端口配置的插件
				if len(plugin.Ports) == 0 {
					AddScan(pluginName, target, ch, wg)
				}
				continue
			}

			// 非本地扫描模式的常规处理
			if len(plugin.Ports) > 0 {
				if plugin.HasPort(targetPort) {
					AddScan(pluginName, target, ch, wg)
				}
			} else {
				AddScan(pluginName, target, ch, wg)
			}
		}
	}
}

// finishScan 完成扫描任务
func finishScan(wg *sync.WaitGroup) {
	wg.Wait()
	Common.LogWG.Wait()
	close(Common.Results)
	fmt.Printf("[+] 扫描已完成: %v/%v\n", Common.End, Common.Num)
}

// Mutex用于保护共享资源的并发访问
var Mutex = &sync.Mutex{}

// AddScan 添加扫描任务到并发队列
func AddScan(plugin string, info Common.HostInfo, ch *chan struct{}, wg *sync.WaitGroup) {
	// 获取信号量，控制并发数
	*ch <- struct{}{}
	// 添加等待组计数
	wg.Add(1)

	// 启动goroutine执行扫描任务
	go func() {
		defer func() {
			wg.Done() // 完成任务后减少等待组计数
			<-*ch     // 释放信号量
		}()

		// 增加总任务数
		Mutex.Lock()
		Common.Num += 1
		Mutex.Unlock()

		// 执行扫描
		ScanFunc(&plugin, &info)

		// 增加已完成任务数
		Mutex.Lock()
		Common.End += 1
		Mutex.Unlock()
	}()
}

// ScanFunc 执行扫描插件
func ScanFunc(name *string, info *Common.HostInfo) {
	defer func() {
		if err := recover(); err != nil {
			fmt.Printf("[-] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err)
		}
	}()

	// 检查插件是否存在
	plugin, exists := Common.PluginManager[*name]
	if !exists {
		fmt.Printf("[*] 扫描类型 %v 无对应插件，已跳过\n", *name)
		return
	}

	// 直接调用扫描函数
	if err := plugin.ScanFunc(info); err != nil {
		fmt.Printf("[-] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err)
	}
}

// IsContain 检查切片中是否包含指定元素
func IsContain(items []string, item string) bool {
	for _, eachItem := range items {
		if eachItem == item {
			return true
		}
	}
	return false
}
refacor: 结构化更改 2024-12-19 15:24:10 +08:00			`package Core`
commit message 2020-12-29 17:17:10 +08:00
			`import (`
			`"fmt"`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`"github.com/shadow1ng/fscan/Common"`
加入fcgi协议未授权命令执行扫描,优化poc模块 2021-05-29 12:13:10 +08:00			`"github.com/shadow1ng/fscan/WebScan/lib"`
refactor: 默认扫描机制 2024-12-20 17:54:36 +08:00			`"strconv"`
commit message 2020-12-29 17:17:10 +08:00			`"strings"`
			`"sync"`
			`)`

refactor: 大型重构 2024-12-20 17:32:25 +08:00			`// Scan 执行扫描主流程`
refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`func Scan(info Common.HostInfo) {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`fmt.Println("[*] 开始信息扫描...")`

refactor: 大型重构 2024-12-20 17:32:25 +08:00			`Common.ParseScanMode(Common.ScanMode)`

			`ch := make(chan struct{}, Common.ThreadNum)`
			`wg := sync.WaitGroup{}`

			`// 本地信息收集模式`
refactor: 重构扫描模式逻辑 2024-12-21 18:26:44 +08:00			`if Common.LocalScan {`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`executeScans([]Common.HostInfo{info}, &ch, &wg)`
			`finishScan(&wg)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`return`
			`}`

refactor: 大型重构 2024-12-20 17:32:25 +08:00			`// 初始化并解析目标`
			`hosts, err := Common.ParseIP(info.Host, Common.HostsFile, Common.ExcludeHosts)`
优化ip解析模块 2021-12-01 15:22:48 +08:00			`if err != nil {`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`fmt.Printf("[-] 解析主机错误: %v\n", err)`
优化ip解析模块 2021-12-01 15:22:48 +08:00			`return`
			`}`
Update 2023-11-15 10:40:17 +08:00			`lib.Inithttp()`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`// 执行目标扫描`
			`executeScan(hosts, info, &ch, &wg)`
			`finishScan(&wg)`
			`}`

			`// executeScan 执行主扫描流程`
			`func executeScan(hosts []string, info Common.HostInfo, ch chan struct{}, wg sync.WaitGroup) {`
			`var targetInfos []Common.HostInfo`

			`// 处理主机和端口扫描`
			`if len(hosts) > 0 \|\| len(Common.HostPort) > 0 {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// ICMP存活性检测`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`if (Common.DisablePing == false && len(hosts) > 1) \|\| Common.IsICMPScan() {`
			`hosts = CheckLive(hosts, Common.UsePing)`
			`fmt.Printf("[+] ICMP存活主机数量: %d\n", len(hosts))`
			`if Common.IsICMPScan() {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`return`
			`}`
修复一个web超时的bug 2021-03-05 11:44:21 +08:00			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`// 获取存活端口`
			`var alivePorts []string`
			`if Common.IsWebScan() {`
			`alivePorts = NoPortScan(hosts, Common.Ports)`
			`} else if len(hosts) > 0 {`
			`alivePorts = PortScan(hosts, Common.Ports, Common.Timeout)`
			`fmt.Printf("[+] 存活端口数量: %d\n", len(alivePorts))`
			`if Common.IsPortScan() {`
			`return`
			`}`
			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 处理自定义端口`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`if len(Common.HostPort) > 0 {`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`alivePorts = append(alivePorts, Common.HostPort...)`
			`alivePorts = Common.RemoveDuplicate(alivePorts)`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.HostPort = nil`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`fmt.Printf("[+] 总计存活端口: %d\n", len(alivePorts))`
-hf 支持host:port和host/xx:port格式 2022-07-14 12:04:47 +08:00			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`targetInfos = prepareTargetInfos(alivePorts, info)`
commit message 2020-12-29 17:17:10 +08:00			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`// 准备URL扫描目标`
refactor: 大型重构 2024-12-20 03:46:09 +08:00			`for _, url := range Common.URLs {`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`urlInfo := info`
			`urlInfo.Url = url`
			`targetInfos = append(targetInfos, urlInfo)`
支持-u url或者-uf url.txt,进行url批量扫描 2021-03-04 14:42:10 +08:00			`}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`// 执行扫描任务`
			`if len(targetInfos) > 0 {`
			`fmt.Println("[*] 开始漏洞扫描...")`
			`executeScans(targetInfos, ch, wg)`
			`}`
commit message 2020-12-29 17:17:10 +08:00			`}`

refactor: 大型重构 2024-12-20 17:32:25 +08:00			`// prepareTargetInfos 准备扫描目标信息`
			`func prepareTargetInfos(alivePorts []string, baseInfo Common.HostInfo) []Common.HostInfo {`
			`var infos []Common.HostInfo`
			`for _, targetIP := range alivePorts {`
			`hostParts := strings.Split(targetIP, ":")`
			`if len(hostParts) != 2 {`
			`fmt.Printf("[-] 无效的目标地址格式: %s\n", targetIP)`
			`continue`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`}`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`info := baseInfo`
			`info.Host = hostParts[0]`
			`info.Ports = hostParts[1]`
			`infos = append(infos, info)`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`}`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`return infos`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`}`

refactor: 大型重构 2024-12-20 17:32:25 +08:00			`func executeScans(targets []Common.HostInfo, ch chan struct{}, wg sync.WaitGroup) {`
			`mode := Common.GetScanMode()`
refactor: 重构扫描模式逻辑 2024-12-21 18:26:44 +08:00			`var pluginsToRun []string`
refactor: 大型重构 2024-12-20 17:32:25 +08:00
refactor: 重构扫描模式逻辑 2024-12-21 18:26:44 +08:00			`// 获取要执行的插件列表`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`if plugins := Common.GetPluginsForMode(mode); plugins != nil {`
refactor: 重构扫描模式逻辑 2024-12-21 18:26:44 +08:00			`// 预设模式下使用配置的插件组`
			`pluginsToRun = plugins`
			`} else {`
			`// 单插件模式下只包含指定的插件`
			`pluginsToRun = []string{mode}`
			`}`

			`// 统一处理所有目标和插件`
			`for _, target := range targets {`
			`targetPort, _ := strconv.Atoi(target.Ports)`

			`for _, pluginName := range pluginsToRun {`
			`// 获取插件信息`
			`plugin, exists := Common.PluginManager[pluginName]`
			`if !exists {`
			`continue`
			`}`

			`// 本地扫描模式的特殊处理`
			`if Common.LocalScan {`
			`// 只执行没有端口配置的插件`
			`if len(plugin.Ports) == 0 {`
			`AddScan(pluginName, target, ch, wg)`
refactor: 默认扫描机制 2024-12-20 17:54:36 +08:00			`}`
refactor: 重构扫描模式逻辑 2024-12-21 18:26:44 +08:00			`continue`
			`}`
refactor: 默认扫描机制 2024-12-20 17:54:36 +08:00
refactor: 重构扫描模式逻辑 2024-12-21 18:26:44 +08:00			`// 非本地扫描模式的常规处理`
			`if len(plugin.Ports) > 0 {`
			`if plugin.HasPort(targetPort) {`
refactor: 默认扫描机制 2024-12-20 17:54:36 +08:00			`AddScan(pluginName, target, ch, wg)`
			`}`
refactor: 重构扫描模式逻辑 2024-12-21 18:26:44 +08:00			`} else {`
			`AddScan(pluginName, target, ch, wg)`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`}`
			`}`
			`}`
			`}`

refactor: 大型重构 2024-12-20 17:32:25 +08:00			`// finishScan 完成扫描任务`
			`func finishScan(wg *sync.WaitGroup) {`
			`wg.Wait()`
			`Common.LogWG.Wait()`
			`close(Common.Results)`
			`fmt.Printf("[+] 扫描已完成: %v/%v\n", Common.End, Common.Num)`
			`}`

refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// Mutex用于保护共享资源的并发访问`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`var Mutex = &sync.Mutex{}`

refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// AddScan 添加扫描任务到并发队列`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`func AddScan(plugin string, info Common.HostInfo, ch chan struct{}, wg sync.WaitGroup) {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// 获取信号量，控制并发数`
增加-dns参数启用dnslog poc 2022-08-16 11:18:09 +08:00			`*ch <- struct{}{}`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// 添加等待组计数`
commit message 2020-12-29 17:17:10 +08:00			`wg.Add(1)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 启动goroutine执行扫描任务`
commit message 2020-12-29 17:17:10 +08:00			`go func() {`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`defer func() {`
			`wg.Done() // 完成任务后减少等待组计数`
			`<-*ch // 释放信号量`
			`}()`

			`// 增加总任务数`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Lock()`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.Num += 1`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Unlock()`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 执行扫描`
refactor: 大型重构 2024-12-20 17:32:25 +08:00			`ScanFunc(&plugin, &info)`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
			`// 增加已完成任务数`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Lock()`
refactor: 规范化文件命名 2024-12-18 22:00:18 +08:00			`Common.End += 1`
修改线程处理机制 2021-03-30 18:12:54 +08:00			`Mutex.Unlock()`
commit message 2020-12-29 17:17:10 +08:00			`}()`
			`}`

refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`// ScanFunc 执行扫描插件`
refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`func ScanFunc(name string, info Common.HostInfo) {`
优化报错处理 2024-05-11 16:04:02 +08:00			`defer func() {`
			`if err := recover(); err != nil {`
perf: 统一错误输出 2024-12-21 17:21:41 +08:00			`fmt.Printf("[-] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err)`
优化报错处理 2024-05-11 16:04:02 +08:00			`}`
			`}()`
refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`// 检查插件是否存在`
refacor: 结构化修改 2024-12-19 16:15:53 +08:00			`plugin, exists := Common.PluginManager[*name]`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`if !exists {`
			`fmt.Printf("[] 扫描类型 %v 无对应插件，已跳过\n", name)`
			`return`
			`}`

			`// 直接调用扫描函数`
			`if err := plugin.ScanFunc(info); err != nil {`
perf: 统一错误输出 2024-12-21 17:21:41 +08:00			`fmt.Printf("[-] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err)`
refactor: 重构涉及文件更新 2024-12-18 21:56:08 +08:00			`}`
commit message 2020-12-29 17:17:10 +08:00			`}`

refactor: Scanner Scan函数重构 2024-12-18 15:18:58 +08:00			`// IsContain 检查切片中是否包含指定元素`
commit message 2020-12-29 17:17:10 +08:00			`func IsContain(items []string, item string) bool {`
			`for _, eachItem := range items {`
			`if eachItem == item {`
			`return true`
			`}`
			`}`
			`return false`
			`}`