From b401b896f44b349156c027e7832bcf447c05ccb9 Mon Sep 17 00:00:00 2001 From: Zh0um1 <94421064+Zh0um1@users.noreply.github.com> Date: Sat, 4 Feb 2023 06:56:16 +0000 Subject: [PATCH 1/8] =?UTF-8?q?=E6=94=AF=E6=8C=81mongodb6.0=E6=9C=AA?= =?UTF-8?q?=E6=8E=88=E6=9D=83=E6=89=AB=E6=8F=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Plugins/mongodb.go | 78 +++++++++++++++++++++++++++++++++------------- 1 file changed, 56 insertions(+), 22 deletions(-) diff --git a/Plugins/mongodb.go b/Plugins/mongodb.go index ffcdc70..cc81424 100644 --- a/Plugins/mongodb.go +++ b/Plugins/mongodb.go @@ -2,7 +2,6 @@ package Plugins import ( "fmt" - _ "github.com/denisenkom/go-mssqldb" "github.com/shadow1ng/fscan/common" "strings" "time" @@ -22,32 +21,67 @@ func MongodbScan(info *common.HostInfo) error { func MongodbUnauth(info *common.HostInfo) (flag bool, err error) { flag = false - senddata := []byte{72, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 1, 0, 0, 0, 33, 0, 0, 0, 2, 103, 101, 116, 76, 111, 103, 0, 16, 0, 0, 0, 115, 116, 97, 114, 116, 117, 112, 87, 97, 114, 110, 105, 110, 103, 115, 0, 0} + // op_msg + packet1 := []byte{ + 0x69, 0x00, 0x00, 0x00, // messageLength + 0x39, 0x00, 0x00, 0x00, // requestID + 0x00, 0x00, 0x00, 0x00, // responseTo + 0xdd, 0x07, 0x00, 0x00, // opCode OP_MSG + 0x00, 0x00, 0x00, 0x00, // flagBits + // sections db.adminCommand({getLog: "startupWarnings"}) + 0x00, 0x54, 0x00, 0x00, 0x00, 0x02, 0x67, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x00, 0x10, 0x00, 0x00, 0x00, 0x73, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x00, 0x02, 0x24, 0x64, 0x62, 0x00, 0x06, 0x00, 0x00, 0x00, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x00, 0x03, 0x6c, 0x73, 0x69, 0x64, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x05, 0x69, 0x64, 0x00, 0x10, 0x00, 0x00, 0x00, 0x04, 0x6e, 0x81, 0xf8, 0x8e, 0x37, 0x7b, 0x4c, 0x97, 0x84, 0x4e, 0x90, 0x62, 0x5a, 0x54, 0x3c, 0x93, 0x00, 0x00, + } + //op_query + packet2 := []byte{ + 0x48, 0x00, 0x00, 0x00, // messageLength + 0x02, 0x00, 0x00, 0x00, // requestID + 0x00, 0x00, 0x00, 0x00, // responseTo + 0xd4, 0x07, 0x00, 0x00, // opCode OP_QUERY + 0x00, 0x00, 0x00, 0x00, // flags + 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x24, 0x63, 0x6d, 0x64, 0x00, // fullCollectionName admin.$cmd + 0x00, 0x00, 0x00, 0x00, // numberToSkip + 0x01, 0x00, 0x00, 0x00, // numberToReturn + // query db.adminCommand({getLog: "startupWarnings"}) + 0x21, 0x00, 0x00, 0x00, 0x2, 0x67, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x00, 0x10, 0x00, 0x00, 0x00, 0x73, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x00, 0x00, + } + realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) - conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) - defer func() { - if conn != nil { - conn.Close() + + checkUnAuth := func(address string, packet []byte) (string, error) { + conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) + if err != nil { + return "", err } - }() - if err != nil { - return flag, err + defer func() { + if conn != nil { + conn.Close() + } + }() + err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + if err != nil { + return "", err + } + _, err = conn.Write(packet) + if err != nil { + return "", err + } + reply := make([]byte, 1024) + count, err := conn.Read(reply) + if err != nil { + return "", err + } + return string(reply[0:count]), nil } - err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + + // send OP_MSG first + reply, err := checkUnAuth(realhost, packet1) if err != nil { - return flag, err + reply, err = checkUnAuth(realhost, packet2) + if err != nil { + return flag, err + } } - _, err = conn.Write(senddata) - if err != nil { - return flag, err - } - buf := make([]byte, 1024) - count, err := conn.Read(buf) - if err != nil { - return flag, err - } - text := string(buf[0:count]) - if strings.Contains(text, "totalLinesWritten") { + if strings.Contains(reply, "totalLinesWritten") { flag = true result := fmt.Sprintf("[+] Mongodb:%v unauthorized", realhost) common.LogSuccess(result) From 857c4c0d4b32a9db878bdeaa00b24a72db18b1e0 Mon Sep 17 00:00:00 2001 From: keacwu Date: Tue, 9 May 2023 13:42:17 +0800 Subject: [PATCH 2/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=87=AA=E5=8A=A8?= =?UTF-8?q?=E5=8C=96=E7=BC=96=E8=AF=91=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/conf/.goreleaser.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/conf/.goreleaser.yml b/.github/conf/.goreleaser.yml index e439b9d..02d2a38 100644 --- a/.github/conf/.goreleaser.yml +++ b/.github/conf/.goreleaser.yml @@ -1,5 +1,6 @@ before: hooks: + - sudo apt -y install libprotobuf-dev protobuf-compiler protoc-gen-go - go mod tidy - go generate ./... builds: From 5c119e97ae97a54ac4337e0fd9bc7a43d44fe6b0 Mon Sep 17 00:00:00 2001 From: dksslq <1578756762@qq.com> Date: Wed, 24 May 2023 19:43:05 +0800 Subject: [PATCH 3/8] Add some spaces --- WebScan/InfoScan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WebScan/InfoScan.go b/WebScan/InfoScan.go index 30c3410..bf71d68 100644 --- a/WebScan/InfoScan.go +++ b/WebScan/InfoScan.go @@ -38,7 +38,7 @@ func InfoCheck(Url string, CheckData *[]CheckDatas) []string { infoname = removeDuplicateElement(infoname) if len(infoname) > 0 { - result := fmt.Sprintf("[+] InfoScan:%-25v %s ", Url, infoname) + result := fmt.Sprintf("[+] InfoScan: %-25v %s ", Url, infoname) common.LogSuccess(result) return infoname } From 7bf79b60af525022fef33033e52782bbcdbbe0da Mon Sep 17 00:00:00 2001 From: dksslq <1578756762@qq.com> Date: Wed, 24 May 2023 19:44:42 +0800 Subject: [PATCH 4/8] Update NetBIOS.go --- Plugins/NetBIOS.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Plugins/NetBIOS.go b/Plugins/NetBIOS.go index e9ad936..1a0676b 100644 --- a/Plugins/NetBIOS.go +++ b/Plugins/NetBIOS.go @@ -237,7 +237,7 @@ func (info *NetBiosInfo) String() (output string) { } if text == "" { } else if info.DomainControllers != "" { - output = fmt.Sprintf("[+]DC %-24s", text) + output = fmt.Sprintf("[+] DC:%-24s", text) } else { output = fmt.Sprintf("%-30s", text) } From d151ea2c7f0e15c018e3f4bca185639109dc1360 Mon Sep 17 00:00:00 2001 From: dksslq <1578756762@qq.com> Date: Wed, 24 May 2023 19:49:52 +0800 Subject: [PATCH 5/8] Remove unused space --- Plugins/NetBIOS.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Plugins/NetBIOS.go b/Plugins/NetBIOS.go index 1a0676b..22111a7 100644 --- a/Plugins/NetBIOS.go +++ b/Plugins/NetBIOS.go @@ -18,7 +18,7 @@ func NetBIOS(info *common.HostInfo) error { netbios, _ := NetBIOS1(info) output := netbios.String() if len(output) > 0 { - result := fmt.Sprintf("[*] NetBios: %-15s %s ", info.Host, output) + result := fmt.Sprintf("[*] NetBios: %-15s %s", info.Host, output) common.LogSuccess(result) return nil } From f0cb31a6d231e2c2f10db1c7ed69ee5a7cfb4076 Mon Sep 17 00:00:00 2001 From: dksslq <1578756762@qq.com> Date: Wed, 24 May 2023 19:53:17 +0800 Subject: [PATCH 6/8] Remove unused spaces --- common/flag.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/flag.go b/common/flag.go index eaeca0d..d4c771f 100644 --- a/common/flag.go +++ b/common/flag.go @@ -57,8 +57,8 @@ func Flag(Info *HostInfo) { flag.StringVar(&Passfile, "pwdf", "", "password file") flag.StringVar(&PortFile, "portf", "", "Port File") flag.StringVar(&PocPath, "pocpath", "", "poc file path") - flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ") - flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ") + flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub)") + flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666)") flag.BoolVar(&IsWebCan, "nopoc", false, "not to scan web vul") flag.BoolVar(&IsBrute, "nobr", false, "not to Brute password") flag.IntVar(&BruteThread, "br", 1, "Brute threads") From db38dbdcc771ca5ee53090d861ff5095e598e83f Mon Sep 17 00:00:00 2001 From: dksslq <1578756762@qq.com> Date: Wed, 24 May 2023 19:57:25 +0800 Subject: [PATCH 7/8] Add space --- WebScan/lib/eval.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WebScan/lib/eval.go b/WebScan/lib/eval.go index 796e70f..33e9616 100644 --- a/WebScan/lib/eval.go +++ b/WebScan/lib/eval.go @@ -627,7 +627,7 @@ func DoRequest(req *http.Request, redirect bool) (*Response, error) { defer oResp.Body.Close() resp, err := ParseResponse(oResp) if err != nil { - common.LogError("[-]ParseResponse error: " + err.Error()) + common.LogError("[-] ParseResponse error: " + err.Error()) //return nil, err } return resp, err From 8a788427b715f8d64edaf44675fa1ffd7833dd01 Mon Sep 17 00:00:00 2001 From: xiaobo Date: Mon, 26 Jun 2023 18:15:09 +0800 Subject: [PATCH 8/8] fix: add field names to struct literal --- Plugins/webtitle.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Plugins/webtitle.go b/Plugins/webtitle.go index 20b1b87..1c78ea0 100644 --- a/Plugins/webtitle.go +++ b/Plugins/webtitle.go @@ -4,10 +4,6 @@ import ( "compress/gzip" "crypto/tls" "fmt" - "github.com/shadow1ng/fscan/WebScan" - "github.com/shadow1ng/fscan/WebScan/lib" - "github.com/shadow1ng/fscan/common" - "golang.org/x/text/encoding/simplifiedchinese" "io" "io/ioutil" "net/http" @@ -16,6 +12,11 @@ import ( "strings" "time" "unicode/utf8" + + "github.com/shadow1ng/fscan/WebScan" + "github.com/shadow1ng/fscan/WebScan/lib" + "github.com/shadow1ng/fscan/common" + "golang.org/x/text/encoding/simplifiedchinese" ) func WebTitle(info *common.HostInfo) error { @@ -140,7 +141,7 @@ func geturl(info *common.HostInfo, flag int, CheckData []WebScan.CheckDatas) (er if !utf8.Valid(body) { body, _ = simplifiedchinese.GBK.NewDecoder().Bytes(body) } - CheckData = append(CheckData, WebScan.CheckDatas{body, fmt.Sprintf("%s", resp.Header)}) + CheckData = append(CheckData, WebScan.CheckDatas{Body: body, Headers: fmt.Sprintf("%s", resp.Header)}) var reurl string if flag != 2 { title = gettitle(body)