Merge remote-tracking branch 'origin/main'

2025-11-05 10:45:27 +00:00 · 2023-11-13 09:45:59 +08:00 · 2023-11-13 09:45:59 +08:00 · 5242388522
commit 5242388522
parent 79fa3a8920 4cc65afe14
7 changed files with 69 additions and 33 deletions
--- a/.github/conf/.goreleaser.yml
+++ b/.github/conf/.goreleaser.yml
@ -1,5 +1,6 @@
 before:
  hooks:
    - sudo apt -y install libprotobuf-dev protobuf-compiler protoc-gen-go
    - go mod tidy
    - go generate ./...
 builds:
--- a/Plugins/NetBIOS.go
+++ b/Plugins/NetBIOS.go
@ -18,7 +18,7 @@ func NetBIOS(info *common.HostInfo) error {
 	netbios, _ := NetBIOS1(info)
 	output := netbios.String()
 	if len(output) > 0 {
-		result := fmt.Sprintf("[*] NetBios: %-15s %s ", info.Host, output)
+		result := fmt.Sprintf("[*] NetBios: %-15s %s", info.Host, output)
 		common.LogSuccess(result)
 		return nil
 	}
@ -237,7 +237,7 @@ func (info *NetBiosInfo) String() (output string) {
 	}
 	if text == "" {
 	} else if info.DomainControllers != "" {
-		output = fmt.Sprintf("[+]DC %-24s", text)
+		output = fmt.Sprintf("[+] DC:%-24s", text)
 	} else {
 		output = fmt.Sprintf("%-30s", text)
 	}
--- a/Plugins/mongodb.go
+++ b/Plugins/mongodb.go
@ -2,7 +2,6 @@ package Plugins
 import (
 	"fmt"
 	_ "github.com/denisenkom/go-mssqldb"
 	"github.com/shadow1ng/fscan/common"
 	"strings"
 	"time"
@ -22,32 +21,67 @@ func MongodbScan(info *common.HostInfo) error {
 func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
 	flag = false
-	senddata := []byte{72, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 1, 0, 0, 0, 33, 0, 0, 0, 2, 103, 101, 116, 76, 111, 103, 0, 16, 0, 0, 0, 115, 116, 97, 114, 116, 117, 112, 87, 97, 114, 110, 105, 110, 103, 115, 0, 0}
+	// op_msg
 	packet1 := []byte{
 		0x69, 0x00, 0x00, 0x00, // messageLength
 		0x39, 0x00, 0x00, 0x00, // requestID
 		0x00, 0x00, 0x00, 0x00, // responseTo
 		0xdd, 0x07, 0x00, 0x00, // opCode OP_MSG
 		0x00, 0x00, 0x00, 0x00, // flagBits
 		// sections db.adminCommand({getLog: "startupWarnings"})
 		0x00, 0x54, 0x00, 0x00, 0x00, 0x02, 0x67, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x00, 0x10, 0x00, 0x00, 0x00, 0x73, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x00, 0x02, 0x24, 0x64, 0x62, 0x00, 0x06, 0x00, 0x00, 0x00, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x00, 0x03, 0x6c, 0x73, 0x69, 0x64, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x05, 0x69, 0x64, 0x00, 0x10, 0x00, 0x00, 0x00, 0x04, 0x6e, 0x81, 0xf8, 0x8e, 0x37, 0x7b, 0x4c, 0x97, 0x84, 0x4e, 0x90, 0x62, 0x5a, 0x54, 0x3c, 0x93, 0x00, 0x00,
 	}
 	//op_query
 	packet2 := []byte{
 		0x48, 0x00, 0x00, 0x00, // messageLength
 		0x02, 0x00, 0x00, 0x00, // requestID
 		0x00, 0x00, 0x00, 0x00, // responseTo
 		0xd4, 0x07, 0x00, 0x00, // opCode OP_QUERY
 		0x00, 0x00, 0x00, 0x00, // flags
 		0x61, 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x24, 0x63, 0x6d, 0x64, 0x00, // fullCollectionName admin.$cmd
 		0x00, 0x00, 0x00, 0x00, // numberToSkip
 		0x01, 0x00, 0x00, 0x00, // numberToReturn
 		// query db.adminCommand({getLog: "startupWarnings"})
 		0x21, 0x00, 0x00, 0x00, 0x2, 0x67, 0x65, 0x74, 0x4c, 0x6f, 0x67, 0x00, 0x10, 0x00, 0x00, 0x00, 0x73, 0x74, 0x61, 0x72, 0x74, 0x75, 0x70, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x00, 0x00,
 	}
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
-	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
+
-	defer func() {
+	checkUnAuth := func(address string, packet []byte) (string, error) {
-		if conn != nil {
+		conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
-			conn.Close()
+		if err != nil {
 			return "", err
 		}
-	}()
+		defer func() {
-	if err != nil {
+			if conn != nil {
-		return flag, err
+				conn.Close()
 			}
 		}()
 		err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 		if err != nil {
 			return "", err
 		}
 		_, err = conn.Write(packet)
 		if err != nil {
 			return "", err
 		}
 		reply := make([]byte, 1024)
 		count, err := conn.Read(reply)
 		if err != nil {
 			return "", err
 		}
 		return string(reply[0:count]), nil
 	}
-	err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+
 	// send OP_MSG first
 	reply, err := checkUnAuth(realhost, packet1)
 	if err != nil {
-		return flag, err
+		reply, err = checkUnAuth(realhost, packet2)
 		if err != nil {
 			return flag, err
 		}
 	}
-	_, err = conn.Write(senddata)
+	if strings.Contains(reply, "totalLinesWritten") {
 	if err != nil {
 		return flag, err
 	}
 	buf := make([]byte, 1024)
 	count, err := conn.Read(buf)
 	if err != nil {
 		return flag, err
 	}
 	text := string(buf[0:count])
 	if strings.Contains(text, "totalLinesWritten") {
 		flag = true
 		result := fmt.Sprintf("[+] Mongodb:%v unauthorized", realhost)
 		common.LogSuccess(result)
--- a/Plugins/webtitle.go
+++ b/Plugins/webtitle.go
@ -4,10 +4,6 @@ import (
 	"compress/gzip"
 	"crypto/tls"
 	"fmt"
 	"github.com/shadow1ng/fscan/WebScan"
 	"github.com/shadow1ng/fscan/WebScan/lib"
 	"github.com/shadow1ng/fscan/common"
 	"golang.org/x/text/encoding/simplifiedchinese"
 	"io"
 	"io/ioutil"
 	"net/http"
@ -16,6 +12,11 @@ import (
 	"strings"
 	"time"
 	"unicode/utf8"
 	"github.com/shadow1ng/fscan/WebScan"
 	"github.com/shadow1ng/fscan/WebScan/lib"
 	"github.com/shadow1ng/fscan/common"
 	"golang.org/x/text/encoding/simplifiedchinese"
 )
 func WebTitle(info *common.HostInfo) error {
@ -140,7 +141,7 @@ func geturl(info *common.HostInfo, flag int, CheckData []WebScan.CheckDatas) (er
 	if !utf8.Valid(body) {
 		body, _ = simplifiedchinese.GBK.NewDecoder().Bytes(body)
 	}
-	CheckData = append(CheckData, WebScan.CheckDatas{body, fmt.Sprintf("%s", resp.Header)})
+	CheckData = append(CheckData, WebScan.CheckDatas{Body: body, Headers: fmt.Sprintf("%s", resp.Header)})
 	var reurl string
 	if flag != 2 {
 		title = gettitle(body)
--- a/WebScan/InfoScan.go
+++ b/WebScan/InfoScan.go
@ -38,7 +38,7 @@ func InfoCheck(Url string, CheckData *[]CheckDatas) []string {
 	infoname = removeDuplicateElement(infoname)
 	if len(infoname) > 0 {
-		result := fmt.Sprintf("[+] InfoScan:%-25v %s ", Url, infoname)
+		result := fmt.Sprintf("[+] InfoScan: %-25v %s ", Url, infoname)
 		common.LogSuccess(result)
 		return infoname
 	}
--- a/WebScan/lib/eval.go
+++ b/WebScan/lib/eval.go
@ -627,7 +627,7 @@ func DoRequest(req *http.Request, redirect bool) (*Response, error) {
 	defer oResp.Body.Close()
 	resp, err := ParseResponse(oResp)
 	if err != nil {
-		common.LogError("[-]ParseResponse error: " + err.Error())
+		common.LogError("[-] ParseResponse error: " + err.Error())
 		//return nil, err
 	}
 	return resp, err
--- a/common/flag.go
+++ b/common/flag.go
@ -57,8 +57,8 @@ func Flag(Info *HostInfo) {
 	flag.StringVar(&Passfile, "pwdf", "", "password file")
 	flag.StringVar(&PortFile, "portf", "", "Port File")
 	flag.StringVar(&PocPath, "pocpath", "", "poc file path")
-	flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
+	flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub)")
-	flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
+	flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666)")
 	flag.BoolVar(&IsWebCan, "nopoc", false, "not to scan web vul")
 	flag.BoolVar(&IsBrute, "nobr", false, "not to Brute password")
 	flag.IntVar(&BruteThread, "br", 1, "Brute threads")