From 98c6ec3e2fe62be22ed2676edd419dd687e021f8 Mon Sep 17 00:00:00 2001
From: ZacharyZcR <zacharyzcr1984@gmail.com>
Date: Tue, 13 Jan 2026 23:20:01 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20Elasticsearch=E6=9C=AA=E6=8E=88=E6=9D=83?=
 =?UTF-8?q?=E6=A3=80=E6=B5=8B=E4=BC=98=E5=85=88=E4=BA=8E=E7=88=86=E7=A0=B4?=
 =?UTF-8?q?=20(#554)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common/i18n/locales/en.yaml       |  2 ++
 common/i18n/locales/zh.yaml       |  2 ++
 plugins/services/elasticsearch.go | 14 +++++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/common/i18n/locales/en.yaml b/common/i18n/locales/en.yaml
index 7917762..f8de147 100644
--- a/common/i18n/locales/en.yaml
+++ b/common/i18n/locales/en.yaml
@@ -438,6 +438,8 @@ mongodb_auth_required:
   other: "MongoDB {{.Arg1}} Authentication required"
 elasticsearch_credential:
   other: "Elasticsearch {{.Arg1}} {{.Arg2}}:{{.Arg3}}"
+elasticsearch_unauth:
+  other: "Elasticsearch {{.Arg1}} Unauthorized access"
 elasticsearch_service:
   other: "Elasticsearch {{.Arg1}} {{.Arg2}}"
 mysql_credential:
diff --git a/common/i18n/locales/zh.yaml b/common/i18n/locales/zh.yaml
index b1ccff6..8490555 100644
--- a/common/i18n/locales/zh.yaml
+++ b/common/i18n/locales/zh.yaml
@@ -438,6 +438,8 @@ mongodb_auth_required:
   other: "MongoDB {{.Arg1}} 需要认证"
 elasticsearch_credential:
   other: "Elasticsearch {{.Arg1}} {{.Arg2}}:{{.Arg3}}"
+elasticsearch_unauth:
+  other: "Elasticsearch {{.Arg1}} 未授权访问"
 elasticsearch_service:
   other: "Elasticsearch {{.Arg1}} {{.Arg2}}"
 mysql_credential:
diff --git a/plugins/services/elasticsearch.go b/plugins/services/elasticsearch.go
index d4f58c2..6c28b25 100644
--- a/plugins/services/elasticsearch.go
+++ b/plugins/services/elasticsearch.go
@@ -32,6 +32,18 @@ func (p *ElasticsearchPlugin) Scan(ctx context.Context, info *common.HostInfo, c
 		return p.identifyService(ctx, info, config, state)
 	}
 
+	// 首先检测未授权访问
+	if p.testCredential(ctx, info, Credential{Username: "", Password: ""}, config, state) {
+		common.LogSuccess(i18n.Tr("elasticsearch_unauth", target))
+		return &ScanResult{
+			Success: true,
+			Type:    plugins.ResultTypeVuln,
+			Service: "elasticsearch",
+			VulInfo: "未授权访问",
+		}
+	}
+
+	// 如果需要认证，尝试常见凭据
 	credentials := GenerateCredentials("elasticsearch", config)
 	if len(credentials) == 0 {
 		return &ScanResult{
@@ -46,7 +58,7 @@ func (p *ElasticsearchPlugin) Scan(ctx context.Context, info *common.HostInfo, c
 			common.LogSuccess(i18n.Tr("elasticsearch_credential", target, cred.Username, cred.Password))
 			return &ScanResult{
 				Success:  true,
-					Type:     plugins.ResultTypeCredential,
+				Type:     plugins.ResultTypeCredential,
 				Service:  "elasticsearch",
 				Username: cred.Username,
 				Password: cred.Password,