mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 12:52:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修改icmp发包模式,更适合大规模探测。

Browse Source 
修改报错提示,--debug时,如果10秒内没有LogSuccess的消息,每隔10秒就会打印一下当前进度
This commit is contained in:
shadow1ng 2021-02-05 14:43:07 +08:00
parent d468986428
commit 1a8964cc6e
15 changed files with 149 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Plugins/ftp.go
View File

@ -16,6 +16,8 @@ func FtpScan(info *common.HostInfo) (tmperr error) {
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] ftp %v %v %v %v %v", info.Host, common.PORTList["ftp"], user, pass, err)
common.LogError(errlog)
tmperr = err
}
}

95
Plugins/icmp.go
View File

@ -3,6 +3,8 @@ package Plugins
import (
"bytes"
"fmt"
"golang.org/x/net/icmp"
"log"
"net"
"os"
"os/exec"
@ -50,58 +52,52 @@ func GetSys() SystemInfo {
return sysinfo
}
func isping(ip string) bool {
IcmpByte := []byte{8, 0, 247, 255, 0, 0, 0, 0}
Time, _ := time.ParseDuration("3s")
conn, err := net.DialTimeout("ip4:icmp", ip, Time)
func IcmpCheck(hostslist []string) {
conn, err := icmp.ListenPacket("ip4:icmp", "0.0.0.0")
endflag := false
if err != nil {
return false
}
defer conn.Close()
_, err = conn.Write(IcmpByte)
if err != nil {
return false
log.Fatal(err)
}
var chanHosts = make(chan string)
go func() {
for {
if endflag == true {
return
}
msg := make([]byte, 100)
_, sourceIP, _ := conn.ReadFrom(msg)
if sourceIP != nil {
chanHosts <- sourceIP.String()
}
}
}()
if err := conn.SetReadDeadline(time.Now().Add(time.Second * 3)); err != nil {
return false
}
go func() {
for ip := range chanHosts {
if !IsContain(AliveHosts, ip) {
fmt.Printf("(icmp) Target '%s' is alive\n", ip)
AliveHosts = append(AliveHosts, ip)
}
}
}()
recvBuf := make([]byte, 40)
num, err := conn.Read(recvBuf[0:40])
if err != nil {
return false
for _, host := range hostslist {
write(host, conn)
}
if err := conn.SetReadDeadline(time.Now().Add(time.Second * 3)); err != nil {
return false
if len(hostslist) > 10 {
time.Sleep(6 * time.Second)
} else {
time.Sleep(3 * time.Second)
}
if string(recvBuf[0:num]) != "" {
fmt.Printf("(ICMP) Target '%s' is alive\n", ip)
return true
}
return false
endflag = true
close(chanHosts)
conn.Close()
}
func IcmpCheck(hostslist []string, IcmpThreads int) {
var wg sync.WaitGroup
mutex := &sync.Mutex{}
limiter := make(chan struct{}, IcmpThreads)
for _, host := range hostslist {
wg.Add(1)
limiter <- struct{}{}
go func(host string) {
defer wg.Done()
if isping(host) {
mutex.Lock()
AliveHosts = append(AliveHosts, host)
mutex.Unlock()
}
<-limiter
}(host)
}
wg.Wait()
func write(ip string, conn *icmp.PacketConn) {
dst, _ := net.ResolveIPAddr("ip", ip)
IcmpByte := []byte{8, 0, 247, 255, 0, 0, 0, 0}
conn.WriteTo(IcmpByte, dst)
}
func ExecCommandPing(ip string, bsenv string) bool {
@ -133,7 +129,7 @@ func ExecCommandPing(ip string, bsenv string) bool {
func PingCMDcheck(hostslist []string, bsenv string) {
var wg sync.WaitGroup
mutex := &sync.Mutex{}
limiter := make(chan struct{}, 40)
limiter := make(chan struct{}, 50)
for _, host := range hostslist {
wg.Add(1)
limiter <- struct{}{}
@ -150,18 +146,17 @@ func PingCMDcheck(hostslist []string, bsenv string) {
}
wg.Wait()
}
func ICMPRun(hostslist []string, IcmpThreads int, Ping bool) []string {
func ICMPRun(hostslist []string, Ping bool) []string {
if SysInfo.OS == "windows" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
IcmpCheck(hostslist)
} else {
PingCMDcheck(hostslist, "")
}
} else if SysInfo.OS == "linux" {
if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
IcmpCheck(hostslist)
} else {
PingCMDcheck(hostslist, "/bin/bash")
}
@ -173,7 +168,7 @@ func ICMPRun(hostslist []string, IcmpThreads int, Ping bool) []string {
} else if SysInfo.OS == "darwin" {
if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
IcmpCheck(hostslist)
} else {
PingCMDcheck(hostslist, "/bin/bash")
}

2
Plugins/mssql.go
View File

@ -17,6 +17,8 @@ func MssqlScan(info *common.HostInfo) (tmperr error) {
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] mssql %v %v %v %v %v", info.Host, common.PORTList["mssql"], user, pass, err)
common.LogError(errlog)
tmperr = err
}
}

2
Plugins/mysql.go
View File

@ -17,6 +17,8 @@ func MysqlScan(info *common.HostInfo) (tmperr error) {
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] mysql %v %v %v %v %v", info.Host, common.PORTList["mysql"], user, pass, err)
common.LogError(errlog)
tmperr = err
}
}

2
Plugins/postgres.go
View File

@ -17,6 +17,8 @@ func PostgresScan(info *common.HostInfo) (tmperr error) {
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] psql %v %v %v %v %v", info.Host, common.PORTList["psql"], user, pass, err)
common.LogError(errlog)
tmperr = err
}
}

16
Plugins/redis.go
View File

@ -21,6 +21,8 @@ func RedisScan(info *common.HostInfo) (tmperr error) {
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] redis %v %v %v %v %v", info.Host, common.PORTList["redis"], pass, err)
common.LogError(errlog)
tmperr = err
}
}
@ -47,7 +49,7 @@ func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
result := fmt.Sprintf("[+] Redis:%s %s", realhost, pass)
common.LogSuccess(result)
flag = true
Expoilt(info, realhost, conn)
Expoilt(realhost, conn)
}
return flag, err
}
@ -72,12 +74,12 @@ func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
result := fmt.Sprintf("[+] Redis:%s unauthorized", realhost)
common.LogSuccess(result)
flag = true
Expoilt(info, realhost, conn)
Expoilt(realhost, conn)
}
return flag, err
}
func Expoilt(info *common.HostInfo, realhost string, conn net.Conn) error {
func Expoilt(realhost string, conn net.Conn) error {
flagSsh, flagCron, err := testwrite(conn)
if err != nil {
return err
@ -85,8 +87,8 @@ func Expoilt(info *common.HostInfo, realhost string, conn net.Conn) error {
if flagSsh == true {
result := fmt.Sprintf("Redis:%v like can write /root/.ssh/", realhost)
common.LogSuccess(result)
if info.RedisFile != "" {
writeok, text, err := writekey(conn, info.RedisFile)
if common.RedisFile != "" {
writeok, text, err := writekey(conn, common.RedisFile)
if err != nil {
return err
}
@ -102,8 +104,8 @@ func Expoilt(info *common.HostInfo, realhost string, conn net.Conn) error {
if flagCron == true {
result := fmt.Sprintf("Redis:%v like can write /var/spool/cron/", realhost)
common.LogSuccess(result)
if info.RedisShell != "" {
writeok, text, err := writecron(conn, info.RedisShell)
if common.RedisShell != "" {
writeok, text, err := writecron(conn, common.RedisShell)
if err != nil {
return err
}

12
Plugins/scanner.go
View File

@ -12,9 +12,9 @@ import (
func Scan(info common.HostInfo) {
fmt.Println("scan start")
Hosts, _ := common.ParseIP(info.Host, info.HostFile)
if info.Isping == false {
Hosts = ICMPRun(Hosts, info.IcmpThreads, info.Ping)
Hosts, _ := common.ParseIP(info.Host, common.HostFile)
if common.IsPing == false {
Hosts = ICMPRun(Hosts, common.Ping)
fmt.Println("icmp alive hosts len is:", len(Hosts))
}
if info.Scantype == "icmp" {
@ -28,7 +28,7 @@ func Scan(info common.HostInfo) {
for _, port := range common.PORTList {
severports = append(severports, strconv.Itoa(port))
}
var ch = make(chan struct{}, info.Threads)
var ch = make(chan struct{}, common.Threads)
var wg = sync.WaitGroup{}
for _, targetIP := range AlivePorts {
info.Host, info.Ports = strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1]
@ -55,12 +55,12 @@ func AddScan(scantype string, info common.HostInfo, ch chan struct{}, wg *sync.W
wg.Add(1)
go func() {
err, _ := ScanFunc(PluginList, scantype, &info)
if info.Debug {
if common.LogErr {
tmperr := err[0].Interface()
if tmperr != nil {
tmperr1 := err[0].Interface().(error)
errtext := strings.Replace(tmperr1.Error(), "\n", "", -1)
fmt.Println(info.Host+":"+info.Ports, errtext)
fmt.Println("[-] ", info.Host+":"+info.Ports, errtext)
}
}
wg.Done()

2
Plugins/smb.go
View File

@ -23,6 +23,8 @@ func SmbScan(info *common.HostInfo) (tmperr error) {
common.LogSuccess(result)
return err
} else {
errlog := fmt.Sprintf("[-] smb %v %v %v %v %v", info.Host, 445, user, pass, err)
common.LogError(errlog)
tmperr = err
}
}

2
Plugins/ssh.go
View File

@ -17,6 +17,8 @@ func SshScan(info *common.HostInfo) (tmperr error) {
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] ssh", info.Host, common.PORTList["ssh"], user, pass, err)
common.LogError(errlog)
tmperr = err
}
}

10
Plugins/webtitle.go
View File

@ -23,7 +23,7 @@ func WebTitle(info *common.HostInfo) (err error, result string) {
}
err, result = geturl(info)
if info.IsWebCan || err != nil {
if common.IsWebCan || err != nil {
return
}
@ -44,9 +44,15 @@ func geturl(info *common.HostInfo) (err error, result string) {
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
DisableKeepAlives: false,
DialContext: (&net.Dialer{
Timeout: time.Duration(info.WebTimeout) * time.Second,
Timeout: time.Duration(info.WebTimeout) * time.Second,
KeepAlive: time.Duration(info.WebTimeout+3) * time.Second,
}).DialContext,
MaxIdleConns: 1000,
MaxIdleConnsPerHost: 1000,
IdleConnTimeout: time.Duration(info.WebTimeout+3) * time.Second,
TLSHandshakeTimeout: 5 * time.Second,
}
var client = &http.Client{Timeout: time.Duration(info.WebTimeout) * time.Second, Transport: tr}
res, err := http.NewRequest("GET", url, nil)
if err == nil {

7
WebScan/WebScan.go
View File

@ -13,9 +13,10 @@ import (
var Pocs embed.FS
func WebScan(info *common.HostInfo) {
info.PocInfo.Target = info.Url
err := Execute(info.PocInfo)
if err != nil && info.Debug {
var pocinfo = common.Pocinfo
pocinfo.Target = info.Url
err := Execute(pocinfo)
if err != nil && common.LogErr {
fmt.Println(info.Url, err)
}
}

19
common/Parse.go
View File

@ -28,8 +28,8 @@ func ParseUser(Info *HostInfo) {
Userdict[name] = Info.Usernames
}
}
if Info.Userfile != "" {
uesrs, err := Readfile(Info.Userfile)
if Userfile != "" {
uesrs, err := Readfile(Userfile)
if err == nil {
for _, uesr := range uesrs {
if uesr != "" {
@ -54,8 +54,8 @@ func ParsePass(Info *HostInfo) {
}
Passwords = Info.Passwords
}
if Info.Passfile != "" {
passs, err := Readfile(Info.Passfile)
if Passfile != "" {
passs, err := Readfile(Passfile)
if err == nil {
for _, pass := range passs {
if pass != "" {
@ -88,19 +88,20 @@ func Readfile(filename string) ([]string, error) {
}
func ParseInput(Info *HostInfo) {
if Info.Host == "" && Info.HostFile == "" {
if Info.Host == "" && HostFile == "" {
fmt.Println("Host is none")
flag.Usage()
os.Exit(0)
}
if Info.Outputfile != "" {
//LogErr = Info.Debug
if TmpOutputfile != "" {
if !strings.Contains(Outputfile, "/") && !strings.Contains(Outputfile, `\`) {
Outputfile = getpath() + Info.Outputfile
Outputfile = getpath() + TmpOutputfile
} else {
Outputfile = Info.Outputfile
Outputfile = TmpOutputfile
}
}
if Info.IsSave == true {
if TmpSave == true {
IsSave = false
}
}

52
common/config.go
View File

@ -53,38 +53,23 @@ var PortlistBack = map[string]int{
}
var Outputfile = getpath() + "result.txt"
var IsSave = true
var DefaultPorts = "21,22,80,81,135,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9200,11211,27017"
type HostInfo struct {
Host string
HostFile string
Ports string
Domain string
Url string
Timeout int64
WebTimeout int64
Scantype string
Ping bool
Isping bool
Threads int
IcmpThreads int
Command string
Username string
Password string
Userfile string
Passfile string
Usernames []string
Passwords []string
Outputfile string
IsSave bool
RedisFile string
RedisShell string
IsWebCan bool
Debug bool
PocInfo PocInfo
Host string
Ports string
Domain string
Url string
Timeout int64
WebTimeout int64
Scantype string
Command string
Username string
Password string
Usernames []string
Passwords []string
}
type PocInfo struct {
@ -102,3 +87,16 @@ type PocInfo struct {
ApiKey string
CeyeDomain string
}
var TmpOutputfile string
var TmpSave bool
var IsPing bool
var Ping bool
var Pocinfo PocInfo
var IsWebCan bool
var RedisFile string
var RedisShell string
var Userfile string
var Passfile string
var HostFile string
var Threads int

33
common/flag.go
View File

@ -11,7 +11,7 @@ func Banner() {
/ /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ /
/ /_\\_____\__ \ (__| | | (_| | (__| <
\____/ |___/\___|_| \__,_|\___|_|\_\
fscan version: 1.4.2
fscan version: 1.4.3
`
print(banner)
}
@ -19,30 +19,29 @@ func Banner() {
func Flag(Info *HostInfo) {
Banner()
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&Info.HostFile, "hf", "", "host file, -hs ip.txt")
flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
flag.IntVar(&Info.Threads, "t", 200, "Thread nums")
flag.IntVar(&Info.IcmpThreads, "it", 1100, "Icmp Threads nums")
flag.BoolVar(&Info.Isping, "np", false, "not to ping")
flag.BoolVar(&Info.Ping, "ping", false, "using ping replace icmp")
flag.BoolVar(&Info.IsSave, "no", false, "not to save output log")
flag.StringVar(&Info.Domain, "domain", "", "smb domain")
flag.StringVar(&Info.Username, "user", "", "username")
flag.StringVar(&Info.Userfile, "userf", "", "username file")
flag.StringVar(&Info.Password, "pwd", "", "password")
flag.StringVar(&Info.Passfile, "pwdf", "", "password file")
flag.StringVar(&Info.Outputfile, "o", "result.txt", "Outputfile")
flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
flag.BoolVar(&Info.Debug, "debug", false, "debug mode will print more error info")
flag.Int64Var(&Info.WebTimeout, "wt", 3, "Set web timeout")
flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
flag.StringVar(&Info.RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
flag.StringVar(&Info.RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
flag.BoolVar(&Info.IsWebCan, "nopoc", false, "not to scan web vul")
flag.StringVar(&Info.PocInfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
flag.StringVar(&Info.PocInfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
flag.IntVar(&Info.PocInfo.Num, "Num", 20, "poc rate")
flag.IntVar(&Threads, "t", 200, "Thread nums")
flag.StringVar(&HostFile, "hf", "", "host file, -hs ip.txt")
flag.StringVar(&Userfile, "userf", "", "username file")
flag.StringVar(&Passfile, "pwdf", "", "password file")
flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
flag.BoolVar(&IsWebCan, "nopoc", false, "not to scan web vul")
flag.BoolVar(&IsPing, "np", false, "not to ping")
flag.BoolVar(&Ping, "ping", false, "using ping replace icmp")
flag.StringVar(&TmpOutputfile, "o", "result.txt", "Outputfile")
flag.BoolVar(&TmpSave, "no", false, "not to save output log")
flag.BoolVar(&LogErr, "debug", false, "debug mode will print more error info")
flag.StringVar(&Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
flag.StringVar(&Pocinfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
flag.IntVar(&Pocinfo.Num, "Num", 20, "poc rate")
flag.Parse()
}

14
common/log.go
View File

@ -3,14 +3,19 @@ package common
import (
"fmt"
"os"
"time"
)
var Results = make(chan string)
var Woker = 0
var Start = true
var LogSucTime int64
var LogErr bool
var LogErrTime int64
func LogSuccess(result string) {
Woker++
LogSucTime = time.Now().Unix()
if Start {
go SaveLog()
Start = false
@ -50,3 +55,12 @@ func WaitSave() {
}
}
}
func LogError(errinfo interface{}) {
if LogErr {
if (time.Now().Unix()-LogSucTime) > 10 && (time.Now().Unix()-LogErrTime) > 10 {
fmt.Println(errinfo)
LogErrTime = time.Now().Unix()
}
}
}