diff --git a/Plugins/CVE-2020-0796.go b/Plugins/CVE-2020-0796.go index 9bdd4ec..279aaf0 100644 --- a/Plugins/CVE-2020-0796.go +++ b/Plugins/CVE-2020-0796.go @@ -106,10 +106,10 @@ func SmbGhostScan(info *common.HostInfo) error { ip, port, timeout := info.Host, 445, time.Duration(common.Timeout)*time.Second addr := fmt.Sprintf("%s:%v", info.Host, port) conn, err := common.WrapperTcpWithTimeout("tcp", addr, timeout) - defer conn.Close() if err != nil { return err } + defer conn.Close() _, err = conn.Write([]byte(pkt)) if err != nil { return err diff --git a/Plugins/NetBIOS.go b/Plugins/NetBIOS.go index ddb0ebe..d3d0c84 100644 --- a/Plugins/NetBIOS.go +++ b/Plugins/NetBIOS.go @@ -41,10 +41,10 @@ func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) { realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) var conn net.Conn conn, err = common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) - defer conn.Close() if err != nil { return } + defer conn.Close() err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) if err != nil { return @@ -89,10 +89,10 @@ func GetNbnsname(info *common.HostInfo) (netbios NetBiosInfo, err error) { //senddata1 := []byte("ff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01") realhost := fmt.Sprintf("%s:137", info.Host) conn, err := net.DialTimeout("udp", realhost, time.Duration(common.Timeout)*time.Second) - defer conn.Close() if err != nil { return } + defer conn.Close() err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) if err != nil { return diff --git a/Plugins/findnet.go b/Plugins/findnet.go index 3402505..6787a95 100644 --- a/Plugins/findnet.go +++ b/Plugins/findnet.go @@ -24,10 +24,10 @@ func Findnet(info *common.HostInfo) error { func FindnetScan(info *common.HostInfo) error { realhost := fmt.Sprintf("%s:%v", info.Host, 135) conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) - defer conn.Close() if err != nil { return err } + defer conn.Close() err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) if err != nil { return err diff --git a/Plugins/ms17010.go b/Plugins/ms17010.go index 72413f8..feb53e7 100644 --- a/Plugins/ms17010.go +++ b/Plugins/ms17010.go @@ -39,11 +39,11 @@ func MS17010Scan(info *common.HostInfo) error { ip := info.Host // connecting to a host in LAN if reachable should be very quick conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second) - defer conn.Close() if err != nil { //fmt.Printf("failed to connect to %s\n", ip) return err } + defer conn.Close() err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) if err != nil { //fmt.Printf("failed to connect to %s\n", ip) diff --git a/Plugins/portscan.go b/Plugins/portscan.go index 16dad80..7f9d66f 100644 --- a/Plugins/portscan.go +++ b/Plugins/portscan.go @@ -74,8 +74,8 @@ func PortScan(hostslist []string, ports string, timeout int64) []string { func PortConnect(addr Addr, respondingHosts chan<- string, adjustedTimeout int64, wg *sync.WaitGroup) { host, port := addr.ip, addr.port conn, err := common.WrapperTcpWithTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), time.Duration(adjustedTimeout)*time.Second) - defer conn.Close() if err == nil { + defer conn.Close() address := host + ":" + strconv.Itoa(port) result := fmt.Sprintf("%s open", address) common.LogSuccess(result) diff --git a/Plugins/rdp.go b/Plugins/rdp.go index 435e903..68d00f8 100644 --- a/Plugins/rdp.go +++ b/Plugins/rdp.go @@ -127,10 +127,10 @@ func NewClient(host string, logLevel glog.LEVEL) *Client { func (g *Client) Login(domain, user, pwd string, timeout int64) error { conn, err := common.WrapperTcpWithTimeout("tcp", g.Host, time.Duration(timeout)*time.Second) - defer conn.Close() if err != nil { return fmt.Errorf("[dial err] %v", err) } + defer conn.Close() glog.Info(conn.LocalAddr().String()) g.tpkt = tpkt.New(core.NewSocketLayer(conn), nla.NewNTLMv2(domain, user, pwd)) diff --git a/Plugins/redis.go b/Plugins/redis.go index e5cc497..01e2239 100644 --- a/Plugins/redis.go +++ b/Plugins/redis.go @@ -48,10 +48,10 @@ func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) { flag = false realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) - defer conn.Close() if err != nil { return flag, err } + defer conn.Close() err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) if err != nil { return flag, err @@ -84,10 +84,10 @@ func RedisUnauth(info *common.HostInfo) (flag bool, err error) { flag = false realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) - defer conn.Close() if err != nil { return flag, err } + defer conn.Close() err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) if err != nil { return flag, err diff --git a/Plugins/scanner.go b/Plugins/scanner.go index 3c3c854..fc55d50 100644 --- a/Plugins/scanner.go +++ b/Plugins/scanner.go @@ -33,12 +33,12 @@ func Scan(info common.HostInfo) { } var AlivePorts []string if common.Scantype == "webonly" || common.Scantype == "webpoc" { - AlivePorts = NoPortScan(Hosts, info.Ports) + AlivePorts = NoPortScan(Hosts, common.Ports) } else if common.Scantype == "hostname" { - info.Ports = "139" - AlivePorts = NoPortScan(Hosts, info.Ports) + common.Ports = "139" + AlivePorts = NoPortScan(Hosts, common.Ports) } else if len(Hosts) > 0 { - AlivePorts = PortScan(Hosts, info.Ports, common.Timeout) + AlivePorts = PortScan(Hosts, common.Ports, common.Timeout) fmt.Println("[*] alive ports len is:", len(AlivePorts)) if common.Scantype == "portscan" { common.LogWG.Wait() @@ -90,7 +90,7 @@ func Scan(info common.HostInfo) { wg.Wait() common.LogWG.Wait() close(common.Results) - fmt.Println(fmt.Sprintf("已完成 %v/%v", common.End, common.Num)) + fmt.Printf("已完成 %v/%v\n", common.End, common.Num) } var Mutex = &sync.Mutex{} diff --git a/Plugins/smb2.go b/Plugins/smb2.go index 51b86bd..1204e3e 100644 --- a/Plugins/smb2.go +++ b/Plugins/smb2.go @@ -67,10 +67,10 @@ func SmbScan2(info *common.HostInfo) (tmperr error) { func Smb2Con(info *common.HostInfo, user string, pass string, hash []byte, hasprint bool) (flag bool, err error, flag2 bool) { conn, err := net.DialTimeout("tcp", info.Host+":445", time.Duration(common.Timeout)*time.Second) - defer conn.Close() if err != nil { return } + defer conn.Close() initiator := smb2.NTLMInitiator{ User: user, Domain: common.Domain, diff --git a/common/Parse.go b/common/Parse.go index 886601c..e2ca8a5 100644 --- a/common/Parse.go +++ b/common/Parse.go @@ -101,7 +101,7 @@ func ParsePass(Info *HostInfo) { newport += port + "," } } - Info.Ports = newport + Ports = newport } } } @@ -140,15 +140,15 @@ func ParseInput(Info *HostInfo) { IsSave = false } - if Info.Ports == DefaultPorts { - Info.Ports += "," + Webport + if Ports == DefaultPorts { + Ports += "," + Webport } if PortAdd != "" { - if strings.HasSuffix(Info.Ports, ",") { - Info.Ports += PortAdd + if strings.HasSuffix(Ports, ",") { + Ports += PortAdd } else { - Info.Ports += "," + PortAdd + Ports += "," + PortAdd } } @@ -219,35 +219,35 @@ func ParseScantype(Info *HostInfo) { if !ok { showmode() } - if Scantype != "all" && Info.Ports == DefaultPorts+","+Webport { + if Scantype != "all" && Ports == DefaultPorts+","+Webport { switch Scantype { case "wmiexec": - Info.Ports = "135" + Ports = "135" case "wmiinfo": - Info.Ports = "135" + Ports = "135" case "smbinfo": - Info.Ports = "445" + Ports = "445" case "hostname": - Info.Ports = "135,137,139,445" + Ports = "135,137,139,445" case "smb2": - Info.Ports = "445" + Ports = "445" case "web": - Info.Ports = Webport + Ports = Webport case "webonly": - Info.Ports = Webport + Ports = Webport case "ms17010": - Info.Ports = "445" + Ports = "445" case "cve20200796": - Info.Ports = "445" + Ports = "445" case "portscan": - Info.Ports = DefaultPorts + "," + Webport + Ports = DefaultPorts + "," + Webport case "main": - Info.Ports = DefaultPorts + Ports = DefaultPorts default: port, _ := PORTList[Scantype] - Info.Ports = strconv.Itoa(port) + Ports = strconv.Itoa(port) } - fmt.Println("-m ", Scantype, " start scan the port:", Info.Ports) + fmt.Println("-m ", Scantype, " start scan the port:", Ports) } } diff --git a/common/ParsePort.go b/common/ParsePort.go index ac0e46d..ae098b3 100644 --- a/common/ParsePort.go +++ b/common/ParsePort.go @@ -15,6 +15,9 @@ func ParsePort(ports string) (scanPorts []int) { if port == "" { continue } + if PortGroup[port] != "" { + port = PortGroup[port] + } upper := port if strings.Contains(port, "-") { ranges := strings.Split(port, "-") diff --git a/common/config.go b/common/config.go index 8ff2b57..6cd4df1 100644 --- a/common/config.go +++ b/common/config.go @@ -82,6 +82,7 @@ type PocInfo struct { } var ( + Ports string Path string Scantype string Command string diff --git a/common/flag.go b/common/flag.go index c587386..c458ca0 100644 --- a/common/flag.go +++ b/common/flag.go @@ -20,7 +20,7 @@ func Flag(Info *HostInfo) { Banner() flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12") flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24") - flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306") + flag.StringVar(&Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306") flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389") flag.StringVar(&UserAdd, "usera", "", "add a user base DefaultUsers,-usera user") flag.StringVar(&PassAdd, "pwda", "", "add a password base DefaultPasses,-pwda password") diff --git a/main.go b/main.go index dfb3c7f..64b229d 100644 --- a/main.go +++ b/main.go @@ -13,6 +13,5 @@ func main() { common.Flag(&Info) common.Parse(&Info) Plugins.Scan(Info) - t := time.Since(start) - fmt.Printf("[*] 扫描结束,耗时: %s\n", t) + fmt.Printf("[*] 扫描结束,耗时: %s\n", time.Since(start)) }