Update

2025-07-13 21:02:44 +08:00 · 2023-11-13 16:23:19 +08:00 · 2023-11-13 16:23:19 +08:00 · 1c631133ad
commit 1c631133ad
parent 6bf396d09f
14 changed files with 41 additions and 38 deletions
--- a/Plugins/CVE-2020-0796.go
+++ b/Plugins/CVE-2020-0796.go
@ -106,10 +106,10 @@ func SmbGhostScan(info *common.HostInfo) error {
 	ip, port, timeout := info.Host, 445, time.Duration(common.Timeout)*time.Second
 	addr := fmt.Sprintf("%s:%v", info.Host, port)
 	conn, err := common.WrapperTcpWithTimeout("tcp", addr, timeout)
 	defer conn.Close()
 	if err != nil {
 		return err
 	}
 	defer conn.Close()
 	_, err = conn.Write([]byte(pkt))
 	if err != nil {
 		return err
--- a/Plugins/NetBIOS.go
+++ b/Plugins/NetBIOS.go
@ -41,10 +41,10 @@ func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) {
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
 	var conn net.Conn
 	conn, err = common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
 	defer conn.Close()
 	if err != nil {
 		return
 	}
 	defer conn.Close()
 	err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 	if err != nil {
 		return
@ -89,10 +89,10 @@ func GetNbnsname(info *common.HostInfo) (netbios NetBiosInfo, err error) {
 	//senddata1 := []byte("ff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01")
 	realhost := fmt.Sprintf("%s:137", info.Host)
 	conn, err := net.DialTimeout("udp", realhost, time.Duration(common.Timeout)*time.Second)
 	defer conn.Close()
 	if err != nil {
 		return
 	}
 	defer conn.Close()
 	err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 	if err != nil {
 		return
--- a/Plugins/findnet.go
+++ b/Plugins/findnet.go
@ -24,10 +24,10 @@ func Findnet(info *common.HostInfo) error {
 func FindnetScan(info *common.HostInfo) error {
 	realhost := fmt.Sprintf("%s:%v", info.Host, 135)
 	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
 	defer conn.Close()
 	if err != nil {
 		return err
 	}
 	defer conn.Close()
 	err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 	if err != nil {
 		return err
--- a/Plugins/ms17010.go
+++ b/Plugins/ms17010.go
@ -39,11 +39,11 @@ func MS17010Scan(info *common.HostInfo) error {
 	ip := info.Host
 	// connecting to a host in LAN if reachable should be very quick
 	conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second)
 	defer conn.Close()
 	if err != nil {
 		//fmt.Printf("failed to connect to %s\n", ip)
 		return err
 	}
 	defer conn.Close()
 	err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 	if err != nil {
 		//fmt.Printf("failed to connect to %s\n", ip)
--- a/Plugins/portscan.go
+++ b/Plugins/portscan.go
@ -74,8 +74,8 @@ func PortScan(hostslist []string, ports string, timeout int64) []string {
 func PortConnect(addr Addr, respondingHosts chan<- string, adjustedTimeout int64, wg *sync.WaitGroup) {
 	host, port := addr.ip, addr.port
 	conn, err := common.WrapperTcpWithTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), time.Duration(adjustedTimeout)*time.Second)
 	defer conn.Close()
 	if err == nil {
 		defer conn.Close()
 		address := host + ":" + strconv.Itoa(port)
 		result := fmt.Sprintf("%s open", address)
 		common.LogSuccess(result)
--- a/Plugins/rdp.go
+++ b/Plugins/rdp.go
@ -127,10 +127,10 @@ func NewClient(host string, logLevel glog.LEVEL) *Client {
 func (g *Client) Login(domain, user, pwd string, timeout int64) error {
 	conn, err := common.WrapperTcpWithTimeout("tcp", g.Host, time.Duration(timeout)*time.Second)
 	defer conn.Close()
 	if err != nil {
 		return fmt.Errorf("[dial err] %v", err)
 	}
 	defer conn.Close()
 	glog.Info(conn.LocalAddr().String())
 	g.tpkt = tpkt.New(core.NewSocketLayer(conn), nla.NewNTLMv2(domain, user, pwd))
--- a/Plugins/redis.go
+++ b/Plugins/redis.go
@ -48,10 +48,10 @@ func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
 	flag = false
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
 	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
 	defer conn.Close()
 	if err != nil {
 		return flag, err
 	}
 	defer conn.Close()
 	err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 	if err != nil {
 		return flag, err
@ -84,10 +84,10 @@ func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
 	flag = false
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
 	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
 	defer conn.Close()
 	if err != nil {
 		return flag, err
 	}
 	defer conn.Close()
 	err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 	if err != nil {
 		return flag, err
--- a/Plugins/scanner.go
+++ b/Plugins/scanner.go
@ -33,12 +33,12 @@ func Scan(info common.HostInfo) {
 		}
 		var AlivePorts []string
 		if common.Scantype == "webonly" || common.Scantype == "webpoc" {
-			AlivePorts = NoPortScan(Hosts, info.Ports)
+			AlivePorts = NoPortScan(Hosts, common.Ports)
 		} else if common.Scantype == "hostname" {
-			info.Ports = "139"
+			common.Ports = "139"
-			AlivePorts = NoPortScan(Hosts, info.Ports)
+			AlivePorts = NoPortScan(Hosts, common.Ports)
 		} else if len(Hosts) > 0 {
-			AlivePorts = PortScan(Hosts, info.Ports, common.Timeout)
+			AlivePorts = PortScan(Hosts, common.Ports, common.Timeout)
 			fmt.Println("[*] alive ports len is:", len(AlivePorts))
 			if common.Scantype == "portscan" {
 				common.LogWG.Wait()
@ -90,7 +90,7 @@ func Scan(info common.HostInfo) {
 	wg.Wait()
 	common.LogWG.Wait()
 	close(common.Results)
-	fmt.Println(fmt.Sprintf("已完成 %v/%v", common.End, common.Num))
+	fmt.Printf("已完成 %v/%v\n", common.End, common.Num)
 }
 var Mutex = &sync.Mutex{}
--- a/Plugins/smb2.go
+++ b/Plugins/smb2.go
@ -67,10 +67,10 @@ func SmbScan2(info *common.HostInfo) (tmperr error) {
 func Smb2Con(info *common.HostInfo, user string, pass string, hash []byte, hasprint bool) (flag bool, err error, flag2 bool) {
 	conn, err := net.DialTimeout("tcp", info.Host+":445", time.Duration(common.Timeout)*time.Second)
 	defer conn.Close()
 	if err != nil {
 		return
 	}
 	defer conn.Close()
 	initiator := smb2.NTLMInitiator{
 		User:   user,
 		Domain: common.Domain,
--- a/common/Parse.go
+++ b/common/Parse.go
@ -101,7 +101,7 @@ func ParsePass(Info *HostInfo) {
 					newport += port + ","
 				}
 			}
-			Info.Ports = newport
+			Ports = newport
 		}
 	}
 }
@ -140,15 +140,15 @@ func ParseInput(Info *HostInfo) {
 		IsSave = false
 	}
-	if Info.Ports == DefaultPorts {
+	if Ports == DefaultPorts {
-		Info.Ports += "," + Webport
+		Ports += "," + Webport
 	}
 	if PortAdd != "" {
-		if strings.HasSuffix(Info.Ports, ",") {
+		if strings.HasSuffix(Ports, ",") {
-			Info.Ports += PortAdd
+			Ports += PortAdd
 		} else {
-			Info.Ports += "," + PortAdd
+			Ports += "," + PortAdd
 		}
 	}
@ -219,35 +219,35 @@ func ParseScantype(Info *HostInfo) {
 	if !ok {
 		showmode()
 	}
-	if Scantype != "all" && Info.Ports == DefaultPorts+","+Webport {
+	if Scantype != "all" && Ports == DefaultPorts+","+Webport {
 		switch Scantype {
 		case "wmiexec":
-			Info.Ports = "135"
+			Ports = "135"
 		case "wmiinfo":
-			Info.Ports = "135"
+			Ports = "135"
 		case "smbinfo":
-			Info.Ports = "445"
+			Ports = "445"
 		case "hostname":
-			Info.Ports = "135,137,139,445"
+			Ports = "135,137,139,445"
 		case "smb2":
-			Info.Ports = "445"
+			Ports = "445"
 		case "web":
-			Info.Ports = Webport
+			Ports = Webport
 		case "webonly":
-			Info.Ports = Webport
+			Ports = Webport
 		case "ms17010":
-			Info.Ports = "445"
+			Ports = "445"
 		case "cve20200796":
-			Info.Ports = "445"
+			Ports = "445"
 		case "portscan":
-			Info.Ports = DefaultPorts + "," + Webport
+			Ports = DefaultPorts + "," + Webport
 		case "main":
-			Info.Ports = DefaultPorts
+			Ports = DefaultPorts
 		default:
 			port, _ := PORTList[Scantype]
-			Info.Ports = strconv.Itoa(port)
+			Ports = strconv.Itoa(port)
 		}
-		fmt.Println("-m ", Scantype, " start scan the port:", Info.Ports)
+		fmt.Println("-m ", Scantype, " start scan the port:", Ports)
 	}
 }
--- a/common/ParsePort.go
+++ b/common/ParsePort.go
@ -15,6 +15,9 @@ func ParsePort(ports string) (scanPorts []int) {
 		if port == "" {
 			continue
 		}
 		if PortGroup[port] != "" {
 			port = PortGroup[port]
 		}
 		upper := port
 		if strings.Contains(port, "-") {
 			ranges := strings.Split(port, "-")
--- a/common/config.go
+++ b/common/config.go
@ -82,6 +82,7 @@ type PocInfo struct {
 }
 var (
 	Ports       string
 	Path        string
 	Scantype    string
 	Command     string
--- a/common/flag.go
+++ b/common/flag.go
@ -20,7 +20,7 @@ func Flag(Info *HostInfo) {
 	Banner()
 	flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
 	flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24")
-	flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
+	flag.StringVar(&Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
 	flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389")
 	flag.StringVar(&UserAdd, "usera", "", "add a user base DefaultUsers,-usera user")
 	flag.StringVar(&PassAdd, "pwda", "", "add a password base DefaultPasses,-pwda password")
--- a/main.go
+++ b/main.go
@ -13,6 +13,5 @@ func main() {
 	common.Flag(&Info)
 	common.Parse(&Info)
 	Plugins.Scan(Info)
-	t := time.Since(start)
+	fmt.Printf("[*] 扫描结束,耗时: %s\n", time.Since(start))
 	fmt.Printf("[*] 扫描结束,耗时: %s\n", t)
 }