mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-07-13 12:52:44 +08:00
feat: 增加Tomcat扫描
This commit is contained in:
parent
6ba42c8c39
commit
1f860f22c8
@ -21,6 +21,7 @@ var Userdict = map[string][]string{
|
||||
"imap": {"admin", "mail", "postmaster", "root", "user", "test"},
|
||||
"pop3": {"admin", "root", "mail", "user", "test", "postmaster"},
|
||||
"zabbix": {"Admin", "admin", "guest", "user"},
|
||||
"tomcat": {"tomcat", "admin", "manager", "role1", "root", "both", "admin", "tomcat"},
|
||||
}
|
||||
|
||||
var Passwords = []string{"123456", "admin", "admin123", "root", "", "pass123", "pass@123", "password", "P@ssword123", "123123", "654321", "111111", "123", "1", "admin@123", "Admin@123", "admin123!@#", "{user}", "{user}1", "{user}111", "{user}123", "{user}@123", "{user}_123", "{user}#123", "{user}@111", "{user}@2019", "{user}@123#4", "P@ssw0rd!", "P@ssw0rd", "Passw0rd", "qwe123", "12345678", "test", "test123", "123qwe", "123qwe!@#", "123456789", "123321", "666666", "a123456.", "123456~a", "123456!a", "000000", "1234567890", "8888888", "!QAZ2wsx", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "a11111", "a12345", "Aa1234", "Aa1234.", "Aa12345", "a123456", "a123123", "Aa123123", "Aa123456", "Aa12345.", "sysadmin", "system", "1qaz!QAZ", "2wsx@WSX", "qwe123!@#", "Aa123456!", "A123456s!", "sa123456", "1q2w3e", "Charge123", "Aa123456789", "elastic123"}
|
||||
|
@ -19,7 +19,7 @@ const (
|
||||
// 插件分类映射表 - 所有插件名使用小写
|
||||
var pluginGroups = map[string][]string{
|
||||
ModeAll: {
|
||||
"web", "fcgi", // web类
|
||||
"web", "fcgi", "tomcat", // web类
|
||||
"mysql", "mssql", "redis", "mongodb", "postgres", // 数据库类
|
||||
"oracle", "memcached", "elasticsearch", "rabbitmq", "kafka", "activemq", // 数据库类
|
||||
"ftp", "ssh", "telnet", "smb", "rdp", "vnc", "netbios", "ldap", "smtp", "imap", "pop3", "snmp", "zabbix", // 服务类
|
||||
|
@ -7,10 +7,10 @@ import (
|
||||
|
||||
var ServicePorts = "21,22,23,25,110,135,139,143,161,162,389,445,465,587,636,993,995,1433,1521,2222,3306,3389,5432,5672,5671,6379,8161,8443,9000,9092,9093,9200,10051,11211,15672,15671,27017,61616,61613"
|
||||
var DbPorts = "1433,1521,3306,5432,5672,6379,9093,9200,11211,27017,61616"
|
||||
var WebPorts = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10051,10250,12018,12443,14000,15672,15671,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,20880,21000,21501,21502,28018"
|
||||
var WebPorts = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8005,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10051,10250,12018,12443,14000,15672,15671,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,20880,21000,21501,21502,28018"
|
||||
var UDPPorts = "161"
|
||||
var AllPorts = "1-65535"
|
||||
var MainPorts = "21,22,23,80,81,110,135,139,143,161,389,443,445,993,995,1433,1521,3306,5432,5672,6379,7001,8000,8443,8080,8089,9000,9200,9092,10051,11211,15672,27017,61616"
|
||||
var MainPorts = "21,22,23,80,81,110,135,139,143,161,389,443,445,993,995,1433,1521,3306,5432,5672,6379,7001,8000,8005,8009,8080,8089,8443,9000,9200,9092,10051,11211,15672,27017,61616"
|
||||
|
||||
func ParsePortsFromString(portsStr string) []int {
|
||||
var ports []int
|
||||
|
@ -121,6 +121,12 @@ func init() {
|
||||
ScanFunc: Plugins.ZabbixScan,
|
||||
})
|
||||
|
||||
Common.RegisterPlugin("tomcat", Common.ScanPlugin{
|
||||
Name: "Tomcat",
|
||||
Ports: []int{8080, 8009, 8005}, // Tomcat常用端口
|
||||
ScanFunc: Plugins.TomcatScan,
|
||||
})
|
||||
|
||||
Common.RegisterPlugin("rdp", Common.ScanPlugin{
|
||||
Name: "RDP",
|
||||
Ports: []int{3389},
|
||||
|
95
Plugins/Tomcat.go
Normal file
95
Plugins/Tomcat.go
Normal file
@ -0,0 +1,95 @@
|
||||
package Plugins
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"github.com/shadow1ng/fscan/Common"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// TomcatScan 执行 Tomcat Manager 服务扫描
|
||||
func TomcatScan(info *Common.HostInfo) (tmperr error) {
|
||||
if Common.DisableBrute {
|
||||
return
|
||||
}
|
||||
|
||||
starttime := time.Now().Unix()
|
||||
|
||||
// 尝试用户名密码组合
|
||||
for _, user := range Common.Userdict["tomcat"] {
|
||||
for _, pass := range Common.Passwords {
|
||||
pass = strings.Replace(pass, "{user}", user, -1)
|
||||
|
||||
flag, err := TomcatConn(info, user, pass)
|
||||
if flag && err == nil {
|
||||
return err
|
||||
}
|
||||
|
||||
errlog := fmt.Sprintf("[-] Tomcat Manager %v:%v 尝试失败 用户名: %v 密码: %v 错误: %v", info.Host, info.Ports, user, pass, err)
|
||||
Common.LogError(errlog)
|
||||
tmperr = err
|
||||
|
||||
if Common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
|
||||
if time.Now().Unix()-starttime > (int64(len(Common.Userdict["tomcat"])*len(Common.Passwords)) * Common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
return tmperr
|
||||
}
|
||||
|
||||
// TomcatConn 尝试 Tomcat Manager 连接
|
||||
func TomcatConn(info *Common.HostInfo, user string, pass string) (bool, error) {
|
||||
host, port := info.Host, info.Ports
|
||||
timeout := time.Duration(Common.Timeout) * time.Second
|
||||
|
||||
client := &http.Client{
|
||||
Timeout: timeout,
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
},
|
||||
}
|
||||
|
||||
// 尝试不同的管理路径
|
||||
paths := []string{
|
||||
"/manager/html",
|
||||
"/manager/status",
|
||||
"/manager/text",
|
||||
"/host-manager/html",
|
||||
}
|
||||
|
||||
for _, path := range paths {
|
||||
baseURL := fmt.Sprintf("http://%s:%s%s", host, port, path)
|
||||
|
||||
req, err := http.NewRequest("GET", baseURL, nil)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
// 添加Basic认证
|
||||
auth := base64.StdEncoding.EncodeToString([]byte(user + ":" + pass))
|
||||
req.Header.Add("Authorization", "Basic "+auth)
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
// 检查响应状态
|
||||
if resp.StatusCode == 200 {
|
||||
result := fmt.Sprintf("[+] Tomcat Manager %v:%v %s 爆破成功 用户名: %v 密码: %v",
|
||||
host, port, path, user, pass)
|
||||
Common.LogSuccess(result)
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
|
||||
return false, fmt.Errorf("认证失败")
|
||||
}
|
Loading…
Reference in New Issue
Block a user