mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

perf: 优化输出说明

Browse Source
This commit is contained in:
ZacharyZcR 2024-12-22 02:31:29 +08:00
parent eab41f6018
commit 2e3ccee2e0
3 changed files with 94 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
Common/Flag.go
View File

@ -20,77 +20,112 @@ func Flag(Info *HostInfo) {
Banner() Banner()
// 目标配置 // 目标配置
flag.StringVar(&Info.Host, "h", "", "目标主机IP例如: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12") flag.StringVar(&Info.Host, "h", "", "指定目标主机,支持以下格式:\n"+
flag.StringVar(&ExcludeHosts, "eh", "", "排除的主机范围,例如: -eh 192.168.1.1/24") " - 单个IP: 192.168.11.11\n"+
flag.StringVar(&Ports, "p", MainPorts, "端口配置,例如: 22 | 1-65535 | 22,80,3306") " - IP范围: 192.168.11.11-255\n"+
flag.StringVar(&AddPorts, "pa", "", "在默认端口基础上添加端口,-pa 3389") " - 多个IP: 192.168.11.11,192.168.11.12")
flag.StringVar(&ExcludePorts, "pn", "", "排除的端口,例如: -pn 445") flag.StringVar(&ExcludeHosts, "eh", "", "排除指定主机范围,支持CIDR格式,如: 192.168.1.1/24")
flag.StringVar(&Ports, "p", MainPorts, "指定扫描端口,支持以下格式:\n"+
"端口格式:\n"+
" - 单个端口: 22\n"+
" - 端口范围: 1-65535\n"+
" - 多个端口: 22,80,3306\n\n"+
"预定义端口组(别名):\n"+
" - main: 常用端口 (21,22,23,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017)\n"+
" - service: 服务端口 (21,22,23,135,139,445,1433,1521,2222,3306,3389,5432,6379,9000,11211,27017)\n"+
" - db: 数据库端口 (1433,1521,3306,5432,6379,11211,27017)\n"+
" - web: Web服务端口 (包含常见的 80-90,443,800-1080,2000-8000,8080-9000,9090-10000 等Web端口)\n"+
" - all: 全部端口 (1-65535)\n\n"+
"示例:\n"+
" -p main 扫描常用端口\n"+
" -p web 扫描Web端口\n"+
" -p 80,443 扫描指定端口\n"+
" -p 1-1000 扫描1-1000端口范围\n"+
"默认使用 main 端口组")
flag.StringVar(&AddPorts, "pa", "", "在默认端口基础上额外添加端口,如: -pa 3389")
flag.StringVar(&ExcludePorts, "pn", "", "排除指定端口,如: -pn 445")
// 认证配置 // 认证配置
flag.StringVar(&AddUsers, "usera", "", "在默认用户列表基础上添加用户,-usera user") flag.StringVar(&AddUsers, "usera", "", "在默认用户列表基础上添加自定义用户名")
flag.StringVar(&AddPasswords, "pwda", "", "在默认密码列表基础上添加密码,-pwda password") flag.StringVar(&AddPasswords, "pwda", "", "在默认密码列表基础上添加自定义密码")
flag.StringVar(&Username, "user", "", "用户名") flag.StringVar(&Username, "user", "", "指定单个用户名")
flag.StringVar(&Password, "pwd", "", "密码") flag.StringVar(&Password, "pwd", "", "指定单个密码")
flag.StringVar(&Domain, "domain", "", "域名(用于SMB)") flag.StringVar(&Domain, "domain", "", "指定域名(用于SMB协议)")
flag.StringVar(&SshKeyPath, "sshkey", "", "SSH密钥文件(id_rsa)") flag.StringVar(&SshKeyPath, "sshkey", "", "指定SSH私钥文件路径(默认为id_rsa)")
// 扫描配置 // 扫描配置
flag.StringVar(&ScanMode, "m", "All", "扫描类型,例如: -m ssh") flag.StringVar(&ScanMode, "m", "All", "指定扫描模式:\n"+
flag.IntVar(&ThreadNum, "t", 600, "线程数量") "预设扫描模式(大写开头):\n"+
flag.Int64Var(&Timeout, "time", 3, "超时时间(秒)") " - All: 全量扫描,包含所有可用插件\n"+
flag.IntVar(&LiveTop, "top", 10, "显示存活主机数量") " - Basic: 基础扫描,包含 web/ftp/ssh/smb/findnet\n"+
flag.BoolVar(&DisablePing, "np", false, "禁用存活探测") " - Database: 数据库扫描,包含 mysql/mssql/redis/mongodb/postgres/oracle/memcached\n"+
flag.BoolVar(&UsePing, "ping", false, "使用ping替代ICMP") " - Web: Web服务扫描包含 web/fcgi\n"+
flag.StringVar(&Command, "c", "", "执行命令(支持ssh|wmiexec)") " - Service: 常见服务扫描,包含 ftp/ssh/telnet/smb/rdp/vnc/netbios\n"+
" - Vul: 漏洞扫描,包含 ms17010/smbghost/smb2\n"+
" - Port: 端口扫描模式\n"+
" - ICMP: ICMP存活探测\n"+
" - Local: 本地信息收集\n\n"+
"单个插件模式(小写):\n"+
" Web类: web, fcgi\n"+
" 数据库类: mysql, mssql, redis, mongodb, postgres, oracle, memcached\n"+
" 服务类: ftp, ssh, telnet, smb, rdp, vnc, netbios\n"+
" 漏洞类: ms17010, smbghost, smb2\n"+
" 其他: findnet, wmiexec, localinfo")
flag.IntVar(&ThreadNum, "t", 600, "设置扫描线程数")
flag.Int64Var(&Timeout, "time", 3, "设置连接超时时间(单位:秒)")
flag.IntVar(&LiveTop, "top", 10, "仅显示指定数量的存活主机")
flag.BoolVar(&DisablePing, "np", false, "禁用主机存活探测")
flag.BoolVar(&UsePing, "ping", false, "使用系统ping命令替代ICMP探测")
flag.StringVar(&Command, "c", "", "指定要执行的系统命令(支持ssh和wmiexec)")
// 本地扫描配置 // 本地扫描配置
flag.BoolVar(&LocalScan, "local", false, "启用本地扫描") flag.BoolVar(&LocalScan, "local", false, "启用本地网段扫描模式")
// 文件配置 // 文件配置
flag.StringVar(&HostsFile, "hf", "", "主机列表文件") flag.StringVar(&HostsFile, "hf", "", "从文件中读取目标主机列表")
flag.StringVar(&UsersFile, "userf", "", "用户名字典") flag.StringVar(&UsersFile, "userf", "", "从文件中读取用户名字典")
flag.StringVar(&PasswordsFile, "pwdf", "", "密码字典") flag.StringVar(&PasswordsFile, "pwdf", "", "从文件中读取密码字典")
flag.StringVar(&HashFile, "hashf", "", "Hash字典") flag.StringVar(&HashFile, "hashf", "", "从文件中读取Hash字典")
flag.StringVar(&PortsFile, "portf", "", "端口列表文件") flag.StringVar(&PortsFile, "portf", "", "从文件中读取端口列表")
// Web配置 // Web配置
flag.StringVar(&TargetURL, "u", "", "目标URL") flag.StringVar(&TargetURL, "u", "", "指定目标URL")
flag.StringVar(&URLsFile, "uf", "", "URL列表文件") flag.StringVar(&URLsFile, "uf", "", "从文件中读取URL列表")
flag.StringVar(&Cookie, "cookie", "", "设置Cookie") flag.StringVar(&Cookie, "cookie", "", "设置HTTP请求Cookie")
flag.Int64Var(&WebTimeout, "wt", 5, "Web请求超时时间") flag.Int64Var(&WebTimeout, "wt", 5, "设置Web请求超时时间(单位:秒)")
flag.StringVar(&HttpProxy, "proxy", "", "设置HTTP代理") flag.StringVar(&HttpProxy, "proxy", "", "设置HTTP代理服务器")
flag.StringVar(&Socks5Proxy, "socks5", "", "设置Socks5代理(用于TCP连接,超时设置将失效)") flag.StringVar(&Socks5Proxy, "socks5", "", "设置Socks5代理(用于TCP连接,将影响超时设置)")
// POC配置 // POC配置
flag.StringVar(&PocPath, "pocpath", "", "POC文件路径") flag.StringVar(&PocPath, "pocpath", "", "指定自定义POC文件路径")
flag.StringVar(&Pocinfo.PocName, "pocname", "", "使用包含指定名称的POC,例如: -pocname weblogic") flag.StringVar(&Pocinfo.PocName, "pocname", "", "指定要使用的POC名称,如: -pocname weblogic")
flag.BoolVar(&DisablePoc, "nopoc", false, "禁用Web漏洞扫描") flag.BoolVar(&DisablePoc, "nopoc", false, "禁用Web漏洞POC扫描")
flag.BoolVar(&PocFull, "full", false, "完整POC扫描,如:shiro 100个key") flag.BoolVar(&PocFull, "full", false, "启用完整POC扫描(如测试shiro全部100个key)")
flag.BoolVar(&DnsLog, "dns", false, "启用dnslog验证") flag.BoolVar(&DnsLog, "dns", false, "启用dnslog进行漏洞验证")
flag.IntVar(&PocNum, "num", 20, "POC并发数") flag.IntVar(&PocNum, "num", 20, "设置POC扫描并发数")
// Redis利用配置 // Redis利用配置
flag.StringVar(&RedisFile, "rf", "", "Redis写入SSH公钥文件") flag.StringVar(&RedisFile, "rf", "", "指定Redis写入SSH公钥文件")
flag.StringVar(&RedisShell, "rs", "", "Redis写入计划任务") flag.StringVar(&RedisShell, "rs", "", "指定Redis写入计划任务内容")
flag.BoolVar(&DisableRedis, "noredis", false, "禁用Redis安全检测") flag.BoolVar(&DisableRedis, "noredis", false, "禁用Redis安全检测")
// 暴力破解配置 // 暴力破解配置
flag.BoolVar(&DisableBrute, "nobr", false, "禁用密码爆破") flag.BoolVar(&DisableBrute, "nobr", false, "禁用密码暴力破解")
flag.IntVar(&BruteThreads, "br", 1, "密码破线程数") flag.IntVar(&BruteThreads, "br", 1, "设置密码破线程数")
// 其他配置 // 其他配置
flag.StringVar(&RemotePath, "path", "", "FCG/SMB远程文件路径") flag.StringVar(&RemotePath, "path", "", "指定FCG/SMB远程文件路径")
flag.StringVar(&HashValue, "hash", "", "Hash值") flag.StringVar(&HashValue, "hash", "", "指定要破解的Hash值")
flag.StringVar(&Shellcode, "sc", "", "MS17漏洞shellcode") flag.StringVar(&Shellcode, "sc", "", "指定MS17漏洞利用的shellcode")
flag.BoolVar(&EnableWmi, "wmi", false, "启用WMI") flag.BoolVar(&EnableWmi, "wmi", false, "启用WMI协议扫描")
// 输出配置 // 输出配置
flag.StringVar(&Outputfile, "o", "result.txt", "结果输出文件") flag.StringVar(&Outputfile, "o", "result.txt", "指定结果输出文件")
flag.BoolVar(&DisableSave, "no", false, "禁用结果保存") flag.BoolVar(&DisableSave, "no", false, "禁止保存扫描结果")
flag.BoolVar(&Silent, "silent", false, "静默扫描模式") flag.BoolVar(&Silent, "silent", false, "启用静默扫描模式(减少屏幕输出)")
flag.BoolVar(&Nocolor, "nocolor", false, "禁用彩色输出") flag.BoolVar(&Nocolor, "nocolor", false, "禁用彩色输出显示")
flag.BoolVar(&JsonOutput, "json", false, "JSON格式输出") flag.BoolVar(&JsonOutput, "json", false, "JSON格式输出结果")
flag.Int64Var(&WaitTime, "debug", 60, "错误日志输出间隔") flag.Int64Var(&WaitTime, "debug", 60, "设置错误日志输出时间间隔(单位:秒)")
flag.Parse() flag.Parse()
} }

38
Common/Parse.go
View File

@ -10,10 +10,13 @@ import (
"strings" "strings"
) )
func Parse(Info *HostInfo) { func Parse(Info *HostInfo) error {
ParseUser() ParseUser()
ParsePass(Info) ParsePass(Info)
ParseInput(Info) if err := ParseInput(Info); err != nil {
return err
}
return nil
} }
// ParseUser 解析用户名配置,支持直接指定用户名列表或从文件读取 // ParseUser 解析用户名配置,支持直接指定用户名列表或从文件读取
@ -321,34 +324,3 @@ func ParseInput(Info *HostInfo) error {
return nil return nil
} }
//// showmode 显示所有支持的扫描类型
//func showmode() {
// fmt.Println("[!] 指定的扫描类型不存在")
// fmt.Println("[*] 支持的扫描类型:")
//
// // 显示常规服务扫描类型
// fmt.Println("\n[+] 常规服务扫描:")
// for name, plugin := range PluginManager {
// if plugin.Port > 0 && plugin.Port < 1000000 {
// fmt.Printf(" - %-10s (端口: %d)\n", name, plugin.Port)
// }
// }
//
// // 显示特殊漏洞扫描类型
// fmt.Println("\n[+] 特殊漏洞扫描:")
// for name, plugin := range PluginManager {
// if plugin.Port >= 1000000 || plugin.Port == 0 {
// fmt.Printf(" - %-10s\n", name)
// }
// }
//
// // 显示其他扫描类型
// fmt.Println("\n[+] 其他扫描类型:")
// specialTypes := []string{"all", "portscan", "icmp", "main", "webonly", "webpoc"}
// for _, name := range specialTypes {
// fmt.Printf(" - %s\n", name)
// }
//
// os.Exit(0)
//}

5
main.go
View File

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"github.com/shadow1ng/fscan/Common" "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Core" "github.com/shadow1ng/fscan/Core"
"os"
"time" "time"
) )
@ -11,7 +12,9 @@ func main() {
start := time.Now() start := time.Now()
var Info Common.HostInfo var Info Common.HostInfo
Common.Flag(&Info) Common.Flag(&Info)
Common.Parse(&Info) if err := Common.Parse(&Info); err != nil {
os.Exit(1) // 或者其他错误处理
}
Core.Scan(Info) Core.Scan(Info)
fmt.Printf("[*] 扫描结束,耗时: %s\n", time.Since(start)) fmt.Printf("[*] 扫描结束,耗时: %s\n", time.Since(start))
} }