From 34706e6bca9caa5d2f78c5c8c4ae9f681ef82bd1 Mon Sep 17 00:00:00 2001 From: shadow1ng Date: Fri, 5 Mar 2021 11:44:21 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=80=E4=B8=AAweb?= =?UTF-8?q?=E8=B6=85=E6=97=B6=E7=9A=84bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Plugins/elasticsearch.go | 27 ++++-------------- Plugins/scanner.go | 59 +++++++++++++++++++++------------------- common/config.go | 23 ++++++++-------- common/flag.go | 2 +- 4 files changed, 49 insertions(+), 62 deletions(-) diff --git a/Plugins/elasticsearch.go b/Plugins/elasticsearch.go index b57307f..ebb615d 100644 --- a/Plugins/elasticsearch.go +++ b/Plugins/elasticsearch.go @@ -1,15 +1,12 @@ package Plugins import ( - "crypto/tls" "fmt" + "github.com/shadow1ng/fscan/WebScan/lib" + "github.com/shadow1ng/fscan/common" "io/ioutil" - "net" "net/http" "strings" - "time" - - "github.com/shadow1ng/fscan/common" ) func elasticsearchScan(info *common.HostInfo) error { @@ -20,20 +17,6 @@ func elasticsearchScan(info *common.HostInfo) error { func geturl2(info *common.HostInfo) (flag bool, err error) { flag = false url := fmt.Sprintf("%s:%d/_cat", info.Url, common.PORTList["elastic"]) - var client = &http.Client{ - Timeout: time.Duration(info.WebTimeout) * time.Second, - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, - DisableKeepAlives: false, - DialContext: (&net.Dialer{ - Timeout: time.Duration(info.WebTimeout) * time.Second, - }).DialContext, - }, - CheckRedirect: func(req *http.Request, via []*http.Request) error { - return http.ErrUseLastResponse - }, - } - res, err := http.NewRequest("GET", url, nil) if err == nil { res.Header.Add("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36") @@ -41,8 +24,10 @@ func geturl2(info *common.HostInfo) (flag bool, err error) { res.Header.Add("Accept-Language", "zh-CN,zh;q=0.9") res.Header.Add("Accept-Encoding", "gzip, deflate") res.Header.Add("Connection", "close") - resp, err := client.Do(res) - + if common.Pocinfo.Cookie != "" { + res.Header.Set("Cookie", common.Pocinfo.Cookie) + } + resp, err := lib.Client.Do(res) if err == nil { defer resp.Body.Close() body, _ := ioutil.ReadAll(resp.Body) diff --git a/Plugins/scanner.go b/Plugins/scanner.go index 117fa80..e297233 100644 --- a/Plugins/scanner.go +++ b/Plugins/scanner.go @@ -14,39 +14,42 @@ import ( func Scan(info common.HostInfo) { fmt.Println("scan start") Hosts, _ := common.ParseIP(info.Host, common.HostFile) - if common.IsPing == false { - Hosts = ICMPRun(Hosts, common.Ping) - fmt.Println("icmp alive hosts len is:", len(Hosts)) - } - if info.Scantype == "icmp" { - return - } - AlivePorts := TCPportScan(Hosts, info.Ports, info.Timeout) - if info.Scantype == "portscan" { - return - } WebScan.Inithttp(common.Pocinfo) - var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...} - for _, port := range common.PORTList { - severports = append(severports, strconv.Itoa(port)) - } var ch = make(chan struct{}, common.Threads) var wg = sync.WaitGroup{} - for _, targetIP := range AlivePorts { - info.Host, info.Ports = strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1] - if info.Scantype == "all" { - if info.Ports == "445" { //scan more vul - AddScan("1000001", info, ch, &wg) - AddScan("1000002", info, ch, &wg) - } else if IsContain(severports, info.Ports) { - AddScan(info.Ports, info, ch, &wg) + if len(Hosts) > 0 { + if common.IsPing == false { + Hosts = ICMPRun(Hosts, common.Ping) + fmt.Println("icmp alive hosts len is:", len(Hosts)) + } + if info.Scantype == "icmp" { + return + } + AlivePorts := TCPportScan(Hosts, info.Ports, info.Timeout) + if info.Scantype == "portscan" { + return + } + + var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...} + for _, port := range common.PORTList { + severports = append(severports, strconv.Itoa(port)) + } + for _, targetIP := range AlivePorts { + info.Host, info.Ports = strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1] + if info.Scantype == "all" { + if info.Ports == "445" { //scan more vul + AddScan("1000001", info, ch, &wg) + AddScan("1000002", info, ch, &wg) + } else if IsContain(severports, info.Ports) { + AddScan(info.Ports, info, ch, &wg) + } else { + AddScan("1000003", info, ch, &wg) //webtitle + } } else { - AddScan("1000003", info, ch, &wg) //webtitle + port, _ := common.PortlistBack[info.Scantype] + scantype := strconv.Itoa(port) + AddScan(scantype, info, ch, &wg) } - } else { - port, _ := common.PortlistBack[info.Scantype] - scantype := strconv.Itoa(port) - AddScan(scantype, info, ch, &wg) } } if common.URL != "" { diff --git a/common/config.go b/common/config.go index e01272d..8bad926 100644 --- a/common/config.go +++ b/common/config.go @@ -58,18 +58,17 @@ var Webport = "9098,9448,8888,82,8858,1081,8879,21502,9097,8088,8090,8200,91,108 var DefaultPorts = "21,22,80,81,135,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9200,11211,27017" type HostInfo struct { - Host string - Ports string - Domain string - Url string - Timeout int64 - WebTimeout int64 - Scantype string - Command string - Username string - Password string - Usernames []string - Passwords []string + Host string + Ports string + Domain string + Url string + Timeout int64 + Scantype string + Command string + Username string + Password string + Usernames []string + Passwords []string } type PocInfo struct { diff --git a/common/flag.go b/common/flag.go index c3be7d0..640344f 100644 --- a/common/flag.go +++ b/common/flag.go @@ -26,7 +26,6 @@ func Flag(Info *HostInfo) { flag.StringVar(&Info.Username, "user", "", "username") flag.StringVar(&Info.Password, "pwd", "", "password") flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout") - flag.Int64Var(&Info.WebTimeout, "wt", 5, "Set web timeout") flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh") flag.IntVar(&Threads, "t", 200, "Thread nums") flag.StringVar(&HostFile, "hf", "", "host file, -hs ip.txt") @@ -45,6 +44,7 @@ func Flag(Info *HostInfo) { flag.StringVar(&Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic") flag.StringVar(&Pocinfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080") flag.StringVar(&Pocinfo.Cookie, "cookie", "", "set poc cookie") + flag.Int64Var(&Pocinfo.Timeout, "wt", 5, "Set web timeout") flag.IntVar(&Pocinfo.Num, "Num", 20, "poc rate") flag.Parse() }