mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
影舞者 2023-11-13 17:41:54 +08:00
parent 1c631133ad
commit 5dc1c4ee5e
17 changed files with 103 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Plugins/CVE-2020-0796.go
View File

@ -117,13 +117,12 @@ func SmbGhostScan(info *common.HostInfo) error {
buff := make([]byte, 1024) buff := make([]byte, 1024)
err = conn.SetReadDeadline(time.Now().Add(timeout)) err = conn.SetReadDeadline(time.Now().Add(timeout))
n, err := conn.Read(buff) n, err := conn.Read(buff)
if err != nil { if err != nil || n == 0 {
return err return err
} }
if bytes.Contains(buff[:n], []byte("Public")) == true { if bytes.Contains(buff[:n], []byte("Public")) == true && len(buff[:n]) >= 76 && bytes.Equal(buff[72:74], []byte{0x11, 0x03}) && bytes.Equal(buff[74:76], []byte{0x02, 0x00}) {
result := fmt.Sprintf("[+] %v CVE-2020-0796 SmbGhost Vulnerable", ip) result := fmt.Sprintf("[+] %v CVE-2020-0796 SmbGhost Vulnerable", ip)
common.LogSuccess(result) common.LogSuccess(result)
} }
return err return err
} }

42
Plugins/fcgiscan.go
View File

@ -191,38 +191,38 @@ func New(addr string, timeout int64) (fcgi *FCGIClient, err error) {
return return
} }
func (this *FCGIClient) writeRecord(recType uint8, reqId uint16, content []byte) (err error) { func (c *FCGIClient) writeRecord(recType uint8, reqId uint16, content []byte) (err error) {
this.mutex.Lock() c.mutex.Lock()
defer this.mutex.Unlock() defer c.mutex.Unlock()
this.buf.Reset() c.buf.Reset()
this.h.init(recType, reqId, len(content)) c.h.init(recType, reqId, len(content))
if err := binary.Write(&this.buf, binary.BigEndian, this.h); err != nil { if err := binary.Write(&c.buf, binary.BigEndian, c.h); err != nil {
return err return err
} }
if _, err := this.buf.Write(content); err != nil { if _, err := c.buf.Write(content); err != nil {
return err return err
} }
if _, err := this.buf.Write(pad[:this.h.PaddingLength]); err != nil { if _, err := c.buf.Write(pad[:c.h.PaddingLength]); err != nil {
return err return err
} }
_, err = this.rwc.Write(this.buf.Bytes()) _, err = c.rwc.Write(c.buf.Bytes())
return err return err
} }
func (this *FCGIClient) writeBeginRequest(reqId uint16, role uint16, flags uint8) error { func (c *FCGIClient) writeBeginRequest(reqId uint16, role uint16, flags uint8) error {
b := [8]byte{byte(role >> 8), byte(role), flags} b := [8]byte{byte(role >> 8), byte(role), flags}
return this.writeRecord(FCGI_BEGIN_REQUEST, reqId, b[:]) return c.writeRecord(FCGI_BEGIN_REQUEST, reqId, b[:])
} }
func (this *FCGIClient) writeEndRequest(reqId uint16, appStatus int, protocolStatus uint8) error { func (c *FCGIClient) writeEndRequest(reqId uint16, appStatus int, protocolStatus uint8) error {
b := make([]byte, 8) b := make([]byte, 8)
binary.BigEndian.PutUint32(b, uint32(appStatus)) binary.BigEndian.PutUint32(b, uint32(appStatus))
b[4] = protocolStatus b[4] = protocolStatus
return this.writeRecord(FCGI_END_REQUEST, reqId, b) return c.writeRecord(FCGI_END_REQUEST, reqId, b)
} }
func (this *FCGIClient) writePairs(recType uint8, reqId uint16, pairs map[string]string) error { func (c *FCGIClient) writePairs(recType uint8, reqId uint16, pairs map[string]string) error {
w := newWriter(this, recType, reqId) w := newWriter(c, recType, reqId)
b := make([]byte, 8) b := make([]byte, 8)
for k, v := range pairs { for k, v := range pairs {
n := encodeSize(b, uint32(len(k))) n := encodeSize(b, uint32(len(k)))
@ -324,21 +324,21 @@ func (w *streamWriter) Close() error {
return w.c.writeRecord(w.recType, w.reqId, nil) return w.c.writeRecord(w.recType, w.reqId, nil)
} }
func (this *FCGIClient) Request(env map[string]string, reqStr string) (retout []byte, reterr []byte, err error) { func (c *FCGIClient) Request(env map[string]string, reqStr string) (retout []byte, reterr []byte, err error) {
var reqId uint16 = 1 var reqId uint16 = 1
defer this.rwc.Close() defer c.rwc.Close()
err = this.writeBeginRequest(reqId, uint16(FCGI_RESPONDER), 0) err = c.writeBeginRequest(reqId, uint16(FCGI_RESPONDER), 0)
if err != nil { if err != nil {
return return
} }
err = this.writePairs(FCGI_PARAMS, reqId, env) err = c.writePairs(FCGI_PARAMS, reqId, env)
if err != nil { if err != nil {
return return
} }
if len(reqStr) > 0 { if len(reqStr) > 0 {
err = this.writeRecord(FCGI_STDIN, reqId, []byte(reqStr)) err = c.writeRecord(FCGI_STDIN, reqId, []byte(reqStr))
if err != nil { if err != nil {
return return
} }
@ -349,7 +349,7 @@ func (this *FCGIClient) Request(env map[string]string, reqStr string) (retout []
// recive untill EOF or FCGI_END_REQUEST // recive untill EOF or FCGI_END_REQUEST
for { for {
err1 = rec.read(this.rwc) err1 = rec.read(c.rwc)
if err1 != nil { if err1 != nil {
if err1 != io.EOF { if err1 != io.EOF {
err = err1 err = err1

6
Plugins/ftp.go
View File

@ -17,7 +17,7 @@ func FtpScan(info *common.HostInfo) (tmperr error) {
if flag && err == nil { if flag && err == nil {
return err return err
} else { } else {
errlog := fmt.Sprintf("[-] ftp://%v:%v %v %v", info.Host, info.Ports, "anonymous", err) errlog := fmt.Sprintf("[-] ftp %v:%v %v %v", info.Host, info.Ports, "anonymous", err)
common.LogError(errlog) common.LogError(errlog)
tmperr = err tmperr = err
if common.CheckErrs(err) { if common.CheckErrs(err) {
@ -32,7 +32,7 @@ func FtpScan(info *common.HostInfo) (tmperr error) {
if flag && err == nil { if flag && err == nil {
return err return err
} else { } else {
errlog := fmt.Sprintf("[-] ftp://%v:%v %v %v %v", info.Host, info.Ports, user, pass, err) errlog := fmt.Sprintf("[-] ftp %v:%v %v %v %v", info.Host, info.Ports, user, pass, err)
common.LogError(errlog) common.LogError(errlog)
tmperr = err tmperr = err
if common.CheckErrs(err) { if common.CheckErrs(err) {
@ -55,7 +55,7 @@ func FtpConn(info *common.HostInfo, user string, pass string) (flag bool, err er
err = conn.Login(Username, Password) err = conn.Login(Username, Password)
if err == nil { if err == nil {
flag = true flag = true
result := fmt.Sprintf("[+] ftp://%v:%v:%v %v", Host, Port, Username, Password) result := fmt.Sprintf("[+] ftp %v:%v:%v %v", Host, Port, Username, Password)
dirs, err := conn.List("") dirs, err := conn.List("")
//defer conn.Logout() //defer conn.Logout()
if err == nil { if err == nil {

24
Plugins/icmp.go
View File

@ -15,7 +15,6 @@ import (
var ( var (
AliveHosts []string AliveHosts []string
OS = runtime.GOOS
ExistHosts = make(map[string]struct{}) ExistHosts = make(map[string]struct{})
livewg sync.WaitGroup livewg sync.WaitGroup
) )
@ -159,10 +158,10 @@ func RunIcmp2(hostslist []string, chanHosts chan string) {
func icmpalive(host string) bool { func icmpalive(host string) bool {
startTime := time.Now() startTime := time.Now()
conn, err := net.DialTimeout("ip4:icmp", host, 6*time.Second) conn, err := net.DialTimeout("ip4:icmp", host, 6*time.Second)
defer conn.Close()
if err != nil { if err != nil {
return false return false
} }
defer conn.Close()
if err := conn.SetDeadline(startTime.Add(6 * time.Second)); err != nil { if err := conn.SetDeadline(startTime.Add(6 * time.Second)); err != nil {
return false return false
} }
@ -180,17 +179,13 @@ func icmpalive(host string) bool {
} }
func RunPing(hostslist []string, chanHosts chan string) { func RunPing(hostslist []string, chanHosts chan string) {
var bsenv = ""
if OS != "windows" {
bsenv = "/bin/bash"
}
var wg sync.WaitGroup var wg sync.WaitGroup
limiter := make(chan struct{}, 50) limiter := make(chan struct{}, 50)
for _, host := range hostslist { for _, host := range hostslist {
wg.Add(1) wg.Add(1)
limiter <- struct{}{} limiter <- struct{}{}
go func(host string) { go func(host string) {
if ExecCommandPing(host, bsenv) { if ExecCommandPing(host) {
livewg.Add(1) livewg.Add(1)
chanHosts <- host chanHosts <- host
} }
@ -201,14 +196,15 @@ func RunPing(hostslist []string, chanHosts chan string) {
wg.Wait() wg.Wait()
} }
func ExecCommandPing(ip string, bsenv string) bool { func ExecCommandPing(ip string) bool {
var command *exec.Cmd var command *exec.Cmd
if OS == "windows" { switch runtime.GOOS {
case "windows":
command = exec.Command("cmd", "/c", "ping -n 1 -w 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false" command = exec.Command("cmd", "/c", "ping -n 1 -w 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
} else if OS == "linux" { case "darwin":
command = exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false" command = exec.Command("/bin/bash", "-c", "ping -c 1 -W 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
} else if OS == "darwin" { default: //linux
command = exec.Command(bsenv, "-c", "ping -c 1 -W 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false" command = exec.Command("/bin/bash", "-c", "ping -c 1 -w 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
} }
outinfo := bytes.Buffer{} outinfo := bytes.Buffer{}
command.Stdout = &outinfo command.Stdout = &outinfo
@ -219,7 +215,7 @@ func ExecCommandPing(ip string, bsenv string) bool {
if err = command.Wait(); err != nil { if err = command.Wait(); err != nil {
return false return false
} else { } else {
if strings.Contains(outinfo.String(), "true") { if strings.Contains(outinfo.String(), "true") && strings.Count(outinfo.String(), ip) > 2 {
return true return true
} else { } else {
return false return false

4
Plugins/portscan.go
View File

@ -17,6 +17,10 @@ type Addr struct {
func PortScan(hostslist []string, ports string, timeout int64) []string { func PortScan(hostslist []string, ports string, timeout int64) []string {
var AliveAddress []string var AliveAddress []string
probePorts := common.ParsePort(ports) probePorts := common.ParsePort(ports)
if len(probePorts) == 0 {
fmt.Printf("[-] parse port %s error, please check your port format\n", ports)
return AliveAddress
}
noPorts := common.ParsePort(common.NoPorts) noPorts := common.ParsePort(common.NoPorts)
if len(noPorts) > 0 { if len(noPorts) > 0 {
temp := map[int]struct{}{} temp := map[int]struct{}{}

13
Plugins/rdp.go
View File

@ -36,21 +36,20 @@ func RdpScan(info *common.HostInfo) (tmperr error) {
var num = 0 var num = 0
var all = len(common.Userdict["rdp"]) * len(common.Passwords) var all = len(common.Userdict["rdp"]) * len(common.Passwords)
var mutex sync.Mutex var mutex sync.Mutex
brlist := make(chan Brutelist, all) brlist := make(chan Brutelist)
port, _ := strconv.Atoi(info.Ports) port, _ := strconv.Atoi(info.Ports)
for i := 0; i < common.BruteThread; i++ {
wg.Add(1)
go worker(info.Host, common.Domain, port, &wg, brlist, &signal, &num, all, &mutex, common.Timeout)
}
for _, user := range common.Userdict["rdp"] { for _, user := range common.Userdict["rdp"] {
for _, pass := range common.Passwords { for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1) pass = strings.Replace(pass, "{user}", user, -1)
brlist <- Brutelist{user, pass} brlist <- Brutelist{user, pass}
} }
} }
for i := 0; i < common.BruteThread; i++ {
wg.Add(1)
go worker(info.Host, common.Domain, port, &wg, brlist, &signal, &num, all, &mutex, common.Timeout)
}
close(brlist) close(brlist)
go func() { go func() {
wg.Wait() wg.Wait()

20
Plugins/redis.go
View File

@ -4,6 +4,7 @@ import (
"bufio" "bufio"
"fmt" "fmt"
"github.com/shadow1ng/fscan/common" "github.com/shadow1ng/fscan/common"
"io"
"net" "net"
"os" "os"
"strings" "strings"
@ -289,20 +290,13 @@ func Readfile(filename string) (string, error) {
return "", err return "", err
} }
func readreply(conn net.Conn) (result string, err error) { func readreply(conn net.Conn) (string, error) {
size := 5 * 1024 conn.SetReadDeadline(time.Now().Add(time.Second))
buf := make([]byte, size) bytes, err := io.ReadAll(conn)
for { if len(bytes) > 0 {
count, err := conn.Read(buf) err = nil
if err != nil {
break
}
result += string(buf[0:count])
if count < size {
break
}
} }
return result, err return string(bytes), err
} }
func testwrite(conn net.Conn) (flag bool, flagCron bool, err error) { func testwrite(conn net.Conn) (flag bool, flagCron bool, err error) {

2
Plugins/scanner.go
View File

@ -23,7 +23,7 @@ func Scan(info common.HostInfo) {
web := strconv.Itoa(common.PORTList["web"]) web := strconv.Itoa(common.PORTList["web"])
ms17010 := strconv.Itoa(common.PORTList["ms17010"]) ms17010 := strconv.Itoa(common.PORTList["ms17010"])
if len(Hosts) > 0 || len(common.HostPort) > 0 { if len(Hosts) > 0 || len(common.HostPort) > 0 {
if common.NoPing == false && len(Hosts) > 0 { if common.NoPing == false && len(Hosts) > 1 || common.Scantype == "icmp" {
Hosts = CheckLive(Hosts, common.Ping) Hosts = CheckLive(Hosts, common.Ping)
fmt.Println("[*] Icmp alive hosts len is:", len(Hosts)) fmt.Println("[*] Icmp alive hosts len is:", len(Hosts))
} }

18
Plugins/webtitle.go
View File

@ -26,7 +26,7 @@ func WebTitle(info *common.HostInfo) error {
err, CheckData := GOWebTitle(info) err, CheckData := GOWebTitle(info)
info.Infostr = WebScan.InfoCheck(info.Url, &CheckData) info.Infostr = WebScan.InfoCheck(info.Url, &CheckData)
if !common.NoWebCan && err == nil { if !common.NoPoc && err == nil {
WebScan.WebScan(info) WebScan.WebScan(info)
} else { } else {
errlog := fmt.Sprintf("[-] webtitle %v %v", info.Url, err) errlog := fmt.Sprintf("[-] webtitle %v %v", info.Url, err)
@ -137,12 +137,12 @@ func geturl(info *common.HostInfo, flag int, CheckData []WebScan.CheckDatas) (er
if err != nil { if err != nil {
return err, "https", CheckData return err, "https", CheckData
} }
if !utf8.Valid(body) { CheckData = append(CheckData, WebScan.CheckDatas{body, fmt.Sprintf("%s", resp.Header)})
body, _ = simplifiedchinese.GBK.NewDecoder().Bytes(body)
}
CheckData = append(CheckData, WebScan.CheckDatas{Body: body, Headers: fmt.Sprintf("%s", resp.Header)})
var reurl string var reurl string
if flag != 2 { if flag != 2 {
if !utf8.Valid(body) {
body, _ = simplifiedchinese.GBK.NewDecoder().Bytes(body)
}
title = gettitle(body) title = gettitle(body)
length := resp.Header.Get("Content-Length") length := resp.Header.Get("Content-Length")
if length == "" { if length == "" {
@ -208,9 +208,11 @@ func gettitle(body []byte) (title string) {
if len(title) > 100 { if len(title) > 100 {
title = title[:100] title = title[:100]
} }
} if title == "" {
if title == "" { title = "\"\"" //空格
title = "None" }
} else {
title = "None" //没有title
} }
return return
} }

2
WebScan/WebScan.go
View File

@ -46,7 +46,6 @@ func Execute(PocInfo common.PocInfo) {
if common.Cookie != "" { if common.Cookie != "" {
req.Header.Set("Cookie", common.Cookie) req.Header.Set("Cookie", common.Cookie)
} }
req.Header.Set("Connection", "close")
pocs := filterPoc(PocInfo.PocName) pocs := filterPoc(PocInfo.PocName)
lib.CheckMultiPoc(req, pocs, common.PocNum) lib.CheckMultiPoc(req, pocs, common.PocNum)
} }
@ -67,6 +66,7 @@ func initpoc() {
} }
} }
} else { } else {
fmt.Println("[+] load poc from " + common.PocPath)
err := filepath.Walk(common.PocPath, err := filepath.Walk(common.PocPath,
func(path string, info os.FileInfo, err error) error { func(path string, info os.FileInfo, err error) error {
if err != nil || info == nil { if err != nil || info == nil {

5
WebScan/info/rules.go
View File

@ -64,7 +64,7 @@ var RuleDatas = []RuleData{
{"Nexus", "cookie", "(NX-ANTI-CSRF-TOKEN)"}, {"Nexus", "cookie", "(NX-ANTI-CSRF-TOKEN)"},
{"Harbor", "code", "(<title>Harbor</title>)"}, {"Harbor", "code", "(<title>Harbor</title>)"},
{"Harbor", "cookie", "(harbor-lang)"}, {"Harbor", "cookie", "(harbor-lang)"},
{"禅道", "code", "(/theme/default/images/main/zt-logo.png)"}, {"禅道", "code", "(/theme/default/images/main/zt-logo.png|/zentao/theme/zui/css/min.css)"},
{"禅道", "cookie", "(zentaosid)"}, {"禅道", "cookie", "(zentaosid)"},
{"协众OA", "code", "(Powered by 协众OA)"}, {"协众OA", "code", "(Powered by 协众OA)"},
{"协众OA", "cookie", "(CNOAOASESSID)"}, {"协众OA", "cookie", "(CNOAOASESSID)"},
@ -199,7 +199,6 @@ var RuleDatas = []RuleData{
{"IBM-Lotus-Domino", "code", "(/mailjump.nsf|/domcfg.nsf|/names.nsf|/homepage.nsf)"}, {"IBM-Lotus-Domino", "code", "(/mailjump.nsf|/domcfg.nsf|/names.nsf|/homepage.nsf)"},
{"APACHE-kylin", "code", "(url=kylin)"}, {"APACHE-kylin", "code", "(url=kylin)"},
{"C-Lodop打印服务系统", "code", "(/CLodopfuncs.js|www.c-lodop.com)"}, {"C-Lodop打印服务系统", "code", "(/CLodopfuncs.js|www.c-lodop.com)"},
{"ATLASSIAN-Confluence", "code", "(Atlassian Confluence)"},
{"HFS", "code", "(href=\"http://www.rejetto.com/hfs/)"}, {"HFS", "code", "(href=\"http://www.rejetto.com/hfs/)"},
{"Jellyfin", "code", "(content=\"http://jellyfin.org\")"}, {"Jellyfin", "code", "(content=\"http://jellyfin.org\")"},
{"FIT2CLOUD-JumpServer-堡垒机", "code", "(<title>JumpServer</title>)"}, {"FIT2CLOUD-JumpServer-堡垒机", "code", "(<title>JumpServer</title>)"},
@ -250,6 +249,8 @@ var RuleDatas = []RuleData{
{"JEECMS", "code", "(/r/cms/www/red/js/common.js|/r/cms/www/red/js/indexshow.js|Powered by JEECMS|JEECMS|/jeeadmin/jeecms/index.do)"}, {"JEECMS", "code", "(/r/cms/www/red/js/common.js|/r/cms/www/red/js/indexshow.js|Powered by JEECMS|JEECMS|/jeeadmin/jeecms/index.do)"},
{"CMS", "code", "(Powered by .*CMS)"}, {"CMS", "code", "(Powered by .*CMS)"},
{"目录遍历", "code", "(Directory listing for /)"}, {"目录遍历", "code", "(Directory listing for /)"},
{"ATLASSIAN-Confluence", "code", "(com.atlassian.confluence)"},
{"ATLASSIAN-Confluence", "headers", "(X-Confluence)"},
{"向日葵", "code", "({\"success\":false,\"msg\":\"Verification failure\"})"}, {"向日葵", "code", "({\"success\":false,\"msg\":\"Verification failure\"})"},
{"Kubernetes", "code", "(Kubernetes Dashboard</title>|Kubernetes Enterprise Manager|Mirantis Kubernetes Engine|Kubernetes Resource Report)"}, {"Kubernetes", "code", "(Kubernetes Dashboard</title>|Kubernetes Enterprise Manager|Mirantis Kubernetes Engine|Kubernetes Resource Report)"},
{"WordPress", "code", "(/wp-login.php?action=lostpassword|WordPress</title>)"}, {"WordPress", "code", "(/wp-login.php?action=lostpassword|WordPress</title>)"},

5
WebScan/lib/check.go
View File

@ -240,6 +240,9 @@ func optimizeCookies(rawCookie string) (output string) {
} }
func newReverse() *Reverse { func newReverse() *Reverse {
if !common.DnsLog {
return &Reverse{}
}
letters := "1234567890abcdefghijklmnopqrstuvwxyz" letters := "1234567890abcdefghijklmnopqrstuvwxyz"
randSource := rand.New(rand.NewSource(time.Now().UnixNano())) randSource := rand.New(rand.NewSource(time.Now().UnixNano()))
sub := RandomStr(randSource, letters, 8) sub := RandomStr(randSource, letters, 8)
@ -532,7 +535,7 @@ func evalset1(env *cel.Env, variableMap map[string]interface{}, k string, expres
func CheckInfoPoc(infostr string) string { func CheckInfoPoc(infostr string) string {
for _, poc := range info.PocDatas { for _, poc := range info.PocDatas {
if strings.Compare(poc.Name, infostr) == 0 { if strings.Contains(infostr, poc.Name) {
return poc.Alias return poc.Alias
} }
} }

10
WebScan/lib/eval.go
View File

@ -15,7 +15,6 @@ import (
"github.com/shadow1ng/fscan/common" "github.com/shadow1ng/fscan/common"
exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
"io" "io"
"io/ioutil"
"math/rand" "math/rand"
"net/http" "net/http"
"net/url" "net/url"
@ -578,6 +577,7 @@ func reverseCheck(r *Reverse, timeout int64) bool {
} }
if !bytes.Contains(resp.Body, []byte(`"data": []`)) && bytes.Contains(resp.Body, []byte(`"message": "OK"`)) { // api返回结果不为空 if !bytes.Contains(resp.Body, []byte(`"data": []`)) && bytes.Contains(resp.Body, []byte(`"message": "OK"`)) { // api返回结果不为空
fmt.Println(urlStr)
return true return true
} }
return false return false
@ -657,12 +657,12 @@ func ParseRequest(oReq *http.Request) (*Request, error) {
req.ContentType = oReq.Header.Get("Content-Type") req.ContentType = oReq.Header.Get("Content-Type")
if oReq.Body == nil || oReq.Body == http.NoBody { if oReq.Body == nil || oReq.Body == http.NoBody {
} else { } else {
data, err := ioutil.ReadAll(oReq.Body) data, err := io.ReadAll(oReq.Body)
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Body = data req.Body = data
oReq.Body = ioutil.NopCloser(bytes.NewBuffer(data)) oReq.Body = io.NopCloser(bytes.NewBuffer(data))
} }
return req, nil return req, nil
} }
@ -677,9 +677,9 @@ func ParseResponse(oResp *http.Response) (*Response, error) {
} }
resp.Headers = header resp.Headers = header
resp.ContentType = oResp.Header.Get("Content-Type") resp.ContentType = oResp.Header.Get("Content-Type")
body, err := getRespBody(oResp) body, _ := getRespBody(oResp)
resp.Body = body resp.Body = body
return &resp, err return &resp, nil
} }
func getRespBody(oResp *http.Response) (body []byte, err error) { func getRespBody(oResp *http.Response) (body []byte, err error) {

26
common/ParseIP.go
View File

@ -24,11 +24,21 @@ var ParseIPErr = errors.New(" host parsing error\n" +
"192.168.1.1-255") "192.168.1.1-255")
func ParseIP(host string, filename string, nohosts ...string) (hosts []string, err error) { func ParseIP(host string, filename string, nohosts ...string) (hosts []string, err error) {
hosts = ParseIPs(host) if filename == "" && strings.Contains(host, ":") {
if filename != "" { //192.168.0.0/16:80
var filehost []string hostport := strings.Split(host, ":")
filehost, _ = Readipfile(filename) if len(hostport) == 2 {
hosts = append(hosts, filehost...) host = hostport[0]
hosts = ParseIPs(host)
Ports = hostport[1]
}
} else {
hosts = ParseIPs(host)
if filename != "" {
var filehost []string
filehost, _ = Readipfile(filename)
hosts = append(hosts, filehost...)
}
} }
if len(nohosts) > 0 { if len(nohosts) > 0 {
@ -78,6 +88,12 @@ func ParseIPs(ip string) (hosts []string) {
func parseIP(ip string) []string { func parseIP(ip string) []string {
reg := regexp.MustCompile(`[a-zA-Z]+`) reg := regexp.MustCompile(`[a-zA-Z]+`)
switch { switch {
case ip == "192":
return parseIP("192.168.0.0/8")
case ip == "172":
return parseIP("172.16.0.0/12")
case ip == "10":
return parseIP("10.0.0.0/8")
// 扫描/8时,只扫网关和随机IP,避免扫描过多IP // 扫描/8时,只扫网关和随机IP,避免扫描过多IP
case strings.HasSuffix(ip, "/8"): case strings.HasSuffix(ip, "/8"):
return parseIP8(ip) return parseIP8(ip)

3
common/ParsePort.go
View File

@ -38,6 +38,9 @@ func ParsePort(ports string) (scanPorts []int) {
start, _ := strconv.Atoi(port) start, _ := strconv.Atoi(port)
end, _ := strconv.Atoi(upper) end, _ := strconv.Atoi(upper)
for i := start; i <= end; i++ { for i := start; i <= end; i++ {
if i > 65535 || i < 1 {
continue
}
scanPorts = append(scanPorts, i) scanPorts = append(scanPorts, i)
} }
} }

2
common/config.go
View File

@ -97,7 +97,7 @@ var (
NoPing bool NoPing bool
Ping bool Ping bool
Pocinfo PocInfo Pocinfo PocInfo
NoWebCan bool NoPoc bool
IsBrute bool IsBrute bool
RedisFile string RedisFile string
RedisShell string RedisShell string

2
common/flag.go
View File

@ -42,7 +42,7 @@ func Flag(Info *HostInfo) {
flag.StringVar(&PocPath, "pocpath", "", "poc file path") flag.StringVar(&PocPath, "pocpath", "", "poc file path")
flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub)") flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub)")
flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666)") flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666)")
flag.BoolVar(&NoWebCan, "nopoc", false, "not to scan web vul") flag.BoolVar(&NoPoc, "nopoc", false, "not to scan web vul")
flag.BoolVar(&IsBrute, "nobr", false, "not to Brute password") flag.BoolVar(&IsBrute, "nobr", false, "not to Brute password")
flag.IntVar(&BruteThread, "br", 1, "Brute threads") flag.IntVar(&BruteThread, "br", 1, "Brute threads")
flag.BoolVar(&NoPing, "np", false, "not to ping") flag.BoolVar(&NoPing, "np", false, "not to ping")