mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

支持-u url或者-uf url.txt,进行url批量扫描

Browse Source
This commit is contained in:
shadow1ng 2021-03-04 14:42:10 +08:00
parent 423c0bebea
commit 5e7def5085
16 changed files with 65 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Plugins/scanner.go
View File

@ -49,6 +49,16 @@ func Scan(info common.HostInfo) {
AddScan(scantype, info, ch, &wg)
}
}
if common.URL != "" {
info.Url = common.URL
AddScan("1000003", info, ch, &wg)
}
if len(common.Urls) > 0 {
for _, url := range common.Urls {
info.Url = url
AddScan("1000003", info, ch, &wg)
}
}
wg.Wait()
common.WaitSave()
}

24
Plugins/webtitle.go
View File

@ -13,19 +13,25 @@ import (
func WebTitle(info *common.HostInfo) error {
var CheckData []WebScan.CheckDatas
if info.Ports == "80" {
info.Url = fmt.Sprintf("http://%s", info.Host)
} else if info.Ports == "443" {
info.Url = fmt.Sprintf("https://%s", info.Host)
if info.Url == "" {
if info.Ports == "80" {
info.Url = fmt.Sprintf("http://%s", info.Host)
} else if info.Ports == "443" {
info.Url = fmt.Sprintf("https://%s", info.Host)
} else {
info.Url = fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
}
} else {
info.Url = fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
if !strings.Contains(info.Url, "://") {
info.Url = fmt.Sprintf("http://%s", info.Url)
}
}
err, result, CheckData := geturl(info, true, CheckData)
if err != nil {
return err
}
if result == "https" {
err, _, CheckData = geturl(info, true, CheckData)
if err != nil {
@ -43,7 +49,6 @@ func WebTitle(info *common.HostInfo) error {
if common.IsWebCan == false {
WebScan.WebScan(info)
}
return err
}
@ -58,8 +63,11 @@ func geturl(info *common.HostInfo, flag bool, CheckData []WebScan.CheckDatas) (e
res.Header.Set("Accept", "*/*")
res.Header.Set("Accept-Language", "zh-CN,zh;q=0.9")
res.Header.Set("Accept-Encoding", "gzip, deflate")
if common.Pocinfo.Cookie != "" {
res.Header.Set("Cookie", common.Pocinfo.Cookie)
}
if flag == true {
res.Header.Set("Cookie", "rememberMe=1")
res.Header.Set("Cookie", "rememberMe=1;"+common.Pocinfo.Cookie)
}
res.Header.Set("Connection", "close")
resp, err := lib.Client.Do(res)

8
WebScan/lib/check.go
View File

@ -37,7 +37,7 @@ func CheckMultiPoc(req *http.Request, Pocs embed.FS, workers int, pocname string
continue
}
if isVul {
result := fmt.Sprintf("%s %s", task.Req.URL, task.Poc.Name)
result := fmt.Sprintf("[+] %s %s", task.Req.URL, task.Poc.Name)
common.LogSuccess(result)
}
}
@ -183,6 +183,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error) {
for k, v := range rule.Headers {
newRequest.Header.Set(k, v)
}
resp, err := DoRequest(newRequest, rule.FollowRedirects)
if err != nil {
return false, err
@ -200,7 +201,6 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error) {
return false, nil
}
}
out, err := Evaluate(env, rule.Expression, variableMap)
if err != nil {
return false, err
@ -486,8 +486,8 @@ func clusterpoc1(oReq *http.Request, p *Poc, variableMap map[string]interface{},
if len(varset) == 2 {
look2:
// (var1 tomcat ,keys[0] username)
for _, var1 := range p.Sets[varset[0]] {
for _, var2 := range p.Sets[varset[1]] {
for _, var1 := range p.Sets[varset[0]] { //username
for _, var2 := range p.Sets[varset[1]] { //password
setMap := cloneMap1(setMapbak)
setMap[varset[0]] = var1
setMap[varset[1]] = var2

4
WebScan/lib/http.go
View File

@ -37,6 +37,9 @@ func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) err
DisableKeepAlives: false,
}
if DownProxy != "" {
if DownProxy == "1" {
DownProxy = "http://127.0.0.1:8080"
}
u, err := url.Parse(DownProxy)
if err != nil {
return err
@ -144,7 +147,6 @@ func getRespBody(oResp *http.Response) ([]byte, error) {
if err != nil {
return nil, err
}
defer gr.Close()
for {
buf := make([]byte, 1024)

2
WebScan/pocs/swagger-ui-unauth-No1.yml
View File

@ -1,4 +1,4 @@
name: poc-yaml-druid-monitor-unauth
name: poc-yaml-swagger-ui-unauth1
rules:
- method: GET
path: /swagger-ui.html

2
WebScan/pocs/swagger-ui-unauth-No2.yml
View File

@ -1,4 +1,4 @@
name: poc-yaml-druid-monitor-unauth
name: poc-yaml-swagger-ui-unauth2
rules:
- method: GET
path: /api/swagger-ui.html

2
WebScan/pocs/swagger-ui-unauth-No3.yml
View File

@ -1,4 +1,4 @@
name: poc-yaml-druid-monitor-unauth
name: poc-yaml-swagger-ui-unauth3
rules:
- method: GET
path: /service/swagger-ui.html

2
WebScan/pocs/swagger-ui-unauth-No4.yml
View File

@ -1,4 +1,4 @@
name: poc-yaml-druid-monitor-unauth
name: poc-yaml-swagger-ui-unauth4
rules:
- method: GET
path: /web/swagger-ui.html

2
WebScan/pocs/swagger-ui-unauth-No5.yml
View File

@ -1,4 +1,4 @@
name: poc-yaml-druid-monitor-unauth
name: poc-yaml-swagger-ui-unauth5
rules:
- method: GET
path: /swagger/swagger-ui.html

2
WebScan/pocs/swagger-ui-unauth-No6.yml
View File

@ -1,4 +1,4 @@
name: poc-yaml-druid-monitor-unauth
name: poc-yaml-swagger-ui-unauth6
rules:
- method: GET
path: /actuator/swagger-ui.html

2
WebScan/pocs/swagger-ui-unauth-No7.yml
View File

@ -1,4 +1,4 @@
name: poc-yaml-druid-monitor-unauth
name: poc-yaml-swagger-ui-unauth7
rules:
- method: GET
path: /libs/swagger-ui.html

2
WebScan/pocs/swagger-ui-unauth-No8.yml
View File

@ -1,4 +1,4 @@
name: poc-yaml-druid-monitor-unauth
name: poc-yaml-swagger-ui8
rules:
- method: GET
path: /template/swagger-ui.html

2
WebScan/pocs/weblogic-cve-2020-14750.yml
View File

@ -4,7 +4,7 @@ rules:
path: /console/images/%252E./console.portal
follow_redirects: false
expression: |
response.status == 302 && (response.body.bcontains(bytes("/console/console.portal")) || response.body.bcontains(bytes("/console/jsp/common/NoJMX.jsp")))
(response.status == 302 && response.body.bcontains(bytes("/console/console.portal")) || response.body.bcontains(bytes("/console.portal?_nfpb=true")))
detail:
author: canc3s(https://github.com/canc3s),Soveless(https://github.com/Soveless)
weblogic_version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

17
common/Parse.go
View File

@ -63,7 +63,20 @@ func ParsePass(Info *HostInfo) {
}
}
Passwords = Info.Passwords
}
}
if UrlFile != "" {
urls, err := Readfile(UrlFile)
if err == nil {
TmpUrls := make(map[string]struct{})
for _, url := range urls {
if _, ok := TmpUrls[url]; !ok {
TmpUrls[url] = struct{}{}
if url != "" {
Urls = append(Urls, url)
}
}
}
}
}
}
@ -88,7 +101,7 @@ func Readfile(filename string) ([]string, error) {
}
func ParseInput(Info *HostInfo) {
if Info.Host == "" && HostFile == "" {
if Info.Host == "" && HostFile == "" && URL == "" && UrlFile == "" {
fmt.Println("Host is none")
flag.Usage()
os.Exit(0)

5
common/config.go
View File

@ -54,7 +54,7 @@ var PortlistBack = map[string]int{
var Outputfile = getpath() + "result.txt"
var IsSave = true
var Webport = "9098,9448,8888,82,8858,1081,8879,21502,9097,8088,8090,8200,91,1080,889,8834,8011,9986,9043,9988,7080,10000,9089,8028,9999,8001,89,8086,8244,9000,2008,8080,7000,8030,8983,8096,8288,18080,8020,8848,808,8099,6868,18088,10004,8443,8042,7008,8161,7001,1082,8095,8087,8880,9096,7074,8044,8048,9087,10008,2020,8003,8069,20000,7688,1010,8092,8484,6648,9100,21501,8009,8360,9060,85,99,8000,9085,9998,8172,8899,9084,9010,9082,10010,7005,12018,87,7004,18004,8098,18098,8002,3505,8018,3000,9094,83,8108,1118,8016,20720,90,8046,9443,8091,7002,8868,8010,18082,8222,7088,8448,18090,3008,12443,9001,9093,7003,8101,14000,7687,8094,9002,8082,9081,8300,9086,8081,8089,8006,443,7007,7777,1888,9090,9095,81,1000,18002,8800,84,9088,7071,7070,8038,9091,8258,9008,9083,16080,88,8085,801,5555,7680,800,8180,9800,10002,18000,18008,98,28018,86,9092,8881,8100,8012,8084,8989,6080,7078,18001,8093,8053,8070,8280,880,92,9099,8181,9981,8060,8004,8083,10001,8097,21000,80,7200,888,7890,3128,8838,8008,8118,9080,2100,7180,9200"
var DefaultPorts = "21,22,80,81,135,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9200,11211,27017"
type HostInfo struct {
@ -100,3 +100,6 @@ var Userfile string
var Passfile string
var HostFile string
var Threads int
var URL string
var UrlFile string
var Urls []string

5
common/flag.go
View File

@ -18,6 +18,7 @@ func Banner() {
func Flag(Info *HostInfo) {
Banner()
DefaultPorts += Webport
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
@ -27,7 +28,6 @@ func Flag(Info *HostInfo) {
flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
flag.Int64Var(&Info.WebTimeout, "wt", 5, "Set web timeout")
flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
flag.IntVar(&Threads, "t", 200, "Thread nums")
flag.StringVar(&HostFile, "hf", "", "host file, -hs ip.txt")
flag.StringVar(&Userfile, "userf", "", "username file")
@ -40,8 +40,11 @@ func Flag(Info *HostInfo) {
flag.StringVar(&TmpOutputfile, "o", "result.txt", "Outputfile")
flag.BoolVar(&TmpSave, "no", false, "not to save output log")
flag.BoolVar(&LogErr, "debug", false, "debug mode will print more error info")
flag.StringVar(&URL, "u", "", "url")
flag.StringVar(&UrlFile, "uf", "", "url")
flag.StringVar(&Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
flag.StringVar(&Pocinfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
flag.StringVar(&Pocinfo.Cookie, "cookie", "", "set poc cookie")
flag.IntVar(&Pocinfo.Num, "Num", 20, "poc rate")
flag.Parse()
}