diff --git a/common/config.go b/common/config.go deleted file mode 100644 index 6dd46ae..0000000 --- a/common/config.go +++ /dev/null @@ -1,107 +0,0 @@ -package Common - -var version = "1.8.4" -var Userdict = map[string][]string{ - "ftp": {"ftp", "admin", "www", "web", "root", "db", "wwwroot", "data"}, - "mysql": {"root", "mysql"}, - "mssql": {"sa", "sql"}, - "smb": {"administrator", "admin", "guest"}, - "rdp": {"administrator", "admin", "guest"}, - "postgresql": {"postgres", "admin"}, - "ssh": {"root", "admin"}, - "mongodb": {"root", "admin"}, - "oracle": {"sys", "system", "admin", "test", "web", "orcl"}, -} - -var Passwords = []string{"123456", "admin", "admin123", "root", "", "pass123", "pass@123", "password", "123123", "654321", "111111", "123", "1", "admin@123", "Admin@123", "admin123!@#", "{user}", "{user}1", "{user}111", "{user}123", "{user}@123", "{user}_123", "{user}#123", "{user}@111", "{user}@2019", "{user}@123#4", "P@ssw0rd!", "P@ssw0rd", "Passw0rd", "qwe123", "12345678", "test", "test123", "123qwe", "123qwe!@#", "123456789", "123321", "666666", "a123456.", "123456~a", "123456!a", "000000", "1234567890", "8888888", "!QAZ2wsx", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "a11111", "a12345", "Aa1234", "Aa1234.", "Aa12345", "a123456", "a123123", "Aa123123", "Aa123456", "Aa12345.", "sysadmin", "system", "1qaz!QAZ", "2wsx@WSX", "qwe123!@#", "Aa123456!", "A123456s!", "sa123456", "1q2w3e", "Charge123", "Aa123456789"} - -var PortGroup = map[string]string{ - "ftp": "21", - "ssh": "22", - "findnet": "135", - "netbios": "139", - "smb": "445", - "mssql": "1433", - "oracle": "1521", - "mysql": "3306", - "rdp": "3389", - "psql": "5432", - "redis": "6379", - "fcgi": "9000", - "mem": "11211", - "mgo": "27017", - "ms17010": "445", - "cve20200796": "445", - "service": "21,22,135,139,445,1433,1521,3306,3389,5432,6379,9000,11211,27017", - "db": "1433,1521,3306,5432,6379,11211,27017", - "web": "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880", - "all": "1-65535", - "main": "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017", -} -var Outputfile = "result.txt" -var IsSave = true -var Webport = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880" -var DefaultPorts = "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017" - -type PocInfo struct { - Target string - PocName string -} - -var ( - Ports string - Path string - Scantype string - Command string - SshKey string - Domain string - Username string - Password string - Proxy string - Timeout int64 = 3 - WebTimeout int64 = 5 - TmpSave bool - NoPing bool - Ping bool - Pocinfo PocInfo - NoPoc bool - IsBrute bool - RedisFile string - RedisShell string - Userfile string - Passfile string - Hashfile string - HostFile string - PortFile string - PocPath string - Threads int - URL string - UrlFile string - Urls []string - NoPorts string - NoHosts string - SC string - PortAdd string - UserAdd string - PassAdd string - BruteThread int - LiveTop int - Socks5Proxy string - Hash string - Hashs []string - HashBytes [][]byte - HostPort []string - IsWmi bool - Noredistest bool -) - -var ( - UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" - Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" - DnsLog bool - PocNum int - PocFull bool - CeyeDomain string - ApiKey string - Cookie string -) diff --git a/common/flag.go b/common/flag.go deleted file mode 100644 index bdbf244..0000000 --- a/common/flag.go +++ /dev/null @@ -1,94 +0,0 @@ -package Common - -import ( - "flag" - "github.com/shadow1ng/fscan/Config" -) - -func Banner() { - banner := ` - ___ _ - / _ \ ___ ___ _ __ __ _ ___| | __ - / /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ / -/ /_\\_____\__ \ (__| | | (_| | (__| < -\____/ |___/\___|_| \__,_|\___|_|\_\ - fscan version: ` + version + ` -` - print(banner) -} - -func Flag(Info *Config.HostInfo) { - Banner() - - // 目标配置 - flag.StringVar(&Info.Host, "h", "", "目标主机IP,例如: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12") - flag.StringVar(&NoHosts, "hn", "", "排除的主机范围,例如: -hn 192.168.1.1/24") - flag.StringVar(&Ports, "p", DefaultPorts, "端口配置,例如: 22 | 1-65535 | 22,80,3306") - flag.StringVar(&PortAdd, "pa", "", "在默认端口基础上添加端口,-pa 3389") - flag.StringVar(&NoPorts, "pn", "", "排除的端口,例如: -pn 445") - - // 认证配置 - flag.StringVar(&UserAdd, "usera", "", "在默认用户列表基础上添加用户,-usera user") - flag.StringVar(&PassAdd, "pwda", "", "在默认密码列表基础上添加密码,-pwda password") - flag.StringVar(&Username, "user", "", "用户名") - flag.StringVar(&Password, "pwd", "", "密码") - flag.StringVar(&Domain, "domain", "", "域名(用于SMB)") - flag.StringVar(&SshKey, "sshkey", "", "SSH密钥文件(id_rsa)") - - // 扫描配置 - flag.StringVar(&Scantype, "m", "all", "扫描类型,例如: -m ssh") - flag.IntVar(&Threads, "t", 600, "线程数量") - flag.Int64Var(&Timeout, "time", 3, "超时时间(秒)") - flag.IntVar(&LiveTop, "top", 10, "显示存活主机数量") - flag.BoolVar(&NoPing, "np", false, "禁用存活探测") - flag.BoolVar(&Ping, "ping", false, "使用ping替代ICMP") - flag.StringVar(&Command, "c", "", "执行命令(支持ssh|wmiexec)") - - // 文件配置 - flag.StringVar(&HostFile, "hf", "", "主机列表文件") - flag.StringVar(&Userfile, "userf", "", "用户名字典") - flag.StringVar(&Passfile, "pwdf", "", "密码字典") - flag.StringVar(&Hashfile, "hashf", "", "Hash字典") - flag.StringVar(&PortFile, "portf", "", "端口列表文件") - - // Web配置 - flag.StringVar(&URL, "u", "", "目标URL") - flag.StringVar(&UrlFile, "uf", "", "URL列表文件") - flag.StringVar(&Cookie, "cookie", "", "设置Cookie") - flag.Int64Var(&WebTimeout, "wt", 5, "Web请求超时时间") - flag.StringVar(&Proxy, "proxy", "", "设置HTTP代理") - flag.StringVar(&Socks5Proxy, "socks5", "", "设置Socks5代理(将用于TCP连接,超时设置将失效)") - - // POC配置 - flag.StringVar(&PocPath, "pocpath", "", "POC文件路径") - flag.StringVar(&Pocinfo.PocName, "pocname", "", "使用包含指定名称的POC,例如: -pocname weblogic") - flag.BoolVar(&NoPoc, "nopoc", false, "禁用Web漏洞扫描") - flag.BoolVar(&PocFull, "full", false, "完整POC扫描,如:shiro 100个key") - flag.BoolVar(&DnsLog, "dns", false, "启用dnslog验证") - flag.IntVar(&PocNum, "num", 20, "POC并发数") - - // Redis利用配置 - flag.StringVar(&RedisFile, "rf", "", "Redis写入SSH公钥文件") - flag.StringVar(&RedisShell, "rs", "", "Redis写入计划任务") - flag.BoolVar(&Noredistest, "noredis", false, "禁用Redis安全检测") - - // 暴力破解配置 - flag.BoolVar(&IsBrute, "nobr", false, "禁用密码爆破") - flag.IntVar(&BruteThread, "br", 1, "密码爆破线程数") - - // 其他配置 - flag.StringVar(&Path, "path", "", "FCG/SMB远程文件路径") - flag.StringVar(&Hash, "hash", "", "Hash值") - flag.StringVar(&SC, "sc", "", "MS17漏洞shellcode") - flag.BoolVar(&IsWmi, "wmi", false, "启用WMI") - - // 输出配置 - flag.StringVar(&Outputfile, "o", "result.txt", "结果输出文件") - flag.BoolVar(&TmpSave, "no", false, "禁用结果保存") - flag.BoolVar(&Silent, "silent", false, "静默扫描模式") - flag.BoolVar(&Nocolor, "nocolor", false, "禁用彩色输出") - flag.BoolVar(&JsonOutput, "json", false, "JSON格式输出") - flag.Int64Var(&WaitTime, "debug", 60, "错误日志输出间隔") - - flag.Parse() -} diff --git a/common/log.go b/common/log.go deleted file mode 100644 index 5669298..0000000 --- a/common/log.go +++ /dev/null @@ -1,172 +0,0 @@ -package Common - -import ( - "encoding/json" - "fmt" - "github.com/fatih/color" - "io" - "log" - "os" - "strings" - "sync" - "time" -) - -// 记录扫描状态的全局变量 -var ( - Num int64 // 总任务数 - End int64 // 已完成数 - Results = make(chan *string) // 结果通道 - LogSucTime int64 // 最近成功日志时间 - LogErrTime int64 // 最近错误日志时间 - WaitTime int64 // 等待时间 - Silent bool // 静默模式 - Nocolor bool // 禁用颜色 - JsonOutput bool // JSON输出 - LogWG sync.WaitGroup // 日志同步等待组 -) - -// JsonText JSON输出的结构体 -type JsonText struct { - Type string `json:"type"` // 消息类型 - Text string `json:"text"` // 消息内容 -} - -// init 初始化日志配置 -func init() { - log.SetOutput(io.Discard) - LogSucTime = time.Now().Unix() - go SaveLog() -} - -// LogSuccess 记录成功信息 -func LogSuccess(result string) { - LogWG.Add(1) - LogSucTime = time.Now().Unix() - Results <- &result -} - -// SaveLog 保存日志信息 -func SaveLog() { - for result := range Results { - // 打印日志 - if !Silent { - if Nocolor { - fmt.Println(*result) - } else { - switch { - case strings.HasPrefix(*result, "[+] 信息扫描"): - color.Green(*result) - case strings.HasPrefix(*result, "[+]"): - color.Red(*result) - default: - fmt.Println(*result) - } - } - } - - // 保存到文件 - if IsSave { - WriteFile(*result, Outputfile) - } - LogWG.Done() - } -} - -// WriteFile 写入文件 -func WriteFile(result string, filename string) { - // 打开文件 - fl, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666) - if err != nil { - fmt.Printf("[!] 打开文件失败 %s: %v\n", filename, err) - return - } - defer fl.Close() - - if JsonOutput { - // 解析JSON格式 - var scantype, text string - if strings.HasPrefix(result, "[+]") || strings.HasPrefix(result, "[*]") || strings.HasPrefix(result, "[-]") { - index := strings.Index(result[4:], " ") - if index == -1 { - scantype = "msg" - text = result[4:] - } else { - scantype = result[4 : 4+index] - text = result[4+index+1:] - } - } else { - scantype = "msg" - text = result - } - - // 构造JSON对象 - jsonText := JsonText{ - Type: scantype, - Text: text, - } - - // 序列化JSON - jsonData, err := json.Marshal(jsonText) - if err != nil { - fmt.Printf("[!] JSON序列化失败: %v\n", err) - jsonText = JsonText{ - Type: "msg", - Text: result, - } - jsonData, _ = json.Marshal(jsonText) - } - jsonData = append(jsonData, []byte(",\n")...) - _, err = fl.Write(jsonData) - } else { - _, err = fl.Write([]byte(result + "\n")) - } - - if err != nil { - fmt.Printf("[!] 写入文件失败 %s: %v\n", filename, err) - } -} - -// LogError 记录错误信息 -func LogError(errinfo interface{}) { - if WaitTime == 0 { - fmt.Printf("[*] 已完成 %v/%v %v\n", End, Num, errinfo) - } else if (time.Now().Unix()-LogSucTime) > WaitTime && (time.Now().Unix()-LogErrTime) > WaitTime { - fmt.Printf("[*] 已完成 %v/%v %v\n", End, Num, errinfo) - LogErrTime = time.Now().Unix() - } -} - -// CheckErrs 检查是否为已知错误 -func CheckErrs(err error) bool { - if err == nil { - return false - } - - // 已知错误列表 - errs := []string{ - "远程主机关闭连接", - "连接数过多", - "连接超时", - "EOF", - "连接尝试失败", - "建立连接失败", - "无法连接", - "无法读取数据", - "不允许连接", - "无pg_hba.conf配置项", - "无法建立连接", - "无效的数据包大小", - "连接异常", - } - - // 检查错误是否匹配 - errLower := strings.ToLower(err.Error()) - for _, key := range errs { - if strings.Contains(errLower, strings.ToLower(key)) { - return true - } - } - - return false -} diff --git a/common/proxy.go b/common/proxy.go deleted file mode 100644 index f8af40e..0000000 --- a/common/proxy.go +++ /dev/null @@ -1,78 +0,0 @@ -package Common - -import ( - "errors" - "fmt" - "golang.org/x/net/proxy" - "net" - "net/url" - "strings" - "time" -) - -// WrapperTcpWithTimeout 创建一个带超时的TCP连接 -func WrapperTcpWithTimeout(network, address string, timeout time.Duration) (net.Conn, error) { - d := &net.Dialer{Timeout: timeout} - return WrapperTCP(network, address, d) -} - -// WrapperTCP 根据配置创建TCP连接 -func WrapperTCP(network, address string, forward *net.Dialer) (net.Conn, error) { - // 直连模式 - if Socks5Proxy == "" { - conn, err := forward.Dial(network, address) - if err != nil { - return nil, fmt.Errorf("建立TCP连接失败: %v", err) - } - return conn, nil - } - - // Socks5代理模式 - dialer, err := Socks5Dialer(forward) - if err != nil { - return nil, fmt.Errorf("创建Socks5代理失败: %v", err) - } - - conn, err := dialer.Dial(network, address) - if err != nil { - return nil, fmt.Errorf("通过Socks5建立连接失败: %v", err) - } - - return conn, nil -} - -// Socks5Dialer 创建Socks5代理拨号器 -func Socks5Dialer(forward *net.Dialer) (proxy.Dialer, error) { - // 解析代理URL - u, err := url.Parse(Socks5Proxy) - if err != nil { - return nil, fmt.Errorf("解析Socks5代理地址失败: %v", err) - } - - // 验证代理类型 - if strings.ToLower(u.Scheme) != "socks5" { - return nil, errors.New("仅支持socks5代理") - } - - address := u.Host - var dialer proxy.Dialer - - // 根据认证信息创建代理 - if u.User.String() != "" { - // 使用用户名密码认证 - auth := proxy.Auth{ - User: u.User.Username(), - } - auth.Password, _ = u.User.Password() - dialer, err = proxy.SOCKS5("tcp", address, &auth, forward) - } else { - // 无认证模式 - dialer, err = proxy.SOCKS5("tcp", address, nil, forward) - } - - if err != nil { - return nil, fmt.Errorf("创建Socks5代理失败: %v", err) - } - - return dialer, nil -}