mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-07-13 21:02:44 +08:00
refacor: 大小写敏感
This commit is contained in:
ZacharyZcR
parent
38ea172e26
commit
6a84d0cf8a
107
common/config.go
107
common/config.go
@ -1,107 +0,0 @@
|
||||
package Common
|
||||
|
||||
var version = "1.8.4"
|
||||
var Userdict = map[string][]string{
|
||||
"ftp": {"ftp", "admin", "www", "web", "root", "db", "wwwroot", "data"},
|
||||
"mysql": {"root", "mysql"},
|
||||
"mssql": {"sa", "sql"},
|
||||
"smb": {"administrator", "admin", "guest"},
|
||||
"rdp": {"administrator", "admin", "guest"},
|
||||
"postgresql": {"postgres", "admin"},
|
||||
"ssh": {"root", "admin"},
|
||||
"mongodb": {"root", "admin"},
|
||||
"oracle": {"sys", "system", "admin", "test", "web", "orcl"},
|
||||
}
|
||||
|
||||
var Passwords = []string{"123456", "admin", "admin123", "root", "", "pass123", "pass@123", "password", "123123", "654321", "111111", "123", "1", "admin@123", "Admin@123", "admin123!@#", "{user}", "{user}1", "{user}111", "{user}123", "{user}@123", "{user}_123", "{user}#123", "{user}@111", "{user}@2019", "{user}@123#4", "P@ssw0rd!", "P@ssw0rd", "Passw0rd", "qwe123", "12345678", "test", "test123", "123qwe", "123qwe!@#", "123456789", "123321", "666666", "a123456.", "123456~a", "123456!a", "000000", "1234567890", "8888888", "!QAZ2wsx", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "a11111", "a12345", "Aa1234", "Aa1234.", "Aa12345", "a123456", "a123123", "Aa123123", "Aa123456", "Aa12345.", "sysadmin", "system", "1qaz!QAZ", "2wsx@WSX", "qwe123!@#", "Aa123456!", "A123456s!", "sa123456", "1q2w3e", "Charge123", "Aa123456789"}
|
||||
|
||||
var PortGroup = map[string]string{
|
||||
"ftp": "21",
|
||||
"ssh": "22",
|
||||
"findnet": "135",
|
||||
"netbios": "139",
|
||||
"smb": "445",
|
||||
"mssql": "1433",
|
||||
"oracle": "1521",
|
||||
"mysql": "3306",
|
||||
"rdp": "3389",
|
||||
"psql": "5432",
|
||||
"redis": "6379",
|
||||
"fcgi": "9000",
|
||||
"mem": "11211",
|
||||
"mgo": "27017",
|
||||
"ms17010": "445",
|
||||
"cve20200796": "445",
|
||||
"service": "21,22,135,139,445,1433,1521,3306,3389,5432,6379,9000,11211,27017",
|
||||
"db": "1433,1521,3306,5432,6379,11211,27017",
|
||||
"web": "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880",
|
||||
"all": "1-65535",
|
||||
"main": "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017",
|
||||
}
|
||||
var Outputfile = "result.txt"
|
||||
var IsSave = true
|
||||
var Webport = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,888,889,1000,1010,1080,1081,1082,1099,1118,1888,2008,2020,2100,2375,2379,3000,3008,3128,3505,5555,6080,6648,6868,7000,7001,7002,7003,7004,7005,7007,7008,7070,7071,7074,7078,7080,7088,7200,7680,7687,7688,7777,7890,8000,8001,8002,8003,8004,8006,8008,8009,8010,8011,8012,8016,8018,8020,8028,8030,8038,8042,8044,8046,8048,8053,8060,8069,8070,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8108,8118,8161,8172,8180,8181,8200,8222,8244,8258,8280,8288,8300,8360,8443,8448,8484,8800,8834,8838,8848,8858,8868,8879,8880,8881,8888,8899,8983,8989,9000,9001,9002,9008,9010,9043,9060,9080,9081,9082,9083,9084,9085,9086,9087,9088,9089,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9200,9443,9448,9800,9981,9986,9988,9998,9999,10000,10001,10002,10004,10008,10010,10250,12018,12443,14000,16080,18000,18001,18002,18004,18008,18080,18082,18088,18090,18098,19001,20000,20720,21000,21501,21502,28018,20880"
|
||||
var DefaultPorts = "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017"
|
||||
|
||||
type PocInfo struct {
|
||||
Target string
|
||||
PocName string
|
||||
}
|
||||
|
||||
var (
|
||||
Ports string
|
||||
Path string
|
||||
Scantype string
|
||||
Command string
|
||||
SshKey string
|
||||
Domain string
|
||||
Username string
|
||||
Password string
|
||||
Proxy string
|
||||
Timeout int64 = 3
|
||||
WebTimeout int64 = 5
|
||||
TmpSave bool
|
||||
NoPing bool
|
||||
Ping bool
|
||||
Pocinfo PocInfo
|
||||
NoPoc bool
|
||||
IsBrute bool
|
||||
RedisFile string
|
||||
RedisShell string
|
||||
Userfile string
|
||||
Passfile string
|
||||
Hashfile string
|
||||
HostFile string
|
||||
PortFile string
|
||||
PocPath string
|
||||
Threads int
|
||||
URL string
|
||||
UrlFile string
|
||||
Urls []string
|
||||
NoPorts string
|
||||
NoHosts string
|
||||
SC string
|
||||
PortAdd string
|
||||
UserAdd string
|
||||
PassAdd string
|
||||
BruteThread int
|
||||
LiveTop int
|
||||
Socks5Proxy string
|
||||
Hash string
|
||||
Hashs []string
|
||||
HashBytes [][]byte
|
||||
HostPort []string
|
||||
IsWmi bool
|
||||
Noredistest bool
|
||||
)
|
||||
|
||||
var (
|
||||
UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
|
||||
Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
|
||||
DnsLog bool
|
||||
PocNum int
|
||||
PocFull bool
|
||||
CeyeDomain string
|
||||
ApiKey string
|
||||
Cookie string
|
||||
)
|
||||
@ -1,94 +0,0 @@
|
||||
package Common
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"github.com/shadow1ng/fscan/Config"
|
||||
)
|
||||
|
||||
func Banner() {
|
||||
banner := `
|
||||
___ _
|
||||
/ _ \ ___ ___ _ __ __ _ ___| | __
|
||||
/ /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ /
|
||||
/ /_\\_____\__ \ (__| | | (_| | (__| <
|
||||
\____/ |___/\___|_| \__,_|\___|_|\_\
|
||||
fscan version: ` + version + `
|
||||
`
|
||||
print(banner)
|
||||
}
|
||||
|
||||
func Flag(Info *Config.HostInfo) {
|
||||
Banner()
|
||||
|
||||
// 目标配置
|
||||
flag.StringVar(&Info.Host, "h", "", "目标主机IP,例如: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
|
||||
flag.StringVar(&NoHosts, "hn", "", "排除的主机范围,例如: -hn 192.168.1.1/24")
|
||||
flag.StringVar(&Ports, "p", DefaultPorts, "端口配置,例如: 22 | 1-65535 | 22,80,3306")
|
||||
flag.StringVar(&PortAdd, "pa", "", "在默认端口基础上添加端口,-pa 3389")
|
||||
flag.StringVar(&NoPorts, "pn", "", "排除的端口,例如: -pn 445")
|
||||
|
||||
// 认证配置
|
||||
flag.StringVar(&UserAdd, "usera", "", "在默认用户列表基础上添加用户,-usera user")
|
||||
flag.StringVar(&PassAdd, "pwda", "", "在默认密码列表基础上添加密码,-pwda password")
|
||||
flag.StringVar(&Username, "user", "", "用户名")
|
||||
flag.StringVar(&Password, "pwd", "", "密码")
|
||||
flag.StringVar(&Domain, "domain", "", "域名(用于SMB)")
|
||||
flag.StringVar(&SshKey, "sshkey", "", "SSH密钥文件(id_rsa)")
|
||||
|
||||
// 扫描配置
|
||||
flag.StringVar(&Scantype, "m", "all", "扫描类型,例如: -m ssh")
|
||||
flag.IntVar(&Threads, "t", 600, "线程数量")
|
||||
flag.Int64Var(&Timeout, "time", 3, "超时时间(秒)")
|
||||
flag.IntVar(&LiveTop, "top", 10, "显示存活主机数量")
|
||||
flag.BoolVar(&NoPing, "np", false, "禁用存活探测")
|
||||
flag.BoolVar(&Ping, "ping", false, "使用ping替代ICMP")
|
||||
flag.StringVar(&Command, "c", "", "执行命令(支持ssh|wmiexec)")
|
||||
|
||||
// 文件配置
|
||||
flag.StringVar(&HostFile, "hf", "", "主机列表文件")
|
||||
flag.StringVar(&Userfile, "userf", "", "用户名字典")
|
||||
flag.StringVar(&Passfile, "pwdf", "", "密码字典")
|
||||
flag.StringVar(&Hashfile, "hashf", "", "Hash字典")
|
||||
flag.StringVar(&PortFile, "portf", "", "端口列表文件")
|
||||
|
||||
// Web配置
|
||||
flag.StringVar(&URL, "u", "", "目标URL")
|
||||
flag.StringVar(&UrlFile, "uf", "", "URL列表文件")
|
||||
flag.StringVar(&Cookie, "cookie", "", "设置Cookie")
|
||||
flag.Int64Var(&WebTimeout, "wt", 5, "Web请求超时时间")
|
||||
flag.StringVar(&Proxy, "proxy", "", "设置HTTP代理")
|
||||
flag.StringVar(&Socks5Proxy, "socks5", "", "设置Socks5代理(将用于TCP连接,超时设置将失效)")
|
||||
|
||||
// POC配置
|
||||
flag.StringVar(&PocPath, "pocpath", "", "POC文件路径")
|
||||
flag.StringVar(&Pocinfo.PocName, "pocname", "", "使用包含指定名称的POC,例如: -pocname weblogic")
|
||||
flag.BoolVar(&NoPoc, "nopoc", false, "禁用Web漏洞扫描")
|
||||
flag.BoolVar(&PocFull, "full", false, "完整POC扫描,如:shiro 100个key")
|
||||
flag.BoolVar(&DnsLog, "dns", false, "启用dnslog验证")
|
||||
flag.IntVar(&PocNum, "num", 20, "POC并发数")
|
||||
|
||||
// Redis利用配置
|
||||
flag.StringVar(&RedisFile, "rf", "", "Redis写入SSH公钥文件")
|
||||
flag.StringVar(&RedisShell, "rs", "", "Redis写入计划任务")
|
||||
flag.BoolVar(&Noredistest, "noredis", false, "禁用Redis安全检测")
|
||||
|
||||
// 暴力破解配置
|
||||
flag.BoolVar(&IsBrute, "nobr", false, "禁用密码爆破")
|
||||
flag.IntVar(&BruteThread, "br", 1, "密码爆破线程数")
|
||||
|
||||
// 其他配置
|
||||
flag.StringVar(&Path, "path", "", "FCG/SMB远程文件路径")
|
||||
flag.StringVar(&Hash, "hash", "", "Hash值")
|
||||
flag.StringVar(&SC, "sc", "", "MS17漏洞shellcode")
|
||||
flag.BoolVar(&IsWmi, "wmi", false, "启用WMI")
|
||||
|
||||
// 输出配置
|
||||
flag.StringVar(&Outputfile, "o", "result.txt", "结果输出文件")
|
||||
flag.BoolVar(&TmpSave, "no", false, "禁用结果保存")
|
||||
flag.BoolVar(&Silent, "silent", false, "静默扫描模式")
|
||||
flag.BoolVar(&Nocolor, "nocolor", false, "禁用彩色输出")
|
||||
flag.BoolVar(&JsonOutput, "json", false, "JSON格式输出")
|
||||
flag.Int64Var(&WaitTime, "debug", 60, "错误日志输出间隔")
|
||||
|
||||
flag.Parse()
|
||||
}
|
||||
172
common/log.go
172
common/log.go
@ -1,172 +0,0 @@
|
||||
package Common
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/fatih/color"
|
||||
"io"
|
||||
"log"
|
||||
"os"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// 记录扫描状态的全局变量
|
||||
var (
|
||||
Num int64 // 总任务数
|
||||
End int64 // 已完成数
|
||||
Results = make(chan *string) // 结果通道
|
||||
LogSucTime int64 // 最近成功日志时间
|
||||
LogErrTime int64 // 最近错误日志时间
|
||||
WaitTime int64 // 等待时间
|
||||
Silent bool // 静默模式
|
||||
Nocolor bool // 禁用颜色
|
||||
JsonOutput bool // JSON输出
|
||||
LogWG sync.WaitGroup // 日志同步等待组
|
||||
)
|
||||
|
||||
// JsonText JSON输出的结构体
|
||||
type JsonText struct {
|
||||
Type string `json:"type"` // 消息类型
|
||||
Text string `json:"text"` // 消息内容
|
||||
}
|
||||
|
||||
// init 初始化日志配置
|
||||
func init() {
|
||||
log.SetOutput(io.Discard)
|
||||
LogSucTime = time.Now().Unix()
|
||||
go SaveLog()
|
||||
}
|
||||
|
||||
// LogSuccess 记录成功信息
|
||||
func LogSuccess(result string) {
|
||||
LogWG.Add(1)
|
||||
LogSucTime = time.Now().Unix()
|
||||
Results <- &result
|
||||
}
|
||||
|
||||
// SaveLog 保存日志信息
|
||||
func SaveLog() {
|
||||
for result := range Results {
|
||||
// 打印日志
|
||||
if !Silent {
|
||||
if Nocolor {
|
||||
fmt.Println(*result)
|
||||
} else {
|
||||
switch {
|
||||
case strings.HasPrefix(*result, "[+] 信息扫描"):
|
||||
color.Green(*result)
|
||||
case strings.HasPrefix(*result, "[+]"):
|
||||
color.Red(*result)
|
||||
default:
|
||||
fmt.Println(*result)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 保存到文件
|
||||
if IsSave {
|
||||
WriteFile(*result, Outputfile)
|
||||
}
|
||||
LogWG.Done()
|
||||
}
|
||||
}
|
||||
|
||||
// WriteFile 写入文件
|
||||
func WriteFile(result string, filename string) {
|
||||
// 打开文件
|
||||
fl, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
|
||||
if err != nil {
|
||||
fmt.Printf("[!] 打开文件失败 %s: %v\n", filename, err)
|
||||
return
|
||||
}
|
||||
defer fl.Close()
|
||||
|
||||
if JsonOutput {
|
||||
// 解析JSON格式
|
||||
var scantype, text string
|
||||
if strings.HasPrefix(result, "[+]") || strings.HasPrefix(result, "[*]") || strings.HasPrefix(result, "[-]") {
|
||||
index := strings.Index(result[4:], " ")
|
||||
if index == -1 {
|
||||
scantype = "msg"
|
||||
text = result[4:]
|
||||
} else {
|
||||
scantype = result[4 : 4+index]
|
||||
text = result[4+index+1:]
|
||||
}
|
||||
} else {
|
||||
scantype = "msg"
|
||||
text = result
|
||||
}
|
||||
|
||||
// 构造JSON对象
|
||||
jsonText := JsonText{
|
||||
Type: scantype,
|
||||
Text: text,
|
||||
}
|
||||
|
||||
// 序列化JSON
|
||||
jsonData, err := json.Marshal(jsonText)
|
||||
if err != nil {
|
||||
fmt.Printf("[!] JSON序列化失败: %v\n", err)
|
||||
jsonText = JsonText{
|
||||
Type: "msg",
|
||||
Text: result,
|
||||
}
|
||||
jsonData, _ = json.Marshal(jsonText)
|
||||
}
|
||||
jsonData = append(jsonData, []byte(",\n")...)
|
||||
_, err = fl.Write(jsonData)
|
||||
} else {
|
||||
_, err = fl.Write([]byte(result + "\n"))
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
fmt.Printf("[!] 写入文件失败 %s: %v\n", filename, err)
|
||||
}
|
||||
}
|
||||
|
||||
// LogError 记录错误信息
|
||||
func LogError(errinfo interface{}) {
|
||||
if WaitTime == 0 {
|
||||
fmt.Printf("[*] 已完成 %v/%v %v\n", End, Num, errinfo)
|
||||
} else if (time.Now().Unix()-LogSucTime) > WaitTime && (time.Now().Unix()-LogErrTime) > WaitTime {
|
||||
fmt.Printf("[*] 已完成 %v/%v %v\n", End, Num, errinfo)
|
||||
LogErrTime = time.Now().Unix()
|
||||
}
|
||||
}
|
||||
|
||||
// CheckErrs 检查是否为已知错误
|
||||
func CheckErrs(err error) bool {
|
||||
if err == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
// 已知错误列表
|
||||
errs := []string{
|
||||
"远程主机关闭连接",
|
||||
"连接数过多",
|
||||
"连接超时",
|
||||
"EOF",
|
||||
"连接尝试失败",
|
||||
"建立连接失败",
|
||||
"无法连接",
|
||||
"无法读取数据",
|
||||
"不允许连接",
|
||||
"无pg_hba.conf配置项",
|
||||
"无法建立连接",
|
||||
"无效的数据包大小",
|
||||
"连接异常",
|
||||
}
|
||||
|
||||
// 检查错误是否匹配
|
||||
errLower := strings.ToLower(err.Error())
|
||||
for _, key := range errs {
|
||||
if strings.Contains(errLower, strings.ToLower(key)) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
@ -1,78 +0,0 @@
|
||||
package Common
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"golang.org/x/net/proxy"
|
||||
"net"
|
||||
"net/url"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// WrapperTcpWithTimeout 创建一个带超时的TCP连接
|
||||
func WrapperTcpWithTimeout(network, address string, timeout time.Duration) (net.Conn, error) {
|
||||
d := &net.Dialer{Timeout: timeout}
|
||||
return WrapperTCP(network, address, d)
|
||||
}
|
||||
|
||||
// WrapperTCP 根据配置创建TCP连接
|
||||
func WrapperTCP(network, address string, forward *net.Dialer) (net.Conn, error) {
|
||||
// 直连模式
|
||||
if Socks5Proxy == "" {
|
||||
conn, err := forward.Dial(network, address)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("建立TCP连接失败: %v", err)
|
||||
}
|
||||
return conn, nil
|
||||
}
|
||||
|
||||
// Socks5代理模式
|
||||
dialer, err := Socks5Dialer(forward)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("创建Socks5代理失败: %v", err)
|
||||
}
|
||||
|
||||
conn, err := dialer.Dial(network, address)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("通过Socks5建立连接失败: %v", err)
|
||||
}
|
||||
|
||||
return conn, nil
|
||||
}
|
||||
|
||||
// Socks5Dialer 创建Socks5代理拨号器
|
||||
func Socks5Dialer(forward *net.Dialer) (proxy.Dialer, error) {
|
||||
// 解析代理URL
|
||||
u, err := url.Parse(Socks5Proxy)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("解析Socks5代理地址失败: %v", err)
|
||||
}
|
||||
|
||||
// 验证代理类型
|
||||
if strings.ToLower(u.Scheme) != "socks5" {
|
||||
return nil, errors.New("仅支持socks5代理")
|
||||
}
|
||||
|
||||
address := u.Host
|
||||
var dialer proxy.Dialer
|
||||
|
||||
// 根据认证信息创建代理
|
||||
if u.User.String() != "" {
|
||||
// 使用用户名密码认证
|
||||
auth := proxy.Auth{
|
||||
User: u.User.Username(),
|
||||
}
|
||||
auth.Password, _ = u.User.Password()
|
||||
dialer, err = proxy.SOCKS5("tcp", address, &auth, forward)
|
||||
} else {
|
||||
// 无认证模式
|
||||
dialer, err = proxy.SOCKS5("tcp", address, nil, forward)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("创建Socks5代理失败: %v", err)
|
||||
}
|
||||
|
||||
return dialer, nil
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user