From a1900086d66695b7f232e7ec6c50d76abd1150cc Mon Sep 17 00:00:00 2001 From: shadow1ng Date: Sun, 15 Nov 2020 23:36:53 +0800 Subject: [PATCH] update --- Plugins/base.go | 36 +----------------------------------- Plugins/elasticsearch.go | 17 ----------------- Plugins/findnet.go | 1 - Plugins/ftp.go | 4 ++-- Plugins/mssql.go | 6 +++--- Plugins/mysql.go | 6 +++--- Plugins/postgres.go | 4 ++-- Plugins/redis.go | 9 +++------ Plugins/scanner.go | 15 +++++++-------- Plugins/smb.go | 2 -- Plugins/ssh.go | 16 ++++------------ Plugins/webtitle.go | 7 +++---- common/config.go | 2 +- main.go | 2 +- 14 files changed, 30 insertions(+), 97 deletions(-) diff --git a/Plugins/base.go b/Plugins/base.go index 6cf341f..4d5bf47 100644 --- a/Plugins/base.go +++ b/Plugins/base.go @@ -14,39 +14,5 @@ var PluginList = map[string]interface{}{ "27017":MongodbScan, "1000001": MS17010, "1000002": SmbGhost, - //"WebTitle":WebTitle, + "1000003":WebTitle, } - -//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"} -//const Username = "admin" -//const Password = "123456" -//const Timeout = 3 * time.Second -//const FTPPORT = 21 -//const SSHPORT = 22 -//const MEMCACHEDPORT = 11211 -//const MONGODBPORT = 27017 -//const MSSQLPORT = 1433 -//const OraclePORT = 1433 -//const PSQLPORT = 5432 -//const REDISPORT = 6379 -//const MYSQLPORT = 3306 -//const SMBPORT = 445 -//const POSTGRESPORT = 5432 - - -//var PluginList = map[string]interface{}{ -// "ftp": FtpScan, -// "mysql": MysqlScan, -// //"mongodb":MgoConn, -// "mssql":MssqlScan, -// "redis": RedisScan, -// //"smb": SmbScan, -// "ssh": SshScan, -// //"portscan": PortConn, -// //"icmp": IcmpConn, -// "postgresql": PostgresScan, -// //"urlscan":UrlConn, -// //"auth":ApacheConn, -// //"subdomain":SDConn, -// //"memcached":MemConn, -//} \ No newline at end of file diff --git a/Plugins/elasticsearch.go b/Plugins/elasticsearch.go index 8fb83b4..f89234f 100644 --- a/Plugins/elasticsearch.go +++ b/Plugins/elasticsearch.go @@ -51,21 +51,4 @@ func geturl2(info *common.HostInfo) (flag bool,err error) { } } return flag,err - - //fmt.Print("\n") } - - -//if info.Cookie!=""{ -// res.Header.Add("Cookie",info.Cookie) -//} -//if info.Header!=""{ -// var header = make(map[string]string) -// err:=json.Unmarshal([]byte(info.Header),&header) -// if err!=nil{ -// Misc.CheckErr(err) -// } -// for k,v:=range header{ -// res.Header.Add(k,v) -// } -//} \ No newline at end of file diff --git a/Plugins/findnet.go b/Plugins/findnet.go index 871d42d..46d04b9 100644 --- a/Plugins/findnet.go +++ b/Plugins/findnet.go @@ -70,7 +70,6 @@ func read(text []byte,host string) { return } result += "\n [->]"+string(host) - //result += "\n ["+string(host)+"]" } common.LogSuccess(result) } diff --git a/Plugins/ftp.go b/Plugins/ftp.go index a617c01..a0dc197 100644 --- a/Plugins/ftp.go +++ b/Plugins/ftp.go @@ -14,7 +14,7 @@ func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) { for _,user:=range common.Userdict["ftp"]{ for _,pass:=range common.Passwords{ pass = strings.Replace(pass, "{user}", string(user), -1) - flag,err := FtpConn(info,user,pass,ch,wg) + flag,err := FtpConn(info,user,pass) if flag==true && err==nil { break Loop } @@ -24,7 +24,7 @@ func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) { <- ch } -func FtpConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){ +func FtpConn(info *common.HostInfo,user string,pass string)(flag bool,err error){ flag = false Host,Port,Username,Password := info.Host, common.PORTList["ftp"],user, pass conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v",Host,Port), time.Duration(info.Timeout)*time.Second) diff --git a/Plugins/mssql.go b/Plugins/mssql.go index 0066a3e..1cbfaa5 100644 --- a/Plugins/mssql.go +++ b/Plugins/mssql.go @@ -17,8 +17,8 @@ func MssqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) { Loop: for _,user:=range common.Userdict["mssql"]{ for _,pass:=range common.Passwords{ - pass = strings.Replace(pass, "{user}", string(user), -1) - flag,err := MssqlConn(info,user,pass,ch,wg) + pass = strings.Replace(pass, "{user}", user, -1) + flag,err := MssqlConn(info,user,pass) if flag==true && err==nil { break Loop } @@ -28,7 +28,7 @@ Loop: <- ch } -func MssqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){ +func MssqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){ flag = false Host,Port,Username,Password := info.Host, common.PORTList["mssql"],user, pass dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host,Username,Password,Port,time.Duration(info.Timeout)*time.Second) diff --git a/Plugins/mysql.go b/Plugins/mysql.go index 4db3280..cb5b048 100644 --- a/Plugins/mysql.go +++ b/Plugins/mysql.go @@ -16,8 +16,8 @@ func MysqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) { Loop: for _,user:=range common.Userdict["mysql"]{ for _,pass:=range common.Passwords{ - pass = strings.Replace(pass, "{user}", string(user), -1) - flag,err := MysqlConn(info,user,pass,ch,wg) + pass = strings.Replace(pass, "{user}", user, -1) + flag,err := MysqlConn(info,user,pass) if flag==true && err==nil { break Loop } @@ -27,7 +27,7 @@ Loop: <- ch } -func MysqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){ +func MysqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){ flag = false Host,Port,Username,Password := info.Host, common.PORTList["mysql"],user, pass dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host,Port, "mysql") diff --git a/Plugins/postgres.go b/Plugins/postgres.go index c9678b9..870613d 100644 --- a/Plugins/postgres.go +++ b/Plugins/postgres.go @@ -15,7 +15,7 @@ Loop: for _,user:=range common.Userdict["postgresql"]{ for _,pass:=range common.Passwords{ pass = strings.Replace(pass, "{user}", string(user), -1) - flag,err := PostgresConn(info,user,pass,ch,wg) + flag,err := PostgresConn(info,user,pass) if flag==true && err==nil { break Loop } @@ -25,7 +25,7 @@ Loop: <- ch } -func PostgresConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){ +func PostgresConn(info *common.HostInfo,user string,pass string)(flag bool,err error){ flag = false Host,Port,Username,Password := info.Host, common.PORTList["psql"],user, pass dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host,Port, "postgres", "disable") diff --git a/Plugins/redis.go b/Plugins/redis.go index 97a66e2..2c17fdf 100644 --- a/Plugins/redis.go +++ b/Plugins/redis.go @@ -22,7 +22,7 @@ func RedisScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) { Loop: for _,pass:=range common.Passwords{ pass = strings.Replace(pass, "{user}", string("redis"), -1) - flag,err := RedisConn(info,pass,ch,wg) + flag,err := RedisConn(info,pass) if flag==true && err==nil { break Loop } @@ -31,7 +31,7 @@ Loop: <- ch } -func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){ +func RedisConn(info *common.HostInfo,pass string)(flag bool,err error){ flag = false realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"]) conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second) @@ -41,7 +41,6 @@ func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup) defer conn.Close() conn.Write([]byte(fmt.Sprintf("auth %s\r\n",pass))) reply,err := readreply(conn) - //common.LogSuccess(result) if strings.Contains(reply,"+OK"){ result := fmt.Sprintf("Redis:%s %s",realhost,pass) common.LogSuccess(result) @@ -164,10 +163,8 @@ func Readfile(filename string)(string,error){ } defer file.Close() scanner := bufio.NewScanner(file) - //scanner.Split(bufio.ScanLines) for scanner.Scan() { - //text := strings.TrimSpace(scanner.Text()) - text := scanner.Text() + text := strings.TrimSpace(scanner.Text()) if text != "" { return text,nil } diff --git a/Plugins/scanner.go b/Plugins/scanner.go index a64f9e0..9f1af2b 100644 --- a/Plugins/scanner.go +++ b/Plugins/scanner.go @@ -15,7 +15,6 @@ func scan_func(m map[string]interface{}, name string, infos ...interface{}) (res err = errors.New("The number of infos is not adapted.") if err != nil { fmt.Println(err.Error()) - // //os.Exit(0) } } in := make([]reflect.Value, len(infos)) @@ -34,17 +33,17 @@ func IsContain(items []string, item string) bool { return false } -func Scan(info *common.HostInfo) { +func Scan(info common.HostInfo) { Hosts,_ := common.ParseIP(info.Host,info.HostFile) if info.Isping == false{ Hosts = ICMPRun(Hosts) } _,AlivePorts := TCPportScan(Hosts,info.Ports,"icmp",3) //return AliveHosts,AlivePorts - var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"} + var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...} for _,port:=range common.PORTList{ severports = append(severports,strconv.Itoa(port)) } - severports1 := []string{"1521"} + severports1 := []string{"1521"} //no scan these server var ch = make(chan int,info.Threads) var wg = sync.WaitGroup{} var scantype string @@ -53,12 +52,11 @@ func Scan(info *common.HostInfo) { info.Host = scan_ip if info.Scantype == "all"{ if IsContain(severports,scan_port){ - //scantype = scan_port AddScan(scan_port,info,ch,&wg) }else { if !IsContain(severports1,scan_port){ - info.Url = fmt.Sprintf("http://%s",targetIP) wg.Add(1) + info.Ports = scan_port go WebTitle(info,ch,&wg) //go scan_func(PluginList,"WebTitle",info,ch,&wg) ch <- 1 } @@ -77,8 +75,9 @@ func Scan(info *common.HostInfo) { wg.Wait() } -func AddScan(scantype string,info *common.HostInfo,ch chan int,wg *sync.WaitGroup) { +func AddScan(scantype string,info common.HostInfo,ch chan int,wg *sync.WaitGroup) { wg.Add(1) - go scan_func(PluginList,scantype,info,ch,wg) + if info.Scantype == "webtitle"{scantype = "1000003"} + go scan_func(PluginList,scantype,&info,ch,wg) ch <- 1 } \ No newline at end of file diff --git a/Plugins/smb.go b/Plugins/smb.go index 2d419ca..ab69b04 100644 --- a/Plugins/smb.go +++ b/Plugins/smb.go @@ -43,7 +43,6 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error } session, err := smb.NewSession(options, false) - //fmt.Println(err) if err == nil { defer session.Close() if session.IsAuthenticated { @@ -57,7 +56,6 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error func doWithTimeOut(info *common.HostInfo,user string,pass string)(flag bool,err error){ ctx,cancel := context.WithTimeout(context.Background(),time.Duration(info.Timeout)*time.Second) - //ctx,cancel := context.WithTimeout(context.Background(),1*time.Second) defer cancel() signal := make(chan int,1) go func() { diff --git a/Plugins/ssh.go b/Plugins/ssh.go index 0704ccc..bf8c086 100644 --- a/Plugins/ssh.go +++ b/Plugins/ssh.go @@ -10,18 +10,11 @@ import ( "time" ) func SshScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) { - //SshConn(info,"oracle","oracle",ch,wg) Loop: for _,user:=range common.Userdict["ssh"]{ for _,pass:=range common.Passwords{ - pass = strings.Replace(pass, "{user}", string(user), -1) - //wg.Add(1) - //var good bool - //go SshConn(info,user,pass,ch,wg) - //if good == true{ - // break Loop - //} - flag,err := SshConn(info,user,pass,ch,wg) + pass = strings.Replace(pass, "{user}", user, -1) + flag,err := SshConn(info,user,pass) if flag==true && err==nil { break Loop } @@ -31,10 +24,9 @@ Loop: <- ch } -func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){ +func SshConn(info *common.HostInfo,user string,pass string)(flag bool,err error){ flag = false Host,Port,Username,Password := info.Host, common.PORTList["ssh"],user, pass - //fmt.Println(Host,Port,Username,Password) config := &ssh.ClientConfig{ User: Username, Auth: []ssh.AuthMethod{ @@ -50,7 +42,7 @@ func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync. if err == nil { defer client.Close() session, err := client.NewSession() - if err == nil { //if err == nil && errRet == nil { + if err == nil { defer session.Close() flag = true if info.Command != ""{ diff --git a/Plugins/webtitle.go b/Plugins/webtitle.go index 8254301..aa0281a 100644 --- a/Plugins/webtitle.go +++ b/Plugins/webtitle.go @@ -11,7 +11,8 @@ import ( "time" ) -func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) { +func WebTitle(info common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) { + info.Url = fmt.Sprintf("http://%s:%s",info.Host,info.Ports) err,result = geturl(info) wg.Done() <-ch @@ -19,7 +20,7 @@ func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, } -func geturl(info *common.HostInfo) (err error, result string) { +func geturl(info common.HostInfo) (err error, result string) { url := info.Url var client = &http.Client{Timeout:time.Duration(info.Timeout)*time.Second } res,err:=http.NewRequest("GET",url,nil) @@ -55,8 +56,6 @@ func geturl(info *common.HostInfo) (err error, result string) { } } return err, "" - - //fmt.Print("\n") } //var client = &http.Client{ // Transport:&http.Transport{ diff --git a/common/config.go b/common/config.go index 74a3587..d642b12 100644 --- a/common/config.go +++ b/common/config.go @@ -25,10 +25,10 @@ var PORTList = map[string]int{ "smb": 445, "ms17010": 1000001, "cve20200796":1000002, + "webtitle": 1000003, "elastic": 9200, "findnet": 135, "all":0, - //"wenscan": 17010, } var Outputfile = "result.txt" diff --git a/main.go b/main.go index 6483a3e..6c65c3a 100644 --- a/main.go +++ b/main.go @@ -11,7 +11,7 @@ func main() { var Info common.HostInfo common.Flag(&Info) //fmt.Println(Info.Host,Info.Ports) common.Parse(&Info) - Plugins.Scan(&Info) + Plugins.Scan(Info) fmt.Println("scan end") }