mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-07-14 05:12:36 +08:00
update
This commit is contained in:
shadow1ng
parent
a829660205
commit
a1900086d6
@ -14,39 +14,5 @@ var PluginList = map[string]interface{}{
|
||||
"27017":MongodbScan,
|
||||
"1000001": MS17010,
|
||||
"1000002": SmbGhost,
|
||||
//"WebTitle":WebTitle,
|
||||
"1000003":WebTitle,
|
||||
}
|
||||
|
||||
//var Passwords = []string{"admin123A","123456","admin","root","password","123123","123","1","{user}","{user}{user}","{user}1","{user}123","{user}2016","{user}2015","{user}!","","P@ssw0rd!!","qwa123","12345678","test","123qwe!@#","123456789","123321","1314520","666666","woaini","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1q2w3e4r","123qwe","p@ssw0rd","p@55w0rd","password!","p@ssw0rd!","password1","r00t","tomcat","apache","system","huawei","admin123","zte"}
|
||||
//const Username = "admin"
|
||||
//const Password = "123456"
|
||||
//const Timeout = 3 * time.Second
|
||||
//const FTPPORT = 21
|
||||
//const SSHPORT = 22
|
||||
//const MEMCACHEDPORT = 11211
|
||||
//const MONGODBPORT = 27017
|
||||
//const MSSQLPORT = 1433
|
||||
//const OraclePORT = 1433
|
||||
//const PSQLPORT = 5432
|
||||
//const REDISPORT = 6379
|
||||
//const MYSQLPORT = 3306
|
||||
//const SMBPORT = 445
|
||||
//const POSTGRESPORT = 5432
|
||||
|
||||
|
||||
//var PluginList = map[string]interface{}{
|
||||
// "ftp": FtpScan,
|
||||
// "mysql": MysqlScan,
|
||||
// //"mongodb":MgoConn,
|
||||
// "mssql":MssqlScan,
|
||||
// "redis": RedisScan,
|
||||
// //"smb": SmbScan,
|
||||
// "ssh": SshScan,
|
||||
// //"portscan": PortConn,
|
||||
// //"icmp": IcmpConn,
|
||||
// "postgresql": PostgresScan,
|
||||
// //"urlscan":UrlConn,
|
||||
// //"auth":ApacheConn,
|
||||
// //"subdomain":SDConn,
|
||||
// //"memcached":MemConn,
|
||||
//}
|
||||
@ -51,21 +51,4 @@ func geturl2(info *common.HostInfo) (flag bool,err error) {
|
||||
}
|
||||
}
|
||||
return flag,err
|
||||
|
||||
//fmt.Print("\n")
|
||||
}
|
||||
|
||||
|
||||
//if info.Cookie!=""{
|
||||
// res.Header.Add("Cookie",info.Cookie)
|
||||
//}
|
||||
//if info.Header!=""{
|
||||
// var header = make(map[string]string)
|
||||
// err:=json.Unmarshal([]byte(info.Header),&header)
|
||||
// if err!=nil{
|
||||
// Misc.CheckErr(err)
|
||||
// }
|
||||
// for k,v:=range header{
|
||||
// res.Header.Add(k,v)
|
||||
// }
|
||||
//}
|
||||
@ -70,7 +70,6 @@ func read(text []byte,host string) {
|
||||
return
|
||||
}
|
||||
result += "\n [->]"+string(host)
|
||||
//result += "\n ["+string(host)+"]"
|
||||
}
|
||||
common.LogSuccess(result)
|
||||
}
|
||||
|
||||
@ -14,7 +14,7 @@ func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
for _,user:=range common.Userdict["ftp"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
flag,err := FtpConn(info,user,pass,ch,wg)
|
||||
flag,err := FtpConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@ -24,7 +24,7 @@ func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
<- ch
|
||||
}
|
||||
|
||||
func FtpConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func FtpConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["ftp"],user, pass
|
||||
conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v",Host,Port), time.Duration(info.Timeout)*time.Second)
|
||||
|
||||
@ -17,8 +17,8 @@ func MssqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
Loop:
|
||||
for _,user:=range common.Userdict["mssql"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
flag,err := MssqlConn(info,user,pass,ch,wg)
|
||||
pass = strings.Replace(pass, "{user}", user, -1)
|
||||
flag,err := MssqlConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@ -28,7 +28,7 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func MssqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func MssqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["mssql"],user, pass
|
||||
dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host,Username,Password,Port,time.Duration(info.Timeout)*time.Second)
|
||||
|
||||
@ -16,8 +16,8 @@ func MysqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
Loop:
|
||||
for _,user:=range common.Userdict["mysql"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
flag,err := MysqlConn(info,user,pass,ch,wg)
|
||||
pass = strings.Replace(pass, "{user}", user, -1)
|
||||
flag,err := MysqlConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@ -27,7 +27,7 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func MysqlConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func MysqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["mysql"],user, pass
|
||||
dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host,Port, "mysql")
|
||||
|
||||
@ -15,7 +15,7 @@ Loop:
|
||||
for _,user:=range common.Userdict["postgresql"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
flag,err := PostgresConn(info,user,pass,ch,wg)
|
||||
flag,err := PostgresConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@ -25,7 +25,7 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func PostgresConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func PostgresConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["psql"],user, pass
|
||||
dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host,Port, "postgres", "disable")
|
||||
|
||||
@ -22,7 +22,7 @@ func RedisScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
Loop:
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string("redis"), -1)
|
||||
flag,err := RedisConn(info,pass,ch,wg)
|
||||
flag,err := RedisConn(info,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@ -31,7 +31,7 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func RedisConn(info *common.HostInfo,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
|
||||
conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
|
||||
@ -41,7 +41,6 @@ func RedisConn(info *common.HostInfo,pass string,ch chan int,wg *sync.WaitGroup)
|
||||
defer conn.Close()
|
||||
conn.Write([]byte(fmt.Sprintf("auth %s\r\n",pass)))
|
||||
reply,err := readreply(conn)
|
||||
//common.LogSuccess(result)
|
||||
if strings.Contains(reply,"+OK"){
|
||||
result := fmt.Sprintf("Redis:%s %s",realhost,pass)
|
||||
common.LogSuccess(result)
|
||||
@ -164,10 +163,8 @@ func Readfile(filename string)(string,error){
|
||||
}
|
||||
defer file.Close()
|
||||
scanner := bufio.NewScanner(file)
|
||||
//scanner.Split(bufio.ScanLines)
|
||||
for scanner.Scan() {
|
||||
//text := strings.TrimSpace(scanner.Text())
|
||||
text := scanner.Text()
|
||||
text := strings.TrimSpace(scanner.Text())
|
||||
if text != "" {
|
||||
return text,nil
|
||||
}
|
||||
|
||||
@ -15,7 +15,6 @@ func scan_func(m map[string]interface{}, name string, infos ...interface{}) (res
|
||||
err = errors.New("The number of infos is not adapted.")
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
// //os.Exit(0)
|
||||
}
|
||||
}
|
||||
in := make([]reflect.Value, len(infos))
|
||||
@ -34,17 +33,17 @@ func IsContain(items []string, item string) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func Scan(info *common.HostInfo) {
|
||||
func Scan(info common.HostInfo) {
|
||||
Hosts,_ := common.ParseIP(info.Host,info.HostFile)
|
||||
if info.Isping == false{
|
||||
Hosts = ICMPRun(Hosts)
|
||||
}
|
||||
_,AlivePorts := TCPportScan(Hosts,info.Ports,"icmp",3) //return AliveHosts,AlivePorts
|
||||
var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"}
|
||||
var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
|
||||
for _,port:=range common.PORTList{
|
||||
severports = append(severports,strconv.Itoa(port))
|
||||
}
|
||||
severports1 := []string{"1521"}
|
||||
severports1 := []string{"1521"} //no scan these server
|
||||
var ch = make(chan int,info.Threads)
|
||||
var wg = sync.WaitGroup{}
|
||||
var scantype string
|
||||
@ -53,12 +52,11 @@ func Scan(info *common.HostInfo) {
|
||||
info.Host = scan_ip
|
||||
if info.Scantype == "all"{
|
||||
if IsContain(severports,scan_port){
|
||||
//scantype = scan_port
|
||||
AddScan(scan_port,info,ch,&wg)
|
||||
}else {
|
||||
if !IsContain(severports1,scan_port){
|
||||
info.Url = fmt.Sprintf("http://%s",targetIP)
|
||||
wg.Add(1)
|
||||
info.Ports = scan_port
|
||||
go WebTitle(info,ch,&wg) //go scan_func(PluginList,"WebTitle",info,ch,&wg)
|
||||
ch <- 1
|
||||
}
|
||||
@ -77,8 +75,9 @@ func Scan(info *common.HostInfo) {
|
||||
wg.Wait()
|
||||
}
|
||||
|
||||
func AddScan(scantype string,info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
func AddScan(scantype string,info common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
wg.Add(1)
|
||||
go scan_func(PluginList,scantype,info,ch,wg)
|
||||
if info.Scantype == "webtitle"{scantype = "1000003"}
|
||||
go scan_func(PluginList,scantype,&info,ch,wg)
|
||||
ch <- 1
|
||||
}
|
||||
@ -43,7 +43,6 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error
|
||||
}
|
||||
|
||||
session, err := smb.NewSession(options, false)
|
||||
//fmt.Println(err)
|
||||
if err == nil {
|
||||
defer session.Close()
|
||||
if session.IsAuthenticated {
|
||||
@ -57,7 +56,6 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error
|
||||
|
||||
func doWithTimeOut(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
ctx,cancel := context.WithTimeout(context.Background(),time.Duration(info.Timeout)*time.Second)
|
||||
//ctx,cancel := context.WithTimeout(context.Background(),1*time.Second)
|
||||
defer cancel()
|
||||
signal := make(chan int,1)
|
||||
go func() {
|
||||
|
||||
@ -10,18 +10,11 @@ import (
|
||||
"time"
|
||||
)
|
||||
func SshScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
|
||||
//SshConn(info,"oracle","oracle",ch,wg)
|
||||
Loop:
|
||||
for _,user:=range common.Userdict["ssh"]{
|
||||
for _,pass:=range common.Passwords{
|
||||
pass = strings.Replace(pass, "{user}", string(user), -1)
|
||||
//wg.Add(1)
|
||||
//var good bool
|
||||
//go SshConn(info,user,pass,ch,wg)
|
||||
//if good == true{
|
||||
// break Loop
|
||||
//}
|
||||
flag,err := SshConn(info,user,pass,ch,wg)
|
||||
pass = strings.Replace(pass, "{user}", user, -1)
|
||||
flag,err := SshConn(info,user,pass)
|
||||
if flag==true && err==nil {
|
||||
break Loop
|
||||
}
|
||||
@ -31,10 +24,9 @@ Loop:
|
||||
<- ch
|
||||
}
|
||||
|
||||
func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.WaitGroup)(flag bool,err error){
|
||||
func SshConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
|
||||
flag = false
|
||||
Host,Port,Username,Password := info.Host, common.PORTList["ssh"],user, pass
|
||||
//fmt.Println(Host,Port,Username,Password)
|
||||
config := &ssh.ClientConfig{
|
||||
User: Username,
|
||||
Auth: []ssh.AuthMethod{
|
||||
@ -50,7 +42,7 @@ func SshConn(info *common.HostInfo,user string,pass string,ch chan int,wg *sync.
|
||||
if err == nil {
|
||||
defer client.Close()
|
||||
session, err := client.NewSession()
|
||||
if err == nil { //if err == nil && errRet == nil {
|
||||
if err == nil {
|
||||
defer session.Close()
|
||||
flag = true
|
||||
if info.Command != ""{
|
||||
|
||||
@ -11,7 +11,8 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
|
||||
func WebTitle(info common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
|
||||
info.Url = fmt.Sprintf("http://%s:%s",info.Host,info.Ports)
|
||||
err,result = geturl(info)
|
||||
wg.Done()
|
||||
<-ch
|
||||
@ -19,7 +20,7 @@ func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error,
|
||||
}
|
||||
|
||||
|
||||
func geturl(info *common.HostInfo) (err error, result string) {
|
||||
func geturl(info common.HostInfo) (err error, result string) {
|
||||
url := info.Url
|
||||
var client = &http.Client{Timeout:time.Duration(info.Timeout)*time.Second }
|
||||
res,err:=http.NewRequest("GET",url,nil)
|
||||
@ -55,8 +56,6 @@ func geturl(info *common.HostInfo) (err error, result string) {
|
||||
}
|
||||
}
|
||||
return err, ""
|
||||
|
||||
//fmt.Print("\n")
|
||||
}
|
||||
//var client = &http.Client{
|
||||
// Transport:&http.Transport{
|
||||
|
||||
@ -25,10 +25,10 @@ var PORTList = map[string]int{
|
||||
"smb": 445,
|
||||
"ms17010": 1000001,
|
||||
"cve20200796":1000002,
|
||||
"webtitle": 1000003,
|
||||
"elastic": 9200,
|
||||
"findnet": 135,
|
||||
"all":0,
|
||||
//"wenscan": 17010,
|
||||
}
|
||||
|
||||
var Outputfile = "result.txt"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user