mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-14 05:12:36 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

perf: 优化本地扫描

Browse Source
This commit is contained in:
ZacharyZcR 2025-02-07 12:08:06 +08:00
parent 102d100c25
commit bcb326dbef
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Plugins/LocalInfo.go
View File

@ -10,17 +10,19 @@ import (
) )
var ( var (
// 文件扫描黑名单,跳过这些类型和目录
blacklist = []string{ blacklist = []string{
".exe", ".dll", ".png", ".jpg", ".bmp", ".xml", ".bin", ".exe", ".dll", ".png", ".jpg", ".bmp", ".xml", ".bin",
".dat", ".manifest", "locale", "winsxs", "windows\\sys", ".dat", ".manifest", "locale", "winsxs", "windows\\sys",
} }
// 敏感文件关键词白名单
whitelist = []string{ whitelist = []string{
"密码", "账号", "账户", "配置", "服务器", "密码", "账号", "账户", "配置", "服务器",
"数据库", "备忘", "常用", "通讯录", "数据库", "备忘", "常用", "通讯录",
} }
// Linux系统关键配置文件 // Linux系统关键配置文件路径
linuxSystemPaths = []string{ linuxSystemPaths = []string{
// Apache配置 // Apache配置
"/etc/apache/httpd.conf", "/etc/apache/httpd.conf",
@ -79,7 +81,7 @@ var (
"/root/.mysql_history", "/root/.mysql_history",
} }
// Windows系统关键配置文件 // Windows系统关键配置文件路径
windowsSystemPaths = []string{ windowsSystemPaths = []string{
"C:\\boot.ini", "C:\\boot.ini",
"C:\\windows\\systems32\\inetsrv\\MetaBase.xml", "C:\\windows\\systems32\\inetsrv\\MetaBase.xml",
@ -88,25 +90,28 @@ var (
} }
) )
// LocalInfoScan 本地信息收集主函数
func LocalInfoScan(info *Common.HostInfo) (err error) { func LocalInfoScan(info *Common.HostInfo) (err error) {
fmt.Println("LocalInfo扫描模块开始...") Common.LogInfo("开始本地信息收集...")
// 获取用户主目录
home, err := os.UserHomeDir() home, err := os.UserHomeDir()
if err != nil { if err != nil {
errlog := fmt.Sprintf("Get UserHomeDir error: %v", err) Common.LogError(fmt.Sprintf("获取用户主目录失败: %v", err))
Common.LogError(errlog)
return err return err
} }
// 扫描固定位置 // 扫描固定位置的敏感文件
scanFixedLocations(home) scanFixedLocations(home)
// 规则搜索 // 根据规则搜索敏感文件
searchSensitiveFiles() searchSensitiveFiles()
fmt.Println("LocalInfo扫描模块结束...") Common.LogInfo("本地信息收集完成")
return nil return nil
} }
// scanFixedLocations 扫描固定位置的敏感文件
func scanFixedLocations(home string) { func scanFixedLocations(home string) {
var paths []string var paths []string
@ -146,13 +151,14 @@ func scanFixedLocations(home string) {
} }
} }
// checkAndLogFile 检查并记录敏感文件
func checkAndLogFile(path string) { func checkAndLogFile(path string) {
if _, err := os.Stat(path); err == nil { if _, err := os.Stat(path); err == nil {
result := fmt.Sprintf("Found sensitive file: %s", path) Common.LogSuccess(fmt.Sprintf("发现敏感文件: %s", path))
Common.LogSuccess(result)
} }
} }
// searchSensitiveFiles 搜索敏感文件
func searchSensitiveFiles() { func searchSensitiveFiles() {
var searchPaths []string var searchPaths []string
@ -202,8 +208,7 @@ func searchSensitiveFiles() {
for _, white := range whitelist { for _, white := range whitelist {
fileName := strings.ToLower(info.Name()) fileName := strings.ToLower(info.Name())
if strings.Contains(fileName, white) { if strings.Contains(fileName, white) {
result := fmt.Sprintf("Found potential sensitive file: %s", path) Common.LogSuccess(fmt.Sprintf("发现潜在敏感文件: %s", path))
Common.LogSuccess(result)
break break
} }
} }