diff --git a/Common/Config.go b/Common/Config.go index 6b39511..6248286 100644 --- a/Common/Config.go +++ b/Common/Config.go @@ -876,9 +876,9 @@ var ( AddPasswords string // 原PassAdd // 扫描配置 - ScanMode string // 原Scantype - ThreadNum int // 原Threads - UseSynScan bool + ScanMode string // 原Scantype + ThreadNum int // 原Threads + //UseSynScan bool Timeout int64 = 3 LiveTop int DisablePing bool // 原NoPing diff --git a/Common/Flag.go b/Common/Flag.go index 2316bbd..d615d09 100644 --- a/Common/Flag.go +++ b/Common/Flag.go @@ -109,7 +109,7 @@ func Flag(Info *HostInfo) { " 服务类: ftp, ssh, telnet, smb, rdp, vnc, netbios\n"+ " 漏洞类: ms17010, smbghost, smb2\n"+ " 其他: findnet, wmiexec, localinfo") - flag.BoolVar(&UseSynScan, "sS", false, "使用SYN扫描替代TCP全连接扫描(需要root/管理员权限)") + //flag.BoolVar(&UseSynScan, "sS", false, "使用SYN扫描替代TCP全连接扫描(需要root/管理员权限)") flag.IntVar(&ThreadNum, "t", 60, "设置扫描线程数") flag.Int64Var(&Timeout, "time", 3, "设置连接超时时间(单位:秒)") flag.IntVar(&LiveTop, "top", 10, "仅显示指定数量的存活主机") diff --git a/Core/PortScan.go b/Core/PortScan.go index b47c448..79f4b6b 100644 --- a/Core/PortScan.go +++ b/Core/PortScan.go @@ -1,15 +1,9 @@ package Core import ( - "encoding/binary" "fmt" - "github.com/google/gopacket" - "github.com/google/gopacket/layers" - "github.com/google/gopacket/pcap" "github.com/shadow1ng/fscan/Common" - "golang.org/x/net/ipv4" "net" - "runtime" "sort" "strings" "sync" @@ -101,16 +95,12 @@ func PortConnect(addr Addr, results chan<- ScanResult, timeout int64, wg *sync.W var err error var conn net.Conn - if Common.UseSynScan { - isOpen, err = SynScan(addr.ip, addr.port, timeout) - } else { - conn, err = Common.WrapperTcpWithTimeout("tcp4", - fmt.Sprintf("%s:%v", addr.ip, addr.port), - time.Duration(timeout)*time.Second) - if err == nil { - defer conn.Close() - isOpen = true - } + conn, err = Common.WrapperTcpWithTimeout("tcp4", + fmt.Sprintf("%s:%v", addr.ip, addr.port), + time.Duration(timeout)*time.Second) + if err == nil { + defer conn.Close() + isOpen = true } if err != nil || !isOpen { @@ -209,163 +199,163 @@ func excludeNoPorts(ports []int) []int { return newPorts } -func SynScan(ip string, port int, timeout int64) (bool, error) { - ifName := getInterfaceName() - - sendConn, err := net.ListenPacket("ip4:tcp", "0.0.0.0") - if err != nil { - return false, fmt.Errorf("发送套接字错误: %v", err) - } - defer sendConn.Close() - - rawConn, err := ipv4.NewRawConn(sendConn) - if err != nil { - return false, fmt.Errorf("原始连接错误: %v", err) - } - - dstIP := net.ParseIP(ip) - if dstIP == nil { - return false, fmt.Errorf("IP地址无效: %s", ip) - } - - handle, err := pcap.OpenLive(ifName, 65536, true, pcap.BlockForever) - if err != nil { - ifaces, err := pcap.FindAllDevs() - if err != nil { - return false, fmt.Errorf("网络接口错误: %v", err) - } - - var found bool - for _, iface := range ifaces { - handle, err = pcap.OpenLive(iface.Name, 65536, true, pcap.BlockForever) - if err == nil { - found = true - break - } - } - - if !found { - return false, fmt.Errorf("未找到可用网络接口") - } - } - defer handle.Close() - - srcPort := 12345 + port - filter := fmt.Sprintf("tcp and src port %d and dst port %d", port, srcPort) - if err := handle.SetBPFFilter(filter); err != nil { - return false, fmt.Errorf("过滤器错误: %v", err) - } - - // TCP头部设置保持不变 - tcpHeader := &ipv4.Header{ - Version: 4, - Len: 20, - TotalLen: 40, - TTL: 64, - Protocol: 6, - Dst: dstIP, - } - - // SYN包构造保持不变 - synPacket := make([]byte, 20) - binary.BigEndian.PutUint16(synPacket[0:2], uint16(srcPort)) - binary.BigEndian.PutUint16(synPacket[2:4], uint16(port)) - binary.BigEndian.PutUint32(synPacket[4:8], uint32(1)) - binary.BigEndian.PutUint32(synPacket[8:12], uint32(0)) - synPacket[12] = 0x50 - synPacket[13] = 0x02 - binary.BigEndian.PutUint16(synPacket[14:16], uint16(8192)) - binary.BigEndian.PutUint16(synPacket[16:18], uint16(0)) - binary.BigEndian.PutUint16(synPacket[18:20], uint16(0)) - - checksum := calculateTCPChecksum(synPacket, tcpHeader.Src, tcpHeader.Dst) - binary.BigEndian.PutUint16(synPacket[16:18], checksum) - - if err := rawConn.WriteTo(tcpHeader, synPacket, nil); err != nil { - return false, fmt.Errorf("SYN包发送错误: %v", err) - } - - packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) - packetSource.DecodeOptions.Lazy = true - packetSource.NoCopy = true - - timeoutChan := time.After(time.Duration(timeout) * time.Second) - - for { - select { - case packet := <-packetSource.Packets(): - tcpLayer := packet.Layer(layers.LayerTypeTCP) - if tcpLayer == nil { - continue - } - - tcp, ok := tcpLayer.(*layers.TCP) - if !ok { - continue - } - - if tcp.SYN && tcp.ACK { - return true, nil - } - - if tcp.RST { - return false, nil - } - - case <-timeoutChan: - return false, nil - } - } -} - -// calculateTCPChecksum 计算TCP校验和 -func calculateTCPChecksum(tcpHeader []byte, srcIP, dstIP net.IP) uint16 { - // 创建伪首部 - pseudoHeader := make([]byte, 12) - copy(pseudoHeader[0:4], srcIP.To4()) - copy(pseudoHeader[4:8], dstIP.To4()) - pseudoHeader[8] = 0 - pseudoHeader[9] = 6 // TCP协议号 - pseudoHeader[10] = byte(len(tcpHeader) >> 8) - pseudoHeader[11] = byte(len(tcpHeader)) - - // 计算校验和 - var sum uint32 - - // 计算伪首部的校验和 - for i := 0; i < len(pseudoHeader)-1; i += 2 { - sum += uint32(pseudoHeader[i])<<8 | uint32(pseudoHeader[i+1]) - } - - // 计算TCP头的校验和 - for i := 0; i < len(tcpHeader)-1; i += 2 { - sum += uint32(tcpHeader[i])<<8 | uint32(tcpHeader[i+1]) - } - - // 如果长度为奇数,处理最后一个字节 - if len(tcpHeader)%2 == 1 { - sum += uint32(tcpHeader[len(tcpHeader)-1]) << 8 - } - - // 将高16位加到低16位 - for sum > 0xffff { - sum = (sum >> 16) + (sum & 0xffff) - } - - // 取反 - return ^uint16(sum) -} - -// 获取系统对应的接口名 -func getInterfaceName() string { - switch runtime.GOOS { - case "windows": - return "\\Device\\NPF_Loopback" - case "linux": - return "lo" - case "darwin": - return "lo0" - default: - return "lo" - } -} +//func SynScan(ip string, port int, timeout int64) (bool, error) { +// ifName := getInterfaceName() +// +// sendConn, err := net.ListenPacket("ip4:tcp", "0.0.0.0") +// if err != nil { +// return false, fmt.Errorf("发送套接字错误: %v", err) +// } +// defer sendConn.Close() +// +// rawConn, err := ipv4.NewRawConn(sendConn) +// if err != nil { +// return false, fmt.Errorf("原始连接错误: %v", err) +// } +// +// dstIP := net.ParseIP(ip) +// if dstIP == nil { +// return false, fmt.Errorf("IP地址无效: %s", ip) +// } +// +// handle, err := pcap.OpenLive(ifName, 65536, true, pcap.BlockForever) +// if err != nil { +// ifaces, err := pcap.FindAllDevs() +// if err != nil { +// return false, fmt.Errorf("网络接口错误: %v", err) +// } +// +// var found bool +// for _, iface := range ifaces { +// handle, err = pcap.OpenLive(iface.Name, 65536, true, pcap.BlockForever) +// if err == nil { +// found = true +// break +// } +// } +// +// if !found { +// return false, fmt.Errorf("未找到可用网络接口") +// } +// } +// defer handle.Close() +// +// srcPort := 12345 + port +// filter := fmt.Sprintf("tcp and src port %d and dst port %d", port, srcPort) +// if err := handle.SetBPFFilter(filter); err != nil { +// return false, fmt.Errorf("过滤器错误: %v", err) +// } +// +// // TCP头部设置保持不变 +// tcpHeader := &ipv4.Header{ +// Version: 4, +// Len: 20, +// TotalLen: 40, +// TTL: 64, +// Protocol: 6, +// Dst: dstIP, +// } +// +// // SYN包构造保持不变 +// synPacket := make([]byte, 20) +// binary.BigEndian.PutUint16(synPacket[0:2], uint16(srcPort)) +// binary.BigEndian.PutUint16(synPacket[2:4], uint16(port)) +// binary.BigEndian.PutUint32(synPacket[4:8], uint32(1)) +// binary.BigEndian.PutUint32(synPacket[8:12], uint32(0)) +// synPacket[12] = 0x50 +// synPacket[13] = 0x02 +// binary.BigEndian.PutUint16(synPacket[14:16], uint16(8192)) +// binary.BigEndian.PutUint16(synPacket[16:18], uint16(0)) +// binary.BigEndian.PutUint16(synPacket[18:20], uint16(0)) +// +// checksum := calculateTCPChecksum(synPacket, tcpHeader.Src, tcpHeader.Dst) +// binary.BigEndian.PutUint16(synPacket[16:18], checksum) +// +// if err := rawConn.WriteTo(tcpHeader, synPacket, nil); err != nil { +// return false, fmt.Errorf("SYN包发送错误: %v", err) +// } +// +// packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) +// packetSource.DecodeOptions.Lazy = true +// packetSource.NoCopy = true +// +// timeoutChan := time.After(time.Duration(timeout) * time.Second) +// +// for { +// select { +// case packet := <-packetSource.Packets(): +// tcpLayer := packet.Layer(layers.LayerTypeTCP) +// if tcpLayer == nil { +// continue +// } +// +// tcp, ok := tcpLayer.(*layers.TCP) +// if !ok { +// continue +// } +// +// if tcp.SYN && tcp.ACK { +// return true, nil +// } +// +// if tcp.RST { +// return false, nil +// } +// +// case <-timeoutChan: +// return false, nil +// } +// } +//} +// +//// calculateTCPChecksum 计算TCP校验和 +//func calculateTCPChecksum(tcpHeader []byte, srcIP, dstIP net.IP) uint16 { +// // 创建伪首部 +// pseudoHeader := make([]byte, 12) +// copy(pseudoHeader[0:4], srcIP.To4()) +// copy(pseudoHeader[4:8], dstIP.To4()) +// pseudoHeader[8] = 0 +// pseudoHeader[9] = 6 // TCP协议号 +// pseudoHeader[10] = byte(len(tcpHeader) >> 8) +// pseudoHeader[11] = byte(len(tcpHeader)) +// +// // 计算校验和 +// var sum uint32 +// +// // 计算伪首部的校验和 +// for i := 0; i < len(pseudoHeader)-1; i += 2 { +// sum += uint32(pseudoHeader[i])<<8 | uint32(pseudoHeader[i+1]) +// } +// +// // 计算TCP头的校验和 +// for i := 0; i < len(tcpHeader)-1; i += 2 { +// sum += uint32(tcpHeader[i])<<8 | uint32(tcpHeader[i+1]) +// } +// +// // 如果长度为奇数,处理最后一个字节 +// if len(tcpHeader)%2 == 1 { +// sum += uint32(tcpHeader[len(tcpHeader)-1]) << 8 +// } +// +// // 将高16位加到低16位 +// for sum > 0xffff { +// sum = (sum >> 16) + (sum & 0xffff) +// } +// +// // 取反 +// return ^uint16(sum) +//} +// +//// 获取系统对应的接口名 +//func getInterfaceName() string { +// switch runtime.GOOS { +// case "windows": +// return "\\Device\\NPF_Loopback" +// case "linux": +// return "lo" +// case "darwin": +// return "lo0" +// default: +// return "lo" +// } +//}