mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 21:02:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 去掉不完善的SYN扫描

Browse Source
This commit is contained in:
ZacharyZcR 2025-01-14 13:06:24 +08:00
parent a245934cf2
commit c6c613a17b
3 changed files with 170 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Common/Config.go
View File

@ -876,9 +876,9 @@ var (
AddPasswords string // 原PassAdd AddPasswords string // 原PassAdd
// 扫描配置 // 扫描配置
ScanMode string // 原Scantype ScanMode string // 原Scantype
ThreadNum int // 原Threads ThreadNum int // 原Threads
UseSynScan bool //UseSynScan bool
Timeout int64 = 3 Timeout int64 = 3
LiveTop int LiveTop int
DisablePing bool // 原NoPing DisablePing bool // 原NoPing

2
Common/Flag.go
View File

@ -109,7 +109,7 @@ func Flag(Info *HostInfo) {
" 服务类: ftp, ssh, telnet, smb, rdp, vnc, netbios\n"+ " 服务类: ftp, ssh, telnet, smb, rdp, vnc, netbios\n"+
" 漏洞类: ms17010, smbghost, smb2\n"+ " 漏洞类: ms17010, smbghost, smb2\n"+
" 其他: findnet, wmiexec, localinfo") " 其他: findnet, wmiexec, localinfo")
flag.BoolVar(&UseSynScan, "sS", false, "使用SYN扫描替代TCP全连接扫描(需要root/管理员权限)") //flag.BoolVar(&UseSynScan, "sS", false, "使用SYN扫描替代TCP全连接扫描(需要root/管理员权限)")
flag.IntVar(&ThreadNum, "t", 60, "设置扫描线程数") flag.IntVar(&ThreadNum, "t", 60, "设置扫描线程数")
flag.Int64Var(&Timeout, "time", 3, "设置连接超时时间(单位:秒)") flag.Int64Var(&Timeout, "time", 3, "设置连接超时时间(单位:秒)")
flag.IntVar(&LiveTop, "top", 10, "仅显示指定数量的存活主机") flag.IntVar(&LiveTop, "top", 10, "仅显示指定数量的存活主机")

342
Core/PortScan.go
View File

@ -1,15 +1,9 @@
package Core package Core
import ( import (
"encoding/binary"
"fmt" "fmt"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"github.com/shadow1ng/fscan/Common" "github.com/shadow1ng/fscan/Common"
"golang.org/x/net/ipv4"
"net" "net"
"runtime"
"sort" "sort"
"strings" "strings"
"sync" "sync"
@ -101,16 +95,12 @@ func PortConnect(addr Addr, results chan<- ScanResult, timeout int64, wg *sync.W
var err error var err error
var conn net.Conn var conn net.Conn
if Common.UseSynScan { conn, err = Common.WrapperTcpWithTimeout("tcp4",
isOpen, err = SynScan(addr.ip, addr.port, timeout) fmt.Sprintf("%s:%v", addr.ip, addr.port),
} else { time.Duration(timeout)*time.Second)
conn, err = Common.WrapperTcpWithTimeout("tcp4", if err == nil {
fmt.Sprintf("%s:%v", addr.ip, addr.port), defer conn.Close()
time.Duration(timeout)*time.Second) isOpen = true
if err == nil {
defer conn.Close()
isOpen = true
}
} }
if err != nil || !isOpen { if err != nil || !isOpen {
@ -209,163 +199,163 @@ func excludeNoPorts(ports []int) []int {
return newPorts return newPorts
} }
func SynScan(ip string, port int, timeout int64) (bool, error) { //func SynScan(ip string, port int, timeout int64) (bool, error) {
ifName := getInterfaceName() // ifName := getInterfaceName()
//
sendConn, err := net.ListenPacket("ip4:tcp", "0.0.0.0") // sendConn, err := net.ListenPacket("ip4:tcp", "0.0.0.0")
if err != nil { // if err != nil {
return false, fmt.Errorf("发送套接字错误: %v", err) // return false, fmt.Errorf("发送套接字错误: %v", err)
} // }
defer sendConn.Close() // defer sendConn.Close()
//
rawConn, err := ipv4.NewRawConn(sendConn) // rawConn, err := ipv4.NewRawConn(sendConn)
if err != nil { // if err != nil {
return false, fmt.Errorf("原始连接错误: %v", err) // return false, fmt.Errorf("原始连接错误: %v", err)
} // }
//
dstIP := net.ParseIP(ip) // dstIP := net.ParseIP(ip)
if dstIP == nil { // if dstIP == nil {
return false, fmt.Errorf("IP地址无效: %s", ip) // return false, fmt.Errorf("IP地址无效: %s", ip)
} // }
//
handle, err := pcap.OpenLive(ifName, 65536, true, pcap.BlockForever) // handle, err := pcap.OpenLive(ifName, 65536, true, pcap.BlockForever)
if err != nil { // if err != nil {
ifaces, err := pcap.FindAllDevs() // ifaces, err := pcap.FindAllDevs()
if err != nil { // if err != nil {
return false, fmt.Errorf("网络接口错误: %v", err) // return false, fmt.Errorf("网络接口错误: %v", err)
} // }
//
var found bool // var found bool
for _, iface := range ifaces { // for _, iface := range ifaces {
handle, err = pcap.OpenLive(iface.Name, 65536, true, pcap.BlockForever) // handle, err = pcap.OpenLive(iface.Name, 65536, true, pcap.BlockForever)
if err == nil { // if err == nil {
found = true // found = true
break // break
} // }
} // }
//
if !found { // if !found {
return false, fmt.Errorf("未找到可用网络接口") // return false, fmt.Errorf("未找到可用网络接口")
} // }
} // }
defer handle.Close() // defer handle.Close()
//
srcPort := 12345 + port // srcPort := 12345 + port
filter := fmt.Sprintf("tcp and src port %d and dst port %d", port, srcPort) // filter := fmt.Sprintf("tcp and src port %d and dst port %d", port, srcPort)
if err := handle.SetBPFFilter(filter); err != nil { // if err := handle.SetBPFFilter(filter); err != nil {
return false, fmt.Errorf("过滤器错误: %v", err) // return false, fmt.Errorf("过滤器错误: %v", err)
} // }
//
// TCP头部设置保持不变 // // TCP头部设置保持不变
tcpHeader := &ipv4.Header{ // tcpHeader := &ipv4.Header{
Version: 4, // Version: 4,
Len: 20, // Len: 20,
TotalLen: 40, // TotalLen: 40,
TTL: 64, // TTL: 64,
Protocol: 6, // Protocol: 6,
Dst: dstIP, // Dst: dstIP,
} // }
//
// SYN包构造保持不变 // // SYN包构造保持不变
synPacket := make([]byte, 20) // synPacket := make([]byte, 20)
binary.BigEndian.PutUint16(synPacket[0:2], uint16(srcPort)) // binary.BigEndian.PutUint16(synPacket[0:2], uint16(srcPort))
binary.BigEndian.PutUint16(synPacket[2:4], uint16(port)) // binary.BigEndian.PutUint16(synPacket[2:4], uint16(port))
binary.BigEndian.PutUint32(synPacket[4:8], uint32(1)) // binary.BigEndian.PutUint32(synPacket[4:8], uint32(1))
binary.BigEndian.PutUint32(synPacket[8:12], uint32(0)) // binary.BigEndian.PutUint32(synPacket[8:12], uint32(0))
synPacket[12] = 0x50 // synPacket[12] = 0x50
synPacket[13] = 0x02 // synPacket[13] = 0x02
binary.BigEndian.PutUint16(synPacket[14:16], uint16(8192)) // binary.BigEndian.PutUint16(synPacket[14:16], uint16(8192))
binary.BigEndian.PutUint16(synPacket[16:18], uint16(0)) // binary.BigEndian.PutUint16(synPacket[16:18], uint16(0))
binary.BigEndian.PutUint16(synPacket[18:20], uint16(0)) // binary.BigEndian.PutUint16(synPacket[18:20], uint16(0))
//
checksum := calculateTCPChecksum(synPacket, tcpHeader.Src, tcpHeader.Dst) // checksum := calculateTCPChecksum(synPacket, tcpHeader.Src, tcpHeader.Dst)
binary.BigEndian.PutUint16(synPacket[16:18], checksum) // binary.BigEndian.PutUint16(synPacket[16:18], checksum)
//
if err := rawConn.WriteTo(tcpHeader, synPacket, nil); err != nil { // if err := rawConn.WriteTo(tcpHeader, synPacket, nil); err != nil {
return false, fmt.Errorf("SYN包发送错误: %v", err) // return false, fmt.Errorf("SYN包发送错误: %v", err)
} // }
//
packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) // packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
packetSource.DecodeOptions.Lazy = true // packetSource.DecodeOptions.Lazy = true
packetSource.NoCopy = true // packetSource.NoCopy = true
//
timeoutChan := time.After(time.Duration(timeout) * time.Second) // timeoutChan := time.After(time.Duration(timeout) * time.Second)
//
for { // for {
select { // select {
case packet := <-packetSource.Packets(): // case packet := <-packetSource.Packets():
tcpLayer := packet.Layer(layers.LayerTypeTCP) // tcpLayer := packet.Layer(layers.LayerTypeTCP)
if tcpLayer == nil { // if tcpLayer == nil {
continue // continue
} // }
//
tcp, ok := tcpLayer.(*layers.TCP) // tcp, ok := tcpLayer.(*layers.TCP)
if !ok { // if !ok {
continue // continue
} // }
//
if tcp.SYN && tcp.ACK { // if tcp.SYN && tcp.ACK {
return true, nil // return true, nil
} // }
//
if tcp.RST { // if tcp.RST {
return false, nil // return false, nil
} // }
//
case <-timeoutChan: // case <-timeoutChan:
return false, nil // return false, nil
} // }
} // }
} //}
//
// calculateTCPChecksum 计算TCP校验和 //// calculateTCPChecksum 计算TCP校验和
func calculateTCPChecksum(tcpHeader []byte, srcIP, dstIP net.IP) uint16 { //func calculateTCPChecksum(tcpHeader []byte, srcIP, dstIP net.IP) uint16 {
// 创建伪首部 // // 创建伪首部
pseudoHeader := make([]byte, 12) // pseudoHeader := make([]byte, 12)
copy(pseudoHeader[0:4], srcIP.To4()) // copy(pseudoHeader[0:4], srcIP.To4())
copy(pseudoHeader[4:8], dstIP.To4()) // copy(pseudoHeader[4:8], dstIP.To4())
pseudoHeader[8] = 0 // pseudoHeader[8] = 0
pseudoHeader[9] = 6 // TCP协议号 // pseudoHeader[9] = 6 // TCP协议号
pseudoHeader[10] = byte(len(tcpHeader) >> 8) // pseudoHeader[10] = byte(len(tcpHeader) >> 8)
pseudoHeader[11] = byte(len(tcpHeader)) // pseudoHeader[11] = byte(len(tcpHeader))
//
// 计算校验和 // // 计算校验和
var sum uint32 // var sum uint32
//
// 计算伪首部的校验和 // // 计算伪首部的校验和
for i := 0; i < len(pseudoHeader)-1; i += 2 { // for i := 0; i < len(pseudoHeader)-1; i += 2 {
sum += uint32(pseudoHeader[i])<<8 | uint32(pseudoHeader[i+1]) // sum += uint32(pseudoHeader[i])<<8 | uint32(pseudoHeader[i+1])
} // }
//
// 计算TCP头的校验和 // // 计算TCP头的校验和
for i := 0; i < len(tcpHeader)-1; i += 2 { // for i := 0; i < len(tcpHeader)-1; i += 2 {
sum += uint32(tcpHeader[i])<<8 | uint32(tcpHeader[i+1]) // sum += uint32(tcpHeader[i])<<8 | uint32(tcpHeader[i+1])
} // }
//
// 如果长度为奇数,处理最后一个字节 // // 如果长度为奇数,处理最后一个字节
if len(tcpHeader)%2 == 1 { // if len(tcpHeader)%2 == 1 {
sum += uint32(tcpHeader[len(tcpHeader)-1]) << 8 // sum += uint32(tcpHeader[len(tcpHeader)-1]) << 8
} // }
//
// 将高16位加到低16位 // // 将高16位加到低16位
for sum > 0xffff { // for sum > 0xffff {
sum = (sum >> 16) + (sum & 0xffff) // sum = (sum >> 16) + (sum & 0xffff)
} // }
//
// 取反 // // 取反
return ^uint16(sum) // return ^uint16(sum)
} //}
//
// 获取系统对应的接口名 //// 获取系统对应的接口名
func getInterfaceName() string { //func getInterfaceName() string {
switch runtime.GOOS { // switch runtime.GOOS {
case "windows": // case "windows":
return "\\Device\\NPF_Loopback" // return "\\Device\\NPF_Loopback"
case "linux": // case "linux":
return "lo" // return "lo"
case "darwin": // case "darwin":
return "lo0" // return "lo0"
default: // default:
return "lo" // return "lo"
} // }
} //}