diff --git a/Common/Flag.go b/Common/Flag.go index bdbf244..505dd79 100644 --- a/Common/Flag.go +++ b/Common/Flag.go @@ -2,7 +2,6 @@ package Common import ( "flag" - "github.com/shadow1ng/fscan/Config" ) func Banner() { @@ -17,7 +16,7 @@ func Banner() { print(banner) } -func Flag(Info *Config.HostInfo) { +func Flag(Info *HostInfo) { Banner() // 目标配置 diff --git a/Common/Parse.go b/Common/Parse.go index 114a3df..1dab7f6 100644 --- a/Common/Parse.go +++ b/Common/Parse.go @@ -5,14 +5,13 @@ import ( "encoding/hex" "flag" "fmt" - "github.com/shadow1ng/fscan/Config" "net/url" "os" "strconv" "strings" ) -func Parse(Info *Config.HostInfo) { +func Parse(Info *HostInfo) { ParseUser() ParsePass(Info) ParseInput(Info) @@ -63,7 +62,7 @@ func ParseUser() error { } // ParsePass 解析密码、哈希值、URL和端口配置 -func ParsePass(Info *Config.HostInfo) error { +func ParsePass(Info *HostInfo) error { // 处理直接指定的密码列表 var pwdList []string if Password != "" { @@ -204,7 +203,7 @@ func Readfile(filename string) ([]string, error) { } // ParseInput 解析和验证输入参数配置 -func ParseInput(Info *Config.HostInfo) error { +func ParseInput(Info *HostInfo) error { // 检查必要的目标参数 if Info.Host == "" && HostFile == "" && URL == "" && UrlFile == "" { fmt.Println("[!] 未指定扫描目标") @@ -321,7 +320,7 @@ func ParseInput(Info *Config.HostInfo) error { } // ParseScantype 解析扫描类型并设置对应的端口 -func ParseScantype(Info *Config.HostInfo) error { +func ParseScantype(Info *HostInfo) error { // 先处理特殊扫描类型 specialTypes := map[string]string{ "hostname": "135,137,139,445", @@ -344,7 +343,7 @@ func ParseScantype(Info *Config.HostInfo) error { } // 检查是否是注册的插件类型 - plugin, validType := Config.PluginManager[Scantype] + plugin, validType := PluginManager[Scantype] if !validType { showmode() return fmt.Errorf("无效的扫描类型: %s", Scantype) @@ -368,7 +367,7 @@ func showmode() { // 显示常规服务扫描类型 fmt.Println("\n[+] 常规服务扫描:") - for name, plugin := range Config.PluginManager { + for name, plugin := range PluginManager { if plugin.Port > 0 && plugin.Port < 1000000 { fmt.Printf(" - %-10s (端口: %d)\n", name, plugin.Port) } @@ -376,7 +375,7 @@ func showmode() { // 显示特殊漏洞扫描类型 fmt.Println("\n[+] 特殊漏洞扫描:") - for name, plugin := range Config.PluginManager { + for name, plugin := range PluginManager { if plugin.Port >= 1000000 || plugin.Port == 0 { fmt.Printf(" - %-10s\n", name) } diff --git a/Config/Types.go b/Common/Types.go similarity index 97% rename from Config/Types.go rename to Common/Types.go index aa6a420..948e744 100644 --- a/Config/Types.go +++ b/Common/Types.go @@ -1,5 +1,5 @@ // Config/types.go -package Config +package Common type HostInfo struct { Host string diff --git a/Core/Registry.go b/Core/Registry.go index cae17c8..daafa2a 100644 --- a/Core/Registry.go +++ b/Core/Registry.go @@ -1,128 +1,128 @@ package Core import ( - "github.com/shadow1ng/fscan/Config" + "github.com/shadow1ng/fscan/Common" "github.com/shadow1ng/fscan/Plugins" ) func init() { // 注册标准端口服务扫描 - Config.RegisterPlugin("ftp", Config.ScanPlugin{ + Common.RegisterPlugin("ftp", Common.ScanPlugin{ Name: "FTP", Port: 21, ScanFunc: Plugins.FtpScan, }) - Config.RegisterPlugin("ssh", Config.ScanPlugin{ + Common.RegisterPlugin("ssh", Common.ScanPlugin{ Name: "SSH", Port: 22, ScanFunc: Plugins.SshScan, }) - Config.RegisterPlugin("findnet", Config.ScanPlugin{ + Common.RegisterPlugin("findnet", Common.ScanPlugin{ Name: "FindNet", Port: 135, ScanFunc: Plugins.Findnet, }) - Config.RegisterPlugin("netbios", Config.ScanPlugin{ + Common.RegisterPlugin("netbios", Common.ScanPlugin{ Name: "NetBIOS", Port: 139, ScanFunc: Plugins.NetBIOS, }) - Config.RegisterPlugin("smb", Config.ScanPlugin{ + Common.RegisterPlugin("smb", Common.ScanPlugin{ Name: "SMB", Port: 445, ScanFunc: Plugins.SmbScan, }) - Config.RegisterPlugin("mssql", Config.ScanPlugin{ + Common.RegisterPlugin("mssql", Common.ScanPlugin{ Name: "MSSQL", Port: 1433, ScanFunc: Plugins.MssqlScan, }) - Config.RegisterPlugin("oracle", Config.ScanPlugin{ + Common.RegisterPlugin("oracle", Common.ScanPlugin{ Name: "Oracle", Port: 1521, ScanFunc: Plugins.OracleScan, }) - Config.RegisterPlugin("mysql", Config.ScanPlugin{ + Common.RegisterPlugin("mysql", Common.ScanPlugin{ Name: "MySQL", Port: 3306, ScanFunc: Plugins.MysqlScan, }) - Config.RegisterPlugin("rdp", Config.ScanPlugin{ + Common.RegisterPlugin("rdp", Common.ScanPlugin{ Name: "RDP", Port: 3389, ScanFunc: Plugins.RdpScan, }) - Config.RegisterPlugin("postgres", Config.ScanPlugin{ + Common.RegisterPlugin("postgres", Common.ScanPlugin{ Name: "PostgreSQL", Port: 5432, ScanFunc: Plugins.PostgresScan, }) - Config.RegisterPlugin("redis", Config.ScanPlugin{ + Common.RegisterPlugin("redis", Common.ScanPlugin{ Name: "Redis", Port: 6379, ScanFunc: Plugins.RedisScan, }) - Config.RegisterPlugin("fcgi", Config.ScanPlugin{ + Common.RegisterPlugin("fcgi", Common.ScanPlugin{ Name: "FastCGI", Port: 9000, ScanFunc: Plugins.FcgiScan, }) - Config.RegisterPlugin("memcached", Config.ScanPlugin{ + Common.RegisterPlugin("memcached", Common.ScanPlugin{ Name: "Memcached", Port: 11211, ScanFunc: Plugins.MemcachedScan, }) - Config.RegisterPlugin("mongodb", Config.ScanPlugin{ + Common.RegisterPlugin("mongodb", Common.ScanPlugin{ Name: "MongoDB", Port: 27017, ScanFunc: Plugins.MongodbScan, }) // 注册特殊扫描类型 - Config.RegisterPlugin("ms17010", Config.ScanPlugin{ + Common.RegisterPlugin("ms17010", Common.ScanPlugin{ Name: "MS17010", Port: 445, ScanFunc: Plugins.MS17010, }) - Config.RegisterPlugin("smbghost", Config.ScanPlugin{ + Common.RegisterPlugin("smbghost", Common.ScanPlugin{ Name: "SMBGhost", Port: 445, ScanFunc: Plugins.SmbGhost, }) - Config.RegisterPlugin("web", Config.ScanPlugin{ + Common.RegisterPlugin("web", Common.ScanPlugin{ Name: "WebTitle", Port: 0, ScanFunc: Plugins.WebTitle, }) - Config.RegisterPlugin("smb2", Config.ScanPlugin{ + Common.RegisterPlugin("smb2", Common.ScanPlugin{ Name: "SMBScan2", Port: 445, ScanFunc: Plugins.SmbScan2, }) - Config.RegisterPlugin("wmiexec", Config.ScanPlugin{ + Common.RegisterPlugin("wmiexec", Common.ScanPlugin{ Name: "WMIExec", Port: 135, ScanFunc: Plugins.WmiExec, }) - Config.RegisterPlugin("localinfo", Config.ScanPlugin{ + Common.RegisterPlugin("localinfo", Common.ScanPlugin{ Name: "LocalInfo", Port: 0, ScanFunc: Plugins.LocalInfoScan, diff --git a/Core/Scanner.go b/Core/Scanner.go index 9f97564..5267860 100644 --- a/Core/Scanner.go +++ b/Core/Scanner.go @@ -3,14 +3,13 @@ package Core import ( "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "github.com/shadow1ng/fscan/WebScan/lib" "strconv" "strings" "sync" ) -func Scan(info Config.HostInfo) { +func Scan(info Common.HostInfo) { fmt.Println("[*] 开始信息扫描...") // 本地信息收集模块 @@ -110,7 +109,7 @@ func executeScanStrategy(Hosts []string, scanType string) []string { } // executeScanTasks 执行扫描任务 -func executeScanTasks(info Config.HostInfo, scanType string, ch *chan struct{}, wg *sync.WaitGroup) { +func executeScanTasks(info Common.HostInfo, scanType string, ch *chan struct{}, wg *sync.WaitGroup) { if scanType == "all" || scanType == "main" { // 根据端口选择扫描插件 switch info.Ports { @@ -126,7 +125,7 @@ func executeScanTasks(info Config.HostInfo, scanType string, ch *chan struct{}, AddScan("fcgi", info, ch, wg) default: // 查找对应端口的插件 - for name, plugin := range Config.PluginManager { + for name, plugin := range Common.PluginManager { if strconv.Itoa(plugin.Port) == info.Ports { AddScan(name, info, ch, wg) return @@ -145,7 +144,7 @@ func executeScanTasks(info Config.HostInfo, scanType string, ch *chan struct{}, var Mutex = &sync.Mutex{} // AddScan 添加扫描任务到并发队列 -func AddScan(scantype string, info Config.HostInfo, ch *chan struct{}, wg *sync.WaitGroup) { +func AddScan(scantype string, info Common.HostInfo, ch *chan struct{}, wg *sync.WaitGroup) { // 获取信号量,控制并发数 *ch <- struct{}{} // 添加等待组计数 @@ -174,7 +173,7 @@ func AddScan(scantype string, info Config.HostInfo, ch *chan struct{}, wg *sync. } // ScanFunc 执行扫描插件 -func ScanFunc(name *string, info *Config.HostInfo) { +func ScanFunc(name *string, info *Common.HostInfo) { defer func() { if err := recover(); err != nil { fmt.Printf("[!] 扫描错误 %v:%v - %v\n", info.Host, info.Ports, err) @@ -182,7 +181,7 @@ func ScanFunc(name *string, info *Config.HostInfo) { }() // 检查插件是否存在 - plugin, exists := Config.PluginManager[*name] + plugin, exists := Common.PluginManager[*name] if !exists { fmt.Printf("[*] 扫描类型 %v 无对应插件,已跳过\n", *name) return diff --git a/Plugins/FTP.go b/Plugins/FTP.go index 905a7e9..a13dc66 100644 --- a/Plugins/FTP.go +++ b/Plugins/FTP.go @@ -4,13 +4,12 @@ import ( "fmt" "github.com/jlaffaye/ftp" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "strings" "time" ) // FtpScan 执行FTP服务扫描 -func FtpScan(info *Config.HostInfo) (tmperr error) { +func FtpScan(info *Common.HostInfo) (tmperr error) { // 如果已开启暴力破解则直接返回 if Common.IsBrute { return @@ -62,7 +61,7 @@ func FtpScan(info *Config.HostInfo) (tmperr error) { } // FtpConn 建立FTP连接并尝试登录 -func FtpConn(info *Config.HostInfo, user string, pass string) (flag bool, err error) { +func FtpConn(info *Common.HostInfo, user string, pass string) (flag bool, err error) { Host, Port, Username, Password := info.Host, info.Ports, user, pass // 建立FTP连接 diff --git a/Plugins/FcgiScan.go b/Plugins/FcgiScan.go index 28b0e85..90165f1 100644 --- a/Plugins/FcgiScan.go +++ b/Plugins/FcgiScan.go @@ -7,7 +7,6 @@ import ( "errors" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "io" "strconv" "strings" @@ -20,7 +19,7 @@ import ( //https://github.com/wofeiwo/webcgi-exploits // FcgiScan 执行FastCGI服务器漏洞扫描 -func FcgiScan(info *Config.HostInfo) error { +func FcgiScan(info *Common.HostInfo) error { // 如果设置了暴力破解模式则跳过 if Common.IsBrute { return nil diff --git a/Plugins/FindNet.go b/Plugins/FindNet.go index 1743bb6..63f8190 100644 --- a/Plugins/FindNet.go +++ b/Plugins/FindNet.go @@ -5,7 +5,6 @@ import ( "encoding/hex" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "strconv" "strings" "time" @@ -19,13 +18,13 @@ var ( ) // Findnet 探测Windows网络主机信息的入口函数 -func Findnet(info *Config.HostInfo) error { +func Findnet(info *Common.HostInfo) error { fmt.Println("[+] FindNet扫描模块开始...") return FindnetScan(info) } // FindnetScan 通过RPC协议扫描网络主机信息 -func FindnetScan(info *Config.HostInfo) error { +func FindnetScan(info *Common.HostInfo) error { // 连接目标RPC端口 target := fmt.Sprintf("%s:%v", info.Host, 135) conn, err := Common.WrapperTcpWithTimeout("tcp", target, time.Duration(Common.Timeout)*time.Second) diff --git a/Plugins/LocalInfo.go b/Plugins/LocalInfo.go index 285dab1..9e57df8 100644 --- a/Plugins/LocalInfo.go +++ b/Plugins/LocalInfo.go @@ -3,7 +3,6 @@ package Plugins import ( "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "os" "path/filepath" "runtime" @@ -89,7 +88,7 @@ var ( } ) -func LocalInfoScan(info *Config.HostInfo) (err error) { +func LocalInfoScan(info *Common.HostInfo) (err error) { fmt.Println("[+] LocalInfo扫描模块开始...") home, err := os.UserHomeDir() if err != nil { diff --git a/Plugins/MS17010-Exp.go b/Plugins/MS17010-Exp.go index f537271..c88d384 100644 --- a/Plugins/MS17010-Exp.go +++ b/Plugins/MS17010-Exp.go @@ -6,7 +6,6 @@ import ( "encoding/hex" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "io" "io/ioutil" "net" @@ -15,7 +14,7 @@ import ( ) // MS17010EXP 执行MS17-010漏洞利用 -func MS17010EXP(info *Config.HostInfo) { +func MS17010EXP(info *Common.HostInfo) { address := info.Host + ":445" var sc string diff --git a/Plugins/MS17010.go b/Plugins/MS17010.go index 8c9713b..d80b15c 100644 --- a/Plugins/MS17010.go +++ b/Plugins/MS17010.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "log" "strings" "time" @@ -83,7 +82,7 @@ func init() { } // MS17010 扫描入口函数 -func MS17010(info *Config.HostInfo) error { +func MS17010(info *Common.HostInfo) error { // 暴力破解模式下跳过扫描 if Common.IsBrute { return nil @@ -100,7 +99,7 @@ func MS17010(info *Config.HostInfo) error { } // MS17010Scan 执行MS17-010漏洞扫描 -func MS17010Scan(info *Config.HostInfo) error { +func MS17010Scan(info *Common.HostInfo) error { ip := info.Host // 连接目标445端口 diff --git a/Plugins/MSSQL.go b/Plugins/MSSQL.go index 0aa4f00..4df1e36 100644 --- a/Plugins/MSSQL.go +++ b/Plugins/MSSQL.go @@ -5,13 +5,12 @@ import ( "fmt" _ "github.com/denisenkom/go-mssqldb" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "strings" "time" ) // MssqlScan 执行MSSQL服务扫描 -func MssqlScan(info *Config.HostInfo) (tmperr error) { +func MssqlScan(info *Common.HostInfo) (tmperr error) { if Common.IsBrute { return } @@ -50,7 +49,7 @@ func MssqlScan(info *Config.HostInfo) (tmperr error) { } // MssqlConn 尝试MSSQL连接 -func MssqlConn(info *Config.HostInfo, user string, pass string) (bool, error) { +func MssqlConn(info *Common.HostInfo, user string, pass string) (bool, error) { host, port, username, password := info.Host, info.Ports, user, pass timeout := time.Duration(Common.Timeout) * time.Second diff --git a/Plugins/Memcached.go b/Plugins/Memcached.go index ba285ba..76a8f17 100644 --- a/Plugins/Memcached.go +++ b/Plugins/Memcached.go @@ -3,13 +3,12 @@ package Plugins import ( "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "strings" "time" ) // MemcachedScan 检测Memcached未授权访问 -func MemcachedScan(info *Config.HostInfo) error { +func MemcachedScan(info *Common.HostInfo) error { fmt.Println("[+] Memcached扫描模块开始...") realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) timeout := time.Duration(Common.Timeout) * time.Second diff --git a/Plugins/Mongodb.go b/Plugins/Mongodb.go index cc1e378..95b3ba4 100644 --- a/Plugins/Mongodb.go +++ b/Plugins/Mongodb.go @@ -3,13 +3,12 @@ package Plugins import ( "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "strings" "time" ) // MongodbScan 执行MongoDB未授权扫描 -func MongodbScan(info *Config.HostInfo) error { +func MongodbScan(info *Common.HostInfo) error { if Common.IsBrute { return nil } @@ -25,7 +24,7 @@ func MongodbScan(info *Config.HostInfo) error { } // MongodbUnauth 检测MongoDB未授权访问 -func MongodbUnauth(info *Config.HostInfo) (bool, error) { +func MongodbUnauth(info *Common.HostInfo) (bool, error) { // MongoDB查询数据包 msgPacket := createOpMsgPacket() queryPacket := createOpQueryPacket() diff --git a/Plugins/MySQL.go b/Plugins/MySQL.go index 4703045..17334e8 100644 --- a/Plugins/MySQL.go +++ b/Plugins/MySQL.go @@ -5,13 +5,12 @@ import ( "fmt" _ "github.com/go-sql-driver/mysql" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "strings" "time" ) // MysqlScan 执行MySQL服务扫描 -func MysqlScan(info *Config.HostInfo) (tmperr error) { +func MysqlScan(info *Common.HostInfo) (tmperr error) { if Common.IsBrute { return } @@ -50,7 +49,7 @@ func MysqlScan(info *Config.HostInfo) (tmperr error) { } // MysqlConn 尝试MySQL连接 -func MysqlConn(info *Config.HostInfo, user string, pass string) (bool, error) { +func MysqlConn(info *Common.HostInfo, user string, pass string) (bool, error) { host, port, username, password := info.Host, info.Ports, user, pass timeout := time.Duration(Common.Timeout) * time.Second diff --git a/Plugins/NetBIOS.go b/Plugins/NetBIOS.go index e96d827..2d8a0ed 100644 --- a/Plugins/NetBIOS.go +++ b/Plugins/NetBIOS.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "gopkg.in/yaml.v3" "net" "strconv" @@ -15,7 +14,7 @@ import ( var errNetBIOS = errors.New("netbios error") -func NetBIOS(info *Config.HostInfo) error { +func NetBIOS(info *Common.HostInfo) error { fmt.Println("[+] NetBIOS扫描模块开始...") netbios, _ := NetBIOS1(info) output := netbios.String() @@ -28,7 +27,7 @@ func NetBIOS(info *Config.HostInfo) error { return errNetBIOS } -func NetBIOS1(info *Config.HostInfo) (netbios NetBiosInfo, err error) { +func NetBIOS1(info *Common.HostInfo) (netbios NetBiosInfo, err error) { netbios, err = GetNbnsname(info) var payload0 []byte if netbios.ServerService != "" || netbios.WorkstationService != "" { @@ -87,7 +86,7 @@ func NetBIOS1(info *Config.HostInfo) (netbios NetBiosInfo, err error) { return } -func GetNbnsname(info *Config.HostInfo) (netbios NetBiosInfo, err error) { +func GetNbnsname(info *Common.HostInfo) (netbios NetBiosInfo, err error) { senddata1 := []byte{102, 102, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 32, 67, 75, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 0, 0, 33, 0, 1} //senddata1 := []byte("ff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01") realhost := fmt.Sprintf("%s:137", info.Host) diff --git a/Plugins/Oracle.go b/Plugins/Oracle.go index b628fa1..2d98a60 100644 --- a/Plugins/Oracle.go +++ b/Plugins/Oracle.go @@ -4,14 +4,13 @@ import ( "database/sql" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" _ "github.com/sijms/go-ora/v2" "strings" "time" ) // OracleScan 执行Oracle服务扫描 -func OracleScan(info *Config.HostInfo) (tmperr error) { +func OracleScan(info *Common.HostInfo) (tmperr error) { if Common.IsBrute { return } @@ -50,7 +49,7 @@ func OracleScan(info *Config.HostInfo) (tmperr error) { } // OracleConn 尝试Oracle连接 -func OracleConn(info *Config.HostInfo, user string, pass string) (bool, error) { +func OracleConn(info *Common.HostInfo, user string, pass string) (bool, error) { host, port, username, password := info.Host, info.Ports, user, pass timeout := time.Duration(Common.Timeout) * time.Second diff --git a/Plugins/Postgres.go b/Plugins/Postgres.go index 12058c5..33b1314 100644 --- a/Plugins/Postgres.go +++ b/Plugins/Postgres.go @@ -5,13 +5,12 @@ import ( "fmt" _ "github.com/lib/pq" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "strings" "time" ) // PostgresScan 执行PostgreSQL服务扫描 -func PostgresScan(info *Config.HostInfo) (tmperr error) { +func PostgresScan(info *Common.HostInfo) (tmperr error) { if Common.IsBrute { return } @@ -50,7 +49,7 @@ func PostgresScan(info *Config.HostInfo) (tmperr error) { } // PostgresConn 尝试PostgreSQL连接 -func PostgresConn(info *Config.HostInfo, user string, pass string) (bool, error) { +func PostgresConn(info *Common.HostInfo, user string, pass string) (bool, error) { host, port, username, password := info.Host, info.Ports, user, pass timeout := time.Duration(Common.Timeout) * time.Second diff --git a/Plugins/RDP.go b/Plugins/RDP.go index 4fe1812..9763705 100644 --- a/Plugins/RDP.go +++ b/Plugins/RDP.go @@ -4,7 +4,6 @@ import ( "errors" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "github.com/tomatome/grdp/core" "github.com/tomatome/grdp/glog" "github.com/tomatome/grdp/protocol/nla" @@ -30,7 +29,7 @@ type Brutelist struct { } // RdpScan 执行RDP服务扫描 -func RdpScan(info *Config.HostInfo) (tmperr error) { +func RdpScan(info *Common.HostInfo) (tmperr error) { if Common.IsBrute { return } diff --git a/Plugins/Redis.go b/Plugins/Redis.go index 27d912a..7dfd978 100644 --- a/Plugins/Redis.go +++ b/Plugins/Redis.go @@ -4,7 +4,6 @@ import ( "bufio" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "io" "net" "os" @@ -18,7 +17,7 @@ var ( ) // RedisScan 执行Redis服务扫描 -func RedisScan(info *Config.HostInfo) (tmperr error) { +func RedisScan(info *Common.HostInfo) (tmperr error) { fmt.Println("[+] Redis扫描模块开始...") starttime := time.Now().Unix() @@ -60,7 +59,7 @@ func RedisScan(info *Config.HostInfo) (tmperr error) { } // RedisConn 尝试Redis连接 -func RedisConn(info *Config.HostInfo, pass string) (bool, error) { +func RedisConn(info *Common.HostInfo, pass string) (bool, error) { realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) // 建立TCP连接 @@ -108,7 +107,7 @@ func RedisConn(info *Config.HostInfo, pass string) (bool, error) { } // RedisUnauth 尝试Redis未授权访问检测 -func RedisUnauth(info *Config.HostInfo) (flag bool, err error) { +func RedisUnauth(info *Common.HostInfo) (flag bool, err error) { flag = false realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports) diff --git a/Plugins/SMB.go b/Plugins/SMB.go index a7b115b..8f9f351 100644 --- a/Plugins/SMB.go +++ b/Plugins/SMB.go @@ -4,14 +4,13 @@ import ( "errors" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "github.com/stacktitan/smb/smb" "strings" "time" ) // SmbScan 执行SMB服务的认证扫描 -func SmbScan(info *Config.HostInfo) (tmperr error) { +func SmbScan(info *Common.HostInfo) (tmperr error) { // 如果未启用暴力破解则直接返回 if Common.IsBrute { return nil @@ -67,7 +66,7 @@ func SmbScan(info *Config.HostInfo) (tmperr error) { } // SmblConn 尝试建立SMB连接并进行认证 -func SmblConn(info *Config.HostInfo, user string, pass string, signal chan struct{}) (flag bool, err error) { +func SmblConn(info *Common.HostInfo, user string, pass string, signal chan struct{}) (flag bool, err error) { flag = false // 配置SMB连接选项 @@ -95,7 +94,7 @@ func SmblConn(info *Config.HostInfo, user string, pass string, signal chan struc } // doWithTimeOut 执行带超时的SMB连接认证 -func doWithTimeOut(info *Config.HostInfo, user string, pass string) (flag bool, err error) { +func doWithTimeOut(info *Common.HostInfo, user string, pass string) (flag bool, err error) { signal := make(chan struct{}) // 在goroutine中执行SMB连接 diff --git a/Plugins/SMB2.go b/Plugins/SMB2.go index aca01be..3bfcd29 100644 --- a/Plugins/SMB2.go +++ b/Plugins/SMB2.go @@ -3,7 +3,6 @@ package Plugins import ( "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "net" "os" "strings" @@ -13,7 +12,7 @@ import ( ) // SmbScan2 执行SMB2服务的认证扫描,支持密码和哈希两种认证方式 -func SmbScan2(info *Config.HostInfo) (tmperr error) { +func SmbScan2(info *Common.HostInfo) (tmperr error) { // 如果未启用暴力破解则直接返回 if Common.IsBrute { @@ -34,7 +33,7 @@ func SmbScan2(info *Config.HostInfo) (tmperr error) { } // smbHashScan 使用哈希进行认证扫描 -func smbHashScan(info *Config.HostInfo, hasprint bool, startTime int64) error { +func smbHashScan(info *Common.HostInfo, hasprint bool, startTime int64) error { for _, user := range Common.Userdict["smb"] { for _, hash := range Common.HashBytes { success, err, printed := Smb2Con(info, user, "", hash, hasprint) @@ -63,7 +62,7 @@ func smbHashScan(info *Config.HostInfo, hasprint bool, startTime int64) error { } // smbPasswordScan 使用密码进行认证扫描 -func smbPasswordScan(info *Config.HostInfo, hasprint bool, startTime int64) error { +func smbPasswordScan(info *Common.HostInfo, hasprint bool, startTime int64) error { for _, user := range Common.Userdict["smb"] { for _, pass := range Common.Passwords { pass = strings.ReplaceAll(pass, "{user}", user) @@ -93,7 +92,7 @@ func smbPasswordScan(info *Config.HostInfo, hasprint bool, startTime int64) erro } // logSuccessfulAuth 记录成功的认证 -func logSuccessfulAuth(info *Config.HostInfo, user, pass string, hash []byte) { +func logSuccessfulAuth(info *Common.HostInfo, user, pass string, hash []byte) { var result string if Common.Domain != "" { result = fmt.Sprintf("[✓] SMB2认证成功 %v:%v Domain:%v\\%v ", @@ -112,7 +111,7 @@ func logSuccessfulAuth(info *Config.HostInfo, user, pass string, hash []byte) { } // logFailedAuth 记录失败的认证 -func logFailedAuth(info *Config.HostInfo, user, pass string, hash []byte, err error) { +func logFailedAuth(info *Common.HostInfo, user, pass string, hash []byte, err error) { var errlog string if len(hash) > 0 { errlog = fmt.Sprintf("[x] SMB2认证失败 %v:%v User:%v Hash:%v Err:%v", @@ -139,7 +138,7 @@ func shouldStopScan(err error, startTime int64, totalAttempts int) bool { } // Smb2Con 尝试SMB2连接并进行认证,检查共享访问权限 -func Smb2Con(info *Config.HostInfo, user string, pass string, hash []byte, hasprint bool) (flag bool, err error, flag2 bool) { +func Smb2Con(info *Common.HostInfo, user string, pass string, hash []byte, hasprint bool) (flag bool, err error, flag2 bool) { // 建立TCP连接 conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:445", info.Host), time.Duration(Common.Timeout)*time.Second) @@ -202,7 +201,7 @@ func Smb2Con(info *Config.HostInfo, user string, pass string, hash []byte, haspr } // logShareInfo 记录SMB共享信息 -func logShareInfo(info *Config.HostInfo, user string, pass string, hash []byte, shares []string) { +func logShareInfo(info *Common.HostInfo, user string, pass string, hash []byte, shares []string) { var result string // 构建基础信息 diff --git a/Plugins/SSH.go b/Plugins/SSH.go index 37ef053..6a6d319 100644 --- a/Plugins/SSH.go +++ b/Plugins/SSH.go @@ -3,7 +3,6 @@ package Plugins import ( "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "golang.org/x/crypto/ssh" "io/ioutil" "net" @@ -12,7 +11,7 @@ import ( ) // SshScan 执行SSH服务的认证扫描 -func SshScan(info *Config.HostInfo) (tmperr error) { +func SshScan(info *Common.HostInfo) (tmperr error) { if Common.IsBrute { return } @@ -59,7 +58,7 @@ func SshScan(info *Config.HostInfo) (tmperr error) { } // SshConn 尝试建立SSH连接并进行认证 -func SshConn(info *Config.HostInfo, user string, pass string) (flag bool, err error) { +func SshConn(info *Common.HostInfo, user string, pass string) (flag bool, err error) { // 准备认证方法 var auth []ssh.AuthMethod if Common.SshKey != "" { diff --git a/Plugins/SmbGhost.go b/Plugins/SmbGhost.go index ccc6603..bffdc8e 100644 --- a/Plugins/SmbGhost.go +++ b/Plugins/SmbGhost.go @@ -3,7 +3,6 @@ package Plugins import ( "bytes" "fmt" - "github.com/shadow1ng/fscan/Config" "time" "github.com/shadow1ng/fscan/Common" @@ -96,7 +95,7 @@ const ( ) // SmbGhost 检测SMB Ghost漏洞(CVE-2020-0796)的入口函数 -func SmbGhost(info *Config.HostInfo) error { +func SmbGhost(info *Common.HostInfo) error { // 如果开启了暴力破解模式,跳过该检测 if Common.IsBrute { return nil @@ -110,7 +109,7 @@ func SmbGhost(info *Config.HostInfo) error { } // SmbGhostScan 执行具体的SMB Ghost漏洞检测逻辑 -func SmbGhostScan(info *Config.HostInfo) error { +func SmbGhostScan(info *Common.HostInfo) error { // 设置扫描参数 ip := info.Host port := 445 // SMB服务默认端口 diff --git a/Plugins/WMIExec.go b/Plugins/WMIExec.go index cb31323..625355c 100644 --- a/Plugins/WMIExec.go +++ b/Plugins/WMIExec.go @@ -4,7 +4,6 @@ import ( "errors" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "os" "strings" "time" @@ -33,7 +32,7 @@ func init() { } // WmiExec 执行WMI远程命令 -func WmiExec(info *Config.HostInfo) (tmperr error) { +func WmiExec(info *Common.HostInfo) (tmperr error) { // 如果是暴力破解模式则跳过 if Common.IsBrute { return nil @@ -98,7 +97,7 @@ func WmiExec(info *Config.HostInfo) (tmperr error) { } // Wmiexec 包装WMI执行函数 -func Wmiexec(info *Config.HostInfo, user string, pass string, hash string) (flag bool, err error) { +func Wmiexec(info *Common.HostInfo, user string, pass string, hash string) (flag bool, err error) { target := fmt.Sprintf("%s:%v", info.Host, info.Ports) wmiexec.Timeout = int(Common.Timeout) return WMIExec(target, user, pass, hash, Common.Domain, Common.Command, ClientHost, "", nil) diff --git a/Plugins/WebTitle.go b/Plugins/WebTitle.go index 9e8d4f5..59eb76c 100644 --- a/Plugins/WebTitle.go +++ b/Plugins/WebTitle.go @@ -4,7 +4,6 @@ import ( "compress/gzip" "crypto/tls" "fmt" - "github.com/shadow1ng/fscan/Config" "io" "net/http" "net/url" @@ -20,7 +19,7 @@ import ( ) // WebTitle 获取Web标题并执行扫描 -func WebTitle(info *Config.HostInfo) error { +func WebTitle(info *Common.HostInfo) error { // 如果是webpoc扫描模式,直接执行WebScan if Common.Scantype == "webpoc" { WebScan.WebScan(info) @@ -52,7 +51,7 @@ func WebTitle(info *Config.HostInfo) error { } // GOWebTitle 获取网站标题并处理URL -func GOWebTitle(info *Config.HostInfo) (err error, CheckData []WebScan.CheckDatas) { +func GOWebTitle(info *Common.HostInfo) (err error, CheckData []WebScan.CheckDatas) { // 如果URL未指定,根据端口生成URL if info.Url == "" { switch info.Ports { @@ -120,7 +119,7 @@ func GOWebTitle(info *Config.HostInfo) (err error, CheckData []WebScan.CheckData // - error: 错误信息 // - string: 重定向URL或协议 // - []WebScan.CheckDatas: 更新后的检查数据 -func geturl(info *Config.HostInfo, flag int, CheckData []WebScan.CheckDatas) (error, string, []WebScan.CheckDatas) { +func geturl(info *Common.HostInfo, flag int, CheckData []WebScan.CheckDatas) (error, string, []WebScan.CheckDatas) { // 处理目标URL Url := info.Url if flag == 2 { diff --git a/Plugins/fcgiscan.go b/Plugins/fcgiscan.go index 28b0e85..90165f1 100644 --- a/Plugins/fcgiscan.go +++ b/Plugins/fcgiscan.go @@ -7,7 +7,6 @@ import ( "errors" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "io" "strconv" "strings" @@ -20,7 +19,7 @@ import ( //https://github.com/wofeiwo/webcgi-exploits // FcgiScan 执行FastCGI服务器漏洞扫描 -func FcgiScan(info *Config.HostInfo) error { +func FcgiScan(info *Common.HostInfo) error { // 如果设置了暴力破解模式则跳过 if Common.IsBrute { return nil diff --git a/WebScan/WebScan.go b/WebScan/WebScan.go index 28ddba7..a28fced 100644 --- a/WebScan/WebScan.go +++ b/WebScan/WebScan.go @@ -4,7 +4,6 @@ import ( "embed" "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "github.com/shadow1ng/fscan/WebScan/lib" "net/http" "os" @@ -19,7 +18,7 @@ var once sync.Once var AllPocs []*lib.Poc // WebScan 执行Web漏洞扫描 -func WebScan(info *Config.HostInfo) { +func WebScan(info *Common.HostInfo) { // 确保POC只初始化一次 once.Do(initpoc) diff --git a/main.go b/main.go index 5d95fbb..f2c5bce 100644 --- a/main.go +++ b/main.go @@ -3,14 +3,13 @@ package main import ( "fmt" "github.com/shadow1ng/fscan/Common" - "github.com/shadow1ng/fscan/Config" "github.com/shadow1ng/fscan/Core" "time" ) func main() { start := time.Now() - var Info Config.HostInfo + var Info Common.HostInfo Common.Flag(&Info) Common.Parse(&Info) Core.Scan(Info)