添加vnc漏洞未授权扫描和爆破，修复go-vnc bug

Plugins/base.go

@@ -19,6 +19,7 @@ var PluginList = map[string]interface{}{
 	"3306":    MysqlScan,
 	"3389":    RdpScan,
 	"5432":    PostgresScan,
+	"5900":    VncScan,
 	"6379":    RedisScan,
 	"9000":    FcgiScan,
 	"11211":   MemcachedScan,

Plugins/vnc.go

@@ -0,0 +1,86 @@
+package Plugins
+
+import (
+	"fmt"
+	"github.com/Run0nceEx/go-vnc"
+	"github.com/shadow1ng/fscan/common"
+	"net"
+	"time"
+)
+
+// VncScan 扫描 VNC 服务
+func VncScan(info *common.HostInfo) (flag bool, err error) {
+	if common.IsBrute {
+		return false, nil
+	}
+
+	flag = false
+	Host, Port := info.Host, info.Ports
+	addr := fmt.Sprintf("%s:%s", Host, Port)
+
+	// 建立 TCP 连接
+	conn, err := net.DialTimeout("tcp", addr, 3*time.Second)
+	//设置连接超时防止过长等待
+	err = conn.SetDeadline(time.Now().Add(5 * time.Second))
+	if err != nil {
+		return false, fmt.Errorf("无法连接到 %v: %v", addr, err)
+	}
+	defer conn.Close()
+
+	// 无认证测试
+	config := &vnc.ClientConfig{
+		Auth: []vnc.ClientAuth{
+			new(vnc.ClientAuthNone),
+		},
+	}
+
+	client, err := vnc.Client(conn, config)
+
+	if err == nil {
+		// 无需认证即可访问
+		result := fmt.Sprintf("[+] VNC unauthenticated access successful: %v:%v", Host, Port)
+		common.LogSuccess(result)
+		defer client.Close()
+		return true, nil
+	}
+
+	// 如果无认证失败，进行密码爆破
+	for _, pass := range common.Passwords {
+		conn, err := net.DialTimeout("tcp", addr, 5*time.Second)
+		if err != nil {
+			continue // 如果无法重连，跳过此密码
+		}
+		defer conn.Close()
+
+		config := &vnc.ClientConfig{
+			Auth: []vnc.ClientAuth{
+				&vnc.PasswordAuth{
+					Password: pass,
+				},
+			},
+		}
+
+		client, err := vnc.Client(conn, config)
+
+		if err == nil {
+			// 密码验证成功
+			result := fmt.Sprintf("[+] VNC password verification successful: %v:%v, password: %v", Host, Port, pass)
+			common.LogSuccess(result)
+			err := client.Close()
+			if err != nil {
+				return false, err
+			}
+			return true, nil
+		} else {
+			if "security handshake failed: Either the username was not recognised, or the password was incorrect" != err.Error() {
+				err := client.Close()
+				if err != nil {
+					return false, err
+				}
+			}
+		}
+	}
+
+	// 如果无认证和密码爆破都失败
+	return false, nil
+}

common/config.go

@@ -25,6 +25,7 @@ var PORTList = map[string]int{
 	"mysql":       3306,
 	"rdp":         3389,
 	"psql":        5432,
+	"vnc":         5900,
 	"redis":       6379,
 	"fcgi":        9000,
 	"mem":         11211,
@@ -52,6 +53,7 @@ var PortGroup = map[string]string{
 	"mysql":       "3306",
 	"rdp":         "3389",
 	"psql":        "5432",
+	"vnc":         "5900",
 	"redis":       "6379",
 	"fcgi":        "9000",
 	"mem":         "11211",

go.mod

@@ -4,6 +4,7 @@ go 1.19
 
 require (
 	github.com/C-Sto/goWMIExec v0.0.1-deva.0.20210704154847-b8ebd6464a06
+	github.com/Run0nceEx/go-vnc v0.0.0-20241202154954-fb59a61ca735
 	github.com/denisenkom/go-mssqldb v0.12.3
 	github.com/fatih/color v1.7.0
 	github.com/go-sql-driver/mysql v1.8.1

go.sum

@@ -20,6 +20,8 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/Run0nceEx/go-vnc v0.0.0-20241202154954-fb59a61ca735 h1:NlON1hW+R8xLUukzWMVbfYhuMLEnFzGHujOF/eY1U+Q=
+github.com/Run0nceEx/go-vnc v0.0.0-20241202154954-fb59a61ca735/go.mod h1:ADwAYIJnQSfPRASouAkAOBd7oSV7hfkbCVs2gexegQo=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=