From ef2c20bf4e247421ff0ec5db87a8bcbe2be93c86 Mon Sep 17 00:00:00 2001 From: ZacharyZcR <2903735704@qq.com> Date: Fri, 20 Dec 2024 03:00:21 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0VNC=E6=89=AB=E6=8F=8F?= =?UTF-8?q?=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Core/Registry.go | 9 ++++-- Plugins/VNC.go | 81 ++++++++++++++++++++++++++++++++++++++++++++++++ go.mod | 1 + go.sum | 2 ++ 4 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 Plugins/VNC.go diff --git a/Core/Registry.go b/Core/Registry.go index daafa2a..b8bd4ff 100644 --- a/Core/Registry.go +++ b/Core/Registry.go @@ -15,7 +15,6 @@ func init() { Common.RegisterPlugin("ssh", Common.ScanPlugin{ Name: "SSH", - Port: 22, ScanFunc: Plugins.SshScan, }) @@ -67,6 +66,12 @@ func init() { ScanFunc: Plugins.PostgresScan, }) + Common.RegisterPlugin("vnc", Common.ScanPlugin{ + Name: "VNC", + Port: 5900, + ScanFunc: Plugins.VncScan, + }) + Common.RegisterPlugin("redis", Common.ScanPlugin{ Name: "Redis", Port: 6379, @@ -106,7 +111,6 @@ func init() { Common.RegisterPlugin("web", Common.ScanPlugin{ Name: "WebTitle", - Port: 0, ScanFunc: Plugins.WebTitle, }) @@ -124,7 +128,6 @@ func init() { Common.RegisterPlugin("localinfo", Common.ScanPlugin{ Name: "LocalInfo", - Port: 0, ScanFunc: Plugins.LocalInfoScan, }) } diff --git a/Plugins/VNC.go b/Plugins/VNC.go new file mode 100644 index 0000000..d1d7c20 --- /dev/null +++ b/Plugins/VNC.go @@ -0,0 +1,81 @@ +package Plugins + +import ( + "fmt" + "github.com/mitchellh/go-vnc" + "github.com/shadow1ng/fscan/Common" + "net" + "time" +) + +// VncScan 执行VNC服务扫描及密码尝试 +func VncScan(info *Common.HostInfo) (tmperr error) { + // 如果已开启暴力破解则直接返回 + if Common.IsBrute { + return + } + + modename := "vnc" + starttime := time.Now().Unix() + + // 遍历密码字典尝试连接 + for _, pass := range Common.Passwords { + flag, err := VncConn(info, pass) + + if flag && err == nil { + // 连接成功,记录结果 + result := fmt.Sprintf("[+] %s://%v:%v 密码: %v", modename, info.Host, info.Ports, pass) + Common.LogSuccess(result) + return err + } + + // 连接失败,记录错误信息 + errlog := fmt.Sprintf("[-] %s://%v:%v 尝试密码: %v 错误: %v", + modename, info.Host, info.Ports, pass, err) + Common.LogError(errlog) + tmperr = err + + // 检查是否需要中断扫描 + if Common.CheckErrs(err) { + return err + } + + // 检查是否超时 + if time.Now().Unix()-starttime > (int64(len(Common.Passwords)) * Common.Timeout) { + return fmt.Errorf("扫描超时") + } + } + return tmperr +} + +// VncConn 尝试建立VNC连接 +func VncConn(info *Common.HostInfo, pass string) (flag bool, err error) { + flag = false + Host, Port := info.Host, info.Ports + + // 建立TCP连接 + conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%s", Host, Port), + time.Duration(Common.Timeout)*time.Second) + if err != nil { + return + } + defer conn.Close() + + // 配置VNC客户端 + config := &vnc.ClientConfig{ + Auth: []vnc.ClientAuth{ + &vnc.PasswordAuth{ + Password: pass, + }, + }, + } + + // 尝试VNC认证 + client, err := vnc.Client(conn, config) + if err == nil { + defer client.Close() + flag = true + } + + return +} diff --git a/go.mod b/go.mod index 9322059..299f7da 100644 --- a/go.mod +++ b/go.mod @@ -38,6 +38,7 @@ require ( github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 // indirect github.com/mattn/go-colorable v0.0.9 // indirect github.com/mattn/go-isatty v0.0.3 // indirect + github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed // indirect github.com/stoewer/go-strcase v1.2.0 // indirect go.uber.org/atomic v1.5.0 // indirect go.uber.org/multierr v1.3.0 // indirect diff --git a/go.sum b/go.sum index fb9a058..4d252f1 100644 --- a/go.sum +++ b/go.sum @@ -168,6 +168,8 @@ github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceT github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed h1:FI2NIv6fpef6BQl2u3IZX/Cj20tfypRF4yd+uaHOMtI= +github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed/go.mod h1:3rdaFaCv4AyBgu5ALFM0+tSuHrBh6v692nyQe3ikrq0= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=