mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-14 05:12:36 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor: SSH模块重构

Browse Source
This commit is contained in:
ZacharyZcR 2024-12-18 15:19:53 +08:00
parent e15f8e8cc0
commit f35a259f11
1 changed files with 58 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
Plugins/ssh.go
View File

@ -1,7 +1,6 @@
package Plugins package Plugins
import ( import (
"errors"
"fmt" "fmt"
"github.com/shadow1ng/fscan/common" "github.com/shadow1ng/fscan/common"
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"
@ -11,28 +10,43 @@ import (
"time" "time"
) )
// SshScan 执行SSH服务的认证扫描
func SshScan(info *common.HostInfo) (tmperr error) { func SshScan(info *common.HostInfo) (tmperr error) {
if common.IsBrute { if common.IsBrute {
return return
} }
starttime := time.Now().Unix()
startTime := time.Now().Unix()
// 遍历用户名和密码字典进行认证尝试
for _, user := range common.Userdict["ssh"] { for _, user := range common.Userdict["ssh"] {
for _, pass := range common.Passwords { for _, pass := range common.Passwords {
// 替换密码中的用户名占位符
pass = strings.Replace(pass, "{user}", user, -1) pass = strings.Replace(pass, "{user}", user, -1)
flag, err := SshConn(info, user, pass)
if flag == true && err == nil { success, err := SshConn(info, user, pass)
if success && err == nil {
return err return err
} else {
errlog := fmt.Sprintf("[-] ssh %v:%v %v %v %v", info.Host, info.Ports, user, pass, err)
common.LogError(errlog)
tmperr = err
if common.CheckErrs(err) {
return err
}
if time.Now().Unix()-starttime > (int64(len(common.Userdict["ssh"])*len(common.Passwords)) * common.Timeout) {
return err
}
} }
// 记录失败信息
errlog := fmt.Sprintf("[x] SSH认证失败 %v:%v User:%v Pass:%v Err:%v",
info.Host, info.Ports, user, pass, err)
common.LogError(errlog)
tmperr = err
// 检查是否需要中断扫描
if common.CheckErrs(err) {
return err
}
// 检查是否超时
timeoutLimit := int64(len(common.Userdict["ssh"])*len(common.Passwords)) * common.Timeout
if time.Now().Unix()-startTime > timeoutLimit {
return err
}
// 如果指定了SSH密钥则不进行密码尝试
if common.SshKey != "" { if common.SshKey != "" {
return err return err
} }
@ -41,57 +55,68 @@ func SshScan(info *common.HostInfo) (tmperr error) {
return tmperr return tmperr
} }
// SshConn 尝试建立SSH连接并进行认证
func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err error) { func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false // 准备认证方法
Host, Port, Username, Password := info.Host, info.Ports, user, pass var auth []ssh.AuthMethod
var Auth []ssh.AuthMethod
if common.SshKey != "" { if common.SshKey != "" {
// 使用SSH密钥认证
pemBytes, err := ioutil.ReadFile(common.SshKey) pemBytes, err := ioutil.ReadFile(common.SshKey)
if err != nil { if err != nil {
return false, errors.New("read key failed" + err.Error()) return false, fmt.Errorf("读取密钥失败: %v", err)
} }
signer, err := ssh.ParsePrivateKey(pemBytes) signer, err := ssh.ParsePrivateKey(pemBytes)
if err != nil { if err != nil {
return false, errors.New("parse key failed" + err.Error()) return false, fmt.Errorf("解析密钥失败: %v", err)
} }
Auth = []ssh.AuthMethod{ssh.PublicKeys(signer)} auth = []ssh.AuthMethod{ssh.PublicKeys(signer)}
} else { } else {
Auth = []ssh.AuthMethod{ssh.Password(Password)} // 使用密码认证
auth = []ssh.AuthMethod{ssh.Password(pass)}
} }
// 配置SSH客户端
config := &ssh.ClientConfig{ config := &ssh.ClientConfig{
User: Username, User: user,
Auth: Auth, Auth: auth,
Timeout: time.Duration(common.Timeout) * time.Second, Timeout: time.Duration(common.Timeout) * time.Second,
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error { HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil return nil
}, },
} }
client, err := ssh.Dial("tcp", fmt.Sprintf("%v:%v", Host, Port), config) // 建立SSH连接
client, err := ssh.Dial("tcp", fmt.Sprintf("%v:%v", info.Host, info.Ports), config)
if err == nil { if err == nil {
defer client.Close() defer client.Close()
session, err := client.NewSession() session, err := client.NewSession()
if err == nil { if err == nil {
defer session.Close() defer session.Close()
flag = true flag = true
var result string
// 处理认证成功的情况
if common.Command != "" { if common.Command != "" {
combo, _ := session.CombinedOutput(common.Command) // 执行指定命令
result = fmt.Sprintf("[+] SSH %v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo)) output, _ := session.CombinedOutput(common.Command)
if common.SshKey != "" { if common.SshKey != "" {
result = fmt.Sprintf("[+] SSH %v:%v sshkey correct \n %v", Host, Port, string(combo)) common.LogSuccess(fmt.Sprintf("[✓] SSH密钥认证成功 %v:%v\n命令输出:\n%v",
info.Host, info.Ports, string(output)))
} else {
common.LogSuccess(fmt.Sprintf("[✓] SSH认证成功 %v:%v User:%v Pass:%v\n命令输出:\n%v",
info.Host, info.Ports, user, pass, string(output)))
} }
common.LogSuccess(result)
} else { } else {
result = fmt.Sprintf("[+] SSH %v:%v:%v %v", Host, Port, Username, Password) // 仅记录认证成功
if common.SshKey != "" { if common.SshKey != "" {
result = fmt.Sprintf("[+] SSH %v:%v sshkey correct", Host, Port) common.LogSuccess(fmt.Sprintf("[✓] SSH密钥认证成功 %v:%v",
info.Host, info.Ports))
} else {
common.LogSuccess(fmt.Sprintf("[✓] SSH认证成功 %v:%v User:%v Pass:%v",
info.Host, info.Ports, user, pass))
} }
common.LogSuccess(result)
} }
} }
} }
return flag, err return flag, err
} }