fscan/Plugins/ssh.go

package Plugins

import (
	"fmt"
	"github.com/shadow1ng/fscan/common"
	"golang.org/x/crypto/ssh"
	"net"
	"strings"
	"time"
)

func SshScan(info *common.HostInfo) (tmperr error) {
	starttime := time.Now().Unix()
	for _, user := range common.Userdict["ssh"] {
		for _, pass := range common.Passwords {
			pass = strings.Replace(pass, "{user}", user, -1)
			flag, err := SshConn(info, user, pass)
			if flag == true && err == nil {
				return err
			} else {
				errlog := fmt.Sprintf("[-] ssh %v:%v %v %v %v", info.Host, common.PORTList["ssh"], user, pass, err)
				common.LogError(errlog)
				tmperr = err
				if common.CheckErrs(err) {
					return err
				}
				if time.Now().Unix()-starttime > (int64(len(common.Userdict["ssh"])*len(common.Passwords)) * info.Timeout) {
					return err
				}
			}
		}
	}
	return tmperr
}

func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
	flag = false
	Host, Port, Username, Password := info.Host, common.PORTList["ssh"], user, pass
	config := &ssh.ClientConfig{
		User: Username,
		Auth: []ssh.AuthMethod{
			ssh.Password(Password),
		},
		Timeout: time.Duration(info.Timeout) * time.Second,
		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
			return nil
		},
	}

	client, err := ssh.Dial("tcp", fmt.Sprintf("%v:%v", Host, Port), config)
	if err == nil {
		defer client.Close()
		session, err := client.NewSession()
		if err == nil {
			defer session.Close()
			flag = true
			if info.Command != "" {
				combo, _ := session.CombinedOutput(info.Command)
				result := fmt.Sprintf("SSH:%v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo))
				common.LogSuccess(result)
			} else {
				result := fmt.Sprintf("[+] SSH:%v:%v:%v %v", Host, Port, Username, Password)
				common.LogSuccess(result)
			}
		}
	}
	return flag, err

}
commit message 2020-12-29 01:17:10 -08:00			`package Plugins`

			`import (`
			`"fmt"`
			`"github.com/shadow1ng/fscan/common"`
			`"golang.org/x/crypto/ssh"`
			`"net"`
			`"strings"`
			`"time"`
			`)`

			`func SshScan(info *common.HostInfo) (tmperr error) {`
修改线程处理机制 2021-03-30 03:12:54 -07:00			`starttime := time.Now().Unix()`
commit message 2020-12-29 01:17:10 -08:00			`for _, user := range common.Userdict["ssh"] {`
			`for _, pass := range common.Passwords {`
			`pass = strings.Replace(pass, "{user}", user, -1)`
			`flag, err := SshConn(info, user, pass)`
			`if flag == true && err == nil {`
			`return err`
			`} else {`
修改线程处理机制 2021-03-30 03:12:54 -07:00			`errlog := fmt.Sprintf("[-] ssh %v:%v %v %v %v", info.Host, common.PORTList["ssh"], user, pass, err)`
修改icmp发包模式,更适合大规模探测。修改报错提示,--debug时,如果10秒内没有LogSuccess的消息,每隔10秒就会打印一下当前进度 2021-02-04 22:43:07 -08:00			`common.LogError(errlog)`
commit message 2020-12-29 01:17:10 -08:00			`tmperr = err`
修改线程处理机制 2021-03-30 03:12:54 -07:00			`if common.CheckErrs(err) {`
			`return err`
			`}`
修改线程处理机制 2021-03-30 07:30:16 -07:00			`if time.Now().Unix()-starttime > (int64(len(common.Userdict["ssh"])len(common.Passwords)) info.Timeout) {`
修改线程处理机制 2021-03-30 03:12:54 -07:00			`return err`
			`}`
commit message 2020-12-29 01:17:10 -08:00			`}`
			`}`
			`}`
			`return tmperr`
			`}`

			`func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {`
			`flag = false`
			`Host, Port, Username, Password := info.Host, common.PORTList["ssh"], user, pass`
			`config := &ssh.ClientConfig{`
			`User: Username,`
			`Auth: []ssh.AuthMethod{`
			`ssh.Password(Password),`
			`},`
			`Timeout: time.Duration(info.Timeout) * time.Second,`
			`HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {`
			`return nil`
			`},`
			`}`

			`client, err := ssh.Dial("tcp", fmt.Sprintf("%v:%v", Host, Port), config)`
			`if err == nil {`
			`defer client.Close()`
			`session, err := client.NewSession()`
			`if err == nil {`
			`defer session.Close()`
			`flag = true`
			`if info.Command != "" {`
			`combo, _ := session.CombinedOutput(info.Command)`
			`result := fmt.Sprintf("SSH:%v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo))`
			`common.LogSuccess(result)`
			`} else {`
			`result := fmt.Sprintf("[+] SSH:%v:%v:%v %v", Host, Port, Username, Password)`
			`common.LogSuccess(result)`
			`}`
			`}`
			`}`
			`return flag, err`

			`}`