From 6ce60284bc4baf70da9e0a1d364ce100bd6a51ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BD=B1=E8=88=9E=E8=80=85?= Date: Fri, 7 Jan 2022 13:38:38 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9ELiveTop=E5=8A=9F=E8=83=BD,?= =?UTF-8?q?=E6=A3=80=E6=B5=8B=E5=AD=98=E6=B4=BB=E6=97=B6,=E9=BB=98?= =?UTF-8?q?=E8=AE=A4=E4=BC=9A=E8=BE=93=E5=87=BAtop10=E7=9A=84b=E3=80=81c?= =?UTF-8?q?=E6=AE=B5ip=E5=AD=98=E6=B4=BB=E6=95=B0=E9=87=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Plugins/icmp.go | 69 ++++++++++++++++++++++++++++++++++++++++++---- Plugins/scanner.go | 8 ++++-- README.md | 3 ++ common/config.go | 2 ++ common/flag.go | 3 +- 5 files changed, 76 insertions(+), 9 deletions(-) diff --git a/Plugins/icmp.go b/Plugins/icmp.go index 540ac98..dcceb8d 100644 --- a/Plugins/icmp.go +++ b/Plugins/icmp.go @@ -20,7 +20,7 @@ var ( livewg sync.WaitGroup ) -func ICMPRun(hostslist []string, Ping bool) []string { +func CheckLive(hostslist []string, Ping bool) []string { chanHosts := make(chan string, len(hostslist)) go func() { for ip := range chanHosts { @@ -28,9 +28,9 @@ func ICMPRun(hostslist []string, Ping bool) []string { ExistHosts[ip] = struct{}{} if common.Silent == false { if Ping == false { - fmt.Printf("(icmp) Target '%s' is alive\n", ip) + fmt.Printf("(icmp) Target %-15s is alive\n", ip) } else { - fmt.Printf("(ping) Target '%s' is alive\n", ip) + fmt.Printf("(ping) Target %-15s is alive\n", ip) } } AliveHosts = append(AliveHosts, ip) @@ -50,9 +50,10 @@ func ICMPRun(hostslist []string, Ping bool) []string { } else { common.LogError(err) //尝试无监听icmp探测 + fmt.Println("trying RunIcmp2") conn, err := net.DialTimeout("ip4:icmp", "127.0.0.1", 3*time.Second) defer func() { - if conn != nil{ + if conn != nil { conn.Close() } }() @@ -70,6 +71,18 @@ func ICMPRun(hostslist []string, Ping bool) []string { livewg.Wait() close(chanHosts) + if common.IsIPRange { + arrTop, arrLen := ArrayCountValueTop(AliveHosts, common.LiveTop, true) + for i := 0; i < len(arrTop); i++ { + output := fmt.Sprintf("[*] LiveTop %-16s 段存活数量为: %d", arrTop[i]+".0.0/16", arrLen[i]) + common.LogSuccess(output) + } + } + arrTop, arrLen := ArrayCountValueTop(AliveHosts, common.LiveTop, false) + for i := 0; i < len(arrTop); i++ { + output := fmt.Sprintf("[*] LiveTop %-16s 段存活数量为: %d", arrTop[i]+".0/24", arrLen[i]) + common.LogSuccess(output) + } return AliveHosts } @@ -143,7 +156,7 @@ func icmpalive(host string) bool { startTime := time.Now() conn, err := net.DialTimeout("ip4:icmp", host, 6*time.Second) defer func() { - if conn != nil{ + if conn != nil { conn.Close() } }() @@ -253,3 +266,49 @@ func genSequence(v int16) (byte, byte) { func genIdentifier(host string) (byte, byte) { return host[0], host[1] } + +func ArrayCountValueTop(arrInit []string, length int, flag bool) (arrTop []string, arrLen []int) { + if len(arrInit) == 0 { + return + } + arrMap1 := make(map[string]int) + arrMap2 := make(map[string]int) + for _, value := range arrInit { + line := strings.Split(value, ".") + if len(line) == 4 { + if flag { + value = fmt.Sprintf("%s.%s", line[0], line[1]) + } else { + value = fmt.Sprintf("%s.%s.%s", line[0], line[1], line[2]) + } + } + if arrMap1[value] != 0 { + arrMap1[value]++ + } else { + arrMap1[value] = 1 + } + } + for k, v := range arrMap1 { + arrMap2[k] = v + } + + i := 0 + for _ = range arrMap1 { + var maxCountKey string + var maxCountVal = 0 + for key, val := range arrMap2 { + if val > maxCountVal { + maxCountVal = val + maxCountKey = key + } + } + arrTop = append(arrTop, maxCountKey) + arrLen = append(arrLen, maxCountVal) + i++ + if i >= length { + return + } + delete(arrMap2, maxCountKey) + } + return +} diff --git a/Plugins/scanner.go b/Plugins/scanner.go index bb1fd7b..3553ca0 100644 --- a/Plugins/scanner.go +++ b/Plugins/scanner.go @@ -23,15 +23,17 @@ func Scan(info common.HostInfo) { var wg = sync.WaitGroup{} if len(Hosts) > 0 { if common.IsPing == false { - Hosts = ICMPRun(Hosts, common.Ping) - fmt.Println("icmp alive hosts len is:", len(Hosts)) + Hosts = CheckLive(Hosts, common.Ping) + fmt.Println("[*] Icmp alive hosts len is:", len(Hosts)) } if info.Scantype == "icmp" { + common.LogWG.Wait() return } AlivePorts := PortScan(Hosts, info.Ports, info.Timeout) - fmt.Println("alive ports len is:", len(AlivePorts)) + fmt.Println("[*] alive ports len is:", len(AlivePorts)) if info.Scantype == "portscan" { + common.LogWG.Wait() return } diff --git a/README.md b/README.md index bfab62a..8e18cb7 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,8 @@ go build -ldflags="-s -w " -trimpath `go run .\main.go -h 192.168.x.x/24 -m netbios(-m netbios时,才会显示完整的netbios信息)` ![](image/netbios1.png) +`go run .\main.go -h 192.0.0.0/8 -m icmp(探测每个C段的网关和数个随机IP,并统计top 10 B、C段存活数量)` +![img.png](image/live.png) ## 参考链接 https://github.com/Adminisme/ServerScan https://github.com/netxfly/x-crack @@ -186,6 +188,7 @@ fscan 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-G 除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。 ## 最近更新 +[+] 2022/1/7 扫ip/8时,默认会扫每个C段的网关和数个随机IP,推荐参数:-h ip/8 -m icmp.新增LiveTop功能,检测存活时,默认会输出top10的B、C段ip存活数量. [+] 2021/12/7 新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口) [+] 2021/12/1 优化xray解析模块,支持groups、新增poc,加入https判断(tls握手包),优化ip解析模块(支持所有ip/xx),增加爆破关闭参数 -nobr,添加跳过某些ip扫描功能 -hn 192.168.1.1,添加跳过某些端口扫描功能-pn 21,445,增加扫描docker未授权漏洞 [+] 2021/6/18 改善一下poc的机制,如果识别出指纹会根据指纹信息发送poc,如果没有识别到指纹才会把所有poc打一遍 diff --git a/common/config.go b/common/config.go index 0ce1214..ddfa742 100644 --- a/common/config.go +++ b/common/config.go @@ -1,5 +1,6 @@ package common +var version = "1.7.0" var Userdict = map[string][]string{ "ftp": {"ftp", "admin", "www", "web", "root", "db", "wwwroot", "data"}, "mysql": {"root", "mysql"}, @@ -99,4 +100,5 @@ var ( UserAdd string PassAdd string BruteThread int + LiveTop int ) diff --git a/common/flag.go b/common/flag.go index 343ce82..73732ed 100644 --- a/common/flag.go +++ b/common/flag.go @@ -11,7 +11,7 @@ func Banner() { / /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ / / /_\\_____\__ \ (__| | | (_| | (__| < \____/ |___/\___|_| \__,_|\___|_|\_\ - fscan version: 1.6.3 + fscan version: ` + version + ` ` print(banner) } @@ -34,6 +34,7 @@ func Flag(Info *HostInfo) { flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh") flag.StringVar(&Info.Path, "path", "", "fcgi、smb romote file path") flag.IntVar(&Threads, "t", 600, "Thread nums") + flag.IntVar(&LiveTop, "top", 10, "show live len top") flag.StringVar(&HostFile, "hf", "", "host file, -hf ip.txt") flag.StringVar(&Userfile, "userf", "", "username file") flag.StringVar(&Passfile, "pwdf", "", "password file")