新增-m webonly,跳过端口扫描,直接访问http。致谢@AgeloVito

Plugins/base.go

@@ -1,21 +1,22 @@
 package Plugins
 
 var PluginList = map[string]interface{}{
-	"21":      FtpScan,
-	"22":      SshScan,
-	"135":     Findnet,
-	"139":     NetBIOS,
-	"445":     SmbScan,
-	"1433":    MssqlScan,
-	"1521":    OracleScan,
-	"3306":    MysqlScan,
-	"3389":    RdpScan,
-	"5432":    PostgresScan,
-	"6379":    RedisScan,
-	"9000":    FcgiScan,
-	"11211":   MemcachedScan,
-	"27017":   MongodbScan,
-	"1000001": MS17010,
-	"1000002": SmbGhost,
-	"1000003": WebTitle,
+	"21":       FtpScan,
+	"22":       SshScan,
+	"135":      Findnet,
+	"139":      NetBIOS,
+	"445":      SmbScan,
+	"1433":     MssqlScan,
+	"1521":     OracleScan,
+	"3306":     MysqlScan,
+	"3389":     RdpScan,
+	"5432":     PostgresScan,
+	"6379":     RedisScan,
+	"9000":     FcgiScan,
+	"11211":    MemcachedScan,
+	"27017":    MongodbScan,
+	"1000001":  MS17010,
+	"1000002":  SmbGhost,
+	"1000003":  WebTitle,
+	"10000031": WebTitle,
 }

Plugins/findnet.go

@@ -25,7 +25,7 @@ func FindnetScan(info *common.HostInfo) error {
 	realhost := fmt.Sprintf("%s:%v", info.Host, 135)
 	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
 	defer func() {
-		if conn != nil{
+		if conn != nil {
 			conn.Close()
 		}
 	}()
@@ -71,7 +71,7 @@ func read(text []byte, host string) error {
 	encodedStr := hex.EncodeToString(text)
 	hostnames := strings.Replace(encodedStr, "0700", "", -1)
 	hostname := strings.Split(hostnames, "000000")
-	result := "NetInfo:\n[*]" + host
+	result := "[+] NetInfo:\n[*]" + host
 	for i := 0; i < len(hostname); i++ {
 		hostname[i] = strings.Replace(hostname[i], "00", "", -1)
 		host, err := hex.DecodeString(hostname[i])

Plugins/portscan.go

@@ -88,3 +88,32 @@ func PortConnect(addr Addr, respondingHosts chan<- string, adjustedTimeout int64
 		respondingHosts <- address
 	}
 }
+
+func NoPortScan(hostslist []string, ports string) (AliveAddress []string) {
+	probePorts := common.ParsePort(ports)
+	noPorts := common.ParsePort(common.NoPorts)
+	if len(noPorts) > 0 {
+		temp := map[int]struct{}{}
+		for _, port := range probePorts {
+			temp[port] = struct{}{}
+		}
+
+		for _, port := range noPorts {
+			delete(temp, port)
+		}
+
+		var newDatas []int
+		for port, _ := range temp {
+			newDatas = append(newDatas, port)
+		}
+		probePorts = newDatas
+		sort.Ints(probePorts)
+	}
+	for _, port := range probePorts {
+		for _, host := range hostslist {
+			address := host + ":" + strconv.Itoa(port)
+			AliveAddress = append(AliveAddress, address)
+		}
+	}
+	return
+}

Plugins/scanner.go

@@ -30,11 +30,16 @@ func Scan(info common.HostInfo) {
 			common.LogWG.Wait()
 			return
 		}
-		AlivePorts := PortScan(Hosts, info.Ports, info.Timeout)
-		fmt.Println("[*] alive ports len is:", len(AlivePorts))
-		if info.Scantype == "portscan" {
-			common.LogWG.Wait()
-			return
+		var AlivePorts []string
+		if info.Scantype == "webonly" {
+			AlivePorts = NoPortScan(Hosts, info.Ports)
+		} else {
+			AlivePorts = PortScan(Hosts, info.Ports, info.Timeout)
+			fmt.Println("[*] alive ports len is:", len(AlivePorts))
+			if info.Scantype == "portscan" {
+				common.LogWG.Wait()
+				return
+			}
 		}
 
 		var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}

README.md

@@ -188,6 +188,7 @@ fscan 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-G
 除非您已充分阅读、完全理解并接受本协议所有条款，否则，请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的，即视为您已阅读并同意本协议的约束。
 
 ## 最近更新
+[+] 2022/2/25 新增-m webonly,跳过端口扫描,直接访问http。致谢@AgeloVito  
 [+] 2022/1/11 新增oracle密码爆破  
 [+] 2022/1/7  扫ip/8时,默认会扫每个C段的网关和数个随机IP,推荐参数:-h ip/8 -m icmp.新增LiveTop功能,检测存活时,默认会输出top10的B、C段ip存活数量.  
 [+] 2021/12/7 新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口)  

common/ParseIP.go

@@ -91,10 +91,10 @@ func parseIP(ip string) []string {
 		return parseIP1(ip)
 	//可能是域名,用lookup获取ip
 	case reg.MatchString(ip):
-		_, err := net.LookupHost(ip)
-		if err != nil {
-			return nil
-		}
+		//	_, err := net.LookupHost(ip)
+		//	if err != nil {
+		//		return nil
+		//	}
 		return []string{ip}
 	//处理单个ip
 	default:

common/config.go

@@ -32,6 +32,7 @@ var PORTList = map[string]int{
 	"ms17010":     1000001,
 	"cve20200796": 1000002,
 	"web":         1000003,
+	"webonly":     10000031,
 	"all":         0,
 	"portscan":    0,
 	"icmp":        0,

common/log.go

@@ -10,7 +10,7 @@ import (
 
 var Num int64
 var End int64
-var Results = make(chan string)
+var Results = make(chan *string)
 var Start = true
 var LogSucTime int64
 var LogErrTime int64
@@ -25,16 +25,16 @@ func init() {
 func LogSuccess(result string) {
 	LogWG.Add(1)
 	LogSucTime = time.Now().Unix()
-	Results <- result
+	Results <- &result
 }
 
 func SaveLog() {
 	for result := range Results {
-		if Silent == false || strings.Contains(result, "[+]") || strings.Contains(result, "[*]") {
-			fmt.Println(result)
+		if Silent == false || strings.Contains(*result, "[+]") || strings.Contains(*result, "[*]") {
+			fmt.Println(*result)
 		}
 		if IsSave {
-			WriteFile(result, Outputfile)
+			WriteFile(*result, Outputfile)
 		}
 		LogWG.Done()
 	}

main.go

@@ -1,14 +1,18 @@
 package main
 
 import (
+	"fmt"
 	"github.com/shadow1ng/fscan/Plugins"
 	"github.com/shadow1ng/fscan/common"
+	"time"
 )
 
 func main() {
+	start := time.Now()
 	var Info common.HostInfo
 	common.Flag(&Info)
 	common.Parse(&Info)
 	Plugins.Scan(Info)
-	print("scan end\n")
+	t := time.Now().Sub(start)
+	fmt.Printf("[*] 扫描结束,耗时: %s", t)
 }