add socks5 support

2022-05-07 23:46:22 +08:00 · 2022-05-07 23:46:22 +08:00 · d774023da7
parent df527adda9
commit d774023da7
15 changed files with 100 additions and 22 deletions
--- a/Plugins/CVE-2020-0796.go
+++ b/Plugins/CVE-2020-0796.go
@ -3,7 +3,6 @@ package Plugins
 import (
 	"bytes"
 	"fmt"
-	"net"
 	"time"

 	"github.com/shadow1ng/fscan/common"
@ -106,7 +105,7 @@ func SmbGhost(info *common.HostInfo) error {
 func SmbGhostScan(info *common.HostInfo) error {
 	ip, port, timeout := info.Host, 445, time.Duration(info.Timeout)*time.Second
 	addr := fmt.Sprintf("%s:%v", info.Host, port)
-	conn, err := net.DialTimeout("tcp", addr, timeout)
+	conn, err := common.WrapperTcpWithTimeout("tcp", addr, timeout)
 	defer func() {
 		if conn != nil {
 			conn.Close()
--- a/Plugins/NetBIOS.go
+++ b/Plugins/NetBIOS.go
@ -75,7 +75,7 @@ func NetBIOS1(info *common.HostInfo) (nbname NbnsName, err error) {
 		payload0 = append(payload0, []byte("\x00 EOENEBFACACACACACACACACACACACACA\x00")...)
 	}
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
-	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
 	defer func() {
 		if conn != nil{
 			conn.Close()
--- a/Plugins/fcgiscan.go
+++ b/Plugins/fcgiscan.go
@ -8,7 +8,6 @@ import (
 	"fmt"
 	"github.com/shadow1ng/fscan/common"
 	"io"
-	"net"
 	"strconv"
 	"strings"
 	"sync"
@ -184,7 +183,7 @@ type FCGIClient struct {
 }

 func New(addr string, timeout int64) (fcgi *FCGIClient, err error) {
-	conn, err := net.DialTimeout("tcp", addr, time.Duration(timeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp", addr, time.Duration(timeout)*time.Second)
 	fcgi = &FCGIClient{
 		rwc:       conn,
 		keepAlive: false,
--- a/Plugins/findnet.go
+++ b/Plugins/findnet.go
@ -5,7 +5,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/shadow1ng/fscan/common"
-	"net"
 	"strings"
 	"time"
 )
@ -23,7 +22,7 @@ func Findnet(info *common.HostInfo) error {

 func FindnetScan(info *common.HostInfo) error {
 	realhost := fmt.Sprintf("%s:%v", info.Host, 135)
-	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
 	defer func() {
 		if conn != nil {
 			conn.Close()
--- a/Plugins/memcached.go
+++ b/Plugins/memcached.go
@ -3,14 +3,13 @@ package Plugins
 import (
 	"fmt"
 	"github.com/shadow1ng/fscan/common"
-	"net"
 	"strings"
 	"time"
 )

 func MemcachedScan(info *common.HostInfo) (err error) {
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
-	client, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	client, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
 	defer func() {
 		if client != nil{
 			client.Close()
--- a/Plugins/mongodb.go
+++ b/Plugins/mongodb.go
@ -4,7 +4,6 @@ import (
 	"fmt"
 	_ "github.com/denisenkom/go-mssqldb"
 	"github.com/shadow1ng/fscan/common"
-	"net"
 	"strings"
 	"time"
 )
@ -26,7 +25,7 @@ func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
 	flag = false
 	senddata := []byte{72, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 1, 0, 0, 0, 33, 0, 0, 0, 2, 103, 101, 116, 76, 111, 103, 0, 16, 0, 0, 0, 115, 116, 97, 114, 116, 117, 112, 87, 97, 114, 110, 105, 110, 103, 115, 0, 0}
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
-	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
 	defer func() {
 		if conn != nil {
 			conn.Close()
--- a/Plugins/ms17010.go
+++ b/Plugins/ms17010.go
@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"github.com/shadow1ng/fscan/common"
-	"net"
 	"strings"
 	"time"
 )
@ -34,7 +33,7 @@ func MS17010(info *common.HostInfo) error {
 func MS17010Scan(info *common.HostInfo) error {
 	ip := info.Host
 	// connecting to a host in LAN if reachable should be very quick
-	conn, err := net.DialTimeout("tcp", ip+":445", time.Duration(info.Timeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(info.Timeout)*time.Second)
 	defer func() {
 		if conn != nil {
 			conn.Close()
--- a/Plugins/portscan.go
+++ b/Plugins/portscan.go
@ -3,7 +3,6 @@ package Plugins
 import (
 	"fmt"
 	"github.com/shadow1ng/fscan/common"
-	"net"
 	"sort"
 	"strconv"
 	"sync"
@ -74,7 +73,7 @@ func PortScan(hostslist []string, ports string, timeout int64) []string {

 func PortConnect(addr Addr, respondingHosts chan<- string, adjustedTimeout int64, wg *sync.WaitGroup) {
 	host, port := addr.ip, addr.port
-	conn, err := net.DialTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), time.Duration(adjustedTimeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), time.Duration(adjustedTimeout)*time.Second)
 	defer func() {
 		if conn != nil {
 			conn.Close()
--- a/Plugins/rdp.go
+++ b/Plugins/rdp.go
@ -14,7 +14,6 @@ import (
 	"github.com/tomatome/grdp/protocol/tpkt"
 	"github.com/tomatome/grdp/protocol/x224"
 	"log"
-	"net"
 	"os"
 	"strconv"
 	"strings"
@ -127,7 +126,7 @@ func NewClient(host string, logLevel glog.LEVEL) *Client {
 }

 func (g *Client) Login(domain, user, pwd string, timeout int64) error {
-	conn, err := net.DialTimeout("tcp", g.Host, time.Duration(timeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp", g.Host, time.Duration(timeout)*time.Second)
 	defer func() {
 		if conn != nil {
 			conn.Close()
--- a/Plugins/redis.go
+++ b/Plugins/redis.go
@ -47,7 +47,7 @@ func RedisScan(info *common.HostInfo) (tmperr error) {
 func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
 	flag = false
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
-	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
 	defer func() {
 		if conn != nil {
 			conn.Close()
@ -87,7 +87,7 @@ func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
 func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
 	flag = false
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
-	conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
 	defer func() {
 		if conn != nil {
 			conn.Close()
--- a/Plugins/webtitle.go
+++ b/Plugins/webtitle.go
@ -10,7 +10,6 @@ import (
 	"golang.org/x/text/encoding/simplifiedchinese"
 	"io"
 	"io/ioutil"
-	"net"
 	"net/http"
 	"net/url"
 	"regexp"
@ -218,7 +217,8 @@ func GetProtocol(host string, Timeout int64) (protocol string) {
 		return
 	}

-	conn, err := tls.DialWithDialer(&net.Dialer{Timeout: time.Duration(Timeout) * time.Second}, "tcp", host, &tls.Config{InsecureSkipVerify: true})
+	socksconn, err := common.WrapperTcpWithTimeout("tcp", host, time.Duration(Timeout) * time.Second)
+	conn := tls.Client(socksconn, &tls.Config{InsecureSkipVerify: true})
 	defer func() {
 		if conn != nil {
 			conn.Close()
--- a/WebScan/lib/client.go
+++ b/WebScan/lib/client.go
@ -1,8 +1,11 @@
 package lib

 import (
+	"context"
 	"crypto/tls"
+	"errors"
 	"github.com/shadow1ng/fscan/common"
+	"golang.org/x/net/proxy"
 	"log"
 	"net"
 	"net/http"
@ -27,13 +30,29 @@ func Inithttp(PocInfo common.PocInfo) {
 }

 func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) error {
+	type DialContext = func(ctx context.Context, network, addr string) (net.Conn, error)
+	var dialContext DialContext
 	dialer := &net.Dialer{
 		Timeout:   dialTimout,
 		KeepAlive: keepAlive,
 	}
+	if common.Socks5Proxy != "" {
+		dialSocksProxy, err := common.Socks5Dailer(dialer)
+		if err != nil {
+			return err
+		}
+		if contextDialer, ok := dialSocksProxy.(proxy.ContextDialer); ok {
+			dialContext = contextDialer.DialContext
+		} else {
+			return errors.New("Failed type assertion to DialContext")
+		}
+	}else {
+		dialContext = dialer.DialContext
+	}
+

 	tr := &http.Transport{
-		DialContext:         dialer.DialContext,
+		DialContext:         dialContext,
 		MaxConnsPerHost:     5,
 		MaxIdleConns:        0,
 		MaxIdleConnsPerHost: ThreadsNum * 2,
--- a/common/config.go
+++ b/common/config.go
@ -106,4 +106,5 @@ var (
 	PassAdd       string
 	BruteThread   int
 	LiveTop       int
+	Socks5Proxy   string
 )
--- a/common/flag.go
+++ b/common/flag.go
@ -55,6 +55,7 @@ func Flag(Info *HostInfo) {
 	flag.StringVar(&UrlFile, "uf", "", "urlfile")
 	flag.StringVar(&Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
 	flag.StringVar(&Pocinfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
+	flag.StringVar(&Socks5Proxy, "socks5", "", "set socks5 proxy, will be used in tcp connection, timeout setting will not work")
 	flag.StringVar(&Pocinfo.Cookie, "cookie", "", "set poc cookie")
 	flag.Int64Var(&Pocinfo.Timeout, "wt", 5, "Set web timeout")
 	flag.IntVar(&Pocinfo.Num, "num", 20, "poc rate")
--- a/common/proxy.go
+++ b/common/proxy.go
@ -0,0 +1,65 @@
+package common
+
+import (
+	"errors"
+	"golang.org/x/net/proxy"
+	"net"
+	"net/url"
+	"strings"
+	"time"
+)
+
+func WrapperTcpWithTimeout(network, address string, timeout time.Duration) (net.Conn, error) {
+	d := &net.Dialer{Timeout: timeout/2}
+	return WrapperTCP(network, address, d)
+}
+
+func WrapperTCP(network, address string,forward * net.Dialer) (net.Conn, error) {
+	//get conn
+	var conn net.Conn
+	if Socks5Proxy == "" {
+		var err error
+		conn,err = forward.Dial(network, address)
+		if err != nil {
+			return nil, err
+		}
+	}else {
+		dailer, err := Socks5Dailer(forward)
+		if err != nil{
+			return nil, err
+		}
+		conn,err = dailer.Dial(network, address)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return conn, nil
+
+}
+
+func Socks5Dailer(forward * net.Dialer) (proxy.Dialer, error) {
+	u,err := url.Parse(Socks5Proxy)
+	if err != nil {
+		return nil, err
+	}
+	if strings.ToLower(u.Scheme) != "socks5" {
+		return nil, errors.New("Only support socks5")
+	}
+	address := u.Host
+	var auth proxy.Auth
+	var dailer proxy.Dialer
+	if u.User.String() != "" {
+		auth = proxy.Auth{}
+		auth.User = u.User.Username()
+		password,_ := u.User.Password()
+		auth.Password = password
+		dailer, err = proxy.SOCKS5("tcp", address, &auth, forward)
+	}else {
+		dailer, err = proxy.SOCKS5("tcp", address, nil, forward)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+	return dailer, nil
+}