新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口)

This commit is contained in:
影舞者 2021-12-07 17:01:21 +08:00
parent f71b4ab68f
commit e1a4bfabfc
6 changed files with 30 additions and 7 deletions

View File

@ -8,6 +8,7 @@ var PluginList = map[string]interface{}{
"445": SmbScan,
"1433": MssqlScan,
"3306": MysqlScan,
"3389": RdpScan,
"5432": PostgresScan,
"6379": RedisScan,
"9000": FcgiScan,

View File

@ -10,7 +10,7 @@
* 端口扫描
2.爆破功能:
* 各类服务爆破(ssh、smb等)
* 各类服务爆破(ssh、smb、rdp等)
* 数据库密码爆破(mysql、mssql、redis、psql等)
3.系统信息、漏洞扫描:
@ -52,6 +52,7 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
fscan.exe -hf ip.txt (以文件导入)
fscan.exe -u http://baidu.com -proxy 8080 (扫描单个url,并设置http代理 http://127.0.0.1:8080)
fscan.exe -h 192.168.1.1/24 -nobr -nopoc (不进行爆破,不扫Web poc,以减少流量)
fscan.exe -h 192.168.1.1/24 -pa 3389 (在原基础上,加入3389->rdp扫描)
```
编译命令
```
@ -90,6 +91,8 @@ go build -ldflags="-s -w " -trimpath
扫描结果保存到哪 (default "result.txt")
-p string
设置扫描的端口: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017")
-pa string
新增需要扫描的端口,-pa 3389 (会在原有端口列表基础上,新增该端口)
-path string
fcgi、smb romote file path
-ping
@ -183,6 +186,7 @@ fscan 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-G
除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。
## 最近更新
[+] 2021/12/7 新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口)
[+] 2021/12/1 优化xray解析模块,支持groups、新增poc,加入https判断(tls握手包),优化ip解析模块(支持所有ip/xx),增加爆破关闭参数 -nobr,添加跳过某些ip扫描功能 -hn 192.168.1.1,添加跳过某些端口扫描功能-pn 21,445,增加扫描docker未授权漏洞
[+] 2021/6/18 改善一下poc的机制如果识别出指纹会根据指纹信息发送poc如果没有识别到指纹才会把所有poc打一遍
[+] 2021/5/29 加入fcgi协议未授权命令执行扫描,优化poc模块,优化icmp模块,ssh模块加入私钥连接

View File

@ -120,6 +120,14 @@ func ParseInput(Info *HostInfo) {
if Info.Ports == DefaultPorts {
Info.Ports += "," + Webport
}
if PortAdd != "" {
if strings.HasSuffix(Info.Ports, ",") {
Info.Ports += PortAdd
} else {
Info.Ports += "," + PortAdd
}
}
}
func ParseScantype(Info *HostInfo) {
@ -130,6 +138,8 @@ func ParseScantype(Info *HostInfo) {
if Info.Scantype != "all" {
if Info.Ports == DefaultPorts {
switch Info.Scantype {
case "rdp":
Info.Ports = "3389"
case "wmi":
Info.Ports = "135"
case "web":

View File

@ -5,6 +5,7 @@ var Userdict = map[string][]string{
"mysql": {"root", "mysql"},
"mssql": {"sa", "sql"},
"smb": {"administrator", "admin", "guest"},
"rdp": {"administrator", "admin", "guest"},
"postgresql": {"postgres", "admin"},
"ssh": {"root", "admin"},
"mongodb": {"root", "admin"},
@ -19,6 +20,7 @@ var PORTList = map[string]int{
"smb": 445,
"mssql": 1433,
"mysql": 3306,
"rdp": 3389,
"psql": 5432,
"redis": 6379,
"fcgi": 9000,
@ -93,4 +95,5 @@ var (
NoPorts string
NoHosts string
SC string
PortAdd string
)

View File

@ -21,6 +21,7 @@ func Flag(Info *HostInfo) {
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24")
flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389")
flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445")
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
flag.StringVar(&Info.SshKey, "sshkey", "", "sshkey file (id_rsa)")

16
go.mod
View File

@ -3,17 +3,21 @@ module github.com/shadow1ng/fscan
go 1.16
require (
github.com/denisenkom/go-mssqldb v0.10.0
github.com/denisenkom/go-mssqldb v0.11.0
github.com/go-sql-driver/mysql v1.6.0
github.com/golang/protobuf v1.3.4
github.com/google/cel-go v0.6.0
github.com/jlaffaye/ftp v0.0.0-20210307004419-5d4190119067
github.com/lib/pq v1.10.1
github.com/huin/asn1ber v0.0.0-20120622192748-af09f62e6358 // indirect
github.com/jlaffaye/ftp v0.0.0-20211117213618-11820403398b
github.com/lib/pq v1.10.4
github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca
github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
golang.org/x/net v0.0.0-20200301022130-244492dfa37a
golang.org/x/text v0.3.2
github.com/tomatome/grdp v0.0.0-20211016064301-f2f15c171086
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
golang.org/x/text v0.3.3
google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
)
replace github.com/tomatome/grdp v0.0.0-20211016064301-f2f15c171086 => github.com/shadow1ng/grdp v1.0.3