新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口)

2021-12-07 17:01:21 +08:00 · 2021-12-07 17:01:21 +08:00 · e1a4bfabfc
parent f71b4ab68f
commit e1a4bfabfc
6 changed files with 30 additions and 7 deletions
--- a/Plugins/base.go
+++ b/Plugins/base.go
@ -8,6 +8,7 @@ var PluginList = map[string]interface{}{
 	"445":     SmbScan,
 	"1433":    MssqlScan,
 	"3306":    MysqlScan,
+	"3389":    RdpScan,
 	"5432":    PostgresScan,
 	"6379":    RedisScan,
 	"9000":    FcgiScan,
--- a/README.md
+++ b/README.md
@ -10,7 +10,7 @@
 * 端口扫描

 2.爆破功能:
-* 各类服务爆破(ssh、smb等)
+* 各类服务爆破(ssh、smb、rdp等)
 * 数据库密码爆破(mysql、mssql、redis、psql等)  

 3.系统信息、漏洞扫描:  
@ -52,6 +52,7 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
 fscan.exe -hf ip.txt  (以文件导入)
 fscan.exe -u http://baidu.com -proxy 8080 (扫描单个url,并设置http代理 http://127.0.0.1:8080)
 fscan.exe -h 192.168.1.1/24 -nobr -nopoc (不进行爆破,不扫Web poc,以减少流量)
+fscan.exe -h 192.168.1.1/24 -pa 3389 (在原基础上,加入3389->rdp扫描)
 ```
 编译命令
 ```
@ -90,6 +91,8 @@ go build -ldflags="-s -w " -trimpath
        扫描结果保存到哪 (default "result.txt")
  -p string
        设置扫描的端口: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017")
+  -pa string
+        新增需要扫描的端口,-pa 3389 (会在原有端口列表基础上,新增该端口)
  -path string
        fcgi、smb romote file path
  -ping
@ -183,6 +186,7 @@ fscan 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-G
 除非您已充分阅读、完全理解并接受本协议所有条款，否则，请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的，即视为您已阅读并同意本协议的约束。

 ## 最近更新
+[+] 2021/12/7 新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口)
 [+] 2021/12/1 优化xray解析模块,支持groups、新增poc,加入https判断(tls握手包),优化ip解析模块(支持所有ip/xx),增加爆破关闭参数 -nobr,添加跳过某些ip扫描功能 -hn 192.168.1.1,添加跳过某些端口扫描功能-pn 21,445,增加扫描docker未授权漏洞  
 [+] 2021/6/18 改善一下poc的机制，如果识别出指纹会根据指纹信息发送poc，如果没有识别到指纹才会把所有poc打一遍  
 [+] 2021/5/29 加入fcgi协议未授权命令执行扫描,优化poc模块,优化icmp模块,ssh模块加入私钥连接  
--- a/common/Parse.go
+++ b/common/Parse.go
@ -120,6 +120,14 @@ func ParseInput(Info *HostInfo) {
 	if Info.Ports == DefaultPorts {
 		Info.Ports += "," + Webport
 	}
+
+	if PortAdd != "" {
+		if strings.HasSuffix(Info.Ports, ",") {
+			Info.Ports += PortAdd
+		} else {
+			Info.Ports += "," + PortAdd
+		}
+	}
 }

 func ParseScantype(Info *HostInfo) {
@ -130,6 +138,8 @@ func ParseScantype(Info *HostInfo) {
 	if Info.Scantype != "all" {
 		if Info.Ports == DefaultPorts {
 			switch Info.Scantype {
+			case "rdp":
+				Info.Ports = "3389"
 			case "wmi":
 				Info.Ports = "135"
 			case "web":
--- a/common/config.go
+++ b/common/config.go
@ -5,6 +5,7 @@ var Userdict = map[string][]string{
 	"mysql":      {"root", "mysql"},
 	"mssql":      {"sa", "sql"},
 	"smb":        {"administrator", "admin", "guest"},
+	"rdp":        {"administrator", "admin", "guest"},
 	"postgresql": {"postgres", "admin"},
 	"ssh":        {"root", "admin"},
 	"mongodb":    {"root", "admin"},
@ -19,6 +20,7 @@ var PORTList = map[string]int{
 	"smb":         445,
 	"mssql":       1433,
 	"mysql":       3306,
+	"rdp":         3389,
 	"psql":        5432,
 	"redis":       6379,
 	"fcgi":        9000,
@ -93,4 +95,5 @@ var (
 	NoPorts       string
 	NoHosts       string
 	SC            string
+	PortAdd       string
 )
--- a/common/flag.go
+++ b/common/flag.go
@ -21,6 +21,7 @@ func Flag(Info *HostInfo) {
 	flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
 	flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24")
 	flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
+	flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389")
 	flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445")
 	flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
 	flag.StringVar(&Info.SshKey, "sshkey", "", "sshkey file (id_rsa)")
--- a/go.mod
+++ b/go.mod
@ -3,17 +3,21 @@ module github.com/shadow1ng/fscan
 go 1.16

 require (
-	github.com/denisenkom/go-mssqldb v0.10.0
+	github.com/denisenkom/go-mssqldb v0.11.0
 	github.com/go-sql-driver/mysql v1.6.0
 	github.com/golang/protobuf v1.3.4
 	github.com/google/cel-go v0.6.0
-	github.com/jlaffaye/ftp v0.0.0-20210307004419-5d4190119067
-	github.com/lib/pq v1.10.1
+	github.com/huin/asn1ber v0.0.0-20120622192748-af09f62e6358 // indirect
+	github.com/jlaffaye/ftp v0.0.0-20211117213618-11820403398b
+	github.com/lib/pq v1.10.4
 	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca
 	github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8
-	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
-	golang.org/x/net v0.0.0-20200301022130-244492dfa37a
-	golang.org/x/text v0.3.2
+	github.com/tomatome/grdp v0.0.0-20211016064301-f2f15c171086
+	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+	golang.org/x/text v0.3.3
 	google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 )
+
+replace github.com/tomatome/grdp v0.0.0-20211016064301-f2f15c171086 => github.com/shadow1ng/grdp v1.0.3