diff --git a/Plugins/base.go b/Plugins/base.go index 191d68f..78283d7 100644 --- a/Plugins/base.go +++ b/Plugins/base.go @@ -8,6 +8,7 @@ var PluginList = map[string]interface{}{ "445": SmbScan, "1433": MssqlScan, "3306": MysqlScan, + "3389": RdpScan, "5432": PostgresScan, "6379": RedisScan, "9000": FcgiScan, diff --git a/README.md b/README.md index 734bbcf..23ab9a2 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ * 端口扫描 2.爆破功能: -* 各类服务爆破(ssh、smb等) +* 各类服务爆破(ssh、smb、rdp等) * 数据库密码爆破(mysql、mssql、redis、psql等) 3.系统信息、漏洞扫描: @@ -52,6 +52,7 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块) fscan.exe -hf ip.txt (以文件导入) fscan.exe -u http://baidu.com -proxy 8080 (扫描单个url,并设置http代理 http://127.0.0.1:8080) fscan.exe -h 192.168.1.1/24 -nobr -nopoc (不进行爆破,不扫Web poc,以减少流量) +fscan.exe -h 192.168.1.1/24 -pa 3389 (在原基础上,加入3389->rdp扫描) ``` 编译命令 ``` @@ -90,6 +91,8 @@ go build -ldflags="-s -w " -trimpath 扫描结果保存到哪 (default "result.txt") -p string 设置扫描的端口: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017") + -pa string + 新增需要扫描的端口,-pa 3389 (会在原有端口列表基础上,新增该端口) -path string fcgi、smb romote file path -ping @@ -183,6 +186,7 @@ fscan 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-G 除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。 ## 最近更新 +[+] 2021/12/7 新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口) [+] 2021/12/1 优化xray解析模块,支持groups、新增poc,加入https判断(tls握手包),优化ip解析模块(支持所有ip/xx),增加爆破关闭参数 -nobr,添加跳过某些ip扫描功能 -hn 192.168.1.1,添加跳过某些端口扫描功能-pn 21,445,增加扫描docker未授权漏洞 [+] 2021/6/18 改善一下poc的机制,如果识别出指纹会根据指纹信息发送poc,如果没有识别到指纹才会把所有poc打一遍 [+] 2021/5/29 加入fcgi协议未授权命令执行扫描,优化poc模块,优化icmp模块,ssh模块加入私钥连接 diff --git a/common/Parse.go b/common/Parse.go index 1cf6f9f..9f38a4f 100644 --- a/common/Parse.go +++ b/common/Parse.go @@ -120,6 +120,14 @@ func ParseInput(Info *HostInfo) { if Info.Ports == DefaultPorts { Info.Ports += "," + Webport } + + if PortAdd != "" { + if strings.HasSuffix(Info.Ports, ",") { + Info.Ports += PortAdd + } else { + Info.Ports += "," + PortAdd + } + } } func ParseScantype(Info *HostInfo) { @@ -130,6 +138,8 @@ func ParseScantype(Info *HostInfo) { if Info.Scantype != "all" { if Info.Ports == DefaultPorts { switch Info.Scantype { + case "rdp": + Info.Ports = "3389" case "wmi": Info.Ports = "135" case "web": diff --git a/common/config.go b/common/config.go index c9164fc..f971c5b 100644 --- a/common/config.go +++ b/common/config.go @@ -5,6 +5,7 @@ var Userdict = map[string][]string{ "mysql": {"root", "mysql"}, "mssql": {"sa", "sql"}, "smb": {"administrator", "admin", "guest"}, + "rdp": {"administrator", "admin", "guest"}, "postgresql": {"postgres", "admin"}, "ssh": {"root", "admin"}, "mongodb": {"root", "admin"}, @@ -19,6 +20,7 @@ var PORTList = map[string]int{ "smb": 445, "mssql": 1433, "mysql": 3306, + "rdp": 3389, "psql": 5432, "redis": 6379, "fcgi": 9000, @@ -93,4 +95,5 @@ var ( NoPorts string NoHosts string SC string + PortAdd string ) diff --git a/common/flag.go b/common/flag.go index 881e622..20fefd4 100644 --- a/common/flag.go +++ b/common/flag.go @@ -21,6 +21,7 @@ func Flag(Info *HostInfo) { flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12") flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24") flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306") + flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389") flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445") flag.StringVar(&Info.Command, "c", "", "exec command (ssh)") flag.StringVar(&Info.SshKey, "sshkey", "", "sshkey file (id_rsa)") diff --git a/go.mod b/go.mod index b09342a..019f5c9 100644 --- a/go.mod +++ b/go.mod @@ -3,17 +3,21 @@ module github.com/shadow1ng/fscan go 1.16 require ( - github.com/denisenkom/go-mssqldb v0.10.0 + github.com/denisenkom/go-mssqldb v0.11.0 github.com/go-sql-driver/mysql v1.6.0 github.com/golang/protobuf v1.3.4 github.com/google/cel-go v0.6.0 - github.com/jlaffaye/ftp v0.0.0-20210307004419-5d4190119067 - github.com/lib/pq v1.10.1 + github.com/huin/asn1ber v0.0.0-20120622192748-af09f62e6358 // indirect + github.com/jlaffaye/ftp v0.0.0-20211117213618-11820403398b + github.com/lib/pq v1.10.4 github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8 - golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de - golang.org/x/net v0.0.0-20200301022130-244492dfa37a - golang.org/x/text v0.3.2 + github.com/tomatome/grdp v0.0.0-20211016064301-f2f15c171086 + golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a + golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 + golang.org/x/text v0.3.3 google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b ) + +replace github.com/tomatome/grdp v0.0.0-20211016064301-f2f15c171086 => github.com/shadow1ng/grdp v1.0.3