mirror of https://github.com/qwqdanchun/fscan.git
新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口)
This commit is contained in:
parent
f71b4ab68f
commit
e1a4bfabfc
|
@ -8,6 +8,7 @@ var PluginList = map[string]interface{}{
|
||||||
"445": SmbScan,
|
"445": SmbScan,
|
||||||
"1433": MssqlScan,
|
"1433": MssqlScan,
|
||||||
"3306": MysqlScan,
|
"3306": MysqlScan,
|
||||||
|
"3389": RdpScan,
|
||||||
"5432": PostgresScan,
|
"5432": PostgresScan,
|
||||||
"6379": RedisScan,
|
"6379": RedisScan,
|
||||||
"9000": FcgiScan,
|
"9000": FcgiScan,
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
* 端口扫描
|
* 端口扫描
|
||||||
|
|
||||||
2.爆破功能:
|
2.爆破功能:
|
||||||
* 各类服务爆破(ssh、smb等)
|
* 各类服务爆破(ssh、smb、rdp等)
|
||||||
* 数据库密码爆破(mysql、mssql、redis、psql等)
|
* 数据库密码爆破(mysql、mssql、redis、psql等)
|
||||||
|
|
||||||
3.系统信息、漏洞扫描:
|
3.系统信息、漏洞扫描:
|
||||||
|
@ -52,6 +52,7 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
|
||||||
fscan.exe -hf ip.txt (以文件导入)
|
fscan.exe -hf ip.txt (以文件导入)
|
||||||
fscan.exe -u http://baidu.com -proxy 8080 (扫描单个url,并设置http代理 http://127.0.0.1:8080)
|
fscan.exe -u http://baidu.com -proxy 8080 (扫描单个url,并设置http代理 http://127.0.0.1:8080)
|
||||||
fscan.exe -h 192.168.1.1/24 -nobr -nopoc (不进行爆破,不扫Web poc,以减少流量)
|
fscan.exe -h 192.168.1.1/24 -nobr -nopoc (不进行爆破,不扫Web poc,以减少流量)
|
||||||
|
fscan.exe -h 192.168.1.1/24 -pa 3389 (在原基础上,加入3389->rdp扫描)
|
||||||
```
|
```
|
||||||
编译命令
|
编译命令
|
||||||
```
|
```
|
||||||
|
@ -90,6 +91,8 @@ go build -ldflags="-s -w " -trimpath
|
||||||
扫描结果保存到哪 (default "result.txt")
|
扫描结果保存到哪 (default "result.txt")
|
||||||
-p string
|
-p string
|
||||||
设置扫描的端口: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017")
|
设置扫描的端口: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017")
|
||||||
|
-pa string
|
||||||
|
新增需要扫描的端口,-pa 3389 (会在原有端口列表基础上,新增该端口)
|
||||||
-path string
|
-path string
|
||||||
fcgi、smb romote file path
|
fcgi、smb romote file path
|
||||||
-ping
|
-ping
|
||||||
|
@ -183,6 +186,7 @@ fscan 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-G
|
||||||
除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。
|
除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。
|
||||||
|
|
||||||
## 最近更新
|
## 最近更新
|
||||||
|
[+] 2021/12/7 新增rdp扫描,新增添加端口参数-pa 3389(会在原有端口列表基础上,新增该端口)
|
||||||
[+] 2021/12/1 优化xray解析模块,支持groups、新增poc,加入https判断(tls握手包),优化ip解析模块(支持所有ip/xx),增加爆破关闭参数 -nobr,添加跳过某些ip扫描功能 -hn 192.168.1.1,添加跳过某些端口扫描功能-pn 21,445,增加扫描docker未授权漏洞
|
[+] 2021/12/1 优化xray解析模块,支持groups、新增poc,加入https判断(tls握手包),优化ip解析模块(支持所有ip/xx),增加爆破关闭参数 -nobr,添加跳过某些ip扫描功能 -hn 192.168.1.1,添加跳过某些端口扫描功能-pn 21,445,增加扫描docker未授权漏洞
|
||||||
[+] 2021/6/18 改善一下poc的机制,如果识别出指纹会根据指纹信息发送poc,如果没有识别到指纹才会把所有poc打一遍
|
[+] 2021/6/18 改善一下poc的机制,如果识别出指纹会根据指纹信息发送poc,如果没有识别到指纹才会把所有poc打一遍
|
||||||
[+] 2021/5/29 加入fcgi协议未授权命令执行扫描,优化poc模块,优化icmp模块,ssh模块加入私钥连接
|
[+] 2021/5/29 加入fcgi协议未授权命令执行扫描,优化poc模块,优化icmp模块,ssh模块加入私钥连接
|
||||||
|
|
|
@ -120,6 +120,14 @@ func ParseInput(Info *HostInfo) {
|
||||||
if Info.Ports == DefaultPorts {
|
if Info.Ports == DefaultPorts {
|
||||||
Info.Ports += "," + Webport
|
Info.Ports += "," + Webport
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if PortAdd != "" {
|
||||||
|
if strings.HasSuffix(Info.Ports, ",") {
|
||||||
|
Info.Ports += PortAdd
|
||||||
|
} else {
|
||||||
|
Info.Ports += "," + PortAdd
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func ParseScantype(Info *HostInfo) {
|
func ParseScantype(Info *HostInfo) {
|
||||||
|
@ -130,6 +138,8 @@ func ParseScantype(Info *HostInfo) {
|
||||||
if Info.Scantype != "all" {
|
if Info.Scantype != "all" {
|
||||||
if Info.Ports == DefaultPorts {
|
if Info.Ports == DefaultPorts {
|
||||||
switch Info.Scantype {
|
switch Info.Scantype {
|
||||||
|
case "rdp":
|
||||||
|
Info.Ports = "3389"
|
||||||
case "wmi":
|
case "wmi":
|
||||||
Info.Ports = "135"
|
Info.Ports = "135"
|
||||||
case "web":
|
case "web":
|
||||||
|
|
|
@ -5,6 +5,7 @@ var Userdict = map[string][]string{
|
||||||
"mysql": {"root", "mysql"},
|
"mysql": {"root", "mysql"},
|
||||||
"mssql": {"sa", "sql"},
|
"mssql": {"sa", "sql"},
|
||||||
"smb": {"administrator", "admin", "guest"},
|
"smb": {"administrator", "admin", "guest"},
|
||||||
|
"rdp": {"administrator", "admin", "guest"},
|
||||||
"postgresql": {"postgres", "admin"},
|
"postgresql": {"postgres", "admin"},
|
||||||
"ssh": {"root", "admin"},
|
"ssh": {"root", "admin"},
|
||||||
"mongodb": {"root", "admin"},
|
"mongodb": {"root", "admin"},
|
||||||
|
@ -19,6 +20,7 @@ var PORTList = map[string]int{
|
||||||
"smb": 445,
|
"smb": 445,
|
||||||
"mssql": 1433,
|
"mssql": 1433,
|
||||||
"mysql": 3306,
|
"mysql": 3306,
|
||||||
|
"rdp": 3389,
|
||||||
"psql": 5432,
|
"psql": 5432,
|
||||||
"redis": 6379,
|
"redis": 6379,
|
||||||
"fcgi": 9000,
|
"fcgi": 9000,
|
||||||
|
@ -93,4 +95,5 @@ var (
|
||||||
NoPorts string
|
NoPorts string
|
||||||
NoHosts string
|
NoHosts string
|
||||||
SC string
|
SC string
|
||||||
|
PortAdd string
|
||||||
)
|
)
|
||||||
|
|
|
@ -21,6 +21,7 @@ func Flag(Info *HostInfo) {
|
||||||
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
|
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
|
||||||
flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24")
|
flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24")
|
||||||
flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
|
flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
|
||||||
|
flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389")
|
||||||
flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445")
|
flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445")
|
||||||
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
|
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
|
||||||
flag.StringVar(&Info.SshKey, "sshkey", "", "sshkey file (id_rsa)")
|
flag.StringVar(&Info.SshKey, "sshkey", "", "sshkey file (id_rsa)")
|
||||||
|
|
16
go.mod
16
go.mod
|
@ -3,17 +3,21 @@ module github.com/shadow1ng/fscan
|
||||||
go 1.16
|
go 1.16
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/denisenkom/go-mssqldb v0.10.0
|
github.com/denisenkom/go-mssqldb v0.11.0
|
||||||
github.com/go-sql-driver/mysql v1.6.0
|
github.com/go-sql-driver/mysql v1.6.0
|
||||||
github.com/golang/protobuf v1.3.4
|
github.com/golang/protobuf v1.3.4
|
||||||
github.com/google/cel-go v0.6.0
|
github.com/google/cel-go v0.6.0
|
||||||
github.com/jlaffaye/ftp v0.0.0-20210307004419-5d4190119067
|
github.com/huin/asn1ber v0.0.0-20120622192748-af09f62e6358 // indirect
|
||||||
github.com/lib/pq v1.10.1
|
github.com/jlaffaye/ftp v0.0.0-20211117213618-11820403398b
|
||||||
|
github.com/lib/pq v1.10.4
|
||||||
github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca
|
github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca
|
||||||
github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8
|
github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8
|
||||||
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
|
github.com/tomatome/grdp v0.0.0-20211016064301-f2f15c171086
|
||||||
golang.org/x/net v0.0.0-20200301022130-244492dfa37a
|
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
|
||||||
golang.org/x/text v0.3.2
|
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
|
||||||
|
golang.org/x/text v0.3.3
|
||||||
google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0
|
google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0
|
||||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
|
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
|
||||||
)
|
)
|
||||||
|
|
||||||
|
replace github.com/tomatome/grdp v0.0.0-20211016064301-f2f15c171086 => github.com/shadow1ng/grdp v1.0.3
|
||||||
|
|
Loading…
Reference in New Issue