refactor: 为MS17010插件添加包控制功能

- 在checkMS17010Vulnerability和checkDoublePulsar方法中添加包控制检查 - 统一错误处理和包计数逻辑 - 确保所有TCP连接遵循发包限制
2025-09-14 14:06:44 +08:00 · 2025-09-02 12:04:26 +00:00 · 2025-09-02 12:04:26 +00:00 · 4054c767dd
commit 4054c767dd
parent 2385a730eb
1 changed files with 16 additions and 2 deletions
--- a/plugins/services/ms17010.go
+++ b/plugins/services/ms17010.go
@ -296,11 +296,18 @@ func init() {

 // checkMS17010Vulnerability 检测MS17-010漏洞 (从原始MS17010.go复制和适配)
 func (p *MS17010Plugin) checkMS17010Vulnerability(ip string) (bool, string, error) {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		return false, "", fmt.Errorf("发包受限: %s", reason)
+	}
+
 	// 连接目标
 	conn, err := net.DialTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second)
 	if err != nil {
+		common.IncrementTCPFailedPacketCount()
 		return false, "", fmt.Errorf("连接错误: %v", err)
 	}
+	common.IncrementTCPSuccessPacketCount()
 	defer conn.Close()

 	if err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second)); err != nil {
@ -401,10 +408,17 @@ func (p *MS17010Plugin) checkMS17010Vulnerability(ip string) (bool, string, erro

 // checkDoublePulsar 检测DOUBLEPULSAR后门
 func (p *MS17010Plugin) checkDoublePulsar(ip string) bool {
-	conn, err := net.DialTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second)
-	if err != nil {
+	// 检查发包限制
+	if canSend, _ := common.CanSendPacket(); !canSend {
 		return false
 	}
+
+	conn, err := net.DialTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second)
+	if err != nil {
+		common.IncrementTCPFailedPacketCount()
+		return false
+	}
+	common.IncrementTCPSuccessPacketCount()
 	defer conn.Close()

 	// 简化的后门检测逻辑