mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-09-14 05:56:46 +08:00
refactor: 优化插件系统设计,消除代码重复
主要改进: 1. 修复Services插件端口数据重复问题 - 删除插件结构体中的ports字段和GetPorts()方法 - 系统统一使用注册时的端口信息 2. 引入BasePlugin基础结构体 - 消除51个插件中重复的name字段和Name()方法 - 统一插件基础功能,简化代码维护 3. 统一插件接口设计 - 保持向后兼容,功能完全不变 - 代码更简洁,符合工程最佳实践 影响范围: - services插件:29个文件简化 - web插件:2个文件简化 - local插件:21个文件简化 - 总计删除约150行重复代码
This commit is contained in:
ZacharyZcR
parent
8f54702c02
commit
95497da8ca
@ -1,75 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
import re
|
||||
import os
|
||||
|
||||
# 需要清理的文件(保留ssh.go redis.go ms17010.go)
|
||||
FILES_TO_CLEAN = [
|
||||
'elasticsearch.go', 'findnet.go', 'ftp.go', 'kafka.go',
|
||||
'ldap.go', 'netbios.go', 'rabbitmq.go', 'rdp.go',
|
||||
'rsync.go', 'smb.go', 'smb2.go', 'smbghost.go',
|
||||
'smbinfo.go', 'smtp.go', 'snmp.go', 'telnet.go',
|
||||
'vnc.go', 'webpoc.go', 'webtitle.go'
|
||||
]
|
||||
|
||||
def clean_exploit_function(file_path):
|
||||
"""清理单个文件的Exploit函数"""
|
||||
with open(file_path, 'r', encoding='utf-8') as f:
|
||||
content = f.read()
|
||||
|
||||
# 使用正则表达式匹配并删除Exploit函数
|
||||
# 匹配从 "// Exploit" 注释开始到函数结束的整个块
|
||||
pattern = r'\/\/\s*Exploit.*?利用操作.*?\nfunc\s+\([^)]*\)\s+Exploit\([^{]*\{[^}]*(?:\{[^}]*\}[^}]*)*\}\n'
|
||||
|
||||
# 简化方法:按行处理
|
||||
lines = content.split('\n')
|
||||
output_lines = []
|
||||
skip_mode = False
|
||||
brace_count = 0
|
||||
|
||||
i = 0
|
||||
while i < len(lines):
|
||||
line = lines[i]
|
||||
|
||||
# 检测Exploit函数开始
|
||||
if ('// Exploit' in line and '利用操作' in line) or ('func ' in line and 'Exploit(' in line):
|
||||
skip_mode = True
|
||||
brace_count = 0
|
||||
if 'func ' in line and '{' in line:
|
||||
brace_count = line.count('{') - line.count('}')
|
||||
i += 1
|
||||
continue
|
||||
|
||||
if skip_mode:
|
||||
# 计算花括号
|
||||
brace_count += line.count('{')
|
||||
brace_count -= line.count('}')
|
||||
|
||||
# 如果花括号归零,函数结束
|
||||
if brace_count <= 0:
|
||||
skip_mode = False
|
||||
i += 1
|
||||
continue
|
||||
|
||||
output_lines.append(line)
|
||||
i += 1
|
||||
|
||||
# 写回文件
|
||||
with open(file_path, 'w', encoding='utf-8') as f:
|
||||
f.write('\n'.join(output_lines))
|
||||
|
||||
def main():
|
||||
os.chdir('plugins/services')
|
||||
|
||||
for filename in FILES_TO_CLEAN:
|
||||
if os.path.exists(filename):
|
||||
print(f"Cleaning {filename}...")
|
||||
try:
|
||||
clean_exploit_function(filename)
|
||||
print(f"✅ {filename}")
|
||||
except Exception as e:
|
||||
print(f"❌ {filename}: {e}")
|
||||
else:
|
||||
print(f"⚠️ {filename} not found")
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
@ -1,53 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# 进入services目录
|
||||
cd plugins/services
|
||||
|
||||
# 需要清理exploit的文件列表(保留ssh, redis, ms17010的exploit)
|
||||
FILES_TO_CLEAN="elasticsearch.go findnet.go ftp.go kafka.go ldap.go mongodb.go mssql.go neo4j.go netbios.go oracle.go postgresql.go rabbitmq.go rdp.go rsync.go smb.go smb2.go smbghost.go smbinfo.go smtp.go snmp.go telnet.go vnc.go webpoc.go webtitle.go"
|
||||
|
||||
for file in $FILES_TO_CLEAN; do
|
||||
if [ -f "$file" ]; then
|
||||
echo "Cleaning $file..."
|
||||
# 备份文件
|
||||
cp "$file" "${file}.backup"
|
||||
|
||||
# 使用awk删除Exploit函数
|
||||
awk '
|
||||
BEGIN { skip = 0; brace_count = 0; }
|
||||
/^\/\/ Exploit.*利用操作/ {
|
||||
skip = 1;
|
||||
brace_count = 0;
|
||||
next;
|
||||
}
|
||||
/^func.*Exploit\(/ {
|
||||
if (!skip) {
|
||||
skip = 1;
|
||||
brace_count = 0;
|
||||
}
|
||||
next;
|
||||
}
|
||||
skip && /\{/ {
|
||||
brace_count += gsub(/\{/, "");
|
||||
brace_count -= gsub(/\}/, "");
|
||||
if (brace_count <= 0 && /\}/) {
|
||||
skip = 0;
|
||||
next;
|
||||
}
|
||||
}
|
||||
skip && /\}/ {
|
||||
brace_count -= gsub(/\}/, "");
|
||||
brace_count += gsub(/\{/, "");
|
||||
if (brace_count <= 0) {
|
||||
skip = 0;
|
||||
next;
|
||||
}
|
||||
}
|
||||
!skip { print; }
|
||||
' "${file}.backup" > "$file"
|
||||
|
||||
echo "✅ Cleaned $file"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "✅ All exploit functions cleaned!"
|
||||
@ -1,79 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
import os
|
||||
import re
|
||||
|
||||
# 保留exploit的插件(真正有利用价值的)
|
||||
KEEP_EXPLOITS = ['ssh.go', 'redis.go', 'ms17010.go']
|
||||
|
||||
# 需要清理exploit的插件目录
|
||||
PLUGINS_DIR = 'plugins/services'
|
||||
|
||||
def remove_exploit_function(content, filename):
|
||||
"""移除Exploit函数及其相关方法"""
|
||||
print(f"Processing {filename}")
|
||||
|
||||
# 匹配并删除Exploit函数
|
||||
exploit_pattern = r'// Exploit.*?\nfunc \([^)]+\) Exploit\([^{]*\{(?:[^{}]++|\{(?:[^{}]++|\{[^{}]*\})*\})*\}\n'
|
||||
content = re.sub(exploit_pattern, '', content, flags=re.MULTILINE | re.DOTALL)
|
||||
|
||||
# 简化一点,匹配函数定义到下一个函数定义
|
||||
lines = content.split('\n')
|
||||
output_lines = []
|
||||
skip_lines = False
|
||||
brace_count = 0
|
||||
|
||||
for line in lines:
|
||||
# 检查是否是Exploit函数的开始
|
||||
if 'func ' in line and 'Exploit(' in line:
|
||||
skip_lines = True
|
||||
brace_count = 0
|
||||
continue
|
||||
|
||||
if skip_lines:
|
||||
# 计算花括号
|
||||
brace_count += line.count('{')
|
||||
brace_count -= line.count('}')
|
||||
|
||||
# 如果花括号平衡且不在函数内,停止跳过
|
||||
if brace_count <= 0 and '}' in line:
|
||||
skip_lines = False
|
||||
continue
|
||||
|
||||
if not skip_lines:
|
||||
output_lines.append(line)
|
||||
|
||||
return '\n'.join(output_lines)
|
||||
|
||||
def main():
|
||||
if not os.path.exists(PLUGINS_DIR):
|
||||
print(f"Directory {PLUGINS_DIR} not found")
|
||||
return
|
||||
|
||||
for filename in os.listdir(PLUGINS_DIR):
|
||||
if not filename.endswith('.go') or filename in KEEP_EXPLOITS or filename == 'init.go':
|
||||
continue
|
||||
|
||||
filepath = os.path.join(PLUGINS_DIR, filename)
|
||||
|
||||
try:
|
||||
with open(filepath, 'r', encoding='utf-8') as f:
|
||||
content = f.read()
|
||||
|
||||
# 检查是否有Exploit函数
|
||||
if 'func ' in content and 'Exploit(' in content:
|
||||
# 移除Exploit函数
|
||||
new_content = remove_exploit_function(content, filename)
|
||||
|
||||
# 写回文件
|
||||
with open(filepath, 'w', encoding='utf-8') as f:
|
||||
f.write(new_content)
|
||||
|
||||
print(f"✅ Cleaned {filename}")
|
||||
else:
|
||||
print(f"⏭️ Skipped {filename} (no Exploit function)")
|
||||
|
||||
except Exception as e:
|
||||
print(f"❌ Error processing {filename}: {e}")
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
@ -10,7 +10,7 @@ import (
|
||||
|
||||
// Plugin 统一插件接口 - 消除过度设计
|
||||
//
|
||||
// Linus哲学:"好代码没有特殊情况"
|
||||
// 统一插件系统设计原则:
|
||||
// 之前:3个不同的接口做同样的事情
|
||||
// 现在:1个接口统治所有插件
|
||||
type Plugin interface {
|
||||
@ -18,6 +18,23 @@ type Plugin interface {
|
||||
Scan(ctx context.Context, info *common.HostInfo) *Result
|
||||
}
|
||||
|
||||
// BasePlugin 基础插件结构 - 消除插件name字段重复
|
||||
//
|
||||
// 所有插件都需要name字段,通过基础结构体统一提供
|
||||
type BasePlugin struct {
|
||||
name string
|
||||
}
|
||||
|
||||
// NewBasePlugin 创建基础插件
|
||||
func NewBasePlugin(name string) BasePlugin {
|
||||
return BasePlugin{name: name}
|
||||
}
|
||||
|
||||
// Name 实现Plugin接口
|
||||
func (b BasePlugin) Name() string {
|
||||
return b.name
|
||||
}
|
||||
|
||||
// Result 统一结果结构 - 合并所有类型
|
||||
type Result struct {
|
||||
Success bool
|
||||
|
||||
@ -10,6 +10,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
//go:embed auto.json
|
||||
@ -28,14 +29,14 @@ type AVProduct struct {
|
||||
// - 删除复杂的结果结构体
|
||||
// - 跨平台支持,运行时适配
|
||||
type AVDetectPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
avProducts map[string]AVProduct
|
||||
}
|
||||
|
||||
// NewAVDetectPlugin 创建AV检测插件
|
||||
func NewAVDetectPlugin() *AVDetectPlugin {
|
||||
plugin := &AVDetectPlugin{
|
||||
name: "avdetect",
|
||||
BasePlugin: plugins.NewBasePlugin("avdetect"),
|
||||
avProducts: make(map[string]AVProduct),
|
||||
}
|
||||
|
||||
@ -49,10 +50,6 @@ func NewAVDetectPlugin() *AVDetectPlugin {
|
||||
return plugin
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *AVDetectPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行AV/EDR检测 - 直接、有效
|
||||
|
||||
@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// CleanerPlugin 系统痕迹清理插件 - Linus式简化版本
|
||||
@ -18,20 +19,16 @@ import (
|
||||
// - 直接实现清理功能
|
||||
// - 消除不必要的统计和报告结构
|
||||
type CleanerPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewCleanerPlugin 创建系统痕迹清理插件
|
||||
func NewCleanerPlugin() *CleanerPlugin {
|
||||
return &CleanerPlugin{
|
||||
name: "cleaner",
|
||||
BasePlugin: plugins.NewBasePlugin("cleaner"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *CleanerPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行系统痕迹清理 - 直接、简单
|
||||
|
||||
@ -13,6 +13,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// CronTaskPlugin 计划任务持久化插件 - Linus式简化版本
|
||||
@ -22,7 +23,7 @@ import (
|
||||
// - 直接实现持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type CronTaskPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
targetFile string
|
||||
}
|
||||
|
||||
@ -34,15 +35,11 @@ func NewCronTaskPlugin() *CronTaskPlugin {
|
||||
}
|
||||
|
||||
return &CronTaskPlugin{
|
||||
name: "crontask",
|
||||
BasePlugin: plugins.NewBasePlugin("crontask"),
|
||||
targetFile: targetFile,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *CronTaskPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行计划任务持久化 - 直接实现
|
||||
|
||||
@ -12,6 +12,7 @@ import (
|
||||
"github.com/go-ldap/ldap/v3"
|
||||
"github.com/go-ldap/ldap/v3/gssapi"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// DCInfoPlugin 域控信息收集插件 - Linus式简化版本
|
||||
@ -21,7 +22,7 @@ import (
|
||||
// - 直接实现域信息收集功能
|
||||
// - 保持原有功能逻辑
|
||||
type DCInfoPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// DomainInfo 域信息结构
|
||||
@ -34,14 +35,10 @@ type DomainInfo struct {
|
||||
// NewDCInfoPlugin 创建域控信息收集插件
|
||||
func NewDCInfoPlugin() *DCInfoPlugin {
|
||||
return &DCInfoPlugin{
|
||||
name: "dcinfo",
|
||||
BasePlugin: plugins.NewBasePlugin("dcinfo"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *DCInfoPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行域控信息收集 - 直接实现
|
||||
|
||||
@ -12,6 +12,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// DownloaderPlugin 文件下载插件 - Linus式简化版本
|
||||
@ -21,7 +22,7 @@ import (
|
||||
// - 直接实现文件下载功能
|
||||
// - 保持原有功能逻辑
|
||||
type DownloaderPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
downloadURL string
|
||||
savePath string
|
||||
downloadTimeout time.Duration
|
||||
@ -31,7 +32,7 @@ type DownloaderPlugin struct {
|
||||
// NewDownloaderPlugin 创建文件下载插件
|
||||
func NewDownloaderPlugin() *DownloaderPlugin {
|
||||
return &DownloaderPlugin{
|
||||
name: "downloader",
|
||||
BasePlugin: plugins.NewBasePlugin("downloader"),
|
||||
downloadURL: common.DownloadURL,
|
||||
savePath: common.DownloadSavePath,
|
||||
downloadTimeout: 30 * time.Second,
|
||||
@ -39,10 +40,6 @@ func NewDownloaderPlugin() *DownloaderPlugin {
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *DownloaderPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行文件下载任务 - 直接实现
|
||||
|
||||
@ -8,6 +8,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// EnvInfoPlugin 环境变量信息收集插件 - Linus式简化版本
|
||||
@ -17,20 +18,16 @@ import (
|
||||
// - 过滤敏感信息关键词
|
||||
// - 简单有效的实现
|
||||
type EnvInfoPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewEnvInfoPlugin 创建环境变量信息插件
|
||||
func NewEnvInfoPlugin() *EnvInfoPlugin {
|
||||
return &EnvInfoPlugin{
|
||||
name: "envinfo",
|
||||
BasePlugin: plugins.NewBasePlugin("envinfo"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *EnvInfoPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行环境变量收集 - 直接、有效
|
||||
|
||||
@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// FileInfoPlugin 文件信息收集插件 - Linus式简化版本
|
||||
@ -19,20 +20,16 @@ import (
|
||||
// - 没有平台检查(运行时错误更清晰)
|
||||
// - 没有复杂配置(直接硬编码关键路径)
|
||||
type FileInfoPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewFileInfoPlugin 创建文件信息插件
|
||||
func NewFileInfoPlugin() *FileInfoPlugin {
|
||||
return &FileInfoPlugin{
|
||||
name: "fileinfo",
|
||||
BasePlugin: plugins.NewBasePlugin("fileinfo"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *FileInfoPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行本地文件扫描 - 直接、简单、有效
|
||||
|
||||
@ -12,6 +12,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// ForwardShellPlugin 正向Shell插件 - Linus式简化版本
|
||||
@ -21,7 +22,7 @@ import (
|
||||
// - 直接实现Shell服务功能
|
||||
// - 保持原有功能逻辑
|
||||
type ForwardShellPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
port int
|
||||
listener net.Listener
|
||||
}
|
||||
@ -34,15 +35,11 @@ func NewForwardShellPlugin() *ForwardShellPlugin {
|
||||
}
|
||||
|
||||
return &ForwardShellPlugin{
|
||||
name: "forwardshell",
|
||||
BasePlugin: plugins.NewBasePlugin("forwardshell"),
|
||||
port: port,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *ForwardShellPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行正向Shell服务 - 直接实现
|
||||
|
||||
@ -10,6 +10,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// KeyloggerPlugin 键盘记录插件 - Linus式简化版本
|
||||
@ -19,7 +20,7 @@ import (
|
||||
// - 直接实现键盘记录功能
|
||||
// - 保持原有功能逻辑
|
||||
type KeyloggerPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
outputFile string
|
||||
isRunning bool
|
||||
stopChan chan struct{}
|
||||
@ -35,17 +36,13 @@ func NewKeyloggerPlugin() *KeyloggerPlugin {
|
||||
}
|
||||
|
||||
return &KeyloggerPlugin{
|
||||
name: "keylogger",
|
||||
BasePlugin: plugins.NewBasePlugin("keylogger"),
|
||||
outputFile: outputFile,
|
||||
stopChan: make(chan struct{}),
|
||||
keyBuffer: make([]string, 0),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *KeyloggerPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行键盘记录 - 直接实现
|
||||
|
||||
@ -12,6 +12,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// LDPreloadPlugin LD_PRELOAD持久化插件 - Linus式简化版本
|
||||
@ -21,7 +22,7 @@ import (
|
||||
// - 直接实现持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type LDPreloadPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
targetFile string
|
||||
}
|
||||
|
||||
@ -33,15 +34,11 @@ func NewLDPreloadPlugin() *LDPreloadPlugin {
|
||||
}
|
||||
|
||||
return &LDPreloadPlugin{
|
||||
name: "ldpreload",
|
||||
BasePlugin: plugins.NewBasePlugin("ldpreload"),
|
||||
targetFile: targetFile,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *LDPreloadPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行LD_PRELOAD持久化 - 直接实现
|
||||
|
||||
@ -16,6 +16,7 @@ import (
|
||||
|
||||
"golang.org/x/sys/windows"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -61,7 +62,7 @@ type TOKEN_PRIVILEGES struct {
|
||||
// - 直接实现内存转储功能
|
||||
// - 保持原有功能逻辑
|
||||
type MiniDumpPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
kernel32 *syscall.DLL
|
||||
dbghelp *syscall.DLL
|
||||
advapi32 *syscall.DLL
|
||||
@ -77,14 +78,10 @@ type ProcessManager struct {
|
||||
// NewMiniDumpPlugin 创建内存转储插件
|
||||
func NewMiniDumpPlugin() *MiniDumpPlugin {
|
||||
return &MiniDumpPlugin{
|
||||
name: "minidump",
|
||||
BasePlugin: plugins.NewBasePlugin("minidump"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *MiniDumpPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行内存转储 - 直接实现
|
||||
|
||||
@ -13,6 +13,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// ReverseShellPlugin 反弹Shell插件 - Linus式简化版本
|
||||
@ -22,7 +23,7 @@ import (
|
||||
// - 直接实现反弹Shell功能
|
||||
// - 保持原有功能逻辑
|
||||
type ReverseShellPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
target string // 目标地址:端口
|
||||
host string
|
||||
port int
|
||||
@ -48,7 +49,7 @@ func NewReverseShellPlugin() *ReverseShellPlugin {
|
||||
}
|
||||
|
||||
return &ReverseShellPlugin{
|
||||
name: "reverseshell",
|
||||
BasePlugin: plugins.NewBasePlugin("reverseshell"),
|
||||
target: target,
|
||||
host: host,
|
||||
port: port,
|
||||
@ -56,9 +57,6 @@ func NewReverseShellPlugin() *ReverseShellPlugin {
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *ReverseShellPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行反弹Shell - 直接实现
|
||||
|
||||
@ -12,6 +12,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// ShellEnvPlugin Shell环境变量持久化插件 - Linus式简化版本
|
||||
@ -21,7 +22,7 @@ import (
|
||||
// - 直接实现持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type ShellEnvPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
targetFile string
|
||||
}
|
||||
|
||||
@ -33,15 +34,11 @@ func NewShellEnvPlugin() *ShellEnvPlugin {
|
||||
}
|
||||
|
||||
return &ShellEnvPlugin{
|
||||
name: "shellenv",
|
||||
BasePlugin: plugins.NewBasePlugin("shellenv"),
|
||||
targetFile: targetFile,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *ShellEnvPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行Shell环境变量持久化 - 直接实现
|
||||
|
||||
@ -10,6 +10,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// Socks5ProxyPlugin SOCKS5代理插件 - Linus式简化版本
|
||||
@ -19,7 +20,7 @@ import (
|
||||
// - 直接实现SOCKS5代理功能
|
||||
// - 保持原有功能逻辑
|
||||
type Socks5ProxyPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
port int
|
||||
listener net.Listener
|
||||
}
|
||||
@ -33,15 +34,11 @@ func NewSocks5ProxyPlugin() *Socks5ProxyPlugin {
|
||||
}
|
||||
|
||||
return &Socks5ProxyPlugin{
|
||||
name: "socks5proxy",
|
||||
BasePlugin: plugins.NewBasePlugin("socks5proxy"),
|
||||
port: port,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *Socks5ProxyPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行SOCKS5代理扫描 - 直接实现
|
||||
|
||||
@ -12,6 +12,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// SystemdServicePlugin 系统服务持久化插件 - Linus式简化版本
|
||||
@ -21,7 +22,7 @@ import (
|
||||
// - 直接实现系统服务持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type SystemdServicePlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
targetFile string
|
||||
}
|
||||
|
||||
@ -33,15 +34,11 @@ func NewSystemdServicePlugin() *SystemdServicePlugin {
|
||||
}
|
||||
|
||||
return &SystemdServicePlugin{
|
||||
name: "systemdservice",
|
||||
BasePlugin: plugins.NewBasePlugin("systemdservice"),
|
||||
targetFile: targetFile,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *SystemdServicePlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行系统服务持久化 - 直接实现
|
||||
|
||||
@ -10,6 +10,7 @@ import (
|
||||
"os/user"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// SystemInfoPlugin 系统信息收集插件 - Linus式简化版本
|
||||
@ -19,20 +20,16 @@ import (
|
||||
// - 收集基本系统信息
|
||||
// - 跨平台支持,运行时适配
|
||||
type SystemInfoPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewSystemInfoPlugin 创建系统信息插件
|
||||
func NewSystemInfoPlugin() *SystemInfoPlugin {
|
||||
return &SystemInfoPlugin{
|
||||
name: "systeminfo",
|
||||
BasePlugin: plugins.NewBasePlugin("systeminfo"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *SystemInfoPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行系统信息收集 - 直接、简单、有效
|
||||
|
||||
@ -11,6 +11,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// WinRegistryPlugin Windows注册表持久化插件 - Linus式简化版本
|
||||
@ -20,7 +21,7 @@ import (
|
||||
// - 直接实现注册表持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type WinRegistryPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
pePath string
|
||||
}
|
||||
|
||||
@ -32,15 +33,11 @@ func NewWinRegistryPlugin() *WinRegistryPlugin {
|
||||
}
|
||||
|
||||
return &WinRegistryPlugin{
|
||||
name: "winregistry",
|
||||
BasePlugin: plugins.NewBasePlugin("winregistry"),
|
||||
pePath: pePath,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *WinRegistryPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行Windows注册表持久化 - 直接实现
|
||||
|
||||
@ -11,6 +11,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// WinSchTaskPlugin Windows计划任务持久化插件 - Linus式简化版本
|
||||
@ -20,7 +21,7 @@ import (
|
||||
// - 直接实现计划任务持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type WinSchTaskPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
pePath string
|
||||
}
|
||||
|
||||
@ -32,15 +33,11 @@ func NewWinSchTaskPlugin() *WinSchTaskPlugin {
|
||||
}
|
||||
|
||||
return &WinSchTaskPlugin{
|
||||
name: "winschtask",
|
||||
BasePlugin: plugins.NewBasePlugin("winschtask"),
|
||||
pePath: pePath,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *WinSchTaskPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行Windows计划任务持久化 - 直接实现
|
||||
|
||||
@ -11,6 +11,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// WinServicePlugin Windows服务持久化插件 - Linus式简化版本
|
||||
@ -20,7 +21,7 @@ import (
|
||||
// - 直接实现服务持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type WinServicePlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
pePath string
|
||||
}
|
||||
|
||||
@ -32,15 +33,11 @@ func NewWinServicePlugin() *WinServicePlugin {
|
||||
}
|
||||
|
||||
return &WinServicePlugin{
|
||||
name: "winservice",
|
||||
BasePlugin: plugins.NewBasePlugin("winservice"),
|
||||
pePath: pePath,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *WinServicePlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行Windows服务持久化 - 直接实现
|
||||
|
||||
@ -11,6 +11,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// WinStartupPlugin Windows启动文件夹持久化插件 - Linus式简化版本
|
||||
@ -20,7 +21,7 @@ import (
|
||||
// - 直接实现启动文件夹持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type WinStartupPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
pePath string
|
||||
}
|
||||
|
||||
@ -32,15 +33,11 @@ func NewWinStartupPlugin() *WinStartupPlugin {
|
||||
}
|
||||
|
||||
return &WinStartupPlugin{
|
||||
name: "winstartup",
|
||||
BasePlugin: plugins.NewBasePlugin("winstartup"),
|
||||
pePath: pePath,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *WinStartupPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行Windows启动文件夹持久化 - 直接实现
|
||||
|
||||
@ -11,6 +11,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// WinWMIPlugin Windows WMI事件订阅持久化插件 - Linus式简化版本
|
||||
@ -20,7 +21,7 @@ import (
|
||||
// - 直接实现WMI事件订阅持久化功能
|
||||
// - 保持原有功能逻辑
|
||||
type WinWMIPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
pePath string
|
||||
}
|
||||
|
||||
@ -32,15 +33,11 @@ func NewWinWMIPlugin() *WinWMIPlugin {
|
||||
}
|
||||
|
||||
return &WinWMIPlugin{
|
||||
name: "winwmi",
|
||||
BasePlugin: plugins.NewBasePlugin("winwmi"),
|
||||
pePath: pePath,
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *WinWMIPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行Windows WMI事件订阅持久化 - 直接实现
|
||||
|
||||
@ -8,27 +8,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type ActiveMQPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewActiveMQPlugin() *ActiveMQPlugin {
|
||||
return &ActiveMQPlugin{
|
||||
name: "activemq",
|
||||
ports: []int{61616, 61617, 61618, 8161},
|
||||
BasePlugin: plugins.NewBasePlugin("activemq"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *ActiveMQPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *ActiveMQPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *ActiveMQPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -9,27 +9,20 @@ import (
|
||||
|
||||
"github.com/gocql/gocql"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type CassandraPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewCassandraPlugin() *CassandraPlugin {
|
||||
return &CassandraPlugin{
|
||||
name: "cassandra",
|
||||
ports: []int{9042, 9160, 7000, 7001},
|
||||
BasePlugin: plugins.NewBasePlugin("cassandra"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *CassandraPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *CassandraPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *CassandraPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -11,27 +11,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type ElasticsearchPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewElasticsearchPlugin() *ElasticsearchPlugin {
|
||||
return &ElasticsearchPlugin{
|
||||
name: "elasticsearch",
|
||||
ports: []int{9200, 9300},
|
||||
BasePlugin: plugins.NewBasePlugin("elasticsearch"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *ElasticsearchPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *ElasticsearchPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *ElasticsearchPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -13,31 +13,23 @@ import (
|
||||
"unicode"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// FindNetPlugin Windows网络发现插件 - 通过RPC端点映射服务收集网络信息
|
||||
type FindNetPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewFindNetPlugin 创建FindNet插件
|
||||
func NewFindNetPlugin() *FindNetPlugin {
|
||||
return &FindNetPlugin{
|
||||
name: "findnet",
|
||||
ports: []int{135}, // RPC端点映射器端口
|
||||
BasePlugin: plugins.NewBasePlugin("findnet"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *FindNetPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *FindNetPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行FindNet扫描 - Windows网络信息收集
|
||||
func (p *FindNetPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -7,27 +7,20 @@ import (
|
||||
|
||||
ftplib "github.com/jlaffaye/ftp"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type FTPPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewFTPPlugin() *FTPPlugin {
|
||||
return &FTPPlugin{
|
||||
name: "ftp",
|
||||
ports: []int{21, 2121, 990},
|
||||
BasePlugin: plugins.NewBasePlugin("ftp"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *FTPPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *FTPPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *FTPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -7,27 +7,20 @@ import (
|
||||
|
||||
"github.com/IBM/sarama"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type KafkaPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewKafkaPlugin() *KafkaPlugin {
|
||||
return &KafkaPlugin{
|
||||
name: "kafka",
|
||||
ports: []int{9092, 9093, 9094},
|
||||
BasePlugin: plugins.NewBasePlugin("kafka"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *KafkaPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *KafkaPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *KafkaPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -6,27 +6,20 @@ import (
|
||||
|
||||
ldaplib "github.com/go-ldap/ldap/v3"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type LDAPPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewLDAPPlugin() *LDAPPlugin {
|
||||
return &LDAPPlugin{
|
||||
name: "ldap",
|
||||
ports: []int{389, 636, 3268, 3269},
|
||||
BasePlugin: plugins.NewBasePlugin("ldap"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *LDAPPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *LDAPPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *LDAPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -8,27 +8,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type MemcachedPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewMemcachedPlugin() *MemcachedPlugin {
|
||||
return &MemcachedPlugin{
|
||||
name: "memcached",
|
||||
ports: []int{11211, 11212, 11213},
|
||||
BasePlugin: plugins.NewBasePlugin("memcached"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *MemcachedPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *MemcachedPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *MemcachedPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -8,27 +8,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type MongoDBPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewMongoDBPlugin() *MongoDBPlugin {
|
||||
return &MongoDBPlugin{
|
||||
name: "mongodb",
|
||||
ports: []int{27017, 27018, 27019},
|
||||
BasePlugin: plugins.NewBasePlugin("mongodb"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *MongoDBPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *MongoDBPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *MongoDBPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -14,31 +14,23 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// MS17010Plugin MS17-010漏洞检测和利用插件 - 保持完整的原始利用功能
|
||||
type MS17010Plugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewMS17010Plugin 创建MS17010插件
|
||||
func NewMS17010Plugin() *MS17010Plugin {
|
||||
return &MS17010Plugin{
|
||||
name: "ms17010",
|
||||
ports: []int{445}, // SMB端口
|
||||
BasePlugin: plugins.NewBasePlugin("ms17010"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *MS17010Plugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *MS17010Plugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行MS17-010扫描
|
||||
func (p *MS17010Plugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -9,27 +9,20 @@ import (
|
||||
|
||||
_ "github.com/denisenkom/go-mssqldb"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type MSSQLPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewMSSQLPlugin() *MSSQLPlugin {
|
||||
return &MSSQLPlugin{
|
||||
name: "mssql",
|
||||
ports: []int{1433, 1434},
|
||||
BasePlugin: plugins.NewBasePlugin("mssql"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *MSSQLPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *MSSQLPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *MSSQLPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -9,27 +9,20 @@ import (
|
||||
|
||||
_ "github.com/go-sql-driver/mysql"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type MySQLPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewMySQLPlugin() *MySQLPlugin {
|
||||
return &MySQLPlugin{
|
||||
name: "mysql",
|
||||
ports: []int{3306, 3307, 33060},
|
||||
BasePlugin: plugins.NewBasePlugin("mysql"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *MySQLPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *MySQLPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *MySQLPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -9,27 +9,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type Neo4jPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewNeo4jPlugin() *Neo4jPlugin {
|
||||
return &Neo4jPlugin{
|
||||
name: "neo4j",
|
||||
ports: []int{7474, 7687, 7473},
|
||||
BasePlugin: plugins.NewBasePlugin("neo4j"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *Neo4jPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *Neo4jPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *Neo4jPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -9,31 +9,23 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// NetBIOSPlugin NetBIOS名称服务扫描插件 - 收集Windows主机名和域信息
|
||||
type NetBIOSPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewNetBIOSPlugin 创建NetBIOS插件
|
||||
func NewNetBIOSPlugin() *NetBIOSPlugin {
|
||||
return &NetBIOSPlugin{
|
||||
name: "netbios",
|
||||
ports: []int{137, 139}, // NetBIOS名称服务和会话服务端口
|
||||
BasePlugin: plugins.NewBasePlugin("netbios"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *NetBIOSPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *NetBIOSPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行NetBIOS扫描 - 收集Windows主机和域信息
|
||||
func (p *NetBIOSPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -5,27 +5,20 @@ import (
|
||||
"fmt"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type OraclePlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewOraclePlugin() *OraclePlugin {
|
||||
return &OraclePlugin{
|
||||
name: "oracle",
|
||||
ports: []int{1521, 1522, 1525},
|
||||
BasePlugin: plugins.NewBasePlugin("oracle"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *OraclePlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *OraclePlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *OraclePlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
if common.DisableBrute {
|
||||
|
||||
@ -9,27 +9,20 @@ import (
|
||||
|
||||
_ "github.com/lib/pq"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type PostgreSQLPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewPostgreSQLPlugin() *PostgreSQLPlugin {
|
||||
return &PostgreSQLPlugin{
|
||||
name: "postgresql",
|
||||
ports: []int{5432, 5433, 5434},
|
||||
BasePlugin: plugins.NewBasePlugin("postgresql"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *PostgreSQLPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *PostgreSQLPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *PostgreSQLPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -9,27 +9,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type RabbitMQPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewRabbitMQPlugin() *RabbitMQPlugin {
|
||||
return &RabbitMQPlugin{
|
||||
name: "rabbitmq",
|
||||
ports: []int{5672, 15672, 5671},
|
||||
BasePlugin: plugins.NewBasePlugin("rabbitmq"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *RabbitMQPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *RabbitMQPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *RabbitMQPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -8,31 +8,23 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// RDPPlugin RDP远程桌面服务扫描插件 - 弱密码检测和服务识别
|
||||
type RDPPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewRDPPlugin 创建RDP插件
|
||||
func NewRDPPlugin() *RDPPlugin {
|
||||
return &RDPPlugin{
|
||||
name: "rdp",
|
||||
ports: []int{3389}, // RDP端口
|
||||
BasePlugin: plugins.NewBasePlugin("rdp"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *RDPPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *RDPPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行RDP扫描 - 基础服务识别
|
||||
func (p *RDPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -10,31 +10,22 @@ import (
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/common/i18n"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// RedisPlugin Redis数据库扫描和利用插件 - 包含文件写入利用功能
|
||||
type RedisPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewRedisPlugin 创建Redis插件
|
||||
func NewRedisPlugin() *RedisPlugin {
|
||||
return &RedisPlugin{
|
||||
name: "redis",
|
||||
ports: []int{6379, 6380, 6381, 16379, 26379},
|
||||
BasePlugin: plugins.NewBasePlugin("redis"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *RedisPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *RedisPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行Redis扫描 - 未授权访问检测和弱密码检测
|
||||
func (p *RedisPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -9,27 +9,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type RsyncPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewRsyncPlugin() *RsyncPlugin {
|
||||
return &RsyncPlugin{
|
||||
name: "rsync",
|
||||
ports: []int{873},
|
||||
BasePlugin: plugins.NewBasePlugin("rsync"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *RsyncPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *RsyncPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *RsyncPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -6,32 +6,25 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
"github.com/stacktitan/smb/smb"
|
||||
)
|
||||
|
||||
// SmbPlugin SMB弱密码检测插件
|
||||
type SmbPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewSmbPlugin 创建SMB插件
|
||||
func NewSmbPlugin() *SmbPlugin {
|
||||
return &SmbPlugin{
|
||||
name: "smb",
|
||||
ports: []int{445},
|
||||
BasePlugin: plugins.NewBasePlugin("smb"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *SmbPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *SmbPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行SMB扫描
|
||||
func (p *SmbPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -7,31 +7,24 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// Smb2Plugin SMB2弱密码检测插件
|
||||
type Smb2Plugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewSmb2Plugin 创建SMB2插件
|
||||
func NewSmb2Plugin() *Smb2Plugin {
|
||||
return &Smb2Plugin{
|
||||
name: "smb2",
|
||||
ports: []int{445},
|
||||
BasePlugin: plugins.NewBasePlugin("smb2"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *Smb2Plugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *Smb2Plugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行SMB2扫描
|
||||
func (p *Smb2Plugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -8,12 +8,12 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// SmbGhostPlugin CVE-2020-0796 SMB Ghost漏洞检测插件
|
||||
type SmbGhostPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// SMB Ghost 检测数据包
|
||||
@ -104,20 +104,12 @@ const smbGhostPacket = "\x00" + // session
|
||||
// NewSmbGhostPlugin 创建SMB Ghost插件
|
||||
func NewSmbGhostPlugin() *SmbGhostPlugin {
|
||||
return &SmbGhostPlugin{
|
||||
name: "smbghost",
|
||||
ports: []int{445},
|
||||
BasePlugin: plugins.NewBasePlugin("smbghost"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *SmbGhostPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *SmbGhostPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行SMB Ghost漏洞检测
|
||||
func (p *SmbGhostPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -10,31 +10,23 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// SMBInfoPlugin SMB协议信息收集插件 - 收集操作系统和NTLM信息
|
||||
type SMBInfoPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewSMBInfoPlugin 创建SMBInfo插件
|
||||
func NewSMBInfoPlugin() *SMBInfoPlugin {
|
||||
return &SMBInfoPlugin{
|
||||
name: "smbinfo",
|
||||
ports: []int{139, 445}, // SMB端口
|
||||
BasePlugin: plugins.NewBasePlugin("smbinfo"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *SMBInfoPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *SMBInfoPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行SMBInfo扫描 - SMB信息收集
|
||||
func (p *SMBInfoPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -10,27 +10,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type SMTPPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewSMTPPlugin() *SMTPPlugin {
|
||||
return &SMTPPlugin{
|
||||
name: "smtp",
|
||||
ports: []int{25, 465, 587, 2525},
|
||||
BasePlugin: plugins.NewBasePlugin("smtp"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *SMTPPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *SMTPPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *SMTPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -8,27 +8,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type SNMPPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewSNMPPlugin() *SNMPPlugin {
|
||||
return &SNMPPlugin{
|
||||
name: "snmp",
|
||||
ports: []int{161, 162},
|
||||
BasePlugin: plugins.NewBasePlugin("snmp"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *SNMPPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *SNMPPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *SNMPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -12,31 +12,22 @@ import (
|
||||
"golang.org/x/crypto/ssh"
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/common/i18n"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// SSHPlugin SSH扫描和利用插件 - 单文件实现,包含真正的利用功能
|
||||
type SSHPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewSSHPlugin 创建SSH插件
|
||||
func NewSSHPlugin() *SSHPlugin {
|
||||
return &SSHPlugin{
|
||||
name: "ssh",
|
||||
ports: []int{22, 2222, 2200, 22222},
|
||||
BasePlugin: plugins.NewBasePlugin("ssh"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *SSHPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
// GetPorts 实现Plugin接口
|
||||
func (p *SSHPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
// Scan 执行SSH扫描 - 支持密码和密钥认证
|
||||
func (p *SSHPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
|
||||
@ -8,27 +8,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type TelnetPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewTelnetPlugin() *TelnetPlugin {
|
||||
return &TelnetPlugin{
|
||||
name: "telnet",
|
||||
ports: []int{23, 2323},
|
||||
BasePlugin: plugins.NewBasePlugin("telnet"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *TelnetPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *TelnetPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *TelnetPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -10,7 +10,6 @@ import (
|
||||
// 插件接口定义 - 统一命名风格
|
||||
type Plugin interface {
|
||||
Name() string
|
||||
GetPorts() []int
|
||||
Scan(ctx context.Context, info *common.HostInfo) *ScanResult
|
||||
}
|
||||
|
||||
|
||||
@ -10,27 +10,20 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
type VNCPlugin struct {
|
||||
name string
|
||||
ports []int
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
func NewVNCPlugin() *VNCPlugin {
|
||||
return &VNCPlugin{
|
||||
name: "vnc",
|
||||
ports: []int{5900, 5901, 5902, 5903, 5904, 5905, 5906, 5907, 5908, 5909},
|
||||
BasePlugin: plugins.NewBasePlugin("vnc"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *VNCPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *VNCPlugin) GetPorts() []int {
|
||||
return p.ports
|
||||
}
|
||||
|
||||
func (p *VNCPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||
|
||||
@ -5,26 +5,22 @@ import (
|
||||
"fmt"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
"github.com/shadow1ng/fscan/webscan"
|
||||
)
|
||||
|
||||
// WebPocPlugin Web漏洞扫描插件
|
||||
type WebPocPlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewWebPocPlugin 创建Web POC插件
|
||||
func NewWebPocPlugin() *WebPocPlugin {
|
||||
return &WebPocPlugin{
|
||||
name: "webpoc",
|
||||
BasePlugin: plugins.NewBasePlugin("webpoc"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *WebPocPlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行Web POC扫描
|
||||
func (p *WebPocPlugin) Scan(ctx context.Context, info *common.HostInfo) *WebScanResult {
|
||||
|
||||
@ -12,25 +12,21 @@ import (
|
||||
"unicode/utf8"
|
||||
|
||||
"github.com/shadow1ng/fscan/common"
|
||||
"github.com/shadow1ng/fscan/plugins"
|
||||
)
|
||||
|
||||
// WebTitlePlugin Web标题获取插件
|
||||
type WebTitlePlugin struct {
|
||||
name string
|
||||
plugins.BasePlugin
|
||||
}
|
||||
|
||||
// NewWebTitlePlugin 创建WebTitle插件
|
||||
func NewWebTitlePlugin() *WebTitlePlugin {
|
||||
return &WebTitlePlugin{
|
||||
name: "webtitle",
|
||||
BasePlugin: plugins.NewBasePlugin("webtitle"),
|
||||
}
|
||||
}
|
||||
|
||||
// GetName 实现Plugin接口
|
||||
func (p *WebTitlePlugin) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
|
||||
// Scan 执行WebTitle扫描
|
||||
func (p *WebTitlePlugin) Scan(ctx context.Context, info *common.HostInfo) *WebScanResult {
|
||||
|
||||
@ -1,47 +0,0 @@
|
||||
#!/bin/bash
|
||||
cd plugins/services
|
||||
|
||||
# 使用awk清理Exploit函数的通用方法
|
||||
clean_exploit() {
|
||||
local file=$1
|
||||
echo "Cleaning $file..."
|
||||
|
||||
awk '
|
||||
BEGIN {
|
||||
skip = 0
|
||||
brace_count = 0
|
||||
}
|
||||
|
||||
# 检测Exploit函数开始
|
||||
/^func.*Exploit\(/ {
|
||||
skip = 1
|
||||
brace_count = 0
|
||||
next
|
||||
}
|
||||
|
||||
# 在跳过模式下计算花括号
|
||||
skip {
|
||||
brace_count += gsub(/\{/, "&")
|
||||
brace_count -= gsub(/\}/, "&")
|
||||
|
||||
if (brace_count <= 0 && /\}/) {
|
||||
skip = 0
|
||||
next
|
||||
}
|
||||
}
|
||||
|
||||
# 输出非跳过的行
|
||||
!skip { print }
|
||||
' "$file" > "${file}.tmp" && mv "${file}.tmp" "$file"
|
||||
|
||||
echo "✓ $file cleaned"
|
||||
}
|
||||
|
||||
# 清理简单的服务插件
|
||||
for file in ftp.go kafka.go ldap.go rabbitmq.go netbios.go rdp.go smtp.go snmp.go telnet.go vnc.go; do
|
||||
if [ -f "$file" ]; then
|
||||
clean_exploit "$file"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "Batch cleaning completed!"
|
||||
Loading…
Reference in New Issue
Block a user