mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-09-14 14:06:44 +08:00
refactor: 重构Neo4j和Cassandra插件使用统一发包控制
- 修改Neo4j插件,在HTTP连接和服务识别中添加发包控制 - 修改Cassandra插件,在CQL连接和会话创建中添加发包控制 - 统一包计数逻辑,确保TCP连接成功和失败都正确计数 - 保持现有图数据库和分布式数据库检测功能
This commit is contained in:
ZacharyZcR
parent
36f0e5076d
commit
9e9485814d
@ -61,6 +61,12 @@ func (p *CassandraPlugin) Scan(ctx context.Context, info *common.HostInfo) *Scan
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *CassandraPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
|
func (p *CassandraPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
|
||||||
|
// 检查发包限制
|
||||||
|
if canSend, reason := common.CanSendPacket(); !canSend {
|
||||||
|
common.LogError(fmt.Sprintf("Cassandra连接 %s:%s 受限: %s", info.Host, info.Ports, reason))
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
port, err := strconv.Atoi(info.Ports)
|
port, err := strconv.Atoi(info.Ports)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false
|
return false
|
||||||
@ -81,8 +87,10 @@ func (p *CassandraPlugin) testCredential(ctx context.Context, info *common.HostI
|
|||||||
|
|
||||||
session, err := cluster.CreateSession()
|
session, err := cluster.CreateSession()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
common.IncrementTCPFailedPacketCount()
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
common.IncrementTCPSuccessPacketCount()
|
||||||
defer session.Close()
|
defer session.Close()
|
||||||
|
|
||||||
var dummy interface{}
|
var dummy interface{}
|
||||||
@ -94,6 +102,17 @@ func (p *CassandraPlugin) testCredential(ctx context.Context, info *common.HostI
|
|||||||
|
|
||||||
func (p *CassandraPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
|
func (p *CassandraPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||||
|
|
||||||
|
// 检查发包限制
|
||||||
|
if canSend, reason := common.CanSendPacket(); !canSend {
|
||||||
|
common.LogError(fmt.Sprintf("Cassandra识别 %s 受限: %s", target, reason))
|
||||||
|
return &ScanResult{
|
||||||
|
Success: false,
|
||||||
|
Service: "cassandra",
|
||||||
|
Error: fmt.Errorf("发包受限: %s", reason),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
port, err := strconv.Atoi(info.Ports)
|
port, err := strconv.Atoi(info.Ports)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return &ScanResult{
|
return &ScanResult{
|
||||||
@ -111,6 +130,7 @@ func (p *CassandraPlugin) identifyService(ctx context.Context, info *common.Host
|
|||||||
|
|
||||||
session, err := cluster.CreateSession()
|
session, err := cluster.CreateSession()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
common.IncrementTCPFailedPacketCount()
|
||||||
if strings.Contains(strings.ToLower(err.Error()), "authentication") {
|
if strings.Contains(strings.ToLower(err.Error()), "authentication") {
|
||||||
banner := "Cassandra (需要认证)"
|
banner := "Cassandra (需要认证)"
|
||||||
common.LogSuccess(fmt.Sprintf("Cassandra %s %s", target, banner))
|
common.LogSuccess(fmt.Sprintf("Cassandra %s %s", target, banner))
|
||||||
@ -126,6 +146,7 @@ func (p *CassandraPlugin) identifyService(ctx context.Context, info *common.Host
|
|||||||
Error: err,
|
Error: err,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
common.IncrementTCPSuccessPacketCount()
|
||||||
defer session.Close()
|
defer session.Close()
|
||||||
|
|
||||||
banner := "Cassandra"
|
banner := "Cassandra"
|
||||||
|
|||||||
@ -67,6 +67,12 @@ func (p *Neo4jPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResu
|
|||||||
|
|
||||||
|
|
||||||
func (p *Neo4jPlugin) testUnauthorizedAccess(ctx context.Context, info *common.HostInfo) *ScanResult {
|
func (p *Neo4jPlugin) testUnauthorizedAccess(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||||
|
// 检查发包限制
|
||||||
|
if canSend, reason := common.CanSendPacket(); !canSend {
|
||||||
|
common.LogError(fmt.Sprintf("Neo4j未授权检测 %s:%s 受限: %s", info.Host, info.Ports, reason))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
|
baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
|
||||||
|
|
||||||
client := &http.Client{
|
client := &http.Client{
|
||||||
@ -80,8 +86,10 @@ func (p *Neo4jPlugin) testUnauthorizedAccess(ctx context.Context, info *common.H
|
|||||||
|
|
||||||
resp, err := client.Do(req)
|
resp, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
common.IncrementTCPFailedPacketCount()
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
common.IncrementTCPSuccessPacketCount()
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
if resp.StatusCode == 200 {
|
if resp.StatusCode == 200 {
|
||||||
@ -96,6 +104,12 @@ func (p *Neo4jPlugin) testUnauthorizedAccess(ctx context.Context, info *common.H
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p *Neo4jPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
|
func (p *Neo4jPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
|
||||||
|
// 检查发包限制
|
||||||
|
if canSend, reason := common.CanSendPacket(); !canSend {
|
||||||
|
common.LogError(fmt.Sprintf("Neo4j凭据测试 %s:%s 受限: %s", info.Host, info.Ports, reason))
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
|
baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
|
||||||
|
|
||||||
client := &http.Client{
|
client := &http.Client{
|
||||||
@ -112,8 +126,10 @@ func (p *Neo4jPlugin) testCredential(ctx context.Context, info *common.HostInfo,
|
|||||||
|
|
||||||
resp, err := client.Do(req)
|
resp, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
common.IncrementTCPFailedPacketCount()
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
common.IncrementTCPSuccessPacketCount()
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
return resp.StatusCode == 200
|
return resp.StatusCode == 200
|
||||||
@ -127,6 +143,17 @@ func (p *Neo4jPlugin) testCredential(ctx context.Context, info *common.HostInfo,
|
|||||||
|
|
||||||
func (p *Neo4jPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
|
func (p *Neo4jPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
|
||||||
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
||||||
|
|
||||||
|
// 检查发包限制
|
||||||
|
if canSend, reason := common.CanSendPacket(); !canSend {
|
||||||
|
common.LogError(fmt.Sprintf("Neo4j识别 %s 受限: %s", target, reason))
|
||||||
|
return &ScanResult{
|
||||||
|
Success: false,
|
||||||
|
Service: "neo4j",
|
||||||
|
Error: fmt.Errorf("发包受限: %s", reason),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
|
baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
|
||||||
|
|
||||||
client := &http.Client{
|
client := &http.Client{
|
||||||
@ -144,12 +171,14 @@ func (p *Neo4jPlugin) identifyService(ctx context.Context, info *common.HostInfo
|
|||||||
|
|
||||||
resp, err := client.Do(req)
|
resp, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
common.IncrementTCPFailedPacketCount()
|
||||||
return &ScanResult{
|
return &ScanResult{
|
||||||
Success: false,
|
Success: false,
|
||||||
Service: "neo4j",
|
Service: "neo4j",
|
||||||
Error: err,
|
Error: err,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
common.IncrementTCPSuccessPacketCount()
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
var banner string
|
var banner string
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user