refactor: 重构Neo4j和Cassandra插件使用统一发包控制

- 修改Neo4j插件，在HTTP连接和服务识别中添加发包控制 - 修改Cassandra插件，在CQL连接和会话创建中添加发包控制 - 统一包计数逻辑，确保TCP连接成功和失败都正确计数 - 保持现有图数据库和分布式数据库检测功能
2025-09-14 14:06:44 +08:00 · 2025-09-02 11:56:23 +00:00 · 2025-09-02 11:56:23 +00:00 · 9e9485814d
commit 9e9485814d
parent 36f0e5076d
2 changed files with 50 additions and 0 deletions
--- a/plugins/services/cassandra.go
+++ b/plugins/services/cassandra.go
@ -61,6 +61,12 @@ func (p *CassandraPlugin) Scan(ctx context.Context, info *common.HostInfo) *Scan
 }

 func (p *CassandraPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("Cassandra连接 %s:%s 受限: %s", info.Host, info.Ports, reason))
+		return false
+	}
+	
 	port, err := strconv.Atoi(info.Ports)
 	if err != nil {
 		return false
@ -81,8 +87,10 @@ func (p *CassandraPlugin) testCredential(ctx context.Context, info *common.HostI

 	session, err := cluster.CreateSession()
 	if err != nil {
+		common.IncrementTCPFailedPacketCount()
 		return false
 	}
+	common.IncrementTCPSuccessPacketCount()
 	defer session.Close()

 	var dummy interface{}
@ -94,6 +102,17 @@ func (p *CassandraPlugin) testCredential(ctx context.Context, info *common.HostI

 func (p *CassandraPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+	
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("Cassandra识别 %s 受限: %s", target, reason))
+		return &ScanResult{
+			Success: false,
+			Service: "cassandra",
+			Error:   fmt.Errorf("发包受限: %s", reason),
+		}
+	}
+	
 	port, err := strconv.Atoi(info.Ports)
 	if err != nil {
 		return &ScanResult{
@ -111,6 +130,7 @@ func (p *CassandraPlugin) identifyService(ctx context.Context, info *common.Host

 	session, err := cluster.CreateSession()
 	if err != nil {
+		common.IncrementTCPFailedPacketCount()
 		if strings.Contains(strings.ToLower(err.Error()), "authentication") {
 			banner := "Cassandra (需要认证)"
 			common.LogSuccess(fmt.Sprintf("Cassandra %s %s", target, banner))
@ -126,6 +146,7 @@ func (p *CassandraPlugin) identifyService(ctx context.Context, info *common.Host
 			Error:   err,
 		}
 	}
+	common.IncrementTCPSuccessPacketCount()
 	defer session.Close()

 	banner := "Cassandra"
--- a/plugins/services/neo4j.go
+++ b/plugins/services/neo4j.go
@ -67,6 +67,12 @@ func (p *Neo4jPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResu


 func (p *Neo4jPlugin) testUnauthorizedAccess(ctx context.Context, info *common.HostInfo) *ScanResult {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("Neo4j未授权检测 %s:%s 受限: %s", info.Host, info.Ports, reason))
+		return nil
+	}
+	
 	baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
 	
 	client := &http.Client{
@ -80,8 +86,10 @@ func (p *Neo4jPlugin) testUnauthorizedAccess(ctx context.Context, info *common.H

 	resp, err := client.Do(req)
 	if err != nil {
+		common.IncrementTCPFailedPacketCount()
 		return nil
 	}
+	common.IncrementTCPSuccessPacketCount()
 	defer resp.Body.Close()

 	if resp.StatusCode == 200 {
@ -96,6 +104,12 @@ func (p *Neo4jPlugin) testUnauthorizedAccess(ctx context.Context, info *common.H
 }

 func (p *Neo4jPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("Neo4j凭据测试 %s:%s 受限: %s", info.Host, info.Ports, reason))
+		return false
+	}
+	
 	baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
 	
 	client := &http.Client{
@ -112,8 +126,10 @@ func (p *Neo4jPlugin) testCredential(ctx context.Context, info *common.HostInfo,

 	resp, err := client.Do(req)
 	if err != nil {
+		common.IncrementTCPFailedPacketCount()
 		return false
 	}
+	common.IncrementTCPSuccessPacketCount()
 	defer resp.Body.Close()

 	return resp.StatusCode == 200
@ -127,6 +143,17 @@ func (p *Neo4jPlugin) testCredential(ctx context.Context, info *common.HostInfo,

 func (p *Neo4jPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+	
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("Neo4j识别 %s 受限: %s", target, reason))
+		return &ScanResult{
+			Success: false,
+			Service: "neo4j",
+			Error:   fmt.Errorf("发包受限: %s", reason),
+		}
+	}
+	
 	baseURL := fmt.Sprintf("http://%s:%s", info.Host, info.Ports)

 	client := &http.Client{
@ -144,12 +171,14 @@ func (p *Neo4jPlugin) identifyService(ctx context.Context, info *common.HostInfo

 	resp, err := client.Do(req)
 	if err != nil {
+		common.IncrementTCPFailedPacketCount()
 		return &ScanResult{
 			Success: false,
 			Service: "neo4j",
 			Error:   err,
 		}
 	}
+	common.IncrementTCPSuccessPacketCount()
 	defer resp.Body.Close()

 	var banner string