refactor: 重构VNC和RDP插件使用统一发包控制

- 修改VNC插件，在所有网络连接点添加发包控制和计数 - 修改RDP插件，在testRDPConnection和checkNLAStatus中添加发包控制 - 统一包计数逻辑，确保TCP连接成功和失败都正确计数 - 保持现有远程桌面检测功能完整性
2025-09-14 05:56:46 +08:00 · 2025-09-02 11:50:06 +00:00 · 2025-09-02 11:50:06 +00:00 · d9d0271d5b
commit d9d0271d5b
parent 1febb54fe6
2 changed files with 49 additions and 7 deletions
--- a/plugins/services/rdp.go
+++ b/plugins/services/rdp.go
@ -100,10 +100,18 @@ func (p *RDPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult
 func (p *RDPPlugin) testRDPConnection(ctx context.Context, info *common.HostInfo) bool {
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
 	
-	conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
-	if err != nil {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("RDP连接 %s 受限: %s", target, reason))
 		return false
 	}
+	
+	conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
+	if err != nil {
+		common.IncrementTCPFailedPacketCount()
+		return false
+	}
+	common.IncrementTCPSuccessPacketCount()
 	defer conn.Close()

 	conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
@ -136,13 +144,19 @@ func (p *RDPPlugin) testRDPConnection(ctx context.Context, info *common.HostInfo

 // checkNLAStatus 检查网络级别身份验证状态
 func (p *RDPPlugin) checkNLAStatus(ctx context.Context, info *common.HostInfo) string {
-	// 简化实现，实际需要解析RDP协商响应
+	// 检查发包限制
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("RDP NLA检测 %s 受限: %s", target, reason))
+		return "检测失败"
+	}
 	
 	conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
 	if err != nil {
+		common.IncrementTCPFailedPacketCount()
 		return "检测失败"
 	}
+	common.IncrementTCPSuccessPacketCount()
 	defer conn.Close()

 	conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
--- a/plugins/services/vnc.go
+++ b/plugins/services/vnc.go
@ -70,10 +70,18 @@ func (p *VNCPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult
 func (p *VNCPlugin) testUnauthAccess(ctx context.Context, info *common.HostInfo) *ScanResult {
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
 	
-	conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
-	if err != nil {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("VNC未授权检测 %s 受限: %s", target, reason))
 		return nil
 	}
+	
+	conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
+	if err != nil {
+		common.IncrementTCPFailedPacketCount()
+		return nil
+	}
+	common.IncrementTCPSuccessPacketCount()
 	defer conn.Close()

 	conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
@ -105,10 +113,18 @@ func (p *VNCPlugin) testUnauthAccess(ctx context.Context, info *common.HostInfo)
 func (p *VNCPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
 	
-	conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
-	if err != nil {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("VNC认证测试 %s 受限: %s", target, reason))
 		return false
 	}
+	
+	conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
+	if err != nil {
+		common.IncrementTCPFailedPacketCount()
+		return false
+	}
+	common.IncrementTCPSuccessPacketCount()
 	defer conn.Close()

 	conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
@ -229,14 +245,26 @@ func (p *VNCPlugin) reverseBits(b byte) byte {
 func (p *VNCPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)

+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("VNC识别 %s 受限: %s", target, reason))
+		return &ScanResult{
+			Success: false,
+			Service: "vnc",
+			Error:   fmt.Errorf("发包受限: %s", reason),
+		}
+	}
+
 	conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
 	if err != nil {
+		common.IncrementTCPFailedPacketCount()
 		return &ScanResult{
 			Success: false,
 			Service: "vnc",
 			Error:   err,
 		}
 	}
+	common.IncrementTCPSuccessPacketCount()
 	defer conn.Close()

 	conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))