mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

增加-ping 参数,作用是存活探测模块用ping代替icmp发包。

Browse Source
This commit is contained in:
shadow1ng 2020-11-17 14:27:15 +08:00
parent 2026b5f587
commit db028ba0cc
6 changed files with 149 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
Plugins/icmp.go
View File

@ -18,6 +18,8 @@ var icmp ICMP
var AliveHosts []string
var SysInfo = GetSys()
type ICMP struct {
Type uint8
Code uint8
@ -27,13 +29,13 @@ type ICMP struct {
}
type SystemInfo struct {
OS string
ARCH string
HostName string
Groupid string
Userid string
Username string
UserHomeDir string
OS string
ARCH string
HostName string
Groupid string
Userid string
Username string
UserHomeDir string
}
func GetSys() SystemInfo {
@ -89,7 +91,7 @@ func isping(ip string) bool {
conn.SetReadDeadline(time.Time{})
if string(recvBuf[0:num]) != "" {
fmt.Printf("(ICMP) Target '%s' is alive\n",ip)
fmt.Printf("(ICMP) Target '%s' is alive\n", ip)
return true
}
return false
@ -115,60 +117,63 @@ func CheckSum(data []byte) uint16 {
return uint16(^sum)
}
func IcmpCheck(hostslist []string,IcmpThreads int) {
func IcmpCheck(hostslist []string, IcmpThreads int) {
var wg sync.WaitGroup
mutex := &sync.Mutex{}
limiter := make(chan int, IcmpThreads)
for _,host :=range hostslist{
for _, host := range hostslist {
wg.Add(1)
limiter <- 1
go func(host string) {
defer wg.Done()
if isping(host){
if isping(host) {
mutex.Lock()
AliveHosts = append(AliveHosts, host)
mutex.Unlock()
}
<- limiter
<-limiter
}(host)
}
wg.Wait()
}
func ExecCommandPing(ip string,bsenv string) bool {
command := exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
func ExecCommandPing(ip string, bsenv string) bool {
var command *exec.Cmd
if SysInfo.OS == "windows" {
command = exec.Command("cmd", "/c", "ping -n 1 -w 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
} else {
command = exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
}
outinfo := bytes.Buffer{}
command.Stdout = &outinfo
err := command.Start()
if err != nil{
if err != nil {
return false
}
if err = command.Wait();err!=nil{
if err = command.Wait(); err != nil {
return false
}else{
if(strings.Contains(outinfo.String(), "true")) {
} else {
if strings.Contains(outinfo.String(), "true") {
return true
}else {
} else {
return false
}
}
}
func PingCMDcheck(hostslist []string,bsenv string) {
func PingCMDcheck(hostslist []string, bsenv string) {
var wg sync.WaitGroup
mutex := &sync.Mutex{}
limiter := make(chan struct{}, 40)
for _,host :=range hostslist{
for _, host := range hostslist {
wg.Add(1)
limiter <- struct{}{}
go func(host string) {
defer wg.Done()
if ExecCommandPing(host,bsenv){
if ExecCommandPing(host, bsenv) {
mutex.Lock()
fmt.Printf("(Ping) Target '%s' is alive\n",host)
fmt.Printf("(Ping) Target '%s' is alive\n", host)
AliveHosts = append(AliveHosts, host)
mutex.Unlock()
}
@ -177,24 +182,33 @@ func PingCMDcheck(hostslist []string,bsenv string) {
}
wg.Wait()
}
func ICMPRun(hostslist []string, IcmpThreads int, Ping bool) []string {
func ICMPRun(hostslist []string,IcmpThreads int) []string{
var sysinfo SystemInfo
sysinfo = GetSys()
if sysinfo.OS == "windows" {
IcmpCheck(hostslist,IcmpThreads)
}else if sysinfo.OS == "linux" {
if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
IcmpCheck(hostslist,IcmpThreads)
}else {
PingCMDcheck(hostslist,"/bin/bash")
if SysInfo.OS == "windows" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
} else {
PingCMDcheck(hostslist, "")
}
}else if sysinfo.OS == "darwin" {
if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
IcmpCheck(hostslist,IcmpThreads)
}else {
PingCMDcheck(hostslist,"/usr/local/bin/bash")
} else if SysInfo.OS == "linux" {
if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
} else {
PingCMDcheck(hostslist, "/bin/bash")
}
} else {
PingCMDcheck(hostslist, "/bin/bash")
}
} else if SysInfo.OS == "darwin" {
if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads)
} else {
PingCMDcheck(hostslist, "/usr/local/bin/bash")
}
} else {
PingCMDcheck(hostslist, "/usr/local/bin/bash")
}
}
return AliveHosts

6
Plugins/scanner.go
View File

@ -15,9 +15,7 @@ func scan_func(m map[string]interface{}, name string, infos ...interface{}) (res
f := reflect.ValueOf(m[name])
if len(infos) != f.Type().NumIn() {
err = errors.New("The number of infos is not adapted.")
if err != nil {
fmt.Println(err.Error())
}
fmt.Println(err.Error())
}
in := make([]reflect.Value, len(infos))
for k, info := range infos {
@ -39,7 +37,7 @@ func Scan(info common.HostInfo) {
fmt.Println("scan start")
Hosts, _ := common.ParseIP(info.Host, info.HostFile)
if info.Isping == false {
Hosts = ICMPRun(Hosts, info.IcmpThreads)
Hosts = ICMPRun(Hosts, info.IcmpThreads, info.Ping)
fmt.Println("icmp alive hosts len is:", len(Hosts))
}
_, AlivePorts := TCPportScan(Hosts, info.Ports, "icmp", 3) //return AliveHosts,AlivePorts

8
Plugins/webtitle.go
View File

@ -4,25 +4,24 @@ import (
"crypto/tls"
"fmt"
"github.com/shadow1ng/fscan/WebScan"
"github.com/shadow1ng/fscan/common"
"io/ioutil"
"net/http"
"regexp"
"sync"
"time"
"github.com/shadow1ng/fscan/common"
)
func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
info.Url = fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
err, result = geturl(info)
if err == nil{
if err == nil {
WebScan.WebScan(info)
}
info.Url = fmt.Sprintf("https://%s:%s", info.Host, info.Ports)
err, result = geturl(info)
if err == nil{
if err == nil {
WebScan.WebScan(info)
}
@ -33,7 +32,6 @@ func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error
func geturl(info *common.HostInfo) (err error, result string) {
url := info.Url
info.Timeout = 20
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

7
README.md
View File

@ -14,6 +14,7 @@
因为用习惯了f-scrack习惯一条命令跑完所有模块省去一个个模块单独调用的时间当然我附加了-m 指定模块的功能。
## 最近更新
[+] 2020/11/17 增加-ping 参数,作用是存活探测模块用ping代替icmp发包。
[+] 2020/11/17 增加WebScan模块,新增shiro简单识别。https访问时,跳过证书认证。将服务模块和web模块的超时分开,增加-wt 参数(WebTimeout)。
[+] 2020/11/16 对icmp模块进行优化,增加-it 参数(IcmpThreads),默认11000,适合扫B段
[+] 2020/11/15 支持ip以文件导入,-hs ip.txt,并对去重做了处理
@ -46,7 +47,7 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
-hf string
host file, -hs ip.txt
-it int
Icmp Threads nums (default 3000)
Icmp Threads nums (default 11000)
-m string
Select scan type ,as: -m ssh (default "all")
-no
@ -57,6 +58,8 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
Outputfile (default "result.txt")
-p string
Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017")
-ping
using ping replace icmp
-pwd string
password
-pwdf string
@ -73,6 +76,8 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
username
-userf string
username file
-wt int
Set web timeout (default 3)
```

121
common/config.go
View File

@ -1,52 +1,53 @@
package common
//fscan version 1.3
var Userdict = map[string][]string{
"ftp": {"www","admin","root","db","wwwroot","data","web","ftp"},
"mysql": {"root"},
"mssql": {"root","sa"},
"smb": {"administrator","guest"},
"postgresql": {"postgres","admin"},
"ssh": {"root","admin"},
"mongodb": {"root","admin"},
"ftp": {"www", "admin", "root", "db", "wwwroot", "data", "web", "ftp"},
"mysql": {"root"},
"mssql": {"root", "sa"},
"smb": {"administrator", "guest"},
"postgresql": {"postgres", "admin"},
"ssh": {"root", "admin"},
"mongodb": {"root", "admin"},
//"telnet": []string{"administrator","admin","root","cisco","huawei","zte"},
}
var Passwords = []string{"admin123A","admin123","123456","admin","root","password","123123","654321","123","1","admin@123","Admin@123","{user}","{user}123","","P@ssw0rd!","qwa123","12345678","test","123qwe!@#","123456789","123321","666666","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1qaz@WSX","Aa123456","sysadmin","system","huawei"}
var Passwords = []string{"admin123A", "admin123", "123456", "admin", "root", "password", "123123", "654321", "123", "1", "admin@123", "Admin@123", "{user}", "{user}123", "", "P@ssw0rd!", "qwa123", "12345678", "test", "123qwe!@#", "123456789", "123321", "666666", "fuckyou", "000000", "1234567890", "8888888", "qwerty", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "Aa123456", "sysadmin", "system", "huawei"}
var PORTList = map[string]int{
"ftp": 21,
"ssh": 22,
"mem": 11211,
"mgo": 27017,
"mssql": 1433,
"psql": 5432,
"redis": 6379,
"mysql": 3306,
"smb": 445,
"ms17010": 1000001,
"cve20200796":1000002,
"webtitle": 1000003,
"elastic": 9200,
"findnet": 135,
"all":0,
"ftp": 21,
"ssh": 22,
"mem": 11211,
"mgo": 27017,
"mssql": 1433,
"psql": 5432,
"redis": 6379,
"mysql": 3306,
"smb": 445,
"ms17010": 1000001,
"cve20200796": 1000002,
"webtitle": 1000003,
"elastic": 9200,
"findnet": 135,
"all": 0,
}
var PORTList_bak = map[string]int{
"ftp": 21,
"ssh": 22,
"mem": 11211,
"mgo": 27017,
"mssql": 1433,
"psql": 5432,
"redis": 6379,
"mysql": 3306,
"smb": 445,
"ms17010": 1000001,
"cve20200796":1000002,
"webtitle": 1000003,
"elastic": 9200,
"findnet": 135,
"all":0,
"ftp": 21,
"ssh": 22,
"mem": 11211,
"mgo": 27017,
"mssql": 1433,
"psql": 5432,
"redis": 6379,
"mysql": 3306,
"smb": 445,
"ms17010": 1000001,
"cve20200796": 1000002,
"webtitle": 1000003,
"elastic": 9200,
"findnet": 135,
"all": 0,
}
var Outputfile = "result.txt"
@ -54,29 +55,27 @@ var IsSave = true
var DefaultPorts = "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017"
type HostInfo struct {
Host string
HostFile string
Ports string
Url string
Timeout int64
WebTimeout int64
Scantype string
Isping bool
Threads int
Host string
HostFile string
Ports string
Url string
Timeout int64
WebTimeout int64
Scantype string
Ping bool
Isping bool
Threads int
IcmpThreads int
Command string
Username string
Password string
Userfile string
Passfile string
Usernames []string
Passwords []string
Outputfile string
IsSave bool
RedisFile string
RedisShell string
Command string
Username string
Password string
Userfile string
Passfile string
Usernames []string
Passwords []string
Outputfile string
IsSave bool
RedisFile string
RedisShell string
}

48
common/flag.go
View File

@ -4,40 +4,38 @@ import (
"flag"
)
func Banner(){
func Banner() {
banner := `
___ _
/ _ \ ___ ___ _ __ __ _ ___| | __
/ /_\/____/ __|/ __| '__/ _`+"`"+` |/ __| |/ /
/ /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ /
/ /_\\_____\__ \ (__| | | (_| | (__| <
\____/ |___/\___|_| \__,_|\___|_|\_\
`
print(banner)
}
func Flag(Info *HostInfo) {
func Flag(Info *HostInfo) {
Banner()
flag.StringVar(&Info.Host,"h","","IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&Info.HostFile,"hf","","host file, -hs ip.txt")
flag.StringVar(&Info.Ports,"p",DefaultPorts,"Select a port,for example: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&Info.Command,"c","","exec command (ssh)")
flag.IntVar(&Info.Threads,"t",200,"Thread nums")
flag.IntVar(&Info.IcmpThreads,"it",11000,"Icmp Threads nums")
flag.BoolVar(&Info.Isping,"np",false,"not to ping")
flag.BoolVar(&Info.IsSave,"no",false,"not to save output log")
flag.StringVar(&Info.Username,"user","","username")
flag.StringVar(&Info.Userfile,"userf","","username file")
flag.StringVar(&Info.Password,"pwd","","password")
flag.StringVar(&Info.Passfile,"pwdf","","password file")
flag.StringVar(&Info.Outputfile,"o","result.txt","Outputfile")
flag.Int64Var(&Info.Timeout,"time",3,"Set timeout")
flag.Int64Var(&Info.WebTimeout,"wt",3,"Set web timeout")
flag.StringVar(&Info.Scantype,"m","all","Select scan type ,as: -m ssh")
flag.StringVar(&Info.RedisFile,"rf","","redis file to write sshkey file (as: -rf id_rsa.pub) ")
flag.StringVar(&Info.RedisShell,"rs","","redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&Info.HostFile, "hf", "", "host file, -hs ip.txt")
flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
flag.IntVar(&Info.Threads, "t", 200, "Thread nums")
flag.IntVar(&Info.IcmpThreads, "it", 11000, "Icmp Threads nums")
flag.BoolVar(&Info.Isping, "np", false, "not to ping")
flag.BoolVar(&Info.Ping, "ping", false, "using ping replace icmp")
flag.BoolVar(&Info.IsSave, "no", false, "not to save output log")
flag.StringVar(&Info.Username, "user", "", "username")
flag.StringVar(&Info.Userfile, "userf", "", "username file")
flag.StringVar(&Info.Password, "pwd", "", "password")
flag.StringVar(&Info.Passfile, "pwdf", "", "password file")
flag.StringVar(&Info.Outputfile, "o", "result.txt", "Outputfile")
flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
flag.Int64Var(&Info.WebTimeout, "wt", 3, "Set web timeout")
flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
flag.StringVar(&Info.RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
flag.StringVar(&Info.RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
flag.Parse()
}
}