mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

增加-ping 参数,作用是存活探测模块用ping代替icmp发包。

Browse Source
This commit is contained in:
shadow1ng 2020-11-17 14:27:15 +08:00
parent 2026b5f587
commit db028ba0cc
6 changed files with 149 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Plugins/icmp.go
View File

@ -18,6 +18,8 @@ var icmp ICMP
var AliveHosts []string var AliveHosts []string
var SysInfo = GetSys()
type ICMP struct { type ICMP struct {
Type uint8 Type uint8
Code uint8 Code uint8
@ -136,20 +138,23 @@ func IcmpCheck(hostslist []string,IcmpThreads int) {
wg.Wait() wg.Wait()
} }
func ExecCommandPing(ip string, bsenv string) bool { func ExecCommandPing(ip string, bsenv string) bool {
command := exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false" var command *exec.Cmd
if SysInfo.OS == "windows" {
command = exec.Command("cmd", "/c", "ping -n 1 -w 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
} else {
command = exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
}
outinfo := bytes.Buffer{} outinfo := bytes.Buffer{}
command.Stdout = &outinfo command.Stdout = &outinfo
err := command.Start() err := command.Start()
if err != nil { if err != nil {
return false return false
} }
if err = command.Wait(); err != nil { if err = command.Wait(); err != nil {
return false return false
} else { } else {
if(strings.Contains(outinfo.String(), "true")) { if strings.Contains(outinfo.String(), "true") {
return true return true
} else { } else {
return false return false
@ -177,25 +182,34 @@ func PingCMDcheck(hostslist []string,bsenv string) {
} }
wg.Wait() wg.Wait()
} }
func ICMPRun(hostslist []string, IcmpThreads int, Ping bool) []string {
func ICMPRun(hostslist []string,IcmpThreads int) []string{ if SysInfo.OS == "windows" {
var sysinfo SystemInfo if Ping == false {
sysinfo = GetSys()
if sysinfo.OS == "windows" {
IcmpCheck(hostslist, IcmpThreads) IcmpCheck(hostslist, IcmpThreads)
}else if sysinfo.OS == "linux" { } else {
if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") { PingCMDcheck(hostslist, "")
}
} else if SysInfo.OS == "linux" {
if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads) IcmpCheck(hostslist, IcmpThreads)
} else { } else {
PingCMDcheck(hostslist, "/bin/bash") PingCMDcheck(hostslist, "/bin/bash")
} }
}else if sysinfo.OS == "darwin" { } else {
if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") { PingCMDcheck(hostslist, "/bin/bash")
}
} else if SysInfo.OS == "darwin" {
if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
if Ping == false {
IcmpCheck(hostslist, IcmpThreads) IcmpCheck(hostslist, IcmpThreads)
} else { } else {
PingCMDcheck(hostslist, "/usr/local/bin/bash") PingCMDcheck(hostslist, "/usr/local/bin/bash")
} }
} else {
PingCMDcheck(hostslist, "/usr/local/bin/bash")
}
} }
return AliveHosts return AliveHosts
} }

4
Plugins/scanner.go
View File

@ -15,10 +15,8 @@ func scan_func(m map[string]interface{}, name string, infos ...interface{}) (res
f := reflect.ValueOf(m[name]) f := reflect.ValueOf(m[name])
if len(infos) != f.Type().NumIn() { if len(infos) != f.Type().NumIn() {
err = errors.New("The number of infos is not adapted.") err = errors.New("The number of infos is not adapted.")
if err != nil {
fmt.Println(err.Error()) fmt.Println(err.Error())
} }
}
in := make([]reflect.Value, len(infos)) in := make([]reflect.Value, len(infos))
for k, info := range infos { for k, info := range infos {
in[k] = reflect.ValueOf(info) in[k] = reflect.ValueOf(info)
@ -39,7 +37,7 @@ func Scan(info common.HostInfo) {
fmt.Println("scan start") fmt.Println("scan start")
Hosts, _ := common.ParseIP(info.Host, info.HostFile) Hosts, _ := common.ParseIP(info.Host, info.HostFile)
if info.Isping == false { if info.Isping == false {
Hosts = ICMPRun(Hosts, info.IcmpThreads) Hosts = ICMPRun(Hosts, info.IcmpThreads, info.Ping)
fmt.Println("icmp alive hosts len is:", len(Hosts)) fmt.Println("icmp alive hosts len is:", len(Hosts))
} }
_, AlivePorts := TCPportScan(Hosts, info.Ports, "icmp", 3) //return AliveHosts,AlivePorts _, AlivePorts := TCPportScan(Hosts, info.Ports, "icmp", 3) //return AliveHosts,AlivePorts

4
Plugins/webtitle.go
View File

@ -4,13 +4,12 @@ import (
"crypto/tls" "crypto/tls"
"fmt" "fmt"
"github.com/shadow1ng/fscan/WebScan" "github.com/shadow1ng/fscan/WebScan"
"github.com/shadow1ng/fscan/common"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"regexp" "regexp"
"sync" "sync"
"time" "time"
"github.com/shadow1ng/fscan/common"
) )
func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) { func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
@ -33,7 +32,6 @@ func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error
func geturl(info *common.HostInfo) (err error, result string) { func geturl(info *common.HostInfo) (err error, result string) {
url := info.Url url := info.Url
info.Timeout = 20
tr := &http.Transport{ tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
} }

7
README.md
View File

@ -14,6 +14,7 @@
因为用习惯了f-scrack习惯一条命令跑完所有模块省去一个个模块单独调用的时间当然我附加了-m 指定模块的功能。 因为用习惯了f-scrack习惯一条命令跑完所有模块省去一个个模块单独调用的时间当然我附加了-m 指定模块的功能。
## 最近更新 ## 最近更新
[+] 2020/11/17 增加-ping 参数,作用是存活探测模块用ping代替icmp发包。
[+] 2020/11/17 增加WebScan模块,新增shiro简单识别。https访问时,跳过证书认证。将服务模块和web模块的超时分开,增加-wt 参数(WebTimeout)。 [+] 2020/11/17 增加WebScan模块,新增shiro简单识别。https访问时,跳过证书认证。将服务模块和web模块的超时分开,增加-wt 参数(WebTimeout)。
[+] 2020/11/16 对icmp模块进行优化,增加-it 参数(IcmpThreads),默认11000,适合扫B段 [+] 2020/11/16 对icmp模块进行优化,增加-it 参数(IcmpThreads),默认11000,适合扫B段
[+] 2020/11/15 支持ip以文件导入,-hs ip.txt,并对去重做了处理 [+] 2020/11/15 支持ip以文件导入,-hs ip.txt,并对去重做了处理
@ -46,7 +47,7 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
-hf string -hf string
host file, -hs ip.txt host file, -hs ip.txt
-it int -it int
Icmp Threads nums (default 3000) Icmp Threads nums (default 11000)
-m string -m string
Select scan type ,as: -m ssh (default "all") Select scan type ,as: -m ssh (default "all")
-no -no
@ -57,6 +58,8 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
Outputfile (default "result.txt") Outputfile (default "result.txt")
-p string -p string
Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017") Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017")
-ping
using ping replace icmp
-pwd string -pwd string
password password
-pwdf string -pwdf string
@ -73,6 +76,8 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
username username
-userf string -userf string
username file username file
-wt int
Set web timeout (default 3)
``` ```

5
common/config.go
View File

@ -1,4 +1,5 @@
package common package common
//fscan version 1.3 //fscan version 1.3
var Userdict = map[string][]string{ var Userdict = map[string][]string{
"ftp": {"www", "admin", "root", "db", "wwwroot", "data", "web", "ftp"}, "ftp": {"www", "admin", "root", "db", "wwwroot", "data", "web", "ftp"},
@ -54,7 +55,6 @@ var IsSave = true
var DefaultPorts = "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017" var DefaultPorts = "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017"
type HostInfo struct { type HostInfo struct {
Host string Host string
HostFile string HostFile string
@ -63,6 +63,7 @@ type HostInfo struct {
Timeout int64 Timeout int64
WebTimeout int64 WebTimeout int64
Scantype string Scantype string
Ping bool
Isping bool Isping bool
Threads int Threads int
IcmpThreads int IcmpThreads int
@ -78,5 +79,3 @@ type HostInfo struct {
RedisFile string RedisFile string
RedisShell string RedisShell string
} }

4
common/flag.go
View File

@ -16,9 +16,6 @@ func Banner(){
print(banner) print(banner)
} }
func Flag(Info *HostInfo) { func Flag(Info *HostInfo) {
Banner() Banner()
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12") flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
@ -28,6 +25,7 @@ func Flag(Info *HostInfo) {
flag.IntVar(&Info.Threads, "t", 200, "Thread nums") flag.IntVar(&Info.Threads, "t", 200, "Thread nums")
flag.IntVar(&Info.IcmpThreads, "it", 11000, "Icmp Threads nums") flag.IntVar(&Info.IcmpThreads, "it", 11000, "Icmp Threads nums")
flag.BoolVar(&Info.Isping, "np", false, "not to ping") flag.BoolVar(&Info.Isping, "np", false, "not to ping")
flag.BoolVar(&Info.Ping, "ping", false, "using ping replace icmp")
flag.BoolVar(&Info.IsSave, "no", false, "not to save output log") flag.BoolVar(&Info.IsSave, "no", false, "not to save output log")
flag.StringVar(&Info.Username, "user", "", "username") flag.StringVar(&Info.Username, "user", "", "username")
flag.StringVar(&Info.Userfile, "userf", "", "username file") flag.StringVar(&Info.Userfile, "userf", "", "username file")