增加-ping 参数,作用是存活探测模块用ping代替icmp发包。

2025-09-14 14:06:44 +08:00 · 2020-11-17 14:27:15 +08:00 · 2020-11-17 14:27:15 +08:00 · db028ba0cc
commit db028ba0cc
parent 2026b5f587
6 changed files with 149 additions and 137 deletions
--- a/Plugins/icmp.go
+++ b/Plugins/icmp.go
@ -18,6 +18,8 @@ var icmp ICMP
 var AliveHosts []string
 var SysInfo = GetSys()
 type ICMP struct {
 	Type        uint8
 	Code        uint8
@ -89,7 +91,7 @@ func isping(ip string) bool {
 	conn.SetReadDeadline(time.Time{})
 	if string(recvBuf[0:num]) != "" {
-		fmt.Printf("(ICMP) Target '%s' is alive\n",ip)
+		fmt.Printf("(ICMP) Target '%s' is alive\n", ip)
 		return true
 	}
 	return false
@ -115,60 +117,63 @@ func CheckSum(data []byte) uint16 {
 	return uint16(^sum)
 }
-func IcmpCheck(hostslist []string,IcmpThreads int) {
+func IcmpCheck(hostslist []string, IcmpThreads int) {
 	var wg sync.WaitGroup
 	mutex := &sync.Mutex{}
 	limiter := make(chan int, IcmpThreads)
-	for _,host :=range hostslist{
+	for _, host := range hostslist {
 		wg.Add(1)
 		limiter <- 1
 		go func(host string) {
 			defer wg.Done()
-			if isping(host){
+			if isping(host) {
 				mutex.Lock()
 				AliveHosts = append(AliveHosts, host)
 				mutex.Unlock()
 			}
-			<- limiter
+			<-limiter
 		}(host)
 	}
 	wg.Wait()
 }
-
+func ExecCommandPing(ip string, bsenv string) bool {
-func ExecCommandPing(ip string,bsenv string) bool {
+	var command *exec.Cmd
-	command := exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false")  //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
+	if SysInfo.OS == "windows" {
 		command = exec.Command("cmd", "/c", "ping -n 1 -w 1 "+ip+" && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
 	} else {
 		command = exec.Command(bsenv, "-c", "ping -c 1 -w 1 "+ip+" >/dev/null && echo true || echo false") //ping -c 1 -i 0.5 -t 4 -W 2 -w 5 "+ip+" >/dev/null && echo true || echo false"
 	}
 	outinfo := bytes.Buffer{}
 	command.Stdout = &outinfo
 	err := command.Start()
-	if err != nil{
+	if err != nil {
 		return false
 	}
-
+	if err = command.Wait(); err != nil {
 	if err = command.Wait();err!=nil{
 		return false
-	}else{
+	} else {
-		if(strings.Contains(outinfo.String(), "true")) {
+		if strings.Contains(outinfo.String(), "true") {
 			return true
-		}else {
+		} else {
 			return false
 		}
 	}
 }
-func PingCMDcheck(hostslist []string,bsenv string) {
+func PingCMDcheck(hostslist []string, bsenv string) {
 	var wg sync.WaitGroup
 	mutex := &sync.Mutex{}
 	limiter := make(chan struct{}, 40)
-	for _,host :=range hostslist{
+	for _, host := range hostslist {
 		wg.Add(1)
 		limiter <- struct{}{}
 		go func(host string) {
 			defer wg.Done()
-			if ExecCommandPing(host,bsenv){
+			if ExecCommandPing(host, bsenv) {
 				mutex.Lock()
-				fmt.Printf("(Ping) Target '%s' is alive\n",host)
+				fmt.Printf("(Ping) Target '%s' is alive\n", host)
 				AliveHosts = append(AliveHosts, host)
 				mutex.Unlock()
 			}
@ -177,24 +182,33 @@ func PingCMDcheck(hostslist []string,bsenv string) {
 	}
 	wg.Wait()
 }
 func ICMPRun(hostslist []string, IcmpThreads int, Ping bool) []string {
-func ICMPRun(hostslist []string,IcmpThreads int)  []string{
+	if SysInfo.OS == "windows" {
-	var sysinfo SystemInfo
+		if Ping == false {
-	sysinfo = GetSys()
+			IcmpCheck(hostslist, IcmpThreads)
-
+		} else {
-	if sysinfo.OS == "windows" {
+			PingCMDcheck(hostslist, "")
 		IcmpCheck(hostslist,IcmpThreads)
 	}else if sysinfo.OS == "linux" {
 		if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
 			IcmpCheck(hostslist,IcmpThreads)
 		}else {
 			PingCMDcheck(hostslist,"/bin/bash")
 		}
-	}else if sysinfo.OS == "darwin" {
+	} else if SysInfo.OS == "linux" {
-		if (sysinfo.Groupid == "0" || sysinfo.Userid == "0" || sysinfo.Username == "root") {
+		if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
-			IcmpCheck(hostslist,IcmpThreads)
+			if Ping == false {
-		}else {
+				IcmpCheck(hostslist, IcmpThreads)
-			PingCMDcheck(hostslist,"/usr/local/bin/bash")
+			} else {
 				PingCMDcheck(hostslist, "/bin/bash")
 			}
 		} else {
 			PingCMDcheck(hostslist, "/bin/bash")
 		}
 	} else if SysInfo.OS == "darwin" {
 		if SysInfo.Groupid == "0" || SysInfo.Userid == "0" || SysInfo.Username == "root" {
 			if Ping == false {
 				IcmpCheck(hostslist, IcmpThreads)
 			} else {
 				PingCMDcheck(hostslist, "/usr/local/bin/bash")
 			}
 		} else {
 			PingCMDcheck(hostslist, "/usr/local/bin/bash")
 		}
 	}
 	return AliveHosts
--- a/Plugins/scanner.go
+++ b/Plugins/scanner.go
@ -15,10 +15,8 @@ func scan_func(m map[string]interface{}, name string, infos ...interface{}) (res
 	f := reflect.ValueOf(m[name])
 	if len(infos) != f.Type().NumIn() {
 		err = errors.New("The number of infos is not adapted.")
 		if err != nil {
 		fmt.Println(err.Error())
 	}
 	}
 	in := make([]reflect.Value, len(infos))
 	for k, info := range infos {
 		in[k] = reflect.ValueOf(info)
@ -39,7 +37,7 @@ func Scan(info common.HostInfo) {
 	fmt.Println("scan start")
 	Hosts, _ := common.ParseIP(info.Host, info.HostFile)
 	if info.Isping == false {
-		Hosts = ICMPRun(Hosts, info.IcmpThreads)
+		Hosts = ICMPRun(Hosts, info.IcmpThreads, info.Ping)
 		fmt.Println("icmp alive hosts len is:", len(Hosts))
 	}
 	_, AlivePorts := TCPportScan(Hosts, info.Ports, "icmp", 3) //return AliveHosts,AlivePorts
--- a/Plugins/webtitle.go
+++ b/Plugins/webtitle.go
@ -4,25 +4,24 @@ import (
 	"crypto/tls"
 	"fmt"
 	"github.com/shadow1ng/fscan/WebScan"
 	"github.com/shadow1ng/fscan/common"
 	"io/ioutil"
 	"net/http"
 	"regexp"
 	"sync"
 	"time"
 	"github.com/shadow1ng/fscan/common"
 )
 func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
 	info.Url = fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
 	err, result = geturl(info)
-	if err == nil{
+	if err == nil {
 		WebScan.WebScan(info)
 	}
 	info.Url = fmt.Sprintf("https://%s:%s", info.Host, info.Ports)
 	err, result = geturl(info)
-	if err == nil{
+	if err == nil {
 		WebScan.WebScan(info)
 	}
@ -33,7 +32,6 @@ func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error
 func geturl(info *common.HostInfo) (err error, result string) {
 	url := info.Url
 	info.Timeout = 20
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 	}
--- a/README.md
+++ b/README.md
@ -14,6 +14,7 @@
   因为用习惯了f-scrack，习惯一条命令跑完所有模块，省去一个个模块单独调用的时间，当然我附加了-m 指定模块的功能。
 ## 最近更新
 [+] 2020/11/17 增加-ping 参数,作用是存活探测模块用ping代替icmp发包。 
 [+] 2020/11/17 增加WebScan模块,新增shiro简单识别。https访问时,跳过证书认证。将服务模块和web模块的超时分开,增加-wt 参数(WebTimeout)。    
 [+] 2020/11/16 对icmp模块进行优化,增加-it 参数(IcmpThreads),默认11000,适合扫B段  
 [+] 2020/11/15 支持ip以文件导入,-hs ip.txt,并对去重做了处理
@ -46,7 +47,7 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
  -hf string
        host file, -hs ip.txt
  -it int
-        Icmp Threads nums (default 3000)
+        Icmp Threads nums (default 11000)
  -m string
        Select scan type ,as: -m ssh (default "all")
  -no
@ -57,6 +58,8 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
        Outputfile (default "result.txt")
  -p string
        Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017")
  -ping
        using ping replace icmp
  -pwd string
        password
  -pwdf string
@ -73,6 +76,8 @@ fscan.exe -h 192.168.1.1/24 -m ms17010 (指定模块)
        username
  -userf string
        username file
  -wt int
        Set web timeout (default 3)
 ```
--- a/common/config.go
+++ b/common/config.go
@ -1,17 +1,18 @@
 package common
 //fscan version 1.3
 var Userdict = map[string][]string{
-	"ftp":  {"www","admin","root","db","wwwroot","data","web","ftp"},
+	"ftp":        {"www", "admin", "root", "db", "wwwroot", "data", "web", "ftp"},
 	"mysql":      {"root"},
-	"mssql": {"root","sa"},
+	"mssql":      {"root", "sa"},
-	"smb": {"administrator","guest"},
+	"smb":        {"administrator", "guest"},
-	"postgresql": {"postgres","admin"},
+	"postgresql": {"postgres", "admin"},
-	"ssh": {"root","admin"},
+	"ssh":        {"root", "admin"},
-	"mongodb": {"root","admin"},
+	"mongodb":    {"root", "admin"},
 	//"telnet": []string{"administrator","admin","root","cisco","huawei","zte"},
 }
-var Passwords = []string{"admin123A","admin123","123456","admin","root","password","123123","654321","123","1","admin@123","Admin@123","{user}","{user}123","","P@ssw0rd!","qwa123","12345678","test","123qwe!@#","123456789","123321","666666","fuckyou","000000","1234567890","8888888","qwerty","1qaz2wsx","abc123","abc123456","1qaz@WSX","Aa123456","sysadmin","system","huawei"}
+var Passwords = []string{"admin123A", "admin123", "123456", "admin", "root", "password", "123123", "654321", "123", "1", "admin@123", "Admin@123", "{user}", "{user}123", "", "P@ssw0rd!", "qwa123", "12345678", "test", "123qwe!@#", "123456789", "123321", "666666", "fuckyou", "000000", "1234567890", "8888888", "qwerty", "1qaz2wsx", "abc123", "abc123456", "1qaz@WSX", "Aa123456", "sysadmin", "system", "huawei"}
 var PORTList = map[string]int{
 	"ftp":         21,
@ -24,11 +25,11 @@ var PORTList = map[string]int{
 	"mysql":       3306,
 	"smb":         445,
 	"ms17010":     1000001,
-	"cve20200796":1000002,
+	"cve20200796": 1000002,
 	"webtitle":    1000003,
 	"elastic":     9200,
 	"findnet":     135,
-	"all":0,
+	"all":         0,
 }
 var PORTList_bak = map[string]int{
@ -42,11 +43,11 @@ var PORTList_bak = map[string]int{
 	"mysql":       3306,
 	"smb":         445,
 	"ms17010":     1000001,
-	"cve20200796":1000002,
+	"cve20200796": 1000002,
 	"webtitle":    1000003,
 	"elastic":     9200,
 	"findnet":     135,
-	"all":0,
+	"all":         0,
 }
 var Outputfile = "result.txt"
@ -54,7 +55,6 @@ var IsSave = true
 var DefaultPorts = "21,22,23,80,135,443,445,1433,1521,3306,5432,6379,7001,8080,8089,9000,9200,11211,27017"
 type HostInfo struct {
 	Host        string
 	HostFile    string
@ -63,6 +63,7 @@ type HostInfo struct {
 	Timeout     int64
 	WebTimeout  int64
 	Scantype    string
 	Ping        bool
 	Isping      bool
 	Threads     int
 	IcmpThreads int
@ -78,5 +79,3 @@ type HostInfo struct {
 	RedisFile   string
 	RedisShell  string
 }
--- a/common/flag.go
+++ b/common/flag.go
@ -4,40 +4,38 @@ import (
 	"flag"
 )
-func Banner(){
+func Banner() {
 	banner := `
   ___                              _    
  / _ \     ___  ___ _ __ __ _  ___| | __
- / /_\/____/ __|/ __| '__/ _`+"`"+` |/ __| |/ /
+ / /_\/____/ __|/ __| '__/ _` + "`" + ` |/ __| |/ /
 / /_\\_____\__ \ (__| | | (_| | (__|   <
 \____/     |___/\___|_|  \__,_|\___|_|\_\
 `
 	print(banner)
 }
 func Flag(Info *HostInfo) {
 	Banner()
-	flag.StringVar(&Info.Host,"h","","IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
+	flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
-	flag.StringVar(&Info.HostFile,"hf","","host file, -hs ip.txt")
+	flag.StringVar(&Info.HostFile, "hf", "", "host file, -hs ip.txt")
-	flag.StringVar(&Info.Ports,"p",DefaultPorts,"Select a port,for example: 22 | 1-65535 | 22,80,3306")
+	flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
-	flag.StringVar(&Info.Command,"c","","exec command (ssh)")
+	flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
-	flag.IntVar(&Info.Threads,"t",200,"Thread nums")
+	flag.IntVar(&Info.Threads, "t", 200, "Thread nums")
-	flag.IntVar(&Info.IcmpThreads,"it",11000,"Icmp Threads nums")
+	flag.IntVar(&Info.IcmpThreads, "it", 11000, "Icmp Threads nums")
-	flag.BoolVar(&Info.Isping,"np",false,"not to ping")
+	flag.BoolVar(&Info.Isping, "np", false, "not to ping")
-	flag.BoolVar(&Info.IsSave,"no",false,"not to save output log")
+	flag.BoolVar(&Info.Ping, "ping", false, "using ping replace icmp")
-	flag.StringVar(&Info.Username,"user","","username")
+	flag.BoolVar(&Info.IsSave, "no", false, "not to save output log")
-	flag.StringVar(&Info.Userfile,"userf","","username file")
+	flag.StringVar(&Info.Username, "user", "", "username")
-	flag.StringVar(&Info.Password,"pwd","","password")
+	flag.StringVar(&Info.Userfile, "userf", "", "username file")
-	flag.StringVar(&Info.Passfile,"pwdf","","password file")
+	flag.StringVar(&Info.Password, "pwd", "", "password")
-	flag.StringVar(&Info.Outputfile,"o","result.txt","Outputfile")
+	flag.StringVar(&Info.Passfile, "pwdf", "", "password file")
-	flag.Int64Var(&Info.Timeout,"time",3,"Set timeout")
+	flag.StringVar(&Info.Outputfile, "o", "result.txt", "Outputfile")
-	flag.Int64Var(&Info.WebTimeout,"wt",3,"Set web timeout")
+	flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
-	flag.StringVar(&Info.Scantype,"m","all","Select scan type ,as: -m ssh")
+	flag.Int64Var(&Info.WebTimeout, "wt", 3, "Set web timeout")
-	flag.StringVar(&Info.RedisFile,"rf","","redis file to write sshkey file (as: -rf id_rsa.pub) ")
+	flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
-	flag.StringVar(&Info.RedisShell,"rs","","redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
+	flag.StringVar(&Info.RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
 	flag.StringVar(&Info.RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
 	flag.Parse()
 }