package smb import ( "context" "fmt" "time" "github.com/shadow1ng/fscan/plugins/legacy/smb/common" "github.com/shadow1ng/fscan/plugins/legacy/smb/smb1" fscanCommon "github.com/shadow1ng/fscan/common" "github.com/shadow1ng/fscan/common/output" ) // SmbScan 执行SMB1服务的认证扫描(重构版本) func SmbScan(info *fscanCommon.HostInfo) error { if fscanCommon.DisableBrute { return nil } // 创建目标信息 target := &common.TargetInfo{ Host: info.Host, Port: 445, Domain: fscanCommon.Domain, } // 设置全局超时上下文 ctx, cancel := context.WithTimeout(context.Background(), time.Duration(fscanCommon.GlobalTimeout)*time.Second) defer cancel() // 创建连接器、凭据管理器和扫描器 connector := smb1.NewSmb1Connector() credMgr := common.NewPasswordCredentialManager() scanner := common.NewScanner() // 配置扫描参数 config := &common.ScanConfig{ MaxConcurrent: fscanCommon.ModuleThreadNum, Timeout: time.Duration(fscanCommon.Timeout) * time.Second, GlobalTimeout: time.Duration(fscanCommon.GlobalTimeout) * time.Second, } // 执行扫描 result, err := scanner.Scan(ctx, target, connector, credMgr, config) if err != nil { return err } // 处理扫描结果 if result != nil && result.Success { saveSmbResult(info, result.Credential) } return nil } // saveSmbResult 保存SMB扫描结果 func saveSmbResult(info *fscanCommon.HostInfo, cred common.Credential) { target := fmt.Sprintf("%s:%s", info.Host, info.Ports) // 构建结果消息 var successMsg string details := map[string]interface{}{ "port": info.Ports, "service": "smb", "username": cred.Username, "password": cred.Password, "type": "weak-password", } if fscanCommon.Domain != "" { successMsg = fmt.Sprintf("SMB认证成功 %s %s\\%s:%s", target, fscanCommon.Domain, cred.Username, cred.Password) details["domain"] = fscanCommon.Domain } else { successMsg = fmt.Sprintf("SMB认证成功 %s %s:%s", target, cred.Username, cred.Password) } // 记录成功日志 fscanCommon.LogSuccess(successMsg) // 保存结果 result := &output.ScanResult{ Time: time.Now(), Type: output.TypeVuln, Target: info.Host, Status: "vulnerable", Details: details, } fscanCommon.SaveResult(result) }