package Plugins import ( "context" "fmt" "time" smbcommon "github.com/shadow1ng/fscan/plugins/legacy/smb/common" "github.com/shadow1ng/fscan/plugins/legacy/smb/smb1" "github.com/shadow1ng/fscan/common" "github.com/shadow1ng/fscan/common/output" ) // SmbScan 执行SMB1服务的认证扫描(重构版本) func SmbScan(info *common.HostInfo) error { if common.DisableBrute { return nil } // 创建目标信息 target := &smbcommon.TargetInfo{ Host: info.Host, Port: 445, Domain: common.Domain, } // 设置全局超时上下文 ctx, cancel := context.WithTimeout(context.Background(), time.Duration(common.GlobalTimeout)*time.Second) defer cancel() // 创建连接器、凭据管理器和扫描器 connector := smb1.NewSmb1Connector() credMgr := smbcommon.NewPasswordCredentialManager() scanner := smbcommon.NewScanner() // 配置扫描参数 config := &smbcommon.ScanConfig{ MaxConcurrent: common.ModuleThreadNum, Timeout: time.Duration(common.Timeout) * time.Second, GlobalTimeout: time.Duration(common.GlobalTimeout) * time.Second, } // 执行扫描 result, err := scanner.Scan(ctx, target, connector, credMgr, config) if err != nil { return err } // 处理扫描结果 if result != nil && result.Success { saveSmbResult(info, result.Credential) } return nil } // saveSmbResult 保存SMB扫描结果 func saveSmbResult(info *common.HostInfo, cred smbcommon.Credential) { target := fmt.Sprintf("%s:%s", info.Host, info.Ports) // 构建结果消息 var successMsg string details := map[string]interface{}{ "port": info.Ports, "service": "smb", "username": cred.Username, "password": cred.Password, "type": "weak-password", } if common.Domain != "" { successMsg = fmt.Sprintf("SMB认证成功 %s %s\\%s:%s", target, common.Domain, cred.Username, cred.Password) details["domain"] = common.Domain } else { successMsg = fmt.Sprintf("SMB认证成功 %s %s:%s", target, cred.Username, cred.Password) } // 记录成功日志 common.LogSuccess(successMsg) // 保存结果 result := &output.ScanResult{ Time: time.Now(), Type: output.TypeVuln, Target: info.Host, Status: "vulnerable", Details: details, } common.SaveResult(result) }