mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
2703ddd9ed
fscan/plugins/services/postgresql/plugin.go
ZacharyZcR 4a3f281b6b refactor: 统一Plugins目录大小写为小写 
- 将所有Plugins路径重命名为plugins
- 修复Git索引与实际文件系统大小写不一致问题
- 确保跨平台兼容性和路径一致性
2025-08-12 13:08:06 +08:00

200 lines
5.6 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package postgresql
import (
"context"
"fmt"
"strings"
"github.com/shadow1ng/fscan/common"
"github.com/shadow1ng/fscan/common/i18n"
"github.com/shadow1ng/fscan/plugins/base"
)
// PostgreSQLPlugin PostgreSQL插件实现
type PostgreSQLPlugin struct {
*base.ServicePlugin
exploiter *PostgreSQLExploiter
}
// NewPostgreSQLPlugin 创建PostgreSQL插件
func NewPostgreSQLPlugin() *PostgreSQLPlugin {
// 插件元数据
metadata := &base.PluginMetadata{
Name: "postgresql",
Version: "2.0.0",
Author: "fscan-team",
Description: "PostgreSQL数据库扫描和利用插件",
Category: "service",
Ports: []int{5432}, // 默认PostgreSQL端口
Protocols: []string{"tcp"},
Tags: []string{"postgresql", "postgres", "database", "weak-password"},
}
// 创建连接器和服务插件
connector := NewPostgreSQLConnector()
servicePlugin := base.NewServicePlugin(metadata, connector)
// 创建PostgreSQL插件
plugin := &PostgreSQLPlugin{
ServicePlugin: servicePlugin,
exploiter: NewPostgreSQLExploiter(),
}
// 设置能力
plugin.SetCapabilities([]base.Capability{
base.CapWeakPassword,
base.CapDataExtraction,
})
return plugin
}
// Scan 重写扫描方法进行PostgreSQL服务扫描
func (p *PostgreSQLPlugin) Scan(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
// 如果禁用了暴力破解,只进行服务识别
if common.DisableBrute {
return p.performServiceIdentification(ctx, info)
}
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 生成凭据进行暴力破解
credentials := p.generateCredentials()
// 遍历凭据进行测试
for _, cred := range credentials {
result, err := p.ScanCredential(ctx, info, cred)
if err == nil && result.Success {
// 认证成功
common.LogSuccess(i18n.GetText("postgresql_auth_success", target, cred.Username, cred.Password))
return &base.ScanResult{
Success: true,
Service: "PostgreSQL",
Credentials: []*base.Credential{cred},
Banner: result.Banner,
Extra: map[string]interface{}{
"service": "PostgreSQL",
"port": info.Ports,
"username": cred.Username,
"password": cred.Password,
"type": "weak-password",
},
}, nil
}
}
// 所有凭据都失败但可能识别到了PostgreSQL服务
return p.performServiceIdentification(ctx, info)
}
// generateCredentials 生成PostgreSQL凭据
func (p *PostgreSQLPlugin) generateCredentials() []*base.Credential {
var credentials []*base.Credential
// 获取PostgreSQL用户名字典
usernames := common.Userdict["postgresql"]
if len(usernames) == 0 {
usernames = []string{"postgres", "admin", "administrator", "root", "user"}
}
// 获取密码字典
passwords := common.Passwords
if len(passwords) == 0 {
passwords = []string{"", "postgres", "admin", "password", "123456", "root"}
}
// 生成用户名密码组合
for _, username := range usernames {
for _, password := range passwords {
// 替换密码中的用户名占位符
actualPassword := strings.Replace(password, "{user}", username, -1)
credentials = append(credentials, &base.Credential{
Username: username,
Password: actualPassword,
})
}
}
return credentials
}
// Exploit 使用exploiter执行利用
func (p *PostgreSQLPlugin) Exploit(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
return p.exploiter.Exploit(ctx, info, creds)
}
// GetExploitMethods 获取利用方法
func (p *PostgreSQLPlugin) GetExploitMethods() []base.ExploitMethod {
return p.exploiter.GetExploitMethods()
}
// IsExploitSupported 检查利用支持
func (p *PostgreSQLPlugin) IsExploitSupported(method base.ExploitType) bool {
return p.exploiter.IsExploitSupported(method)
}
// performServiceIdentification 执行PostgreSQL服务识别-nobr模式
func (p *PostgreSQLPlugin) performServiceIdentification(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 尝试识别PostgreSQL服务
connector := NewPostgreSQLConnector()
conn, err := connector.Connect(ctx, info)
if err == nil && conn != nil {
if pgConn, ok := conn.(*PostgreSQLConnection); ok {
// 记录服务识别成功
common.LogSuccess(i18n.GetText("postgresql_service_identified", target, pgConn.info))
connector.Close(conn)
return &base.ScanResult{
Success: true,
Service: "PostgreSQL",
Banner: pgConn.info,
Extra: map[string]interface{}{
"service": "PostgreSQL",
"port": info.Ports,
"info": pgConn.info,
},
}, nil
}
}
// 如果无法识别为PostgreSQL返回失败
return &base.ScanResult{
Success: false,
Error: fmt.Errorf("无法识别为PostgreSQL服务"),
}, nil
}
// =============================================================================
// 插件注册
// =============================================================================
// RegisterPostgreSQLPlugin 注册PostgreSQL插件
func RegisterPostgreSQLPlugin() {
factory := base.NewSimplePluginFactory(
&base.PluginMetadata{
Name: "postgresql",
Version: "2.0.0",
Author: "fscan-team",
Description: "PostgreSQL数据库扫描和利用插件",
Category: "service",
Ports: []int{5432}, // 默认PostgreSQL端口
Protocols: []string{"tcp"},
Tags: []string{"postgresql", "postgres", "database", "weak-password"},
},
func() base.Plugin {
return NewPostgreSQLPlugin()
},
)
base.GlobalPluginRegistry.Register("postgresql", factory)
}
// 自动注册
func init() {
RegisterPostgreSQLPlugin()
}
Reference in New Issue View Git Blame Copy Permalink