fscan/Plugins/services/smtp/plugin.go

package smtp

import (
	"context"
	"fmt"
	"strings"

	"github.com/shadow1ng/fscan/common"
	"github.com/shadow1ng/fscan/common/i18n"
	"github.com/shadow1ng/fscan/plugins/base"
)

// SMTPPlugin SMTP插件实现
type SMTPPlugin struct {
	*base.ServicePlugin
	exploiter *SMTPExploiter
}

// NewSMTPPlugin 创建SMTP插件
func NewSMTPPlugin() *SMTPPlugin {
	// 插件元数据
	metadata := &base.PluginMetadata{
		Name:        "smtp",
		Version:     "2.0.0",
		Author:      "fscan-team",
		Description: "SMTP邮件服务扫描插件",
		Category:    "service",
		Ports:       []int{25, 465, 587}, // SMTP端口、SMTPS端口、MSA端口
		Protocols:   []string{"tcp"},
		Tags:        []string{"smtp", "email", "weak-password", "unauthorized-access"},
	}
	
	// 创建连接器和服务插件
	connector := NewSMTPConnector()
	servicePlugin := base.NewServicePlugin(metadata, connector)
	
	// 创建SMTP插件
	plugin := &SMTPPlugin{
		ServicePlugin: servicePlugin,
		exploiter:     NewSMTPExploiter(),
	}
	
	// 设置能力
	plugin.SetCapabilities([]base.Capability{
		base.CapWeakPassword,
		base.CapUnauthorized,
	})
	
	return plugin
}

// Scan 重写扫描方法，进行SMTP服务扫描
func (p *SMTPPlugin) Scan(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
	// 如果禁用了暴力破解，只进行服务识别
	if common.DisableBrute {
		return p.performServiceIdentification(ctx, info)
	}
	
	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
	
	// 首先尝试匿名访问
	anonymousCred := &base.Credential{Username: "", Password: ""}
	result, err := p.ScanCredential(ctx, info, anonymousCred)
	if err == nil && result.Success {
		// 匿名访问成功
		common.LogSuccess(i18n.GetText("smtp_anonymous_success", target))
		
		return &base.ScanResult{
			Success:     true,
			Service:     "SMTP",
			Credentials: []*base.Credential{anonymousCred},
			Banner:      result.Banner,
			Extra: map[string]interface{}{
				"service": "SMTP",
				"port":    info.Ports,
				"type":    "anonymous-access",
			},
		}, nil
	}
	
	// 优先尝试默认凭据
	defaultCredentials := []*base.Credential{
		{Username: "admin", Password: "admin123"},
		{Username: "test", Password: "123456"},
		{Username: "root", Password: "root123"},
		{Username: "mail", Password: "mail123"},
		{Username: "postmaster", Password: "postmaster"},
	}
	
	// 先测试默认凭据
	for _, cred := range defaultCredentials {
		result, err := p.ScanCredential(ctx, info, cred)
		if err == nil && result.Success {
			// 认证成功
			common.LogSuccess(i18n.GetText("smtp_weak_pwd_success", target, cred.Username, cred.Password))
			
			return &base.ScanResult{
				Success:     true,
				Service:     "SMTP",
				Credentials: []*base.Credential{cred},
				Banner:      result.Banner,
				Extra: map[string]interface{}{
					"service":  "SMTP",
					"port":     info.Ports,
					"username": cred.Username,
					"password": cred.Password,
					"type":     "default-credentials",
				},
			}, nil
		}
	}
	
	// 生成其他凭据进行暴力破解
	credentials := p.generateCredentials()
	
	// 遍历凭据进行测试
	for _, cred := range credentials {
		result, err := p.ScanCredential(ctx, info, cred)
		if err == nil && result.Success {
			// 认证成功
			common.LogSuccess(i18n.GetText("smtp_weak_pwd_success", target, cred.Username, cred.Password))
			
			return &base.ScanResult{
				Success:     true,
				Service:     "SMTP",
				Credentials: []*base.Credential{cred},
				Banner:      result.Banner,
				Extra: map[string]interface{}{
					"service":  "SMTP",
					"port":     info.Ports,
					"username": cred.Username,
					"password": cred.Password,
					"type":     "weak-password",
				},
			}, nil
		}
	}
	
	// 所有凭据都失败，但可能识别到了SMTP服务
	return p.performServiceIdentification(ctx, info)
}

// generateCredentials 生成SMTP凭据
func (p *SMTPPlugin) generateCredentials() []*base.Credential {
	var credentials []*base.Credential
	
	// 获取SMTP用户名字典
	usernames := common.Userdict["smtp"]
	if len(usernames) == 0 {
		usernames = []string{"admin", "root", "mail", "postmaster", "user", "test", "smtp"}
	}
	
	// 获取密码字典
	passwords := common.Passwords
	if len(passwords) == 0 {
		passwords = []string{"", "admin", "password", "123456", "admin123", "root123", "mail123", "postmaster", "smtp"}
	}
	
	// 生成用户名密码组合
	for _, username := range usernames {
		for _, password := range passwords {
			// 替换密码中的用户名占位符
			actualPassword := strings.Replace(password, "{user}", username, -1)
			
			credentials = append(credentials, &base.Credential{
				Username: username,
				Password: actualPassword,
			})
		}
	}
	
	return credentials
}

// Exploit 使用exploiter执行利用
func (p *SMTPPlugin) Exploit(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
	return p.exploiter.Exploit(ctx, info, creds)
}

// GetExploitMethods 获取利用方法
func (p *SMTPPlugin) GetExploitMethods() []base.ExploitMethod {
	return p.exploiter.GetExploitMethods()
}

// IsExploitSupported 检查利用支持
func (p *SMTPPlugin) IsExploitSupported(method base.ExploitType) bool {
	return p.exploiter.IsExploitSupported(method)
}

// performServiceIdentification 执行SMTP服务识别（-nobr模式）
func (p *SMTPPlugin) performServiceIdentification(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
	
	// 尝试识别SMTP服务
	connector := NewSMTPConnector()
	conn, err := connector.Connect(ctx, info)
	
	if err == nil && conn != nil {
		if smtpConn, ok := conn.(*SMTPConnection); ok {
			// 记录服务识别成功
			common.LogSuccess(i18n.GetText("smtp_service_identified", target, smtpConn.info))
			
			connector.Close(conn)
			return &base.ScanResult{
				Success: true,
				Service: "SMTP",
				Banner:  smtpConn.info,
				Extra: map[string]interface{}{
					"service":  "SMTP",
					"port":     info.Ports,
					"info":     smtpConn.info,
					"protocol": "SMTP",
				},
			}, nil
		}
	}
	
	// 如果无法识别为SMTP，返回失败
	return &base.ScanResult{
		Success: false,
		Error:   fmt.Errorf("无法识别为SMTP服务"),
	}, nil
}

// =============================================================================
// 插件注册
// =============================================================================

// RegisterSMTPPlugin 注册SMTP插件
func RegisterSMTPPlugin() {
	factory := base.NewSimplePluginFactory(
		&base.PluginMetadata{
			Name:        "smtp",
			Version:     "2.0.0",
			Author:      "fscan-team",
			Description: "SMTP邮件服务扫描插件",
			Category:    "service",
			Ports:       []int{25, 465, 587}, // SMTP端口、SMTPS端口、MSA端口
			Protocols:   []string{"tcp"},
			Tags:        []string{"smtp", "email", "weak-password", "unauthorized-access"},
		},
		func() base.Plugin {
			return NewSMTPPlugin()
		},
	)
	
	base.GlobalPluginRegistry.Register("smtp", factory)
}

// 自动注册
func init() {
	RegisterSMTPPlugin()
}