mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
75a056809c
fscan/plugins/services/oracle/plugin.go
ZacharyZcR 4a3f281b6b refactor: 统一Plugins目录大小写为小写 
- 将所有Plugins路径重命名为plugins
- 修复Git索引与实际文件系统大小写不一致问题
- 确保跨平台兼容性和路径一致性
2025-08-12 13:08:06 +08:00

244 lines
6.9 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package oracle
import (
"context"
"fmt"
"strings"
"github.com/shadow1ng/fscan/common"
"github.com/shadow1ng/fscan/common/i18n"
"github.com/shadow1ng/fscan/plugins/base"
)
// OraclePlugin Oracle插件实现
type OraclePlugin struct {
*base.ServicePlugin
exploiter *OracleExploiter
}
// NewOraclePlugin 创建Oracle插件
func NewOraclePlugin() *OraclePlugin {
// 插件元数据
metadata := &base.PluginMetadata{
Name: "oracle",
Version: "2.0.0",
Author: "fscan-team",
Description: "Oracle数据库扫描和利用插件",
Category: "service",
Ports: []int{1521, 1522, 1525}, // Oracle常用端口
Protocols: []string{"tcp"},
Tags: []string{"oracle", "database", "weak-password", "sysdba"},
}
// 创建连接器和服务插件
connector := NewOracleConnector()
servicePlugin := base.NewServicePlugin(metadata, connector)
// 创建Oracle插件
plugin := &OraclePlugin{
ServicePlugin: servicePlugin,
exploiter: NewOracleExploiter(),
}
// 设置能力
plugin.SetCapabilities([]base.Capability{
base.CapWeakPassword,
base.CapDataExtraction,
})
return plugin
}
// Scan 重写扫描方法进行Oracle服务扫描
func (p *OraclePlugin) Scan(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
// 如果禁用了暴力破解,只进行服务识别
if common.DisableBrute {
return p.performServiceIdentification(ctx, info)
}
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 先尝试高危凭据
highRiskCredentials := p.getHighRiskCredentials()
for _, cred := range highRiskCredentials {
result, err := p.ScanCredential(ctx, info, cred)
if err == nil && result.Success {
// 认证成功
if strings.ToUpper(cred.Username) == "SYS" {
common.LogSuccess(i18n.GetText("oracle_sys_auth_success", target, cred.Username, cred.Password))
} else {
common.LogSuccess(i18n.GetText("oracle_auth_success", target, cred.Username, cred.Password))
}
return &base.ScanResult{
Success: true,
Service: "Oracle",
Credentials: []*base.Credential{cred},
Banner: result.Banner,
Extra: map[string]interface{}{
"service": "Oracle",
"port": info.Ports,
"username": cred.Username,
"password": cred.Password,
"type": "high-risk-credentials",
},
}, nil
}
}
// 生成凭据进行暴力破解
credentials := p.generateCredentials()
// 遍历凭据进行测试
for _, cred := range credentials {
result, err := p.ScanCredential(ctx, info, cred)
if err == nil && result.Success {
// 认证成功
common.LogSuccess(i18n.GetText("oracle_auth_success", target, cred.Username, cred.Password))
return &base.ScanResult{
Success: true,
Service: "Oracle",
Credentials: []*base.Credential{cred},
Banner: result.Banner,
Extra: map[string]interface{}{
"service": "Oracle",
"port": info.Ports,
"username": cred.Username,
"password": cred.Password,
"type": "weak-password",
},
}, nil
}
}
// 所有凭据都失败但可能识别到了Oracle服务
return p.performServiceIdentification(ctx, info)
}
// getHighRiskCredentials 获取高危凭据列表
func (p *OraclePlugin) getHighRiskCredentials() []*base.Credential {
return []*base.Credential{
{Username: "SYS", Password: "123456"},
{Username: "SYSTEM", Password: "123456"},
{Username: "SYS", Password: "oracle"},
{Username: "SYSTEM", Password: "oracle"},
{Username: "SYS", Password: "password"},
{Username: "SYSTEM", Password: "password"},
{Username: "SYS", Password: "sys123"},
{Username: "SYS", Password: "change_on_install"},
{Username: "SYSTEM", Password: "manager"},
}
}
// generateCredentials 生成Oracle凭据
func (p *OraclePlugin) generateCredentials() []*base.Credential {
var credentials []*base.Credential
// 获取Oracle用户名字典
usernames := common.Userdict["oracle"]
if len(usernames) == 0 {
usernames = []string{"oracle", "sys", "system", "admin", "scott", "hr", "oe"}
}
// 获取密码字典
passwords := common.Passwords
if len(passwords) == 0 {
passwords = []string{"", "oracle", "admin", "password", "123456", "manager", "tiger"}
}
// 生成用户名密码组合
for _, username := range usernames {
for _, password := range passwords {
// 替换密码中的用户名占位符
actualPassword := strings.Replace(password, "{user}", username, -1)
credentials = append(credentials, &base.Credential{
Username: strings.ToUpper(username), // Oracle用户名通常大写
Password: actualPassword,
})
}
}
return credentials
}
// Exploit 使用exploiter执行利用
func (p *OraclePlugin) Exploit(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
return p.exploiter.Exploit(ctx, info, creds)
}
// GetExploitMethods 获取利用方法
func (p *OraclePlugin) GetExploitMethods() []base.ExploitMethod {
return p.exploiter.GetExploitMethods()
}
// IsExploitSupported 检查利用支持
func (p *OraclePlugin) IsExploitSupported(method base.ExploitType) bool {
return p.exploiter.IsExploitSupported(method)
}
// performServiceIdentification 执行Oracle服务识别-nobr模式
func (p *OraclePlugin) performServiceIdentification(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 尝试识别Oracle服务
connector := NewOracleConnector()
conn, err := connector.Connect(ctx, info)
if err == nil && conn != nil {
if oracleConn, ok := conn.(*OracleConnection); ok {
// 记录服务识别成功
common.LogSuccess(i18n.GetText("oracle_service_identified", target, oracleConn.info))
connector.Close(conn)
return &base.ScanResult{
Success: true,
Service: "Oracle",
Banner: oracleConn.info,
Extra: map[string]interface{}{
"service": "Oracle",
"port": info.Ports,
"info": oracleConn.info,
"service_name": oracleConn.serviceName,
},
}, nil
}
}
// 如果无法识别为Oracle返回失败
return &base.ScanResult{
Success: false,
Error: fmt.Errorf("无法识别为Oracle服务"),
}, nil
}
// =============================================================================
// 插件注册
// =============================================================================
// RegisterOraclePlugin 注册Oracle插件
func RegisterOraclePlugin() {
factory := base.NewSimplePluginFactory(
&base.PluginMetadata{
Name: "oracle",
Version: "2.0.0",
Author: "fscan-team",
Description: "Oracle数据库扫描和利用插件",
Category: "service",
Ports: []int{1521, 1522, 1525}, // Oracle常用端口
Protocols: []string{"tcp"},
Tags: []string{"oracle", "database", "weak-password", "sysdba"},
},
func() base.Plugin {
return NewOraclePlugin()
},
)
base.GlobalPluginRegistry.Register("oracle", factory)
}
// 自动注册
func init() {
RegisterOraclePlugin()
}
Reference in New Issue View Git Blame Copy Permalink