fscan/plugins/services/cassandra.go

package services

import (
	"context"
	"fmt"
	"strconv"
	"strings"
	"time"

	"github.com/gocql/gocql"
	"github.com/shadow1ng/fscan/common"
	"github.com/shadow1ng/fscan/plugins"
)

type CassandraPlugin struct {
	plugins.BasePlugin
}

func NewCassandraPlugin() *CassandraPlugin {
	return &CassandraPlugin{
		BasePlugin: plugins.NewBasePlugin("cassandra"),
	}
}



func (p *CassandraPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)

	if common.DisableBrute {
		return p.identifyService(ctx, info)
	}

	credentials := GenerateCredentials("cassandra")
	if len(credentials) == 0 {
		return &ScanResult{
			Success: false,
			Service: "cassandra",
			Error:   fmt.Errorf("没有可用的测试凭据"),
		}
	}

	for _, cred := range credentials {
		if p.testCredential(ctx, info, cred) {
			common.LogSuccess(fmt.Sprintf("Cassandra %s %s:%s", target, cred.Username, cred.Password))

			return &ScanResult{
				Success:  true,
				Service:  "cassandra",
				Username: cred.Username,
				Password: cred.Password,
			}
		}
	}

	return &ScanResult{
		Success: false,
		Service: "cassandra",
		Error:   fmt.Errorf("未发现弱密码"),
	}
}

func (p *CassandraPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
	// 检查发包限制
	if canSend, reason := common.CanSendPacket(); !canSend {
		common.LogError(fmt.Sprintf("Cassandra连接 %s:%s 受限: %s", info.Host, info.Ports, reason))
		return false
	}
	
	port, err := strconv.Atoi(info.Ports)
	if err != nil {
		return false
	}

	cluster := gocql.NewCluster(info.Host)
	cluster.Port = port
	timeout := time.Duration(common.Timeout) * time.Second
	cluster.Timeout = timeout
	cluster.ConnectTimeout = timeout

	if cred.Username != "" || cred.Password != "" {
		cluster.Authenticator = gocql.PasswordAuthenticator{
			Username: cred.Username,
			Password: cred.Password,
		}
	}

	session, err := cluster.CreateSession()
	if err != nil {
		common.IncrementTCPFailedPacketCount()
		return false
	}
	common.IncrementTCPSuccessPacketCount()
	defer session.Close()

	var dummy interface{}
	err = session.Query("SELECT now() FROM system.local").WithContext(ctx).Scan(&dummy)
	return err == nil
}



func (p *CassandraPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
	
	// 检查发包限制
	if canSend, reason := common.CanSendPacket(); !canSend {
		common.LogError(fmt.Sprintf("Cassandra识别 %s 受限: %s", target, reason))
		return &ScanResult{
			Success: false,
			Service: "cassandra",
			Error:   fmt.Errorf("发包受限: %s", reason),
		}
	}
	
	port, err := strconv.Atoi(info.Ports)
	if err != nil {
		return &ScanResult{
			Success: false,
			Service: "cassandra",
			Error:   fmt.Errorf("无效的端口号: %s", info.Ports),
		}
	}

	cluster := gocql.NewCluster(info.Host)
	cluster.Port = port
	timeout := time.Duration(common.Timeout) * time.Second
	cluster.Timeout = timeout
	cluster.ConnectTimeout = timeout

	session, err := cluster.CreateSession()
	if err != nil {
		common.IncrementTCPFailedPacketCount()
		if strings.Contains(strings.ToLower(err.Error()), "authentication") {
			banner := "Cassandra (需要认证)"
			common.LogSuccess(fmt.Sprintf("Cassandra %s %s", target, banner))
			return &ScanResult{
				Success: true,
				Service: "cassandra",
				Banner:  banner,
			}
		}
		return &ScanResult{
			Success: false,
			Service: "cassandra",
			Error:   err,
		}
	}
	common.IncrementTCPSuccessPacketCount()
	defer session.Close()

	banner := "Cassandra"
	common.LogSuccess(fmt.Sprintf("Cassandra %s %s", target, banner))
	return &ScanResult{
		Success: true,
		Service: "cassandra",
		Banner:  banner,
	}
}




func init() {
	// 使用高效注册方式：直接传递端口信息，避免实例创建
	RegisterPluginWithPorts("cassandra", func() Plugin {
		return NewCassandraPlugin()
	}, []int{9042, 9160, 7000, 7001})
}