mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-09-14 05:56:46 +08:00
8f54702c02
经Linus式架构审计,发现并修复插件系统中的具体问题: ## 核心修复 ### 1. 消除local插件GetPorts()方法冗余 - 删除21个local插件中无意义的GetPorts()方法 - 简化local.Plugin接口:移除端口概念 - 理由:本地插件不涉及网络,端口概念完全多余 ### 2. 消除web插件GetPorts()方法冗余 - 删除2个web插件中无用的GetPorts()方法 - 简化web.WebPlugin接口:专注智能HTTP检测 - 理由:Web插件使用动态HTTP检测,预定义端口无价值 ### 3. 统一插件命名规范 - 统一所有插件接口使用Name()方法(符合Go惯例) - 消除GetName()与Name()不一致问题 - 简化适配器:不再需要方法名转换 ## 技术改进 接口精简: - local插件:GetName() + GetPorts() → Name() - web插件:GetName() + GetPorts() → Name() - services插件:GetName() → Name()(保留GetPorts(),业务必需) 代码减少: - 删除23个无用GetPorts()方法 - 重命名52个Name()方法 - 简化3个插件接口定义 ## 影响范围 修改文件:55个插件文件 代码变更:-155行 +61行(净减少94行) 功能影响:零破坏性,保持所有业务逻辑不变 这是基于业务需求分析的精准重构,消除真正多余的部分, 保持系统架构合理性和向后兼容性。
174 lines
4.0 KiB
Go
174 lines
4.0 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/shadow1ng/fscan/common"
|
|
)
|
|
|
|
type ActiveMQPlugin struct {
|
|
name string
|
|
ports []int
|
|
}
|
|
|
|
func NewActiveMQPlugin() *ActiveMQPlugin {
|
|
return &ActiveMQPlugin{
|
|
name: "activemq",
|
|
ports: []int{61616, 61617, 61618, 8161},
|
|
}
|
|
}
|
|
|
|
func (p *ActiveMQPlugin) Name() string {
|
|
return p.name
|
|
}
|
|
|
|
func (p *ActiveMQPlugin) GetPorts() []int {
|
|
return p.ports
|
|
}
|
|
|
|
func (p *ActiveMQPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
// 如果禁用暴力破解,只做服务识别
|
|
if common.DisableBrute {
|
|
return p.identifyService(info)
|
|
}
|
|
|
|
credentials := GenerateCredentials("activemq")
|
|
if len(credentials) == 0 {
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "activemq",
|
|
Error: fmt.Errorf("没有可用的测试凭据"),
|
|
}
|
|
}
|
|
|
|
for _, cred := range credentials {
|
|
if p.testCredential(ctx, info, cred) {
|
|
common.LogSuccess(fmt.Sprintf("ActiveMQ %s %s:%s", target, cred.Username, cred.Password))
|
|
|
|
return &ScanResult{
|
|
Success: true,
|
|
Service: "activemq",
|
|
Username: cred.Username,
|
|
Password: cred.Password,
|
|
}
|
|
}
|
|
}
|
|
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "activemq",
|
|
Error: fmt.Errorf("未发现弱密码"),
|
|
}
|
|
}
|
|
|
|
func (p *ActiveMQPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
timeout := time.Duration(common.Timeout) * time.Second
|
|
|
|
conn, err := common.WrapperTcpWithTimeout("tcp", target, timeout)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
defer conn.Close()
|
|
|
|
return p.authenticateSTOMP(conn, cred.Username, cred.Password)
|
|
}
|
|
|
|
func (p *ActiveMQPlugin) authenticateSTOMP(conn net.Conn, username, password string) bool {
|
|
timeout := time.Duration(common.Timeout) * time.Second
|
|
|
|
stompConnect := fmt.Sprintf("CONNECT\naccept-version:1.0,1.1,1.2\nhost:/\nlogin:%s\npasscode:%s\n\n\x00",
|
|
username, password)
|
|
|
|
conn.SetWriteDeadline(time.Now().Add(timeout))
|
|
if _, err := conn.Write([]byte(stompConnect)); err != nil {
|
|
return false
|
|
}
|
|
|
|
conn.SetReadDeadline(time.Now().Add(timeout))
|
|
response := make([]byte, 1024)
|
|
n, err := conn.Read(response)
|
|
if err != nil || n == 0 {
|
|
return false
|
|
}
|
|
|
|
responseStr := string(response[:n])
|
|
|
|
if strings.Contains(responseStr, "CONNECTED") {
|
|
return true
|
|
} else if strings.Contains(responseStr, "ERROR") {
|
|
return false
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
func (p *ActiveMQPlugin) identifyService(info *common.HostInfo) *ScanResult {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
timeout := time.Duration(common.Timeout) * time.Second
|
|
|
|
conn, err := common.WrapperTcpWithTimeout("tcp", target, timeout)
|
|
if err != nil {
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "activemq",
|
|
Error: err,
|
|
}
|
|
}
|
|
defer conn.Close()
|
|
|
|
stompConnect := "CONNECT\naccept-version:1.0,1.1,1.2\nhost:/\n\n\x00"
|
|
|
|
conn.SetWriteDeadline(time.Now().Add(timeout))
|
|
if _, err := conn.Write([]byte(stompConnect)); err != nil {
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "activemq",
|
|
Error: fmt.Errorf("无法发送STOMP请求: %v", err),
|
|
}
|
|
}
|
|
|
|
conn.SetReadDeadline(time.Now().Add(timeout))
|
|
response := make([]byte, 512)
|
|
n, err := conn.Read(response)
|
|
if err != nil || n == 0 {
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "activemq",
|
|
Error: fmt.Errorf("无法读取响应"),
|
|
}
|
|
}
|
|
|
|
responseStr := string(response[:n])
|
|
|
|
if strings.Contains(responseStr, "CONNECTED") || strings.Contains(responseStr, "ERROR") {
|
|
banner := "ActiveMQ STOMP"
|
|
common.LogSuccess(fmt.Sprintf("ActiveMQ %s %s", target, banner))
|
|
|
|
return &ScanResult{
|
|
Success: true,
|
|
Service: "activemq",
|
|
Banner: banner,
|
|
}
|
|
}
|
|
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "activemq",
|
|
Error: fmt.Errorf("无法识别为ActiveMQ STOMP服务"),
|
|
}
|
|
}
|
|
|
|
|
|
func init() {
|
|
// 使用高效注册方式:直接传递端口信息,避免实例创建
|
|
RegisterPluginWithPorts("activemq", func() Plugin {
|
|
return NewActiveMQPlugin()
|
|
}, []int{61616, 61617, 61618, 8161})
|
|
} |