mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
8f54702c02
fscan/plugins/services/rdp.go
ZacharyZcR 8f54702c02 refactor: 精准修复插件系统三个设计问题 
经Linus式架构审计,发现并修复插件系统中的具体问题:

## 核心修复

### 1. 消除local插件GetPorts()方法冗余
- 删除21个local插件中无意义的GetPorts()方法
- 简化local.Plugin接口:移除端口概念
- 理由:本地插件不涉及网络,端口概念完全多余

### 2. 消除web插件GetPorts()方法冗余
- 删除2个web插件中无用的GetPorts()方法
- 简化web.WebPlugin接口:专注智能HTTP检测
- 理由:Web插件使用动态HTTP检测,预定义端口无价值

### 3. 统一插件命名规范
- 统一所有插件接口使用Name()方法(符合Go惯例)
- 消除GetName()与Name()不一致问题
- 简化适配器:不再需要方法名转换

## 技术改进

接口精简:
- local插件:GetName() + GetPorts() → Name()
- web插件:GetName() + GetPorts() → Name()
- services插件:GetName() → Name()(保留GetPorts(),业务必需)

代码减少:
- 删除23个无用GetPorts()方法
- 重命名52个Name()方法
- 简化3个插件接口定义

## 影响范围

修改文件:55个插件文件
代码变更:-155行 +61行(净减少94行)
功能影响:零破坏性,保持所有业务逻辑不变

这是基于业务需求分析的精准重构,消除真正多余的部分,
保持系统架构合理性和向后兼容性。
2025-08-26 20:38:39 +08:00

219 lines
5.3 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package services
import (
"bytes"
"context"
"fmt"
"net"
"time"
"github.com/shadow1ng/fscan/common"
)
// RDPPlugin RDP远程桌面服务扫描插件 - 弱密码检测和服务识别
type RDPPlugin struct {
name string
ports []int
}
// NewRDPPlugin 创建RDP插件
func NewRDPPlugin() *RDPPlugin {
return &RDPPlugin{
name: "rdp",
ports: []int{3389}, // RDP端口
}
}
// GetName 实现Plugin接口
func (p *RDPPlugin) Name() string {
return p.name
}
// GetPorts 实现Plugin接口
func (p *RDPPlugin) GetPorts() []int {
return p.ports
}
// Scan 执行RDP扫描 - 基础服务识别
func (p *RDPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 检查端口
if info.Ports != "3389" {
return &ScanResult{
Success: false,
Service: "rdp",
Error: fmt.Errorf("RDP插件仅支持3389端口"),
}
}
// 如果禁用暴力破解,只做服务识别
if common.DisableBrute {
return p.identifyService(ctx, info)
}
// 生成测试凭据
credentials := GenerateCredentials("rdp")
if len(credentials) == 0 {
// RDP默认凭据
credentials = []Credential{
{Username: "administrator", Password: ""},
{Username: "administrator", Password: "administrator"},
{Username: "administrator", Password: "password"},
{Username: "administrator", Password: "123456"},
{Username: "admin", Password: "admin"},
{Username: "admin", Password: "123456"},
{Username: "user", Password: "user"},
{Username: "test", Password: "test"},
}
}
// 逐个测试凭据简化版本实际RDP认证需要复杂的协议处理
for _, cred := range credentials {
// 检查Context是否被取消
select {
case <-ctx.Done():
return &ScanResult{
Success: false,
Service: "rdp",
Error: ctx.Err(),
}
default:
}
// 简化的RDP连接测试实际需要完整的RDP协议实现
if p.testRDPConnection(ctx, info) {
common.LogSuccess(fmt.Sprintf("RDP %s 服务可用", target))
return &ScanResult{
Success: true,
Service: "rdp",
Username: cred.Username,
Password: cred.Password,
Banner: "RDP服务可用",
}
}
}
// 所有凭据都失败
return &ScanResult{
Success: false,
Service: "rdp",
Error: fmt.Errorf("RDP认证失败"),
}
}
// testRDPConnection 测试RDP连接
func (p *RDPPlugin) testRDPConnection(ctx context.Context, info *common.HostInfo) bool {
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
if err != nil {
return false
}
defer conn.Close()
conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
// 发送简单的RDP连接请求
rdpRequest := []byte{
0x03, 0x00, 0x00, 0x13, 0x0e, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x08, 0x00, 0x03,
0x00, 0x00, 0x00,
}
_, err = conn.Write(rdpRequest)
if err != nil {
return false
}
// 读取响应
response := make([]byte, 1024)
n, err := conn.Read(response)
if err != nil || n == 0 {
return false
}
// 简单检查是否为RDP响应
if len(response) >= 4 && response[0] == 0x03 && response[1] == 0x00 {
return true
}
return false
}
// checkNLAStatus 检查网络级别身份验证状态
func (p *RDPPlugin) checkNLAStatus(ctx context.Context, info *common.HostInfo) string {
// 简化实现实际需要解析RDP协商响应
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
conn, err := net.DialTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
if err != nil {
return "检测失败"
}
defer conn.Close()
conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
// 发送支持NLA的连接请求
nlaRequest := []byte{
0x03, 0x00, 0x00, 0x2a, 0x25, 0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43, 0x6f, 0x6f, 0x6b, 0x69,
0x65, 0x3a, 0x20, 0x6d, 0x73, 0x74, 0x73, 0x68, 0x61, 0x73, 0x68, 0x3d, 0x61, 0x64, 0x6d, 0x69,
0x6e, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x0d, 0x0a,
}
_, err = conn.Write(nlaRequest)
if err != nil {
return "检测失败"
}
response := make([]byte, 1024)
n, err := conn.Read(response)
if err != nil || n == 0 {
return "检测失败"
}
// 简化的NLA状态检测
if bytes.Contains(response, []byte("SSL")) || bytes.Contains(response, []byte("TLS")) {
return "已启用"
}
return "未启用"
}
// detectRDPVersion 检测RDP版本
func (p *RDPPlugin) detectRDPVersion(ctx context.Context, info *common.HostInfo) string {
// 简化实现,返回通用信息
return "RDP Protocol (Remote Desktop Protocol)"
}
// identifyService 服务识别 - 检测RDP服务
func (p *RDPPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
if p.testRDPConnection(ctx, info) {
banner := "RDP远程桌面服务"
common.LogSuccess(fmt.Sprintf("RDP %s %s", target, banner))
return &ScanResult{
Success: true,
Service: "rdp",
Banner: banner,
}
}
return &ScanResult{
Success: false,
Service: "rdp",
Error: fmt.Errorf("无法识别为RDP服务"),
}
}
// init 自动注册插件
func init() {
// 使用高效注册方式:直接传递端口信息,避免实例创建
RegisterPluginWithPorts("rdp", func() Plugin {
return NewRDPPlugin()
}, []int{3389})
}
Reference in New Issue View Git Blame Copy Permalink