mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-09-14 14:06:44 +08:00
b346e6bdc1
- 修复重复输出问题:适配器层改为debug输出,避免与插件层重复 - 修复格式化错误:修正SaveExploitResult中的端口格式化问题 - 新增利用方法名称i18n:添加GetExploitMethodName函数支持方法名本地化 - 扩展i18n消息模板:新增利用方法执行、MySQL/Redis专用消息模板 - 完善exploiter国际化:所有利用方法和结果消息支持中英文切换 - 优化用户体验:利用方法显示从"information_gathering"变为"信息收集"
249 lines
7.4 KiB
Go
249 lines
7.4 KiB
Go
package base
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"github.com/shadow1ng/fscan/common"
|
|
"github.com/shadow1ng/fscan/common/i18n"
|
|
"sort"
|
|
)
|
|
|
|
// =============================================================================
|
|
// 通用利用器基础实现
|
|
// =============================================================================
|
|
|
|
// BaseExploiter 基础利用器,提供通用的利用逻辑
|
|
type BaseExploiter struct {
|
|
Name string
|
|
exploitMethods []ExploitMethod
|
|
}
|
|
|
|
// NewBaseExploiter 创建基础利用器
|
|
func NewBaseExploiter(name string) *BaseExploiter {
|
|
return &BaseExploiter{
|
|
Name: name,
|
|
exploitMethods: make([]ExploitMethod, 0),
|
|
}
|
|
}
|
|
|
|
// AddExploitMethod 添加利用方法
|
|
func (e *BaseExploiter) AddExploitMethod(method ExploitMethod) {
|
|
e.exploitMethods = append(e.exploitMethods, method)
|
|
|
|
// 按优先级排序
|
|
sort.Slice(e.exploitMethods, func(i, j int) bool {
|
|
return e.exploitMethods[i].Priority > e.exploitMethods[j].Priority
|
|
})
|
|
}
|
|
|
|
// GetExploitMethods 获取支持的利用方法
|
|
func (e *BaseExploiter) GetExploitMethods() []ExploitMethod {
|
|
return e.exploitMethods
|
|
}
|
|
|
|
// IsExploitSupported 检查是否支持指定的利用方法
|
|
func (e *BaseExploiter) IsExploitSupported(exploitType ExploitType) bool {
|
|
for _, method := range e.exploitMethods {
|
|
if method.Type == exploitType {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Exploit 执行利用操作
|
|
func (e *BaseExploiter) Exploit(ctx context.Context, info *common.HostInfo, creds *Credential) (*ExploitResult, error) {
|
|
// 按优先级尝试不同的利用方法
|
|
for _, method := range e.exploitMethods {
|
|
// 检查前置条件
|
|
if !e.checkConditions(method.Conditions, info, creds) {
|
|
common.LogDebug(i18n.GetText("exploit_method_condition_not_met", method.Name))
|
|
continue
|
|
}
|
|
|
|
common.LogDebug(i18n.GetText("exploit_method_trying", i18n.GetExploitMethodName(method.Name)))
|
|
|
|
// 执行利用
|
|
result, err := method.Handler(ctx, info, creds)
|
|
if err != nil {
|
|
common.LogError(i18n.GetText("exploit_method_failed", method.Name, err))
|
|
continue
|
|
}
|
|
|
|
if result != nil && result.Success {
|
|
common.LogSuccess(i18n.GetText("exploit_method_success", i18n.GetExploitMethodName(method.Name)))
|
|
result.Type = method.Type
|
|
result.Method = method.Name
|
|
return result, nil
|
|
}
|
|
}
|
|
|
|
return nil, fmt.Errorf(i18n.GetText("exploit_all_methods_failed"))
|
|
}
|
|
|
|
// checkConditions 检查前置条件
|
|
func (e *BaseExploiter) checkConditions(conditions []string, info *common.HostInfo, creds *Credential) bool {
|
|
for _, condition := range conditions {
|
|
if !e.evaluateCondition(condition, info, creds) {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
// evaluateCondition 评估单个条件
|
|
func (e *BaseExploiter) evaluateCondition(condition string, info *common.HostInfo, creds *Credential) bool {
|
|
switch condition {
|
|
case "has_credentials":
|
|
return creds != nil && (creds.Username != "" || creds.Password != "")
|
|
case "has_username_password":
|
|
return creds != nil && creds.Username != "" && creds.Password != ""
|
|
case "has_password_only":
|
|
return creds != nil && creds.Password != "" && creds.Username == ""
|
|
case "unauthorized_access":
|
|
return creds == nil || (creds.Username == "" && creds.Password == "")
|
|
default:
|
|
// 默认条件满足
|
|
return true
|
|
}
|
|
}
|
|
|
|
// =============================================================================
|
|
// 常用利用方法实现
|
|
// =============================================================================
|
|
|
|
// ExploitMethodBuilder 利用方法构建器
|
|
type ExploitMethodBuilder struct {
|
|
method ExploitMethod
|
|
}
|
|
|
|
// NewExploitMethod 创建利用方法构建器
|
|
func NewExploitMethod(exploitType ExploitType, name string) *ExploitMethodBuilder {
|
|
return &ExploitMethodBuilder{
|
|
method: ExploitMethod{
|
|
Type: exploitType,
|
|
Name: name,
|
|
Priority: 5, // 默认优先级
|
|
Conditions: make([]string, 0),
|
|
},
|
|
}
|
|
}
|
|
|
|
// WithDescription 设置描述
|
|
func (b *ExploitMethodBuilder) WithDescription(desc string) *ExploitMethodBuilder {
|
|
b.method.Description = desc
|
|
return b
|
|
}
|
|
|
|
// WithPriority 设置优先级
|
|
func (b *ExploitMethodBuilder) WithPriority(priority int) *ExploitMethodBuilder {
|
|
b.method.Priority = priority
|
|
return b
|
|
}
|
|
|
|
// WithConditions 设置前置条件
|
|
func (b *ExploitMethodBuilder) WithConditions(conditions ...string) *ExploitMethodBuilder {
|
|
b.method.Conditions = conditions
|
|
return b
|
|
}
|
|
|
|
// WithHandler 设置处理函数
|
|
func (b *ExploitMethodBuilder) WithHandler(handler ExploitHandler) *ExploitMethodBuilder {
|
|
b.method.Handler = handler
|
|
return b
|
|
}
|
|
|
|
// Build 构建利用方法
|
|
func (b *ExploitMethodBuilder) Build() ExploitMethod {
|
|
return b.method
|
|
}
|
|
|
|
// =============================================================================
|
|
// 利用结果处理工具
|
|
// =============================================================================
|
|
|
|
// SaveExploitResult 保存利用结果
|
|
func SaveExploitResult(info *common.HostInfo, result *ExploitResult, pluginName string) {
|
|
if result == nil || !result.Success {
|
|
return
|
|
}
|
|
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
var message string
|
|
switch result.Type {
|
|
case ExploitWeakPassword:
|
|
message = i18n.GetText("exploit_weak_password_success", pluginName, target)
|
|
case ExploitUnauthorized:
|
|
message = i18n.GetText("exploit_unauthorized_success", pluginName, target)
|
|
case ExploitCommandExec:
|
|
message = i18n.GetText("exploit_command_exec_success", pluginName, target)
|
|
case ExploitFileWrite:
|
|
message = i18n.GetText("exploit_file_write_success", pluginName, target)
|
|
case ExploitSQLInjection:
|
|
message = i18n.GetText("exploit_sql_injection_success", pluginName, target)
|
|
case ExploitDataExtraction:
|
|
message = i18n.GetText("exploit_data_extraction_success", pluginName, target, i18n.GetExploitMethodName(result.Method))
|
|
default:
|
|
message = i18n.GetText("exploit_generic_success", pluginName, target, i18n.GetExploitMethodName(result.Method))
|
|
}
|
|
|
|
if result.Output != "" {
|
|
message += i18n.GetText("exploit_with_output", result.Output)
|
|
}
|
|
|
|
common.LogSuccess(message)
|
|
|
|
// 保存文件信息
|
|
if len(result.Files) > 0 {
|
|
common.LogSuccess(i18n.GetText("exploit_files_created", result.Files))
|
|
}
|
|
|
|
// 保存Shell信息
|
|
if result.Shell != nil {
|
|
common.LogSuccess(i18n.GetText("exploit_shell_obtained",
|
|
result.Shell.Type, result.Shell.Host, result.Shell.Port, result.Shell.User))
|
|
}
|
|
}
|
|
|
|
// =============================================================================
|
|
// 常用利用工具函数
|
|
// =============================================================================
|
|
|
|
// CreateSuccessExploitResult 创建成功的利用结果
|
|
func CreateSuccessExploitResult(exploitType ExploitType, method string) *ExploitResult {
|
|
return &ExploitResult{
|
|
Success: true,
|
|
Type: exploitType,
|
|
Method: method,
|
|
Extra: make(map[string]interface{}),
|
|
}
|
|
}
|
|
|
|
// CreateFailedExploitResult 创建失败的利用结果
|
|
func CreateFailedExploitResult(exploitType ExploitType, method string, err error) *ExploitResult {
|
|
return &ExploitResult{
|
|
Success: false,
|
|
Type: exploitType,
|
|
Method: method,
|
|
Error: err,
|
|
Extra: make(map[string]interface{}),
|
|
}
|
|
}
|
|
|
|
// AddOutputToResult 向结果添加输出
|
|
func AddOutputToResult(result *ExploitResult, output string) {
|
|
if result.Output == "" {
|
|
result.Output = output
|
|
} else {
|
|
result.Output += "\n" + output
|
|
}
|
|
}
|
|
|
|
// AddFileToResult 向结果添加文件
|
|
func AddFileToResult(result *ExploitResult, filename string) {
|
|
if result.Files == nil {
|
|
result.Files = make([]string, 0)
|
|
}
|
|
result.Files = append(result.Files, filename)
|
|
} |