mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-09-14 05:56:46 +08:00
d19abcac36
- 添加-rate参数:控制每分钟最大发包次数 - 添加-maxpkts参数:控制整个程序最大发包总数 - 在所有网络操作点集成发包限制检查 - 支持端口扫描、Web检测、服务插件、POC扫描等场景 - 默认不限制,保持向后兼容性
161 lines
3.5 KiB
Go
161 lines
3.5 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"net"
|
|
"time"
|
|
|
|
"github.com/shadow1ng/fscan/common"
|
|
"github.com/shadow1ng/fscan/plugins"
|
|
)
|
|
|
|
type SNMPPlugin struct {
|
|
plugins.BasePlugin
|
|
}
|
|
|
|
func NewSNMPPlugin() *SNMPPlugin {
|
|
return &SNMPPlugin{
|
|
BasePlugin: plugins.NewBasePlugin("snmp"),
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func (p *SNMPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
if common.DisableBrute {
|
|
return p.identifyService(ctx, info)
|
|
}
|
|
|
|
credentials := GenerateCredentials("snmp")
|
|
if len(credentials) == 0 {
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "snmp",
|
|
Error: fmt.Errorf("没有可用的测试凭据"),
|
|
}
|
|
}
|
|
|
|
for _, cred := range credentials {
|
|
if p.testCredential(ctx, info, cred) {
|
|
common.LogSuccess(fmt.Sprintf("SNMP %s %s", target, cred.Username))
|
|
|
|
return &ScanResult{
|
|
Success: true,
|
|
Service: "snmp",
|
|
Username: cred.Username,
|
|
Password: "",
|
|
}
|
|
}
|
|
}
|
|
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "snmp",
|
|
Error: fmt.Errorf("未发现弱团体字符串"),
|
|
}
|
|
}
|
|
|
|
func (p *SNMPPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
// 检查发包限制
|
|
if canSend, reason := common.CanSendPacket(); !canSend {
|
|
common.LogError(fmt.Sprintf("SNMP请求 %s 受限: %s", target, reason))
|
|
return false
|
|
}
|
|
|
|
conn, err := net.DialTimeout("udp", target, time.Duration(common.Timeout)*time.Second)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
defer conn.Close()
|
|
|
|
// 计数UDP连接包
|
|
common.IncrementUDPPacketCount()
|
|
|
|
packet := p.buildSNMPGetRequest(cred.Username, "1.3.6.1.2.1.1.1.0")
|
|
|
|
conn.SetWriteDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
|
if _, err := conn.Write(packet); err != nil {
|
|
return false
|
|
}
|
|
|
|
conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
|
|
response := make([]byte, 1024)
|
|
n, err := conn.Read(response)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return p.isValidSNMPResponse(response[:n])
|
|
}
|
|
|
|
func (p *SNMPPlugin) buildSNMPGetRequest(community, oid string) []byte {
|
|
template := "302902010004067075626c6963a01c02020f7102010002010030113015060a2b060102010101000500"
|
|
|
|
packet, err := hex.DecodeString(template)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
return packet
|
|
}
|
|
|
|
func (p *SNMPPlugin) isValidSNMPResponse(data []byte) bool {
|
|
if len(data) < 10 {
|
|
return false
|
|
}
|
|
|
|
return data[0] == 0x30
|
|
}
|
|
|
|
|
|
func (p *SNMPPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
cred := Credential{Username: "public", Password: ""}
|
|
if p.testCredential(ctx, info, cred) {
|
|
banner := "SNMP网络管理服务 (public团体可访问)"
|
|
common.LogSuccess(fmt.Sprintf("SNMP %s %s", target, banner))
|
|
|
|
return &ScanResult{
|
|
Success: true,
|
|
Service: "snmp",
|
|
Banner: banner,
|
|
}
|
|
}
|
|
|
|
conn, err := net.DialTimeout("udp", target, time.Duration(common.Timeout)*time.Second)
|
|
if err != nil {
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "snmp",
|
|
Error: err,
|
|
}
|
|
}
|
|
defer conn.Close()
|
|
|
|
// 计数UDP连接包
|
|
common.IncrementUDPPacketCount()
|
|
|
|
banner := "SNMP网络管理服务"
|
|
common.LogSuccess(fmt.Sprintf("SNMP %s %s", target, banner))
|
|
|
|
return &ScanResult{
|
|
Success: true,
|
|
Service: "snmp",
|
|
Banner: banner,
|
|
}
|
|
}
|
|
|
|
func init() {
|
|
// 使用高效注册方式:直接传递端口信息,避免实例创建
|
|
RegisterPluginWithPorts("snmp", func() Plugin {
|
|
return NewSNMPPlugin()
|
|
}, []int{161, 162})
|
|
}
|