mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 14:06:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
d57e5d519d
fscan/Plugins/services/postgresql/plugin.go
ZacharyZcR fbc75bb709 feat: 添加Rsync和SMTP插件实现文件 
包含新架构下的连接器、利用器和插件主体实现:
- rsync服务插件:支持RSYNCD协议和模块扫描
- smtp服务插件:支持SMTP协议和PLAIN认证
- PostgreSQL插件文件(之前遗漏)
- Docker测试环境配置文件
2025-08-09 15:05:42 +08:00

200 lines
5.6 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package postgresql
import (
"context"
"fmt"
"strings"
"github.com/shadow1ng/fscan/common"
"github.com/shadow1ng/fscan/common/i18n"
"github.com/shadow1ng/fscan/plugins/base"
)
// PostgreSQLPlugin PostgreSQL插件实现
type PostgreSQLPlugin struct {
*base.ServicePlugin
exploiter *PostgreSQLExploiter
}
// NewPostgreSQLPlugin 创建PostgreSQL插件
func NewPostgreSQLPlugin() *PostgreSQLPlugin {
// 插件元数据
metadata := &base.PluginMetadata{
Name: "postgresql",
Version: "2.0.0",
Author: "fscan-team",
Description: "PostgreSQL数据库扫描和利用插件",
Category: "service",
Ports: []int{5432}, // 默认PostgreSQL端口
Protocols: []string{"tcp"},
Tags: []string{"postgresql", "postgres", "database", "weak-password"},
}
// 创建连接器和服务插件
connector := NewPostgreSQLConnector()
servicePlugin := base.NewServicePlugin(metadata, connector)
// 创建PostgreSQL插件
plugin := &PostgreSQLPlugin{
ServicePlugin: servicePlugin,
exploiter: NewPostgreSQLExploiter(),
}
// 设置能力
plugin.SetCapabilities([]base.Capability{
base.CapWeakPassword,
base.CapDataExtraction,
})
return plugin
}
// Scan 重写扫描方法进行PostgreSQL服务扫描
func (p *PostgreSQLPlugin) Scan(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
// 如果禁用了暴力破解,只进行服务识别
if common.DisableBrute {
return p.performServiceIdentification(ctx, info)
}
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 生成凭据进行暴力破解
credentials := p.generateCredentials()
// 遍历凭据进行测试
for _, cred := range credentials {
result, err := p.ScanCredential(ctx, info, cred)
if err == nil && result.Success {
// 认证成功
common.LogSuccess(i18n.GetText("postgresql_auth_success", target, cred.Username, cred.Password))
return &base.ScanResult{
Success: true,
Service: "PostgreSQL",
Credentials: []*base.Credential{cred},
Banner: result.Banner,
Extra: map[string]interface{}{
"service": "PostgreSQL",
"port": info.Ports,
"username": cred.Username,
"password": cred.Password,
"type": "weak-password",
},
}, nil
}
}
// 所有凭据都失败但可能识别到了PostgreSQL服务
return p.performServiceIdentification(ctx, info)
}
// generateCredentials 生成PostgreSQL凭据
func (p *PostgreSQLPlugin) generateCredentials() []*base.Credential {
var credentials []*base.Credential
// 获取PostgreSQL用户名字典
usernames := common.Userdict["postgresql"]
if len(usernames) == 0 {
usernames = []string{"postgres", "admin", "administrator", "root", "user"}
}
// 获取密码字典
passwords := common.Passwords
if len(passwords) == 0 {
passwords = []string{"", "postgres", "admin", "password", "123456", "root"}
}
// 生成用户名密码组合
for _, username := range usernames {
for _, password := range passwords {
// 替换密码中的用户名占位符
actualPassword := strings.Replace(password, "{user}", username, -1)
credentials = append(credentials, &base.Credential{
Username: username,
Password: actualPassword,
})
}
}
return credentials
}
// Exploit 使用exploiter执行利用
func (p *PostgreSQLPlugin) Exploit(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
return p.exploiter.Exploit(ctx, info, creds)
}
// GetExploitMethods 获取利用方法
func (p *PostgreSQLPlugin) GetExploitMethods() []base.ExploitMethod {
return p.exploiter.GetExploitMethods()
}
// IsExploitSupported 检查利用支持
func (p *PostgreSQLPlugin) IsExploitSupported(method base.ExploitType) bool {
return p.exploiter.IsExploitSupported(method)
}
// performServiceIdentification 执行PostgreSQL服务识别-nobr模式
func (p *PostgreSQLPlugin) performServiceIdentification(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
// 尝试识别PostgreSQL服务
connector := NewPostgreSQLConnector()
conn, err := connector.Connect(ctx, info)
if err == nil && conn != nil {
if pgConn, ok := conn.(*PostgreSQLConnection); ok {
// 记录服务识别成功
common.LogSuccess(i18n.GetText("postgresql_service_identified", target, pgConn.info))
connector.Close(conn)
return &base.ScanResult{
Success: true,
Service: "PostgreSQL",
Banner: pgConn.info,
Extra: map[string]interface{}{
"service": "PostgreSQL",
"port": info.Ports,
"info": pgConn.info,
},
}, nil
}
}
// 如果无法识别为PostgreSQL返回失败
return &base.ScanResult{
Success: false,
Error: fmt.Errorf("无法识别为PostgreSQL服务"),
}, nil
}
// =============================================================================
// 插件注册
// =============================================================================
// RegisterPostgreSQLPlugin 注册PostgreSQL插件
func RegisterPostgreSQLPlugin() {
factory := base.NewSimplePluginFactory(
&base.PluginMetadata{
Name: "postgresql",
Version: "2.0.0",
Author: "fscan-team",
Description: "PostgreSQL数据库扫描和利用插件",
Category: "service",
Ports: []int{5432}, // 默认PostgreSQL端口
Protocols: []string{"tcp"},
Tags: []string{"postgresql", "postgres", "database", "weak-password"},
},
func() base.Plugin {
return NewPostgreSQLPlugin()
},
)
base.GlobalPluginRegistry.Register("postgresql", factory)
}
// 自动注册
func init() {
RegisterPostgreSQLPlugin()
}
Reference in New Issue View Git Blame Copy Permalink