mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-09-14 14:06:44 +08:00
2e449c74ef
- 统一所有服务插件的实现模式,移除i18n国际化依赖 - 删除硬编码的备份凭据列表,统一使用GenerateCredentials() - 移除过度工程化的Context取消检查 - 清理exploitation功能,专注于弱密码检测和服务识别 - 简化代码结构,移除冗余注释和说明文档 - 优化19个服务插件:activemq, cassandra, elasticsearch, ftp, kafka, ldap, memcached, mongodb, mssql, mysql, neo4j, oracle, postgresql, rabbitmq, rsync, smtp, snmp, telnet, vnc - 代码总量减少约40%,提升维护效率 此次重构确保插件架构的一致性和简洁性
121 lines
2.4 KiB
Go
121 lines
2.4 KiB
Go
package services
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
ldaplib "github.com/go-ldap/ldap/v3"
|
|
"github.com/shadow1ng/fscan/common"
|
|
)
|
|
|
|
type LDAPPlugin struct {
|
|
name string
|
|
ports []int
|
|
}
|
|
|
|
func NewLDAPPlugin() *LDAPPlugin {
|
|
return &LDAPPlugin{
|
|
name: "ldap",
|
|
ports: []int{389, 636, 3268, 3269},
|
|
}
|
|
}
|
|
|
|
func (p *LDAPPlugin) GetName() string {
|
|
return p.name
|
|
}
|
|
|
|
func (p *LDAPPlugin) GetPorts() []int {
|
|
return p.ports
|
|
}
|
|
|
|
func (p *LDAPPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
if common.DisableBrute {
|
|
return p.identifyService(ctx, info)
|
|
}
|
|
|
|
credentials := GenerateCredentials("ldap")
|
|
if len(credentials) == 0 {
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "ldap",
|
|
Error: fmt.Errorf("没有可用的测试凭据"),
|
|
}
|
|
}
|
|
|
|
for _, cred := range credentials {
|
|
if p.testCredential(ctx, info, cred) {
|
|
common.LogSuccess(fmt.Sprintf("LDAP %s %s:%s", target, cred.Username, cred.Password))
|
|
return &ScanResult{
|
|
Success: true,
|
|
Service: "ldap",
|
|
Username: cred.Username,
|
|
Password: cred.Password,
|
|
}
|
|
}
|
|
}
|
|
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "ldap",
|
|
Error: fmt.Errorf("未发现弱密码"),
|
|
}
|
|
}
|
|
|
|
|
|
func (p *LDAPPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
|
|
conn, err := p.connectLDAP(ctx, info, cred)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
defer conn.Close()
|
|
|
|
// 简单的绑定测试
|
|
if err := conn.Bind(cred.Username, cred.Password); err == nil {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (p *LDAPPlugin) connectLDAP(ctx context.Context, info *common.HostInfo, creds Credential) (*ldaplib.Conn, error) {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
if info.Ports == "636" {
|
|
return ldaplib.DialTLS("tcp", target, nil)
|
|
}
|
|
return ldaplib.Dial("tcp", target)
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func (p *LDAPPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
|
|
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
conn, err := p.connectLDAP(ctx, info, Credential{})
|
|
if err != nil {
|
|
return &ScanResult{
|
|
Success: false,
|
|
Service: "ldap",
|
|
Error: err,
|
|
}
|
|
}
|
|
defer conn.Close()
|
|
|
|
banner := "LDAP"
|
|
common.LogSuccess(fmt.Sprintf("LDAP %s %s", target, banner))
|
|
return &ScanResult{
|
|
Success: true,
|
|
Service: "ldap",
|
|
Banner: banner,
|
|
}
|
|
}
|
|
|
|
func init() {
|
|
RegisterPlugin("ldap", func() Plugin {
|
|
return NewLDAPPlugin()
|
|
})
|
|
} |