fscan/plugins/legacy/SMB.go

package Plugins

import (
	"context"
	"fmt"
	"time"
	
	smbcommon "github.com/shadow1ng/fscan/plugins/legacy/smb/common"
	"github.com/shadow1ng/fscan/plugins/legacy/smb/smb1"
	"github.com/shadow1ng/fscan/common"
	"github.com/shadow1ng/fscan/common/output"
)

// SmbScan 执行SMB1服务的认证扫描(重构版本)
func SmbScan(info *common.HostInfo) error {
	if common.DisableBrute {
		return nil
	}
	
	// 创建目标信息
	target := &smbcommon.TargetInfo{
		Host:   info.Host,
		Port:   445,
		Domain: common.Domain,
	}
	
	// 设置全局超时上下文
	ctx, cancel := context.WithTimeout(context.Background(), 
		time.Duration(common.GlobalTimeout)*time.Second)
	defer cancel()
	
	// 创建连接器、凭据管理器和扫描器
	connector := smb1.NewSmb1Connector()
	credMgr := smbcommon.NewPasswordCredentialManager()
	scanner := smbcommon.NewScanner()
	
	// 配置扫描参数
	config := &smbcommon.ScanConfig{
		MaxConcurrent: common.ModuleThreadNum,
		Timeout:       time.Duration(common.Timeout) * time.Second,
		GlobalTimeout: time.Duration(common.GlobalTimeout) * time.Second,
	}
	
	// 执行扫描
	result, err := scanner.Scan(ctx, target, connector, credMgr, config)
	if err != nil {
		return err
	}
	
	// 处理扫描结果
	if result != nil && result.Success {
		saveSmbResult(info, result.Credential)
	}
	
	return nil
}

// saveSmbResult 保存SMB扫描结果
func saveSmbResult(info *common.HostInfo, cred smbcommon.Credential) {
	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
	
	// 构建结果消息
	var successMsg string
	details := map[string]interface{}{
		"port":     info.Ports,
		"service":  "smb",
		"username": cred.Username,
		"password": cred.Password,
		"type":     "weak-password",
	}
	
	if common.Domain != "" {
		successMsg = fmt.Sprintf("SMB认证成功 %s %s\\%s:%s", 
			target, common.Domain, cred.Username, cred.Password)
		details["domain"] = common.Domain
	} else {
		successMsg = fmt.Sprintf("SMB认证成功 %s %s:%s", 
			target, cred.Username, cred.Password)
	}
	
	// 记录成功日志
	common.LogSuccess(successMsg)
	
	// 保存结果
	result := &output.ScanResult{
		Time:    time.Now(),
		Type:    output.TypeVuln,
		Target:  info.Host,
		Status:  "vulnerable",
		Details: details,
	}
	common.SaveResult(result)
}