mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-09-14 05:56:46 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
e3c14e9f8e
fscan/plugins/base/exploiter.go
ZacharyZcR 4a3f281b6b refactor: 统一Plugins目录大小写为小写 
- 将所有Plugins路径重命名为plugins
- 修复Git索引与实际文件系统大小写不一致问题
- 确保跨平台兼容性和路径一致性
2025-08-12 13:08:06 +08:00

249 lines
7.4 KiB
Go
Raw Blame History

package base
import (
"context"
"fmt"
"github.com/shadow1ng/fscan/common"
"github.com/shadow1ng/fscan/common/i18n"
"sort"
)
// =============================================================================
// 通用利用器基础实现
// =============================================================================
// BaseExploiter 基础利用器,提供通用的利用逻辑
type BaseExploiter struct {
Name string
exploitMethods []ExploitMethod
}
// NewBaseExploiter 创建基础利用器
func NewBaseExploiter(name string) *BaseExploiter {
return &BaseExploiter{
Name: name,
exploitMethods: make([]ExploitMethod, 0),
}
}
// AddExploitMethod 添加利用方法
func (e *BaseExploiter) AddExploitMethod(method ExploitMethod) {
e.exploitMethods = append(e.exploitMethods, method)
// 按优先级排序
sort.Slice(e.exploitMethods, func(i, j int) bool {
return e.exploitMethods[i].Priority > e.exploitMethods[j].Priority
})
}
// GetExploitMethods 获取支持的利用方法
func (e *BaseExploiter) GetExploitMethods() []ExploitMethod {
return e.exploitMethods
}
// IsExploitSupported 检查是否支持指定的利用方法
func (e *BaseExploiter) IsExploitSupported(exploitType ExploitType) bool {
for _, method := range e.exploitMethods {
if method.Type == exploitType {
return true
}
}
return false
}
// Exploit 执行利用操作
func (e *BaseExploiter) Exploit(ctx context.Context, info *common.HostInfo, creds *Credential) (*ExploitResult, error) {
// 按优先级尝试不同的利用方法
for _, method := range e.exploitMethods {
// 检查前置条件
if !e.checkConditions(method.Conditions, info, creds) {
common.LogDebug(i18n.GetText("exploit_method_condition_not_met", method.Name))
continue
}
common.LogDebug(i18n.GetText("exploit_method_trying", i18n.GetExploitMethodName(method.Name)))
// 执行利用
result, err := method.Handler(ctx, info, creds)
if err != nil {
common.LogError(i18n.GetText("exploit_method_failed", method.Name, err))
continue
}
if result != nil && result.Success {
common.LogSuccess(i18n.GetText("exploit_method_success", i18n.GetExploitMethodName(method.Name)))
result.Type = method.Type
result.Method = method.Name
return result, nil
}
}
return nil, fmt.Errorf(i18n.GetText("exploit_all_methods_failed"))
}
// checkConditions 检查前置条件
func (e *BaseExploiter) checkConditions(conditions []string, info *common.HostInfo, creds *Credential) bool {
for _, condition := range conditions {
if !e.evaluateCondition(condition, info, creds) {
return false
}
}
return true
}
// evaluateCondition 评估单个条件
func (e *BaseExploiter) evaluateCondition(condition string, info *common.HostInfo, creds *Credential) bool {
switch condition {
case "has_credentials":
return creds != nil && (creds.Username != "" || creds.Password != "")
case "has_username_password":
return creds != nil && creds.Username != "" && creds.Password != ""
case "has_password_only":
return creds != nil && creds.Password != "" && creds.Username == ""
case "unauthorized_access":
return creds == nil || (creds.Username == "" && creds.Password == "")
default:
// 默认条件满足
return true
}
}
// =============================================================================
// 常用利用方法实现
// =============================================================================
// ExploitMethodBuilder 利用方法构建器
type ExploitMethodBuilder struct {
method ExploitMethod
}
// NewExploitMethod 创建利用方法构建器
func NewExploitMethod(exploitType ExploitType, name string) *ExploitMethodBuilder {
return &ExploitMethodBuilder{
method: ExploitMethod{
Type: exploitType,
Name: name,
Priority: 5, // 默认优先级
Conditions: make([]string, 0),
},
}
}
// WithDescription 设置描述
func (b *ExploitMethodBuilder) WithDescription(desc string) *ExploitMethodBuilder {
b.method.Description = desc
return b
}
// WithPriority 设置优先级
func (b *ExploitMethodBuilder) WithPriority(priority int) *ExploitMethodBuilder {
b.method.Priority = priority
return b
}
// WithConditions 设置前置条件
func (b *ExploitMethodBuilder) WithConditions(conditions ...string) *ExploitMethodBuilder {
b.method.Conditions = conditions
return b
}
// WithHandler 设置处理函数
func (b *ExploitMethodBuilder) WithHandler(handler ExploitHandler) *ExploitMethodBuilder {
b.method.Handler = handler
return b
}
// Build 构建利用方法
func (b *ExploitMethodBuilder) Build() ExploitMethod {
return b.method
}
// =============================================================================
// 利用结果处理工具
// =============================================================================
// SaveExploitResult 保存利用结果
func SaveExploitResult(info *common.HostInfo, result *ExploitResult, pluginName string) {
if result == nil || !result.Success {
return
}
target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
var message string
switch result.Type {
case ExploitWeakPassword:
message = i18n.GetText("exploit_weak_password_success", pluginName, target)
case ExploitUnauthorized:
message = i18n.GetText("exploit_unauthorized_success", pluginName, target)
case ExploitCommandExec:
message = i18n.GetText("exploit_command_exec_success", pluginName, target)
case ExploitFileWrite:
message = i18n.GetText("exploit_file_write_success", pluginName, target)
case ExploitSQLInjection:
message = i18n.GetText("exploit_sql_injection_success", pluginName, target)
case ExploitDataExtraction:
message = i18n.GetText("exploit_data_extraction_success", pluginName, target, i18n.GetExploitMethodName(result.Method))
default:
message = i18n.GetText("exploit_generic_success", pluginName, target, i18n.GetExploitMethodName(result.Method))
}
if result.Output != "" {
message += i18n.GetText("exploit_with_output", result.Output)
}
common.LogSuccess(message)
// 保存文件信息
if len(result.Files) > 0 {
common.LogSuccess(i18n.GetText("exploit_files_created", result.Files))
}
// 保存Shell信息
if result.Shell != nil {
common.LogSuccess(i18n.GetText("exploit_shell_obtained",
result.Shell.Type, result.Shell.Host, result.Shell.Port, result.Shell.User))
}
}
// =============================================================================
// 常用利用工具函数
// =============================================================================
// CreateSuccessExploitResult 创建成功的利用结果
func CreateSuccessExploitResult(exploitType ExploitType, method string) *ExploitResult {
return &ExploitResult{
Success: true,
Type: exploitType,
Method: method,
Extra: make(map[string]interface{}),
}
}
// CreateFailedExploitResult 创建失败的利用结果
func CreateFailedExploitResult(exploitType ExploitType, method string, err error) *ExploitResult {
return &ExploitResult{
Success: false,
Type: exploitType,
Method: method,
Error: err,
Extra: make(map[string]interface{}),
}
}
// AddOutputToResult 向结果添加输出
func AddOutputToResult(result *ExploitResult, output string) {
if result.Output == "" {
result.Output = output
} else {
result.Output += "\n" + output
}
}
// AddFileToResult 向结果添加文件
func AddFileToResult(result *ExploitResult, filename string) {
if result.Files == nil {
result.Files = make([]string, 0)
}
result.Files = append(result.Files, filename)
}
Reference in New Issue View Git Blame Copy Permalink