Plugins

package
v0.0.0-...-cb6d67e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2025 License: MIT Imports: 61 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	FCGI_BEGIN_REQUEST uint8 = iota + 1
	FCGI_ABORT_REQUEST
	FCGI_END_REQUEST
	FCGI_PARAMS
	FCGI_STDIN
	FCGI_STDOUT
	FCGI_STDERR
)
View Source 
const (
	// 写入操作后的延迟时间
	TIME_DELAY_AFTER_WRITE = 300 * time.Millisecond

	// Telnet基础控制字符
	IAC  = byte(255) // 解释为命令(Interpret As Command)
	DONT = byte(254) // 请求对方停止执行某选项
	DO   = byte(253) // 请求对方执行某选项
	WONT = byte(252) // 拒绝执行某选项
	WILL = byte(251) // 同意执行某选项

	// 子协商相关控制字符
	SB = byte(250) // 子协商开始(Subnegotiation Begin)
	SE = byte(240) // 子协商结束(Subnegotiation End)

	// 特殊功能字符
	NULL  = byte(0)   // 空字符
	EOF   = byte(236) // 文档结束
	SUSP  = byte(237) // 暂停进程
	ABORT = byte(238) // 停止进程
	REOR  = byte(239) // 记录结束

	// 控制操作字符
	NOP = byte(241) // 无操作
	DM  = byte(242) // 数据标记
	BRK = byte(243) // 中断
	IP  = byte(244) // 中断进程
	AO  = byte(245) // 终止输出
	AYT = byte(246) // 在线确认
	EC  = byte(247) // 擦除字符
	EL  = byte(248) // 擦除行
	GA  = byte(249) // 继续进行

	// Telnet协议选项代码 (来自arpa/telnet.h)
	BINARY = byte(0) // 8位数据通道
	ECHO   = byte(1) // 回显
	RCP    = byte(2) // 准备重新连接
	SGA    = byte(3) // 禁止继续
	NAMS   = byte(4) // 近似消息大小
	STATUS = byte(5) // 状态查询
	TM     = byte(6) // 时间标记
	RCTE   = byte(7) // 远程控制传输和回显

	// 输出协商选项
	NAOL   = byte(8)  // 输出行宽度协商
	NAOP   = byte(9)  // 输出页面大小协商
	NAOCRD = byte(10) // 回车处理协商
	NAOHTS = byte(11) // 水平制表符停止协商
	NAOHTD = byte(12) // 水平制表符处理协商
	NAOFFD = byte(13) // 换页符处理协商
	NAOVTS = byte(14) // 垂直制表符停止协商
	NAOVTD = byte(15) // 垂直制表符处理协商
	NAOLFD = byte(16) // 换行符处理协商

	// 扩展功能选项
	XASCII       = byte(17) // 扩展ASCII字符集
	LOGOUT       = byte(18) // 强制登出
	BM           = byte(19) // 字节宏
	DET          = byte(20) // 数据输入终端
	SUPDUP       = byte(21) // SUPDUP协议
	SUPDUPOUTPUT = byte(22) // SUPDUP输出
	SNDLOC       = byte(23) // 发送位置

	// 终端相关选项
	TTYPE        = byte(24) // 终端类型
	EOR          = byte(25) // 记录结束
	TUID         = byte(26) // TACACS用户识别
	OUTMRK       = byte(27) // 输出标记
	TTYLOC       = byte(28) // 终端位置编号
	VT3270REGIME = byte(29) // 3270体制

	// 通信控制选项
	X3PAD    = byte(30) // X.3 PAD
	NAWS     = byte(31) // 窗口大小
	TSPEED   = byte(32) // 终端速度
	LFLOW    = byte(33) // 远程流控制
	LINEMODE = byte(34) // 行模式选项

	// 环境与认证选项
	XDISPLOC       = byte(35) // X显示位置
	OLD_ENVIRON    = byte(36) // 旧环境变量
	AUTHENTICATION = byte(37) // 认证
	ENCRYPT        = byte(38) // 加密选项
	NEW_ENVIRON    = byte(39) // 新环境变量

	// IANA分配的额外选项
	// http://www.iana.org/assignments/telnet-options
	TN3270E             = byte(40) // TN3270E
	XAUTH               = byte(41) // XAUTH
	CHARSET             = byte(42) // 字符集
	RSP                 = byte(43) // 远程串行端口
	COM_PORT_OPTION     = byte(44) // COM端口控制
	SUPPRESS_LOCAL_ECHO = byte(45) // 禁止本地回显
	TLS                 = byte(46) // 启动TLS
	KERMIT              = byte(47) // KERMIT协议
	SEND_URL            = byte(48) // 发送URL
	FORWARD_X           = byte(49) // X转发

	// 特殊用途选项
	PRAGMA_LOGON     = byte(138) // PRAGMA登录
	SSPI_LOGON       = byte(139) // SSPI登录
	PRAGMA_HEARTBEAT = byte(140) // PRAGMA心跳
	EXOPL            = byte(255) // 扩展选项列表
	NOOPT            = byte(0)   // 无选项
)
View Source 
const (
	Closed              = iota // 连接关闭
	UnauthorizedAccess         // 无需认证
	OnlyPassword               // 仅需密码
	UsernameAndPassword        // 需要用户名和密码
)

服务器类型常量定义

View Source 
const (
	FCGI_RESPONDER uint8 = iota + 1
)

Variables

View Source 
var (
	UNIQUE_NAMES = map[string]string{
		"\x00": "WorkstationService",
		"\x03": "Messenger Service",
		"\x06": "RAS Server Service",
		"\x1F": "NetDDE Service",
		"\x20": "ServerService",
		"\x21": "RAS Client Service",
		"\xBE": "Network Monitor Agent",
		"\xBF": "Network Monitor Application",
		"\x1D": "Master Browser",
		"\x1B": "Domain Master Browser",
	}

	GROUP_NAMES = map[string]string{
		"\x00": "DomainName",
		"\x1C": "DomainControllers",
		"\x1E": "Browser Service Elections",
	}

	NetBIOS_ITEM_TYPE = map[string]string{
		"\x01\x00": "NetBiosComputerName",
		"\x02\x00": "NetBiosDomainName",
		"\x03\x00": "ComputerName",
		"\x04\x00": "DomainName",
		"\x05\x00": "DNS tree name",
		"\x07\x00": "Time stamp",
	}
	NegotiateSMBv1Data1 = []byte{}/* 137 elements not displayed */

	NegotiateSMBv1Data2 = []byte{}/* 270 elements not displayed */

)
View Source 
var (
	ClientHost string
)

Functions

func ActiveMQConn 

func ActiveMQConn(info *Common.HostInfo, user string, pass string) (bool, error)

ActiveMQConn 统一的连接测试函数

func ActiveMQScan 

func ActiveMQScan(info *Common.HostInfo) (tmperr error)

func AesDecrypt 

func AesDecrypt(crypted string, key string) (string, error)

AesDecrypt 使用AES-CBC模式解密字符串

func AesEncrypt 

func AesEncrypt(orig string, key string) (string, error)

AesEncrypt 使用AES-CBC模式加密字符串

func CassandraConn 

func CassandraConn(info *Common.HostInfo, user string, pass string) (bool, error)

CassandraConn 清理后的连接测试函数

func CassandraScan 

func CassandraScan(info *Common.HostInfo) (tmperr error)

func DCInfoScan 

func DCInfoScan(info *Common.HostInfo) (err error)

func ElasticConn 

func ElasticConn(info *Common.HostInfo, user string, pass string) (bool, error)

ElasticConn 尝试 Elasticsearch 连接

func ElasticScan 

func ElasticScan(info *Common.HostInfo) (tmperr error)

func Expoilt 

func Expoilt(realhost string, conn net.Conn) error

Expoilt 尝试Redis漏洞利用

func FcgiScan 

func FcgiScan(info *Common.HostInfo) error

FcgiScan 执行FastCGI服务器漏洞扫描

func Findnet 

func Findnet(info *Common.HostInfo) error

func FindnetScan 

func FindnetScan(info *Common.HostInfo) error

func FtpConn 

func FtpConn(info *Common.HostInfo, user string, pass string) (success bool, directories []string, err error)

FtpConn 建立FTP连接并尝试登录

func FtpScan 

func FtpScan(info *Common.HostInfo) (tmperr error)

func GOWebTitle 

func GOWebTitle(info *Common.HostInfo) (err error, CheckData []WebScan.CheckDatas)

GOWebTitle 获取网站标题并处理URL

func GetProtocol 

func GetProtocol(host string, Timeout int64) (protocol string)

GetProtocol 检测目标主机的协议类型(HTTP/HTTPS)

func HexUnicodeStringToString 

func HexUnicodeStringToString(src string) string

func IMAPConn 

func IMAPConn(info *Common.HostInfo, user string, pass string) (bool, error)

IMAPConn 连接测试函数

func IMAPScan 

func IMAPScan(info *Common.HostInfo) (tmperr error)

IMAPScan 主扫描函数

func KafkaConn 

func KafkaConn(info *Common.HostInfo, user string, pass string) (bool, error)

KafkaConn 尝试 Kafka 连接

func KafkaScan 

func KafkaScan(info *Common.HostInfo) (tmperr error)

func LDAPConn 

func LDAPConn(info *Common.HostInfo, user string, pass string) (bool, error)

func LDAPScan 

func LDAPScan(info *Common.HostInfo) (tmperr error)

func LocalInfoScan 

func LocalInfoScan(info *Common.HostInfo) (err error)

LocalInfoScan 本地信息收集主函数

func MS17010 

func MS17010(info *Common.HostInfo) error

MS17010 扫描入口函数

func MS17010EXP 

func MS17010EXP(info *Common.HostInfo)

MS17010EXP 执行MS17-010漏洞利用

func MS17010Scan 

func MS17010Scan(info *Common.HostInfo) error

func MemcachedScan 

func MemcachedScan(info *Common.HostInfo) error

MemcachedScan 检测Memcached未授权访问

func MiniDump 

func MiniDump(info *Common.HostInfo) (err error)

func ModbusScan 

func ModbusScan(info *Common.HostInfo) error

ModbusScan 执行 Modbus 服务扫描

func MongodbScan 

func MongodbScan(info *Common.HostInfo) error

MongodbScan 执行MongoDB未授权扫描

func MongodbUnauth 

func MongodbUnauth(info *Common.HostInfo) (bool, error)

MongodbUnauth 检测MongoDB未授权访问

func MssqlConn 

func MssqlConn(info *Common.HostInfo, user string, pass string) (bool, error)

MssqlConn 尝试MSSQL连接

func MssqlScan 

func MssqlScan(info *Common.HostInfo) (tmperr error)

MssqlScan 执行MSSQL服务扫描

func MysqlConn 

func MysqlConn(info *Common.HostInfo, user string, pass string) (bool, error)

MysqlConn 尝试MySQL连接

func MysqlScan 

func MysqlScan(info *Common.HostInfo) (tmperr error)

MysqlScan 执行MySQL服务扫描

func Neo4jConn 

func Neo4jConn(info *Common.HostInfo, user string, pass string) (bool, error)

Neo4jConn 尝试 Neo4j 连接

func Neo4jScan 

func Neo4jScan(info *Common.HostInfo) (tmperr error)

func NetBIOS 

func NetBIOS(info *Common.HostInfo) error

func OracleConn 

func OracleConn(info *Common.HostInfo, user string, pass string) (bool, error)

OracleConn 尝试Oracle连接

func OracleScan 

func OracleScan(info *Common.HostInfo) (tmperr error)

func PKCS7Padding 

func PKCS7Padding(data []byte, blockSize int) []byte

PKCS7Padding 对数据进行PKCS7填充

func PKCS7UnPadding 

func PKCS7UnPadding(data []byte) ([]byte, error)

PKCS7UnPadding 去除PKCS7填充

func POP3Conn 

func POP3Conn(info *Common.HostInfo, user string, pass string) (success bool, isTLS bool, err error)

func POP3Scan 

func POP3Scan(info *Common.HostInfo) (tmperr error)

func PostgresConn 

func PostgresConn(info *Common.HostInfo, user string, pass string) (bool, error)

PostgresConn 尝试PostgreSQL连接

func PostgresScan 

func PostgresScan(info *Common.HostInfo) (tmperr error)

PostgresScan 执行PostgreSQL服务扫描

func RabbitMQConn 

func RabbitMQConn(info *Common.HostInfo, user string, pass string) (bool, error)

RabbitMQConn 尝试 RabbitMQ 连接

func RabbitMQScan 

func RabbitMQScan(info *Common.HostInfo) (tmperr error)

RabbitMQScan 执行 RabbitMQ 服务扫描

func RdpConn 

func RdpConn(ip, domain, user, password string, port int, timeout int64) (bool, error)

RdpConn 尝试RDP连接

func RdpScan 

func RdpScan(info *Common.HostInfo) (tmperr error)

RdpScan 执行RDP服务扫描

func ReadBytes 

func ReadBytes(conn net.Conn) ([]byte, error)

ReadBytes 从连接读取数据直到EOF或错误

func Readfile 

func Readfile(filename string) (string, error)

Readfile 读取文件内容并返回第一个非空行

func RedisConn 

func RedisConn(info *Common.HostInfo, pass string) (bool, error)

RedisConn 尝试Redis连接

func RedisScan 

func RedisScan(info *Common.HostInfo) error

func RedisUnauth 

func RedisUnauth(info *Common.HostInfo) (flag bool, err error)

RedisUnauth 尝试Redis未授权访问检测

func RsyncConn 

func RsyncConn(info *Common.HostInfo, user string, pass string) (bool, error)

func RsyncScan 

func RsyncScan(info *Common.HostInfo) (tmperr error)

func SNMPConnect 

func SNMPConnect(info *Common.HostInfo, community string, portNum int) (bool, string, error)

SNMPConnect 尝试SNMP连接

func SNMPScan 

func SNMPScan(info *Common.HostInfo) (tmperr error)

SNMPScan 执行SNMP服务扫描

func Smb2Con 

func Smb2Con(info *Common.HostInfo, user string, pass string, hash []byte, hasprint bool) (flag bool, err error, flag2 bool)

Smb2Con 尝试SMB2连接并进行认证,检查共享访问权限

func SmbGhost 

func SmbGhost(info *Common.HostInfo) error

SmbGhost 检测SMB Ghost漏洞(CVE-2020-0796)的入口函数

func SmbGhostScan 

func SmbGhostScan(info *Common.HostInfo) error

SmbGhostScan 执行具体的SMB Ghost漏洞检测逻辑

func SmbScan 

func SmbScan(info *Common.HostInfo) (tmperr error)

func SmbScan2 

func SmbScan2(info *Common.HostInfo) (tmperr error)

SmbScan2 执行SMB2服务的认证扫描,支持密码和哈希两种认证方式

func SmblConn 

func SmblConn(info *Common.HostInfo, user string, pass string, signal chan struct{}) (flag bool, err error)

func SmtpConn 

func SmtpConn(info *Common.HostInfo, user string, pass string) (bool, error)

SmtpConn 尝试 SMTP 连接

func SmtpScan 

func SmtpScan(info *Common.HostInfo) (tmperr error)

SmtpScan 执行 SMTP 服务扫描

func SshConn 

func SshConn(info *Common.HostInfo, user string, pass string) (flag bool, err error)

func SshScan 

func SshScan(info *Common.HostInfo) (tmperr error)

func TelnetScan 

func TelnetScan(info *Common.HostInfo) (tmperr error)

TelnetScan 执行Telnet服务扫描和密码爆破

func VncConn 

func VncConn(info *Common.HostInfo, pass string) (flag bool, err error)

VncConn 尝试建立VNC连接

func VncScan 

func VncScan(info *Common.HostInfo) (tmperr error)

func WMIExec 

func WMIExec(target, username, password, hash, domain, command string) (flag bool, err error)

func WebPoc 

func WebPoc(info *Common.HostInfo) error

WebPoc 直接执行Web漏洞扫描

func WebTitle 

func WebTitle(info *Common.HostInfo) error

WebTitle 获取Web标题和指纹信息

func WmiExec 

func WmiExec(info *Common.HostInfo) (tmperr error)

func Wmiexec 

func Wmiexec(info *Common.HostInfo, user string, pass string, hash string) (flag bool, err error)

Types

type Brutelist 

type Brutelist struct {
	// contains filtered or unexported fields
}

Brutelist 表示暴力破解的用户名密码组合

type Client 

type Client struct {
	Host string // 服务地址(ip:port)
	// contains filtered or unexported fields
}

Client RDP客户端结构

func NewClient 

func NewClient(host string, logLevel glog.LEVEL) *Client

NewClient 创建新的RDP客户端

func (*Client) Login 

func (g *Client) Login(domain, user, pwd string, timeout int64) error

Login 执行RDP登录

type FCGIClient 

type FCGIClient struct {
	// contains filtered or unexported fields
}

func New 

func New(addr string, timeout int64) (fcgi *FCGIClient, err error)

func (*FCGIClient) Request 

func (c *FCGIClient) Request(env map[string]string, reqStr string) (retout []byte, reterr []byte, err error)

type NetBiosInfo 

type NetBiosInfo struct {
	GroupName          string
	WorkstationService string `yaml:"WorkstationService"`
	ServerService      string `yaml:"ServerService"`
	DomainName         string `yaml:"DomainName"`
	DomainControllers  string `yaml:"DomainControllers"`
	ComputerName       string `yaml:"ComputerName"`
	OsVersion          string `yaml:"OsVersion"`
	NetDomainName      string `yaml:"NetBiosDomainName"`
	NetComputerName    string `yaml:"NetBiosComputerName"`
}

func GetNbnsname 

func GetNbnsname(info *Common.HostInfo) (netbios NetBiosInfo, err error)

func JoinNetBios 

func JoinNetBios(netbios1, netbios2 *NetBiosInfo) *NetBiosInfo

func NetBIOS1 

func NetBIOS1(info *Common.HostInfo) (netbios NetBiosInfo, err error)

func ParseNTLM 

func ParseNTLM(ret []byte) (netbios NetBiosInfo, err error)

func ParseNetBios 

func ParseNetBios(input []byte) (netbios NetBiosInfo, err error)

func (*NetBiosInfo) String 

func (info *NetBiosInfo) String() (output string)

type TelnetClient 

type TelnetClient struct {
	IPAddr   string // 服务器IP地址
	Port     string // 服务器端口
	UserName string // 用户名
	Password string // 密码

	LastResponse string // 最近一次响应内容
	ServerType   int    // 服务器类型
	// contains filtered or unexported fields
}

TelnetClient Telnet客户端结构体

func NewTelnet 

func NewTelnet(addr, port string) *TelnetClient

NewTelnet 创建新的Telnet客户端实例

func (*TelnetClient) Clear 

func (c *TelnetClient) Clear()

Clear 清空最近一次响应

func (*TelnetClient) Close 

func (c *TelnetClient) Close()

Close 关闭Telnet连接

func (*TelnetClient) Connect 

func (c *TelnetClient) Connect() error

Connect 建立Telnet连接

func (*TelnetClient) Login 

func (c *TelnetClient) Login() error

Login 根据服务器类型执行登录

func (*TelnetClient) MakeReply 

func (c *TelnetClient) MakeReply(command []byte) []byte

MakeReply 根据命令生成对应的回复

func (*TelnetClient) MakeReplyFromList 

func (c *TelnetClient) MakeReplyFromList(list [][]byte) []byte

MakeReplyFromList 处理命令列表并生成回复

func (*TelnetClient) MakeServerType 

func (c *TelnetClient) MakeServerType() int

MakeServerType 通过分析服务器响应判断服务器类型

func (*TelnetClient) Netloc 

func (c *TelnetClient) Netloc() string

Netloc 获取网络地址字符串

func (*TelnetClient) ReadContext 

func (c *TelnetClient) ReadContext() string

ReadContext 读取Telnet连接返回的内容

func (*TelnetClient) SerializationResponse 

func (c *TelnetClient) SerializationResponse(responseBuf []byte) (displayBuf []byte, commandList [][]byte)

SerializationResponse 解析Telnet响应数据

func (*TelnetClient) WriteContext 

func (c *TelnetClient) WriteContext(s string)

WriteContext 写入数据到Telnet连接

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.