README
¶
服务扫描插件目录
本目录包含所有服务扫描插件,采用简化的单文件插件架构。
已实现插件
数据库服务
mysql.go- MySQL数据库扫描postgresql.go- PostgreSQL数据库扫描redis.go- Redis内存数据库扫描mongodb.go- MongoDB文档数据库扫描mssql.go- Microsoft SQL Server扫描oracle.go- Oracle数据库扫描memcached.go- Memcached缓存扫描neo4j.go- Neo4j图数据库扫描
消息队列服务
rabbitmq.go- RabbitMQ消息队列扫描activemq.go- ActiveMQ消息队列扫描kafka.go- Apache Kafka扫描
网络服务
ssh.go- SSH远程登录服务扫描ftp.go- FTP文件传输服务扫描telnet.go- Telnet远程终端服务扫描smtp.go- SMTP邮件服务扫描snmp.go- SNMP网络管理协议扫描ldap.go- LDAP目录服务扫描rsync.go- Rsync文件同步服务扫描
Windows服务
findnet.go- Windows网络发现插件 (RPC端点映射)smbinfo.go- SMB协议信息收集插件
其他服务
vnc.go- VNC远程桌面服务扫描cassandra.go- Apache Cassandra数据库扫描
插件特性
每个插件都包含:
- ✅ 服务识别功能
- ✅ 弱密码检测功能
- ✅ 完整的利用功能
- ✅ 错误处理和超时控制
- ✅ 统一的结果输出格式
开发规范
所有插件都遵循 ../README.md 中定义的开发规范。
Documentation
¶
Index ¶
- Variables
- func RegisterPluginWithPorts(name string, factory func() Plugin, ports []int)
- type ActiveMQPlugin
- type AuthFunc
- type AuthResult
- type CassandraPlugin
- type ConcurrentTestConfig
- type Credential
- type ElasticsearchPlugin
- type ErrorClassifier
- type ErrorType
- type ExploitResult
- type Exploiter
- type FTPPlugin
- type FindNetPlugin
- type KafkaPlugin
- type LDAPPlugin
- type MS17010Plugin
- type MSSQLPlugin
- type MemcachedPlugin
- type MongoDBPlugin
- type MySQLPlugin
- type Neo4jPlugin
- type NetBIOSInfo
- type NetBIOSPlugin
- type NetworkInfo
- type OraclePlugin
- type Plugin
- type PostgreSQLPlugin
- type RDPPlugin
- type RabbitMQPlugin
- type RedisPlugin
- type RsyncPlugin
- type SMB1Authenticator
- type SMB2Authenticator
- type SMBAuthenticator
- type SMBProtocol
- type SMBTarget
- type SMBVuln
- type SMTPPlugin
- type SQLDBWrapper
- type SSHPlugin
- type ScanResult
- type SmbPlugin
- type TelnetPlugin
- type VNCPlugin
Constants ¶
This section is empty.
Variables ¶
View Source
var CommonAuthErrors = []string{
"unable to authenticate",
"authentication failed",
"permission denied",
"access denied",
"invalid credentials",
"bad password",
"login incorrect",
}
CommonAuthErrors 常见的认证错误关键词
View Source
var CommonNetworkErrors = []string{
"connection reset by peer",
"connection refused",
"timeout",
"network unreachable",
"broken pipe",
"no route to host",
"connection timed out",
"i/o timeout",
"connection aborted",
"host is down",
}
CommonNetworkErrors 常见的网络错误关键词
View Source
var GenerateCredentials = plugins.GenerateCredentials
Functions ¶
func RegisterPluginWithPorts ¶
RegisterPluginWithPorts 高效注册:直接传递端口信息,避免实例创建
Types ¶
type ActiveMQPlugin ¶
type ActiveMQPlugin struct {
plugins.BasePlugin
}
ActiveMQPlugin ActiveMQ扫描插件
func NewActiveMQPlugin ¶
func NewActiveMQPlugin() *ActiveMQPlugin
func (*ActiveMQPlugin) Scan ¶
func (p *ActiveMQPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type AuthFunc ¶
type AuthFunc func(ctx context.Context, cred Credential) *AuthResult
AuthFunc 认证函数类型 执行实际的连接和认证操作 返回的 Conn 在成功时由调用者负责关闭
type AuthResult ¶
type AuthResult struct {
Success bool
Conn io.Closer // 成功时的连接,需要调用者关闭
ErrorType ErrorType
Error error
}
AuthResult 认证结果
func TestSingleCredential ¶
func TestSingleCredential(ctx context.Context, cred Credential, authFn AuthFunc) *AuthResult
TestSingleCredential 安全地测试单个凭据 正确处理 context 取消时的资源清理
type CassandraPlugin ¶
type CassandraPlugin struct {
plugins.BasePlugin
}
CassandraPlugin Cassandra扫描插件
func NewCassandraPlugin ¶
func NewCassandraPlugin() *CassandraPlugin
func (*CassandraPlugin) Scan ¶
func (p *CassandraPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type ConcurrentTestConfig ¶
type ConcurrentTestConfig struct {
Concurrency int // 并发数,默认 10
MaxRetries int // 最大重试次数,默认 3
RetryDelay time.Duration // 重试延迟,默认 1s
MaxConsecutiveNetErrors int // 连续网络错误阈值,超过则认为目标不可达,默认 5
TargetAddr string // 目标地址 host:port,用于 TCP 预检(可选)
}
ConcurrentTestConfig 并发测试配置
func DefaultConcurrentTestConfig ¶
func DefaultConcurrentTestConfig(config *common.Config) ConcurrentTestConfig
DefaultConcurrentTestConfig 默认配置
func DefaultConcurrentTestConfigWithTarget ¶
func DefaultConcurrentTestConfigWithTarget(config *common.Config, info *common.HostInfo) ConcurrentTestConfig
DefaultConcurrentTestConfigWithTarget 带目标预检的默认配置
type Credential ¶
type Credential = plugins.Credential
type ElasticsearchPlugin ¶
type ElasticsearchPlugin struct {
plugins.BasePlugin
}
func NewElasticsearchPlugin ¶
func NewElasticsearchPlugin() *ElasticsearchPlugin
func (*ElasticsearchPlugin) Scan ¶
func (p *ElasticsearchPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type ExploitResult ¶
type ExploitResult = plugins.ExploitResult
type FTPPlugin ¶
type FTPPlugin struct {
plugins.BasePlugin
}
FTPPlugin FTP扫描插件
func NewFTPPlugin ¶
func NewFTPPlugin() *FTPPlugin
func (*FTPPlugin) Scan ¶
func (p *FTPPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type FindNetPlugin ¶
type FindNetPlugin struct {
plugins.BasePlugin
}
FindNetPlugin Windows网络发现插件 - 通过RPC端点映射服务收集网络信息
func (*FindNetPlugin) Scan ¶
func (p *FindNetPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
Scan 执行FindNet扫描 - Windows网络信息收集
type KafkaPlugin ¶
type KafkaPlugin struct {
plugins.BasePlugin
}
KafkaPlugin Kafka扫描插件
func NewKafkaPlugin ¶
func NewKafkaPlugin() *KafkaPlugin
func (*KafkaPlugin) Scan ¶
func (p *KafkaPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type LDAPPlugin ¶
type LDAPPlugin struct {
plugins.BasePlugin
}
LDAPPlugin LDAP扫描插件
func NewLDAPPlugin ¶
func NewLDAPPlugin() *LDAPPlugin
func (*LDAPPlugin) Scan ¶
func (p *LDAPPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type MS17010Plugin ¶
type MS17010Plugin struct {
plugins.BasePlugin
}
MS17010Plugin MS17-010漏洞检测和利用插件 - 保持完整的原始利用功能
func (*MS17010Plugin) Exploit ¶
func (p *MS17010Plugin) Exploit(ctx context.Context, info *common.HostInfo, creds Credential, session *common.ScanSession) *ExploitResult
Exploit 执行MS17-010漏洞利用
func (*MS17010Plugin) Scan ¶
func (p *MS17010Plugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
Scan 执行MS17-010扫描
type MSSQLPlugin ¶
type MSSQLPlugin struct {
plugins.BasePlugin
}
MSSQLPlugin MSSQL扫描插件
func NewMSSQLPlugin ¶
func NewMSSQLPlugin() *MSSQLPlugin
func (*MSSQLPlugin) Scan ¶
func (p *MSSQLPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type MemcachedPlugin ¶
type MemcachedPlugin struct {
plugins.BasePlugin
}
MemcachedPlugin Memcached扫描插件
func NewMemcachedPlugin ¶
func NewMemcachedPlugin() *MemcachedPlugin
func (*MemcachedPlugin) Scan ¶
func (p *MemcachedPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type MongoDBPlugin ¶
type MongoDBPlugin struct {
plugins.BasePlugin
}
MongoDBPlugin MongoDB扫描插件
func NewMongoDBPlugin ¶
func NewMongoDBPlugin() *MongoDBPlugin
func (*MongoDBPlugin) Scan ¶
func (p *MongoDBPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type MySQLPlugin ¶
type MySQLPlugin struct {
plugins.BasePlugin
}
MySQLPlugin MySQL数据库扫描插件
func NewMySQLPlugin ¶
func NewMySQLPlugin() *MySQLPlugin
func (*MySQLPlugin) Scan ¶
func (p *MySQLPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type Neo4jPlugin ¶
type Neo4jPlugin struct {
plugins.BasePlugin
}
Neo4jPlugin Neo4j扫描插件
func NewNeo4jPlugin ¶
func NewNeo4jPlugin() *Neo4jPlugin
func (*Neo4jPlugin) Scan ¶
func (p *Neo4jPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type NetBIOSInfo ¶
type NetBIOSInfo struct {
Valid bool
ComputerName string
DomainName string
WorkstationService string
ServerService string
DomainControllers string
OSVersion string
NetBIOSComputerName string
NetBIOSDomainName string
}
NetBIOSInfo NetBIOS信息结构
type NetBIOSPlugin ¶
type NetBIOSPlugin struct {
plugins.BasePlugin
}
NetBIOSPlugin NetBIOS名称服务扫描插件 - 收集Windows主机名和域信息
func (*NetBIOSPlugin) Scan ¶
func (p *NetBIOSPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
Scan 执行NetBIOS扫描 - 收集Windows主机和域信息
type NetworkInfo ¶
NetworkInfo 网络信息结构
type OraclePlugin ¶
type OraclePlugin struct {
plugins.BasePlugin
}
OraclePlugin Oracle扫描插件
func NewOraclePlugin ¶
func NewOraclePlugin() *OraclePlugin
func (*OraclePlugin) Scan ¶
func (p *OraclePlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type Plugin ¶
type Plugin interface {
Name() string
Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
}
插件接口定义 - 统一命名风格
type PostgreSQLPlugin ¶
type PostgreSQLPlugin struct {
plugins.BasePlugin
}
PostgreSQLPlugin PostgreSQL扫描插件
func NewPostgreSQLPlugin ¶
func NewPostgreSQLPlugin() *PostgreSQLPlugin
func (*PostgreSQLPlugin) Scan ¶
func (p *PostgreSQLPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type RDPPlugin ¶
type RDPPlugin struct {
plugins.BasePlugin
}
RDPPlugin RDP远程桌面服务扫描插件 - 真实RDP认证和系统指纹识别
func (*RDPPlugin) Scan ¶
func (p *RDPPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
Scan 执行RDP扫描 - 系统指纹识别 + 真实暴力破解
type RabbitMQPlugin ¶
type RabbitMQPlugin struct {
plugins.BasePlugin
}
RabbitMQPlugin RabbitMQ扫描插件
func NewRabbitMQPlugin ¶
func NewRabbitMQPlugin() *RabbitMQPlugin
func (*RabbitMQPlugin) Scan ¶
func (p *RabbitMQPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type RedisPlugin ¶
type RedisPlugin struct {
plugins.BasePlugin
}
RedisPlugin Redis数据库扫描和利用插件
func (*RedisPlugin) Scan ¶
func (p *RedisPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
Scan 执行Redis扫描
type RsyncPlugin ¶
type RsyncPlugin struct {
plugins.BasePlugin
}
RsyncPlugin Rsync扫描插件
func NewRsyncPlugin ¶
func NewRsyncPlugin() *RsyncPlugin
func (*RsyncPlugin) Scan ¶
func (p *RsyncPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type SMB1Authenticator ¶
type SMB1Authenticator struct{}
SMB1Authenticator SMB1认证器
func (*SMB1Authenticator) Authenticate ¶
func (a *SMB1Authenticator) Authenticate(ctx context.Context, host string, port int, cred Credential, domain string, timeout time.Duration, session *common.ScanSession) (*AuthResult, error)
Authenticate 执行SMB1认证
func (*SMB1Authenticator) ListShares ¶
func (a *SMB1Authenticator) ListShares(ctx context.Context, host string, port int, cred Credential, domain string, timeout time.Duration, session *common.ScanSession) ([]string, error)
ListShares 列举SMB共享(SMB1使用SMB2库列举)
type SMB2Authenticator ¶
type SMB2Authenticator struct{}
SMB2Authenticator SMB2认证器
func (*SMB2Authenticator) Authenticate ¶
func (a *SMB2Authenticator) Authenticate(ctx context.Context, host string, port int, cred Credential, domain string, timeout time.Duration, session *common.ScanSession) (*AuthResult, error)
Authenticate 执行SMB2认证
func (*SMB2Authenticator) ListShares ¶
func (a *SMB2Authenticator) ListShares(ctx context.Context, host string, port int, cred Credential, domain string, timeout time.Duration, session *common.ScanSession) ([]string, error)
ListShares 列举SMB2共享
type SMBAuthenticator ¶
type SMBAuthenticator interface {
Authenticate(ctx context.Context, host string, port int, cred Credential, domain string, timeout time.Duration, session *common.ScanSession) (*AuthResult, error)
}
SMBAuthenticator 统一认证接口
type SMBProtocol ¶
type SMBProtocol int
SMBProtocol SMB协议版本
const ( SMBProtocolUnknown SMBProtocol = iota SMBProtocol1 SMBProtocol2 )
func (SMBProtocol) String ¶
func (p SMBProtocol) String() string
type SMBTarget ¶
type SMBTarget struct {
Protocol SMBProtocol
ComputerName string
DomainName string
OSVersion string
NativeOS string
NativeLM string
NTLMFlags []string
Vulnerable *SMBVuln
}
SMBTarget 目标信息(一次探测,到处使用)
type SMTPPlugin ¶
type SMTPPlugin struct {
plugins.BasePlugin
}
SMTPPlugin SMTP扫描插件
func NewSMTPPlugin ¶
func NewSMTPPlugin() *SMTPPlugin
func (*SMTPPlugin) Scan ¶
func (p *SMTPPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type SQLDBWrapper ¶
SQLDBWrapper 包装 sql.DB 以实现 io.Closer 用于 MySQL、PostgreSQL、MSSQL、Oracle 等数据库插件的连接返回
func (*SQLDBWrapper) Close ¶
func (w *SQLDBWrapper) Close() error
type SSHPlugin ¶
type SSHPlugin struct {
plugins.BasePlugin
}
SSHPlugin SSH扫描插件
func (*SSHPlugin) Scan ¶
func (p *SSHPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
Scan 执行SSH扫描
type ScanResult ¶
func TestCredentialsConcurrently ¶
func TestCredentialsConcurrently( ctx context.Context, credentials []Credential, authFn AuthFunc, serviceName string, testConfig ConcurrentTestConfig, ) *ScanResult
TestCredentialsConcurrently 并发测试多个凭据 找到成功凭据后立即通知其他 worker 停止
type SmbPlugin ¶
type SmbPlugin struct {
plugins.BasePlugin
}
SmbPlugin 统一SMB检测插件 融合了原有的 smb, smb2, smbinfo, smbghost 四个插件
func NewSmbPlugin ¶
func NewSmbPlugin() *SmbPlugin
type TelnetPlugin ¶
type TelnetPlugin struct {
plugins.BasePlugin
}
TelnetPlugin Telnet扫描插件
func NewTelnetPlugin ¶
func NewTelnetPlugin() *TelnetPlugin
func (*TelnetPlugin) Scan ¶
func (p *TelnetPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
type VNCPlugin ¶
type VNCPlugin struct {
plugins.BasePlugin
}
VNCPlugin VNC扫描插件
func NewVNCPlugin ¶
func NewVNCPlugin() *VNCPlugin
func (*VNCPlugin) Scan ¶
func (p *VNCPlugin) Scan(ctx context.Context, info *common.HostInfo, session *common.ScanSession) *ScanResult
Source Files
¶
Click to show internal directories.
Click to hide internal directories.