package main
import (
"github.com/shadow1ng/fscan/Plugins"
"github.com/shadow1ng/fscan/common"
)
func main() {
var Info common.HostInfo
common.Flag(&Info)
common.Parse(&Info)
Plugins.Scan(Info)
print("scan end\n")
}
1、var Info common.HostInfo
实例化 common/config.go 中HostInfo结构体,包含host,port,url等。(主要为与主机相关的参数)
type HostInfo struct {
Host string
Ports string
Domain string
Url string
Path string
Timeout int64
Scantype string
Command string
SshKey string
Username string
Password string
Usernames []string
Passwords []string
Infostr []string
Hash string
}
2、common.Flag(&Info)
将info结构体指针传入common/flag.go,进行接受参数
func Flag(Info *HostInfo) {
Banner()
flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24")
flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389")
flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445")
flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
flag.StringVar(&Info.SshKey, "sshkey", "", "sshkey file (id_rsa)")
flag.StringVar(&Info.Domain, "domain", "", "smb domain")
flag.StringVar(&Info.Username, "user", "", "username")
flag.StringVar(&Info.Password, "pwd", "", "password")
flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
flag.StringVar(&Info.Path, "path", "", "fcgi、smb romote file path")
flag.IntVar(&Threads, "t", 600, "Thread nums")
flag.StringVar(&HostFile, "hf", "", "host file, -hf ip.txt")
flag.StringVar(&Userfile, "userf", "", "username file")
flag.StringVar(&Passfile, "pwdf", "", "password file")
flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
flag.BoolVar(&IsWebCan, "nopoc", false, "not to scan web vul")
flag.BoolVar(&IsBrute, "nobr", false, "not to Brute password")
flag.BoolVar(&IsPing, "np", false, "not to ping")
flag.BoolVar(&Ping, "ping", false, "using ping replace icmp")
flag.StringVar(&TmpOutputfile, "o", "result.txt", "Outputfile")
flag.BoolVar(&TmpSave, "no", false, "not to save output log")
flag.Int64Var(&WaitTime, "debug", 60, "every time to LogErr")
flag.BoolVar(&Silent, "silent", false, "silent scan")
flag.StringVar(&URL, "u", "", "url")
flag.StringVar(&UrlFile, "uf", "", "urlfile")
flag.StringVar(&Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
flag.StringVar(&Pocinfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
flag.StringVar(&Pocinfo.Cookie, "cookie", "", "set poc cookie")
flag.Int64Var(&Pocinfo.Timeout, "wt", 5, "Set web timeout")
flag.IntVar(&Pocinfo.Num, "num", 20, "poc rate")
flag.Parse()
}
3、common.Parse(&Info)
将接受到主机信息传入Parse处理,依次处理扫描类型,
ParseScantype(Info) 主要处理 -m参数,选择扫描类 型
ParseUser(Info) 处理爆破时的用户名、用户名文件,-user、-userf
ParsePass(Info ) 处理爆破时的密码,密码文件,-pwd,-pwdf
ParseInput(Info) 处理目标 host、url、保存文件的路径、是否保存日志文件、扫描端口
2、fscan处理参数
func Parse(Info *HostInfo) {
ParseScantype(Info)
ParseUser(Info)
ParsePass(Info)
ParseInput(Info)
}