1. package main
  2. import (
  3. "github.com/shadow1ng/fscan/Plugins"
  4. "github.com/shadow1ng/fscan/common"
  5. )
  6. func main() {
  7. var Info common.HostInfo
  8. common.Flag(&Info)
  9. common.Parse(&Info)
  10. Plugins.Scan(Info)
  11. print("scan end\n")
  12. }

1、var Info common.HostInfo

实例化 common/config.go 中HostInfo结构体,包含host,port,url等。(主要为与主机相关的参数)

  1. type HostInfo struct {
  2. Host string
  3. Ports string
  4. Domain string
  5. Url string
  6. Path string
  7. Timeout int64
  8. Scantype string
  9. Command string
  10. SshKey string
  11. Username string
  12. Password string
  13. Usernames []string
  14. Passwords []string
  15. Infostr []string
  16. Hash string
  17. }

2、common.Flag(&Info)

将info结构体指针传入common/flag.go,进行接受参数

  1. func Flag(Info *HostInfo) {
  2. Banner()
  3. flag.StringVar(&Info.Host, "h", "", "IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12")
  4. flag.StringVar(&NoHosts, "hn", "", "the hosts no scan,as: -hn 192.168.1.1/24")
  5. flag.StringVar(&Info.Ports, "p", DefaultPorts, "Select a port,for example: 22 | 1-65535 | 22,80,3306")
  6. flag.StringVar(&PortAdd, "pa", "", "add port base DefaultPorts,-pa 3389")
  7. flag.StringVar(&NoPorts, "pn", "", "the ports no scan,as: -pn 445")
  8. flag.StringVar(&Info.Command, "c", "", "exec command (ssh)")
  9. flag.StringVar(&Info.SshKey, "sshkey", "", "sshkey file (id_rsa)")
  10. flag.StringVar(&Info.Domain, "domain", "", "smb domain")
  11. flag.StringVar(&Info.Username, "user", "", "username")
  12. flag.StringVar(&Info.Password, "pwd", "", "password")
  13. flag.Int64Var(&Info.Timeout, "time", 3, "Set timeout")
  14. flag.StringVar(&Info.Scantype, "m", "all", "Select scan type ,as: -m ssh")
  15. flag.StringVar(&Info.Path, "path", "", "fcgi、smb romote file path")
  16. flag.IntVar(&Threads, "t", 600, "Thread nums")
  17. flag.StringVar(&HostFile, "hf", "", "host file, -hf ip.txt")
  18. flag.StringVar(&Userfile, "userf", "", "username file")
  19. flag.StringVar(&Passfile, "pwdf", "", "password file")
  20. flag.StringVar(&RedisFile, "rf", "", "redis file to write sshkey file (as: -rf id_rsa.pub) ")
  21. flag.StringVar(&RedisShell, "rs", "", "redis shell to write cron file (as: -rs 192.168.1.1:6666) ")
  22. flag.BoolVar(&IsWebCan, "nopoc", false, "not to scan web vul")
  23. flag.BoolVar(&IsBrute, "nobr", false, "not to Brute password")
  24. flag.BoolVar(&IsPing, "np", false, "not to ping")
  25. flag.BoolVar(&Ping, "ping", false, "using ping replace icmp")
  26. flag.StringVar(&TmpOutputfile, "o", "result.txt", "Outputfile")
  27. flag.BoolVar(&TmpSave, "no", false, "not to save output log")
  28. flag.Int64Var(&WaitTime, "debug", 60, "every time to LogErr")
  29. flag.BoolVar(&Silent, "silent", false, "silent scan")
  30. flag.StringVar(&URL, "u", "", "url")
  31. flag.StringVar(&UrlFile, "uf", "", "urlfile")
  32. flag.StringVar(&Pocinfo.PocName, "pocname", "", "use the pocs these contain pocname, -pocname weblogic")
  33. flag.StringVar(&Pocinfo.Proxy, "proxy", "", "set poc proxy, -proxy http://127.0.0.1:8080")
  34. flag.StringVar(&Pocinfo.Cookie, "cookie", "", "set poc cookie")
  35. flag.Int64Var(&Pocinfo.Timeout, "wt", 5, "Set web timeout")
  36. flag.IntVar(&Pocinfo.Num, "num", 20, "poc rate")
  37. flag.Parse()
  38. }

3、common.Parse(&Info)

将接受到主机信息传入Parse处理,依次处理扫描类型,
ParseScantype(Info) 主要处理 -m参数,选择扫描类 型
ParseUser(Info) 处理爆破时的用户名、用户名文件,-user、-userf
ParsePass(Info ) 处理爆破时的密码,密码文件,-pwd,-pwdf
ParseInput(Info) 处理目标 host、url、保存文件的路径、是否保存日志文件、扫描端口
2、fscan处理参数

  1. func Parse(Info *HostInfo) {
  2. ParseScantype(Info)
  3. ParseUser(Info)
  4. ParsePass(Info)
  5. ParseInput(Info)
  6. }

4、Plugins.Scan(Info) 开始扫描