Update 1.8.3

shadow1ng · Nov 13, 2023 · 6bf396d · 6bf396d
1 parent 7f7ae9d
commit 6bf396d
Show file tree

Hide file tree

Showing 24 changed files with 420 additions and 124 deletions.
diff --git a/Plugins/CVE-2020-0796.go b/Plugins/CVE-2020-0796.go
@@ -106,11 +106,7 @@ func SmbGhostScan(info *common.HostInfo) error {
 	ip, port, timeout := info.Host, 445, time.Duration(common.Timeout)*time.Second
 	addr := fmt.Sprintf("%s:%v", info.Host, port)
 	conn, err := common.WrapperTcpWithTimeout("tcp", addr, timeout)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
+	defer conn.Close()
 	if err != nil {
 		return err
 	}

diff --git a/Plugins/NetBIOS.go b/Plugins/NetBIOS.go
@@ -18,7 +18,7 @@ func NetBIOS(info *common.HostInfo) error {
 	netbios, _ := NetBIOS1(info)
 	output := netbios.String()
 	if len(output) > 0 {
-		result := fmt.Sprintf("[*] NetBios: %-15s %s", info.Host, output)
+		result := fmt.Sprintf("[*] NetBios %-15s %s", info.Host, output)
 		common.LogSuccess(result)
 		return nil
 	}
@@ -41,11 +41,7 @@ func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) {
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
 	var conn net.Conn
 	conn, err = common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
+	defer conn.Close()
 	if err != nil {
 		return
 	}
@@ -93,11 +89,7 @@ func GetNbnsname(info *common.HostInfo) (netbios NetBiosInfo, err error) {
 	//senddata1 := []byte("ff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01")
 	realhost := fmt.Sprintf("%s:137", info.Host)
 	conn, err := net.DialTimeout("udp", realhost, time.Duration(common.Timeout)*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
+	defer conn.Close()
 	if err != nil {
 		return
 	}

diff --git a/Plugins/fcgiscan.go b/Plugins/fcgiscan.go
@@ -96,16 +96,16 @@ func FcgiScan(info *common.HostInfo) {
 	if strings.Contains(output, cutLine) { //命令成功回显
 		output = strings.SplitN(output, cutLine, 2)[0]
 		if len(stderr) > 0 {
-			result = fmt.Sprintf("[+] FCGI: %v:%v \n%vstderr:%v\nplesa try other path,as -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr))
+			result = fmt.Sprintf("[+] FCGI %v:%v \n%vstderr:%v\nplesa try other path,as -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr))
 		} else {
-			result = fmt.Sprintf("[+] FCGI: %v:%v \n%v", info.Host, info.Ports, output)
+			result = fmt.Sprintf("[+] FCGI %v:%v \n%v", info.Host, info.Ports, output)
 		}
 		common.LogSuccess(result)
 	} else if strings.Contains(output, "File not found") || strings.Contains(output, "Content-type") || strings.Contains(output, "Status") {
 		if len(stderr) > 0 {
-			result = fmt.Sprintf("[+] FCGI:%v:%v \n%vstderr:%v\nplesa try other path,as -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr))
+			result = fmt.Sprintf("[+] FCGI %v:%v \n%vstderr:%v\nplesa try other path,as -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr))
 		} else {
-			result = fmt.Sprintf("[+] FCGI:%v:%v \n%v", info.Host, info.Ports, output)
+			result = fmt.Sprintf("[+] FCGI %v:%v \n%v", info.Host, info.Ports, output)
 		}
 		common.LogSuccess(result)
 	}
@@ -191,38 +191,38 @@ func New(addr string, timeout int64) (fcgi *FCGIClient, err error) {
 	return
 }
 
-func (c *FCGIClient) writeRecord(recType uint8, reqId uint16, content []byte) (err error) {
-	c.mutex.Lock()
-	defer c.mutex.Unlock()
-	c.buf.Reset()
-	c.h.init(recType, reqId, len(content))
-	if err := binary.Write(&c.buf, binary.BigEndian, c.h); err != nil {
+func (this *FCGIClient) writeRecord(recType uint8, reqId uint16, content []byte) (err error) {
+	this.mutex.Lock()
+	defer this.mutex.Unlock()
+	this.buf.Reset()
+	this.h.init(recType, reqId, len(content))
+	if err := binary.Write(&this.buf, binary.BigEndian, this.h); err != nil {
 		return err
 	}
-	if _, err := c.buf.Write(content); err != nil {
+	if _, err := this.buf.Write(content); err != nil {
 		return err
 	}
-	if _, err := c.buf.Write(pad[:c.h.PaddingLength]); err != nil {
+	if _, err := this.buf.Write(pad[:this.h.PaddingLength]); err != nil {
 		return err
 	}
-	_, err = c.rwc.Write(c.buf.Bytes())
+	_, err = this.rwc.Write(this.buf.Bytes())
 	return err
 }
 
-func (c *FCGIClient) writeBeginRequest(reqId uint16, role uint16, flags uint8) error {
+func (this *FCGIClient) writeBeginRequest(reqId uint16, role uint16, flags uint8) error {
 	b := [8]byte{byte(role >> 8), byte(role), flags}
-	return c.writeRecord(FCGI_BEGIN_REQUEST, reqId, b[:])
+	return this.writeRecord(FCGI_BEGIN_REQUEST, reqId, b[:])
 }
 
-func (c *FCGIClient) writeEndRequest(reqId uint16, appStatus int, protocolStatus uint8) error {
+func (this *FCGIClient) writeEndRequest(reqId uint16, appStatus int, protocolStatus uint8) error {
 	b := make([]byte, 8)
 	binary.BigEndian.PutUint32(b, uint32(appStatus))
 	b[4] = protocolStatus
-	return c.writeRecord(FCGI_END_REQUEST, reqId, b)
+	return this.writeRecord(FCGI_END_REQUEST, reqId, b)
 }
 
-func (c *FCGIClient) writePairs(recType uint8, reqId uint16, pairs map[string]string) error {
-	w := newWriter(c, recType, reqId)
+func (this *FCGIClient) writePairs(recType uint8, reqId uint16, pairs map[string]string) error {
+	w := newWriter(this, recType, reqId)
 	b := make([]byte, 8)
 	for k, v := range pairs {
 		n := encodeSize(b, uint32(len(k)))
@@ -241,6 +241,29 @@ func (c *FCGIClient) writePairs(recType uint8, reqId uint16, pairs map[string]st
 	return nil
 }
 
+func readSize(s []byte) (uint32, int) {
+	if len(s) == 0 {
+		return 0, 0
+	}
+	size, n := uint32(s[0]), 1
+	if size&(1<<7) != 0 {
+		if len(s) < 4 {
+			return 0, 0
+		}
+		n = 4
+		size = binary.BigEndian.Uint32(s)
+		size &^= 1 << 31
+	}
+	return size, n
+}
+
+func readString(s []byte, size uint32) string {
+	if size > uint32(len(s)) {
+		return ""
+	}
+	return string(s[:size])
+}
+
 func encodeSize(b []byte, size uint32) int {
 	if size > 127 {
 		size |= 1 << 31
@@ -301,21 +324,21 @@ func (w *streamWriter) Close() error {
 	return w.c.writeRecord(w.recType, w.reqId, nil)
 }
 
-func (c *FCGIClient) Request(env map[string]string, reqStr string) (retout []byte, reterr []byte, err error) {
+func (this *FCGIClient) Request(env map[string]string, reqStr string) (retout []byte, reterr []byte, err error) {
 
 	var reqId uint16 = 1
-	defer c.rwc.Close()
+	defer this.rwc.Close()
 
-	err = c.writeBeginRequest(reqId, uint16(FCGI_RESPONDER), 0)
+	err = this.writeBeginRequest(reqId, uint16(FCGI_RESPONDER), 0)
 	if err != nil {
 		return
 	}
-	err = c.writePairs(FCGI_PARAMS, reqId, env)
+	err = this.writePairs(FCGI_PARAMS, reqId, env)
 	if err != nil {
 		return
 	}
 	if len(reqStr) > 0 {
-		err = c.writeRecord(FCGI_STDIN, reqId, []byte(reqStr))
+		err = this.writeRecord(FCGI_STDIN, reqId, []byte(reqStr))
 		if err != nil {
 			return
 		}
@@ -325,27 +348,25 @@ func (c *FCGIClient) Request(env map[string]string, reqStr string) (retout []byt
 	var err1 error
 
 	// recive untill EOF or FCGI_END_REQUEST
-OUTER:
 	for {
-		err1 = rec.read(c.rwc)
+		err1 = rec.read(this.rwc)
 		if err1 != nil {
 			if err1 != io.EOF {
 				err = err1
 			}
-
 			break
 		}
-
-		switch rec.h.Type {
-		case FCGI_STDOUT:
+		switch {
+		case rec.h.Type == FCGI_STDOUT:
 			retout = append(retout, rec.content()...)
-		case FCGI_STDERR:
+		case rec.h.Type == FCGI_STDERR:
 			reterr = append(reterr, rec.content()...)
-		case FCGI_END_REQUEST:
+		case rec.h.Type == FCGI_END_REQUEST:
 			fallthrough
 		default:
-			break OUTER
+			break
 		}
 	}
+
 	return
 }
diff --git a/Plugins/findnet.go b/Plugins/findnet.go
@@ -24,11 +24,7 @@ func Findnet(info *common.HostInfo) error {
 func FindnetScan(info *common.HostInfo) error {
 	realhost := fmt.Sprintf("%s:%v", info.Host, 135)
 	conn, err := common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
+	defer conn.Close()
 	if err != nil {
 		return err
 	}
@@ -109,7 +105,7 @@ func read(text []byte, host string) error {
 
 	hostnames := strings.Replace(encodedStr, "0700", "", -1)
 	hostname := strings.Split(hostnames, "000000")
-	result := "[*] NetInfo:\n[*]" + host
+	result := "[*] NetInfo \n[*]" + host
 	if name != "" {
 		result += "\n   [->]" + name
 	}

diff --git a/Plugins/icmp.go b/Plugins/icmp.go
@@ -159,11 +159,7 @@ func RunIcmp2(hostslist []string, chanHosts chan string) {
 func icmpalive(host string) bool {
 	startTime := time.Now()
 	conn, err := net.DialTimeout("ip4:icmp", host, 6*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
+	defer conn.Close()
 	if err != nil {
 		return false
 	}

diff --git a/Plugins/mongodb.go b/Plugins/mongodb.go
@@ -52,11 +52,7 @@ func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
 		if err != nil {
 			return "", err
 		}
-		defer func() {
-			if conn != nil {
-				conn.Close()
-			}
-		}()
+		defer conn.Close()
 		err = conn.SetReadDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 		if err != nil {
 			return "", err
@@ -83,7 +79,7 @@ func MongodbUnauth(info *common.HostInfo) (flag bool, err error) {
 	}
 	if strings.Contains(reply, "totalLinesWritten") {
 		flag = true
-		result := fmt.Sprintf("[+] Mongodb:%v unauthorized", realhost)
+		result := fmt.Sprintf("[+] Mongodb %v unauthorized", realhost)
 		common.LogSuccess(result)
 	}
 	return flag, err

diff --git a/Plugins/ms17010.go b/Plugins/ms17010.go
@@ -39,11 +39,7 @@ func MS17010Scan(info *common.HostInfo) error {
 	ip := info.Host
 	// connecting to a host in LAN if reachable should be very quick
 	conn, err := common.WrapperTcpWithTimeout("tcp", ip+":445", time.Duration(common.Timeout)*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
+	defer conn.Close()
 	if err != nil {
 		//fmt.Printf("failed to connect to %s\n", ip)
 		return err
@@ -134,7 +130,7 @@ func MS17010Scan(info *common.HostInfo) error {
 		//fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
 		//if runtime.GOOS=="windows" {fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
 		//} else{fmt.Printf("\033[33m%s\tMS17-010\t(%s)\033[0m\n", ip, os)}
-		result := fmt.Sprintf("[+] %s\tMS17-010\t(%s)", ip, os)
+		result := fmt.Sprintf("[+] MS17-010 %s\t(%s)", ip, os)
 		common.LogSuccess(result)
 		defer func() {
 			if common.SC != "" {
@@ -156,12 +152,12 @@ func MS17010Scan(info *common.HostInfo) error {
 		}
 
 		if reply[34] == 0x51 {
-			result := fmt.Sprintf("[+] %s has DOUBLEPULSAR SMB IMPLANT", ip)
+			result := fmt.Sprintf("[+] MS17-010 %s has DOUBLEPULSAR SMB IMPLANT", ip)
 			common.LogSuccess(result)
 		}
 
 	} else {
-		result := fmt.Sprintf("[*] %s  (%s)", ip, os)
+		result := fmt.Sprintf("[*] OsInfo %s\t(%s)", ip, os)
 		common.LogSuccess(result)
 	}
 	return err

diff --git a/Plugins/mssql.go b/Plugins/mssql.go
@@ -48,7 +48,7 @@ func MssqlConn(info *common.HostInfo, user string, pass string) (flag bool, err
 		defer db.Close()
 		err = db.Ping()
 		if err == nil {
-			result := fmt.Sprintf("[+] mssql:%v:%v:%v %v", Host, Port, Username, Password)
+			result := fmt.Sprintf("[+] mssql %v:%v:%v %v", Host, Port, Username, Password)
 			common.LogSuccess(result)
 			flag = true
 		}

diff --git a/Plugins/mysql.go b/Plugins/mysql.go
@@ -48,7 +48,7 @@ func MysqlConn(info *common.HostInfo, user string, pass string) (flag bool, err
 		defer db.Close()
 		err = db.Ping()
 		if err == nil {
-			result := fmt.Sprintf("[+] mysql:%v:%v:%v %v", Host, Port, Username, Password)
+			result := fmt.Sprintf("[+] mysql %v:%v:%v %v", Host, Port, Username, Password)
 			common.LogSuccess(result)
 			flag = true
 		}

diff --git a/Plugins/oracle.go b/Plugins/oracle.go
@@ -48,7 +48,7 @@ func OracleConn(info *common.HostInfo, user string, pass string) (flag bool, err
 		defer db.Close()
 		err = db.Ping()
 		if err == nil {
-			result := fmt.Sprintf("[+] oracle:%v:%v:%v %v", Host, Port, Username, Password)
+			result := fmt.Sprintf("[+] oracle %v:%v:%v %v", Host, Port, Username, Password)
 			common.LogSuccess(result)
 			flag = true
 		}

diff --git a/Plugins/portscan.go b/Plugins/portscan.go
@@ -74,11 +74,7 @@ func PortScan(hostslist []string, ports string, timeout int64) []string {
 func PortConnect(addr Addr, respondingHosts chan<- string, adjustedTimeout int64, wg *sync.WaitGroup) {
 	host, port := addr.ip, addr.port
 	conn, err := common.WrapperTcpWithTimeout("tcp4", fmt.Sprintf("%s:%v", host, port), time.Duration(adjustedTimeout)*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
+	defer conn.Close()
 	if err == nil {
 		address := host + ":" + strconv.Itoa(port)
 		result := fmt.Sprintf("%s open", address)

diff --git a/Plugins/rdp.go b/Plugins/rdp.go
@@ -74,9 +74,9 @@ func worker(host, domain string, port int, wg *sync.WaitGroup, brlist chan Brute
 		if flag == true && err == nil {
 			var result string
 			if domain != "" {
-				result = fmt.Sprintf("[+] RDP:%v:%v:%v\\%v %v", host, port, domain, user, pass)
+				result = fmt.Sprintf("[+] RDP %v:%v:%v\\%v %v", host, port, domain, user, pass)
 			} else {
-				result = fmt.Sprintf("[+] RDP:%v:%v:%v %v", host, port, user, pass)
+				result = fmt.Sprintf("[+] RDP %v:%v:%v %v", host, port, user, pass)
 			}
 			common.LogSuccess(result)
 			*signal = true
@@ -127,11 +127,7 @@ func NewClient(host string, logLevel glog.LEVEL) *Client {
 
 func (g *Client) Login(domain, user, pwd string, timeout int64) error {
 	conn, err := common.WrapperTcpWithTimeout("tcp", g.Host, time.Duration(timeout)*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
+	defer conn.Close()
 	if err != nil {
 		return fmt.Errorf("[dial err] %v", err)
 	}
@@ -187,7 +183,7 @@ func (g *Client) Login(domain, user, pwd string, timeout int64) error {
 		glog.Info("on update:", rectangles)
 	})
 	g.pdu.On("done", func() {
-		if !breakFlag {
+		if breakFlag == false {
 			breakFlag = true
 			wg.Done()
 		}