Changes

2026-02-13 07:15:22 +08:00 · 2022-01-08 14:17:00 +08:00
parent 4e48f972e4
commit daa53509da
2 changed files with 165 additions and 0 deletions
--- a/cmd/all.go
+++ b/cmd/all.go
@@ -0,0 +1,138 @@
+package cmd
+
+import (
+	"Yasso/config"
+	"fmt"
+	"github.com/spf13/cobra"
+	"sync"
+	"time"
+)
+
+/*
+	全体扫描模块
+	将逐步执行每个任务
+*/
+
+func printHeader() {
+
+}
+
+var allCmd = &cobra.Command{
+	Use:   "all",
+	Short: "Use all scanner module (.attention)\nSome service not support proxy,You might lose it [*]",
+	Run: func(cmd *cobra.Command, args []string) {
+		if Hosts == "" {
+			_ = cmd.Help()
+			return
+		}
+
+		allRun(Hosts, Ports, LogBool, Runtime, PingBool)
+		return
+	},
+}
+
+func init() {
+	allCmd.Flags().StringVarP(&Hosts, "host", "H", "", "Set `hosts`(The format is similar to Nmap) or ips.txt file path")
+	allCmd.Flags().StringVarP(&Ports, "ports", "P", "", "Set `ports`(The format is similar to Nmap)")
+	allCmd.Flags().BoolVar(&PingBool, "noping", true, "No use ping to scanner alive host")
+	allCmd.Flags().IntVar(&Runtime, "runtime", 100, "Set scanner ants pool thread")
+	allCmd.Flags().StringVar(&ProxyHost, "proxy", "", "Set socks5 proxy")
+	allCmd.Flags().DurationVar(&TimeDuration, "time", 1*time.Second, "Set timeout ")
+	rootCmd.AddCommand(allCmd)
+}
+
+func allRun(hostString string, portString string, log bool, runtime int, noping bool) {
+	// 先对程序进行ping扫描
+	// 解析hosts
+	var (
+		ips      []string
+		ports    []int
+		webports []int
+		alive    []string
+		wg       sync.WaitGroup
+	)
+	if hostString != "" {
+		ips, _ = ResolveIPS(hostString) // 解析ip并获取ip列表
+	}
+	if Ports != "" {
+		ports, _ = ResolvePORTS(portString)
+		webports, _ = ResolvePORTS(config.DisMapPorts)
+	} else {
+		ports, _ = ResolvePORTS(DefaultPorts)
+		webports, _ = ResolvePORTS(config.DisMapPorts)
+	}
+
+	if noping == true {
+		// 不执行ping操作
+		alive = ips
+	} else {
+		// 执行 ping 操作
+		fmt.Println("----- [Yasso] Start do ping scan -----")
+		alive = execute(ips)
+	}
+	// 做漏洞扫描
+	if len(alive) > 0 {
+		fmt.Println("----- [Yasso] Start do vuln scan -----")
+		VulScan(alive, false, true, false) // 做全扫描
+		if len(alive) != 0 {
+			fmt.Println("----- [Yasso] Start do port scan -----")
+		}
+		PortResults := PortScan(alive, ports)
+		// 获取我们的端口扫描结果，去遍历
+		if len(PortResults) != 0 {
+			fmt.Println("----- [Yasso] Start do crack service -----")
+			for _, v := range PortResults {
+				// 这里做漏洞扫描
+				wg.Add(1)
+				go func(v PortResult) {
+					defer wg.Done()
+					for _, p := range v.Port {
+						switch p {
+						case 21:
+							users, pass := ReadTextToDic("ftp", UserDic, PassDic)
+							burpTask(v.IP, "ftp", users, pass, p, 100, 1*time.Second, "", false)
+						case 22:
+							users, pass := ReadTextToDic("ssh", UserDic, PassDic)
+							burpTask(v.IP, "ssh", users, pass, p, 100, 1*time.Second, "", false)
+						case 3306:
+							users, pass := ReadTextToDic("mysql", UserDic, PassDic)
+							burpTask(v.IP, "mysql", users, pass, p, 100, 1*time.Second, "", false)
+						case 6379:
+							_, _, _ = RedisUnAuthConn(config.HostIn{Host: v.IP, Port: p, TimeOut: 1 * time.Second}, "test", "test")
+							users, pass := ReadTextToDic("redis", UserDic, PassDic)
+							burpTask(v.IP, "redis", users, pass, p, 100, 5*time.Second, "", false)
+						case 1433:
+							users, pass := ReadTextToDic("mssql", UserDic, PassDic)
+							burpTask(v.IP, "mssql", users, pass, p, 100, 1*time.Second, "", false)
+						case 5432:
+							users, pass := ReadTextToDic("postgres", UserDic, PassDic)
+							burpTask(v.IP, "postgres", users, pass, p, 100, 1*time.Second, "", false)
+						case 27017:
+							_, _ = MongoUnAuth(config.HostIn{Host: v.IP, Port: p, TimeOut: 1 * time.Second}, "test", "test")
+							users, pass := ReadTextToDic("mongodb", UserDic, PassDic)
+							burpTask(v.IP, "mongodb", users, pass, p, 100, 1*time.Second, "", false)
+						case 445:
+							users, pass := ReadTextToDic("smb", UserDic, PassDic)
+							burpTask(v.IP, "smb", users, pass, p, 100, 1*time.Second, "", false)
+						case 5985:
+							users, pass := ReadTextToDic("rdp", UserDic, PassDic) // winrm与本地rdp认证相同
+							burpTask(v.IP, "winrm", users, pass, p, 100, 1*time.Second, "", false)
+						case 11211:
+							//memcached 未授权
+							_, _ = MemcacheConn(config.HostIn{Host: v.IP, Port: p, TimeOut: 1 * time.Second})
+						case 2181:
+							//zookeeper 未授权
+							_, _ = ZookeeperConn(config.HostIn{Host: v.IP, Port: p, TimeOut: 1 * time.Second})
+						}
+					}
+				}(v)
+			}
+			wg.Wait()
+		}
+		// 做网卡扫描
+		fmt.Println("----- [Yasso] Start do Windows service scan -----")
+		winscan(alive, true)
+		fmt.Println("----- [Yasso] Start do web service scan -----")
+		DisMapScan(alive, webports)
+	}
+}
--- a/cmd/zookeeper.go
+++ b/cmd/zookeeper.go
@@ -0,0 +1,27 @@
+package cmd
+
+import (
+	"Yasso/config"
+	"bytes"
+	"fmt"
+)
+
+func ZookeeperConn(info config.HostIn) (bool, error) {
+	payload := []byte("envidddfdsfsafafaerwrwerqwe")
+	conn, err := GetConn(fmt.Sprintf("%s:%v", info.Host, info.Port), info.TimeOut)
+	if err != nil {
+		return false, err
+	}
+	_, err = conn.Write(payload)
+	if err == nil {
+		reply := make([]byte, 1024)
+		n, err := conn.Read(reply)
+		if err == nil {
+			if bytes.Contains(reply[:n], []byte("Environment")) {
+				Println(fmt.Sprintf("[+] zookeeper %s unauthorized", fmt.Sprintf("%v:%v", info.Host, info.Port)))
+				return true, nil
+			}
+		}
+	}
+	return false, err
+}