完善nmap模块

2022-12-07 10:30:56 +08:00 · 2022-12-07 10:30:56 +08:00 · d2eb4f9745
parent d879fd7a1f
commit d2eb4f9745
6 changed files with 116 additions and 31 deletions
--- a/src/genmai/ArgParser/ParameterParser.go
+++ b/src/genmai/ArgParser/ParameterParser.go
@ -191,8 +191,8 @@ func SSHBurst (SSHBurst string,SSHBurstList []string){
    if SSHBurst =="true"{
        SSHHostCheck,list:=IPCheck(SSHBurstList[0])
        if SSHHostCheck!="true"{
-            fmt.Println("host格式报错",list)
-            log.Println("host格式报错")
+            fmt.Println("SSH模块 host格式报错",list)
+            log.Println("SSH模块 host格式报错")
        }else{
            poolNums,err:= strconv.Atoi(SSHBurstList[1])
            if err!=nil{
@ -206,4 +206,22 @@ func SSHBurst (SSHBurst string,SSHBurstList []string){
        }
    }
    return
+}
+//Nmap模块解析
+func NmapScan(Nmap string, NmapScanList []string){
+    Map:=make(map[int]string)
+    Map[0]="Nmap/nmapScan"
+    if Nmap=="true"{
+        if NmapScanList[1]=="all"{
+                Map[1]=" -H "+NmapScanList[0]+" -p "+"0-65000"
+                genmai.PythonParser(Map)
+
+        }else{
+
+            Map[1]=" -H "+NmapScanList[0]+" -p "+NmapScanList[1]
+            genmai.PythonParser(Map)
+    }
+    fmt.Println("Nmap模块结束...")
+}
+return
 }
--- a/src/genmai/PythonParser.go
+++ b/src/genmai/PythonParser.go
@ -7,16 +7,17 @@ import(
 	"os/exec"
 	"strings"
 )
-func PythonParser(PWDMap map[int]string){
+func PythonParser(Map map[int]string){
 	var cmdStr string
-	for i:=0;i<len(PWDMap);i++{
+	for i:=0;i<len(Map);i++{
 		if i==0{
-			cmdStr="python3 tools/"+PWDMap[0]+".py"
+			cmdStr="python3 tools/"+Map[0]+".py"
 			log.Println("tools文件名传入")
 		}else{
-			cmdStr=cmdStr+PWDMap[i]
+			cmdStr=cmdStr+Map[i]
 		}
-	}
+	}	
+	fmt.Println(cmdStr)
 	cmd := exec.Command("/bin/bash", "-c", cmdStr)
 	var stdout, stderr bytes.Buffer
 	cmd.Stdout = &stdout // 标准输出
--- a/src/main
+++ b/src/main
--- a/src/main.go
+++ b/src/main.go
@ -27,12 +27,14 @@ type Vul struct{
    RemoteAssessment string //远程检测,所需参数在RAVUL中
    WKPWD string //弱口令生成,所需参数在WKPWDVUL结构体中
    SSHBurst string //SSH爆破
+    Nmap string //Nmap模块,端口和IP放在RAVUL中
 }

 type RAVUL struct{
-    SSHHost string //主机IP
-    SSHUser string //用户名
-    SSHPassword string //密码
+    Host string //主机IP
+    User string //用户名
+    Password string //密码
+    Port string //端口
 }

 type WKPWDVUL struct{
@ -72,9 +74,11 @@ func main(){

    //远程模块参数
    RA := flag.Bool("RA", false, "使用远程检测，只能单独使用模块")
-    flag.StringVar(&RAV.SSHHost, "host", "false", "远程检测指定host")
-    flag.StringVar(&RAV.SSHUser, "user", "false", "远程检测指定用户")
-    flag.StringVar(&RAV.SSHPassword, "passwd", "false", "远程登录密码")
+    flag.StringVar(&RAV.Host, "host", "false", "IP")
+    flag.StringVar(&RAV.Port, "port", "all", "端口")
+    flag.StringVar(&RAV.User, "user", "false", "用户名")
+    flag.StringVar(&RAV.Password, "passwd", "false", "远程登录密码")
+    


    //弱密码生成模块
@ -86,7 +90,8 @@ func main(){
    // SSH爆破模块
    SSHB:= flag.Bool("SSHBurst", false, "使用SSH爆破")

-
+    // Nmap模块
+    NmapScan:= flag.Bool("Nmap",false,"使用Nmap模块进行扫描")
    
    //
    All := flag.Bool("all", false, "只扫描system,kernel的所有poc以及检测baselin模块，不可联合其他参数使用")
@ -99,7 +104,8 @@ func main(){
    //将插件模块的值存放到数组中
    PWDList :=[...]string{WKV.CompanyName,WKV.Name,WKV.Nums}
    poolNums:=strconv.Itoa(vul.ParserNum)
-    SSHBurstList :=[...]string{RAV.SSHHost,poolNums} 
+    SSHBurstList :=[...]string{RAV.Host,poolNums} 
+    NmapScanList :=[...]string{RAV.Host,RAV.Port}

    //初始化bool值
    sAll :=strconv.FormatBool(*All)
@ -108,10 +114,11 @@ func main(){
    vul.WKPWD=strconv.FormatBool(*WK)
    help:=strconv.FormatBool(*Help)
    vul.SSHBurst =strconv.FormatBool(*SSHB)
+    vul.Nmap = strconv.FormatBool(*NmapScan)

    //是否开启远程检测
    if vul.RemoteAssessment=="true"{
-        checkResult:=ArgParser.RemoteArgParser(RAV.SSHHost,RAV.SSHUser,RAV.SSHPassword)
+        checkResult:=ArgParser.RemoteArgParser(RAV.Host,RAV.User,RAV.Password)
        checkResult=strings.TrimSpace(checkResult)
        if checkResult=="true"{
            fmt.Println("不允许登录root/administrator用户进行验证")
@ -123,6 +130,7 @@ func main(){
    }else{
        ArgParser.WKPWD(vul.WKPWD,PWDList[:])
        ArgParser.SSHBurst(vul.SSHBurst,SSHBurstList[:])
+        ArgParser.NmapScan(vul.Nmap, NmapScanList[:])
        return
        ArgParser.ParameterParser(vul.System,vul.Kernel,vul.Web,vul.BaseLine,sAll,vul.PoolStatNum,vul.ParserNum,vul.Update,vul.IP,help)
    }
--- a/src/tools/Nmap/nmapScan.py
+++ b/src/tools/Nmap/nmapScan.py
@ -1,20 +1,62 @@
 import nmap
 import optparse
- 
+from datetime import datetime
+
 def nmapScan(tgtHost,tgtPort):
-    nmScan = nmap.PortScanner()
-    nmReuslt=nmScan.scan(tgtHost,tgtPort)
-    protocols=nmScan[tgtHost].all_protocols() #返回协议
-    # print("[*] "+"IP "+"protocols "+"port "+"state ")
-    for i in range(len(protocols)):
-        port=list(nmScan[tgtHost][protocols[i]].keys()) #只返还端口
-        for j in range(len(port)):
-            state=nmScan[tgtHost][protocols[i]][port[j]]['state']
-            name=nmScan[tgtHost][protocols[i]][port[j]]['name']
-            product=nmScan[tgtHost][protocols[i]][port[j]]['product']
-            version=nmScan[tgtHost][protocols[i]][port[j]]['version']
-            print ("[*] " + tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version)
+    f = open('../data/dic/Nmap.txt', 'a')
+    vul=tgtHost.find('-')
+    if vul==-1:
+        nmScan = nmap.PortScanner()
+        nmReuslt=nmScan.scan(tgtHost,tgtPort)
+        l=nmReuslt
+        if len(list(l.get('scan')))!=0:
+            protocols=nmScan[tgtHost].all_protocols() #返回协议
+            for i in range(len(protocols)):
+                port=list(nmScan[tgtHost][protocols[i]].keys()) #只返还端口
+                for j in range(len(port)):
+                    state=nmScan[tgtHost][protocols[i]][port[j]]['state']
+                    name=nmScan[tgtHost][protocols[i]][port[j]]['name']
+                    product=nmScan[tgtHost][protocols[i]][port[j]]['product']
+                    version=nmScan[tgtHost][protocols[i]][port[j]]['version']
+                    now_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+                    if state=="open":
+                        f.write("[*"+now_time+"] " + tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version+ "\n")
+                        print ("[*"+now_time+"] "+ tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version)
+    else:
+        hostlen=len(tgtHost)
+        s=""
+        sh=tgtHost
+        sh=sh.rsplit('.', 1)[0]
+        for v in tgtHost[0:vul]:
+            s=s+v
+            if v==".":
+                s=""
+        s=int(s)
+        ss=int(tgtHost[vul+1:hostlen])
+        vuls=ss-s
+        for a in range(0,vuls+1):
+            s1=s+a
+            sh1=sh
+            sh1=sh1+"."+str(s1)
+            tgtHost=sh1
+            nmScan = nmap.PortScanner()
+            nmReuslt=nmScan.scan(tgtHost,tgtPort)
+            l=nmReuslt
+            if len(list(l.get('scan')))!=0:
+                protocols=nmScan[tgtHost].all_protocols() #返回协议
+                for i in range(len(protocols)):
+                    port=list(nmScan[tgtHost][protocols[i]].keys()) #只返还端口
+                    for j in range(len(port)):
+                        state=nmScan[tgtHost][protocols[i]][port[j]]['state']
+                        name=nmScan[tgtHost][protocols[i]][port[j]]['name']
+                        product=nmScan[tgtHost][protocols[i]][port[j]]['product']
+                        version=nmScan[tgtHost][protocols[i]][port[j]]['version']
+                        now_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+                        if state=="open":
+                            f.write("[*"+now_time+"] " + tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version+ "\n")
+                            print ("[*"+now_time+"] "+ tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version)
    # print(nmReuslt)
+    f.close()
 def main():
    parser = optparse.OptionParser('usage %prog '+\
                                   '-H <target host> -p <target port>')
--- a/src/tools/SSHExplosion/SSHCoprogram.go
+++ b/src/tools/SSHExplosion/SSHCoprogram.go
@ -3,6 +3,7 @@ import (
 	"fmt"
 	"sync"
 	"log"
+	"os"
 )

 // Pool goroutine Pool
@ -75,14 +76,28 @@ func SSHCoprogram(vul map[string]interface{}){
 func runTask(tasks []Task, threads int) {
 	var wg sync.WaitGroup
 	taskCh := make(chan Task, threads*2)
+	log.Println("开始爆破...")
 	for i := 0; i < threads; i++ {
 	   go func() {
 		  for task := range taskCh {
 			 success, _ := SshConnect(task.ip, task.user, task.password)
 			 if success {
-				fmt.Printf("破解%v成功,用户名是%v,密码是%v\n", task.ip, task.user, task.password)
+				// fmt.Printf("破解%v成功,用户名是%v,密码是%v\n", task.ip, task.user, task.password)
+				file, err := os.OpenFile(`../data/log/sshLog`, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
+				if err != nil {
+					panic(err)
+				}
+				defer file.Close()
+				file.WriteString("破解成功: ")
+				file.WriteString(task.ip)
+				file.WriteString(" ")
+				file.WriteString(task.user)
+				file.WriteString(" ")
+				file.WriteString(task.password)
+				file.WriteString("\n")
+
 			 }else{
-				log.Printf("破解%v失败,用户名是%v,密码是%v\n",task.ip, task.user, task.password)
+				fmt.Printf("破解%v失败,用户名是%v,密码是%v\n",task.ip, task.user, task.password)
 			 }
 			 wg.Done()
 		  }
@ -94,6 +109,7 @@ func runTask(tasks []Task, threads int) {
 	}
 	wg.Wait()
 	close(taskCh)
+	log.Println("爆破结束")
 }