openkylin
/
genmai
mirror of https://gitee.com/openkylin/genmai.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

完善nmap模块

This commit is contained in:
song 2022-12-07 10:30:56 +08:00
parent d879fd7a1f
commit d2eb4f9745
6 changed files with 116 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/genmai/ArgParser/ParameterParser.go
View File

@ -191,8 +191,8 @@ func SSHBurst (SSHBurst string,SSHBurstList []string){
if SSHBurst =="true"{ if SSHBurst =="true"{
SSHHostCheck,list:=IPCheck(SSHBurstList[0]) SSHHostCheck,list:=IPCheck(SSHBurstList[0])
if SSHHostCheck!="true"{ if SSHHostCheck!="true"{
fmt.Println("host格式报错",list) fmt.Println("SSH模块 host格式报错",list)
log.Println("host格式报错") log.Println("SSH模块 host格式报错")
}else{ }else{
poolNums,err:= strconv.Atoi(SSHBurstList[1]) poolNums,err:= strconv.Atoi(SSHBurstList[1])
if err!=nil{ if err!=nil{
@ -206,4 +206,22 @@ func SSHBurst (SSHBurst string,SSHBurstList []string){
} }
} }
return return
}
//Nmap模块解析
func NmapScan(Nmap string, NmapScanList []string){
Map:=make(map[int]string)
Map[0]="Nmap/nmapScan"
if Nmap=="true"{
if NmapScanList[1]=="all"{
Map[1]=" -H "+NmapScanList[0]+" -p "+"0-65000"
genmai.PythonParser(Map)
}else{
Map[1]=" -H "+NmapScanList[0]+" -p "+NmapScanList[1]
genmai.PythonParser(Map)
}
fmt.Println("Nmap模块结束...")
}
return
} }

11
src/genmai/PythonParser.go
View File

@ -7,16 +7,17 @@ import(
"os/exec" "os/exec"
"strings" "strings"
) )
func PythonParser(PWDMap map[int]string){ func PythonParser(Map map[int]string){
var cmdStr string var cmdStr string
for i:=0;i<len(PWDMap);i++{ for i:=0;i<len(Map);i++{
if i==0{ if i==0{
cmdStr="python3 tools/"+PWDMap[0]+".py" cmdStr="python3 tools/"+Map[0]+".py"
log.Println("tools文件名传入") log.Println("tools文件名传入")
}else{ }else{
cmdStr=cmdStr+PWDMap[i] cmdStr=cmdStr+Map[i]
} }
} }
fmt.Println(cmdStr)
cmd := exec.Command("/bin/bash", "-c", cmdStr) cmd := exec.Command("/bin/bash", "-c", cmdStr)
var stdout, stderr bytes.Buffer var stdout, stderr bytes.Buffer
cmd.Stdout = &stdout // 标准输出 cmd.Stdout = &stdout // 标准输出

BIN
src/main
View File

Binary file not shown.

26
src/main.go
View File

@ -27,12 +27,14 @@ type Vul struct{
RemoteAssessment string //远程检测,所需参数在RAVUL中 RemoteAssessment string //远程检测,所需参数在RAVUL中
WKPWD string //弱口令生成,所需参数在WKPWDVUL结构体中 WKPWD string //弱口令生成,所需参数在WKPWDVUL结构体中
SSHBurst string //SSH爆破 SSHBurst string //SSH爆破
Nmap string //Nmap模块,端口和IP放在RAVUL中
} }
type RAVUL struct{ type RAVUL struct{
SSHHost string //主机IP Host string //主机IP
SSHUser string //用户名 User string //用户名
SSHPassword string //密码 Password string //密码
Port string //端口
} }
type WKPWDVUL struct{ type WKPWDVUL struct{
@ -72,9 +74,11 @@ func main(){
//远程模块参数 //远程模块参数
RA := flag.Bool("RA", false, "使用远程检测,只能单独使用模块") RA := flag.Bool("RA", false, "使用远程检测,只能单独使用模块")
flag.StringVar(&RAV.SSHHost, "host", "false", "远程检测指定host") flag.StringVar(&RAV.Host, "host", "false", "IP")
flag.StringVar(&RAV.SSHUser, "user", "false", "远程检测指定用户") flag.StringVar(&RAV.Port, "port", "all", "端口")
flag.StringVar(&RAV.SSHPassword, "passwd", "false", "远程登录密码") flag.StringVar(&RAV.User, "user", "false", "用户名")
flag.StringVar(&RAV.Password, "passwd", "false", "远程登录密码")
//弱密码生成模块 //弱密码生成模块
@ -86,7 +90,8 @@ func main(){
// SSH爆破模块 // SSH爆破模块
SSHB:= flag.Bool("SSHBurst", false, "使用SSH爆破") SSHB:= flag.Bool("SSHBurst", false, "使用SSH爆破")
// Nmap模块
NmapScan:= flag.Bool("Nmap",false,"使用Nmap模块进行扫描")
// //
All := flag.Bool("all", false, "只扫描system,kernel的所有poc以及检测baselin模块不可联合其他参数使用") All := flag.Bool("all", false, "只扫描system,kernel的所有poc以及检测baselin模块不可联合其他参数使用")
@ -99,7 +104,8 @@ func main(){
//将插件模块的值存放到数组中 //将插件模块的值存放到数组中
PWDList :=[...]string{WKV.CompanyName,WKV.Name,WKV.Nums} PWDList :=[...]string{WKV.CompanyName,WKV.Name,WKV.Nums}
poolNums:=strconv.Itoa(vul.ParserNum) poolNums:=strconv.Itoa(vul.ParserNum)
SSHBurstList :=[...]string{RAV.SSHHost,poolNums} SSHBurstList :=[...]string{RAV.Host,poolNums}
NmapScanList :=[...]string{RAV.Host,RAV.Port}
//初始化bool值 //初始化bool值
sAll :=strconv.FormatBool(*All) sAll :=strconv.FormatBool(*All)
@ -108,10 +114,11 @@ func main(){
vul.WKPWD=strconv.FormatBool(*WK) vul.WKPWD=strconv.FormatBool(*WK)
help:=strconv.FormatBool(*Help) help:=strconv.FormatBool(*Help)
vul.SSHBurst =strconv.FormatBool(*SSHB) vul.SSHBurst =strconv.FormatBool(*SSHB)
vul.Nmap = strconv.FormatBool(*NmapScan)
//是否开启远程检测 //是否开启远程检测
if vul.RemoteAssessment=="true"{ if vul.RemoteAssessment=="true"{
checkResult:=ArgParser.RemoteArgParser(RAV.SSHHost,RAV.SSHUser,RAV.SSHPassword) checkResult:=ArgParser.RemoteArgParser(RAV.Host,RAV.User,RAV.Password)
checkResult=strings.TrimSpace(checkResult) checkResult=strings.TrimSpace(checkResult)
if checkResult=="true"{ if checkResult=="true"{
fmt.Println("不允许登录root/administrator用户进行验证") fmt.Println("不允许登录root/administrator用户进行验证")
@ -123,6 +130,7 @@ func main(){
}else{ }else{
ArgParser.WKPWD(vul.WKPWD,PWDList[:]) ArgParser.WKPWD(vul.WKPWD,PWDList[:])
ArgParser.SSHBurst(vul.SSHBurst,SSHBurstList[:]) ArgParser.SSHBurst(vul.SSHBurst,SSHBurstList[:])
ArgParser.NmapScan(vul.Nmap, NmapScanList[:])
return return
ArgParser.ParameterParser(vul.System,vul.Kernel,vul.Web,vul.BaseLine,sAll,vul.PoolStatNum,vul.ParserNum,vul.Update,vul.IP,help) ArgParser.ParameterParser(vul.System,vul.Kernel,vul.Web,vul.BaseLine,sAll,vul.PoolStatNum,vul.ParserNum,vul.Update,vul.IP,help)
} }

68
src/tools/Nmap/nmapScan.py
View File

@ -1,20 +1,62 @@
import nmap import nmap
import optparse import optparse
from datetime import datetime
def nmapScan(tgtHost,tgtPort): def nmapScan(tgtHost,tgtPort):
nmScan = nmap.PortScanner() f = open('../data/dic/Nmap.txt', 'a')
nmReuslt=nmScan.scan(tgtHost,tgtPort) vul=tgtHost.find('-')
protocols=nmScan[tgtHost].all_protocols() #返回协议 if vul==-1:
# print("[*] "+"IP "+"protocols "+"port "+"state ") nmScan = nmap.PortScanner()
for i in range(len(protocols)): nmReuslt=nmScan.scan(tgtHost,tgtPort)
port=list(nmScan[tgtHost][protocols[i]].keys()) #只返还端口 l=nmReuslt
for j in range(len(port)): if len(list(l.get('scan')))!=0:
state=nmScan[tgtHost][protocols[i]][port[j]]['state'] protocols=nmScan[tgtHost].all_protocols() #返回协议
name=nmScan[tgtHost][protocols[i]][port[j]]['name'] for i in range(len(protocols)):
product=nmScan[tgtHost][protocols[i]][port[j]]['product'] port=list(nmScan[tgtHost][protocols[i]].keys()) #只返还端口
version=nmScan[tgtHost][protocols[i]][port[j]]['version'] for j in range(len(port)):
print ("[*] " + tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version) state=nmScan[tgtHost][protocols[i]][port[j]]['state']
name=nmScan[tgtHost][protocols[i]][port[j]]['name']
product=nmScan[tgtHost][protocols[i]][port[j]]['product']
version=nmScan[tgtHost][protocols[i]][port[j]]['version']
now_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
if state=="open":
f.write("[*"+now_time+"] " + tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version+ "\n")
print ("[*"+now_time+"] "+ tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version)
else:
hostlen=len(tgtHost)
s=""
sh=tgtHost
sh=sh.rsplit('.', 1)[0]
for v in tgtHost[0:vul]:
s=s+v
if v==".":
s=""
s=int(s)
ss=int(tgtHost[vul+1:hostlen])
vuls=ss-s
for a in range(0,vuls+1):
s1=s+a
sh1=sh
sh1=sh1+"."+str(s1)
tgtHost=sh1
nmScan = nmap.PortScanner()
nmReuslt=nmScan.scan(tgtHost,tgtPort)
l=nmReuslt
if len(list(l.get('scan')))!=0:
protocols=nmScan[tgtHost].all_protocols() #返回协议
for i in range(len(protocols)):
port=list(nmScan[tgtHost][protocols[i]].keys()) #只返还端口
for j in range(len(port)):
state=nmScan[tgtHost][protocols[i]][port[j]]['state']
name=nmScan[tgtHost][protocols[i]][port[j]]['name']
product=nmScan[tgtHost][protocols[i]][port[j]]['product']
version=nmScan[tgtHost][protocols[i]][port[j]]['version']
now_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
if state=="open":
f.write("[*"+now_time+"] " + tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version+ "\n")
print ("[*"+now_time+"] "+ tgtHost + " "+protocols[i]+" "+str(port[j]) +" "+state+" "+name+" "+product+" "+version)
# print(nmReuslt) # print(nmReuslt)
f.close()
def main(): def main():
parser = optparse.OptionParser('usage %prog '+\ parser = optparse.OptionParser('usage %prog '+\
'-H <target host> -p <target port>') '-H <target host> -p <target port>')

20
src/tools/SSHExplosion/SSHCoprogram.go
View File

@ -3,6 +3,7 @@ import (
"fmt" "fmt"
"sync" "sync"
"log" "log"
"os"
) )
// Pool goroutine Pool // Pool goroutine Pool
@ -75,14 +76,28 @@ func SSHCoprogram(vul map[string]interface{}){
func runTask(tasks []Task, threads int) { func runTask(tasks []Task, threads int) {
var wg sync.WaitGroup var wg sync.WaitGroup
taskCh := make(chan Task, threads*2) taskCh := make(chan Task, threads*2)
log.Println("开始爆破...")
for i := 0; i < threads; i++ { for i := 0; i < threads; i++ {
go func() { go func() {
for task := range taskCh { for task := range taskCh {
success, _ := SshConnect(task.ip, task.user, task.password) success, _ := SshConnect(task.ip, task.user, task.password)
if success { if success {
fmt.Printf("破解%v成功,用户名是%v,密码是%v\n", task.ip, task.user, task.password) // fmt.Printf("破解%v成功,用户名是%v,密码是%v\n", task.ip, task.user, task.password)
file, err := os.OpenFile(`../data/log/sshLog`, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
panic(err)
}
defer file.Close()
file.WriteString("破解成功: ")
file.WriteString(task.ip)
file.WriteString(" ")
file.WriteString(task.user)
file.WriteString(" ")
file.WriteString(task.password)
file.WriteString("\n")
}else{ }else{
log.Printf("破解%v失败,用户名是%v,密码是%v\n",task.ip, task.user, task.password) fmt.Printf("破解%v失败,用户名是%v,密码是%v\n",task.ip, task.user, task.password)
} }
wg.Done() wg.Done()
} }
@ -94,6 +109,7 @@ func runTask(tasks []Task, threads int) {
} }
wg.Wait() wg.Wait()
close(taskCh) close(taskCh)
log.Println("爆破结束")
} }