add pop3 2022-08-02

hktalent · hktalent · commit 34a4f07c7ca5 · 2022-08-02T12:32:24.000+08:00
diff --git a/pkg/hydra/cracker.go b/pkg/hydra/cracker.go
@@ -8,6 +8,7 @@ import (
 	"github.com/hktalent/scan4all/pkg/hydra/mssql"
 	"github.com/hktalent/scan4all/pkg/hydra/mysql"
 	"github.com/hktalent/scan4all/pkg/hydra/oracle"
+	"github.com/hktalent/scan4all/pkg/hydra/pop3"
 	"github.com/hktalent/scan4all/pkg/hydra/postgresql"
 	"github.com/hktalent/scan4all/pkg/hydra/rdp"
 	"github.com/hktalent/scan4all/pkg/hydra/redis"
@@ -111,6 +112,15 @@ func mysqlCracker(i interface{}) interface{} {
 	return nil
 }
 
+func pop3Cracker(i interface{}) interface{} {
+	info := i.(AuthInfo)
+	info.Auth.MakePassword()
+	if ok := pop3.DoPop3(info.IPAddr, info.Auth.Username, info.Auth.Password); ok {
+		info.Status = true
+		return info
+	}
+	return nil
+}
 func mssqlCracker(i interface{}) interface{} {
 	info := i.(AuthInfo)
 	info.Auth.MakePassword()
diff --git a/pkg/hydra/doNmapResult.go b/pkg/hydra/doNmapResult.go
@@ -102,8 +102,9 @@ func DoParseXml(s string, bf *bytes.Buffer) {
 						}
 					}
 				}
-
-				if bCheckWeakPassword && "8728" == szPort && service == "unknown" {
+				if bCheckWeakPassword && "110" == szPort && service == "pop3" {
+					CheckWeakPassword(ip, service, port)
+				} else if bCheckWeakPassword && "8728" == szPort && service == "unknown" {
 					CheckWeakPassword(ip, "router", port)
 				} else if bCheckWeakPassword && ("5985" == szPort || "5986" == szPort) && -1 < strings.Index(service, "microsoft ") {
 					CheckWeakPassword(ip, "winrm", port)
diff --git a/pkg/hydra/hydra.go b/pkg/hydra/hydra.go
@@ -22,7 +22,7 @@ var (
 	CustomAuthMap  *AuthList
 	// rtsp://admin:admin@192.168.0.111:554/0x8b6c42
 	// rtsp: 554, 5554,8554
-	ProtocolList = strings.Split("rdp,ssh,rsh-spx,mysql,mssql,oracle,postgresql,redis,ftp,mongodb,mongod,smb,telnet,snmp,wap-wsp,router,winrm", ",")
+	ProtocolList = strings.Split("rdp,ssh,rsh-spx,mysql,mssql,oracle,postgresql,redis,ftp,mongodb,mongod,smb,telnet,snmp,wap-wsp,router,winrm,pop3", ",")
 )
 
 func NewCracker(info *AuthInfo, isAuthUpdate bool, threads int) *Cracker {
@@ -67,6 +67,8 @@ func (c *Cracker) Run() {
 		c.Pool.Function = rdpCracker(ip, port)
 	case "mysql":
 		c.Pool.Function = mysqlCracker
+	case "pop3":
+		c.Pool.Function = pop3Cracker
 	case "mssql":
 		c.Pool.Function = mssqlCracker
 	case "oracle":
diff --git a/pkg/hydra/loadDicts.go b/pkg/hydra/loadDicts.go
@@ -143,6 +143,7 @@ func init() {
 			Paswd:     util.GetVal4File("ssh_pswd", pswd),
 			DefaultUp: util.GetVal4Filedefault("ssh_default", ssh_default),
 		}
+		md["pop3"] = md["ssh"]
 		md["rsh-spx"] = md["ssh"]
 		md["snmp"] = &PPDict{
 			Username:  util.GetVal4File("snmp_user", snmp_user),

Original file line number	Diff line number	Diff line change
`@@ -102,8 +102,9 @@ func DoParseXml(s string, bf *bytes.Buffer) {`
`102`	`102`	`}`
`103`	`103`	`}`
`104`	`104`	`}`
`105`		`-`
`106`		`- if bCheckWeakPassword && "8728" == szPort && service == "unknown" {`
	`105`	`+ if bCheckWeakPassword && "110" == szPort && service == "pop3" {`
	`106`	`+ CheckWeakPassword(ip, service, port)`
	`107`	`+ } else if bCheckWeakPassword && "8728" == szPort && service == "unknown" {`
`107`	`108`	`CheckWeakPassword(ip, "router", port)`
`108`	`109`	`} else if bCheckWeakPassword && ("5985" == szPort \|\| "5986" == szPort) && -1 < strings.Index(service, "microsoft ") {`
`109`	`110`	`CheckWeakPassword(ip, "winrm", port)`
Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,7 @@ func init() {`
`143`	`143`	`Paswd: util.GetVal4File("ssh_pswd", pswd),`
`144`	`144`	`DefaultUp: util.GetVal4Filedefault("ssh_default", ssh_default),`
`145`	`145`	`}`
	`146`	`+ md["pop3"] = md["ssh"]`
`146`	`147`	`md["rsh-spx"] = md["ssh"]`
`147`	`148`	`md["snmp"] = &PPDict{`
`148`	`149`	`Username: util.GetVal4File("snmp_user", snmp_user),`