fix 优化，如果检测到系统有nmap，则优先使用nmap，否则继续使用老到流程走naabu流程，性能飞起来

Author: x51pwn

brute/filefuzz.go

@@ -149,6 +149,7 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
 			return path, technologies
 		}
 		ch <- struct{}{}
+		//log.Println(u, " ", payload)
 		go func(payload string) {
 			if url, req, err := reqPage(u + payload); err == nil {
 				// 403 by pass

config/doNmapScan.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+XRate=5000
+function doMasScan {
+    if [[ -f $1 ]] ; then
+        echo $PPSSWWDD|sudo -S nmap -F --top-ports=65535 -n --unique --resolve-all -Pn -sS --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m --version-intensity 9 --min-rate ${XRate} -T4  -iL $1 -oX $2
+    else
+        echo $PPSSWWDD|sudo -S nmap -F --top-ports=65535 -n --unique --resolve-all -Pn -sS --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m --version-intensity 9 --min-rate ${XRate} -T4  $1 -oX $2
+    fi
+}
+doMasScan $1 $2

main.go

@@ -3,7 +3,6 @@ package main
 import (
 	"embed"
 	"github.com/hktalent/scan4all/pkg"
-	"github.com/hktalent/scan4all/pkg/hydra"
 	naaburunner "github.com/hktalent/scan4all/pkg/naabu/v2/pkg/runner"
 	"github.com/projectdiscovery/gologger"
 	"io"
@@ -18,8 +17,11 @@ var config embed.FS
 func init() {
 	pkg.Init2(&config)
 }
-func main() {
 
+var Wg sync.WaitGroup
+
+func main() {
+	naaburunner.Wg = &Wg
 	defer func() {
 		pkg.Cache1.Close()
 		//if "true" == pkg.GetVal("autoRmCache") {
@@ -46,18 +48,9 @@ func main() {
 		gologger.Fatal().Msgf("Could not run enumeration: %s\n", err)
 	}
 	gologger.Info().Msg("Port scan over,web scan starting")
-	hvNmap := pkg.CheckHvNmap()
-	var wg sync.WaitGroup
-	if hvNmap {
-		// 弱密码检测
-		wg.Add(1)
-		go hydra.DoNmapRst(&wg)
-	}
 	err = naabuRunner.Httpxrun()
 	if err != nil {
 		gologger.Fatal().Msgf("naabuRunner.Httpxrun Could not run httpRunner: %s\n", err)
 	}
-	if hvNmap {
-		wg.Wait()
-	}
+	Wg.Wait()
 }

nuclei_Yaml/nuclei_yaml.go

@@ -70,6 +70,7 @@ func RunNuclei(buf bytes.Buffer, xx chan bool) {
 	nucleiRunner.Close()
 }
 func readConfig() {
+	pwd, _ := os.Getwd()
 	options.Targets = []string{}
 	options.TargetsFilePath = ""
 	options.Resume = ""
@@ -115,7 +116,7 @@ func readConfig() {
 	options.ReportingConfig = ""
 	// 启动es记录
 	if "true" == pkg.GetVal("enableEsSv") {
-		options.ReportingConfig = "./config/nuclei_esConfig.yaml"
+		options.ReportingConfig = pwd + "/config/nuclei_esConfig.yaml"
 	}
 	options.CustomHeaders = []string{}
 	options.Vars = goflags.RuntimeMap{}
@@ -235,7 +236,7 @@ func readConfig() {
 	options.Retries = 1
 	options.LeaveDefaultPorts = false
 	options.MaxHostError = 30
-	options.Project = true // 去重复，导致file missing
+	options.Project = false // 去重复，导致file missing
 	options.ProjectPath = os.TempDir()
 	options.StopAtFirstMatch = false
 	options.Stream = false
@@ -296,9 +297,8 @@ func readConfig() {
 	options.TemplatesDirectory = ""
 	// 嵌入式集成私人版本nuclei-templates 共3744个YAML POC
 	if "true" == pkg.GetVal("enablEmbedYaml") {
-		options.Templates = []string{"./config/nuclei-templates"}
+		options.Templates = []string{pwd + "/config/nuclei-templates"}
 		options.NoUpdateTemplates = true
-
 	} else {
 
 		options.NoUpdateTemplates = false

pkg/config.go

@@ -235,3 +235,19 @@ func Init2(config *embed.FS) {
 	Init()
 	log.Println("init config files is over .")
 }
+
+func RemoveDuplication_map(arr []string) []string {
+	set := make(map[string]struct{}, len(arr))
+	j := 0
+	for _, v := range arr {
+		_, ok := set[v]
+		if ok {
+			continue
+		}
+		set[v] = struct{}{}
+		arr[j] = v
+		j++
+	}
+
+	return arr[:j]
+}

pkg/hydra/defuault_mongodb_authlist.go

@@ -1,6 +1,8 @@
 package hydra
 
 import (
+	"bytes"
+	"fmt"
 	"github.com/antchfx/xmlquery"
 	"github.com/hktalent/scan4all/pkg"
 	"io/ioutil"
@@ -32,11 +34,11 @@ func GetAttr(att []xmlquery.Attr, name string) string {
 	return ""
 }
 
-func DoParseXml(s string, wg *sync.WaitGroup) {
+func DoParseXml(s string, wg *sync.WaitGroup, bf *bytes.Buffer) {
 	defer wg.Done()
 	doc, err := xmlquery.Parse(strings.NewReader(s))
 	if err != nil {
-		log.Println(err)
+		log.Println("DoParseXml： ", err)
 		return
 	}
 	var enableEsSv = pkg.GetVal("enableEsSv")
@@ -50,6 +52,7 @@ func DoParseXml(s string, wg *sync.WaitGroup) {
 				szPort := GetAttr(x.Attr, "portid")
 				port, _ := strconv.Atoi(szPort)
 				service := GetAttr(x.SelectElement("service").Attr, "name")
+				bf.Write([]byte(fmt.Sprintf("%s:%s\n", ip, szPort)))
 				wg.Add(1)
 				go CheckWeakPassword(ip, service, port, wg)
 				// 存储结果到其他地方
@@ -61,7 +64,7 @@ func DoParseXml(s string, wg *sync.WaitGroup) {
 					}
 					m1[ip] = append(xx09, []string{szPort, service})
 				}
-				//fmt.Printf("%s\t%d\t%s\n", ip, port, service)
+				fmt.Printf("%s\t%d\t%s\n", ip, port, service)
 			}
 		}
 	}
@@ -74,7 +77,7 @@ func DoParseXml(s string, wg *sync.WaitGroup) {
 	}
 }
 
-func DoNmapRst(wg *sync.WaitGroup) {
+func DoNmapRst(wg *sync.WaitGroup, bf *bytes.Buffer) {
 	defer wg.Done()
 	if x1, ok := pkg.TmpFile[pkg.Naabu]; ok {
 		for _, x := range x1 {
@@ -84,9 +87,11 @@ func DoNmapRst(wg *sync.WaitGroup) {
 			}(x)
 			b, err := ioutil.ReadFile(x.Name())
 			if nil == err && 0 < len(b) {
-				//log.Println("read config file ok: ", s)
+				//fmt.Println("read nmap xml file ok: ", len(b))
 				wg.Add(1)
-				DoParseXml(string(b), wg)
+				DoParseXml(string(b), wg, bf)
+			} else {
+				log.Println("ioutil.ReadFile(x.Name()): ", err)
 			}
 		}
 	} else {

pkg/hydra/doNmapResult.go

@@ -22,6 +22,7 @@ var (
 	ProtocolList   = []string{
 		"ssh", "rdp", "ftp", "smb", "telnet",
 		"mysql", "mssql", "oracle", "postgresql", "mongodb", "redis",
+		"rsh-spx",
 		//110:   "pop3",
 		//995:   "pop3",
 		//25:    "smtp",
@@ -90,6 +91,7 @@ func (c *Cracker) Run() {
 		c.Pool.Function = postgresqlCracker
 	case "ldap":
 
+	case "rsh-spx":
 	case "ssh":
 		c.Pool.Function = sshCracker
 	case "telnet":

pkg/hydra/hydra.go

@@ -124,6 +124,7 @@ func init() {
 		Paswd:     pkg.GetVal4File("ssh_pswd", ftp_pswd),
 		DefaultUp: pkg.GetVal4Filedefault("ssh_default", ftp_default),
 	}
+	md["rsh-spx"] = md["ssh"]
 	md["mongodb"] = PPDict{
 		Username:  pkg.GetVal4File("mongodb_username", mongodbusername),
 		Paswd:     pkg.GetVal4File("mongodb_pswd", mongodb_pswd),

pkg/hydra/loadDicts.go

@@ -40,7 +40,7 @@ func Start(IPAddr string, Port int, Protocol string, wg *sync.WaitGroup) {
 		if nil != &out && "" != out.Protocol && out.IPAddr != "" && "" != out.Auth.Username {
 			pkg.SendAData[AuthInfo](fmt.Sprintf("%s:%d", out.IPAddr, out.Port), []AuthInfo{out}, "hydra")
 			data, _ := json.Marshal(out)
-			log.Println("成功密码破解：", aurora.BrightRed(string(data)))
+			fmt.Println("成功密码破解：", aurora.BrightRed(string(data)))
 			log.Printf("\n[hydra]-> %v:%v[%v]暴力破解 Finish\n", IPAddr, Port, Protocol)
 		}
 	}

pkg/hydra/runner.go

@@ -103,8 +103,8 @@ func ParseOptions() *Options {
 	)
 
 	flagSet.CreateGroup("rate-limit", "Rate-limit",
-		flagSet.IntVar(&options.Threads, "c", 256, "general internal worker threads"),
-		flagSet.IntVar(&options.Rate, "rate", DefaultRateSynScan, "packets to send per second"),
+		flagSet.IntVar(&options.Threads, "c", 256*2, "general internal worker threads"),
+		flagSet.IntVar(&options.Rate, "rate", DefaultRateSynScan*2, "packets to send per second"),
 	)
 
 	flagSet.CreateGroup("output", "Output",
@@ -150,7 +150,7 @@ func ParseOptions() *Options {
 
 	flagSet.CreateGroup("optimization", "Optimization",
 		flagSet.IntVar(&options.Retries, "retries", DefaultRetriesSynScan, "number of retries for the port scan"),
-		flagSet.IntVar(&options.Timeout, "timeout", DefaultPortTimeoutSynScan, "millisecond to wait before timing out"),
+		flagSet.IntVar(&options.Timeout, "timeout", DefaultPortTimeoutSynScan/2, "millisecond to wait before timing out"),
 		flagSet.IntVar(&options.WarmUpTime, "warm-up-time", 2, "time in seconds between scan phases"),
 		flagSet.BoolVar(&options.Ping, "ping", false, "ping probes for verification of host"),
 		flagSet.BoolVar(&options.Verify, "verify", false, "validate the ports again with TCP verification"),
@@ -162,7 +162,7 @@ func ParseOptions() *Options {
 		flagSet.BoolVarP(&options.NoColor, "nc", "no-color", false, "disable colors in CLI output"),
 		flagSet.BoolVar(&options.Silent, "silent", false, "display only results in output"),
 		flagSet.BoolVar(&options.Version, "version", false, "display version of naabu"),
-		flagSet.BoolVar(&options.EnableProgressBar, "stats", false, "display stats of the running scan"),
+		flagSet.BoolVar(&options.EnableProgressBar, "stats", true, "display stats of the running scan"),
 		flagSet.IntVarP(&options.StatsInterval, "stats-interval", "si", DefautStatsInterval, "number of seconds to wait between showing a statistics update"),
 	)
 

pkg/naabu/v2/pkg/runner/options.go

@@ -66,7 +66,7 @@ func (r *Runner) Httpxrun() error {
 	httpxoptions.NoColor = r.options.NoColor
 	httpxoptions.Silent = r.options.Silent
 	httpxoptions.Version = r.options.Version
-	httpxoptions.RateLimit = r.options.Rate / 10
+	httpxoptions.RateLimit = r.options.Rate
 
 	httpxoptions.NoPOC = r.options.NoPOC
 	httpxoptions.CeyeApi = r.options.CeyeApi
@@ -312,7 +312,7 @@ func (r *Runner) RunEnumeration() error {
 			r.stats.AddCounter("errors", uint64(0))
 			r.stats.AddCounter("total", Range*uint64(r.options.Retries))
 			if err := r.stats.Start(makePrintCallback(), time.Duration(r.options.StatsInterval)*time.Second); err != nil {
-				gologger.Warning().Msgf("Couldn't start statistics: %s\n", err)
+				gologger.Warning().Msgf("Couldn't start statistics: %s", err)
 			}
 		}
 
@@ -693,7 +693,7 @@ func makePrintCallback() func(stats clistats.StatisticsClient) {
 		builder.WriteString(clistats.String(uint64(float64(packets) / float64(total) * 100.0)))
 		builder.WriteRune('%')
 		builder.WriteRune(')')
-		builder.WriteRune('\n')
+		builder.WriteString("         \r")
 
 		fmt.Fprintf(os.Stderr, "%s", builder.String())
 		builder.Reset()