From 9aba1c88a38d77c6473dbfc84752103389418c05 Mon Sep 17 00:00:00 2001 From: shadow1ng Date: Thu, 6 May 2021 11:44:38 +0800 Subject: [PATCH] =?UTF-8?q?=E5=88=A0=E9=99=A4elasticsearchScan,=E7=94=A8ym?= =?UTF-8?q?l=20poc=E4=BB=A3=E6=9B=BF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Plugins/base.go | 19 ++++++++--------- Plugins/elasticsearch.go | 45 ---------------------------------------- common/config.go | 13 ++++++------ 3 files changed, 15 insertions(+), 62 deletions(-) delete mode 100644 Plugins/elasticsearch.go diff --git a/Plugins/base.go b/Plugins/base.go index c2848e90..e44455d3 100644 --- a/Plugins/base.go +++ b/Plugins/base.go @@ -1,16 +1,15 @@ package Plugins var PluginList = map[string]interface{}{ - "21": FtpScan, - "22": SshScan, - "135": Findnet, - "139": NetBIOS, - "445": SmbScan, - "1433": MssqlScan, - "3306": MysqlScan, - "5432": PostgresScan, - "6379": RedisScan, - //"9200": elasticsearchScan, + "21": FtpScan, + "22": SshScan, + "135": Findnet, + "139": NetBIOS, + "445": SmbScan, + "1433": MssqlScan, + "3306": MysqlScan, + "5432": PostgresScan, + "6379": RedisScan, "11211": MemcachedScan, "27017": MongodbScan, "1000001": MS17010, diff --git a/Plugins/elasticsearch.go b/Plugins/elasticsearch.go deleted file mode 100644 index d688cf96..00000000 --- a/Plugins/elasticsearch.go +++ /dev/null @@ -1,45 +0,0 @@ -package Plugins - -import ( - "fmt" - "github.com/shadow1ng/fscan/WebScan/lib" - "github.com/shadow1ng/fscan/common" - "io/ioutil" - "net/http" - "strings" -) - -func elasticsearchScan(info *common.HostInfo) error { - _, err := geturl2(info) - return err -} - -func geturl2(info *common.HostInfo) (flag bool, err error) { - flag = false - url := fmt.Sprintf("%s:%v/_cat", info.Url, info.Ports) - res, err := http.NewRequest("GET", url, nil) - if err == nil { - res.Header.Add("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36") - res.Header.Add("Accept", "*/*") - res.Header.Add("Accept-Language", "zh-CN,zh;q=0.9") - res.Header.Add("Accept-Encoding", "gzip, deflate") - res.Header.Add("Connection", "close") - if common.Pocinfo.Cookie != "" { - res.Header.Set("Cookie", common.Pocinfo.Cookie) - } - resp, err := lib.Client.Do(res) - if err == nil { - defer resp.Body.Close() - body, _ := ioutil.ReadAll(resp.Body) - if strings.Contains(string(body), "/_cat/master") { - result := fmt.Sprintf("[+] Elastic:%s unauthorized", url) - common.LogSuccess(result) - flag = true - } - } else { - errlog := fmt.Sprintf("[-] Elastic:%s %v", url, err) - common.LogError(errlog) - } - } - return flag, err -} diff --git a/common/config.go b/common/config.go index fc776322..e5c266b4 100644 --- a/common/config.go +++ b/common/config.go @@ -25,13 +25,12 @@ var PORTList = map[string]int{ "ms17010": 1000001, "cve20200796": 1000002, "web": 1000003, - //"elastic": 9200, - "findnet": 135, - "netbios": 139, - "all": 0, - "portscan": 0, - "icmp": 0, - "main": 0, + "findnet": 135, + "netbios": 139, + "all": 0, + "portscan": 0, + "icmp": 0, + "main": 0, } var Outputfile = getpath() + "result.txt"