新增了对snmp服务弱口令的扫描

Author: netxfly

iplist.txt

@@ -1,3 +1,4 @@
 127.0.0.1:3306|mysql
 8.8.8.8:2222|ssh
 9.9.9.9:6379
+127.0.0.1:161

plugins/plugins.go

@@ -45,4 +45,5 @@ func init() {
 	ScanFuncMap["REDIS"] = ScanRedis
 	ScanFuncMap["ELASTICSEARCH"] = ScanElastic
 	ScanFuncMap["MONGODB"] = ScanMongodb
+	ScanFuncMap["SNMP"] = ScanSNMP
 }

plugins/snmp.go

@@ -0,0 +1,53 @@
+/*
+
+Copyright (c) 2018 sec.lu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+*/
+
+package plugins
+
+import (
+	"github.com/soniah/gosnmp"
+
+	"x-crack/models"
+	"x-crack/vars"
+)
+
+func ScanSNMP(s models.Service) (err error, result models.ScanResult) {
+	result.Service = s
+	result.Service.Username = "public"
+	result.Service.Password = "public"
+	gosnmp.Default.Target = s.Ip
+	gosnmp.Default.Port = uint16(s.Port)
+	gosnmp.Default.Community = result.Service.Password
+	gosnmp.Default.Timeout = vars.TimeOut
+
+	err = gosnmp.Default.Connect()
+	if err == nil {
+		oids := []string{"1.3.6.1.2.1.1.4.0", "1.3.6.1.2.1.1.7.0"}
+		_, err := gosnmp.Default.Get(oids)
+		if err == nil {
+			result.Result = true
+		}
+	}
+
+	return err, result
+}

plugins/snmp_test.go

@@ -0,0 +1,37 @@
+/*
+
+Copyright (c) 2018 sec.lu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEq
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+*/
+
+package plugins_test
+
+import (
+	"x-crack/models"
+	"x-crack/plugins"
+
+	"testing"
+)
+
+func TestScanSNMP(t *testing.T) {
+	s := models.Service{Ip: "127.0.0.1", Port: 161, Username: "public", Password: "123456", Protocol: "snmp"}
+	t.Log(plugins.ScanSNMP(s))
+}

util/task.go

@@ -65,12 +65,12 @@ func DistributionTask(tasks []models.Service) () {
 	vars.ProgressBar.SetTemplate(`{{ rndcolor "Scanning progress: " }} {{  percent . "[%.02f%%]" "[?]"| rndcolor}} {{ counters . "[%s/%s]" "[%s/?]" | rndcolor}} {{ bar . "「" "-" (rnd "ᗧ" "◔" "◕" "◷" ) "•" "」" | rndcolor }} {{rtime . | rndcolor}} `)
 
 	for i := 0; i < scanBatch; i++ {
-		curTasks := tasks[vars.ScanNum*i:vars.ScanNum*(i+1)]
+		curTasks := tasks[vars.ScanNum*i : vars.ScanNum*(i+1)]
 		ExecuteTask(curTasks)
 	}
 
 	if totalTask%vars.ScanNum > 0 {
-		lastTask := tasks[vars.ScanNum*scanBatch:totalTask]
+		lastTask := tasks[vars.ScanNum*scanBatch : totalTask]
 		ExecuteTask(lastTask)
 	}
 
@@ -91,7 +91,7 @@ func ExecuteTask(tasks []models.Service) () {
 		var k string
 		protocol := strings.ToUpper(task.Protocol)
 
-		if protocol == "REDIS" || protocol == "FTP" {
+		if protocol == "REDIS" || protocol == "FTP" || protocol == "SNMP" {
 			k = fmt.Sprintf("%v-%v-%v", task.Ip, task.Port, task.Protocol)
 		} else {
 			k = fmt.Sprintf("%v-%v-%v", task.Ip, task.Port, task.Username)

util/util.go

@@ -31,8 +31,8 @@ import (
 	"x-crack/logger"
 	"x-crack/vars"
 
-	"net"
 	"sync"
+	"net"
 	"fmt"
 )
 
@@ -67,10 +67,18 @@ func CheckAlive(ipList []models.IpAddr) ([]models.IpAddr) {
 
 func check(ipAddr models.IpAddr) (bool, models.IpAddr) {
 	alive := false
-	_, err := net.DialTimeout("tcp", fmt.Sprintf("%v:%v", ipAddr.Ip, ipAddr.Port), vars.TimeOut)
-	if err == nil {
-		alive = true
+	if vars.UdpProtocols[ipAddr.Protocol] {
+		_, err := net.DialTimeout("udp", fmt.Sprintf("%v:%v", ipAddr.Ip, ipAddr.Port), vars.TimeOut)
+		if err == nil {
+			alive = true
+		}
+	} else {
+		_, err := net.DialTimeout("tcp", fmt.Sprintf("%v:%v", ipAddr.Ip, ipAddr.Port), vars.TimeOut)
+		if err == nil {
+			alive = true
+		}
 	}
+
 	vars.ProcessBarActive.Increment()
 	return alive, ipAddr
 }

vars/vars.go

@@ -59,6 +59,7 @@ var (
 	PortNames = map[int]string{
 		21:    "FTP",
 		22:    "SSH",
+		161:   "SNMP",
 		445:   "SMB",
 		1433:  "MSSQL",
 		3306:  "MYSQL",
@@ -68,6 +69,10 @@ var (
 		27017: "MONGODB",
 	}
 
+	UdpProtocols = map[string]bool{
+		"SNMP": true,
+	}
+
 	// 标记特定服务的特定用户是否破解成功，成功的话不再尝试破解该用户
 	SuccessHash map[string]bool