add probe module

README.md

@@ -5,12 +5,6 @@ K8S的 ETCD扫描
 SQLCMD模块
 * [数据库利用工具](http://ryze-t.com/posts/2022/02/16/%E6%95%B0%E6%8D%AE%E5%BA%93%E8%BF%9E%E6%8E%A5%E5%88%A9%E7%94%A8%E5%B7%A5%E5%85%B7-Sylas.html]
 
-Crack模块输出：
-通用信息和Extra信息
-IP_ADDRESS:
-LOGIN_USER:
-LOGIN_PASS:
-
 
 
 

cli/cmd/crack.go

@@ -2,10 +2,12 @@ package cmd
 
 import (
 	"cube/core"
-	"cube/core/crackmodule/plugins"
+	"cube/core/crackmodule"
 	"cube/gologger"
 	"fmt"
+	"github.com/olekukonko/tablewriter"
 	"github.com/spf13/cobra"
+	"os"
 )
 
 var crackCli *cobra.Command
@@ -19,16 +21,16 @@ func runCrack(cmd *cobra.Command, args []string) {
 		}
 	}
 
-	plugins.StartCrack(opt, globalopts)
+	crackmodule.StartCrack(opt, globalopts)
 }
 
-func parseCrackOptions() (*core.GlobalOption, *plugins.CrackOption, error) {
+func parseCrackOptions() (*core.GlobalOption, *crackmodule.CrackOption, error) {
 	globalOpts, err := parseGlobalOptions()
 	if err != nil {
 		return nil, nil, err
 	}
 
-	crackOption := plugins.NewCrackOptions()
+	crackOption := crackmodule.NewCrackOptions()
 
 	crackOption.Ip, err = crackCli.Flags().GetString("service")
 	if err != nil {
@@ -69,14 +71,13 @@ func parseCrackOptions() (*core.GlobalOption, *plugins.CrackOption, error) {
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid value for scan plugin: %w", err)
 	}
-	gologger.Debugf("ip: %s, ipfile: %s, user: %s, uf:%s, pass:%s, pf:%s", crackOption.Ip, crackOption.IpFile, crackOption.User, crackOption.UserFile, crackOption.Pass, crackOption.PassFile)
 	return globalOpts, crackOption, nil
 }
 
 func init() {
 	crackCli = &cobra.Command{
 		Use:   "crack",
-		Long:  "Hello",
+		Long:  "Hello", //TODO
 		Short: "crack service password",
 		Run:   runCrack,
 		Example: `cube crack -u root -p root -i 192.168.1.1 -x ssh
@@ -104,3 +105,17 @@ cube crack -u root -pass-file pass.txt -i http://127.0.0.1:8080 -x phpmyadmin
 
 	rootCmd.AddCommand(crackCli)
 }
+
+func CrackHelpTable() {
+	flag := "N"
+	table := tablewriter.NewWriter(os.Stdout)
+	table.SetHeader([]string{"Func", "Port", "Load By ALL"})
+	for _, k := range crackmodule.CrackKeys {
+		if crackmodule.GetLoadStatus(k) {
+			flag = "Y"
+		}
+		table.Append([]string{k, crackmodule.GetPort(k), flag})
+		table.SetRowLine(true)
+	}
+	table.Render()
+}

cli/cmd/probe.go

@@ -0,0 +1,69 @@
+package cmd
+
+import (
+	"cube/core"
+	"cube/core/probemodule"
+	"cube/gologger"
+	"fmt"
+	"github.com/spf13/cobra"
+)
+
+var probeCli *cobra.Command
+
+func runProbe(cmd *cobra.Command, args []string) {
+	globalopts, opt, _ := parseProbeOptions()
+
+	probemodule.StartProbe(opt, globalopts)
+}
+
+func parseProbeOptions() (*core.GlobalOption, *probemodule.ProbeOption, error) {
+	globalOpts, err := parseGlobalOptions()
+	if err != nil {
+		return nil, nil, err
+	}
+	probeOption := probemodule.NewProbeOption()
+
+	probeOption.PluginName, err = probeCli.Flags().GetString("plugin")
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid value for plugin: %v", err)
+	}
+
+	probeOption.Port, err = probeCli.Flags().GetString("port")
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid value for scan port: %v", err)
+	}
+
+	probeOption.Ip, err = probeCli.Flags().GetString("service")
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid value for target-ip: %w", err)
+	}
+	probeOption.IpFile, err = probeCli.Flags().GetString("service-file")
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid value for target-file: %w", err)
+	}
+	return globalOpts, probeOption, nil
+}
+
+func init() {
+	probeCli = &cobra.Command{
+		Use:   "probe",
+		Long:  "long Desc", //TODO
+		Short: "probe pentest env",
+		Run:   runProbe,
+		Example: `cube probe -s 192.168.1.1 -x oxid
+cube probe -s 192.168.1.1 -x oxid,zookeeper,ms17010
+cube probe -s 192.168.1.1/24 -x X
+		`,
+	}
+
+	probeCli.Flags().StringP("port", "", "", "target port")
+	probeCli.Flags().StringP("plugin", "x", "", "plugin to scan(e.g. oxid,ms17010)")
+	probeCli.Flags().StringP("service", "s", "", "service ip(in the nmap format: 10.0.0.1, 10.0.0.5-10, 192.168.1.*, 192.168.10.0/24)")
+	probeCli.Flags().StringP("service-file", "S", "", "File to probe for(e.g. ip.txt)")
+
+	if err := crackCli.MarkFlagRequired("plugin"); err != nil {
+		gologger.Errorf("error on marking flag as required: %v", err)
+	}
+
+	rootCmd.AddCommand(probeCli)
+}

cli/cmd/root.go

@@ -51,7 +51,7 @@ func parseGlobalOptions() (*core.GlobalOption, error) {
 func init() {
 	rootCmd.PersistentFlags().IntP("threads", "n", 30, "Number of concurrent requests")
 	rootCmd.PersistentFlags().IntP("timeout", "", 5, "Seconds to wait before timeout connection")
-	rootCmd.PersistentFlags().Float64P("delay", "", 0, "Delay in random seconds between each TCP/UDP request")
+	rootCmd.PersistentFlags().Float64P("delay", "d", 0, "Delay in random seconds between each TCP/UDP request")
 	//rootCmd.PersistentFlags().StringP("output", "o", "", "Output file to write results to (defaults to stdout)")
 	rootCmd.PersistentFlags().BoolP("verbose", "v", false, "Verbose (Default error)")
 }

conf/config.go → config/config.go

@@ -1,4 +1,4 @@
-package conf
+package config
 
 import (
 	"sync"
@@ -7,13 +7,12 @@ import (
 
 const (
 	TcpConnTimeout = 5 * time.Second
-	ThreadTimeout  = 7 * time.Second
+	ThreadTimeout  = 14 * time.Second
 )
 
 var (
 	CommonPortMap map[string]int
-	//SuccessHash   map[string]bool
-	Mutex sync.Mutex
+	Mutex         sync.Mutex
 )
 
 var SuccessHash = struct {

core/crackmodule/check_port.go

@@ -0,0 +1,112 @@
+package crackmodule
+
+import (
+	"context"
+	"cube/config"
+	"cube/core"
+	"cube/gologger"
+	"fmt"
+	"net"
+	"sync"
+	"time"
+)
+
+type IpAddr struct {
+	Ip         string
+	Port       string
+	PluginName string
+}
+
+var (
+	mutex     sync.Mutex
+	AliveAddr []IpAddr
+	ipList    []IpAddr
+)
+
+func CheckPort(ctx context.Context, threadNum int, delay float64, ips []string, pluginNames []string, port string) []IpAddr {
+	//指定插件端口的时候，只允许加载一个插件
+	if len(port) > 0 {
+		for _, ip := range ips {
+			ipList = append(ipList, IpAddr{
+				Ip:         ip,
+				Port:       port,
+				PluginName: pluginNames[0],
+			})
+		}
+	} else {
+		for _, plugin := range pluginNames {
+			for _, ip := range ips {
+				ipList = append(ipList, IpAddr{
+					Ip:         ip,
+					Port:       GetPort(plugin),
+					PluginName: plugin,
+				})
+			}
+		}
+
+	}
+
+	var addrChan = make(chan IpAddr, threadNum*2)
+	var wg sync.WaitGroup
+	wg.Add(len(ipList))
+
+	for i := 0; i < threadNum; i++ {
+		go func() {
+			for {
+				select {
+				case <-ctx.Done():
+					return
+				case addr, ok := <-addrChan:
+					if !ok {
+						return
+					}
+					if GetTCP(addr.PluginName) {
+						//TCP的时候检查端口，UDP跳过
+						SaveAddr(check(addr))
+					}
+					wg.Done()
+					select {
+					case <-ctx.Done():
+					case <-time.After(time.Duration(core.RandomDelay(delay)) * time.Second):
+					}
+				}
+			}
+		}()
+	}
+
+	for _, addr := range ipList {
+		addrChan <- addr
+	}
+	close(addrChan)
+	wg.Wait()
+
+	return AliveAddr
+}
+
+func check(addr IpAddr) (bool, IpAddr) {
+	alive := false
+	gologger.Debugf("tcp port conn check: %s:%s", addr.Ip, addr.Port)
+	_, err := net.DialTimeout("tcp", fmt.Sprintf("%v:%v", addr.Ip, addr.Port), config.TcpConnTimeout)
+	if err == nil {
+		gologger.Infof("Open %s:%s", addr.Ip, addr.Port)
+		alive = true
+	}
+	return alive, addr
+}
+
+//func checkUDP(addr IpAddr) (bool, IpAddr) {
+//	//https://github.com/bronzdoc/gops
+//	//alive := true
+//	gologger.Debugf("skip udp port conn check: %s:%s", addr.Ip, addr.Port)
+//	time.Sleep(time.Millisecond * 10)
+//
+//	return true, addr
+//}
+
+func SaveAddr(alive bool, addr IpAddr) {
+	if alive {
+		mutex.Lock()
+		AliveAddr = append(AliveAddr, addr)
+		mutex.Unlock()
+	}
+}

core/crackmodule/plugins/crack_interface.go → core/crackmodule/crack_interface.go

@@ -1,4 +1,4 @@
-package plugins
+package crackmodule
 
 import (
 	"cube/gologger"
@@ -39,17 +39,6 @@ func AddCrackKeys(s string) {
 	CrackKeys = append(CrackKeys, s)
 }
 
-//type Result interface {
-//	ResultToString() (string, error)  //probe、crack、sqlcmd都实现获取结果的接口
-//}
-//
-
-//var ICrackMap map[string]ICrack
-//
-//func init() {
-//	ICrackMap = make(map[string]ICrack)
-//}
-
 func (c *Crack) NewICrack() ICrack {
 	switch c.Name {
 	case "ssh":
@@ -73,14 +62,10 @@ func GetPort(s string) string {
 	return ic.SetPort()
 }
 
-func GetLoadStatus(s string) string {
+func GetLoadStatus(s string) bool {
 	c := NewCrack(s)
 	ic := c.NewICrack()
-	if ic.IsLoad() == true {
-		return "Y"
-	} else {
-		return "N"
-	}
+	return ic.IsLoad()
 }
 
 func GetMutexStatus(s string) bool {
@@ -107,13 +92,25 @@ func getPluginAuthPass(s string) []string {
 	return ic.SetAuthPass()
 }
 
+func getPluginAuthCred(s string) bool {
+	//检查插件是否设置了默认的用户和密码
+	if len(getPluginAuthPass(s)) == 0 || len(getPluginAuthPass(s)) == 0 {
+		return false
+	}
+	return true
+}
+
 func GetPluginAuthMap(s string) map[string][]Auth {
 	auths := make([]Auth, 0)
 	authMaps := make(map[string][]Auth, 0)
+	credStatus := getPluginAuthCred(s)
+	if !credStatus {
+		gologger.Errorf("SetAuthUser() or SetAuthPass() is Empty for %s", s)
+	}
 	for _, user := range getPluginAuthUser(s) {
 		for _, pass := range getPluginAuthPass(s) {
-			gologger.Debugf("%s is preparing credentials: %s <=> %s", s, user, pass)
 			pass = strings.Replace(pass, "{user}", user, -1)
+			gologger.Debugf("%s is preparing default credentials: %s <=> %s", s, user, pass)
 			auths = append(auths, Auth{
 				User:     user,
 				Password: pass,