v1.5.0

wjlin0 · Dec 7, 2023 · aee2548 · aee2548
1 parent 0f52920
commit aee2548
Show file tree

Hide file tree

Showing 10 changed files with 231 additions and 144 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,14 @@
-FROM golang:1.20-alpine AS builder
-ENV CGO_ENABLED=0
-RUN  go install -v github.com/wjlin0/pathScan@latest
-FROM alpine:3.17.1
-COPY --from=builder /go/bin/pathScan /usr/local/bin/pathScan
-RUN apk add --no-cache libc6-pcap-dev \
-    && pathScan
+# Build
+FROM golang:1.21.0-alpine AS builder
+RUN apk add build-base libpcap-dev
+WORKDIR /app
+COPY . /app
+RUN go mod download
+RUN go build
+
+FROM alpine:3.18.3
+RUN apk add nmap libpcap-dev bind-tools ca-certificates nmap-scripts
+COPY --from=builder /app/pathScan /usr/local/bin/pathScan
+RUN pathScan
 
 ENTRYPOINT ["pathScan"]
diff --git a/README.md b/README.md
@@ -36,8 +36,8 @@ go install -v github.com/wjlin0/pathScan@latest
 下载准备运行的[二进制文件](https://github.com/wjlin0/pathScan/releases/latest)
 
 ```sh
-wget https://github.com/wjlin0/pathScan/releases/download/v1.4.9/pathScan_v1.4.9_windows_amd64.zip
-wget https://github.com/wjlin0/pathScan/releases/download/v1.4.9/pathScan_v1.4.9_linux_amd64.zip
+wget https://github.com/wjlin0/pathScan/releases/download/v1.5.0/pathScan_v1.5.0_windows_amd64.zip
+wget https://github.com/wjlin0/pathScan/releases/download/v1.5.0/pathScan_v1.5.0_linux_amd64.zip
 ```
 
 
@@ -49,12 +49,12 @@ wget https://github.com/wjlin0/pathScan/releases/download/v1.4.9/pathScan_v1.4.9
 pathScan -h
 ```
 ```text
-pathScan 1.4.9 Go 扫描、信息收集工具 
+pathScan 1.5.0 Go 扫描、信息收集工具 
 
 Usage:
   pathScan [flags]
 
-Flags:
+Flags:                                    
 输入:
    -u, -url string[]           目标(以逗号分割)
    -list string[]              从文件中,读取目标
@@ -111,13 +111,16 @@ Flags:
    -vb, -verbose       详细输出模式
    -v, -version        输出版本
 
-端口扫描(测试中):
-   -n, -naabu                  端口扫描
-   -port string                端口(80,443, 100-200)
-   -tp, -top-ports string      top端口(100,200,300)
-   -shd, -skip-host-discovery  跳过主机发现
-   -no, -naabu-output string   端口扫描结果保存 支持csv格式输出
-   -nr, -naabu-rate int        端口扫描速率 (default 1000)
+端口扫描:
+   -n, -naabu                       端口扫描
+   -port string                     端口(80,443, 100-200)
+   -tp, -top-ports string           top端口(100,200,300)
+   -ns, -naabu-scan-type string     端口扫描类型(SYN/CONNECT) (default "s")
+   -sn, -naabu-host-discovery       只允许主机发现
+   -Pn, -skip-host-discovery        跳过主机发现
+   -no, -naabu-output string        端口扫描结果保存 支持csv格式输出
+   -nsi, -naabu-source-ip string    端口扫描源IP
+   -nsp, -naabu-source-port string  端口扫描源端口
 
 工具:
    -clear                          清理历史任务
@@ -144,8 +147,9 @@ Flags:
    -b, -body string              自定义请求体
 
 速率:
-   -t, -thread int         线程 (default 50)
+   -t, -thread int         线程 (default 30)
    -rl, -rate-limit int    每秒允许的HTTP连接数 (default 150)
+   -nr, -naabu-rate int    端口扫描速率 (default 1000)
    -timeout int            超时时间 (default 10)
    -wt, -wait-timeout int  自定义任务结束前的等待,一般用于结束结束时间果断,导致无法发现更多目标 (default 3)
 
@@ -168,9 +172,15 @@ EXAMPLES:
 
 运行 pathScan 收集子域名 指定输出:
     $ pathScan -s -sq 'example.com' -csv -o out.csv
+
 运行 pathScan 端口扫描 并指定前1000个端口:
     $ pathScan -u example.com -n -csv -o out.csv -tp 1000
 
+运行 pathScan 收集子域名 并端口扫描:
+    $ pathScan -s -sq 'example.com' -n -port 80,443,8080 -csv -o out.csv
+
+其他文档可在以下网址获得: https://github.com/wjlin0/pathScan/
+
 其他文档可在以下网址获得: https://github.com/wjlin0/pathScan/
 
 ```

diff --git a/pkg/common/naabu/naabu.go b/pkg/common/naabu/naabu.go
@@ -5,27 +5,44 @@ import (
 	"strings"
 )
 
-func New(host []string, scanType string, ports string, topPorts string, retries int, rate int, threads int, proxy, proxyAuth string, resolvers []string, skipHostDiscovery bool, verbose bool, output string, csv bool, callback runner.OnResultCallback) *runner.Options {
-	options := runner.Options{
-		Host:              host,
-		ScanType:          scanType,
-		OnResult:          callback,
-		Ports:             ports,
-		TopPorts:          topPorts,
-		Retries:           retries,
-		Rate:              rate,
-		Threads:           threads,
-		Proxy:             proxy,
-		ProxyAuth:         proxyAuth,
-		Resolvers:         strings.Join(resolvers, ","),
-		SkipHostDiscovery: skipHostDiscovery,
-		Verbose:           verbose,
-		Output:            output,
-		CSV:               csv,
-		Silent:            true,
+func DefaultOptions() *runner.Options {
+	return &runner.Options{
+		Timeout:       1000,
+		MetricsPort:   63636,
+		WarmUpTime:    2,
+		StatsInterval: 5,
 	}
+}
+
+func New(host []string, sourceIp, sourcePort, scanType string, ports string, topPorts string, retries int, rate int, threads int, proxy, proxyAuth string, resolvers []string, onlyHostDiscovery, skipHostDiscovery bool, verbose bool, output string, csv bool, silent bool, callback runner.OnResultCallback) (*runner.Options, error) {
+	opt := DefaultOptions()
+
+	opt.Host = host
+	opt.ScanType = scanType
+	opt.OnResult = callback
+	opt.Ports = ports
+	opt.TopPorts = topPorts
+	opt.Retries = retries
+	opt.Rate = rate
+	opt.Threads = threads
+	opt.Proxy = proxy
+	opt.ProxyAuth = proxyAuth
+	opt.Resolvers = strings.Join(resolvers, ",")
+	opt.SkipHostDiscovery = skipHostDiscovery
+	opt.Verbose = verbose
+	opt.Output = output
+	opt.CSV = csv
+	opt.Silent = silent
+	opt.SourceIP = sourceIp
+	opt.SourcePort = sourcePort
+	opt.OnlyHostDiscovery = onlyHostDiscovery
 
-	return &options
+	opt.ConfigureHostDiscovery()
+
+	if err := opt.ValidateOptions(); err != nil {
+		return nil, err
+	}
+	return opt, nil
 }
 
 func Execute(opt *runner.Options) error {

diff --git a/pkg/runner/banner.go b/pkg/runner/banner.go
@@ -12,10 +12,10 @@ const (
                __   __    ____               
    ___  ___ _ / /_ / /   / __/____ ___ _ ___ 
   / _ \/ _  // __// _ \ _\ \ / __// _  // _ \
- / .__/\_,_/ \__//_//_//___/ \__/ \_,_//_//_/  v1.4.9
+ / .__/\_,_/ \__//_//_//___/ \__/ \_,_//_//_/  v1.5.0
 /_/
 `
-	Version               = `1.4.9`
+	Version               = `1.5.0`
 	defaultResumeFileName = `resume.cfg`
 	userName              = "wjlin0"
 	repoName              = "pathScan-match"

diff --git a/pkg/runner/options.go b/pkg/runner/options.go
@@ -91,9 +91,10 @@ type Options struct {
 	SkipHostDiscovery           bool   `json:"skip-host-discovery"`
 	NaabuOutput                 string `json:"naabu-output"`
 	NaabuRate                   int    `json:"naabu-rate"`
-	NaabuThreads                int    `json:"naabu-threads"`
-	NaabuRetries                int    `json:"naabu-retries"`
 	NaabuScanType               string `json:"naabu-scan-type"`
+	NaabuSourceIP               string `json:"naabu-source-ip"`
+	NaabuSourcePort             string `json:"naabu-source-port"`
+	NaabuHostDiscovery          bool   `json:"naabu-host-discovery"`
 }
 
 func ParserOptions() *Options {
@@ -156,14 +157,16 @@ func ParserOptions() *Options {
 		set.BoolVarP(&options.Verbose, "verbose", "vb", false, "详细输出模式"),
 		set.BoolVarP(&options.Version, "version", "v", false, "输出版本"),
 	)
-	set.CreateGroup("Naabu", "端口扫描(测试中)",
+	set.CreateGroup("Naabu", "端口扫描",
 		set.BoolVarP(&options.Naabu, "naabu", "n", false, "端口扫描"),
 		set.StringVar(&options.Ports, "port", "", "端口(80,443, 100-200)"),
 		set.StringVarP(&options.TopPorts, "top-ports", "tp", "", "top端口(100,200,300)"),
-		set.StringVarP(&options.NaabuScanType, "naabu-scan-type", "nst", "s", "端口扫描类型(SYN/CONNECT)"),
-		set.BoolVarP(&options.SkipHostDiscovery, "skip-host-discovery", "shd", false, "跳过主机发现"),
+		set.StringVarP(&options.NaabuScanType, "naabu-scan-type", "ns", "s", "端口扫描类型(SYN/CONNECT)"),
+		set.BoolVarP(&options.NaabuHostDiscovery, "naabu-host-discovery", "sn", false, "只允许主机发现"),
+		set.BoolVarP(&options.SkipHostDiscovery, "skip-host-discovery", "Pn", false, "跳过主机发现"),
 		set.StringVarP(&options.NaabuOutput, "naabu-output", "no", "", "端口扫描结果保存 支持csv格式输出"),
-		set.IntVarP(&options.NaabuRate, "naabu-rate", "nr", 1000, "端口扫描速率"),
+		set.StringVarP(&options.NaabuSourceIP, "naabu-source-ip", "nsi", "", "端口扫描源IP"),
+		set.StringVarP(&options.NaabuSourcePort, "naabu-source-port", "nsp", "", "端口扫描源端口"),
 	)
 
 	set.CreateGroup("Tool", "工具",
@@ -191,8 +194,9 @@ func ParserOptions() *Options {
 		set.StringVarP(&options.Body, "body", "b", "", "自定义请求体"),
 	)
 	set.CreateGroup("Rate", "速率",
-		set.IntVarP(&options.Threads, "thread", "t", 50, "线程"),
+		set.IntVarP(&options.Threads, "thread", "t", 30, "线程"),
 		set.IntVarP(&options.RateLimit, "rate-limit", "rl", 150, "每秒允许的HTTP连接数"),
+		set.IntVarP(&options.NaabuRate, "naabu-rate", "nr", 1000, "端口扫描速率"),
 		set.IntVar(&options.Timeout, "timeout", 10, "超时时间"),
 		set.IntVarP(&options.WaitTimeout, "wait-timeout", "wt", 3, "自定义任务结束前的等待,一般用于结束结束时间果断,导致无法发现更多目标"),
 	)

diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go
@@ -206,8 +206,6 @@ func NewRunner(options *Options) (*Runner, error) {
 func (r *Runner) RunEnumeration() error {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 
-	var err error
-
 	startTime := time.Now()
 	switch {
 	case r.Cfg.Options.Naabu && (!r.Cfg.Options.Subdomain && !r.Cfg.Options.Uncover):
@@ -285,17 +283,22 @@ func (r *Runner) RunEnumeration() error {
 			var rwn sync.RWMutex
 			callback := func(naabuResult *naabuResult.HostResult) {
 				for _, port := range naabuResult.Ports {
-					if strings.Contains(naabuResult.Host, ":") {
-						naabuResult.Host = strings.Split(naabuResult.Host, ":")[0]
-					}
 					rwn.Lock()
 					urls = append(urls, fmt.Sprintf("%s:%d", naabuResult.Host, port.Port))
 					rwn.Unlock()
 				}
+				if len(naabuResult.Ports) == 0 && naabuResult.Host != "" {
+					rwn.Lock()
+					urls = append(urls, fmt.Sprintf("%s", naabuResult.Host))
+					rwn.Unlock()
+				}
+			}
+			naabuOpts, err := naabu.New(temps, opts.NaabuSourceIP, opts.NaabuSourcePort, opts.NaabuScanType, opts.Ports, opts.TopPorts, opts.Retries, opts.NaabuRate, opts.Threads, opts.Proxy, opts.ProxyAuth, opts.Resolvers, opts.NaabuHostDiscovery, opts.SkipHostDiscovery, opts.Verbose, opts.NaabuOutput, opts.Csv, opts.Silent, callback)
+			if err != nil {
+				return err
 			}
-			naabuOpts := naabu.New(temps, opts.NaabuScanType, opts.Ports, opts.TopPorts, opts.Retries, opts.NaabuRate, opts.Threads, opts.Proxy, opts.ProxyAuth, opts.Resolvers, opts.SkipHostDiscovery, false, "", false, callback)
 			if err = naabu.Execute(naabuOpts); err != nil {
-				gologger.Info().Msgf("An error occurred: %s", err)
+				gologger.Warning().Msgf("An error occurred: %s", err)
 			}
 		}
 		urls = util.RemoveDuplicateStrings(append(urls, r.targets_...))
@@ -345,6 +348,7 @@ func (r *Runner) RunEnumeration() error {
 		if lenPath <= 0 {
 			lenPath = 1
 		}
+
 		if r.Cfg.Options.Naabu {
 			// 端口扫描调用 naabu sdk
 			opts := r.Cfg.Options
@@ -365,17 +369,22 @@ func (r *Runner) RunEnumeration() error {
 			var rwn sync.RWMutex
 			callback := func(naabuResult *naabuResult.HostResult) {
 				for _, port := range naabuResult.Ports {
-					if strings.Contains(naabuResult.Host, ":") {
-						naabuResult.Host = strings.Split(naabuResult.Host, ":")[0]
-					}
 					rwn.Lock()
 					urls = append(urls, fmt.Sprintf("%s:%d", naabuResult.Host, port.Port))
 					rwn.Unlock()
 				}
+				if len(naabuResult.Ports) == 0 && naabuResult.Host != "" {
+					rwn.Lock()
+					urls = append(urls, fmt.Sprintf("%s", naabuResult.Host))
+					rwn.Unlock()
+				}
+			}
+			naabuOpts, err := naabu.New(temps, opts.NaabuSourceIP, opts.NaabuSourcePort, opts.NaabuScanType, opts.Ports, opts.TopPorts, opts.Retries, opts.NaabuRate, opts.Threads, opts.Proxy, opts.ProxyAuth, opts.Resolvers, opts.NaabuHostDiscovery, opts.SkipHostDiscovery, opts.Verbose, opts.NaabuOutput, opts.Csv, opts.Silent, callback)
+			if err != nil {
+				return err
 			}
-			naabuOpts := naabu.New(temps, opts.NaabuScanType, opts.Ports, opts.TopPorts, opts.Retries, opts.NaabuRate, opts.Threads, opts.Proxy, opts.ProxyAuth, opts.Resolvers, opts.SkipHostDiscovery, false, "", false, callback)
 			if err = naabu.Execute(naabuOpts); err != nil {
-				gologger.Info().Msgf("An error occurred: %s", err)
+				gologger.Warning().Msgf("An error occurred: %s", err)
 			}
 		}
 		// 去重
@@ -433,11 +442,13 @@ func (r *Runner) RunEnumeration() error {
 				gologger.Info().Msgf("Found open port %d on host %s", port.Port, naabuResult.Host)
 			}
 		}
-		naabuOpts := naabu.New(hosts, opts.NaabuScanType, opts.Ports, opts.TopPorts, opts.Retries, opts.NaabuRate, opts.Threads, opts.Proxy, opts.ProxyAuth, opts.Resolvers, opts.SkipHostDiscovery, opts.Verbose, opts.Output, opts.Csv, callback)
+		naabuOpts, err := naabu.New(hosts, opts.NaabuSourceIP, opts.NaabuSourcePort, opts.NaabuScanType, opts.Ports, opts.TopPorts, opts.Retries, opts.NaabuRate, opts.Threads, opts.Proxy, opts.ProxyAuth, opts.Resolvers, opts.NaabuHostDiscovery, opts.SkipHostDiscovery, opts.Verbose, opts.NaabuOutput, opts.Csv, opts.Silent, callback)
+		if err != nil {
+			return err
+		}
 		if err = naabu.Execute(naabuOpts); err != nil {
 			return err
 		}
-
 	default:
 		var urls = r.targets_
 		var paths = r.paths