From f6b461e1c9ca5e78df4095ed23de606fa51da310 Mon Sep 17 00:00:00 2001 From: k8gege Date: Thu, 14 Jan 2021 22:57:23 +0800 Subject: [PATCH] LadonGo --- Ladon.go | 33 +++++++++++++++++++++++++++++---- REDISSCAN.Log | 6 ++++++ logger/logger.go | 38 ++++++++++++++++++++++++++------------ port.log | 1 + port/port.go | 17 ++++++++++++++++- redis/redis_auth.go | 40 ++++++++++++++++++++++++++++++++++++++++ update.txt | 22 ++++++++++++++++++++++ 7 files changed, 140 insertions(+), 17 deletions(-) create mode 100644 REDISSCAN.Log create mode 100644 port.log create mode 100644 redis/redis_auth.go create mode 100644 update.txt diff --git a/Ladon.go b/Ladon.go index 28b6a5f..fccac43 100644 --- a/Ladon.go +++ b/Ladon.go @@ -25,6 +25,7 @@ import ( "github.com/k8gege/LadonGo/exp" "github.com/k8gege/LadonGo/dic" //"github.com/k8gege/LadonGo/tcp" + "github.com/k8gege/LadonGo/redis" "github.com/fatih/color" "strings" "log" @@ -141,8 +142,18 @@ func Exploit() { } -var isicmp bool +func Noping() { + s:="" + if runtime.GOOS!="windows" { + s="./" + } + fmt.Println("\nNoping Example:") + fmt.Println(s+"Ladon noping 192.168.1.8 PortScan") + fmt.Println(s+"Ladon noping ip.txt PortScan") +} +var isicmp bool +var ver="3.3" func incIP(ip net.IP) { for j := len(ip) - 1; j >= 0; j-- { ip[j]++ @@ -168,7 +179,7 @@ func GetUser(){ var debugLog *log.Logger var scanports string func main() { - color.Green("LadonGo 3.2 by k8gege") + color.Green("LadonGo "+ver+" by k8gege") fmt.Println("Arch: "+runtime.GOARCH+" OS: "+runtime.GOOS) if icmp.IcmpOK("localhost") { isicmp=true} @@ -197,6 +208,10 @@ func main() { FuncList() os.Exit(0) } + if SecPar=="NOPING"{ + Noping() + os.Exit(0) + } if SecPar=="BRUTEFOR"||SecPar=="BRUTE"||SecPar=="BRUTEFORCE"||SecPar=="BRUTE-FORCE" { BruteFor() os.Exit(0) @@ -376,7 +391,7 @@ func BScan(ScanType string,Target string){ ip = strings.Replace(ip, "/B", "", -1) ips := strings.Split(ip,".") ip = ips[0]+"."+ips[1] - for i:=1;i<256;i++ { + for i:=0;i<256;i++ { ip:=fmt.Sprintf("%s.%d",ip,i) fmt.Println("\nC_Segment: "+ip) fmt.Println("=============================================") @@ -388,7 +403,7 @@ func AScan(ScanType string,Target string){ ip = strings.Replace(ip, "/A", "", -1) ips := strings.Split(ip,".") ip = ips[0] - for i:=1;i<256;i++ { + for i:=0;i<256;i++ { ip:=fmt.Sprintf("%s.%d",ip,i) BScan(ScanType,ip) } @@ -431,6 +446,10 @@ func LadonScan(ScanType string,Target string) { if icmp.IcmpOK(Target) { if strings.Contains(scanports, ",") { port.ScanPortBanners(Target,scanports) + } else if strings.Contains(scanports, "-") { + port.ScanPortBannerRange(Target,scanports) + } else if scanports!="" { + port.ScanPortBannerSingle(Target,scanports) } else { port.ScanPortBanner(Target) } @@ -438,6 +457,10 @@ func LadonScan(ScanType string,Target string) { }else if ping.PingOK(Target) { if strings.Contains(scanports, ",") { port.ScanPortBanners(Target,scanports) + } else if strings.Contains(scanports, "-") { + port.ScanPortBannerRange(Target,scanports) + } else if scanports!="" { + port.ScanPortBannerSingle(Target,scanports) } else { port.ScanPortBanner(Target) } @@ -486,6 +509,8 @@ func LadonScan(ScanType string,Target string) { oracle.SqlPlusScan(ScanType,Target) } else if ScanType == "WINRMSCAN" { winrm.WinrmScan(ScanType,Target) + } else if ScanType == "REDISSCAN" { + redis.RedisNullScan(ScanType,Target) } else if ScanType == "HTTPBASICSCAN" ||ScanType == "BASICAUTHSCAN" ||ScanType == "401SCAN" { http.BasicAuthScan(ScanType,"http://"+Target) } else { diff --git a/REDISSCAN.Log b/REDISSCAN.Log new file mode 100644 index 0000000..9c9a4af --- /dev/null +++ b/REDISSCAN.Log @@ -0,0 +1,6 @@ +2020/12/21 21:12:33 Found: 192.168.1.21 6379 ISOK +2020/12/21 21:14:00 Found: 192.168.1.21 6379 ISOK +2020/12/21 21:14:45 Found: 192.168.1.21 6379 ISOK +2020/12/21 21:21:13 Found: 192.168.1.21 6379 ISOK +2020/12/21 21:46:45 Found: 192.168.1.21 6379 ISOK +2020/12/21 21:46:51 Found: 192.168.1.21 6379 ISOK diff --git a/logger/logger.go b/logger/logger.go index bc43f40..ec16649 100644 --- a/logger/logger.go +++ b/logger/logger.go @@ -32,34 +32,48 @@ func PrintIsok(ScanType,h ,u ,p string){ //} else //{fmt.Println("\033[35mFound: "+h+" "+u+" "+p+" ISOK\033[0m")} color.Magenta("Found: "+h+" "+u+" "+p+" ISOK") - logFile, err := os.OpenFile(ScanType+".Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0777) - if err != nil { - panic(err) - } + logFile, _ := os.OpenFile(ScanType+".Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0777) + //if err != nil { + //panic(err) + //} log.SetOutput(logFile) log.Println("Found: "+h+" "+u+" "+p+" ISOK") } +func PrintIsok0(ScanType,h ,p string){ + //if runtime.GOOS=="windows" { + //fmt.Println("Found: "+h+" "+u+" "+p+" ISOK") + //} else + //{fmt.Println("\033[35mFound: "+h+" "+u+" "+p+" ISOK\033[0m")} + color.Magenta("Found: "+h+" "+p+" ISOK") + logFile, _ := os.OpenFile(ScanType+".Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0777) + //if err != nil { + //panic(err) + //} + log.SetOutput(logFile) + log.Println("Found: "+h+" "+p+" ISOK") +} + func PrintIsok2(ScanType,h ,port,u ,p string){ //if runtime.GOOS=="windows" { //fmt.Println("Found: "+h+" "+port+" "+u+" "+p+" ISOK") //} else //{fmt.Println("\033[35mFound: "+h+" "+port+" "+u+" "+p+" ISOK\033[0m")} color.Magenta("Found: "+h+" "+u+" "+p+" ISOK") - logFile, err := os.OpenFile(ScanType+".Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0777) - if err != nil { - panic(err) - } + logFile, _ := os.OpenFile(ScanType+".Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0777) + //if err != nil { + //panic(err) + //} log.SetOutput(logFile) log.Println("Found: "+h+" "+port+" "+u+" "+p+" ISOK") } func PrintIsok3(ScanType,h ,port,u ,p , d string){ color.Magenta("Found: "+h+" "+u+" "+p+" "+d+" ISOK") - logFile, err := os.OpenFile(ScanType+".Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0777) - if err != nil { - panic(err) - } + logFile, _ := os.OpenFile(ScanType+".Log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0777) + //if err != nil { + //panic(err) + //} log.SetOutput(logFile) log.Println("Found: "+h+" "+port+" "+u+" "+p+" "+d+" ISOK") } \ No newline at end of file diff --git a/port.log b/port.log new file mode 100644 index 0000000..18c31f8 --- /dev/null +++ b/port.log @@ -0,0 +1 @@ +192.168.1.21 6379 Open \ No newline at end of file diff --git a/port/port.go b/port/port.go index d9de6ed..a2ad0a1 100644 --- a/port/port.go +++ b/port/port.go @@ -141,7 +141,7 @@ func workerPort(tasks chan Workdist,debugLog *log.Logger){ } -var DefaultPorts = []int{21,22,23,25,80,443,8080,110,135,139,445,389,489,587,1433,1434,1521,1522,1723,2121,3306,3389,4899,5631,5632,5800,5900,7071,43958,65500,4444,8888,6789,4848,5985,5986,8081,8089,8443,10000,6379,7001,7002} +var DefaultPorts = []int{21,22,23,25,80,443,8080,110,135,139,445,389,489,587,1433,1434,1521,1522,1723,2121,3000,3306,3389,4899,5631,5632,5800,5900,7071,43958,65500,4444,8888,6789,4848,5985,5986,8081,8089,8443,10000,6379,7001,7002} func ScanPort(host string){ var wg sync.WaitGroup @@ -182,4 +182,19 @@ for _, port:= range strings.Split(ports,",") { //tcp.GetBanner(host,p) tcp.TcpBanner(host,port) } +} + +func ScanPortBannerSingle(host,port string){ +tcp.TcpBanner(host,port) +} + +func ScanPortBannerRange(host,ports string){ +port:=strings.Split(ports,"-") +p1, _ := strconv.Atoi(port[0]) +p2, _ := strconv.Atoi(port[1]) + +for i := p1; i <= p2; i++ { + tcp.TcpBanner(host,strconv.Itoa(i)) +} + } \ No newline at end of file diff --git a/redis/redis_auth.go b/redis/redis_auth.go new file mode 100644 index 0000000..a1f9aae --- /dev/null +++ b/redis/redis_auth.go @@ -0,0 +1,40 @@ +package redis +//Ladon Scanner for golang +//Author: k8gege +//K8Blog: http://k8gege.org/Ladon +//Github: https://github.com/k8gege/LadonGo +import ( + //"fmt" + "strconv" + "github.com/monnand/goredis" + "github.com/k8gege/LadonGo/port" + "github.com/k8gege/LadonGo/logger" +) + +func RedisNullAuth(host string,iport int) (result bool) { + result = false +if port.PortCheck(host,iport) { + var client goredis.Client + port:=strconv.Itoa(iport) + client.Addr = host+":"+port + err := client.Set("test", []byte("ISOK")) + if err != nil { + //panic(err) + } + + res, _ := client.Get("test") + if string(res)=="ISOK" { + result = true + } + + client.Set("test", []byte("test")) +} +return result +} + +func RedisNullScan(ScanType,host string) { +if RedisNullAuth(host,6379) { + logger.PrintIsok0(ScanType,host,"6379") +} + +} \ No newline at end of file diff --git a/update.txt b/update.txt new file mode 100644 index 0000000..dd4a144 --- /dev/null +++ b/update.txt @@ -0,0 +1,22 @@ +3.3 2021.01.14 +[u] 修复无权限写文件时,结束密码爆破的BUG +[u] 修复B段、A段漏扫0段的BUG +[u] PortScan 增加Ruby on Rails默认WEB端口3000 +[+] RedisScan Redis未授权访问扫描 +[u] TcpBanner 范围端口 例子: Ladon ip/24 TcpBanner 80-89 +[u] PortScan 范围端口 例子: Ladon ip/24 PortScan 80-89 +[u] TcpBanner 指定端口 例子: Ladon ip/24 TcpBanner 80 +[u] PortScan 指定端口 例子: Ladon ip/24 PortScan 80 + +3.2 2020.12.18 +[u] PortScan默认扫Banner 高亮显示SSH、HTTP、FTP服务 +[+] TcpBanner 自定义端口 例子: Ladon ip/24 TcpBanner 80,135,445 +[+] PortScan 自定义端口 例子: Ladon ip/24 PortScan 80,135,445 +[u] 修复ICMP误报的问题(icmp_seq=1 Destination Host Unreachable) + +#### TcpBanner +ScanStart: 2020-12-18 02:30:33 +192.168.1.19 22 Open SSH-2.0-OpenSSH_5.1 +192.168.1.145 22 Open SSH-2.0-OpenSSH_5.1 +192.168.1.1 21 Open 220 Welcome to virtual FTP service. +192.168.1.1 80 Open HTTP/1.1 200 OK Connection: Keep-Alive \ No newline at end of file