Merge remote-tracking branch 'upstream/main'

.github/conf/.goreleaser.yml

@@ -1,69 +1,55 @@
 before:
   hooks:
-    - sudo apt -y install libprotobuf-dev protobuf-compiler protoc-gen-go
     - go mod tidy
-    - go generate ./...
 builds:
-  - id: "with-upx"
+  -
+    id: default
     env:
       - CGO_ENABLED=0
     goos:
-      - linux
       - windows
+      - linux
       - darwin
+      - freebsd
+      - solaris
     goarch:
       - amd64
-      - arm64
-      - arm
       - "386"
-    goarm:
-      - "6"
-      - "7"
-    flags:
-      - -trimpath
-    ldflags:
-      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }} -X main.builtBy=goreleaser
-    ignore:
-      - goos: windows
-        goarch: arm64
-      - goos: windows
-        goarch: arm
-      - goos: linux
-        goarch: mips64
-    hooks:
-       post: upx --best -f -q "{{ .Path }}"
-
-# UnknownExecutableFormatException
-# CantPackException: can't pack new-exe
-  - id: "without-upx"
-    env:
-      - CGO_ENABLED=0
-    goos:
-      - linux
-      - windows
-      - darwin
-    goarch:
-      - mips64
       - arm
+      - arm64
+      - mips
+      - mipsle
+      - mips64
     goarm:
       - "6"
       - "7"
     flags:
       - -trimpath
     ldflags:
-      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }} -X main.builtBy=goreleaser
-    ignore:
-      - goos: linux
-        goarch: arm
-
-
-# archives:
-#   - replacements:
-#       darwin: Darwin
-#       linux: Linux
-#       windows: Windows
-#       386: i386
-#       amd64: x86_64
+      - -s -w
+upx:
+  -
+    ids: [ default ]
+    enabled: true
+    goos: ["windows", "linux"]
+    goarch: ["amd64", "386"]
+    compress: best
+#    lzma: true
+#    brute: true
+archives:
+  -
+    format: binary
+    allow_different_binary_count: true
+    name_template: >-
+      {{- .ProjectName }}
+      {{- if eq .Os "darwin"}}_mac
+      {{- else if eq .Os "linux"}}
+      {{- else if eq .Os "windows"}}
+      {{- else }}_{{ .Os }}{{ end }}
+      {{- if eq .Arch "amd64" }}
+      {{- else if eq .Arch "386" }}32
+      {{- else }}_{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end -}}
 checksum:
   name_template: 'checksums.txt'
 snapshot:
@@ -74,3 +60,5 @@ changelog:
     exclude:
       - '^docs:'
       - '^test:'
+      - "^*.md"
+      - "^*.ya?ml"

.github/workflows/release.yml

@@ -13,23 +13,31 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
+      - name: "Check out code"
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+
+      - name: "Set up Go"
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
       -
-        name: Set up Go
-        uses: actions/setup-go@v2
+        name: Install UPX
+        uses: crazy-max/ghaction-upx@v3
         with:
-          go-version: 1.19
+          install-only: true
+
+      - name: UPX version
+        run: upx --version
+
       -
-        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        name: "Create release on GitHub"
+        uses: goreleaser/goreleaser-action@v4
         with:
           distribution: goreleaser
           version: latest
-          args: -f .github/conf/.goreleaser.yml
+          args: "release --clean --debug -f .github/conf/.goreleaser.yml"
           workdir: .
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1 @@
+result.txt

Plugins/CVE-2020-0796.go

@@ -106,28 +106,23 @@ func SmbGhostScan(info *common.HostInfo) error {
 	ip, port, timeout := info.Host, 445, time.Duration(common.Timeout)*time.Second
 	addr := fmt.Sprintf("%s:%v", info.Host, port)
 	conn, err := common.WrapperTcpWithTimeout("tcp", addr, timeout)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
 	if err != nil {
 		return err
 	}
+	defer conn.Close()
 	_, err = conn.Write([]byte(pkt))
 	if err != nil {
 		return err
 	}
 	buff := make([]byte, 1024)
 	err = conn.SetReadDeadline(time.Now().Add(timeout))
 	n, err := conn.Read(buff)
-	if err != nil {
+	if err != nil || n == 0 {
 		return err
 	}
-	if bytes.Contains(buff[:n], []byte("Public")) == true {
+	if bytes.Contains(buff[:n], []byte("Public")) == true && len(buff[:n]) >= 76 && bytes.Equal(buff[72:74], []byte{0x11, 0x03}) && bytes.Equal(buff[74:76], []byte{0x02, 0x00}) {
 		result := fmt.Sprintf("[+] %v CVE-2020-0796 SmbGhost Vulnerable", ip)
 		common.LogSuccess(result)
-
 	}
 	return err
 }

Plugins/NetBIOS.go

@@ -12,17 +12,17 @@ import (
 	"time"
 )
 
-var netbioserr = errors.New("netbios error")
+var errNetBIOS = errors.New("netbios error")
 
 func NetBIOS(info *common.HostInfo) error {
 	netbios, _ := NetBIOS1(info)
 	output := netbios.String()
 	if len(output) > 0 {
-		result := fmt.Sprintf("[*] NetBios: %-15s %s", info.Host, output)
+		result := fmt.Sprintf("[*] NetBios %-15s %s", info.Host, output)
 		common.LogSuccess(result)
 		return nil
 	}
-	return netbioserr
+	return errNetBIOS
 }
 
 func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) {
@@ -41,14 +41,10 @@ func NetBIOS1(info *common.HostInfo) (netbios NetBiosInfo, err error) {
 	realhost := fmt.Sprintf("%s:%v", info.Host, info.Ports)
 	var conn net.Conn
 	conn, err = common.WrapperTcpWithTimeout("tcp", realhost, time.Duration(common.Timeout)*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
 	if err != nil {
 		return
 	}
+	defer conn.Close()
 	err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 	if err != nil {
 		return
@@ -93,14 +89,10 @@ func GetNbnsname(info *common.HostInfo) (netbios NetBiosInfo, err error) {
 	//senddata1 := []byte("ff\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01")
 	realhost := fmt.Sprintf("%s:137", info.Host)
 	conn, err := net.DialTimeout("udp", realhost, time.Duration(common.Timeout)*time.Second)
-	defer func() {
-		if conn != nil {
-			conn.Close()
-		}
-	}()
 	if err != nil {
 		return
 	}
+	defer conn.Close()
 	err = conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
 	if err != nil {
 		return
@@ -249,7 +241,7 @@ func (info *NetBiosInfo) String() (output string) {
 
 func ParseNetBios(input []byte) (netbios NetBiosInfo, err error) {
 	if len(input) < 57 {
-		err = netbioserr
+		err = errNetBIOS
 		return
 	}
 	data := input[57:]
@@ -281,7 +273,7 @@ func ParseNetBios(input []byte) (netbios NetBiosInfo, err error) {
 		}
 	}
 	if len(msg) == 0 {
-		err = netbioserr
+		err = errNetBIOS
 		return
 	}
 	err = yaml.Unmarshal([]byte(msg), &netbios)
@@ -293,7 +285,7 @@ func ParseNetBios(input []byte) (netbios NetBiosInfo, err error) {
 
 func ParseNTLM(ret []byte) (netbios NetBiosInfo, err error) {
 	if len(ret) < 47 {
-		err = netbioserr
+		err = errNetBIOS
 		return
 	}
 	var num1, num2 int
@@ -328,7 +320,7 @@ func ParseNTLM(ret []byte) (netbios NetBiosInfo, err error) {
 		return
 	}
 	length = num1 + num2*256
-	num1, err = bytetoint(ret[start+44 : start+45][0])
+	_, err = bytetoint(ret[start+44 : start+45][0])
 	if err != nil {
 		return
 	}

Plugins/fcgiscan.go

@@ -93,19 +93,19 @@ func FcgiScan(info *common.HostInfo) {
 	//Access to the script '/etc/passwd' has been denied (see security.limit_extensions)
 	var result string
 	var output = string(stdout)
-	if strings.Contains(string(stdout), cutLine) { //命令成功回显
-		output = strings.SplitN(string(stdout), cutLine, 2)[0]
+	if strings.Contains(output, cutLine) { //命令成功回显
+		output = strings.SplitN(output, cutLine, 2)[0]
 		if len(stderr) > 0 {
-			result = fmt.Sprintf("[+] FCGI:%v:%v \n%vstderr:%v\nplesa try other path,as -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr))
+			result = fmt.Sprintf("[+] FCGI %v:%v \n%vstderr:%v\nplesa try other path,as -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr))
 		} else {
-			result = fmt.Sprintf("[+] FCGI:%v:%v \n%v", info.Host, info.Ports, output)
+			result = fmt.Sprintf("[+] FCGI %v:%v \n%v", info.Host, info.Ports, output)
 		}
 		common.LogSuccess(result)
-	} else if strings.Contains(string(stdout), "File not found") || strings.Contains(string(stdout), "Content-type") || strings.Contains(string(stdout), "Status") {
+	} else if strings.Contains(output, "File not found") || strings.Contains(output, "Content-type") || strings.Contains(output, "Status") {
 		if len(stderr) > 0 {
-			result = fmt.Sprintf("[+] FCGI:%v:%v \n%vstderr:%v\nplesa try other path,as -path /www/wwwroot/index.php", info.Host, info.Ports, string(stdout), string(stderr))
+			result = fmt.Sprintf("[+] FCGI %v:%v \n%vstderr:%v\nplesa try other path,as -path /www/wwwroot/index.php", info.Host, info.Ports, output, string(stderr))
 		} else {
-			result = fmt.Sprintf("[+] FCGI:%v:%v \n%v", info.Host, info.Ports, string(stdout))
+			result = fmt.Sprintf("[+] FCGI %v:%v \n%v", info.Host, info.Ports, output)
 		}
 		common.LogSuccess(result)
 	}
@@ -191,38 +191,38 @@ func New(addr string, timeout int64) (fcgi *FCGIClient, err error) {
 	return
 }
 
-func (this *FCGIClient) writeRecord(recType uint8, reqId uint16, content []byte) (err error) {
-	this.mutex.Lock()
-	defer this.mutex.Unlock()
-	this.buf.Reset()
-	this.h.init(recType, reqId, len(content))
-	if err := binary.Write(&this.buf, binary.BigEndian, this.h); err != nil {
+func (c *FCGIClient) writeRecord(recType uint8, reqId uint16, content []byte) (err error) {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+	c.buf.Reset()
+	c.h.init(recType, reqId, len(content))
+	if err := binary.Write(&c.buf, binary.BigEndian, c.h); err != nil {
 		return err
 	}
-	if _, err := this.buf.Write(content); err != nil {
+	if _, err := c.buf.Write(content); err != nil {
 		return err
 	}
-	if _, err := this.buf.Write(pad[:this.h.PaddingLength]); err != nil {
+	if _, err := c.buf.Write(pad[:c.h.PaddingLength]); err != nil {
 		return err
 	}
-	_, err = this.rwc.Write(this.buf.Bytes())
+	_, err = c.rwc.Write(c.buf.Bytes())
 	return err
 }
 
-func (this *FCGIClient) writeBeginRequest(reqId uint16, role uint16, flags uint8) error {
+func (c *FCGIClient) writeBeginRequest(reqId uint16, role uint16, flags uint8) error {
 	b := [8]byte{byte(role >> 8), byte(role), flags}
-	return this.writeRecord(FCGI_BEGIN_REQUEST, reqId, b[:])
+	return c.writeRecord(FCGI_BEGIN_REQUEST, reqId, b[:])
 }
 
-func (this *FCGIClient) writeEndRequest(reqId uint16, appStatus int, protocolStatus uint8) error {
+func (c *FCGIClient) writeEndRequest(reqId uint16, appStatus int, protocolStatus uint8) error {
 	b := make([]byte, 8)
 	binary.BigEndian.PutUint32(b, uint32(appStatus))
 	b[4] = protocolStatus
-	return this.writeRecord(FCGI_END_REQUEST, reqId, b)
+	return c.writeRecord(FCGI_END_REQUEST, reqId, b)
 }
 
-func (this *FCGIClient) writePairs(recType uint8, reqId uint16, pairs map[string]string) error {
-	w := newWriter(this, recType, reqId)
+func (c *FCGIClient) writePairs(recType uint8, reqId uint16, pairs map[string]string) error {
+	w := newWriter(c, recType, reqId)
 	b := make([]byte, 8)
 	for k, v := range pairs {
 		n := encodeSize(b, uint32(len(k)))
@@ -324,21 +324,21 @@ func (w *streamWriter) Close() error {
 	return w.c.writeRecord(w.recType, w.reqId, nil)
 }
 
-func (this *FCGIClient) Request(env map[string]string, reqStr string) (retout []byte, reterr []byte, err error) {
+func (c *FCGIClient) Request(env map[string]string, reqStr string) (retout []byte, reterr []byte, err error) {
 
 	var reqId uint16 = 1
-	defer this.rwc.Close()
+	defer c.rwc.Close()
 
-	err = this.writeBeginRequest(reqId, uint16(FCGI_RESPONDER), 0)
+	err = c.writeBeginRequest(reqId, uint16(FCGI_RESPONDER), 0)
 	if err != nil {
 		return
 	}
-	err = this.writePairs(FCGI_PARAMS, reqId, env)
+	err = c.writePairs(FCGI_PARAMS, reqId, env)
 	if err != nil {
 		return
 	}
 	if len(reqStr) > 0 {
-		err = this.writeRecord(FCGI_STDIN, reqId, []byte(reqStr))
+		err = c.writeRecord(FCGI_STDIN, reqId, []byte(reqStr))
 		if err != nil {
 			return
 		}
@@ -349,7 +349,7 @@ func (this *FCGIClient) Request(env map[string]string, reqStr string) (retout []
 
 	// recive untill EOF or FCGI_END_REQUEST
 	for {
-		err1 = rec.read(this.rwc)
+		err1 = rec.read(c.rwc)
 		if err1 != nil {
 			if err1 != io.EOF {
 				err = err1