kali安装fscan

fscan

1. 简介

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。
支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写公钥、计划任务反弹shell、读取win网卡信息、web指纹识别、web漏洞扫描、netbios探测、域控识别等功能。

2. 主要功能

1.信息搜集:

• 存活探测(icmp)
• 端口扫描

2.爆破功能:

• 各类服务爆破(ssh、smb、rdp等)
• 数据库密码爆破(mysql、mssql、redis、psql、oracle等)

3.系统信息、漏洞扫描:

• netbios探测、域控识别
• 获取目标网卡信息
• 高危漏洞扫描(ms17010等)

4.Web探测功能:

• webtitle探测
• web指纹识别(常见cms、oa框架等)
• web漏洞扫描(weblogic、st2等,支持xray的poc)

5.漏洞利用:

• redis写公钥或写计划任务
• ssh命令执行
• ms17017利用(植入shellcode),如添加用户等

6.其他功能:

• 文件保存

3.安装

使用kali安装go编译环境

wget -c https://go.dev/dl/go1.17.5.linux-amd64.tar.gz

tar -C /usr/local -xzf go1.17.5.linux-amd64.tar.gz

环境变量

vi ~/.bashrc

#go env
export GOPATH=$HOME/go
export GOROOT=/usr/local/go
export PATH=$PATH:/usr/local/go/bin
检查

go -version

错误解决

go: github.com/denisenkom/go-mssqldb@v0.12.2: Get "https://proxy.golang.org/github.com/denisenkom/go-mssqldb/@v/v0.12.2.mod": dial tcp 172.217.160.113:443: i/o timeout

go env -w GOPROXY=https://goproxy.cn

先gitfscan源码

git clone https://github.com/shadow1ng/fscan.git

进入fcan目录下执行编译

go build -ldflags="-s -w " -trimpath

生成fscan

4.参数说明

└─# ./fscan

/ _ \ ___ ___ _ __ __ _ | | __
/ /// |/ | '/ ` |/ | |/ /
/ /\___ \ (| | | (_| | (| <
__/ |/_|| _,|__||_\
fscan version: 1.8.1
Host is none
Usage of ./fscan:
-br int
Brute threads (default 1)
-c string
exec command (ssh)
-cookie string
set poc cookie,-cookie rememberMe=login
-debug int
every time to LogErr (default 60)
-dns
using dnslog poc
-domain string
smb domain
-full
poc full scan,as: shiro 100 key
-h string
IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12
-hf string
host file, -hf ip.txt
-hn string
the hosts no scan,as: -hn 192.168.1.1/24
-m string
Select scan type ,as: -m ssh (default "all")
-no
not to save output log
-nobr
not to Brute password
-nopoc
not to scan web vul
-np
not to ping
-num int
poc rate (default 20)
-o string
Outputfile (default "result.txt")
-p string
Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,139,443,445,1433,1521,3306,5432,6379,7001,8000,8080,8089,9000,9200,11211,27017")
-pa string
add port base DefaultPorts,-pa 3389
-path string
fcgi、smb romote file path
-ping
using ping replace icmp
-pn string
the ports no scan,as: -pn 445
-pocname string
use the pocs these contain pocname, -pocname weblogic
-pocpath string
poc file path
-portf string
Port File
-proxy string
set poc proxy, -proxy http://127.0.0.1:8080
-pwd string
password
-pwda string
add a password base DefaultPasses,-pwda password
-pwdf string
password file
-rf string
redis file to write sshkey file (as: -rf id_rsa.pub)
-rs string
redis shell to write cron file (as: -rs 192.168.1.1:6666)
-sc string
ms17 shellcode,as -sc add
-silent
silent scan
-socks5 string
set socks5 proxy, will be used in tcp connection, timeout setting will not work
-sshkey string
sshkey file (id_rsa)
-t int
Thread nums (default 600)
-time int
Set timeout (default 3)
-top int
show live len top (default 10)
-u string
url
-uf string
urlfile
-user string
username
-usera string
add a user base DefaultUsers,-usera user
-userf string
username file
-wt int
Set web timeout (default 5)