diff --git a/tools/fscan.yaml b/tools/fscan.yaml
new file mode 100644
index 00000000..90cf63a3
--- /dev/null
+++ b/tools/fscan.yaml
@@ -0,0 +1,288 @@
+name: "fscan"
+command: "fscan"
+enabled: false
+short_description: "内网综合扫描工具，支持存活探测、端口扫描、服务识别、爆破、POC检测"
+description: |
+  Fscan是一款内网综合扫描工具，支持主机发现、端口扫描、服务识别、
+
+  密码爆破、Web指纹识别和漏洞POC检测。
+
+  **主要功能：**
+  - 主机存活探测（ICMP/TCP/Ping）
+  - 端口扫描（默认1000常用端口）
+  - 服务版本识别与指纹匹配
+  - 弱口令暴力破解（SSH/SMB/Mysql/Redis等）
+  - Web应用漏洞POC扫描
+  - DNS探测与域名枚举
+  - Redis未授权利用（写入/WebShell/反弹Shell）
+  - 持久化后门生成（Linux ELF / Windows PE）
+
+  **使用场景：**
+  - 内网资产快速梳理
+  - 弱口令批量检测
+  - 常见服务漏洞验证
+  - 渗透测试信息收集
+  - 红队内网横向
+parameters:
+  - name: "target"
+    type: "string"
+    description: "目标主机：IP地址、IP段（如192.168.1.0/24）、IP文件或域名"
+    required: true
+    flag: "-h"
+    format: "flag"
+  - name: "ports"
+    type: "string"
+    description: |
+      扫描端口列表，逗号分隔。默认覆盖1000个常用端口。
+      示例: "22,80,443,3306,6379" 或 "1-1000"
+    required: false
+    flag: "-p"
+    format: "flag"
+    default: "21,22,23,25,53,80,81,88,110,111,135,139,143,161,389,443,445,465,502,512,513,514,515,548,554,587,623,636,873,902,993,995,1080,1099,1194,1433,1434,1521,1522,1525,1723,1883,2049,2121,2181,2200,2222,2375,2376,2379,2380,3000,3128,3268,3269,3306,3389,3690,4369,4444,4848,5000,5005,5044,5060,5432,5601,5631,5632,5671,5672,5900,5984,5985,5986,6000,6379,6380,6443,6666,6667,7001,7002,7474,7687,8000,8005,8008,8009,8080,8081,8086,8088,8089,8090,8161,8180,8443,8500,8834,8848,8880,8888,9000,9001,9042,9080,9090,9092,9093,9160,9200,9300,9418,9443,9999,10000,10051,10250,10255,11211,15672,22222,26379,27017,27018,50000,50070,50075,61613,61614,61616"
+  - name: "mode"
+    type: "string"
+    description: |
+      扫描模式：
+      - all：全功能扫描（默认）
+      - icmp：仅存活探测
+      - 或指定插件名称（如 ssh, smb, mysql, redis 等）
+    required: false
+    flag: "-m"
+    format: "flag"
+    default: "all"
+  - name: "output_file"
+    type: "string"
+    description: "结果输出文件路径（默认 result.txt）"
+    required: false
+    flag: "-o"
+    format: "flag"
+    default: "result.txt"
+  - name: "output_format"
+    type: "string"
+    description: "输出格式：txt（默认）, json, csv"
+    required: false
+    flag: "-f"
+    format: "flag"
+    default: "txt"
+  - name: "threads"
+    type: "int"
+    description: "端口扫描线程数"
+    required: false
+    flag: "-t"
+    format: "flag"
+    default: 600
+  - name: "module_threads"
+    type: "int"
+    description: "模块并发线程数"
+    required: false
+    flag: "-mt"
+    format: "flag"
+    default: 20
+  - name: "poc_num"
+    type: "int"
+    description: "POC扫描并发数"
+    required: false
+    flag: "-num"
+    format: "flag"
+    default: 20
+  - name: "timeout"
+    type: "int"
+    description: "端口扫描超时时间（秒）"
+    required: false
+    flag: "-time"
+    format: "flag"
+    default: 3
+  - name: "web_timeout"
+    type: "int"
+    description: "Web请求超时时间（秒）"
+    required: false
+    flag: "-wt"
+    format: "flag"
+    default: 5
+  - name: "global_timeout"
+    type: "int"
+    description: "全局超时时间（秒）"
+    required: false
+    flag: "-gt"
+    format: "flag"
+    default: 180
+  - name: "url"
+    type: "string"
+    description: "目标URL（用于Web扫描模式）"
+    required: false
+    flag: "-u"
+    format: "flag"
+  - name: "proxy"
+    type: "string"
+    description: "HTTP代理地址（如: http://127.0.0.1:8080）"
+    required: false
+    flag: "-proxy"
+    format: "flag"
+  - name: "socks5"
+    type: "string"
+    description: "SOCKS5代理地址（如: 127.0.0.1:1080）"
+    required: false
+    flag: "-socks5"
+    format: "flag"
+  - name: "cookie"
+    type: "string"
+    description: "HTTP Cookie值"
+    required: false
+    flag: "-cookie"
+    format: "flag"
+  - name: "domain"
+    type: "string"
+    description: "目标域名"
+    required: false
+    flag: "-domain"
+    format: "flag"
+  - name: "username"
+    type: "string"
+    description: "暴力破解用户名"
+    required: false
+    flag: "-user"
+    format: "flag"
+  - name: "password"
+    type: "string"
+    description: "暴力破解密码"
+    required: false
+    flag: "-pwd"
+    format: "flag"
+  - name: "user_file"
+    type: "string"
+    description: "用户名字典文件路径"
+    required: false
+    flag: "-userf"
+    format: "flag"
+  - name: "pass_file"
+    type: "string"
+    description: "密码字典文件路径"
+    required: false
+    flag: "-pwdf"
+    format: "flag"
+  - name: "host_file"
+    type: "string"
+    description: "目标主机文件路径（每行一个IP）"
+    required: false
+    flag: "-hf"
+    format: "flag"
+  - name: "port_file"
+    type: "string"
+    description: "自定义端口文件路径"
+    required: false
+    flag: "-pf"
+    format: "flag"
+  - name: "url_file"
+    type: "string"
+    description: "目标URL文件路径"
+    required: false
+    flag: "-uf"
+    format: "flag"
+  - name: "pocname"
+    type: "string"
+    description: "指定POC名称进行单点扫描"
+    required: false
+    flag: "-pocname"
+    format: "flag"
+  - name: "pocpath"
+    type: "string"
+    description: "自定义POC脚本路径"
+    required: false
+    flag: "-pocpath"
+    format: "flag"
+  - name: "iface"
+    type: "string"
+    description: "指定本地网卡IP地址（VPN场景使用）"
+    required: false
+    flag: "-iface"
+    format: "flag"
+  - name: "exclude_host"
+    type: "string"
+    description: "排除的主机IP"
+    required: false
+    flag: "-eh"
+    format: "flag"
+  - name: "exclude_port"
+    type: "string"
+    description: "排除的端口"
+    required: false
+    flag: "-ep"
+    format: "flag"
+  - name: "retry"
+    type: "int"
+    description: "最大重试次数"
+    required: false
+    flag: "-retry"
+    format: "flag"
+    default: 3
+  - name: "rate_limit"
+    type: "int"
+    description: "每分钟最大发包次数（0表示不限制）"
+    required: false
+    flag: "-rate"
+    format: "flag"
+  - name: "max_redirect"
+    type: "int"
+    description: "HTTP最大重定向次数"
+    required: false
+    flag: "-max-redirect"
+    format: "flag"
+    default: 10
+  - name: "lang"
+    type: "string"
+    description: "输出语言：zh（默认中文）, en（英文）"
+    required: false
+    flag: "-lang"
+    format: "flag"
+    default: "zh"
+  - name: "log_level"
+    type: "string"
+    description: "日志级别（默认 base,info,success）"
+    required: false
+    flag: "-log"
+    format: "flag"
+    default: "base,info,success"
+  - name: "reverse_shell"
+    type: "string"
+    description: "反弹Shell目标地址:端口（如: 192.168.1.100:4444）"
+    required: false
+    flag: "-rsh"
+    format: "flag"
+  - name: "sshkey_file"
+    type: "string"
+    description: "SSH私钥文件路径"
+    required: false
+    flag: "-sshkey"
+    format: "flag"
+  - name: "download_url"
+    type: "string"
+    description: "要下载的文件URL"
+    required: false
+    flag: "-download-url"
+    format: "flag"
+  - name: "download_path"
+    type: "string"
+    description: "下载文件保存路径"
+    required: false
+    flag: "-download-path"
+    format: "flag"
+  - name: "additional_args"
+    type: "string"
+    description: |
+      额外的fscan参数。用于传递未在参数列表中定义的fscan选项。
+
+      **示例值：**
+      - "-nobr -nopoc" （禁用爆破和POC，仅做端口扫描）
+      - "-ao" （仅进行存活探测）
+      - "-silent -nocolor" （静默无颜色输出）
+      - "-debug" （开启调试模式）
+      - "-full" （全量POC扫描）
+      - "-no" （禁用结果保存）
+      - "-dns" （启用DNS日志记录）
+
+      **注意事项：**
+      - 多个参数用空格分隔
+      - 确保参数格式正确，避免命令注入
+      - 此参数会直接追加到命令末尾
+    required: false
+    format: "positional"