name: "fscan" command: "fscan" enabled: false short_description: "内网综合扫描工具,支持存活探测、端口扫描、服务识别、爆破、POC检测" description: | Fscan是一款内网综合扫描工具,支持主机发现、端口扫描、服务识别、 密码爆破、Web指纹识别和漏洞POC检测。 **主要功能:** - 主机存活探测(ICMP/TCP/Ping) - 端口扫描(默认1000常用端口) - 服务版本识别与指纹匹配 - 弱口令暴力破解(SSH/SMB/Mysql/Redis等) - Web应用漏洞POC扫描 - DNS探测与域名枚举 - Redis未授权利用(写入/WebShell/反弹Shell) - 持久化后门生成(Linux ELF / Windows PE) **使用场景:** - 内网资产快速梳理 - 弱口令批量检测 - 常见服务漏洞验证 - 渗透测试信息收集 - 红队内网横向 parameters: - name: "target" type: "string" description: "目标主机:IP地址、IP段(如192.168.1.0/24)、IP文件或域名" required: true flag: "-h" format: "flag" - name: "ports" type: "string" description: | 扫描端口列表,逗号分隔。默认覆盖1000个常用端口。 示例: "22,80,443,3306,6379" 或 "1-1000" required: false flag: "-p" format: "flag" default: "21,22,23,25,53,80,81,88,110,111,135,139,143,161,389,443,445,465,502,512,513,514,515,548,554,587,623,636,873,902,993,995,1080,1099,1194,1433,1434,1521,1522,1525,1723,1883,2049,2121,2181,2200,2222,2375,2376,2379,2380,3000,3128,3268,3269,3306,3389,3690,4369,4444,4848,5000,5005,5044,5060,5432,5601,5631,5632,5671,5672,5900,5984,5985,5986,6000,6379,6380,6443,6666,6667,7001,7002,7474,7687,8000,8005,8008,8009,8080,8081,8086,8088,8089,8090,8161,8180,8443,8500,8834,8848,8880,8888,9000,9001,9042,9080,9090,9092,9093,9160,9200,9300,9418,9443,9999,10000,10051,10250,10255,11211,15672,22222,26379,27017,27018,50000,50070,50075,61613,61614,61616" - name: "mode" type: "string" description: | 扫描模式: - all:全功能扫描(默认) - icmp:仅存活探测 - 或指定插件名称(如 ssh, smb, mysql, redis 等) required: false flag: "-m" format: "flag" default: "all" - name: "output_file" type: "string" description: "结果输出文件路径(默认 result.txt)" required: false flag: "-o" format: "flag" default: "result.txt" - name: "output_format" type: "string" description: "输出格式:txt(默认), json, csv" required: false flag: "-f" format: "flag" default: "txt" - name: "threads" type: "int" description: "端口扫描线程数" required: false flag: "-t" format: "flag" default: 600 - name: "module_threads" type: "int" description: "模块并发线程数" required: false flag: "-mt" format: "flag" default: 20 - name: "poc_num" type: "int" description: "POC扫描并发数" required: false flag: "-num" format: "flag" default: 20 - name: "timeout" type: "int" description: "端口扫描超时时间(秒)" required: false flag: "-time" format: "flag" default: 3 - name: "web_timeout" type: "int" description: "Web请求超时时间(秒)" required: false flag: "-wt" format: "flag" default: 5 - name: "global_timeout" type: "int" description: "全局超时时间(秒)" required: false flag: "-gt" format: "flag" default: 180 - name: "url" type: "string" description: "目标URL(用于Web扫描模式)" required: false flag: "-u" format: "flag" - name: "proxy" type: "string" description: "HTTP代理地址(如: http://127.0.0.1:8080)" required: false flag: "-proxy" format: "flag" - name: "socks5" type: "string" description: "SOCKS5代理地址(如: 127.0.0.1:1080)" required: false flag: "-socks5" format: "flag" - name: "cookie" type: "string" description: "HTTP Cookie值" required: false flag: "-cookie" format: "flag" - name: "domain" type: "string" description: "目标域名" required: false flag: "-domain" format: "flag" - name: "username" type: "string" description: "暴力破解用户名" required: false flag: "-user" format: "flag" - name: "password" type: "string" description: "暴力破解密码" required: false flag: "-pwd" format: "flag" - name: "user_file" type: "string" description: "用户名字典文件路径" required: false flag: "-userf" format: "flag" - name: "pass_file" type: "string" description: "密码字典文件路径" required: false flag: "-pwdf" format: "flag" - name: "host_file" type: "string" description: "目标主机文件路径(每行一个IP)" required: false flag: "-hf" format: "flag" - name: "port_file" type: "string" description: "自定义端口文件路径" required: false flag: "-pf" format: "flag" - name: "url_file" type: "string" description: "目标URL文件路径" required: false flag: "-uf" format: "flag" - name: "pocname" type: "string" description: "指定POC名称进行单点扫描" required: false flag: "-pocname" format: "flag" - name: "pocpath" type: "string" description: "自定义POC脚本路径" required: false flag: "-pocpath" format: "flag" - name: "iface" type: "string" description: "指定本地网卡IP地址(VPN场景使用)" required: false flag: "-iface" format: "flag" - name: "exclude_host" type: "string" description: "排除的主机IP" required: false flag: "-eh" format: "flag" - name: "exclude_port" type: "string" description: "排除的端口" required: false flag: "-ep" format: "flag" - name: "retry" type: "int" description: "最大重试次数" required: false flag: "-retry" format: "flag" default: 3 - name: "rate_limit" type: "int" description: "每分钟最大发包次数(0表示不限制)" required: false flag: "-rate" format: "flag" - name: "max_redirect" type: "int" description: "HTTP最大重定向次数" required: false flag: "-max-redirect" format: "flag" default: 10 - name: "lang" type: "string" description: "输出语言:zh(默认中文), en(英文)" required: false flag: "-lang" format: "flag" default: "zh" - name: "log_level" type: "string" description: "日志级别(默认 base,info,success)" required: false flag: "-log" format: "flag" default: "base,info,success" - name: "reverse_shell" type: "string" description: "反弹Shell目标地址:端口(如: 192.168.1.100:4444)" required: false flag: "-rsh" format: "flag" - name: "sshkey_file" type: "string" description: "SSH私钥文件路径" required: false flag: "-sshkey" format: "flag" - name: "download_url" type: "string" description: "要下载的文件URL" required: false flag: "-download-url" format: "flag" - name: "download_path" type: "string" description: "下载文件保存路径" required: false flag: "-download-path" format: "flag" - name: "additional_args" type: "string" description: | 额外的fscan参数。用于传递未在参数列表中定义的fscan选项。 **示例值:** - "-nobr -nopoc" (禁用爆破和POC,仅做端口扫描) - "-ao" (仅进行存活探测) - "-silent -nocolor" (静默无颜色输出) - "-debug" (开启调试模式) - "-full" (全量POC扫描) - "-no" (禁用结果保存) - "-dns" (启用DNS日志记录) **注意事项:** - 多个参数用空格分隔 - 确保参数格式正确,避免命令注入 - 此参数会直接追加到命令末尾 required: false format: "positional"