mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-06-01 20:11:47 +02:00
公明
289 lines
8.0 KiB
YAML
289 lines
8.0 KiB
YAML
name: "fscan"
|
||
command: "fscan"
|
||
enabled: false
|
||
short_description: "内网综合扫描工具,支持存活探测、端口扫描、服务识别、爆破、POC检测"
|
||
description: |
|
||
Fscan是一款内网综合扫描工具,支持主机发现、端口扫描、服务识别、
|
||
|
||
密码爆破、Web指纹识别和漏洞POC检测。
|
||
|
||
**主要功能:**
|
||
- 主机存活探测(ICMP/TCP/Ping)
|
||
- 端口扫描(默认1000常用端口)
|
||
- 服务版本识别与指纹匹配
|
||
- 弱口令暴力破解(SSH/SMB/Mysql/Redis等)
|
||
- Web应用漏洞POC扫描
|
||
- DNS探测与域名枚举
|
||
- Redis未授权利用(写入/WebShell/反弹Shell)
|
||
- 持久化后门生成(Linux ELF / Windows PE)
|
||
|
||
**使用场景:**
|
||
- 内网资产快速梳理
|
||
- 弱口令批量检测
|
||
- 常见服务漏洞验证
|
||
- 渗透测试信息收集
|
||
- 红队内网横向
|
||
parameters:
|
||
- name: "target"
|
||
type: "string"
|
||
description: "目标主机:IP地址、IP段(如192.168.1.0/24)、IP文件或域名"
|
||
required: true
|
||
flag: "-h"
|
||
format: "flag"
|
||
- name: "ports"
|
||
type: "string"
|
||
description: |
|
||
扫描端口列表,逗号分隔。默认覆盖1000个常用端口。
|
||
示例: "22,80,443,3306,6379" 或 "1-1000"
|
||
required: false
|
||
flag: "-p"
|
||
format: "flag"
|
||
default: "21,22,23,25,53,80,81,88,110,111,135,139,143,161,389,443,445,465,502,512,513,514,515,548,554,587,623,636,873,902,993,995,1080,1099,1194,1433,1434,1521,1522,1525,1723,1883,2049,2121,2181,2200,2222,2375,2376,2379,2380,3000,3128,3268,3269,3306,3389,3690,4369,4444,4848,5000,5005,5044,5060,5432,5601,5631,5632,5671,5672,5900,5984,5985,5986,6000,6379,6380,6443,6666,6667,7001,7002,7474,7687,8000,8005,8008,8009,8080,8081,8086,8088,8089,8090,8161,8180,8443,8500,8834,8848,8880,8888,9000,9001,9042,9080,9090,9092,9093,9160,9200,9300,9418,9443,9999,10000,10051,10250,10255,11211,15672,22222,26379,27017,27018,50000,50070,50075,61613,61614,61616"
|
||
- name: "mode"
|
||
type: "string"
|
||
description: |
|
||
扫描模式:
|
||
- all:全功能扫描(默认)
|
||
- icmp:仅存活探测
|
||
- 或指定插件名称(如 ssh, smb, mysql, redis 等)
|
||
required: false
|
||
flag: "-m"
|
||
format: "flag"
|
||
default: "all"
|
||
- name: "output_file"
|
||
type: "string"
|
||
description: "结果输出文件路径(默认 result.txt)"
|
||
required: false
|
||
flag: "-o"
|
||
format: "flag"
|
||
default: "result.txt"
|
||
- name: "output_format"
|
||
type: "string"
|
||
description: "输出格式:txt(默认), json, csv"
|
||
required: false
|
||
flag: "-f"
|
||
format: "flag"
|
||
default: "txt"
|
||
- name: "threads"
|
||
type: "int"
|
||
description: "端口扫描线程数"
|
||
required: false
|
||
flag: "-t"
|
||
format: "flag"
|
||
default: 600
|
||
- name: "module_threads"
|
||
type: "int"
|
||
description: "模块并发线程数"
|
||
required: false
|
||
flag: "-mt"
|
||
format: "flag"
|
||
default: 20
|
||
- name: "poc_num"
|
||
type: "int"
|
||
description: "POC扫描并发数"
|
||
required: false
|
||
flag: "-num"
|
||
format: "flag"
|
||
default: 20
|
||
- name: "timeout"
|
||
type: "int"
|
||
description: "端口扫描超时时间(秒)"
|
||
required: false
|
||
flag: "-time"
|
||
format: "flag"
|
||
default: 3
|
||
- name: "web_timeout"
|
||
type: "int"
|
||
description: "Web请求超时时间(秒)"
|
||
required: false
|
||
flag: "-wt"
|
||
format: "flag"
|
||
default: 5
|
||
- name: "global_timeout"
|
||
type: "int"
|
||
description: "全局超时时间(秒)"
|
||
required: false
|
||
flag: "-gt"
|
||
format: "flag"
|
||
default: 180
|
||
- name: "url"
|
||
type: "string"
|
||
description: "目标URL(用于Web扫描模式)"
|
||
required: false
|
||
flag: "-u"
|
||
format: "flag"
|
||
- name: "proxy"
|
||
type: "string"
|
||
description: "HTTP代理地址(如: http://127.0.0.1:8080)"
|
||
required: false
|
||
flag: "-proxy"
|
||
format: "flag"
|
||
- name: "socks5"
|
||
type: "string"
|
||
description: "SOCKS5代理地址(如: 127.0.0.1:1080)"
|
||
required: false
|
||
flag: "-socks5"
|
||
format: "flag"
|
||
- name: "cookie"
|
||
type: "string"
|
||
description: "HTTP Cookie值"
|
||
required: false
|
||
flag: "-cookie"
|
||
format: "flag"
|
||
- name: "domain"
|
||
type: "string"
|
||
description: "目标域名"
|
||
required: false
|
||
flag: "-domain"
|
||
format: "flag"
|
||
- name: "username"
|
||
type: "string"
|
||
description: "暴力破解用户名"
|
||
required: false
|
||
flag: "-user"
|
||
format: "flag"
|
||
- name: "password"
|
||
type: "string"
|
||
description: "暴力破解密码"
|
||
required: false
|
||
flag: "-pwd"
|
||
format: "flag"
|
||
- name: "user_file"
|
||
type: "string"
|
||
description: "用户名字典文件路径"
|
||
required: false
|
||
flag: "-userf"
|
||
format: "flag"
|
||
- name: "pass_file"
|
||
type: "string"
|
||
description: "密码字典文件路径"
|
||
required: false
|
||
flag: "-pwdf"
|
||
format: "flag"
|
||
- name: "host_file"
|
||
type: "string"
|
||
description: "目标主机文件路径(每行一个IP)"
|
||
required: false
|
||
flag: "-hf"
|
||
format: "flag"
|
||
- name: "port_file"
|
||
type: "string"
|
||
description: "自定义端口文件路径"
|
||
required: false
|
||
flag: "-pf"
|
||
format: "flag"
|
||
- name: "url_file"
|
||
type: "string"
|
||
description: "目标URL文件路径"
|
||
required: false
|
||
flag: "-uf"
|
||
format: "flag"
|
||
- name: "pocname"
|
||
type: "string"
|
||
description: "指定POC名称进行单点扫描"
|
||
required: false
|
||
flag: "-pocname"
|
||
format: "flag"
|
||
- name: "pocpath"
|
||
type: "string"
|
||
description: "自定义POC脚本路径"
|
||
required: false
|
||
flag: "-pocpath"
|
||
format: "flag"
|
||
- name: "iface"
|
||
type: "string"
|
||
description: "指定本地网卡IP地址(VPN场景使用)"
|
||
required: false
|
||
flag: "-iface"
|
||
format: "flag"
|
||
- name: "exclude_host"
|
||
type: "string"
|
||
description: "排除的主机IP"
|
||
required: false
|
||
flag: "-eh"
|
||
format: "flag"
|
||
- name: "exclude_port"
|
||
type: "string"
|
||
description: "排除的端口"
|
||
required: false
|
||
flag: "-ep"
|
||
format: "flag"
|
||
- name: "retry"
|
||
type: "int"
|
||
description: "最大重试次数"
|
||
required: false
|
||
flag: "-retry"
|
||
format: "flag"
|
||
default: 3
|
||
- name: "rate_limit"
|
||
type: "int"
|
||
description: "每分钟最大发包次数(0表示不限制)"
|
||
required: false
|
||
flag: "-rate"
|
||
format: "flag"
|
||
- name: "max_redirect"
|
||
type: "int"
|
||
description: "HTTP最大重定向次数"
|
||
required: false
|
||
flag: "-max-redirect"
|
||
format: "flag"
|
||
default: 10
|
||
- name: "lang"
|
||
type: "string"
|
||
description: "输出语言:zh(默认中文), en(英文)"
|
||
required: false
|
||
flag: "-lang"
|
||
format: "flag"
|
||
default: "zh"
|
||
- name: "log_level"
|
||
type: "string"
|
||
description: "日志级别(默认 base,info,success)"
|
||
required: false
|
||
flag: "-log"
|
||
format: "flag"
|
||
default: "base,info,success"
|
||
- name: "reverse_shell"
|
||
type: "string"
|
||
description: "反弹Shell目标地址:端口(如: 192.168.1.100:4444)"
|
||
required: false
|
||
flag: "-rsh"
|
||
format: "flag"
|
||
- name: "sshkey_file"
|
||
type: "string"
|
||
description: "SSH私钥文件路径"
|
||
required: false
|
||
flag: "-sshkey"
|
||
format: "flag"
|
||
- name: "download_url"
|
||
type: "string"
|
||
description: "要下载的文件URL"
|
||
required: false
|
||
flag: "-download-url"
|
||
format: "flag"
|
||
- name: "download_path"
|
||
type: "string"
|
||
description: "下载文件保存路径"
|
||
required: false
|
||
flag: "-download-path"
|
||
format: "flag"
|
||
- name: "additional_args"
|
||
type: "string"
|
||
description: |
|
||
额外的fscan参数。用于传递未在参数列表中定义的fscan选项。
|
||
|
||
**示例值:**
|
||
- "-nobr -nopoc" (禁用爆破和POC,仅做端口扫描)
|
||
- "-ao" (仅进行存活探测)
|
||
- "-silent -nocolor" (静默无颜色输出)
|
||
- "-debug" (开启调试模式)
|
||
- "-full" (全量POC扫描)
|
||
- "-no" (禁用结果保存)
|
||
- "-dns" (启用DNS日志记录)
|
||
|
||
**注意事项:**
|
||
- 多个参数用空格分隔
|
||
- 确保参数格式正确,避免命令注入
|
||
- 此参数会直接追加到命令末尾
|
||
required: false
|
||
format: "positional"
|