v2.2.0-rc Release#580
Merged
Merged
Conversation
- poc_adapter: xray/afrog 的 output.search 转换为 Search 字段,多步POC变量传递不再丢失 - poc_executor: Set-Cookie 提取优化不再要求捕获组名含 cookie,sessid/token等命名均生效
- 添加 tjfoc/gmsm 依赖,提供 gmtls 国密 TLS 支持 - 新增国密 HTTP 客户端 ClientGM/ClientNoRedirectGM - DetectHTTPScheme 增加国密 TLS 回退检测,返回 https-gm 协议标识 - webtitle 插件识别并路由到国密客户端 - DoRequest 标准 TLS 失败时自动回退国密客户端
* fix: 修复大网段扫描不设置上限的问题 修复三处关键Bug: 1. parseIPFullRange() - 修复逻辑错误 - 问题:当maxTargets=-1时,count >= -1 导致只返回1个IP - 修复:添加maxTargets > 0检查条件 2. parseIPShortRange() - 添加maxTargets参数支持 - 问题:短格式范围(如192.168.1.1-254)无法被限制 - 修复:添加maxTargets参数并在循环中检查 3. parseIPRangeString() - 修复调用传参遗漏 - 问题:调用parseIPShortRange()未传递maxTargets - 修复:传入maxTargets参数 改进点: - 大网段解析(如10.0.0.0/8)现在正确处理不超限的情况 - IP范围解析完整性验证 - 添加详细的bug报告和修复文档 * fix parser range limit handling --------- Co-authored-by: ZacharyZcR <zacharyzcr1984@gmail.com>
There was a problem hiding this comment.
Pull request overview
This PR releases version 2.1.4, fixing POC variable extraction issues and adding 国密 (SM) TLS scanning support. Version strings are also synchronized across README files and the Web API.
Changes:
- POC fixes: convert xray/afrog
output.searchinto theSearchfield so multi-step POCs preserve extracted variables; relax Set-Cookie capture-group name requirement so any group name triggers cookie attribute stripping (closes #339). - New SM (GM) TLS support: introduce
ClientGM/ClientNoRedirectGMbased ontjfoc/gmsm, automatic detection inDetectHTTPSchemereturninghttps-gm, fallback inDoRequest, and propagation throughwebtitle(closes #440). - Misc: bump version to 2.1.4 in
globals.go, READMEs and web API; allowmaxTargets <= 0to mean "no limit" in IP range/CIDR parsers and add covering tests.
Reviewed changes
Copilot reviewed 15 out of 16 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| common/globals.go | Bump internal version to 2.1.4 |
| web/api/router.go | Update reported API version to 2.1.4 |
| README.md / README_EN.md | Update displayed version to 2.1.4 |
| webscan/lib/poc_executor.go | Remove cookie-name check so all Set-Cookie capture groups get optimized |
| webscan/lib/poc_executor_test.go | New tests for Set-Cookie extraction and optimizeCookies |
| webscan/lib/poc_adapter.go | Convert xray/afrog output.search into Search |
| webscan/lib/poc_adapter_test.go | Tests covering output→Search conversion for xray and afrog |
| webscan/lib/Client.go | Add GM TLS HTTP clients (ClientGM, ClientNoRedirectGM) |
| webscan/lib/Eval.go | Fallback to GM TLS clients if standard TLS request fails |
| core/web_scanner.go | Add GM TLS handshake fallback in scheme detection, returning https-gm |
| plugins/web/webtitle.go | Recognize https-gm, choose GM clients, build display URL accordingly |
| common/parsers/parsers.go | Treat non-positive maxTargets as unlimited; thread param into short-range parser |
| common/parsers/parse_test.go | Tests for limit-applied and no-limit IP range parsing |
| go.mod / go.sum | Add github.com/tjfoc/gmsm v1.4.1 dependency |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
当通过 -m 参数指定本地插件(如 systeminfo)时,由于 LocalMode 未被设置, 会错误地进入服务扫描流程,导致不必要的端口扫描和插件重复执行。 现在 determineScanMode 会自动检测 -m 指定的插件类型, 全部为 local 类型时自动切换到本地扫描模式。
- systeminfo 新增网卡信息、权限检测、补丁数量、杀软检测、 防火墙状态、敏感环境变量扫描等功能 - 合并 envinfo 到 systeminfo,删除独立的 envinfo 插件 - 修复本地插件通过 -m 指定时仍需 -h 参数的问题 - 通过回调机制解决 common/plugins 循环依赖
- 将 avdetect 的进程匹配逻辑合并到 systeminfo 插件 - 修复进程匹配使用 Contains 导致大量误报,改为精确匹配 - 修正 auto.json 中 Microsoft Security Essentials 为 Microsoft Defender - 使用 map 索引优化进程匹配性能 - 清理废弃的 envinfo/avdetect i18n key
- fileinfo 的敏感文件扫描合并到 systeminfo - dcinfo 的域控信息收集合并到 systeminfo,通过 build tag 隔离平台差异 - 检测到域环境时自动触发域信息收集,WORKGROUP 环境自动跳过 - 新增 systeminfo_dc_windows.go 和 systeminfo_dc_other.go 处理跨平台编译
5 个 Windows 持久化插件原先只拼接命令字符串不执行,现全部补上真实执行逻辑: - winschtask: schtasks /create 创建计划任务 - winservice: sc create 创建系统服务 - winstartup: 复制 PE 到启动文件夹 - winregistry: reg add 写入 Run/RunOnce 注册表键 - winwmi: PowerShell 创建 WMI 事件订阅(单次调用,1.2s 完成)
- winifeo: IFEO 映像劫持 (sethc/utilman/narrator) - winbits: BITS 后台任务持久化,通过 GUID 操作避免同名冲突 - winlogon: Winlogon Userinit/Shell 追加 - bashrc: Linux bashrc/profile 注入
- 修复 forwardshell/reverseshell/socks5proxy 因竞态导致主进程提前退出 - 删除与 shellenv 功能重复的 bashrc 插件
- socks5proxy: 监听地址从 127.0.0.1 改为 0.0.0.0,允许外部连接 - cleaner: 重写清理逻辑,精准匹配 fscan 产物,修复 glob 遍历大目录卡死问题, history 清理改为真正删除 fscan 相关行 - minidump: SeDebugPrivilege 提升失败时直接退出,不再卡 120 秒超时
- 新增 isAVBlocking 检测 Defender/EDR 进程,发现活跃杀软直接跳过 - dump 超时从 120 秒缩短到 15 秒(正常 dump 几秒完成) - 三层防护:杀软检测 → 权限检测 → 超时兜底
cleaner 新增 Windows 持久化完整清理: - Winlogon Shell/Userinit 恢复默认值 - IFEO 映像劫持清理 - 注册表 Run/RunOnce 清理 - 计划任务、服务、启动文件夹清理 - BITS 任务、WMI 事件订阅清理 - Prefetch 记录清理 minidump 增加杀软前置检测,发现 Defender/EDR 直接退出, 避免 MiniDumpWriteDump hang 导致系统崩溃
不再检测到杀软就直接退出,改为三级降级: 1. 直接 MiniDumpWriteDump(无杀软时尝试,15秒超时) 2. comsvcs.dll(系统签名DLL,部分杀软不拦截) 3. reg save SAM/SECURITY/SYSTEM(离线方式,不碰 LSASS) 全部失败才退出,0.2 秒完成不会卡死系统
- 删除 downloader(curl/certutil 可替代) - 删除 shellenv(劫持 ls 别名动静太大,实用性差) - 新增 sshkey:生成 ed25519 密钥对,注入 authorized_keys, 私钥保存到当前目录,支持多用户(root 权限下自动注入 root)
- flag.go: -local/-perf 参数改用 i18n.GetText,checkParameterConflicts 改用 i18n.Tr - 补齐中英文 locale 中 flag_local_plugin/flag_perf_stats/param_local_multi_plugin - satori/go.uuid 迁移为 google/uuid (satori 已废弃) - CI 补充 lint Go 版本说明
- eval_random: randomInt参数max<=min时不再panic,返回CEL错误 - scanner: 长驻插件nil/panic时兜底发送ready通道,消除死锁 - poc_executor: Ceye API密钥改为环境变量CEYE_API/CEYE_DOMAIN - Eval: ParseResponse加入oResp.Request nil检查 - Eval: reverseCheck中http.NewRequest错误不再忽略 - poc_executor: clusterpoc中CEL表达式求值错误记录日志 - winwmi: PowerShell执行失败完整记录错误信息 - sshkey: authorized_keys读取失败处理错误 - minidump: Scan结束后释放系统DLL句柄 - Windows插件: PE文件错误消息改用i18n
- credential_tester: testCredentialWithRetry返回ErrorType,修复网络错误计数器永久不递增的bug - scanner: os.Exit(1)改为return,defer Cleanup可正常执行 - probe_parser: 5处panic改为error返回,调用链透传到init() - common库: parsers/initialize/network/session共17处硬编码中文改用i18n - services插件: 18个文件115处硬编码中文改用i18n - locale: 补齐service/parser/network相关~25个中英文键
- 覆盖率检查移除bc依赖,改用awk int()整数比较 - lint过滤用单条grep -vE替代管道链,更健壮 - 测试命令预计算包列表避免子shell问题
- scanner_core: 3处InitializeGlobalVScan()返回值用_显式丢弃
- flag/initialize/network: fmt.Errorf(i18n.Tr(...))改为fmt.Errorf("%s", i18n.Tr(...))
- ipmi: 删除未使用的 encoding/binary 导入 - rmi: TCP读取改用 io.ReadFull 避免分片导致的解析错误 - jdwp: handshake响应读取改用 io.ReadFull 避免分片误判 - nfs: v4协议回退时使用新连接避免残留数据污染 - snmp: 修正timeout计算与其他插件保持一致
将 plugins/services、plugins/local、plugins/web、webscan 层的日志输出、 漏洞结果保存和 TCP 计数器从全局 common.Log*/GetGlobalState() 迁移到 session 实例方法,确保 SDK 并发扫描时各实例完全隔离。 - 50 个文件,所有插件日志走 session.Log* - DoRequest 加入 session 参数,计数器走 session.State - POC 执行器通过 POCContext.Session 传递 - 仅保留 init() 和 CEL runtime 等无 session 场景的全局回退
- 版本号更新至 2.2.0-rc / 2.1.3 / 2.1.2 - 移除 placeholder 预填充内容,避免用户不删不改直接提交 - 新增 SDK、代理、mips 等选项 - macOS/Ubuntu 版本更新 - 新增安全漏洞报告入口指引 - 模板顶部增加"未填写有效信息会被关闭"提示
- README/README_EN 版本标记更新 - globals.go version 常量更新 - 移除 Issue 模板中不可用的安全报告链接
更清晰的目录命名,libs/ 存放内嵌的独立协议实现库。
用于发版时 gh release create --notes-file 引用。
功能过于单一(仅 TCP 端口扫描),与 fscan 品牌定位不符。 fscan-nolocal 已是精简版的正确方案。 - 删除 fscan-lite 源码和构建脚本 - goreleaser 移除 lite 构建步骤 - CI 不再安装 mingw 交叉编译工具
- release workflow 自动读取 .github/release-notes/<tag>.md 覆盖 body - 移除手动 prerelease input(goreleaser auto 模式根据 tag 后缀判断) - 新增 RELEASE.md 发版流程文档
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v2.1.3 → v2.2.0-rc 版本升级,详细变更见 Release Notes。
核心变更
pkg/fscan),支持并发扫描实例隔离Pre-merge checklist