一、端口扫描实现
底层实现运用socket封装dial包连接,多个端口iprange包解析
tcp 连接测试Demo
func Connect(ip string, port int) (net.Conn,error) {
conn,err := net.DialTimeout("tcp", fmt.Sprintf("%v:%v",ip,port),2*time.Second)
defer func(){
if conn != nil{
_=conn.Close()
}
}()
return conn,err
}
二、子域名爆破实现
一般子域名爆破运用socket发包,这里我用pcap发包优化
1. 读取域名二级域名字典
2. 监听本地网卡流量,一旦有流量就解析出有用数据
3. 初始化 DNS解析IP 、本地网卡
3. 用获取到的网卡循环发送 (字典 + 主域名) PCAP数据包
demo代码中,抓取与端口3306相关的数据,也就是mysql通信数据。
package main
import(
"fmt"
"net"
"strings"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
)
func main() {
fmt.Println("packet start...")
deviceName := "eth0"
snapLen := int32(65535)
port := uint16(3306)
filter := getFilter(port)
fmt.Printf("device:%v, snapLen:%v, port:%v\n", deviceName, snapLen, port)
fmt.Println("filter:", filter)
//打开网络接口,抓取在线数据
handle, err := pcap.OpenLive(deviceName, snapLen, true, pcap.BlockForever)
if err != nil {
fmt.Printf("pcap open live failed: %v", err)
return
}
// 设置过滤器
if err := handle.SetBPFFilter(filter); err != nil {
fmt.Printf("set bpf filter failed: %v", err)
return
}
defer handle.Close()
// 抓包
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
packetSource.NoCopy = true
for packet := range packetSource.Packets() {
if packet.NetworkLayer() == nil || packet.TransportLayer() == nil || packet.TransportLayer().LayerType() != layers.LayerTypeTCP {
fmt.Println("unexpected packet")
continue
}
fmt.Printf("packet:%v\n",packet)
// tcp 层
tcp := packet.TransportLayer().(*layers.TCP)
fmt.Printf("tcp:%v\n", tcp)
// tcp payload,也即是tcp传输的数据
fmt.Printf("tcp payload:%v\n", tcp.Payload)
}
}
//定义过滤器
func getFilter(port uint16) string {
filter := fmt.Sprintf("tcp and ((src port %v) or (dst port %v))", port, port)
return filter
}