如何快速掌握Plus Jakarta Sans:现代开源字体完整指南
2026/7/9 18:20:17
make-f Makefile.cross-compiles但是这种直接编译的还是没啥用,因为这个frp是流量转发工具,所以除了对一些特征进行更改之外,还需要对流量特征进行更改
比如在pkg/msg/msg.go文件中把传输的数据特征改掉:
然后在pkg/util/net/tls.go文件中将FRPTLSHeadByte改掉:
版本特征也可以改掉,在pkg/util/version/version.go文件中:
这样改动之后对免杀有一定的效果,在这个基础上也可以进行加壳、加保护、加签名、降低熵值等等操作
当然这个只是治标不治本的方法,一些较强的杀软或者是EDR设备还是过不了,因此还是需要更深层的改动,但这里我们也不深入改了,有兴趣的可以根据这篇文章自己下去尝试:【神兵利器】手把手教你魔改frp
go build -ldflags="-s -w"-trimpath main.go#include<stdio.h>#include<windows.h>intmain(){HMODULE hDLL;hDLL=LoadLibrary("fscan.dll");if(hDLL!=NULL){// 定义函数指针类型typedefvoid(*FunctionType)();// 为每个导出函数创建一个函数指针FunctionType DllCanUnloadNow=(FunctionType)GetProcAddress(hDLL,"DllCanUnloadNow");FunctionType DllGetClassObject=(FunctionType)GetProcAddress(hDLL,"DllGetClassObject");FunctionType DllRegisterServer=(FunctionType)GetProcAddress(hDLL,"DllRegisterServer");FunctionType DllUnregisterServer=(FunctionType)GetProcAddress(hDLL,"DllUnregisterServer");// 调用每个函数(如果函数指针非空)if(DllCanUnloadNow)DllCanUnloadNow();if(DllGetClassObject)DllGetClassObject();if(DllRegisterServer)DllRegisterServer();if(DllUnregisterServer)DllUnregisterServer();// 卸载 DLL FreeLibrary(hDLL);printf("All functions executed successfully.\n");}else{printf("Failed to load DLL.\n");}return0;}packagemainimport"C"import("fmt""time""github.com/wjlin0/fscan/Plugins""github.com/wjlin0/fscan/common")//export DllCanUnloadNowfuncDllCanUnloadNow(){}//export DllGetClassObjectfuncDllGetClassObject(){}//export DllRegisterServerfuncDllRegisterServer(){}//export DllUnregisterServerfuncDllUnregisterServer(){}funcinit(){start:=time.Now()varInfo common.HostInfo common.Flag(&Info)common.Parse(&Info)Plugins.Scan(Info)t:=time.Now().Sub(start)fmt.Printf("[*] 扫描结束,耗时: %s\n",t)}funcmain(){}gcc -o fscan_loader.exe main.c go build -buildmode=c-shared -o fscan.dll main.go运行fscan_loader.exe就可以调用fscan工具了:
这个可以过火绒、DF,但是卡巴过不了,然后这里引用的库是github.com/wjlin0/fscan/Plugins,这个不是官方的库,如果引用官方的库可能就会杀
这里如果要用最新版可以直接fork到自己的仓库然后改一下依赖即可
在fscan中是有一些常见Web PoC扫描的,在/WebScan/pocs目录下,如果我们想引入一些最新的漏洞PoC可以自己新增:
这里就不再演示了,怎么编写yml的PoC之前的课程也讲到过,写完之后重新打包即可:
go build -buildmode=c-shared -o fscan.dll ./main.go/Plugins目录下新增其他的插件或者漏洞扫描模块,比如这里我们新增一个zookeeper未授权连接的探测功能,首先在该目录下创建ZookeeperConn.go文件:packagePluginsimport("fmt""strings""time""github.com/samuel/go-zookeeper/zk""github.com/shadow1ng/fscan/Common")funcZookeeperScan(info*Common.HostInfo)error{// Trim inputsinfo.Host=strings.TrimSpace(info.Host)info.Ports=strings.TrimSpace(info.Ports)varaddresses[]stringifinfo.Ports==""{// default zookeeper portaddresses=append(addresses,fmt.Sprintf("%s:%d",info.Host,2181))}elseifstrings.Contains(info.Ports,","){ports:=strings.Split(info.Ports,",")for_,port:=rangeports{p:=strings.TrimSpace(port)ifp==""{continue}addresses=append(addresses,fmt.Sprintf("%s:%s",info.Host,p))}}else{addresses=append(addresses,fmt.Sprintf("%s:%s",info.Host,info.Ports))}conn,err:=ZookeeperConn(addresses,time.Duration(Common.Timeout)*time.Second)iferr!=nil{errlog:=fmt.Sprintf("[-] Zookeeper %v:%v connect failed, %v",info.Host,info.Ports,err)Common.LogError(errlog)returnerr}deferconn.Close()// 检查根节点是否存在,作为未授权访问的判断依据exists,_,err:=conn.Exists("/")iferr!=nil{errlog:=fmt.Sprintf("[-] Zookeeper %v:%v check unauthorized failed, %v",info.Host,info.Ports,err)Common.LogError(errlog)returnerr}ifexists{result:=fmt.Sprintf("[+] Zookeeper %v:%v unauthorized",info.Host,info.Ports)Common.LogSuccess(result)_=Common.SaveResult(&Common.ScanResult{Time:time.Now(),Type:Common.VULN,Target:fmt.Sprintf("%s:%s",info.Host,info.Ports),Status:"vulnerable",Details:map[string]interface{}{"service":"zookeeper","vulnerability":"unauthorized-access"},})}returnnil}funcZookeeperConn(addresses[]string,timeout time.Duration)(*zk.Conn,error){conn,_,err:=zk.Connect(addresses,timeout)iferr!=nil{returnnil,fmt.Errorf("connect to Zookeeper failed: %v",err)}returnconn,nil}/Core/Registry.go文件中添加如下代码即可:Common.RegisterPlugin("zookeeperconn",Common.ScanPlugin{Name:"ZookeeperConn",Ports:[]int{2181},ScanFunc:Plugins.ZookeeperScan,Types:[]string{Common.PluginTypeService},})/Core/Config.go中添加暴力破解的账户以及密码/Common/Ports.go文件的var MainPorts里面加入2181端口,运行如下命令进行扫描探测:fscan.exe -h<IP>