├── OXID.go ├── README.md ├── go.mod └── go.sum /OXID.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bytes" 5 | "encoding/hex" 6 | "flag" 7 | "fmt" 8 | "net" 9 | "sync" 10 | "time" 11 | ) 12 | 13 | var ( 14 | buffer1, _ = hex.DecodeString("05000b03100000004800000001000000b810b810000000000100000000000100c4fefc9960521b10bbcb00aa0021347a00000000045d888aeb1cc9119fe808002b10486002000000") 15 | buffer2, _ = hex.DecodeString("050000031000000018000000010000000000000000000500") 16 | begin, _ = hex.DecodeString("0700") 17 | end, _ = hex.DecodeString("00000900") 18 | ) 19 | 20 | func getAddres(ip string, timeout time.Duration) { 21 | 22 | conn, err := net.DialTimeout("tcp", ip+":135", time.Second*timeout) 23 | if err != nil { 24 | return 25 | } 26 | defer conn.Close() 27 | 28 | conn.SetDeadline(time.Now().Add(time.Second * timeout)) 29 | conn.Write(buffer1) 30 | reply := make([]byte, 1024) 31 | if n, err := conn.Read(reply); err != nil || n != 60 { 32 | return 33 | } 34 | 35 | conn.Write(buffer2) 36 | n, err := conn.Read(reply) 37 | if err != nil || n == 0 { 38 | return 39 | } 40 | start := bytes.Index(reply, begin) 41 | last := bytes.LastIndex(reply, end) 42 | 43 | datas := bytes.Split(reply[start:last], begin) 44 | fmt.Println("--------------------------------------\r\n[*] Retrieving network interface of", ip) 45 | for i := range datas { 46 | if i < 2 { 47 | continue 48 | } 49 | address := bytes.ReplaceAll(datas[i], []byte{0}, []byte{}) 50 | fmt.Println("Address:", string(address)) 51 | } 52 | } 53 | 54 | func incIP(ip net.IP) { 55 | for j := len(ip) - 1; j >= 0; j-- { 56 | ip[j]++ 57 | if ip[j] > 0 { 58 | break 59 | } 60 | } 61 | } 62 | 63 | func main() { 64 | 65 | host := flag.String("i", "", "single ip address") 66 | thread := flag.Int("t", 2000, "thread num") 67 | timeout := flag.Duration("time", 2, "timeout on connection, in seconds") 68 | netCIDR := flag.String("n", "", "CIDR notation of a network") 69 | flag.Parse() 70 | 71 | if *host == "" && *netCIDR == "" { 72 | flag.Usage() 73 | } 74 | 75 | if *host != "" { 76 | getAddres(*host, *timeout) 77 | return 78 | } 79 | 80 | c := make(chan struct{}, *thread) 81 | 82 | if *netCIDR != "" && *host == "" { 83 | ip, ipNet, err := net.ParseCIDR(*netCIDR) 84 | if err != nil { 85 | fmt.Println("invalid CIDR") 86 | return 87 | } 88 | var wg sync.WaitGroup 89 | 90 | for ip := ip.Mask(ipNet.Mask); ipNet.Contains(ip); incIP(ip) { 91 | wg.Add(1) 92 | go func(ip string) { 93 | c <- struct{}{} 94 | defer wg.Done() 95 | getAddres(ip, *timeout) 96 | <-c 97 | }(ip.String()) 98 | } 99 | 100 | wg.Wait() 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OXID 2 | 3 | 通过windows的DCOM接口进行网卡进行信息枚举,无需认证,只要目标的135端口开放即可获得信息。可以有效提高内网渗透的效率,定位多网卡主机。 4 | 5 | ``` 6 | Usage of ./OXID: 7 | -i string 8 | single ip address 9 | -n string 10 | CIDR notation of a network 11 | -t int 12 | thread num (default 2000) 13 | -time duration 14 | timeout on connection, in seconds (default 2ns) 15 | 16 | ./OXID -i 192.168.1.1 17 | ./OXID -n 192.168.1.1/24 18 | ``` 19 | 20 | > 很久之前练习写的工具 21 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module OXID 2 | 3 | go 1.14 4 | 5 | require ( 6 | github.com/malfunkt/iprange v0.9.0 // indirect 7 | github.com/pkg/errors v0.9.1 // indirect 8 | ) 9 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/malfunkt/iprange v0.9.0 h1:VCs0PKLUPotNVQTpVNszsut4lP7OCGNBwX+lOYBrnVQ= 2 | github.com/malfunkt/iprange v0.9.0/go.mod h1:TRGqO/f95gh3LOndUGTL46+W0GXA91WTqyZ0Quwvt4U= 3 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 4 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 5 | --------------------------------------------------------------------------------