mirrors/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-07-13 12:52:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update check.go

Browse Source
This commit is contained in:
影舞者 2023-11-13 11:31:30 +08:00 committed by GitHub
parent 5ff8b781c8
commit 99d526d7d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
WebScan/lib/check.go
View File

@ -3,6 +3,9 @@ package lib
import (
"crypto/md5"
"fmt"
"github.com/google/cel-go/cel"
"github.com/shadow1ng/fscan/WebScan/info"
"github.com/shadow1ng/fscan/common"
"math/rand"
"net/http"
"net/url"
@ -10,10 +13,6 @@ import (
"strings"
"sync"
"time"
"github.com/google/cel-go/cel"
"github.com/shadow1ng/fscan/WebScan/info"
"github.com/shadow1ng/fscan/common"
)
var (
@ -26,15 +25,15 @@ type Task struct {
Poc *Poc
}
func CheckMultiPoc(req *http.Request, pocs []*Poc, flags common.Flags) {
func CheckMultiPoc(req *http.Request, pocs []*Poc, workers int) {
tasks := make(chan Task)
var wg sync.WaitGroup
for i := 0; i < flags.PocNum; i++ {
for i := 0; i < workers; i++ {
go func() {
for task := range tasks {
isVul, _, name := executePoc(task.Req, task.Poc, flags)
isVul, _, name := executePoc(task.Req, task.Poc)
if isVul {
result := fmt.Sprintf("[+] %s %s %s", task.Req.URL, task.Poc.Name, name)
result := fmt.Sprintf("[+] PocScan %s %s %s", task.Req.URL, task.Poc.Name, name)
common.LogSuccess(result)
}
wg.Done()
@ -53,7 +52,7 @@ func CheckMultiPoc(req *http.Request, pocs []*Poc, flags common.Flags) {
close(tasks)
}
func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, string) {
func executePoc(oReq *http.Request, p *Poc) (bool, error, string) {
c := NewEnvOption()
c.UpdateCompileOptions(p.Set)
if len(p.Sets) > 0 {
@ -83,7 +82,7 @@ func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, st
for _, item := range p.Set {
k, expression := item.Key, item.Value
if expression == "newReverse()" {
if !flags.DnsLog {
if !common.DnsLog {
return false, nil, ""
}
variableMap[k] = newReverse()
@ -97,7 +96,7 @@ func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, st
success := false
//爆破模式,比如tomcat弱口令
if len(p.Sets) > 0 {
success, err = clusterpoc(oReq, p, flags.PocFull, variableMap, req, env)
success, err = clusterpoc(oReq, p, variableMap, req, env)
return success, nil, ""
}
@ -133,6 +132,7 @@ func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, st
newRequest, err := http.NewRequest(rule.Method, fmt.Sprintf("%s://%s%s", req.Url.Scheme, req.Url.Host, string([]rune(req.Url.Path))), strings.NewReader(rule.Body))
if err != nil {
//fmt.Println("[-] newRequest error: ",err)
return false, err
}
newRequest.Header = oReq.Header.Clone()
@ -161,7 +161,6 @@ func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, st
if err != nil {
return false, err
}
//如果false不继续执行后续rule
// 如果最后一步执行失败,就算前面成功了最终依旧是失败
flag, ok = out.Value().(bool)
@ -258,7 +257,7 @@ func newReverse() *Reverse {
}
}
func clusterpoc(oReq *http.Request, p *Poc, pocFull bool, variableMap map[string]interface{}, req *Request, env *cel.Env) (success bool, err error) {
func clusterpoc(oReq *http.Request, p *Poc, variableMap map[string]interface{}, req *Request, env *cel.Env) (success bool, err error) {
var strMap StrMap
var tmpnum int
for i, rule := range p.Rules {
@ -277,8 +276,8 @@ func clusterpoc(oReq *http.Request, p *Poc, pocFull bool, variableMap map[string
ruleHash := make(map[string]struct{})
look:
for j, item := range setsMap {
//shiro only runs by default 10key
if p.Name == "poc-yaml-shiro-key" && !pocFull && j >= 10 {
//shiro默认只跑10key
if p.Name == "poc-yaml-shiro-key" && !common.PocFull && j >= 10 {
if item[1] == "cbc" {
continue
} else {
@ -354,15 +353,15 @@ func clusterpoc(oReq *http.Request, p *Poc, pocFull bool, variableMap map[string
if success {
if rule.Continue {
if p.Name == "poc-yaml-backup-file" || p.Name == "poc-yaml-sql-file" {
common.LogSuccess(fmt.Sprintf("[+] %s://%s%s %s", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name))
common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name))
} else {
common.LogSuccess(fmt.Sprintf("[+] %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, tmpMap))
common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, tmpMap))
}
continue
}
strMap = append(strMap, tmpMap...)
if i == len(p.Rules)-1 {
common.LogSuccess(fmt.Sprintf("[+] %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, strMap))
common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, strMap))
//防止后续继续打印poc成功信息
return false, nil
}
@ -445,6 +444,7 @@ func clustersend(oReq *http.Request, variableMap map[string]interface{}, req *Re
//
newRequest, err := http.NewRequest(rule.Method, fmt.Sprintf("%s://%s%s", req.Url.Scheme, req.Url.Host, req.Url.Path), strings.NewReader(rule.Body))
if err != nil {
//fmt.Println("[-] newRequest error:",err)
return false, err
}
newRequest.Header = oReq.Header.Clone()
@ -476,7 +476,7 @@ func clustersend(oReq *http.Request, variableMap map[string]interface{}, req *Re
}
return false, err
}
//fmt.Println(fmt.Sprintf("%v, %s", out, out.Type().TypeName()))
if fmt.Sprintf("%v", out) == "false" { //如果false不继续执行后续rule
return false, err // 如果最后一步执行失败,就算前面成功了最终依旧是失败
}