From 99d526d7d0b5d870c27c1a6f605860b321d03eb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BD=B1=E8=88=9E=E8=80=85?= Date: Mon, 13 Nov 2023 11:31:30 +0800 Subject: [PATCH] Update check.go --- WebScan/lib/check.go | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/WebScan/lib/check.go b/WebScan/lib/check.go index 1b72eca..14e8316 100644 --- a/WebScan/lib/check.go +++ b/WebScan/lib/check.go @@ -3,6 +3,9 @@ package lib import ( "crypto/md5" "fmt" + "github.com/google/cel-go/cel" + "github.com/shadow1ng/fscan/WebScan/info" + "github.com/shadow1ng/fscan/common" "math/rand" "net/http" "net/url" @@ -10,10 +13,6 @@ import ( "strings" "sync" "time" - - "github.com/google/cel-go/cel" - "github.com/shadow1ng/fscan/WebScan/info" - "github.com/shadow1ng/fscan/common" ) var ( @@ -26,15 +25,15 @@ type Task struct { Poc *Poc } -func CheckMultiPoc(req *http.Request, pocs []*Poc, flags common.Flags) { +func CheckMultiPoc(req *http.Request, pocs []*Poc, workers int) { tasks := make(chan Task) var wg sync.WaitGroup - for i := 0; i < flags.PocNum; i++ { + for i := 0; i < workers; i++ { go func() { for task := range tasks { - isVul, _, name := executePoc(task.Req, task.Poc, flags) + isVul, _, name := executePoc(task.Req, task.Poc) if isVul { - result := fmt.Sprintf("[+] %s %s %s", task.Req.URL, task.Poc.Name, name) + result := fmt.Sprintf("[+] PocScan %s %s %s", task.Req.URL, task.Poc.Name, name) common.LogSuccess(result) } wg.Done() @@ -53,7 +52,7 @@ func CheckMultiPoc(req *http.Request, pocs []*Poc, flags common.Flags) { close(tasks) } -func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, string) { +func executePoc(oReq *http.Request, p *Poc) (bool, error, string) { c := NewEnvOption() c.UpdateCompileOptions(p.Set) if len(p.Sets) > 0 { @@ -83,7 +82,7 @@ func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, st for _, item := range p.Set { k, expression := item.Key, item.Value if expression == "newReverse()" { - if !flags.DnsLog { + if !common.DnsLog { return false, nil, "" } variableMap[k] = newReverse() @@ -97,7 +96,7 @@ func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, st success := false //爆破模式,比如tomcat弱口令 if len(p.Sets) > 0 { - success, err = clusterpoc(oReq, p, flags.PocFull, variableMap, req, env) + success, err = clusterpoc(oReq, p, variableMap, req, env) return success, nil, "" } @@ -133,6 +132,7 @@ func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, st newRequest, err := http.NewRequest(rule.Method, fmt.Sprintf("%s://%s%s", req.Url.Scheme, req.Url.Host, string([]rune(req.Url.Path))), strings.NewReader(rule.Body)) if err != nil { + //fmt.Println("[-] newRequest error: ",err) return false, err } newRequest.Header = oReq.Header.Clone() @@ -161,7 +161,6 @@ func executePoc(oReq *http.Request, p *Poc, flags common.Flags) (bool, error, st if err != nil { return false, err } - //如果false不继续执行后续rule // 如果最后一步执行失败,就算前面成功了最终依旧是失败 flag, ok = out.Value().(bool) @@ -258,7 +257,7 @@ func newReverse() *Reverse { } } -func clusterpoc(oReq *http.Request, p *Poc, pocFull bool, variableMap map[string]interface{}, req *Request, env *cel.Env) (success bool, err error) { +func clusterpoc(oReq *http.Request, p *Poc, variableMap map[string]interface{}, req *Request, env *cel.Env) (success bool, err error) { var strMap StrMap var tmpnum int for i, rule := range p.Rules { @@ -277,8 +276,8 @@ func clusterpoc(oReq *http.Request, p *Poc, pocFull bool, variableMap map[string ruleHash := make(map[string]struct{}) look: for j, item := range setsMap { - //shiro only runs by default 10key - if p.Name == "poc-yaml-shiro-key" && !pocFull && j >= 10 { + //shiro默认只跑10key + if p.Name == "poc-yaml-shiro-key" && !common.PocFull && j >= 10 { if item[1] == "cbc" { continue } else { @@ -354,15 +353,15 @@ func clusterpoc(oReq *http.Request, p *Poc, pocFull bool, variableMap map[string if success { if rule.Continue { if p.Name == "poc-yaml-backup-file" || p.Name == "poc-yaml-sql-file" { - common.LogSuccess(fmt.Sprintf("[+] %s://%s%s %s", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name)) + common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name)) } else { - common.LogSuccess(fmt.Sprintf("[+] %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, tmpMap)) + common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, tmpMap)) } continue } strMap = append(strMap, tmpMap...) if i == len(p.Rules)-1 { - common.LogSuccess(fmt.Sprintf("[+] %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, strMap)) + common.LogSuccess(fmt.Sprintf("[+] PocScan %s://%s%s %s %v", req.Url.Scheme, req.Url.Host, req.Url.Path, p.Name, strMap)) //防止后续继续打印poc成功信息 return false, nil } @@ -445,6 +444,7 @@ func clustersend(oReq *http.Request, variableMap map[string]interface{}, req *Re // newRequest, err := http.NewRequest(rule.Method, fmt.Sprintf("%s://%s%s", req.Url.Scheme, req.Url.Host, req.Url.Path), strings.NewReader(rule.Body)) if err != nil { + //fmt.Println("[-] newRequest error:",err) return false, err } newRequest.Header = oReq.Header.Clone() @@ -476,7 +476,7 @@ func clustersend(oReq *http.Request, variableMap map[string]interface{}, req *Re } return false, err } - + //fmt.Println(fmt.Sprintf("%v, %s", out, out.Type().TypeName())) if fmt.Sprintf("%v", out) == "false" { //如果false不继续执行后续rule return false, err // 如果最后一步执行失败,就算前面成功了最终依旧是失败 }