up 2023-01-01

GhostTroops · Jan 1, 2023 · 4db39c4 · 4db39c4
1 parent 019c68b
commit 4db39c4
Show file tree

Hide file tree

Showing 1,224 changed files with 21,446 additions and 102,570 deletions.
diff --git a/3ee8307c128be7296b2fa2ad5453341a3d37c2b6.xml b/3ee8307c128be7296b2fa2ad5453341a3d37c2b6.xml
diff --git a/brute/dicts/filedic.txt b/brute/dicts/filedic.txt
@@ -1,5 +1,6 @@
 /Login.jsp
 /login.jsp
+/stats.json
 /.well-known/security.txt
 ../../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log%00
 ../../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log

diff --git a/config/config.json b/config/config.json
@@ -12,14 +12,6 @@
       "-c",20,
       "-o","{PWD}/logs"
     ],
-    "uncover": [
-      "-q","",
-      "-e","shodan",
-      "-pc","{PWD}/config/uncover/provider-config.yaml",
-      "-config","{PWD}/config/uncover/config.yaml",
-      "-f","ip,port,host",
-      "-json","-o",""
-    ],
     "ffuf": [
       "-u","",
       "-w","{PWD}/brute/dicts/filedic.txt",
@@ -51,8 +43,10 @@
     ],
     "uncover": [
       "-q","",
-      "-engine","shodan",
-      "-provider","{PWD}/config/uncover/provider-config.yaml",
+      "-e","shodan",
+      "-pc","{PWD}/config/uncover/provider-config.yaml",
+      "-config","{PWD}/config/uncover/config.yaml",
+      "-f","ip,port,host",
       "-shodan",
       "-silent","-nc","-json","-o",""
     ],

diff --git a/config/fuzzing-templates b/config/fuzzing-templates
diff --git a/config/nuclei-templates b/config/nuclei-templates
diff --git a/config/uncover/provider-config.yaml b/config/uncover/provider-config.yaml
@@ -1,4 +1,4 @@
 shodan:
-  - FfH1z0IR5MiktkLbfMlQD93M3lPe32vH
+  - ZRSzvyQ1GiKZkK0JfSZJKH4ucv8u1ude
 censys: []
 fofa: []
diff --git a/doNaabu_test.go b/doNaabu_test.go
@@ -14,7 +14,9 @@ func DoInitAll() {
 
 func TestDoUncover(t *testing.T) {
 	DoInitAll()
-	a := strings.Split(`'gov.cn'
+	a := strings.Split(`
+'ssl:Alibaba'
+'gov.cn'
 'ssl:"gov.cn"'
 'ssl:"China Lodging Group"'
 'ssl:"huazhu"'

diff --git a/engine/engineImp.go b/engine/engineImp.go
@@ -100,6 +100,7 @@ func (e *Engine) initNodeId() {
 	}
 }
 
+// 优化使用websocket、或者webRTC
 // "https://dt.51pwn.com/api/v1.0/syncResult/task/%d"
 // curl -v -XPOST -d '{"Num":22,"task_ids":"","node_id":"xx","task_num":443}'  https://127.0.0.1:8081/api/v1.0/syncResult/task/33
 // 结果反馈 /api/v1.0/syncResult/task/%d
@@ -237,10 +238,12 @@ func (e *Engine) SendTask(s string) {
 	}
 }
 
+// 注册特定类型的事件处理
 func (e *Engine) EngineFuncFactory(nT int64, fnCbk util.EngineFuncType) {
 	e.RegCaseScanFunc(nT, fnCbk)
 }
 
+// 注册特定类型的事件处理
 func (e *Engine) RegCaseScanFunc(nType int64, fnCbk util.EngineFuncType) {
 	e.caseScanFunc.Store(nType, fnCbk)
 }

diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
diff --git a/lib/api/main.go b/lib/api/main.go
@@ -3,7 +3,6 @@ package api
 import (
 	_ "github.com/hktalent/ProScan4all/engine"
 	"github.com/hktalent/ProScan4all/lib/util"
-	"github.com/hktalent/ProScan4all/pkg/hydra"
 	naaburunner "github.com/hktalent/ProScan4all/pkg/naabu/v2/pkg/runner"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/projectdiscovery/gologger"
@@ -68,12 +67,13 @@ func StartScan(oOpts *map[string]interface{}) {
 		noScan := util.GetValAsBool("noScan")
 
 		// 直接使用 nmap xml结果文件
-		if hydra.DoNmapWithFile(options.HostsFile, &naaburunner.Naabubuffer) {
+		if util.DoNmapWithFile(options.HostsFile, &naaburunner.Naabubuffer) {
 			os.Setenv("noScan", "true")
 			naabuRunner.Close()
 		} else if noScan {
 			s1, err := naabuRunner.MergeToFile()
 			if nil == err {
+				util.DoInput(s1, &naaburunner.Naabubuffer)
 				data, err := ioutil.ReadFile(s1)
 				if nil == err {
 					naaburunner.Naabubuffer.Write(data)

diff --git a/lib/util/Const.go b/lib/util/Const.go
@@ -4,13 +4,16 @@ import (
 	"context"
 	"fmt"
 	util "github.com/hktalent/go-utils"
+	jsoniter "github.com/json-iterator/go"
 	"github.com/remeh/sizedwaitgroup"
 	"net/http"
 	"os"
 	"regexp"
 	"strings"
 )
 
+var Json = jsoniter.ConfigCompatibleWithStandardLibrary
+
 // 全局线程控制
 var Wg *sizedwaitgroup.SizedWaitGroup
 
@@ -78,7 +81,7 @@ func SetHeader4Map(m *map[string]string) {
 // 程序main整体等待
 func DoSyncFunc(cbk func()) {
 	Wg.Add()
-	go func() {
+	DefaultPool.Submit(func() {
 		defer Wg.Done()
 		for {
 			select {
@@ -90,7 +93,7 @@ func DoSyncFunc(cbk func()) {
 				return
 			}
 		}
-	}()
+	})
 }
 
 // 检查 cookie

diff --git a/lib/util/GLock.go b/lib/util/GLock.go
@@ -0,0 +1,25 @@
+package util
+
+import (
+	"fmt"
+	"sync"
+	"time"
+)
+
+var lk sync.Mutex
+
+// 全局统一锁，避免相同目标、相同任务重复执行
+// 库级：不重复
+// 执行第一次，就进行标记，第二次返回true
+func IsDoIt(s string, nType int) bool {
+	lk.Lock()
+	defer lk.Unlock()
+	k := fmt.Sprintf("IsDo%s_%d", s, nType)
+	if o := clientHttpCc.Get(k); nil != o {
+		if v, ok := o.Value().(bool); ok && v {
+			return v
+		}
+	}
+	clientHttpCc.Set(k, true, time.Hour*24)
+	return false
+}
diff --git a/lib/util/SPool.go b/lib/util/SPool.go
@@ -0,0 +1,37 @@
+package util
+
+import (
+	"github.com/panjf2000/ants/v2"
+	"time"
+)
+
+const (
+	// DefaultAntsPoolSize sets up the capacity of worker pool, 256 * 1024.
+	DefaultAntsPoolSize = 1 << 18
+
+	// ExpiryDuration is the interval time to clean up those expired workers.
+	ExpiryDuration = 10 * time.Second
+
+	// Nonblocking decides what to do when submitting a new task to a full worker pool: waiting for a available worker
+	// or returning nil directly.
+	Nonblocking = true
+)
+
+// Pool is the alias of ants.Pool.
+type Pool = ants.Pool
+
+var DefaultPool *Pool
+
+func create() *Pool {
+	options := ants.Options{ExpiryDuration: ExpiryDuration, Nonblocking: Nonblocking}
+	defaultAntsPool, _ := ants.NewPool(DefaultAntsPoolSize, ants.WithOptions(options))
+	return defaultAntsPool
+}
+
+func init() {
+	RegInitFunc4Hd(func() {
+		// It releases the default pool from ants.
+		ants.Release()
+		DefaultPool = create()
+	})
+}
diff --git a/lib/util/VulInfo.go b/lib/util/VulInfo.go
@@ -0,0 +1,24 @@
+package util
+
+type VulnInfo struct {
+	Name         string
+	VulID        []string
+	Version      string
+	Author       string
+	VulDate      string
+	References   []string
+	AppName      string
+	AppPowerLink string
+	AppVersion   string
+	VulType      string
+	Description  string
+	Category     string
+	Dork         QueryDork
+}
+
+type QueryDork struct {
+	Fofa    string
+	Quake   string
+	Zoomeye string
+	Shodan  string
+}
diff --git a/lib/util/config.go b/lib/util/config.go
@@ -311,7 +311,7 @@ func DoCmd(args ...string) (string, error) {
 	if nil != err {
 		return "", err
 	}
-	return string(outStr + "\n" + errStr), err
+	return outStr + "\n" + errStr, err
 }
 
 func doFile(config *embed.FS, s fs.DirEntry, szPath string) {

diff --git a/pkg/hydra/doNmapResult.go → lib/util/doNmapResult.go b/pkg/hydra/doNmapResult.go → lib/util/doNmapResult.go
@@ -1,11 +1,11 @@
-package hydra
+package util
 
 import (
 	"bytes"
 	"fmt"
 	"github.com/antchfx/xmlquery"
-	"github.com/hktalent/ProScan4all/lib/util"
-	"github.com/hktalent/ProScan4all/pkg"
+	"github.com/hktalent/51pwnPlatform/lib/scan/Const"
+	"github.com/hktalent/51pwnPlatform/pkg/models"
 	"io/ioutil"
 	"log"
 	"os"
@@ -15,23 +15,24 @@ import (
 
 // 弱口令检测
 func CheckWeakPassword(ip, service string, port int) {
-	util.DoSyncFunc(func() {
-		// 在弱口令检测范围就开始检测，结果....
-		service = strings.ToLower(service)
-		if pkg.Contains(ProtocolList, service) {
-			//log.Println("start CheckWeakPassword ", ip, ":", port, "(", service, ")")
-			Start(ip, port, service)
-		}
-	})
+	if !bCheckWeakPassword {
+		return
+	}
+	// 在弱口令检测范围就开始检测，结果....
+	service = strings.ToLower(service)
+	SendEvent(&models.EventData{
+		EventType: Const.ScanType_Pswd4hydra,
+		EventData: []interface{}{ip, port, service},
+	}, Const.ScanType_Pswd4hydra)
 }
 
 // 开启了es
-var enableEsSv, bCheckWeakPassword bool = false, true
+var bCheckWeakPassword bool = true
 
 func init() {
-	util.RegInitFunc(func() {
-		enableEsSv = util.GetValAsBool("enableEsSv")
-		bCheckWeakPassword = util.GetValAsBool("CheckWeakPassword")
+	RegInitFunc(func() {
+		EnableEsSv = GetValAsBool("EnableEsSv")
+		bCheckWeakPassword = GetValAsBool("CheckWeakPassword")
 		//log.Println("CheckWeakPassword = ", util.GetVal("CheckWeakPassword"), " bCheckWeakPassword = ", bCheckWeakPassword)
 	})
 }
@@ -45,6 +46,11 @@ func GetAttr(att []xmlquery.Attr, name string) string {
 	return ""
 }
 
+// 解析 nmap、masscan 输出的xml结果
+//  解析的结果保存到 bf 中
+//  解析的同时：
+//    1、触发端口弱口令检测，如果当前任务不需要，则，弱口令检测的入口处拦截、过滤
+//    2、端口 POC 检测，如果当前任务不需要，则，弱口令检测的入口处拦截、过滤
 func DoParseXml(s string, bf *bytes.Buffer) {
 	doc, err := xmlquery.Parse(strings.NewReader(s))
 	if err != nil {
@@ -80,7 +86,7 @@ func DoParseXml(s string, bf *bytes.Buffer) {
 				// 存储结果到其他地方
 				//x9 := AuthInfo{IPAddr: ip, Port: port, Protocol: service}
 				// 构造发送es等数据
-				if enableEsSv {
+				if EnableEsSv {
 					var xx09 = [][]string{}
 					if a1, ok := m1[ip]; ok {
 						xx09 = a1
@@ -94,21 +100,21 @@ func DoParseXml(s string, bf *bytes.Buffer) {
 						bf.Write([]byte(szUlr + "\n"))
 						if os.Getenv("NoPOC") != "true" {
 							if "445" == szPort && service == "microsoft-ds" || "135" == szPort && service == "msrpc" {
-								util.PocCheck_pipe <- &util.PocCheck{
+								PocCheck_pipe <- &PocCheck{
 									Wappalyzertechnologies: &[]string{service},
 									URL:                    szUlr,
 									FinalURL:               szUlr,
 									Checklog4j:             false,
 								}
-							} else if "8291" == szPort { // CVE_2018_14847
-								util.PocCheck_pipe <- &util.PocCheck{
+							} else if "8291" == szPort { // RouterOS CVE_2018_14847
+								PocCheck_pipe <- &PocCheck{
 									Wappalyzertechnologies: &[]string{"RouterOS"},
 									URL:                    szUlr,
 									FinalURL:               szUlr,
 									Checklog4j:             false,
 								}
-							} else if "2181" == szPort {
-								util.PocCheck_pipe <- &util.PocCheck{
+							} else if "2181" == szPort { // Zookeeper Unauthority
+								PocCheck_pipe <- &PocCheck{
 									Wappalyzertechnologies: &[]string{"ZookeeperUnauthority"},
 									URL:                    szUlr,
 									FinalURL:               szUlr,
@@ -120,7 +126,7 @@ func DoParseXml(s string, bf *bytes.Buffer) {
 				}
 				// 若密码、破解
 				if bCheckWeakPassword {
-					if "8728" == szPort && service == "unknown" {
+					if "8728" == szPort && service == "unknown" { // router
 						CheckWeakPassword(ip, "router", port)
 					} else if ("5985" == szPort || "5986" == szPort) && -1 < strings.Index(service, "microsoft ") {
 						CheckWeakPassword(ip, "winrm", port)
@@ -130,22 +136,22 @@ func DoParseXml(s string, bf *bytes.Buffer) {
 				}
 
 				s1 := fmt.Sprintf("%s\t%d\t%s\n", ip, port, service)
-				util.SendLog(ip, "nmap", s1, "")
+				SendLog(ip, "nmap", s1, "")
 				log.Printf("%s", s1)
 			}
 		}
 	}
-	if enableEsSv {
+	if EnableEsSv {
 		if 0 < len(m1) {
 			for k, x := range m1 {
-				util.SendAData[[]string](k, x, util.Nmap)
+				SendAData[[]string](k, x, Nmap)
 			}
 		}
 	}
 }
 
 // 处理使用者自己扫描的结果
-// 不能用异步，否则后续流程无法读取 buff
+//  不能用异步，否则后续流程无法读取 buff
 func DoNmapWithFile(s string, bf *bytes.Buffer) bool {
 	if strings.HasSuffix(strings.ToLower(s), ".xml") {
 		b, err := ioutil.ReadFile(s)
@@ -154,15 +160,14 @@ func DoNmapWithFile(s string, bf *bytes.Buffer) bool {
 		} else {
 			log.Println("DoNmapWithFile: ", err)
 		}
-
 		return true
 	}
 	return false
 }
 
 // 处理 naabu 端口扫描环节的结果文件
 func DoNmapRst(bf *bytes.Buffer) {
-	if x1, ok := util.TmpFile[string(util.Naabu)]; ok {
+	if x1, ok := TmpFile[string(Naabu)]; ok {
 		for _, x := range x1 {
 			defer func(r *os.File) {
 				r.Close()