add dnsx;1、fuzz、及所有请求输出限制为800k，避免被反制、进行内存攻击导致程序崩溃

2、修复naabu、nmap扫描后使用ip继续走后续流程，导致无法正确访问目标的bug，https通常是限定只能域名访问的 2022-10-11
GhostTroops · Oct 11, 2022 · efbefc6 · efbefc6
1 parent 181848a
commit efbefc6
Show file tree

Hide file tree

Showing 30 changed files with 105,385 additions and 99 deletions.
diff --git a/br.sh b/br.sh
@@ -1,3 +1,3 @@
 go build -o scan4all main.go
-./scan4all -host http://192.168.0.109 -o xxx.csv -v
+./scan4all -host https://www.sina.com.cn/ -o xxx.csv -v
 
diff --git a/brute/filefuzz.go b/brute/filefuzz.go
@@ -140,6 +140,7 @@ func init() {
 			util.SendEngineLog(evt, Const.ScanType_WebDirScan, filePaths, fileFuzzTechnologies)
 		})
 
+		// 注册一个
 	})
 }
 
@@ -208,7 +209,7 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
 	var async_data = make(chan *FuzzData, util.Fuzzthreads*2)
 	var async_technologies = make(chan []string, util.Fuzzthreads*2)
 	// 字典长度的 30% 的错误
-	var MaxErrorTimes int32 = int32(float32(len(filedic)) * 0.3)
+	var MaxErrorTimes int32 = int32(util.GetValAsInt("MaxErrorTimes", 50)) //int32(float32(len(filedic)) * 0.005)
 	if strings.HasPrefix(url404req.Protocol, "HTTP/2") || strings.HasPrefix(url404req.Protocol, "HTTP/3") {
 		MaxErrorTimes = int32(len(filedic))
 	}
@@ -228,7 +229,10 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
 			case <-ctx2.Done():
 				return
 			case <-t001.C:
-				fmt.Printf("(ok/total:%5d/%5d) (errs/limitErr:%3d/%3d) %s\r", nCnt, len(filedic), errorTimes, MaxErrorTimes, u)
+				fmt.Printf("file fuzz(ok/total:%5d/%5d) (errs/limitErr:%3d/%3d) %s\r", nCnt, len(filedic), errorTimes, MaxErrorTimes, u)
+				if errorTimes >= MaxErrorTimes {
+					stop()
+				}
 			case x1, ok := <-async_data:
 				if ok {
 					if lst200 == nil || x1.Req.Resqonse.Body != lst200.Body {
@@ -293,11 +297,6 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
 						szUrl = u + payload[1:]
 					}
 					//log.Printf("start fuzz: [%s]", szUrl)
-					client := util.GetClient(szUrl)
-					if nil != client {
-						client.ErrCount = 0
-						client.ErrLimit = 999999
-					}
 					if fuzzPage, req, err := reqPage(szUrl); err == nil && nil != req && 0 < len(req.Body) {
 						if 200 == req.StatusCode {
 							if nil == lst200 {

diff --git a/brute/fuzzAI.go b/brute/fuzzAI.go
@@ -86,7 +86,7 @@ func StudyErrPageAI(req *util.Response, page *util.Page, fingerprintsTag string)
 			}
 			// 学些匹配，不重复再记录
 			if bRst, _ := CheckRepeat(data); !bRst {
-				util.Create[ErrPage](data)
+				util.Create[ErrPage](*data)
 			}
 		}
 	})
@@ -125,7 +125,7 @@ func CheckIsErrPageAI(req *util.Response, page *util.Page) bool {
 		for _, x := range page404Title {
 			// 异常页面标题检测成功
 			if 0 < len(data.Title) && (util.StrContains(x, data.Title) || util.StrContains(data.Title, x)) || 0 < len(data.Body) && util.StrContains(data.Body, x) {
-				util.Create[ErrPage](data)
+				util.Create[ErrPage](*data)
 				return true
 			}
 			u01, err := url.Parse(strings.TrimSpace(*page.Url))

diff --git a/config/config.json b/config/config.json
@@ -1,4 +1,5 @@
 {
+  "LimitReader": 819200,
   "OnClient": true,
   "ScanPoolSize":5000,
   "JndiAddress": "https://rcejndi.51pwn.com",
@@ -64,10 +65,10 @@
   "HydraUser": "",
   "HydraPass": "",
   "UrlPrecise": true,
-  "ParseSSl": true,
-  "EnableSubfinder": true,
+  "ParseSSl": false,
+  "EnableSubfinder": false,
   "EnableHoneyportDetection": true,
-  "EnableKsubdomain": true,
+  "EnableKsubdomain": false,
   "KsubdomainRegxp": "([0-9a-zA-Z\\-]+\\.[0-9a-zA-Z\\-]+)$",
   "naabu_dns": {},
   "naabu": {"TopPorts": "1000","ScanAllIPS": true,"Threads": 50,"EnableProgressBar": false},
@@ -79,6 +80,7 @@
     "Severities":  [5,4,3],
     "RateLimit": 150,
     "ExcludeTags": ["fuzz"],
+    "ExcludedTemplates": ["config/nuclei-templates/token-spray"],
     "BulkSize":64,
     "TemplateThreads": 64,
     "HeadlessBulkSize": 10,