2023-08-03 21:40:26 -07:00
|
|
|
package Web_Scan
|
2020-12-29 01:17:10 -08:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"embed"
|
|
|
|
|
"fmt"
|
2023-08-03 21:40:26 -07:00
|
|
|
"example.com/fxscan/Web_Scan/lib"
|
2023-08-03 21:37:55 -07:00
|
|
|
"example.com/fxscan/common"
|
2020-12-29 01:17:10 -08:00
|
|
|
"net/http"
|
2022-04-20 02:45:27 -07:00
|
|
|
"os"
|
|
|
|
|
"path/filepath"
|
2021-06-17 05:32:53 -07:00
|
|
|
"strings"
|
2022-04-20 02:45:27 -07:00
|
|
|
"sync"
|
2020-12-29 01:17:10 -08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
//go:embed pocs
|
|
|
|
|
var Pocs embed.FS
|
2022-04-20 02:45:27 -07:00
|
|
|
var once sync.Once
|
|
|
|
|
var AllPocs []*lib.Poc
|
2020-12-29 01:17:10 -08:00
|
|
|
|
2023-08-03 21:40:26 -07:00
|
|
|
func Web_Scan(info *common.HostInfo) {
|
2022-04-20 02:45:27 -07:00
|
|
|
once.Do(initpoc)
|
2021-02-04 22:43:07 -08:00
|
|
|
var pocinfo = common.Pocinfo
|
2021-06-30 01:26:17 -07:00
|
|
|
buf := strings.Split(info.Url, "/")
|
|
|
|
|
pocinfo.Target = strings.Join(buf[:3], "/")
|
2022-01-07 21:31:52 -08:00
|
|
|
|
2022-03-11 00:13:31 -08:00
|
|
|
if pocinfo.PocName != "" {
|
|
|
|
|
Execute(pocinfo)
|
|
|
|
|
} else {
|
|
|
|
|
for _, infostr := range info.Infostr {
|
|
|
|
|
pocinfo.PocName = lib.CheckInfoPoc(infostr)
|
2022-01-07 21:31:52 -08:00
|
|
|
Execute(pocinfo)
|
2022-01-07 01:58:34 -08:00
|
|
|
}
|
2020-12-29 01:17:10 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-30 01:26:17 -07:00
|
|
|
func Execute(PocInfo common.PocInfo) {
|
2020-12-29 01:17:10 -08:00
|
|
|
req, err := http.NewRequest("GET", PocInfo.Target, nil)
|
|
|
|
|
if err != nil {
|
2022-03-11 00:13:31 -08:00
|
|
|
errlog := fmt.Sprintf("[-] webpocinit %v %v", PocInfo.Target, err)
|
2021-06-30 01:26:17 -07:00
|
|
|
common.LogError(errlog)
|
|
|
|
|
return
|
2020-12-29 01:17:10 -08:00
|
|
|
}
|
2022-11-19 01:04:13 -08:00
|
|
|
req.Header.Set("User-agent", common.UserAgent)
|
|
|
|
|
req.Header.Set("Accept", common.Accept)
|
|
|
|
|
req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9")
|
2022-07-03 08:48:06 -07:00
|
|
|
if common.Cookie != "" {
|
|
|
|
|
req.Header.Set("Cookie", common.Cookie)
|
2020-12-29 01:17:10 -08:00
|
|
|
}
|
2022-11-19 01:04:13 -08:00
|
|
|
req.Header.Set("Connection", "close")
|
2022-04-20 02:45:27 -07:00
|
|
|
pocs := filterPoc(PocInfo.PocName)
|
2022-07-03 08:48:06 -07:00
|
|
|
lib.CheckMultiPoc(req, pocs, common.PocNum)
|
2022-04-20 02:45:27 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func initpoc() {
|
|
|
|
|
if common.PocPath == "" {
|
|
|
|
|
entries, err := Pocs.ReadDir("pocs")
|
|
|
|
|
if err != nil {
|
|
|
|
|
fmt.Printf("[-] init poc error: %v", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
for _, one := range entries {
|
|
|
|
|
path := one.Name()
|
|
|
|
|
if strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml") {
|
|
|
|
|
if poc, _ := lib.LoadPoc(path, Pocs); poc != nil {
|
|
|
|
|
AllPocs = append(AllPocs, poc)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
err := filepath.Walk(common.PocPath,
|
|
|
|
|
func(path string, info os.FileInfo, err error) error {
|
|
|
|
|
if err != nil || info == nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if !info.IsDir() {
|
|
|
|
|
if strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml") {
|
|
|
|
|
poc, _ := lib.LoadPocbyPath(path)
|
|
|
|
|
if poc != nil {
|
|
|
|
|
AllPocs = append(AllPocs, poc)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
fmt.Printf("[-] init poc error: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func filterPoc(pocname string) (pocs []*lib.Poc) {
|
|
|
|
|
if pocname == "" {
|
|
|
|
|
return AllPocs
|
|
|
|
|
}
|
|
|
|
|
for _, poc := range AllPocs {
|
|
|
|
|
if strings.Contains(poc.Name, pocname) {
|
|
|
|
|
pocs = append(pocs, poc)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return
|
2020-12-29 01:17:10 -08:00
|
|
|
}
|
