diff --git a/Plugins/scanner.go b/Plugins/scanner.go index 0fef02c..5a6c632 100644 --- a/Plugins/scanner.go +++ b/Plugins/scanner.go @@ -3,6 +3,7 @@ package Plugins import ( "errors" "fmt" + "github.com/shadow1ng/fscan/WebScan" "github.com/shadow1ng/fscan/common" "reflect" "strconv" @@ -24,6 +25,7 @@ func Scan(info common.HostInfo) { if info.Scantype == "portscan" { return } + WebScan.Inithttp(common.Pocinfo) var severports []string //severports := []string{"21","22","135"."445","1433","3306","5432","6379","9200","11211","27017"...} for _, port := range common.PORTList { severports = append(severports, strconv.Itoa(port)) diff --git a/WebScan/WebScan.go b/WebScan/WebScan.go index 5380e0a..4990888 100644 --- a/WebScan/WebScan.go +++ b/WebScan/WebScan.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/shadow1ng/fscan/WebScan/lib" "github.com/shadow1ng/fscan/common" + "log" "net/http" "time" ) @@ -22,11 +23,6 @@ func WebScan(info *common.HostInfo) { } func Execute(PocInfo common.PocInfo) error { - //PocInfo.Proxy = "http://127.0.0.1:8080" - err := lib.InitHttpClient(PocInfo.Num, PocInfo.Proxy, time.Duration(PocInfo.Timeout)*time.Second) - if err != nil { - return err - } req, err := http.NewRequest("GET", PocInfo.Target, nil) if err != nil { return err @@ -44,3 +40,11 @@ func Execute(PocInfo common.PocInfo) error { return nil } + +func Inithttp(PocInfo common.PocInfo) { + //PocInfo.Proxy = "http://127.0.0.1:8080" + err := lib.InitHttpClient(PocInfo.Num, PocInfo.Proxy, time.Duration(PocInfo.Timeout)*time.Second) + if err != nil { + log.Fatal(err) + } +} diff --git a/WebScan/info/rules.go b/WebScan/info/rules.go index 0c667c8..59526fd 100644 --- a/WebScan/info/rules.go +++ b/WebScan/info/rules.go @@ -31,6 +31,8 @@ var RuleDatas = []RuleData{ {"atmail-WebMail", "code", "(/index.php/mail/auth/processlogin)"}, {"weblogic", "code", "(/console/framework/skins/wlsconsole/images/login_WebLogic_branding.png|Welcome to Weblogic Application Server|Hypertext Transfer Protocol -- HTTP/1.1)"}, {"致远OA", "code", "(/seeyon/USER-DATA/IMAGES/LOGIN/login.gif)"}, + {"致远OA", "code", "(/seeyon/common/)"}, + {"discuz", "code", "(content=\"Discuz! X\")"}, {"Typecho", "code", "(Typecho)"}, {"金蝶EAS", "code", "(easSessionId)"}, {"phpMyAdmin", "cookie", "(pma_lang|phpMyAdmin)"}, @@ -75,8 +77,7 @@ var RuleDatas = []RuleData{ {"H3C ICG1000", "code", "(ICG1000系统管理)"}, {"CISCO-CX20", "code", "(CISCO-CX20)"}, {"H3C ER5200", "code", "(ER5200系统管理)"}, - {"linksys-vpn-bragap14-parintins", "code", - "(linksys-vpn-bragap14-parintins)"}, + {"linksys-vpn-bragap14-parintins", "code", "(linksys-vpn-bragap14-parintins)"}, {"360网站卫士常用前端公共库", "code", "(libs.useso.com)"}, {"H3C ER3100", "code", "(ER3100系统管理)"}, {"H3C-SecBlade-FireWall", "code", "(js/MulPlatAPI.js)"}, @@ -111,8 +112,14 @@ var RuleDatas = []RuleData{ {"金蝶政务GSiS", "code", "(/kdgs/script/kdgs.js)"}, {"Jboss", "code", "(Welcome to JBoss|jboss.css)"}, {"Jboss", "headers", "(JBoss)"}, - {"泛微E-mobile", "code", "(Weaver E-mobile)"}, + {"泛微E-mobile", "code", "(Weaver E-mobile|weaver,e-mobile)"}, {"齐治堡垒机", "code", "(logo-icon-ico72.png)"}, + {"ThinkPHP", "headers", "(ThinkPHP)"}, + {"ThinkPHP", "code", "(/Public/static/js/)"}, + {"weaver-ebridge", "code", "(e-Bridge,http://wx.weaver)"}, + {"Laravel", "headers", "(laravel_session)"}, + {"DWR", "code", "(dwr/engine.js)"}, + {"swagger_ui", "code", "(swagger-ui/css|\"swagger\":)"}, } var Md5Datas = []Md5Data{ diff --git a/WebScan/lib/http.go b/WebScan/lib/http.go index b14ee09..9f6a515 100644 --- a/WebScan/lib/http.go +++ b/WebScan/lib/http.go @@ -14,7 +14,7 @@ import ( ) var ( - client *http.Client + Client *http.Client clientNoRedirect *http.Client dialTimout = 5 * time.Second keepAlive = 15 * time.Second @@ -44,7 +44,7 @@ func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) err tr.Proxy = http.ProxyURL(u) } - client = &http.Client{ + Client = &http.Client{ Transport: tr, Timeout: Timeout, } @@ -70,7 +70,7 @@ func DoRequest(req *http.Request, redirect bool) (*Response, error) { var oResp *http.Response var err error if redirect { - oResp, err = client.Do(req) + oResp, err = Client.Do(req) } else { oResp, err = clientNoRedirect.Do(req) }