From 584771114daecea63e089b732751d6b5459f7674 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BD=B1=E8=88=9E=E8=80=85?= Date: Wed, 27 Apr 2022 11:48:22 +0800 Subject: [PATCH] add lock --- WebScan/lib/check.go | 4 ++++ WebScan/lib/client.go | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/WebScan/lib/check.go b/WebScan/lib/check.go index 5bc132b..32f5069 100644 --- a/WebScan/lib/check.go +++ b/WebScan/lib/check.go @@ -53,6 +53,7 @@ func CheckMultiPoc(req *http.Request, pocs []*Poc, workers int) { } func executePoc(oReq *http.Request, p *Poc) (bool, error, string) { + var lock sync.Mutex c := NewEnvOption() c.UpdateCompileOptions(p.Set) if len(p.Sets) > 0 { @@ -173,7 +174,9 @@ func executePoc(oReq *http.Request, p *Poc) (bool, error, string) { } value := fmt.Sprintf("%v", v1) for k2, v2 := range rule.Headers { + lock.Lock() rule.Headers[k2] = strings.ReplaceAll(v2, "{{"+k1+"}}", value) + lock.Unlock() } rule.Path = strings.ReplaceAll(strings.TrimSpace(rule.Path), "{{"+k1+"}}", value) rule.Body = strings.ReplaceAll(strings.TrimSpace(rule.Body), "{{"+k1+"}}", value) @@ -594,6 +597,7 @@ func clusterpoc1(oReq *http.Request, p *Poc, variableMap map[string]interface{}, return false, err } if success == true { + common.LogSuccess(fmt.Sprintf("[+] %s://%s%s %s %s %s", req.Url.Scheme, req.Url.Host, req.Url.Path, var1, var2, var3)) break look3 } } diff --git a/WebScan/lib/client.go b/WebScan/lib/client.go index 03c12fa..3cc0e07 100644 --- a/WebScan/lib/client.go +++ b/WebScan/lib/client.go @@ -36,7 +36,7 @@ func InitHttpClient(ThreadsNum int, DownProxy string, Timeout time.Duration) err DialContext: dialer.DialContext, MaxConnsPerHost: 5, MaxIdleConns: 0, - MaxIdleConnsPerHost: 2, + MaxIdleConnsPerHost: ThreadsNum * 2, IdleConnTimeout: keepAlive, TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, TLSHandshakeTimeout: 5 * time.Second,