From 0520752257ffeb571915945d0e7d1128ac553d60 Mon Sep 17 00:00:00 2001
From: hktalent <18223385+hktalent@users.noreply.github.com>
Date: Fri, 6 Jan 2023 17:59:59 +0800
Subject: [PATCH] up 2023-01-06
---
360.net.json | 0
README.md | 3 +-
README_CN.md | 2 +-
brute/filefuzz.go | 234 +++++++-------
brute/fuzzAI.go | 18 +-
config/config.json | 24 +-
config/doPy3log4j.sh | 2 +-
engine/dispather.go | 58 ----
engine/dispather_test.go | 24 --
engine/engineImp.go | 93 ++++--
lib/Smuggling/CheckSmuggling.go | 61 ++--
lib/api/main.go | 12 +-
lib/crawlergo/mychromedp.go | 12 +-
lib/goby/LoadPoc.go | 5 +-
lib/util/SPool.go | 2 +-
lib/util/config_test.go | 20 +-
lib/util/delayClear.go | 4 +-
lib/util/geCurIp.go | 90 +++++-
lib/util/geCurIp_test.go | 7 +
lib/util/target.go | 27 +-
lib/util/util.go | 22 +-
lib/util/util_test.go | 20 +-
lib/util/xNmap.go | 4 +-
main.go | 5 +-
pkg/httpx/runner/runner.go | 287 +++++++++---------
pkg/hydra/hydra.go | 5 +-
pkg/hydra/smb/smb.go | 4 +-
pkg/kscan/lib/gotelnet/telnet.go | 4 +-
pkg/kscan/lib/grdp/core/io.go | 5 +-
pkg/kscan/lib/grdp/emission/emitter.go | 46 +--
pkg/ksubdomain/enum.go | 5 +-
pkg/ksubdomain/verify.go | 5 +-
pkg/naabu/v2/pkg/runner/runner.go | 109 +++----
pkg/naabu/v2/pkg/runner/targets.go | 12 +-
pkg/naabu/v2/pkg/scan/connect_test.go | 5 +-
pkg/naabu/v2/pkg/scan/scan_unix.go | 85 +++---
pkg/portScan/test/test.go | 23 --
pkg/xcmd/allCmdTools.go | 85 ++++--
pkg/xcmd/doCmd.go | 1 +
pocs_go/ms/probe_netbios.go | 6 +-
.../nuclei_Yaml/nclruner/runner/runner.go | 5 +-
qq.com.json | 197 ++++++++++++
test/test1/testPswd.go | 15 +-
test/testReg/TestReg.go | 5 +-
test/testfg/TestFg2.go | 24 +-
vendor/github.com/hktalent/go-utils/Const.go | 5 +
xxx.txt | 149 +++------
47 files changed, 1055 insertions(+), 781 deletions(-)
create mode 100644 360.net.json
delete mode 100644 engine/dispather.go
delete mode 100644 engine/dispather_test.go
create mode 100644 lib/util/geCurIp_test.go
delete mode 100644 pkg/portScan/test/test.go
create mode 100644 qq.com.json
diff --git a/360.net.json b/360.net.json
new file mode 100644
index 000000000..e69de29bb
diff --git a/README.md b/README.md
index d5dc04d4b..a9cceec99 100644
--- a/README.md
+++ b/README.md
@@ -193,6 +193,7 @@ more see: discussion
# Communication group (WeChat, QQ,Tg)
| Wechat | Or | QQchat | Or | Tg |
| --- |--- |--- |--- |--- |
+
|
||
||
|
@@ -202,5 +203,5 @@ more see: discussion
# Donation
| Wechat Pay | AliPay | Paypal | BTC Pay |BCH Pay |
| --- | --- | --- | --- | --- |
-|
|
|[paypal](https://www.paypal.me/pwned2019) **miracletalent@gmail.com**|
|
|
+|
|
|[paypal](https://www.paypal.me/pwned2019) **miracletalent@gmail.com**|
|
|
diff --git a/README_CN.md b/README_CN.md
index 601e9fd75..af88a7412 100644
--- a/README_CN.md
+++ b/README_CN.md
@@ -239,7 +239,7 @@ more see: discussion
# 交流群(微信、QQ、Tg)
| Wechat | Or | QQchat | Or | Tg |
| --- |--- |--- |--- |--- |
-||||||
+|||[paypal](https://www.paypal.me/pwned2019) **miracletalent@gmail.com**|||
## 💖Star
diff --git a/brute/filefuzz.go b/brute/filefuzz.go
index 41c07e914..ca5ed46e5 100644
--- a/brute/filefuzz.go
+++ b/brute/filefuzz.go
@@ -22,14 +22,17 @@ import (
)
// 备份、敏感文件后缀
+//
//go:embed dicts/bakSuffix.txt
var bakSuffix string
// 备份、敏感文件 http头类型 ContentType 检测
+//
//go:embed dicts/fuzzContentType1.txt
var fuzzct string
// 敏感文件前缀
+//
//go:embed dicts/prefix.txt
var szPrefix string
@@ -97,7 +100,8 @@ func reqPage(u string) (*util.Page, *util.Response, error) {
}
// 敏感文件头信息检测:
-// 检测头信息是否有敏感文件、本份文件、流文件等敏感信息
+//
+// 检测头信息是否有敏感文件、本份文件、流文件等敏感信息
func CheckBakPage(req *util.Response) bool {
if x0, ok := (*req.Header)["Content-Type"]; ok && 0 < len(x0) {
x0B := []byte(x0[0])
@@ -180,8 +184,9 @@ type FuzzData struct {
var r001 = regexp.MustCompile(`\.(aac)|(abw)|(arc)|(avif)|(avi)|(azw)|(bin)|(bmp)|(bz)|(bz2)|(cda)|(csh)|(css)|(csv)|(doc)|(docx)|(eot)|(epub)|(gz)|(gif)|(ico)|(ics)|(jar)|(jpeg)|(jpg)|(js)|(json)|(jsonld)|(mid)|(midi)|(mjs)|(mp3)|(mp4)|(mpeg)|(mpkg)|(odp)|(ods)|(odt)|(oga)|(ogv)|(ogx)|(opus)|(otf)|(png)|(pdf)|(php)|(ppt)|(pptx)|(rar)|(rtf)|(sh)|(svg)|(tar)|(tif)|(tiff)|(ts)|(ttf)|(txt)|(vsd)|(wav)|(weba)|(webm)|(webp)|(woff)|(woff2)|(xhtml)|(xls)|(xlsx)|(xml)|(xul)|(zip)|(3gp)|(3g2)|(7z)$`)
// 重写了fuzz:优化流程、优化算法、修复线程安全bug、增加智能功能
-// 两次 ioutil.ReadAll(resp.Body),第二次就会 Read返回EOF error
-// 去除指纹请求的路径,避免重复
+//
+// 两次 ioutil.ReadAll(resp.Body),第二次就会 Read返回EOF error
+// 去除指纹请求的路径,避免重复
func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody string) ([]string, []string) {
DoInitMap()
u01, err := url.Parse(strings.TrimSpace(u))
@@ -250,7 +255,7 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
var lst200 *util.Response
t001 := time.NewTicker(3 * time.Second)
var nCnt int32 = 0
- go func() {
+ util.DefaultPool.Submit(func() {
for {
select {
case <-ctx2.Done():
@@ -284,7 +289,7 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
// <-time.After(time.Duration(100) * time.Millisecond)
}
}
- }()
+ })
log.Printf("wait for file fuzz(dicts:%d) %s \r", len(filedic), u)
BreakAll:
@@ -307,124 +312,126 @@ BreakAll:
endP := u[len(u)-1:] == "/"
ch <- struct{}{}
wg.Add(1)
- go func(payload string) {
- payload = strings.TrimSpace(payload)
- defer func() {
- wg.Done() // 控制所有线程结束
- <-ch // 并发控制
- }()
- atomic.AddInt32(&nCnt, 1)
- for {
- select {
- case <-ctx.Done(): // 00-捕获所有线程关闭信号,并退出,close for all
- atomic.AddInt32(&errorTimes, MaxErrorTimes)
- return
- default:
- //if _, ok := noRpt.Load(szKey001Over); ok {
- // stop()
- // return
- //}
- // 01-异常>20关闭所有fuzz
- if atomic.LoadInt32(&errorTimes) >= MaxErrorTimes {
- stop() //发停止指令
+ func(payload string) {
+ util.DefaultPool.Submit(func() {
+ payload = strings.TrimSpace(payload)
+ defer func() {
+ wg.Done() // 控制所有线程结束
+ <-ch // 并发控制
+ }()
+ atomic.AddInt32(&nCnt, 1)
+ for {
+ select {
+ case <-ctx.Done(): // 00-捕获所有线程关闭信号,并退出,close for all
+ atomic.AddInt32(&errorTimes, MaxErrorTimes)
return
- }
- // 修复url,默认 认为 payload 不包含/
- szUrl := u + payload
- if strings.HasPrefix(payload, "/") && endP {
- szUrl = u + payload[1:]
- }
- //log.Printf("start fuzz: [%s]", szUrl)
- if fuzzPage, req, err := reqPage(szUrl); err == nil && nil != req && 0 < len(req.Body) {
- if 200 == req.StatusCode {
- if nil == lst200 {
- lst200 = req
- } else if lst200.Body == req.Body { // 无意义的 200
- continue
- }
- if oU1, err := url.Parse(szUrl); nil == err {
- a50 := r001.FindStringSubmatch(oU1.Path)
- if 0 < len(a50) {
- s2 := mime.TypeByExtension(filepath.Ext(a50[0]))
- ct := (*req).Header.Get("Content-Type")
- if "" != ct && "" != s2 && strings.Contains(ct, s2) {
- continue
- }
- }
- }
- //log.Printf("%d : %s \n", req.StatusCode, szUrl)
- if IsLoginPage(szUrl, req.Body, req.StatusCode) {
- technologies = append(technologies, "loginpage")
- }
- }
- go util.CheckHeader(req.Header, u)
- // 02-状态码和req1相同,且与req1相似度>9.5,关闭所有fuzz
- fXsd := strsim.Compare(url404req.Body, req.Body)
- bBig95 := 9.5 < fXsd
- //if "/bea_wls_internal/classes/mejb@/org/omg/stub/javax/management/j2ee/_ManagementHome_Stub.class" == payload {
- // log.Println("start debug")
+ default:
+ //if _, ok := noRpt.Load(szKey001Over); ok {
+ // stop()
+ // return
//}
- if url404.StatusCode == fuzzPage.StatusCode && bBig95 {
+ // 01-异常>20关闭所有fuzz
+ if atomic.LoadInt32(&errorTimes) >= MaxErrorTimes {
stop() //发停止指令
- atomic.AddInt32(&errorTimes, MaxErrorTimes)
return
}
- var path1, technologies1 = []string{}, []string{}
- // 03-异常页面(>400),或相似度与404匹配
- if fuzzPage.StatusCode >= 400 || bBig95 || fuzzPage.StatusCode != 200 {
- // 03.01-异常页面指纹匹配
- technologies = Addfingerprints404(technologies, req, fuzzPage) //基于404页面文件扫描指纹添加
- // 03.02-与绝对404相似度低于0.8,添加body 404 body list
- // 03.03-添加404titlelist
- if 0.8 > fXsd && fuzzPage.StatusCode != 200 && fuzzPage.StatusCode != url404.StatusCode {
- StudyErrPageAI(req, fuzzPage, "") // 异常页面学习
+ // 修复url,默认 认为 payload 不包含/
+ szUrl := u + payload
+ if strings.HasPrefix(payload, "/") && endP {
+ szUrl = u + payload[1:]
+ }
+ //log.Printf("start fuzz: [%s]", szUrl)
+ if fuzzPage, req, err := reqPage(szUrl); err == nil && nil != req && 0 < len(req.Body) {
+ if 200 == req.StatusCode {
+ if nil == lst200 {
+ lst200 = req
+ } else if lst200.Body == req.Body { // 无意义的 200
+ continue
+ }
+ if oU1, err := url.Parse(szUrl); nil == err {
+ a50 := r001.FindStringSubmatch(oU1.Path)
+ if 0 < len(a50) {
+ s2 := mime.TypeByExtension(filepath.Ext(a50[0]))
+ ct := (*req).Header.Get("Content-Type")
+ if "" != ct && "" != s2 && strings.Contains(ct, s2) {
+ continue
+ }
+ }
+ }
+ //log.Printf("%d : %s \n", req.StatusCode, szUrl)
+ if IsLoginPage(szUrl, req.Body, req.StatusCode) {
+ technologies = append(technologies, "loginpage")
+ }
+ }
+ go util.CheckHeader(req.Header, u)
+ // 02-状态码和req1相同,且与req1相似度>9.5,关闭所有fuzz
+ fXsd := strsim.Compare(url404req.Body, req.Body)
+ bBig95 := 9.5 < fXsd
+ //if "/bea_wls_internal/classes/mejb@/org/omg/stub/javax/management/j2ee/_ManagementHome_Stub.class" == payload {
+ // log.Println("start debug")
+ //}
+ if url404.StatusCode == fuzzPage.StatusCode && bBig95 {
+ stop() //发停止指令
+ atomic.AddInt32(&errorTimes, MaxErrorTimes)
+ return
}
- // 04-403: 403 by pass
- if fuzzPage.Is403 && !url404.Is403 {
- a11 := ByPass403(&u, &payload, &wg)
- // 表示 ByPass403 成功了, 结果、控制台输出点什么?
- if 0 < len(a11) {
- async_data <- &FuzzData{Path: &a11, Req: fuzzPage}
+ var path1, technologies1 = []string{}, []string{}
+ // 03-异常页面(>400),或相似度与404匹配
+ if fuzzPage.StatusCode >= 400 || bBig95 || fuzzPage.StatusCode != 200 {
+ // 03.01-异常页面指纹匹配
+ technologies = Addfingerprints404(technologies, req, fuzzPage) //基于404页面文件扫描指纹添加
+ // 03.02-与绝对404相似度低于0.8,添加body 404 body list
+ // 03.03-添加404titlelist
+ if 0.8 > fXsd && fuzzPage.StatusCode != 200 && fuzzPage.StatusCode != url404.StatusCode {
+ StudyErrPageAI(req, fuzzPage, "") // 异常页面学习
}
+ // 04-403: 403 by pass
+ if fuzzPage.Is403 && !url404.Is403 {
+ a11 := ByPass403(&u, &payload, &wg)
+ // 表示 ByPass403 成功了, 结果、控制台输出点什么?
+ if 0 < len(a11) {
+ async_data <- &FuzzData{Path: &a11, Req: fuzzPage}
+ }
+ }
+ return
+ }
+ // 当前和绝对404不等于404,后续的比较也没有意义了,都等于[200,301,302]都没有意义了,都说明没有fuzz成功
+ if url404.StatusCode != 404 && url404.StatusCode == fuzzPage.StatusCode {
+ return
}
- return
- }
- // 当前和绝对404不等于404,后续的比较也没有意义了,都等于[200,301,302]都没有意义了,都说明没有fuzz成功
- if url404.StatusCode != 404 && url404.StatusCode == fuzzPage.StatusCode {
- return
- }
- // 05-跳转检测,即便是跳转,如果和绝对404不一样,说明检测成功
- //if CheckDirckt(fuzzPage, req) && url404.StatusCode != fuzzPage.StatusCode {
- // return
- //}
- // 1、状态码和绝对404一样 2、智能识别算出来
- is404Page := url404.StatusCode == fuzzPage.StatusCode || CheckIsErrPageAI(req, fuzzPage)
- // 06-成功页面, 非异常页面
- if !is404Page || 200 == fuzzPage.StatusCode && url404.StatusCode != fuzzPage.StatusCode {
- // 1、指纹匹配
- technologies1 = Addfingerprintsnormal(payload, technologies1, req, fuzzPage) // 基于200页面文件扫描指纹添加
- // 2、成功fuzz路径结果添加
- path1 = append(path1, *fuzzPage.Url)
- }
- if 0 < len(path1) {
- async_data <- &FuzzData{Path: &path1, Req: fuzzPage}
- }
- if 0 < len(technologies1) {
- async_technologies <- technologies1
- }
- } else { // 这里应该元子操作
- if nil != err {
- //if nil != client && strings.Contains(err.Error(), " connect: connection reset by peer") {
- // client.Client = client.GetClient(nil)
+ // 05-跳转检测,即便是跳转,如果和绝对404不一样,说明检测成功
+ //if CheckDirckt(fuzzPage, req) && url404.StatusCode != fuzzPage.StatusCode {
+ // return
//}
- //log.Printf("file fuzz %s is err %v\n", szUrl, err)
+ // 1、状态码和绝对404一样 2、智能识别算出来
+ is404Page := url404.StatusCode == fuzzPage.StatusCode || CheckIsErrPageAI(req, fuzzPage)
+ // 06-成功页面, 非异常页面
+ if !is404Page || 200 == fuzzPage.StatusCode && url404.StatusCode != fuzzPage.StatusCode {
+ // 1、指纹匹配
+ technologies1 = Addfingerprintsnormal(payload, technologies1, req, fuzzPage) // 基于200页面文件扫描指纹添加
+ // 2、成功fuzz路径结果添加
+ path1 = append(path1, *fuzzPage.Url)
+ }
+ if 0 < len(path1) {
+ async_data <- &FuzzData{Path: &path1, Req: fuzzPage}
+ }
+ if 0 < len(technologies1) {
+ async_technologies <- technologies1
+ }
+ } else { // 这里应该元子操作
+ if nil != err {
+ //if nil != client && strings.Contains(err.Error(), " connect: connection reset by peer") {
+ // client.Client = client.GetClient(nil)
+ //}
+ //log.Printf("file fuzz %s is err %v\n", szUrl, err)
+ }
+ atomic.AddInt32(&errorTimes, 1)
}
- atomic.AddInt32(&errorTimes, 1)
+ return
}
- return
}
- }
+ })
}(payload)
}
}
@@ -455,9 +462,10 @@ var reg1 = regexp.MustCompile("(?i) 2,做去重处理
- GEngine.EventData <- x1
- case ScanType_MergeIps: // 03- 默认自动合并ip,记录ip与域名的关联关系,再发送payload时考虑:相同ip不同域名,相同payload分别发送 合并相同目标 若干域名的ip,避免扫描时重复
- GEngine.EventData <- x1
- case ScanType_Pswd4hydra: // 04- 密码破解,隐含包含了: 端口扫描(05-masscan + 06-nmap)
- GEngine.EventData <- x1
- case ScanType_Masscan: // 05- 合并后的ip 进行快速端口扫描; // 06、精准 端口指纹,排除masscan已经识别的几种指纹
- x1.EventData = []interface{}{[]interface{}{portScan.TargetStr(task.ScanWeb)}}
- GEngine.EventData <- x1
- case ScanType_Nmap: // 05- 合并后的ip 进行快速端口扫描; // 06、精准 端口指纹,排除masscan已经识别的几种指纹
- x1.EventData = []interface{}{x1.Target2Ip(), []string{"0-65535"}}
- GEngine.EventData <- x1
- case ScanType_IpInfo: // 07- 获取ip info
- GEngine.EventData <- x1
- case ScanType_GoPoc: // 08- go-poc 检测, 隐含包含了: 端口扫描(05-masscan + 06-nmap)
- GEngine.EventData <- x1
- case ScanType_PortsWeb: // 09- web端口识别,Naabu,识别 https,识别存活的web端口,再进入下一流程
- GEngine.EventData <- x1
- case ScanType_WebFingerprints: // 10- web指纹,识别蜜罐,并标识
- GEngine.EventData <- x1
- case ScanType_WebDetectWaf: // 11- detect WAF
- GEngine.EventData <- x1
- case ScanType_WebScrapy: // 12- 爬虫分析,form表单识别,字段名识别,form action提取;
- GEngine.EventData <- x1
- case ScanType_WebInfo: // 13- server、x-powerby、x***,url、ip、其他敏感信息(姓名、电话、地址、身份证)
- GEngine.EventData <- x1
- case ScanType_WebVulsScan: // 14-nuclei
- GEngine.EventData <- x1
- case ScanType_WebDirScan: // 14-dir爆破,Gobuster
- GEngine.EventData <- x1
- default:
-
- }
- }
- }
- return true
- })
-}
diff --git a/engine/dispather_test.go b/engine/dispather_test.go
deleted file mode 100644
index 071bc381c..000000000
--- a/engine/dispather_test.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package engine
-
-import (
- "github.com/hktalent/51pwnPlatform/lib/scan/Const"
- "github.com/hktalent/51pwnPlatform/pkg/models"
- "github.com/hktalent/ProScan4all/lib/util"
- "os"
- "runtime"
- "testing"
-)
-
-func TestDispather(t *testing.T) {
- os.Args = []string{"", "-host", "http://127.0.0.1", "-v"}
- runtime.GOMAXPROCS(runtime.NumCPU())
- util.DoInit(nil)
- Dispather(&models.Target4Chan{ScanWeb: "127.0.0.1", ScanType: Const.ScanType_Masscan})
- util.Wg.Wait()
- util.CloseAll()
- //for _, tt := range tests {
- // t.Run(tt.name, func(t *testing.T) {
- // Dispather(tt.args.task)
- // })
- //}
-}
diff --git a/engine/engineImp.go b/engine/engineImp.go
index ddbb287ae..26e5d6238 100644
--- a/engine/engineImp.go
+++ b/engine/engineImp.go
@@ -9,6 +9,7 @@ import (
"github.com/hktalent/51pwnPlatform/pkg/models"
"github.com/hktalent/ProScan4all/lib/util"
"github.com/hktalent/ProScan4all/pocs_go"
+ Const "github.com/hktalent/go-utils"
"github.com/hktalent/jaeles/cmd"
jsoniter "github.com/json-iterator/go"
"github.com/panjf2000/ants/v2"
@@ -50,9 +51,10 @@ var GEngine *Engine
// /api/v1.0/syncResult/task/
// 创建引擎
-// 默认每个 goroutine 占用 8KB 内存
-// 一台 8GB 内存的机器满打满算也只能创建 8GB/8KB = 1000000 个 goroutine
-// 更何况系统还需要保留一部分内存运行日常管理任务,go 运行时需要内存运行 gc、处理 goroutine 切换等
+//
+// 默认每个 goroutine 占用 8KB 内存
+// 一台 8GB 内存的机器满打满算也只能创建 8GB/8KB = 1000000 个 goroutine
+// 更何况系统还需要保留一部分内存运行日常管理任务,go 运行时需要内存运行 gc、处理 goroutine 切换等
func NewEngine(c *context.Context, pool int) *Engine {
if nil != util.G_Engine {
return util.G_Engine.(*Engine)
@@ -204,9 +206,10 @@ func (e *Engine) FixTask(s string) (string, string) {
}
// 发送任务
-// 全局参数配置 + 扫描类型,细化扫描项目,由多个节点来分担不同子任务
-// config:全局配置已经包含了扫描类型信息,开启、关闭各种类型扫描的参数,包含通过环境变量传递过来的控制
-// 只发送非私有网络的任务
+//
+// 全局参数配置 + 扫描类型,细化扫描项目,由多个节点来分担不同子任务
+// config:全局配置已经包含了扫描类型信息,开启、关闭各种类型扫描的参数,包含通过环境变量传递过来的控制
+// 只发送非私有网络的任务
func (e *Engine) SendTask(s string) {
_, s = e.FixTask(s)
szUrl := fmt.Sprintf(e.DtServer, e.LimitTask)
@@ -260,16 +263,48 @@ func (e *Engine) Close() {
cmd.CleanOutput()
}
-// case 扫描使用的函数
-func (e *Engine) DoCase(ed *models.EventData) util.EngineFuncType {
- if i, ok := e.caseScanFunc.Load(ed.EventType); ok {
- if x, ok := i.(util.EngineFuncType); ok {
- return x
- } else {
- log.Println(i)
+// 类型转换为 str tags
+func (e *Engine) EventType2Str(argsTypes ...uint64) string {
+ a := map[uint64]string{
+ Const.ScanType_SSLInfo: "sslInfo", // 01- SSL信息分析,并对域名信息进行收集、进入下一步流程
+ Const.ScanType_SubDomain: "subdomain", // 02- 子域名爆破,新域名回归 到: 1 <-- -> 2,做去重处理
+ Const.ScanType_MergeIps: "mergeIps", // 03- 默认自动合并ip,记录ip与域名的关联关系,再发送payload时考虑:相同ip不同域名,相同payload分别发送 合并相同目标 若干域名的ip,避免扫描时重复
+ Const.ScanType_WeakPassword: "weakPassword", // 04- 密码破解,隐含包含了: 端口扫描(05-masscan + 06-nmap)
+ Const.ScanType_Masscan: "masscan", // 05- 合并后的ip 进行快速端口扫描
+ Const.ScanType_Nmap: "nmap", // 06、精准 端口指纹,排除masscan已经识别的几种指纹
+ Const.ScanType_IpInfo: "ipInfo", // 07- 获取ip info
+ Const.ScanType_GoPoc: "goPoc", // 08- go-poc 检测, 隐含包含了: 端口扫描(05-masscan + 06-nmap)
+ Const.ScanType_PortsWeb: "portsWeb", // 09- web端口识别,Naabu,识别 https,识别存活的web端口,再进入下一流程
+ Const.ScanType_WebFingerprints: "webFingerprints", // 10- web指纹,识别蜜罐,并标识
+ Const.ScanType_WebDetectWaf: "webDetectWaf", // 11- detect WAF
+ Const.ScanType_WebScrapy: "webScrapy", // 12- 爬虫分析,form表单识别,字段名识别,form action提取;
+ Const.ScanType_WebInfo: "webInfo", // 13- server、x-powerby、x***,url、ip、其他敏感信息(姓名、电话、地址、身份证)
+ Const.ScanType_WebVulsScan: "webVulsScan", // 14- 包含 nuclei
+ Const.ScanType_WebDirScan: "webDirScan", // 14- dir爆破,Gobuster
+ Const.ScanType_Naabu: "naabu", // 15- naabu
+ Const.ScanType_Httpx: "httpx", // 16- httpx
+ Const.ScanType_DNSx: "dnsx", // 17- DNSX
+ Const.ScanType_SaveEs: "saveEs", // 18- Save Es
+ Const.ScanType_Jaeles: "jaeles", // 19 - jaeles
+ Const.ScanType_Uncover: "uncover", // Uncover
+ Const.ScanType_Ffuf: "ffuf", // ffuf
+ Const.ScanType_Amass: "amass", // amass
+ Const.ScanType_Subfinder: "subfinder", // subfinder
+ Const.ScanType_Shuffledns: "shuffledns", // shuffledns
+ Const.ScanType_Tlsx: "tlsx", // tlsx
+ Const.ScanType_Katana: "katana", // katana
+ Const.ScanType_Nuclei: "nuclei", // nuclei
+ Const.ScanType_Gobuster: "gobuster", // Gobuster
+ }
+ var oR []string
+ for _, i := range argsTypes {
+ for k, v := range a {
+ if int64(i&k) == int64(k) {
+ oR = append(oR, v)
+ }
}
}
- return nil
+ return strings.Join(oR, ",")
}
// 关联发送若干个事件
@@ -282,24 +317,32 @@ func (e *Engine) SendEvent(evt *models.EventData, argsTypes ...int64) {
}
}
+// 分派任务
+func (e *Engine) Dispather(ed *models.EventData) {
+ oR := e.GetCaseScanFunc()
+ oR.Range(func(k, v any) bool {
+ t1 := k.(int64)
+ if t1&ed.EventType == t1 {
+ v.(util.EngineFuncType)(ed, ed.EventData...)
+ }
+ return true
+ })
+}
+
// 执行事件代码 内部用
-// 每个事件自己做防重处理
-// 每个事件异步执行
-// 每种事件类型可以独立控制并发数
+//
+// 每个事件自己做防重处理
+// 每个事件异步执行
+// 每种事件类型可以独立控制并发数
func (e *Engine) DoEvent(ed *models.EventData) {
if nil != ed && nil != ed.EventData && 0 < len(ed.EventData) {
- fnCall := e.DoCase(ed)
- if nil != fnCall {
- fnCall(ed, ed.EventData...)
- } else {
- log.Printf("can not find fnCall case func %v\n", ed)
- }
+ e.Dispather(ed)
}
}
func (x1 *Engine) Running() {
// 异步启动一个线程处理检测,避免
- go func() {
+ util.DefaultPool.Submit(func() {
defer func() {
x1.Close()
}()
@@ -350,7 +393,7 @@ func (x1 *Engine) Running() {
//util.DoSleep()
}
}
- }()
+ })
}
// 引擎总入口
diff --git a/lib/Smuggling/CheckSmuggling.go b/lib/Smuggling/CheckSmuggling.go
index 50b6fde39..83a335df7 100644
--- a/lib/Smuggling/CheckSmuggling.go
+++ b/lib/Smuggling/CheckSmuggling.go
@@ -43,45 +43,48 @@ func checkSmuggling4Poc(ClTePayload *[]string, nTimes int, r1 *Smuggling, r *soc
}
/*
- check HTTP Request Smuggling
- 可以利用走私尝试访问,被常规手段屏蔽的路径,例如 weblogic 的页面
- https://portswigger.net/web-security/request-smuggling/finding
- https://hackerone.com/reports/1630668
- https://github.com/nodejs/llhttp/blob/master/src/llhttp/http.ts#L483
- 1、每个目标的登陆页面只做一次检测,也就是发现你登陆页面的路径可以做一次检测
- 2、每个目标相同上下文的页面只做一次检测,爬虫发现的不同上下文各做一次检测
- szBody 是为了 相同url 相同payload 的情况下,只发一次请求,进行多次判断而设计,Smuggling 的场景通常不存在
+ check HTTP Request Smuggling
+ 可以利用走私尝试访问,被常规手段屏蔽的路径,例如 weblogic 的页面
+ https://portswigger.net/web-security/request-smuggling/finding
+ https://hackerone.com/reports/1630668
+ https://github.com/nodejs/llhttp/blob/master/src/llhttp/http.ts#L483
+ 1、每个目标的登陆页面只做一次检测,也就是发现你登陆页面的路径可以做一次检测
+ 2、每个目标相同上下文的页面只做一次检测,爬虫发现的不同上下文各做一次检测
+ szBody 是为了 相同url 相同payload 的情况下,只发一次请求,进行多次判断而设计,Smuggling 的场景通常不存在
- 做一次 http
- util.PocCheck_pipe <- &util.PocCheck{
- Wappalyzertechnologies: &[]string{"httpCheckSmuggling"},
- URL: finalURL,
- FinalURL: finalURL,
- Checklog4j: false,
- }
+ 做一次 http
+ util.PocCheck_pipe <- &util.PocCheck{
+ Wappalyzertechnologies: &[]string{"httpCheckSmuggling"},
+ URL: finalURL,
+ FinalURL: finalURL,
+ Checklog4j: false,
+ }
*/
func DoCheckSmuggling(szUrl string, szBody string) {
for _, x := range payload {
util.Wg.Add()
- go func(j Smuggling, szUrl string) {
- defer util.Wg.Done()
- if "" == szBody {
- x1 := socket.NewCheckTarget(szUrl, "tcp", 3)
- defer x1.Close()
- checkSmuggling4Poc(j.GetPayloads(x1), j.GetTimes(), &j, x1)
- } else {
- j.CheckResponse(szBody, "")
- }
+ func(j Smuggling, szUrl string) {
+ util.DefaultPool.Submit(func() {
+ defer util.Wg.Done()
+ if "" == szBody {
+ x1 := socket.NewCheckTarget(szUrl, "tcp", 3)
+ defer x1.Close()
+ checkSmuggling4Poc(j.GetPayloads(x1), j.GetTimes(), &j, x1)
+ } else {
+ j.CheckResponse(szBody, "")
+ }
+ })
}(x, szUrl)
}
}
// 构造走私,用来访问被屏蔽的页面
-// 确认存在走私漏洞后,可以继续基于走私 走以便filefuzz
-// 1、首先 szUrl必须是可访问的 200,否则可能会导致误判
-// @szUrl 设施走私的目标
-// @smugglinUrlPath 希望走私能访问到到页面,例如 /console
-// @secHost 第二段头的host
+//
+// 确认存在走私漏洞后,可以继续基于走私 走以便filefuzz
+// 1、首先 szUrl必须是可访问的 200,否则可能会导致误判
+// @szUrl 设施走私的目标
+// @smugglinUrlPath 希望走私能访问到到页面,例如 /console
+// @secHost 第二段头的host
func GenerateHttpSmugglingPay(szUrl, smugglinUrlPath, secHost string) string {
a := []string{`POST %s HTTP/1.1
Host: %s
diff --git a/lib/api/main.go b/lib/api/main.go
index 7701d7b7a..220b5c6f2 100644
--- a/lib/api/main.go
+++ b/lib/api/main.go
@@ -81,12 +81,12 @@ func StartScan(oOpts *map[string]interface{}) {
}
naabuRunner.Close()
} else {
- gologger.Info().Msg("Port scan starting....")
- err = naabuRunner.RunEnumeration()
- if err != nil {
- gologger.Fatal().Msgf("Could not run enumeration: %s\n", err)
- }
- gologger.Info().Msg("Port scan over,web scan starting")
+ //gologger.Info().Msg("Port scan starting....")
+ //err = naabuRunner.RunEnumeration()
+ //if err != nil {
+ // gologger.Fatal().Msgf("Could not run enumeration: %s\n", err)
+ //}
+ //gologger.Info().Msg("Port scan over,web scan starting")
}
err = naabuRunner.Httpxrun(nil, nil)
if err != nil {
diff --git a/lib/crawlergo/mychromedp.go b/lib/crawlergo/mychromedp.go
index bafadfe76..fab5c085e 100644
--- a/lib/crawlergo/mychromedp.go
+++ b/lib/crawlergo/mychromedp.go
@@ -7,6 +7,7 @@ import (
"github.com/chromedp/cdproto/network"
"github.com/chromedp/chromedp"
"github.com/chromedp/chromedp/kb"
+ "github.com/hktalent/ProScan4all/lib/util"
"io/ioutil"
"log"
"os"
@@ -36,7 +37,7 @@ func (r *MyChromedp) DisableImageLoad(ctx context.Context) func(event interface{
return func(event interface{}) {
switch ev := event.(type) {
case *fetch.EventRequestPaused:
- go func() {
+ util.DefaultPool.Submit(func() {
c := chromedp.FromContext(ctx)
ctx := cdp.WithExecutor(ctx, c.Target)
@@ -45,15 +46,16 @@ func (r *MyChromedp) DisableImageLoad(ctx context.Context) func(event interface{
} else {
fetch.ContinueRequest(ev.RequestID).Do(ctx)
}
- }()
+ })
}
}
}
// 获取值
-// 输入框最后追加值
-// 发送键盘
-// download: https://github.com/chromedp/examples/blob/2f7adc7ded326214db81cc6c13d48ecd31af8d31/download_file/main.go
+//
+// 输入框最后追加值
+// 发送键盘
+// download: https://github.com/chromedp/examples/blob/2f7adc7ded326214db81cc6c13d48ecd31af8d31/download_file/main.go
func (r *MyChromedp) sendkeys(host string, val1, val2, val3, val4 *string) chromedp.Tasks {
return chromedp.Tasks{
chromedp.Navigate(host),
diff --git a/lib/goby/LoadPoc.go b/lib/goby/LoadPoc.go
index 04c99fa42..22d5c9495 100644
--- a/lib/goby/LoadPoc.go
+++ b/lib/goby/LoadPoc.go
@@ -2,6 +2,7 @@ package goby
import (
"embed"
+ "github.com/hktalent/ProScan4all/lib/util"
"io/ioutil"
"log"
)
@@ -12,7 +13,7 @@ func LoadPocs(Pocs embed.FS) chan<- string {
var szPath string = "goby_pocs"
entries, err := Pocs.ReadDir(szPath)
if err == nil {
- go func() {
+ util.DefaultPool.Submit(func() {
defer close(rst)
for _, v := range entries {
szFl1 := szPath + "/" + v.Name()
@@ -23,7 +24,7 @@ func LoadPocs(Pocs embed.FS) chan<- string {
log.Println("read ", szFl1, " is error ", err)
}
}
- }()
+ })
} else {
close(rst)
log.Println("read ", szPath, " dir is error ", err)
diff --git a/lib/util/SPool.go b/lib/util/SPool.go
index 091d9397d..ddb2ace5c 100644
--- a/lib/util/SPool.go
+++ b/lib/util/SPool.go
@@ -24,7 +24,7 @@ var DefaultPool *Pool
func create() *Pool {
options := ants.Options{ExpiryDuration: ExpiryDuration, Nonblocking: Nonblocking}
- defaultAntsPool, _ := ants.NewPool(DefaultAntsPoolSize, ants.WithOptions(options))
+ defaultAntsPool, _ := ants.NewPool(GetValAsInt("DefaultAntsPoolSize", 2000), ants.WithOptions(options))
return defaultAntsPool
}
diff --git a/lib/util/config_test.go b/lib/util/config_test.go
index d069ecd0e..cda5828d5 100644
--- a/lib/util/config_test.go
+++ b/lib/util/config_test.go
@@ -12,16 +12,18 @@ func TestTestIs404(t *testing.T) {
// 单独测试没有问题
for i := 8070; i < 8082; i++ {
Wg.Add(1)
- go func(n int) {
- defer Wg.Done()
- s1 := fmt.Sprintf("https://127.0.0.1:%d/scan4all", n)
- if resp, err, ok := TestIs404(s1); ok && nil == err {
- t.Log(resp.StatusCode, s1)
- } else {
- if n == 8081 && nil != err {
- t.Error(s1, err)
+ func(n int) {
+ util.DefaultPool.Submit(func() {
+ defer Wg.Done()
+ s1 := fmt.Sprintf("https://127.0.0.1:%d/scan4all", n)
+ if resp, err, ok := TestIs404(s1); ok && nil == err {
+ t.Log(resp.StatusCode, s1)
+ } else {
+ if n == 8081 && nil != err {
+ t.Error(s1, err)
+ }
}
- }
+ })
}(i)
}
diff --git a/lib/util/delayClear.go b/lib/util/delayClear.go
index 3c8abe0a0..8d36aeb90 100644
--- a/lib/util/delayClear.go
+++ b/lib/util/delayClear.go
@@ -74,7 +74,7 @@ func DoDelayClear(Wg1 ...*sizedwaitgroup.SizedWaitGroup) {
}
IsDo <- struct{}{}
wg2.Add()
- go func() {
+ DefaultPool.Submit(func() {
defer func() {
<-IsDo
wg2.Done()
@@ -95,6 +95,6 @@ func DoDelayClear(Wg1 ...*sizedwaitgroup.SizedWaitGroup) {
}
return true
})
- }()
+ })
return
}
diff --git a/lib/util/geCurIp.go b/lib/util/geCurIp.go
index 42a2f88c5..ce5ca3504 100644
--- a/lib/util/geCurIp.go
+++ b/lib/util/geCurIp.go
@@ -1,14 +1,86 @@
package util
import (
+ "bytes"
+ "encoding/binary"
+ "encoding/hex"
+ "fmt"
"io/ioutil"
"log"
+ "math/big"
+ "net"
"net/http"
"net/url"
"strings"
)
-func GetIp() map[string]interface{} {
+// 获取当前 mac 地址 hex 格式,可以作为 51pwn.com 的前缀
+func GetActiveMac() string {
+ ifc, err := net.Interfaces()
+ if err != nil {
+ fmt.Println(err)
+ return ""
+ }
+ var a []string
+ for _, i := range ifc {
+ macAddr := strings.TrimSpace(hex.EncodeToString(i.HardwareAddr))
+ // interface down; loopback interface
+ if i.Flags&net.FlagUp == 0 || i.Flags&net.FlagLoopback != 0 || macAddr == "" {
+ continue
+ }
+
+ addrs, _ := i.Addrs()
+ for _, addr := range addrs {
+ var ip net.IP
+ switch v := addr.(type) {
+ case *net.IPNet:
+ ip = v.IP
+ if !ip.IsPrivate() {
+ continue
+ }
+ a = append(a, macAddr)
+ fmt.Println(macAddr, ip, addr.String(), addr.Network(), i.Flags.String())
+ }
+ }
+ }
+ if 0 < len(a) {
+ return strings.Join(a, ",")
+ } else {
+ m1 := GetIp()
+ if nil != m1 {
+ szIp := fmt.Sprintf("%v", (*m1)["ip"])
+ return Pack32BinaryIP4(szIp)
+ }
+ return ""
+ }
+}
+func IP4toInt(IPv4Address net.IP) int64 {
+ IPv4Int := big.NewInt(0)
+ IPv4Int.SetBytes(IPv4Address.To4())
+ return IPv4Int.Int64()
+}
+
+func Pack32BinaryIP4(ip4Address string) string {
+ ipv4Decimal := IP4toInt(net.ParseIP(ip4Address))
+
+ buf := new(bytes.Buffer)
+ err := binary.Write(buf, binary.BigEndian, uint32(ipv4Decimal))
+
+ if err != nil {
+ fmt.Println("Unable to write to buffer:", err)
+ }
+
+ // present in hexadecimal format
+ result := fmt.Sprintf("%x", buf.Bytes())
+ return result
+}
+
+var PubIp *map[string]interface{}
+
+func GetIp() *map[string]interface{} {
+ if nil != PubIp && 0 < len(*PubIp) {
+ return PubIp
+ }
szUrl := "https://apis.map.qq.com/ws/location/v1/ip"
c := GetClient(szUrl)
c.UseHttp2 = false
@@ -24,15 +96,9 @@ func GetIp() map[string]interface{} {
}, func() map[string]string {
return map[string]string{"User-Agent": "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0", "Accept": "*/*"}
}, false)
- //if r, err := DoPost(szUrl, map[string]string{"User-Agent": "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0", "Accept": "*/*"}, strings.NewReader("key="+url.QueryEscape("IVOBZ-QNW6P-SUKDY-LFQSE-LUFCJ-3CFUE")+"&sig=afebe5ad5227ec75a1f3d8b97f888cda")); nil == err && r != nil {
- // defer r.Body.Close()
- // if data, err := ioutil.ReadAll(r.Body); nil == err {
- // var m1 map[string]interface{}
- // if nil == json.Unmarshal(data, &m1) {
- // log.Printf("%+v", m1)
- // return m1
- // }
- // }
- //}
- return m1
+ if m2, ok := m1["result"]; ok {
+ m1 = m2.(map[string]interface{})
+ }
+ PubIp = &m1
+ return PubIp
}
diff --git a/lib/util/geCurIp_test.go b/lib/util/geCurIp_test.go
new file mode 100644
index 000000000..b37e1ae2b
--- /dev/null
+++ b/lib/util/geCurIp_test.go
@@ -0,0 +1,7 @@
+package util
+
+import "testing"
+
+func TestGetActiveMac(t *testing.T) {
+ GetActiveMac()
+}
diff --git a/lib/util/target.go b/lib/util/target.go
index 46adaa3c5..27b09846d 100644
--- a/lib/util/target.go
+++ b/lib/util/target.go
@@ -5,7 +5,7 @@ import (
"github.com/hktalent/51pwnPlatform/pkg/models"
Const "github.com/hktalent/go-utils"
"github.com/projectdiscovery/iputil"
- "io/ioutil"
+ "os"
"strings"
)
@@ -14,15 +14,20 @@ const (
HttpsPre = "https://"
)
+type ScanTarget struct {
+ RawTarget string `json:"raw_target"` // 单目标原始输入,url(拆解为domain)、ip、domain、cidrs
+ Domain []string `json:"domain"` // 原始输入拆解后的domain
+ Ips []string `json:"ips"` // 目标分解后的ip列表,包含domain 定位后的ip信息
+}
+
/*
解析、处理目标
-str ip/cidrs,domain(*.*.xxx.com)url
-txt
-xml nmap
+输入格式:xml(nmap、masscan)、txt(lists)
+单目标:url(拆解为domain)、ip、domain、cidrs
*/
func DoInput(s string, bf *bytes.Buffer) {
if FileExists(s) {
- if data, err := ioutil.ReadFile(s); nil == err {
+ if data, err := os.ReadFile(s); nil == err {
s2 := strings.ToLower(s)
if strings.HasSuffix(s2, ".txt") {
a := strings.Split(strings.TrimSpace(string(data)), "\n")
@@ -46,20 +51,20 @@ func DoInput(s string, bf *bytes.Buffer) {
}
/*
- IP / CIDRS: 端口扫描,ssl信息获取,社工(shodan等)获取; -> 弱密码检测
- url : web指纹、web扫描、弱密码检测、webshell扫描,ssl信息,分解出的 domain 继续走domain任务
+IP / CIDRS: 端口扫描,ssl信息获取,社工(shodan等)获取; -> 弱密码检测
+url : web指纹、web扫描、弱密码检测、webshell扫描,ssl信息,分解出的 domain 继续走domain任务
*/
func DoOne(s string) {
s = strings.TrimSpace(s)
var oT = &models.EventData{EventData: []interface{}{s}}
if iputil.IsCIDR(s) || iputil.IsIP(s) { // ip/cidrs
- oT.EventType = int64(Const.ScanType_Nmap)
+ oT.EventType = int64(Const.ScanType_Ips)
} else {
- s1 := strings.ToLower(s)
+ s1 := strings.ToLower(strings.TrimSpace(s))
if strings.HasPrefix(s1, HttpPre) || strings.HasPrefix(s1, HttpsPre) { // url
- oT.EventType = int64(Const.ScanType_Nmap)
+ oT.EventType = int64(Const.ScanType_Webs)
} else if strings.HasPrefix(s1, "*.") { // domain
- oT.EventType = int64(Const.ScanType_Nmap)
+ oT.EventType = int64(Const.ScanType_Subfinder | Const.ScanType_SubDomain)
}
}
SendEvent(oT, oT.EventType)
diff --git a/lib/util/util.go b/lib/util/util.go
index 71eff583c..35124b8d6 100644
--- a/lib/util/util.go
+++ b/lib/util/util.go
@@ -57,7 +57,8 @@ func HttpRequsetBasic(username string, password string, urlstring string, method
var clientHttpCc *ccache.Cache
// 获取一个内存对象
-// 如果c不是nil,就不再创建新的
+//
+// 如果c不是nil,就不再创建新的
func GetMemoryCache(nMaxSize int64, c *ccache.Cache) *ccache.Cache {
if nil == c {
configure := ccache.Configure()
@@ -177,8 +178,9 @@ func SliceRemoveDuplicates(slice []string) []string {
}
// 若干参数依赖注入到对象 obj中
-// util.MergeParms2Obj(&ms, args...)
-// 使用 inject 注入 struct 需要注意的时,每个inject的类型不一样,如果一样的,必须使用类型别名,否则盲注会出问题
+//
+// util.MergeParms2Obj(&ms, args...)
+// 使用 inject 注入 struct 需要注意的时,每个inject的类型不一样,如果一样的,必须使用类型别名,否则盲注会出问题
func MergeParms2Obj(obj interface{}, args ...interface{}) interface{} {
if nil != args && 0 < len(args) {
in := inject.New()
@@ -239,9 +241,10 @@ func GetResponse(username string, password string, urlstring string, method stri
}
// 需要考虑缓存
-// 1、缓解网络不好的情况
-// 2、缓存有效期为当天
-// 3、缓存命中需和请求的数据完全匹配
+//
+// 1、缓解网络不好的情况
+// 2、缓存有效期为当天
+// 3、缓存命中需和请求的数据完全匹配
func HttpRequset(urlstring string, method string, postdata string, isredirect bool, headers map[string]string) (*Response, error) {
rsps, _, _, err := GetResponse("", "", urlstring, method, postdata, isredirect, headers)
if nil == err && nil == rsps {
@@ -423,12 +426,12 @@ func RetrieveCallInfo() *map[string]interface{} {
// convert bufio.Scanner to io.Reader
func ScannerToReader(scanner *bufio.Scanner) io.Reader {
reader, writer := io.Pipe()
- go func() {
+ DefaultPool.Submit(func() {
defer writer.Close()
for scanner.Scan() {
writer.Write(scanner.Bytes())
}
- }()
+ })
return reader
}
@@ -458,7 +461,8 @@ func DeepCopy(src, dist interface{}) (err error) {
type EngineFuncType func(evt *models.EventData, args ...interface{})
// 工厂方法
-// 便于同一、规范引擎调用的方法、参数约束
+//
+// 便于同一、规范引擎调用的方法、参数约束
var EngineFuncFactory func(nT int64, fnCbk EngineFuncType)
// 全局引擎
diff --git a/lib/util/util_test.go b/lib/util/util_test.go
index 10de52260..cd3c86f92 100644
--- a/lib/util/util_test.go
+++ b/lib/util/util_test.go
@@ -11,16 +11,18 @@ func TestHttpRequset(t *testing.T) {
// 单独测试没有问题
for i := 33; i < 8082; i++ {
Wg.Add(1)
- go func(n int) {
- defer Wg.Done()
- s1 := fmt.Sprintf("http://127.0.0.1:%d/scan4all", n)
- if resp, err := HttpRequset(s1, "GET", "", false, nil); nil == err {
- t.Log(resp.StatusCode, s1)
- } else {
- if n == 8081 {
- t.Error(s1, err)
+ func(n int) {
+ DefaultPool.Submit(func() {
+ defer Wg.Done()
+ s1 := fmt.Sprintf("http://127.0.0.1:%d/scan4all", n)
+ if resp, err := HttpRequset(s1, "GET", "", false, nil); nil == err {
+ t.Log(resp.StatusCode, s1)
+ } else {
+ if n == 8081 {
+ t.Error(s1, err)
+ }
}
- }
+ })
}(i)
}
diff --git a/lib/util/xNmap.go b/lib/util/xNmap.go
index d520dcc35..1494943a4 100644
--- a/lib/util/xNmap.go
+++ b/lib/util/xNmap.go
@@ -3,8 +3,8 @@ package util
import (
"bytes"
"fmt"
- "github.com/hktalent/51pwnPlatform/lib/scan/Const"
"github.com/hktalent/51pwnPlatform/pkg/models"
+ Const "github.com/hktalent/go-utils"
"io"
"io/ioutil"
"runtime"
@@ -33,7 +33,7 @@ func CvtData(d []interface{}) []string {
func init() {
RegInitFunc(func() {
// 保存数据也采用统一的线程池
- EngineFuncFactory(Const.ScanType_Nmap, func(evt *models.EventData, args ...interface{}) {
+ EngineFuncFactory(int64(Const.ScanType_Nmap), func(evt *models.EventData, args ...interface{}) {
if nil != evt && 0 < len(evt.EventData) {
return
}
diff --git a/main.go b/main.go
index a42db3e02..833271541 100644
--- a/main.go
+++ b/main.go
@@ -10,7 +10,6 @@ import (
"log"
"net/http"
_ "net/http/pprof"
-
"runtime"
"runtime/debug"
)
@@ -45,11 +44,11 @@ func main() {
szTip := ""
if util.GetValAsBool("enableDevDebug") {
// debug 优化时启用///////////////////////
- go func() {
+ util.DefaultPool.Submit(func() {
szTip = "Since you started http://127.0.0.1:6060/debug/pprof/ with -debug, close the program with: control + C"
fmt.Println("debug info: \nopen http://127.0.0.1:6060/debug/pprof/\n\ngo tool pprof -seconds=10 -http=:9999 http://localhost:6060/debug/pprof/heap")
http.ListenAndServe(":6060", nil)
- }()
+ })
//////////////////////////////////////////*/
}
api.StartScan(nil)
diff --git a/pkg/httpx/runner/runner.go b/pkg/httpx/runner/runner.go
index a9a156e07..4095009c9 100644
--- a/pkg/httpx/runner/runner.go
+++ b/pkg/httpx/runner/runner.go
@@ -376,9 +376,8 @@ func (r *Runner) testAndSet(k string) bool {
func (r *Runner) streamInput() (chan string, error) {
out := make(chan string)
- go func() {
+ util.DefaultPool.Submit(func() {
defer close(out)
-
if fileutil.FileExists(r.options.InputFile) {
fchan, err := fileutil.ReadFile(r.options.InputFile)
if err != nil {
@@ -417,7 +416,7 @@ func (r *Runner) streamInput() (chan string, error) {
}
}
}
- }()
+ })
return out, nil
}
@@ -540,95 +539,97 @@ func (r *Runner) RunEnumeration() {
wgoutput := sizedwaitgroup.New(1)
wgoutput.Add()
output := make(chan Result, 200)
- go func(output chan Result) {
- defer wgoutput.Done()
-
- var f *os.File
- if r.options.Output != "" {
- var err error
- f, err := os.OpenFile(r.options.Output, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
- if err != nil {
- gologger.Fatal().Msgf("Could not create output file '%s': %s\n", r.options.Output, err)
+ func(output chan Result) {
+ util.DefaultPool.Submit(func() {
+ defer wgoutput.Done()
+
+ var f *os.File
+ if r.options.Output != "" {
+ var err error
+ f, err := os.OpenFile(r.options.Output, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+ if err != nil {
+ gologger.Fatal().Msgf("Could not create output file '%s': %s\n", r.options.Output, err)
+ }
+ defer f.Close() //nolint
}
- defer f.Close() //nolint
- }
- if r.options.CSVOutput {
- header := Result{}.CSVHeader()
- //gologger.Silent().Msgf("%s\n", header)
- if f != nil {
- //nolint:errcheck // this method needs a small refactor to reduce complexity
- f.WriteString(header + "\n")
+ if r.options.CSVOutput {
+ header := Result{}.CSVHeader()
+ //gologger.Silent().Msgf("%s\n", header)
+ if f != nil {
+ //nolint:errcheck // this method needs a small refactor to reduce complexity
+ f.WriteString(header + "\n")
+ }
}
- }
- for resp := range output {
- if resp.err != nil {
- gologger.Debug().Msgf("Failed '%s': %s\n", resp.URL, resp.err)
- }
- if resp.str == "" {
- continue
- }
+ for resp := range output {
+ if resp.err != nil {
+ gologger.Debug().Msgf("Failed '%s': %s\n", resp.URL, resp.err)
+ }
+ if resp.str == "" {
+ continue
+ }
- // apply matchers and filters
- if len(r.options.filterStatusCode) > 0 && slice.IntSliceContains(r.options.filterStatusCode, resp.StatusCode) {
- continue
- }
- if len(r.options.filterContentLength) > 0 && slice.IntSliceContains(r.options.filterContentLength, resp.ContentLength) {
- continue
- }
- if len(r.options.filterLinesCount) > 0 && slice.IntSliceContains(r.options.filterLinesCount, resp.Lines) {
- continue
- }
- if len(r.options.filterWordsCount) > 0 && slice.IntSliceContains(r.options.filterWordsCount, resp.Words) {
- continue
- }
- if r.options.filterRegex != nil && r.options.filterRegex.MatchString(resp.raw) {
- continue
- }
- if r.options.OutputFilterString != "" && strings.Contains(strings.ToLower(resp.raw), strings.ToLower(r.options.OutputFilterString)) {
- continue
- }
- if len(r.options.OutputFilterFavicon) > 0 && stringsutil.EqualFoldAny(resp.FavIconMMH3, r.options.OutputFilterFavicon...) {
- continue
- }
- if len(r.options.matchStatusCode) > 0 && !slice.IntSliceContains(r.options.matchStatusCode, resp.StatusCode) {
- continue
- }
- if len(r.options.matchContentLength) > 0 && !slice.IntSliceContains(r.options.matchContentLength, resp.ContentLength) {
- continue
- }
- if r.options.matchRegex != nil && !r.options.matchRegex.MatchString(resp.raw) {
- continue
- }
- if r.options.OutputMatchString != "" && !strings.Contains(strings.ToLower(resp.raw), strings.ToLower(r.options.OutputMatchString)) {
- continue
- }
- if len(r.options.OutputMatchFavicon) > 0 && !stringsutil.EqualFoldAny(resp.FavIconMMH3, r.options.OutputMatchFavicon...) {
- continue
- }
- if len(r.options.matchLinesCount) > 0 && !slice.IntSliceContains(r.options.matchLinesCount, resp.Lines) {
- continue
- }
- if len(r.options.matchWordsCount) > 0 && !slice.IntSliceContains(r.options.matchWordsCount, resp.Words) {
- continue
- }
+ // apply matchers and filters
+ if len(r.options.filterStatusCode) > 0 && slice.IntSliceContains(r.options.filterStatusCode, resp.StatusCode) {
+ continue
+ }
+ if len(r.options.filterContentLength) > 0 && slice.IntSliceContains(r.options.filterContentLength, resp.ContentLength) {
+ continue
+ }
+ if len(r.options.filterLinesCount) > 0 && slice.IntSliceContains(r.options.filterLinesCount, resp.Lines) {
+ continue
+ }
+ if len(r.options.filterWordsCount) > 0 && slice.IntSliceContains(r.options.filterWordsCount, resp.Words) {
+ continue
+ }
+ if r.options.filterRegex != nil && r.options.filterRegex.MatchString(resp.raw) {
+ continue
+ }
+ if r.options.OutputFilterString != "" && strings.Contains(strings.ToLower(resp.raw), strings.ToLower(r.options.OutputFilterString)) {
+ continue
+ }
+ if len(r.options.OutputFilterFavicon) > 0 && stringsutil.EqualFoldAny(resp.FavIconMMH3, r.options.OutputFilterFavicon...) {
+ continue
+ }
+ if len(r.options.matchStatusCode) > 0 && !slice.IntSliceContains(r.options.matchStatusCode, resp.StatusCode) {
+ continue
+ }
+ if len(r.options.matchContentLength) > 0 && !slice.IntSliceContains(r.options.matchContentLength, resp.ContentLength) {
+ continue
+ }
+ if r.options.matchRegex != nil && !r.options.matchRegex.MatchString(resp.raw) {
+ continue
+ }
+ if r.options.OutputMatchString != "" && !strings.Contains(strings.ToLower(resp.raw), strings.ToLower(r.options.OutputMatchString)) {
+ continue
+ }
+ if len(r.options.OutputMatchFavicon) > 0 && !stringsutil.EqualFoldAny(resp.FavIconMMH3, r.options.OutputMatchFavicon...) {
+ continue
+ }
+ if len(r.options.matchLinesCount) > 0 && !slice.IntSliceContains(r.options.matchLinesCount, resp.Lines) {
+ continue
+ }
+ if len(r.options.matchWordsCount) > 0 && !slice.IntSliceContains(r.options.matchWordsCount, resp.Words) {
+ continue
+ }
- row := resp.str
- if r.options.JSONOutput {
- row = resp.JSON(&r.scanopts)
- gologger.Silent().Msgf("%s\n", row)
- } else if r.options.CSVOutput {
- gologger.Silent().Msgf("%s\n", row)
- row = resp.CSVRow(&r.scanopts)
- } else {
- gologger.Silent().Msgf("%s\n", row)
- }
+ row := resp.str
+ if r.options.JSONOutput {
+ row = resp.JSON(&r.scanopts)
+ gologger.Silent().Msgf("%s\n", row)
+ } else if r.options.CSVOutput {
+ gologger.Silent().Msgf("%s\n", row)
+ row = resp.CSVRow(&r.scanopts)
+ } else {
+ gologger.Silent().Msgf("%s\n", row)
+ }
- if f != nil {
- //nolint:errcheck // this method needs a small refactor to reduce complexity
- f.WriteString(row + "\n")
+ if f != nil {
+ //nolint:errcheck // this method needs a small refactor to reduce complexity
+ f.WriteString(row + "\n")
+ }
}
- }
+ })
}(output)
wg := sizedwaitgroup.New(r.options.Threads)
@@ -708,47 +709,49 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
for _, method := range scanopts.Methods {
for _, prot := range protocols {
wg.Add()
- go func(target, method, protocol string) {
- defer wg.Done()
- result := r.analyze(hp, protocol, target, method, t, scanopts)
- util.SendAnyData(&result, util.Httpx)
- output <- result
- if scanopts.TLSProbe && result.TLSData != nil {
- scanopts.TLSProbe = false
- for _, tt := range result.TLSData.DNSNames {
- if !r.testAndSet(tt) {
- continue
- }
- r.process(tt, wg, hp, protocol, scanopts, output)
- a1 := fingerprint.PreprocessingFingerScan(tt)
- for _, x1 := range a1 {
- r.process(x1, wg, hp, protocol, scanopts, output)
- }
- }
- for _, tt := range result.TLSData.CommonName {
- if !r.testAndSet(tt) {
- continue
+ func(target, method, protocol string) {
+ util.DefaultPool.Submit(func() {
+ defer wg.Done()
+ result := r.analyze(hp, protocol, target, method, t, scanopts)
+ util.SendAnyData(&result, util.Httpx)
+ output <- result
+ if scanopts.TLSProbe && result.TLSData != nil {
+ scanopts.TLSProbe = false
+ for _, tt := range result.TLSData.DNSNames {
+ if !r.testAndSet(tt) {
+ continue
+ }
+ r.process(tt, wg, hp, protocol, scanopts, output)
+ a1 := fingerprint.PreprocessingFingerScan(tt)
+ for _, x1 := range a1 {
+ r.process(x1, wg, hp, protocol, scanopts, output)
+ }
}
- r.process(tt, wg, hp, protocol, scanopts, output)
- a1 := fingerprint.PreprocessingFingerScan(tt)
- for _, x1 := range a1 {
- r.process(x1, wg, hp, protocol, scanopts, output)
+ for _, tt := range result.TLSData.CommonName {
+ if !r.testAndSet(tt) {
+ continue
+ }
+ r.process(tt, wg, hp, protocol, scanopts, output)
+ a1 := fingerprint.PreprocessingFingerScan(tt)
+ for _, x1 := range a1 {
+ r.process(x1, wg, hp, protocol, scanopts, output)
+ }
}
}
- }
- if scanopts.CSPProbe && result.CSPData != nil {
- scanopts.CSPProbe = false
- for _, tt := range result.CSPData.Domains {
- if !r.testAndSet(tt) {
- continue
- }
- r.process(tt, wg, hp, protocol, scanopts, output)
- a1 := fingerprint.PreprocessingFingerScan(tt)
- for _, x1 := range a1 {
- r.process(x1, wg, hp, protocol, scanopts, output)
+ if scanopts.CSPProbe && result.CSPData != nil {
+ scanopts.CSPProbe = false
+ for _, tt := range result.CSPData.Domains {
+ if !r.testAndSet(tt) {
+ continue
+ }
+ r.process(tt, wg, hp, protocol, scanopts, output)
+ a1 := fingerprint.PreprocessingFingerScan(tt)
+ for _, x1 := range a1 {
+ r.process(x1, wg, hp, protocol, scanopts, output)
+ }
}
}
- }
+ })
}(target, method, prot)
}
}
@@ -762,27 +765,29 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
for _, wantedProtocol := range wantedProtocols {
for _, method := range scanopts.Methods {
wg.Add()
- go func(port int, method, protocol string) {
- defer wg.Done()
- h, _ := urlutil.ChangePort(target, fmt.Sprint(port))
- result := r.analyze(hp, protocol, h, method, t, scanopts)
- util.SendAnyData(&result, util.Httpx)
- output <- result
- if scanopts.TLSProbe && result.TLSData != nil {
- scanopts.TLSProbe = false
- for _, tt := range result.TLSData.DNSNames {
- if !r.testAndSet(tt) {
- continue
+ func(port int, method, protocol string) {
+ util.DefaultPool.Submit(func() {
+ defer wg.Done()
+ h, _ := urlutil.ChangePort(target, fmt.Sprint(port))
+ result := r.analyze(hp, protocol, h, method, t, scanopts)
+ util.SendAnyData(&result, util.Httpx)
+ output <- result
+ if scanopts.TLSProbe && result.TLSData != nil {
+ scanopts.TLSProbe = false
+ for _, tt := range result.TLSData.DNSNames {
+ if !r.testAndSet(tt) {
+ continue
+ }
+ r.process(tt, wg, hp, protocol, scanopts, output)
}
- r.process(tt, wg, hp, protocol, scanopts, output)
- }
- for _, tt := range result.TLSData.CommonName {
- if !r.testAndSet(tt) {
- continue
+ for _, tt := range result.TLSData.CommonName {
+ if !r.testAndSet(tt) {
+ continue
+ }
+ r.process(tt, wg, hp, protocol, scanopts, output)
}
- r.process(tt, wg, hp, protocol, scanopts, output)
}
- }
+ })
}(port, method, wantedProtocol)
}
}
@@ -796,7 +801,7 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
// returns all the targets within a cidr range or the single target
func (r *Runner) targets(hp *httpx.HTTPX, target string) chan string {
results := make(chan string)
- go func() {
+ util.DefaultPool.Submit(func() {
defer close(results)
// A valid target does not contain:
@@ -834,7 +839,7 @@ func (r *Runner) targets(hp *httpx.HTTPX, target string) chan string {
} else {
results <- target
}
- }()
+ })
return results
}
diff --git a/pkg/hydra/hydra.go b/pkg/hydra/hydra.go
index e9a334906..86ddbd4f9 100644
--- a/pkg/hydra/hydra.go
+++ b/pkg/hydra/hydra.go
@@ -2,6 +2,7 @@ package hydra
import (
"fmt"
+ "github.com/hktalent/ProScan4all/lib/util"
"github.com/hktalent/ProScan4all/pkg/hydra/oracle"
"github.com/hktalent/ProScan4all/pkg/kscan/lib/gotelnet"
"github.com/hktalent/ProScan4all/pkg/kscan/lib/misc"
@@ -125,7 +126,7 @@ func (c *Cracker) Run() {
return
}
//go 任务下发器
- go func() {
+ util.DefaultPool.Submit(func() {
x1 := c.authList.Dict(c.onlyPassword)
//fmt.Println("破解任务下发器:", len(x1))
for _, a := range x1 {
@@ -154,7 +155,7 @@ func (c *Cracker) Run() {
}
//关闭信道
c.Pool.InDone()
- }()
+ })
//开始暴力破解
c.Pool.Run()
}
diff --git a/pkg/hydra/smb/smb.go b/pkg/hydra/smb/smb.go
index 9bff8d8ed..ccc12f519 100644
--- a/pkg/hydra/smb/smb.go
+++ b/pkg/hydra/smb/smb.go
@@ -21,7 +21,7 @@ func Check(Host, Username, Domain, Password string, Port int) (bool, error) {
Workstation: "",
}
//开始进行SMB连接
- go func() {
+ util.DefaultPool.Submit(func() {
session, err := smb.NewSession(options, false)
if err != nil {
status <- err
@@ -33,7 +33,7 @@ func Check(Host, Username, Domain, Password string, Port int) (bool, error) {
return
}
status <- nil
- }()
+ })
select {
case <-ctx.Done():
diff --git a/pkg/kscan/lib/gotelnet/telnet.go b/pkg/kscan/lib/gotelnet/telnet.go
index bb9976f38..3d2080327 100644
--- a/pkg/kscan/lib/gotelnet/telnet.go
+++ b/pkg/kscan/lib/gotelnet/telnet.go
@@ -138,7 +138,7 @@ func (c *Client) Connect() error {
}
c.conn = conn
//开启输入监听
- go func() {
+ util.DefaultPool.Submit(func() {
for {
buf, err := c.read()
if err != nil {
@@ -160,7 +160,7 @@ func (c *Client) Connect() error {
c.LastResponse += string(displayBuf)
}
}
- }()
+ })
//等待初始化
time.Sleep(time.Second * 3)
return nil
diff --git a/pkg/kscan/lib/grdp/core/io.go b/pkg/kscan/lib/grdp/core/io.go
index bcb90ee0e..1e6f71ecc 100755
--- a/pkg/kscan/lib/grdp/core/io.go
+++ b/pkg/kscan/lib/grdp/core/io.go
@@ -2,6 +2,7 @@ package core
import (
"encoding/binary"
+ "github.com/hktalent/ProScan4all/lib/util"
"io"
)
@@ -9,11 +10,11 @@ type ReadBytesComplete func(result []byte, err error)
func StartReadBytes(len int, r io.Reader, cb ReadBytesComplete) {
b := make([]byte, len)
- go func() {
+ util.DefaultPool.Submit(func() {
_, err := io.ReadFull(r, b)
//glog.Debug("StartReadBytes Get", n, "Bytes:", hex.EncodeToString(b))
cb(b, err)
- }()
+ })
}
func ReadBytes(len int, r io.Reader) ([]byte, error) {
diff --git a/pkg/kscan/lib/grdp/emission/emitter.go b/pkg/kscan/lib/grdp/emission/emitter.go
index 0434fde64..d8fd9bc7b 100755
--- a/pkg/kscan/lib/grdp/emission/emitter.go
+++ b/pkg/kscan/lib/grdp/emission/emitter.go
@@ -7,6 +7,7 @@ package emission
import (
"errors"
"fmt"
+ "github.com/hktalent/ProScan4all/lib/util"
"os"
"reflect"
"sync"
@@ -198,32 +199,33 @@ func (emitter *Emitter) callListeners(listeners []reflect.Value, event interface
wg.Add(len(listeners))
for _, fn := range listeners {
- go func(fn reflect.Value) {
- defer wg.Done()
-
- // Recover from potential panics, supplying them to a
- // RecoveryListener if one has been set, else allowing
- // the panic to occur.
- if nil != emitter.recoverer {
- defer func() {
- if r := recover(); nil != r {
- err := fmt.Errorf("%v", r)
- emitter.recoverer(event, fn.Interface(), err)
- }
- }()
- }
+ func(fn reflect.Value) {
+ util.DefaultPool.Submit(func() {
+ defer wg.Done()
+ // Recover from potential panics, supplying them to a
+ // RecoveryListener if one has been set, else allowing
+ // the panic to occur.
+ if nil != emitter.recoverer {
+ defer func() {
+ if r := recover(); nil != r {
+ err := fmt.Errorf("%v", r)
+ emitter.recoverer(event, fn.Interface(), err)
+ }
+ }()
+ }
- var values []reflect.Value
+ var values []reflect.Value
- for i := 0; i < len(arguments); i++ {
- if arguments[i] == nil {
- values = append(values, reflect.New(fn.Type().In(i)).Elem())
- } else {
- values = append(values, reflect.ValueOf(arguments[i]))
+ for i := 0; i < len(arguments); i++ {
+ if arguments[i] == nil {
+ values = append(values, reflect.New(fn.Type().In(i)).Elem())
+ } else {
+ values = append(values, reflect.ValueOf(arguments[i]))
+ }
}
- }
- fn.Call(values)
+ fn.Call(values)
+ })
}(fn)
}
diff --git a/pkg/ksubdomain/enum.go b/pkg/ksubdomain/enum.go
index 6c7746742..bc2ab9f70 100644
--- a/pkg/ksubdomain/enum.go
+++ b/pkg/ksubdomain/enum.go
@@ -11,6 +11,7 @@ import (
"github.com/boy-hack/ksubdomain/runner/outputter"
"github.com/boy-hack/ksubdomain/runner/outputter/output"
"github.com/boy-hack/ksubdomain/runner/processbar"
+ "github.com/hktalent/ProScan4all/lib/util"
"github.com/urfave/cli/v2"
"math/rand"
"os"
@@ -122,7 +123,7 @@ var enumCommand = &cli.Command{
}
render := make(chan string)
- go func() {
+ util.DefaultPool.Submit(func() {
defer close(render)
for _, sub := range subdomainDict {
for _, domain := range domains {
@@ -136,7 +137,7 @@ var enumCommand = &cli.Command{
}
}
}
- }()
+ })
domainTotal = len(subdomainDict) * len(domains)
if len(levelDomains) > 0 {
domainTotal *= len(levelDomains)
diff --git a/pkg/ksubdomain/verify.go b/pkg/ksubdomain/verify.go
index 5b09919d1..7f4ceecd8 100644
--- a/pkg/ksubdomain/verify.go
+++ b/pkg/ksubdomain/verify.go
@@ -10,6 +10,7 @@ import (
"github.com/boy-hack/ksubdomain/runner/outputter"
"github.com/boy-hack/ksubdomain/runner/outputter/output"
"github.com/boy-hack/ksubdomain/runner/processbar"
+ "github.com/hktalent/ProScan4all/lib/util"
"github.com/urfave/cli/v2"
"os"
)
@@ -122,7 +123,7 @@ var verifyCommand = &cli.Command{
}
total += t
}
- go func() {
+ util.DefaultPool.Submit(func() {
for _, line := range domains {
render <- line
}
@@ -139,7 +140,7 @@ var verifyCommand = &cli.Command{
}
}
close(render)
- }()
+ })
onlyDomain := c.Bool("only-domain")
if c.String("output") != "" {
diff --git a/pkg/naabu/v2/pkg/runner/runner.go b/pkg/naabu/v2/pkg/runner/runner.go
index a40298753..bb0bc3b7e 100644
--- a/pkg/naabu/v2/pkg/runner/runner.go
+++ b/pkg/naabu/v2/pkg/runner/runner.go
@@ -270,14 +270,16 @@ func (r *Runner) RunEnumeration() error {
for ip := range ipStream {
for _, port := range r.scanner.Ports {
r.limiter.Take()
- go func(ip string, port int) {
- if shouldUseRawPackets {
- r.RawSocketEnumeration(ip, port)
- } else {
- r.wgscan.Add()
-
- go r.handleHostPort(ip, port)
- }
+ func(ip string, port int) {
+ util.DefaultPool.Submit(func() {
+ if shouldUseRawPackets {
+ r.RawSocketEnumeration(ip, port)
+ } else {
+ r.wgscan.Add()
+
+ go r.handleHostPort(ip, port)
+ }
+ })
}(ip, port)
}
}
@@ -296,37 +298,38 @@ func (r *Runner) RunEnumeration() error {
ipStream, _ := mapcidr.IPAddressesAsStream(cidr.String())
for ip := range ipStream {
r.wgscan.Add()
- go func(ip string) {
- defer r.wgscan.Done()
-
- // obtain ports from shodan idb
- shodanURL := fmt.Sprintf(shodanidb.URL, url.QueryEscape(ip))
- request, err := retryablehttp.NewRequest(http.MethodGet, shodanURL, nil)
- if err != nil {
- gologger.Warning().Msgf("Couldn't create http request for %s: %s\n", ip, err)
- return
- }
- r.limiter.Take()
- response, err := httpClient.Do(request)
- if err != nil {
- gologger.Warning().Msgf("Couldn't retrieve http response for %s: %s\n", ip, err)
- return
- }
- if response.StatusCode != http.StatusOK {
- gologger.Warning().Msgf("Couldn't retrieve data for %s, server replied with status code: %d\n", ip, response.StatusCode)
- return
- }
+ func(ip string) {
+ util.DefaultPool.Submit(func() {
+ defer r.wgscan.Done()
+ // obtain ports from shodan idb
+ shodanURL := fmt.Sprintf(shodanidb.URL, url.QueryEscape(ip))
+ request, err := retryablehttp.NewRequest(http.MethodGet, shodanURL, nil)
+ if err != nil {
+ gologger.Warning().Msgf("Couldn't create http request for %s: %s\n", ip, err)
+ return
+ }
+ r.limiter.Take()
+ response, err := httpClient.Do(request)
+ if err != nil {
+ gologger.Warning().Msgf("Couldn't retrieve http response for %s: %s\n", ip, err)
+ return
+ }
+ if response.StatusCode != http.StatusOK {
+ gologger.Warning().Msgf("Couldn't retrieve data for %s, server replied with status code: %d\n", ip, response.StatusCode)
+ return
+ }
- // unmarshal the response
- data := &shodanidb.ShodanResponse{}
- if err := util.Json.NewDecoder(response.Body).Decode(data); err != nil {
- gologger.Warning().Msgf("Couldn't unmarshal json data for %s: %s\n", ip, err)
- return
- }
+ // unmarshal the response
+ data := &shodanidb.ShodanResponse{}
+ if err := util.Json.NewDecoder(response.Body).Decode(data); err != nil {
+ gologger.Warning().Msgf("Couldn't unmarshal json data for %s: %s\n", ip, err)
+ return
+ }
- for _, port := range data.Ports {
- r.scanner.ScanResults.AddPort(ip, port)
- }
+ for _, port := range data.Ports {
+ r.scanner.ScanResults.AddPort(ip, port)
+ }
+ })
}(ip)
}
}
@@ -411,17 +414,19 @@ func (r *Runner) RunEnumeration() error {
r.options.ResumeCfg.Index = index
r.options.ResumeCfg.Unlock()
// connect scan
- go func(port int) {
- if shouldUseRawPackets {
- r.RawSocketEnumeration(ip, port)
- } else {
- r.wgscan.Add()
+ func(port int) {
+ util.DefaultPool.Submit(func() {
+ if shouldUseRawPackets {
+ r.RawSocketEnumeration(ip, port)
+ } else {
+ r.wgscan.Add()
- go r.handleHostPort(ip, port)
- }
- if r.options.EnableProgressBar {
- r.stats.IncrementCounter("packets", 1)
- }
+ go r.handleHostPort(ip, port)
+ }
+ if r.options.EnableProgressBar {
+ r.stats.IncrementCounter("packets", 1)
+ }
+ })
}(port)
}
@@ -502,10 +507,12 @@ func (r *Runner) ConnectVerification() {
for host, ports := range r.scanner.ScanResults.IPPorts {
limiter.Take()
swg.Add(1)
- go func(host string, ports map[int]struct{}) {
- defer swg.Done()
- results := r.scanner.ConnectVerify(host, ports)
- r.scanner.ScanResults.SetPorts(host, results)
+ func(host string, ports map[int]struct{}) {
+ util.DefaultPool.Submit(func() {
+ defer swg.Done()
+ results := r.scanner.ConnectVerify(host, ports)
+ r.scanner.ScanResults.SetPorts(host, results)
+ })
}(host, ports)
}
diff --git a/pkg/naabu/v2/pkg/runner/targets.go b/pkg/naabu/v2/pkg/runner/targets.go
index 9d646c888..c5bb74acf 100644
--- a/pkg/naabu/v2/pkg/runner/targets.go
+++ b/pkg/naabu/v2/pkg/runner/targets.go
@@ -257,11 +257,13 @@ func (r *Runner) PreProcessTargets() error {
s := bufio.NewScanner(f)
for s.Scan() {
wg.Add()
- go func(target string) {
- defer wg.Done()
- if err := r.AddTarget(target); err != nil {
- gologger.Warning().Msgf("%s\n", err)
- }
+ func(target string) {
+ util.DefaultPool.Submit(func() {
+ defer wg.Done()
+ if err := r.AddTarget(target); err != nil {
+ gologger.Warning().Msgf("%s\n", err)
+ }
+ })
}(s.Text())
}
wg.Wait()
diff --git a/pkg/naabu/v2/pkg/scan/connect_test.go b/pkg/naabu/v2/pkg/scan/connect_test.go
index 72224dda1..c4f5b2443 100644
--- a/pkg/naabu/v2/pkg/scan/connect_test.go
+++ b/pkg/naabu/v2/pkg/scan/connect_test.go
@@ -1,6 +1,7 @@
package scan
import (
+ "github.com/hktalent/ProScan4all/lib/util"
"net"
"testing"
@@ -8,7 +9,7 @@ import (
)
func TestConnectVerify(t *testing.T) {
- go func() {
+ util.DefaultPool.Submit(func() {
// start tcp server
l, err := net.Listen("tcp", ":17895")
if err != nil {
@@ -22,7 +23,7 @@ func TestConnectVerify(t *testing.T) {
}
defer conn.Close()
}
- }()
+ })
s, err := NewScanner(&Options{})
assert.Nil(t, err)
diff --git a/pkg/naabu/v2/pkg/scan/scan_unix.go b/pkg/naabu/v2/pkg/scan/scan_unix.go
index 994ffc86f..58e01ccad 100644
--- a/pkg/naabu/v2/pkg/scan/scan_unix.go
+++ b/pkg/naabu/v2/pkg/scan/scan_unix.go
@@ -4,6 +4,7 @@ package scan
import (
"fmt"
+ "github.com/hktalent/ProScan4all/lib/util"
"io"
"net"
"sync"
@@ -103,54 +104,56 @@ func TCPReadWorkerPCAPUnix(s *Scanner) {
for _, handler := range handlers.Active {
wgread.Add(1)
- go func(handler *pcap.Handle) {
- defer wgread.Done()
-
- var (
- eth layers.Ethernet
- ip4 layers.IPv4
- tcp layers.TCP
- )
-
- // Interfaces with MAC (Physical + Virtualized)
- parserMac := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet, ð, &ip4, &tcp)
- // Interfaces without MAC (TUN/TAP)
- parserNoMac := gopacket.NewDecodingLayerParser(layers.LayerTypeIPv4, &ip4, &tcp)
-
- var parsers []*gopacket.DecodingLayerParser
- parsers = append(parsers, parserMac, parserNoMac)
-
- decoded := []gopacket.LayerType{}
-
- for {
- data, _, err := handler.ReadPacketData()
- if err == io.EOF {
- break
- } else if err != nil {
- continue
- }
-
- for _, parser := range parsers {
- if err := parser.DecodeLayers(data, &decoded); err != nil {
+ func(handler *pcap.Handle) {
+ util.DefaultPool.Submit(func() {
+ defer wgread.Done()
+
+ var (
+ eth layers.Ethernet
+ ip4 layers.IPv4
+ tcp layers.TCP
+ )
+
+ // Interfaces with MAC (Physical + Virtualized)
+ parserMac := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet, ð, &ip4, &tcp)
+ // Interfaces without MAC (TUN/TAP)
+ parserNoMac := gopacket.NewDecodingLayerParser(layers.LayerTypeIPv4, &ip4, &tcp)
+
+ var parsers []*gopacket.DecodingLayerParser
+ parsers = append(parsers, parserMac, parserNoMac)
+
+ decoded := []gopacket.LayerType{}
+
+ for {
+ data, _, err := handler.ReadPacketData()
+ if err == io.EOF {
+ break
+ } else if err != nil {
continue
}
- for _, layerType := range decoded {
- if layerType == layers.LayerTypeTCP {
- if !s.IPRanger.Contains(ip4.SrcIP.String()) {
- gologger.Debug().Msgf("Discarding TCP packet from non target ip %s\n", ip4.SrcIP.String())
- continue
- }
- // We consider only incoming packets
- if tcp.DstPort != layers.TCPPort(s.listenPort) {
- continue
- } else if tcp.SYN && tcp.ACK {
- s.tcpChan <- &PkgResult{ip: ip4.SrcIP.String(), port: int(tcp.SrcPort)}
+ for _, parser := range parsers {
+ if err := parser.DecodeLayers(data, &decoded); err != nil {
+ continue
+ }
+ for _, layerType := range decoded {
+ if layerType == layers.LayerTypeTCP {
+ if !s.IPRanger.Contains(ip4.SrcIP.String()) {
+ gologger.Debug().Msgf("Discarding TCP packet from non target ip %s\n", ip4.SrcIP.String())
+ continue
+ }
+
+ // We consider only incoming packets
+ if tcp.DstPort != layers.TCPPort(s.listenPort) {
+ continue
+ } else if tcp.SYN && tcp.ACK {
+ s.tcpChan <- &PkgResult{ip: ip4.SrcIP.String(), port: int(tcp.SrcPort)}
+ }
}
}
}
}
- }
+ })
}(handler)
}
diff --git a/pkg/portScan/test/test.go b/pkg/portScan/test/test.go
deleted file mode 100644
index ac0aee1e8..000000000
--- a/pkg/portScan/test/test.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package main
-
-import (
- "github.com/hktalent/51pwnPlatform/lib"
- "github.com/hktalent/51pwnPlatform/lib/scan/Const"
- "github.com/hktalent/ProScan4all/engine"
- "github.com/hktalent/ProScan4all/lib/util"
- "github.com/hktalent/ProScan4all/pkg/portScan"
- "net/http"
- "time"
-)
-
-func main() {
- util.DoInit(nil)
- //util.InitModle(masscan.Ports{}, masscan.Address{}, masscan.Service{}, masscan.State{}, masscan.Host{})
- util.InitModle(&portScan.Ports{}, &portScan.Host{})
- <-time.After(3 * time.Second)
- engine.Dispather(&lib.Target4Chan{ScanWeb: "192.168.0.111", ScanType: Const.ScanType_Masscan})
- //portScan.MassScanTarget("192.168.0.111", "masscan1", []string{}, portScan.PortsStr("9200,8000"), portScan.TargetStr("2.168.0.111"))
- http.ListenAndServe(":6060", nil)
- util.Wg.Wait()
- util.CloseAll()
-}
diff --git a/pkg/xcmd/allCmdTools.go b/pkg/xcmd/allCmdTools.go
index abe511c59..4728e2bf6 100644
--- a/pkg/xcmd/allCmdTools.go
+++ b/pkg/xcmd/allCmdTools.go
@@ -1,14 +1,57 @@
package xcmd
import (
+ "github.com/hktalent/51pwnPlatform/pkg/models"
"github.com/hktalent/ProScan4all/lib/util"
+ Const "github.com/hktalent/go-utils"
"os"
"strings"
)
+/*
+go install github.com/OJ/gobuster/v3@latest
+*/
+func init() {
+ util.RegInitFunc(func() {
+ for k, v := range map[uint64]func(string) string{
+ Const.ScanType_Naabu: DoNaabu,
+ Const.ScanType_Httpx: DoHttpx,
+ Const.ScanType_Nuclei: DoNuclei,
+ Const.ScanType_DNSx: DoDnsx,
+ Const.ScanType_Tlsx: DoTlsx,
+ Const.ScanType_Katana: DoKatana,
+ Const.ScanType_Shuffledns: DoShuffledns,
+ Const.ScanType_Subfinder: DoSubfinder,
+ Const.ScanType_Amass: DoAmass,
+ Const.ScanType_Ffuf: DoFfuf,
+ Const.ScanType_Uncover: DoUncover,
+ Const.ScanType_Gobuster: DoGobuster,
+ } {
+ func(cbk func(string) string) {
+ util.EngineFuncFactory(int64(k), func(evt *models.EventData, args ...interface{}) {
+ s := strings.Join(util.CvtData(evt.EventData), "\n")
+ cbk(s)
+ })
+ }(v)
+ }
+ })
+}
+
+/*
+gobuster dns -d qq.com -c -w config/database/subdomain.txt
+gobuster dir -u https://127.0.0.1:8081/ -H 'Cookie: JSESSIONID=353170776e;rememberMe=123' --no-status -k --random-agent -w $HOME/MyWork/scan4all/brute/dicts/filedic.txt -o xxx.txt
+*/
+func DoGobuster(s string) string {
+ szName, _ := GetTempFile() // 输出的文件名
+ s1 := doTpCmdN("gobuster", s, szName, 2)
+
+ return s1
+}
+
// 传入目标数据,转换为临时文件名
-// 最后一次参数为输出文件名
-// 内、外网都做
+//
+// 最后一次参数为输出文件名
+// 内、外网都做
func DoNaabu(s string) string {
return DoTargetHost(s, "naabu")
}
@@ -49,12 +92,13 @@ func DoRawCmd(s, t string) string {
-report-db string nuclei reporting database (always use this to persist report data)
-ztls use ztls library with autofallback to standard one for tls13
Out-of-band application security testing (OAST)
- -cloud run scan on nuclei cloud
- -cs, -cloud-server string nuclei cloud server to use (default "http://cloud-dev.nuclei.sh")
- -ak, -cloud-api-key string api-key for the nuclei cloud server
- ./tools/macOS/nuclei -l tools/xx.txt -t $PWD/config/nuclei-templates,$PWD/config/51pwn -nss -severity critical,high,medium -type http,network,websocket,dns -report-config ./config/nuclei_esConfig.yaml -ztls -config-directory ./config/nuclei -max-host-error 5 -duc -nc -json -o xxx1.json
- 内、外网都做
+ -cloud run scan on nuclei cloud
+ -cs, -cloud-server string nuclei cloud server to use (default "http://cloud-dev.nuclei.sh")
+ -ak, -cloud-api-key string api-key for the nuclei cloud server
+
+ ./tools/macOS/nuclei -l tools/xx.txt -t $PWD/config/nuclei-templates,$PWD/config/51pwn -nss -severity critical,high,medium -type http,network,websocket,dns -report-config ./config/nuclei_esConfig.yaml -ztls -config-directory ./config/nuclei -max-host-error 5 -duc -nc -json -o xxx1.json
+ 内、外网都做
+tools:"nuclei" +ip:"202.51.189.217"
*/
@@ -63,7 +107,8 @@ func DoNuclei(s string) string {
}
// 执行命令t,转换目标不包含 http[s]://
-// s 为 输入
+//
+// s 为 输入
func DoTargetHost(s, t string) string {
s = Target2HostsFile(s)
szName, _ := GetTempFile()
@@ -79,8 +124,10 @@ func DoDnsx(s string) string {
// tools/macOS/tlsx -l xxx -p 443 -scan-mode auto -ps -scan-all-ips -ip-version 4,6 -so -tls-version -cipher -hash sha1 -jarm -ja3 -wildcard-cert -probe-status -expired -self-signed -mismatched -revoked -c 300 -silent -nc -json -o xxx
// -version-enum
// -cipher-enum
-// "-san",
-// 只做 https
+//
+// "-san",
+// 只做 https
+//
// tlsx -u www.sina.com.cn -json -silent | jq .
// cmd:"tlsx"
func DoTlsx(s string) string {
@@ -88,7 +135,8 @@ func DoTlsx(s string) string {
}
// -no-scope disables host based default scope
-// 爬虫
+//
+// 爬虫
func DoKatana(s string) string {
return DoRawCmd(s, "katana")
}
@@ -121,11 +169,13 @@ func DoAmass(s string) string {
https://github.com/ffuf/ffuf
-recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
-recursion-depth Maximum recursion depth. (default: 0)
+
-d POST data
- ffuf -w hosts.txt -u https://example.org/ -H "Host: FUZZ" -mc 200
+
+ ffuf -w hosts.txt -u https://example.org/ -H "Host: FUZZ" -mc 200
+
ffuf -w wordlist.txt -u https://example.org/FUZZ -mc all -fs 42 -c -v
ffuf -w /path/to/postdata.txt -X POST -d "username=admin\&password=FUZZ" -u https://target/login.php -fc 401
-
*/
func DoFfuf(s string) string {
return DoRaw4FuzzCmd(s, "ffuf")
@@ -137,14 +187,9 @@ func DoRaw4FuzzCmd(s, t string) string {
return doTpCmd(t, s, szName)
}
-// 执行nmap
-func doNmap(s string) string {
- s = Target2HostsFile(s)
- //szName, _ := GetTempFile()
- return ""
-}
+/*
+ ./uncover -q 'ssl:"paypal.com"' -e shodan -pc ../../config/uncover/provider-config.yaml -config ../../config/uncover/config.yaml -f ip,port,host -json -o paypal1.json
-/* ./uncover -q 'ssl:"paypal.com"' -e shodan -pc ../../config/uncover/provider-config.yaml -config ../../config/uncover/config.yaml -f ip,port,host -json -o paypal1.json
'ssl:"China Lodging Group"'
'ssl:"huazhu"'
'ssl:"huazhu.com"'
diff --git a/pkg/xcmd/doCmd.go b/pkg/xcmd/doCmd.go
index 5bc0baa48..53a623498 100644
--- a/pkg/xcmd/doCmd.go
+++ b/pkg/xcmd/doCmd.go
@@ -39,6 +39,7 @@ func DoAsyncCmd(szCmd string, a ...string) string {
if _, err := DoCmd(a...); nil != err {
log.Println(err)
}
+
if data, err := ioutil.ReadFile(szName); nil == err && 0 < len(data) {
ss1 := string(data)
SaveMdRst(ss1, szCmd, a)
diff --git a/pocs_go/ms/probe_netbios.go b/pocs_go/ms/probe_netbios.go
index 1a72e263a..1701da7dc 100644
--- a/pocs_go/ms/probe_netbios.go
+++ b/pocs_go/ms/probe_netbios.go
@@ -4,6 +4,8 @@ import (
"bytes"
"encoding/binary"
"fmt"
+ "github.com/hktalent/ProScan4all/lib/util"
+
//"log"
"math/rand"
"net"
@@ -347,7 +349,7 @@ func (this *ProbeNetbios) Initialize() {
// Open socket
this.socket, _ = net.ListenPacket("udp", "")
- go func() {
+ util.DefaultPool.Submit(func() {
go this.ProcessReplies()
for dip := range this.input {
@@ -378,7 +380,7 @@ func (this *ProbeNetbios) Initialize() {
// Complete
this.waiter.Done()
- }()
+ })
return
}
diff --git a/projectdiscovery/nuclei_Yaml/nclruner/runner/runner.go b/projectdiscovery/nuclei_Yaml/nclruner/runner/runner.go
index d53fd02c3..c9b9522fc 100644
--- a/projectdiscovery/nuclei_Yaml/nclruner/runner/runner.go
+++ b/projectdiscovery/nuclei_Yaml/nclruner/runner/runner.go
@@ -6,6 +6,7 @@ import (
"context"
"fmt"
"github.com/blang/semver"
+ "github.com/hktalent/ProScan4all/lib/util"
jsoniter "github.com/json-iterator/go"
"github.com/logrusorgru/aurora"
"github.com/pkg/errors"
@@ -157,9 +158,9 @@ func New(options *types.Options) (*Runner, error) {
}
gologger.Info().Msgf("Listening pprof debug server on: %s", pprofServerAddress)
runner.pprofServer = server
- go func() {
+ util.DefaultPool.Submit(func() {
_ = server.ListenAndServe()
- }()
+ })
}
if (len(options.Templates) == 0 || !options.NewTemplates || (options.TargetsFilePath == "" && !options.Stdin && len(options.Targets) == 0)) && options.UpdateTemplates {
diff --git a/qq.com.json b/qq.com.json
new file mode 100644
index 000000000..f9f01e28e
--- /dev/null
+++ b/qq.com.json
@@ -0,0 +1,197 @@
+Found: isd.qq.com [0.0.0.1]
+Found: gca.qq.com [112.86.230.89]
+Found: app1.qq.com [0.0.0.1]
+Found: pad.qq.com [0.0.0.1]
+Found: jade.qq.com [203.205.234.24]
+Found: ditu.qq.com [43.135.106.201,43.135.106.241,240d:c000:2010:1807:0:95aa:d331:c04c,240d:c000:2010:1807:0:95aa:d344:4937]
+Found: 007.qq.com [119.147.14.86,2402:4e00:8010::18]
+Found: qb.qq.com [113.108.28.242]
+Found: mn.qq.com [203.205.234.24]
+Found: pc.qq.com [101.32.212.216,43.135.105.195,2402:4e00:1020:140d:0:9494:c193:3df0]
+Found: request.qq.com [0.0.0.1]
+Found: kandian.qq.com [203.205.254.142,2409:8c54:1003:1019::b]
+Found: mx.qq.com [0.0.0.1]
+Found: apex.qq.com [0.0.0.1]
+Found: beacon.qq.com [175.178.133.253]
+Found: analysis.qq.com [129.226.103.169,43.154.240.245]
+Found: DNS2.qq.com [61.135.157.245]
+Found: poll.qq.com [0.0.0.1]
+Found: shai.qq.com [0.0.0.1]
+Found: owo.qq.com [203.205.137.78]
+Found: sqm.qq.com [0.0.0.1]
+Found: qqd.qq.com [0.0.0.1]
+Found: trace.qq.com [0.0.0.1]
+Found: fruit.qq.com [0.0.0.1]
+Found: ctp.qq.com [59.83.204.12,122.189.171.115,61.240.220.19,61.240.220.18]
+Found: bacon.qq.com [0.0.0.1]
+Found: cross.qq.com [0.0.0.1]
+Found: pbk.qq.com [129.226.107.33]
+Found: algo.qq.com [58.251.81.37]
+Found: ke.qq.com [43.129.255.102,2402:4e00:1020:1768:0:979b:7413:b564]
+Found: index.qq.com [0.0.0.1]
+Found: des.qq.com [0.0.0.1]
+Found: trident.qq.com [0.0.0.1]
+Found: z.qq.com [203.205.136.85]
+Found: tap.qq.com [0.0.0.1]
+Found: dfj.qq.com [0.0.0.1]
+Found: menexpert.qq.com [0.0.0.1]
+Found: iov.qq.com [0.0.0.1]
+Found: asura.qq.com [203.205.136.160,203.205.136.84]
+Found: bear.qq.com [0.0.0.1]
+Found: defender.qq.com [113.96.12.141]
+Found: byb.qq.com [0.0.0.1]
+Found: hs.qq.com [203.205.234.24]
+Found: xun.qq.com [0.0.0.1]
+Found: lb.qq.com [0.0.0.1]
+Found: ch.qq.com [203.205.234.24]
+Found: hello.qq.com [0.0.0.1]
+Found: tangram.qq.com [157.255.245.245,2408:8756:3af0:10::ef]
+Found: zyz.qq.com [14.22.6.162]
+Found: icetea.qq.com [0.0.0.1]
+Found: rh.qq.com [0.0.0.1]
+Found: prj.qq.com [183.232.88.156]
+Found: sec.qq.com [0.0.0.1]
+Found: device.qq.com [58.250.137.43]
+Found: mcp.qq.com [0.0.0.1]
+Found: ol.qq.com [0.0.0.1]
+Found: xcx.qq.com [0.0.0.1]
+Found: tianqi.qq.com [129.226.102.190,129.226.106.167,2402:4e00:1020:1404:0:9227:71a3:83d2,2402:4e00:1020:1404:0:9227:71ab:2b74]
+Found: lrs.qq.com [0.0.0.1]
+Found: dcm.qq.com [113.108.28.167,113.108.28.157,2402:4e00:1620:1500:0:9483:2e6:afb0,2402:4e00:1620:1500:0:9483:2e5:5390]
+Found: tcs.qq.com [223.167.154.100]
+Found: groups.qq.com [0.0.0.1]
+Found: srf.qq.com [109.244.26.204]
+Found: iwx.qq.com [0.0.0.1]
+Found: wap.qq.com [218.98.1.85]
+Found: svip.qq.com [0.0.0.1]
+Found: ar.qq.com [203.205.253.150]
+Found: iac.qq.com [0.0.0.1]
+Found: data.qq.com [58.251.116.199]
+Found: vip.qq.com [203.205.235.121,2402:4e00:8010::88]
+Found: cos.qq.com [0.0.0.1]
+Found: uz.qq.com [0.0.0.1]
+Found: netgate.qq.com [10.56.87.101]
+Found: xw.qq.com [23.216.153.77,23.216.153.91,2600:140b:a00:a::b81b:b9df,2600:140b:a00:a::b81b:b9d1]
+Found: chuang.qq.com [0.0.0.1]
+Found: dy.qq.com [0.0.0.1]
+Found: acc.qq.com [101.32.212.155,43.154.254.135,240e:97c:2f:1000::1e]
+Found: adb.qq.com [0.0.0.1]
+Found: ibo.qq.com [0.0.0.1]
+Found: eth.qq.com [0.0.0.1]
+Found: avon.qq.com [0.0.0.1]
+Found: xid.qq.com [0.0.0.1]
+Found: voc.qq.com [113.96.237.174]
+Found: 81.qq.com [0.0.0.1]
+Found: cloudos.qq.com [0.0.0.1]
+Found: international.qq.com [203.205.219.231]
+Found: htdata2.qq.com [14.22.9.55,183.47.98.103,183.47.99.20,183.2.143.16,183.47.99.109,183.47.99.74,183.47.99.21,183.47.99.30,183.47.98.80,183.47.98.92]
+Found: ksf.qq.com [0.0.0.1]
+Found: jianzhan.qq.com [119.29.126.204]
+Found: tft.qq.com [0.0.0.1]
+Found: cjo.qq.com [0.0.0.1]
+Found: cfg.qq.com [0.0.0.1]
+Found: eschool.qq.com [81.71.77.43,2402:4e00:1015:2b02:0:950f:6919:6937]
+Found: mad.qq.com [0.0.0.1]
+Found: eyes.qq.com [0.0.0.1]
+Found: qq.qq.com [0.0.0.1]
+Found: 03.qq.com [0.0.0.1]
+Found: lct.qq.com [203.205.235.67,203.205.254.62]
+Found: epic.qq.com [0.0.0.1]
+Found: nz.qq.com [203.205.136.77,203.205.136.243,119.28.164.143,203.205.137.234,203.205.136.105,119.28.164.142,2408:8726:1001:160:62::65,2408:8748:a101:505:40::a,2408:8776:1:62:40::1a,2408:8748:a101:505:40::1f,2408:874f:1000:301:40::10,2408:8726:1001:160:62::55,2408:8760:2:1:329::,2408:8719:2000:1c0:6c::33,2408:876c:280:130:6c::48]
+Found: book.qq.com [129.226.102.62,129.226.102.112,2402:4e00:1020:1404:0:92fa:bfb8:8b7d,2402:4e00:1020:1404:0:92fa:bfb0:e6d2]
+Found: comic.qq.com [129.226.103.233,129.226.107.79,2402:4e00:1020:1404:0:93d6:162b:4f28]
+Found: xj4.qq.com [0.0.0.1]
+Found: txs.qq.com [0.0.0.1]
+Found: cj.qq.com [0.0.0.1]
+Found: mdf.qq.com [0.0.0.1]
+Found: line.qq.com [0.0.0.1]
+Found: net.qq.com [0.0.0.1]
+Found: xapp.qq.com [0.0.0.1]
+Found: lxf.qq.com [0.0.0.1]
+Found: ktv.qq.com [0.0.0.1]
+Found: guide.qq.com [58.250.136.113]
+Found: cok.qq.com [0.0.0.1]
+Found: brand.qq.com [0.0.0.1]
+Found: vios.qq.com [0.0.0.1]
+Found: 6j.qq.com [0.0.0.1]
+Found: wx2.qq.com [43.129.254.170,240e:ff:f100:1007::6d]
+Found: wlj.qq.com [0.0.0.1]
+Found: um.qq.com [0.0.0.1]
+Found: imir.qq.com [0.0.0.1]
+Found: tuijian.qq.com [0.0.0.1]
+Found: ib.qq.com [0.0.0.1]
+Found: imap.qq.com [203.205.232.7,43.129.255.54,240d:c040:0:40::23]
+Found: faxian.qq.com [0.0.0.1]
+Found: mop.qq.com [0.0.0.1]
+Found: sf.qq.com [0.0.0.1]
+Found: yx.qq.com [0.0.0.1]
+Found: sports.qq.com [23.216.153.92,23.216.153.71,2600:140b:a00:a::b81b:b9ca,2600:140b:a00:a::b81b:b9d2]
+Found: tqm.qq.com [150.109.15.111]
+Found: w.qq.com [0.0.0.1]
+Found: dmx.qq.com [0.0.0.1]
+Found: jimu.qq.com [0.0.0.1]
+Found: kelamayi.qq.com [0.0.0.1]
+Found: sg.qq.com [203.205.234.24,240e:f7:c010:301:11::,240e:f7:c010:305:2e::,240e:950:2:9a:1a::]
+Found: r2.qq.com [0.0.0.1]
+Found: ava.qq.com [0.0.0.1]
+Found: wpo.qq.com [0.0.0.1]
+Found: credit.qq.com [0.0.0.1]
+Found: ftms.qq.com [0.0.0.1]
+Found: kc.qq.com [0.0.0.1]
+Found: jt.qq.com [0.0.0.1]
+Found: cola.qq.com [0.0.0.1]
+Found: qcg.qq.com [10.157.6.95]
+Found: oma.qq.com [14.18.175.231]
+Found: dov.qq.com [0.0.0.1]
+Found: qgo.qq.com [0.0.0.1]
+Found: band.qq.com [0.0.0.1]
+Found: u1.qq.com [129.226.107.210,2402:4e00:1430:1301:0:91cd:e83:768e,2402:4e00:1430:1301:0:91cd:d92:5980]
+Found: crunch.qq.com [10.213.150.85]
+Found: xyk.qq.com [0.0.0.1]
+Found: idu.qq.com [0.0.0.1]
+Found: adi.qq.com [0.0.0.1]
+Found: tab.qq.com [0.0.0.1]
+Found: dmc.qq.com [0.0.0.1]
+Found: tcc.qq.com [220.194.91.90,220.194.111.227,2408:8711:10:10::55]
+Found: 12.qq.com [0.0.0.1]
+Found: xla.qq.com [0.0.0.1]
+Found: ibook.qq.com [0.0.0.1]
+Found: fermion.qq.com [0.0.0.1]
+Found: office.qq.com [203.205.254.103]
+Found: meng.qq.com [0.0.0.1]
+Found: xhy.qq.com [0.0.0.1]
+Found: tarot.qq.com [0.0.0.1]
+Found: coa.qq.com [125.39.133.41]
+Found: tar.qq.com [0.0.0.1]
+Found: pgc.qq.com [0.0.0.1]
+Found: pbp.qq.com [0.0.0.1]
+Found: txc.qq.com [43.135.106.225,43.135.106.244,240d:c000:2010:1807:0:960f:3168:d473,240d:c000:2010:1807:0:960f:317b:233a]
+Found: rc.qq.com [0.0.0.1]
+Found: zz.qq.com [0.0.0.1]
+Found: mi.qq.com [106.53.149.174]
+Found: jdl.qq.com [0.0.0.1]
+Found: workshop.qq.com [0.0.0.1]
+Found: xd.qq.com [0.0.0.1]
+Found: qwe.qq.com [0.0.0.1]
+Found: small.qq.com [0.0.0.1]
+Found: wsi.qq.com [0.0.0.1]
+Found: ppm.qq.com [0.0.0.1]
+Found: jiaotong.qq.com [203.205.235.82,203.205.235.243]
+Found: vmp.qq.com [140.206.162.118]
+Found: 25.qq.com [0.0.0.1]
+Found: sps.qq.com [0.0.0.1]
+Found: cring.qq.com [0.0.0.1]
+Found: rpc.qq.com [0.0.0.1]
+Found: fbs.qq.com [0.0.0.1]
+Found: hqg.qq.com [0.0.0.1]
+Found: kxg.qq.com [0.0.0.1]
+Found: lq.qq.com [0.0.0.1]
+Found: panel.qq.com [0.0.0.1]
+Found: share.qq.com [0.0.0.1]
+Found: fsj.qq.com [0.0.0.1]
+Found: ps.qq.com [0.0.0.1]
+Found: ssv.qq.com [0.0.0.1]
+Found: ro.qq.com [1.1.1.1]
+Found: fast.qq.com [0.0.0.1]
+Found: auth.qq.com [0.0.0.1]
+Found: moment.qq.com [0.0.0.1]
diff --git a/test/test1/testPswd.go b/test/test1/testPswd.go
index bb5b06bf1..dde6c6d63 100644
--- a/test/test1/testPswd.go
+++ b/test/test1/testPswd.go
@@ -1,20 +1,23 @@
package main
-import "log"
+import (
+ "github.com/hktalent/ProScan4all/lib/util"
+ "log"
+)
+// //"github.com/hktalent/ProScan4all/pkg/hydra"
+// import (
//
-////"github.com/hktalent/ProScan4all/pkg/hydra"
-//import (
// "github.com/hktalent/ProScan4all/pkg/hydra"
-//)
//
+// )
func main() {
var nucleiDone1, nucleiDone2 = make(chan bool), make(chan bool)
- go func() {
+ util.DefaultPool.Submit(func() {
//nucleiDone1 <- true
//close(nucleiDone1)
close(nucleiDone2)
- }()
+ })
//log.Printf("%v %v", <-nucleiDone1, <-nucleiDone2)
for {
diff --git a/test/testReg/TestReg.go b/test/testReg/TestReg.go
index 61b5a6207..8cd662664 100644
--- a/test/testReg/TestReg.go
+++ b/test/testReg/TestReg.go
@@ -2,6 +2,7 @@ package main
import (
"fmt"
+ "github.com/hktalent/ProScan4all/lib/util"
"regexp"
"time"
)
@@ -30,7 +31,7 @@ func main() {
fmt.Printf("%+v", DeleteMe.FindAllStringIndex("lsjdfld=sjfls;jflsd=jfxxxx;rememberMe=deleteMe;sdfdsfsf", -1))
var CloseAll = make(chan interface{})
- go func() {
+ util.DefaultPool.Submit(func() {
for {
select {
case _, ok := <-CloseAll:
@@ -40,7 +41,7 @@ func main() {
}
}
}
- }()
+ })
CloseAll <- "ok"
time.Sleep(3 * time.Second)
close(CloseAll)
diff --git a/test/testfg/TestFg2.go b/test/testfg/TestFg2.go
index d60a0a3e5..64e12695b 100644
--- a/test/testfg/TestFg2.go
+++ b/test/testfg/TestFg2.go
@@ -96,17 +96,19 @@ https://47.104.237.208`, "\n")
// }(x + y)
// }
wg.Add(1)
- go func(url1 string) {
- defer wg.Done()
- headers, body, title, url2, status_code, err := doUrl(url1)
- if err != nil {
- //log.Println(url1, " error: ", err)
- return
- }
- xx1, _ := fingerprint.FingerScan(headers, body, title, url2, status_code)
- if 0 < len(xx1) {
- log.Printf("%s 指纹 %+v %s", url1, xx1, status_code)
- }
+ func(url1 string) {
+ util.DefaultPool.Submit(func() {
+ defer wg.Done()
+ headers, body, title, url2, status_code, err := doUrl(url1)
+ if err != nil {
+ //log.Println(url1, " error: ", err)
+ return
+ }
+ xx1, _ := fingerprint.FingerScan(headers, body, title, url2, status_code)
+ if 0 < len(xx1) {
+ log.Printf("%s 指纹 %+v %s", url1, xx1, status_code)
+ }
+ })
}(x + y)
//headers, body, title, url, status_code, err := doUrl(x + y)
diff --git a/vendor/github.com/hktalent/go-utils/Const.go b/vendor/github.com/hktalent/go-utils/Const.go
index ce3872e7f..b1003d773 100644
--- a/vendor/github.com/hktalent/go-utils/Const.go
+++ b/vendor/github.com/hktalent/go-utils/Const.go
@@ -43,6 +43,11 @@ const (
ScanType_Nuclei // nuclei
ScanType_Gobuster // Gobuster
)
+const (
+ ScanType_Ips = ScanType_SSLInfo | ScanType_Tlsx | ScanType_Masscan | ScanType_Nmap | ScanType_IpInfo|ScanType_Uncover|ScanType_GoPoc
+ ScanType_Webs = ScanType_SSLInfo | ScanType_Tlsx | ScanType_GoPoc|ScanType_WebFingerprints|ScanType_WebDetectWaf|ScanType_WebVulsScan|ScanType_Nuclei|ScanType_Gobuster|ScanType_Uncover|ScanType_Httpx|ScanType_WebDirScan
+)
+
// 全局线程控制
var Wg *sync.WaitGroup = &sync.WaitGroup{}
diff --git a/xxx.txt b/xxx.txt
index 8fab294de..4b79dec68 100644
--- a/xxx.txt
+++ b/xxx.txt
@@ -1,100 +1,49 @@
-https://2600:9000:201d:3400:11:ad80:9fc0:93a1:2379
-https://2600:9000:20d1:2c00:7:a6e2:5dc0:93a1:2379
-https://154.3.248.167:2379
-https://2600:9000:2182:e600:16:4218:c780:93a1:2379
-https://2600:9000:201e:f200:18:513f:1240:93a1:2379
-https://45.60.146.172:2379
-https://2600:9000:201b:9000:9:e3af:fc40:93a1:2379
-https://2600:9000:201e:f600:1c:27c2:3b00:93a1:2379
-https://107.154.195.84:2379
-https://45.60.230.39:2379
-https://2600:9000:201d:e800:a:34ce:56c0:93a1:2379
-https://85.187.182.33:2379
-https://155.159.88.91:2379
-https://2a02:e980:10::c4:2379
-https://2600:9000:2008:3400:c:b92b:bc80:93a1:2379
-https://2600:9000:2018:3e00:e:1b79:55c0:93a1:2379
-https://2600:9000:2182:a600:2:36a5:f7c0:93a1:2379
-https://2a02:e980:10::30:2379
-https://121.205.73.165:2379
-https://2600:9000:2015:d400:1a:67f:bf40:93a1:2379
-https://2600:9000:2015:5c00:1c:241c:4700:93a1:2379
-https://45.64.65.60:2379
-https://46.17.114.13:2379
-https://2600:9000:2041:3800:6:5309:8cc0:93a1:2379
-https://2600:9000:201b:d800:1e:5091:d140:93a1:2379
-https://47.93.93.16:2379
-https://2a02:e980:5::66:2379
-https://200.238.187.61:2379
-https://147.161.185.10:2379
-https://223.7.130.26:2379
-https://45.60.110.70:2379
-https://45.223.222.192:2379
-https://183.89.169.103:2379
-https://108.156.249.248:2379
-https://2600:9000:2008:200:12:5f6a:c2c0:93a1:2379
-https://2600:9000:201d:d400:19:a249:9700:93a1:2379
-https://89.97.9.223:2379
-https://147.161.215.111:2379
-https://2600:9000:24bc:800:a:3fb9:5140:93a1:2379
-https://2600:9000:201b:3400:1d:4f32:50c0:93a1:2379
-https://45.60.139.93:2379
-https://2a02:e980:10::b3:2379
-https://2600:9000:201e:e400:a:9d82:b347:51c1:2379
-https://2600:9000:2008:7e00:16:594a:cec0:93a1:2379
-https://92.109.143.30:2379
-https://99.243.132.197:2379
-https://107.154.176.9:2379
-https://172.101.252.44:2379
-https://2600:9000:2015:a800:f:a9ec:8fc0:93a1:2379
-https://45.60.106.135:2379
-https://2600:9000:2015:2000:d:d64b:9600:93a1:2379
-https://81.82.150.157:2379
-https://203.186.4.1:2379
-https://99.247.48.87:2379
-https://107.154.113.165:2379
-https://107.154.167.181:2379
-https://54.195.209.142:2379
-https://107.154.189.56:2379
-https://72.89.6.241:2379
-https://121.121.202.42:2379
-https://162.220.29.64:2379
-https://45.60.0.36:2379
-https://2600:9000:20d1:8c00:e:f507:e400:93a1:2379
-https://93.42.9.114:2379
-https://2600:9000:2042:da00:f:39fd:3d80:93a1:2379
-https://2600:9000:201e:2c00:a:e15e:14c0:93a1:2379
-https://186.48.161.36:2379
-https://2600:9000:2015:8600:16:9f41:ac80:93a1:2379
-https://143.125.249.23:2379
-https://2600:9000:2015:2a00:17:25ca:740:93a1:2379
-https://190.194.118.153:2379
-https://116.6.24.100:2379
-https://181.231.96.129:2379
-https://2600:9000:201b:7a00:5:398e:ed00:93a1:2379
-https://161.111.85.194:2379
-https://2600:9000:2023:4200:f:967e:9640:93a1:2379
-https://12.45.129.186:2379
-https://113.194.58.118:2379
-https://2600:9000:20f4:dc00:16:5bc4:4280:93a1:2379
-https://203.150.87.34:2379
-https://74.197.156.165:2379
-https://2600:9000:21c4:800:5:7d05:29c0:93a1:2379
-https://2600:9000:202f:3600:14:afe3:f0c0:93a1:2379
-https://2600:9000:201d:e600:8:133:c640:93a1:2379
-https://2600:9000:2015:6c00:1b:ecbe:88c0:93a1:2379
-https://64.59.142.250:2379
-https://2600:9000:2042:fc00:19:f3d7:1480:93a1:2379
-https://112.86.66.70:2379
-https://24.111.7.231:2379
-https://189.5.79.128:2379
-https://2a0b:2300::1:65:2379
-https://181.12.56.82:2379
-https://2600:9000:20d1:5a00:16:3e98:6b40:93a1:2379
-https://2a02:e980:16::13:2379
-https://194.158.219.26:2379
-https://125.237.13.57:2379
-https://2600:9000:2015:5a00:16:523b:da80:93a1:2379
-https://2600:9000:2015:9000:a:acaf:c780:93a1:2379
-https://107.154.117.238:2379
-https://107.154.232.23:2379
+/?a=fetch&content=die(@md5(hellothinkcmf)) [Size: 3548]
+/?a=echo%20-n%20hellonginx%7cmd5sum [Size: 3548]
+/?author=1 [Size: 3548]
+/?author=2 [Size: 3548]
+/?c=whoami&ppp=whoami [Size: 3548]
+/?feed=rss2 [Size: 3548]
+/?cavit [Size: 3548]
+/?xdebug_session_start=phpstorm [Size: 3548]
+/?xxnew2018_url2=2 [Size: 3548]
+/api [Size: 61]
+/api/ [Size: 39] [--> /api]
+/api/2/explore/ [Size: 49] [--> /api/2/explore]
+/api/__swagger__/ [Size: 51] [--> /api/__swagger__]
+/api/_swagger_/ [Size: 49] [--> /api/_swagger_]
+/api/docs/ [Size: 44] [--> /api/docs]
+/api/v2/ [Size: 42] [--> /api/v2]
+/debug/pprof [Size: 48] [--> /debug/pprof/]
+/debug/pprof/goroutine?debug=1 [Size: 59762]
+/debug/pprof/cmdline [Size: 149]
+/debug/pprof/ [Size: 2175]
+/debug/pprof/symbol [Size: 15]
+/debug/pprof/heap [Size: 93312]
+/debug/pprof/trace [Size: 66490]
+/index.html [Size: 0] [--> ./]
+/index.html?findcli=-1 [Size: 0] [--> ./?findcli=-1]
+/log/.env [Size: 45] [--> /log/.env/]
+/log/.gitkeep [Size: 49] [--> /log/.gitkeep/]
+/log/access_log [Size: 51] [--> /log/access_log/]
+/log/access.log [Size: 51] [--> /log/access.log/]
+/log/development.log [Size: 56] [--> /log/development.log/]
+/log/authorizenet.log [Size: 57] [--> /log/authorizenet.log/]
+/log/error.log [Size: 50] [--> /log/error.log/]
+/log/error_log [Size: 50] [--> /log/error_log/]
+/log/exception.log [Size: 54] [--> /log/exception.log/]
+/log/librepag.log [Size: 53] [--> /log/librepag.log/]
+/log/errors.log [Size: 51] [--> /log/errors.log/]
+/log/log.log [Size: 48] [--> /log/log.log/]
+/log/old [Size: 44] [--> /log/old/]
+/log/log.txt [Size: 48] [--> /log/log.txt/]
+/log/payment_authorizenet.log [Size: 65] [--> /log/payment_authorizenet.log/]
+/log/payment_paypal_express.log [Size: 67] [--> /log/payment_paypal_express.log/]
+/log/payment.log [Size: 52] [--> /log/payment.log/]
+/log/production.log [Size: 55] [--> /log/production.log/]
+/log/server.log [Size: 51] [--> /log/server.log/]
+/log/test.log [Size: 49] [--> /log/test.log/]
+/log/www-error.log [Size: 54] [--> /log/www-error.log/]
+/monitor [Size: 44] [--> /monitor/]
+/monitor/ [Size: 3281]
+/overview [Size: 45] [--> /overview/]