/
Scanner.go
93 lines (83 loc) · 2.42 KB
/
Scanner.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package vulnerabilities
import (
"archive/zip"
"context"
"fmt"
"io/ioutil"
"strings"
)
// Modules contains a map of the currently available analysis functions. its exported so the scanner can print
// what functions exist more dynamically. Update this if you add a new analysis module to have it run.
var Modules = map[string]func([]byte) (VulnResults, error){
"XSS": XSS,
"SQLI": SQLI,
"CMDEXEC": CMDEXEC,
"LFI": LFI,
}
// Results is a struct for storing the results of every vulnerable file that was scanned within a plugins archive
type Results struct {
Plugin string
Modules map[string][]VulnResults
}
// ZipScan opens zip files, finds PHP files and hands them over to vulnerability
// modules for bug hunting.
func ZipScan(ctx context.Context, zipPath string, fileResults *Results) error {
select {
case <-ctx.Done():
return nil
default:
files, err := zip.OpenReader(zipPath)
if err != nil {
// log.WithFields(log.Fields{
// "file": zipPath,
// "error": err,
// }).Error("Could not open Zip file. Skipping..")
return fmt.Errorf("scanner.go:ZipScan() - failed to open zip file with zip.OpenReader(%v)", err)
}
defer files.Close()
for _, file := range files.File {
// Before we check each file, check if our context has been cancelled
// So we can close and free up the zip file for deletion by the cleanup function
select {
case <-ctx.Done():
return nil
default:
if strings.HasSuffix(file.Name, ".php") {
r, err := file.Open()
if err != nil {
// log.WithFields(log.Fields{
// "file": file.Name,
// "error": err,
// }).Warn("Could not open php file. Skipping..")
continue
}
defer r.Close()
var content []byte
content, err = ioutil.ReadAll(r)
if err != nil {
// log.WithFields(log.Fields{
// "file": file.Name,
// "error": err,
// }).Warn("Could not read php file. Skipping..")
continue
}
for module, moduleFunc := range Modules {
vulns, err := moduleFunc(content)
if err != nil {
// log.WithFields(log.Fields{
// "file": file.Name,
// "error": err,
// }).Warn("Error returned while scanning file for XSS. Skipping..")
continue
}
if vulns.Matches != nil {
vulns.File = file.Name
fileResults.Modules[module] = append(fileResults.Modules[module], vulns)
}
}
}
}
}
return nil
}
}