common/flag.go

package common

import (
	"dddd/ddout"
	"dddd/lib/ddfinger"
	"dddd/structs"
	"dddd/utils"
	"embed"
	_ "embed"
	"encoding/json"
	"fmt"
	"github.com/projectdiscovery/goflags"
	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/hmap/store/hybrid"
	"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
	"github.com/projectdiscovery/retryablehttp-go"
	"gopkg.in/yaml.v3"
	"net/http"
	"net/url"
	"os"
	"os/exec"
	"path"
	"runtime"
	"runtime/debug"
	"strconv"
	"strings"
	"time"
)

func init() {
	go func() {
		for {
			GC()
			time.Sleep(10 * time.Second)
		}
	}()
}

func GC() {
	runtime.GC()
	debug.FreeOSMemory()
}

var version = "2.0.1"

func showBanner() {
	banner := fmt.Sprintf(`
     _       _       _       _   
  __| |   __| |   __| |   __| |  
 / _`+"`"+` |  / _ `+"`"+`|  / _`+"`"+` |  / _`+"`"+` |  
 \__,_|  \__,_|  \__,_|  \__,_|  
_|"""""|_|"""""|_|"""""|_|"""""| 
"`+"`"+`-0-0-'"`+"`"+`-0-0-'"`+"`"+`-0-0-`+"`"+`"`+"`"+`-0-0-'
dddd.version: %s
`, version)
	fmt.Println(banner)
}

var TargetString string
var PortString string

//go:embed config/dir.yaml
var EmbedDirDBData string

//go:embed config/finger.yaml
var EmbedFingerData string

//go:embed config/api-config.yaml
var EmbedAPIConfigData string

//go:embed config/pocs/*
var EmbedNucleiPocs embed.FS

func fileExists(filePath string) bool {
	_, err := os.Stat(filePath)
	if err != nil {
		if os.IsNotExist(err) {
			return false
		}
	}
	return true
}

func splitPathAndFileName(path string) (string, string) {
	p := strings.ReplaceAll(path, "\\", "/")
	if !strings.Contains(path, "/") {
		return "", p
	}
	t := strings.Split(p, "/")
	return strings.Join(t[:len(t)-1], "/"), t[len(t)-1]
}

func ReadDirDB() {
	// 先读取默认的，再读取文件内的进行补充
	fps := make(map[string]interface{})
	err := yaml.Unmarshal([]byte(EmbedDirDBData), &fps)
	if err != nil {
		return
	}

	structs.DirDB = make(map[string][]string)
	for productName, pathsInterfaces := range fps {
		for _, pathsInterface := range pathsInterfaces.([]interface{}) {
			p := pathsInterface.(string)
			_, ok := structs.DirDB[p]
			if ok {
				structs.DirDB[p] = append(structs.DirDB[p], productName)
				structs.DirDB[p] = utils.RemoveDuplicateElement(structs.DirDB[p])
			} else {
				structs.DirDB[p] = []string{productName}
			}
		}
	}

	var data []byte
	if !fileExists(structs.GlobalConfig.DirSearchYaml) {
		return
	}
	data, err = os.ReadFile(structs.GlobalConfig.DirSearchYaml)
	if err != nil {
		return
	}

	fps = make(map[string]interface{})
	err = yaml.Unmarshal(data, &fps)
	if err != nil {
		return
	}
	for productName, pathsInterfaces := range fps {
		for _, pathsInterface := range pathsInterfaces.([]interface{}) {
			p := pathsInterface.(string)
			_, ok := structs.DirDB[p]
			if ok {
				structs.DirDB[p] = append(structs.DirDB[p], productName)
				structs.DirDB[p] = utils.RemoveDuplicateElement(structs.DirDB[p])
			} else {
				structs.DirDB[p] = []string{productName}
			}
		}
	}

}

func IsLinux() bool {
	os := runtime.GOOS
	if os == "linux" {
		return true
	}
	return false
}

//go:embed config/workflow.yaml
var EmbedWorkFlowData string

func ReadWorkFlowDB() {
	structs.WorkFlowDB = make(map[string]structs.WorkFlowEntity)
	fps := make(map[string]interface{})
	err := yaml.Unmarshal([]byte(EmbedWorkFlowData), &fps)
	if err == nil {
		for productName, rulesInterface := range fps {
			var workflowEntity structs.WorkFlowEntity
			ruleInterface := rulesInterface.(map[string]interface{})
			types := ruleInterface["type"]
			pocs := ruleInterface["pocs"]
			for _, v := range types.([]interface{}) {
				vString := v.(string)
				if strings.ToLower(vString) == "root" {
					workflowEntity.RootType = true
				} else if strings.ToLower(vString) == "dir" {
					workflowEntity.DirType = true
				} else if strings.ToLower(vString) == "base" {
					workflowEntity.BaseType = true
				}
			}
			for _, v := range pocs.([]interface{}) {
				vString := v.(string)
				workflowEntity.PocsName = append(workflowEntity.PocsName, vString)
			}
			workflowEntity.PocsName = utils.RemoveDuplicateElement(workflowEntity.PocsName)
			structs.WorkFlowDB[productName] = workflowEntity
		}
	}

	workflowPath := "config/workflow.yaml"

	var data []byte
	if !fileExists(workflowPath) {
		return
	}
	data, err = os.ReadFile(workflowPath)
	if err != nil {
		return
	}
	fps = make(map[string]interface{})
	err = yaml.Unmarshal(data, &fps)
	if err != nil {
		return
	}

	for productName, rulesInterface := range fps {
		_, ok := structs.WorkFlowDB[productName]
		if ok {
			we, _ := structs.WorkFlowDB[productName]
			ruleInterface := rulesInterface.(map[string]interface{})
			types := ruleInterface["type"]
			pocs := ruleInterface["pocs"]
			for _, v := range types.([]interface{}) {
				vString := v.(string)
				if strings.ToLower(vString) == "root" {
					we.RootType = true
				} else if strings.ToLower(vString) == "dir" {
					we.DirType = true
				} else if strings.ToLower(vString) == "base" {
					we.BaseType = true
				}
			}
			for _, v := range pocs.([]interface{}) {
				vString := v.(string)
				if utils.GetItemInArray(we.PocsName, vString) == -1 {
					we.PocsName = append(we.PocsName, vString)
				}
			}
			structs.WorkFlowDB[productName] = we
		} else {
			var workflowEntity structs.WorkFlowEntity
			ruleInterface := rulesInterface.(map[string]interface{})
			types := ruleInterface["type"]
			pocs := ruleInterface["pocs"]
			for _, v := range types.([]interface{}) {
				vString := v.(string)
				if strings.ToLower(vString) == "root" {
					workflowEntity.RootType = true
				} else if strings.ToLower(vString) == "dir" {
					workflowEntity.DirType = true
				} else if strings.ToLower(vString) == "base" {
					workflowEntity.BaseType = true
				}
			}
			for _, v := range pocs.([]interface{}) {
				vString := v.(string)
				workflowEntity.PocsName = append(workflowEntity.PocsName, vString)
			}
			workflowEntity.PocsName = utils.RemoveDuplicateElement(workflowEntity.PocsName)
			structs.WorkFlowDB[productName] = workflowEntity
		}
	}
}

func ToInt(s string) int {
	i, err := strconv.Atoi(s)
	if err != nil {
		return 0
	}
	return i
}

func GetFdLimit() int {
	cmd := exec.Command("sh", "-c", "ulimit -n")
	out, err := cmd.CombinedOutput()
	if err != nil {
		println(err.Error())
		return -1
	}
	s := strings.TrimSpace(string(out))
	return ToInt(s)
}

func prepare() {
	var tmpTargets []string

	// 参数冲突校验
	if structs.GlobalConfig.ReportName != "" {
		suffix := path.Ext(structs.GlobalConfig.ReportName)
		if suffix != ".html" && suffix != ".htm" {
			gologger.Fatal().Msgf("输出参数(-o)必须为html拓展名或htm拓展名")
		}
	}
	if (structs.GlobalConfig.Fofa || structs.GlobalConfig.Hunter) && structs.GlobalConfig.Quake {
		structs.GlobalConfig.Fofa = false
		structs.GlobalConfig.Quake = false
		gologger.Warning().Msg("quake参数不兼容fofa或hunter参数")
	}

	if !strings.HasSuffix(strings.ToLower(structs.GlobalConfig.APIConfigFilePath), ".yaml") {
		gologger.Fatal().Msg("API配置文件需要以 .yaml 为拓展名。")
	}

	structs.GlobalEmbedPocs = EmbedNucleiPocs

	// 进行需要配置API的活动，没有找到API配置文件则直接进行生成
	if structs.GlobalConfig.Fofa || structs.GlobalConfig.Hunter || structs.GlobalConfig.Quake || (structs.GlobalConfig.Subdomain && !structs.GlobalConfig.NoSubFinder) {
		if !fileExists(structs.GlobalConfig.APIConfigFilePath) && !fileExists("config/api-config.yaml") {
			gologger.Info().Msgf("未检测到API配置文件: %v", structs.GlobalConfig.APIConfigFilePath)
			p, _ := splitPathAndFileName(structs.GlobalConfig.APIConfigFilePath)
			if !fileExists(p) {
				err := os.MkdirAll(p, os.ModePerm)
				if err != nil {
					gologger.Fatal().Msgf("创建文件夹失败: %v", err.Error())
				}
			}

			err := os.WriteFile(structs.GlobalConfig.APIConfigFilePath, []byte(EmbedAPIConfigData), 0666)
			if err != nil {
				gologger.Fatal().Msgf("写出默认API配置文件失败: %v", err.Error())
			}
			gologger.Info().Msgf("已自动生成默认API配置文件: %v", structs.GlobalConfig.APIConfigFilePath)
		}
	}

	if !structs.GlobalConfig.SkipHostDiscovery && !structs.GlobalConfig.TCPPing && structs.GlobalConfig.NoICMPPing {
		gologger.Warning().Msg("未选择TCP或ICMP Ping，跳过存活探测")
		structs.GlobalConfig.SkipHostDiscovery = true
	}

	if structs.GlobalConfig.HTTPProxyTest && structs.GlobalConfig.HTTPProxy != "" {
		proxyURL, parseErr := url.Parse(structs.GlobalConfig.HTTPProxy)
		if parseErr != nil {
			gologger.Fatal().Msgf("代理格式不正确: %v", structs.GlobalConfig.HTTPProxy)
		}
		transport := retryablehttp.DefaultHostSprayingTransport()
		transport.Proxy = http.ProxyURL(proxyURL)

		gologger.Info().Msgf("测试代理中: %s", structs.GlobalConfig.HTTPProxy)
		req, err := retryablehttp.NewRequest("GET", structs.GlobalConfig.HTTPProxyTestURL, nil)
		if err != nil {
			gologger.Fatal().Msg("代理测试失败！")
		}
		opts := retryablehttp.DefaultOptionsSpraying
		client := retryablehttp.NewClient(opts)
		client.HTTPClient.Transport = transport

		req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36")
		resp, err := client.Do(req)
		if err != nil {
			gologger.Fatal().Msg("代理测试失败！")
		}
		gologger.Info().Msgf("代理有效！测试URL返回码: %v", resp.StatusCode)
	}

	// 兼容文件输入
	if utils.IsFileNameValid(TargetString) {
		fileBytes, err := os.ReadFile(TargetString)
		if err == nil && len(fileBytes) > 0 {
			// 兼容Windows输入
			content := strings.ReplaceAll(string(fileBytes), "\r\n", "\n")
			tmpTargets = strings.Split(content, "\n")
		}
	} else {
		tgs := strings.Split(TargetString, ",")
		for _, each := range tgs {
			if each != "" {
				tmpTargets = append(tmpTargets, each)
			}
		}
	}
	tmpTargets = utils.RemoveDuplicateElement(tmpTargets)

	// 低感知模式
	if structs.GlobalConfig.LowPerceptionMode {
		if structs.GlobalConfig.Fofa && structs.GlobalConfig.Hunter {
			gologger.Fatal().Msg("暂不支持在低感知模式下同时使用-fofa与-hunter参数，请使用-hunter参数")
		}
		if structs.GlobalConfig.Fofa {
			gologger.Fatal().Msg("暂不支持基于Fofa的低感知模式，请使用-hunter参数。")
		}
		// 默认使用hunter fofa不支持
		if !structs.GlobalConfig.Fofa && !structs.GlobalConfig.Hunter {
			structs.GlobalConfig.Hunter = true
		}
		// 低感知模式下不进行目录探测
		structs.GlobalConfig.NoDirSearch = true
	}

	structs.GlobalResultMap = make(map[string][]string)

	// 过滤不支持输入
	for _, tg := range tmpTargets {
		if tg == "" {
			continue
		}
		if structs.GlobalConfig.Hunter || structs.GlobalConfig.Fofa {
			// 从网络空间搜索引擎中获取目标
			if !strings.Contains(tg, "=") {
				gologger.Error().Msgf("不支持的格式: %s", tg)
				continue
			}
		} else if structs.GlobalConfig.Quake {
			if !strings.Contains(tg, ":") {
				gologger.Error().Msgf("不支持的格式: %s", tg)
				continue
			}
		} else if !structs.GlobalConfig.Fofa && !structs.GlobalConfig.Hunter {
			// 从本地文件获取目标
			if utils.GetInputType(tg) == structs.TypeUnSupport {
				if strings.HasPrefix(tg, "[") {
					// 解析历史指纹
					if strings.HasPrefix(tg, "[Finger") {
						t := strings.Split(tg, " ")
						uri := t[1]
						tf := ""

						if strings.HasPrefix(uri, "http") {
							tf = t[3]
						} else {
							tf = t[2]
						}
						if len(tf) <= 2 {
							continue
						}
						tf = tf[1 : len(tf)-1]
						fingers := strings.Split(tf, ",")
						structs.GlobalResultMap[uri] = fingers
						continue
					}

				} else if strings.HasPrefix(tg, "{") {
					var in ddout.OutputMessage
					err := json.Unmarshal([]byte(tg), &in)
					if err == nil {
						if in.Type == "Finger" {
							structs.GlobalResultMap[in.URI] = in.Finger
							continue
						}
						continue
					}

				} else if strings.HasSuffix(tg, " open") {
					ipPort := strings.ReplaceAll(tg, " open", "")
					if utils.IsIPPort(ipPort) {
						structs.GlobalConfig.Targets = append(structs.GlobalConfig.Targets, ipPort)
						continue
					}

				}
				// gologger.Error().Msgf("不支持的格式: %s", tg)
				continue
			}
		}

		structs.GlobalConfig.Targets = append(structs.GlobalConfig.Targets, tg)
	}

	if len(structs.GlobalConfig.Targets) == 0 && len(structs.GlobalResultMap) == 0 {
		gologger.Fatal().Msgf("无目标输入")
	}

	// 如果是Linux则调整扫描线程 gogo抄的感谢感谢
	if IsLinux() {
		structs.GlobalConfig.TCPPortScanThreads = 4000
		if fdlimit := GetFdLimit(); structs.GlobalConfig.TCPPortScanThreads > fdlimit {
			gologger.Warning().Msgf("System fd limit: %d , Please exec 'ulimit -n 65535'", fdlimit)
			gologger.Warning().Msgf("Now set threads to %d", fdlimit-100)
			structs.GlobalConfig.TCPPortScanThreads = fdlimit - 100
		}
	}

	ddout.OutputType = structs.GlobalConfig.OutputType
	ddout.OutputFileName = structs.GlobalConfig.OutputFile

	if PortString == "" {
		// 默认端口Top1000
		structs.GlobalConfig.Ports = PortTOP1000
	} else {
		structs.GlobalConfig.Ports = PortString
	}

	hm, err := hybrid.New(hybrid.DefaultDiskOptions)
	if err != nil {
		gologger.Fatal().Msg("Web响应体缓存数据库初始化失败。")
	}
	structs.GlobalHttpBodyHMap = hm

	hm, err = hybrid.New(hybrid.DefaultDiskOptions)
	if err != nil {
		gologger.Fatal().Msg("Web响应头缓存数据库初始化失败。")
	}
	structs.GlobalHttpHeaderHMap = hm

	hm, err = hybrid.New(hybrid.DefaultDiskOptions)
	if err != nil {
		gologger.Fatal().Msg("Banner缓存数据库初始化失败。")
	}
	structs.GlobalBannerHMap = hm
	structs.GlobalIPPortMap = make(map[string]string)
	structs.GlobalIPDomainMap = make(map[string][]string)
	structs.GlobalURLMap = make(map[string]structs.URLEntity)

	parseFingerDB()
	if len(structs.FingerprintDB) == 0 {
		gologger.Fatal().Msg("请检查指纹数据库是否正常，是否正确放置config文件夹。")
	}
	gologger.Info().Msgf("YAML指纹数据: %d 条\n", len(structs.FingerprintDB))

	ReadWorkFlowDB()
	if len(structs.WorkFlowDB) == 0 {
		gologger.Fatal().Msg("请检查工作流数据库是否正常。")
	}
	gologger.Info().Msgf("漏洞检测支持指纹: %d 条", len(structs.WorkFlowDB))

	ReadDirDB()
	if len(structs.DirDB) == 0 {
		gologger.Fatal().Msg("请检查主动指纹探测数据库是否正常。")
	}
}

func parseFingerDB() {
	fps := make(map[string]interface{})
	err := yaml.Unmarshal([]byte(EmbedFingerData), &fps)
	if err != nil {
		gologger.Fatal().Msg(err.Error())
	}

	m := make(map[string][]string)

	for productName, rulesInterface := range fps {
		for _, ruleInterface := range rulesInterface.([]interface{}) {
			ruleL := ruleInterface.(string)
			_, ok := m[productName]
			if ok {
				f, _ := m[productName]
				if utils.GetItemInArray(f, ruleL) == -1 {
					f = append(f, ruleL)
				}
				m[productName] = f
			} else {
				m[productName] = []string{ruleL}
			}
		}
	}

	fingerPath := structs.GlobalConfig.FingerConfigFilePath

	if fileExists(fingerPath) {
		data, err := os.ReadFile(fingerPath)
		fps = make(map[string]interface{})
		err = yaml.Unmarshal(data, &fps)
		if err == nil {
			for productName, rulesInterface := range fps {
				for _, ruleInterface := range rulesInterface.([]interface{}) {
					ruleL := ruleInterface.(string)
					_, ok := m[productName]
					if ok {
						f, _ := m[productName]
						if utils.GetItemInArray(f, ruleL) == -1 {
							f = append(f, ruleL)
						}
						m[productName] = f
					} else {
						m[productName] = []string{ruleL}
					}
				}
			}
		}
	}

	for productName, ruleLs := range m {
		for _, ruleL := range ruleLs {
			structs.FingerprintDB = append(structs.FingerprintDB, structs.FingerPEntity{ProductName: productName, Rule: ddfinger.ParseRule(ruleL), AllString: ruleL})
		}
	}

}

func Flag() {
	showBanner()

	flagSet := goflags.NewFlagSet()
	flagSet.CaseSensitive = true
	flagSet.SetDescription(`dddd是一款使用简单的批量信息收集,供应链漏洞探测工具。旨在优化红队工作流，减少伤肝、枯燥、乏味的机械性操作。`)

	// 目标设置
	flagSet.CreateGroup("input", "扫描目标",
		flagSet.StringVarP(&TargetString, "target", "t", "", "被扫描的目标。 192.168.0.1 192.168.0.0/16 192.168.0.1:80 baidu.com:80 file.txt(一行一个) result.txt(fscan/dddd)"),
	)

	flagSet.CreateGroup("portscan", "端口扫描",
		flagSet.StringVarP(&PortString, "port", "p", "", "端口设置。 默认扫描Top1000"),
		flagSet.StringVarP(&structs.GlobalConfig.PortScanType, "scan-type", "st", "tcp", "端口扫描方式 | \"-st tcp\"设置TCP扫描 | \"-st syn\"设置SYN扫描"),
		flagSet.IntVarP(&structs.GlobalConfig.TCPPortScanThreads, "tcp-scan-threads", "tst", 1000, "TCP扫描线程 | Windows/Mac默认1000线程 Linux默认4000"),
		flagSet.IntVarP(&structs.GlobalConfig.SYNPortScanThreads, "syn-scan-threads", "sst", 10000, "SYN扫描线程"),
		flagSet.StringVarP(&structs.GlobalConfig.MasscanPath, "masscan-path", "mp", "masscan", "指定masscan程序路径 | SYN扫描依赖"),
		flagSet.IntVarP(&structs.GlobalConfig.PortsThreshold, "ports-max-count", "pmc", 300, "IP端口数量阈值 | 当一个端口的IP数量超过此数量，此IP将会被抛弃"),
		flagSet.IntVarP(&structs.GlobalConfig.TCPPortScanTimeout, "port-scan-timeout", "pst", 6, "TCP端口扫描超时(秒)"),
	)

	flagSet.CreateGroup("alive", "主机发现",
		flagSet.BoolVar(&structs.GlobalConfig.SkipHostDiscovery, "Pn", false, "禁用主机发现功能(icmp,tcp)"),
		flagSet.BoolVarP(&structs.GlobalConfig.NoICMPPing, "no-icmp-ping", "nip", false, "当启用主机发现功能时，禁用ICMP主机发现功能"),
		flagSet.BoolVarP(&structs.GlobalConfig.TCPPing, "tcp-ping", "tp", false, "当启用主机发现功能时，启用TCP主机发现功能"),
	)

	flagSet.CreateGroup("nmap", "协议识别",
		flagSet.IntVarP(&structs.GlobalConfig.GetBannerThreads, "nmap-threads", "tc", 500, "Nmap协议识别线程"),
		flagSet.IntVarP(&structs.GlobalConfig.GetBannerTimeout, "nmap-timeout", "nto", 5, "Nmap协议识别超时时间(秒)"),
	)

	flagSet.CreateGroup("subdomain", "探索子域名",
		flagSet.BoolVarP(&structs.GlobalConfig.Subdomain, "subdomain", "sd", false, "开启子域名枚举，默认关闭"),
		flagSet.BoolVarP(&structs.GlobalConfig.NoSubdomainBruteForce, "no-subdomain-brute", "nsb", false, "关闭子域名爆破"),
		flagSet.BoolVarP(&structs.GlobalConfig.NoSubFinder, "no-subfinder", "ns", false, "关闭被动子域名枚举"),
		flagSet.IntVarP(&structs.GlobalConfig.SubdomainBruteForceThreads, "subdomain-brute-threads", "sbt", 150, "子域名爆破线程数量"),
		flagSet.BoolVarP(&structs.GlobalConfig.AllowLocalAreaDomain, "local-domain", "ld", false, "允许域名解析到局域网"),
		flagSet.BoolVarP(&structs.GlobalConfig.AllowCDNAssets, "allow-cdn", "ac", false, "允许扫描带CDN的资产 | 默认略过"),
		flagSet.BoolVarP(&structs.GlobalConfig.NoHostBind, "no-host-bind", "nhb", false, "禁用域名绑定资产探测"),
	)

	flagSet.CreateGroup("web", "Web探针配置",
		flagSet.IntVarP(&structs.GlobalConfig.WebThreads, "web-threads", "wt", 200, "Web探针线程,根据网络环境调整"),
		flagSet.IntVarP(&structs.GlobalConfig.WebTimeout, "web-timeout", "wto", 10, "Web探针超时时间,根据网络环境调整"),
		flagSet.BoolVarP(&structs.GlobalConfig.NoDirSearch, "no-dir", "nd", false, "关闭主动Web指纹探测"),
	)

	flagSet.CreateGroup("proxy", "HTTP代理配置",
		flagSet.StringVarP(&structs.GlobalConfig.HTTPProxy, "proxy", "", "", "HTTP代理"),
		flagSet.BoolVarP(&structs.GlobalConfig.HTTPProxyTest, "proxy-test", "pt", true, "启动前测试HTTP代理"),
		flagSet.StringVarP(&structs.GlobalConfig.HTTPProxyTestURL, "proxy-test-url", "ptu", "https://www.baidu.com", "测试HTTP代理的url，需要url返回200"),
	)

	flagSet.CreateGroup("uncover", "网络空间搜索引擎",
		flagSet.BoolVar(&structs.GlobalConfig.Hunter, "hunter", false, "从hunter中获取资产,开启此选项后-t参数变更为需要在hunter中搜索的关键词"),
		flagSet.IntVarP(&structs.GlobalConfig.HunterPageSize, "hunter-page-size", "hps", 100, "Hunter查询每页资产条数"),
		flagSet.IntVarP(&structs.GlobalConfig.HunterMaxPageCount, "hunter-max-page-count", "hmpc", 10, "Hunter 最大查询页数"),
		flagSet.BoolVarP(&structs.GlobalConfig.LowPerceptionMode, "low-perception-mode", "lpm", false, "Hunter低感知模式 | 从Hunter直接取响应判断指纹，直接进入漏洞扫描阶段"),
		flagSet.BoolVar(&structs.GlobalConfig.OnlyIPPort, "oip", false, "从网络空间搜索引擎中以IP:Port的形式拉取资产，而不是Domain(IP):Port"),
		flagSet.BoolVar(&structs.GlobalConfig.Fofa, "fofa", false, "从Fofa中获取资产,开启此选项后-t参数变更为需要在fofa中搜索的关键词"),
		flagSet.IntVarP(&structs.GlobalConfig.FofaMaxCount, "fofa-max-count", "fmc", 100, "Fofa 查询资产条数 Max:10000"),
		flagSet.BoolVar(&structs.GlobalConfig.Quake, "quake", false, "从Quake中获取资产,开启此选项后-t参数变更为需要在quake中搜索的关键词"),
		flagSet.IntVarP(&structs.GlobalConfig.QuakeSize, "quake-max-count", "qmc", 100, "Quake 查询资产条数"),
	)

	flagSet.CreateGroup("output", "输出",
		flagSet.StringVarP(&structs.GlobalConfig.OutputFile, "output", "o", "result.txt", "结果输出文件"),
		flagSet.StringVarP(&structs.GlobalConfig.OutputType, "output-type", "ot", "text", "结果输出格式 text,json"),
		flagSet.StringVarP(&structs.GlobalConfig.ReportName, "html-output", "ho", "", "html漏洞报告的名称"),
	)

	flagSet.CreateGroup("vuln-detect", "漏洞探测",
		flagSet.BoolVar(&structs.GlobalConfig.NoPoc, "npoc", false, "关闭漏洞探测,只进行信息收集"),
		flagSet.StringVarP(&structs.GlobalConfig.PocNameForSearch, "poc-name", "poc", "", "模糊匹配Poc名称"),
		flagSet.BoolVarP(&structs.GlobalConfig.NoInteractsh, "no-interactsh", "ni", false, "禁用Interactsh服务器，排除反连模版"),
		flagSet.IntVarP(&structs.GlobalConfig.GoPocThreads, "golang-poc-threads", "gpt", 50, "GoPoc运行线程"),
		flagSet.BoolVarP(&structs.GlobalConfig.NoGolangPoc, "no-golang-poc", "ngp", false, "关闭Golang Poc探测"),
		flagSet.BoolVarP(&structs.GlobalConfig.DisableGeneralPoc, "disable-general-poc", "dgp", false, "禁用无视指纹的漏洞映射"),
		flagSet.StringVarP(&structs.GlobalConfig.ExcludeTags, "exclude-tags", "et", "", "通过tags排除模版 | 多个tags请用,连接"),
		flagSet.StringVarP(&structs.GlobalConfig.Severities, "severity", "s", "", "只允许指定严重程度的模板运行 | 多参数用,连接 | 允许的值: "+strings.ReplaceAll(severity.GetSupportedSeverities().String(), " ", "")),
	)

	flagSet.CreateGroup("config", "配置文件",
		flagSet.StringVarP(&structs.GlobalConfig.APIConfigFilePath, "api-config-file", "acf", "config/api-config.yaml", "API配置文件"),
		flagSet.StringVarP(&structs.GlobalConfig.NucleiTemplate, "nuclei-template", "nt", "config/pocs", "指定存放Nuclei Poc的文件夹路径"),
		flagSet.StringVarP(&structs.GlobalConfig.WorkflowYamlPath, "workflow-yaml", "wy", "config/workflow.yaml", "指定存放workflow.yaml (指纹=>漏洞映射) 的路径"),
		flagSet.StringVarP(&structs.GlobalConfig.FingerConfigFilePath, "finger-yaml", "fy", "config/finger.yaml", "指定存放finger.yaml (指纹配置) 的路径"),
		flagSet.StringVarP(&structs.GlobalConfig.DirSearchYaml, "dir-yaml", "dy", "config/dir.yaml", "主动指纹数据库路径"),
		flagSet.StringVarP(&structs.GlobalConfig.SubdomainWordListFile, "subdomain-word-list", "swl", "config/subdomains.txt", "子域名字典文件路径"),
	)

	flagSet.CreateGroup("passwd", "爆破密码配置",
		flagSet.StringVarP(&structs.GlobalConfig.Password, "username-password", "up", "", "设置爆破凭证，设置后将禁用内置字典 | 凭证格式 'admin : password'"),
		flagSet.StringVarP(&structs.GlobalConfig.PasswordFile, "username-password-file", "upf", "", "设置爆破凭证文件(一行一个)，设置后将禁用内置字典 | 凭证格式 'admin : password'"),
	)

	flagSet.CreateGroup("audit", "审计日志 | 敏感环境必备",
		flagSet.BoolVar(&gologger.Audit, "a", false, "开启审计日志，记录程序运行日志，收发包详细信息，避免背黑锅。"),
		flagSet.StringVarP(&gologger.AuditLogFileName, "audit-log-filename", "alf", "audit.log", "审计日志文件名称"),
	)

	_ = flagSet.Parse()

	prepare()
	flagAudit()
}

// 记录启动信息
func flagAudit() {
	gologger.AuditTimeLogger("dddd启动")
	gologger.AuditLogger("本次启动参数如下:")
	gologger.AuditLogger("Target: %s", strings.Join(structs.GlobalConfig.Targets, ","))
	gologger.AuditLogger("Subdomain: %v", structs.GlobalConfig.Subdomain)
	gologger.AuditLogger("NoSubdomainBruteForce: %v", structs.GlobalConfig.NoSubdomainBruteForce)
	gologger.AuditLogger("NoSubFinder: %v", structs.GlobalConfig.NoSubFinder)
	gologger.AuditLogger("SubdomainBruteForceThreads: %v", structs.GlobalConfig.SubdomainBruteForceThreads)
	gologger.AuditLogger("AllowLocalAreaDomain: %v", structs.GlobalConfig.AllowLocalAreaDomain)
	gologger.AuditLogger("Ports: %v", structs.GlobalConfig.Ports)
	gologger.AuditLogger("SkipHostDiscovery: %v", structs.GlobalConfig.SkipHostDiscovery)
	gologger.AuditLogger("NoICMPPing: %v", structs.GlobalConfig.NoICMPPing)
	gologger.AuditLogger("TCPPing: %v", structs.GlobalConfig.TCPPing)
	gologger.AuditLogger("GetBannerThreads: %v", structs.GlobalConfig.GetBannerThreads)
	gologger.AuditLogger("PortScanType: %v", structs.GlobalConfig.PortScanType)
	gologger.AuditLogger("TCPPortScanThreads: %v", structs.GlobalConfig.TCPPortScanThreads)
	gologger.AuditLogger("SYNPortScanThreads: %v", structs.GlobalConfig.SYNPortScanThreads)
	gologger.AuditLogger("PortsThreshold: %v", structs.GlobalConfig.PortsThreshold)
	gologger.AuditLogger("TCPPortScanTimeout: %v", structs.GlobalConfig.TCPPortScanTimeout)
	gologger.AuditLogger("MasscanPath: %v", structs.GlobalConfig.MasscanPath)
	gologger.AuditLogger("WebThreads: %v", structs.GlobalConfig.WebThreads)
	gologger.AuditLogger("WebTimeout: %v", structs.GlobalConfig.WebTimeout)
	gologger.AuditLogger("HTTPProxy: %v", structs.GlobalConfig.HTTPProxy)
	gologger.AuditLogger("HTTPProxyTestURL: %v", structs.GlobalConfig.HTTPProxyTestURL)
	gologger.AuditLogger("HTTPProxyTest: %v", structs.GlobalConfig.HTTPProxyTest)
	gologger.AuditLogger("NoDirSearch: %v", structs.GlobalConfig.NoDirSearch)
	gologger.AuditLogger("Hunter: %v", structs.GlobalConfig.Hunter)
	gologger.AuditLogger("HunterPageSize: %v", structs.GlobalConfig.HunterPageSize)
	gologger.AuditLogger("HunterMaxPageCount: %v", structs.GlobalConfig.HunterMaxPageCount)
	gologger.AuditLogger("Fofa: %v", structs.GlobalConfig.Fofa)
	gologger.AuditLogger("FofaMaxCount: %v", structs.GlobalConfig.FofaMaxCount)
	gologger.AuditLogger("Quake: %v", structs.GlobalConfig.Quake)
	gologger.AuditLogger("QuakeSize: %v", structs.GlobalConfig.QuakeSize)
	gologger.AuditLogger("LowPerceptionMode: %v", structs.GlobalConfig.LowPerceptionMode)
	gologger.AuditLogger("ReportName: %v", structs.GlobalConfig.ReportName)
	gologger.AuditLogger("GoPocThreads: %v", structs.GlobalConfig.GoPocThreads)
	gologger.AuditLogger("NoGolangPoc: %v", structs.GlobalConfig.NoGolangPoc)
	gologger.AuditLogger("PocNameForSearch: %v", structs.GlobalConfig.PocNameForSearch)
	gologger.AuditLogger("NoPoc: %v", structs.GlobalConfig.NoPoc)
	gologger.AuditLogger("NoInteractsh: %v", structs.GlobalConfig.NoInteractsh)
	gologger.AuditLogger("Audit: %v", gologger.Audit)
	gologger.AuditLogger("AuditLogFileName: %v", gologger.AuditLogFileName)
	gologger.AuditLogger("GetBannerTimeout: %v", structs.GlobalConfig.GetBannerTimeout)
	gologger.AuditLogger("SubdomainWordListFile: %v", structs.GlobalConfig.SubdomainWordListFile)
	gologger.AuditLogger("APIConfigFilePath: %v", structs.GlobalConfig.APIConfigFilePath)
	gologger.AuditLogger("NucleiTemplate: %v", structs.GlobalConfig.NucleiTemplate)
	gologger.AuditLogger("DirSearchYaml: %v", structs.GlobalConfig.DirSearchYaml)
	gologger.AuditLogger("WorkflowYamlPath: %v", structs.GlobalConfig.WorkflowYamlPath)
	gologger.AuditLogger("Password: %v", structs.GlobalConfig.Password)
	gologger.AuditLogger("PasswordFile: %v", structs.GlobalConfig.PasswordFile)

}

var PortTOP1000 = "21,22,23,25,53,69,80,81,88,89,110,135,161,445,139,137,143,389,443,512,513,514,548,873,1433,1521,2181,3306,3389,3690,4848,5000,5001,5432,5632,5900,5901,5902,6379,7000,7001,7002,8000,8001,8007,8008,8009,8069,8080,8081,8088,8089,8090,8091,9060,9090,9091,9200,9300,10000,11211,27017,27018,50000,1080,888,1158,2100,2424,2601,2604,3128,5984,7080,8010,8082,8083,8084,8085,8086,8087,8222,8443,8686,8888,9000,9001,9002,9003,9004,9005,9006,9007,9008,9009,9010,9043,9080,9081,9418,9999,50030,50060,50070,82,83,84,85,86,87,7003,7004,7005,7006,7007,7008,7009,7010,7070,7071,7072,7073,7074,7075,7076,7077,7078,7079,8002,8003,8004,8005,8006,8200,90,801,8011,8100,8012,8070,99,7777,8028,808,38888,8181,800,18080,8099,8899,8360,8300,8800,8180,3505,8053,1000,8989,28017,49166,3000,41516,880,8484,6677,8016,7200,9085,5555,8280,1980,8161,7890,8060,6080,8880,8020,889,8881,38501,1010,93,6666,100,6789,7060,8018,8022,3050,8787,2000,10001,8013,6888,8040,10021,2011,6006,4000,8055,4430,1723,6060,7788,8066,9898,6001,8801,10040,9998,803,6688,10080,8050,7011,40310,18090,802,10003,8014,2080,7288,8044,9992,8889,5644,8886,9500,58031,9020,8015,8887,8021,8700,91,9900,9191,3312,8186,8735,8380,1234,38080,9088,9988,2110,21245,3333,2046,9061,2375,9011,8061,8093,9876,8030,8282,60465,2222,98,1100,18081,70,8383,5155,92,8188,2517,8062,11324,2008,9231,999,28214,16080,8092,8987,8038,809,2010,8983,7700,3535,7921,9093,11080,6778,805,9083,8073,10002,114,2012,701,8810,8400,9099,8098,8808,20000,8065,8822,15000,9901,11158,1107,28099,12345,2006,9527,51106,688,25006,8045,8023,8029,9997,7048,8580,8585,2001,8035,10088,20022,4001,2013,20808,8095,106,3580,7742,8119,6868,32766,50075,7272,3380,3220,7801,5256,5255,10086,1300,5200,8096,6198,6889,3503,6088,9991,806,5050,8183,8688,1001,58080,1182,9025,8112,7776,7321,235,8077,8500,11347,7081,8877,8480,9182,58000,8026,11001,10089,5888,8196,8078,9995,2014,5656,8019,5003,8481,6002,9889,9015,8866,8182,8057,8399,10010,8308,511,12881,4016,8042,1039,28080,5678,7500,8051,18801,15018,15888,38443,8123,8144,94,9070,1800,9112,8990,3456,2051,9098,444,9131,97,7100,7711,7180,11000,8037,6988,122,8885,14007,8184,7012,8079,9888,9301,59999,49705,1979,8900,5080,5013,1550,8844,4850,206,5156,8813,3030,1790,8802,9012,5544,3721,8980,10009,8043,8390,7943,8381,8056,7111,1500,7088,5881,9437,5655,8102,6000,65486,4443,10025,8024,8333,8666,103,8,9666,8999,9111,8071,9092,522,11381,20806,8041,1085,8864,7900,1700,8036,8032,8033,8111,60022,955,3080,8788,7443,8192,6969,9909,5002,9990,188,8910,9022,10004,866,8582,4300,9101,6879,8891,4567,4440,10051,10068,50080,8341,30001,6890,8168,8955,16788,8190,18060,7041,42424,8848,15693,2521,19010,18103,6010,8898,9910,9190,9082,8260,8445,1680,8890,8649,30082,3013,30000,2480,7202,9704,5233,8991,11366,7888,8780,7129,6600,9443,47088,7791,18888,50045,15672,9089,2585,60,9494,31945,2060,8610,8860,58060,6118,2348,8097,38000,18880,13382,6611,8064,7101,5081,7380,7942,10016,8027,2093,403,9014,8133,6886,95,8058,9201,6443,5966,27000,7017,6680,8401,9036,8988,8806,6180,421,423,57880,7778,18881,812,15004,9110,8213,8868,1213,8193,8956,1108,778,65000,7020,1122,9031,17000,8039,8600,50090,1863,8191,65,6587,8136,9507,132,200,2070,308,5811,3465,8680,7999,7084,18082,3938,18001,9595,442,4433,7171,9084,7567,811,1128,6003,2125,6090,10007,7022,1949,6565,65001,1301,19244,10087,8025,5098,21080,1200,15801,1005,22343,7086,8601,6259,7102,10333,211,10082,18085,180,40000,7021,7702,66,38086,666,6603,1212,65493,96,9053,7031,23454,30088,6226,8660,6170,8972,9981,48080,9086,10118,40069,28780,20153,20021,20151,58898,10066,1818,9914,55351,8343,18000,6546,3880,8902,22222,19045,5561,7979,5203,8879,50240,49960,2007,1722,8913,8912,9504,8103,8567,1666,8720,8197,3012,8220,9039,5898,925,38517,8382,6842,8895,2808,447,3600,3606,9095,45177,19101,171,133,8189,7108,10154,47078,6800,8122,381,1443,15580,23352,3443,1180,268,2382,43651,10099,65533,7018,60010,60101,6699,2005,18002,2009,59777,591,1933,9013,8477,9696,9030,2015,7925,6510,18803,280,5601,2901,2301,5201,302,610,8031,5552,8809,6869,9212,17095,20001,8781,25024,5280,7909,17003,1088,7117,20052,1900,10038,30551,9980,9180,59009,28280,7028,61999,7915,8384,9918,9919,55858,7215,77,9845,20140,8288,7856,1982,1123,17777,8839,208,2886,877,6101,5100,804,983,5600,8402,5887,8322,770,13333,7330,3216,31188,47583,8710,22580,1042,2020,34440,20,7703,65055,8997,6543,6388,8283,7201,4040,61081,12001,3588,7123,2490,4389,1313,19080,9050,6920,299,20046,8892,9302,7899,30058,7094,6801,321,1356,12333,11362,11372,6602,7709,45149,3668,517,9912,9096,8130,7050,7713,40080,8104,13988,18264,8799,55070,23458,8176,9517,9541,9542,9512,8905,11660,1025,44445,44401,17173,436,560,733,968,602,3133,3398,16580,8488,8901,8512,10443,9113,9119,6606,22080,5560,7,5757,1600,8250,10024,10200,333,73,7547,8054,6372,223,3737,9800,9019,8067,45692,15400,15698,9038,37006,2086,1002,9188,8094,8201,8202,30030,2663,9105,10017,4503,1104,8893,40001,27779,3010,7083,5010,5501,309,1389,10070,10069,10056,3094,10057,10078,10050,10060,10098,4180,10777,270,6365,9801,1046,7140,1004,9198,8465,8548,108,30015,8153,1020,50100,8391,34899,7090,6100,8777,8298,8281,7023,3377,9100"