diff --git a/README.md b/README.md index d84f977..8099d05 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,18 @@ Scan list of networks and hosts: cat city_cidrs.txt | ./gons -s rtsp -list - ``` +Search for public resources over http: + +```sh +./gons -s http -d ./assets/data/http-pub-paths.txt -rb "Index of" +``` + +Search for public mjpeg webcams: + +```sh +./gons -s http -d ./assets/data/http-cam-paths.txt -i tun0 -rh "(image/jpeg|multipart/x-mixed-replace)" +``` + ## Testing ```sh diff --git a/assets/data/http-cam-paths.txt b/assets/data/http-cam-paths.txt index 6da3b00..5571ec1 100644 --- a/assets/data/http-cam-paths.txt +++ b/assets/data/http-cam-paths.txt @@ -1 +1,3 @@ +/-wvhttp-01-/image.cgi?v=jpg:640x480 +/nphMotionJpeg?Resolution=640x480&Quality=Standard /mjpg/video.mjpg diff --git a/assets/data/http-pub-paths.txt b/assets/data/http-pub-paths.txt new file mode 100644 index 0000000..70bcd1b --- /dev/null +++ b/assets/data/http-pub-paths.txt @@ -0,0 +1,6 @@ +/content/uploads +/files +/public +/upload +/uploads +/wp-content/uploads diff --git a/services/http.go b/services/http.go index 6f880fd..b28bc90 100644 --- a/services/http.go +++ b/services/http.go @@ -1,11 +1,10 @@ package services import ( - "bufio" "crypto/tls" + "io" "net" "net/http" - "net/textproto" "net/url" "regexp" "strings" @@ -66,38 +65,37 @@ func (s *HTTPService) check(uri url.URL) bool { if err != nil { return false } - - isText := false defer r.Body.Close() + defer c.CloseIdleConnections() + + if r.StatusCode > 400 { + return false + } for k, values := range r.Header { for _, v := range values { - if k == "Content-Type" && strings.Contains(v, "text/") { - isText = true - } - if s.headerReg != nil && s.headerReg.MatchString(v) { + if s.headerReg != nil && s.headerReg.MatchString(k+": "+v) { return true } } } - if !isText { + if r.ContentLength == -1 || r.ContentLength > 1024*1024 { return false } - reader := bufio.NewReader(r.Body) - tr := textproto.NewReader(reader) - for { - line, err := tr.ReadLine() - if err != nil { - break - } - if s.bodyReg != nil && s.bodyReg.MatchString(line) { - return true - } + reader := io.LimitReader(r.Body, 1024*1024) + b, err := io.ReadAll(reader) + + if err != nil { + return false + } + + if s.bodyReg != nil && s.bodyReg.Match(b) { + return true } - if s.headerReg == nil && s.bodyReg == nil && r.StatusCode < 400 { + if s.headerReg == nil && s.bodyReg == nil { return true }