v2.1.0

wjlin0 · Apr 29, 2024 · a66cb35 · a66cb35
1 parent c5f0420
commit a66cb35
Show file tree

Hide file tree

Showing 18 changed files with 757 additions and 202 deletions.
diff --git a/README.md b/README.md
@@ -27,15 +27,15 @@ go install -v github.com/wjlin0/pathScan/v2/cmd/pathScan@latest
 ```
 下载准备运行的[二进制文件](https://github.com/wjlin0/pathScan/releases/latest)
 
-- [macOS-arm64](https://github.com/wjlin0/pathScan/releases/download/v2.0.7/pathScan_2.0.7_macOS_arm64.zip)
+- [macOS-arm64](https://github.com/wjlin0/pathScan/releases/download/v2.1.0/pathScan_2.1.0_macOS_arm64.zip)
 
-- [macOS-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.7/pathScan_2.0.7_macOS_amd64.zip)
+- [macOS-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.1.0/pathScan_2.1.0_macOS_amd64.zip)
 
-- [linux-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.7/pathScan_2.0.7_linux_amd64.zip)
+- [linux-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.1.0/pathScan_2.1.0_linux_amd64.zip)
 
-- [windows-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.7/pathScan_2.0.7_windows_amd64.zip)
+- [windows-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.1.0/pathScan_2.1.0_windows_amd64.zip)
 
-- [windows-386](https://github.com/wjlin0/pathScan/releases/download/v2.0.7/pathScan_2.0.7_windows_386.zip)
+- [windows-386](https://github.com/wjlin0/pathScan/releases/download/v2.1.0/pathScan_2.1.0_windows_386.zip)
 
 
 # 用法
@@ -44,7 +44,7 @@ go install -v github.com/wjlin0/pathScan/v2/cmd/pathScan@latest
 pathScan -h
 ```
 ```yaml
-pathScan 2.0.7 Go 扫描、信息收集工具
+pathScan 2.1.0 Go 扫描、信息收集工具
 
 Usage:
   pathScan [flags]
@@ -57,9 +57,18 @@ Flags:
 扫描字典:
   -ps, -path string[]       路径(以逗号分割)
   -pl, -path-list string[]  从文件中,读取路径
-  -ldd, -load-default-dict  目标超过一个时，是否加载默认字典
   -lad, -load-api-dict      是否加载api字典
 
+自动过滤扫描路径模式（默认）:
+  -bs, -black-status string[]     黑名单状态码(以逗号分割,支持从文件读取 -bs /tmp/skip-code.txt, 支持 5xx、300-399 ) (default ["400", "410"])
+  -daps, -disable-auto-path-scan  禁用自动过滤扫描路径模式
+  -ws, -waf-status string[]       WAF状态码(以逗号分割,支持从文件读取 -ws /tmp/skip-code.txt, 支持 5xx、300-399 ） (default ["493", "418"])
+  -fs, -fuzzy-status string[]     模糊状态码(以逗号分割,支持从文件读取 -fs /tmp/skip-code.txt, 支持 5xx、300-399 ) (default ["403", "404", "500", "501", "502", "503"])
+
+指纹识别模式:
+  -op, -operator           是否启用模版规则
+  -mf, -match-file string  指纹文件目录或文件
+
 子域名收集模式:
   -s, -sub                   子域名收集
   -sq, -sub-query string[]   需要收集的域名 (支持从文件中录入 -sq /tmp/sub-query.txt)
@@ -95,17 +104,13 @@ Flags:
   -gh, -get-hash                  计算hash
   -shm, -skip-hash-method string  指定hash的方法（sha256,md5,sha1） (default "sha256")
 
-模版规则:
-  -validate                  验证指纹文件
-  -mf, -match-file string    指纹文件目录或文件
-  -dsm, -disable-scan-match  禁用指纹识别
-
 配置:
   -no-stdin                         disable stdin processing
   -rs, -retries int                 重试
   -p, -proxy string[]               代理
   -resolvers string[]               自定义DNS列表( 文件或逗号隔开 )
   -nn, -not-new                     允许重定向
+  -validate                         验证指纹文件
   -dac, -disable-alive-check        跳过活跃检查
   -sdl, -scan-domain-list string[]  从响应中中发现其他域名（逗号隔开，支持文件读取 -sdl /tmp/otherDomain.txt）
   -sd, -scan-domain                 从响应中发现其他域名
@@ -132,22 +137,21 @@ Flags:
 
 EXAMPLES:
 
-运行 pathScan 扫描路径, 指定单个目标 跳过 4xx 5xx 输出:
-  $ pathScan -u https://example.com/ -sc 4xx,5xx
+运行 pathScan 扫描路径, 指定单个目标:
+  $ pathScan -u https://example.com/
 
 运行 pathScan 搜索引擎:
-  $ pathScan -ue fofa -uq 'app="tomcat"'
+  $ pathScan -ue fofa -uq 'app="tomcat"' -silent
 
-运行 pathScan 收集子域名 指定输出:
-  $ pathScan -sq example.com -csv -o out.csv
+  运行 pathScan 指纹探测：
+  $ pathScan -op -u https://example.com
 
 运行 pathScan 收集子域名 并配合 nuclei 进行自动化漏洞扫描:
   $ pathScan -sq example.com -silent | nuclei
 
 其他文档可在以下网址获得: https://github.com/wjlin0/pathScan/
-
-
 ```
+
 ## 提供API KEY 配置
 
 默认的提供程序配置文件应位于`$HOME/.config/pathScan/provider-config.yaml`，并具有以下内容作为示例
@@ -276,7 +280,6 @@ func main() {
 	options := types.DefaultOptions
 	options.URL = []string{"wjlin0.com"}
 	options.DisableAliveCheck = true
-	options.DisableScanMatch = true
 	options.DisableUpdateCheck = true
 
 	options.ResultEventCallback = func(result output.ResultEvent) {

diff --git a/cmd/example/pathScan.go b/cmd/example/pathScan.go
@@ -13,7 +13,6 @@ func main() {
 	options := types.DefaultOptions
 	options.URL = []string{"wjlin0.com"}
 	options.DisableAliveCheck = true
-	options.DisableScanMatch = true
 	options.DisableUpdateCheck = true
 
 	options.ResultEventCallback = func(result output.ResultEvent) {

diff --git a/go.mod b/go.mod
@@ -5,6 +5,8 @@ go 1.21
 require (
 	github.com/corpix/uarand v0.2.0
 	github.com/fatih/color v1.15.0
+	github.com/gin-gonic/gin v1.9.1
+	github.com/go-dedup/simhash v0.0.0-20170904020510-9ecaca7b509c
 	github.com/hashicorp/golang-lru v1.0.2
 	github.com/pkg/errors v0.9.1
 	github.com/projectdiscovery/fastdialer v0.0.63
@@ -18,7 +20,7 @@ require (
 	github.com/remeh/sizedwaitgroup v1.0.0
 	github.com/wjlin0/uncover v1.1.2
 	github.com/wjlin0/utils v0.0.8
-	golang.org/x/net v0.22.0
+	golang.org/x/net v0.24.0
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -42,23 +44,31 @@ require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
 	github.com/c4milo/unpackit v0.1.0 // indirect
 	github.com/charmbracelet/glamour v0.6.0 // indirect
 	github.com/cheggaaa/pb/v3 v3.1.4 // indirect
 	github.com/cloudflare/cfssl v1.6.4 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 // indirect
 	github.com/denisbrodbeck/machineid v1.0.1 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/dlclark/regexp2 v1.8.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gaukas/godicttls v0.0.4 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-dedup/megophone v0.0.0-20170830025436-f01be21026f5 // indirect
+	github.com/go-dedup/text v0.0.0-20170907015346-8bb1b95e3cb7 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.14.1 // indirect
+	github.com/go-playground/validator/v10 v10.19.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -74,13 +84,14 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kataras/jwt v0.1.8 // indirect
 	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/klauspost/pgzip v1.2.5 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/mholt/archiver/v3 v3.5.1 // indirect
 	github.com/microcosm-cc/bluemonday v1.0.26 // indirect
@@ -92,6 +103,7 @@ require (
 	github.com/muesli/termenv v0.15.1 // indirect
 	github.com/nwaples/rardecode v1.1.3 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.1 // indirect
 	github.com/pierrec/lz4/v4 v4.1.2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/projectdiscovery/asnmap v1.1.0 // indirect
@@ -128,6 +140,8 @@ require (
 	github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible // indirect
 	github.com/tklauser/go-sysconf v0.3.12 // indirect
 	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/weppos/publicsuffix-go v0.30.2-0.20230730094716-a20f9abcc222 // indirect
@@ -140,13 +154,14 @@ require (
 	github.com/zmap/zcrypto v0.0.0-20230814193918-dbe676986518 // indirect
 	go.etcd.io/bbolt v1.3.7 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/arch v0.7.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/oauth2 v0.11.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect