From 9a1036b711fb2d8d7f9403a006712b733f064075 Mon Sep 17 00:00:00 2001 From: 51pwn <51pwn@51pwn.com> Date: Tue, 12 Jul 2022 09:21:16 +0800 Subject: [PATCH] =?UTF-8?q?fix=20filefuzz=E5=A4=84=E7=90=86=E4=B8=8D?= =?UTF-8?q?=E5=BD=93=E5=AF=BC=E8=87=B4cpu=E6=8C=81=E7=BB=AD=E4=B8=8A?= =?UTF-8?q?=E5=8D=87=E7=9A=84bug=202022-07-12=2009:21:1657588876?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- brute/filefuzz.go | 22 +++++++++++++++------- main.go | 17 ++++++++++++----- pkg/hydra/doNmapResult.go | 19 ++++++------------- pkg/hydra/mysql/mysql.go | 4 ++-- pkg/hydra/runner.go | 6 ++---- pkg/naabu/v2/pkg/runner/targets.go | 6 +----- 6 files changed, 38 insertions(+), 36 deletions(-) diff --git a/brute/filefuzz.go b/brute/filefuzz.go index a157a4c46..0e490bdc6 100644 --- a/brute/filefuzz.go +++ b/brute/filefuzz.go @@ -4,6 +4,8 @@ import ( _ "embed" "github.com/antlabs/strsim" "github.com/hktalent/scan4all/pkg" + "log" + "net/url" "regexp" "strings" "time" @@ -66,13 +68,10 @@ func reqPage(u string) (*page, *pkg.Response, error) { } page.title = gettitle(req.Body) page.locationUrl = req.Location - regs := strings.Split(strings.TrimSpace(fuzzct), "\n") - InitGeneral() - regs = append(regs, ret...) - for _, reg := range regs { - if x0, ok := req.Header["Content-Type"]; ok && 0 < len(x0) { - matched, _ := regexp.Match(reg, []byte(x0[0])) - if matched { + if x0, ok := req.Header["Content-Type"]; ok && 0 < len(x0) { + x0B := []byte(x0[0]) + for _, reg := range regs { + if matched, _ := regexp.Match(reg, x0B); matched { page.isBackUpPage = true } } @@ -91,16 +90,24 @@ var fuzz404 string //go:embed dicts/page404Content.txt var page404Content1 string +var regs []string func init() { bakSuffix = pkg.GetVal4File("bakSuffix", bakSuffix) fuzzct = pkg.GetVal4File("fuzzct", fuzzct) fuzz404 = pkg.GetVal4File("fuzz404", fuzz404) page404Content1 = pkg.GetVal4File("page404Content1", page404Content1) + InitGeneral() + regs = strings.Split(strings.TrimSpace(fuzzct), "\n") + regs = append(regs, ret...) } // 文件fuzz func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody string) ([]string, []string) { + u01, err := url.Parse(u) + if nil == err { + u = u01.Scheme + "://" + u01.Host + "/" + } var ( path404 = "/file_not_support" page200CodeList = []int{200, 301, 302} @@ -153,6 +160,7 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s ch <- struct{}{} //log.Println(u, " ", payload) go func(payload string) { + log.Println("fuzz: ", u+payload) if url, req, err := reqPage(u + payload); err == nil { // 403 by pass if url.is403 { diff --git a/main.go b/main.go index 2fa9cea07..ea343e399 100644 --- a/main.go +++ b/main.go @@ -2,13 +2,15 @@ package main import ( "embed" + "fmt" "github.com/hktalent/scan4all/pkg" naaburunner "github.com/hktalent/scan4all/pkg/naabu/v2/pkg/runner" "github.com/projectdiscovery/gologger" "io" "log" + "net/http" + _ "net/http/pprof" "runtime" - "sync" ) //go:embed config/* @@ -18,17 +20,23 @@ func init() { pkg.Init2(&config) } -var Wg sync.WaitGroup - func main() { - naaburunner.Wg = &Wg defer func() { + log.Println("start close cache, StopCPUProfile... ") pkg.Cache1.Close() //if "true" == pkg.GetVal("autoRmCache") { // os.RemoveAll(pkg.GetVal(pkg.CacheName)) //} }() options := naaburunner.ParseOptions() + if options.Debug { + // debug 优化时启用/////////////////////// + go func() { + fmt.Println("debug info: \nopen http://127.0.0.1:6060/debug/pprof/\n") + http.ListenAndServe(":6060", nil) + }() + //////////////////////////////////////////*/ + } if false == options.Debug && false == options.Verbose { // disable standard logger (ref: https://github.com/golang/go/issues/19895) log.SetFlags(0) @@ -52,5 +60,4 @@ func main() { if err != nil { gologger.Fatal().Msgf("naabuRunner.Httpxrun Could not run httpRunner: %s\n", err) } - Wg.Wait() } diff --git a/pkg/hydra/doNmapResult.go b/pkg/hydra/doNmapResult.go index 55d2e67c8..75e4195dd 100644 --- a/pkg/hydra/doNmapResult.go +++ b/pkg/hydra/doNmapResult.go @@ -10,18 +10,15 @@ import ( "os" "strconv" "strings" - "sync" ) // 弱口令检测 -func CheckWeakPassword(ip, service string, port int, wg *sync.WaitGroup) { - defer wg.Done() +func CheckWeakPassword(ip, service string, port int) { // 在弱口令检测范围就开始检测,结果.... service = strings.ToLower(service) if pkg.Contains(ProtocolList, service) { //log.Println("start CheckWeakPassword ", ip, ":", port, "(", service, ")") - wg.Add(1) - Start(ip, port, service, wg) + Start(ip, port, service) } } @@ -34,8 +31,7 @@ func GetAttr(att []xmlquery.Attr, name string) string { return "" } -func DoParseXml(s string, wg *sync.WaitGroup, bf *bytes.Buffer) { - defer wg.Done() +func DoParseXml(s string, bf *bytes.Buffer) { doc, err := xmlquery.Parse(strings.NewReader(s)) if err != nil { log.Println("DoParseXml: ", err) @@ -54,8 +50,7 @@ func DoParseXml(s string, wg *sync.WaitGroup, bf *bytes.Buffer) { service := GetAttr(x.SelectElement("service").Attr, "name") //bf.Write([]byte(fmt.Sprintf("%s:%s\n", ip, szPort))) bf.Write([]byte(fmt.Sprintf("http://%s:%s\n", ip, szPort))) - wg.Add(1) - go CheckWeakPassword(ip, service, port, wg) + go CheckWeakPassword(ip, service, port) // 存储结果到其他地方 //x9 := AuthInfo{IPAddr: ip, Port: port, Protocol: service} if "true" == enableEsSv { @@ -78,8 +73,7 @@ func DoParseXml(s string, wg *sync.WaitGroup, bf *bytes.Buffer) { } } -func DoNmapRst(wg *sync.WaitGroup, bf *bytes.Buffer) { - defer wg.Done() +func DoNmapRst(bf *bytes.Buffer) { if x1, ok := pkg.TmpFile[pkg.Naabu]; ok { for _, x := range x1 { defer func(r *os.File) { @@ -89,8 +83,7 @@ func DoNmapRst(wg *sync.WaitGroup, bf *bytes.Buffer) { b, err := ioutil.ReadFile(x.Name()) if nil == err && 0 < len(b) { //fmt.Println("read nmap xml file ok: ", len(b)) - wg.Add(1) - DoParseXml(string(b), wg, bf) + DoParseXml(string(b), bf) } else { log.Println("ioutil.ReadFile(x.Name()): ", err) } diff --git a/pkg/hydra/mysql/mysql.go b/pkg/hydra/mysql/mysql.go index 8f72bdb65..a4b2949a4 100644 --- a/pkg/hydra/mysql/mysql.go +++ b/pkg/hydra/mysql/mysql.go @@ -12,12 +12,12 @@ import ( func Check(Host, Username, Password string, Port int) (bool, error) { _ = mysql.SetLogger(log.New(io.Discard, "", log.Ldate|log.Ltime)) - dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/information_schema?charset=utf8&timeout=%v", Username, Password, Host, Port, 5*time.Second) + dataSourceName := fmt.Sprintf("%v:%v@tcp(%v:%v)/information_schema?charset=utf8&timeout=%v", Username, Password, Host, Port, 2*time.Second) db, err := sql.Open("mysql", dataSourceName) if err != nil { return false, err } - db.SetConnMaxLifetime(5 * time.Second) + db.SetConnMaxLifetime(2 * time.Second) db.SetMaxIdleConns(0) defer db.Close() err = db.Ping() diff --git a/pkg/hydra/runner.go b/pkg/hydra/runner.go index 21c67fefb..0d2df14c1 100644 --- a/pkg/hydra/runner.go +++ b/pkg/hydra/runner.go @@ -7,7 +7,6 @@ import ( "github.com/logrusorgru/aurora" "log" "strings" - "sync" ) func init() { @@ -27,10 +26,9 @@ func init() { } // 密码破解 -func Start(IPAddr string, Port int, Protocol string, wg *sync.WaitGroup) { - defer wg.Done() +func Start(IPAddr string, Port int, Protocol string) { authInfo := NewAuthInfo(IPAddr, Port, Protocol) - crack := NewCracker(authInfo, true, 128) + crack := NewCracker(authInfo, true, 8) fmt.Printf("\n[hydra]->开始对%v:%v[%v]进行暴力破解,字典长度为:%d\n", IPAddr, Port, Protocol, crack.Length()) go crack.Run() //爆破结果获取 diff --git a/pkg/naabu/v2/pkg/runner/targets.go b/pkg/naabu/v2/pkg/runner/targets.go index 7d66e388d..3f158884c 100644 --- a/pkg/naabu/v2/pkg/runner/targets.go +++ b/pkg/naabu/v2/pkg/runner/targets.go @@ -20,7 +20,6 @@ import ( "os" "regexp" "strings" - "sync" ) func (r *Runner) Load() error { @@ -102,8 +101,6 @@ func (r *Runner) DoSsl(target string) []string { return []string{} } -var Wg *sync.WaitGroup - // target域名转多个ip处理 func (r *Runner) DoTargets() (bool, error) { data, err := ioutil.ReadFile(r.targetsFile) @@ -182,8 +179,7 @@ func (r *Runner) DoTargets() (bool, error) { }(x99[0]) } pkg.TmpFile[pkg.Naabu] = []*os.File{tempInput1} - Wg.Add(1) - hydra.DoNmapRst(Wg, &Naabubuffer) + hydra.DoNmapRst(&Naabubuffer) defer r.Close() ioutil.WriteFile(r.targetsFile, []byte(""), os.ModePerm) log.Println("do namp over naabu ")