Documentation ¶
Index ¶
- Constants
- Variables
- func AsynCmd(fnCbk func(line string), szCmd string, args ...string) error
- func CheckHeader(header *http.Header, szUrl string)
- func CheckHoneyportDetection4HeaderServer(server, szUrl string) bool
- func CheckHvNmap() bool
- func CheckShiroCookie(header *http.Header) int
- func Close()
- func CloseAll()
- func CloseAllHttpClient()
- func CloseCache()
- func CloseHttpClient(szUrl string)
- func Convert2Domains(x string) []string
- func Create[T any](mod *T) int64
- func Dnslogchek(randomstr string) bool
- func DoBody(szUrl, szBody string, head *http.Header)
- func DoCmd(args ...string) (string, error)
- func DoInit(config *embed.FS)
- func DoLog4j(szUrl string)
- func DoSyncFunc(cbk func())
- func FileExists(s string) bool
- func GetAny[T any](key string) (T, error)
- func GetAsAny(key string) interface{}
- func GetClient(szUrl string) *http.Client
- func GetClient4Cc(szUrl string) *http.Client
- func GetCount[T any](mod T, args ...interface{}) int64
- func GetCustomHeadersRaw() string
- func GetHostInfo() (result *host.InfoStat, err error)
- func GetJson4Query(source interface{}, path string) interface{}
- func GetLocalIP() (ip string)
- func GetMemInfo() (float64, []map[string]interface{})
- func GetNetInfo() (result []net.IOCountersStat, err error)
- func GetNetSpeed() (speed map[string]map[string]uint64, err error)
- func GetNmap() string
- func GetOne[T any](rst *T, args ...interface{}) *T
- func GetPointVal(i interface{}) interface{}
- func GetSha1(a ...interface{}) string
- func GetSubQueryList[T1, T2, T3 any](mode T1, preLd T3, aRst []T2, nPageSize int, Offset int, conds ...interface{}) *[]T2
- func GetSubQueryLists[T1, T2 any](mode T1, preLd string, aRst []T2, nPageSize int, Offset int, ...) *[]T2
- func GetTableName[T any](mod T) string
- func GetTempFile(t string) *os.File
- func GetVal(key string) string
- func GetVal4Any[T any](key string) T
- func GetVal4File(key, szDefault string) string
- func GetVal4Filedefault(key, szDefault string) string
- func GetValAsBool(key string) bool
- func GetValAsInt(key string, nDefault int) int
- func GetValByDefault(key, dftvl string) string
- func HoneyportDetection(host string) bool
- func Init1(config *embed.FS)
- func Init2()
- func InitCHcc()
- func InitDb(dst ...interface{}) *gorm.DB
- func InitModle(x ...interface{})
- func IntInSlice(i int, slice []int) bool
- func IsPointed(i interface{}) bool
- func IsStruct(i interface{}) bool
- func Log(v ...any)
- func MergeParms2Obj(obj interface{}, args ...interface{}) interface{}
- func Mkdirs(s string)
- func ParseOption[T any](key string, opt *T) *T
- func PutAny[T any](key string, data T)
- func RandStringRunes(n int) string
- func RandomStr() string
- func ReadCsv(filename string, data CSVReader) error
- func RegInitFunc(cbk func())
- func RemoveDuplication_map(arr []string) []string
- func SendAData[T any](k string, data []T, szType ESaveType)
- func SendAnyData(data interface{}, szType ESaveType)
- func SendLog(szUrl, szVulType, Msg, Payload string)
- func SendReq(data1 interface{}, id string, szType ESaveType)
- func SetHeader(m *http.Header)
- func SliceInAny[T any](i T, slice []T) bool
- func SliceInString(str string, slice []string) bool
- func SliceRemoveDuplicates(slice []string) []string
- func StrContains(s1, s2 string) bool
- func StringInSlice(str string, slice []string) bool
- func SupplyChain(szUrl, szBody string, head *http.Header)
- func TestIs404Page(szUrl string) (page *Page, r01 *Response, err error, ok bool)
- func TestRepeat(a ...interface{}) bool
- func TestRepeat4Save(key string, a ...interface{}) (interface{}, bool)
- func UpInsert[T any](mod *T, query string, args ...interface{}) int64
- func Update[T any](mod *T, query string, args ...interface{}) int64
- func UpdategoscanVersionToLatest(verbose bool) error
- type CSVReader
- type Cmd
- func (r *Cmd) AsynCmd(fnCbk func(line string), szCmd string, args ...string) error
- func (cmd *Cmd) Command(name string, arg ...string) *Cmd
- func (cmd *Cmd) Exit() error
- func (cmd *Cmd) Interrupt()
- func (cmd *Cmd) Start() error
- func (r *Cmd) WriteInput(args ...string)
- func (r *Cmd) WriteInput4Cbk(fnCbk func() *string)
- type Config4scanAllModel
- type CpuInfo
- type CpuSingle
- type ESaveType
- type KvDbOp
- func (r *KvDbOp) Close()
- func (r *KvDbOp) Delete(key string) error
- func (r *KvDbOp) Get(key string) (szRst []byte, err error)
- func (r *KvDbOp) GetKeyForData(key string) (szRst []byte)
- func (r *KvDbOp) Init(szDb string) error
- func (r *KvDbOp) Put(key string, data []byte)
- func (r *KvDbOp) SetExpiresAt(ExpiresAt uint64)
- type Page
- type Part
- type Parts
- type PocCheck
- type Response
- func GetResponse(username string, password string, urlstring string, method string, ...) (resp1 *Response, reqbody, location string, err error)
- func HttpRequset(urlstring string, method string, postdata string, isredirect bool, ...) (*Response, error)
- func HttpRequsetBasic(username string, password string, urlstring string, method string, ...) (*Response, error)
- func TestIs404(szUrl string) (r01 *Response, err error, ok bool)
- type SimpleVulResult
Constants ¶
const GB = 1024 * 1024 * 1024
const Version = `2.7.9`
Variables ¶
var ( UrlPrecise = "UrlPrecise" CacheName = "CacheName" EnableSubfinder = "EnableSubfinder" )
var ( HttpProxy string // 代理 CeyeApi string // Ceye api CeyeDomain string // Ceye domain Fuzzthreads = 32 // 2,4,8,16,32,采用2的N次方的数字 )
var Abs404 = "/goscan404"
var BaseReg = regexp.MustCompile("(?i)Basic\\s*realm\\s*=\\s*")
匹配响应中 www-Authenticate 是否有认证要求都信息
var Config4scanAll = Config4scanAllModel{}
var Ctx_global, StopAll = context.WithCancel(RootContext)
全局关闭所有线程
var CustomHeaders []string
自定义http 头
var DbName = "config/goscan_db"
var DeleteMe = regexp.MustCompile("rememberMe=deleteMe")
多次使用,一次性编译效率更高
var EnableHoneyportDetection = true
var EsUrl string
var G_Options interface{}
var InterruptTimeout = 200 * time.Millisecond
InterruptTimeout timeout for interrupt signal when exiting a Cmd
var KillTimeout = 1000 * time.Millisecond
KillTimeout timeout for kill signal when exiting a Cmd
var MyName = "goscan"
var NoColor bool
var Output = ""
out filename
var PocCheck_pipe = make(chan *PocCheck, 64)
go POC 检测管道,避免循环引用
var RootContext = context.Background()
全局控制
var SupplyChainReg *regexp.Regexp
提取供应链信息
var SzPwd string
var TmpFile = map[string][]*os.File{}
var UrlMt []*regexp.Regexp = []*regexp.Regexp{ regexp.MustCompile("^http[s]:\\/\\/[^\\/]+\\/?$"), regexp.MustCompile("^http[s]:\\/\\/[^\\/]+\\/[^\\/]+$")}
var UserHomeDir string = "./"
var Wg *sync.WaitGroup = &sync.WaitGroup{}
全局线程控制
Functions ¶
func CheckHoneyportDetection4HeaderServer ¶
检查 蜜罐 Server信息,check Honeypor server info
func CheckHvNmap ¶
func CheckHvNmap() bool
func CheckShiroCookie ¶
检查 cookie Shiro CVE_2016_4437 cookie 其他POC cookie同一检查入口
func CloseAllHttpClient ¶
func CloseAllHttpClient()
func CloseHttpClient ¶
func CloseHttpClient(szUrl string)
func Convert2Domains ¶
兼容hacker one 域名表示方式,以下格式支持 *.xxx.com *.xxx.xx1.*
func Dnslogchek ¶
func DoLog4j ¶
func DoLog4j(szUrl string)
1、检测 $HOME/MyWork/log4j-scan 存在就执行 python3 版本log4j检测 2、相同目标只执行一次,基于内存缓存 3、只支持:https://github.com/hktalent/log4j-scan 版本
func GetClient4Cc ¶
func GetCustomHeadersRaw ¶
func GetCustomHeadersRaw() string
X-Forwarded-Host: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Originating-IP: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1 X-Client-IP: 127.0.0.1 X-Host: 127.0.0.1
获取 自定义头信息等raw模式
func GetJson4Query ¶
func GetJson4Query(source interface{}, path string) interface{}
func GetPointVal ¶
func GetPointVal(i interface{}) interface{}
func GetSubQueryList ¶
func GetSubQueryList[T1, T2, T3 any](mode T1, preLd T3, aRst []T2, nPageSize int, Offset int, conds ...interface{}) *[]T2
通用 查询模型T1类型 mode,并关联T1类型对子类型T3 preLd 设置 nPageSize 和便宜Offset 以及其他查询条件conds
func GetSubQueryLists ¶
func GetSubQueryLists[T1, T2 any](mode T1, preLd string, aRst []T2, nPageSize int, Offset int, conds ...interface{}) *[]T2
通用 查询模型T1类型 mode,并关联T1类型对子类型T3 preLd 设置 nPageSize 和便宜Offset 以及其他查询条件conds
func GetValByDefault ¶
func HoneyportDetection ¶
添加蜜罐检测,并自动跳过目标,默认false跳过蜜罐检测 考虑内存缓存结果
func InitDb ¶
go - 交叉编译go-sqlite3 https://www.modb.pro/db/329524 ./tools/Check_CVE_2020_26134 -config="/Users/51pwn/MyWork/mybugbounty/allDomains.txt" 获取Gorm db连接、操作对象
func MergeParms2Obj ¶
func MergeParms2Obj(obj interface{}, args ...interface{}) interface{}
若干参数依赖注入到对象 obj中
util.MergeParms2Obj(&ms, args...)
func ParseOption ¶
从配置json中读取naabu、httpx、nuclei等的细化配置
func RandStringRunes ¶
func RegInitFunc ¶
func RegInitFunc(cbk func())
func RemoveDuplication_map ¶
func SliceInString ¶
func SupplyChain ¶
提取供应链信息 相同上下文、成功时只提取一次 提取header信息:server、X*,不同上下文提取
func TestIs404Page ¶
func TestRepeat ¶
func TestRepeat(a ...interface{}) bool
func TestRepeat4Save ¶
Types ¶
type Cmd ¶
type Config4scanAllModel ¶
type KvDbOp ¶
https://colobu.com/2017/10/11/badger-a-performant-k-v-store/ https://juejin.cn/post/6844903814571491335
var Cache1 *KvDbOp
func (*KvDbOp) GetKeyForData ¶
func (*KvDbOp) SetExpiresAt ¶
type Page ¶
type Page struct { IsBackUpPath bool // 备份、敏感泄露文件检测请求url IsBackUpPage bool // 发现备份、敏感泄露文件 Title *string // 标题 LocationUrl *string // 跳转页面 Is302 bool // 是302页面 Is403 bool // 403页面 Url *string // 作为本地永久缓存key,提高执行效率 BodyStr *string // body = trim() + ToLower BodyLen int // body 长度 Header *http.Header // 基于指针,节约内存空间 StatusCode int // 状态码 Resqonse *Response // 基于指针,节约内存空间 }
fuzz请求返回的结果 尽可能使用指针,节约内存开销
type Part ¶
type Part struct { Path string `json:"path"` FsType string `json:"fstype"` Total float64 `json:"total"` Free float64 `json:"free"` Used float64 `json:"used"` UsedPercent int `json:"usedPercent"` }
分区
type PocCheck ¶
type PocCheck struct { Wappalyzertechnologies *[]string URL string FinalURL string Checklog4j bool }
管道通讯使用
type Response ¶
type Response struct { Status string StatusCode int Body string Header *http.Header // 不用负责对象,引用,节约内存开销 ContentLength int RequestUrl string Location string }
fuzz 响应对象封装
func GetResponse ¶
func HttpRequset ¶
func HttpRequset(urlstring string, method string, postdata string, isredirect bool, headers map[string]string) (*Response, error)
需要考虑缓存
1、缓解网络不好的情况 2、缓存有效期为当天 3、缓存命中需和请求的数据完全匹配