suspect

package
v1.2.7-sp3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 20, 2023 License: AGPL-3.0 Imports: 16 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var GuessExports = map[string]interface{}{
	"IsAlpha": func(i interface{}) bool {
		return utils.MatchAllOfRegexp(i, `[a-zA-Z]+`)
	},
	"IsDigit": func(i interface{}) bool {
		return utils.MatchAllOfRegexp(i, `[0-9]+`)
	},
	"IsAlphaNum": func(i interface{}) bool {
		return utils.MatchAllOfRegexp(i, `[a-zA-Z0-9]+`)
	},
	"IsAlNum": func(i interface{}) bool {
		return utils.MatchAllOfRegexp(i, `[a-zA-Z0-9]+`)
	},
	"IsTLSServer": netx.IsTLSService,
	"IsHttpURL":   IsFullURL,
	"IsUrlPath":   IsURLPath,
	"IsHtmlResponse": func(i interface{}) bool {
		switch ret := i.(type) {
		case string:
			rsp, err := lowhttp.ParseBytesToHTTPResponse([]byte(ret))
			if err != nil {
				log.Error(err)
				return false
			}
			return IsHTMLResponse(rsp)
		case []byte:
			rsp, err := lowhttp.ParseBytesToHTTPResponse(ret)
			if err != nil {
				log.Error(err)
				return false
			}
			return IsHTMLResponse(rsp)
		case *http.Response:
			return IsHTMLResponse(ret)
		default:
			log.Errorf("need []byte/string/*http.Response but got %s", reflect.TypeOf(ret))
			return false
		}
	},
	"IsServerError": func(i interface{}) bool {
		switch ret := i.(type) {
		case string:
			return HaveServerError([]byte(ret))
		case []byte:
			return HaveServerError(ret)
		default:
			return HaveServerError([]byte(fmt.Sprint(ret)))
		}
	},
	"ExtractChineseIDCards": func(i interface{}) []string {
		switch ret := i.(type) {
		case string:
			return SearchChineseIDCards([]byte(ret))
		case []byte:
			return SearchChineseIDCards(ret)
		default:
			return SearchChineseIDCards([]byte(fmt.Sprint(ret)))
		}
	},
	"IsJsonResponse": func(i interface{}) bool {
		switch ret := i.(type) {
		case string:
			rsp, err := lowhttp.ParseBytesToHTTPResponse([]byte(ret))
			if err != nil {
				log.Error(err)
				return false
			}
			return IsJsonResponse(rsp)
		case []byte:
			rsp, err := lowhttp.ParseBytesToHTTPResponse(ret)
			if err != nil {
				log.Error(err)
				return false
			}
			return IsJsonResponse(rsp)
		case *http.Response:
			return IsJsonResponse(ret)
		default:
			log.Errorf("need []byte/string/*http.Response but got %s", reflect.TypeOf(ret))
			return false
		}
	},
	"IsRedirectParam":       BeUsedForRedirect,
	"IsJSONPParam":          IsJSONPParam,
	"IsUrlParam":            IsGenericURLParam,
	"IsXmlParam":            IsXMLParam,
	"IsSensitiveJson":       IsSensitiveJSON,
	"IsSensitiveTokenField": IsTokenParam,
	"IsPasswordField":       IsPasswordKey,
	"IsUsernameField":       IsUsernameKey,
	"IsSQLColumnField":      IsSQLColumnName,
	"IsCaptchaField":        IsCaptchaKey,
	"IsBase64Value":         IsBase64,
	"IsPlainBase64Value":    IsBase64Password,
	"IsMD5Value":            IsMD5Data,
	"IsSha256Value":         IsSHA256Data,
	"IsXmlRequest": func(i interface{}) bool {
		switch ret := i.(type) {
		case []byte:
			return IsXMLRequest(ret)
		case string:
			return IsXMLRequest([]byte(ret))
		case *http.Request:
			raw, _ := utils.HttpDumpWithBody(i, true)
			return IsXMLRequest(raw)
		default:
			return false
		}
	},
	"IsXmlValue": func(i interface{}) bool {
		switch ret := i.(type) {
		case string:
			return IsXMLString(ret)
		case []byte:
			return IsXMLBytes(ret)
		}
		return false
	},
}

Functions

func BeUsedForRedirect 

func BeUsedForRedirect(key string, value interface{}) bool

根据 key 的名字猜测是否是用于重定向的参数

func GetSensitiveKeyList 

func GetSensitiveKeyList() []string

func HaveServerError 

func HaveServerError(body []byte) bool

func IsBase64 

func IsBase64(s string) bool

func IsBase64Password 

func IsBase64Password(s string) bool

func IsCaptchaKey 

func IsCaptchaKey(key string) bool

func IsFullURL 

func IsFullURL(v interface{}) bool

IsFullURL 根据 value 猜测是否是一个完整 url,目前只关心 http 和 https

func IsGenericURLParam 

func IsGenericURLParam(key string, value interface{}) bool

func IsHTMLResponse 

func IsHTMLResponse(resp *http.Response) bool

IsHTMLResponse 判断 response 是否为 html 格式 1. response content-type 2. check fist 500 bytes

func IsJSONPParam 

func IsJSONPParam(key string, value interface{}) bool

func IsJsonResponse 

func IsJsonResponse(resp *http.Response) bool

func IsJsonResponseRaw 

func IsJsonResponseRaw(resp []byte) bool

func IsMD5Data 

func IsMD5Data(s string) bool

func IsPasswordKey 

func IsPasswordKey(key string) bool

func IsSHA256Data 

func IsSHA256Data(s string) bool

func IsSQLColumnName 

func IsSQLColumnName(s string) bool

func IsSensitiveJSON 

func IsSensitiveJSON(data []byte) bool

func IsSensitiveJSONP 

func IsSensitiveJSONP(reqRaw []byte, rspRaw []byte) bool

ref: https://portswigger.net/blog/json-hijacking-for-the-modern-web

判断逻辑 1. get method 2. query 中有 callback, cb, jsonp 参数 3. (nosniff = true && content-type = js) || (nosniff = false && content-type maybe js) 4. 不能是 {, <, [, " 开头 5. 包含 ( 或者 = 6. 重要!包含敏感数据,username, ip 等 7. 该函数用于初筛(Check 函数), 具体漏洞确定在 jsonp package 内

func IsTokenParam 

func IsTokenParam(key string) bool

func IsURLPath 

func IsURLPath(v interface{}) bool

根据 value 猜测是否是一个 url path

func IsUsernameKey 

func IsUsernameKey(key string) bool

func IsXMLBytes 

func IsXMLBytes(data []byte) bool

func IsXMLParam 

func IsXMLParam(key string, value interface{}) bool

func IsXMLRequest 

func IsXMLRequest(raw []byte) bool

func IsXMLString 

func IsXMLString(data string) bool

func SearchChineseIDCards 

func SearchChineseIDCards(data []byte) []string

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.