Documentation
¶
Index ¶
- Variables
- func BeUsedForRedirect(key string, value interface{}) bool
- func GetSensitiveKeyList() []string
- func HaveServerError(body []byte) bool
- func IsBase64(s string) bool
- func IsBase64Password(s string) bool
- func IsCaptchaKey(key string) bool
- func IsFullURL(v interface{}) bool
- func IsGenericURLParam(key string, value interface{}) bool
- func IsHTMLResponse(resp *http.Response) bool
- func IsJSONPParam(key string, value interface{}) bool
- func IsJsonResponse(resp *http.Response) bool
- func IsJsonResponseRaw(resp []byte) bool
- func IsMD5Data(s string) bool
- func IsPasswordKey(key string) bool
- func IsSHA256Data(s string) bool
- func IsSQLColumnName(s string) bool
- func IsSensitiveJSON(data []byte) bool
- func IsSensitiveJSONP(reqRaw []byte, rspRaw []byte) bool
- func IsTokenParam(key string) bool
- func IsURLPath(v interface{}) bool
- func IsUsernameKey(key string) bool
- func IsXMLBytes(data []byte) bool
- func IsXMLParam(key string, value interface{}) bool
- func IsXMLRequest(raw []byte) bool
- func IsXMLString(data string) bool
- func SearchChineseIDCards(data []byte) []string
Constants ¶
This section is empty.
Variables ¶
View Source
var GuessExports = map[string]interface{}{ "IsAlpha": isAlpha, "IsDigit": isDigit, "IsAlphaNum": isAlphaNum, "IsAlNum": isAlphaNum, "IsTLSServer": isTLSServer, "IsHttpURL": IsFullURL, "IsUrlPath": IsURLPath, "IsHtmlResponse": isHtmlResponse, "IsServerError": isServerError, "ExtractChineseIDCards": extractChineseIDCards, "IsJsonResponse": isJsonResponse, "IsRedirectParam": isRedirectParam, "IsJSONPParam": isJSONPParam, "IsUrlParam": isURLParam, "IsXmlParam": isXMLParam, "IsSensitiveJson": isSensitiveJson, "IsSensitiveTokenField": isSensitiveTokenField, "IsPasswordField": isPasswordField, "IsUsernameField": isUsernameField, "IsSQLColumnField": isSQLColumnField, "IsCaptchaField": isCaptchaField, "IsBase64Value": isBase64Value, "IsPlainBase64Value": isPlainBase64Value, "IsMD5Value": isMD5Value, "IsSha256Value": isSha256Value, "IsXmlRequest": isXMLRequest, "IsXmlValue": isXmlValue, }
Functions ¶
func BeUsedForRedirect ¶
根据 key 的名字猜测是否是用于重定向的参数
func GetSensitiveKeyList ¶
func GetSensitiveKeyList() []string
func HaveServerError ¶
func IsBase64Password ¶
func IsCaptchaKey ¶
func IsFullURL ¶
func IsFullURL(v interface{}) bool
IsFullURL 根据 value 猜测是否是一个完整 url,目前只关心 http 和 https
func IsGenericURLParam ¶
func IsHTMLResponse ¶
IsHTMLResponse 判断 response 是否为 html 格式 1. response content-type 2. check fist 500 bytes
func IsJSONPParam ¶
func IsJsonResponse ¶
func IsJsonResponseRaw ¶
func IsPasswordKey ¶
func IsSHA256Data ¶
func IsSQLColumnName ¶
func IsSensitiveJSON ¶
func IsSensitiveJSONP ¶
ref: https://portswigger.net/blog/json-hijacking-for-the-modern-web
判断逻辑 1. get method 2. query 中有 callback, cb, jsonp 参数 3. (nosniff = true && content-type = js) || (nosniff = false && content-type maybe js) 4. 不能是 {, <, [, " 开头 5. 包含 ( 或者 = 6. 重要!包含敏感数据,username, ip 等 7. 该函数用于初筛(Check 函数), 具体漏洞确定在 jsonp package 内
func IsTokenParam ¶
func IsUsernameKey ¶
func IsXMLBytes ¶
func IsXMLParam ¶
func IsXMLRequest ¶
func IsXMLString ¶
func SearchChineseIDCards ¶
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.