conf

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 5, 2024 License: AGPL-3.0 Imports: 13 Imported by: 2

Documentation

Index

Constants

View Source 
const Version = "1.2.0"
View Source 
const Website = "https://github.com/yhy0/Jie"

Variables

View Source
View Source 
var ChromePath string
View Source 
var ConfigFile string
View Source 
var DangerHeaders = []string{
	"X-Client-IP",
	"X-Remote-IP",
	"X-Remote-Addr",
	"X-Forwarded-For",
	"X-Originating-IP",
	"Referer",
	"CF-Connecting_IP",
	"True-Client-IP",
	"X-Forwarded-For",
	"Originating-IP",
	"X-Real-IP",
	"X-Client-IP",
	"Forwarded",
	"Client-IP",
	"Contact",
	"X-Wap-Profile",
	"X-Api-Version",
}

DangerHeaders 一些危险的请求头, 用来测试 sql 注入、ssrf,有的谜一样的业务逻辑可能会被命中

View Source 
var FileName = "Jie_config.yaml"
View Source 
var FilePath string

FilePath 一些配置文件的默认位置

View Source 
var GlobalConfig = &Config{}
View Source 
var NoProgressBar bool
View Source 
var Parallelism = 10

Parallelism 对一个网站同时扫描的最大 url 个数

View Source 
var (
	// Plugin 插件单独从配置文件中读取出来,方便使用
	Plugin = map[string]bool{
		"xss":                   false,
		"sql":                   false,
		"sqlmapApi":             false,
		"cmd":                   false,
		"xxe":                   false,
		"ssrf":                  false,
		"brute":                 false,
		"hydra":                 false,
		"bypass403":             false,
		"jsonp":                 false,
		"crlf":                  false,
		"log4j":                 false,
		"fastjson":              false,
		"portScan":              false,
		"poc":                   false,
		"nuclei":                false,
		"bbscan":                false,
		"archive":               false,
		"nginx-alias-traversal": false,
	}
)
View Source 
var Wappalyzer *wappalyzer.Wappalyze

Functions

func HotConf added in v1.0.0 

func HotConf()

HotConf 使用 viper 对配置热加载

func Init added in v1.0.0 

func Init()

Init 加载配置

func Preparations added in v1.1.0 

func Preparations()

func ReadPlugin added in v1.0.0 

func ReadPlugin()

ReadPlugin 插件读取出来方便使用,之后所有的插件运行都是看 Plugin 中对应的是否开启

func ReadYamlConfig added in v1.0.0 

func ReadYamlConfig()

ReadYamlConfig 读取配置文件

func WriteYamlConfig added in v1.0.0 

func WriteYamlConfig() error

WriteYamlConfig 生成写入默认配置文件, 这里就不通过 viper 写入了, viper 写入的没有注释

Types

type Collection added in v1.0.0 

type Collection struct {
	Domain              []string `json:"domain"`
	IP                  []string `json:"ip"`
	Phone               []string `json:"phone"`
	Email               []string `json:"email"`
	IDCard              []string `json:"idCard"`
	API                 []string `json:"api"`
	Url                 []string `json:"url"`
	UrlFilter           []string `json:"urlFilter"`
	Other               []string `json:"other"`
	SensitiveParameters []string `json:"sensitive_parameters"`
}

Collection 信息收集中的正则

type Config 

type Config struct {
	Debug      bool       `json:"debug"`
	Options    Options    `json:"options"`
	Passive    Passive    `json:"passive"`
	Http       Http       `json:"http"`
	Plugins    Plugins    `json:"plugins"`
	WebScan    WebScan    `json:"webScan"`
	NoPortScan bool       `json:"no_port_scan"`
	Reverse    Reverse    `json:"reverse"`
	SqlmapApi  Sqlmap     `json:"sqlmapApi"`
	Mitmproxy  Mitmproxy  `json:"mitmproxy"`
	Collection Collection `json:"collection"`
}

type Http added in v1.0.0 

type Http struct {
	Proxy           string            `json:"proxy"`           // 漏洞扫描时使用的代理,如: http://127.0.0.1:8080
	Timeout         int               `json:"timeout"`         // 建立 tcp 连接的超时时间
	MaxConnsPerHost int               `json:"maxConnsPerHost"` // 每个 host 最大连接数
	RetryTimes      int               `json:"retryTimes"`      // 请求失败的重试次数,0 则不重试
	AllowRedirect   int               `json:"allowRedirect"`   // 单个请求最大允许的跳转数,0 则不跳转
	VerifySSL       bool              `json:"verifySSL"`       // 是否验证 ssl 证书
	MaxQps          int               `json:"maxQps"`          // 每秒最大请求数
	Headers         map[string]string `json:"headers"`         // 指定 http 请求头
	ForceHTTP1      bool              `json:"forceHTTP1"`      // 强制指定使用 http/1.1
}

type Mitmproxy added in v1.0.0 

type Mitmproxy struct {
	BasicAuth struct {
		Username string `json:"username"`
		Password string `json:"password"`
		Header   string `json:"header"`
	} `json:"basicAuth"`
	Exclude      []string `json:"exclude"`      // Exclude 排除扫描的域名
	Include      []string `json:"include"`      // Include 只扫描的域名
	FilterSuffix string   `json:"filterSuffix"` // 排除的后缀
}

type Options added in v0.3.1 

type Options struct {
	Target     string // target URLs/hosts to scan
	TargetFile string
	Targets    []string
	Output     string
	Mode       string
	S2         S2
	Shiro      Shiro
}

type Passive added in v1.0.0 

type Passive struct {
	ProxyPort string `mapstructure:"port" json:"port"`
	WebPort   string `mapstructure:"webPort" json:"webPort"`
	WebUser   string `mapstructure:"webUser" json:"webUser"`
	WebPass   string `mapstructure:"webPass" json:"webPass"`
}

type Plugins added in v1.0.0 

type Plugins struct {
	BruteForce struct {
		Web                bool   `json:"web"`
		Service            bool   `json:"service"`
		UsernameDictionary string `json:"usernameDict"`
		PasswordDictionary string `json:"passwordDict"`
	} `json:"bruteForce"`

	CmdInjection struct {
		Enabled bool `json:"enabled"`
	} `json:"cmdInjection"`

	CrlfInjection struct {
		Enabled bool `json:"enabled"`
	} `json:"crlfInjection"`

	XSS struct {
		Enabled           bool `json:"enabled"`
		DetectXssInCookie bool `json:"detectXssInCookie"`
	} `json:"xss"`

	Sql struct {
		Enabled               bool `json:"enabled"`
		BooleanBasedDetection bool `json:"booleanBasedDetection"`
		TimeBasedDetection    bool `json:"timeBasedDetection"`
		ErrorBasedDetection   bool `json:"errorBasedDetection"`
		DetectInCookie        bool `json:"detectInCookie"`
	} `json:"sql"`

	SqlmapApi Sqlmap `json:"sqlmapApi"`

	XXE struct {
		Enabled bool `json:"enabled"`
	} `json:"xxe"`

	SSRF struct {
		Enabled bool `json:"enabled"`
	} `json:"ssrf"`

	BBscan struct {
		Enabled bool `json:"enabled"`
	} `json:"bbscan"`

	Jsonp struct {
		Enabled bool `json:"enabled"`
	} `json:"jsonp"`

	Log4j struct {
		Enabled bool `json:"enabled"`
	} `json:"log4j"`

	ByPass403 struct {
		Enabled bool `json:"enabled"`
	} `json:"bypass403"`

	Fastjson struct {
		Enabled bool `json:"enabled"`
	} `json:"fastjson"`

	NginxAliasTraversal struct {
		Enabled bool `json:"enabled"`
	} `json:"nginxAliasTraversal"`

	Poc struct {
		Enabled bool `json:"enabled"`
	} `json:"poc"`

	Nuclei struct {
		Enabled bool `json:"enabled"`
	} `json:"nuclei"`

	Archive struct {
		Enabled bool `json:"enabled"`
	} `json:"archive"`

	IIS struct {
		Enabled bool `json:"enabled"`
	} `json:"iis"`

	PortScan struct {
		Enabled bool `json:"enabled"`
	} `json:"portScan"`
}

Plugins 插件配置

type Reverse 

type Reverse struct {
	Host   string `json:"host"`
	Domain string `json:"domain"`
}

Reverse dnslog 配置,使用 dig.pm https://github.com/yumusb/DNSLog-Platform-Golang

type S2 added in v0.3.1 

type S2 struct {
	Mode        string
	Name        string
	Body        string
	CMD         string
	ContentType string
}

type Shiro added in v0.3.1 

type Shiro struct {
	Mode     string
	Cookie   string
	Platform string
	Key      string
	KeyMode  string
	Gadget   string
	CMD      string
	Echo     string
}

type Sqlmap added in v1.0.0 

type Sqlmap struct {
	Enabled  bool   `json:"enabled"`  // 是否开启 sqlmap api
	Url      string `json:"url"`      // SQLMap API 服务器地址
	Username string `json:"username"` // SQLMap API 用户名
	Password string `json:"password"` // SQLMap API 密码
}

Sqlmap Sqlmap API 配置

type WebScan 

type WebScan struct {
	Poc  []string `json:"poc"`
	Craw string   `json:"craw"`
	Show bool     `json:"show"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.