admin/PrivHunterAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/PrivHunterAI.git synced 2025-09-17 20:41:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
PrivHunterAI/tools.go

197 lines
5.1 KiB
Go
Raw Normal View History

Create tools.go
2025-02-25 15:40:03 +08:00
package main
import (
Update tools.go
2025-04-23 17:16:35 +08:00
"bytes"
"encoding/json"
Create tools.go
2025-02-25 15:40:03 +08:00
"fmt"
Update tools.go
2025-04-23 17:16:35 +08:00
"net/url"
Create tools.go
2025-02-25 15:40:03 +08:00
"regexp"
"strings"
)
const (
colorRed = "\033[31m"
colorGreen = "\033[32m"
colorYellow = "\033[33m"
colorReset = "\033[0m"
colorBlue = "\033[34m" // 蓝色:白名单接口
colorCyan = "\033[36m"
)
// 输出
func PrintYuequan(yuequan string, method string, url string, reason string) string {
switch yuequan {
case "true":
Update tools.go
2025-02-25 17:59:24 +08:00
return fmt.Sprintf("%s[+] %s %s %s %s 原因:%s %s%s%s\n", colorRed, colorReset, method, url, colorCyan, reason, colorRed, "[可能存在越权/未授权漏洞]", colorReset)
Create tools.go
2025-02-25 15:40:03 +08:00
case "false":
Update tools.go
2025-02-25 17:59:24 +08:00
return fmt.Sprintf("%s[-] %s %s %s %s 原因:%s %s%s%s\n", colorGreen, colorReset, method, url, colorCyan, reason, colorGreen, "[不存在越权/未授权漏洞]", colorReset)
Create tools.go
2025-02-25 15:40:03 +08:00
case "unknown":
return fmt.Sprintf("%s[*] %s %s %s %s 原因:%s %s%s%s\n", colorYellow, colorReset, method, url, colorCyan, reason, colorYellow, "[不确定是否存在漏洞]", colorReset)
default:
Update tools.go
2025-02-25 17:59:24 +08:00
return fmt.Sprintf("%s[-] %s %s %s %s 原因:%s %s%s%s\n", colorBlue, colorReset, method, url, colorCyan, reason, colorBlue, "[未进行扫描]", colorReset)
Create tools.go
2025-02-25 15:40:03 +08:00
}
}
// 解析数据的函数
func parseResponse(data string) (string, error) {
var jsonData string
// 检查数据是否包含 Markdown 代码块
if strings.Contains(data, "```json") {
// 使用正则表达式提取 JSON 数据
re := regexp.MustCompile("(?s)```json\\s*(\\{.*?\\})\\s*```")
matches := re.FindStringSubmatch(data)
if len(matches) < 2 {
return "", fmt.Errorf("未找到 JSON 数据")
}
jsonData = matches[1] // 提取 JSON 数据
} else {
// 数据是普通 JSON 格式
jsonData = data
}
return jsonData, nil
}
func isNotSuffix(s string, suffixes []string) bool {
for _, suffix := range suffixes {
if strings.HasSuffix(s, suffix) {
return false
}
}
return true
}
// 扫描白名单
func containsString(target string, slice []string) bool {
for _, s := range slice {
if strings.Contains(strings.ToLower(target), strings.ToLower(s)) {
// log.Println(target)
return true
}
}
return false
}
Update tools.go
2025-02-26 12:47:47 +08:00
// 字符串大于600 会被截断
func TruncateString(s string) string {
// 将字符串转换为 rune 切片
runeSlice := []rune(s)
// 获取 rune 切片的长度
length := len(runeSlice)
// 如果长度小于或等于600 runes直接返回原字符串
if length <= 600 {
return s
}
// 截取前300 runes 和后300 runes
start := runeSlice[:300]
end := runeSlice[length-300:]
// 将截取的部分和省略号拼接起来
return fmt.Sprintf("%s...%s", string(start), string(end))
}
Update tools.go
2025-03-03 11:26:46 +08:00
// 扫描接口白名单、匹配相应包关键字
func MatchString(keywords []string, str string) bool {
switch len(keywords) {
case 0:
return false
case 1:
return strings.Contains(str, keywords[0])
default:
pattern := GeneratePattern(keywords)
matched, err := regexp.MatchString(pattern, str)
if err != nil {
panic(err)
}
return matched
}
}
func GeneratePattern(keywords []string) string {
var pattern strings.Builder
pattern.WriteString("(")
pattern.WriteString(strings.Join(keywords, "|"))
pattern.WriteString(")")
return pattern.String()
}
Update tools.go
2025-04-23 17:16:35 +08:00
type HTTPRequest struct {
Method string `json:"Method"`
URL struct {
Path string `json:"Path"`
RawQuery string `json:"RawQuery"`
} `json:"URL"`
Proto string `json:"Proto"`
Header map[string][]string `json:"Header"`
Body string `json:"Body"`
}
func generateHTTPRequest(input string) (string, error) {
var req HTTPRequest
err := json.Unmarshal([]byte(input), &req)
if err != nil {
return "", fmt.Errorf("failed to parse JSON: %v", err)
}
// 构建 URL
var urlString string
if req.URL.Path != "" {
urlString = req.URL.Path
}
if req.URL.RawQuery != "" {
urlString += "?" + req.URL.RawQuery
}
// 构建请求行
requestLine := fmt.Sprintf("%s %s %s", req.Method, urlString, req.Proto)
// 构建 Header
var headerLines []string
for key, values := range req.Header {
if len(values) > 0 {
// 将多个值用逗号分隔
headerLines = append(headerLines, fmt.Sprintf("%s: %s", key, strings.Join(values, ",")))
}
}
// 特殊处理 Origin 和 Referer
if val, ok := req.Header["Origin"]; ok && len(val) > 0 {
origin := val[0]
parsedOrigin, err := url.Parse(origin)
if err == nil {
headerLines = append(headerLines, fmt.Sprintf("Origin: %s", parsedOrigin.String()))
}
}
if val, ok := req.Header["Referer"]; ok && len(val) > 0 {
referer := val[0]
parsedReferer, err := url.Parse(referer)
if err == nil {
headerLines = append(headerLines, fmt.Sprintf("Referer: %s", parsedReferer.String()))
}
}
// 如果 Body 不为空,计算 Content-Length
if req.Body != "" {
contentLength := len(req.Body)
headerLines = append(headerLines, fmt.Sprintf("Content-Length: %d", contentLength))
}
// 构建最终的 HTTP 请求字符串
var buffer bytes.Buffer
buffer.WriteString(requestLine + "\n")
for _, line := range headerLines {
buffer.WriteString(line + "\n")
}
if req.Body != "" {
buffer.WriteString("\n" + req.Body)
Update tools.go
2025-04-23 17:25:54 +08:00
} else {
buffer.WriteString("\n\n")
Update tools.go
2025-04-23 17:16:35 +08:00
}
return buffer.String(), nil
}
Reference in New Issue Copy Permalink