admin/PrivHunterAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/PrivHunterAI.git synced 2025-09-17 20:41:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update scan.go

Browse Source
This commit is contained in:
公明 2025-03-01 19:30:06 +08:00 committed by GitHub
parent c760a03be7
commit 0ea58f7192
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
scan.go
View File

@ -107,7 +107,6 @@ func scan() {
} }
} }
func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB string, err error) { func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB string, err error) {
jsonDataReq, err := json.Marshal(r.Request) jsonDataReq, err := json.Marshal(r.Request)
if err != nil { if err != nil {
@ -165,7 +164,7 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
var detectErr error var detectErr error
maxRetries := 5 maxRetries := 5
for i := 0; i < maxRetries; i++ { for i := 0; i < maxRetries; i++ {
resultDetect, detectErr = detectPrivilegeEscalation(config.GetConfig().AI, fullURL.String(), resp1, resp2) resultDetect, detectErr = detectPrivilegeEscalation(config.GetConfig().AI, req1, resp1, resp2, resp.Status)
if detectErr == nil { if detectErr == nil {
break // 成功退出循环 break // 成功退出循环
} }
@ -188,19 +187,19 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
return `{"res": "white", "reason": "白名单后缀或白名单Content-Type接口"}`, resp1, "", nil return `{"res": "white", "reason": "白名单后缀或白名单Content-Type接口"}`, resp1, "", nil
} }
func detectPrivilegeEscalation(AI string, url, resp1, resp2 string) (string, error) { func detectPrivilegeEscalation(AI string, reqA, resp1, resp2, statusB string) (string, error) {
var result string var result string
var err error var err error
switch AI { switch AI {
case "kimi": case "kimi":
result, err = aiapis.Kimi(url, resp1, resp2) // 调用 kimi 检测是否越权 result, err = aiapis.Kimi(reqA, resp1, resp2, statusB) // 调用 kimi 检测是否越权
case "deepseek": case "deepseek":
result, err = aiapis.DeepSeek(url, resp1, resp2) // 调用 deepSeek 检测是否越权 result, err = aiapis.DeepSeek(reqA, resp1, resp2, statusB) // 调用 deepSeek 检测是否越权
case "qianwen": case "qianwen":
result, err = aiapis.Qianwen(url, resp1, resp2) // 调用 qianwen 检测是否越权 result, err = aiapis.Qianwen(reqA, resp1, resp2, statusB) // 调用 qianwen 检测是否越权
default: default:
result, err = aiapis.Kimi(url, resp1, resp2) // 默认调用 kimi 检测是否越权 result, err = aiapis.Kimi(reqA, resp1, resp2, statusB) // 默认调用 kimi 检测是否越权
} }
if err != nil { if err != nil {