admin/PrivHunterAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/PrivHunterAI.git synced 2025-09-17 20:41:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update scan.go

Browse Source
This commit is contained in:
公明 2025-03-01 19:03:26 +08:00 committed by GitHub
parent a6fb61a652
commit 2bcce572b4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 104 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
scan.go
View File

@ -41,10 +41,13 @@ func scan() {
fmt.Printf("Value is not of type RequestResponseLog\n") fmt.Printf("Value is not of type RequestResponseLog\n")
} }
// fmt.Println(r) //
if r.Request.Header != nil && r.Response.Header != nil && r.Response.Body != nil && r.Response.StatusCode == 200 { if r.Request.Header != nil && r.Response.Header != nil && r.Response.Body != nil && r.Response.StatusCode == 200 {
// fmt.Println(r)
result, resp1, resp2, err := sendHTTPAndKimi(r) // 主要 result, resp1, resp2, err := sendHTTPAndKimi(r) // 主要
if err != nil { if err != nil {
logs.Delete(key)
// fmt.Println(r)
fmt.Println(err) fmt.Println(err)
} else { } else {
var resultOutput Result var resultOutput Result
@ -66,8 +69,6 @@ func scan() {
if err != nil { if err != nil {
log.Println("解析 JSON 数据失败("+result+": )", err) log.Println("解析 JSON 数据失败("+result+": )", err)
} else { } else {
// fmt.Printf("Res: %s\n", scanR.Res)
// fmt.Printf("Reason: %s\n", scanR.Reason)
resultOutput.Result = scanR.Res resultOutput.Result = scanR.Res
resultOutput.Reason = scanR.Reason resultOutput.Reason = scanR.Reason
jsonData, err := json.Marshal(resultOutput) jsonData, err := json.Marshal(resultOutput)
@ -106,7 +107,83 @@ func scan() {
} }
} }
// func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB string, err error) {
// jsonDataReq, err := json.Marshal(r.Request)
// if err != nil {
// fmt.Println("Error marshaling:", err)
// // return
// }
// req1 := string(jsonDataReq)
// resp1 := string(r.Response.Body)
// fullURL := &url.URL{
// Scheme: r.Request.URL.Scheme,
// Host: r.Request.URL.Host,
// Path: r.Request.URL.Path,
// RawQuery: r.Request.URL.RawQuery,
// }
// if isNotSuffix(r.Request.URL.Path, config.GetConfig().Suffixes) && !containsString(r.Response.Header.Get("Content-Type"), config.GetConfig().AllowedRespHeaders) {
// req, err := http.NewRequest(r.Request.Method, fullURL.String(), strings.NewReader(string(r.Request.Body)))
// if err != nil {
// fmt.Println("创建请求失败:", err)
// return "", "", "", err
// }
// req.Header = r.Request.Header
// // 增加其他头 2025 02 27
// if config.GetConfig().Headers2 != nil {
// for key, value := range config.GetConfig().Headers2 {
// req.Header.Set(key, value)
// }
// }
// // 2025 02 27 end
// // req.Header.Set("Cookie", config.GetConfig().Cookie2)
// // log.Println(req.Header)
// client := &http.Client{}
// resp, err := client.Do(req)
// if err != nil {
// fmt.Println("请求失败:", err)
// return "", "", "", err
// }
// defer resp.Body.Close()
// bodyBytes, err := io.ReadAll(resp.Body)
// if err != nil {
// fmt.Println("Error reading response body:", err)
// return "", "", "", err
// }
// // 将响应体转换为字符串
// resp2 := string(bodyBytes)
// // 输出响应体字符串
// // fmt.Println("Response1 Body:", resp1)
// // fmt.Println("Response2 Body:", resp2)
// if len(resp1+resp2) < 65535 {
// fmt.Println("Serialized JSON:", req1)
// result, err := detectPrivilegeEscalation(config.GetConfig().AI, fullURL.String(), resp1, resp2)
// if err != nil {
// fmt.Println("Error:", err)
// return "", "", "", err
// }
// return result, resp1, resp2, nil
// } else {
// return `{"res": "white", "reason": "请求包太大"}`, resp1, resp2, nil
// }
// // log.Println("Result:", result)
// }
// return `{"res": "white", "reason": "白名单后缀或白名单Content-Type接口"}`, resp1, "", nil
// }
func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB string, err error) { func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB string, err error) {
jsonDataReq, err := json.Marshal(r.Request)
if err != nil {
fmt.Println("Error marshaling:", err)
return "", "", "", err // 返回错误
}
req1 := string(jsonDataReq)
resp1 := string(r.Response.Body) resp1 := string(r.Response.Body)
fullURL := &url.URL{ fullURL := &url.URL{
@ -117,6 +194,7 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
} }
if isNotSuffix(r.Request.URL.Path, config.GetConfig().Suffixes) && !containsString(r.Response.Header.Get("Content-Type"), config.GetConfig().AllowedRespHeaders) { if isNotSuffix(r.Request.URL.Path, config.GetConfig().Suffixes) && !containsString(r.Response.Header.Get("Content-Type"), config.GetConfig().AllowedRespHeaders) {
req, err := http.NewRequest(r.Request.Method, fullURL.String(), strings.NewReader(string(r.Request.Body))) req, err := http.NewRequest(r.Request.Method, fullURL.String(), strings.NewReader(string(r.Request.Body)))
if err != nil { if err != nil {
fmt.Println("创建请求失败:", err) fmt.Println("创建请求失败:", err)
@ -131,7 +209,7 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
} }
// 2025 02 27 end // 2025 02 27 end
// req.Header.Set("Cookie", config.GetConfig().Cookie2) // req.Header.Set("Cookie", config.GetConfig().Cookie2)
// log.Println(req.Header)
client := &http.Client{} client := &http.Client{}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
@ -146,22 +224,34 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
} }
// 将响应体转换为字符串 // 将响应体转换为字符串
resp2 := string(bodyBytes) resp2 := string(bodyBytes)
// 输出响应体字符串
// fmt.Println("Response1 Body:", resp1)
// fmt.Println("Response2 Body:", resp2)
if len(resp1+resp2) < 65535 { if len(resp1+resp2) < 65535 {
result, err := detectPrivilegeEscalation(config.GetConfig().AI, fullURL.String(), resp1, resp2) fmt.Println("Serialized JSON:", req1)
if err != nil {
fmt.Println("Error:", err) // 初始值
return "", "", "", err var resultDetect string
var detectErr error
maxRetries := 5
for i := 0; i < maxRetries; i++ {
resultDetect, detectErr = detectPrivilegeEscalation(config.GetConfig().AI, fullURL.String(), resp1, resp2)
if detectErr == nil {
break // 成功退出循环
}
// 可选:增加延迟避免频繁请求
fmt.Println("AI分析异常重试中异常原因", detectErr)
time.Sleep(5 * time.Second) // 1秒延迟
} }
return result, resp1, resp2, nil
if detectErr != nil {
fmt.Println("Error after retries:", detectErr)
return "", "", "", detectErr
}
return resultDetect, resp1, resp2, nil
} else { } else {
return `{"res": "white", "reason": "请求包太大"}`, resp1, resp2, nil return `{"res": "white", "reason": "请求包太大"}`, resp1, resp2, nil
} }
// log.Println("Result:", result)
} }
return `{"res": "white", "reason": "白名单后缀或白名单Content-Type接口"}`, resp1, "", nil return `{"res": "white", "reason": "白名单后缀或白名单Content-Type接口"}`, resp1, "", nil
} }