admin/PrivHunterAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/PrivHunterAI.git synced 2025-05-07 11:06:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update scan.go

Browse Source
This commit is contained in:
公明 2025-02-25 15:40:26 +08:00 committed by GitHub
parent 5959bde226
commit 83d910ef78
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 33 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
scan.go
View File

@ -19,6 +19,13 @@ type Result struct {
RespBodyA string `json:"respBodyA"` RespBodyA string `json:"respBodyA"`
RespBodyB string `json:"respBodyB"` RespBodyB string `json:"respBodyB"`
Result string `json:"result"` Result string `json:"result"`
Reason string `json:"reason"`
}
// 扫描结果
type ScanResult struct {
Res string `json:"res"`
Reason string `json:"reason"`
} }
func scan() { func scan() {
@ -45,14 +52,32 @@ func scan() {
resultOutput.Path = r.Request.URL.Path resultOutput.Path = r.Request.URL.Path
resultOutput.RespBodyA = resp1 resultOutput.RespBodyA = resp1
resultOutput.RespBodyB = resp2 resultOutput.RespBodyB = resp2
resultOutput.Result = result //
jsonData, err := json.Marshal(resultOutput)
result1, err := parseResponse(result)
if err != nil { if err != nil {
log.Fatalf("Error marshaling to JSON: %v", err) log.Fatalf("解析失败: %v", err)
}
var scanR ScanResult
err = json.Unmarshal([]byte(result1), &scanR)
if err != nil {
log.Println("解析 JSON 数据失败("+result+": )", err)
} else {
// fmt.Printf("Res: %s\n", scanR.Res)
// fmt.Printf("Reason: %s\n", scanR.Reason)
resultOutput.Result = scanR.Res
resultOutput.Reason = scanR.Reason
jsonData, err := json.Marshal(resultOutput)
if err != nil {
log.Fatalf("Error marshaling to JSON: %v", err)
}
log.Println(string(jsonData))
fmt.Println(PrintYuequan(resultOutput.Result, resultOutput.Method, resultOutput.Host+resultOutput.Path, resultOutput.Reason))
logs.Delete(key)
return true // 返回true继续遍历返回false停止遍历
} }
log.Println(string(jsonData))
logs.Delete(key)
return true // 返回true继续遍历返回false停止遍历
} }
} else { } else {
// logs.Delete(key) // 不可以添加logs.Delete(key) // logs.Delete(key) // 不可以添加logs.Delete(key)
@ -106,13 +131,13 @@ func sendHTTPAndKimi(r *RequestResponseLog) (result string, respA string, respB
} }
return result, resp1, resp2, nil return result, resp1, resp2, nil
} else { } else {
return "请求包太大", resp1, resp2, nil return `{"res": "white", "reason": "请求包太大"}`, resp1, resp2, nil
} }
// log.Println("Result:", result) // log.Println("Result:", result)
} }
return "白名单后缀或白名单Content-Type接口", resp1, "", nil return `{"res": "white", "reason": "白名单后缀或白名单Content-Type接口"}`, resp1, "", nil
} }
func detectPrivilegeEscalation(AI string, resp1, resp2 string) (string, error) { func detectPrivilegeEscalation(AI string, resp1, resp2 string) (string, error) {
@ -133,24 +158,3 @@ func detectPrivilegeEscalation(AI string, resp1, resp2 string) (string, error) {
} }
return result, nil return result, nil
} }
func isNotSuffix(s string, suffixes []string) bool {
for _, suffix := range suffixes {
if strings.HasSuffix(s, suffix) {
return false
}
}
return true
}
// 扫描白名单
func containsString(target string, slice []string) bool {
for _, s := range slice {
if strings.Contains(strings.ToLower(target), strings.ToLower(s)) {
// log.Println(target)
return true
}
}
return false
}