admin/PrivHunterAI
1
0
Fork 0
mirror of https://github.com/Ed1s0nZ/PrivHunterAI.git synced 2025-09-18 04:51:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update scan.go

Browse Source
This commit is contained in:
公明 2025-02-18 18:16:48 +08:00 committed by GitHub
parent 463d1e06f0
commit a2d2c9511a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 36 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
scan.go
View File

@ -1,6 +1,7 @@
package main package main
import ( import (
"encoding/json"
"fmt" "fmt"
"io" "io"
"log" "log"
@ -10,6 +11,12 @@ import (
"time" "time"
) )
type Result struct {
Host string `json:"host"` // JSON 标签用于自定义字段名
Path string `json:"path"`
Result string `json:"result"`
}
func scan() { func scan() {
for { for {
time.Sleep(3 * time.Second) time.Sleep(3 * time.Second)
@ -24,16 +31,30 @@ func scan() {
// fmt.Println(r) // fmt.Println(r)
if r.Request.Header != nil && r.Response.Header != nil { if r.Request.Header != nil && r.Response.Header != nil {
sendHTTPAndKimi(r) // 主要
result, err := sendHTTPAndKimi(r) // 主要
if err != nil {
fmt.Println(err)
} else {
var resultOutput Result
resultOutput.Host = r.Request.URL.Host
resultOutput.Path = r.Request.URL.Path
resultOutput.Result = result
jsonData, err := json.Marshal(resultOutput)
if err != nil {
log.Fatalf("Error marshaling to JSON: %v", err)
}
logs.Delete(key) logs.Delete(key)
fmt.Println(string(jsonData))
return true // 返回true继续遍历返回false停止遍历 return true // 返回true继续遍历返回false停止遍历
} }
}
return true return true
}) })
} }
} }
func sendHTTPAndKimi(r *RequestResponseLog) { func sendHTTPAndKimi(r *RequestResponseLog) (string, error) {
resp1 := string(r.Response.Body) resp1 := string(r.Response.Body)
fullURL := &url.URL{ fullURL := &url.URL{
@ -47,7 +68,7 @@ func sendHTTPAndKimi(r *RequestResponseLog) {
req, err := http.NewRequest(r.Request.Method, fullURL.String(), strings.NewReader(string(r.Request.Body))) req, err := http.NewRequest(r.Request.Method, fullURL.String(), strings.NewReader(string(r.Request.Body)))
if err != nil { if err != nil {
fmt.Println("创建请求失败:", err) fmt.Println("创建请求失败:", err)
return return "", err
} }
req.Header = r.Request.Header req.Header = r.Request.Header
req.Header.Set("Cookie", cookie2) req.Header.Set("Cookie", cookie2)
@ -55,13 +76,13 @@ func sendHTTPAndKimi(r *RequestResponseLog) {
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
fmt.Println("请求失败:", err) fmt.Println("请求失败:", err)
return return "", err
} }
defer resp.Body.Close() defer resp.Body.Close()
bodyBytes, err := io.ReadAll(resp.Body) bodyBytes, err := io.ReadAll(resp.Body)
if err != nil { if err != nil {
fmt.Println("Error reading response body:", err) fmt.Println("Error reading response body:", err)
return return "", err
} }
// 将响应体转换为字符串 // 将响应体转换为字符串
resp2 := string(bodyBytes) resp2 := string(bodyBytes)
@ -71,12 +92,14 @@ func sendHTTPAndKimi(r *RequestResponseLog) {
result, err := detectPrivilegeEscalation(AI, resp1, resp2) result, err := detectPrivilegeEscalation(AI, resp1, resp2)
if err != nil { if err != nil {
fmt.Println("Error:", err) fmt.Println("Error:", err)
} else { return "", err
log.Println("Result:", result)
}
} }
// log.Println("Result:", result)
return result, nil
} }
return "白名单后缀接口", nil
}
func detectPrivilegeEscalation(AI string, resp1, resp2 string) (string, error) { func detectPrivilegeEscalation(AI string, resp1, resp2 string) (string, error) {
var result string var result string
@ -84,11 +107,11 @@ func detectPrivilegeEscalation(AI string, resp1, resp2 string) (string, error) {
switch AI { switch AI {
case "kimi": case "kimi":
result, err = kimi(resp1, resp2) // 调用 kimi 检测是否越权 result, err = Kimi(resp1, resp2) // 调用 kimi 检测是否越权
case "deepseek": case "deepseek":
result, err = deepSeek(resp1, resp2) // 调用 deepSeek 检测是否越权 result, err = DeepSeek(resp1, resp2) // 调用 deepSeek 检测是否越权
default: default:
result, err = kimi(resp1, resp2) // 默认调用 kimi 检测是否越权 result, err = Kimi(resp1, resp2) // 默认调用 kimi 检测是否越权
} }
if err != nil { if err != nil {