2020-12-29 17:17:10 +08:00
|
|
|
package Plugins
|
|
|
|
|
|
|
|
|
|
import (
|
2021-04-22 23:41:56 +08:00
|
|
|
"bytes"
|
2021-05-12 10:57:12 +08:00
|
|
|
"compress/gzip"
|
2021-09-10 22:43:50 +08:00
|
|
|
"crypto/tls"
|
2020-12-29 17:17:10 +08:00
|
|
|
"fmt"
|
2021-05-18 16:23:50 +08:00
|
|
|
"github.com/saintfish/chardet"
|
2020-12-29 17:17:10 +08:00
|
|
|
"github.com/shadow1ng/fscan/WebScan"
|
2021-02-21 14:54:40 +08:00
|
|
|
"github.com/shadow1ng/fscan/WebScan/lib"
|
2020-12-29 17:17:10 +08:00
|
|
|
"github.com/shadow1ng/fscan/common"
|
2021-04-22 23:41:56 +08:00
|
|
|
"golang.org/x/text/encoding/simplifiedchinese"
|
|
|
|
|
"golang.org/x/text/transform"
|
2021-05-12 10:57:12 +08:00
|
|
|
"io"
|
2020-12-29 17:17:10 +08:00
|
|
|
"io/ioutil"
|
2021-09-10 22:43:50 +08:00
|
|
|
"net"
|
2020-12-29 17:17:10 +08:00
|
|
|
"net/http"
|
2021-04-22 23:41:56 +08:00
|
|
|
"net/url"
|
2020-12-29 17:17:10 +08:00
|
|
|
"regexp"
|
|
|
|
|
"strings"
|
2021-09-10 22:43:50 +08:00
|
|
|
"time"
|
2020-12-29 17:17:10 +08:00
|
|
|
)
|
|
|
|
|
|
2021-04-22 23:41:56 +08:00
|
|
|
var (
|
|
|
|
|
Charsets = []string{"utf-8", "gbk", "gb2312"}
|
|
|
|
|
)
|
|
|
|
|
|
2021-02-08 15:11:43 +08:00
|
|
|
func WebTitle(info *common.HostInfo) error {
|
2021-03-30 18:12:54 +08:00
|
|
|
err := GOWebTitle(info)
|
|
|
|
|
if err != nil {
|
|
|
|
|
errlog := fmt.Sprintf("[-] webtitle %v %v", info.Url, err)
|
|
|
|
|
common.LogError(errlog)
|
|
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 23:41:56 +08:00
|
|
|
//flag 1 first try
|
|
|
|
|
//flag 2 /favicon.ico
|
|
|
|
|
//flag 3 302
|
|
|
|
|
//flag 4 400 -> https
|
|
|
|
|
|
2021-03-30 18:12:54 +08:00
|
|
|
func GOWebTitle(info *common.HostInfo) error {
|
2021-02-21 14:54:40 +08:00
|
|
|
var CheckData []WebScan.CheckDatas
|
2021-03-04 14:42:10 +08:00
|
|
|
if info.Url == "" {
|
|
|
|
|
if info.Ports == "80" {
|
|
|
|
|
info.Url = fmt.Sprintf("http://%s", info.Host)
|
|
|
|
|
} else if info.Ports == "443" {
|
|
|
|
|
info.Url = fmt.Sprintf("https://%s", info.Host)
|
|
|
|
|
} else {
|
2021-09-10 22:43:50 +08:00
|
|
|
host := fmt.Sprintf("%s:%s", info.Host, info.Ports)
|
|
|
|
|
protocol := GetProtocol(host, info.Timeout)
|
|
|
|
|
info.Url = fmt.Sprintf("%s://%s:%s", protocol, info.Host, info.Ports)
|
2021-03-04 14:42:10 +08:00
|
|
|
}
|
2020-12-29 17:17:10 +08:00
|
|
|
} else {
|
2021-03-04 14:42:10 +08:00
|
|
|
if !strings.Contains(info.Url, "://") {
|
2021-09-10 22:43:50 +08:00
|
|
|
protocol := GetProtocol(info.Url, info.Timeout)
|
|
|
|
|
info.Url = fmt.Sprintf("%s://%s", protocol, info.Url)
|
2021-03-04 14:42:10 +08:00
|
|
|
}
|
2020-12-29 17:17:10 +08:00
|
|
|
}
|
2021-09-10 22:43:50 +08:00
|
|
|
|
2021-04-22 23:41:56 +08:00
|
|
|
err, result, CheckData := geturl(info, 1, CheckData)
|
2021-05-14 16:02:22 +08:00
|
|
|
if err != nil && !strings.Contains(err.Error(), "EOF") {
|
2021-02-08 15:11:43 +08:00
|
|
|
return err
|
2020-12-29 17:17:10 +08:00
|
|
|
}
|
2021-09-10 20:32:51 +08:00
|
|
|
|
2021-04-22 23:41:56 +08:00
|
|
|
if strings.Contains(result, "://") {
|
|
|
|
|
//有跳转
|
|
|
|
|
redirecturl, err := url.Parse(result)
|
|
|
|
|
if err == nil {
|
|
|
|
|
info.Url = redirecturl.String()
|
|
|
|
|
err, result, CheckData = geturl(info, 3, CheckData)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-03-04 14:42:10 +08:00
|
|
|
|
2021-09-10 22:43:50 +08:00
|
|
|
if result == "https" && !strings.HasPrefix(info.Url, "https://") {
|
2021-05-14 16:02:22 +08:00
|
|
|
info.Url = strings.Replace(info.Url, "http://", "https://", 1)
|
2021-04-22 23:41:56 +08:00
|
|
|
err, result, CheckData = geturl(info, 1, CheckData)
|
|
|
|
|
if strings.Contains(result, "://") {
|
|
|
|
|
//有跳转
|
|
|
|
|
redirecturl, err := url.Parse(result)
|
|
|
|
|
if err == nil {
|
|
|
|
|
info.Url = redirecturl.String()
|
|
|
|
|
err, result, CheckData = geturl(info, 3, CheckData)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2020-12-29 17:17:10 +08:00
|
|
|
}
|
2021-09-10 22:43:50 +08:00
|
|
|
} else if err != nil {
|
|
|
|
|
return err
|
2021-02-08 15:11:43 +08:00
|
|
|
}
|
|
|
|
|
|
2021-04-22 23:41:56 +08:00
|
|
|
err, _, CheckData = geturl(info, 2, CheckData)
|
2021-02-08 15:11:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-17 20:32:53 +08:00
|
|
|
info.Infostr = WebScan.InfoCheck(info.Url, CheckData)
|
2021-02-08 15:11:43 +08:00
|
|
|
|
|
|
|
|
if common.IsWebCan == false {
|
2020-12-29 17:17:10 +08:00
|
|
|
WebScan.WebScan(info)
|
|
|
|
|
}
|
2021-02-08 15:11:43 +08:00
|
|
|
return err
|
2020-12-29 17:17:10 +08:00
|
|
|
}
|
|
|
|
|
|
2021-04-22 23:41:56 +08:00
|
|
|
func geturl(info *common.HostInfo, flag int, CheckData []WebScan.CheckDatas) (error, string, []WebScan.CheckDatas) {
|
2021-02-08 15:11:43 +08:00
|
|
|
Url := info.Url
|
2021-04-22 23:41:56 +08:00
|
|
|
if flag == 2 {
|
|
|
|
|
URL, err := url.Parse(Url)
|
|
|
|
|
if err == nil {
|
|
|
|
|
Url = fmt.Sprintf("%s://%s/favicon.ico", URL.Scheme, URL.Host)
|
|
|
|
|
} else {
|
|
|
|
|
Url += "/favicon.ico"
|
|
|
|
|
}
|
2021-02-08 15:11:43 +08:00
|
|
|
}
|
2021-04-22 23:41:56 +08:00
|
|
|
|
2021-11-16 11:53:46 +08:00
|
|
|
req, err := http.NewRequest("GET", Url, nil)
|
2020-12-29 17:17:10 +08:00
|
|
|
if err == nil {
|
2021-11-16 11:53:46 +08:00
|
|
|
req.Header.Set("User-agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36")
|
|
|
|
|
req.Header.Set("Accept", "*/*")
|
|
|
|
|
req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9")
|
2021-03-04 14:42:10 +08:00
|
|
|
if common.Pocinfo.Cookie != "" {
|
2021-11-16 11:53:46 +08:00
|
|
|
req.Header.Set("Cookie", "rememberMe=1;"+common.Pocinfo.Cookie)
|
2021-04-22 23:41:56 +08:00
|
|
|
} else {
|
2021-11-16 11:53:46 +08:00
|
|
|
req.Header.Set("Cookie", "rememberMe=1")
|
2021-02-08 15:11:43 +08:00
|
|
|
}
|
2021-11-16 11:53:46 +08:00
|
|
|
req.Header.Set("Connection", "close")
|
2021-04-22 23:41:56 +08:00
|
|
|
|
|
|
|
|
var client *http.Client
|
|
|
|
|
if flag == 1 {
|
|
|
|
|
client = lib.ClientNoRedirect
|
|
|
|
|
} else {
|
|
|
|
|
client = lib.Client
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-16 11:53:46 +08:00
|
|
|
resp, err := client.Do(req)
|
2020-12-29 17:17:10 +08:00
|
|
|
if err == nil {
|
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
var title string
|
2021-05-14 16:02:22 +08:00
|
|
|
var text []byte
|
2021-05-12 10:57:12 +08:00
|
|
|
body, err := getRespBody(resp)
|
|
|
|
|
if err != nil {
|
2021-09-10 21:07:50 +08:00
|
|
|
return err, "https", CheckData
|
2021-05-12 10:57:12 +08:00
|
|
|
}
|
2021-04-22 23:41:56 +08:00
|
|
|
if flag != 2 {
|
2021-05-20 09:34:27 +08:00
|
|
|
re := regexp.MustCompile("(?ims)<title>(.*)</title>")
|
2021-04-22 23:41:56 +08:00
|
|
|
find := re.FindSubmatch(body)
|
|
|
|
|
if len(find) > 1 {
|
2021-05-14 16:02:22 +08:00
|
|
|
text = find[1]
|
2021-04-22 23:41:56 +08:00
|
|
|
GetEncoding := func() string { // 判断Content-Type
|
|
|
|
|
r1, err := regexp.Compile(`(?im)charset=\s*?([\w-]+)`)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
headerCharset := r1.FindString(resp.Header.Get("Content-Type"))
|
|
|
|
|
if headerCharset != "" {
|
|
|
|
|
for _, v := range Charsets { // headers 编码优先,所以放在前面
|
|
|
|
|
if strings.Contains(strings.ToLower(headerCharset), v) == true {
|
|
|
|
|
return v
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r2, err := regexp.Compile(`(?im)<meta.*?charset=['"]?([\w-]+)["']?.*?>`)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
htmlCharset := r2.FindString(string(body))
|
|
|
|
|
if htmlCharset != "" {
|
|
|
|
|
for _, v := range Charsets {
|
|
|
|
|
if strings.Contains(strings.ToLower(htmlCharset), v) == true {
|
|
|
|
|
return v
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ""
|
|
|
|
|
}
|
2021-05-18 16:23:50 +08:00
|
|
|
encode := GetEncoding()
|
2021-09-10 20:32:51 +08:00
|
|
|
//_, encode1, _ := charset.DetermineEncoding(body, "")
|
2021-05-18 16:23:50 +08:00
|
|
|
var encode2 string
|
|
|
|
|
detector := chardet.NewTextDetector()
|
|
|
|
|
detectorstr, _ := detector.DetectBest(body)
|
|
|
|
|
if detectorstr != nil {
|
|
|
|
|
encode2 = detectorstr.Charset
|
|
|
|
|
}
|
2021-09-10 21:07:50 +08:00
|
|
|
if encode == "gbk" || encode == "gb2312" || strings.Contains(strings.ToLower(encode2), "gb") {
|
2021-04-22 23:41:56 +08:00
|
|
|
titleGBK, err := Decodegbk(text)
|
|
|
|
|
if err == nil {
|
|
|
|
|
title = string(titleGBK)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
title = string(text)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
title = "None"
|
|
|
|
|
}
|
|
|
|
|
title = strings.Trim(title, "\r\n \t")
|
|
|
|
|
title = strings.Replace(title, "\n", "", -1)
|
|
|
|
|
title = strings.Replace(title, "\r", "", -1)
|
|
|
|
|
title = strings.Replace(title, " ", " ", -1)
|
2020-12-29 17:17:10 +08:00
|
|
|
if len(title) > 100 {
|
|
|
|
|
title = title[:100]
|
|
|
|
|
}
|
2021-05-14 16:02:22 +08:00
|
|
|
if title == "" {
|
|
|
|
|
title = "None"
|
|
|
|
|
}
|
|
|
|
|
length := resp.Header.Get("Content-Length")
|
|
|
|
|
if length == "" {
|
2021-09-10 20:32:51 +08:00
|
|
|
length = fmt.Sprintf("%v", len(body))
|
2021-05-14 16:02:22 +08:00
|
|
|
}
|
2021-09-10 20:32:51 +08:00
|
|
|
result := fmt.Sprintf("[*] WebTitle:%-25v code:%-3v len:%-6v title:%v", resp.Request.URL, resp.StatusCode, length, title)
|
2021-02-08 15:11:43 +08:00
|
|
|
common.LogSuccess(result)
|
|
|
|
|
}
|
|
|
|
|
CheckData = append(CheckData, WebScan.CheckDatas{body, fmt.Sprintf("%s", resp.Header)})
|
2021-04-22 23:41:56 +08:00
|
|
|
redirURL, err1 := resp.Location()
|
|
|
|
|
if err1 == nil {
|
|
|
|
|
return nil, redirURL.String(), CheckData
|
|
|
|
|
}
|
2021-09-10 22:43:50 +08:00
|
|
|
if resp.StatusCode == 400 && !strings.HasPrefix(info.Url, "https") {
|
2021-02-21 14:54:40 +08:00
|
|
|
return err, "https", CheckData
|
2020-12-29 17:17:10 +08:00
|
|
|
}
|
2021-02-21 14:54:40 +08:00
|
|
|
return err, "", CheckData
|
2020-12-29 17:17:10 +08:00
|
|
|
}
|
2021-05-14 16:02:22 +08:00
|
|
|
return err, "https", CheckData
|
2020-12-29 17:17:10 +08:00
|
|
|
}
|
2021-02-21 14:54:40 +08:00
|
|
|
return err, "", CheckData
|
2020-12-29 17:17:10 +08:00
|
|
|
}
|
2021-04-22 23:41:56 +08:00
|
|
|
|
|
|
|
|
func Decodegbk(s []byte) ([]byte, error) { // GBK解码
|
|
|
|
|
I := bytes.NewReader(s)
|
|
|
|
|
O := transform.NewReader(I, simplifiedchinese.GBK.NewDecoder())
|
|
|
|
|
d, e := ioutil.ReadAll(O)
|
|
|
|
|
if e != nil {
|
|
|
|
|
return nil, e
|
|
|
|
|
}
|
|
|
|
|
return d, nil
|
|
|
|
|
}
|
2021-05-12 10:57:12 +08:00
|
|
|
|
|
|
|
|
func getRespBody(oResp *http.Response) ([]byte, error) {
|
|
|
|
|
var body []byte
|
|
|
|
|
if oResp.Header.Get("Content-Encoding") == "gzip" {
|
|
|
|
|
gr, err := gzip.NewReader(oResp.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
defer gr.Close()
|
|
|
|
|
for {
|
|
|
|
|
buf := make([]byte, 1024)
|
|
|
|
|
n, err := gr.Read(buf)
|
|
|
|
|
if err != nil && err != io.EOF {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if n == 0 {
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
body = append(body, buf...)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
raw, err := ioutil.ReadAll(oResp.Body)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
body = raw
|
|
|
|
|
}
|
|
|
|
|
return body, nil
|
|
|
|
|
}
|
2021-09-10 22:43:50 +08:00
|
|
|
|
|
|
|
|
func GetProtocol(host string, Timeout int64) string {
|
|
|
|
|
conn, err := tls.DialWithDialer(&net.Dialer{Timeout: time.Duration(Timeout) * time.Second}, "tcp", host, &tls.Config{InsecureSkipVerify: true})
|
|
|
|
|
defer func() {
|
|
|
|
|
if conn != nil {
|
|
|
|
|
conn.Close()
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
protocol := "http"
|
|
|
|
|
if err == nil || strings.Contains(err.Error(), "handshake failure") {
|
|
|
|
|
protocol = "https"
|
|
|
|
|
}
|
|
|
|
|
return protocol
|
|
|
|
|
}
|
