admin/fscan
1
0
Fork 0
mirror of https://github.com/shadow1ng/fscan.git synced 2025-06-21 02:10:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
fscan/WebScan/WebScan.go

120 lines
2.8 KiB
Go
Raw Blame History

package WebScan
import (
"embed"
"fmt"
"github.com/shadow1ng/fscan/Common"
"github.com/shadow1ng/fscan/WebScan/lib"
"net/http"
"os"
"path/filepath"
"strings"
"sync"
)
//go:embed pocs
var Pocs embed.FS
var once sync.Once
var AllPocs []*lib.Poc
// WebScan 执行Web漏洞扫描
func WebScan(info *Common.HostInfo) {
// 确保POC只初始化一次
once.Do(initpoc)
// 构建扫描信息
var pocinfo = Common.Pocinfo
urlParts := strings.Split(info.Url, "/")
pocinfo.Target = strings.Join(urlParts[:3], "/")
// 执行扫描
if pocinfo.PocName != "" {
// 指定POC扫描
Execute(pocinfo)
} else {
// 根据指纹信息选择POC扫描
for _, infostr := range info.Infostr {
pocinfo.PocName = lib.CheckInfoPoc(infostr)
Execute(pocinfo)
}
}
}
// Execute 执行具体的POC检测
func Execute(PocInfo Common.PocInfo) {
// 创建基础HTTP请求
req, err := http.NewRequest("GET", PocInfo.Target, nil)
if err != nil {
Common.LogError(fmt.Sprintf("初始化请求失败 %v: %v", PocInfo.Target, err))
return
}
// 设置请求头
req.Header.Set("User-agent", Common.UserAgent)
req.Header.Set("Accept", Common.Accept)
req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9")
if Common.Cookie != "" {
req.Header.Set("Cookie", Common.Cookie)
}
// 根据名称筛选POC并执行
pocs := filterPoc(PocInfo.PocName)
lib.CheckMultiPoc(req, pocs, Common.PocNum)
}
// initpoc 初始化POC加载
func initpoc() {
if Common.PocPath == "" {
// 从嵌入的POC目录加载
entries, err := Pocs.ReadDir("pocs")
if err != nil {
Common.LogError(fmt.Sprintf("加载内置POC失败: %v", err))
return
}
// 加载YAML格式的POC文件
for _, entry := range entries {
filename := entry.Name()
if strings.HasSuffix(filename, ".yaml") || strings.HasSuffix(filename, ".yml") {
if poc, err := lib.LoadPoc(filename, Pocs); err == nil && poc != nil {
AllPocs = append(AllPocs, poc)
}
}
}
} else {
// 从指定目录加载POC
Common.LogSuccess(fmt.Sprintf("从目录加载POC: %s", Common.PocPath))
err := filepath.Walk(Common.PocPath, func(path string, info os.FileInfo, err error) error {
if err != nil || info == nil {
return err
}
if !info.IsDir() && (strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml")) {
if poc, err := lib.LoadPocbyPath(path); err == nil && poc != nil {
AllPocs = append(AllPocs, poc)
}
}
return nil
})
if err != nil {
Common.LogError(fmt.Sprintf("加载外部POC失败: %v", err))
}
}
}
// filterPoc 根据POC名称筛选
func filterPoc(pocname string) []*lib.Poc {
if pocname == "" {
return AllPocs
}
var matchedPocs []*lib.Poc
for _, poc := range AllPocs {
if strings.Contains(poc.Name, pocname) {
matchedPocs = append(matchedPocs, poc)
}
}
return matchedPocs
}
Reference in New Issue View Git Blame Copy Permalink