admin/spray
1
0
Fork 0
mirror of https://github.com/chainreactors/spray.git synced 2025-09-15 19:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

403,200,502页面将会启用append-file

Browse Source
This commit is contained in:
M09Ic 2024-02-08 17:41:54 +08:00
parent 9b74f7c9a3
commit 0bf3c0433a
2 changed files with 18 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
internal/pool.go
View File

@ -30,7 +30,6 @@ var (
MaxRecursion = 0 MaxRecursion = 0
enableAllFuzzy = false enableAllFuzzy = false
enableAllUnique = false enableAllUnique = false
nilBaseline = &Baseline{}
) )
func NewPool(ctx context.Context, config *Config) (*Pool, error) { func NewPool(ctx context.Context, config *Config) (*Pool, error) {
@ -54,12 +53,11 @@ func NewPool(ctx context.Context, config *Config) (*Pool, error) {
Timeout: time.Duration(config.Timeout) * time.Second, Timeout: time.Duration(config.Timeout) * time.Second,
ProxyAddr: config.ProxyAddr, ProxyAddr: config.ProxyAddr,
}), }),
urls: make(map[string]struct{}),
scopeurls: make(map[string]struct{}), scopeurls: make(map[string]struct{}),
uniques: make(map[uint16]struct{}), uniques: make(map[uint16]struct{}),
tempCh: make(chan *Baseline, 100), handlerCh: make(chan *Baseline, config.Thread),
checkCh: make(chan int, 100), checkCh: make(chan int, config.Thread),
additionCh: make(chan *Unit, 100), additionCh: make(chan *Unit, config.Thread),
closeCh: make(chan struct{}), closeCh: make(chan struct{}),
waiter: sync.WaitGroup{}, waiter: sync.WaitGroup{},
initwg: sync.WaitGroup{}, initwg: sync.WaitGroup{},
@ -98,7 +96,7 @@ type Pool struct {
bar *pkg.Bar bar *pkg.Bar
ctx context.Context ctx context.Context
cancel context.CancelFunc cancel context.CancelFunc
tempCh chan *Baseline // 待处理的baseline handlerCh chan *Baseline // 待处理的baseline
checkCh chan int // 独立的check管道 防止与redirect/crawl冲突 checkCh chan int // 独立的check管道 防止与redirect/crawl冲突
additionCh chan *Unit // 插件添加的任务, 待处理管道 additionCh chan *Unit // 插件添加的任务, 待处理管道
closeCh chan struct{} closeCh chan struct{}
@ -106,7 +104,7 @@ type Pool struct {
wordOffset int wordOffset int
failedCount int32 failedCount int32
isFailed bool isFailed bool
urls map[string]struct{} urls sync.Map
scopeurls map[string]struct{} scopeurls map[string]struct{}
uniques map[uint16]struct{} uniques map[uint16]struct{}
analyzeDone bool analyzeDone bool
@ -260,11 +258,11 @@ Loop:
if !ok || pool.closed { if !ok || pool.closed {
continue continue
} }
if _, ok := pool.urls[unit.path]; ok { if _, ok := pool.urls.Load(unit.path); ok {
logs.Log.Debugf("[%s] duplicate path: %s, skipped", parsers.GetSpraySourceName(unit.source), pool.base+unit.path) logs.Log.Debugf("[%s] duplicate path: %s, skipped", parsers.GetSpraySourceName(unit.source), pool.base+unit.path)
pool.waiter.Done() pool.waiter.Done()
} else { } else {
pool.urls[unit.path] = struct{}{} pool.urls.Store(unit.path, nil)
unit.number = pool.wordOffset unit.number = pool.wordOffset
pool.reqPool.Invoke(unit) pool.reqPool.Invoke(unit)
} }
@ -394,7 +392,7 @@ func (pool *Pool) Invoke(v interface{}) {
case WordSource: case WordSource:
// 异步进行性能消耗较大的深度对比 // 异步进行性能消耗较大的深度对比
pool.tempCh <- bl pool.handlerCh <- bl
if int(pool.Statistor.ReqTotal)%pool.CheckPeriod == 0 { if int(pool.Statistor.ReqTotal)%pool.CheckPeriod == 0 {
pool.doCheck() pool.doCheck()
} else if pool.failedCount%pool.ErrPeriod == 0 { } else if pool.failedCount%pool.ErrPeriod == 0 {
@ -404,9 +402,9 @@ func (pool *Pool) Invoke(v interface{}) {
pool.bar.Done() pool.bar.Done()
case RedirectSource: case RedirectSource:
bl.FrontURL = unit.frontUrl bl.FrontURL = unit.frontUrl
pool.tempCh <- bl pool.handlerCh <- bl
default: default:
pool.tempCh <- bl pool.handlerCh <- bl
} }
} }
@ -442,7 +440,7 @@ func (pool *Pool) NoScopeInvoke(v interface{}) {
} }
func (pool *Pool) Handler() { func (pool *Pool) Handler() {
for bl := range pool.tempCh { for bl := range pool.handlerCh {
if bl.IsValid { if bl.IsValid {
pool.addFuzzyBaseline(bl) pool.addFuzzyBaseline(bl)
} }
@ -508,12 +506,13 @@ func (pool *Pool) Handler() {
} }
if bl.IsValid || bl.IsFuzzy { if bl.IsValid || bl.IsFuzzy {
pool.waiter.Add(3) pool.waiter.Add(2)
pool.doCrawl(bl) pool.doCrawl(bl)
pool.doRule(bl) pool.doRule(bl)
if _, ok := pool.urls[Dir(bl.Url.Path)]; !ok {
pool.doAppendWords(bl)
} }
if iutils.IntsContains(WhiteStatus, bl.Status) || iutils.IntsContains([]int{403, 500, 502}, bl.Status) {
pool.waiter.Add(1)
pool.doAppendWords(bl)
} }
// 如果要进行递归判断, 要满足 bl有效, mod为path-spray, 当前深度小于最大递归深度 // 如果要进行递归判断, 要满足 bl有效, mod为path-spray, 当前深度小于最大递归深度
if bl.IsValid { if bl.IsValid {
@ -570,7 +569,6 @@ func (pool *Pool) BaseCompare(bl *Baseline) bool {
pool.putToFuzzy(bl) pool.putToFuzzy(bl)
return false return false
} }
// 使用与baseline相同状态码, 需要在fuzzystatus中提前配置 // 使用与baseline相同状态码, 需要在fuzzystatus中提前配置
base, ok := pool.baselines[bl.Status] // 挑选对应状态码的baseline进行compare base, ok := pool.baselines[bl.Status] // 挑选对应状态码的baseline进行compare
if !ok { if !ok {
@ -693,7 +691,7 @@ func (pool *Pool) doScopeCrawl(bl *Baseline) {
} }
pool.scopeLocker.Lock() pool.scopeLocker.Lock()
if _, ok := pool.scopeurls[u]; !ok { if _, ok := pool.scopeurls[u]; !ok {
pool.urls[u] = struct{}{} pool.urls.Store(u, nil)
pool.waiter.Add(1) pool.waiter.Add(1)
pool.scopePool.Invoke(&Unit{path: u, source: CrawlSource, depth: bl.ReqDepth + 1}) pool.scopePool.Invoke(&Unit{path: u, source: CrawlSource, depth: bl.ReqDepth + 1})
} }

2
internal/runner.go
View File

@ -21,7 +21,7 @@ var (
BlackStatus = []int{400, 410} BlackStatus = []int{400, 410}
FuzzyStatus = []int{403, 404, 500, 501, 502, 503} FuzzyStatus = []int{403, 404, 500, 501, 502, 503}
WAFStatus = []int{493, 418, 1020, 406} WAFStatus = []int{493, 418, 1020, 406}
UniqueStatus = []int{403} UniqueStatus = []int{403, 200} // 相同unique的403表示命中了同一条acl, 相同unique的200表示default页面
) )
var ( var (