admin/spray
1
0
Fork 0
mirror of https://github.com/chainreactors/spray.git synced 2025-09-15 19:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

新增--file-bak参数, 开启有效结果的备份文件爆破, 可以使用-a同时开启三个

Browse Source
This commit is contained in:
M09Ic 2023-01-05 23:26:14 +08:00
parent 9750f819cd
commit 26cc384de0
6 changed files with 65 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/cmd.go
View File

@ -3,8 +3,10 @@ package cmd
import ( import (
"context" "context"
"fmt" "fmt"
"github.com/chainreactors/gogo/v2/pkg/utils"
"github.com/chainreactors/logs" "github.com/chainreactors/logs"
"github.com/chainreactors/spray/internal" "github.com/chainreactors/spray/internal"
"github.com/chainreactors/spray/pkg"
"github.com/jessevdk/go-flags" "github.com/jessevdk/go-flags"
"os" "os"
"os/signal" "os/signal"
@ -48,6 +50,16 @@ func Spray() {
internal.Format(option.Format) internal.Format(option.Format)
os.Exit(0) os.Exit(0)
} }
err = pkg.LoadTemplates()
if err != nil {
utils.Fatal(err.Error())
}
err = pkg.LoadRules()
if err != nil {
utils.Fatal(err.Error())
}
var runner *internal.Runner var runner *internal.Runner
if option.ResumeFrom != "" { if option.ResumeFrom != "" {
runner, err = option.PrepareRunner() runner, err = option.PrepareRunner()

34
internal/option.go
View File

@ -1,7 +1,6 @@
package internal package internal
import ( import (
"bytes"
"fmt" "fmt"
"github.com/antonmedv/expr" "github.com/antonmedv/expr"
"github.com/chainreactors/files" "github.com/chainreactors/files"
@ -39,7 +38,7 @@ type InputOptions struct {
Dictionaries []string `short:"d" long:"dict" description:"Files, Multi,dict files, e.g.: -d 1.txt -d 2.txt"` Dictionaries []string `short:"d" long:"dict" description:"Files, Multi,dict files, e.g.: -d 1.txt -d 2.txt"`
Word string `short:"w" long:"word" description:"String, word generate dsl, e.g.: -w test{?ld#4}"` Word string `short:"w" long:"word" description:"String, word generate dsl, e.g.: -w test{?ld#4}"`
Rules []string `short:"r" long:"rules" description:"Files, Multi, rule files, e.g.: -r rule1.txt -r rule2.txt"` Rules []string `short:"r" long:"rules" description:"Files, Multi, rule files, e.g.: -r rule1.txt -r rule2.txt"`
AppendRule string `long:"append-rule" description:"File, when found valid path , use append rule generator new word with current path"` AppendRule []string `long:"append-rule" description:"File, when found valid path , use append rule generator new word with current path"`
FilterRule string `long:"filter-rule" description:"String, filter rule, e.g.: --rule-filter '>8 <4'"` FilterRule string `long:"filter-rule" description:"String, filter rule, e.g.: --rule-filter '>8 <4'"`
} }
@ -84,6 +83,7 @@ type ModeOptions struct {
Depth int `long:"depth" default:"0" description:"Int, recursive depth"` Depth int `long:"depth" default:"0" description:"Int, recursive depth"`
Active bool `long:"active" description:"Bool, enable active finger detect"` Active bool `long:"active" description:"Bool, enable active finger detect"`
Crawl bool `long:"crawl" description:"Bool, enable crawl"` Crawl bool `long:"crawl" description:"Bool, enable crawl"`
FileBak bool `long:"file-bak" description:"Bool, enable valid result bak found, equal --append-rule rule/filebak.txt"`
CrawlDepth int `long:"crawl-depth" default:"3" description:"Int, crawl depth"` CrawlDepth int `long:"crawl-depth" default:"3" description:"Int, crawl depth"`
CheckPeriod int `long:"check-period" default:"200" description:"Int, check period when request"` CheckPeriod int `long:"check-period" default:"200" description:"Int, check period when request"`
ErrPeriod int `long:"error-period" default:"10" description:"Int, check period when error"` ErrPeriod int `long:"error-period" default:"10" description:"Int, check period when error"`
@ -135,14 +135,6 @@ func (opt *Option) PrepareRunner() (*Runner, error) {
Crawl: opt.Crawl, Crawl: opt.Crawl,
Active: opt.Active, Active: opt.Active,
} }
if opt.Advance {
r.Crawl = true
r.Active = true
}
err = pkg.LoadTemplates()
if err != nil {
return nil, err
}
if opt.Extracts != nil { if opt.Extracts != nil {
for _, e := range opt.Extracts { for _, e := range opt.Extracts {
@ -175,6 +167,7 @@ func (opt *Option) PrepareRunner() (*Runner, error) {
pkg.Distance = uint8(opt.SimhashDistance) pkg.Distance = uint8(opt.SimhashDistance)
ihttp.DefaultMaxBodySize = opt.MaxBodyLength * 1024 ihttp.DefaultMaxBodySize = opt.MaxBodyLength * 1024
// configuration
if opt.Force { if opt.Force {
// 如果开启了force模式, 将关闭check机制, err积累到一定数量自动退出机制 // 如果开启了force模式, 将关闭check机制, err积累到一定数量自动退出机制
r.BreakThreshold = max r.BreakThreshold = max
@ -182,6 +175,14 @@ func (opt *Option) PrepareRunner() (*Runner, error) {
r.ErrPeriod = max r.ErrPeriod = max
} }
if opt.Advance {
r.Crawl = true
r.Active = true
opt.AppendRule = append(opt.AppendRule, "filebak")
} else if opt.FileBak {
opt.AppendRule = append(opt.AppendRule, "filebak")
}
if opt.BlackStatus != "" { if opt.BlackStatus != "" {
for _, s := range strings.Split(opt.BlackStatus, ",") { for _, s := range strings.Split(opt.BlackStatus, ",") {
si, err := strconv.Atoi(s) si, err := strconv.Atoi(s)
@ -262,16 +263,11 @@ func (opt *Option) PrepareRunner() (*Runner, error) {
} }
if opt.Rules != nil { if opt.Rules != nil {
var rules bytes.Buffer rules, err := loadFileAndCombine(opt.Rules)
for _, rule := range opt.Rules {
content, err := ioutil.ReadFile(rule)
if err != nil { if err != nil {
return nil, err return nil, err
} }
rules.Write(content) r.Rules = rule.Compile(rules, opt.FilterRule)
rules.WriteString("\n")
}
r.Rules = rule.Compile(rules.String(), opt.FilterRule)
} else if opt.FilterRule != "" { } else if opt.FilterRule != "" {
// if filter rule is not empty, set rules to ":", force to open filter mode // if filter rule is not empty, set rules to ":", force to open filter mode
r.Rules = rule.Compile(":", opt.FilterRule) r.Rules = rule.Compile(":", opt.FilterRule)
@ -295,8 +291,8 @@ func (opt *Option) PrepareRunner() (*Runner, error) {
Total: r.Total, Total: r.Total,
} }
if opt.AppendRule != "" { if opt.AppendRule != nil {
content, err := ioutil.ReadFile(opt.AppendRule) content, err := loadFileAndCombine(opt.AppendRule)
if err != nil { if err != nil {
return nil, err return nil, err
} }

19
internal/utils.go
View File

@ -2,6 +2,7 @@ package internal
import ( import (
"bytes" "bytes"
"github.com/chainreactors/spray/pkg"
"github.com/chainreactors/words/mask" "github.com/chainreactors/words/mask"
"github.com/chainreactors/words/rule" "github.com/chainreactors/words/rule"
"io/ioutil" "io/ioutil"
@ -50,6 +51,24 @@ func loadFileToSlice(filename string) ([]string, error) {
return ss, nil return ss, nil
} }
func loadFileAndCombine(filename []string) (string, error) {
var bs bytes.Buffer
for _, f := range filename {
if data, ok := pkg.Rules[f]; ok {
bs.WriteString(strings.TrimSpace(data))
bs.WriteString("\n")
} else {
content, err := ioutil.ReadFile(f)
if err != nil {
return "", err
}
bs.Write(bytes.TrimSpace(content))
bs.WriteString("\n")
}
}
return bs.String(), nil
}
func loadFileWithCache(filename string) ([]string, error) { func loadFileWithCache(filename string) ([]string, error) {
if dict, ok := dictCache[filename]; ok { if dict, ok := dictCache[filename]; ok {
return dict, nil return dict, nil

18
pkg/utils.go
View File

@ -1,8 +1,8 @@
package pkg package pkg
import ( import (
"encoding/json"
"github.com/chainreactors/gogo/v2/pkg/fingers" "github.com/chainreactors/gogo/v2/pkg/fingers"
"github.com/chainreactors/gogo/v2/pkg/utils"
"github.com/chainreactors/ipcs" "github.com/chainreactors/ipcs"
"math/rand" "math/rand"
"net/url" "net/url"
@ -17,6 +17,7 @@ import (
var ( var (
Md5Fingers map[string]string = make(map[string]string) Md5Fingers map[string]string = make(map[string]string)
Mmh3Fingers map[string]string = make(map[string]string) Mmh3Fingers map[string]string = make(map[string]string)
Rules map[string]string = make(map[string]string)
ActivePath []string ActivePath []string
Fingers fingers.Fingers Fingers fingers.Fingers
JSRegexps []*regexp.Regexp = []*regexp.Regexp{ JSRegexps []*regexp.Regexp = []*regexp.Regexp{
@ -99,7 +100,7 @@ func LoadTemplates() error {
var err error var err error
Fingers, err = fingers.LoadFingers(LoadConfig("http")) Fingers, err = fingers.LoadFingers(LoadConfig("http"))
if err != nil { if err != nil {
utils.Fatal(err.Error()) return err
} }
for _, finger := range Fingers { for _, finger := range Fingers {
@ -128,6 +129,18 @@ func LoadTemplates() error {
return nil return nil
} }
func LoadRules() error {
var data map[string]interface{}
err := json.Unmarshal(LoadConfig("rule"), &data)
if err != nil {
return err
}
for k, v := range data {
Rules[k] = v.(string)
}
return nil
}
func FingerDetect(content string) Frameworks { func FingerDetect(content string) Frameworks {
var frames Frameworks var frames Frameworks
//content := string(body) //content := string(body)
@ -174,6 +187,7 @@ func filterUrl(u string) bool {
} }
return false return false
} }
func URLJoin(base, uri string) string { func URLJoin(base, uri string) string {
baseSlash := strings.HasSuffix(base, "/") baseSlash := strings.HasSuffix(base, "/")
uriSlash := strings.HasPrefix(uri, "/") uriSlash := strings.HasPrefix(uri, "/")

12
rule/filebak.txt
View File

@ -1,12 +0,0 @@
$~
$b $a $k
$. $b $a $k
$. $b $a $k $2
$. $o $l $d
$. $1
$. $2
$. $z $i $p
$. $t $a $r
$. $g $z
^.
^. $. $s $w $p

2
spray.go
View File

@ -1,4 +1,4 @@
//go:generate go run templates/templates_gen.go -t templates -o pkg/templates.go -need http //go:generate go run templates/templates_gen.go -t templates -o pkg/templates.go -need http,rule
package main package main
import "github.com/chainreactors/spray/cmd" import "github.com/chainreactors/spray/cmd"