mirror of
https://github.com/chainreactors/spray.git
synced 2025-05-06 18:51:22 +00:00
248 lines
6.2 KiB
Go
248 lines
6.2 KiB
Go
package pkg
|
||
|
||
import (
|
||
"encoding/json"
|
||
"github.com/chainreactors/gogo/v2/pkg/fingers"
|
||
"github.com/chainreactors/gogo/v2/pkg/utils"
|
||
"github.com/chainreactors/ipcs"
|
||
"github.com/chainreactors/words/mask"
|
||
"math/rand"
|
||
"net/url"
|
||
"os"
|
||
"path"
|
||
"regexp"
|
||
"strings"
|
||
"time"
|
||
"unsafe"
|
||
)
|
||
|
||
var (
|
||
Md5Fingers map[string]string = make(map[string]string)
|
||
Mmh3Fingers map[string]string = make(map[string]string)
|
||
Rules map[string]string = make(map[string]string)
|
||
ActivePath []string
|
||
Fingers fingers.Fingers
|
||
JSRegexps []*regexp.Regexp = []*regexp.Regexp{
|
||
regexp.MustCompile(".(https{0,1}:[^\\s,^',^’,^\",^”,^>,^<,^;,^(,^),^|,^*,^\\[]{2,250}?[^=,^*,^\\s,^',^’,^\",^”,^>,^<,^:,^;,^*,^|,^(,^),^\\[]{3}[.]js)"),
|
||
regexp.MustCompile("[\",',‘,“]\\s{0,6}(/{0,1}[^\\s,^',^’,^\",^”,^|,^>,^<,^:,^;,^*,^(,^\\),^\\[]{2,250}?[^=,^*,^\\s,^',^’,^|,^\",^”,^>,^<,^:,^;,^*,^(,^),^\\[]{3}[.]js)"),
|
||
regexp.MustCompile("=\\s{0,6}[\",',’,”]{0,1}\\s{0,6}(/{0,1}[^\\s,^',^’,^\",^”,^|,^>,^<,^;,^*,^(,^),^\\[]{2,250}?[^=,^*,^\\s,^',^’,^\",^”,^>,^|,^<,^:,^;,^*,^(,^),^\\[]{3}[.]js)"),
|
||
}
|
||
URLRegexps []*regexp.Regexp = []*regexp.Regexp{
|
||
regexp.MustCompile("[\",',‘,“]\\s{0,6}(https{0,1}:[^\\s,^',^’,^\",^”,^>,^<,^),^(]{2,250}?)\\s{0,6}[\",',‘,“]"),
|
||
regexp.MustCompile("=\\s{0,6}(https{0,1}:[^\\s,^',^’,^\",^”,^>,^<,^),^(]{2,250})"),
|
||
regexp.MustCompile("[\",',‘,“]\\s{0,6}([#,.]{0,2}/[^\\s,^',^’,^\",^”,^>,^<,^:,^),^(]{2,250}?)\\s{0,6}[\",',‘,“]"),
|
||
regexp.MustCompile("href\\s{0,6}=\\s{0,6}[\",',‘,“]{0,1}\\s{0,6}([^\\s,^',^’,^\",^“,^>,^<,^,^+),^(]{2,250})|action\\s{0,6}=\\s{0,6}[\",',‘,“]{0,1}\\s{0,6}([^\\s,^',^’,^\",^“,^>,^<,^,^+),^(]{2,250})"),
|
||
}
|
||
)
|
||
|
||
func StringsContains(s []string, e string) bool {
|
||
for _, v := range s {
|
||
if v == e {
|
||
return true
|
||
}
|
||
}
|
||
return false
|
||
}
|
||
|
||
func IntsContains(s []int, e int) bool {
|
||
for _, v := range s {
|
||
if v == e {
|
||
return true
|
||
}
|
||
}
|
||
return false
|
||
}
|
||
|
||
func HasStdin() bool {
|
||
stat, err := os.Stdin.Stat()
|
||
if err != nil {
|
||
return false
|
||
}
|
||
|
||
isPipedFromChrDev := (stat.Mode() & os.ModeCharDevice) == 0
|
||
isPipedFromFIFO := (stat.Mode() & os.ModeNamedPipe) != 0
|
||
|
||
return isPipedFromChrDev || isPipedFromFIFO
|
||
}
|
||
|
||
const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||
|
||
var src = rand.NewSource(time.Now().UnixNano())
|
||
|
||
const (
|
||
// 6 bits to represent a letter index
|
||
letterIdBits = 6
|
||
// All 1-bits as many as letterIdBits
|
||
letterIdMask = 1<<letterIdBits - 1
|
||
letterIdMax = 63 / letterIdBits
|
||
)
|
||
|
||
func RandPath() string {
|
||
n := 16
|
||
b := make([]byte, n)
|
||
b[0] = byte(0x2f)
|
||
// A rand.Int63() generates 63 random bits, enough for letterIdMax letters!
|
||
for i, cache, remain := n-1, src.Int63(), letterIdMax; i >= 1; {
|
||
if remain == 0 {
|
||
cache, remain = src.Int63(), letterIdMax
|
||
}
|
||
if idx := int(cache & letterIdMask); idx < len(letters) {
|
||
b[i] = letters[idx]
|
||
i--
|
||
}
|
||
cache >>= letterIdBits
|
||
remain--
|
||
}
|
||
return *(*string)(unsafe.Pointer(&b))
|
||
}
|
||
|
||
func RandHost() string {
|
||
n := 8
|
||
b := make([]byte, n)
|
||
// A rand.Int63() generates 63 random bits, enough for letterIdMax letters!
|
||
for i, cache, remain := n-1, src.Int63(), letterIdMax; i >= 1; {
|
||
if remain == 0 {
|
||
cache, remain = src.Int63(), letterIdMax
|
||
}
|
||
if idx := int(cache & letterIdMask); idx < len(letters) {
|
||
b[i] = letters[idx]
|
||
i--
|
||
}
|
||
cache >>= letterIdBits
|
||
remain--
|
||
}
|
||
|
||
b[5] = byte(0x2e)
|
||
return *(*string)(unsafe.Pointer(&b))
|
||
}
|
||
|
||
func LoadTemplates() error {
|
||
var err error
|
||
// load fingers
|
||
Fingers, err = fingers.LoadFingers(LoadConfig("http"))
|
||
if err != nil {
|
||
return err
|
||
}
|
||
|
||
for _, finger := range Fingers {
|
||
err := finger.Compile(ipcs.ParsePorts)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
}
|
||
|
||
for _, f := range Fingers {
|
||
for _, rule := range f.Rules {
|
||
if rule.SendDataStr != "" {
|
||
ActivePath = append(ActivePath, rule.SendDataStr)
|
||
}
|
||
if rule.Favicon != nil {
|
||
for _, mmh3 := range rule.Favicon.Mmh3 {
|
||
Mmh3Fingers[mmh3] = f.Name
|
||
}
|
||
for _, md5 := range rule.Favicon.Md5 {
|
||
Md5Fingers[md5] = f.Name
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
// load rule
|
||
var data map[string]interface{}
|
||
err = json.Unmarshal(LoadConfig("rule"), &data)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
for k, v := range data {
|
||
Rules[k] = v.(string)
|
||
}
|
||
|
||
// load mask
|
||
var keywords map[string]interface{}
|
||
err = json.Unmarshal(LoadConfig("mask"), &keywords)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
|
||
for k, v := range keywords {
|
||
t := make([]string, len(v.([]interface{})))
|
||
for i, vv := range v.([]interface{}) {
|
||
t[i] = utils.ToString(vv)
|
||
}
|
||
mask.SpecialWords[k] = t
|
||
}
|
||
return nil
|
||
}
|
||
|
||
func FingerDetect(content string) Frameworks {
|
||
var frames Frameworks
|
||
//content := string(body)
|
||
for _, finger := range Fingers {
|
||
frame, _, ok := fingers.FingerMatcher(finger, content, 0, nil)
|
||
if ok {
|
||
frames = append(frames, frame)
|
||
}
|
||
}
|
||
return frames
|
||
}
|
||
|
||
var (
|
||
BadExt = []string{".js", ".css", ".scss", ",", ".jpeg", ".jpg", ".png", ".gif", ".ico", ".svg", ".vue", ".ts"}
|
||
//BadURL = []string{".js?", ".css?", ".jpeg?", ".jpg?", ".png?", ".gif?", "github.com", "www.w3.org", "example.com", "<", ">", "{", "}", "[", "]", "|", "^", ";", "/js/", ".src", ".url", ".att", ".href", "location.href", "javascript:", "location:", ".createObject", ":location", ".path", "*#__PURE__*", "\\n"}
|
||
BadScoop = []string{"www.w3.org", "example.com"}
|
||
)
|
||
|
||
func filterJs(u string) bool {
|
||
for _, scoop := range BadScoop {
|
||
if strings.Contains(u, scoop) {
|
||
return true
|
||
}
|
||
}
|
||
return false
|
||
}
|
||
|
||
func filterUrl(u string) bool {
|
||
parsed, err := url.Parse(u)
|
||
if err != nil {
|
||
return true
|
||
} else {
|
||
ext := path.Ext(parsed.Path)
|
||
for _, e := range BadExt {
|
||
if e == ext {
|
||
return true
|
||
}
|
||
}
|
||
}
|
||
for _, scoop := range BadScoop {
|
||
if strings.Contains(u, scoop) {
|
||
return true
|
||
}
|
||
}
|
||
return false
|
||
}
|
||
|
||
func URLJoin(base, uri string) string {
|
||
baseSlash := strings.HasSuffix(base, "/")
|
||
uriSlash := strings.HasPrefix(uri, "/")
|
||
if (baseSlash && !uriSlash) || (!baseSlash && uriSlash) {
|
||
return base + uri
|
||
} else if baseSlash && uriSlash {
|
||
return base + uri[1:]
|
||
} else {
|
||
return base + "/" + uri
|
||
}
|
||
}
|
||
|
||
func BakGenerator(domain string) []string {
|
||
var possibilities []string
|
||
for first, _ := range domain {
|
||
for last, _ := range domain[first:] {
|
||
p := domain[first : first+last+1]
|
||
if !StringsContains(possibilities, p) {
|
||
possibilities = append(possibilities, p)
|
||
}
|
||
}
|
||
}
|
||
return possibilities
|
||
}
|