From a6a11dddb0247f20706d0b4e950686617e4b92e1 Mon Sep 17 00:00:00 2001 From: wjlin0 Date: Mon, 1 Apr 2024 16:27:08 +0800 Subject: [PATCH] fix error output. add origin-request field in csv output --- README.md | 16 +++++++++------- pkg/input/input.go | 2 ++ pkg/output/js/template.html | 19 ++++++++++++++++++- pkg/output/result.go | 1 + pkg/runner/banner.go | 2 +- pkg/runner/options.go | 2 +- pkg/runner/runner.go | 27 +++++++-------------------- pkg/scanner/scanner.go | 14 ++++++++------ 8 files changed, 47 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index dbead33..60ecad3 100644 --- a/README.md +++ b/README.md @@ -27,15 +27,15 @@ go install -v github.com/wjlin0/pathScan/v2/cmd/pathScan@latest ``` 下载准备运行的[二进制文件](https://github.com/wjlin0/pathScan/releases/latest) -- [macOS-arm64](https://github.com/wjlin0/pathScan/releases/download/v2.0.5/pathScan_2.0.5_macOS_arm64.zip) +- [macOS-arm64](https://github.com/wjlin0/pathScan/releases/download/v2.0.6/pathScan_2.0.6_macOS_arm64.zip) -- [macOS-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.5/pathScan_2.0.5_macOS_amd64.zip) +- [macOS-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.6/pathScan_2.0.6_macOS_amd64.zip) -- [linux-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.5/pathScan_2.0.5_linux_amd64.zip) +- [linux-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.6/pathScan_2.0.6_linux_amd64.zip) -- [windows-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.5/pathScan_2.0.5_windows_amd64.zip) +- [windows-amd64](https://github.com/wjlin0/pathScan/releases/download/v2.0.6/pathScan_2.0.6_windows_amd64.zip) -- [windows-386](https://github.com/wjlin0/pathScan/releases/download/v2.0.5/pathScan_2.0.5_windows_386.zip) +- [windows-386](https://github.com/wjlin0/pathScan/releases/download/v2.0.6/pathScan_2.0.6_windows_386.zip) # 用法 @@ -44,7 +44,7 @@ go install -v github.com/wjlin0/pathScan/v2/cmd/pathScan@latest pathScan -h ``` ```yaml -pathScan 2.0.5 Go 扫描、信息收集工具 +pathScan 2.0.6 Go 扫描、信息收集工具 Usage: pathScan [flags] @@ -146,6 +146,7 @@ EXAMPLES: 其他文档可在以下网址获得: https://github.com/wjlin0/pathScan/ + ``` ## 提供API KEY 配置 @@ -312,7 +313,8 @@ func main() { pathScan 支持默认配置文件位于下面两个路径,它允许您在配置文件中定义任何标志并设置默认值以包括所有扫描。 - $HOME/.config/pathScan/config.yaml - $HOME/.config/pathScan/provider-config.yaml - +# 更多用法 +- https://www.wjlin0.com/archives/1711956620976 # 感谢 - [projectdiscovery.io](https://projectdiscovery.io/#/) diff --git a/pkg/input/input.go b/pkg/input/input.go index 623ab90..05136dc 100644 --- a/pkg/input/input.go +++ b/pkg/input/input.go @@ -54,6 +54,8 @@ func NewTarget(target string, methods []string, headers map[string]interface{}, scheme = HTTP case HTTPS: scheme = HTTPS + case HTTPandHTTPS: + scheme = HTTPandHTTPS default: scheme = HTTPorHTTPS } diff --git a/pkg/output/js/template.html b/pkg/output/js/template.html index 6d7f189..e154079 100644 --- a/pkg/output/js/template.html +++ b/pkg/output/js/template.html @@ -136,6 +136,9 @@ 
{{ text.response }}
 + + 
{{ text.originRequest }}
+ @@ -226,6 +229,19 @@ }); } }}, + { title: '是否为原始请求', dataIndex: 'originRequest', key: 'originRequest',scopedSlots: {filterDropdown: 'filterDropdown', filterIcon: 'filterIcon', customRender: 'customRender',} , + onFilter: (value, record) => + record.originRequest + .toString() + .toLowerCase() + .includes(value.toLowerCase()), + onFilterDropdownVisibleChange: visible => { + if (visible) { + setTimeout(() => { + this.searchInput.focus(); + }); + } + }}, { title: '指纹', dataIndex: 'technology', key: 'technology',scopedSlots: { customRender: 'technology' } }, ]; @@ -241,7 +257,8 @@ { title: '状态码', dataIndex: 'status', key: 'status' }, { title: '指纹', dataIndex: 'technology', key: 'technology',}, { title: '请求包',dataIndex: 'request',key: 'request',}, - { title: '响应包',dataIndex: 'response',key: 'response',} + { title: '响应包',dataIndex: 'response',key: 'response',}, + {title: "是否为原始请求",dataIndex: 'originRequest',key: 'originRequest'}, ]; const innerData = data; diff --git a/pkg/output/result.go b/pkg/output/result.go index cea2bec..6208d9e 100644 --- a/pkg/output/result.go +++ b/pkg/output/result.go @@ -29,6 +29,7 @@ type ResultEvent struct { Technology []string `json:"technology" csv:"technology"` ResponseBody string `json:"response" csv:"-"` RequestBody string `json:"request" csv:"-"` + OriginRequest bool `json:"originRequest" csv:"originRequest"` Links []string `json:"-" csv:"-"` Header map[string][]string `json:"-" csv:"-"` } diff --git a/pkg/runner/banner.go b/pkg/runner/banner.go index 12920e7..b6dad8e 100644 --- a/pkg/runner/banner.go +++ b/pkg/runner/banner.go @@ -15,7 +15,7 @@ const ( / .__/\_,_/ \__//_//_//___/ \__/ \_,_//_//_/ /_/ ` - Version = `2.0.5` + Version = `2.0.6` userName = "wjlin0" pathScanMatchRepoName = "pathScan-match" pathScanRepoName = "pathScan" diff --git a/pkg/runner/options.go b/pkg/runner/options.go index a57df58..de86b26 100644 --- a/pkg/runner/options.go +++ b/pkg/runner/options.go @@ -131,7 +131,7 @@ func ParserOptions() *types.Options { gologger.Fatal().Msgf("init pathScan error: %s", err.Error()) } - set.SetConfigFilePath(filepath.Join(DefaultPathScanConfig, "config.yaml")) + set.SetConfigFilePath(filepath.Join(DefaultPathScanConfig)) _ = set.Parse() diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go index 9919a64..f5953da 100644 --- a/pkg/runner/runner.go +++ b/pkg/runner/runner.go @@ -325,6 +325,12 @@ func (r *Runner) setEventWriter() (err error) { return err } outputWriter.AddWriters(htmlWriter) + default: + if file, err := fileutil.OpenOrCreateFile(r.options.Output); err != nil { + return err + } else { + outputWriter.AddWriters(file) + } } } @@ -378,19 +384,6 @@ func (r *Runner) aliveHosts(targets []*input.Target) { r.targets = targets return } - disableCheck := true - - for _, target := range targets { - if target.Scheme == input.HTTPorHTTPS { - disableCheck = false - break - } - } - - if disableCheck { - r.targets = targets - return - } gologger.Info().Msgf("Running check alive on input host") @@ -401,18 +394,12 @@ func (r *Runner) aliveHosts(targets []*input.Target) { wg := sizedwaitgroup.New(-1) for _, target := range targets { - if target.Scheme != input.HTTPorHTTPS { - r.scanner.Lock() - alives = append(alives, target) - r.scanner.Unlock() - return - } wg.Add() go func(target *input.Target) { defer wg.Done() if alive := r.scanner.Alive(target); alive != nil { r.scanner.Lock() - alives = append(alives, alive) + alives = append(alives, alive...) r.scanner.Unlock() } }(target) diff --git a/pkg/scanner/scanner.go b/pkg/scanner/scanner.go index 780ed34..459c85f 100644 --- a/pkg/scanner/scanner.go +++ b/pkg/scanner/scanner.go @@ -288,6 +288,7 @@ retry: if path == "/" && !scanner.options.DisableScanMatch { tech = append(tech, scanner.scanByOperators(request, resp, callback)...) + event.OriginRequest = true } event.Technology = sliceutil.Dedupe(tech) @@ -499,10 +500,10 @@ func (scanner *Scanner) CountOperatorsRequest() int { return count } -func (scanner *Scanner) Alive(target *input.Target) *input.Target { +func (scanner *Scanner) Alive(target *input.Target) []*input.Target { var ( - Schemes []string - aliveTarget = target.Clone() + Schemes []string + aliveTargets []*input.Target ) if target.Scheme == input.HTTPandHTTPS { Schemes = []string{"https", "http"} @@ -510,7 +511,7 @@ func (scanner *Scanner) Alive(target *input.Target) *input.Target { Schemes = []string{target.Scheme} } for _, scheme := range Schemes { - + aliveTarget := target.Clone() originProtocol := scheme if scheme == input.HTTPorHTTPS { scheme = input.HTTPS @@ -546,9 +547,10 @@ func (scanner *Scanner) Alive(target *input.Target) *input.Target { continue } aliveTarget.Scheme = scheme - return aliveTarget + aliveTargets = append(aliveTargets, aliveTarget) } - return nil + + return aliveTargets } func (scanner *Scanner) checkEventSkip(event output.ResultEvent) bool {