dddd

SleepingBag945 · Aug 18, 2023 · 01e7d0b · 01e7d0b
1 parent 8543723
commit 01e7d0b
Show file tree

Hide file tree

Showing 7,349 changed files with 531,585 additions and 0 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/README.md b/README.md
diff --git a/assets/.DS_Store b/assets/.DS_Store
diff --git a/assets/image-20230817175041903.png b/assets/image-20230817175041903.png
diff --git a/assets/image-20230817175243236.png b/assets/image-20230817175243236.png
diff --git a/assets/image-20230817175453532.png b/assets/image-20230817175453532.png
diff --git a/assets/image-20230817175546241.png b/assets/image-20230817175546241.png
diff --git a/assets/image-20230817180003936.png b/assets/image-20230817180003936.png
diff --git a/assets/image-20230817180845323.png b/assets/image-20230817180845323.png
diff --git a/assets/image-20230817182401928.png b/assets/image-20230817182401928.png
diff --git a/assets/image-20230817183151312.png b/assets/image-20230817183151312.png
diff --git a/assets/image-20230818083645278.png b/assets/image-20230818083645278.png
diff --git a/assets/image-20230818084411834.png b/assets/image-20230818084411834.png
diff --git a/common/callnuclei/callnuclei.go b/common/callnuclei/callnuclei.go
diff --git a/common/flag.go b/common/flag.go
@@ -0,0 +1,277 @@
+package common
+
+import (
+	"dddd/lib/ddfinger"
+	"dddd/structs"
+	"dddd/utils"
+	"flag"
+	"fmt"
+	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/hmap/store/hybrid"
+	"gopkg.in/yaml.v3"
+	"os"
+	"path"
+	"runtime"
+	"runtime/debug"
+	"strings"
+	"time"
+)
+
+func init() {
+	go func() {
+		for {
+			GC()
+			time.Sleep(10 * time.Second)
+		}
+	}()
+}
+
+func GC() {
+	runtime.GC()
+	debug.FreeOSMemory()
+}
+
+func showBanner() {
+	banner := `
+     _       _       _       _   
+  __| |   __| |   __| |   __| |  
+ / _` + "`" + ` |  / _ ` + "`" + `|  / _` + "`" + ` |  / _` + "`" + ` |  
+ \__,_|  \__,_|  \__,_|  \__,_|  
+_|"""""|_|"""""|_|"""""|_|"""""| 
+"` + "`" + `-0-0-'"` + "`" + `-0-0-'"` + "`" + `-0-0-` + "`" + `"` + "`" + `-0-0-'
+dddd.version: 1.0
+`
+	fmt.Println(banner)
+}
+
+var TargetString string
+var PortString string
+
+func ReadDirDB() {
+	data, err := os.ReadFile("config/dir.yaml")
+	fps := make(map[string]interface{})
+	err = yaml.Unmarshal(data, &fps)
+	if err != nil {
+		return
+	}
+
+	structs.DirDB = make(map[string][]string)
+	for productName, pathsInterfaces := range fps {
+		for _, pathsInterface := range pathsInterfaces.([]interface{}) {
+			path := pathsInterface.(string)
+			_, ok := structs.DirDB[path]
+			if ok {
+				structs.DirDB[path] = append(structs.DirDB[path], productName)
+				structs.DirDB[path] = utils.RemoveDuplicateElement(structs.DirDB[path])
+			} else {
+				structs.DirDB[path] = []string{productName}
+			}
+		}
+	}
+
+}
+
+func ReadWorkFlowYaml(dir string) map[string]interface{} {
+	data, err := os.ReadFile(dir)
+	fps := make(map[string]interface{})
+	err = yaml.Unmarshal(data, &fps)
+	if err != nil {
+		gologger.Fatal().Msg(err.Error())
+	}
+	return fps
+}
+
+func ReadWorkFlowDB() {
+	workflowYaml := ReadWorkFlowYaml("config/workflow.yaml")
+	structs.WorkFlowDB = make(map[string]structs.WorkFlowEntity)
+	for productName, rulesInterface := range workflowYaml {
+		var workflowEntity structs.WorkFlowEntity
+		ruleInterface := rulesInterface.(map[string]interface{})
+		types := ruleInterface["type"]
+		pocs := ruleInterface["pocs"]
+		for _, v := range types.([]interface{}) {
+			vString := v.(string)
+			if strings.ToLower(vString) == "root" {
+				workflowEntity.RootType = true
+			} else if strings.ToLower(vString) == "dir" {
+				workflowEntity.DirType = true
+			} else if strings.ToLower(vString) == "base" {
+				workflowEntity.BaseType = true
+			}
+		}
+		for _, v := range pocs.([]interface{}) {
+			vString := v.(string)
+			workflowEntity.PocsName = append(workflowEntity.PocsName, vString)
+		}
+		workflowEntity.PocsName = utils.RemoveDuplicateElement(workflowEntity.PocsName)
+		structs.WorkFlowDB[productName] = workflowEntity
+	}
+}
+
+func prepare() {
+	var tmpTargets []string
+
+	// 参数冲突校验
+	if structs.GlobalConfig.Hunter && structs.GlobalConfig.Fofa {
+		gologger.Fatal().Msgf("fofa参数与hunter参数冲突,只能选其中一个。")
+	}
+
+	if structs.GlobalConfig.ReportName != "" {
+		suffix := path.Ext(structs.GlobalConfig.ReportName)
+		if suffix != ".html" && suffix != ".htm" {
+			gologger.Fatal().Msgf("输出参数(-o)必须为html拓展名或htm拓展名")
+		}
+	}
+
+	// 兼容文件输入
+	if utils.IsFileNameValid(TargetString) {
+		fileBytes, err := os.ReadFile(TargetString)
+		if err == nil && len(fileBytes) > 0 {
+			// 兼容Windows输入
+			content := strings.ReplaceAll(string(fileBytes), "\r\n", "\n")
+			tmpTargets = strings.Split(content, "\n")
+		}
+	} else {
+		tgs := strings.Split(TargetString, ",")
+		for _, each := range tgs {
+			if each != "" {
+				tmpTargets = append(tmpTargets, each)
+			}
+		}
+	}
+	tmpTargets = utils.RemoveDuplicateElement(tmpTargets)
+
+	// 过滤不支持输入
+
+	for _, tg := range tmpTargets {
+		if tg == "" {
+			continue
+		}
+		if structs.GlobalConfig.Hunter || structs.GlobalConfig.Fofa {
+			// 从网络空间搜索引擎中获取目标
+			if !strings.Contains(tg, "=") {
+				gologger.Error().Msgf("不支持的格式: %s", tg)
+				continue
+			}
+		} else if !structs.GlobalConfig.Fofa && !structs.GlobalConfig.Hunter {
+			// 从本地文件获取目标
+			if utils.GetInputType(tg) == structs.TypeUnSupport {
+				gologger.Error().Msgf("不支持的格式: %s", tg)
+				continue
+			}
+		}
+
+		structs.GlobalConfig.Targets = append(structs.GlobalConfig.Targets, tg)
+	}
+
+	if len(structs.GlobalConfig.Targets) == 0 {
+		gologger.Fatal().Msgf("无目标输入")
+	}
+
+	if PortString == "" {
+		// 默认端口Top1000
+		structs.GlobalConfig.Ports = PortTOP1000
+	} else {
+		structs.GlobalConfig.Ports = PortString
+	}
+
+	hm, err := hybrid.New(hybrid.DefaultDiskOptions)
+	if err != nil {
+		gologger.Fatal().Msg("Web响应体缓存数据库初始化失败。")
+	}
+	structs.GlobalHttpBodyHMap = hm
+
+	hm, err = hybrid.New(hybrid.DefaultDiskOptions)
+	if err != nil {
+		gologger.Fatal().Msg("Web响应头缓存数据库初始化失败。")
+	}
+	structs.GlobalHttpHeaderHMap = hm
+
+	hm, err = hybrid.New(hybrid.DefaultDiskOptions)
+	if err != nil {
+		gologger.Fatal().Msg("Banner缓存数据库初始化失败。")
+	}
+	structs.GlobalBannerHMap = hm
+	structs.GlobalIPPortMap = make(map[string]string)
+	structs.GlobalIPDomainMap = make(map[string][]string)
+	structs.GlobalURLMap = make(map[string]structs.URLEntity)
+	structs.GlobalResultMap = make(map[string][]string)
+
+	structs.FingerprintDB = ddfinger.ParseFingerYaml()
+	if len(structs.FingerprintDB) == 0 {
+		gologger.Fatal().Msg("请检查指纹数据库是否正常。")
+	}
+	gologger.Info().Msgf("YAML指纹数据: %d 条\n", len(structs.FingerprintDB))
+
+	ReadWorkFlowDB()
+	if len(structs.WorkFlowDB) == 0 {
+		gologger.Fatal().Msg("请检查工作流数据库是否正常。")
+	}
+	gologger.Info().Msgf("漏洞检测支持指纹: %d 条", len(structs.WorkFlowDB))
+
+	ReadDirDB()
+	if len(structs.DirDB) == 0 {
+		gologger.Fatal().Msg("请检查主动指纹探测数据库是否正常。")
+	}
+
+	d, errR := os.ReadFile("config/dict/shirokeys.txt")
+	if errR != nil {
+		gologger.Fatal().Msg("请检查config/dict/shirokeys.txt是否存在。")
+	}
+	dStr := strings.ReplaceAll(string(d), "\r", "")
+	structs.ShiroKeys = strings.Split(dStr, "\n")
+	if len(structs.ShiroKeys) == 0 {
+		gologger.Fatal().Msg("Shiro key为空")
+	}
+}
+
+func Flag() {
+	showBanner()
+
+	// 目标设置
+	flag.StringVar(&TargetString, "t", "", "被扫描的目标。 192.168.0.1 192.168.0.0/16 192.168.0.1:80 baidu.com:80 target.txt")
+
+	// 子域名枚举
+	flag.BoolVar(&structs.GlobalConfig.Subdomain, "sd", false, "开启子域名枚举")
+	flag.BoolVar(&structs.GlobalConfig.NoSubdomainBruteForce, "nsbf", false, "关闭子域名爆破")
+	flag.BoolVar(&structs.GlobalConfig.NoSubFinder, "nsf", false, "关闭被动子域名枚举")
+	flag.IntVar(&structs.GlobalConfig.SubdomainBruteForceThreads, "sbft", 150, "爆破子域名协程数量")
+	flag.BoolVar(&structs.GlobalConfig.AllowLocalAreaDomain, "ld", false, "允许域名解析到局域网")
+
+	// 端口扫描
+	flag.StringVar(&PortString, "p", "", "目标IP扫描的端口。 默认扫描Top1000")
+	flag.BoolVar(&structs.GlobalConfig.SkipHostDiscovery, "Pn", false, "禁用主机发现功能(icmp,arp)")
+	flag.IntVar(&structs.GlobalConfig.GetBannerThreads, "tc", 30, "TCP全连接获取Banner的线程数量")
+	flag.StringVar(&structs.GlobalConfig.PortScanType, "st", "tcp", "端口扫描方式 tcp使用TCP扫描(慢),syn为调用masscan进行扫描(需要masscan依赖)")
+	flag.IntVar(&structs.GlobalConfig.TCPPortScanThreads, "tcpt", 600, "TCP扫描线程")
+	flag.IntVar(&structs.GlobalConfig.SYNPortScanThreads, "synt", 10000, "SYN扫描线程(masscan)")
+	flag.IntVar(&structs.GlobalConfig.PortsThreshold, "pc", 300, "一个IP的端口数量阈值,当一个端口的IP数量超过此数量，此IP将会被抛弃")
+	flag.IntVar(&structs.GlobalConfig.TCPPortScanTimeout, "psto", 6, "TCP扫描超时时间(秒)")
+	flag.StringVar(&structs.GlobalConfig.MasscanPath, "mp", "masscan", "指定masscan路径")
+
+	// 代理设置 只支持HTTP代理 方便用云函数
+	flag.StringVar(&structs.GlobalConfig.HTTPProxy, "proxy", "", "HTTP代理，在外网可利用云函数/代理池的多出口特性恶心防守 例: http://127.0.0.1:8080")
+
+	// 关闭主动指纹探测
+	flag.BoolVar(&structs.GlobalConfig.NoDirSearch, "nd", false, "关闭主动指纹探测")
+
+	// 从hunter中获取资产
+	flag.BoolVar(&structs.GlobalConfig.Hunter, "hunter", false, "从hunter中获取资产,开启此选项后-t参数变更为需要在hunter中搜索的关键词")
+	flag.IntVar(&structs.GlobalConfig.HunterPageSize, "htps", 100, "Hunter 每页资产条数")
+	flag.IntVar(&structs.GlobalConfig.HunterMaxPageCount, "htpc", 10, "Hunter 最大查询页数")
+
+	// 从fofa获取资产
+	flag.BoolVar(&structs.GlobalConfig.Fofa, "fofa", false, "从fofa中获取资产,开启此选项后-t参数变更为需要在fofa中搜索的关键词")
+	flag.IntVar(&structs.GlobalConfig.FofaMaxCount, "ffmc", 100, "Hunter 查询资产条数 Max:10000")
+
+	// 输出
+	flag.StringVar(&structs.GlobalConfig.ReportName, "o", "", "html格式输出报告")
+
+	// Go Poc
+	flag.IntVar(&structs.GlobalConfig.GoPocThreads, "gopt", 50, "GoPoc运行线程")
+
+	flag.Parse()
+	prepare()
+}
+
+var PortTOP1000 = "21,22,23,25,53,69,80,81,88,89,110,135,161,445,139,137,143,389,443,512,513,514,548,873,1433,1521,2181,3306,3389,3690,4848,5000,5001,5432,5632,5900,5901,5902,6379,7000,7001,7002,8000,8001,8007,8008,8009,8069,8080,8081,8088,8089,8090,8091,9060,9090,9091,9200,9300,10000,11211,27017,27018,50000,1080,888,1158,2100,2424,2601,2604,3128,5984,7080,8010,8082,8083,8084,8085,8086,8087,8222,8443,8686,8888,9000,9001,9002,9003,9004,9005,9006,9007,9008,9009,9010,9043,9080,9081,9418,9999,50030,50060,50070,82,83,84,85,86,87,7003,7004,7005,7006,7007,7008,7009,7010,7070,7071,7072,7073,7074,7075,7076,7077,7078,7079,8002,8003,8004,8005,8006,8200,90,801,8011,8100,8012,8070,99,7777,8028,808,38888,8181,800,18080,8099,8899,8360,8300,8800,8180,3505,8053,1000,8989,28017,49166,3000,41516,880,8484,6677,8016,7200,9085,5555,8280,1980,8161,7890,8060,6080,8880,8020,889,8881,38501,1010,93,6666,100,6789,7060,8018,8022,3050,8787,2000,10001,8013,6888,8040,10021,2011,6006,4000,8055,4430,1723,6060,7788,8066,9898,6001,8801,10040,9998,803,6688,10080,8050,7011,40310,18090,802,10003,8014,2080,7288,8044,9992,8889,5644,8886,9500,58031,9020,8015,8887,8021,8700,91,9900,9191,3312,8186,8735,8380,1234,38080,9088,9988,2110,21245,3333,2046,9061,2375,9011,8061,8093,9876,8030,8282,60465,2222,98,1100,18081,70,8383,5155,92,8188,2517,8062,11324,2008,9231,999,28214,16080,8092,8987,8038,809,2010,8983,7700,3535,7921,9093,11080,6778,805,9083,8073,10002,114,2012,701,8810,8400,9099,8098,8808,20000,8065,8822,15000,9901,11158,1107,28099,12345,2006,9527,51106,688,25006,8045,8023,8029,9997,7048,8580,8585,2001,8035,10088,20022,4001,2013,20808,8095,106,3580,7742,8119,6868,32766,50075,7272,3380,3220,7801,5256,5255,10086,1300,5200,8096,6198,6889,3503,6088,9991,806,5050,8183,8688,1001,58080,1182,9025,8112,7776,7321,235,8077,8500,11347,7081,8877,8480,9182,58000,8026,11001,10089,5888,8196,8078,9995,2014,5656,8019,5003,8481,6002,9889,9015,8866,8182,8057,8399,10010,8308,511,12881,4016,8042,1039,28080,5678,7500,8051,18801,15018,15888,38443,8123,8144,94,9070,1800,9112,8990,3456,2051,9098,444,9131,97,7100,7711,7180,11000,8037,6988,122,8885,14007,8184,7012,8079,9888,9301,59999,49705,1979,8900,5080,5013,1550,8844,4850,206,5156,8813,3030,1790,8802,9012,5544,3721,8980,10009,8043,8390,7943,8381,8056,7111,1500,7088,5881,9437,5655,8102,6000,65486,4443,10025,8024,8333,8666,103,8,9666,8999,9111,8071,9092,522,11381,20806,8041,1085,8864,7900,1700,8036,8032,8033,8111,60022,955,3080,8788,7443,8192,6969,9909,5002,9990,188,8910,9022,10004,866,8582,4300,9101,6879,8891,4567,4440,10051,10068,50080,8341,30001,6890,8168,8955,16788,8190,18060,7041,42424,8848,15693,2521,19010,18103,6010,8898,9910,9190,9082,8260,8445,1680,8890,8649,30082,3013,30000,2480,7202,9704,5233,8991,11366,7888,8780,7129,6600,9443,47088,7791,18888,50045,15672,9089,2585,60,9494,31945,2060,8610,8860,58060,6118,2348,8097,38000,18880,13382,6611,8064,7101,5081,7380,7942,10016,8027,2093,403,9014,8133,6886,95,8058,9201,6443,5966,27000,7017,6680,8401,9036,8988,8806,6180,421,423,57880,7778,18881,812,15004,9110,8213,8868,1213,8193,8956,1108,778,65000,7020,1122,9031,17000,8039,8600,50090,1863,8191,65,6587,8136,9507,132,200,2070,308,5811,3465,8680,7999,7084,18082,3938,18001,9595,442,4433,7171,9084,7567,811,1128,6003,2125,6090,10007,7022,1949,6565,65001,1301,19244,10087,8025,5098,21080,1200,15801,1005,22343,7086,8601,6259,7102,10333,211,10082,18085,180,40000,7021,7702,66,38086,666,6603,1212,65493,96,9053,7031,23454,30088,6226,8660,6170,8972,9981,48080,9086,10118,40069,28780,20153,20021,20151,58898,10066,1818,9914,55351,8343,18000,6546,3880,8902,22222,19045,5561,7979,5203,8879,50240,49960,2007,1722,8913,8912,9504,8103,8567,1666,8720,8197,3012,8220,9039,5898,925,38517,8382,6842,8895,2808,447,3600,3606,9095,45177,19101,171,133,8189,7108,10154,47078,6800,8122,381,1443,15580,23352,3443,1180,268,2382,43651,10099,65533,7018,60010,60101,6699,2005,18002,2009,59777,591,1933,9013,8477,9696,9030,2015,7925,6510,18803,280,5601,2901,2301,5201,302,610,8031,5552,8809,6869,9212,17095,20001,8781,25024,5280,7909,17003,1088,7117,20052,1900,10038,30551,9980,9180,59009,28280,7028,61999,7915,8384,9918,9919,55858,7215,77,9845,20140,8288,7856,1982,1123,17777,8839,208,2886,877,6101,5100,804,983,5600,8402,5887,8322,770,13333,7330,3216,31188,47583,8710,22580,1042,2020,34440,20,7703,65055,8997,6543,6388,8283,7201,4040,61081,12001,3588,7123,2490,4389,1313,19080,9050,6920,299,20046,8892,9302,7899,30058,7094,6801,321,1356,12333,11362,11372,6602,7709,45149,3668,517,9912,9096,8130,7050,7713,40080,8104,13988,18264,8799,55070,23458,8176,9517,9541,9542,9512,8905,11660,1025,44445,44401,17173,436,560,733,968,602,3133,3398,16580,8488,8901,8512,10443,9113,9119,6606,22080,5560,7,5757,1600,8250,10024,10200,333,73,7547,8054,6372,223,3737,9800,9019,8067,45692,15400,15698,9038,37006,2086,1002,9188,8094,8201,8202,30030,2663,9105,10017,4503,1104,8893,40001,27779,3010,7083,5010,5501,309,1389,10070,10069,10056,3094,10057,10078,10050,10060,10098,4180,10777,270,6365,9801,1046,7140,1004,9198,8465,8548,108,30015,8153,1020,50100,8391,34899,7090,6100,8777,8298,8281,7023,3377,9100"
diff --git a/common/hostbind.go b/common/hostbind.go
@@ -0,0 +1,55 @@
+package common
+
+import (
+	"dddd/common/http"
+	"dddd/structs"
+	"dddd/utils"
+	"fmt"
+	"github.com/projectdiscovery/httpx"
+	"net/url"
+	"strings"
+)
+
+func HostBindCheck() {
+	var urls []string
+	for rootURL, _ := range structs.GlobalURLMap {
+		URL, err := url.Parse(rootURL)
+		if err != nil {
+			continue
+		}
+
+		if strings.Contains(URL.Host, ":") {
+			tmp := strings.Split(URL.Host, ":")
+			if len(tmp) != 2 {
+				continue
+			}
+			ip, port := tmp[0], tmp[1]
+			if !utils.IsIPv4(ip) {
+				continue
+			}
+			domains, ok := structs.GlobalIPDomainMap[ip]
+			if !ok {
+				continue
+			}
+			for _, domain := range domains {
+				urls = append(urls, fmt.Sprintf("%v://%v:%v", URL.Scheme, domain, port))
+			}
+		} else {
+			ip := URL.Host
+			if !utils.IsIPv4(ip) {
+				continue
+			}
+			domains, ok := structs.GlobalIPDomainMap[ip]
+			if !ok {
+				continue
+			}
+			for _, domain := range domains {
+				urls = append(urls, fmt.Sprintf("%v://%v", URL.Scheme, domain))
+			}
+		}
+	}
+	urls = utils.RemoveDuplicateElement(urls)
+
+	httpx.DirBrute(urls, http.HostBindHTTPxCallBack, structs.GlobalConfig.HTTPProxy)
+
+}