forked from selinuxG/Golin
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
优化并发逻辑,扫描速度增加;增加扫描Druidun默认口令、swagger未授权访问漏洞
- Loading branch information
Showing
28 changed files
with
193 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
package global | ||
|
||
const ( | ||
Version = "v3.3.2" //当前版本号 | ||
Releasenotes = "增加识别主机来源局域网/互联网,增加识别CVE-2022-22947漏洞检测,NPS内网穿透默认口令扫描,增加识别web组件数量,优化扫描进度条输出" //版本说明 | ||
RepoUrl = "https://api.github.com/repos/selinuxg/Golin/releases/latest" //仓库最新版本 | ||
Version = "v3.3.3" //当前版本号 | ||
Releasenotes = "优化并发逻辑,扫描速度增加;增加扫描Druidun默认口令、swagger未授权访问漏洞" //版本说明 | ||
RepoUrl = "https://api.github.com/repos/selinuxg/Golin/releases/latest" //仓库最新版本 | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
package poc | ||
|
||
import ( | ||
"io" | ||
"net/http" | ||
"strings" | ||
) | ||
|
||
func AuthDruidun(url string) { | ||
url += "/druid/index.html" | ||
req, _ := http.NewRequest("GET", url, nil) | ||
resp, err := newRequest(req) | ||
if err != nil { | ||
return | ||
} | ||
defer resp.Body.Close() | ||
|
||
if resp.StatusCode == 200 { | ||
bodyBytes, err2 := io.ReadAll(resp.Body) | ||
if err2 != nil { | ||
return | ||
} | ||
bodyString := string(bodyBytes) | ||
if strings.Contains(bodyString, "Druid Stat Index") && | ||
strings.Contains(bodyString, "DruidVersion") && | ||
strings.Contains(bodyString, "DruidDrivers") { | ||
flags := Flagcve{ | ||
url: url, | ||
cve: "Druid未授权访问", | ||
} | ||
echoFlag(flags) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
package poc | ||
|
||
import ( | ||
"io" | ||
"net/http" | ||
"strings" | ||
) | ||
|
||
func AuthSwagger(url string) { | ||
|
||
paths := []string{ | ||
"/swagger/ui/index", | ||
"/swagger-ui.html", | ||
"/api/swagger-ui.html", | ||
"/service/swagger-ui.html", | ||
"/web/swagger-ui.html", | ||
"/swagger/swagger-ui.html", | ||
"/actuator/swagger-ui.html", | ||
"/libs/swagger-ui.html", | ||
"/template/swagger-ui.html", | ||
"/api_docs", | ||
"/api/docs/", | ||
"/api/index.html", | ||
"/swagger/v1/swagger.yaml", | ||
"/swagger/v1/swagger.json", | ||
"/swagger.yaml", | ||
"/swagger.json", | ||
"/api-docs/swagger.yaml", | ||
"/api-docs/swagger.json", | ||
} | ||
|
||
for _, path := range paths { | ||
req, _ := http.NewRequest("GET", url+path, nil) | ||
resp, err := newRequest(req) | ||
|
||
if err != nil { | ||
continue | ||
} | ||
defer resp.Body.Close() | ||
|
||
if resp.StatusCode == 200 { | ||
bodyBytes, err2 := io.ReadAll(resp.Body) | ||
if err2 != nil { | ||
continue | ||
} | ||
bodyString := string(bodyBytes) | ||
|
||
if strings.Contains(bodyString, "Swagger UI") || | ||
strings.Contains(bodyString, "swagger-ui.min.js") || | ||
strings.Contains(bodyString, "swagger:") || | ||
strings.Contains(bodyString, "Swagger 2.0") || | ||
strings.Contains(bodyString, "\"swagger\":") { | ||
flags := Flagcve{ | ||
url: url + path, | ||
cve: "swagger未授权访问", | ||
} | ||
echoFlag(flags) | ||
//break | ||
} | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,23 @@ | ||
package poc | ||
|
||
import ( | ||
"crypto/tls" | ||
"net/http" | ||
"time" | ||
) | ||
|
||
func newRequest(req *http.Request) (*http.Response, error) { | ||
|
||
transport := &http.Transport{ | ||
TLSClientConfig: &tls.Config{ | ||
InsecureSkipVerify: true, | ||
}} | ||
|
||
client := &http.Client{ | ||
Timeout: time.Second * 3, | ||
Transport: transport, | ||
Timeout: time.Second * 3, | ||
} | ||
|
||
resp, err := client.Do(req) | ||
return resp, err | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.