fix -host http:/xxx.com can not run naabu 2022-06-29 23:07:1656515250

Author: x51pwn

config/config.json

@@ -51,6 +51,8 @@
   "UrlPrecise": true,
   "ParseSSl": false,
   "EnableSubfinder": false,
+  "EnableKsubdomain": true,
+  "KsubdomainRegxp": "([0-9a-zA-Z\\-]+\\.[0-9a-zA-Z\\-]+)$",
   "naabu_dns": {},
   "naabu": {"TopPorts": "1000","ScanAllIPS": true},
   "nuclei": {},

config/nuclei-templates/cves/2018/CVE-2018-18778.yaml

@@ -13,7 +13,7 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2018-18778
     cwe-id: CWE-200
-  tags: cve,cve2018,lfi
+  tags: cve,cve2018,lfi,mini_httpd
 
 requests:
   - raw:

config/nuclei-templates/cves/2021/CVE-2021-42063.yaml

@@ -16,6 +16,9 @@ info:
     cvss-score: 6.1
     cve-id: CVE-2021-42063
     cwe-id: CWE-79
+  metadata:
+    shodan-query: http.favicon.hash:-266008933
+    zoomeye-query: +app:"SAP NetWeaver Application Server httpd
   tags: cve,cve2021,sap,xss
 
 requests:

config/nuclei-templates/miscellaneous/robots-txt.yaml

@@ -2,7 +2,7 @@ id: robots-txt
 
 info:
   name: robots.txt file
-  author: CasperGN
+  author: CasperGN,thezakman
   severity: info
   tags: misc,generic
 

config/nuclei-templates/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml

@@ -2,7 +2,7 @@ id: phpmyadmin-setup
 
 info:
   name: Publicly Accessible Phpmyadmin Setup
-  author: sheikhrishad,thevillagehacker
+  author: sheikhrishad,thevillagehacker,Kr1shna4garwal
   severity: medium
   tags: phpmyadmin,misconfig
 
@@ -19,11 +19,13 @@ requests:
       - "{{BaseURL}}/sysadmin/phpMyAdmin/scripts/setup.php"
       - "{{BaseURL}}/phpmyadmin/setup/index.php"
       - "{{BaseURL}}/pma/setup/index.php"
+      - "{{BaseURL}}/phpmyadmin/setup/"
 
     stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: word
+        part: body
         words:
           - "You want to configure phpMyAdmin using web interface"
           - "<title>phpMyAdmin setup</title>"

pkg/config.go

@@ -2,6 +2,7 @@ package pkg
 
 import (
 	"encoding/json"
+	"fmt"
 	"github.com/spf13/viper"
 	"io/ioutil"
 	"log"
@@ -29,8 +30,9 @@ var (
 
 // 优先使用配置文件中的配置，否则从环境变量中读取
 func GetVal(key string) string {
+	key = strings.ToLower(key)
 	if s, ok := mData[key]; ok {
-		return s.(string)
+		return fmt.Sprintf("%v", s)
 	}
 	return os.Getenv(key)
 }

pkg/ksubdomain/ksbdomain.go

@@ -3,25 +3,44 @@ package ksubdomain
 import (
 	"github.com/boy-hack/ksubdomain/core/conf"
 	"github.com/boy-hack/ksubdomain/core/gologger"
+	"github.com/hktalent/scan4all/pkg"
 	cli "github.com/urfave/cli/v2"
 	"os"
+	"regexp"
 )
 
 // cat $HOME/MyWork/scan4all/pkg/ksubdomain/*.go|grep "github.com/boy-hack/ksubdomain"|sed 's/"//g'|sort -u|uniq|xargs -I % go get %
 func DoSubfinder(a []string, out chan string, done chan bool) {
-	app := &cli.App{
-		Name:    conf.AppName,
-		Version: conf.Version,
-		Usage:   conf.Description,
-		Commands: []*cli.Command{
-			enumCommand,
-			verifyCommand,
-			testCommand,
-		},
-	}
+	if "true" == pkg.GetVal("EnableKsubdomain") {
+		s1 := pkg.GetVal("KsubdomainRegxp")
+		if "" != s1 {
+			r1, err := regexp.Compile(s1)
+			if nil == err {
+				a1 := []string{}
+				for _, x := range a {
+					x3 := r1.FindAllString(x, -1)
+					if 0 < len(x3) {
+						a1 = append(a1, x3[0])
+					}
+				}
+				a = a1
+			}
+			app := &cli.App{
+				Name:    conf.AppName,
+				Version: conf.Version,
+				Usage:   conf.Description,
+				Commands: []*cli.Command{
+					enumCommand,
+					verifyCommand,
+					testCommand,
+				},
+			}
+
+			err := app.Run(os.Args)
+			if err != nil {
+				gologger.Fatalf(err.Error())
+			}
 
-	err := app.Run(os.Args)
-	if err != nil {
-		gologger.Fatalf(err.Error())
+		}
 	}
 }

pkg/naabu/v2/pkg/runner/targets.go

@@ -51,7 +51,13 @@ func (r *Runner) mergeToFile() (string, error) {
 	// target defined via CLI argument
 	if len(r.options.Host) > 0 {
 		for _, v := range r.options.Host {
-			fmt.Fprintf(tempInput, "%s\n", v)
+			if strings.HasPrefix(v, "https://") || strings.HasPrefix(v, "http://") {
+				if u, err := url.Parse(v); err == nil {
+					fmt.Fprintf(tempInput, "%s\n", u.Hostname())
+				}
+			} else {
+				fmt.Fprintf(tempInput, "%s\n", v)
+			}
 		}
 	}
 
@@ -158,6 +164,7 @@ func (r *Runner) AddTarget(target string) error {
 			if u, err := url.Parse(target); err == nil {
 				s1 := fmt.Sprintf("%s://%s", u.Scheme, u.Host)
 				Add2Naabubuffer(fmt.Sprintf("%s\n", s1))
+				//Add2Naabubuffer(u.Hostname())
 				// target 长度 大于 s1才处理
 				////UrlPrecise     bool // 精准url扫描，不去除url清单上下文 2022-06-08
 				UrlPrecise := pkg.GetVal(pkg.UrlPrecise)

test/testXml.go

@@ -1,19 +1,26 @@
 package main
 
 import (
-	"bytes"
-	"github.com/hktalent/scan4all/nuclei_Yaml"
+	"log"
+	"net/url"
 )
 
-var Naabubuffer bytes.Buffer = bytes.Buffer{}
+//var Naabubuffer bytes.Buffer = bytes.Buffer{}
 
 func main() {
-	var nucleiDone = make(chan bool)
-	Naabubuffer.Write([]byte("192.168.10.31\n"))
-	// 集成nuclei
-	//log.Println("httpxrunner.Naabubuffer = ", httpxrunner.Naabubuffer.String())
-	nuclei_Yaml.RunNuclei(Naabubuffer, nucleiDone)
-	<-nucleiDone
+
+	s := "http://www.ddd.com:990/xxp"
+	if u, err := url.Parse(s); err == nil {
+		//s1 := fmt.Sprintf("%s://%s", u.Scheme, u.Host)
+		log.Println(u.Hostname())
+	}
+	//fmt.Println(fmt.Sprintf("%v", 333))
+	//var nucleiDone = make(chan bool)
+	//Naabubuffer.Write([]byte("192.168.10.31\n"))
+	//// 集成nuclei
+	////log.Println("httpxrunner.Naabubuffer = ", httpxrunner.Naabubuffer.String())
+	//nuclei_Yaml.RunNuclei(Naabubuffer, nucleiDone)
+	//<-nucleiDone
 
 	//x := "test/4ee58a18fc884edd74ff1ec077e8c90c6048a45b.xml"
 	//b, err := ioutil.ReadFile(x)