优化指纹算法；增加工作流程图

Author: x51pwn

.github/up.sh

@@ -1,2 +1,2 @@
-cat ./go.mod|grep projectdiscovery|grep -E "subfinder|nuclei"|awk '{print $1}'|xargs -I % go get -u %
+cat ./go.mod|grep projectdiscovery|grep -E "subfinder|nuclei|wappalyzergo"|awk '{print $1}'|xargs -I % go get -u %
 

README.md

@@ -33,6 +33,7 @@
 - 允许通过config/config.json配置定义自己的字典，或者设置相关的开关，可以在这里定义nuclei、httx、naabu的几个Options
 
 # 工作流程
+<img src="static/workflow.jpg">
 - 0.【智能子域名爆破】集成Subfinder,当通过 export EnableSubfinder=true 开启后，ssl证书中的域名信息包含"*."开头时自动启动子域名遍历
 - 1.【端口扫描】集成Nuclei官方产品naabu ( > 2.1k)
 - 2.【服务识别】naabu调用系统安装的nmap，请先自行安装nmap

config/nuclei_esConfig.yaml

@@ -0,0 +1,15 @@
+elasticsearch:
+  # IP for elasticsearch instance
+  ip: 127.0.0.1
+  # Port is the port of elasticsearch instance
+  port: 9200
+  # IndexName is the name of the elasticsearch index
+  index-name: nuclei_index
+  # SSL enables ssl for elasticsearch connection
+  ssl: false
+  # SSLVerification disables SSL verification for elasticsearch
+  ssl-verification: false
+  # Username for the elasticsearch instance
+  username: elastic
+  # Password is the password for elasticsearch instance
+  password: test

nuclei_Yaml/nuclei_yaml.go

@@ -44,6 +44,7 @@ func RunNuclei(buf bytes.Buffer, xx chan bool) {
 		}
 	}
 	options.Verbose = false
+	options.Stream = false
 	////////////////////////////////////*/
 
 	nucleiRunner, err := runner.New(options)
@@ -224,7 +225,7 @@ func readConfig() {
 	options.Retries = 1
 	options.LeaveDefaultPorts = false
 	options.MaxHostError = 30
-	options.Project = false
+	options.Project = true // 去重复
 	options.ProjectPath = os.TempDir()
 	options.StopAtFirstMatch = false
 	options.Stream = false

pkg/fingerprint/fingerScan.go

@@ -28,93 +28,59 @@ func mapToJson(param map[string][]string) string {
 	return dataString
 }
 
+// 合并所有指纹需要请求的链接，也就是合并所有请求，相同的只请求一次
+// 会多次调用，所以需要cache中间结果
+func PreprocessingFingerScan(url string) []string {
+	// 有时间再实现
+	return []string{}
+}
+
 func FingerScan(headers map[string][]string, body []byte, title string, url string) []string {
 	bodyString := string(body)
 	headersjson := mapToJson(headers)
 	favhash := getfavicon(bodyString, url)
 	var cms []string
-	for _, finp := range EholeFinpx.Fingerprint {
-		if finp.Location == "body" {
-			if finp.Method == "keyword" {
-				if iskeyword(bodyString, finp.Keyword) {
-					cms = append(cms, finp.Cms)
-				}
-			}
-			if finp.Method == "faviconhash" {
-				if favhash == finp.Keyword[0] {
-					cms = append(cms, finp.Cms)
-				}
-			}
-			if finp.Method == "regular" {
-				if isregular(bodyString, finp.Keyword) {
-					cms = append(cms, finp.Cms)
-				}
-			}
-		}
-		if finp.Location == "header" {
-			if finp.Method == "keyword" {
-				if iskeyword(headersjson, finp.Keyword) {
-					cms = append(cms, finp.Cms)
-				}
-			}
-			if finp.Method == "regular" {
-				if isregular(headersjson, finp.Keyword) {
-					cms = append(cms, finp.Cms)
-				}
-			}
-		}
-		if finp.Location == "title" {
-			if finp.Method == "keyword" {
-				if iskeyword(title, finp.Keyword) {
-					cms = append(cms, finp.Cms)
+	for _, x1 := range []*Packjson{EholeFinpx, LocalFinpx} {
+		for _, finp := range x1.Fingerprint {
+			if finp.Location == "body" {
+				if finp.Method == "keyword" {
+					if iskeyword(bodyString, finp.Keyword) {
+						cms = append(cms, finp.Cms)
+					}
 				}
-			}
-			if finp.Method == "regular" {
-				if isregular(title, finp.Keyword) {
-					cms = append(cms, finp.Cms)
+				if finp.Method == "faviconhash" {
+					if favhash == finp.Keyword[0] {
+						cms = append(cms, finp.Cms)
+					}
 				}
-			}
-		}
-	}
-	for _, finp := range LocalFinpx.Fingerprint {
-		if finp.Location == "body" {
-			if finp.Method == "keyword" {
-				if iskeyword(bodyString, finp.Keyword) {
-					cms = append(cms, finp.Cms)
+				if finp.Method == "regular" {
+					if isregular(bodyString, finp.Keyword) {
+						cms = append(cms, finp.Cms)
+					}
 				}
 			}
-			if finp.Method == "faviconhash" {
-				if favhash == finp.Keyword[0] {
-					cms = append(cms, finp.Cms)
+			if finp.Location == "header" {
+				if finp.Method == "keyword" {
+					if iskeyword(headersjson, finp.Keyword) {
+						cms = append(cms, finp.Cms)
+					}
 				}
-			}
-			if finp.Method == "regular" {
-				if isregular(bodyString, finp.Keyword) {
-					cms = append(cms, finp.Cms)
+				if finp.Method == "regular" {
+					if isregular(headersjson, finp.Keyword) {
+						cms = append(cms, finp.Cms)
+					}
 				}
 			}
-		}
-		if finp.Location == "header" {
-			if finp.Method == "keyword" {
-				if iskeyword(headersjson, finp.Keyword) {
-					cms = append(cms, finp.Cms)
+			if finp.Location == "title" {
+				if finp.Method == "keyword" {
+					if iskeyword(title, finp.Keyword) {
+						cms = append(cms, finp.Cms)
+					}
 				}
-			}
-			if finp.Method == "regular" {
-				if isregular(headersjson, finp.Keyword) {
-					cms = append(cms, finp.Cms)
-				}
-			}
-		}
-		if finp.Location == "title" {
-			if finp.Method == "keyword" {
-				if iskeyword(title, finp.Keyword) {
-					cms = append(cms, finp.Cms)
-				}
-			}
-			if finp.Method == "regular" {
-				if isregular(title, finp.Keyword) {
-					cms = append(cms, finp.Cms)
+				if finp.Method == "regular" {
+					if isregular(title, finp.Keyword) {
+						cms = append(cms, finp.Cms)
+					}
 				}
 			}
 		}

pkg/httpx/runner/runner.go

@@ -29,15 +29,21 @@ import (
 	"time"
 
 	"github.com/bluele/gcache"
+	"github.com/hktalent/scan4all/pkg/httpx/common/hashes"
 	"github.com/logrusorgru/aurora"
 	"github.com/pkg/errors"
 	"github.com/projectdiscovery/clistats"
 	"github.com/projectdiscovery/cryptoutil"
 	"github.com/projectdiscovery/goconfig"
 	"github.com/projectdiscovery/stringsutil"
 	"github.com/projectdiscovery/urlutil"
-	"github.com/hktalent/scan4all/pkg/httpx/common/hashes"
 
+	customport "github.com/hktalent/scan4all/pkg/httpx/common/customports"
+	fileutilz "github.com/hktalent/scan4all/pkg/httpx/common/fileutil"
+	"github.com/hktalent/scan4all/pkg/httpx/common/httputilz"
+	"github.com/hktalent/scan4all/pkg/httpx/common/httpx"
+	"github.com/hktalent/scan4all/pkg/httpx/common/slice"
+	"github.com/hktalent/scan4all/pkg/httpx/common/stringz"
 	// automatic fd max increase if running as root
 	_ "github.com/projectdiscovery/fdmax/autofdmax"
 	"github.com/projectdiscovery/fileutil"
@@ -50,12 +56,6 @@ import (
 	"github.com/projectdiscovery/retryablehttp-go"
 	wappalyzer "github.com/projectdiscovery/wappalyzergo"
 	"github.com/remeh/sizedwaitgroup"
-	customport "github.com/hktalent/scan4all/pkg/httpx/common/customports"
-	fileutilz "github.com/hktalent/scan4all/pkg/httpx/common/fileutil"
-	"github.com/hktalent/scan4all/pkg/httpx/common/httputilz"
-	"github.com/hktalent/scan4all/pkg/httpx/common/httpx"
-	"github.com/hktalent/scan4all/pkg/httpx/common/slice"
-	"github.com/hktalent/scan4all/pkg/httpx/common/stringz"
 	"go.uber.org/ratelimit"
 )
 
@@ -700,12 +700,20 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
 									continue
 								}
 								r.process(tt, wg, hp, protocol, scanopts, output)
+								a1 := fingerprint.PreprocessingFingerScan(tt)
+								for _, x1 := range a1 {
+									r.process(x1, wg, hp, protocol, scanopts, output)
+								}
 							}
 							for _, tt := range result.TLSData.CommonName {
 								if !r.testAndSet(tt) {
 									continue
 								}
 								r.process(tt, wg, hp, protocol, scanopts, output)
+								a1 := fingerprint.PreprocessingFingerScan(tt)
+								for _, x1 := range a1 {
+									r.process(x1, wg, hp, protocol, scanopts, output)
+								}
 							}
 						}
 						if scanopts.CSPProbe && result.CSPData != nil {
@@ -715,6 +723,10 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
 									continue
 								}
 								r.process(tt, wg, hp, protocol, scanopts, output)
+								a1 := fingerprint.PreprocessingFingerScan(tt)
+								for _, x1 := range a1 {
+									r.process(x1, wg, hp, protocol, scanopts, output)
+								}
 							}
 						}
 					}(target, method, prot)

pkg/naabu/v2/pkg/runner/runner.go

@@ -53,6 +53,8 @@ func (r *Runner) Httpxrun() error {
 	var nucleiDone = make(chan bool)
 	// 集成nuclei
 	//log.Println("httpxrunner.Naabubuffer = ", httpxrunner.Naabubuffer.String())
+	//Naabubuffer1 := bytes.Buffer{}
+	//Naabubuffer1.Write(httpxrunner.Naabubuffer.Bytes())
 	go nuclei_Yaml.RunNuclei(httpxrunner.Naabubuffer, nucleiDone)
 	httpxoptions := httpxrunner.ParseOptions()
 	httpxoptions.Output = r.options.Output

static/workflow.jpg

@@ -1,36 +1,44 @@
 package main
 
 import (
-	"github.com/hktalent/scan4all/pkg/hydra"
-	"io/ioutil"
+	"bytes"
+	"github.com/hktalent/scan4all/nuclei_Yaml"
 )
 
+var Naabubuffer bytes.Buffer = bytes.Buffer{}
+
 func main() {
+	var nucleiDone = make(chan bool)
+	Naabubuffer.Write([]byte("192.168.10.31\n"))
+	// 集成nuclei
+	//log.Println("httpxrunner.Naabubuffer = ", httpxrunner.Naabubuffer.String())
+	nuclei_Yaml.RunNuclei(Naabubuffer, nucleiDone)
+	<-nucleiDone
 
-	x := "test/4ee58a18fc884edd74ff1ec077e8c90c6048a45b.xml"
-	b, err := ioutil.ReadFile(x)
-	if nil == err && 0 < len(b) {
-		s := string(b)
-		hydra.DoParseXml(s)
-		//select {}
-		//doc, err := xmlquery.Parse(strings.NewReader(s))
-		//if err != nil {
-		//	log.Println(err)
-		//	return
-		//}
-		//
-		//for _, n := range xmlquery.Find(doc, "//host") {
-		//	x1 := n.SelectElement("address").Attr[0].Value
-		//	ps := n.SelectElements("ports/port")
-		//	for _, x := range ps {
-		//		if "open" == x.SelectElement("state").Attr[0].Value {
-		//			ip := x1
-		//			port, _ := strconv.Atoi(GetAttr(x.Attr, "portid"))
-		//			service := GetAttr(x.SelectElement("service").Attr, "name")
-		//			fmt.Printf("%s\t%d\t%s\n", ip, port, service)
-		//		}
-		//	}
-		//}
-	}
+	//x := "test/4ee58a18fc884edd74ff1ec077e8c90c6048a45b.xml"
+	//b, err := ioutil.ReadFile(x)
+	//if nil == err && 0 < len(b) {
+	//	s := string(b)
+	//	hydra.DoParseXml(s)
+	//	//select {}
+	//	//doc, err := xmlquery.Parse(strings.NewReader(s))
+	//	//if err != nil {
+	//	//	log.Println(err)
+	//	//	return
+	//	//}
+	//	//
+	//	//for _, n := range xmlquery.Find(doc, "//host") {
+	//	//	x1 := n.SelectElement("address").Attr[0].Value
+	//	//	ps := n.SelectElements("ports/port")
+	//	//	for _, x := range ps {
+	//	//		if "open" == x.SelectElement("state").Attr[0].Value {
+	//	//			ip := x1
+	//	//			port, _ := strconv.Atoi(GetAttr(x.Attr, "portid"))
+	//	//			service := GetAttr(x.SelectElement("service").Attr, "name")
+	//	//			fmt.Printf("%s\t%d\t%s\n", ip, port, service)
+	//	//		}
+	//	//	}
+	//	//}
+	//}
 
 }