fix main.go:35:4: fmt.Println arg list ends with redundant newline 2022-07-12 09:34:1657589698

x51pwn · x51pwn · commit 65bb51d5a7ad · 2022-07-12T09:34:59.000+08:00
diff --git a/config/nuclei-templates/README.md b/config/nuclei-templates/README.md
@@ -53,7 +53,7 @@ An overview of the nuclei template project, including statistics on unique tags,
 | wp-plugin |   283 | pussycat0x    |   125 | default-logins   |    98 |          |       |         |       |
 | tech      |   276 | gy741         |   124 | file             |    76 |          |       |         |       |
 
-**279 directories, 3776 files**.
+**279 directories, 3823 files**.
 
 </td>
 </tr>
diff --git a/config/nuclei-templates/cves/2020/CVE-2020-8644.yaml b/config/nuclei-templates/cves/2020/CVE-2020-8644.yaml
@@ -1,7 +1,7 @@
 id: CVE-2020-8644
 
 info:
-  name: playSMS<1.4.3 - Remote Code Execution
+  name: playSMS <1.4.3 - Remote Code Execution
   author: dbrwsky
   severity: critical
   description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template.
diff --git a/config/nuclei-templates/cves/2021/CVE-2021-26702.yaml b/config/nuclei-templates/cves/2021/CVE-2021-26702.yaml
@@ -18,13 +18,13 @@ info:
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/cgi/dataset_dictionary?dataset=zulu</title></script><script>alert(document.domain)</script>"
+      - "{{BaseURL}}/cgi/dataset_dictionary?dataset=zulu%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
 
     matchers-condition: and
     matchers:
       - type: word
         words:
-          - "</title></script><script>alert(document.domain)</script>"
+          - "</script><script>alert(document.domain)</script>"
 
       - type: word
         part: header
diff --git a/config/nuclei-templates/default-logins/xxljob/xxljob-default-login.yaml b/config/nuclei-templates/default-logins/xxljob/xxljob-default-login.yaml
@@ -2,7 +2,7 @@ id: xxljob-default-login
 
 info:
   name: XXL-JOB Default Login
-  author: pdteam
+  author: pdteam,ritikchaddha
   severity: high
   description: XXL-JOB default admin credentials were discovered.
   reference:
@@ -11,6 +11,9 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
     cvss-score: 8.3
     cwe-id: CWE-522
+  metadata:
+    verified: true
+    shodan-query: http.favicon.hash:1691956220
   tags: default-login,xxljob
 
 requests:
@@ -22,13 +25,21 @@ requests:
 
         userName={{username}}&password={{password}}
 
+      - |
+        POST /login HTTP/1.1
+        Host:{{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        userName={{username}}&password={{password}}
+
+    attack: pitchfork
     payloads:
       username:
         - admin
       password:
         - 123456
-    attack: pitchfork
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: word
@@ -39,10 +50,10 @@ requests:
         condition: and
 
       - type: word
+        part: header
         words:
           - 'application/json'
           - 'XXL_JOB_LOGIN_IDENTITY'
-        part: header
         condition: and
 
       - type: status
diff --git a/config/nuclei-templates/exposed-panels/xxljob-panel.yaml b/config/nuclei-templates/exposed-panels/xxljob-panel.yaml
@@ -2,15 +2,20 @@ id: xxljob-panel
 
 info:
   name: XXLJOB Admin Login Panel
-  author: pdteam,daffainfo
+  author: pdteam,daffainfo,ritikchaddha
   severity: info
+  metadata:
+    verified: true
+    shodan-query: http.favicon.hash:1691956220
   tags: panel,xxljob,login
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/xxl-job-admin/toLogin"
+      - "{{BaseURL}}/toLogin"
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: word
diff --git a/config/nuclei-templates/technologies/shopware-detect.yaml b/config/nuclei-templates/technologies/shopware-detect.yaml
@@ -8,6 +8,9 @@ info:
   reference:
     - https://github.com/shopware/shopware
     - https://github.com/shopware/platform
+  metadata:
+    verified: true
+    shodan-query: title:"shopware AG"
   tags: tech,shopware,cms
 
 requests:
@@ -16,6 +19,7 @@ requests:
       - "{{BaseURL}}/admin"
       - "{{BaseURL}}/backend"
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: word
@@ -29,4 +33,4 @@ requests:
 
       - type: status
         status:
-          - 200
+          - 200
diff --git a/go.mod b/go.mod
@@ -69,7 +69,7 @@ require (
 	github.com/projectdiscovery/rawhttp v0.0.8-0.20220526170355-03de6bb78f37
 	github.com/projectdiscovery/sliceutil v0.0.0-20220511171050-c7d9bc5cadd9
 	github.com/projectdiscovery/urlutil v0.0.0-20210805190935-3d83726391c1
-	github.com/projectdiscovery/wappalyzergo v0.0.49
+	github.com/projectdiscovery/wappalyzergo v0.0.50
 	github.com/rs/xid v1.4.0
 	go.etcd.io/bbolt v1.3.6 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -666,6 +666,8 @@ github.com/projectdiscovery/urlutil v0.0.0-20210805190935-3d83726391c1/go.mod h1
 github.com/projectdiscovery/wappalyzergo v0.0.45/go.mod h1:vS+npIOANv7eKsEtODsyRQt2n1v8VofCwj2gjmq72EM=
 github.com/projectdiscovery/wappalyzergo v0.0.49 h1:h0ZQpAk+ypyKbVY/Mxy5B3OeQVS8+M0/Z/e4IJsqQwY=
 github.com/projectdiscovery/wappalyzergo v0.0.49/go.mod h1:1LQBGQVW47tMHxGTxmBK+pAwfsWKSLQMXt/egxGlljo=
+github.com/projectdiscovery/wappalyzergo v0.0.50 h1:mV0RwGnzyyfKscXnDCgzb2INy1BTJX8dT8Zurl+WCuY=
+github.com/projectdiscovery/wappalyzergo v0.0.50/go.mod h1:1LQBGQVW47tMHxGTxmBK+pAwfsWKSLQMXt/egxGlljo=
 github.com/projectdiscovery/yamldoc-go v1.0.2/go.mod h1:7uSxfMXaBmzvw8m5EhOEjB6nhz0rK/H9sUjq1ciZu24=
 github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 h1:DvWRQpw7Ib2CRL3ogYm/BWM+X0UGPfz1n9Ix9YKgFM8=
 github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6/go.mod h1:8OfZj8p/axkUM/TJoS/O9LDjj/S8u17rxRbqluE9CU4=
diff --git a/main.go b/main.go
@@ -32,7 +32,7 @@ func main() {
 	if options.Debug {
 		// debug 优化时启用///////////////////////
 		go func() {
-			fmt.Println("debug info: \nopen http://127.0.0.1:6060/debug/pprof/\n")
+			fmt.Println("debug info: \nopen http://127.0.0.1:6060/debug/pprof/")
 			http.ListenAndServe(":6060", nil)
 		}()
 		//////////////////////////////////////////*/
diff --git a/vendor/github.com/projectdiscovery/wappalyzergo/fingerprints_data.go b/vendor/github.com/projectdiscovery/wappalyzergo/fingerprints_data.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -715,7 +715,7 @@ github.com/projectdiscovery/uncover/uncover/agent/shodanidb
 # github.com/projectdiscovery/urlutil v0.0.0-20210805190935-3d83726391c1
 ## explicit; go 1.16
 github.com/projectdiscovery/urlutil
-# github.com/projectdiscovery/wappalyzergo v0.0.49
+# github.com/projectdiscovery/wappalyzergo v0.0.50
 ## explicit; go 1.16
 github.com/projectdiscovery/wappalyzergo
 # github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ require (`
`69`	`69`	`github.com/projectdiscovery/rawhttp v0.0.8-0.20220526170355-03de6bb78f37`
`70`	`70`	`github.com/projectdiscovery/sliceutil v0.0.0-20220511171050-c7d9bc5cadd9`
`71`	`71`	`github.com/projectdiscovery/urlutil v0.0.0-20210805190935-3d83726391c1`
`72`		`- github.com/projectdiscovery/wappalyzergo v0.0.49`
	`72`	`+ github.com/projectdiscovery/wappalyzergo v0.0.50`
`73`	`73`	`github.com/rs/xid v1.4.0`
`74`	`74`	`go.etcd.io/bbolt v1.3.6 // indirect`
`75`	`75`	`)`