fix fuzz正则表达式消耗资源bug 2022-07-13 09:17:1657675058

Author: x51pwn

brute/filefuzz.go

@@ -8,7 +8,6 @@ import (
 	"net/url"
 	"regexp"
 	"strings"
-	"time"
 )
 
 type page struct {
@@ -71,8 +70,10 @@ func reqPage(u string) (*page, *pkg.Response, error) {
 		if x0, ok := req.Header["Content-Type"]; ok && 0 < len(x0) {
 			x0B := []byte(x0[0])
 			for _, reg := range regs {
-				if matched, _ := regexp.Match(reg, x0B); matched {
-					page.isBackUpPage = true
+				if r1, ok := regsMap[reg]; ok {
+					if r1.Match(x0B) {
+						page.isBackUpPage = true
+					}
 				}
 			}
 		}
@@ -91,6 +92,7 @@ var fuzz404 string
 //go:embed dicts/page404Content.txt
 var page404Content1 string
 var regs []string
+var regsMap = make(map[string]*regexp.Regexp)
 
 func init() {
 	bakSuffix = pkg.GetVal4File("bakSuffix", bakSuffix)
@@ -99,7 +101,14 @@ func init() {
 	page404Content1 = pkg.GetVal4File("page404Content1", page404Content1)
 	InitGeneral()
 	regs = strings.Split(strings.TrimSpace(fuzzct), "\n")
-	regs = append(regs, ret...)
+	var err error
+	for _, reg := range regs {
+		regsMap[reg], err = regexp.Compile(reg)
+		if nil != err {
+			log.Println(reg, " regexp.Compile error: ", err)
+		}
+	}
+	//regs = append(regs, ret...)
 }
 
 // 文件fuzz
@@ -161,6 +170,9 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
 		//log.Println(u, " ", payload)
 		endP := u[len(u)-1:] == "/"
 		go func(payload string) {
+			defer func() {
+				<-ch
+			}()
 			szUrl := u + payload
 			if strings.HasPrefix(payload, "/") && endP {
 				szUrl = u + payload[1:]
@@ -242,8 +254,8 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
 			} else {
 				errorTimes += 1
 			}
-			<-time.After(time.Duration(500) * time.Millisecond)
-			<-ch
+			//<-time.After(time.Duration(500) * time.Millisecond)
+
 		}(payload)
 	}
 	close(ch)

brute/fuzzfingerprints.go

@@ -43,7 +43,7 @@ func addfingerprintsnormal(payload string, technologies []string, req *pkg.Respo
 		if req.StatusCode == 200 && pkg.StrContains(req.Body, "Oracle") {
 			technologies = append(technologies, "Weblogic")
 		}
-	case "/wls-wsat", "/wls-wsat/CoordinatorPortType", "/wls-wsat/CoordinatorPortType11", "/_async/AsyncResponseService", "/_async/AsyncResponseServiceSoap12", "/uddiexplorer/SearchPublicRegistries.jsp", "/ws_utc/config.do":
+	case "/wls-wsat", "/wls-wsat/CoordinatorPortType", "/wls-wsat/CoordinatorPortType11", "/_async/AsyncResponseService", "/_async/AsyncResponseServiceSoap12", "/uddiexplorer/SearchPublicRegistries.jsp", "/ws_utc/config.do", "/bea_wls_internal/classes/mejb@/org/omg/stub/javax/management/j2ee/_ManagementHome_Stub.class":
 		if req.StatusCode == 200 && (pkg.StrContains(req.Body, "weblogic") || strings.Contains(req.Body, "www.bea.com")) {
 			technologies = append(technologies, "Weblogic")
 		}

config/config.json

@@ -54,12 +54,14 @@
   "EnableKsubdomain": true,
   "KsubdomainRegxp": "([0-9a-zA-Z\\-]+\\.[0-9a-zA-Z\\-]+)$",
   "naabu_dns": {},
-  "naabu": {"TopPorts": "1000","ScanAllIPS": true,"Threads": 64},
+  "naabu": {"TopPorts": "1000","ScanAllIPS": true,"Threads": 25},
   "priorityNmap": true,
   "nuclei": {},
   "enablEmbedYaml": true,
   "httpx": {},
   "enableEsSv": false,
   "esthread": 8,
+  "hydrathread": 8,
+  "Fuzzthreads": 32,
   "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s"
 }

pkg/config.go

@@ -13,6 +13,7 @@ import (
 	"os/exec"
 	"regexp"
 	"runtime"
+	"strconv"
 	"strings"
 )
 
@@ -137,13 +138,18 @@ func Init() {
 	config.AddConfigPath("./config/")
 	config.AddConfigPath("$HOME")
 	config.AddConfigPath("/etc/")
+	nT, err := strconv.Atoi(GetVal4File("Fuzzthreads", "32"))
+	if nil != err {
+		nT = 32
+	}
+	Fuzzthreads = nT
 	// 显示调用
 	config.SetConfigType("json")
 	if "" != ConfigName {
 		config.SetConfigFile(ConfigName)
 	}
-	err := config.ReadInConfig() // 查找并读取配置文件
-	if err != nil {              // 处理读取配置文件的错误
+	err = config.ReadInConfig() // 查找并读取配置文件
+	if err != nil {             // 处理读取配置文件的错误
 		log.Println("config.ReadInConfig ", err)
 		return
 	}

pkg/fingerprint/fgConst.go

@@ -0,0 +1,28 @@
+package fingerprint
+
+import (
+	_ "embed"
+	"encoding/json"
+)
+
+type IdMethod int
+
+const (
+	Reg_idMethod       IdMethod = 11515 // 识别方式：正则表达式
+	Text_idMethod      IdMethod = 11516 // 识别方式：文本
+	Bin_idMethod       IdMethod = 11517 // 识别方式：bin，二进制
+	Base64_idMethod    IdMethod = 11518 // 识别方式：base64
+	Md5_idMethod       IdMethod = 11519 // 识别方式：md5
+	Header_idPart      IdMethod = 11520 // 识别区域：header
+	Body_idPart        IdMethod = 11521 // 识别区域：body
+	Raw_idPart         IdMethod = 11522 // 识别区域：raw
+	Status_code_idPart IdMethod = 8998  // 识别区域：状态吗
+)
+
+//go:embed db/fg.json
+var FgData string
+var FGDataMap = make(map[string]interface{})
+
+func init() {
+	json.Unmarshal([]byte(FgData), &FGDataMap)
+}

pkg/hydra/runner.go

@@ -6,6 +6,7 @@ import (
 	"github.com/hktalent/scan4all/pkg"
 	"github.com/logrusorgru/aurora"
 	"log"
+	"strconv"
 	"strings"
 )
 
@@ -28,7 +29,11 @@ func init() {
 // 密码破解
 func Start(IPAddr string, Port int, Protocol string) {
 	authInfo := NewAuthInfo(IPAddr, Port, Protocol)
-	crack := NewCracker(authInfo, true, 8)
+	nT, err := strconv.Atoi(pkg.GetVal4File("hydrathread", "8"))
+	if nil != err {
+		nT = 8
+	}
+	crack := NewCracker(authInfo, true, nT)
 	fmt.Printf("\n[hydra]->开始对%v:%v[%v]进行暴力破解，字典长度为：%d\n", IPAddr, Port, Protocol, crack.Length())
 	go crack.Run()
 	//爆破结果获取

pkg/naabu/v2/pkg/runner/options.go

@@ -103,7 +103,7 @@ func ParseOptions() *Options {
 	)
 
 	flagSet.CreateGroup("rate-limit", "Rate-limit",
-		flagSet.IntVar(&options.Threads, "c", 64, "general internal worker threads"),
+		flagSet.IntVar(&options.Threads, "c", 25, "general internal worker threads"),
 		flagSet.IntVar(&options.Rate, "rate", DefaultRateSynScan, "packets to send per second"),
 	)
 

pkg/naabu/v2/pkg/runner/targets.go

@@ -244,6 +244,8 @@ func Add2Naabubuffer(target string) {
 	Naabubuffer.Write([]byte(target))
 }
 
+var r1, _ = regexp.Compile(`[^\/]`)
+
 func (r *Runner) AddTarget(target string) error {
 	target = strings.TrimSpace(target)
 	if "" == target {
@@ -287,17 +289,15 @@ func (r *Runner) AddTarget(target string) error {
 				////UrlPrecise     bool // 精准url扫描，不去除url清单上下文 2022-06-08
 				UrlPrecise := pkg.GetVal(pkg.UrlPrecise)
 				if "true" == UrlPrecise && len(target) > len(s1) {
-					r1, err := regexp.Compile(`[^\/]`)
-					if nil == err {
-						s2 := r1.ReplaceAllString(target[len(s1):], "")
-						// 包含1个以上/表示有上下文
-						if 1 < len(s2) {
-							if r.options.Verbose {
-								log.Println("Precise scan: ", target)
-							}
-							Add2Naabubuffer(fmt.Sprintf("%s\n", target))
+					s2 := r1.ReplaceAllString(target[len(s1):], "")
+					// 包含1个以上/表示有上下文
+					if 1 < len(s2) {
+						if r.options.Verbose {
+							log.Println("Precise scan: ", target)
 						}
+						Add2Naabubuffer(fmt.Sprintf("%s\n", target))
 					}
+
 				}
 				return nil
 			}

test/getUrlHash.go

@@ -103,7 +103,7 @@ func favicohashMd5(host string) string {
 		return "0"
 	}
 }
-func main1() {
+func main() {
 	url := os.Args[1]
 	s1 := favicohashMd5(url)
 	fmt.Println(s1)