fix httpx，vscan结果未推送到ES的bug;2、更新workflow.jpg

Author: x51pwn

README.md

@@ -127,11 +127,7 @@ scan4all -h
 mkdir -p logs data
 docker run --restart=always --ulimit nofile=65536:65536 -p 9200:9200 -p 9300:9300 -d --name es -v $PWD/logs:/usr/share/elasticsearch/logs -v $PWD/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v $PWD/config/jvm.options:/usr/share/elasticsearch/config/jvm.options  -v $PWD/data:/usr/share/elasticsearch/data  hktalent/elasticsearch:7.16.2
 # 初始化es 索引,每种工具的结果结构不一样，分开存储
-config/CreateEs.sh nmap
-config/CreateEs.sh naabu
-config/CreateEs.sh httpx
-config/CreateEs.sh nuclei
-config/CreateEs.sh vscan
+./config/initEs.sh
 
 # 搜索语法，更多的查询方法，自己学 Elasticsearch
 http://127.0.0.1:9200/nmap_index/_doc/_search?q=_id:192.168.0.111

config/CreateEs.sh

@@ -1,12 +1,12 @@
 #!/bin/bash
+#DELETE /${1}_index* HTTP/1.1
+#host:127.0.0.1:9200
+#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
+#Connection: keep-alive
+#Content-Type: application/json;charset=UTF-8
+#Content-Length: 0
+#
 sed $'s/$/\r/' <<EOF | nc 127.0.0.1 9200
-DELETE /${1}_index* HTTP/1.1
-host:127.0.0.1:9200
-User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
-Connection: keep-alive
-Content-Type: application/json;charset=UTF-8
-Content-Length: 0
-
 PUT /${1}_index HTTP/1.1
 host:127.0.0.1:9200
 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15

config/autoyaml.sh

@@ -0,0 +1,3 @@
+cd $HOME/MyWork/nuclei-templates
+git fetch origin master
+git merge origin/master

config/config.json

@@ -60,5 +60,5 @@
   "httpx": {},
   "enableEsSv": false,
   "esthread": 8,
-  "esUrl": "http://127.0.0.1:9200/"
+  "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s"
 }

config/initEs.sh

@@ -0,0 +1,6 @@
+config/CreateEs.sh nmap
+config/CreateEs.sh naabu
+config/CreateEs.sh httpx
+config/CreateEs.sh nuclei
+config/CreateEs.sh vscan
+config/CreateEs.sh hydra

go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/projectdiscovery/networkpolicy v0.0.1
 	github.com/remeh/sizedwaitgroup v1.0.0
 	go.uber.org/ratelimit v0.2.0
-	golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e
+	golang.org/x/net v0.0.0-20220630215102-69896b714898
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
 )
 

go.sum

@@ -986,6 +986,8 @@ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e h1:TsQ7F31D3bUCLeqPT0u+yjp1guoArKaNKmCr22PYgTQ=
 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220630215102-69896b714898 h1:K7wO6V1IrczY9QOQ2WkVpw4JQSwCd52UsxVEirZUfiw=
+golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

pkg/httpx/runner/runner.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"github.com/ammario/ipisp/v2"
 	"github.com/hktalent/scan4all/brute"
+	"github.com/hktalent/scan4all/pkg"
 	"github.com/hktalent/scan4all/pkg/fingerprint"
 	"github.com/hktalent/scan4all/pocs_go"
 	"github.com/hktalent/scan4all/pocs_yml"
@@ -692,6 +693,7 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
 					go func(target, method, protocol string) {
 						defer wg.Done()
 						result := r.analyze(hp, protocol, target, method, t, scanopts)
+						go pkg.SendAnyData(result, "httpx")
 						output <- result
 						if scanopts.TLSProbe && result.TLSData != nil {
 							scanopts.TLSProbe = false
@@ -746,6 +748,7 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.
 						defer wg.Done()
 						h, _ := urlutil.ChangePort(target, fmt.Sprint(port))
 						result := r.analyze(hp, protocol, h, method, t, scanopts)
+						go pkg.SendAnyData(result, "httpx")
 						output <- result
 						if scanopts.TLSProbe && result.TLSData != nil {
 							scanopts.TLSProbe = false
@@ -1256,10 +1259,12 @@ retry:
 			}
 			return slice
 		}
+		// 登陆页面检测
 		if brute.CheckLoginPage(finalURL) {
 			technologies = append(technologies, "登录页面")
 		}
-		technologies = SliceRemoveDuplicates(technologies) // 指纹去重
+		// 指纹去重
+		technologies = SliceRemoveDuplicates(technologies)
 		if !scanopts.NoPOC {
 			intersect := func(slice1, slice2 []string) []string {
 				m := make(map[string]int)
@@ -1293,24 +1298,29 @@ retry:
 				}
 				return nn
 			}
-			poctechnologies1 = pocs_go.POCcheck(technologies, ul, finalURL, false) // //通过wFingerprint获取到的指纹进行检测gopoc check
+			//通过wFingerprint获取到的指纹进行检测gopoc check
+			poctechnologies1 = pocs_go.POCcheck(technologies, ul, finalURL, false)
 			Vullist = append(Vullist, poctechnologies1...)
 			for _, technology := range technologies {
 				pocYmlList1 := pocs_yml.Check(ul, scanopts.CeyeApi, scanopts.CeyeDomain, r.options.HTTPProxy, strings.ToLower(technology)) // 通过wFingerprint获取到的指纹进行ymlpoc check
 				Vullist = append(Vullist, pocYmlList1...)
 			}
-			filePaths, filefuzzTechnologies = brute.FileFuzz(ul, resp.StatusCode, resp.ContentLength, resp.Raw) // 敏感文件扫描
+			// 敏感文件扫描
+			filePaths, filefuzzTechnologies = brute.FileFuzz(ul, resp.StatusCode, resp.ContentLength, resp.Raw)
 			filefuzzTechnologies = SliceRemoveDuplicates(filefuzzTechnologies)
-			filefuzzTechnologies = difference(filefuzzTechnologies, technologies) // 取差集合
+			// 取差集合
+			filefuzzTechnologies = difference(filefuzzTechnologies, technologies)
 
 			poctechnologies2 = pocs_go.POCcheck(filefuzzTechnologies, ul, finalURL, true) //通过敏感文件扫描获取到的指纹进行检测gopoc check
 			Vullist = append(Vullist, poctechnologies2...)
 			for _, technology := range filefuzzTechnologies {
 				pocYmlList2 := pocs_yml.Check(ul, scanopts.CeyeApi, scanopts.CeyeDomain, r.options.HTTPProxy, strings.ToLower(technology)) //通过敏感文件扫描获取到的指纹进行检测ymlpoc check
 				Vullist = append(Vullist, pocYmlList2...)
 			}
-			technologies = append(technologies, filefuzzTechnologies...) // 输出加入敏感文件扫描 获取到的指纹
-			technologies = SliceRemoveDuplicates(technologies)           // 指纹去重
+			// 输出加入敏感文件扫描 获取到的指纹
+			technologies = append(technologies, filefuzzTechnologies...)
+			// 指纹去重
+			technologies = SliceRemoveDuplicates(technologies)
 		}
 		if len(technologies) > 0 {
 			sort.Strings(technologies)

pkg/hydra/runner.go

@@ -33,6 +33,7 @@ func Start(IPAddr string, Port int, Protocol string) {
 	var out AuthInfo
 	for info := range crack.Out {
 		out = info
+		pkg.SendAData[AuthInfo](fmt.Sprintf("%s:%d", out.IPAddr, out.Port), []AuthInfo{out}, "hydra")
 	}
 	log.Println(out)
 	//crack.Pool.Wait()

pkg/log.go

@@ -2,7 +2,6 @@ package pkg
 
 import (
 	"fmt"
-	"github.com/davecgh/go-spew/spew"
 	"github.com/logrusorgru/aurora"
 	"github.com/projectdiscovery/gologger"
 	"os"
@@ -23,11 +22,6 @@ func GetPluginName(defaultVal string) string {
 	return defaultVal
 }
 
-// log message，Easy to send to ES result server
-func LogJson(logMsg interface{}) {
-	spew.Printf("%v", logMsg)
-}
-
 func GoPocLog(log string) {
 	builder := &strings.Builder{}
 	builder.WriteString("[")
@@ -39,9 +33,7 @@ func GoPocLog(log string) {
 	builder.WriteString("] ")
 	builder.WriteString(log)
 	fmt.Print(builder.String())
-	if Output != "" {
-		writeoutput(builder.String())
-	}
+	writeoutput(builder.String())
 }
 
 func YmlPocLog(log string) {
@@ -55,9 +47,7 @@ func YmlPocLog(log string) {
 	builder.WriteString("] ")
 	builder.WriteString(log)
 	fmt.Print(builder.String())
-	if Output != "" {
-		writeoutput(builder.String())
-	}
+	writeoutput(builder.String())
 }
 
 func BurteLog(log string) {
@@ -71,12 +61,14 @@ func BurteLog(log string) {
 	builder.WriteString("] ")
 	builder.WriteString(log)
 	fmt.Print(builder.String())
-	if Output != "" {
-		writeoutput(builder.String())
-	}
+	writeoutput(builder.String())
 }
 
 func writeoutput(log string) {
+	SendAnyData(log, "vscan")
+	if "" == Output {
+		return
+	}
 	f, err := os.OpenFile(Output, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
 	if err != nil {
 		gologger.Fatal().Msgf("Could not create output fiale '%s': %s\n", Output, err)

pkg/sv2es.go

@@ -2,6 +2,8 @@ package pkg
 
 import (
 	"bytes"
+	"crypto/sha1"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -32,6 +34,17 @@ func Log(v ...any) {
 	log.Println(v...)
 }
 
+func SendAnyData(data interface{}, szType string) {
+	data1, _ := json.Marshal(data)
+	if 0 < len(data1) && "true" == GetVal("enableEsSv") {
+		hasher := sha1.New()
+		hasher.Write(data1)
+		k := hex.EncodeToString(hasher.Sum(nil))
+		go SendReq(data, k, szType)
+	}
+}
+
+// k is id
 func SendAData[T any](k string, data []T, szType string) {
 	if 0 < len(data) && "true" == GetVal("enableEsSv") {
 		m2 := make(map[string]interface{})
@@ -50,7 +63,7 @@ func SendReq(data1 interface{}, id, szType string) {
 	defer func() {
 		<-nThreads
 	}()
-	url := esUrl + szType + "_index/_doc/" + url.QueryEscape(id)
+	url := fmt.Sprintf(esUrl, szType, url.QueryEscape(id))
 	req, err := http.NewRequest("POST", url, bytes.NewReader(data))
 	if err != nil {
 		Log(fmt.Sprintf("%s error %v", id, err))

pocs_yml/check/check.go

@@ -2,9 +2,9 @@ package check
 
 import (
 	"fmt"
+	"github.com/hktalent/scan4all/pkg"
 	"github.com/pkg/errors"
 	"github.com/projectdiscovery/gologger"
-	"github.com/hktalent/scan4all/pkg"
 	"io"
 	"net"
 	"net/http"