重构被动模式，同时修正nuclei多实例bug 2022-10-05

Author: hktalent

brute/filefuzz.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	_ "embed"
 	"github.com/antlabs/strsim"
+	"github.com/hktalent/goSqlite_gorm/lib/scan/Const"
+	"github.com/hktalent/goSqlite_gorm/pkg/models"
 	"github.com/hktalent/scan4all/lib/util"
 	"log"
 	"net/url"
@@ -139,6 +141,12 @@ func init() {
 // 随机10个字符串
 var RandStr4Cookie = util.RandStringRunes(10)
 
+// 基于工厂方法构建
+var FileFuzz4Engin = util.EngineFuncFactory(func(evt *models.EventData, args ...interface{}) {
+	filePaths, fileFuzzTechnologies := FileFuzz(evt.Task.ScanWeb, 200, 100, "")
+	util.SendEngineLog(evt, Const.ScanType_WebDirScan, filePaths, fileFuzzTechnologies)
+})
+
 // 重写了fuzz：优化流程、优化算法、修复线程安全bug、增加智能功能
 //  两次  ioutil.ReadAll(resp.Body)，第二次就会 Read返回EOF error
 func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody string) ([]string, []string) {
@@ -149,7 +157,6 @@ func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody s
 	if eableFileFuzz || util.TestRepeat(u, "FileFuzz") {
 		return []string{}, []string{}
 	}
-
 	//log.Println("start file fuzz", u)
 	var (
 		//path404               = RandStr // 绝对404页面路径

engine/dispather.go

@@ -2,29 +2,33 @@ package engine
 
 import (
 	"github.com/hktalent/goSqlite_gorm/lib"
-	"github.com/hktalent/goSqlite_gorm/lib/scan/Const"
+	. "github.com/hktalent/goSqlite_gorm/lib/scan/Const"
 	"github.com/hktalent/goSqlite_gorm/pkg/models"
+	"github.com/hktalent/scan4all/brute"
 	"github.com/hktalent/scan4all/lib/util"
 	"github.com/hktalent/scan4all/pkg/portScan"
+	"github.com/hktalent/scan4all/pocs_go"
+	"github.com/hktalent/scan4all/projectdiscovery/nuclei_Yaml"
 )
 
+// passive 被动模式
 var (
 	CaseScanFunc = map[int]util.EngineFuncType{
-		Const.ScanType_SSLInfo:         nil,                     // 01- SSL信息分析，并对域名信息进行收集、进入下一步流程
-		Const.ScanType_SubDomain:       nil,                     // 02- 子域名爆破，新域名回归 到:  1 <-- -> 2，做去重处理
-		Const.ScanType_MergeIps:        nil,                     // 03- 默认自动合并ip，记录ip与域名的关联关系，再发送payload时考虑：相同ip不同域名，相同payload分别发送 合并相同目标 若干域名的ip，避免扫描时重复
-		Const.ScanType_Pswd4hydra:      nil,                     // 04- 密码破解，隐含包含了: 端口扫描(05-masscan + 06-nmap)
-		Const.ScanType_Masscan:         portScan.MassScanTarget, // 05- 合并后的ip 进行快速端口扫描
-		Const.ScanType_Nmap:            portScan.DoNmap,         // 06、精准 端口指纹，排除masscan已经识别的几种指纹
-		Const.ScanType_IpInfo:          nil,                     // 07- 获取ip info
-		Const.ScanType_GoPoc:           nil,                     // 08- go-poc 检测, 隐含包含了: 端口扫描(05-masscan + 06-nmap)
-		Const.ScanType_PortsWeb:        nil,                     // 09- web端口识别，Naabu,识别 https，识别存活的web端口，再进入下一流程
-		Const.ScanType_WebFingerprints: nil,                     // 10- web指纹，识别蜜罐，并标识
-		Const.ScanType_WebDetectWaf:    nil,                     // 11- detect WAF
-		Const.ScanType_WebScrapy:       nil,                     // 12- 爬虫分析，form表单识别，字段名识别，form action提取；
-		Const.ScanType_WebInfo:         nil,                     // 13- server、x-powerby、x***，url、ip、其他敏感信息（姓名、电话、地址、身份证）
-		Const.ScanType_WebVulsScan:     nil,                     // 14-nuclei
-		Const.ScanType_WebDirScan:      nil,                     // 14-dir爆破,Gobuster
+		ScanType_SSLInfo:         nil,                        // 01- SSL信息分析，并对域名信息进行收集、进入下一步流程
+		ScanType_SubDomain:       nil,                        // 02- 子域名爆破，新域名回归 到:  1 <-- -> 2，做去重处理
+		ScanType_MergeIps:        nil,                        // 03- 默认自动合并ip，记录ip与域名的关联关系，再发送payload时考虑：相同ip不同域名，相同payload分别发送 合并相同目标 若干域名的ip，避免扫描时重复
+		ScanType_Pswd4hydra:      nil,                        // 04- 密码破解，隐含包含了: 端口扫描(05-masscan + 06-nmap)
+		ScanType_Masscan:         portScan.MassScanTarget,    // 05- 合并后的ip 进行快速端口扫描
+		ScanType_Nmap:            portScan.DoNmap,            // 06、精准 端口指纹，排除masscan已经识别的几种指纹
+		ScanType_IpInfo:          nil,                        // 07- 获取ip info
+		ScanType_GoPoc:           pocs_go.POCcheck4Engin,     // 08- go-poc 检测, 隐含包含了: ScanType_WebDirScan,端口扫描(05-masscan + 06-nmap)
+		ScanType_PortsWeb:        nil,                        // 09- web端口识别，Naabu,识别 https，识别存活的web端口，再进入下一流程
+		ScanType_WebFingerprints: nil,                        // 10- web指纹，识别蜜罐，并标识
+		ScanType_WebDetectWaf:    nil,                        // 11- detect WAF
+		ScanType_WebScrapy:       nil,                        // 12- 爬虫分析，form表单识别，字段名识别，form action提取；
+		ScanType_WebInfo:         nil,                        // 13- server、x-powerby、x***，url、ip、其他敏感信息（姓名、电话、地址、身份证）
+		ScanType_WebVulsScan:     nuclei_Yaml.RunNucleiEngin, // 14-nuclei
+		ScanType_WebDirScan:      brute.FileFuzz4Engin,       // 14-dir爆破,Gobuster,file fuzz
 	}
 )
 
@@ -35,37 +39,37 @@ func Dispather(task *models.Target4Chan) {
 		if lib.HasScanType(task.ScanType, k) {
 			x1 := &models.EventData{EventType: k, Task: task}
 			switch k {
-			case Const.ScanType_SSLInfo: // 01- SSL信息分析，并对域名信息进行收集、进入下一步流程
+			case ScanType_SSLInfo: // 01- SSL信息分析，并对域名信息进行收集、进入下一步流程
 				G_Engine.EventData <- x1
-			case Const.ScanType_SubDomain: // 02- 子域名爆破，新域名回归 到:  1 <-- -> 2，做去重处理
+			case ScanType_SubDomain: // 02- 子域名爆破，新域名回归 到:  1 <-- -> 2，做去重处理
 				G_Engine.EventData <- x1
-			case Const.ScanType_MergeIps: // 03- 默认自动合并ip，记录ip与域名的关联关系，再发送payload时考虑：相同ip不同域名，相同payload分别发送 合并相同目标 若干域名的ip，避免扫描时重复
+			case ScanType_MergeIps: // 03- 默认自动合并ip，记录ip与域名的关联关系，再发送payload时考虑：相同ip不同域名，相同payload分别发送 合并相同目标 若干域名的ip，避免扫描时重复
 				G_Engine.EventData <- x1
-			case Const.ScanType_Pswd4hydra: // 04- 密码破解，隐含包含了: 端口扫描(05-masscan + 06-nmap)
+			case ScanType_Pswd4hydra: // 04- 密码破解，隐含包含了: 端口扫描(05-masscan + 06-nmap)
 				G_Engine.EventData <- x1
-			case Const.ScanType_Masscan: // 05- 合并后的ip 进行快速端口扫描; // 06、精准 端口指纹，排除masscan已经识别的几种指纹
+			case ScanType_Masscan: // 05- 合并后的ip 进行快速端口扫描; // 06、精准 端口指纹，排除masscan已经识别的几种指纹
 				x1.EventData = []interface{}{[]interface{}{portScan.TargetStr(task.ScanWeb)}}
 				G_Engine.EventData <- x1
-			case Const.ScanType_Nmap: // 05- 合并后的ip 进行快速端口扫描; // 06、精准 端口指纹，排除masscan已经识别的几种指纹
+			case ScanType_Nmap: // 05- 合并后的ip 进行快速端口扫描; // 06、精准 端口指纹，排除masscan已经识别的几种指纹
 				x1.EventData = []interface{}{x1.Target2Ip(), []string{"0-65535"}}
 				G_Engine.EventData <- x1
-			case Const.ScanType_IpInfo: // 07- 获取ip info
+			case ScanType_IpInfo: // 07- 获取ip info
 				G_Engine.EventData <- x1
-			case Const.ScanType_GoPoc: // 08- go-poc 检测, 隐含包含了: 端口扫描(05-masscan + 06-nmap)
+			case ScanType_GoPoc: // 08- go-poc 检测, 隐含包含了: 端口扫描(05-masscan + 06-nmap)
 				G_Engine.EventData <- x1
-			case Const.ScanType_PortsWeb: // 09- web端口识别，Naabu,识别 https，识别存活的web端口，再进入下一流程
+			case ScanType_PortsWeb: // 09- web端口识别，Naabu,识别 https，识别存活的web端口，再进入下一流程
 				G_Engine.EventData <- x1
-			case Const.ScanType_WebFingerprints: // 10- web指纹，识别蜜罐，并标识
+			case ScanType_WebFingerprints: // 10- web指纹，识别蜜罐，并标识
 				G_Engine.EventData <- x1
-			case Const.ScanType_WebDetectWaf: // 11- detect WAF
+			case ScanType_WebDetectWaf: // 11- detect WAF
 				G_Engine.EventData <- x1
-			case Const.ScanType_WebScrapy: // 12- 爬虫分析，form表单识别，字段名识别，form action提取；
+			case ScanType_WebScrapy: // 12- 爬虫分析，form表单识别，字段名识别，form action提取；
 				G_Engine.EventData <- x1
-			case Const.ScanType_WebInfo: // 13- server、x-powerby、x***，url、ip、其他敏感信息（姓名、电话、地址、身份证）
+			case ScanType_WebInfo: // 13- server、x-powerby、x***，url、ip、其他敏感信息（姓名、电话、地址、身份证）
 				G_Engine.EventData <- x1
-			case Const.ScanType_WebVulsScan: // 14-nuclei
+			case ScanType_WebVulsScan: // 14-nuclei
 				G_Engine.EventData <- x1
-			case Const.ScanType_WebDirScan: // 14-dir爆破,Gobuster
+			case ScanType_WebDirScan: // 14-dir爆破,Gobuster
 				G_Engine.EventData <- x1
 			default:
 

engine/dispather_test.go

@@ -0,0 +1,24 @@
+package engine
+
+import (
+	"github.com/hktalent/goSqlite_gorm/lib/scan/Const"
+	"github.com/hktalent/goSqlite_gorm/pkg/models"
+	"github.com/hktalent/scan4all/lib/util"
+	"os"
+	"runtime"
+	"testing"
+)
+
+func TestDispather(t *testing.T) {
+	os.Args = []string{"", "-host", "http://127.0.0.1", "-v"}
+	runtime.GOMAXPROCS(runtime.NumCPU())
+	util.DoInit(nil)
+	Dispather(&models.Target4Chan{ScanWeb: "127.0.0.1", ScanType: Const.ScanType_Masscan})
+	util.Wg.Wait()
+	util.CloseAll()
+	//for _, tt := range tests {
+	//	t.Run(tt.name, func(t *testing.T) {
+	//		Dispather(tt.args.task)
+	//	})
+	//}
+}

engine/engine.go

@@ -31,7 +31,6 @@ func NewEngine(c *context.Context, pool int) *Engine {
 		return G_Engine
 	}
 	G_Engine = &Engine{Context: c, Wg: util.Wg, Pool: pool, EventData: make(chan *models.EventData, pool)}
-
 	p, err := ants.NewPoolWithFunc(pool, func(i interface{}) {
 		defer G_Engine.Wg.Done()
 		G_Engine.DoEvent(i.(*models.EventData))

fixMod.sh

@@ -15,3 +15,6 @@ go build
 git add vendor
 rm -rf vendor/github.com/hktalent/goSqlite_gorm
 ln -s $HOME/MyWork/goSqlite_gorm $PWD/vendor/github.com/hktalent/goSqlite_gorm
+
+gometalinter --install
+gometalinter --disable=gocyclo --disable=dupl --enable=goimports --disable=gas

go.mod

@@ -217,7 +217,7 @@ require (
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hktalent/go-utils v0.0.0-20221004021941-7e10e0fb13ea // indirect
+	github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d // indirect
 	github.com/hktalent/websocket v0.0.0-20220908204337-b4a81b861976 // indirect
 	github.com/iancoleman/orderedmap v0.2.0 // indirect
 	github.com/itchyny/gojq v0.12.9 // indirect

go.sum

@@ -510,6 +510,8 @@ github.com/hktalent/PipelineHttp v0.0.0-20221004080931-279351b9fb96 h1:8++Z/n334
 github.com/hktalent/PipelineHttp v0.0.0-20221004080931-279351b9fb96/go.mod h1:ob6ATP4M9FiqTRzyALSDox3kc6+xnTgzKuIT+rmKyeE=
 github.com/hktalent/go-utils v0.0.0-20221004021941-7e10e0fb13ea h1:vuxZbB9vAwBi0Uj4F5GOfVtsi5E9MFX07EkCKypVu9M=
 github.com/hktalent/go-utils v0.0.0-20221004021941-7e10e0fb13ea/go.mod h1:9E0C0K+/zzyJ+VqFx1llC3y7+mGgW3toLoyMQnlNXhw=
+github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d h1:z1IUP4hqn0LGgs78bU2gSlna92/p+RlB0MSZ+RxSmCo=
+github.com/hktalent/go-utils v0.0.0-20221004095234-2e23f13b429d/go.mod h1:Du0lF0ZtTONXpWydjmnsL71He+zlimYLmTmAZta19ZA=
 github.com/hktalent/goSqlite_gorm v1.1.1 h1:kRqNFqAOtECWsUu5nBftCYFJ8MAhEHgjj2A2JOydXp0=
 github.com/hktalent/goSqlite_gorm v1.1.1/go.mod h1:KbxDn4W3dakhiX9eFzZ/sEAuJwKS7h42Xi3aaqU1IjE=
 github.com/hktalent/jarm-go v0.0.0-20220918133110-7801447b6267 h1:eH9QDUO5zwn34BLweSdpTdNcxHD/GXxxLDEG7gaR4OQ=

lib/util/asyncCmd.go

@@ -23,6 +23,7 @@ type Cmd struct {
 func (cmd *Cmd) Command(name string, arg ...string) *Cmd {
 	cmd.Cmd = exec.Command(name, arg...)
 	cmd.stdin, _ = cmd.Cmd.StdinPipe()
+	//cmd.stdin.Write([]byte("\n\n"))
 	return cmd
 }
 
@@ -82,38 +83,51 @@ func (r *Cmd) AsynCmd(fnCbk func(line string), szCmd string, args ...string) err
 	if nil != err {
 		return err
 	}
-	//stderr, err := cmd.StderrPipe()
-	//if err != nil {
-	//	return err
-	//}
-
-	scanner := bufio.NewScanner(cmdReader)
-	done := make(chan struct{}, 1)
-	go func() {
+	done := make(chan struct{}, 2)
+	var fnSc1 = func(bs *bufio.Scanner) {
 		defer func() {
 			done <- struct{}{}
 		}()
-		for scanner.Scan() {
+		for bs.Scan() {
 			select {
 			case <-Ctx_global.Done():
 				cmd.Exit()
 				return
 			default:
-				fnCbk(scanner.Text())
+				fnCbk(bs.Text())
 			}
 
 		}
-	}()
+	}
+	var bDoErr = false
+	if bDoErr {
+		stderr, err := cmd.StderrPipe()
+		if err != nil {
+			return err
+		}
+		scanner1 := bufio.NewScanner(stderr)
+		go fnSc1(scanner1)
+	}
+	//cmd.stdin.Close()
+	//go io.Copy(io.Discard, stderr)
+	scanner := bufio.NewScanner(cmdReader)
+	go fnSc1(scanner)
 	err = cmd.Start()
 	if err != nil {
 		return err
 	}
-	<-done
 	err = cmd.Wait()
+	<-done
+	if bDoErr {
+		<-done
+	}
 	return err
 }
 
 // 异步执行命令
 func AsynCmd(fnCbk func(line string), szCmd string, args ...string) error {
-	return new(Cmd).AsynCmd(fnCbk, szCmd, args...)
+	c1 := new(Cmd)
+	err := c1.AsynCmd(fnCbk, szCmd, args...)
+	c1.Exit()
+	return err
 }

lib/util/asyncCmd_test.go

@@ -0,0 +1,18 @@
+package util
+
+import (
+	"log"
+	"testing"
+)
+
+func TestAsynCmd(t *testing.T) {
+	t.Run("async cmd", func(t *testing.T) {
+		if err := AsynCmd(func(line string) {
+			log.Println(line)
+			// }, "/usr/local/bin/masscan", "--max-rate", "5000", "--rate", "5000", "-p", "0-65535", "-oX", "-", "127.0.0.1"); err != nil {
+			// }, "/bin/bash", "-i", "/Users/51pwn/MyWork/scan4all/doNmapScan.sh", "127.0.0.1"); err != nil {
+		}, "/bin/bash", "-i", "/Users/51pwn/MyWork/scan4all/doNmapScan.sh", "127.0.0.1"); err != nil {
+			log.Println("err ", err)
+		}
+	})
+}

lib/util/log.go

@@ -38,14 +38,30 @@ func SendLog(szUrl, szVulType, Msg, Payload string) {
 
 // 专门发送改造后的引擎函数执行结果
 func SendEngineLog(evt *models.EventData, nCurType int, data ...interface{}) {
-	v := &SimpleVulResult{
-		Url:      evt.Task.ScanWeb,
-		VulKind:  string(Scan4all),
-		ScanType: nCurType,
-		ScanData: data,
+	if nil != data && 0 < len(data) {
+		v := &SimpleVulResult{
+			Url:      evt.Task.ScanWeb,
+			VulKind:  string(Scan4all),
+			ScanType: nCurType,
+			ScanData: data,
+		}
+		SendAnyData(v, Scan4all)
+		writeoutput(v)
+	}
+}
+
+// 专门发送改造后的引擎函数执行结果
+func SendEngineLog4Url(Url string, nCurType int, data ...interface{}) {
+	if nil != data && 0 < len(data) {
+		v := &SimpleVulResult{
+			Url:      Url,
+			VulKind:  string(Scan4all),
+			ScanType: nCurType,
+			ScanData: data,
+		}
+		SendAnyData(v, Scan4all)
+		writeoutput(v)
 	}
-	SendAnyData(v, Scan4all)
-	writeoutput(v)
 }
 
 func writeoutput(v interface{}) {

lib/util/util.go

@@ -1,6 +1,7 @@
 package util
 
 import (
+	"bufio"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -16,6 +17,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"path"
 	"reflect"
 	"runtime"
 	"sort"
@@ -344,3 +346,39 @@ func CloseAll() {
 		os.RemoveAll(GetVal(CacheName))
 	}
 }
+
+func RetrieveCallInfo() *map[string]interface{} {
+	pc, file, line, _ := runtime.Caller(2)
+	_, fileName := path.Split(file)
+	parts := strings.Split(runtime.FuncForPC(pc).Name(), ".")
+	pl := len(parts)
+	packageName := ""
+	funcName := parts[pl-1]
+
+	if parts[pl-2][0] == '(' {
+		funcName = parts[pl-2] + "." + funcName
+		packageName = strings.Join(parts[0:pl-2], ".")
+	} else {
+		packageName = strings.Join(parts[0:pl-1], ".")
+	}
+
+	return &map[string]interface{}{
+		"packageName": packageName,
+		"fileName":    fileName,
+		"funcName":    funcName,
+		"line":        line,
+	}
+}
+
+// convert  bufio.Scanner to io.Reader
+func ScannerToReader(scanner *bufio.Scanner) io.Reader {
+	reader, writer := io.Pipe()
+	go func() {
+		defer writer.Close()
+		for scanner.Scan() {
+			writer.Write(scanner.Bytes())
+		}
+	}()
+
+	return reader
+}

main.go

@@ -3,9 +3,6 @@ package main
 import (
 	"embed"
 	"fmt"
-	"github.com/hktalent/goSqlite_gorm/lib/scan/Const"
-	"github.com/hktalent/goSqlite_gorm/pkg/models"
-	"github.com/hktalent/scan4all/engine"
 	"github.com/hktalent/scan4all/lib/api"
 	"github.com/hktalent/scan4all/lib/util"
 	"log"
@@ -34,7 +31,7 @@ func main() {
 	} else {
 		Version = util.Version
 	}
-	engine.Dispather(&models.Target4Chan{ScanWeb: "127.0.0.1", ScanType: Const.ScanType_Masscan})
+
 	szTip := ""
 	if util.GetValAsBool("enablDevDebug") {
 		// debug 优化时启用///////////////////////