From 3c889fc8d531bb9f18805c4eab19e04f8d95391f Mon Sep 17 00:00:00 2001 From: YouChen Date: Thu, 5 Sep 2024 22:07:10 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=88=B6=E5=AE=9A?= =?UTF-8?q?=E6=8C=87=E7=BA=B9=E6=96=87=E4=BB=B6=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cmd/finger.go | 14 ++++++++------ module/finger/finger.go | 37 ++++++++++++++++++++++++------------- 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/cmd/finger.go b/cmd/finger.go index 7d10bea..591fb0a 100644 --- a/cmd/finger.go +++ b/cmd/finger.go @@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -38,24 +38,24 @@ var fingerCmd = &cobra.Command{ " /____/ https://forum.ywhack.com By:shihuang\n") if localfile != "" { urls := removeRepeatedElement(source.LocalFile(localfile)) - s := finger.NewScan(urls, thread, output,proxy) + s := finger.NewScan(urls, thread, output, proxy, fingerFile) s.StartScan() os.Exit(1) } if fofaip != "" { urls := removeRepeatedElement(source.Fofaip(fofaip)) - s := finger.NewScan(urls, thread, output,proxy) + s := finger.NewScan(urls, thread, output, proxy, fingerFile) s.StartScan() os.Exit(1) } if fofasearche != "" { urls := removeRepeatedElement(source.Fafaall(fofasearche)) - s := finger.NewScan(urls, thread, output,proxy) + s := finger.NewScan(urls, thread, output, proxy, fingerFile) s.StartScan() os.Exit(1) } if urla != "" { - s := finger.NewScan([]string{urla}, thread, output,proxy) + s := finger.NewScan([]string{urla}, thread, output, proxy, fingerFile) s.StartScan() os.Exit(1) } @@ -69,7 +69,8 @@ var ( urla string thread int output string - proxy string + proxy string + fingerFile string ) func init() { @@ -81,6 +82,7 @@ func init() { fingerCmd.Flags().StringVarP(&output, "output", "o", "", "输出所有结果,当前仅支持json和xlsx后缀的文件。") fingerCmd.Flags().IntVarP(&thread, "thread", "t", 100, "指纹识别线程大小。") fingerCmd.Flags().StringVarP(&proxy, "proxy", "p", "", "指定访问目标时的代理,支持http代理和socks5,例如:http://127.0.0.1:8080、socks5://127.0.0.1:8080") + fingerCmd.Flags().StringVarP(&fingerFile, "finger", "F", "", "指定指纹文件路径") } func removeRepeatedElement(arr []string) (newArr []string) { diff --git a/module/finger/finger.go b/module/finger/finger.go index 9ac34ea..96cfc4d 100644 --- a/module/finger/finger.go +++ b/module/finger/finger.go @@ -30,9 +30,12 @@ type FinScan struct { AllResult []Outrestul FocusResult []Outrestul Finpx *Packjson + FingerFile string } -func NewScan(urls []string, thread int, output string, proxy string) *FinScan { +var FingerFile string + +func NewScan(urls []string, thread int, output string, proxy string, fingerfile string) *FinScan { s := &FinScan{ UrlQueue: queue.NewQueue(), Ch: make(chan []string, thread), @@ -43,19 +46,28 @@ func NewScan(urls []string, thread int, output string, proxy string) *FinScan { AllResult: []Outrestul{}, FocusResult: []Outrestul{}, } - err := LoadWebfingerprint(source.GetCurrentAbPathByExecutable() + "/finger.json") - if err != nil { - color.RGBStyleFromString("237,64,35").Println("[error] fingerprint file error!!!") - os.Exit(1) + if fingerfile != "" { + err := LoadWebfingerprint(fingerfile) + if err != nil { + color.RGBStyleFromString("237,64,35").Println("[error] fingerprint file error!!!") + os.Exit(1) + } + } else { + err := LoadWebfingerprint(source.GetCurrentAbPathByExecutable() + "/finger.json") + if err != nil { + color.RGBStyleFromString("237,64,35").Println("[error] fingerprint file error!!!") + os.Exit(1) + } } + s.Finpx = GetWebfingerprint() for _, url := range urls { - s.UrlQueue.Push([]string{url,"0"}) + s.UrlQueue.Push([]string{url, "0"}) } return s } -func (s *FinScan)StartScan() { +func (s *FinScan) StartScan() { for i := 0; i <= s.Thread; i++ { s.Wg.Add(1) go func() { @@ -65,7 +77,7 @@ func (s *FinScan)StartScan() { } s.Wg.Wait() color.RGBStyleFromString("244,211,49").Println("\n重点资产:") - for _,aas := range s.FocusResult { + for _, aas := range s.FocusResult { fmt.Printf(fmt.Sprintf("[ %s | ", aas.Url)) color.RGBStyleFromString("237,64,35").Printf(fmt.Sprintf("%s", aas.Cms)) fmt.Printf(fmt.Sprintf(" | %s | %d | %d | %s ]\n", aas.Server, aas.Statuscode, aas.Length, aas.Title)) @@ -92,10 +104,10 @@ func RemoveDuplicatesAndEmpty(a []string) (ret []string) { return } -func (s *FinScan)fingerScan() { +func (s *FinScan) fingerScan() { for s.UrlQueue.Len() != 0 { dataface := s.UrlQueue.Pop() - switch dataface.(type){ + switch dataface.(type) { case []string: url := dataface.([]string) var data *resps @@ -160,11 +172,11 @@ func (s *FinScan)fingerScan() { cms = RemoveDuplicatesAndEmpty(cms) cmss := strings.Join(cms, ",") out := Outrestul{data.url, cmss, data.server, data.statuscode, data.length, data.title} - s.AllResult = append(s.AllResult,out) + s.AllResult = append(s.AllResult, out) if len(out.Cms) != 0 { outstr := fmt.Sprintf("[ %s | %s | %s | %d | %d | %s ]", out.Url, out.Cms, out.Server, out.Statuscode, out.Length, out.Title) color.RGBStyleFromString("237,64,35").Println(outstr) - s.FocusResult = append(s.FocusResult,out) + s.FocusResult = append(s.FocusResult, out) } else { outstr := fmt.Sprintf("[ %s | %s | %s | %d | %d | %s ]", out.Url, out.Cms, out.Server, out.Statuscode, out.Length, out.Title) fmt.Println(outstr) @@ -174,4 +186,3 @@ func (s *FinScan)fingerScan() { } } } - From c864d1dccfb6849114b24591daf8ad9fed86f501 Mon Sep 17 00:00:00 2001 From: YouChen Date: Thu, 5 Sep 2024 22:09:58 +0800 Subject: [PATCH 2/2] Update output.go MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 新增支持HTML报告导出 --- module/finger/output.go | 130 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 117 insertions(+), 13 deletions(-) diff --git a/module/finger/output.go b/module/finger/output.go index b1c75a4..82907d1 100644 --- a/module/finger/output.go +++ b/module/finger/output.go @@ -3,9 +3,11 @@ package finger import ( "encoding/json" "fmt" + "html/template" "os" + "path/filepath" + "sort" "strconv" - "strings" "github.com/360EntSecGroup-Skylar/excelize" ) @@ -48,19 +50,121 @@ func outxlsx(filename string, msg []Outrestul) { } func outfile(filename string, allresult []Outrestul) { - file := strings.Split(filename, ".") - if len(file) == 2 { - if file[1] == "json" { - buf, err := json.MarshalIndent(allresult, "", " ") - if err != nil { - fmt.Println(err.Error()) - return - } - outjson(filename, buf) - } - if file[1] == "xlsx" { - outxlsx(filename, allresult) + //获取后缀名 .json .xlsx .html + fileExt := filepath.Ext(filename) + if fileExt == ".json" { + buf, err := json.MarshalIndent(allresult, "", " ") + if err != nil { + fmt.Println(err.Error()) + return } + outjson(filename, buf) + } + if fileExt == ".xlsx" { + outxlsx(filename, allresult) + } + if fileExt == ".html" { + outhtml(filename, allresult) + } +} + +// 排序规则,将重点资产放到前面,方便在html中查看 +type SortByCms []Outrestul + +func (a SortByCms) Len() int { return len(a) } +func (a SortByCms) Swap(i, j int) { a[i], a[j] = a[j], a[i] } +func (a SortByCms) Less(i, j int) bool { return a[i].Cms != "" && a[j].Cms == "" } + +func outhtml(filename string, msg []Outrestul) { + // 创建HTML文件 + file, err := os.Create(filename) + if err != nil { + fmt.Println(err) } + defer file.Close() + sort.Sort(SortByCms(msg)) + tmpl := ` + + + + + + Ehole + + + +
+

Ehole 资产

+ + + + + + + + + + + {{range .}} + + + + + + + + + + {{end}} +
URLCMSTitleServerSCLen
{{.Url}}{{.Cms}}{{.Title}}{{.Server}}{{.Statuscode}}{{.Length}}
+
+ + + ` + + // 解析HTML模板 + t := template.Must(template.New("html").Parse(tmpl)) + // 将数据写入HTML文件 + err = t.Execute(file, msg) + if err != nil { + fmt.Println(err) + } }