EdgeSecurityTeam · YouChenJun · Sep 5, 2024 · Sep 5, 2024
diff --git a/cmd/finger.go b/cmd/finger.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -38,24 +38,24 @@ var fingerCmd = &cobra.Command{
 			"			 /____/ https://forum.ywhack.com  By:shihuang\n")
 		if localfile != "" {
 			urls := removeRepeatedElement(source.LocalFile(localfile))
-			s := finger.NewScan(urls, thread, output,proxy)
+			s := finger.NewScan(urls, thread, output, proxy, fingerFile)
 			s.StartScan()
 			os.Exit(1)
 		}
 		if fofaip != "" {
 			urls := removeRepeatedElement(source.Fofaip(fofaip))
-			s := finger.NewScan(urls, thread, output,proxy)
+			s := finger.NewScan(urls, thread, output, proxy, fingerFile)
 			s.StartScan()
 			os.Exit(1)
 		}
 		if fofasearche != "" {
 			urls := removeRepeatedElement(source.Fafaall(fofasearche))
-			s := finger.NewScan(urls, thread, output,proxy)
+			s := finger.NewScan(urls, thread, output, proxy, fingerFile)
 			s.StartScan()
 			os.Exit(1)
 		}
 		if urla != "" {
-			s := finger.NewScan([]string{urla}, thread, output,proxy)
+			s := finger.NewScan([]string{urla}, thread, output, proxy, fingerFile)
 			s.StartScan()
 			os.Exit(1)
 		}
@@ -69,7 +69,8 @@ var (
 	urla        string
 	thread      int
 	output      string
-	proxy		string
+	proxy       string
+	fingerFile  string
 )
 
 func init() {
@@ -81,6 +82,7 @@ func init() {
 	fingerCmd.Flags().StringVarP(&output, "output", "o", "", "输出所有结果，当前仅支持json和xlsx后缀的文件。")
 	fingerCmd.Flags().IntVarP(&thread, "thread", "t", 100, "指纹识别线程大小。")
 	fingerCmd.Flags().StringVarP(&proxy, "proxy", "p", "", "指定访问目标时的代理，支持http代理和socks5，例如：http://127.0.0.1:8080、socks5://127.0.0.1:8080")
+	fingerCmd.Flags().StringVarP(&fingerFile, "finger", "F", "", "指定指纹文件路径")
 }
 
 func removeRepeatedElement(arr []string) (newArr []string) {

diff --git a/module/finger/finger.go b/module/finger/finger.go
@@ -30,9 +30,12 @@ type FinScan struct {
 	AllResult   []Outrestul
 	FocusResult []Outrestul
 	Finpx       *Packjson
+	FingerFile  string
 }
 
-func NewScan(urls []string, thread int, output string, proxy string) *FinScan {
+var FingerFile string
+
+func NewScan(urls []string, thread int, output string, proxy string, fingerfile string) *FinScan {
 	s := &FinScan{
 		UrlQueue:    queue.NewQueue(),
 		Ch:          make(chan []string, thread),
@@ -43,19 +46,28 @@ func NewScan(urls []string, thread int, output string, proxy string) *FinScan {
 		AllResult:   []Outrestul{},
 		FocusResult: []Outrestul{},
 	}
-	err := LoadWebfingerprint(source.GetCurrentAbPathByExecutable() + "/finger.json")
-	if err != nil {
-		color.RGBStyleFromString("237,64,35").Println("[error] fingerprint file error!!!")
-		os.Exit(1)
+	if fingerfile != "" {
+		err := LoadWebfingerprint(fingerfile)
+		if err != nil {
+			color.RGBStyleFromString("237,64,35").Println("[error] fingerprint file error!!!")
+			os.Exit(1)
+		}
+	} else {
+		err := LoadWebfingerprint(source.GetCurrentAbPathByExecutable() + "/finger.json")
+		if err != nil {
+			color.RGBStyleFromString("237,64,35").Println("[error] fingerprint file error!!!")
+			os.Exit(1)
+		}
 	}
+
 	s.Finpx = GetWebfingerprint()
 	for _, url := range urls {
-		s.UrlQueue.Push([]string{url,"0"})
+		s.UrlQueue.Push([]string{url, "0"})
 	}
 	return s
 }
 
-func (s *FinScan)StartScan() {
+func (s *FinScan) StartScan() {
 	for i := 0; i <= s.Thread; i++ {
 		s.Wg.Add(1)
 		go func() {
@@ -65,7 +77,7 @@ func (s *FinScan)StartScan() {
 	}
 	s.Wg.Wait()
 	color.RGBStyleFromString("244,211,49").Println("\n重点资产：")
-	for _,aas := range s.FocusResult {
+	for _, aas := range s.FocusResult {
 		fmt.Printf(fmt.Sprintf("[ %s | ", aas.Url))
 		color.RGBStyleFromString("237,64,35").Printf(fmt.Sprintf("%s", aas.Cms))
 		fmt.Printf(fmt.Sprintf(" | %s | %d | %d | %s ]\n", aas.Server, aas.Statuscode, aas.Length, aas.Title))
@@ -92,10 +104,10 @@ func RemoveDuplicatesAndEmpty(a []string) (ret []string) {
 	return
 }
 
-func (s *FinScan)fingerScan() {
+func (s *FinScan) fingerScan() {
 	for s.UrlQueue.Len() != 0 {
 		dataface := s.UrlQueue.Pop()
-		switch dataface.(type){
+		switch dataface.(type) {
 		case []string:
 			url := dataface.([]string)
 			var data *resps
@@ -160,11 +172,11 @@ func (s *FinScan)fingerScan() {
 			cms = RemoveDuplicatesAndEmpty(cms)
 			cmss := strings.Join(cms, ",")
 			out := Outrestul{data.url, cmss, data.server, data.statuscode, data.length, data.title}
-			s.AllResult = append(s.AllResult,out)
+			s.AllResult = append(s.AllResult, out)
 			if len(out.Cms) != 0 {
 				outstr := fmt.Sprintf("[ %s | %s | %s | %d | %d | %s ]", out.Url, out.Cms, out.Server, out.Statuscode, out.Length, out.Title)
 				color.RGBStyleFromString("237,64,35").Println(outstr)
-				s.FocusResult = append(s.FocusResult,out)
+				s.FocusResult = append(s.FocusResult, out)
 			} else {
 				outstr := fmt.Sprintf("[ %s | %s | %s | %d | %d | %s ]", out.Url, out.Cms, out.Server, out.Statuscode, out.Length, out.Title)
 				fmt.Println(outstr)
@@ -174,4 +186,3 @@ func (s *FinScan)fingerScan() {
 		}
 	}
 }
-
diff --git a/module/finger/output.go b/module/finger/output.go
@@ -3,9 +3,11 @@ package finger
 import (
 	"encoding/json"
 	"fmt"
+	"html/template"
 	"os"
+	"path/filepath"
+	"sort"
 	"strconv"
-	"strings"
 
 	"github.com/360EntSecGroup-Skylar/excelize"
 )
@@ -48,19 +50,121 @@ func outxlsx(filename string, msg []Outrestul) {
 }
 
 func outfile(filename string, allresult []Outrestul) {
-	file := strings.Split(filename, ".")
-	if len(file) == 2 {
-		if file[1] == "json" {
-			buf, err := json.MarshalIndent(allresult, "", " ")
-			if err != nil {
-				fmt.Println(err.Error())
-				return
-			}
-			outjson(filename, buf)
-		}
-		if file[1] == "xlsx" {
-			outxlsx(filename, allresult)
+	//获取后缀名 .json .xlsx .html
+	fileExt := filepath.Ext(filename)
+	if fileExt == ".json" {
+		buf, err := json.MarshalIndent(allresult, "", " ")
+		if err != nil {
+			fmt.Println(err.Error())
+			return
 		}
+		outjson(filename, buf)
+	}
+	if fileExt == ".xlsx" {
+		outxlsx(filename, allresult)
+	}
+	if fileExt == ".html" {
+		outhtml(filename, allresult)
+	}
+}
+
+// 排序规则，将重点资产放到前面，方便在html中查看
+type SortByCms []Outrestul
+
+func (a SortByCms) Len() int           { return len(a) }
+func (a SortByCms) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a SortByCms) Less(i, j int) bool { return a[i].Cms != "" && a[j].Cms == "" }
+
+func outhtml(filename string, msg []Outrestul) {
+	// 创建HTML文件
+	file, err := os.Create(filename)
+	if err != nil {
+		fmt.Println(err)
 	}
+	defer file.Close()
+	sort.Sort(SortByCms(msg))
+	tmpl := `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Ehole</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            background-color: #f0f0f0;
+            margin: 0;
+            padding: 0;
+        }
+        .container {
+            max-width: 80%;
+            margin: 20px auto;
+            background-color: #fff;
+            padding: 20px;
+            border-radius: 5px;
+            box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+        }
+        h1 {
+            color: #333;
+        }
+        table {
+            /* width: 1100px; */
+            border-collapse: collapse;
+            margin-top: 20px;
+			margin-left: auto;
+			margin-right: auto;
+        }
+        th, td {
+            padding: 10px;
+            text-align: left;
+            border-bottom: 1px solid #ddd;
+			word-break: break-all;
+        }
+        th {
+            background-color: #f0f0f0;
+        }
+        tr:hover {
+            background-color: #f9f9f9;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Ehole 资产</h1>
+        <table width="100%" cellpadding="0" cellspacing="0" style="table-layout:fixed">
+		<tr>
+		<th style="width: 30%;">URL</th>
+		<th style="width: 20%;">CMS</th>
+		<th style="width: 30%;">Title</th>
+		<th style="width: 10%;">Server</th>
+		<th style="width: 5%;">SC</th>
+		<th style="width: 5%;">Len</th>
+
+		</tr>
+			{{range .}}
+
+			<tr>
+			<td><a href="{{.Url}}" target="_blank">{{.Url}}</a></td>
+			<td>{{.Cms}}</td>
+			<td>{{.Title}}</td>
+			<td>{{.Server}}</td>
+			<td>{{.Statuscode}}</td>
+			<td>{{.Length}}</td>
+			</tr>
 
+			{{end}}
+        </table>
+    </div>
+</body>
+</html>
+	`
+
+	// 解析HTML模板
+	t := template.Must(template.New("html").Parse(tmpl))
+	// 将数据写入HTML文件
+	err = t.Execute(file, msg)
+	if err != nil {
+		fmt.Println(err)
+	}
 }