Documentation ¶
Index ¶
- Variables
- func Parallel[T any](visitor func([][]byte) T, fragments ...Fragment) ([]T, error)
- func ParallelBottom[T any](visitor func([][]byte) T, fragments ...Fragment) ([]T, error)
- func TransformerGenerator(Transform interface{}) func([]byte) []byte
- type Exploder
- type Extractor
- type Filter
- type Fragment
- type Signature
- type Transformer
Constants ¶
This section is empty.
Variables ¶
View Source
var AllExploders = []Exploder{ HttpHeaderExploder, GzipExploder, ZlibExploder, BrotiliExploder, JsonExploder, Base64Exploder, HexExploder, HtmlExploder, UrlExploder, }
View Source
var Base64Exploder = Exploder{ Transformer: TransformerFactory(b64.StdEncoding.DecodeString, b64.StdEncoding.EncodeToString), Filter: FilterChainGenerator(isAscii, isMinLength(4)), Extract: regexExtractorGenerator(`[a-zA-Z0-9///+]+=?=?`), }
View Source
var BrotiliExploder = Exploder{ Transformer: Transformer{ Transform: func(input []byte) []byte { reader := bytes.NewReader(input) breader := brotli.NewReader(reader) output, err := io.ReadAll(breader) if err != nil { return []byte{} } return output }, Reverse: func(input []byte) []byte { var buf bytes.Buffer bwriter := brotli.NewWriter(&buf) bwriter.Write(input) bwriter.Close() return buf.Bytes() }, }, Filter: FilterChainGenerator(isAscii, isMinLength(4)), Extract: func(input []byte) ([][]byte, Signature) { if bytes.HasPrefix(input, []byte{0x78, 0x9c}) { return [][]byte{input}, Signature{} } return [][]byte{}, Signature{} }, }
View Source
var GzipExploder = Exploder{ Transformer: Transformer{ Transform: func(input []byte) []byte { reader := bytes.NewReader(input) gzreader, err := gzip.NewReader(reader) if err != nil { return []byte{} } output, err := io.ReadAll(gzreader) if err != nil { return []byte{} } return output }, Reverse: func(input []byte) []byte { var buf bytes.Buffer gzwriter := gzip.NewWriter(&buf) gzwriter.Write(input) gzwriter.Close() return buf.Bytes() }, }, Filter: FilterChainGenerator(isAscii, isMinLength(4)), Extract: func(input []byte) ([][]byte, Signature) { if bytes.HasPrefix(input, []byte{0x1f, 0x8b}) { return [][]byte{input}, Signature{} } return [][]byte{}, Signature{} }, }
View Source
var HexExploder = Exploder{ Transformer: TransformerFactory(hex.DecodeString, hex.EncodeToString), Filter: FilterChainGenerator(isAscii, isMinLength(4)), Extract: regexExtractorGenerator(`[a-fA-F0-9]{2,}`), }
View Source
var HtmlExploder = Exploder{ Transformer: TransformerFactory(html.UnescapeString, html.EscapeString), Filter: FilterChainGenerator(isAscii, isMinLength(4)), Extract: regexExtractorGenerator(`&#\d{2,};`), }
View Source
var HttpHeaderExploder = Exploder{ Transformer: TransformerFactory(nil, nil), Filter: isAscii, Extract: func(input []byte) ([][]byte, Signature) { signature := Signature{} headerContents := [][]byte{} messages := httpHeaderRegex.FindAll([]byte(input), -1) for _, message := range messages { headers := strings.Split(string(message), "\r\n") for i, header := range headers { if i == 0 { if strings.HasPrefix(header, "HTTP") { signature.append(Signature([]byte(header))) } else { signature.append(Signature([]byte(strings.Split(header, " ")[0]))) signature.append(Signature([]byte(strings.Split(header, " ")[2]))) } continue } splitHeader := strings.Split(header, ":") if len(splitHeader) < 2 { continue } signature.append(Signature([]byte(strings.Split(header, ":")[0]))) headerContents = append(headerContents, []byte(strings.Join(strings.Split(header, ":")[1:], ":"))) } } return headerContents, signature }, }
View Source
var JsonExploder = Exploder{ Transformer: TransformerFactory(nil, nil), Filter: isAscii, Extract: func(input []byte) ([][]byte, Signature) { var contents [][]byte signature := Signature{} objects := jsonRegex.FindAll(input, -1) keyRegex := regexp.MustCompile(`"([^"]+)"\s*:\s*`) valueRegex := regexp.MustCompile(`\s*:\s*"?(.+?)"?\s*(?:,|})`) for _, object := range objects { keys := keyRegex.FindAllSubmatch(object, -1) values := valueRegex.FindAllSubmatch(object, -1) for _, key := range keys { signature.append(Signature(key[1])) } for _, value := range values { if len(value) < 2 { continue } if value[1][0] == '[' || value[1][0] == '{' { continue } contents = append(contents, value[1]) } } return contents, signature }, }
View Source
var UrlExploder = Exploder{ Transformer: TransformerFactory(url.QueryUnescape, url.QueryEscape), Filter: FilterChainGenerator(isAscii, isMinLength(4)), Extract: regexExtractorGenerator(`%[A-Fa-f0-9]{2}`), }
View Source
var ZlibExploder = Exploder{ Transformer: Transformer{ Transform: func(input []byte) []byte { reader := bytes.NewReader(input) zreader, err := zlib.NewReader(reader) if err != nil { return []byte{} } output, err := io.ReadAll(zreader) if err != nil { return []byte{} } return output }, Reverse: func(input []byte) []byte { var buf bytes.Buffer zwriter := zlib.NewWriter(&buf) zwriter.Write(input) zwriter.Close() return buf.Bytes() }, }, Filter: FilterChainGenerator(isAscii, isMinLength(4)), Extract: func(input []byte) ([][]byte, Signature) { if bytes.HasPrefix(input, []byte{0x78, 0x9c}) { return [][]byte{input}, Signature{} } return [][]byte{}, Signature{} }, }
Functions ¶
func ParallelBottom ¶
func TransformerGenerator ¶
Types ¶
type Exploder ¶
type Exploder struct { Extract Extractor Transformer Transformer Filter Filter }
type Filter ¶
func FilterChainGenerator ¶
type Fragment ¶
type Transformer ¶
func TransformerFactory ¶
func TransformerFactory(t interface{}, r interface{}) Transformer
Click to show internal directories.
Click to hide internal directories.