core

package
v0.0.0-...-4957f45 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2022 License: MIT Imports: 42 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AltResolveDetection 

func AltResolveDetection(detections []string, target map[string]string) []string

AltResolveDetection resolve detection part in YAML signature file

func AltResolveHeader 

func AltResolveHeader(headers []map[string]string, target map[string]string) []map[string]string

AltResolveHeader resolve headers part in YAML signature file

func AltResolveRequest 

func AltResolveRequest(req *libs.Request)

AltResolveRequest resolve all request again but look for [[ ]] delimiter

func AltResolveVariable 

func AltResolveVariable(format string, data map[string]string) string

AltResolveVariable just like ResolveVariable but looking for [[.var]]

func Background 

func Background(options libs.Options)

Background main function to call other background task

func Base64Encode 

func Base64Encode(raw string) string

Base64Encode just Base64 Encode

func BaseCalculateFiltering 

func BaseCalculateFiltering(job *libs.Job, options libs.Options)

BaseCalculateFiltering send couple of requests first to do filtering later

func Between 

func Between(value string, left string, right string) string

Between get string between left and right

func Body 

func Body(req libs.Request, arguments []otto.Value) []libs.Request

Body gen request with body

func Bytes 

func Bytes() []string

Bytes return a random string with length

func CalculateFiltering 

func CalculateFiltering(job *libs.Job, options libs.Options)

func CommonError 

func CommonError(component string) (string, bool)

CommonError shortcut for common error 

func Cookie(req libs.Request, arguments []otto.Value) []libs.Request

Cookie gen request with Cookie

func Encoder 

func Encoder(encodeString string, data string) string

Encoder encoding part after resolve

func Execution 

func Execution(cmd string) string

Execution Run a command

func Fuzz 

func Fuzz(req libs.Request, arguments []otto.Value) []libs.Request

// Usage: Fuzz('{{.payload}}'), Fuzz('{{.payload}}11', 'ANOTHER_FUZZ') Fuzz gen request with fuzz keyword

func GenActiveReport 

func GenActiveReport(options libs.Options) error

GenActiveReport generate report file

func GenPassiveReport 

func GenPassiveReport(options libs.Options) error

GenPassiveReport generate report file

func GenPorts 

func GenPorts(raw string) []string

GenPorts gen list of ports based on input

func Generators 

func Generators(req libs.Request, sign libs.Signature) []libs.Request

Generators run multiple generator

func GetComponent 

func GetComponent(record Record, component string) string

GetComponent get component to run detection

func GetDnsComponent 

func GetDnsComponent(record Record, componentName string) string

func GetPassives 

func GetPassives(options libs.Options) []libs.Passive

GetPassives get all passives rule 

func Header(req libs.Request, arguments []otto.Value) []libs.Request

Header gen request with header

func Host2IP 

func Host2IP(rawURL string) map[string]string

Host2IP replace Host header with IP address

func InitConfig 

func InitConfig(options *libs.Options)

InitConfig init config

func InputCmd 

func InputCmd(Cmd string) string

InputCmd take input as os command @NOTE: this is a feature not an RCE :P

func InvokeCmd 

func InvokeCmd(rec *Record, rawCmd string) string

InvokeCmd execute external command

func LocalFileToResponse 

func LocalFileToResponse(job *libs.Job)

func Method 

func Method(req libs.Request, arguments []otto.Value) []libs.Request

Method gen request with multiple method

func MoreVariables 

func MoreVariables(target map[string]string, sign libs.Signature, options libs.Options) map[string]string

MoreVariables get more options to render in sign template

func ParseBurpRequest 

func ParseBurpRequest(raw string) (req libs.Request)

ParseBurpRequest parse burp style request

func ParseBurpResponse 

func ParseBurpResponse(rawReq string, rawRes string) (res libs.Response)

ParseBurpResponse parse burp style response

func ParseFuzzRequest 

func ParseFuzzRequest(record libs.Record, sign libs.Signature) []libs.Request

ParseFuzzRequest parse request receive in API server

func ParseHeaders 

func ParseHeaders(rawHeaders map[string][]string) []map[string]string

ParseHeaders parse header for sending method

func ParseInputFormat 

func ParseInputFormat(raw string) map[string]string

ParseInputFormat format input

func ParseOrigin 

func ParseOrigin(req libs.Request, sign libs.Signature, _ libs.Options) libs.Request

ParseOrigin parse origin request

func ParseParams 

func ParseParams(rawParams []string) map[string]string

ParseParams parse more params from cli

func ParsePassive 

func ParsePassive(passiveFile string) (passive libs.Passive, err error)

ParsePassive parsing YAML passive file

func ParsePayloads 

func ParsePayloads(sign libs.Signature) []string

ParsePayloads parse payload to replace

func ParseRawHeaders 

func ParseRawHeaders(rawHeaders []string) map[string]string

ParseRawHeaders parse more headers from cli

func ParseRequest 

func ParseRequest(req libs.Request, sign libs.Signature, options libs.Options) []libs.Request

ParseRequest parse request part in YAML signature file

func ParseRequestFromServer 

func ParseRequestFromServer(record *libs.Record, req libs.Request, _ libs.Signature)

ParseRequestFromServer parse request receive from API server

func ParseSign 

func ParseSign(signFile string) (sign libs.Signature, err error)

ParseSign parsing YAML signature file

func ParseSignFromContent 

func ParseSignFromContent(content string) (sign libs.Signature, err error)

ParseSignFromContent parsing YAML signature file

func ParseTarget 

func ParseTarget(raw string) map[string]string

ParseTarget parsing target and some variable for template

func ParseVariable 

func ParseVariable(sign libs.Signature) []map[string]string

ParseVariable parse variable in YAML signature file

func Path 

func Path(req libs.Request, arguments []otto.Value) []libs.Request

Path gen request with path

func Query 

func Query(req libs.Request, arguments []otto.Value) []libs.Request

Query gen request with query string

func RandomNumber 

func RandomNumber(n int) string

RandomNumber return a random number with length

func RandomString 

func RandomString(n int) string

RandomString return a random string with length

func RegexCount 

func RegexCount(component string, analyzeString string) int

RegexCount count regex string in component

func RegexGrep 

func RegexGrep(realRec Record, arguments []otto.Value) string

RegexGrep grep regex string from component

func RegexSearch 

func RegexSearch(component string, analyzeString string) (string, bool)

RegexSearch search regex string in component

func RegexSelect 

func RegexSelect(realRec Record, arguments []otto.Value) map[string]string

RegexSelect get regex string from component

func ReplaceMe 

func ReplaceMe(req libs.Request, arguments []otto.Value) []libs.Request

Usage: Replace(), Replace('FUZZ') ReplaceMe gen request with fuzz keyword

func ReplicationJob 

func ReplicationJob(input string, sign libs.Signature) ([]libs.Job, error)

ReplicationJob replication more jobs based on the signature

func ResolveDetection 

func ResolveDetection(detections []string, target map[string]string) []string

ResolveDetection resolve detection part in YAML signature file

func ResolveHeader 

func ResolveHeader(headers []map[string]string, target map[string]string) []map[string]string

ResolveHeader resolve headers part in YAML signature file

func ResolveVariable 

func ResolveVariable(format string, data map[string]string) string

ResolveVariable resolve template from signature file

func RunGenerator 

func RunGenerator(req libs.Request, genString string) []libs.Request

RunGenerator is main function for generator

func RunVariables 

func RunVariables(variableString string) []string

RunVariables is main function for detections

func SelectSign 

func SelectSign(signName string) []string

SelectSign select signature by multiple selector

func SingleSign 

func SingleSign(signName string) []string

SingleSign select signature by single selector

func SplitLines 

func SplitLines(raw string) []string

SplitLines just split new Line

func StringCount 

func StringCount(component string, analyzeString string) int

StringCount count string literal in component

func StringSearch 

func StringSearch(component string, analyzeString string) bool

StringSearch search string literal in component

func TurboIntruder 

func TurboIntruder(rec *Record) string

TurboIntruder execute Turbo Intruder CLI

func URLEncode 

func URLEncode(raw string) string

URLEncode just URL Encode

func UpdatePlugins 

func UpdatePlugins(options libs.Options)

UpdatePlugins update latest UI and Plugins from default repo

func UpdateSignature 

func UpdateSignature(options libs.Options)

UpdateSignature update latest UI from UI repo

Types

type Record 

type Record struct {
	// main part
	Request  libs.Request
	Response libs.Response
	Sign     libs.Signature

	// for dns part
	Dns libs.Dns

	// passive check
	NoOutput            bool
	DoPassive           bool
	SelectPassive       string
	IsVulnerablePassive bool
	PassiveString       string
	PassiveMatch        string
	PassiveRules        map[string]libs.Rule

	OriginReq libs.Request
	OriginRes libs.Response
	Origins   []libs.Origin
	// for output
	Opt         libs.Options
	RawOutput   string
	ExtraOutput string
	// for detection
	PassCondition bool
	IsVulnerable  bool
	DetectString  string
	DetectResult  string
	ScanID        string
}

Record all information about request

func ChooseOrigin 

func ChooseOrigin(record Record, index int) Record

ChooseOrigin choose origin to compare

func (*Record) Analyze 

func (r *Record) Analyze()

func (*Record) Conclude 

func (r *Record) Conclude()

Conclude is main function for detections

func (*Record) Condition 

func (r *Record) Condition() bool

check conditions before sending request

func (*Record) Detector 

func (r *Record) Detector()

func (*Record) DnsDetector 

func (r *Record) DnsDetector() bool

func (*Record) DoSending 

func (r *Record) DoSending()

DoSending really sending the request

func (*Record) GetPassivesRules 

func (r *Record) GetPassivesRules() []string

GetPassivesRules do passive analyzer based on default passive signature

func (*Record) MiddleWare 

func (r *Record) MiddleWare()

Conclude is main function for detections

func (*Record) Output 

func (r *Record) Output() string

func (*Record) PassiveOutput 

func (r *Record) PassiveOutput() string

func (*Record) Passives 

func (r *Record) Passives()

func (*Record) RequestScripts 

func (r *Record) RequestScripts(scriptType string, scripts []string) bool

RequestScripts is main function for detections

func (*Record) StoreOutput 

func (r *Record) StoreOutput()

StoreOutput store vulnerable request to a file

func (*Record) StorePassiveOutput 

func (r *Record) StorePassiveOutput(rule libs.Rule) string

StorePassiveOutput store passive output found

type ReportData 

type ReportData struct {
	Vulnerabilities []Vulnerability
}

type RoutineRunner 

type RoutineRunner struct {
	Input       string
	SendingType string
	Opt         libs.Options
	Sign        libs.Signature
	Routines    []libs.Routine
	Results     map[string]bool
	Target      map[string]string
}

RoutineRunner runner struct

func InitRoutine 

func InitRoutine(url string, sign libs.Signature, opt libs.Options) (RoutineRunner, error)

InitRoutine init routine task

func (*RoutineRunner) DoExpression 

func (r *RoutineRunner) DoExpression(expression string) bool

DoExpression start the routine

func (*RoutineRunner) DoInvokes 

func (r *RoutineRunner) DoInvokes(invokes []string)

DoExpression start the routine

func (*RoutineRunner) ParseRoutines 

func (r *RoutineRunner) ParseRoutines(sign *libs.Signature)

ParseRoutines parse routine

func (*RoutineRunner) Start 

func (r *RoutineRunner) Start()

Start start the routine

func (*RoutineRunner) StartRunner 

func (r *RoutineRunner) StartRunner(routine libs.Routine)

Start start the routine

type Runner 

type Runner struct {
	Input       string
	SendingType string
	RunnerType  string
	Opt         libs.Options
	Sign        libs.Signature
	Origin      Record

	CRecords  []Record
	CMatched  bool
	InRoutine bool

	Target  map[string]string
	Records []Record
}

Runner runner struct

func InitDNSRunner 

func InitDNSRunner(url string, sign libs.Signature, opt libs.Options) (Runner, error)

InitDNSRunner init task

func InitRunner 

func InitRunner(url string, sign libs.Signature, opt libs.Options) (Runner, error)

InitRunner init task

func (*Runner) DnsDetection 

func (r *Runner) DnsDetection()

DnsDetection get requests ready to send

func (*Runner) GenCRequests 

func (r *Runner) GenCRequests()

GenCRequests generate condition requests

func (*Runner) GenRequests 

func (r *Runner) GenRequests() []libs.Request

GenRequests generate request for sending

func (*Runner) GetRequests 

func (r *Runner) GetRequests()

GetRequests get requests ready to send

func (*Runner) LocalSending 

func (r *Runner) LocalSending()

func (*Runner) PrePareOrigin 

func (r *Runner) PrePareOrigin()

PrePareOrigin parsing origin request

func (*Runner) PrepareTarget 

func (r *Runner) PrepareTarget()

func (*Runner) Resolving 

func (r *Runner) Resolving()

Resolving get dns ready to resolve

func (*Runner) SendCRequests 

func (r *Runner) SendCRequests()

SendCRequests sending condition requests

func (*Runner) SendOrigin 

func (r *Runner) SendOrigin(originReq libs.Request) (libs.Origin, map[string]string)

SendOrigin sending origin request

func (*Runner) Sending 

func (r *Runner) Sending()

func (*Runner) SendingParallels 

func (r *Runner) SendingParallels()

func (*Runner) SendingSerial 

func (r *Runner) SendingSerial()

type Vulnerability 

type Vulnerability struct {
	SignID     string
	SignPath   string
	URL        string
	Risk       string
	Confidence string
	ReportPath string
	ReportFile string
	Status     string
	Length     string
	Words      string
	Time       string
}

func ParsePassiveVuln 

func ParsePassiveVuln(options libs.Options) []Vulnerability

ParsePassiveVuln parse vulnerbility based on

func ParseVuln 

func ParseVuln(options libs.Options) []Vulnerability

ParseVuln parse vulnerbility based on

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.