[x]1.修复POC Xray扫描引擎

[x]2.修复外网是否可以达？可达下载chrome并截图 [+]3.优化进度条 [+]4.新增跳过（主机存活、弱口令、POC、高危漏洞）参数
inbug-team · Jun 1, 2022 · 3b7932b · 3b7932b
1 parent 9feb354
commit 3b7932b
Show file tree

Hide file tree

Showing 12 changed files with 651 additions and 406 deletions.
diff --git a/core/plugins/plugin_scan_poc_xray/lib/check.go b/core/plugins/plugin_scan_poc_xray/lib/check.go
@@ -3,7 +3,6 @@ package lib
 import (
 	"fmt"
 	"github.com/google/cel-go/cel"
-	"github.com/inbug-team/SweetBabyScan/core/plugins/plugin_scan_poc_xray/models"
 	dModels "github.com/inbug-team/SweetBabyScan/models"
 	"math/rand"
 	"net/http"
@@ -73,7 +72,7 @@ func ExecutePoc(oReq *http.Request, p *dModels.DataPocXray) (bool, error, string
 				continue
 			}
 			switch value := out.Value().(type) {
-			case *models.UrlType:
+			case *UrlType:
 				variableMap[k] = UrlTypeToString(value)
 			case int64:
 				variableMap[k] = int(value)
@@ -244,25 +243,25 @@ func doSearch(re string, body string) map[string]string {
 	return nil
 }
 
-func newReverse() *models.Reverse {
+func newReverse() *Reverse {
 	letters := "1234567890abcdefghijklmnopqrstuvwxyz"
 	randSource := rand.New(rand.NewSource(time.Now().Unix()))
 	sub := RandomStr(randSource, letters, 8)
 	if true {
 		//默认不开启dns解析
-		return &models.Reverse{}
+		return &Reverse{}
 	}
 	urlStr := fmt.Sprintf("http://%s.%s", sub, ceYeDomain)
 	u, _ := url.Parse(urlStr)
-	return &models.Reverse{
+	return &Reverse{
 		Url:                ParseUrl(u),
 		Domain:             u.Hostname(),
 		Ip:                 "",
 		IsDomainNameServer: false,
 	}
 }
 
-func clusterPoc(oReq *http.Request, p *dModels.DataPocXray, variableMap map[string]interface{}, req *models.Request, env *cel.Env, sLen int, keys []string) (success bool, err error) {
+func clusterPoc(oReq *http.Request, p *dModels.DataPocXray, variableMap map[string]interface{}, req *Request, env *cel.Env, sLen int, keys []string) (success bool, err error) {
 	for _, rule := range p.Rules {
 		for k1, v1 := range variableMap {
 			if IsContain(keys, k1) {
@@ -387,7 +386,7 @@ func clusterPoc(oReq *http.Request, p *dModels.DataPocXray, variableMap map[stri
 	return success, nil
 }
 
-func clusterPoc1(oReq *http.Request, p *dModels.DataPocXray, variableMap map[string]interface{}, req *models.Request, env *cel.Env, keys []string) (success bool, err error) {
+func clusterPoc1(oReq *http.Request, p *dModels.DataPocXray, variableMap map[string]interface{}, req *Request, env *cel.Env, keys []string) (success bool, err error) {
 	setMap := make(map[string]interface{})
 	for k := range p.Sets {
 		setMap[k] = p.Sets[k][0]
@@ -575,7 +574,7 @@ func clusterPoc1(oReq *http.Request, p *dModels.DataPocXray, variableMap map[str
 	return success, nil
 }
 
-func clusterSend(oReq *http.Request, variableMap map[string]interface{}, req *models.Request, env *cel.Env, rule dModels.Rules) (bool, error) {
+func clusterSend(oReq *http.Request, variableMap map[string]interface{}, req *Request, env *cel.Env, rule dModels.Rules) (bool, error) {
 	if oReq.URL.Path != "" && oReq.URL.Path != "/" {
 		req.Url.Path = fmt.Sprint(oReq.URL.Path, rule.Path)
 	} else {
@@ -666,7 +665,7 @@ func evalSet(env *cel.Env, variableMap map[string]interface{}) {
 				continue
 			}
 			switch value := out.Value().(type) {
-			case *models.UrlType:
+			case *UrlType:
 				variableMap[k] = UrlTypeToString(value)
 			case int64:
 				variableMap[k] = fmt.Sprintf("%v", value)

diff --git a/core/plugins/plugin_scan_poc_xray/lib/eval.go b/core/plugins/plugin_scan_poc_xray/lib/eval.go
@@ -11,7 +11,6 @@ import (
 	"github.com/google/cel-go/common/types"
 	"github.com/google/cel-go/common/types/ref"
 	"github.com/google/cel-go/interpreter/functions"
-	"github.com/inbug-team/SweetBabyScan/core/plugins/plugin_scan_poc_xray/models"
 	"github.com/inbug-team/SweetBabyScan/initializes/initialize_http_client"
 	exprPb "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
 	"io"
@@ -50,7 +49,7 @@ func Evaluate(env *cel.Env, expression string, params map[string]interface{}) (r
 	return out, nil
 }
 
-func UrlTypeToString(u *models.UrlType) string {
+func UrlTypeToString(u *UrlType) string {
 	var buf strings.Builder
 	if u.Scheme != "" {
 		buf.WriteString(u.Scheme)
@@ -93,14 +92,13 @@ type CustomLib struct {
 
 func NewEnvOption() CustomLib {
 	c := CustomLib{}
-
 	c.envOptions = []cel.EnvOption{
 		cel.Container("lib"),
 		cel.Types(
-			&models.UrlType{},
-			&models.Request{},
-			&models.Response{},
-			&models.Reverse{},
+			&UrlType{},
+			&Request{},
+			&Response{},
+			&Reverse{},
 		),
 		cel.Declarations(
 			decls.NewVar("request", decls.NewObjectType("lib.Request")),
@@ -179,6 +177,7 @@ func NewEnvOption() CustomLib {
 					decls.Bool)),
 		),
 	}
+
 	c.programOptions = []cel.ProgramOption{
 		cel.Functions(
 			&functions.Overload{
@@ -383,7 +382,7 @@ func NewEnvOption() CustomLib {
 			&functions.Overload{
 				Operator: "reverse_wait_int",
 				Binary: func(lhs ref.Val, rhs ref.Val) ref.Val {
-					reverse, ok := lhs.Value().(*models.Reverse)
+					reverse, ok := lhs.Value().(*Reverse)
 					if !ok {
 						return types.ValOrErr(lhs, "unexpected type '%v' passed to 'wait'", lhs.Type())
 					}
@@ -411,6 +410,7 @@ func NewEnvOption() CustomLib {
 			},
 		),
 	}
+
 	return c
 }
 
@@ -451,7 +451,7 @@ func randomUppercase(n int) string {
 	return RandomStr(randSource, lowercase, n)
 }
 
-func reverseCheck(r *models.Reverse, timeout int64) bool {
+func reverseCheck(r *Reverse, timeout int64) bool {
 	if ceYeApi == "" || r.Domain == "" {
 		return false
 	}
@@ -493,7 +493,7 @@ func RandomStr(randSource *rand.Rand, letterBytes string, n int) string {
 	return string(randBytes)
 }
 
-func DoRequest(req *http.Request, redirect bool) (*models.Response, error) {
+func DoRequest(req *http.Request, redirect bool) (*Response, error) {
 	if req.Body == nil || req.Body == http.NoBody {
 	} else {
 		req.Header.Set("Content-Length", strconv.Itoa(int(req.ContentLength)))
@@ -520,8 +520,8 @@ func DoRequest(req *http.Request, redirect bool) (*models.Response, error) {
 	return resp, err
 }
 
-func ParseUrl(u *url.URL) *models.UrlType {
-	nu := &models.UrlType{}
+func ParseUrl(u *url.URL) *UrlType {
+	nu := &UrlType{}
 	nu.Scheme = u.Scheme
 	nu.Domain = u.Hostname()
 	nu.Host = u.Host
@@ -532,8 +532,8 @@ func ParseUrl(u *url.URL) *models.UrlType {
 	return nu
 }
 
-func ParseRequest(oReq *http.Request) (*models.Request, error) {
-	req := &models.Request{}
+func ParseRequest(oReq *http.Request) (*Request, error) {
+	req := &Request{}
 	req.Method = oReq.Method
 	req.Url = ParseUrl(oReq.URL)
 	header := make(map[string]string)
@@ -554,8 +554,8 @@ func ParseRequest(oReq *http.Request) (*models.Request, error) {
 	return req, nil
 }
 
-func ParseResponse(oResp *http.Response) (*models.Response, error) {
-	var resp models.Response
+func ParseResponse(oResp *http.Response) (*Response, error) {
+	var resp Response
 	header := make(map[string]string)
 	resp.Status = int32(oResp.StatusCode)
 	resp.Url = ParseUrl(oResp.Request.URL)