-
Notifications
You must be signed in to change notification settings - Fork 667
/
parser_generic.go
67 lines (59 loc) · 2.67 KB
/
parser_generic.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
//go:build !(386 || windows)
package parser
import (
"fmt"
"strings"
"github.com/PuerkitoBio/goquery"
"github.com/projectdiscovery/katana/pkg/navigation"
"github.com/projectdiscovery/katana/pkg/types"
"github.com/projectdiscovery/katana/pkg/utils"
)
func InitWithOptions(options *types.Options) {
if options.AutomaticFormFill {
responseParsers = append(responseParsers, responseParser{bodyParser, bodyFormTagParser})
}
if options.ScrapeJSLuiceResponses {
responseParsers = append(responseParsers, responseParser{bodyParser, scriptContentJsluiceParser})
responseParsers = append(responseParsers, responseParser{contentParser, scriptJSFileJsluiceParser})
}
if options.ScrapeJSResponses {
responseParsers = append(responseParsers, responseParser{bodyParser, scriptContentRegexParser})
responseParsers = append(responseParsers, responseParser{contentParser, scriptJSFileRegexParser})
responseParsers = append(responseParsers, responseParser{contentParser, bodyScrapeEndpointsParser})
}
if !options.DisableRedirects {
responseParsers = append(responseParsers, responseParser{headerParser, headerLocationParser})
}
}
// scriptContentJsluiceParser parses script content endpoints using jsluice from response
func scriptContentJsluiceParser(resp *navigation.Response) (navigationRequests []*navigation.Request) {
resp.Reader.Find("script").Each(func(i int, item *goquery.Selection) {
text := item.Text()
if text == "" {
return
}
endpointItems := utils.ExtractJsluiceEndpoints(text)
for _, item := range endpointItems {
navigationRequests = append(navigationRequests, navigation.NewNavigationRequestURLFromResponse(item.Endpoint, resp.Resp.Request.URL.String(), "script", fmt.Sprintf("jsluice-%s", item.Type), resp))
}
})
return
}
// scriptJSFileJsluiceParser parses endpoints using jsluice from js file pages
func scriptJSFileJsluiceParser(resp *navigation.Response) (navigationRequests []*navigation.Request) {
// Only process javascript file based on path or content type
// CSS, JS are supported for relative endpoint extraction.
contentType := resp.Resp.Header.Get("Content-Type")
if !(strings.HasSuffix(resp.Resp.Request.URL.Path, ".js") || strings.HasSuffix(resp.Resp.Request.URL.Path, ".css") || strings.Contains(contentType, "/javascript")) {
return
}
// Skip common js libraries
if utils.IsPathCommonJSLibraryFile(resp.Resp.Request.URL.Path) {
return
}
endpointsItems := utils.ExtractJsluiceEndpoints(string(resp.Body))
for _, item := range endpointsItems {
navigationRequests = append(navigationRequests, navigation.NewNavigationRequestURLFromResponse(item.Endpoint, resp.Resp.Request.URL.String(), "js", fmt.Sprintf("jsluice-%s", item.Type), resp))
}
return
}