diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e956e9cf2..8dbeede52 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.21.3 + go-version: 1.21.4 - name: Install Dependences run: | brew install libpcap upx @@ -45,7 +45,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.21.3 + go-version: 1.21.4 - name: Install Dependences run: | sudo apt install -yy --fix-missing libpcap-dev upx @@ -78,7 +78,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.21.3 + go-version: 1.21.4 - name: Run GoReleaser uses: goreleaser/goreleaser-action@v5 with: diff --git a/.gitmodules b/.gitmodules index 5410476a2..b0136a512 100644 --- a/.gitmodules +++ b/.gitmodules @@ -2,10 +2,6 @@ path = config/jaeles-signatures url = https://github.com/jaeles-project/jaeles-signatures branch=master -[submodule "config/nuclei-templates"] - path = config/nuclei-templates - url = https://github.com/projectdiscovery/nuclei-templates.git - branch=main [submodule "config/fuzzing-templates"] path = config/fuzzing-templates url = https://github.com/projectdiscovery/fuzzing-templates.git diff --git a/Formula.rb b/Formula.rb index 3b70f47e4..c727f5f5a 100644 --- a/Formula.rb +++ b/Formula.rb @@ -2,7 +2,7 @@ class scan4all < Formula desc "Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)..." homepage "https://github.com/GhostTroops/scan4all" url "https://github.com/GhostTroops/scan4all/releases/download/2.9.0/scan4all_2.9.0_macOS_amd64.zip" - sha256 "ccd874a283defad6a0deb11377cb9d6024cb5946b46f61f36008e0afe9db4950" + sha256 "542f26a2cbcbd37318d8cbb6e40607cfbff91f6c3a2ea945e143833c1a6aca19" version "V2.9.0" def install diff --git a/config/config.json b/config/config.json index b638b0fe0..804d04eec 100644 --- a/config/config.json +++ b/config/config.json @@ -79,7 +79,7 @@ "enableMultNuclei": false, "enableNuclei": true, "enableByWaf": true, - "enableDevDebug": true, + "enableDevDebug": false, "enableEmbedYaml": true, "enableFileFuzz": true, "httpx": { diff --git a/config/nuclei-templates b/config/nuclei-templates deleted file mode 160000 index 9cd3519d9..000000000 --- a/config/nuclei-templates +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 9cd3519d9e41c8408bf8bcb649166969b24f4db1 diff --git a/go.mod b/go.mod index f7c50e3f3..63dd53d25 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/GhostTroops/scan4all -go 1.21 +go 1.21.4 require ( github.com/PuerkitoBio/goquery v1.8.1 @@ -229,7 +229,7 @@ require ( github.com/projectdiscovery/utils v0.0.52 // indirect github.com/quic-go/qpack v0.4.0 // indirect github.com/quic-go/qtls-go1-20 v0.4.1 // indirect - github.com/quic-go/quic-go v0.40.0 // indirect + github.com/quic-go/quic-go v0.40.1 // indirect github.com/refraction-networking/utls v1.5.2 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect diff --git a/go.sum b/go.sum index 7b9643e08..afd60675e 100644 --- a/go.sum +++ b/go.sum @@ -700,8 +700,8 @@ github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= github.com/quic-go/qtls-go1-20 v0.4.1 h1:D33340mCNDAIKBqXuAvexTNMUByrYmFYVfKfDN5nfFs= github.com/quic-go/qtls-go1-20 v0.4.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.40.0 h1:GYd1iznlKm7dpHD7pOVpUvItgMPo/jrMgDWZhMCecqw= -github.com/quic-go/quic-go v0.40.0/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c= +github.com/quic-go/quic-go v0.40.1 h1:X3AGzUNFs0jVuO3esAGnTfvdgvL4fq655WaOi1snv1Q= +github.com/quic-go/quic-go v0.40.1/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c= github.com/refraction-networking/utls v1.5.2 h1:l6diiLbEoRqdQ+/osPDO0z0lTc8O8VZV+p82N+Hi+ws= github.com/refraction-networking/utls v1.5.2/go.mod h1:SPuDbBmgLGp8s+HLNc83FuavwZCFoMmExj+ltUHiHUw= github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E= diff --git a/lib/util/checkerImp.go b/lib/util/checkerImp.go index f19090b62..7485020de 100644 --- a/lib/util/checkerImp.go +++ b/lib/util/checkerImp.go @@ -19,10 +19,11 @@ var ( ) // 检查器的设计:解耦、规范、统一,各类专注实现自己 -// 1、允许未响应header、body、js、css等构建不同的检查器 -// 2、每个检查器都有缓存 -// 3、避免重复检查 -// 4、具有自动释放缓存的机制,程序退出时自动消费(内存缓存) +// +// 1、允许未响应header、body、js、css等构建不同的检查器 +// 2、每个检查器都有缓存 +// 3、避免重复检查 +// 4、具有自动释放缓存的机制,程序退出时自动消费(内存缓存) type CheckerTools struct { Name string `json:"name"` // RespHeader,RespBody,RespJs,RespCss,RespTitle,ReqHeader checkFunc []func(*CheckerTools, ...interface{}) `json:"check_func"` // 注册的检查器 @@ -78,8 +79,10 @@ func (r *CheckerTools) GetBodyStr(a ...interface{}) string { // 检查 func (r *CheckerTools) Check(parm ...interface{}) { for _, f := range r.checkFunc { - log.Printf("Check %+v\n", parm) - f(r, parm...) + if nil != f { + log.Printf("Check %+v\n", parm) + f(r, parm...) + } } } @@ -112,12 +115,15 @@ func CheckRespHeader(parm ...interface{}) { } // 检查 response 对象 -// 1、包括头的检查 -// 2、包括body的检查 +// +// 1、包括头的检查 +// 2、包括body的检查 func CheckResp(szU string, resp ...*http.Response) { - for _, r := range resp { - CheckRespHeader(&r.Header, szU) - GetInstance(RespBody).Check(&r, szU) + if nil != resp && 0 < len(resp) { + for _, r := range resp { + CheckRespHeader(&r.Header, szU) + GetInstance(RespBody).Check(&r, szU) + } } } diff --git a/main.go b/main.go index 6a9d899ee..6f1a29693 100644 --- a/main.go +++ b/main.go @@ -22,6 +22,8 @@ var Version string /* go tool pprof -seconds=180 -http=:9999 http://127.0.0.1:6060/debug/pprof/heap no leak +go tool pprof http://127.0.0.1:6060/debug/pprof/profile + http://localhost:9999/ui/ */ func main() { diff --git a/projectdiscovery/nuclei_Yaml/nuclei_yaml.go b/projectdiscovery/nuclei_Yaml/nuclei_yaml.go index 60f68091e..01a9257b5 100644 --- a/projectdiscovery/nuclei_Yaml/nuclei_yaml.go +++ b/projectdiscovery/nuclei_Yaml/nuclei_yaml.go @@ -31,8 +31,9 @@ func RunNuclei(buf *bytes.Buffer) { szP := util.SzPwd + "/config/" os.MkdirAll(szP+"tools/"+runtime.GOOS, os.ModePerm) a := []string{ - szP + "tools/" + runtime.GOOS + "/" + szCmd, - "-t", szP + "nuclei-templates", + //szP + "tools/" + runtime.GOOS + "/" + + szCmd, + //"-t", szP + "nuclei-templates", "-sa", "-duc", "-silent", "-nc", } diff --git a/vendor/github.com/quic-go/quic-go/framer.go b/vendor/github.com/quic-go/quic-go/framer.go index 9409af4c2..d5c61bcf7 100644 --- a/vendor/github.com/quic-go/quic-go/framer.go +++ b/vendor/github.com/quic-go/quic-go/framer.go @@ -23,6 +23,8 @@ type framer interface { Handle0RTTRejection() error } +const maxPathResponses = 256 + type framerI struct { mutex sync.Mutex @@ -33,6 +35,7 @@ type framerI struct { controlFrameMutex sync.Mutex controlFrames []wire.Frame + pathResponses []*wire.PathResponseFrame } var _ framer = &framerI{} @@ -52,20 +55,43 @@ func (f *framerI) HasData() bool { return true } f.controlFrameMutex.Lock() - hasData = len(f.controlFrames) > 0 - f.controlFrameMutex.Unlock() - return hasData + defer f.controlFrameMutex.Unlock() + return len(f.controlFrames) > 0 || len(f.pathResponses) > 0 } func (f *framerI) QueueControlFrame(frame wire.Frame) { f.controlFrameMutex.Lock() + defer f.controlFrameMutex.Unlock() + + if pr, ok := frame.(*wire.PathResponseFrame); ok { + // Only queue up to maxPathResponses PATH_RESPONSE frames. + // This limit should be high enough to never be hit in practice, + // unless the peer is doing something malicious. + if len(f.pathResponses) >= maxPathResponses { + return + } + f.pathResponses = append(f.pathResponses, pr) + return + } f.controlFrames = append(f.controlFrames, frame) - f.controlFrameMutex.Unlock() } func (f *framerI) AppendControlFrames(frames []ackhandler.Frame, maxLen protocol.ByteCount, v protocol.VersionNumber) ([]ackhandler.Frame, protocol.ByteCount) { - var length protocol.ByteCount f.controlFrameMutex.Lock() + defer f.controlFrameMutex.Unlock() + + var length protocol.ByteCount + // add a PATH_RESPONSE first, but only pack a single PATH_RESPONSE per packet + if len(f.pathResponses) > 0 { + frame := f.pathResponses[0] + frameLen := frame.Length(v) + if frameLen <= maxLen { + frames = append(frames, ackhandler.Frame{Frame: frame}) + length += frameLen + f.pathResponses = f.pathResponses[1:] + } + } + for len(f.controlFrames) > 0 { frame := f.controlFrames[len(f.controlFrames)-1] frameLen := frame.Length(v) @@ -76,7 +102,6 @@ func (f *framerI) AppendControlFrames(frames []ackhandler.Frame, maxLen protocol length += frameLen f.controlFrames = f.controlFrames[:len(f.controlFrames)-1] } - f.controlFrameMutex.Unlock() return frames, length } diff --git a/vendor/github.com/quic-go/quic-go/packet_packer.go b/vendor/github.com/quic-go/quic-go/packet_packer.go index 64081c684..a330632be 100644 --- a/vendor/github.com/quic-go/quic-go/packet_packer.go +++ b/vendor/github.com/quic-go/quic-go/packet_packer.go @@ -640,7 +640,13 @@ func (p *packetPacker) composeNextPacket(maxFrameSize protocol.ByteCount, onlyAc pl.length += lengthAdded // add handlers for the control frames that were added for i := startLen; i < len(pl.frames); i++ { - pl.frames[i].Handler = p.retransmissionQueue.AppDataAckHandler() + switch pl.frames[i].Frame.(type) { + case *wire.PathChallengeFrame, *wire.PathResponseFrame: + // Path probing is currently not supported, therefore we don't need to set the OnAcked callback yet. + // PATH_CHALLENGE and PATH_RESPONSE are never retransmitted. + default: + pl.frames[i].Handler = p.retransmissionQueue.AppDataAckHandler() + } } pl.streamFrames, lengthAdded = p.framer.AppendStreamFrames(pl.streamFrames, maxFrameSize-pl.length, v) diff --git a/vendor/gorm.io/gorm/License b/vendor/gorm.io/gorm/LICENSE similarity index 100% rename from vendor/gorm.io/gorm/License rename to vendor/gorm.io/gorm/LICENSE diff --git a/vendor/modules.txt b/vendor/modules.txt index a998c72ba..ce6eb6ebd 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -402,8 +402,6 @@ github.com/golang/glog/internal/stackdump # github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da ## explicit github.com/golang/groupcache/lru -# github.com/golang/mock v1.6.0 -## explicit; go 1.11 # github.com/golang/protobuf v1.5.3 ## explicit; go 1.9 github.com/golang/protobuf/proto @@ -988,7 +986,7 @@ github.com/quic-go/qpack # github.com/quic-go/qtls-go1-20 v0.4.1 ## explicit; go 1.20 github.com/quic-go/qtls-go1-20 -# github.com/quic-go/quic-go v0.40.0 +# github.com/quic-go/quic-go v0.40.1 ## explicit; go 1.20 github.com/quic-go/quic-go github.com/quic-go/quic-go/http3