ip and url parse

SummerSec · SummerSec · commit c135293097f2 · 2022-04-21T19:57:41.000+08:00
diff --git a/cmd/commons/attack/attack.go b/cmd/commons/attack/attack.go
@@ -27,8 +27,8 @@ func init() {
 func addPoc(pocs map[string]interface{}) map[string]interface{} {
 	log.Debugln("github.com/SummerSec/SpringExploit/cmd/commons/attack/attack.go:25")
 	log.Debug("[*] Add PoC")
-	//pocs["demo"] = &poc.Demo{}
-	pocs["CVE202222947"] = &poc.CVE202222947{}
+	pocs["demo"] = &poc.Demo{}
+	//pocs["CVE202222947"] = &poc.CVE202222947{}
 	return pocs
 
 }
diff --git a/cmd/commons/core/options.go b/cmd/commons/core/options.go
@@ -30,7 +30,7 @@ type Options struct {
 	// 重复请求次数
 	Retry int
 	// ip 段
-	IP string
+	//IP string
 
 	// 保存结果
 	Out string
@@ -43,16 +43,16 @@ func (o Options) toString() interface{} {
 
 func ParseOptions() *Options {
 	options := &Options{}
-	flag.IntVar(&options.Mode, "m", 6, "debug mode off ( Infolevel = 0  PanicLevel = 1 FatalLevel = 2 \n"+"\t ErrorLevel = 3  WarnLevel = 4  InfoLevel = 5  DebugLevel = 6  TraceLevel = 7)")
+	flag.IntVar(&options.Mode, "m", 6, "debug mode off (debug mode = 6)")
 	flag.IntVar(&options.Thread, "t", 1, "threads number ")
-	flag.StringVar(&options.File, "f", "", "file to read example: -file=test.txt")
-	flag.StringVar(&options.Url, "u", "", "url to read example: -url=http://www.baidu.com")
+	flag.StringVar(&options.File, "f", "", "file to read example: -file=test.txt  http(s)://host:port/")
+	flag.StringVar(&options.Url, "u", "", "url to read example: -url=http://www.baidu.com:80")
 	flag.StringVar(&options.Proxy, "proxy", "", "proxy example: -proxy=http://127.0.0.1:8080 or -proxy=socks5://127.0.0.1:1080")
 	flag.BoolVar(&options.Version, "version", false, "show version")
 	flag.BoolVar(&options.Verbose, "verbose", false, "show verbose")
 	flag.StringVar(&options.LogFile, "log", "logs.txt", "log file example: -log=/logs/logs.txt")
 	flag.IntVar(&options.Retry, "retry", 3, "repeat request times")
-	flag.StringVar(&options.IP, "i", "", "ip segment example: -ip=192.168.0.1/24 ")
+	//flag.StringVar(&options.IP, "i", "", "ip segment example: -ip=192.168.0.1/24 ")
 	flag.IntVar(&options.Timeout, "timeout", 10, "timeout")
 	flag.StringVar(&options.Out, "o", "result.txt", "out file example: -o=result.txt default result.txt")
 	flag.Parse()
@@ -64,10 +64,10 @@ func ParseOptions() *Options {
 	} else if url := options.Url; url != "" {
 		options.Thread = 1
 		options.File = ""
-
+		ShowBanner(v)
 	} else if options.File != "" {
 		options.Url = ""
-
+		ShowBanner(v)
 	} else {
 		ShowBanner(v)
 		flag.PrintDefaults()
diff --git a/cmd/commons/core/runner.go b/cmd/commons/core/runner.go
@@ -6,6 +6,7 @@ import (
 	"github.com/SummerSec/SpringExploit/cmd/commons/utils"
 	"github.com/fatih/structs"
 	log "github.com/sirupsen/logrus"
+	"net/url"
 )
 
 type Runner struct {
@@ -28,6 +29,7 @@ func (r *Runner) Run() {
 	log.Debugln("github.com/SummerSec/SpringExploit/cmd/commons/core/runner.go: Run()")
 	log.Info("Runner Running")
 	f := r.options.File
+	//ip := r.options.IP
 	var urls []string
 	// TODO: check if options are valid
 	//r.options.Url = "http://127.0.0.1:8090/"
@@ -60,15 +62,23 @@ func (r *Runner) Run() {
 
 }
 
-func Start(url string, hashmap map[string]interface{}, i int, c chan int) {
+func Start(u string, hashmap map[string]interface{}, i int, c chan int) {
 	log.Debugln("github/SummerSec/SpringExploit/cmd/commons/core/runner.go: Start")
 
 	log.Info("Runner started")
-	log.Infoln("testing URL: ", url)
+	log.Infoln("testing URL: ", u)
 	//for k, v := range hashmap {
 	//	log.Debugln("key: ", k, " value: ", v)
 	//}
-	attack.Sevice(url, hashmap)
+	r, err := url.Parse(u)
+	if err != nil {
+		log.Info("URL parse error")
+		log.Errorln(err)
+		return
+	}
+	target := r.Scheme + "://" + r.Host + r.Port() + r.Path
+
+	attack.Sevice(target, hashmap)
 
 	// 放到最后，不然无法生效
 	c <- i + 1
diff --git a/cmd/commons/poc/demo.go b/cmd/commons/poc/demo.go
@@ -8,12 +8,23 @@ import (
 
 type Demo struct{}
 
-func (d Demo) SendPoc(url string, hashmap map[string]interface{}) {
+func (d Demo) SendPoc(target string, hashmap map[string]interface{}) {
 
 	log.Debugf("[+] Running default poc")
 	reqinfo := NewReqInfo()
 	reqmap := structs.Map(reqinfo)
-	reqmap["url"] = url
+	// TODO 每次传入的url 都是标准的 http(s)://host:port/path
+	// 可以使用 url.Parse 来解析获取 host 和 port
+	// for example:
+	//result, err := url.Parse(target)
+	//if err != nil {
+	//	log.Debugln("[-] url parse error")
+	//	log.Errorf("[-] url parse error: %s", err)
+	//	return
+	//}
+	//target = result.Scheme + "://" + result.Host + result.Port() + "/" + result.Path
+
+	reqmap["url"] = target
 	//for k, v := range hashmap {
 	//	log.Debugln("key: ", k, " value: ", v)
 	//}
diff --git a/cmd/commons/utils/readfile.go b/cmd/commons/utils/readfile.go
@@ -3,6 +3,7 @@ package utils
 import (
 	"bufio"
 	log "github.com/sirupsen/logrus"
+	"net/url"
 	"os"
 )
 
@@ -22,6 +23,8 @@ func ReadFile(path string) (urls []string, err error) {
 		if err != nil {
 			return lins, err // error or EOF
 		}
+		url.Parse(str)
+
 		log.Infoln("The url is : %s", str)
 		lins = append(lins, str)
 	}
diff --git a/cmd/test/ip.go b/cmd/test/ip.go
@@ -0,0 +1 @@
+package main
diff --git a/cmd/test/url.go b/cmd/test/url.go
@@ -0,0 +1,14 @@
+package main
+
+import (
+	"fmt"
+	"net/url"
+)
+
+func main() {
+	u := "https://www.google.com:6066/search?q=go+language"
+	r, _ := url.Parse(u)
+	fmt.Println(r.Host)
+	fmt.Println(r.Scheme + "://" + r.Host + r.Path)
+
+}

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ package utils`
`3`	`3`	`import (`
`4`	`4`	`"bufio"`
`5`	`5`	`log "github.com/sirupsen/logrus"`
	`6`	`+ "net/url"`
`6`	`7`	`"os"`
`7`	`8`	`)`
`8`	`9`
`@@ -22,6 +23,8 @@ func ReadFile(path string) (urls []string, err error) {`
`22`	`23`	`if err != nil {`
`23`	`24`	`return lins, err // error or EOF`
`24`	`25`	`}`
	`26`	`+ url.Parse(str)`
	`27`	`+`
`25`	`28`	`log.Infoln("The url is : %s", str)`
`26`	`29`	`lins = append(lins, str)`
`27`	`30`	`}`