fix host mod not work, #63

cmd/cmd.go

@@ -16,7 +16,7 @@ import (
 	"time"
 )
 
-var ver = "v1.0.1"
+var ver = "dev"
 var DefaultConfig = "config.yaml"
 
 func init() {

go.mod

@@ -2,8 +2,6 @@ module github.com/chainreactors/spray
 
 go 1.22
 
-toolchain go1.22.2
-
 require (
 	github.com/chainreactors/files v0.0.0-20240716182835-7884ee1e77f0
 	github.com/chainreactors/fingers v0.0.0-20240716172449-2fc3147b9c2a

go.sum

@@ -96,7 +96,6 @@ github.com/chainreactors/parsers v0.0.0-20240708072709-07deeece7ce2/go.mod h1:7r
 github.com/chainreactors/utils v0.0.0-20240528085651-ba1b255482c1/go.mod h1:JA4eiQZm+7AsfjXBcIzIdVKBEhDCb16eNtWFCGTxlvs=
 github.com/chainreactors/utils v0.0.0-20240704062557-662d623b74f4/go.mod h1:JA4eiQZm+7AsfjXBcIzIdVKBEhDCb16eNtWFCGTxlvs=
 github.com/chainreactors/utils v0.0.0-20240715080349-d2d0484c95ed/go.mod h1:LajXuvESQwP+qCMAvlcoSXppQCjuLlBrnQpu9XQ1HtU=
-github.com/chainreactors/utils v0.0.0-20240716182459-e85f2b01ee16 h1:TCOshCp7PrWqhP/HSAM5kT3VxoOe7EoJbRseyoSX3RM=
 github.com/chainreactors/utils v0.0.0-20240716182459-e85f2b01ee16/go.mod h1:LajXuvESQwP+qCMAvlcoSXppQCjuLlBrnQpu9XQ1HtU=
 github.com/chainreactors/utils v0.0.0-20240805193040-ff3b97aa3c3f h1:2NKmadFYP9vCwC0YrazgttFACleOhxScTPzg0i76YAY=
 github.com/chainreactors/utils v0.0.0-20240805193040-ff3b97aa3c3f/go.mod h1:LajXuvESQwP+qCMAvlcoSXppQCjuLlBrnQpu9XQ1HtU=

internal/ihttp/request.go

@@ -5,27 +5,20 @@ import (
 	"net/http"
 )
 
-func BuildPathRequest(clientType int, base, path, method string) (*Request, error) {
+func BuildRequest(clientType int, base, path, host, method string) (*Request, error) {
 	if clientType == FAST {
 		req := fasthttp.AcquireRequest()
 		req.Header.SetMethod(method)
 		req.SetRequestURI(base + path)
+		if host != "" {
+			req.SetHost(host)
+		}
 		return &Request{FastRequest: req, ClientType: FAST}, nil
 	} else {
 		req, err := http.NewRequest(method, base+path, nil)
-		return &Request{StandardRequest: req, ClientType: STANDARD}, err
-	}
-}
-
-func BuildHostRequest(clientType int, base, host string) (*Request, error) {
-	if clientType == FAST {
-		req := fasthttp.AcquireRequest()
-		req.SetRequestURI(base)
-		req.SetHost(host)
-		return &Request{FastRequest: req, ClientType: FAST}, nil
-	} else {
-		req, err := http.NewRequest("GET", base, nil)
-		req.Host = host
+		if host != "" {
+			req.Host = host
+		}
 		return &Request{StandardRequest: req, ClientType: STANDARD}, err
 	}
 }

internal/option.go

@@ -687,7 +687,7 @@ func (opt *Option) BuildWords(r *Runner) error {
 		})
 	}
 
-	logs.Log.Importantf("Loaded %d dictionaries, %d rules and %d decorators", len(opt.Dictionaries), len(opt.Rules), len(r.Fns))
+	logs.Log.Importantf("%s mod, Loaded %d dictionaries, %d rules and %d decorators", opt.Mod, len(opt.Dictionaries), len(opt.Rules), len(r.Fns))
 	return nil
 }
 

internal/pool/brutepool.go

@@ -29,6 +29,7 @@ var (
 	MaxRecursion    = 0
 	EnableAllFuzzy  = false
 	EnableAllUnique = false
+	//AllowHostModSource = []parsers.SpraySource{parsers.WordSource, parsers.CheckSource, parsers.InitIndexSource, parsers.InitRandomSource}
 )
 
 func NewBrutePool(ctx context.Context, config *Config) (*BrutePool, error) {
@@ -108,46 +109,30 @@ type BrutePool struct {
 	initwg      sync.WaitGroup // 初始化用, 之后改成锁
 }
 
-func (pool *BrutePool) checkRedirect(redirectURL string) bool {
-	if pool.random.RedirectURL == "" {
-		// 如果random的redirectURL为空, 此时该项
-		return true
-	}
-
-	if redirectURL == pool.random.RedirectURL {
-		// 相同的RedirectURL将被认为是无效数据
-		return false
-	} else {
-		// path为3xx, 且与baseline中的RedirectURL不同时, 为有效数据
-		return true
-	}
-}
-
-func (pool *BrutePool) genReq(mod SprayMod, s string) (*ihttp.Request, error) {
-	if mod == HostSpray {
-		return ihttp.BuildHostRequest(pool.ClientType, pool.BaseURL, s)
-	} else if mod == PathSpray {
-		return ihttp.BuildPathRequest(pool.ClientType, pool.base, s, pool.Method)
-	}
-	return nil, fmt.Errorf("unknown mod")
-}
-
 func (pool *BrutePool) Init() error {
 	pool.initwg.Add(2)
 	if pool.Index != "/" {
 		logs.Log.Logf(pkg.LogVerbose, "custom index url: %s", pkg.BaseURL(pool.url)+pkg.FormatURL(pkg.BaseURL(pool.url), pool.Index))
-		pool.reqPool.Invoke(newUnit(pool.Index, parsers.InitIndexSource))
+		pool.reqPool.Invoke(&Unit{path: pool.Index, source: parsers.InitIndexSource})
 		//pool.urls[dir(pool.Index)] = struct{}{}
 	} else {
-		pool.reqPool.Invoke(newUnit(pool.url.Path, parsers.InitIndexSource))
+		pool.reqPool.Invoke(&Unit{path: pool.url.Path, source: parsers.InitIndexSource})
 		//pool.urls[dir(pool.url.Path)] = struct{}{}
 	}
 
 	if pool.Random != "" {
 		logs.Log.Logf(pkg.LogVerbose, "custom random url: %s", pkg.BaseURL(pool.url)+pkg.FormatURL(pkg.BaseURL(pool.url), pool.Random))
-		pool.reqPool.Invoke(newUnit(pool.Random, parsers.InitRandomSource))
+		if pool.Mod == PathSpray {
+			pool.reqPool.Invoke(&Unit{path: pool.Random, source: parsers.InitRandomSource})
+		} else {
+			pool.reqPool.Invoke(&Unit{host: pool.Random, source: parsers.InitRandomSource})
+		}
 	} else {
-		pool.reqPool.Invoke(newUnit(pool.safePath(pkg.RandPath()), parsers.InitRandomSource))
+		if pool.Mod == PathSpray {
+			pool.reqPool.Invoke(&Unit{path: pool.safePath(pkg.RandPath()), source: parsers.InitRandomSource})
+		} else {
+			pool.reqPool.Invoke(&Unit{host: pkg.RandHost(), source: parsers.InitRandomSource})
+		}
 	}
 
 	pool.initwg.Wait()
@@ -182,22 +167,6 @@ func (pool *BrutePool) Init() error {
 	return nil
 }
 
-func (pool *BrutePool) Upgrade(bl *pkg.Baseline) error {
-	rurl, err := url.Parse(bl.RedirectURL)
-	if err == nil && rurl.Hostname() == bl.Url.Hostname() && bl.Url.Scheme == "http" && rurl.Scheme == "https" {
-		logs.Log.Infof("baseurl %s upgrade http to https, reinit", pool.BaseURL)
-		pool.base = strings.Replace(pool.BaseURL, "http", "https", 1)
-		pool.url.Scheme = "https"
-		// 重新初始化
-		err = pool.Init()
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
 func (pool *BrutePool) Run(ctx context.Context, offset, limit int) {
 	pool.Worder.Run()
 	if pool.Active {
@@ -254,18 +223,18 @@ Loop:
 
 			pool.wg.Add(1)
 			if pool.Mod == HostSpray {
-				pool.reqPool.Invoke(newUnitWithNumber(w, parsers.WordSource, pool.wordOffset))
+				pool.reqPool.Invoke(&Unit{host: w, source: parsers.WordSource, number: pool.wordOffset})
 			} else {
 				// 原样的目录拼接, 输入了几个"/"就是几个, 适配/有语义的中间件
-				pool.reqPool.Invoke(newUnitWithNumber(pool.safePath(w), parsers.WordSource, pool.wordOffset))
+				pool.reqPool.Invoke(&Unit{path: pool.safePath(w), source: parsers.WordSource, number: pool.wordOffset})
 			}
 
 		case <-pool.checkCh:
 			pool.Statistor.CheckNumber++
 			if pool.Mod == HostSpray {
-				pool.reqPool.Invoke(newUnitWithNumber(pkg.RandHost(), parsers.CheckSource, pool.wordOffset))
+				pool.reqPool.Invoke(&Unit{host: pkg.RandHost(), source: parsers.CheckSource, number: pool.wordOffset})
 			} else if pool.Mod == PathSpray {
-				pool.reqPool.Invoke(newUnitWithNumber(pool.safePath(pkg.RandPath()), parsers.CheckSource, pool.wordOffset))
+				pool.reqPool.Invoke(&Unit{path: pool.safePath(pkg.RandPath()), source: parsers.CheckSource, number: pool.wordOffset})
 			}
 		case unit, ok := <-pool.additionCh:
 			if !ok || pool.closed {
@@ -301,12 +270,8 @@ func (pool *BrutePool) Invoke(v interface{}) {
 
 	var req *ihttp.Request
 	var err error
-	if unit.source == parsers.WordSource {
-		req, err = pool.genReq(pool.Mod, unit.path)
-	} else {
-		req, err = pool.genReq(PathSpray, unit.path)
-	}
 
+	req, err = ihttp.BuildRequest(pool.ClientType, pool.BaseURL, unit.path, unit.host, pool.Method)
 	if err != nil {
 		logs.Log.Error(err.Error())
 		return
@@ -425,7 +390,7 @@ func (pool *BrutePool) Invoke(v interface{}) {
 func (pool *BrutePool) NoScopeInvoke(v interface{}) {
 	defer pool.wg.Done()
 	unit := v.(*Unit)
-	req, err := ihttp.BuildPathRequest(pool.ClientType, unit.path, "", pool.Method)
+	req, err := ihttp.BuildRequest(pool.ClientType, unit.path, "", "", "GET")
 	if err != nil {
 		logs.Log.Error(err.Error())
 		return
@@ -554,6 +519,7 @@ func (pool *BrutePool) doAppendRule(bl *pkg.Baseline) {
 		for u := range rule.RunAsStream(pool.AppendRule.Expressions, path.Base(bl.Path)) {
 			pool.addAddition(&Unit{
 				path:   pkg.Dir(bl.Url.Path) + u,
+				host:   bl.Host,
 				source: parsers.RuleSource,
 			})
 		}
@@ -572,6 +538,7 @@ func (pool *BrutePool) doAppendWords(bl *pkg.Baseline) {
 		for _, u := range pool.AppendWords {
 			pool.addAddition(&Unit{
 				path:   pkg.SafePath(bl.Path, u),
+				host:   bl.Host,
 				source: parsers.AppendSource,
 			})
 		}
@@ -586,6 +553,9 @@ func (pool *BrutePool) doAppend(bl *pkg.Baseline) {
 
 func (pool *BrutePool) doActive() {
 	defer pool.wg.Done()
+	if pool.Mod == HostSpray {
+		return
+	}
 	for _, u := range pkg.ActivePath {
 		pool.addAddition(&Unit{
 			path:   pool.dir + u[1:],
@@ -596,6 +566,9 @@ func (pool *BrutePool) doActive() {
 
 func (pool *BrutePool) doCommonFile() {
 	defer pool.wg.Done()
+	if pool.Mod == HostSpray {
+		return
+	}
 	for _, u := range pkg.Dicts["common"] {
 		pool.addAddition(&Unit{
 			path:   pool.dir + u,
@@ -610,6 +583,37 @@ func (pool *BrutePool) doCommonFile() {
 	}
 }
 
+func (pool *BrutePool) checkRedirect(redirectURL string) bool {
+	if pool.random.RedirectURL == "" {
+		// 如果random的redirectURL为空, 此时该项
+		return true
+	}
+
+	if redirectURL == pool.random.RedirectURL {
+		// 相同的RedirectURL将被认为是无效数据
+		return false
+	} else {
+		// path为3xx, 且与baseline中的RedirectURL不同时, 为有效数据
+		return true
+	}
+}
+
+func (pool *BrutePool) Upgrade(bl *pkg.Baseline) error {
+	rurl, err := url.Parse(bl.RedirectURL)
+	if err == nil && rurl.Hostname() == bl.Url.Hostname() && bl.Url.Scheme == "http" && rurl.Scheme == "https" {
+		logs.Log.Infof("baseurl %s upgrade http to https, reinit", pool.BaseURL)
+		pool.base = strings.Replace(pool.BaseURL, "http", "https", 1)
+		pool.url.Scheme = "https"
+		// 重新初始化
+		err = pool.Init()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (pool *BrutePool) PreCompare(resp *ihttp.Response) error {
 	status := resp.StatusCode()
 	if iutils.IntsContains(pkg.WhiteStatus, status) {
@@ -771,6 +775,7 @@ func (pool *BrutePool) doCrawl(bl *pkg.Baseline) {
 			}
 			pool.addAddition(&Unit{
 				path:   u,
+				host:   bl.Host,
 				source: parsers.CrawlSource,
 				depth:  bl.ReqDepth + 1,
 			})
@@ -806,6 +811,9 @@ func (pool *BrutePool) doScopeCrawl(bl *pkg.Baseline) {
 
 func (pool *BrutePool) doBak() {
 	defer pool.wg.Done()
+	if pool.Mod == HostSpray {
+		return
+	}
 	worder, err := words.NewWorderWithDsl("{?0}.{?@bak_ext}", [][]string{pkg.BakGenerator(pool.url.Host)}, nil)
 	if err != nil {
 		return

internal/pool/checkpool.go

@@ -107,7 +107,7 @@ func (pool *CheckPool) Invoke(v interface{}) {
 	}()
 
 	unit := v.(*Unit)
-	req, err := pool.genReq(unit.path)
+	req, err := ihttp.BuildRequest(pool.ClientType, unit.path, "", "", "GET")
 	if err != nil {
 		logs.Log.Debug(err.Error())
 		bl := &pkg.Baseline{

internal/pool/pool.go

@@ -2,7 +2,6 @@ package pool
 
 import (
 	"context"
-	"fmt"
 	"github.com/chainreactors/parsers"
 	"github.com/chainreactors/spray/internal/ihttp"
 	"github.com/chainreactors/spray/pkg"
@@ -39,6 +38,7 @@ func (pool *BasePool) doRedirect(bl *pkg.Baseline, depth int) {
 		defer pool.wg.Done()
 		pool.addAddition(&Unit{
 			path:     reURL,
+			host:     bl.Host,
 			source:   parsers.RedirectSource,
 			frontUrl: bl.UrlString,
 			depth:    depth + 1,
@@ -55,6 +55,7 @@ func (pool *BasePool) doRetry(bl *pkg.Baseline) {
 		defer pool.wg.Done()
 		pool.addAddition(&Unit{
 			path:   bl.Path,
+			host:   bl.Host,
 			source: parsers.RetrySource,
 			retry:  bl.Retry + 1,
 		})
@@ -75,15 +76,6 @@ func (pool *BasePool) Close() {
 	pool.Bar.Close()
 }
 
-func (pool *BasePool) genReq(s string) (*ihttp.Request, error) {
-	if pool.Mod == HostSpray {
-		return ihttp.BuildHostRequest(pool.ClientType, pool.BaseURL, s)
-	} else if pool.Mod == PathSpray {
-		return ihttp.BuildPathRequest(pool.ClientType, pool.BaseURL, s, pool.Method)
-	}
-	return nil, fmt.Errorf("unknown mod")
-}
-
 func (pool *BasePool) putToOutput(bl *pkg.Baseline) {
 	if bl.IsValid || bl.IsFuzzy {
 		bl.Collect()

internal/pool/types.go

@@ -9,12 +9,9 @@ func newUnit(path string, source parsers.SpraySource) *Unit {
 	return &Unit{path: path, source: source}
 }
 
-func newUnitWithNumber(path string, source parsers.SpraySource, number int) *Unit {
-	return &Unit{path: path, source: source, number: number}
-}
-
 type Unit struct {
 	number   int
+	host     string
 	path     string
 	source   parsers.SpraySource
 	retry    int