【README】支持对 JSON 格式的参数进行模糊测试，使用 --json-crawler-output 输出动静态爬虫的扫描结果，并大…

…幅提升动态爬虫的爬取能力
chushuai · Jul 19, 2024 · 27d8d41 · 27d8d41
1 parent 101c828
commit 27d8d41
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 36 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -137,3 +137,12 @@
 * 【2】Yaml POC支持ldap_url, rmi_url
 * 【3】新增--no-scan参数，绕过漏洞扫描，只进行主动或被动爬取
 * 【4】优化动态爬虫，避免对Data URLs（URL中编码的文件）发起请求
+
+# 1.0.24 2024-07-20
+## SUPPORT
+* 【1】支持对 JSON 格式的参数进行模糊测试
+* 【2】使用--json-crawler-output输出动静态爬虫的扫描结果
+## BUGFIX
+* 【1】修复不支持不安全证书的问题
+* 【2】修复指定config文件了，还是会自动生成config.yaml 文件
+* 【3】修复由于处理 EventRequestPaused 事件时 HTTP 头部构建错误而导致的爬取结果缺失的问题
diff --git a/README.md b/README.md
@@ -68,13 +68,21 @@ Wscan首次运行时，将会生成一个名为config.yaml的文件。将plugins
 ./wscan  --log-level=debug ws --basic-crawler http://testphp.vulnweb.com/ --json-output=wscan_scan_result.json --html-output=wscan_scan_result.html
 ./wscan  --log-level=debug ws --browser  http://testphp.vulnweb.com/ --html-output=wscan_scan_result.html
 ./wscan  --log-level=debug ws --url http://testphp.vulnweb.com/listproducts.php?cat=1  --json-output=wscan_scan_result.json
-./wscan  --log-level=debug ws --url-file=/wscan/url_file.txt --html-output=wscan_scan_result.html
+./wscan  --log-level=debug ws --url-file=/wscan/url_file.txt --html-output=wscan_scan_result.html 
+
 ```
 ### Ⅱ.专项扫描
 在命令行中使用plug参数启用要扫描的插件
 ```
 ./wscan  --log-level=debug ws  --plug=sqldet --basic-crawler http://testphp.vulnweb.com/ --html-output=wscan_scan_result.html
 ```
+### Ⅲ.仅爬虫
+仅记录爬虫结果，不进行漏洞扫描
+```
+./wscan  --log-level=debug ws --browser http://testphp.vulnweb.com/ --no-scan --json-crawler-output=json_crawler_output.json
+./wscan  --log-level=debug ws --basic-crawler http://testphp.vulnweb.com/ --no-scan --json-crawler-output=json_crawler_output.json
+```
+
 ## 被动扫描
 ### Ⅰ.生成并安装CA
 运行genca命令之后，将在当前文件夹生成 ca.crt 和 ca.key 两个文件。
@@ -291,6 +299,7 @@ Wscan支持JSON、HTML等多种格式的扫描报告，其中包含详尽的漏
 * 2024.04.06 发布v1.0.21 二进制版，主被动扫描支持WEB组件识别，内置3700+WEB组件识别插件
 * 2024.07.06 发布v1.0.22 二进制版，实现利用语义分析的方式检测XSS漏洞，XSS检测准确率大幅提升
 * 2024.07.07 发布v1.0.23 二进制版，支持通用log4j-rce漏洞检测
+* 2024.07.20 发布v1.0.24 二进制版，支持对 JSON 格式的参数进行模糊测试，使用 --json-crawler-output 输出动静态爬虫的扫描结果，并大幅提升动态爬虫的爬取能力
 
 # 开源时间表
 Wscan的目标是创建一个开源且非盈利的项目。然而，由于Wscan的工作量庞大，代码仍在快速迭代中。

diff --git a/core/main.go b/core/main.go
@@ -11,6 +11,7 @@ import (
 	"os"
 	"wscan/core/entry"
 	"wscan/core/utils"
+	logger "wscan/core/utils/log"
 )
 
 func showBanner() {
@@ -57,6 +58,10 @@ func Convert(c *cli.Context) error {
 }
 
 func GenerateCA(c *cli.Context) error {
+	_, err := entry.LoadOrGenConfig(c)
+	if err != nil {
+		logger.Fatal(err)
+	}
 	if err := utils.GenerateCAToPath("." + string(os.PathSeparator)); err != nil {
 		return err
 	}
@@ -137,6 +142,16 @@ var subCommandWebScan = cli.Command{
 			Aliases: []string{"fs"},
 			Value:   "",
 			Usage:   " force usage of SSL/HTTPS for raw-request"},
+		&cli.BoolFlag{
+			Name:    "no-scan",
+			Aliases: []string{"ns"},
+			Value:   false,
+			Usage:   "No vulnerability detection, only enable crawlers"},
+		&cli.StringFlag{
+			Name:    "json-crawler-output",
+			Aliases: []string{"jco"},
+			Value:   "",
+			Usage:   "output wscan crawler results to FILE in json format"},
 		&cli.StringFlag{
 			Name:    "json-output",
 			Aliases: []string{"jo"},
@@ -156,22 +171,6 @@ var subCommandWebScan = cli.Command{
 	Action: entry.NewApp,
 }
 
-var subCommandServiceScan = cli.Command{
-	Name:    "servicescan",
-	Aliases: []string{"ss"},
-	Usage:   "Run a service scan task",
-	Flags:   []cli.Flag{},
-	Action:  ServiceScan,
-}
-
-var subCommandSubdomain = cli.Command{
-	Name:    "subdomain",
-	Aliases: []string{"sd"},
-	Usage:   "Run a subdomain task",
-	Flags:   []cli.Flag{},
-	Action:  SubdomainScan,
-}
-
 var subCommandReverse = cli.Command{
 	Name:    "reverse",
 	Aliases: []string{},
@@ -180,14 +179,6 @@ var subCommandReverse = cli.Command{
 	Action:  entry.ReverseAction,
 }
 
-var subCommandConvert = cli.Command{
-	Name:    "convert",
-	Aliases: []string{},
-	Usage:   "convert results from json to html or from html to json",
-	Flags:   []cli.Flag{},
-	Action:  Convert,
-}
-
 var subCommandGenCA = cli.Command{
 	Name:    "genca",
 	Aliases: []string{},
@@ -206,22 +197,21 @@ var subCommandVersion = cli.Command{
 
 func main() {
 	showBanner()
-	entry.LoadOrGenConfig(nil)
 	author := cli.Author{
 		Name:  "shaochuyu",
 		Email: "shaochuyu@qq.com",
 	}
 	app := &cli.App{
 		Name:    "wscan",
 		Usage:   "A powerful scanner engine ",
-		Version: "1.0.22",
+		Version: "1.0.24",
 		Authors: []*cli.Author{&author},
 		Flags: []cli.Flag{
 			&cli.StringFlag{
 				Name:    "config",
 				Aliases: []string{},
 				Value:   "",
-				Usage:   "从文件中加载配置（默认为“config.yaml”）"},
+				Usage:   "Load configuration from file (default to config. yaml)"},
 			&cli.StringFlag{
 				Name:    "log-level",
 				Aliases: []string{},
@@ -231,23 +221,16 @@ func main() {
 	}
 	app.Commands = []*cli.Command{
 		&subCommandWebScan,
-		&subCommandServiceScan,
-		&subCommandSubdomain,
 		&subCommandReverse,
-		&subCommandConvert,
 		&subCommandGenCA,
 		&subCommandVersion,
 	}
 	err := app.Run(os.Args)
 	if err != nil {
-
+		logger.Fatal(err.Error())
 	}
 }
 
-func loadLicense() {
-
-}
-
 func Run(c *cli.Context) error {
 	return nil
 }