Skip to content

Commit

Permalink
feat 增加请求参数收集;请求/返回存在敏感参数识别
Browse files Browse the repository at this point in the history
  • Loading branch information
yhy0 committed May 15, 2024
1 parent c88dbb0 commit fcc2c9d
Show file tree
Hide file tree
Showing 19 changed files with 714 additions and 169 deletions.
97 changes: 70 additions & 27 deletions SCopilot/templates/SCopilot.html
Original file line number Diff line number Diff line change
Expand Up @@ -80,23 +80,25 @@ <h3 class="fs-4">Security Copilot Report - Jie</h3>
<h4 class="card-title">基本信息</h4>
<div class="card-body" >
<p>{{ .data.Target }} </p>
{{ if .ipInfo.Cdn }}
<span class="badge rounded-pill text-bg-primary">cdn</span>
{{ end }}
{{ if .ipInfo }}
{{ if .ipInfo.Cdn }}
<span class="badge rounded-pill text-bg-primary">cdn</span>
{{ end }}

{{ if .ipInfo.Value }}
<span class="badge rounded-pill text-bg-primary">{{ .ipInfo.Value }} </span>
<span class="badge rounded-pill text-bg-primary">{{ .ipInfo.Type }} </span>
{{ end }}
<p></p>
{{ if .ipInfo.AllRecords }}
<div class="col overflow-auto" style="max-height: 80px;">
<ul class="list-group">
{{ range $i, $records := .ipInfo.AllRecords }}
<li class="list-group-item text-danger-emphasis">{{ $records }}</li>
{{ end }}
</ul>
</div>
{{ if .ipInfo.Value }}
<span class="badge rounded-pill text-bg-primary">{{ .ipInfo.Value }} </span>
<span class="badge rounded-pill text-bg-primary">{{ .ipInfo.Type }} </span>
{{ end }}
<p></p>
{{ if .ipInfo.AllRecords }}
<div class="col overflow-auto" style="max-height: 80px;">
<ul class="list-group">
{{ range $i, $records := .ipInfo.AllRecords }}
<li class="list-group-item text-danger-emphasis">{{ $records }}</li>
{{ end }}
</ul>
</div>
{{ end }}
{{ end }}
</div>
</div>
Expand All @@ -120,11 +122,13 @@ <h4 class="card-title">端口信息</h4>
</tr>
</thead>
<tbody>
{{ range $port, $service := .ipInfo.PortService }}
<tr>
<th scope="row">{{ $port }}</th>
<td>{{ $service }}</td>
</tr>
{{ if .ipInfo }}
{{ range $port, $service := .ipInfo.PortService }}
<tr>
<th scope="row">{{ $port }}</th>
<td>{{ $service }}</td>
</tr>
{{ end }}
{{ end }}
</tbody>
</table>
Expand All @@ -142,12 +146,9 @@ <h4 class="card-title">端口信息</h4>
</li>
<li class="nav-item position-relative" role="presentation">
<button class="nav-link" id="profile-tab" data-bs-toggle="tab" data-bs-target="#siteMap-tab-pane" type="button" role="tab" aria-controls="siteMap-tab-pane" aria-selected="false">Site Map</button>
<!-- {{ $sl := len .data.SiteMap }}-->
<!-- {{ if gt $sl 0 }}-->
<span id="SiteMapTotal" class="position-absolute top-0 start-100 translate-middle badge rounded-pill bg-info">
{{ len .data.SiteMap }}
</span>
<!-- {{ end }}-->
</li>
<li class="nav-item position-relative" role="presentation">
<button class="nav-link" id="vuln-tab" data-bs-toggle="tab" data-bs-target="#vuln-tab-pane" type="button" role="tab" aria-controls="vuln-tab-pane" aria-selected="false">Vuln</button>
Expand Down Expand Up @@ -380,6 +381,25 @@ <h4 class="level mb-0">
{{ end }}
</ul>
</div>
<div class="col mx-2 p-3 card border-success" style="width: 18rem;">
<div class="card-header d-flex justify-content-between">
Parameter
<button id="special-copy-btn" class="copy_btn btn btn-sm btn-outline-secondary" data-clipboard-target="#para-list">
<svg width="16" height="16" fill="currentColor" class="bi bi-clipboard">
<use xlink:href="#clipboard-icon"></use>
</svg>
</button>
</div>
<ul id="para-list" class="list-group list-group-flush overflow-auto" style="max-height: 30rem;">
{{ if .paras }}
{{range $para := .paras }}
<li class="list-group-item d-flex justify-content-between align-items-center">{{ $para.Key }}
<span class="badge bg-success rounded-pill">{{ $para.Value }}</span>
</li>
{{ end }}
{{ end }}
</ul>
</div>
<div class="col mx-2 p-3 card border-success" style="width: 18rem;">
<div class="card-header d-flex justify-content-between">
Urls
Expand Down Expand Up @@ -437,10 +457,33 @@ <h4 class="level mb-0">
}, 3000);
});

// Display an error message when copying fails
clipboard.on('error', function(e) {
console.error('Error copying:', e.text);
const specialClipboard = new ClipboardJS('#special-copy-btn', {
text: function(trigger) {
const keys = [...document.querySelectorAll('#para-list .list-group-item')].map(item => {
// 对item的文本进行处理
let parts = item.textContent.split("\n")
if (parts.length === 0) {
return item.textContent
}
return parts[0].trim();
});
return keys.join('\n');
}
});

specialClipboard.on('success', function(e) {
console.log('特殊复制成功:', e.text);
e.clearSelection();
// Change the SVG icon to the checkmark
const svgIcon = e.trigger.querySelector('svg use');
svgIcon.setAttribute('xlink:href', '#checkmark-icon');

// Restore the original SVG icon after 3 seconds
setTimeout(() => {
svgIcon.setAttribute('xlink:href', '#clipboard-icon');
}, 3000);
});

</script>
<script>
document.addEventListener("DOMContentLoaded", function () {
Expand Down
12 changes: 12 additions & 0 deletions SCopilot/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,11 @@ func handleWebSocket(c *gin.Context) {
}
}

type Para struct {
Key string
Value interface{}
}

func Init() {
logging.Logger.Infoln("Start SCopilot web service at :" + conf.GlobalConfig.Passive.WebPort)
gin.SetMode("release")
Expand Down Expand Up @@ -110,11 +115,18 @@ func Init() {
authorized.GET("/SCopilot", func(c *gin.Context) {
host := c.Query("host")

var paras []Para

for _, key := range output.SCopilotMessage[host].CollectionMsg.Parameters.Keys() {
value, _ := output.SCopilotMessage[host].CollectionMsg.Parameters.Get(key)
paras = append(paras, Para{Key: key, Value: value})
}
c.HTML(http.StatusOK, "SCopilot.html", gin.H{
"webPort": conf.GlobalConfig.Passive.WebPort,
"data": output.SCopilotMessage[host],
"ipInfo": output.IPInfoList[output.SCopilotMessage[host].HostNoPort],
"year": time.Now().Year(),
"paras": paras,
})
})

Expand Down
2 changes: 1 addition & 1 deletion conf/banner.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ var Banner = `

const Website = "https://github.com/yhy0/Jie"

const Version = "1.1.0"
const Version = "1.1.1"
67 changes: 64 additions & 3 deletions conf/file.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ http:
allowRedirect: 0 # 单个请求最大允许的跳转数,0 则不跳转
verifySSL: false # 是否验证 ssl 证书
maxQps: 50 # 每秒最大请求数
headers: # 全局 http 请求头
headers: # 指定 http 请求头
forceHTTP1: false # 强制指定使用 http/1.1, 不然会根据服务器选择,如果服务器支持 http2,默认会使用 http2
# 漏洞探测的插件配置
Expand Down Expand Up @@ -173,6 +173,68 @@ collection:
other:
- "(access.{0,1}key|access.{0,1}Key|access.{0,1}Id|access.{0,1}id|.{0,8}密码|.{0,8}账号|默认.{0,8}|加密|解密|(password|pwd|pass|username|user|name|account):\\s+[\"'].{1,36}['\"])"
- "['\"](ey[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9._-]{10,}|ey[A-Za-z0-9_\\/+-]{10,}\\.[A-Za-z0-9._\\/+-]{10,})['\"]"
sensitiveParameters: # 请求或者回显中一些可能可以利用的参数 不区分大小写
- url
- host
- href
- redirect
- u
- ip
- address
- addr
- file
- f
- dir
- directory
- path
- router
- callback
- conf
- cfg
- config
- jdbc
- db
- sql
- api
- apikey
- api_key
- access
- key
- token
- access_token
- accessToken
- stable_token
- authorizer
- authorizer_access_token
- authorizerAccessToken
- appid
- appSecret
- app_secret
- secret
- auth
- oauth
- oauth2
- corp
- admin
- pass
- pwd
- passwd
- password
- debug
- dbg
- exe
- exec
- execute
- load
- shell
- grant
- create
- k8s
- docker
- env
- _key # 这种以 _ 开头的会不完全匹配,包含 _key 就会抛出来
- _token
- _secret
`)

// HotConf 使用 viper 对配置热加载
Expand Down Expand Up @@ -203,7 +265,7 @@ func Init() {
}
logging.Logger.Infof("%s not find, Generate profile.", ConfigFile)
} else {
logging.Logger.Infoln("Load profile ", ConfigFile)
logging.Logger.Infoln("Load profile", ConfigFile)
}

ReadYamlConfig()
Expand Down Expand Up @@ -342,5 +404,4 @@ func ReadPlugin() {
if GlobalConfig.Plugins.NginxAliasTraversal.Enabled {
Plugin["nginx-alias-traversal"] = true
}

}
37 changes: 19 additions & 18 deletions conf/type.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,15 @@ type Options struct {
}

type Http struct {
Proxy string `json:"proxy"` // http/socks5 proxy to use
Timeout int `json:"timeout"` // Timeout is the seconds to wait for a response from the server.
MaxConnsPerHost int `json:"maxConnsPerHost"`
RetryTimes int `json:"retryTimes"`
AllowRedirect int `json:"allowRedirect"`
VerifySSL bool `json:"verifySSL"`
MaxQps int `json:"maxQps"` // MaxQps is the maximum number of queries per second.
Headers map[string]string `json:"headers"`
ForceHTTP1 bool `json:"forceHTTP1"` // 强制指定使用 http/1.1
Proxy string `json:"proxy"` // 漏洞扫描时使用的代理,如: http://127.0.0.1:8080
Timeout int `json:"timeout"` // 建立 tcp 连接的超时时间
MaxConnsPerHost int `json:"maxConnsPerHost"` // 每个 host 最大连接数
RetryTimes int `json:"retryTimes"` // 请求失败的重试次数,0 则不重试
AllowRedirect int `json:"allowRedirect"` // 单个请求最大允许的跳转数,0 则不跳转
VerifySSL bool `json:"verifySSL"` // 是否验证 ssl 证书
MaxQps int `json:"maxQps"` // 每秒最大请求数
Headers map[string]string `json:"headers"` // 指定 http 请求头
ForceHTTP1 bool `json:"forceHTTP1"` // 强制指定使用 http/1.1
}

type Passive struct {
Expand Down Expand Up @@ -175,15 +175,16 @@ type Sqlmap struct {

// Collection 信息收集中的正则
type Collection struct {
Domain []string `json:"domain"`
IP []string `json:"ip"`
Phone []string `json:"phone"`
Email []string `json:"email"`
IDCard []string `json:"idCard"`
API []string `json:"api"`
Url []string `json:"url"`
UrlFilter []string `json:"urlFilter"`
Other []string `json:"other"`
Domain []string `json:"domain"`
IP []string `json:"ip"`
Phone []string `json:"phone"`
Email []string `json:"email"`
IDCard []string `json:"idCard"`
API []string `json:"api"`
Url []string `json:"url"`
UrlFilter []string `json:"urlFilter"`
Other []string `json:"other"`
SensitiveParameters []string `json:"sensitive_parameters"`
}

type Mitmproxy struct {
Expand Down
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ require (
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
github.com/gorilla/websocket v1.5.1
github.com/iancoleman/orderedmap v0.3.0
github.com/imroc/req/v3 v3.43.2
github.com/ipinfo/go/v2 v2.10.0
github.com/jlaffaye/ftp v0.2.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -641,6 +641,8 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
github.com/huin/asn1ber v0.0.0-20120622192748-af09f62e6358 h1:hVXNJ57IHkOA8FBq80UG263MEBwNUMfS9c82J2QE5UQ=
github.com/huin/asn1ber v0.0.0-20120622192748-af09f62e6358/go.mod h1:qBE210J2T9uLXRB3GNc73SvZACDEFAmDCOlDkV47zbY=
github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc=
github.com/iancoleman/orderedmap v0.3.0/go.mod h1:XuLcCUkdL5owUCQeF2Ue9uuw1EptkJDkXXS7VoV7XGE=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
github.com/icodeface/tls v0.0.0-20230910023335-34df9250cd12 h1:uSJXMFVNfN2hyXDLM19op2fNiCN/nL8xgdmNXgs5738=
Expand Down Expand Up @@ -1203,8 +1205,6 @@ github.com/tdewolff/test v1.0.11-0.20231101010635-f1265d231d52 h1:gAQliwn+zJrkjA
github.com/tdewolff/test v1.0.11-0.20231101010635-f1265d231d52/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE=
github.com/tebeka/strftime v0.1.3 h1:5HQXOqWKYRFfNyBMNVc9z5+QzuBtIXy03psIhtdJYto=
github.com/tebeka/strftime v0.1.3/go.mod h1:7wJm3dZlpr4l/oVK0t1HYIc4rMzQ2XJlOMIUJUJH6XQ=
github.com/tetratelabs/wazero v1.7.0 h1:jg5qPydno59wqjpGrHph81lbtHzTrWzwwtD4cD88+hQ=
github.com/tetratelabs/wazero v1.7.0/go.mod h1:ytl6Zuh20R/eROuyDaGPkp82O9C/DJfXAwJfQ3X6/7Y=
github.com/tetratelabs/wazero v1.7.1 h1:QtSfd6KLc41DIMpDYlJdoMc6k7QTN246DM2+n2Y/Dx8=
github.com/tetratelabs/wazero v1.7.1/go.mod h1:ytl6Zuh20R/eROuyDaGPkp82O9C/DJfXAwJfQ3X6/7Y=
github.com/thoas/go-funk v0.9.3 h1:7+nAEx3kn5ZJcnDm2Bh23N2yOtweO14bi//dvRtgLpw=
Expand Down
8 changes: 4 additions & 4 deletions pkg/input/input.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ type CrawlResult struct {
Fingerprints []string `json:"fingerprints"` // 指纹,有的扫描插件需要匹配到指纹才会进行扫描
Source string `json:"source"` // 来源
File string `json:"file"`
Kv string `json:"kv"` // 参数名和参数值 user=admin&password=admin
Param []string `json:"param"` // 请求中的参数名 user,password,
Waf []string `json:"waf"` // 是否存在 waf
Archive map[string]string `json:"archive"` // 从 web.archive.org 获取到的历史 url
Kv string `json:"kv"` // 参数名和参数值 user=admin&password=admin
ParamNames []string `json:"param_names"` // 请求中的参数名 user,password,
Waf []string `json:"waf"` // 是否存在 waf
Archive map[string]string `json:"archive"` // 从 web.archive.org 获取到的历史 url
}
Loading

0 comments on commit fcc2c9d

Please sign in to comment.