From 4059c7937882bb0ffc9b973d1807c4bd3a74cdf2 Mon Sep 17 00:00:00 2001 From: 51pwn <51pwn@51pwn.com> Date: Sat, 30 Jul 2022 18:17:40 +0800 Subject: [PATCH] =?UTF-8?q?fixed=20#44=20=E4=BC=98=E5=8C=96init=E6=89=A7?= =?UTF-8?q?=E8=A1=8C=E9=A1=BA=E5=BA=8F=202022-07-30?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- brute/dicts.go | 16 ++-- brute/filefuzz.go | 26 +++--- brute/fuzzAI.go | 2 +- lib/util/config.go | 25 ++++- lib/util/kvDb.go | 5 +- main.go | 8 +- pkg/fingerprint/eHoleFingerData.go | 4 +- pkg/fingerprint/localFingerData.go | 4 +- pkg/hydra/loadDicts.go | 142 +++++++++++++++-------------- pkg/hydra/runner.go | 26 +++--- pkg/kscan/lib/grdp/glog/log.go | 4 - pocs_go/go_poc_check.go | 54 +++++------ 12 files changed, 168 insertions(+), 148 deletions(-) diff --git a/brute/dicts.go b/brute/dicts.go index 9dfc45570..97dba2be5 100644 --- a/brute/dicts.go +++ b/brute/dicts.go @@ -65,11 +65,13 @@ func CvtLines(s string) []string { var basicusers []string func init() { - tomcatuserpass = CvtUps(util.GetVal4File("tomcatuserpass", szTomcatuserpass)) - jbossuserpass = CvtUps(util.GetVal4File("jbossuserpass", szJbossuserpass)) - weblogicuserpass = CvtUps(util.GetVal4File("weblogicuserpass", szWeblogicuserpass)) - filedic = append(filedic, CvtLines(util.GetVal4File("filedic", szFiledic))...) - top100pass = append(top100pass, CvtLines(util.GetVal4File("top100pass", szTop100pass))...) - basicusers = strings.Split(strings.TrimSpace(util.GetVal4File("httpuser", httpass)), "\n") - top100pass = append(top100pass, strings.Split(strings.TrimSpace(util.GetVal4File("httpass", httpass)), "\n")...) + util.RegInitFunc(func() { + tomcatuserpass = CvtUps(util.GetVal4File("tomcatuserpass", szTomcatuserpass)) + jbossuserpass = CvtUps(util.GetVal4File("jbossuserpass", szJbossuserpass)) + weblogicuserpass = CvtUps(util.GetVal4File("weblogicuserpass", szWeblogicuserpass)) + filedic = append(filedic, CvtLines(util.GetVal4File("filedic", szFiledic))...) + top100pass = append(top100pass, CvtLines(util.GetVal4File("top100pass", szTop100pass))...) + basicusers = strings.Split(strings.TrimSpace(util.GetVal4File("httpuser", httpass)), "\n") + top100pass = append(top100pass, strings.Split(strings.TrimSpace(util.GetVal4File("httpass", httpass)), "\n")...) + }) } diff --git a/brute/filefuzz.go b/brute/filefuzz.go index 38627ff0e..3cf9a1cf3 100644 --- a/brute/filefuzz.go +++ b/brute/filefuzz.go @@ -130,20 +130,22 @@ var ( // 初始化字典、数组等 func init() { - bakSuffix = util.GetVal4File("bakSuffix", bakSuffix) - fuzzct = util.GetVal4File("fuzzct", fuzzct) + util.RegInitFunc(func() { + bakSuffix = util.GetVal4File("bakSuffix", bakSuffix) + fuzzct = util.GetVal4File("fuzzct", fuzzct) - InitGeneral() - regs = strings.Split(strings.TrimSpace(fuzzct), "\n") - var err error - // 初始化多时候一次性编译,否则会影响效率 - for _, reg := range regs { - regsMap[reg], err = regexp.Compile(reg) - if nil != err { - log.Println(reg, " regexp.Compile error: ", err) + InitGeneral() + regs = strings.Split(strings.TrimSpace(fuzzct), "\n") + var err error + // 初始化多时候一次性编译,否则会影响效率 + for _, reg := range regs { + regsMap[reg], err = regexp.Compile(reg) + if nil != err { + log.Println(reg, " regexp.Compile error: ", err) + } } - } - //regs = append(regs, ret...) + //regs = append(regs, ret...) + }) } // 绝对404请求文件前缀 diff --git a/brute/fuzzAI.go b/brute/fuzzAI.go index 408d0331e..e24ef2f6a 100644 --- a/brute/fuzzAI.go +++ b/brute/fuzzAI.go @@ -48,7 +48,7 @@ func init() { sz404Url = util.GetVal4File("404url", sz404Url) page404Title = strings.Split(strings.TrimSpace(fuzz404), "\n") asz404Url = strings.Split(strings.TrimSpace(sz404Url), "\n") - data, err := util.Cache1.Get(asz404UrlKey) + data, err := util.NewKvDbOp().Get(asz404UrlKey) if nil == err && 0 < len(data) { aT1 := asz404Url if nil != json.Unmarshal(data, &asz404Url) { diff --git a/lib/util/config.go b/lib/util/config.go index 692eca78c..100f2799b 100644 --- a/lib/util/config.go +++ b/lib/util/config.go @@ -16,6 +16,7 @@ import ( "runtime" "strconv" "strings" + "time" ) // 字符串包含关系,且大小写不敏感 @@ -160,7 +161,8 @@ func RandStringRunes(n int) string { return string(b) } -func Init() { +// 初始化配置文件信息,这个必须先执行 +func Init2() { pwd, _ := os.Getwd() SzPwd = pwd var ConfigName = "config/config.json" @@ -281,7 +283,7 @@ func doDir(config *embed.FS, s fs.DirEntry, szPath string) { var UserHomeDir string = "./" // 初始化到开头 -func Init2(config *embed.FS) { +func Init1(config *embed.FS) { dirname, err := os.UserHomeDir() if nil == err { UserHomeDir = dirname @@ -305,14 +307,27 @@ func Init2(config *embed.FS) { } } } else { - log.Println("Init:", err) + log.Println("Init2:", err) } } - Init() - init5() + Init2() + init3() log.Println("init config files is over .") } +var fnInit []func() + +func RegInitFunc(cbk func()) { + fnInit = append(fnInit, cbk) +} +func DoInit(config *embed.FS) { + Init1(config) + rand.Seed(time.Now().UnixNano()) + for _, x := range fnInit { + x() + } +} + func RemoveDuplication_map(arr []string) []string { set := make(map[string]struct{}, len(arr)) j := 0 diff --git a/lib/util/kvDb.go b/lib/util/kvDb.go index 20da58ef5..32cfa2d7a 100644 --- a/lib/util/kvDb.go +++ b/lib/util/kvDb.go @@ -41,7 +41,7 @@ func (r *KvDbOp) Init(szDb string) error { opts.LevelSizeMultiplier = 20 db, err := badger.Open(opts) if nil != err { - log.Println("Init k-v db 不能多个进程同时开启", err) + log.Println("Init2 k-v db 不能多个进程同时开启", err) return err } r.DbConn = db @@ -115,6 +115,7 @@ func (r *KvDbOp) Put(key string, data []byte) { } // 调整初始化顺序 -func init5() { +// 初始化 kvDb +func init3() { NewKvDbOp() } diff --git a/main.go b/main.go index 7ed84ef62..5303e964e 100644 --- a/main.go +++ b/main.go @@ -6,26 +6,20 @@ import ( "github.com/hktalent/scan4all/lib/api" "github.com/hktalent/scan4all/lib/util" "log" - "math/rand" "net/http" _ "net/http/pprof" "runtime" "sync" - "time" ) //go:embed config/* var config embed.FS -func init() { - util.Init2(&config) - rand.Seed(time.Now().UnixNano()) -} - var Wg sync.WaitGroup func main() { runtime.GOMAXPROCS(runtime.NumCPU()) + util.DoInit(&config) util.Wg = &Wg defer util.CloseAll() szTip := "" diff --git a/pkg/fingerprint/eHoleFingerData.go b/pkg/fingerprint/eHoleFingerData.go index 51996f15f..36a296f2b 100644 --- a/pkg/fingerprint/eHoleFingerData.go +++ b/pkg/fingerprint/eHoleFingerData.go @@ -9,5 +9,7 @@ import ( var eHoleFinger string func init() { - eHoleFinger = util.GetVal4File("eHoleFinger", eHoleFinger) + util.RegInitFunc(func() { + eHoleFinger = util.GetVal4File("eHoleFinger", eHoleFinger) + }) } diff --git a/pkg/fingerprint/localFingerData.go b/pkg/fingerprint/localFingerData.go index 4eb707e24..e20716e9d 100644 --- a/pkg/fingerprint/localFingerData.go +++ b/pkg/fingerprint/localFingerData.go @@ -9,5 +9,7 @@ import ( var localFinger string func init() { - localFinger = util.GetVal4File("localFinger", localFinger) + util.RegInitFunc(func() { + localFinger = util.GetVal4File("localFinger", localFinger) + }) } diff --git a/pkg/hydra/loadDicts.go b/pkg/hydra/loadDicts.go index fbceef7c7..41507a65e 100644 --- a/pkg/hydra/loadDicts.go +++ b/pkg/hydra/loadDicts.go @@ -132,76 +132,78 @@ type PPDict struct { var md = map[string]*PPDict{} func init() { - md["ftp"] = &PPDict{ - Username: util.GetVal4File("ftp_user", ftpusername), - Paswd: util.GetVal4File("ftp_pswd", ftp_pswd), - DefaultUp: util.GetVal4Filedefault("ftp_default", ftp_default), - } - md["ssh"] = &PPDict{ - Username: util.GetVal4File("ssh_username", username), - Paswd: util.GetVal4File("ssh_pswd", pswd), - DefaultUp: util.GetVal4Filedefault("ssh_default", ssh_default), - } - md["rsh-spx"] = md["ssh"] - md["snmp"] = &PPDict{ - Username: util.GetVal4File("snmp_user", snmp_user), - Paswd: util.GetVal4File("snmp_pswd", snmp_pswd), - DefaultUp: util.GetVal4Filedefault("snmp_default", snmp_default), - } - // 再增加字典 - md["wap-wsp"] = &PPDict{ - Username: util.GetVal4File("es_user", es_user), - Paswd: util.GetVal4File("es_pswd", es_pswd), - DefaultUp: util.GetVal4Filedefault("es_default", es_default), - } - md["router"] = md["wap-wsp"] - md["mongodb"] = &PPDict{ - Username: util.GetVal4File("mongodb_username", mongodbusername), - Paswd: util.GetVal4File("mongodb_pswd", mongodb_pswd), - DefaultUp: util.GetVal4Filedefault("mongodb_default", mongodb_default), - } - md["mongod"] = md["mongodb"] - md["mssql"] = &PPDict{ - Username: util.GetVal4File("mssql_username", mssqlusername), - Paswd: util.GetVal4File("mssql_pswd", mssql_pswd), - DefaultUp: util.GetVal4Filedefault("mssql_default", mssql_default), - } - md["mysql"] = &PPDict{ - Username: util.GetVal4File("mysql_username", mysqlusername), - Paswd: util.GetVal4File("mysql_pswd", mysql_pswd), - DefaultUp: util.GetVal4File("mysql_default", mysql_default), - } - md["oracle"] = &PPDict{ - Username: util.GetVal4File("oracle_username", oracleusername), - Paswd: util.GetVal4File("oracle_pswd", oracle_pswd), - DefaultUp: util.GetVal4Filedefault("oracleh_default", oracle_default), - } - md["postgresql"] = &PPDict{ - Username: util.GetVal4File("postgresql_username", postgresqlusername), - Paswd: util.GetVal4File("postgresql_pswd", postgresql_pswd), - DefaultUp: util.GetVal4Filedefault("postgresql_default", postgresql_default), - } - md["rdp"] = &PPDict{ - Username: util.GetVal4File("rdp_username", rdpusername), - Paswd: util.GetVal4File("rdp_pswd", rdp_pswd), - DefaultUp: util.GetVal4Filedefault("rdp_default", rdp_default), - } - md["redis"] = &PPDict{ - Username: util.GetVal4File("redis_username", redisusername), - Paswd: util.GetVal4File("redis_pswd", redis_pswd), - DefaultUp: util.GetVal4Filedefault("redis_default", redis_default), - } - md["smb"] = &PPDict{ - Username: util.GetVal4File("smb_username", smbusername), - Paswd: util.GetVal4File("smb_pswd", smb_pswd), - DefaultUp: util.GetVal4Filedefault("smb_default", smb_default), - } - md["winrm"] = md["smb"] - md["telnet"] = &PPDict{ - Username: util.GetVal4File("telnet_username", telnetusername), - Paswd: util.GetVal4File("telnet_pswd", telnet_pswd), - DefaultUp: util.GetVal4Filedefault("telnet_default", telnet_default), - } + util.RegInitFunc(func() { + md["ftp"] = &PPDict{ + Username: util.GetVal4File("ftp_user", ftpusername), + Paswd: util.GetVal4File("ftp_pswd", ftp_pswd), + DefaultUp: util.GetVal4Filedefault("ftp_default", ftp_default), + } + md["ssh"] = &PPDict{ + Username: util.GetVal4File("ssh_username", username), + Paswd: util.GetVal4File("ssh_pswd", pswd), + DefaultUp: util.GetVal4Filedefault("ssh_default", ssh_default), + } + md["rsh-spx"] = md["ssh"] + md["snmp"] = &PPDict{ + Username: util.GetVal4File("snmp_user", snmp_user), + Paswd: util.GetVal4File("snmp_pswd", snmp_pswd), + DefaultUp: util.GetVal4Filedefault("snmp_default", snmp_default), + } + // 再增加字典 + md["wap-wsp"] = &PPDict{ + Username: util.GetVal4File("es_user", es_user), + Paswd: util.GetVal4File("es_pswd", es_pswd), + DefaultUp: util.GetVal4Filedefault("es_default", es_default), + } + md["router"] = md["wap-wsp"] + md["mongodb"] = &PPDict{ + Username: util.GetVal4File("mongodb_username", mongodbusername), + Paswd: util.GetVal4File("mongodb_pswd", mongodb_pswd), + DefaultUp: util.GetVal4Filedefault("mongodb_default", mongodb_default), + } + md["mongod"] = md["mongodb"] + md["mssql"] = &PPDict{ + Username: util.GetVal4File("mssql_username", mssqlusername), + Paswd: util.GetVal4File("mssql_pswd", mssql_pswd), + DefaultUp: util.GetVal4Filedefault("mssql_default", mssql_default), + } + md["mysql"] = &PPDict{ + Username: util.GetVal4File("mysql_username", mysqlusername), + Paswd: util.GetVal4File("mysql_pswd", mysql_pswd), + DefaultUp: util.GetVal4File("mysql_default", mysql_default), + } + md["oracle"] = &PPDict{ + Username: util.GetVal4File("oracle_username", oracleusername), + Paswd: util.GetVal4File("oracle_pswd", oracle_pswd), + DefaultUp: util.GetVal4Filedefault("oracleh_default", oracle_default), + } + md["postgresql"] = &PPDict{ + Username: util.GetVal4File("postgresql_username", postgresqlusername), + Paswd: util.GetVal4File("postgresql_pswd", postgresql_pswd), + DefaultUp: util.GetVal4Filedefault("postgresql_default", postgresql_default), + } + md["rdp"] = &PPDict{ + Username: util.GetVal4File("rdp_username", rdpusername), + Paswd: util.GetVal4File("rdp_pswd", rdp_pswd), + DefaultUp: util.GetVal4Filedefault("rdp_default", rdp_default), + } + md["redis"] = &PPDict{ + Username: util.GetVal4File("redis_username", redisusername), + Paswd: util.GetVal4File("redis_pswd", redis_pswd), + DefaultUp: util.GetVal4Filedefault("redis_default", redis_default), + } + md["smb"] = &PPDict{ + Username: util.GetVal4File("smb_username", smbusername), + Paswd: util.GetVal4File("smb_pswd", smb_pswd), + DefaultUp: util.GetVal4Filedefault("smb_default", smb_default), + } + md["winrm"] = md["smb"] + md["telnet"] = &PPDict{ + Username: util.GetVal4File("telnet_username", telnetusername), + Paswd: util.GetVal4File("telnet_pswd", telnet_pswd), + DefaultUp: util.GetVal4Filedefault("telnet_default", telnet_default), + } + }) } func GetDefaultFtpList(t string) *AuthList { diff --git a/pkg/hydra/runner.go b/pkg/hydra/runner.go index 88bf3d025..545fae3be 100644 --- a/pkg/hydra/runner.go +++ b/pkg/hydra/runner.go @@ -11,19 +11,21 @@ import ( ) func init() { - InitDefaultAuthMap() - var a1, a2 []string - HydraUser := util.GetVal4File("HydraUser", "") - if "" != HydraUser { - a1 = strings.Split(HydraUser, "\n") - } + util.RegInitFunc(func() { + InitDefaultAuthMap() + var a1, a2 []string + HydraUser := util.GetVal4File("HydraUser", "") + if "" != HydraUser { + a1 = strings.Split(HydraUser, "\n") + } - HydraPass := util.GetVal4File("HydraPass", "") - if "" != HydraPass { - a2 = strings.Split(HydraPass, "\n") - } - //加载自定义字典 - InitCustomAuthMap(a1, a2) + HydraPass := util.GetVal4File("HydraPass", "") + if "" != HydraPass { + a2 = strings.Split(HydraPass, "\n") + } + //加载自定义字典 + InitCustomAuthMap(a1, a2) + }) } // 密码破解 diff --git a/pkg/kscan/lib/grdp/glog/log.go b/pkg/kscan/lib/grdp/glog/log.go index 2161b21ae..e4cf7d92d 100755 --- a/pkg/kscan/lib/grdp/glog/log.go +++ b/pkg/kscan/lib/grdp/glog/log.go @@ -6,10 +6,6 @@ import ( "sync" ) -func init() { - -} - var ( logger *log.Logger level LEVEL diff --git a/pocs_go/go_poc_check.go b/pocs_go/go_poc_check.go index ac78c0b1f..141849f01 100644 --- a/pocs_go/go_poc_check.go +++ b/pocs_go/go_poc_check.go @@ -268,33 +268,35 @@ func POCcheck(wappalyzertechnologies []string, URL string, finalURL string, chec } func init() { - // 异步启动一个线程处理检测,避免 - go func() { - nMax := 240 // 等xxx秒都没有消息进入就退出 - nCnt := 0 - for { - select { - case <-util.Ctx_global.Done(): - return - case x1 := <-util.PocCheck_pipe: - nCnt = 0 - log.Printf("<-lib.PocCheck_pipe: %+v %s", *x1.Wappalyzertechnologies, x1.URL) - util.Wg.Add(1) - go POCcheck(*x1.Wappalyzertechnologies, x1.URL, x1.FinalURL, x1.Checklog4j) - default: - if os.Getenv("NoPOC") == "true" { - close(util.PocCheck_pipe) + util.RegInitFunc(func() { + // 异步启动一个线程处理检测,避免 + go func() { + nMax := 240 // 等xxx秒都没有消息进入就退出 + nCnt := 0 + for { + select { + case <-util.Ctx_global.Done(): return + case x1 := <-util.PocCheck_pipe: + nCnt = 0 + log.Printf("<-lib.PocCheck_pipe: %+v %s", *x1.Wappalyzertechnologies, x1.URL) + util.Wg.Add(1) + go POCcheck(*x1.Wappalyzertechnologies, x1.URL, x1.FinalURL, x1.Checklog4j) + default: + if os.Getenv("NoPOC") == "true" { + close(util.PocCheck_pipe) + return + } + if nMax < nCnt { + close(util.PocCheck_pipe) + return + } + var f01 float32 = float32(nCnt) / float32(nMax) * float32(100) + fmt.Printf(" Asynchronous go PoCs detection task %%%0.2f ....\r", f01) + <-time.After(time.Duration(1) * time.Second) + nCnt += 1 } - if nMax < nCnt { - close(util.PocCheck_pipe) - return - } - var f01 float32 = float32(nCnt) / float32(nMax) * float32(100) - fmt.Printf(" Asynchronous go PoCs detection task %%%0.2f ....\r", f01) - <-time.After(time.Duration(1) * time.Second) - nCnt += 1 } - } - }() + }() + }) }