fix eable少了e的bug，增加了filefuzz时bywaf的功能 2022-10-07

README_CN.md

@@ -207,8 +207,11 @@ priorityNmap=false ./scan4all -tp http -list allOut.txt -v
 more see: <a href=https://github.com/hktalent/scan4all/discussions>discussions</a>
 
 # 变更日志
-- 2022-10-03 优化了fuzz，http2.0下测试18秒可以完成6万的扫描，同时合并、去除冗余的结果
-- 2022-10-03 优化：所有的web扫描前，均做有效检测，避免无效扫描，提升了效率
+- 2022-10-03 Pro版本：
+   * 优化了fuzz，http2.0下测试18秒可以完成6万的扫描，同时合并、去除冗余的结果
+   * 优化：所有的web扫描前，均做有效检测，避免无效扫描，提升了效率
+   * 增加了若干go-poc
+   * 实现了分布式功能server端功能，分布式客户端实现了部分被动扫描模式的封装、重构
 - 2022-07-28 为 nuclei 添加 substr、 aes_cbc DSL 函数<a href="https://github.com/projectdiscovery/nuclei/releases/tag/v2.7.7">nuclei v2.7.7</a>
 - 2022-08-03 fixed nuclei Multiple instances cache goroutine leaks PR<a href=https://github.com/projectdiscovery/nuclei/issues/2386>#2386</a>
 - 2022-07-20 fix and PR nuclei <a href=https://github.com/projectdiscovery/nuclei/issues/2301>#2301</a> 并发多实例的bug

brute/dicts.go

@@ -17,8 +17,13 @@ var (
 	top100pass       = []string{}   // top 100 密码，用于 http爆破
 	weblogicuserpass = []UserPass{} // weblogic user pass 字典
 	filedic          = []string{}   // fuzz字典
+	SelfHd           = []string{}
 )
 
+// by waf
+//go:embed dicts/selfHd.txt
+var selfHds string
+
 // http 爆破user
 //go:embed dicts/httpuser.txt
 var httpuser string
@@ -66,6 +71,7 @@ var basicusers []string
 
 func init() {
 	util.RegInitFunc(func() {
+		SelfHd = append(SelfHd, CvtLines(util.GetVal4File("SelfHd", selfHds))...)
 		tomcatuserpass = CvtUps(util.GetVal4File("tomcatuserpass", szTomcatuserpass))
 		jbossuserpass = CvtUps(util.GetVal4File("jbossuserpass", szJbossuserpass))
 		weblogicuserpass = CvtUps(util.GetVal4File("weblogicuserpass", szWeblogicuserpass))
@@ -75,3 +81,13 @@ func init() {
 		top100pass = append(top100pass, strings.Split(strings.TrimSpace(util.GetVal4File("httpass", httpass)), "\n")...)
 	})
 }
+
+func ByWafHd(m1 *map[string]string) *map[string]string {
+	if util.GetValAsBool("enableByWaf") {
+		sz127 := "127.0.0.1"
+		for _, k := range SelfHd {
+			(*m1)[k] = sz127
+		}
+	}
+	return m1
+}

brute/dicts/selfHd.txt

@@ -0,0 +1,37 @@
+Base-Url
+Client-IP
+Forwarded
+Http-Url
+Proxy-Host
+Proxy-Url
+Real-Ip
+Redirect
+Referer
+Referrer
+Refferer
+Request-Uri
+Uri
+Url
+X-Client-IP
+X-Custom-IP-Authorization
+X-Forward-For
+X-Forwarded
+X-Forwarded-By
+X-Forwarded-For
+X-Forwarded-For-IP
+X-Forwarded-For-Original
+X-Forwarded-Host
+X-Forwarded-Server
+X-Forwarder-For
+X-Host
+X-Http-Destinationurl
+X-Http-Host-Override
+X-Original-Remote-Addr
+X-Original-Url
+X-Originating-IP
+X-Proxy-Url
+X-Real-Ip
+X-Remote-Addr
+X-Remote-IP
+X-Rewrite-Url
+X-True-IP

brute/filefuzz.go

@@ -44,7 +44,7 @@ func InitGeneral() int {
 			ret = append(ret, "/"+prefix[i]+suffix[j])
 		}
 	}
-	eableFileFuzz = !util.GetValAsBool("enablFileFuzz")
+	eableFileFuzz = !util.GetValAsBool("enableFileFuzz")
 	return len(ret)
 }
 
@@ -62,6 +62,9 @@ func reqPage(u string) (*util.Page, *util.Response, error) {
 	header["Accept"] = "*/*"
 	header["Connection"] = "close"
 	header["Pragma"] = "no-cache"
+	// by WAF
+	header = *ByWafHd(&header)
+
 	// fuzz check Shiro CVE_2016_4437
 	header["Cookie"] = "JSESSIONID=" + RandStr4Cookie + ";rememberMe=123"
 	if req, err := util.HttpRequset(u, method, "", false, header); err == nil && nil != req && nil != req.Header {

config/config.json

@@ -74,7 +74,7 @@
   "priorityNmap": true,
   "noScan": false,
   "enableMultNuclei": false,
-  "enableNuclei": false,
+  "enableNuclei": true,
   "nuclei": {
     "Severities":  [5,4,3],
     "RateLimit": 150,
@@ -87,9 +87,10 @@
     "HeadlessTemplateThreads": 10,
     "ReportingConfig": "config/nuclei_esConfig.yaml"
   },
-  "enablDevDebug": true,
-  "enablEmbedYaml": true,
-  "enablFileFuzz": true,
+  "enableByWaf": true,
+  "enableDevDebug": true,
+  "enableEmbedYaml": true,
+  "enableFileFuzz": true,
   "httpx": {
     "Pipeline": false,
     "HTTP2Probe": false,

main.go

@@ -35,7 +35,7 @@ func main() {
 	}
 
 	szTip := ""
-	if util.GetValAsBool("enablDevDebug") {
+	if util.GetValAsBool("enableDevDebug") {
 		// debug 优化时启用///////////////////////
 		go func() {
 			szTip = "Since you started http://127.0.0.1:6060/debug/pprof/ with -debug, close the program with: control + C"

pkg/kscan/lib/pool/pool.go

@@ -40,11 +40,11 @@ func NewWorker(f func(interface{}) interface{}) *Worker {
 	}
 }
 
-var enablDevDebug bool
+var enableDevDebug bool
 
 func init() {
 	util.RegInitFunc(func() {
-		enablDevDebug = util.GetValAsBool("enablDevDebug")
+		enableDevDebug = util.GetValAsBool("enableDevDebug")
 	})
 }
 
@@ -106,7 +106,7 @@ func (p *Pool) work() {
 		//设置工作内容
 		f := NewWorker(p.Function)
 		//开始工作，输出工作结果
-		//if enablDevDebug {
+		//if enableDevDebug {
 		fmt.Printf(" hydra: %v\r", param)
 		//}
 		out, err := f.Run(param)

projectdiscovery/nuclei_Yaml/nuclei_yaml.go

@@ -433,7 +433,7 @@ func readConfig(options *types.Options) {
 	options.UpdateTemplates = false
 	options.TemplatesDirectory = pwd + "/config/nuclei-templates"
 	// 嵌入式集成私人版本nuclei-templates 共3744个YAML POC
-	if util.GetValAsBool("enablEmbedYaml") {
+	if util.GetValAsBool("enableEmbedYaml") {
 		options.Templates = []string{pwd + "/config/nuclei-templates"}
 		options.NoUpdateTemplates = true
 	} else {