update

yhy0 · Sep 3, 2023 · 9924ead · 9924ead
1 parent 707f74f
commit 9924ead
Show file tree

Hide file tree

Showing 7 changed files with 252 additions and 176 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,53 @@
+name: 🎉 Build Binary
+on:
+  create:
+    tags:
+      - v*
+  workflow_dispatch:
+jobs:
+
+  build:
+    name: Build
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
+    steps:
+      - name: Set up Go 1.20
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.20
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Get dependencies
+        run: go mod download
+
+      - name: Build On Linux
+        run: |
+          go build -ldflags "-s -w" -o Jie-Linux-x64 main.go
+          chmod +x Jie-Linux-x64
+        if: matrix.os == 'ubuntu-latest'
+      - name: Build On Darwin
+        run: |
+          go build -ldflags "-s -w" -o Jie-Darwin-x64 main.go
+          chmod +x Jie-Darwin-x64
+        if: matrix.os == 'macos-latest'
+      - name: Build On Windows
+        run: |
+          go build -ldflags "-s -w" -o Jie-Windows-x64.exe main.go
+        if: matrix.os == 'windows-latest'
+        env:
+          GOOS: windows
+          GOENABLE: 1
+      - name: Release
+        uses: softprops/action-gh-release@master
+        with:
+          files: Jie-*
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/README.md b/README.md
@@ -1,4 +1,26 @@
 ## 劫(开发中)
+## 漏洞利用
+因大部分漏洞的利用工具使用 java 编写，并且支持的java 版本不同，搞环境太费劲，恶心坏了，所以重新定义了Jie。
+
+Jie: 一款全面而强大的漏洞`扫描`和`利用`工具。
+
+目前版本(0.3.1)支持以下漏洞的利用
+
+```shell
+Available Commands:
+  apollo      apollo scan && exp 
+  log4j       log4j scan && exp
+  other       other scan && exp bb:BasicBrute、swagger:Swagger、nat:NginxAliasTraversal、bbscan:bbscan)
+  s2          Struts2 scan && exp
+  shiro       Shiro scan && exp
+  weblogic    WebLogic scan && exp
+  webscan     Run a webscan task
+```
+
+其中借鉴缝合了很多师傅的工具，对应的漏洞扫描和利用中有写，如有遗漏，可以联系我，添加上
+后续会缝合支持更多的漏洞利用。
+
+
 
 https://jie.fireline.fun/
 
@@ -23,19 +45,6 @@ https://jie.fireline.fun/
 
 防止对 php 的网站调用 java 的扫描插件
 
-## 插件调用(后期看看有没有必要吧)
-
-插件如何调用？ 这里直接放弃，只要代码逻辑写好就行了，后期或者有重构的想法
-
-~~仿照awvs设计了插件类别~~
-
-~~PerFile 对每个文件处理,包括文件后面的参数~~
-
-~~PerFolder 对每个目录处理~~
-
-~~PerScheme 对每个域名处理~~
-
-~~PostScan 对Post请求的处理~~
 
 ## 参考
 

diff --git a/cmd/other.go b/cmd/other.go
@@ -6,7 +6,9 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/yhy0/Jie/conf"
 	"github.com/yhy0/Jie/pkg/protocols/httpx"
+	"github.com/yhy0/Jie/scan/bbscan"
 	"github.com/yhy0/Jie/scan/brute"
+	"github.com/yhy0/Jie/scan/swagger"
 	"github.com/yhy0/Jie/scan/traversal"
 	"github.com/yhy0/logging"
 )
@@ -19,7 +21,7 @@ import (
 
 var otherCmd = &cobra.Command{
 	Use:   "other",
-	Short: "other scan && exp",
+	Short: "other scan && exp bb:BasicBrute、swagger:Swagger、nat:NginxAliasTraversal、bbscan:bbscan)",
 	Run: func(cmd *cobra.Command, args []string) {
 		logging.New(conf.GlobalConfig.Options.Debug, "", "Jie", false)
 		// 初始化 session ,todo 后续优化一下，不同网站共用一个不知道会不会出问题，应该不会
@@ -32,6 +34,10 @@ var otherCmd = &cobra.Command{
 			}
 		case "nat":
 			traversal.NginxAlias(conf.GlobalConfig.Options.Target, "", nil)
+		case "swagger":
+			swagger.Scan(conf.GlobalConfig.Options.Target, "")
+		case "bbscan":
+			bbscan.BBscan(conf.GlobalConfig.Options.Target, "", nil, nil)
 		}
 	},
 }

diff --git a/conf/banner.go b/conf/banner.go
@@ -17,4 +17,4 @@ var Banner = `
 
 const Website = "https://github.com/yhy0/Jie"
 
-const Version = "0.2.10"
+const Version = "0.3.1"
diff --git a/go.mod b/go.mod
@@ -8,47 +8,43 @@ require (
 	github.com/beevik/etree v1.2.0
 	github.com/buger/jsonparser v1.1.1
 	github.com/corpix/uarand v0.2.0
-	github.com/go-rod/rod v0.113.3 // indirect
+	github.com/go-rod/rod v0.114.0 // indirect
 	github.com/google/go-github v17.0.0+incompatible // indirect
 	github.com/google/uuid v1.3.0
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/lestrrat-go/file-rotatelogs v2.4.0+incompatible // indirect
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
-	github.com/projectdiscovery/fastdialer v0.0.26
-	github.com/projectdiscovery/goflags v0.1.9 // indirect
-	github.com/projectdiscovery/hmap v0.0.13 // indirect
-	github.com/projectdiscovery/nuclei/v2 v2.9.6
-	github.com/projectdiscovery/ratelimit v0.0.8
-	github.com/projectdiscovery/retryablehttp-go v1.0.17
-	github.com/projectdiscovery/utils v0.0.37
+	github.com/projectdiscovery/fastdialer v0.0.36
+	github.com/projectdiscovery/goflags v0.1.17 // indirect
+	github.com/projectdiscovery/hmap v0.0.15 // indirect
+	github.com/projectdiscovery/nuclei/v2 v2.9.13
+	github.com/projectdiscovery/ratelimit v0.0.9
+	github.com/projectdiscovery/retryablehttp-go v1.0.22
+	github.com/projectdiscovery/utils v0.0.50
 	github.com/remeh/sizedwaitgroup v1.0.0
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 // indirect
 	github.com/rs/xid v1.5.0 // indirect
-	github.com/shirou/gopsutil/v3 v3.23.5 // indirect
+	github.com/shirou/gopsutil/v3 v3.23.7 // indirect
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spaolacci/murmur3 v1.1.0
 	github.com/tdewolff/parse/v2 v2.6.6
 	github.com/thoas/go-funk v0.9.3
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/ratelimit v0.2.0
-	golang.org/x/net v0.11.0
-	golang.org/x/oauth2 v0.8.0 // indirect
+	golang.org/x/net v0.14.0
+	golang.org/x/oauth2 v0.11.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	github.com/agnivade/levenshtein v1.1.1
-	github.com/cckuailong/simHtml v0.0.0-20200120101524-76ba3d3f7f65
 	github.com/chromedp/cdproto v0.0.0-20230816033919-17ee49f3eb4f
 	github.com/chromedp/chromedp v0.9.2
 	github.com/deckarep/golang-set v1.8.0
 	github.com/fatih/color v1.15.0
 	github.com/gogf/gf v1.16.9
 	github.com/gokitx/pkgs v0.0.2
-	github.com/ikawaha/kagome-dict v1.0.9
-	github.com/ikawaha/kagome/v2 v2.9.3
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/panjf2000/ants/v2 v2.8.1
 	github.com/pkg/errors v0.9.1
@@ -66,15 +62,14 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
 	github.com/DataDog/mmh3 v0.0.0-20210722141835-012dc69a9e49 // indirect
 	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057 // indirect
 	github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809 // indirect
-	github.com/Mzack9999/gostruct v0.0.0-20230415193108-30b70932da81 // indirect
 	github.com/Mzack9999/ldapserver v1.0.2-0.20211229000134-b44a0d6ad0dd // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 // indirect
 	github.com/ReneKroon/ttlcache v1.6.0 // indirect
@@ -86,37 +81,38 @@ require (
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
 	github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect
+	github.com/andybalholm/brotli v1.0.5 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/andygrunwald/go-jira v1.16.0 // indirect
 	github.com/antchfx/htmlquery v1.3.0 // indirect
 	github.com/antchfx/xmlquery v1.3.16 // indirect
 	github.com/antchfx/xpath v1.2.4 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.18.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.19.0 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.18.25 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.24 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.67 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.25 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.18.28 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.27 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.72 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.27 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.28 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.33.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.30 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.37.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 // indirect
 	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/bluele/gcache v0.0.2 // indirect
 	github.com/caddyserver/certmagic v0.18.0 // indirect
 	github.com/charmbracelet/glamour v0.6.0 // indirect
-	github.com/cheggaaa/pb/v3 v3.1.2 // indirect
+	github.com/cheggaaa/pb/v3 v3.1.4 // indirect
 	github.com/chromedp/sysutil v1.0.0 // indirect
 	github.com/cloudflare/cfssl v1.6.4 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
@@ -130,6 +126,7 @@ require (
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gaukas/godicttls v0.0.3 // indirect
 	github.com/glaslos/ssdeep v0.3.1 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
@@ -155,6 +152,7 @@ require (
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/hbakhtiyor/strsim v0.0.0-20190107154042-4d2bbb273edf // indirect
 	github.com/hdm/jarm-go v0.0.7 // indirect
 	github.com/hpcloud/tail v1.0.0 // indirect
 	github.com/iancoleman/orderedmap v0.2.0 // indirect
@@ -170,6 +168,7 @@ require (
 	github.com/kataras/jwt v0.1.8 // indirect
 	github.com/kataras/pio v0.0.2 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/klauspost/compress v1.16.6 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
@@ -189,8 +188,8 @@ require (
 	github.com/mfonda/simhash v0.0.0-20151007195837-79f94a1100d6 // indirect
 	github.com/mholt/acmez v1.1.1 // indirect
 	github.com/mholt/archiver v3.1.1+incompatible // indirect
-	github.com/microcosm-cc/bluemonday v1.0.24 // indirect
-	github.com/miekg/dns v1.1.54 // indirect
+	github.com/microcosm-cc/bluemonday v1.0.25 // indirect
+	github.com/miekg/dns v1.1.55 // indirect
 	github.com/minio/selfupdate v0.6.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -207,23 +206,28 @@ require (
 	github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b // indirect
 	github.com/projectdiscovery/asnmap v1.0.4 // indirect
 	github.com/projectdiscovery/blackrock v0.0.1 // indirect
-	github.com/projectdiscovery/clistats v0.0.12 // indirect
-	github.com/projectdiscovery/dsl v0.0.9 // indirect
+	github.com/projectdiscovery/cdncheck v1.0.9 // indirect
+	github.com/projectdiscovery/clistats v0.0.19 // indirect
+	github.com/projectdiscovery/dsl v0.0.19 // indirect
 	github.com/projectdiscovery/fasttemplate v0.0.2 // indirect
 	github.com/projectdiscovery/freeport v0.0.5 // indirect
-	github.com/projectdiscovery/gologger v1.1.10 // indirect
+	github.com/projectdiscovery/gologger v1.1.11 // indirect
+	github.com/projectdiscovery/gostruct v0.0.1 // indirect
+	github.com/projectdiscovery/httpx v1.3.4 // indirect
 	github.com/projectdiscovery/interactsh v1.1.4 // indirect
 	github.com/projectdiscovery/mapcidr v1.1.2 // indirect
 	github.com/projectdiscovery/networkpolicy v0.0.6 // indirect
-	github.com/projectdiscovery/rawhttp v0.1.12 // indirect
+	github.com/projectdiscovery/rawhttp v0.1.18 // indirect
 	github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 // indirect
-	github.com/projectdiscovery/retryabledns v1.0.24 // indirect
+	github.com/projectdiscovery/retryabledns v1.0.35 // indirect
 	github.com/projectdiscovery/sarif v0.0.1 // indirect
-	github.com/projectdiscovery/tlsx v1.0.9 // indirect
+	github.com/projectdiscovery/tlsx v1.1.3 // indirect
 	github.com/projectdiscovery/yamldoc-go v1.0.4 // indirect
+	github.com/quic-go/quic-go v0.37.0 // indirect
+	github.com/refraction-networking/utls v1.4.2 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
-	github.com/sashabaranov/go-openai v1.10.1 // indirect
+	github.com/sashabaranov/go-openai v1.14.2 // indirect
 	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
@@ -267,16 +271,16 @@ require (
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
 	goftp.io/server/v2 v2.0.1 // indirect
-	golang.org/x/crypto v0.10.0 // indirect
+	golang.org/x/crypto v0.12.0 // indirect
 	golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/term v0.9.0 // indirect
-	golang.org/x/text v0.10.0 // indirect
+	golang.org/x/term v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.9.3 // indirect
+	golang.org/x/tools v0.11.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
 	gopkg.in/corvus-ch/zbase32.v1 v1.0.0 // indirect
 	gopkg.in/djherbis/times.v1 v1.3.0 // indirect
Original file line number	Diff line number	Diff line change
Expand Up		@@ -17,4 +17,4 @@ var Banner = `

		const Website = "https://github.com/yhy0/Jie"

		const Version = "0.2.10"
		const Version = "0.3.1"