├── .gitignore ├── .vscode └── settings.json ├── Cargo.toml ├── LICENSE ├── README.md └── src └── main.rs /.gitignore: -------------------------------------------------------------------------------- 1 | # Generated by Cargo 2 | # will have compiled files and executables 3 | debug/ 4 | target/ 5 | 6 | # Remove Cargo.lock from gitignore if creating an executable, leave it for libraries 7 | # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html 8 | Cargo.lock 9 | 10 | # These are backup files generated by rustfmt 11 | **/*.rs.bk 12 | 13 | # MSVC Windows builds of rustc generate these, which store debugging information 14 | *.pdb 15 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "editor.tabCompletion": "on", 3 | "diffEditor.codeLens": true 4 | } -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "aem-eye" 3 | authors = ["zoid", ""] 4 | description = "a very fast aem detection tool." 5 | license = "MIT" 6 | repository = "https://github.com/ethicalhackingplayground/aem-eye" 7 | version = "0.1.8" 8 | edition = "2021" 9 | 10 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 11 | 12 | [dependencies] 13 | governor = "0.5.1" 14 | itertools = "0.10.5" 15 | futures = "0.3.26" 16 | futures-util = "0.3.26" 17 | tokio = { version = "^1.2.0", features = ["full"] } 18 | spmc = "0.3.0" 19 | clap = { version = "^3.0.0-beta.2" } 20 | regex = "1.7.3" 21 | reqwest = { version = "0.11.14", features = ["native-tls", "blocking"] } 22 | async-std = "1.12.0" -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 zoidsec 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # aem-eye 2 | A very simple AEM detector written in rust.🦀 3 | 4 | ### Installation 5 | 6 | ```bash 7 | cargo install aem-eye 8 | ``` 9 | -------------------------------------------------------------------------------- /src/main.rs: -------------------------------------------------------------------------------- 1 | use std::{collections::HashMap, error::Error, time::Duration}; 2 | 3 | use clap::{App, Arg}; 4 | use futures::{stream::FuturesUnordered, StreamExt}; 5 | use governor::{Quota, RateLimiter}; 6 | use regex::Regex; 7 | use reqwest::redirect; 8 | use tokio::{runtime::Builder, task}; 9 | 10 | use async_std::io; 11 | use async_std::io::prelude::*; 12 | 13 | #[derive(Clone, Debug)] 14 | pub struct Job { 15 | ip_str: Option, 16 | patterns: Option>, 17 | } 18 | 19 | #[derive(Clone, Debug)] 20 | pub struct JobResult { 21 | pub data: String, 22 | } 23 | 24 | #[tokio::main] 25 | async fn main() -> Result<(), Box> { 26 | // parse the cli arguments 27 | let matches = App::new("aem-eye") 28 | .version("0.1.8") 29 | .author("Blake Jacobs ") 30 | .about("really fast aem detection tool") 31 | .arg( 32 | Arg::with_name("rate") 33 | .short('r') 34 | .long("rate") 35 | .takes_value(true) 36 | .default_value("1000") 37 | .display_order(2) 38 | .help("Maximum in-flight requests per second"), 39 | ) 40 | .arg( 41 | Arg::with_name("concurrency") 42 | .short('c') 43 | .long("concurrency") 44 | .default_value("100") 45 | .takes_value(true) 46 | .display_order(3) 47 | .help("The amount of concurrent requests"), 48 | ) 49 | .arg( 50 | Arg::with_name("timeout") 51 | .short('t') 52 | .long("timeout") 53 | .default_value("3") 54 | .takes_value(true) 55 | .display_order(4) 56 | .help("The delay between each request"), 57 | ) 58 | .arg( 59 | Arg::with_name("workers") 60 | .short('w') 61 | .long("workers") 62 | .default_value("1") 63 | .takes_value(true) 64 | .display_order(5) 65 | .help("The amount of workers"), 66 | ) 67 | .get_matches(); 68 | 69 | let rate = match matches.value_of("rate").unwrap().parse::() { 70 | Ok(n) => n, 71 | Err(_) => { 72 | println!("{}", "could not parse rate, using default of 1000"); 73 | 1000 74 | } 75 | }; 76 | 77 | let concurrency = match matches.value_of("concurrency").unwrap().parse::() { 78 | Ok(n) => n, 79 | Err(_) => { 80 | println!("{}", "could not parse concurrency, using default of 100"); 81 | 100 82 | } 83 | }; 84 | 85 | let timeout = match matches.get_one::("timeout").map(|s| s.to_string()) { 86 | Some(timeout) => timeout.parse::().unwrap(), 87 | None => 3, 88 | }; 89 | 90 | let w: usize = match matches.value_of("workers").unwrap().parse::() { 91 | Ok(w) => w, 92 | Err(_) => { 93 | println!("{}", "could not parse workers, using default of 1"); 94 | 1 95 | } 96 | }; 97 | 98 | let mut patterns = HashMap::new(); 99 | patterns.insert(1, String::from(r"/content/dam.*")); 100 | patterns.insert(2, String::from(r"/etc.clientlibs.*")); 101 | 102 | // Set up a worker pool with the number of threads specified from the arguments 103 | let rt = Builder::new_multi_thread() 104 | .enable_all() 105 | .worker_threads(w) 106 | .build() 107 | .unwrap(); 108 | 109 | // job channels 110 | let (job_tx, job_rx) = spmc::channel::(); 111 | 112 | rt.spawn(async move { send_url(job_tx, patterns, rate).await }); 113 | 114 | // process the jobs 115 | let workers = FuturesUnordered::new(); 116 | 117 | // process the jobs for scanning. 118 | for _ in 0..concurrency { 119 | let jrx = job_rx.clone(); 120 | workers.push(task::spawn(async move { 121 | // run the detector 122 | run_detector(jrx, timeout).await 123 | })); 124 | } 125 | let _: Vec<_> = workers.collect().await; 126 | rt.shutdown_background(); 127 | 128 | Ok(()) 129 | } 130 | 131 | async fn send_url( 132 | mut tx: spmc::Sender, 133 | patterns: HashMap, 134 | rate: u32, 135 | ) -> Result<(), Box> { 136 | //set rate limit 137 | let lim = RateLimiter::direct(Quota::per_second(std::num::NonZeroU32::new(rate).unwrap())); 138 | 139 | // send the jobs 140 | let stdin = io::BufReader::new(io::stdin()); 141 | let mut lines = stdin.lines(); 142 | while let Some(line) = lines.next().await { 143 | lim.until_ready().await; 144 | let host_line = line.unwrap(); 145 | let mut host = String::from(""); 146 | let url = match reqwest::Url::parse(&host_line) { 147 | Ok(url) => url, 148 | Err(_) => continue, 149 | }; 150 | host.push_str(url.scheme()); 151 | host.push_str("://"); 152 | let host_str = match url.host_str() { 153 | Some(host_str) => host_str, 154 | None => continue, 155 | }; 156 | host.push_str(host_str); 157 | let msg = Job { 158 | ip_str: Some(host.to_string().clone()), 159 | patterns: Some(patterns.clone()), 160 | }; 161 | if let Err(_) = tx.send(msg) { 162 | continue; 163 | } 164 | } 165 | Ok(()) 166 | } 167 | 168 | // this function will test perform the aem detection 169 | pub async fn run_detector(rx: spmc::Receiver, timeout: usize) { 170 | let mut headers = reqwest::header::HeaderMap::new(); 171 | headers.insert( 172 | reqwest::header::USER_AGENT, 173 | reqwest::header::HeaderValue::from_static( 174 | "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0", 175 | ), 176 | ); 177 | 178 | //no certs 179 | let client = reqwest::Client::builder() 180 | .default_headers(headers) 181 | .redirect(redirect::Policy::limited(10)) 182 | .timeout(Duration::from_secs(timeout.try_into().unwrap())) 183 | .danger_accept_invalid_hostnames(true) 184 | .danger_accept_invalid_certs(true) 185 | .build() 186 | .unwrap(); 187 | 188 | while let Ok(job) = rx.recv() { 189 | let job_host = job.ip_str.unwrap(); 190 | let job_patterns = job.patterns.unwrap(); 191 | for pattern in job_patterns { 192 | let job_host_new = job_host.clone(); 193 | let get = client.get(job_host_new); 194 | let req = match get.build() { 195 | Ok(req) => req, 196 | Err(_) => { 197 | continue; 198 | } 199 | }; 200 | let resp = match client.execute(req).await { 201 | Ok(resp) => resp, 202 | Err(_) => { 203 | continue; 204 | } 205 | }; 206 | let body = match resp.text().await { 207 | Ok(body) => body, 208 | Err(_) => { 209 | continue; 210 | } 211 | }; 212 | 213 | let re = Regex::new(&pattern.1).unwrap(); 214 | if re.is_match(&body) { 215 | println!("{}", job_host); 216 | continue; 217 | } 218 | } 219 | } 220 | } 221 | --------------------------------------------------------------------------------