[Debug] fix target connect func

Author: jweny

api/routers/v1/plugin/plugin.go

@@ -234,12 +234,7 @@ func Run(c *gin.Context) {
 
 	oreq, err := util.GenOriginalReq(run.Target)
 	if err != nil {
-		c.JSON(msg.ErrResp("原始请求生成失败"))
-		return
-	}
-	verify := util.VerifyTargetConnection(oreq)
-	if !verify {
-		c.JSON(msg.ErrResp("测试目标连通性测试不通过"))
+		c.JSON(msg.ErrResp("目标连通性不通过/原始请求生成失败"))
 		return
 	}
 	poc, err := rule.ParseJsonPoc(run.JsonPoc)

pkg/conf/default.go

@@ -77,7 +77,7 @@ const ConfigFileName = "config.yaml"
 const ServiceName = "pocassist"
 const Website = "https://pocassist.jweny.top/"
 
-const Version = "1.0.2"
+const Version = "1.0.4"
 const Banner = `
                                _     _
  _ __   ___   ___ __ _ ___ ___(_)___| |_

pkg/util/request.go

@@ -11,6 +11,7 @@ import (
 	"github.com/valyala/fasthttp"
 	"golang.org/x/time/rate"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"net/url"
 	"regexp"
@@ -217,6 +218,8 @@ func ParseFasthttpResponse(originalResp *fasthttp.Response, req *fasthttp.Reques
 	return resp, nil
 }
 
+
+
 func DoFasthttpRequest(req *fasthttp.Request, redirect bool) (*proto.Response, error) {
 	LimitWait()
 	defer fasthttp.ReleaseRequest(req)
@@ -346,25 +349,12 @@ func UnzipResponseBody(response *fasthttp.Response) ([]byte, error) {
 	return body, err
 }
 
-func GenOriginalReq(url string) (*http.Request, error) {
-	// 生成原始请求
-	if strings.HasPrefix(url, "http://") || strings.HasPrefix(url, "https://") {
-	} else {
-		url = "http://" + url
-	}
-	originalReq, err := http.NewRequest("GET", url, nil)
+func VerifyPortConnection(targetAddr string) bool {
+	_, err := TcpSend(targetAddr, nil)
 	if err != nil {
-		log.Error("util/requests.go:GenOriginalReq original request gen error", url, err)
-		return nil, err
+		return false
 	}
-	originalReq.Header.Set("Host", originalReq.Host)
-	originalReq.Header.Set("Accept-Encoding", "gzip, deflate")
-	originalReq.Header.Set("Accept","*/*")
-	originalReq.Header.Set("User-Agent", conf.GlobalConfig.HttpConfig.Headers.UserAgent)
-	originalReq.Header.Set("Accept-Language","en")
-	originalReq.Header.Set("Connection","close")
-
-	return originalReq, nil
+	return true
 }
 
 func VerifyTargetConnection(originalReq *http.Request) bool {
@@ -398,6 +388,67 @@ func VerifyTargetConnection(originalReq *http.Request) bool {
 	return true
 }
 
+func VerifyInputTarget(target string) (bool, string) {
+	// 连通性校验改到这里
+	// 1.不带https/http协议 && 不带端口：放弃检查(icmp限制太多)
+	// 2.带端口：tcp 端口
+	// 3.带https/http协议不带端口：tcp 80/443
+	// 生成原始请求
+	verify := true
+	// 有端口
+	if len(strings.Split(target,":")) > 1 {
+		// 带端口
+		if strings.HasPrefix(target, "http://") || strings.HasPrefix(target, "https://"){
+
+		}else {
+			target = "http://" + target
+		}
+	} else {
+		// 不带端口
+		if strings.HasPrefix(target, "http://"){
+			//	输入 http
+			verify = VerifyPortConnection(net.JoinHostPort(target, "80"))
+		} else if strings.HasPrefix(target, "https://") {
+			// 输入 https
+			verify = VerifyPortConnection(net.JoinHostPort(target, "443"))
+		} else {
+			// 不校验
+			target = "http://" + target
+		}
+	}
+	return verify, target
+}
+
+func GenOriginalReq(target string) (*http.Request, error) {
+	verify, fixTarget := VerifyInputTarget(target)
+	if !verify {
+		errMsg := fmt.Errorf("util/requests.go:GenOriginalReq %s can not connect", target)
+		log.Error(errMsg)
+		return nil, errMsg
+	}
+	originalReq, err := http.NewRequest("GET", fixTarget, nil)
+	if err != nil {
+		errMsg := fmt.Errorf("util/requests.go:GenOriginalReq %s original request gen error %v", target, err)
+		log.Error(errMsg)
+		return nil, errMsg
+	}
+	originalReq.Header.Set("Host", originalReq.Host)
+	originalReq.Header.Set("Accept-Encoding", "gzip, deflate")
+	originalReq.Header.Set("Accept","*/*")
+	originalReq.Header.Set("User-Agent", conf.GlobalConfig.HttpConfig.Headers.UserAgent)
+	originalReq.Header.Set("Accept-Language","en")
+	originalReq.Header.Set("Connection","close")
+
+	// 检查fixUrl连通性
+	verify = VerifyTargetConnection(originalReq)
+	if !verify {
+		errMsg := fmt.Errorf("util/requests.go:GenOriginalReq %s can not connect", fixTarget)
+		log.Error(errMsg)
+		return nil, errMsg
+	}
+	return originalReq, nil
+}
+
 func GetOriginalReqBody(originalReq *http.Request) ([]byte, error){
 	var data []byte
 	if originalReq.Body != nil && originalReq.Body != http.NoBody {

pkg/util/request_test.go

@@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"fmt"
 	"github.com/valyala/fasthttp"
-	"net/http"
 	"strings"
 	"testing"
 	"time"
@@ -21,8 +20,8 @@ func TestVerifyTargetConnection(t *testing.T) {
 	//	fmt.Println(0)
 	//}
 
-	originalReq, _ := http.NewRequest("GET", "http://www.jweny.com/", nil)
-	fmt.Println(VerifyTargetConnection(originalReq))
+	//originalReq, _ := http.NewRequest("GET", "http://www.jweny.com/", nil)
+	//fmt.Println(VerifyTargetConnection(originalReq))
 
 
 	//req := fasthttp.AcquireRequest()

pkg/util/version.go

@@ -5,7 +5,7 @@ import (
 	"strings"
 )
 
-// 版本对比方法
+// SingleVersionCompare 版本对比方法
 // <=0没有漏洞    >0有漏洞
 func SingleVersionCompare(verCurrent string, verVul string) (int, error) {
 	partsCurrent := strings.Split(verCurrent, ".")

poc/rule/parallel.go

@@ -5,7 +5,6 @@ import (
 	"github.com/jweny/pocassist/pkg/conf"
 	"github.com/jweny/pocassist/pkg/db"
 	log "github.com/jweny/pocassist/pkg/logging"
-	"github.com/jweny/pocassist/pkg/util"
 	"github.com/panjf2000/ants/v2"
 	"gopkg.in/yaml.v2"
 	"net/http"
@@ -129,13 +128,6 @@ func TaskConsumer(){
 			db.ErrorTask(item.Task.Id)
 			continue
 		}
-		// 检查可用性
-		verify := util.VerifyTargetConnection(item.OriginalReq)
-		if !verify {
-			log.Error("[rule/parallel.go:TaskConsumer target can not connect]", item.OriginalReq.URL.String())
-			db.ErrorTask(item.Task.Id)
-			continue
-		}
 		RunPlugins(item)
 	}
 }

poc/scripts/poc-go-shiro-unserialize-550.go

@@ -85,8 +85,9 @@ func ShiroJavaUnserilize(args *ScriptScanArgs) (*util.ScanResult, error) {
 		}
 
 		isShiro := false
-		for key, _ := range resp.Headers {
-			if key == "rememberMe" {
+		if _, ok := resp.Headers["set-cookie"]; ok {
+			v := resp.Headers["set-cookie"]
+			if strings.Contains(v,"rememberMe") {
 				isShiro = true
 			}
 		}