wgpsec
diff --git a/‎README.md
+36-24 b/‎README.md
+36-24
diff --git a/‎README_CN.md
+43-31 b/‎README_CN.md
+43-31
diff --git a/‎cmd/rootCmd.go
+18-13 b/‎cmd/rootCmd.go
+18-13
diff --git a/‎define/var.go
+18-8 b/‎define/var.go
+18-8
diff --git a/‎go.mod
+1-11 b/‎go.mod
+1-11
@@ -19,7 +19,7 @@ Endpoint Search is a reconnaissance tool tailored for identifying and enumeratin
 <a href="https://github.com/wgpsec/EndpointSearch/discussions"><strong>More Tricks »</strong></a>
       <br/>
     <br />
-        <a href="https://github.com/wgpsec/EndpointSearch/blob/main/README.md">中文文档</a>
+        <a href="https://github.com/wgpsec/EndpointSearch/blob/main/README_CN.md">中文文档</a>
     .
     <a href="https://github.com/wgpsec/EndpointSearch/releases">Download</a>
     ·
@@ -31,8 +31,9 @@ Endpoint Search is a reconnaissance tool tailored for identifying and enumeratin
 ## Features
 * **DNS Enumeration**: Constructs and queries DNS for probable endpoint URLs based on predefined patterns.
 * **SRV Record Inspection**: Automatically detects SRV records to uncover associated ports.
-* **HTTP/HTTPS Probing**: Tests endpoints with both HTTP and HTTPS protocols when SRV records are not present.
-* **Endpoint Judgment**: Determines endpoints likelihood based on response content, currently focusing on XML format.
+* **HTTP/HTTPS Probing**: Tests targets with both HTTP and HTTPS protocols when SRV records are not present.
+* **PROXY SUPPORT**: Supports HTTP/HTTPS and SOCK5 protocol proxy traffic during the HTTP request phase.
+* **Endpoint Judgment**: Determine the likelihood of the endpoint based on whether the response content hits the rule.
 * **Automatic Domain Extraction**: Extracts domains from input URLs automatically.
 * **Output Redundancy Removal**: Ensures unique results by deduplication.
 * **Configurable Behavior**: Offers a flexible configuration file for customizing service names, connection modes, and more.
@@ -44,23 +45,35 @@ Endpoint Search is a reconnaissance tool tailored for identifying and enumeratin
 * Alternatively, use the included Makefile to compile from source.
 
 ## Configuration
-Upon first run, the tool checks for config.json. If missing, it generates one with default settings including:
-* CloudService: Enumerated cloud services.
-* Mode & Mode2: Patterns connecting services, prefixes/suffixes, and targets.
-* PortList: Ports to scan if no SRV record is found.
-* Prefix & Suffix: Common naming conventions for prefixing or suffixing service names.
+When EndpointSearch is run for the first time, config.yaml and rule-yaml are detected and the default config.yaml and rule-yaml are generated if they are not present
+
+config.yaml fill in as follows:
+```
+CloudService: oss,ecs
+Mode: .
+Mode2: -,.
+PortList: 80,443
+Prefix: sonic,legacy,preprod,gamma,beta,staging
+Suffix: sonic,legacy,preprod,gamma,beta,staging
+```
+CloudService is an enumerated cloud service name. Mode is the mode used to connect CloudService to target. Mode2 is the mode used to connect prefixes and suffixes to CloudService
+
+The content of rule.yaml is as follows:
 ```
-{
-	"CloudService":"oss,ecs",
-	"Mode":".",
-	"Mode2" :"-,.",
-	"PortList":"80,443",
-	"Prefix":"sonic,legacy,preprod,gamma,beta,staging",
-	"Suffix":"sonic,legacy,preprod,gamma,beta,staging",
-}
+rules:
+    - Header:
+        - text/xml
+        - application/xml
+      Body:
+        - InvalidVersion
+    - Header:
+        - "123"
+      Body:
+        - ""
 ```
+Multiple groups of rules can be defined. Header and Body in the Rule of each group must match exactly to be identified as endpoints. If there is only one feature, the other part can be left blank.
 
-CloudService can refer to another of my dictionary projects : https://github.com/shadowabi/S-BlastingDictionary/blob/main/CloudService.txt
+Note that if both Header and Body in a rule are empty, all HTTP requests will pass the rule
 
 ## Workflow
 1. Enter the domain name example.com. DNS is used to enumerate example.com.
@@ -79,14 +92,12 @@ oss.example.com
 
 3. If srv records already exist, HTTP/HTTPS is used to request the URL instead of enumerating the port
 
-4. Otherwise, the system attempts to access the port in the target domain name + PortList through HTTP or HTTPS
+4. Otherwise, HTTP and HTTPS are used to access ports in the target domain name + PortList. If the proxy option is used, traffic can be forwarded to the proxy server
 
-5. Finally, determine whether the entire URL is an Endpoint based on the HTTP request result. At present, determine whether the destination data is returned in xml format
+5. Finally, the HTTP request result determines whether the entire URL is an Endpoint, and the access is to determine whether the request traffic matches the rule in rule.yaml
 
 If there are other characteristics, feel free to raise them in the Issues, or launch a PR directly.
 
-The method to determine the Endpoint is implemented in the JudgeEndpoint function in the pkg directory data.go
-
 ## Usage
 ```
 Usage:
@@ -102,17 +113,18 @@ Flags:
   -o, --output string     输入结果文件输出的位置 (Enter the location of the scan result output) (default "./result.txt")
   -p, --port string       输入需要被扫描的端口，逗号分割 (Enter the port to be scanned, separated by commas (,))
       --prefix string     输入枚举云服务的前缀 (Enter the prefix for enumerating the cloud service)
+      --proxy string      使用 HTTP/SOCKS5代理，仅限web探测时 (List of http/socks5 proxy to use,Only for web detection
   -s, --service string    输入需要被枚举的服务名称 (Input Service Name)
       --suffix string     输入枚举云服务的后缀 (Enter a suffix for enumerating cloud services)
   -t, --timeout int       输入每个 http 请求的超时时间 (Enter the timeout period for every http request) (default 2)
   -u, --url string        输入目标地址 (Input [domain|url])
 ```
-EndpointSearch also supports manually overwriting configuration parameters. By default, the -e parameter is CloudEndpoint in the configuration, and the -p parameter is PortList in the configuration
+
+EndpointSearch can also override configuration parameters manually. For example, -e is set to CloudEndpoint by default, and -p is set to PortList by default
 
 When parameters are actively specified, the default values in the configuration file are no longer used
 
 
 ## TODO
-1. Proxy Support: Implementation of SOCKS5 proxy support for enhanced anonymity.
-2. Enhanced Endpoint Detection: Expanding endpoint validation criteria beyond XML responses.
+1. Added more ways to determine endpoints
 
@@ -34,23 +34,35 @@
 或使用Makefile进行编译二进制文件后使用
 
 ## 配置
-当首次运行 EndpointSearch 时，会检测 config.json 文件是否存在，不存在则会自动创建
+当首次运行 EndpointSearch 时，会检测 config.yaml 和 rule.yaml 是否存在，不存在则会生成默认的 config.yaml 和 rule.yaml
 
-config.json的填写内容应该如下：
+config.yaml 的填写内容如下：
 ```
-{
-	"CloudService":"oss,ecs",
-	"Mode":".",
-	"Mode2" :"-,.",
-	"PortList":"80,443",
-	"Prefix":"sonic,legacy,preprod,gamma,beta,staging",
-	"Suffix":"sonic,legacy,preprod,gamma,beta,staging",
-}
+CloudService: oss,ecs
+Mode: .
+Mode2: -,.
+PortList: 80,443
+Prefix: sonic,legacy,preprod,gamma,beta,staging
+Suffix: sonic,legacy,preprod,gamma,beta,staging
 ```
 CloudService 为枚举的云服务名称，Mode 是连接 CloudService 与 target 的方式，Mode2 是连接前后缀与 CloudService 的方式, PortList 为扫描的端口，具体例子见工作流程
 
+rule.yaml 的填写内容如下：
+```
+rules:
+    - Header:
+        - text/xml
+        - application/xml
+      Body:
+        - InvalidVersion
+    - Header:
+        - "123"
+      Body:
+        - ""
+```
+可定义多组 Rule，每组的 Rule 中的 Header 和 Body 均要完全匹配才会被判断为 Endpoint，如果仅有一种特征，可以将另一部分置空。
 
-CloudService 可参考我的另一个字典项目: https://github.com/shadowabi/S-BlastingDictionary/blob/main/CloudService.txt
+注意，如果一个规则中的 Header 和 Body 均为空则会导致所有 HTTP 请求均会通过规则
 
 ## 工作流程
 1. 输入域名 example.com，首先会使用 DNS 去枚举 example.com，枚举方式遵循以下特点：
@@ -69,46 +81,46 @@ oss.example.com
 
 3. 若已经存在 srv 记录，则不会去枚举端口，而是直接用 HTTP / HTTPS 协议去请求这个URL
 
-4. 否则将通过 HTTP 和 HTTPS 协议去尝试访问目标域名 + PortList 中的端口
+4. 否则将通过 HTTP 和 HTTPS 协议去尝试访问目标域名 + PortList 中的端口，如果使用了代理选项，可代理流量至代理服务器
 
-5. 最后通过 HTTP 的请求结果判断整个 URL 是否为 Endpoint，目前判断方式为：目标返回的数据是否为 xml 格式
+5. 最后通过 HTTP 的请求结果判断整个 URL 是否为 Endpoint，判断访问为判断请求流量是否命中 rule.yaml 中的规则
 
 如果有其他特征，欢迎在 Issues 中提出，或者直接发起 PR。
 
-判断 Endpoint 的方法在 pkg 目录 data.go 的 JudgeEndpoint 函数中实现
-
 ## 用法
 ```
 Usage:
 
-EndpointSearch [flags]
+  EndpointSearch [flags]
 
 
 Flags:
 
--f, --file string       从文件中读取目标地址 (Input filename)
--h, --help              help for EndpointSearch
---logLevel string   设置日志等级 (Set log level) [trace|debug|info|warn|error|fatal|panic] (default "info")
--o, --output string     输入结果文件输出的位置 (Enter the location of the scan result output) (default "./result.txt")
--p, --port string       输入需要被扫描的端口，逗号分割 (Enter the port to be scanned, separated by commas (,))
---prefix string     输入枚举云服务的前缀 (Enter the prefix for enumerating the cloud service)
--s, --service string    输入需要被枚举的服务名称 (Input Service Name)
---suffix string     输入枚举云服务的后缀 (Enter a suffix for enumerating cloud services)
--t, --timeout int       输入每个 http 请求的超时时间 (Enter the timeout period for every http request) (default 2)
--u, --url string        输入目标地址 (Input [domain|url])
+  -f, --file string       从文件中读取目标地址 (Input filename)
+  -h, --help              help for EndpointSearch
+      --logLevel string   设置日志等级 (Set log level) [trace|debug|info|warn|error|fatal|panic] (default "info")
+  -o, --output string     输入结果文件输出的位置 (Enter the location of the scan result output) (default "./result.txt")
+  -p, --port string       输入需要被扫描的端口，逗号分割 (Enter the port to be scanned, separated by commas (,))
+      --prefix string     输入枚举云服务的前缀 (Enter the prefix for enumerating the cloud service)
+      --proxy string      使用 HTTP/SOCKS5代理，仅限web探测时 (List of http/socks5 proxy to use,Only for web detection
+  -s, --service string    输入需要被枚举的服务名称 (Input Service Name)
+      --suffix string     输入枚举云服务的后缀 (Enter a suffix for enumerating cloud services)
+  -t, --timeout int       输入每个 http 请求的超时时间 (Enter the timeout period for every http request) (default 2)
+  -u, --url string        输入目标地址 (Input [domain|url])
 ```
-EndpointSearch 同样支持手动覆盖配置参数，-e 参数默认为配置中的 CloudEndpoint，-p 参数为配置中的 PortList
+
+EndpointSearch 同样支持手动覆盖配置参数，例如 -e 参数默认为配置中的 CloudEndpoint，-p 参数为配置中的 PortList
 
 当主动指定参数后，将不再使用配置文件中的默认值
 
 ## 功能列表
 
 1. 利用 dns 服务枚举端点，隐蔽侦查
 2. 当域名存在时，自动探测 srv 服务发现端口
-3. 自动去重
-4. 输入的 url 将自动提取为域名
+3. 支持 HTTP / SOCSK5 代理
+4. 自动去重
+5. 输入的 url 将自动提取为域名
 
 ## TODO
-1. 添加 socket5 代理的支持
-2. 更多判断 Endpoint 的方法
+1. 增加更多判断 Endpoint 的方法
 
@@ -1,9 +1,10 @@
 package cmd
 
 import (
-	"errors"
 	"fmt"
+	"github.com/wgpsec/EndpointSearch/rule"
 	"os"
+	"runtime"
 	"strings"
 
 	"github.com/wgpsec/EndpointSearch/define"
@@ -35,11 +36,11 @@ EndpointSearch is a scanner that probes the endpoint of a cloud service
 	PersistentPreRun: func(cmd *cobra.Command, args []string) {
 		log.Init(logLevel)
 		if define.Url != "" && define.File != "" {
-			Error.HandleFatal(errors.New("Url 参数和 File 参数不可以同时存在 (The Url parameter and File parameter cannot exist at the same time)"))
+			Error.HandleFatal(fmt.Errorf("Url 参数和 File 参数不可以同时存在 (The Url parameter and File parameter cannot exist at the same time)"))
 			return
 		}
 		if define.Url == "" && define.File == "" {
-			Error.HandleFatal(errors.New("必选参数为空，请输入 -u 参数或 -f 参数 (The mandatory parameter is empty. Enter the -u parameter or -f parameter)"))
+			Error.HandleFatal(fmt.Errorf("必选参数为空，请输入 -u 参数或 -f 参数 (The mandatory parameter is empty. Enter the -u parameter or -f parameter)"))
 			return
 		}
 	},
@@ -72,10 +73,10 @@ EndpointSearch is a scanner that probes the endpoint of a cloud service
 		fmt.Println("Domain srv exist:")
 		recordList := pkg.SearchSRVRecord(ipRecordList...)
 
-		client := pkg.GenerateHTTPClient(define.TimeOut)
+		client := pkg.GenerateHTTPClient(define.TimeOut, define.ProxyURL)
 		respList := pkg.SearchEndpoint(client, portList, recordList...)
 
-		resultList := Compare.RemoveDuplicates(pkg.JudgeEndpoint(respList...))
+		resultList := Compare.RemoveDuplicates(rule.JudgeEndpoint(respList...))
 		fmt.Println("Service endpoint exist:")
 		pkg.WriteToFile(resultList, define.OutPut)
 		fmt.Printf("[+] The output is in %s\n", define.OutPut)
@@ -96,17 +97,21 @@ func init() {
 	RootCmd.Flags().IntVarP(&define.TimeOut, "timeout", "t", 2, "输入每个 http 请求的超时时间 (Enter the timeout period for every http request)")
 	RootCmd.Flags().StringVarP(&define.OutPut, "output", "o", "./result.txt", "输入结果文件输出的位置 (Enter the location of the scan result output)")
 	RootCmd.Flags().StringVarP(&define.Port, "port", "p", "", "输入需要被扫描的端口，逗号分割 (Enter the port to be scanned, separated by commas (,))")
+	RootCmd.Flags().StringVarP(&define.ProxyURL, "proxy", "", "", "使用 HTTP/SOCKS5代理，仅限web探测时 (List of http/socks5 proxy to use,Only for web detection")
 }
 
 func Execute() {
-	cc.Init(&cc.Config{
-		RootCmd:  RootCmd,
-		Headings: cc.HiGreen + cc.Underline,
-		Commands: cc.Cyan + cc.Bold,
-		Example:  cc.Italic,
-		ExecName: cc.Bold,
-		Flags:    cc.Cyan + cc.Bold,
-	})
+	if runtime.GOOS != "windows" {
+		cc.Init(&cc.Config{
+			RootCmd:  RootCmd,
+			Headings: cc.HiGreen + cc.Underline,
+			Commands: cc.Cyan + cc.Bold,
+			Example:  cc.Italic,
+			ExecName: cc.Bold,
+			Flags:    cc.Cyan + cc.Bold,
+		})
+	}
+
 	err := RootCmd.Execute()
 	if err != nil {
 		os.Exit(1)
 
@@ -9,13 +9,23 @@ type Configure struct {
 	Suffix       string `mapstructure:"Suffix" json:"Suffix" yaml:"Suffix"`
 }
 
+type Rules struct {
+	RuleText []RuleText `mapstructure:"rules" json:"rules" yaml:"rules"`
+}
+
+type RuleText struct {
+	Header []string `mapstructure:"Header" json:"Header" yaml:"Header"`
+	Body   []string `mapstructure:"Body" json:"Body" yaml:"Body"`
+}
+
 var (
-	File    string
-	Url     string
-	Service string
-	OutPut  string
-	TimeOut int
-	Port    string
-	Prefix  string
-	Suffix  string
+	File     string
+	Url      string
+	Service  string
+	OutPut   string
+	TimeOut  int
+	Port     string
+	Prefix   string
+	Suffix   string
+	ProxyURL string
 )
@@ -3,38 +3,28 @@ module github.com/wgpsec/EndpointSearch
 go 1.19
 
 require (
-	github.com/AlecAivazis/survey/v2 v2.3.6
-	github.com/esonhugh/randomize v0.0.1
 	github.com/ivanpirog/coloredcobra v1.0.1
-	github.com/olekukonko/tablewriter v0.0.5
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/viper v1.13.0
 	github.com/x-cray/logrus-prefixed-formatter v0.5.2
-	gorm.io/driver/sqlite v1.5.4
-	gorm.io/gorm v1.25.4
+	golang.org/x/net v0.10.0
 )
 
 require (
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/jinzhu/inflection v1.0.0 // indirect
-	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
-	github.com/mattn/go-sqlite3 v1.14.17 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/onsi/gomega v1.20.2 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/rogpeppe/go-internal v1.8.0 // indirect
 	github.com/spf13/afero v1.8.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect