STRLCPY/BountyIt

Add files via upload
Shivang0x1b committed with GitHub 4 years ago

d270bbfe

1 parent f0d481df

Total 1 files

■ ■ ■ ■ ■ ■

bountyit.go

1	+	package main
2	+
3	+	import (
4	+	"fmt"
5	+	"net/http"
6	+	"sync"
7	+	"io/ioutil"
8	+	"time"
9	+	"net"
10	+	"crypto/tls"
11	+	"github.com/fatih/color"
12	+	"flag"
13	+	"bufio"
14	+	"os"
15	+	"log"
16	+	"strings"
17	+
18	+	)
19	+
20	+	var Threads int
21	+	var recheck_url string
22	+	var method string
23	+	var body string
24	+	var payload string
25	+	var base_size int
26	+	var matcher string
27	+	var payloads []string
28	+	var confirm []string
29	+	var verify bool
30	+	var grep string
31	+	var greps []string
32	+
33	+	func getClient() *http.Client {
34	+	tr := &http.Transport{
35	+	MaxIdleConns: 30,
36	+	IdleConnTimeout: time.Second,
37	+	TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
38	+	DialContext: (&net.Dialer{
39	+	Timeout: time.Second * 10,
40	+	KeepAlive: time.Second,
41	+	}).DialContext,
42	+	}
43	+
44	+	re := func(req http.Request, via []http.Request) error {
45	+	return http.ErrUseLastResponse
46	+	}
47	+
48	+	return &http.Client{
49	+	Transport: tr,
50	+	CheckRedirect: re,
51	+	Timeout: time.Second * 10,
52	+	}
53	+	}
54	+
55	+	func base_request(c *http.Client, u string, method string, matcher string) (int, string) {
56	+	req, _ := http.NewRequest(method, u, nil)
57	+	if req != nil {
58	+	resp, _ := c.Do(req)
59	+	if resp != nil {
60	+	contents, _ := ioutil.ReadAll(resp.Body)
61	+	if matcher == "check" {
62	+	body = string(contents)
63	+	}
64	+	base_size = len(contents)
65	+	resp.Body.Close()
66	+	}
67	+	}
68	+
69	+	return base_size, body
70	+	}
71	+
72	+
73	+	func requester(c *http.Client, u string, method string, list []string , verify bool, matcher string) {
74	+	req_base, _ := base_request(c, u, method, matcher)
75	+	for _, test := range list {
76	+	url := strings.Replace(u, "FUZZ", test, -1)
77	+	req_test, _ := base_request(c, url, method , matcher)
78	+	if req_test != req_base {
79	+	if verify != true {
80	+	fmt.Printf("%v %s\n", color.RedString("[!] Potential vulnerability found at:..🛠") , url)
81	+	fmt.Printf("%v\n", color.CyanString("[~] Storing for confirmation..✒"))
82	+	}
83	+	confirm = append(confirm, url)
84	+	}
85	+	}
86	+	if verify != true {
87	+	fmt.Printf("%v\n",color.YellowString("[>] Staring confirmation tests..🔍"))
88	+	}
89	+	matcher = "check"
90	+	for _, recheck_url = range confirm {
91	+	_, checkbody := base_request(c, recheck_url, method, matcher)
92	+	for _, query := range greps {
93	+	if strings.Contains(checkbody, query) {
94	+	fmt.Printf("%v %s\n", color.GreenString("[+] POC:..✨"), recheck_url)
95	+	}
96	+	}
97	+	}
98	+	}
99	+
100	+	func grep_add(path string) []string {
101	+	if path != "" {
102	+	file, err := os.Open(path)
103	+	if err != nil {
104	+	log.Fatal(err)
105	+	}
106	+	defer file.Close()
107	+
108	+	scanner := bufio.NewScanner(file)
109	+	for scanner.Scan() {
110	+	greps = append(greps, scanner.Text())
111	+	}
112	+
113	+	if err := scanner.Err(); err != nil {
114	+	log.Fatal(err)
115	+	}
116	+	} else {
117	+	greps = []string{"bount64yit", "uid=", "groups=" ,"Program Files", "Windows", "[boot loader]", "[drivers]", "[Mail]", "HTTP /1.1", "HTTP /1.0", "About php.ini", "root:x:", "root:*"}
118	+	}
119	+
120	+	return greps
121	+	}
122	+
123	+	func payloadlist(path string) []string {
124	+	file, err := os.Open(path)
125	+	if err != nil {
126	+	log.Fatal(err)
127	+	}
128	+	defer file.Close()
129	+
130	+	scanner := bufio.NewScanner(file)
131	+	for scanner.Scan() {
132	+	payloads = append(payloads, scanner.Text())
133	+	}
134	+
135	+	if err := scanner.Err(); err != nil {
136	+	log.Fatal(err)
137	+	}
138	+	return payloads
139	+	}
140	+
141	+	func Banner() {
142	+	color.HiGreen(`
143	+	__________ __ .___ __
144	+	\______ \ ____ __ __ _____/ \|_ ___.__. \| \|/ \|_
145	+	\| \| _// _ \\| \| \/ \ __< \| \| \| \ __\
146	+	\| \| ( <_> ) \| / \| \ \| \___ \| \| \|\| \|
147	+	\|______ /\____/\|____/\|___\| /__\| / ____\| \|___\|\|__\|
148	+	\/ \/ \/ v1.0
149	+	`)
150	+	color.HiRed(" " + "Made with <3 by @shivangx01b")
151	+
152	+	}
153	+
154	+	func ParseArguments() {
155	+	flag.IntVar(&Threads, "t", 40, "Number of workers to use..default 40. Ex: -t 50")
156	+	flag.StringVar(&payload, "p", "", "Feed the list of payloads to fuzz. Ex: -p ~/wordlists/lfi.txt")
157	+	flag.StringVar(&method, "method", "GET", "Add method name if required. Ex: -method PUT. Default \"GET\"")
158	+	flag.BoolVar(&verify, "verify", false, "Only prints confirmed results. Ex -verify ")
159	+	flag.StringVar(&grep, "grep", "", "Specify custom grepping singantures. Ex -grep singantures.txt")
160	+	flag.Parse()
161	+	}
162	+
163	+
164	+	func main() {
165	+	ParseArguments()
166	+	Banner()
167	+	checkin, _ := os.Stdin.Stat()
168	+	if checkin.Mode() & os.ModeNamedPipe > 0 {
169	+	if payload != "" {
170	+	list := payloadlist(payload)
171	+	grep_add(grep)
172	+	matcher = "nocheck"
173	+	urls := make(chan string, Threads)
174	+	processGroup := new(sync.WaitGroup)
175	+	processGroup.Add(Threads)
176	+
177	+	for i := 0; i < Threads; i++ {
178	+	c := getClient()
179	+	go func() {
180	+	defer processGroup.Done()
181	+	for u := range urls {
182	+	requester(c, u, method, list, verify, matcher)
183	+	}
184	+	}()
185	+	}
186	+
187	+	sc := bufio.NewScanner(os.Stdin)
188	+
189	+	for sc.Scan() {
190	+	urls <- sc.Text()
191	+	}
192	+	close(urls)
193	+	processGroup.Wait()
194	+	} else {
195	+	color.HiRed("\n[!] Must give payload list")
196	+	}
197	+	} else {
198	+	color.HiRed("\n[!] Check: BountyIt -h for arguments")
199	+	}
200	+	}

Add files via upload