STRLCPY/CVS

update
有安科技 committed 5 months ago

e31e04e3

1 parent 0c4d6c91

■ ■ ■ ■ ■ ■

README.md

		skipped 48 lines
49	49		- Output format support - JSON
50	50
51	51		## Usage
52		-	CVS consists of three parts: CVS scanner, PoC IDE, and OOB server. CVS scanner is used to read the scaned target information generated by Senluo and load PoC for vulnerability scanning. PoC IDE is used to write and debug vulnerability scripts and generate PoC files. OOB server is used for reverse connection platforms such as some vulnerabilities without echo to confirm the existence of vulnerabilities.VDSL syntax can be referenced https://github.com/Safe3/CVS/blob/main/VDSL.md
	52	+	CVS consists of three parts: CVS scanner, PoC IDE, and OOB server. CVS scanner is used to read the scaned target information generated by Senluo and load PoC for vulnerability scanning. PoC IDE is used to write and debug vulnerability scripts and generate PoC files. OOB server is used for reverse connection platforms such as some vulnerabilities without echo to confirm the existence of vulnerabilities.VDSL syntax can be refer to [VDSL](https://github.com/Safe3/CVS/blob/main/VDSL.md)
53	53
54	54		### Write PoC
55	55
		skipped 15 lines
71	71
72	72		This picture shows the writing process of the CVE-2022-46169 no echo vulnerability test script. CVS IDE provides the debug function for printing debugging information, which is compatible with fmt.Printf in the go language The usage is shown in the text box below. For vulnerabilities with echoes, the existence of the vulnerability can be confirmed directly by returning true. For scenarios that require some information to be returned, such as password cracking, a string can be returned to save the result, which is located in the info field of the result.json generated by the CVS scanner.
73	73
74		-	The functions in the PoC script are compatible with the help functions of Nuclei, please refer to them for details https://docs.projectdiscovery.io/templates/reference/helper-functions .In addition, CVS also provides a network library, please refer to https://github.com/Safe3/CVS/blob/main/library.md for details,so it is very convenient to convert Nuclei's vulnerability template into CVS's PoC. For more PoC examples, please refer to the yaml file in the poc directory of the CVS scanner.
	74	+	The functions in the PoC script are compatible with the help functions of Nuclei, please refer to them for details [helper-functions](https://docs.projectdiscovery.io/templates/reference/helper-functions) .In addition, CVS also provides a network library, please refer to [library](https://github.com/Safe3/CVS/blob/main/library.md) for details,so it is very convenient to convert Nuclei's vulnerability template into CVS's PoC. For more PoC examples, please refer to the yaml file in the poc directory of the CVS scanner.
75	75
76	76		### Setting up an OOB server
77	77
		skipped 13 lines
91	91		log_level: info
92	92		```
93	93
94		-	4.Open ports 80, 53, and 33333 on the server, and set the OOB server as the NS resolution server. For example, domain names on Alibaba Cloud can be referenced https://help.aliyun.com/zh/dws/user-guide/custom-dns-host to perform configuration
	94	+	4.Open ports 80, 53, and 33333 on the server, and set the OOB server as the NS resolution server. For example, domain names on Alibaba Cloud can be refer to [Link](https://help.aliyun.com/zh/dws/user-guide/custom-dns-host) performing configuration
95	95
96	96		### Enable CVS scanner
97	97
		skipped 56 lines

■ ■ ■ ■ ■ ■

README_CN.md

		skipped 54 lines
55	55
56	56		## 使用
57	57
58		-	CVS由三部分组成：CVS扫描器、PoC IDE和OOB服务器。CVS扫描器用于读取森罗空间测绘引擎生成的扫描目标信息，并加载PoC进行漏洞扫描。PoC IDE用于编写和调试漏洞脚本以及生成PoC文件。OOB服务器用于反向连接平台，如一些没有回显的漏洞，以确认漏洞的存在。VDSL语法可以参考https://github.com/Safe3/CVS/blob/main/VDSL_CN.md 。
	58	+	CVS由三部分组成：CVS扫描器、PoC IDE和OOB服务器。CVS扫描器用于读取森罗空间测绘引擎生成的扫描目标信息，并加载PoC进行漏洞扫描。PoC IDE用于编写和调试漏洞脚本以及生成PoC文件。OOB服务器用于反向连接平台，如一些没有回显的漏洞，以确认漏洞的存在。VDSL语法可以参考链接[VDSL语法](https://github.com/Safe3/CVS/blob/main/VDSL_CN.md) 。
59	59
60	60
61	61		### 编写PoC
		skipped 14 lines
76	76
77	77		此图展示的是CVE-2022-46169无回显漏洞测试脚本的编写过程，图中提供了 debug函数用于打印调试信息，该函数兼容go语言中fmt.Printf的用法，结果显示于下方方框。对于有回显的漏洞可以直接通过 return true 返回来确认漏洞存在，对于需要返回一些信息的场景，如密码破解等，可以return一个字符串来保存结果，结果位于CVS扫描器生成的result.json中的info字段中。
78	78
79		-	PoC脚本中的函数兼容Nuclei的帮助函数，详见https://docs.projectdiscovery.io/templates/reference/helper-functions ，另外CVS也提供了网络请求相关lib库，详见https://github.com/Safe3/CVS/blob/main/library.md 。所以你可以很方便的将Nuclei的漏洞模板转换成CVS的PoC。更多PoC样例可参考CVS扫描器poc目录下的yaml文件。
	79	+	PoC脚本中的函数兼容Nuclei的帮助函数，详见[链接](https://docs.projectdiscovery.io/templates/reference/helper-functions) ，另外CVS也提供了网络请求相关lib库，详见[链接](https://github.com/Safe3/CVS/blob/main/library_CN.md) 。所以你可以很方便的将Nuclei的漏洞模板转换成CVS的PoC。更多PoC样例可参考CVS扫描器poc目录下的yaml文件。
80	80
81	81		### 架设OOB服务器
82	82
		skipped 13 lines
96	96		log_level: info
97	97		```
98	98
99		-	4.放开服务器的80、53、33333端口访问，并将OOB服务器设置为NS解析服务器，如阿里云上的域名可以参考https://help.aliyun.com/zh/dws/user-guide/custom-dns-host 进行配置
	99	+	4.放开服务器的80、53、33333端口访问，并将OOB服务器设置为NS解析服务器，如阿里云上的域名可以参考[链接](https://help.aliyun.com/zh/dws/user-guide/custom-dns-host)进行配置
100	100
101	101		### 开启CVS扫描器
102	102
		skipped 56 lines

■ ■ ■ ■ ■ ■

VDSL_CN.md

		skipped 257 lines
258	258		c5 := char("X") // 'X'
259	259		```
260	260
261		-	## 操作符
	261	+	## 运算符
262	262
263		-	### 单目运算符
	263	+	### 一元运算符
264	264
265		-	\| Operator \| Usage \| Types \|
	265	+	\| 运算符 \| 用法 \| 类型 \|
266	266		\| :---: \| :---: \| :---: \|
267		-	\| `+` \| same as `0 + x` \| int, float \|
268		-	\| `-` \| same as `0 - x` \| int, float \|
269		-	\| `!` \| logical NOT \| all types* \|
270		-	\| `^` \| bitwise complement \| int \|
	267	+	\| `+` \| 等同 `0 + x` \| int, float \|
	268	+	\| `-` \| 等同 `0 - x` \| int, float \|
	269	+	\| `!` \| 逻辑非 \| all types* \|
	270	+	\| `^` \| 按位异或 \| int \|
271	271
272	272		在VDSL中，所有值都可以是真值也可以是假值
273	273
274		-	### Binary Operators
	274	+	### 二元运算符
275	275
276		-	\| Operator \| Usage \| Types \|
	276	+	\| 运算符 \| 用法 \| 类型 \|
277	277		\| :---: \| :---: \| :---: \|
278		-	\| `==` \| equal \| all types \|
279		-	\| `!=` \| not equal \| all types \|
280		-	\| `&&` \| logical AND \| all types \|
281		-	\| `\\|\\|` \| logical OR \| all types \|
282		-	\| `+` \| add/concat \| int, float, string, char, time, array \|
283		-	\| `-` \| subtract \| int, float, char, time \|
284		-	\| `*` \| multiply \| int, float \|
285		-	\| `/` \| divide \| int, float \|
286		-	\| `&` \| bitwise AND \| int \|
287		-	\| `\\|` \| bitwise OR \| int \|
288		-	\| `^` \| bitwise XOR \| int \|
289		-	\| `&^` \| bitclear (AND NOT) \| int \|
290		-	\| `<<` \| shift left \| int \|
291		-	\| `>>` \| shift right \| int \|
292		-	\| `<` \| less than \| int, float, char, time, string \|
293		-	\| `<=` \| less than or equal to \| int, float, char, time, string \|
294		-	\| `>` \| greater than \| int, float, char, time, string \|
295		-	\| `>=` \| greater than or equal to \| int, float, char, time, string \|
	278	+	\| `==` \| 检查两个值是否相等 \| all types \|
	279	+	\| `!=` \| 检查两个值是否不相等 \| all types \|
	280	+	\| `&&` \| 逻辑 AND 运算符 \| all types \|
	281	+	\| `\\|\\|` \| 逻辑 OR 运算符 \| all types \|
	282	+	\| `+` \| 相加/字符串连接 \| int, float, string, char, time, array \|
	283	+	\| `-` \| 相减 \| int, float, char, time \|
	284	+	\| `*` \| 相乘 \| int, float \|
	285	+	\| `/` \| 相除 \| int, float \|
	286	+	\| `&` \| 按位与运算符 \| int \|
	287	+	\| `\\|` \| 按位或运算符 \| int \|
	288	+	\| `^` \| 按位异或运算符 \| int \|
	289	+	\| `&^` \| 位清除（AND NOT） \| int \|
	290	+	\| `<<` \| 左移运算符 \| int \|
	291	+	\| `>>` \| 右移运算符 \| int \|
	292	+	\| `<` \| 检查左边值是否小于右边值 \| int, float, char, time, string \|
	293	+	\| `<=` \| 检查左边值是否小于等于右边值 \| int, float, char, time, string \|
	294	+	\| `>` \| 检查左边值是否大于右边值 \| int, float, char, time, string \|
	295	+	\| `>=` \| 检查左边值是否大于等于右边值 \| int, float, char, time, string \|
296	296
297	297		### 三目操作符
298	298
		skipped 10 lines
309	309
310	310		### 赋值和增量运算符
311	311
312		-	\| Operator \| Usage \|
	312	+	\| 运算符 \| 用法 \|
313	313		\| :---: \| :---: \|
314	314		\| `+=` \| `(lhs) = (lhs) + (rhs)` \|
315	315		\| `-=` \| `(lhs) = (lhs) - (rhs)` \|
		skipped 163 lines
479	479		[^note]:
480	480		如果在Go中使用VDSL作为库，则可以自定义文件扩展名“`.dsl`”。在这种情况下，请使用“Compiler”类型的“SetImportFileExt”函数。
481	481
482		-	请参阅[转到参考](https://pkg.go.dev/dsl)详细信息。
483		-
484	482		在VDSL中，模块与函数非常相似。
485	483
486	484		- `import` 表达式加载模块代码并像函数一样执行它。
		skipped 28 lines
515	513		与Go不同，VDSL没有以下功能：
516	514
517	515		- Declarations
518		-	- Imaginary values
	516	+	- Imaginary 值
519	517		- Structs
520	518		- Pointers
521	519		- Channels
522	520		- Goroutines
523		-	- Tuple assignment
524		-	- Variable parameters
525		-	- Switch statement
526		-	- Goto statement
527		-	- Defer statement
	521	+	- Tuple 赋值
	522	+	- Variable 参数
	523	+	- Switch 语句
	524	+	- Goto 语句
	525	+	- Defer 语句
528	526		- Panic
529		-	- Type assertion
	527	+	- Type 断言
530	528

■ ■ ■ ■ ■ ■

library_CN.md

1	+	# 库 - "http"
2	+
3	+	```golang
4	+	resp := http.req("https://www.uusec.com", {method: "PUT"})
5	+	if is_error(resp) {
6	+	debug("err: %s",resp.value)
7	+	return
8	+	}
9	+	debug("%d %s %s",resp.status,resp.headers["Content-Type"],resp.body)
10	+	```
11	+	## 函数
12	+
13	+	- `req(url string,{method: string, headers: map, body: string, follow_redirects: bool, max_read_length: int, timeout: int }) => Http/error`: 发送http请求并返回 Http 对象或 error，第二个参数项是可选的。
14	+
15	+	## 返回Http对象
16	+
17	+	- `status => int`: http响应状态代码。
18	+	- `headers => map`: http响应标头。
19	+	- `body => string`: http响应主体。
20	+
21	+
22	+
23	+	# 库 - "net"
24	+
25	+	```golang
26	+	sock := net.dial("www.uusec.com:80")
27	+	if is_error(sock) {
28	+	debug("err: %s",sock.value)
29	+	return
30	+	}
31	+	n := sock.write_all("GET / HTTP/1.0\r\nHost: www.uusec.com\r\n\r\n")
32	+	if is_error(n) {
33	+	debug("err: %s",n.value)
34	+	return
35	+	}
36	+	data := sock.read_all()
37	+	debug("data: %s",string(data))
38	+	```
39	+	## 函数
40	+
41	+	- `dial(addr string, {proto: string, tls: bool, idle_timeout: int, total_timeout: int}) => Net/error`: 使用tcp或udp协议拨号，带或不带tls，并返回Net或error，第二个参数项是可选的。
42	+
43	+	## 返回Net对象
44	+
45	+	- `close() => error`: 关闭 socket.
46	+	- `read(out bytes) => int/error`: 将数据从套接字读取一次到参数out并返回读取长度
47	+	- `write(data bytes) => int/error`: 将数据写入套接字一次并返回写入的长度。
48	+	- `set_read_deadline(seconds int) => error`: 设置read函数的读取超时。
49	+	- `set_write_deadline(seconds int) => error`: 设置write函数的写入超时。
50	+	- `read_all(maxlen int) => bytes/error`: 从套接字读取数据，直到达到最大长度，此参数是可选的。
51	+	- `read_until(pattern string) => bytes/error`: 从套接字读取数据，直到正则表达式模式匹配。
52	+
53	+	- `write_all(data bytes) => int/error`: 如果可能，将所有数据写入套接字，并返回写入长度。
54	+

update