crash.software
Projects
Pull Requests
Issues
Builds
csprecon
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY csprecon Commits 1fc96ec0
🤬
  • ■ ■ ■ ■ ■ ■
    go.mod
    skipped 4 lines
    5 5  require github.com/projectdiscovery/utils v0.0.3
    6 6   
    7 7  require (
     8 + github.com/PuerkitoBio/goquery v1.8.0 // indirect
     9 + github.com/andybalholm/cascadia v1.3.1 // indirect
    8 10   github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 // indirect
    9 11   github.com/projectdiscovery/fileutil v0.0.0-20220705195237-01becc2a8963 // indirect
    10 12   github.com/projectdiscovery/stringsutil v0.0.2 // indirect
    skipped 20 lines
  • ■ ■ ■ ■ ■ ■
    go.sum
     1 +github.com/PuerkitoBio/goquery v1.8.0 h1:PJTF7AmFCFKk1N6V6jmKfrNH9tV5pNE6lZMkG0gta/U=
     2 +github.com/PuerkitoBio/goquery v1.8.0/go.mod h1:ypIiRMtY7COPGk+I/YbZLbxsxn9g5ejnI2HSMtkjZvI=
     3 +github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
     4 +github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
    1 5  github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
    2 6  github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
    3 7  github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
    skipped 47 lines
    51 55  github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
    52 56  github.com/stretchr/testify v1.7.3/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
    53 57  github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
     58 +golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
    54 59  golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
    55 60  golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
    56 61  golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
     62 +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
     63 +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
    57 64  golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
    58 65  golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
     66 +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
    59 67  golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
     68 +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
    60 69  golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
    61 70  golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
    62 71  gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
    skipped 6 lines
  • ■ ■ ■ ■ ■
    pkg/csprecon/csp.go
    skipped 1 lines
    2 2   
    3 3  import (
    4 4   "crypto/tls"
    5  - "io"
    6 5   "net"
    7 6   "net/http"
    8 7   "regexp"
    skipped 1 lines
    10 9   "time"
    11 10   
    12 11   "github.com/edoardottt/golazy"
    13  - "golang.org/x/net/html"
    14 12  )
    15 13   
    16 14  const (
    skipped 2 lines
    19 17   DomainRegex = `.*[a-zA-Z\_\-0-9]+\.[a-z]+`
    20 18  )
    21 19   
    22  -func checkCSP(url string, r *regexp.Regexp, client *http.Client) ([]string, error) {
     20 +func checkCSP(url string, rCSP *regexp.Regexp, client *http.Client) ([]string, error) {
    23 21   var (
    24 22   result = []string{}
    25 23   headerCSP []string
    26  - bodyCSP []string
    27 24   )
    28 25   
    29 26   req, err := http.NewRequest(http.MethodGet, url, nil)
    skipped 8 lines
    38 35   
    39 36   defer resp.Body.Close()
    40 37   
    41  - headerCSP = parseCSP(resp.Header.Get("Content-Security-Policy"), r)
    42  - if len(headerCSP) == 0 {
    43  - bodyCSP, err = parseCSPBody(resp.Body, r)
    44  - if err != nil {
    45  - return result, nil
    46  - }
    47  - }
    48  - 
     38 + headerCSP = parseCSP(resp.Header.Get("Content-Security-Policy"), rCSP)
    49 39   result = append(result, headerCSP...)
    50  - result = append(result, bodyCSP...)
    51 40   
    52 41   return result, nil
    53 42  }
    skipped 21 lines
    75 64   }
    76 65   
    77 66   return result
    78  -}
    79  - 
    80  -func parseCSPBody(input io.ReadCloser, r *regexp.Regexp) ([]string, error) {
    81  - result := []string{}
    82  - 
    83  - doc, err := html.Parse(input)
    84  - if err != nil {
    85  - return result, err
    86  - }
    87  - 
    88  - bodyString, err := io.ReadAll(input)
    89  - if err != nil {
    90  - return result, err
    91  - }
    92  - 
    93  - if strings.Contains(string(bodyString), `http-equiv="Content-Security-Policy"`) {
    94  - // Recursively visit nodes in the parse tree
    95  - var f func(*html.Node)
    96  - f = func(n *html.Node) {
    97  - if n.Data == "meta" {
    98  - for _, a := range n.Attr {
    99  - if a.Key == "content" {
    100  - result = parseCSP(a.Val, r)
    101  - break
    102  - }
    103  - }
    104  - }
    105  - 
    106  - for c := n.FirstChild; c != nil; c = c.NextSibling {
    107  - f(c)
    108  - }
    109  - }
    110  - f(doc)
    111  - }
    112  - 
    113  - return result, nil
    114 67  }
    115 68   
    116 69  func customClient(timeout int) *http.Client {
    skipped 33 lines
Please wait...
Page is in error, reload to recover