🚨 增加重定向参数，用户可以自定义是否要3xx跳转

Author: SummerSec

cmd/commons/core/banner.go

@@ -15,7 +15,7 @@ const banner = `
 `
 
 // TODO 修改版本号
-const version = "0.1.5"
+const version = "0.1.4"
 
 func ShowBanner() {
 	fmt.Println(banner)

cmd/commons/core/options.go

@@ -48,6 +48,8 @@ type Options struct {
 	H1 bool
 	// 更新到最新版本
 	Update bool
+	// 重定向
+	Redirect bool
 }
 
 func (o Options) toString() interface{} {
@@ -75,6 +77,7 @@ func ParseOptions() *Options {
 	flag.BoolVar(&options.Shell, "shell", false, "whether to enter the interactive shell")
 	flag.BoolVar(&options.H1, "h1", false, "force to use HTTP 1.1")
 	flag.BoolVar(&options.Update, "update", false, "update to the latest version")
+	flag.BoolVar(&options.Redirect, "redirect", false, "whether to follow redirect")
 	flag.Parse()
 
 	// TODO 修改版本号

cmd/commons/core/update2.go

@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"fmt"
 	"github.com/blang/semver"
+	"github.com/projectdiscovery/stringsutil"
 	"github.com/rhysd/go-github-selfupdate/selfupdate"
 	log "github.com/sirupsen/logrus"
 	"os"
@@ -48,13 +49,17 @@ func confirmAndSelfUpdate() {
 		return
 	}
 
-	fmt.Print("Do you want to update to", latest.Version, "? (y/n): ")
+	fmt.Print("Do you want to update to latest version ", latest.Version, "? (y/n): ")
 	input, err := bufio.NewReader(os.Stdin).ReadString('\n')
-	if err != nil || (input != "y\n" && input != "n\n") {
+	// 如果input 存在\r或者\n，则去掉
+	if stringsutil.HasSuffixAny(input, "\r\n", "\n", "\r") {
+		input = stringsutil.TrimSuffixAny(input, "\r\n", "\n", "\r")
+	}
+	if err != nil || (input != "y" && input != "n" && input != "Y" && input != "N") {
 		log.Println("Invalid input")
 		return
 	}
-	if input == "n\n" {
+	if input == "n" {
 		return
 	}
 

cmd/commons/poc/2021/CVE-2021-26084.go

@@ -32,6 +32,7 @@ func (p CVE202126084) SendPoc(target string, hashmap map[string]interface{}) {
 	reqmap["proxy"] = hashmap["Proxy"].(string)
 	reqmap["mode"] = hashmap["Mode"].(int)
 	reqmap["h1"] = hashmap["H1"].(bool)
+	reqmap["redirect"] = hashmap["Redirect"].(bool)
 
 	file := hashmap["Out"].(string)
 	utils.Send(reqmap)

cmd/commons/poc/2022/CVE-2022-22947.go

@@ -57,11 +57,13 @@ func (p CVE202222947) SendPoc(target string, hashmap map[string]interface{}) {
 	payload := "{\n      \"id\": \"%s\",\n      \"filters\": [{\n        \"name\": \"AddResponseHeader\",\n        \"args\": {\"name\": \"Result\",\"value\": \"%s\"}\n        }],\n      \"uri\": \"http://127.0.0.1\",\n      \"order\": 0\n}"
 	a := fmt.Sprintf(payload, id, GodzillaNettyMemshell)
 	reqmap["body"] = a
+	// 默认配置
 	reqmap["timeout"] = hashmap["Timeout"].(int)
 	reqmap["retry"] = hashmap["Retry"].(int)
 	reqmap["proxy"] = hashmap["Proxy"].(string)
 	reqmap["mode"] = hashmap["Mode"].(int)
 	reqmap["h1"] = hashmap["H1"].(bool)
+	reqmap["redirect"] = hashmap["Redirect"].(bool)
 
 	f := 0
 	for true {

cmd/commons/poc/2022/CVE-2022-22963.go

@@ -28,12 +28,13 @@ func (p CVE202222963) SendPoc(target string, hashmap map[string]interface{}) {
 	//payload := "T(java.net.InetAddress).getByName(\"" + ranStr + ".skysa.eyes.sh\")"
 	log.Debugf("payload: %s", payload)
 	log.Debugf("dnslog: %s", dnslog)
-
+	// 默认参数
 	reqmap["timeout"] = hashmap["Timeout"].(int)
 	reqmap["retry"] = hashmap["Retry"].(int)
 	reqmap["proxy"] = hashmap["Proxy"].(string)
 	reqmap["mode"] = hashmap["Mode"].(int)
 	reqmap["h1"] = hashmap["H1"].(bool)
+	reqmap["redirect"] = hashmap["Redirect"].(bool)
 	reqmap["headers"] = map[string]string{
 		"User-Agent":   utils.GetUA(),
 		"Content-Type": "application/x-www-form-urlencoded",

cmd/commons/poc/2022/CVE-2022-22965.go

@@ -58,6 +58,7 @@ func (p CVE202222965) SendPoc(target string, hashmap map[string]interface{}) {
 	reqmap["proxy"] = hashmap["Proxy"].(string)
 	reqmap["mode"] = hashmap["Mode"].(int)
 	reqmap["h1"] = hashmap["H1"].(bool)
+	reqmap["redirect"] = hashmap["Redirect"].(bool)
 	f := 0
 	for f < 2 {
 		time.Sleep(time.Second * 1)

cmd/commons/poc/IsAliveUrl.go

@@ -33,6 +33,7 @@ func (t IsAliveUrl) CheckExp(resp *req.Response, target string, hashmap map[stri
 	reqmap := req2.NewReqInfoToMap(hashmap)
 	reqmap["url"] = target
 	reqmap["method"] = "HEAD"
+	reqmap["redirect"] = true
 	headers := map[string]string{
 		"User-Agent": utils.GetUA(),
 	}

cmd/commons/req/request.go

@@ -3,15 +3,16 @@ package req
 import "github.com/fatih/structs"
 
 type ReqInfo struct {
-	Method  string
-	Url     string
-	Body    string
-	Header  map[string]string
-	Proxy   string
-	Timeout string
-	Retry   string
-	Mode    string
-	H1      bool
+	Method   string
+	Url      string
+	Body     string
+	Header   map[string]string
+	Proxy    string
+	Timeout  string
+	Retry    string
+	Mode     string
+	H1       bool
+	Redirect bool
 }
 
 //func (r *ReqInfo) Method() string {
@@ -95,37 +96,40 @@ type ReqInfo struct {
 
 func NewReqInfo() ReqInfo {
 	reqInfo := ReqInfo{
-		Method:  "",
-		Url:     "",
-		Body:    "",
-		Header:  make(map[string]string),
-		Proxy:   "",
-		Timeout: "10",
-		Retry:   "3",
-		Mode:    "0",
-		H1:      false,
+		Method:   "",
+		Url:      "",
+		Body:     "",
+		Header:   make(map[string]string),
+		Proxy:    "",
+		Timeout:  "10",
+		Retry:    "3",
+		Mode:     "0",
+		H1:       false,
+		Redirect: false,
 	}
 	return reqInfo
 }
 
 func NewReqInfoToMap(hashmap map[string]interface{}) map[string]interface{} {
 	reqInfo := ReqInfo{
-		Method:  "",
-		Url:     "",
-		Body:    "",
-		Header:  make(map[string]string),
-		Proxy:   "",
-		Timeout: "10",
-		Retry:   "3",
-		Mode:    "0",
-		H1:      false,
+		Method:   "",
+		Url:      "",
+		Body:     "",
+		Header:   make(map[string]string),
+		Proxy:    "",
+		Timeout:  "10",
+		Retry:    "3",
+		Mode:     "0",
+		H1:       false,
+		Redirect: false,
 	}
 	reqmap := structs.Map(reqInfo)
 	reqmap["timeout"] = hashmap["Timeout"].(int)
 	reqmap["retry"] = hashmap["Retry"].(int)
 	reqmap["mode"] = hashmap["Mode"].(int)
 	reqmap["h1"] = hashmap["H1"].(bool)
 	reqmap["proxy"] = hashmap["Proxy"].(string)
+	reqmap["redirect"] = hashmap["Redirect"].(bool)
 	reqmap["body"] = ""
 
 	return reqmap

cmd/commons/utils/httpclient.go

@@ -6,7 +6,7 @@ import (
 	"time"
 )
 
-func InIt(mode int, timeout int, proxy string, retry int, h1 bool) (client *req.Client) {
+func InIt(mode int, timeout int, proxy string, retry int, h1 bool, redirect bool) (client *req.Client) {
 	log.Debugf("init httpclient")
 	client = req.NewClient()
 	if mode != 0 {
@@ -23,9 +23,13 @@ func InIt(mode int, timeout int, proxy string, retry int, h1 bool) (client *req.
 	// 设置超时时间
 	client.SetTimeout(time.Duration(timeout) * time.Second)
 	client.SetCommonRetryCount(retry)
+
 	client.EnableInsecureSkipVerify()
-	// 重定向设置
-	client.SetRedirectPolicy(req.NoRedirectPolicy())
+	// 重定向设置, 如果不设置, 默认为true 即重定向
+	if !redirect {
+		log.Debug("redirect is true")
+		client.SetRedirectPolicy(req.NoRedirectPolicy())
+	}
 	// 设置代理
 	f := IsProxyUrl(proxy)
 	if f {
@@ -51,8 +55,9 @@ func Send(hashmap map[string]interface{}) (resp *req.Response) {
 	headers := hashmap["headers"].(map[string]string)
 	body := hashmap["body"]
 	h1 := hashmap["h1"].(bool)
+	redirect := hashmap["redirect"].(bool)
 
-	client := InIt(mode, timeout, proxy, retry, h1)
+	client := InIt(mode, timeout, proxy, retry, h1, redirect)
 
 	reqt := client.R().EnableDump()
 	reqs := SetRequest(reqt, headers, body.(string))

cmd/commons/utils/readfile.go

@@ -2,6 +2,7 @@ package utils
 
 import (
 	"bufio"
+	"github.com/projectdiscovery/stringsutil"
 	log "github.com/sirupsen/logrus"
 	"os"
 	"os/exec"
@@ -37,18 +38,22 @@ func ReadFile(path string) (urls []string, err error) {
 		if strings.TrimSpace(str) == "" {
 			continue
 		}
-		// 如果str结尾存在\n，则去掉
-		if strings.HasSuffix(str, "\n") {
-			str = strings.TrimSuffix(str, "\n")
-		}
-		// 如果str结尾存在\r，则去掉
-		if strings.HasSuffix(str, "\r") {
-			str = strings.TrimSuffix(str, "\r")
-		}
+		//如果str结尾存在\n，则去掉
+		//if strings.HasSuffix(str, "\n") {
+		//	str = strings.TrimSuffix(str, "\n")
+		//}
+		//如果str结尾存在\r，则去掉
+		//if strings.HasSuffix(str, "\r") {
+		//	str = strings.TrimSuffix(str, "\r")
+		//}
 		//// 如果str结尾存在\r\n，则去掉
 		//if strings.HasSuffix(str, "\r\n") {
 		//	str = strings.TrimSuffix(str, "\r\n")
 		//}
+
+		if stringsutil.HasSuffixAny(str, "\r\n", "\n", "\r") {
+			str = stringsutil.TrimSuffixAny(str, "\r\n", "\n", "\r")
+		}
 		log.Debugf("The url is : %s", str)
 		lins = append(lins, str)
 	}

go.mod

@@ -22,6 +22,7 @@ require (
 	//github.com/gosuri/uilive v0.0.4 // indirect
 	//github.com/gosuri/uiprogress v0.0.1 // indirect
 	github.com/panjf2000/ants/v2 v2.5.0
+	github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe
 	github.com/rhysd/go-github-selfupdate v1.2.3
 //github.com/tj/go-update v2.2.5-0.20200519121640-62b4b798fd68+incompatible
 )

go.sum

@@ -136,6 +136,7 @@ github.com/projectdiscovery/ipranger v0.0.2/go.mod h1:kcAIk/lo5rW+IzUrFkeYyXnFJ+
 github.com/projectdiscovery/mapcidr v0.0.4/go.mod h1:ALOIj6ptkWujNoX8RdQwB2mZ+kAmKuLJBq9T5gR5wG0=
 github.com/projectdiscovery/mapcidr v0.0.9 h1:PIa09fMHdghlmkUeTgHP9bwYnb3k2wXXM2f6LMj26zg=
 github.com/projectdiscovery/mapcidr v0.0.9/go.mod h1:zgsrc+UXwcLcBopUNboiI4tpTICbfdTyJZiBi2tx+NI=
+github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe h1:tQTgf5XLBgZbkJDPtnV3SfdP9tzz5ZWeDBwv8WhnH9Q=
 github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe/go.mod h1:oTRc18WBv9t6BpaN9XBY+QmG28PUpsyDzRht56Qf49I=
 github.com/rhysd/go-github-selfupdate v1.2.3 h1:iaa+J202f+Nc+A8zi75uccC8Wg3omaM7HDeimXA22Ag=
 github.com/rhysd/go-github-selfupdate v1.2.3/go.mod h1:mp/N8zj6jFfBQy/XMYoWsmfzxazpPAODuqarmPDe2Rg=