feat: implement api mode

lunchcat · Jun 22, 2024 · 235c8cc · 235c8cc
1 parent e7425f1
commit 235c8cc
Show file tree

Hide file tree

Showing 10 changed files with 212 additions and 84 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -8,21 +8,22 @@ import (
 )
 
 type Settings struct {
-	Dirlist string
-	Dnslist string
-	Debug   bool
-	LogDir  string
-	NoScan  bool
-	Ports   string
-	Dorking bool
-	Git     bool
-	Whois   bool
-	Threads int
-	Nuclei  bool
-	Timeout time.Duration
-	URLs    goflags.StringSlice
-	File    string
-	ApiMode bool
+	Dirlist    string
+	Dnslist    string
+	Debug      bool
+	LogDir     string
+	NoScan     bool
+	Ports      string
+	Dorking    bool
+	Git        bool
+	Whois      bool
+	Threads    int
+	Nuclei     bool
+	JavaScript bool
+	Timeout    time.Duration
+	URLs       goflags.StringSlice
+	File       string
+	ApiMode    bool
 }
 
 const (
@@ -60,6 +61,7 @@ func Parse() *Settings {
 		flagSet.BoolVar(&settings.Nuclei, "nuclei", false, "Enable scanning using nuclei templates"),
 		flagSet.BoolVar(&settings.NoScan, "noscan", false, "Do not perform base URL (robots.txt, etc) scanning"),
 		flagSet.BoolVar(&settings.Whois, "whois", false, "Enable WHOIS lookup"),
+		flagSet.BoolVar(&settings.JavaScript, "js", false, "Enable JavaScript scans"),
 	)
 
 	flagSet.CreateGroup("runtime", "Runtime",

diff --git a/pkg/scan/dirlist.go b/pkg/scan/dirlist.go
@@ -22,7 +22,12 @@ const (
 	bigFile      = "directory-list-2.3-big.txt"
 )
 
-func Dirlist(size string, url string, timeout time.Duration, threads int, logdir string) {
+type DirectoryResult struct {
+	Url        string `json:"url"`
+	StatusCode int    `json:"status_code"`
+}
+
+func Dirlist(size string, url string, timeout time.Duration, threads int, logdir string) ([]DirectoryResult, error) {
 
 	fmt.Println(styles.Separator.Render("📂 Starting " + styles.Status.Render("directory fuzzing") + "..."))
 
@@ -31,7 +36,7 @@ func Dirlist(size string, url string, timeout time.Duration, threads int, logdir
 	if logdir != "" {
 		if err := logger.WriteHeader(sanitizedURL, logdir, size+" directory fuzzing"); err != nil {
 			log.Errorf("Error creating log file: %v", err)
-			return
+			return nil, err
 		}
 	}
 
@@ -55,7 +60,7 @@ func Dirlist(size string, url string, timeout time.Duration, threads int, logdir
 	resp, err := http.Get(list)
 	if err != nil {
 		log.Errorf("Error downloading directory list: %s", err)
-		return
+		return nil, err
 	}
 	defer resp.Body.Close()
 	var directories []string
@@ -71,6 +76,8 @@ func Dirlist(size string, url string, timeout time.Duration, threads int, logdir
 
 	var wg sync.WaitGroup
 	wg.Add(threads)
+
+	results := []DirectoryResult{}
 	for thread := 0; thread < threads; thread++ {
 		go func(thread int) {
 			defer wg.Done()
@@ -93,9 +100,17 @@ func Dirlist(size string, url string, timeout time.Duration, threads int, logdir
 					if logdir != "" {
 						logger.Write(sanitizedURL, logdir, fmt.Sprintf("%s [%s]\n", strconv.Itoa(resp.StatusCode), directory))
 					}
+
+					result := DirectoryResult{
+						Url:        resp.Request.URL.String(),
+						StatusCode: resp.StatusCode,
+					}
+					results = append(results, result)
 				}
 			}
 		}(thread)
 	}
 	wg.Wait()
+
+	return results, nil
 }
diff --git a/pkg/scan/dnslist.go b/pkg/scan/dnslist.go
@@ -21,7 +21,7 @@ const (
 	dnsBigFile    = "subdomains-10000.txt"
 )
 
-func Dnslist(size string, url string, timeout time.Duration, threads int, logdir string) {
+func Dnslist(size string, url string, timeout time.Duration, threads int, logdir string) ([]string, error) {
 
 	fmt.Println(styles.Separator.Render("📡 Starting " + styles.Status.Render("DNS fuzzing") + "..."))
 
@@ -45,7 +45,7 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir
 	resp, err := http.Get(list)
 	if err != nil {
 		log.Errorf("Error downloading DNS list: %s", err)
-		return
+		return nil, err
 	}
 	defer resp.Body.Close()
 	var dns []string
@@ -60,7 +60,7 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir
 	if logdir != "" {
 		if err := logger.WriteHeader(sanitizedURL, logdir, size+" subdomain fuzzing"); err != nil {
 			log.Errorf("Error creating log file: %v", err)
-			return
+			return nil, err
 		}
 	}
 
@@ -70,6 +70,8 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir
 
 	var wg sync.WaitGroup
 	wg.Add(threads)
+
+	urls := []string{}
 	for thread := 0; thread < threads; thread++ {
 		go func(thread int) {
 			defer wg.Done()
@@ -80,10 +82,11 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir
 				}
 
 				log.Debugf("Looking up: %s", domain)
-				_, err := client.Get("http://" + domain + "." + sanitizedURL)
+				resp, err := client.Get("http://" + domain + "." + sanitizedURL)
 				if err != nil {
 					log.Debugf("Error %s: %s", domain, err)
 				} else {
+					urls = append(urls, resp.Request.URL.String())
 					dnslog.Infof("%s %s.%s", styles.Status.Render("[http]"), styles.Highlight.Render(domain), sanitizedURL)
 
 					if logdir != "" {
@@ -97,10 +100,11 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir
 					}
 				}
 
-				_, err = client.Get("https://" + domain + "." + sanitizedURL)
+				resp, err = client.Get("https://" + domain + "." + sanitizedURL)
 				if err != nil {
 					log.Debugf("Error %s: %s", domain, err)
 				} else {
+					urls = append(urls, resp.Request.URL.String())
 					dnslog.Infof("%s %s.%s", styles.Status.Render("[https]"), styles.Highlight.Render(domain), sanitizedURL)
 					if logdir != "" {
 						logger.Write(sanitizedURL, logdir, fmt.Sprintf("[https] %s.%s\n", domain, sanitizedURL))
@@ -110,4 +114,6 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir
 		}(thread)
 	}
 	wg.Wait()
+
+	return urls, nil
 }
diff --git a/pkg/scan/dork.go b/pkg/scan/dork.go
@@ -21,7 +21,12 @@ const (
 	dorkFile = "dork.txt"
 )
 
-func Dork(url string, timeout time.Duration, threads int, logdir string) {
+type DorkResult struct {
+	Url   string `json:"url"`
+	Count int    `json:"count"`
+}
+
+func Dork(url string, timeout time.Duration, threads int, logdir string) ([]DorkResult, error) {
 
 	fmt.Println(styles.Separator.Render("🤓 Starting " + styles.Status.Render("URL Dorking") + "..."))
 
@@ -30,7 +35,7 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) {
 	if logdir != "" {
 		if err := logger.WriteHeader(sanitizedURL, logdir, "URL dorking"); err != nil {
 			log.Errorf("Error creating log file: %v", err)
-			return
+			return nil, err
 		}
 	}
 
@@ -43,7 +48,7 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) {
 	resp, err := http.Get(dorkURL + dorkFile)
 	if err != nil {
 		log.Errorf("Error downloading dork list: %s", err)
-		return
+		return nil, err
 	}
 	defer resp.Body.Close()
 	var dorks []string
@@ -56,6 +61,8 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) {
 	// util.InitProgressBar()
 	var wg sync.WaitGroup
 	wg.Add(threads)
+
+	dorkResults := []DorkResult{}
 	for thread := 0; thread < threads; thread++ {
 		go func(thread int) {
 			defer wg.Done()
@@ -71,9 +78,18 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) {
 					if logdir != "" {
 						logger.Write(sanitizedURL, logdir, fmt.Sprintf("%s dork results found for dork [%s]\n", strconv.Itoa(len(results)), dork))
 					}
+
+					result := DorkResult{
+						Url:   dork,
+						Count: len(results),
+					}
+
+					dorkResults = append(dorkResults, result)
 				}
 			}
 		}(thread)
 	}
 	wg.Wait()
+
+	return dorkResults, nil
 }
diff --git a/pkg/scan/git.go b/pkg/scan/git.go
@@ -20,7 +20,7 @@ const (
 	gitFile = "git.txt"
 )
 
-func Git(url string, timeout time.Duration, threads int, logdir string) {
+func Git(url string, timeout time.Duration, threads int, logdir string) ([]string, error) {
 
 	fmt.Println(styles.Separator.Render("🌿 Starting " + styles.Status.Render("git repository scanning") + "..."))
 
@@ -29,7 +29,7 @@ func Git(url string, timeout time.Duration, threads int, logdir string) {
 	if logdir != "" {
 		if err := logger.WriteHeader(sanitizedURL, logdir, "git directory fuzzing"); err != nil {
 			log.Errorf("Error creating log file: %v", err)
-			return
+			return nil, err
 		}
 	}
 
@@ -42,7 +42,7 @@ func Git(url string, timeout time.Duration, threads int, logdir string) {
 	resp, err := http.Get(gitURL + gitFile)
 	if err != nil {
 		log.Errorf("Error downloading git list: %s", err)
-		return
+		return nil, err
 	}
 	defer resp.Body.Close()
 	var gitUrls []string
@@ -59,6 +59,8 @@ func Git(url string, timeout time.Duration, threads int, logdir string) {
 
 	var wg sync.WaitGroup
 	wg.Add(threads)
+
+	foundUrls := []string{}
 	for thread := 0; thread < threads; thread++ {
 		go func(thread int) {
 			defer wg.Done()
@@ -74,15 +76,19 @@ func Git(url string, timeout time.Duration, threads int, logdir string) {
 					log.Debugf("Error %s: %s", repourl, err)
 				}
 
-				if resp.StatusCode != 404 {
+				if resp.StatusCode == 200 && !strings.HasPrefix(resp.Header.Get("Content-Type"), "text/html") {
 					// log url, directory, and status code
 					gitlog.Infof("%s git found at [%s]", styles.Status.Render(strconv.Itoa(resp.StatusCode)), styles.Highlight.Render(repourl))
 					if logdir != "" {
 						logger.Write(sanitizedURL, logdir, fmt.Sprintf("%s git found at [%s]\n", strconv.Itoa(resp.StatusCode), repourl))
 					}
+
+					foundUrls = append(foundUrls, resp.Request.URL.String())
 				}
 			}
 		}(thread)
 	}
 	wg.Wait()
+
+	return foundUrls, nil
 }