Skip to content

Commit

Permalink
[fix] 修复 web 页面修改插件不生效的问题
Browse files Browse the repository at this point in the history
  • Loading branch information
yhy0 committed Jan 5, 2024
1 parent 938a4c8 commit 06aa81b
Show file tree
Hide file tree
Showing 7 changed files with 174 additions and 159 deletions.
4 changes: 2 additions & 2 deletions Jie_config.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 1.0.0
version: 1.0.1

parallel: 10 #同时运行几个插件

Expand Down Expand Up @@ -124,7 +124,7 @@ mitmproxy:
-
# 排除的后缀, 不会被扫描器扫描 按格式增加
filterSuffix: .3g2, .3gp, .7z, .apk, .arj, .avi, .axd, .bmp, .csv, .deb, .dll, .doc, .drv, .eot, .exe, .flv, .gif, .gifv, .gz, .h264, .ico, .iso, .jar, .jpeg, .jpg, .lock, .m4a, .m4v, .map, .mkv, .mov, .mp3, .mp4, .mpeg, .mpg, .msi, .ogg, .ogm, .ogv, .otf, .pdf, .pkg, .png, .ppt, .psd, .rar, .rm, .rpm, .svg, .swf, .sys, .tar.gz, .tar, .tif, .tiff, .ttf, .txt, .vob, .wav, .webm, .webp, .wmv, .woff, .woff2, .xcf, .xls, .xlsx, .zip
maxLength: 3000 # 这个还没有实现,我没有使用队列. 队列长度限制, 也可以理解为最大允许多少等待扫描的请求, 请根据内存大小自行调整
maxLength: 3000 # 队列长度限制, 也可以理解为最大允许多少等待扫描的请求, 请根据内存大小自行调整,这个还没有实现,我没有使用队列

# 信息收集类的正则
collection:
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<img alt="Release" src="https://img.shields.io/github/license/yhy0/Jie"/>
</a>
<a href="https://github.com/yhy0/Jie">
<img alt="Release" src="https://img.shields.io/badge/release-v1.0.1-brightgreen"/>
<img alt="Release" src="https://img.shields.io/badge/release-v1.0.2-brightgreen"/>
</a>
<a href="https://github.com/yhy0/Jie">
<img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/yhy0/Jie?color=9cf"/>
Expand Down
2 changes: 2 additions & 0 deletions SCopilot/templates/config.html
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ <h3 class="fs-4">Security Copilot Report - Jie</h3>
<div class="card-title d-flex justify-content-center">
<h3>配置</h3>
</div>
<div class="card-title d-flex justify-content-center alert alert-warning">web 页面修改并不会同步到配置文件(不影响生效,但如果修改配置文件后,则会以修改的配置文件为准)</div>

<div id="message" class="alert alert-success" style="display: none;"></div>
<form method="POST" action="/config" id="myForm">
<table class="table table-borderless">
Expand Down
190 changes: 95 additions & 95 deletions SCopilot/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"html/template"
"net/http"
"runtime"
"strings"
"time"
)

Expand Down Expand Up @@ -41,7 +42,7 @@ func handleWebSocket(c *gin.Context) {
return
}
defer conn.Close()

// 数据更改
for {
select {
Expand Down Expand Up @@ -76,45 +77,45 @@ func Init() {
logging.Logger.Infoln("Start SCopilot web service at :" + conf.GlobalConfig.Passive.WebPort)
gin.SetMode("release")
router := gin.Default()

// 设置模板资源
router.SetHTMLTemplate(template.Must(template.New("").ParseFS(templates, "templates/*")))

router.GET("/ws", handleWebSocket)

// basic 认证
authorized := router.Group("/", gin.BasicAuth(gin.Accounts{
conf.GlobalConfig.Passive.WebUser: conf.GlobalConfig.Passive.WebPass,
}))

if conf.GlobalConfig.Debug {
runtime.SetBlockProfileRate(1) // 开启对阻塞操作的跟踪,block
runtime.SetMutexProfileFraction(1) // 开启对锁调用的跟踪,mutex

pprof.RouteRegister(authorized, "pprof")
}

authorized.GET("/", func(c *gin.Context) {
c.Redirect(302, "/index")
})

authorized.GET("/index", func(c *gin.Context) {
c.HTML(http.StatusOK, "index.html", gin.H{
"list": output.SCopilotLists,
"year": time.Now().Year(),
})
})

authorized.GET("/SCopilot", func(c *gin.Context) {
host := c.Query("host")

c.HTML(http.StatusOK, "SCopilot.html", gin.H{
"data": output.SCopilotMessage[host],
"ipInfo": output.IPInfoList[output.SCopilotMessage[host].HostNoPort],
"year": time.Now().Year(),
})
})

authorized.GET("/config", func(c *gin.Context) {
c.HTML(http.StatusOK, "config.html", gin.H{
"plugins": conf.Plugin,
Expand All @@ -125,103 +126,102 @@ func Init() {
"year": time.Now().Year(),
})
})

// authorized.POST("/config", func(c *gin.Context) {
// plugins := c.PostForm("plugin")
// include := c.PostForm("include")
// exclude := c.PostForm("exclude")
// filterSuffix := c.PostForm("filterSuffix")
//
// if plugins != "" {
// // 先全部关闭,再根据配置开启对应的,防止配置文件中删除了某个插件,但是程序中还在运行
// for k := range conf.Plugin {
// conf.Plugin[k] = false
// }
// for _, plugin := range strings.Split(plugins, ",") {
// if plugin != "" {
// conf.DefaultPlugins[plugin] = true
// mitmproxy.Conf.Plugins = append(mitmproxy.Conf.Plugins, plugin)
// }
// }
// viper.Set("Plugins", mitmproxy.Conf.Plugins)
// }
//
// if include != "" {
// include = strings.TrimLeft(include, "[")
// include = strings.TrimRight(include, "]")
// mitmproxy.Conf.Include = strings.Split(include, " ")
// viper.Set("Include", mitmproxy.Conf.Include)
// }
//
// if exclude != "" {
// exclude = strings.TrimLeft(exclude, "[")
// exclude = strings.TrimRight(exclude, "]")
// mitmproxy.Conf.Exclude = strings.Split(exclude, " ")
// viper.Set("Exclude", mitmproxy.Conf.Exclude)
// }
//
// if filterSuffix != "" {
// filterSuffix = strings.TrimLeft(filterSuffix, "[")
// filterSuffix = strings.TrimRight(filterSuffix, "]")
// mitmproxy.Conf.FilterSuffix = strings.Split(filterSuffix, " ")
// viper.Set("FilterSuffix", mitmproxy.Conf.FilterSuffix)
// }
//
// sqlmap := c.PostForm("sqlmap-switch")
// sqlmap_api := c.PostForm("sqlmap_api")
// username := c.PostForm("username")
// password := c.PostForm("password")
//
// if sqlmap == "on" {
// conf.DefaultPlugins["sqlmap"] = true
// conf.GlobalConfig.SqlmapApi = conf.Sqlmap{
// On: true,
// Url: sqlmap_api,
// Username: username,
// Password: password,
// }
// } else {
// conf.DefaultPlugins["sqlmap"] = false
// conf.GlobalConfig.SqlmapApi = conf.Sqlmap{
// On: false,
// Url: sqlmap_api,
// Username: username,
// Password: password,
// }
// }
//
// // 写文件
// err := viper.WriteConfigAs(mitmproxy.ConfigFile)
// if err != nil {
// logging.Logger.Errorln("fail to write 'SCopilot.yaml': %v", err)
// }
//
// c.HTML(http.StatusOK, "config.html", gin.H{
// "config": conf.DefaultPlugins,
// "include": mitmproxy.Conf.Include,
// "exclude": mitmproxy.Conf.Exclude,
// "filterSuffix": mitmproxy.Conf.FilterSuffix,
// "sqlmap": conf.GlobalConfig.SqlmapApi,
// "year": time.Now().Year(),
// })
// })


authorized.POST("/config", func(c *gin.Context) {
plugins := c.PostForm("plugin")
include := c.PostForm("include")
exclude := c.PostForm("exclude")
filterSuffix := c.PostForm("filterSuffix")

if plugins != "" {
// 先全部关闭,再根据配置开启对应的,防止配置文件中关闭了某个插件,但是程序中还在运行
for k := range conf.Plugin {
conf.Plugin[k] = false
}
for _, plugin := range strings.Split(plugins, ",") {
if plugin != "" {
conf.Plugin[plugin] = true
}
}
// viper.Set("Plugins", mitmproxy.Conf.Plugins)
}

if include != "" {
include = strings.TrimLeft(include, "[")
include = strings.TrimRight(include, "]")
conf.GlobalConfig.Mitmproxy.Include = strings.Split(include, " ")
// viper.Set("Include", mitmproxy.Conf.Include)
}

if exclude != "" {
exclude = strings.TrimLeft(exclude, "[")
exclude = strings.TrimRight(exclude, "]")
conf.GlobalConfig.Mitmproxy.Exclude = strings.Split(exclude, " ")
// viper.Set("Exclude", mitmproxy.Conf.Exclude)
}

if filterSuffix != "" {
filterSuffix = strings.TrimLeft(filterSuffix, "[")
filterSuffix = strings.TrimRight(filterSuffix, "]")
conf.GlobalConfig.Mitmproxy.FilterSuffix = filterSuffix
// viper.Set("FilterSuffix", mitmproxy.Conf.FilterSuffix)
}

sqlmap := c.PostForm("sqlmap-switch")
sqlmapApi := c.PostForm("sqlmap_api")
username := c.PostForm("username")
password := c.PostForm("password")

if sqlmap == "on" {
conf.Plugin["sqlmap"] = true
conf.GlobalConfig.SqlmapApi = conf.Sqlmap{
Enabled: true,
Url: sqlmapApi,
Username: username,
Password: password,
}
} else {
conf.Plugin["sqlmap"] = false
conf.GlobalConfig.SqlmapApi = conf.Sqlmap{
Enabled: false,
Url: sqlmapApi,
Username: username,
Password: password,
}
}

// 写文件
// err := viper.WriteConfigAs(mitmproxy.ConfigFile)
// if err != nil {
// logging.Logger.Errorln("fail to write 'SCopilot.yaml': %v", err)
// }

c.HTML(http.StatusOK, "config.html", gin.H{
"config": conf.Plugin,
"include": conf.GlobalConfig.Mitmproxy.Include,
"exclude": conf.GlobalConfig.Mitmproxy.Exclude,
"filterSuffix": conf.GlobalConfig.Mitmproxy.FilterSuffix,
"sqlmap": conf.GlobalConfig.SqlmapApi,
"year": time.Now().Year(),
})
})

authorized.GET("/clear", func(c *gin.Context) {
output.SCopilotLists = nil
output.SCopilotMessage = make(map[string]*output.SCopilotData)
output.IPInfoList = make(map[string]*output.IPInfo)

c.HTML(http.StatusOK, "index.html", gin.H{
"list": output.SCopilotLists,
"year": time.Now().Year(),
})
})

authorized.GET("/about", func(c *gin.Context) {
c.HTML(http.StatusOK, "about.html", gin.H{
"year": time.Now().Year(),
})
})

router.Run(":" + conf.GlobalConfig.Passive.WebPort)
}
2 changes: 1 addition & 1 deletion conf/banner.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ var Banner = `

const Website = "https://github.com/yhy0/Jie"

const Version = "1.0.1"
const Version = "1.0.2"
37 changes: 19 additions & 18 deletions conf/default.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,24 +9,25 @@ package conf
var (
// Plugin 插件单独从配置文件中读取出来,方便使用
Plugin = map[string]bool{
"xss": false,
"sql": false,
"sqlmap": false,
"cmd": false,
"xxe": false,
"ssrf": false,
"brute": false, // web 类登录爆破
"hydra": false, // mysql、redis类服务爆破
"bypass403": false,
"jsonp": false,
"crlf": false,
"log4j": false,
"fastjson": false,
"portScan": false,
"poc": false,
"nuclei": false,
"bbscan": false,
"archive": false,
"xss": false,
"sql": false,
"sqlmap": false,
"cmd": false,
"xxe": false,
"ssrf": false,
"brute": false, // web 类登录爆破
"hydra": false, // mysql、redis类服务爆破
"bypass403": false,
"jsonp": false,
"crlf": false,
"log4j": false,
"fastjson": false,
"portScan": false,
"poc": false,
"nuclei": false,
"bbscan": false,
"archive": false,
"nginx-alias-traversal": false,
}
)

Expand Down
Loading

0 comments on commit 06aa81b

Please sign in to comment.