Merge pull request 0xTeles#4 from Jhounx/patch-1

Update main.go
lijinta1984 · Aug 9, 2021 · e97d8d5 · e97d8d5
2 parents edf599a + f8c548d
commit e97d8d5
Showing 1 changed file with 70 additions and 17 deletions.
diff --git a/v2/jsleak/main.go b/v2/jsleak/main.go
@@ -3,24 +3,51 @@ package main
 import (
 	"bufio"
 	"crypto/tls"
+	"encoding/json"
+	"flag"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
-	"flag"
+	"strings"
+
 	"github.com/gijsbers/go-pcre"
 )
 
-func getLeak(url string, data string, pattern string){
-	re := pcre.MustCompile(pattern,0)
-	matches := re.MatcherString(data,0).Group(0)
+type JsonReturn struct {
+	Url     string
+	Pattern string
+	Match   string
+}
+
+func getLeak(url string, data string, pattern string, jsonArray *[]JsonReturn) {
+	re := pcre.MustCompile(pattern, 0)
+	matches := re.MatcherString(data, 0).Group(0)
 	//fmt.Println(len(matches))
-	if (len(matches) != 0){
-		fmt.Printf("[+] Url: %v\n[+] Pattern: %v\n[+] Match: %v\n", url,pattern,string(matches))
+	if len(matches) != 0 {
+		fmt.Printf("[+] Url: %v\n[+] Pattern: %v\n[+] Match: %v\n", url, pattern, string(matches))
+		jsn := JsonReturn{url, pattern, string(matches)}
+		*jsonArray = append(*jsonArray, jsn)
 	}
 }
 
+func get_inputs() []string {
+	reader := bufio.NewReader(os.Stdin)
+	var output []rune
+
+	for {
+		input, _, err := reader.ReadRune()
+		if err != nil && err == io.EOF {
+			break
+		}
+		output = append(output, input)
+	}
+
+	return strings.Fields(string(output))
+}
+
 func req(url string) string {
 	transCfg := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // ignore expired SSL certificates
@@ -36,23 +63,49 @@ func req(url string) string {
 	return string(data)
 }
 
-func main(){
-	url := flag.String("url", "", "JS endpoint to test")
-	path := flag.String("pattern", "", "File contains patterns to test")
+func main() {
+	path := flag.String("pattern", "", "[+] File contains patterns to test")
+	verbose := flag.Bool("verbose", false, "[+] Verbose Mode")
+	jsonOutput := flag.String("json", "", "[+] Json output file")
 	flag.Parse()
-	if *url == ""{
-		flag.PrintDefaults()
+
+	stat, _ := os.Stdin.Stat()
+	if (stat.Mode() & os.ModeCharDevice) != 0 {
+		fmt.Println("[+] Use in Pipeline")
 		os.Exit(1)
 	}
 
 	file, err := os.Open(*path)
-	if err != nil{
+	defer file.Close()
+	lines := make([]string, 0)
+
+	patterns := bufio.NewScanner(file)
+	jsonArray := make([]JsonReturn, 1)
+	for patterns.Scan() {
+		lines = append(lines, patterns.Text())
+	}
+
+	if err != nil {
 		log.Fatal(err)
 	}
-	data := req(*url)
-	defer file.Close()
-	pattern := bufio.NewScanner(file)
-	for pattern.Scan(){
-		getLeak(*url,data,pattern.Text())
+
+	for _, url := range get_inputs() {
+		if *verbose {
+			fmt.Println("[-] Looking: " + url)
+		}
+
+		data := req(url)
+
+		for _, pattern := range lines {
+			getLeak(url, data, pattern, &jsonArray)
+		}
+	}
+
+	if *jsonOutput != "" {
+		fo, err2 := os.Create(*jsonOutput)
+		k, err1 := json.MarshalIndent(jsonArray, "", "\t")
+		if _, err := fo.Write(k); err1 != nil || err2 != nil {
+			panic(err)
+		}
 	}
 }