From 610e5d3d87914b2f017028f62ad4c937e48cf8d1 Mon Sep 17 00:00:00 2001 From: weinull Date: Fri, 24 May 2024 15:03:10 +0800 Subject: [PATCH 1/3] Update add item type --- pkg/result/item/resp.go | 42 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 pkg/result/item/resp.go diff --git a/pkg/result/item/resp.go b/pkg/result/item/resp.go new file mode 100644 index 0000000..0f437e3 --- /dev/null +++ b/pkg/result/item/resp.go @@ -0,0 +1,42 @@ +package item + +import ( + "github.com/ctrsploit/sploit-spec/pkg/colorful" + "github.com/ssst0n3/awesome_libs" +) + +type Resp struct { + Name string `json:"name"` + Description string `json:"description"` + Result bool `json:"result"` + Response string `json:"response"` +} + +func (i Resp) IsEmpty() bool { + return i.Name == "" && i.Description == "" && i.Result == false +} + +func (i Resp) Text() string { + tpl := `{.result} {.name} {.description}{.eol}{.result_title}{.eol}{.response}` + return awesome_libs.Format(tpl, awesome_libs.Dict{ + "result": colorful.Bool(colorful.Text{}, i.Result), + "eol": "\n", + "name": i.Name, + "description": getDescription(i.Description), + "response_title": "Response >", + "response": i.Response, + }) +} + +func (i Resp) Colorful() string { + output := colorful.Colorful{} + tpl := `{.result} {.name} {.description}{.eol}{.result_title}{.eol}{.response}` + return awesome_libs.Format(tpl, awesome_libs.Dict{ + "result": colorful.Bool(output, i.Result), + "eol": "\n", + "name": output.Name(i.Name), + "description": output.Description(getDescription(i.Description)), + "response_title": output.Description("Response >"), + "response": output.Description(i.Response), + }) +} From 2f1a659573067693a4d0f74a7f3fe9f4c663729b Mon Sep 17 00:00:00 2001 From: weinull Date: Fri, 24 May 2024 15:11:24 +0800 Subject: [PATCH 2/3] update item --- pkg/result/item/resp.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/result/item/resp.go b/pkg/result/item/resp.go index 0f437e3..bbf4f71 100644 --- a/pkg/result/item/resp.go +++ b/pkg/result/item/resp.go @@ -17,7 +17,7 @@ func (i Resp) IsEmpty() bool { } func (i Resp) Text() string { - tpl := `{.result} {.name} {.description}{.eol}{.result_title}{.eol}{.response}` + tpl := `{.result} {.name} {.description}{.eol}{.response_title}{.eol}{.response}` return awesome_libs.Format(tpl, awesome_libs.Dict{ "result": colorful.Bool(colorful.Text{}, i.Result), "eol": "\n", @@ -30,7 +30,7 @@ func (i Resp) Text() string { func (i Resp) Colorful() string { output := colorful.Colorful{} - tpl := `{.result} {.name} {.description}{.eol}{.result_title}{.eol}{.response}` + tpl := `{.result} {.name} {.description}{.eol}{.response_title}{.eol}{.response}` return awesome_libs.Format(tpl, awesome_libs.Dict{ "result": colorful.Bool(output, i.Result), "eol": "\n", From 61a9daa0565619d458d5a1558d424afeee9c1413 Mon Sep 17 00:00:00 2001 From: weinull Date: Fri, 24 May 2024 15:41:10 +0800 Subject: [PATCH 3/3] Update 1. add FileUploadCommand 2. add Exploit func 3. add VulnerabilityResponse --- pkg/app/vul.go | 11 ++++++----- pkg/upload/cmd.go | 39 +++++++++++++++++++++++++++++++++++++++ pkg/vul/vul.go | 18 +++++++++++++----- pkg/vul/vuls.go | 18 +++++++++++++++--- pkg/vul/vuls_test.go | 3 ++- 5 files changed, 75 insertions(+), 14 deletions(-) diff --git a/pkg/app/vul.go b/pkg/app/vul.go index bea5bab..04ebfe3 100644 --- a/pkg/app/vul.go +++ b/pkg/app/vul.go @@ -10,8 +10,8 @@ func Vul2ChecksecCmd(v vul.Vulnerability, alias []string) *cli.Command { Name: v.GetName(), Aliases: alias, Usage: v.GetDescription(), - Action: func(context *cli.Context) (err error) { - _, err = v.CheckSec() + Action: func(ctx *cli.Context) (err error) { + _, err = v.CheckSec(ctx) if err != nil { return } @@ -26,12 +26,13 @@ func Vul2ExploitCmd(v vul.Vulnerability, alias []string) *cli.Command { Name: v.GetName(), Aliases: alias, Usage: v.GetDescription(), - Action: func(context *cli.Context) (err error) { - _, err = v.CheckSec() + Action: func(ctx *cli.Context) (err error) { + _, err = v.Exploit(ctx) + v.GetVulnerabilityExists() if err != nil { return } - err = v.Exploit() + v.Output() return }, } diff --git a/pkg/upload/cmd.go b/pkg/upload/cmd.go index 4f59a4e..ce85962 100644 --- a/pkg/upload/cmd.go +++ b/pkg/upload/cmd.go @@ -3,6 +3,8 @@ package upload import ( "fmt" "github.com/urfave/cli/v2" + "os" + "path/filepath" ) func GenerateUploadCommand(env func() (json []byte, err error)) (cmd *cli.Command) { @@ -40,3 +42,40 @@ func GenerateUploadCommand(env func() (json []byte, err error)) (cmd *cli.Comman }, } } + +func FileUploadCommand(env func() (json []byte, err error)) (cmd *cli.Command) { + return &cli.Command{ + Name: "upload", + Aliases: []string{"up"}, + Usage: "upload [host]", + + Action: func(context *cli.Context) (err error) { + if context.NArg() < 3 { + return cli.Exit(fmt.Errorf("invalid arguments"), 1) + } + //eg. ECS + servicename := context.Args().Get(0) + // region_tag.json eg. cn-north4_linux.json + filename := context.Args().Get(1) + // obsurl + obs := context.Args().Get(2) + // obshost (if want to hide obs upload behavior), put your real obsurl in here, put the fake url in obsurl + host := context.Args().Get(3) + if servicename == "" { + return + } + json, err := os.ReadFile(filename) + if err != nil { + return + } + filename = filepath.Base(filename) + filename = servicename + "_" + filename + err = Obs(json, filename, obs, host) + if err != nil { + fmt.Println("Upload to Obs failed") + return + } + return + }, + } +} diff --git a/pkg/vul/vul.go b/pkg/vul/vul.go index 76daea2..3b59bfe 100644 --- a/pkg/vul/vul.go +++ b/pkg/vul/vul.go @@ -8,6 +8,7 @@ import ( "github.com/ctrsploit/sploit-spec/pkg/printer" "github.com/ctrsploit/sploit-spec/pkg/result/item" "github.com/ssst0n3/awesome_libs/awesome_error" + "github.com/urfave/cli/v2" ) type Vulnerability interface { @@ -16,21 +17,23 @@ type Vulnerability interface { // GetDescription return usage GetDescription() string GetVulnerabilityExists() bool + GetVulnerabilityResponse() string Info() // CheckSec whether vulnerability exists - CheckSec() (bool, error) + CheckSec(ctx *cli.Context) (bool, error) // Output shows checksec result Output() // Exploitable whether vulnerability can be exploited, // will be called automatically before Exploit() Exploitable() (bool, error) - Exploit() (err error) + Exploit(ctx *cli.Context) (bool, error) } type BaseVulnerability struct { Name string `json:"name"` Description string `json:"description"` VulnerabilityExists bool `json:"vulnerability_exists"` + VulnerabilityResponse string `json:"vulnerability_response"` CheckSecHaveRan bool `json:"-"` CheckSecPrerequisites prerequisite.Prerequisites `json:"-"` ExploitablePrerequisites prerequisite.Prerequisites `json:"-"` @@ -48,11 +51,15 @@ func (v *BaseVulnerability) GetVulnerabilityExists() bool { return v.VulnerabilityExists } +func (v *BaseVulnerability) GetVulnerabilityResponse() string { + return v.VulnerabilityResponse +} + func (v *BaseVulnerability) Info() { log.Logger.Info(v.Description) } -func (v *BaseVulnerability) CheckSec() (vulnerabilityExists bool, err error) { +func (v *BaseVulnerability) CheckSec(ctx *cli.Context) (vulnerabilityExists bool, err error) { vulnerabilityExists, err = v.CheckSecPrerequisites.Satisfied() if err != nil { return @@ -63,10 +70,11 @@ func (v *BaseVulnerability) CheckSec() (vulnerabilityExists bool, err error) { } func (v *BaseVulnerability) Output() { - result := item.Bool{ + result := item.Resp{ Name: v.GetName(), Description: v.GetDescription(), Result: v.GetVulnerabilityExists(), + Response: v.GetVulnerabilityResponse(), } fmt.Println(printer.Printer.Print(result)) } @@ -84,7 +92,7 @@ func (v *BaseVulnerability) Exploitable() (satisfied bool, err error) { return } -func (v *BaseVulnerability) Exploit() (err error) { +func (v *BaseVulnerability) Exploit(ctx *cli.Context) (vulnerabilityExists bool, err error) { exploitable, err := v.Exploitable() if err != nil { return diff --git a/pkg/vul/vuls.go b/pkg/vul/vuls.go index 30e1666..8d0da13 100644 --- a/pkg/vul/vuls.go +++ b/pkg/vul/vuls.go @@ -4,14 +4,25 @@ import ( "fmt" "github.com/ctrsploit/sploit-spec/pkg/printer" "github.com/ctrsploit/sploit-spec/pkg/result/item" + "github.com/urfave/cli/v2" ) type Vulnerabilities []Vulnerability type Result map[string]printer.Interface -func (vulnerabilities Vulnerabilities) Check() (err error) { +func (vulnerabilities Vulnerabilities) Check(ctx *cli.Context) (err error) { for _, v := range vulnerabilities { - _, err := v.CheckSec() + _, err := v.CheckSec(ctx) + if err != nil { + continue + } + } + return nil +} + +func (vulnerabilities Vulnerabilities) Exploit(ctx *cli.Context) (err error) { + for _, v := range vulnerabilities { + _, err := v.Exploit(ctx) if err != nil { continue } @@ -22,10 +33,11 @@ func (vulnerabilities Vulnerabilities) Check() (err error) { func (vulnerabilities Vulnerabilities) Output() { result := Result{} for _, v := range vulnerabilities { - result[v.GetName()] = item.Bool{ + result[v.GetName()] = item.Resp{ Name: v.GetName(), Description: v.GetDescription(), Result: v.GetVulnerabilityExists(), + Response: v.GetVulnerabilityResponse(), } } fmt.Println(printer.Printer.Print(result)) diff --git a/pkg/vul/vuls_test.go b/pkg/vul/vuls_test.go index b9c5d40..e22758a 100644 --- a/pkg/vul/vuls_test.go +++ b/pkg/vul/vuls_test.go @@ -2,6 +2,7 @@ package vul import ( "github.com/stretchr/testify/assert" + "github.com/urfave/cli/v2" "testing" ) @@ -24,7 +25,7 @@ func TestVulnerabilities_Check(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := tt.vulnerabilities.Check(); (err != nil) != tt.wantErr { + if err := tt.vulnerabilities.Check(&cli.Context{}); (err != nil) != tt.wantErr { t.Errorf("Check() error = %v, wantErr %v", err, tt.wantErr) } for _, v := range tt.vulnerabilities {