delorean/maraudir
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

configurable paths, useragents, other improvements

Browse Source
This commit is contained in:
delorean 2024-12-06 14:24:56 -06:00
parent 483769366b
commit 9b31c275a6
9 changed files with 113 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -10,12 +10,14 @@
## usage ## usage
``` ```
maraudir maraudir
-l <ip/domain list> -l, --list <ip/domain list>
-r <cidr range> -r, --range <cidr range>
-t <threads> [50] -p, --pathlist <uri path list>
-timeout <ms> [500] -t, --threads <threads> [100]
-delay <ms> [200] --timeout <ms> [1000]
-s <silent> [false] --delay <ms> [200]
-s, --silent [false]
--useragent <useragent> [a googlebot one]
results are written to stdout and can be piped accordingly, results are written to stdout and can be piped accordingly,
verbosity is directed to stderr when silent is not set verbosity is directed to stderr when silent is not set

5
cmd/maraudir/main.go
View File

@ -6,5 +6,10 @@ import (
func main() { func main() {
common.LoadParams() common.LoadParams()
if paths, err := common.ReadPaths(); err != nil {
common.Fatal("error reading uri paths:" + err.Error())
} else {
common.Paths = paths
}
common.Takeoff() common.Takeoff()
} }

46
common/args.go
View File

@ -1,37 +1,43 @@
package common package common
import ( import (
"flag" flag "github.com/spf13/pflag"
) )
type Params struct { type Params struct {
List string List string
Cidr string Cidr string
Threads int Pathlist string
Tmout int UserAgent string
Delay int Threads int
Silent bool Tmout int
Delay int
Silent bool
} }
var ( var (
list = flag.String("l", "", "") list = flag.StringP("list", "l", "", "")
cidr = flag.String("r", "", "") cidr = flag.StringP("range", "r", "", "")
threads = flag.Int("t", 100, "") pathlist = flag.StringP("pathlist", "p", "", "")
tmout = flag.Int("timeout", 1000, "") ua = flag.StringP("useragent", "u", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "")
delay = flag.Int("delay", 200, "") threads = flag.IntP("threads", "t", 100, "") // concurrent workers (green threads) not full threads. semantic preference.
silent = flag.Bool("s", false, "") tmout = flag.Int("timeout", 1000, "")
Conf Params delay = flag.Int("delay", 200, "")
silent = flag.BoolP("silent", "s", false, "")
Conf Params
) )
func LoadParams() { func LoadParams() {
flag.Usage = Usage flag.Usage = Usage
flag.Parse() flag.Parse()
Conf = Params{ Conf = Params{
List: *list, List: *list,
Cidr: *cidr, Cidr: *cidr,
Threads: *threads, Pathlist: *pathlist,
Tmout: *tmout, UserAgent: *ua,
Delay: *delay, Threads: *threads,
Silent: *silent, Tmout: *tmout,
Delay: *delay,
Silent: *silent,
} }
} }

31
common/exec.go
View File

@ -1,42 +1,19 @@
package common package common
import ( import (
"fmt"
"log/slog" "log/slog"
"os" "os"
"strings"
) )
func thread(l *slog.Logger, dests <-chan string, tab chan<- interface{}) { func thread(l *slog.Logger, dests <-chan string, tab chan<- interface{}) {
c := MkClient() c := MkClient()
for dest := range dests { for dest := range dests {
uriloop: uriloop:
for _, uri := range Paths { for _, uri := range Paths {
url := fmt.Sprintf("https://%s%s", dest, uri) url := "https://" + dest + uri
fallback, redirect := true, true if err := Hit(l, c, url); err != nil {
for { break uriloop
if doc, redir, err := Hit(c, url); err == nil {
if doc != nil {
if Checktitle(doc) {
entries := Entries(doc)
l.Info("opendir", "url", url, "entries", entries)
}
} else if redir != "" && redirect {
url = redir
if !strings.HasPrefix(url, "https") {
fallback = false
}
redirect = false
continue
}
break
} else {
if !fallback {
break uriloop
}
url = "http://" + url[8:]
fallback = false
}
} }
} }
} }

14
common/io.go
View File

@ -13,12 +13,14 @@ func Fatal(msg string) {
func Usage() { func Usage() {
fmt.Fprintf(os.Stderr, ` fmt.Fprintf(os.Stderr, `
maraudir maraudir
-l <ip/domain list> -l, --list <ip/domain list>
-r <cidr range> -r, --range <cidr range>
-t <threads> [50] -p, --pathlist <uri path list>
-timeout <ms> [500] -t, --threads <threads> [100]
-delay <ms> [200] --timeout <ms> [1000]
-s <silent> [false] --delay <ms> [200]
-s, --silent [false]
--useragent <useragent> [a googlebot one]
results are written to stdout and can be piped accordingly, results are written to stdout and can be piped accordingly,
verbosity is directed to stderr when silent is not set verbosity is directed to stderr when silent is not set

40
common/net.go
View File

@ -2,6 +2,7 @@ package common
import ( import (
"crypto/tls" "crypto/tls"
"log/slog"
"net" "net"
"strings" "strings"
"time" "time"
@ -12,10 +13,8 @@ import (
var ( var (
// constants // constants
Paths = []string{"/", "/files", "/ftp", "/backup", "/backups", "/config", "/logs", "/data", "/uploads", "/temp", "/tmp", "/static"} Patterns = []string{"index of", "directory listing for"}
Patterns = []string{"index of", "directory listing for"} Ignore = []string{"..", ".", "../", "./", "parent directory", "last modified", "name", "size", "description"}
Ignore = []string{"..", ".", "../", "./", "parent directory", "last modified", "name", "size", "description"}
UserAgent = "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
) )
func ValidRange(r string) bool { func ValidRange(r string) bool {
@ -79,11 +78,40 @@ func MkClient() *fasthttp.Client {
} }
} }
func Hit(c *fasthttp.Client, url string) (*goquery.Document, string, error) { func Hit(l *slog.Logger, c *fasthttp.Client, url string) error {
fallback, redirect := true, true
for {
if doc, redir, err := query(c, url); err == nil {
if doc != nil {
if Checktitle(doc) {
entries := Entries(doc)
l.Info("opendir", "url", url, "entries", entries)
}
} else if redir != "" && redirect {
url = redir
if !strings.HasPrefix(url, "https") {
fallback = false
}
redirect = false
continue
}
break
} else {
if !fallback {
return err
}
url = "http://" + url[8:]
fallback = false
}
}
return nil
}
func query(c *fasthttp.Client, url string) (*goquery.Document, string, error) {
req := fasthttp.AcquireRequest() req := fasthttp.AcquireRequest()
req.SetRequestURI(url) req.SetRequestURI(url)
req.Header.SetMethod(fasthttp.MethodGet) req.Header.SetMethod(fasthttp.MethodGet)
req.Header.SetUserAgent(UserAgent) req.Header.SetUserAgent(Conf.UserAgent)
defer fasthttp.ReleaseRequest(req) defer fasthttp.ReleaseRequest(req)
resp := fasthttp.AcquireResponse() resp := fasthttp.AcquireResponse()

25
common/read.go
View File

@ -6,6 +6,10 @@ import (
"strings" "strings"
) )
var (
Paths []string
)
func Readfile(filename string, out chan<- string) error { func Readfile(filename string, out chan<- string) error {
file, err := os.Open(filename) file, err := os.Open(filename)
if err != nil { if err != nil {
@ -21,3 +25,24 @@ func Readfile(filename string, out chan<- string) error {
return scanner.Err() return scanner.Err()
} }
func ReadPaths() ([]string, error) {
if Conf.Pathlist == "" {
// default fallback paths, some of the most common opendir uris
return []string{"/", "/files", "/ftp", "/backup", "/backups", "/config", "/dev", "/archive", "/old", "/scripts", "/logs", "/data", "/uploads", "/temp", "/tmp", "/static"}, nil
}
var paths []string
file, err := os.Open(Conf.Pathlist)
if err != nil {
return nil, err
}
defer file.Close()
scanner := bufio.NewScanner(file)
for scanner.Scan() {
paths = append(paths, strings.TrimSpace(scanner.Text()))
}
return paths, scanner.Err()
}

1
go.mod
View File

@ -13,6 +13,7 @@ require (
github.com/andybalholm/brotli v1.1.1 // indirect github.com/andybalholm/brotli v1.1.1 // indirect
github.com/andybalholm/cascadia v1.3.2 // indirect github.com/andybalholm/cascadia v1.3.2 // indirect
github.com/klauspost/compress v1.17.11 // indirect github.com/klauspost/compress v1.17.11 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect
golang.org/x/net v0.30.0 // indirect golang.org/x/net v0.30.0 // indirect
) )

2
go.sum
View File

@ -6,6 +6,8 @@ github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsVi
github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasthttp v1.57.0 h1:Xw8SjWGEP/+wAAgyy5XTvgrWlOD1+TxbbvNADYCm1Tg= github.com/valyala/fasthttp v1.57.0 h1:Xw8SjWGEP/+wAAgyy5XTvgrWlOD1+TxbbvNADYCm1Tg=