Repository: Zjackky/CodeScan
Branch: main
Commit: 17aed7009fb7
Files: 55
Total size: 44.2 KB
Directory structure:
gitextract_srw2u1fm/
├── .idea/
│ ├── .gitignore
│ ├── CodeScan-master.iml
│ └── modules.xml
├── CommonVul/
│ ├── Rce/
│ │ └── Rce.go
│ ├── Rule/
│ │ ├── MatchFileNameRule.go
│ │ ├── MatchFileReadRule.go
│ │ ├── MatchLineRule.go
│ │ ├── MatchPathRule.go
│ │ ├── MatchRceRule.go
│ │ ├── MatchUploadRule.go
│ │ ├── MtachSqlRule.go
│ │ ├── ReStaticVar.go
│ │ └── Utils.go
│ └── Upload/
│ └── Upload_check.go
├── EvilJarList.txt
├── Filter/
│ └── FilterFile.go
├── FilterResult.txt
├── FindFile/
│ ├── Common.go
│ ├── FindFile_Java.go
│ └── FindFile_PHP.go
├── Java-Code/
│ ├── AMF/
│ │ └── AmfCheck.go
│ ├── Auth_Bypass/
│ │ └── Authcheck.go
│ ├── El/
│ │ └── Elcheck.go
│ ├── Fastjson/
│ │ └── parsecheck.go
│ ├── Frame_Analysis/
│ │ └── Frame_Analysiser.go
│ ├── JDBC/
│ │ └── FindJDBC.go
│ ├── JNDI/
│ │ └── Jndi.go
│ ├── JS/
│ │ └── Jseval.go
│ ├── JarStatic/
│ │ └── Jarstaticer.go
│ ├── JavaSrciptShell/
│ │ └── FindJavaSrciptShell.go
│ ├── Log4j/
│ │ └── Log4j2.go
│ ├── ReadObject/
│ │ └── readobject.go
│ ├── Reflect/
│ │ └── Reflect.go
│ ├── SSTI/
│ │ └── FreeMarker/
│ │ └── FreeSsti.go
│ ├── Sql/
│ │ ├── FindSqlByCode.go
│ │ ├── FindSqlByXml.go
│ │ └── Sql.go
│ └── Zip/
│ └── Zipsilp.go
├── PHP-Code/
│ ├── FileRead/
│ │ └── Read.go
│ ├── FileWrite/
│ │ └── Write.go
│ ├── Include/
│ │ └── Include.go
│ ├── PHPSql/
│ │ ├── FindSqlByCode.go
│ │ └── Sql.go
│ ├── SSRF/
│ │ └── SSRF.go
│ └── Unserialize/
│ └── ser.go
├── README.md
├── Utils/
│ ├── JavaScanUtil.go
│ ├── PHPScanUtil.go
│ ├── common.go
│ └── flag.go
├── build.sh
├── go.mod
├── go.sum
├── jarFiles.txt
└── main.go
================================================
FILE CONTENTS
================================================
================================================
FILE: .idea/.gitignore
================================================
# 默认忽略的文件
/shelf/
/workspace.xml
# 基于编辑器的 HTTP 客户端请求
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml
================================================
FILE: .idea/CodeScan-master.iml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<module type="WEB_MODULE" version="4">
<component name="Go" enabled="true" />
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>
================================================
FILE: .idea/modules.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/CodeScan-master.iml" filepath="$PROJECT_DIR$/.idea/CodeScan-master.iml" />
</modules>
</component>
</project>
================================================
FILE: CommonVul/Rce/Rce.go
================================================
package Rce
import (
"CodeScan/CommonVul/Rule"
"CodeScan/FindFile"
"fmt"
)
func JavaRce(dir string) {
FindFile.FindFileByJava(dir, "rce.txt", Rule.JavaRceRuleList)
fmt.Println("RCE分析完成")
}
func PHPRce(dir string) {
FindFile.FindFileByPHP(dir, "rce.txt", Rule.PHPRceRuleList)
fmt.Println("RCE分析完成")
}
================================================
FILE: CommonVul/Rule/MatchFileNameRule.go
================================================
package Rule
================================================
FILE: CommonVul/Rule/MatchFileReadRule.go
================================================
package Rule
var PHPFileReadList = []string{
"file_get_contents(", "file(", "readfile(", "fopen(",
}
================================================
FILE: CommonVul/Rule/MatchLineRule.go
================================================
package Rule
var LineBlack = []string{
"import ",
"log.",
"loaded from",
"//",
"document.write(",
"getWriter().write(",
"writer.write(",
".write()",
}
================================================
FILE: CommonVul/Rule/MatchPathRule.go
================================================
package Rule
var PathBlackJava = []string{
"apache", "lombok", "microsoft", "solr",
"amazonaws", "c3p0", "jodd", "afterturn", "hutool",
"javassist", "alibaba", "aliyuncs", "javax", "jackson",
"bytebuddy", "baomidou", "google", "netty", "redis", "mysql",
"logback", "ognl", "oracle", "sun", "junit", "reactor", "github",
"mchange", "taobao", "nimbusds", "opensymphony", "freemarker", "java", "apiguardian", "hibernate", "javassist", "jboss", "junit", "mybatis",
"springframework", "slf4j", "aspectj",
}
var PathBlackPhp = []string{
"think", "vendor",
}
================================================
FILE: CommonVul/Rule/MatchRceRule.go
================================================
package Rule
var JavaRceRuleList = []string{
"Runtime.getRuntime().exec", "ProcessBuilder.start",
"RuntimeUtil.exec(", "RuntimeUtil.execForStr(",
}
var PHPRceRuleList = []string{
"System(", "shell_exec(", "exec(", "eval(", "passthru(", "proc_open(", "popen(",
"assert(", "call_user_func(", "call_user_func_array(", "create_function(",
}
================================================
FILE: CommonVul/Rule/MatchUploadRule.go
================================================
package Rule
var JavaUploadRuleList = []string{
"Streams.copy(",
".getOriginalFilename(", ".transferTo(",
"UploadedFile(", "FileUtils.copyFile(", "MultipartHttpServletRequest", ".getFileName(", ".saveAs(", ".getFileSuffix(", ".getFile", "MultipartFile file",
}
var PHPUploadRuleList = []string{
"move_uploaded_file(", "file_put_contents(", "$_FILE[", "copy(", "->move(", "request()->file(",
}
================================================
FILE: CommonVul/Rule/MtachSqlRule.go
================================================
package Rule
var XmlSqlBlack = []string{
"<property", "<value>", "id=\"dataSource\"", "<int",
"<str", "<bool", "<param-value>", "<import", "<delete", "classpath=",
"<pathelement", "<javac ", "<fileset", "<fail", "<version", "<directory>",
"<resultMap", "<resultType", "<file", "<mvc:", "<prop", "<param", "<result",
}
var XmlBlack = []string{
//sql检测不匹配 框架检测也不匹配
"pom.xml", "log4j2.xml",
}
================================================
FILE: CommonVul/Rule/ReStaticVar.go
================================================
package Rule
import (
"strings"
)
func RemoveStaticVar(content string, rule string) bool {
// 找到rule在content的位置
index := strings.Index(content, rule)
if index == -1 {
// 如果rule不在content中,返回false
return false
}
// 截取遇到第一个)之前的数据
substr := content[index : strings.Index(content[index:], ")")+index+1]
// 判断该数据内容是否存在"
if strings.Contains(substr, "\"") {
// 如果存在",再一层判断,是否存在+
if strings.Contains(substr, "+") {
// 如果满足+和",则返回true
return true
} else {
// 如果存在",不存在+,则返回false
return false
}
} else {
// 如果都没有, 则返回true
return true
}
}
================================================
FILE: CommonVul/Rule/Utils.go
================================================
package Rule
import "strings"
func MatchRule(str string, blackList []string) bool {
//1.对传入的内容包含相关的黑名单关键字则不写入文件
for _, v := range blackList {
if strings.Contains(str, v) {
return true
}
}
return false
}
================================================
FILE: CommonVul/Upload/Upload_check.go
================================================
package Upload
import (
"CodeScan/CommonVul/Rule"
"CodeScan/FindFile"
"fmt"
)
func JavaUpload_check(dir string) {
//FindFile.FindFileByJava(dir, "upload.txt", []string{"new File(", "MultipartFile", "upload", ".getOriginalFilename(", ".transferTo("})
FindFile.FindFileByJava(dir, "upload.txt", Rule.JavaUploadRuleList)
fmt.Println("上传分析完成")
}
func PHPUpload_check(dir string) {
FindFile.FindFileByPHP(dir, "upload.txt", Rule.PHPUploadRuleList)
fmt.Println("上传分析完成")
}
================================================
FILE: EvilJarList.txt
================================================
fastjson-1.2.47.jar
resin-4.0.63.jar
jackson-core-2.13.3.jar
c3p0-0.9.5.2.jar
commons-beanutils-1.9.4.jar
commons-beanutils-1.9.3.jar
commons-beanutils-1.9.2.jar
commons-collections-3.2.1.jar
mysql-connector-java-8.0.17.jar
commons-collections4-4.0.jar
shiro-core-1.10.1.jar
aspectjweaver-1.9.5.jar
rome-1.0.jar
xstream-1.4.11.1.jar
sqlite-jdbc-3.8.9.jar
vaadin-server-7.7.14.jar
hessian-4.0.63.jar
================================================
FILE: Filter/FilterFile.go
================================================
package Filter
import (
"bufio"
"fmt"
"io"
"os"
"path/filepath"
"strings"
)
// CopyFile 函数用于复制单个文件
func CopyFile(dstName, srcName string) (err error) {
src, err := os.Open(srcName)
if err != nil {
return
}
defer src.Close()
dst, err := os.Create(dstName)
if err != nil {
return
}
defer dst.Close()
_, err = io.Copy(dst, src)
return
}
func FilterFile(filterContent string, dir string) {
outfile := "FilterResult.txt"
// 打开或创建FilterResult.txt文件
resultFile, err := os.OpenFile(outfile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
if err != nil {
fmt.Printf("Error opening result file: %v\n", err)
return
}
defer resultFile.Close()
if err != nil {
fmt.Printf("error walking the path %v: %v\n", dir, err)
return
}
err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
// 忽略目录
if info.IsDir() {
return nil
}
// 获取文件扩展名
ext := filepath.Ext(path)
// 仅处理后缀为jsp, java, php的文件
if ext == ".jsp" || ext == ".php" {
file, err := os.Open(path)
if err != nil {
return err
}
defer file.Close()
scanner := bufio.NewScanner(file)
containsContent := false
for scanner.Scan() {
if strings.Contains(scanner.Text(), filterContent) {
containsContent = true
break
}
}
// 如果文件不包含filterContent,则写入结果文件
if !containsContent {
absPath, err := filepath.Abs(path)
destDir := "./NoAuthDir"
if _, err := os.Stat(destDir); os.IsNotExist(err) {
err := os.MkdirAll(destDir, 0755)
if err != nil {
return err
}
}
// 复制文件到NoAuthDir目录
destFileName := "./NoAuthDir/" + filepath.Base(absPath)
err = CopyFile(destFileName, absPath)
if err != nil {
return err
}
if err != nil {
return err
}
_, err = resultFile.WriteString(absPath + "\n")
if err != nil {
return err
}
}
}
// 跳过其他文件类型
return nil
})
if err != nil {
fmt.Printf("Error walking through directory: %v\n", err)
}
}
================================================
FILE: FilterResult.txt
================================================
/Users/zjacky/Desktop/test/1.txt
/Users/zjacky/Desktop/test/3.txt
/Users/zjacky/Desktop/test/zzz/qewdas.txt
/Users/zjacky/Desktop/test/zzz/qeweqweqwwdas.txt
/Users/zjacky/Desktop/test/zzz/qwe/1.txt
================================================
FILE: FindFile/Common.go
================================================
package FindFile
// check函数用于检查错误,如果错误不为nil,则会触发panic
func Check(e error) {
if e != nil {
panic(e)
}
}
================================================
FILE: FindFile/FindFile_Java.go
================================================
package FindFile
import (
Rule2 "CodeScan/CommonVul/Rule"
"bufio"
"fmt"
"os"
"path/filepath"
"strings"
)
// FindFile FindFile函数用于在指定目录下查找符合规则的.java文件,并将包含规则的行写入到输出文件中
// 参数dir表示要搜索的目录路径
// 参数outputfile表示输出结果文件的路径(工具运行的目录)
// 参数rules表示要匹配的规则列表
func FindFileByJava(dir string, outputfile string, rules []string) {
var fileList []string
// 使用filepath.Walk遍历目标目录,跳过黑名单中的目录,收集所有.java文件的路径
err := filepath.Walk(dir, func(path string, f os.FileInfo, err error) error {
if err != nil {
return err
}
//如果f是一个文件夹
if f.IsDir() {
//继续进行遍历,如果在黑名单中的话就进行跳过
if Rule2.MatchRule(path, Rule2.PathBlackJava) {
return filepath.SkipDir
}
//如果文件存在的话就进行遍历 否则就进行判断,如果是java或者jsp后缀就添加到文件列表
} else if strings.HasSuffix(f.Name(), ".java") || strings.HasSuffix(f.Name(), ".jsp") {
fileList = append(fileList, path)
}
return nil
})
if err != nil {
fmt.Printf("error walking the path %v: %v\n", dir, err)
return
}
// 检查遍历目录过程中的错误
Check(err)
// 创建或打开输出文件,以追加模式写入
basedir := "./results/"
err1 := os.MkdirAll(basedir, os.ModePerm)
if err1 != nil {
fmt.Println("Error creating directory:", err)
return
}
outputfile = basedir + outputfile
outputFile, err := os.OpenFile(outputfile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
Check(err)
defer outputFile.Close() // 确保文件在函数返回前被关闭
// 遍历收集到的.java文件列表,对每个文件进行扫描,查找包含规则的行
for _, file := range fileList {
f, err := os.Open(file)
Check(err)
defer f.Close() // 确保文件在处理完后被关闭
// 使用bufio.Scanner读取文件内容,为大文件读取优化
scanner := bufio.NewScanner(f)
buf := make([]byte, 0, 64*1024)
scanner.Buffer(buf, 10*1024*1024) // 设置一个更大的最大行大小
lineNumber := 1 // 行号,用于标识匹配行的位置
var lastFile string // 记录上一次输出的文件,用于控制输出格式
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text()) // 去除行首尾空白字符
for _, rule := range rules {
// 检查当前行是否包含规则,且规则匹配函数Rule.MatchRule返回true
if strings.Contains(strings.ToLower(line), strings.ToLower(rule)) {
if Rule2.MatchRule(line, Rule2.LineBlack) {
break // 如果规则匹配,则跳出内层循环,处理下一行
} //xxx x
if !Rule2.RemoveStaticVar(strings.ToLower(line), strings.ToLower(rule)) {
break // 如果是静态变量则不做匹配
}
// 如果当前行是新文件的第一行且包含规则,则输出文件完整信息
if lastFile != file {
_, err := outputFile.WriteString(fmt.Sprintf("====================================================================\n\n"))
_, err = outputFile.WriteString(fmt.Sprintf("file [%s]\n%d : %s\n\n", file, lineNumber, line))
Check(err)
lastFile = file
} else {
// 如果当前行不是新文件的第一行,仅输出行号和内容
_, err := outputFile.WriteString(fmt.Sprintf("====================================================================\n\n"))
_, err = outputFile.WriteString(fmt.Sprintf("%d : %s\n\n", lineNumber, line))
Check(err)
}
}
}
lineNumber++
}
// 检查扫描过程是否出错
if err := scanner.Err(); err != nil {
fmt.Fprintln(os.Stderr, "reading standard input:", err)
}
}
}
================================================
FILE: FindFile/FindFile_PHP.go
================================================
package FindFile
import (
Rule2 "CodeScan/CommonVul/Rule"
"bufio"
"fmt"
"os"
"path/filepath"
"strings"
)
func FindFileByPHP(dir string, outputfile string, rules []string) {
var fileList []string
// 使用filepath.Walk遍历目标目录,跳过黑名单中的目录,收集所有.java文件的路径
err := filepath.Walk(dir, func(path string, f os.FileInfo, err error) error {
if err != nil {
return err
}
//如果f是一个文件夹
if f.IsDir() {
//继续进行遍历,如果在黑名单中的话就进行跳过
if Rule2.MatchRule(path, Rule2.PathBlackPhp) {
return filepath.SkipDir
}
//如果文件存在的话就进行遍历 否则就进行判断,如果是java或者jsp后缀就添加到文件列表
} else if strings.HasSuffix(f.Name(), ".php") || strings.HasSuffix(f.Name(), ".mds") {
fileList = append(fileList, path)
}
return nil
})
if err != nil {
fmt.Printf("error walking the path %v: %v\n", dir, err)
return
}
// 检查遍历目录过程中的错误
Check(err)
// 创建或打开输出文件,以追加模式写入
basedir := "./results/"
err1 := os.MkdirAll(basedir, os.ModePerm)
if err1 != nil {
fmt.Println("Error creating directory:", err)
return
}
outputfile = basedir + outputfile
outputFile, err := os.OpenFile(outputfile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
Check(err)
defer outputFile.Close() // 确保文件在函数返回前被关闭
for _, file := range fileList {
f, err := os.Open(file)
Check(err)
defer f.Close() // 确保文件在处理完后被关闭
// 使用bufio.Scanner读取文件内容,为大文件读取优化
scanner := bufio.NewScanner(f)
buf := make([]byte, 0, 64*1024)
scanner.Buffer(buf, 10*1024*1024) // 设置一个更大的最大行大小
lineNumber := 1 // 行号,用于标识匹配行的位置
var lastFile string // 记录上一次输出的文件,用于控制输出格式
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text()) // 去除行首尾空白字符
for _, rule := range rules {
// 检查当前行是否包含规则,且规则匹配函数Rule.MatchRule返回true
if strings.Contains(strings.ToLower(line), strings.ToLower(rule)) {
if Rule2.MatchRule(line, Rule2.LineBlack) {
break // 如果规则匹配,则跳出内层循环,处理下一行
} //xxx x
if !Rule2.RemoveStaticVar(strings.ToLower(line), strings.ToLower(rule)) {
break // 如果是静态变量则不做匹配
}
// 如果当前行是新文件的第一行且包含规则,则输出文件完整信息
if lastFile != file {
_, err := outputFile.WriteString(fmt.Sprintf("====================================================================\n\n"))
_, err = outputFile.WriteString(fmt.Sprintf("file [%s]\n%d : %s\n\n", file, lineNumber, line))
Check(err)
lastFile = file
} else {
// 如果当前行不是新文件的第一行,仅输出行号和内容
_, err := outputFile.WriteString(fmt.Sprintf("====================================================================\n\n"))
_, err = outputFile.WriteString(fmt.Sprintf("%d : %s\n\n", lineNumber, line))
Check(err)
}
}
}
lineNumber++
}
// 检查扫描过程是否出错
if err := scanner.Err(); err != nil {
fmt.Fprintln(os.Stderr, "reading standard input:", err)
}
}
}
================================================
FILE: Java-Code/AMF/AmfCheck.go
================================================
package AMF
import (
"CodeScan/FindFile"
"fmt"
)
func AmfCheck(dir string) {
FindFile.FindFileByJava(dir, "AmfCheck.txt", []string{".readMessage("})
fmt.Println("AMF检查完成")
}
================================================
FILE: Java-Code/Auth_Bypass/Authcheck.go
================================================
package Auth_Bypass
import (
"CodeScan/FindFile"
"fmt"
)
func Auth(dir string) {
FindFile.FindFileByJava(dir, "Auth_Bypass.txt", []string{".getRequestURL(", ".getRequestURI("})
fmt.Println("权限绕过分析完成")
}
================================================
FILE: Java-Code/El/Elcheck.go
================================================
package El
import (
"CodeScan/FindFile"
"fmt"
)
func Elcheck(dir string) {
//".getValue", 推荐不加
FindFile.FindFileByJava(dir, "el.txt", []string{"SpelExpressionParser", "parseExpression"})
fmt.Println("表达式注入分析完成")
}
================================================
FILE: Java-Code/Fastjson/parsecheck.go
================================================
package Fastjson
import (
"CodeScan/FindFile"
"fmt"
)
func Parsecheck(dir string) {
FindFile.FindFileByJava(dir, "fastjson.txt", []string{".parseObject("})
fmt.Println("fastjson分析完成")
}
================================================
FILE: Java-Code/Frame_Analysis/Frame_Analysiser.go
================================================
package Frame_Analysis
import (
Rule2 "CodeScan/CommonVul/Rule"
"CodeScan/FindFile"
"bufio"
"fmt"
"io/ioutil"
"log"
"os"
"path/filepath"
"strings"
)
func FrameAnalysiser(dir string) {
var result []string
mybatis := false
spring := false
struts := false
shiro := false
CKeditor := false
err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
filename := strings.ToLower(info.Name())
if !info.IsDir() {
// xml黑名单匹配
if Rule2.MatchRule(filename, Rule2.XmlBlack) {
return nil
}
if strings.HasSuffix(info.Name(), ".java") || strings.HasSuffix(info.Name(), ".xml") {
if !mybatis && strings.Contains(filename, "mybatis") {
result = append(result, "[+] MyBatis 框架 "+info.Name()+"\n")
mybatis = true
}
if !spring && (strings.Contains(filename, "spring") || strings.Contains(filename, "controller")) {
result = append(result, "[+] Spring 框架 "+info.Name()+"\n")
spring = true
}
if !struts && strings.Contains(filename, "struts") {
result = append(result, "[+] Struts 框架 "+info.Name()+"\n")
struts = true
}
if !shiro && strings.Contains(filename, "shiro") {
result = append(result, "[+] Shiro 框架 "+info.Name()+"\n")
shiro = true
}
if !CKeditor && strings.Contains(filename, "ckeditor") {
result = append(result, "[+] CKeditor 上传组件 "+info.Name()+"\n")
CKeditor = true
}
}
if !struts && info.IsDir() && strings.Contains(filename, "action") {
result = append(result, "[+] Struts 框架 "+info.Name()+"\n")
struts = true
}
if !CKeditor && info.IsDir() && strings.Contains(filename, "ckeditor") {
result = append(result, "[+] CKeditor 上传组件 "+info.Name()+"\n")
CKeditor = true
}
}
return nil
})
if err != nil {
log.Println(err)
}
output := strings.Join(result, "\n")
// 创建或打开输出文件,以追加模式写入
basedir := "./results/"
// 检查目录是否存在
if _, err := os.Stat(basedir); os.IsNotExist(err) {
// 如果目录不存在,则创建
err := os.MkdirAll(basedir, os.ModePerm)
if err != nil {
fmt.Println("Error creating directory:", err)
return
}
}
outputfile := "Frame_Analysiser.txt"
outputfile = basedir + outputfile
err = ioutil.WriteFile(outputfile, []byte(output), 0644)
if err != nil {
log.Fatal(err)
}
fmt.Println("框架分析完成")
}
func WebXmlScan(dir string, rules []string) {
// 创建或打开输出文件,以追加模式写入
outputFile, err := os.OpenFile("Frame_Analysiser.txt", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
FindFile.Check(err)
defer outputFile.Close() // 确保文件在函数返回前被关闭
var webXmlPath string
// 遍历目录及其子目录下的所有文件
err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
// 如果找到 "web.xml" 文件,记录其路径并停止遍历
if !info.IsDir() && strings.EqualFold(info.Name(), "web.xml") {
webXmlPath = path
return filepath.SkipDir
}
return nil
})
if err != nil {
log.Fatal(err)
}
// 如果没有找到 "web.xml" 文件,结束函数
if webXmlPath == "" {
return
}
f, err := os.Open(webXmlPath)
FindFile.Check(err)
defer f.Close() // 确保文件在处理完后被关闭
// 使用bufio.Scanner读取文件内容,为大文件读取优化
scanner := bufio.NewScanner(f)
buf := make([]byte, 0, 64*1024)
scanner.Buffer(buf, 10*1024*1024) // 设置一个更大的最大行大小
lineNumber := 1 // 行号,用于标识匹配行的位置
var lastFile string // 记录上一次输出的文件,用于控制输出格式
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text()) // 去除行首尾空白字符
for _, rule := range rules {
// 检查当前行是否包含规则,且规则匹配函数Rule.MatchRule返回true
if strings.Contains(strings.ToLower(line), strings.ToLower(rule)) {
if Rule2.MatchRule(line, Rule2.LineBlack) {
break // 如果规则匹配,则跳出内层循环,处理下一行
}
// 如果当前行是新文件的第一行且包含规则,则输出文件完整信息
if lastFile != webXmlPath {
_, err := outputFile.WriteString(fmt.Sprintf("====================================================================\n\n"))
_, err = outputFile.WriteString(fmt.Sprintf("file [%s]\n%d : %s\n\n", webXmlPath, lineNumber, line))
FindFile.Check(err)
lastFile = webXmlPath
} else {
// 如果当前行不是新文件的第一行,仅输出行号和内容
_, err := outputFile.WriteString(fmt.Sprintf("====================================================================\n\n"))
_, err = outputFile.WriteString(fmt.Sprintf("%d : %s\n\n", lineNumber, line))
FindFile.Check(err)
}
}
}
lineNumber++
}
// 检查扫描过程是否出错
if err := scanner.Err(); err != nil {
fmt.Fprintln(os.Stderr, "reading standard input:", err)
}
}
================================================
FILE: Java-Code/JDBC/FindJDBC.go
================================================
package JDBC
import (
"CodeScan/FindFile"
"fmt"
)
func FindJDBC(dir string) {
FindFile.FindFileByJava(dir, "jdbc.txt", []string{"DriverManager.getConnection("})
fmt.Println("JDBC分析完成")
}
================================================
FILE: Java-Code/JNDI/Jndi.go
================================================
package JNDI
import (
"CodeScan/FindFile"
"fmt"
)
func Jndi(dir string) {
FindFile.FindFileByJava(dir, "jndi.txt", []string{".lookup("})
fmt.Println("JNDI分析完成")
}
================================================
FILE: Java-Code/JS/Jseval.go
================================================
package JS
import (
"CodeScan/FindFile"
"fmt"
)
func Eval(dir string) {
FindFile.FindFileByJava(dir, "eval.txt", []string{"eval("})
fmt.Println("Eval分析完成")
}
================================================
FILE: Java-Code/JarStatic/Jarstaticer.go
================================================
package JarStatic
import (
"bufio"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strings"
)
func Jarstaticer(dir string) {
// 检查目录是否存在
if _, err := os.Stat(dir); os.IsNotExist(err) {
fmt.Println("Directory does not exist:", dir)
return
}
// 存储找到的jar文件名
jarFiles := []string{}
err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if !info.IsDir() && filepath.Ext(path) == ".jar" {
jarFiles = append(jarFiles, filepath.Base(path))
}
return nil
})
if err != nil {
fmt.Printf("Error walking the path %s: %v\n", dir, err)
return
}
// 读取 EvilJarList.txt 文件中的每一行
configLines, err := ioutil.ReadFile("EvilJarList.txt")
if err != nil {
fmt.Println("Error reading EvilJarList.txt:", err)
return
}
lines := strings.Split(string(configLines), "\n")
// 打开 SuccessAttack.txt 文件准备写入
file, err := os.Create("SuccessAttack.txt")
if err != nil {
fmt.Println("Error creating SuccessAttack.txt:", err)
return
}
defer file.Close()
writer := bufio.NewWriter(file)
defer writer.Flush()
// 遍历 jarFiles 中的每个JAR文件名
for _, jarName := range jarFiles {
// 遍历 config.txt 中的每一行
for _, line := range lines {
// 去除行尾的换行符
trimmedLine := strings.TrimSpace(line)
if jarName == trimmedLine {
// 如果找到匹配项,写入 SuccessAttack.txt
_, err := writer.WriteString(jarName + "\n")
if err != nil {
fmt.Println("Error writing to SuccessAttack.txt:", err)
return
}
break // 找到匹配项后跳出内层循环
}
}
}
// 检查
// 打开 jarFiles.txt 文件准备写入
file1, err := os.Create("jarFiles.txt")
if err != nil {
fmt.Println("Error creating file:", err)
return
}
defer file1.Close()
// 使用文件写入操作
for _, jarName := range jarFiles {
if _, err := file1.WriteString(jarName + "\n"); err != nil {
fmt.Println("Error writing to file:", err)
return
}
}
}
================================================
FILE: Java-Code/JavaSrciptShell/FindJavaSrciptShell.go
================================================
package JavaSrciptShell
import (
"CodeScan/FindFile"
"fmt"
)
func FindJavaSrciptShell(dir string) {
FindFile.FindFileByJava(dir, "jshell.txt", []string{".getEngineByName(\"JavaScript\""})
fmt.Println("JavaSrciptShell 分析完成")
}
================================================
FILE: Java-Code/Log4j/Log4j2.go
================================================
package Log4j
import (
"CodeScan/FindFile"
"fmt"
"log"
"os"
"path/filepath"
"strings"
)
func Log4j(dir string) {
log4j2 := false
err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
filename := strings.ToLower(info.Name())
if !info.IsDir() {
if !log4j2 && strings.Contains(filename, "log4j") {
log4j2 = true
// 执行 FindFile.FindFileByJava 方法
FindFile.FindFileByJava(dir, "log4j.txt", []string{"logger.info(", "log.info("})
fmt.Println("Log4j2分析完成")
}
}
return nil
})
if err != nil {
log.Println(err)
}
}
================================================
FILE: Java-Code/ReadObject/readobject.go
================================================
package ReadObject
import (
"CodeScan/FindFile"
"fmt"
)
func Readobjectcheck(dir string) {
FindFile.FindFileByJava(dir, "readobject.txt", []string{".readobject(", ".deserialize("})
fmt.Println("反序列化分析完成")
}
================================================
FILE: Java-Code/Reflect/Reflect.go
================================================
package Reflect
import (
"CodeScan/FindFile"
"fmt"
)
func ReflectCheck(dir string) {
FindFile.FindFileByJava(dir, "fanshe.txt", []string{".invode("})
fmt.Println("反射分析完成")
}
================================================
FILE: Java-Code/SSTI/FreeMarker/FreeSsti.go
================================================
package FreeMarker
import (
"CodeScan/FindFile"
"fmt"
)
func FreeSsti(dir string) {
FindFile.FindFileByJava(dir, "Freemarkssti.txt", []string{"new Template("})
fmt.Println("FreeMarker SSTI 分析完成")
}
================================================
FILE: Java-Code/Sql/FindSqlByCode.go
================================================
package Sql
import (
"bufio"
"fmt"
"io/fs"
"os"
"path/filepath"
"strings"
)
// 函数用于检查是否存在java代码内容,并将相关信息写入 sql.txt
func findSqlByCode(dir string) {
selectList := []string{}
var lastFile string // 记录上一次输出的文件,用于控制输出格式
keywords := []string{"'${", "= ${", "like '%\" +", ".executeQuery(", "@RequestParam(\"sql\")", ".executeUpdate(", "order by ${", "createNativeQuery(", "execNativeSql(", ".createSQLQuery(", ".addOrder(", "<include"}
// 使用 Walk 函数遍历目录,查找所有的 .java 文件
err := filepath.Walk(dir, func(path string, f fs.FileInfo, err error) error {
if !f.IsDir() && strings.HasSuffix(f.Name(), ".java") {
// 打开文件
lineNumber := 1 // 行号,用于标识匹配行的位置
file, err := os.Open(path)
check(err)
defer file.Close()
// 逐行扫描文件内容
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
// 如果行中包含 @Select 注解,则将相关信息添加到 selectList 中
for _, keyword := range keywords {
if strings.Contains(line, keyword) {
if lastFile != file.Name() {
selectList = append(selectList, fmt.Sprintf("====================================================================\n"))
selectList = append(selectList, fmt.Sprintf("file [%s]\n%d: %s", file.Name(), lineNumber, line))
lastFile = file.Name()
} else {
selectList = append(selectList, fmt.Sprintf("====================================================================\n"))
selectList = append(selectList, fmt.Sprintf("%d : %s", lineNumber, line))
}
}
}
lineNumber++
}
}
return nil
})
check(err)
// 如果存在 @Select 注解,则将相关信息写入到 sql.txt 文件中
if len(selectList) > 0 {
writeToFile("sql.txt", selectList)
}
}
================================================
FILE: Java-Code/Sql/FindSqlByXml.go
================================================
package Sql
import (
Rule2 "CodeScan/CommonVul/Rule"
"bufio"
"fmt"
"io/fs"
"os"
"path/filepath"
"strings"
)
// findKeywordsInXMLFiles 函数用于检查 XML 文件中的关键字
func findSqlByXml(dir string) {
xmlList := []string{}
var lastFile string // 记录上一次输出的文件,用于控制输出格式
// 使用 Walk 函数遍历目录,查找所有的 .xml 文件
err := filepath.Walk(dir, func(path string, f fs.FileInfo, err error) error {
if !f.IsDir() && strings.HasSuffix(f.Name(), ".xml") {
// xml黑名单匹配
if Rule2.MatchRule(f.Name(), Rule2.XmlBlack) {
return nil
}
xmlList = append(xmlList, path)
}
return nil
})
check(err)
// 定义需要搜索的关键字
keywords := []string{"${", "like '%${", "order by ${"} // 这里可以添加更多关键字
// 遍历 XML 文件列表
for _, file := range xmlList {
foundKeywords := []string{}
lineNumber := 1
// 打开 XML 文件
f, err := os.Open(file)
check(err)
defer f.Close()
// 逐行扫描文件内容
scanner := bufio.NewScanner(f)
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
// 检查每一行是否包含关键字,并且不包含黑名单中的关键字
if Rule2.MatchRule(line, Rule2.XmlSqlBlack) {
continue
}
// 检查每一行是否包含需要搜索的关键字
for _, keyword := range keywords {
if strings.Contains(line, keyword) {
if lastFile != f.Name() {
foundKeywords = append(foundKeywords, fmt.Sprintf("====================================================================\n"))
foundKeywords = append(foundKeywords, fmt.Sprintf("file [%s]\n%d: %s", f.Name(), lineNumber, line))
lastFile = f.Name()
} else {
foundKeywords = append(foundKeywords, fmt.Sprintf("====================================================================\n"))
foundKeywords = append(foundKeywords, fmt.Sprintf("%d : %s", lineNumber, line))
}
}
}
lineNumber++
}
// 如果找到关键字,则将相关信息写入到 sql.txt 文件中
if len(foundKeywords) > 0 {
writeToFile("sql.txt", foundKeywords)
}
}
}
================================================
FILE: Java-Code/Sql/Sql.go
================================================
package Sql
import (
"fmt"
"os"
)
// check 函数用于检查错误,如果错误不为 nil 则触发 panic
func check(e error) {
if e != nil {
panic(e)
}
}
// Sqlcheck 函数是我们的主函数,负责执行 SQL 检查的逻辑
func Sqlcheck(dir string) {
// 检查是否存在 @Select 注解
findSqlByCode(dir)
// 检查 XML 文件中的关键字
findSqlByXml(dir)
fmt.Println("sql分析完成")
}
// writeToFile 函数用于将信息写入文件
func writeToFile(filename string, lines []string) {
// 创建或打开输出文件,以追加模式写入
basedir := "./results/"
// 检查目录是否存在
if _, err := os.Stat(basedir); os.IsNotExist(err) {
// 如果目录不存在,则创建
err := os.MkdirAll(basedir, os.ModePerm)
if err != nil {
fmt.Println("Error creating directory:", err)
return
}
}
outputfile := basedir + filename // 打开文件,如果文件不存在则创建,如果存在则追加写入
outputFile, err := os.OpenFile(outputfile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
check(err)
defer outputFile.Close()
// 将每一行信息写入文件
for _, line := range lines {
_, err = outputFile.WriteString(fmt.Sprintf("%s\n", line))
check(err)
}
}
================================================
FILE: Java-Code/Zip/Zipsilp.go
================================================
package Zip
import (
"CodeScan/FindFile"
"fmt"
)
func Zipsilp(dir string) {
FindFile.FindFileByJava(dir, "zip.txt", []string{"zipEntry.getName(", "ZipUtil.unpack(", "ZipUtil.unzip(", "entry.getName()", "AntZipUtils.unzip(", "zip.getEntries()"})
fmt.Println("Zipsilp分析完成")
}
================================================
FILE: PHP-Code/FileRead/Read.go
================================================
package FileRead
import (
"CodeScan/CommonVul/Rule"
"CodeScan/FindFile"
"fmt"
)
func Read(dir string) {
FindFile.FindFileByPHP(dir, "FileRead_Phar.txt", Rule.PHPFileReadList)
fmt.Println("PHP文件读取分析完成")
}
================================================
FILE: PHP-Code/FileWrite/Write.go
================================================
package FileWrite
import (
"CodeScan/FindFile"
"fmt"
)
func Write(dir string) {
FindFile.FindFileByPHP(dir, "FileWrite.txt", []string{
"file_put_contents(",
})
fmt.Println("PHP文件写入分析完成")
}
================================================
FILE: PHP-Code/Include/Include.go
================================================
package Include
import (
"CodeScan/FindFile"
"fmt"
)
func Include(dir string) {
FindFile.FindFileByPHP(dir, "Include.txt", []string{
"include(",
})
fmt.Println("PHP文件包含分析完成")
}
================================================
FILE: PHP-Code/PHPSql/FindSqlByCode.go
================================================
package PHPSql
import (
"bufio"
"fmt"
"io/fs"
"os"
"path/filepath"
"strings"
)
// 函数用于检查是否存在java代码内容,并将相关信息写入 sql.txt
func findSqlByCode(dir string) {
selectList := []string{}
var lastFile string // 记录上一次输出的文件,用于控制输出格式
keywords := []string{"like '%\" +", "mysql_query(", "->where(", "->order(", "mysqli_query("}
err := filepath.Walk(dir, func(path string, f fs.FileInfo, err error) error {
if !f.IsDir() && strings.HasSuffix(f.Name(), ".php") {
// 打开文件
lineNumber := 1 // 行号,用于标识匹配行的位置
file, err := os.Open(path)
check(err)
defer file.Close()
// 逐行扫描文件内容
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
// 如果行中包含 @Select 注解,则将相关信息添加到 selectList 中
for _, keyword := range keywords {
if strings.Contains(line, keyword) {
if lastFile != file.Name() {
selectList = append(selectList, fmt.Sprintf("====================================================================\n"))
selectList = append(selectList, fmt.Sprintf("file [%s]\n%d: %s", file.Name(), lineNumber, line))
lastFile = file.Name()
} else {
selectList = append(selectList, fmt.Sprintf("====================================================================\n"))
selectList = append(selectList, fmt.Sprintf("%d : %s", lineNumber, line))
}
}
}
lineNumber++
}
}
return nil
})
check(err)
// 如果存在 @Select 注解,则将相关信息写入到 sql.txt 文件中
if len(selectList) > 0 {
writeToFile("sql.txt", selectList)
}
}
================================================
FILE: PHP-Code/PHPSql/Sql.go
================================================
package PHPSql
import (
"fmt"
"os"
)
// check 函数用于检查错误,如果错误不为 nil 则触发 panic
func check(e error) {
if e != nil {
panic(e)
}
}
// Sqlcheck 函数是我们的主函数,负责执行 SQL 检查的逻辑
func Sqlcheck(dir string) {
// 检查是否存在 @Select 注解
findSqlByCode(dir)
fmt.Println("sql分析完成")
}
// writeToFile 函数用于将信息写入文件
func writeToFile(filename string, lines []string) {
// 打开文件,如果文件不存在则创建,如果存在则追加写入
outputFile, err := os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
check(err)
defer outputFile.Close()
// 将每一行信息写入文件
for _, line := range lines {
_, err = outputFile.WriteString(fmt.Sprintf("%s\n", line))
check(err)
}
}
================================================
FILE: PHP-Code/SSRF/SSRF.go
================================================
package SSRF
import (
"CodeScan/FindFile"
"fmt"
)
func PHP_SSRF(dir string) {
FindFile.FindFileByPHP(dir, "SSRF.txt", []string{
"curl_exec(",
})
fmt.Println("PHPSSRF分析完成")
}
================================================
FILE: PHP-Code/Unserialize/ser.go
================================================
package Unserialize
import (
"CodeScan/FindFile"
"fmt"
)
func Unserialize(dir string) {
FindFile.FindFileByPHP(dir, "Unserialize.txt", []string{
"__destruct(",
})
fmt.Println("PHP反序列化分析完成")
}
================================================
FILE: README.md
================================================
# CodeScan
## 工具概述
该工具目的为对大多数不完整的代码以及依赖快速进行Sink点匹配来帮助红队完成快速代码审计,开发该工具的初衷是以`Sink`到`Source`的思路来开发,为了将所有可疑的Sink点匹配出来并且凭借第六感进行快速漏洞挖掘,并且该工具开发可扩展性强,成本极低,目前工具支持的语言有PHP,Java(JSP)
## 编译
```bash
./build.sh
# 会生成所有版本在releases下
```
## 功能
1. 框架识别
2. 涵盖大部分漏洞的Sink点的匹配(如图)
3. 可自定义定制化修改黑白名单内容
4. 多模块化多语言化代码审计
5. 进行融于鉴权代码的快速匹配抓取
6. 根据Jar进行静态分析(默认分析)
* mysqlconnect-->jdbc
* Xstream --> xml/json
## 使用
```bash
Usage of ./CodeScan_darwin_arm64:
-L string
审计语言
-d string
要扫描的目录
-h string
使用帮助
-lb string
行黑名单
-m string
过滤的字符串
-pb string
路径黑名单
-r string
RCE规则
-u string
文件上传规则
Example:
CodeScan_windows_amd64.exe -L java -d ./net
CodeScan_windows_amd64.exe -L php -d ./net
CodeScan_windows_amd64.exe -d ./net -m "CheckSession.jsp"
```
## 高级用法+案例分析
### 高级用法
`以下均以Java作为示例`
#### 高扩展性
很简单的自定义,如果需要自定义一些匹配规则,首先可以在这里加入
其次如果需要新增漏洞类型,只需要三步(这里以Sql为例)
1. 新建SQL目录
2. 定义一个方法叫 SqlCheck
3. 写一个sqlcheck.txt(生成的文件名) + 你自定义的规则
4. 最后在这里加入包名+方法名即可
```go
package SqlTest
import (
"CodeScan/FindFile"
"fmt"
)
func SqlCheck(dir string) {
FindFile.FindFileByJava(dir, "fastjson.txt", []string{".parseObject("})
fmt.Println("SqlCheck分析完成")
}
```
#### 扫描位置
在打一些闭源代码的时候经常就一个Jar或者Class,反编译的时候会把依赖进行一起反编译,所以为了避免扫描一些依赖的误报,在工具中自带的黑名单中会过滤掉如下黑名单的包名,需要自定义的时候可自行修改,位置在`CommonVul/Rule/MatchPathRule.go`
```go
var PathBlackJava = []string{
"apache", "lombok", "microsoft", "solr",
"amazonaws", "c3p0", "jodd", "afterturn", "hutool",
"javassist", "alibaba", "aliyuncs", "javax", "jackson",
"bytebuddy", "baomidou", "google", "netty", "redis", "mysql",
"logback", "ognl", "oracle", "sun", "junit", "reactor", "github",
"mchange", "taobao", "nimbusds", "opensymphony", "freemarker", "java", "apiguardian", "hibernate", "javassist", "jboss", "junit", "mybatis",
"springframework", "slf4j",
}
```
所以这也导致了一个问题,不能从顶层上直接扫描
`请把CodeScan放在Net同级目录下扫描(否则会忽略掉直接一个Java目录)`
请`-d`后面的参数尽量在`/src/main/java`之后,比如这里就需要把CodeScan放到`net`目录下开始扫描
```bash
CodeScan_windows_amd64.exe -L java -d ./net
```
#### 过滤字符串(只写了JSP + PHP)
比如现在有一个代码百分百为鉴权代码在JSP中
```java
<%@ include file="../../common/js/CheckSession.jsp"%>
```
此时可以用一下功能来进行快速获取未鉴权代码
```bash
CodeScan_windows_amd64.exe -d ./yuan -m "CheckSession.jsp"
```
此时会将不存在这个代码的文件都放到`NoAuthDir`目录中,然后可以再扫一遍就可以立刻定位到存在未鉴权并且存在Sink点的函数文件了
```bash
CodeScan_windows_amd64.exe -L java -d ./NoAuthDir
```
#### 静态分析依赖情况
只需要在CodeScan的目录下放入EvilJarList.txt即可匹配出来
`EvilJarList.txt` 内容为存在可打漏洞的`Jar`,模版如下
```bash
fastjson-1.2.47.jar
resin-4.0.63.jar
jackson-core-2.13.3.jar
c3p0-0.9.5.2.jar
commons-beanutils-1.9.4.jar
commons-beanutils-1.9.3.jar
commons-beanutils-1.9.2.jar
commons-collections-3.2.1.jar
mysql-connector-java-8.0.17.jar
commons-collections4-4.0.jar
shiro-core-1.10.1.jar
aspectjweaver-1.9.5.jar
rome-1.0.jar
xstream-1.4.11.1.jar
sqlite-jdbc-3.8.9.jar
vaadin-server-7.7.14.jar
hessian-4.0.63.jar
```
#### 案例
案例请参考我的博客
```bash
https://zjackky.github.io/post/develop-codescan-zwcz53.html
```
## TODO
* [ ] 将结果从TXT转为Excel
* [ ] Sink点继续完善
* [ ] ASP
## 支持项目
* 如果有师傅发现Bug或者有更好的建议请提issue感谢
* 要是各位师傅通过本人的小工具挖到一些好洞记得回头点点Stars诶
## 免责申明
* 如果您下载、安装、使用、修改本工具及相关代码,即表明您信任本工具
* 在使用本工具时造成对您自己或他人任何形式的损失和伤害,我们不承担任何责任
* 如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任
* 请您务必审慎阅读、充分理解各条款内容,特别是免除或者限制责任的条款,并选择接受或不接受
* 除非您已阅读并接受本协议所有条款,否则您无权下载、安装或使用本工具
* 您的下载、安装、使用等行为即视为您已阅读并同意上述协议的约束
## 更新日志
**2024/09/29**
* 开源
**2024/10/7**
* 将扫描结果写入result目录中
## 鸣谢
[xiaoqiuxx(github.com)](https://github.com/xiaoqiuxx)
================================================
FILE: Utils/JavaScanUtil.go
================================================
package Utils
import (
"CodeScan/CommonVul/Rce"
"CodeScan/CommonVul/Upload"
"CodeScan/Java-Code/AMF"
"CodeScan/Java-Code/Auth_Bypass"
"CodeScan/Java-Code/El"
"CodeScan/Java-Code/Fastjson"
"CodeScan/Java-Code/Frame_Analysis"
"CodeScan/Java-Code/JDBC"
"CodeScan/Java-Code/JNDI"
"CodeScan/Java-Code/JS"
"CodeScan/Java-Code/JarStatic"
"CodeScan/Java-Code/JavaSrciptShell"
"CodeScan/Java-Code/Log4j"
"CodeScan/Java-Code/ReadObject"
"CodeScan/Java-Code/Reflect"
"CodeScan/Java-Code/SSTI/FreeMarker"
"CodeScan/Java-Code/Sql"
"CodeScan/Java-Code/Zip"
"github.com/cheggaaa/pb/v3"
"os"
"path/filepath"
"strings"
"sync"
"time"
)
func Java_Codeing() {
StartTime = time.Now()
// 所有要执行的扫描函数
scanFuncs := []func(string){
Frame_Analysis.FrameAnalysiser,
Auth_Bypass.Auth,
Zip.Zipsilp,
JNDI.Jndi,
Sql.Sqlcheck,
Rce.JavaRce,
Upload.JavaUpload_check,
ReadObject.Readobjectcheck,
El.Elcheck,
Fastjson.Parsecheck,
Reflect.ReflectCheck,
Log4j.Log4j,
AMF.AmfCheck,
FreeMarker.FreeSsti,
JDBC.FindJDBC,
JavaSrciptShell.FindJavaSrciptShell,
JarStatic.Jarstaticer,
JS.Eval,
}
var wg sync.WaitGroup
wg.Add(len(scanFuncs)) // 根据方法数量动态调整 goroutine 数量
progressBar = pb.New(len(scanFuncs)).SetRefreshRate(time.Millisecond * 100).Start()
// 启动 goroutine 来执行扫描任务
for _, scanFunc := range scanFuncs {
go scanDirectory(scanFunc, *Dir, &wg)
}
wg.Wait()
progressBar.Finish()
// 处理web.xml
Frame_Analysis.WebXmlScan(*Dir, []string{"*.htm", "*.do", "*.action", "exclude"})
// 清理空文件
root := "./" // 设置要检查的目录
filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if !info.IsDir() && strings.HasSuffix(info.Name(), ".txt") {
if info.Size() == 0 {
os.Remove(path)
}
}
return nil
})
}
================================================
FILE: Utils/PHPScanUtil.go
================================================
package Utils
import (
"CodeScan/CommonVul/Rce"
"CodeScan/CommonVul/Upload"
"CodeScan/PHP-Code/FileRead"
"CodeScan/PHP-Code/Include"
"CodeScan/PHP-Code/PHPSql"
"CodeScan/PHP-Code/SSRF"
"CodeScan/PHP-Code/Unserialize"
"github.com/cheggaaa/pb/v3"
"os"
"path/filepath"
"strings"
"sync"
"time"
)
func PHP_Codeing() {
StartTime = time.Now()
// 所有要执行的扫描函数
scanFuncs := []func(string){
Upload.PHPUpload_check,
Rce.PHPRce,
PHPSql.Sqlcheck,
FileRead.Read,
Unserialize.Unserialize,
SSRF.PHP_SSRF,
Include.Include,
}
var wg sync.WaitGroup
wg.Add(len(scanFuncs)) // 根据方法数量动态调整 goroutine 数量
progressBar = pb.New(len(scanFuncs)).SetRefreshRate(time.Millisecond * 100).Start()
// 启动 goroutine 来执行扫描任务
for _, scanFunc := range scanFuncs {
go scanDirectory(scanFunc, *Dir, &wg)
}
wg.Wait()
progressBar.Finish()
// 清理空文件
root := "./" // 设置要检查的目录
filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if !info.IsDir() && strings.HasSuffix(info.Name(), ".txt") {
if info.Size() == 0 {
os.Remove(path)
}
}
return nil
})
}
================================================
FILE: Utils/common.go
================================================
package Utils
import (
"github.com/cheggaaa/pb/v3"
"strings"
"sync"
"time"
)
var (
progressBar *pb.ProgressBar
StartTime time.Time
)
// scanDirectory 函数用于启动一个 goroutine 来扫描指定目录
func scanDirectory(scanFunc func(string), dir string, wg *sync.WaitGroup) {
scanFunc(dir)
progressBar.Increment()
wg.Done()
}
func ClearDir(dir string) string {
// 将 \ 转换为 /
dir = strings.ReplaceAll(dir, `\\`, "/")
dir = strings.ReplaceAll(dir, `\`, "/")
return dir
}
================================================
FILE: Utils/flag.go
================================================
package Utils
import (
Rule2 "CodeScan/CommonVul/Rule"
"CodeScan/Filter"
"flag"
"fmt"
"github.com/fatih/color"
"strings"
)
var (
Dir *string
language *string
help *string
)
func Start() {
// 开始审计
parseFlag()
*language = strings.ToLower(*language)
if *language == "java" {
Java_Codeing()
}
if *language == "php" {
PHP_Codeing()
}
}
func parseFlag() {
// 高级命令行解析
help = flag.String("h", "", "使用帮助")
Dir = flag.String("d", "", "要扫描的目录")
language = flag.String("L", "", "审计语言")
pathBlackRule := flag.String("pb", "", "路径黑名单")
lineBlackRule := flag.String("lb", "", "行黑名单")
uploadRule := flag.String("u", "", "文件上传规则")
rceRule := flag.String("r", "", "RCE规则")
filterfile := flag.String("m", "", "过滤的字符串")
//outdir := flag.String("o", "", "输出结果")
flag.Parse()
if *language == "" && *filterfile == "" {
color.Red("请使用 -L 选项提供扫描语言")
return
}
if *language != "" {
if *Dir != "" {
*Dir = ClearDir(*Dir)
if *pathBlackRule != "" {
// 读取路径黑名单
Rule2.PathBlackJava = append(Rule2.PathBlackJava, *pathBlackRule)
fmt.Println("路径黑名单:", Rule2.PathBlackJava)
} // 所有要执行的扫描函数
if *lineBlackRule != "" {
Rule2.LineBlack = append(Rule2.LineBlack, *lineBlackRule)
}
if *uploadRule != "" {
if *language == "java" {
Rule2.JavaUploadRuleList = append(Rule2.JavaUploadRuleList, *uploadRule)
} else if *language == "php" {
Rule2.PHPUploadRuleList = append(Rule2.PHPUploadRuleList, *uploadRule)
}
}
if *rceRule != "" {
Rule2.JavaRceRuleList = append(Rule2.JavaRceRuleList, *rceRule)
}
}
}
if *filterfile != "" {
if *Dir != "" {
Filter.FilterFile(*filterfile, *Dir)
} else {
color.Red("请使用 -d 选项提供目录")
return
}
}
}
================================================
FILE: build.sh
================================================
#!/bin/bash
# Define the list of target operating systems and architectures
os_archs=("darwin:amd64" "darwin:arm64" "linux:amd64" "windows:amd64")
# Define the Go compiler flags
LDFLAGS="-s -w"
# Loop through each OS/architecture pair and build JodeScanner
for pair in "${os_archs[@]}"; do
os=$(echo "$pair" | cut -d ":" -f 1)
arch=$(echo "$pair" | cut -d ":" -f 2)
output="./releases/CodeScan_${os}_${arch}"
# For Windows, add .exe extension to the output file
if [[ "$os" == "windows" ]]; then
output="$output.exe"
fi
# Build JodeScanner for the current OS/architecture pair
echo "Building $output..."
GOOS="$os" GOARCH="$arch" go build -trimpath -ldflags "$LDFLAGS" -o "$output" main.go
echo "Build $output done"
done
================================================
FILE: go.mod
================================================
module CodeScan
go 1.22.1
require (
github.com/cheggaaa/pb/v3 v3.1.5
github.com/fatih/color v1.16.0
)
require (
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
golang.org/x/sys v0.14.0 // indirect
)
================================================
FILE: go.sum
================================================
github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
github.com/cheggaaa/pb/v3 v3.1.5 h1:QuuUzeM2WsAqG2gMqtzaWithDJv0i+i6UlnwSCI4QLk=
github.com/cheggaaa/pb/v3 v3.1.5/go.mod h1:CrxkeghYTXi1lQBEI7jSn+3svI3cuc19haAj6jM60XI=
github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
================================================
FILE: jarFiles.txt
================================================
HikariCP-2.7.8.jar
aliyun-java-sdk-core-3.4.0.jar
aliyun-java-sdk-ecs-4.2.0.jar
aliyun-java-sdk-kms-2.7.0.jar
aliyun-java-sdk-ram-3.0.0.jar
aliyun-java-sdk-sts-3.0.0.jar
aliyun-sdk-oss-3.10.1.jar
byte-buddy-1.7.10.jar
classmate-1.3.4.jar
commons-codec-1.11.jar
commons-pool2-2.5.0.jar
fastjson-1.2.83.jar
gson-2.8.2.jar
guava-18.0.jar
hibernate-validator-6.0.7.Final.jar
httpclient-4.5.2.jar
httpcore-4.4.9.jar
jackson-annotations-2.9.0.jar
jackson-core-2.9.4.jar
jackson-databind-2.9.4.jar
jackson-dataformat-yaml-2.9.4.jar
jackson-datatype-jdk8-2.9.4.jar
jackson-datatype-jsr310-2.9.4.jar
jackson-module-parameter-names-2.9.4.jar
java-semver-0.9.0.jar
javassist-3.21.0-GA.jar
javax.annotation-api-1.3.2.jar
jboss-logging-3.3.2.Final.jar
jdom-1.1.jar
jedis-2.9.0.jar
jettison-1.1.jar
jsqlparser-1.3.jar
jul-to-slf4j-1.7.25.jar
jxl-2.6.12.jar
log4j-1.2.14.jar
log4j-api-2.10.0.jar
log4j-to-slf4j-2.15.0.jar
logback-classic-1.2.3.jar
logback-core-1.2.3.jar
lombok-1.18.12.jar
mapstruct-1.1.0.Final.jar
mybatis-3.4.6.jar
mybatis-plus-3.0.7.1.jar
mybatis-plus-annotation-3.0.7.1.jar
mybatis-plus-boot-starter-3.0.7.1.jar
mybatis-plus-core-3.0.7.1.jar
mybatis-plus-extension-3.0.7.1.jar
mybatis-spring-1.3.2.jar
mysql-connector-java-8.0.11.jar
pf4j-3.1.0.jar
protobuf-java-2.6.0.jar
reflections-0.9.11.jar
slf4j-api-1.7.25.jar
snakeyaml-1.19.jar
spring-aop-5.0.4.RELEASE.jar
spring-beans-5.0.4.RELEASE.jar
spring-boot-2.0.0.RELEASE.jar
spring-boot-autoconfigure-2.0.0.RELEASE.jar
spring-boot-starter-2.0.0.RELEASE.jar
spring-boot-starter-jdbc-2.0.0.RELEASE.jar
spring-boot-starter-json-2.0.0.RELEASE.jar
spring-boot-starter-logging-2.0.0.RELEASE.jar
spring-boot-starter-redis-1.4.1.RELEASE.jar
spring-boot-starter-tomcat-2.0.0.RELEASE.jar
spring-boot-starter-web-2.0.0.RELEASE.jar
spring-context-5.0.4.RELEASE.jar
spring-context-support-5.0.4.RELEASE.jar
spring-core-5.0.4.RELEASE.jar
spring-data-commons-2.0.5.RELEASE.jar
spring-data-keyvalue-2.0.5.RELEASE.jar
spring-data-redis-2.0.5.RELEASE.jar
spring-expression-5.0.4.RELEASE.jar
spring-jcl-5.0.4.RELEASE.jar
spring-jdbc-5.0.4.RELEASE.jar
spring-oxm-5.0.4.RELEASE.jar
spring-plugin-core-1.2.0.RELEASE.jar
spring-plugin-metadata-1.2.0.RELEASE.jar
spring-tx-5.0.4.RELEASE.jar
spring-web-5.0.4.RELEASE.jar
spring-webmvc-5.0.4.RELEASE.jar
springboot-plugin-framework-2.2.1-RELEASE.jar
springboot-plugin-framework-extension-mybatis-2.2.1-RELEASE.jar
springfox-core-2.7.0.jar
springfox-schema-2.7.0.jar
springfox-spi-2.7.0.jar
springfox-spring-web-2.7.0.jar
springfox-swagger-common-2.7.0.jar
springfox-swagger2-2.7.0.jar
stax-api-1.0.1.jar
swagger-annotations-1.5.13.jar
swagger-bootstrap-ui-1.6.jar
swagger-models-1.5.13.jar
tomcat-embed-core-8.5.28.jar
tomcat-embed-el-8.5.28.jar
tomcat-embed-websocket-8.5.28.jar
validation-api-2.0.1.Final.jar
================================================
FILE: main.go
================================================
package main
import (
"CodeScan/Utils"
"fmt"
"github.com/fatih/color"
"time"
)
func main() {
fmt.Println(`
' ██████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ █████╗ ███╗ ██╗
' ██╔════╝██╔═══██╗██╔══██╗██╔════╝██╔════╝██╔════╝██╔══██╗████╗ ██║
' ██║ ██║ ██║██║ ██║█████╗ ███████╗██║ ███████║██╔██╗ ██║
' ██║ ██║ ██║██║ ██║██╔══╝ ╚════██║██║ ██╔══██║██║╚██╗██║
' ╚██████╗╚██████╔╝██████╔╝███████╗███/.████║╚██████╗██║ ██║██║ ╚████║
' ╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
' -- by zjacky,xiaoqiuxx
`)
Utils.Start()
elapsed := time.Since(Utils.StartTime) // 计
color.Green("[+] 扫描完成! 花费时长:%s\n", elapsed) // 算经过的时间
}
gitextract_srw2u1fm/ ├── .idea/ │ ├── .gitignore │ ├── CodeScan-master.iml │ └── modules.xml ├── CommonVul/ │ ├── Rce/ │ │ └── Rce.go │ ├── Rule/ │ │ ├── MatchFileNameRule.go │ │ ├── MatchFileReadRule.go │ │ ├── MatchLineRule.go │ │ ├── MatchPathRule.go │ │ ├── MatchRceRule.go │ │ ├── MatchUploadRule.go │ │ ├── MtachSqlRule.go │ │ ├── ReStaticVar.go │ │ └── Utils.go │ └── Upload/ │ └── Upload_check.go ├── EvilJarList.txt ├── Filter/ │ └── FilterFile.go ├── FilterResult.txt ├── FindFile/ │ ├── Common.go │ ├── FindFile_Java.go │ └── FindFile_PHP.go ├── Java-Code/ │ ├── AMF/ │ │ └── AmfCheck.go │ ├── Auth_Bypass/ │ │ └── Authcheck.go │ ├── El/ │ │ └── Elcheck.go │ ├── Fastjson/ │ │ └── parsecheck.go │ ├── Frame_Analysis/ │ │ └── Frame_Analysiser.go │ ├── JDBC/ │ │ └── FindJDBC.go │ ├── JNDI/ │ │ └── Jndi.go │ ├── JS/ │ │ └── Jseval.go │ ├── JarStatic/ │ │ └── Jarstaticer.go │ ├── JavaSrciptShell/ │ │ └── FindJavaSrciptShell.go │ ├── Log4j/ │ │ └── Log4j2.go │ ├── ReadObject/ │ │ └── readobject.go │ ├── Reflect/ │ │ └── Reflect.go │ ├── SSTI/ │ │ └── FreeMarker/ │ │ └── FreeSsti.go │ ├── Sql/ │ │ ├── FindSqlByCode.go │ │ ├── FindSqlByXml.go │ │ └── Sql.go │ └── Zip/ │ └── Zipsilp.go ├── PHP-Code/ │ ├── FileRead/ │ │ └── Read.go │ ├── FileWrite/ │ │ └── Write.go │ ├── Include/ │ │ └── Include.go │ ├── PHPSql/ │ │ ├── FindSqlByCode.go │ │ └── Sql.go │ ├── SSRF/ │ │ └── SSRF.go │ └── Unserialize/ │ └── ser.go ├── README.md ├── Utils/ │ ├── JavaScanUtil.go │ ├── PHPScanUtil.go │ ├── common.go │ └── flag.go ├── build.sh ├── go.mod ├── go.sum ├── jarFiles.txt └── main.go
SYMBOL INDEX (48 symbols across 38 files)
FILE: CommonVul/Rce/Rce.go
function JavaRce (line 9) | func JavaRce(dir string) {
function PHPRce (line 14) | func PHPRce(dir string) {
FILE: CommonVul/Rule/ReStaticVar.go
function RemoveStaticVar (line 7) | func RemoveStaticVar(content string, rule string) bool {
FILE: CommonVul/Rule/Utils.go
function MatchRule (line 5) | func MatchRule(str string, blackList []string) bool {
FILE: CommonVul/Upload/Upload_check.go
function JavaUpload_check (line 9) | func JavaUpload_check(dir string) {
function PHPUpload_check (line 15) | func PHPUpload_check(dir string) {
FILE: Filter/FilterFile.go
function CopyFile (line 13) | func CopyFile(dstName, srcName string) (err error) {
function FilterFile (line 30) | func FilterFile(filterContent string, dir string) {
FILE: FindFile/Common.go
function Check (line 4) | func Check(e error) {
FILE: FindFile/FindFile_Java.go
function FindFileByJava (line 16) | func FindFileByJava(dir string, outputfile string, rules []string) {
FILE: FindFile/FindFile_PHP.go
function FindFileByPHP (line 12) | func FindFileByPHP(dir string, outputfile string, rules []string) {
FILE: Java-Code/AMF/AmfCheck.go
function AmfCheck (line 8) | func AmfCheck(dir string) {
FILE: Java-Code/Auth_Bypass/Authcheck.go
function Auth (line 8) | func Auth(dir string) {
FILE: Java-Code/El/Elcheck.go
function Elcheck (line 8) | func Elcheck(dir string) {
FILE: Java-Code/Fastjson/parsecheck.go
function Parsecheck (line 8) | func Parsecheck(dir string) {
FILE: Java-Code/Frame_Analysis/Frame_Analysiser.go
function FrameAnalysiser (line 15) | func FrameAnalysiser(dir string) {
function WebXmlScan (line 109) | func WebXmlScan(dir string, rules []string) {
FILE: Java-Code/JDBC/FindJDBC.go
function FindJDBC (line 8) | func FindJDBC(dir string) {
FILE: Java-Code/JNDI/Jndi.go
function Jndi (line 8) | func Jndi(dir string) {
FILE: Java-Code/JS/Jseval.go
function Eval (line 8) | func Eval(dir string) {
FILE: Java-Code/JarStatic/Jarstaticer.go
function Jarstaticer (line 12) | func Jarstaticer(dir string) {
FILE: Java-Code/JavaSrciptShell/FindJavaSrciptShell.go
function FindJavaSrciptShell (line 8) | func FindJavaSrciptShell(dir string) {
FILE: Java-Code/Log4j/Log4j2.go
function Log4j (line 12) | func Log4j(dir string) {
FILE: Java-Code/ReadObject/readobject.go
function Readobjectcheck (line 8) | func Readobjectcheck(dir string) {
FILE: Java-Code/Reflect/Reflect.go
function ReflectCheck (line 8) | func ReflectCheck(dir string) {
FILE: Java-Code/SSTI/FreeMarker/FreeSsti.go
function FreeSsti (line 8) | func FreeSsti(dir string) {
FILE: Java-Code/Sql/FindSqlByCode.go
function findSqlByCode (line 13) | func findSqlByCode(dir string) {
FILE: Java-Code/Sql/FindSqlByXml.go
function findSqlByXml (line 14) | func findSqlByXml(dir string) {
FILE: Java-Code/Sql/Sql.go
function check (line 9) | func check(e error) {
function Sqlcheck (line 16) | func Sqlcheck(dir string) {
function writeToFile (line 27) | func writeToFile(filename string, lines []string) {
FILE: Java-Code/Zip/Zipsilp.go
function Zipsilp (line 8) | func Zipsilp(dir string) {
FILE: PHP-Code/FileRead/Read.go
function Read (line 9) | func Read(dir string) {
FILE: PHP-Code/FileWrite/Write.go
function Write (line 8) | func Write(dir string) {
FILE: PHP-Code/Include/Include.go
function Include (line 8) | func Include(dir string) {
FILE: PHP-Code/PHPSql/FindSqlByCode.go
function findSqlByCode (line 13) | func findSqlByCode(dir string) {
FILE: PHP-Code/PHPSql/Sql.go
function check (line 9) | func check(e error) {
function Sqlcheck (line 16) | func Sqlcheck(dir string) {
function writeToFile (line 24) | func writeToFile(filename string, lines []string) {
FILE: PHP-Code/SSRF/SSRF.go
function PHP_SSRF (line 8) | func PHP_SSRF(dir string) {
FILE: PHP-Code/Unserialize/ser.go
function Unserialize (line 8) | func Unserialize(dir string) {
FILE: Utils/JavaScanUtil.go
function Java_Codeing (line 30) | func Java_Codeing() {
FILE: Utils/PHPScanUtil.go
function PHP_Codeing (line 19) | func PHP_Codeing() {
FILE: Utils/common.go
function scanDirectory (line 16) | func scanDirectory(scanFunc func(string), dir string, wg *sync.WaitGroup) {
function ClearDir (line 22) | func ClearDir(dir string) string {
FILE: Utils/flag.go
function Start (line 18) | func Start() {
function parseFlag (line 33) | func parseFlag() {
FILE: main.go
function main (line 10) | func main() {
Condensed preview — 55 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (61K chars).
[
{
"path": ".idea/.gitignore",
"chars": 146,
"preview": "# 默认忽略的文件\n/shelf/\n/workspace.xml\n# 基于编辑器的 HTTP 客户端请求\n/httpRequests/\n# Datasource local storage ignored files\n/dataSource"
},
{
"path": ".idea/CodeScan-master.iml",
"chars": 322,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<module type=\"WEB_MODULE\" version=\"4\">\n <component name=\"Go\" enabled=\"true\" />\n "
},
{
"path": ".idea/modules.xml",
"chars": 282,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project version=\"4\">\n <component name=\"ProjectModuleManager\">\n <modules>\n "
},
{
"path": "CommonVul/Rce/Rce.go",
"chars": 310,
"preview": "package Rce\n\nimport (\n\t\"CodeScan/CommonVul/Rule\"\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc JavaRce(dir string) {\n\tFindFile.Fin"
},
{
"path": "CommonVul/Rule/MatchFileNameRule.go",
"chars": 13,
"preview": "package Rule\n"
},
{
"path": "CommonVul/Rule/MatchFileReadRule.go",
"chars": 103,
"preview": "package Rule\n\nvar PHPFileReadList = []string{\n\t\"file_get_contents(\", \"file(\", \"readfile(\", \"fopen(\",\n}\n"
},
{
"path": "CommonVul/Rule/MatchLineRule.go",
"chars": 160,
"preview": "package Rule\n\nvar LineBlack = []string{\n\t\"import \",\n\t\"log.\",\n\t\"loaded from\",\n\t\"//\",\n\t\"document.write(\",\n\t\"getWriter().wr"
},
{
"path": "CommonVul/Rule/MatchPathRule.go",
"chars": 562,
"preview": "package Rule\n\nvar PathBlackJava = []string{\n\t\"apache\", \"lombok\", \"microsoft\", \"solr\",\n\t\"amazonaws\", \"c3p0\", \"jodd\", \"aft"
},
{
"path": "CommonVul/Rule/MatchRceRule.go",
"chars": 343,
"preview": "package Rule\n\nvar JavaRceRuleList = []string{\n\t\"Runtime.getRuntime().exec\", \"ProcessBuilder.start\",\n\t\"RuntimeUtil.exec(\""
},
{
"path": "CommonVul/Rule/MatchUploadRule.go",
"chars": 399,
"preview": "package Rule\n\nvar JavaUploadRuleList = []string{\n\t\"Streams.copy(\",\n\t\".getOriginalFilename(\", \".transferTo(\",\n\t\"UploadedF"
},
{
"path": "CommonVul/Rule/MtachSqlRule.go",
"chars": 398,
"preview": "package Rule\n\nvar XmlSqlBlack = []string{\n\t\"<property\", \"<value>\", \"id=\\\"dataSource\\\"\", \"<int\",\n\t\"<str\", \"<bool\", \"<para"
},
{
"path": "CommonVul/Rule/ReStaticVar.go",
"chars": 570,
"preview": "package Rule\n\nimport (\n\t\"strings\"\n)\n\nfunc RemoveStaticVar(content string, rule string) bool {\n\t// 找到rule在content的位置\n\tind"
},
{
"path": "CommonVul/Rule/Utils.go",
"chars": 216,
"preview": "package Rule\n\nimport \"strings\"\n\nfunc MatchRule(str string, blackList []string) bool {\n\t//1.对传入的内容包含相关的黑名单关键字则不写入文件\n\tfor "
},
{
"path": "CommonVul/Upload/Upload_check.go",
"chars": 478,
"preview": "package Upload\n\nimport (\n\t\"CodeScan/CommonVul/Rule\"\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc JavaUpload_check(dir string) {\n\t"
},
{
"path": "EvilJarList.txt",
"chars": 398,
"preview": "fastjson-1.2.47.jar\nresin-4.0.63.jar\njackson-core-2.13.3.jar\nc3p0-0.9.5.2.jar\ncommons-beanutils-1.9.4.jar\ncommons-beanut"
},
{
"path": "Filter/FilterFile.go",
"chars": 2019,
"preview": "package Filter\n\nimport (\n\t\"bufio\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\n// CopyFile 函数用于复制单个文件\nfunc CopyFile"
},
{
"path": "FilterResult.txt",
"chars": 198,
"preview": "/Users/zjacky/Desktop/test/1.txt\n/Users/zjacky/Desktop/test/3.txt\n/Users/zjacky/Desktop/test/zzz/qewdas.txt\n/Users/zjack"
},
{
"path": "FindFile/Common.go",
"chars": 108,
"preview": "package FindFile\n\n// check函数用于检查错误,如果错误不为nil,则会触发panic\nfunc Check(e error) {\n\tif e != nil {\n\t\tpanic(e)\n\t}\n}\n"
},
{
"path": "FindFile/FindFile_Java.go",
"chars": 2925,
"preview": "package FindFile\n\nimport (\n\tRule2 \"CodeScan/CommonVul/Rule\"\n\t\"bufio\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\n// Find"
},
{
"path": "FindFile/FindFile_PHP.go",
"chars": 2745,
"preview": "package FindFile\n\nimport (\n\tRule2 \"CodeScan/CommonVul/Rule\"\n\t\"bufio\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\nfunc Fi"
},
{
"path": "Java-Code/AMF/AmfCheck.go",
"chars": 181,
"preview": "package AMF\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc AmfCheck(dir string) {\n\tFindFile.FindFileByJava(dir, \"AmfCheck"
},
{
"path": "Java-Code/Auth_Bypass/Authcheck.go",
"chars": 210,
"preview": "package Auth_Bypass\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Auth(dir string) {\n\tFindFile.FindFileByJava(dir, \"Auth"
},
{
"path": "Java-Code/El/Elcheck.go",
"chars": 222,
"preview": "package El\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Elcheck(dir string) {\n\t//\".getValue\", 推荐不加\n\tFindFile.FindFileB"
},
{
"path": "Java-Code/Fastjson/parsecheck.go",
"chars": 193,
"preview": "package Fastjson\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Parsecheck(dir string) {\n\tFindFile.FindFileByJava(dir, \"f"
},
{
"path": "Java-Code/Frame_Analysis/Frame_Analysiser.go",
"chars": 4436,
"preview": "package Frame_Analysis\n\nimport (\n\tRule2 \"CodeScan/CommonVul/Rule\"\n\t\"CodeScan/FindFile\"\n\t\"bufio\"\n\t\"fmt\"\n\t\"io/ioutil\"\n\t\"lo"
},
{
"path": "Java-Code/JDBC/FindJDBC.go",
"chars": 193,
"preview": "package JDBC\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc FindJDBC(dir string) {\n\tFindFile.FindFileByJava(dir, \"jdbc.tx"
},
{
"path": "Java-Code/JNDI/Jndi.go",
"chars": 169,
"preview": "package JNDI\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Jndi(dir string) {\n\tFindFile.FindFileByJava(dir, \"jndi.txt\", "
},
{
"path": "Java-Code/JS/Jseval.go",
"chars": 164,
"preview": "package JS\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Eval(dir string) {\n\tFindFile.FindFileByJava(dir, \"eval.txt\", []"
},
{
"path": "Java-Code/JarStatic/Jarstaticer.go",
"chars": 1861,
"preview": "package JarStatic\n\nimport (\n\t\"bufio\"\n\t\"fmt\"\n\t\"io/ioutil\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\nfunc Jarstaticer(dir strin"
},
{
"path": "Java-Code/JavaSrciptShell/FindJavaSrciptShell.go",
"chars": 232,
"preview": "package JavaSrciptShell\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc FindJavaSrciptShell(dir string) {\n\tFindFile.FindFi"
},
{
"path": "Java-Code/Log4j/Log4j2.go",
"chars": 586,
"preview": "package Log4j\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n\t\"log\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\nfunc Log4j(dir string) {"
},
{
"path": "Java-Code/ReadObject/readobject.go",
"chars": 213,
"preview": "package ReadObject\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Readobjectcheck(dir string) {\n\tFindFile.FindFileByJava("
},
{
"path": "Java-Code/Reflect/Reflect.go",
"chars": 180,
"preview": "package Reflect\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc ReflectCheck(dir string) {\n\tFindFile.FindFileByJava(dir, \""
},
{
"path": "Java-Code/SSTI/FreeMarker/FreeSsti.go",
"chars": 204,
"preview": "package FreeMarker\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc FreeSsti(dir string) {\n\tFindFile.FindFileByJava(dir, \"F"
},
{
"path": "Java-Code/Sql/FindSqlByCode.go",
"chars": 1686,
"preview": "package Sql\n\nimport (\n\t\"bufio\"\n\t\"fmt\"\n\t\"io/fs\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\n// 函数用于检查是否存在java代码内容,并将相关信息写入 sql.t"
},
{
"path": "Java-Code/Sql/FindSqlByXml.go",
"chars": 1839,
"preview": "package Sql\n\nimport (\n\tRule2 \"CodeScan/CommonVul/Rule\"\n\t\"bufio\"\n\t\"fmt\"\n\t\"io/fs\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\n// "
},
{
"path": "Java-Code/Sql/Sql.go",
"chars": 957,
"preview": "package Sql\n\nimport (\n\t\"fmt\"\n\t\"os\"\n)\n\n// check 函数用于检查错误,如果错误不为 nil 则触发 panic\nfunc check(e error) {\n\tif e != nil {\n\t\tpani"
},
{
"path": "Java-Code/Zip/Zipsilp.go",
"chars": 280,
"preview": "package Zip\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Zipsilp(dir string) {\n\tFindFile.FindFileByJava(dir, \"zip.txt\","
},
{
"path": "PHP-Code/FileRead/Read.go",
"chars": 212,
"preview": "package FileRead\n\nimport (\n\t\"CodeScan/CommonVul/Rule\"\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Read(dir string) {\n\tFindFile.F"
},
{
"path": "PHP-Code/FileWrite/Write.go",
"chars": 199,
"preview": "package FileWrite\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Write(dir string) {\n\tFindFile.FindFileByPHP(dir, \"FileWr"
},
{
"path": "PHP-Code/Include/Include.go",
"chars": 186,
"preview": "package Include\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Include(dir string) {\n\tFindFile.FindFileByPHP(dir, \"Includ"
},
{
"path": "PHP-Code/PHPSql/FindSqlByCode.go",
"chars": 1532,
"preview": "package PHPSql\n\nimport (\n\t\"bufio\"\n\t\"fmt\"\n\t\"io/fs\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n)\n\n// 函数用于检查是否存在java代码内容,并将相关信息写入 sq"
},
{
"path": "PHP-Code/PHPSql/Sql.go",
"chars": 626,
"preview": "package PHPSql\n\nimport (\n\t\"fmt\"\n\t\"os\"\n)\n\n// check 函数用于检查错误,如果错误不为 nil 则触发 panic\nfunc check(e error) {\n\tif e != nil {\n\t\tp"
},
{
"path": "PHP-Code/SSRF/SSRF.go",
"chars": 183,
"preview": "package SSRF\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc PHP_SSRF(dir string) {\n\tFindFile.FindFileByPHP(dir, \"SSRF.txt"
},
{
"path": "PHP-Code/Unserialize/ser.go",
"chars": 203,
"preview": "package Unserialize\n\nimport (\n\t\"CodeScan/FindFile\"\n\t\"fmt\"\n)\n\nfunc Unserialize(dir string) {\n\n\tFindFile.FindFileByPHP(dir"
},
{
"path": "README.md",
"chars": 4151,
"preview": "# CodeScan\n![image](https://socialify.git.ci/Zjackky/CodeScan/image?description=1&font=Inter&forks=1&issues=1&language=1"
},
{
"path": "Utils/JavaScanUtil.go",
"chars": 1798,
"preview": "package Utils\n\nimport (\n\t\"CodeScan/CommonVul/Rce\"\n\t\"CodeScan/CommonVul/Upload\"\n\t\"CodeScan/Java-Code/AMF\"\n\t\"CodeScan/Java"
},
{
"path": "Utils/PHPScanUtil.go",
"chars": 1124,
"preview": "package Utils\n\nimport (\n\t\"CodeScan/CommonVul/Rce\"\n\t\"CodeScan/CommonVul/Upload\"\n\t\"CodeScan/PHP-Code/FileRead\"\n\t\"CodeScan/"
},
{
"path": "Utils/common.go",
"chars": 466,
"preview": "package Utils\n\nimport (\n\t\"github.com/cheggaaa/pb/v3\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n)\n\nvar (\n\tprogressBar *pb.ProgressBar\n\tS"
},
{
"path": "Utils/flag.go",
"chars": 1742,
"preview": "package Utils\n\nimport (\n\tRule2 \"CodeScan/CommonVul/Rule\"\n\t\"CodeScan/Filter\"\n\t\"flag\"\n\t\"fmt\"\n\t\"github.com/fatih/color\"\n\t\"s"
},
{
"path": "build.sh",
"chars": 775,
"preview": "#!/bin/bash\n\n# Define the list of target operating systems and architectures\nos_archs=(\"darwin:amd64\" \"darwin:arm64\" \"li"
},
{
"path": "go.mod",
"chars": 398,
"preview": "module CodeScan\n\ngo 1.22.1\n\nrequire (\n\tgithub.com/cheggaaa/pb/v3 v3.1.5\n\tgithub.com/fatih/color v1.16.0\n)\n\nrequire (\n\tgi"
},
{
"path": "go.sum",
"chars": 1630,
"preview": "github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=\ngithub.com/VividCortex/ewma v1.2.0/go"
},
{
"path": "jarFiles.txt",
"chars": 2791,
"preview": "HikariCP-2.7.8.jar\naliyun-java-sdk-core-3.4.0.jar\naliyun-java-sdk-ecs-4.2.0.jar\naliyun-java-sdk-kms-2.7.0.jar\naliyun-jav"
},
{
"path": "main.go",
"chars": 767,
"preview": "package main\n\nimport (\n\t\"CodeScan/Utils\"\n\t\"fmt\"\n\t\"github.com/fatih/color\"\n\t\"time\"\n)\n\nfunc main() {\n\tfmt.Println(`\n\n\n' "
}
]
About this extraction
This page contains the full source code of the Zjackky/CodeScan GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 55 files (44.2 KB), approximately 17.7k tokens, and a symbol index with 48 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.