fixed #57 2022-08-01

hktalent · hktalent · commit 4b65d593cb18 · 2022-08-01T21:49:24.000+08:00
diff --git a/lib/util/Const.go b/lib/util/Const.go
@@ -94,9 +94,7 @@ var PocCheck_pipe = make(chan *PocCheck, 64)
 //  1、需要认证
 //  2、shiro
 func CheckHeader(header *http.Header, szUrl string) {
-	Wg.Add(1)
-	go func() {
-		defer Wg.Done()
+	DoSyncFunc(func() {
 		if nil != header {
 			a1 := []string{}
 			if v := (*header)["www-Authenticate"]; 0 < len(v) {
@@ -111,5 +109,5 @@ func CheckHeader(header *http.Header, szUrl string) {
 				PocCheck_pipe <- &PocCheck{Wappalyzertechnologies: &a1, URL: szUrl, FinalURL: szUrl, Checklog4j: false}
 			}
 		}
-	}()
+	})
 }
diff --git a/lib/util/util.go b/lib/util/util.go
@@ -10,9 +10,7 @@ import (
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
-	"os"
 	"reflect"
-	"runtime"
 	"sort"
 	"strings"
 	"time"
@@ -285,9 +283,9 @@ func CloseAll() {
 		Cache1 = nil
 	}
 
-	if runtime.GOOS == "windows" || GetValAsBool("autoRmCache") {
-		os.RemoveAll(GetVal(CacheName))
-	}
+	//if runtime.GOOS == "windows" || GetValAsBool("autoRmCache") {
+	//	os.RemoveAll(GetVal(CacheName))
+	//}
 	Close()
 	CloseCache()
 }
diff --git a/pkg/httpx/runner/runner.go b/pkg/httpx/runner/runner.go
@@ -1324,7 +1324,6 @@ retry:
 				}
 				return nn
 			}
-			util.Wg.Add(1)
 			//通过wFingerprint获取到的指纹进行检测gopoc check
 			poctechnologies1 = pocs_go.POCcheck(technologies, ul, finalURL, false)
 			Vullist = append(Vullist, poctechnologies1...)
@@ -1337,7 +1336,6 @@ retry:
 			filefuzzTechnologies = SliceRemoveDuplicates(filefuzzTechnologies)
 			// 取差集合
 			filefuzzTechnologies = difference(filefuzzTechnologies, technologies)
-			util.Wg.Add(1)
 			poctechnologies2 = pocs_go.POCcheck(filefuzzTechnologies, ul, finalURL, true) //通过敏感文件扫描获取到的指纹进行检测gopoc check
 			Vullist = append(Vullist, poctechnologies2...)
 			for _, technology := range filefuzzTechnologies {
diff --git a/pkg/hydra/doNmapResult.go b/pkg/hydra/doNmapResult.go
@@ -125,16 +125,14 @@ func DoParseXml(s string, bf *bytes.Buffer) {
 // 处理使用者自己扫描的结果
 func DoNmapWithFile(s string, bf *bytes.Buffer) bool {
 	if strings.HasSuffix(strings.ToLower(s), ".xml") {
-		util.Wg.Add(1)
-		go func() {
-			defer util.Wg.Done()
+		util.DoSyncFunc(func() {
 			b, err := ioutil.ReadFile(s)
 			if nil == err && 0 < len(b) {
 				DoParseXml(string(b), bf)
 			} else {
 				log.Println("DoNmapWithFile: ", err)
 			}
-		}()
+		})
 		return true
 	}
 	return false
diff --git a/pkg/naabu/v2/pkg/runner/runner.go b/pkg/naabu/v2/pkg/runner/runner.go
@@ -225,7 +225,7 @@ func (r *Runner) RunEnumeration() error {
 	}
 
 	if r.options.Stream {
-		go r.Load() //nolint
+		r.Load() //nolint
 	} else {
 		err := r.Load()
 		if err != nil {
diff --git a/pocs_go/go_poc_check.go b/pocs_go/go_poc_check.go
@@ -27,14 +27,10 @@ import (
 	"net/url"
 	"os"
 	"strings"
-	"time"
 )
 
 // 需优化：相同都目标，相同都检测只做一次
 func POCcheck(wappalyzertechnologies []string, URL string, finalURL string, checklog4j bool) []string {
-	if nil != util.Wg {
-		defer util.Wg.Done()
-	}
 	if util.TestRepeat(wappalyzertechnologies, URL, finalURL, checklog4j) {
 		return []string{}
 	}
@@ -271,39 +267,41 @@ func POCcheck(wappalyzertechnologies []string, URL string, finalURL string, chec
 }
 
 func init() {
+	if os.Getenv("NoPOC") == "true" {
+		//close(util.PocCheck_pipe) // 这行会在 NoPOC该标志开启时，其他进程无法传递过来而出错
+		return
+	}
 	util.RegInitFunc(func() {
 		// 异步启动一个线程处理检测，避免
-		util.Wg.Add(1)
 		go func() {
-			defer util.Wg.Done()
-			nMax := 120 // 等xxx秒都没有消息进入就退出
-			nCnt := 0
+			//nMax := 120 // 等xxx秒都没有消息进入就退出
+			//nCnt := 0
 			for {
 				select {
 				case <-util.Ctx_global.Done():
+					close(util.PocCheck_pipe)
 					return
 				case x1, ok := <-util.PocCheck_pipe:
 					if nil == x1 || !ok {
 						log.Println("go_poc_checkout is over")
 						return
 					}
-					nCnt = 0
+					//nCnt = 0
 					log.Printf("<-lib.PocCheck_pipe: %+v  %s", *x1.Wappalyzertechnologies, x1.URL)
-					util.Wg.Add(1)
-					go POCcheck(*x1.Wappalyzertechnologies, x1.URL, x1.FinalURL, x1.Checklog4j)
+					util.DoSyncFunc(func() {
+						func(x99 *util.PocCheck) {
+							POCcheck(*x99.Wappalyzertechnologies, x99.URL, x99.FinalURL, x99.Checklog4j)
+						}(x1)
+					})
 				default:
-					if os.Getenv("NoPOC") == "true" {
-						//close(util.PocCheck_pipe) // 这行会在 NoPOC该标志开启时，其他进程无法传递过来而出错
-						return
-					}
-					var f01 float32 = float32(nCnt) / float32(nMax) * float32(100)
-					fmt.Printf(" Asynchronous go PoCs detection task %%%0.2f ....\r", f01)
-					<-time.After(time.Duration(1) * time.Second)
-					nCnt += 1
-					if nMax <= nCnt {
-						close(util.PocCheck_pipe)
-						return
-					}
+					//var f01 float32 = float32(nCnt) / float32(nMax) * float32(100)
+					//fmt.Printf(" Asynchronous go PoCs detection task %%%0.2f ....\r", f01)
+					//<-time.After(time.Duration(1) * time.Second)
+					//nCnt += 1
+					//if nMax <= nCnt {
+					//	close(util.PocCheck_pipe)
+					//	return
+					//}
 				}
 			}
 		}()

Original file line number	Diff line number	Diff line change
`@@ -94,9 +94,7 @@ var PocCheck_pipe = make(chan *PocCheck, 64)`
`94`	`94`	`// 1、需要认证`
`95`	`95`	`// 2、shiro`
`96`	`96`	`func CheckHeader(header *http.Header, szUrl string) {`
`97`		`- Wg.Add(1)`
`98`		`- go func() {`
`99`		`- defer Wg.Done()`
	`97`	`+ DoSyncFunc(func() {`
`100`	`98`	`if nil != header {`
`101`	`99`	`a1 := []string{}`
`102`	`100`	`if v := (*header)["www-Authenticate"]; 0 < len(v) {`
`@@ -111,5 +109,5 @@ func CheckHeader(header *http.Header, szUrl string) {`
`111`	`109`	`PocCheck_pipe <- &PocCheck{Wappalyzertechnologies: &a1, URL: szUrl, FinalURL: szUrl, Checklog4j: false}`
`112`	`110`	`}`
`113`	`111`	`}`
`114`		`- }()`
	`112`	`+ })`
`115`	`113`	`}`
Original file line number	Diff line number	Diff line change
`@@ -225,7 +225,7 @@ func (r *Runner) RunEnumeration() error {`
`225`	`225`	`}`
`226`	`226`
`227`	`227`	`if r.options.Stream {`
`228`		`- go r.Load() //nolint`
	`228`	`+ r.Load() //nolint`
`229`	`229`	`} else {`
`230`	`230`	`err := r.Load()`
`231`	`231`	`if err != nil {`