增加 nucleiY 功能

README-en.md

@@ -8,7 +8,7 @@
     <img alt="Release" src="https://img.shields.io/github/license/yhy0/ChYing"/>
   </a>
   <a href="https://github.com/yhy0/ChYing">
-    <img alt="Release" src="https://img.shields.io/badge/release-v1.0-brightgreen"/>
+    <img alt="Release" src="https://img.shields.io/badge/release-v1.1-brightgreen"/>
   </a>
   <a href="https://github.com/yhy0/ChYing">
     <img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/yhy0/ChYing?color=9cf"/>
@@ -72,6 +72,12 @@ https://infosecwriteups.com/403-bypass-lyncdiscover-microsoft-com-db2778458c33
 - JWT token parsing with visual display similar to [jwt.io](https://jwt.io/).
 - JWT key cracking.
 
+### NucleiY
+
+Key vulnerability scanning based on nuclei
+
+https://github.com/yhy0/nucleiY
+
 ### BurpSuite
 
 Utilizing the features of the [go-mitmproxy](https://github.com/lqqyt2423/go-mitmproxy) project to replicate BurpSuite functionality.

README.md

@@ -8,7 +8,7 @@
     <img alt="Release" src="https://img.shields.io/github/license/yhy0/ChYing"/>
   </a>
   <a href="https://github.com/yhy0/ChYing">
-    <img alt="Release" src="https://img.shields.io/badge/release-v1.0-brightgreen"/>
+    <img alt="Release" src="https://img.shields.io/badge/release-v1.1-brightgreen"/>
   </a>
   <a href="https://github.com/yhy0/ChYing">
     <img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/yhy0/ChYing?color=9cf"/>
@@ -69,6 +69,10 @@ https://infosecwriteups.com/403-bypass-lyncdiscover-microsoft-com-db2778458c33
 - JWT token 解析，[jwt.io](https://jwt.io/) 样式显示
 - JWT 秘钥爆破
 
+### NucleiY
+
+基于 nuclei 实现的重点漏洞扫描, 使用前往 https://github.com/yhy0/nucleiY 查看说明
+
 ### BurpSuite
 
 使用 [go-mitmproxy](https://github.com/lqqyt2423/go-mitmproxy) 项目实现 BurpSuite 的 功能

app.go

@@ -17,9 +17,12 @@ import (
 	"github.com/yhy0/ChYing/tools/burpSuite"
 	"github.com/yhy0/ChYing/tools/decoder"
 	"github.com/yhy0/ChYing/tools/fuzz"
+	"github.com/yhy0/ChYing/tools/nucleiY"
 	"github.com/yhy0/ChYing/tools/swagger"
 	"github.com/yhy0/ChYing/tools/twj"
 	"github.com/yhy0/logging"
+	"os"
+	"path/filepath"
 	"strings"
 	"time"
 )
@@ -149,6 +152,7 @@ func (a *App) startup(ctx context.Context) {
 	runtime.EventsEmit(ctx, "Exclude", burpSuite.Settings.Exclude)
 	runtime.EventsEmit(ctx, "Include", burpSuite.Settings.Include)
 	runtime.EventsEmit(ctx, "FilterSuffix", burpSuite.Settings.FilterSuffix)
+
 	// 通知前端各种数据更改
 	go func() {
 		for {
@@ -179,6 +183,15 @@ func (a *App) startup(ctx context.Context) {
 				} else {
 					runtime.EventsEmit(ctx, "HttpHistory", history)
 				}
+
+			case event := <-nucleiY.ResultEvent:
+				res := nucleiY.Result{
+					Url:      event.Matched,
+					Name:     event.Info.Name,
+					Request:  event.Request,
+					Response: event.Response,
+				}
+				runtime.EventsEmit(ctx, "nucleiYRes", res)
 			}
 		}
 	}()
@@ -469,3 +482,31 @@ func (a *App) Decoder(str string, mode string) string {
 func (a *App) TaskList(out string) map[string]string {
 	return tools.Tasklist(out)
 }
+
+// NucleiLoad 加载模板
+func (a *App) NucleiLoad() []nucleiY.Options {
+	nucleiY.New("")
+
+	var options []nucleiY.Options
+	for k, v := range nucleiY.Pocs {
+		var child []string
+		for _, t := range v {
+			child = append(child, t.Info.Name)
+		}
+		options = append(options, nucleiY.Options{Label: k, Children: child})
+	}
+	return options
+}
+
+// NucleiY 漏洞扫描
+func (a *App) NucleiY(target string, tag string, proxy string) string {
+	templatesTempDir := filepath.Join(file.ChyingDir, "nucleiY")
+
+	if _, err := os.Stat(templatesTempDir); err != nil {
+		// 不存在，创建
+		logging.Logger.Errorln("")
+		return "nucleiY not find, https://github.com/yhy0/nucleiY"
+	}
+
+	return nucleiY.Scan(target, tag, proxy)
+}

conf/conf.go

@@ -16,7 +16,7 @@ var Proxy string
 var Description = fmt.Sprintf("将旦昧爽之交，日夕昏明之际，\n北面而察之，淡淡焉若有物存，莫识其状。\n其所触也，窃窃然有声，经物而物不疾也。\n\n© %d https://github.com/yhy0", time.Now().Year())
 
 const (
-	Version        = "v1.0"
+	Version        = "v1.1"
 	Title          = "承影 " + Version
 	VersionNewMsg  = "当前已经是最新版本!"
 	VersionOldMsg  = "最新版本: %s, 是否立即更新?"

frontend/src/components/About.vue

@@ -32,6 +32,10 @@ function openURL(url) {
                     <n-p> JWT token 解析，<n-button @click="openURL('https://jwt.io/')" quaternary type="primary">jwt.io</n-button> 样式显示</n-p>
                     <n-p> JWT 秘钥爆破 </n-p>
                 </n-card>
+                <n-card style="text-align: left;">
+                  <n-h3> NucleiY </n-h3>
+                  <n-p> 基于 nuclei 实现的重点漏洞扫描  </n-p>
+                </n-card>
 
                 <n-card style="text-align: left;">
                     <n-h3> BurpSuite </n-h3>

frontend/src/components/Home.vue

@@ -7,8 +7,9 @@ import Decoder from "./Decoder.vue";
 import BurpSuite from "./burpsuite/BurpSuite.vue";
 import About from "./About.vue";
 import Tools from "./tools/Tools.vue";
+import NucleiY from "./nucleiY/NucleiY.vue";
 
-const activeTabs = ref(['Fuzz', 'Swagger', 'TWJ', 'Decoder', 'BurpSuite', 'About'])
+const activeTabs = ref(['Fuzz', 'Swagger', 'TWJ', 'NucleiY', 'Decoder', 'BurpSuite', 'About'])
 
 </script>
 
@@ -40,6 +41,12 @@ const activeTabs = ref(['Fuzz', 'Swagger', 'TWJ', 'Decoder', 'BurpSuite', 'About
                 </n-message-provider>
             </n-tab-pane>
 
+          <n-tab-pane name="NucleiY" display-directive="show:lazy" tab="NucleiY">
+            <n-message-provider>
+              <NucleiY/>
+            </n-message-provider>
+          </n-tab-pane>
+
             <n-tab-pane name="Decoder" display-directive="show:lazy" tab="Decoder">
                 <n-message-provider>
                     <Decoder/>

frontend/src/components/nucleiY/NucleiY.vue

@@ -0,0 +1,176 @@
+<template>
+  <n-card>
+    <n-grid :x-gap="12" :y-gap="8" :cols="2">
+      <n-grid-item>
+        <n-space align="center">
+          目标<n-input v-model:value="targetUrl" placeholder="https://example.com/" />
+          Poc<n-cascader
+              v-model:value="pocValue"
+              :options="pocs">
+          </n-cascader>
+        </n-space>
+        </n-grid-item>
+      <n-grid-item>
+        <n-space align="center">
+          代理<n-input ref="inputRef" default-value="http://127.0.0.1:8080" style="min-width: 50%" />
+          <n-switch @update:value="handleCheckedChange" >
+            <template #checked>proxy</template>
+            <template #unchecked>unproxy</template>
+          </n-switch>
+        </n-space>
+      </n-grid-item>
+
+      <n-grid-item :offset="0.8">
+        <n-space align="center">
+          <n-button type="primary" @click="nuclei">Nuclei</n-button>
+          <n-button type="error" @click="nucleiStop">Stop</n-button>
+        </n-space>
+      </n-grid-item>
+    </n-grid>
+
+  </n-card>
+
+  <n-card style="margin-top: 10px">
+    <n-data-table
+        size="small"
+        :columns="columns"
+        :data="data"
+        :row-props="rowProps"
+        :max-height="300"
+        style="margin-top: 10px"
+        striped
+    >
+    </n-data-table>
+  </n-card>
+
+  <n-card style="margin-bottom: 16px; margin-top: 10px">
+    <n-grid :x-gap="12" :cols="2">
+      <n-gi>
+        <n-tabs type="line" animated >
+          <n-tab-pane name="request" style="width: 100%; overflow-x: auto;">
+            <n-code language="http" :code="request" show-line-numbers style="white-space: pre-wrap; text-align: left;" />
+          </n-tab-pane>
+        </n-tabs>
+      </n-gi>
+
+      <n-gi>
+        <n-tabs type="line" animated>
+          <n-tab-pane name="response" style="width: 100%; overflow-x: auto;">
+            <n-code language="http" :code="response" show-line-numbers style="white-space: pre-wrap; text-align: left; " />
+          </n-tab-pane>
+        </n-tabs>
+      </n-gi>
+    </n-grid>
+  </n-card>
+
+</template>
+
+<script setup>
+import { useMessage, NButton, NCard, NDataTable} from "naive-ui";
+import {ref} from "vue";
+import {NucleiY, FuzzStop, NucleiLoad} from '../../../wailsjs/go/main/App'
+import {EventsOn} from "../../../wailsjs/runtime";
+
+const checkedRef = ref(false);
+const inputRef = ref(null);
+
+const message = useMessage();
+const data = ref([]);
+
+const targetUrl = ref("")
+const proxy = ref("");
+const pocValue = ref("");
+
+const pocs = ref([]);
+
+NucleiLoad().then(result =>{
+  for (let i = 0; i < result.length; ++i) {
+    const childrens = [];
+    result[i].children.forEach((element) => {
+      childrens.push({
+        label: element,
+        value: result[i].label + ":" +element,
+      });
+    });
+
+    pocs.value.push({
+      label: result[i].label,
+      value: result[i].label + "-all",
+      children: childrens,
+    });
+  }
+})
+
+function nuclei() {
+  const target = targetUrl.value.trim();
+  if(target !== "") {
+    data.value = [];
+    alertType.value = "info";
+    alertContent.value = target + " 正在扫描中...";
+    message.success(target + " 开始扫描");
+    NucleiY(target.toString().trim(), pocValue.value, proxy.value.trim()).then(result =>{
+      if(result.toString() === "") {
+        message.success(targetUrl.value + " 扫描完成");
+      } else {
+        message.error(targetUrl.value + " 扫描失败 " + result.toString());
+      }
+    });
+  }
+}
+
+function nucleiStop() {
+  FuzzStop().then(result => {
+    message.success(targetUrl.value + " 扫描已停止");
+  })
+}
+
+
+function handleCheckedChange(checked) {
+  checkedRef.value = checked;
+  if (checked) {
+    proxy.value = inputRef.value.$el.querySelector("input").value;
+    message.info("代理开启");
+  } else {
+    proxy.value = "";
+    message.warning("代理关闭");
+  }
+}
+
+const alertType = ref('warning')
+const alertContent = ref("没有任务")
+
+// table
+const request = ref('');
+const response = ref('');
+
+const rowProps = (row) => {
+  return {
+    style: "cursor: pointer;",
+    onClick: () => {
+      request.value = row.request;
+      response.value = row.response;
+    }
+  };
+};
+
+const columns = [
+  {
+    title: "Url",
+    key: "url",
+  },
+  {
+    title: "Name",
+    key: "name",
+  },
+]
+
+EventsOn("nucleiYRes", e => {
+  data.value.push({
+    url: e.url,
+    name: e.name,
+    request: e.request,
+    response: e.response,
+  });
+});
+
+</script>

frontend/wailsjs/go/main/App.d.ts

@@ -2,6 +2,7 @@
 // This file is automatically generated. DO NOT EDIT
 import {burpSuite} from '../models';
 import {menu} from '../models';
+import {nucleiY} from '../models';
 import {twj} from '../models';
 import {main} from '../models';
 
@@ -27,6 +28,10 @@ export function Intruder(arg1:string,arg2:string,arg3:Array<string>,arg4:Array<s
 
 export function Menu():Promise<menu.Menu>;
 
+export function NucleiLoad():Promise<Array<nucleiY.Options>>;
+
+export function NucleiY(arg1:string,arg2:string,arg3:string):Promise<string>;
+
 export function Parser(arg1:string):Promise<twj.Jwt>;
 
 export function Proxy(arg1:string):Promise<main.Message>;

frontend/wailsjs/go/main/App.js

@@ -46,6 +46,14 @@ export function Menu() {
   return window['go']['main']['App']['Menu']();
 }
 
+export function NucleiLoad() {
+  return window['go']['main']['App']['NucleiLoad']();
+}
+
+export function NucleiY(arg1, arg2, arg3) {
+  return window['go']['main']['App']['NucleiY'](arg1, arg2, arg3);
+}
+
 export function Parser(arg1) {
   return window['go']['main']['App']['Parser'](arg1);
 }

frontend/wailsjs/go/models.ts

@@ -76,6 +76,25 @@ export namespace main {
 
 }
 
+export namespace nucleiY {
+
+	export class Options {
+	    label: string;
+	    children: string[];
+
+	    static createFrom(source: any = {}) {
+	        return new Options(source);
+	    }
+
+	    constructor(source: any = {}) {
+	        if ('string' === typeof source) source = JSON.parse(source);
+	        this.label = source["label"];
+	        this.children = source["children"];
+	    }
+	}
+
+}
+
 export namespace twj {
 
 	export class Jwt {