search

niudaii / zpscan

一个有点好用的信息收集工具。A somewhat useful information gathering tool.
MIT License
1.03k stars 99 forks source link

poc模块报错 #8

Closed cqrlhz closed 1 year ago

cqrlhz commented 1 year ago
image

root@HW-VPS:~/zpscan# ./zpscan_linux pocscan -o out-zpscan-pocscan.txt -f ../urls.txt panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x8ac955]

goroutine 1 [running]: github.com/niudaii/zpscan/internal/utils.GetAllFile.func1({0x0, 0x0}, {0x0?, 0x0?}, {0xc0002d4390?, 0x76?}) /home/runner/work/zpscan/zpscan/internal/utils/fileutil.go:63 +0x35 path/filepath.Walk({0x0, 0x0}, 0xc000757a88) /opt/hostedtoolcache/go/1.18.8/x64/src/path/filepath/path.go:515 +0x50 github.com/niudaii/zpscan/internal/utils.GetAllFile({0x0?, 0xc000757af0?}) /home/runner/work/zpscan/zpscan/internal/utils/fileutil.go:62 +0x52 github.com/niudaii/zpscan/pkg/pocscan/goby.LoadAllPoc({0x0?, 0x210041b?}) /home/runner/work/zpscan/zpscan/pkg/pocscan/goby/poc.go:97 +0x33 github.com/niudaii/zpscan/cmd.initPoc() /home/runner/work/zpscan/zpscan/cmd/pocscan.go:71 +0x39 github.com/niudaii/zpscan/cmd.glob..func5(0x4174480?, {0x20b1037?, 0x4?, 0x4?}) /home/runner/work/zpscan/zpscan/cmd/pocscan.go:45 +0x14a github.com/spf13/cobra.(Command).execute(0x4174480, {0xc0001133c0, 0x4, 0x4}) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:876 +0x67b github.com/spf13/cobra.(Command).ExecuteC(0x4174700) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:990 +0x3b4 github.com/spf13/cobra.(*Command).Execute(...) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:918 github.com/niudaii/zpscan/cmd.Execute() /home/runner/work/zpscan/zpscan/cmd/root.go:108 +0x1da main.main() /home/runner/work/zpscan/zpscan/main.go:9 +0x17

niudaii commented 1 year ago

忘记更新 config.yaml 了,里面需要配置 pocscan 相关 resource。 请重新下载资源文件:https://zpscan.oss-cn-hangzhou.aliyuncs.com/resource.zip

cqrlhz commented 1 year ago
image

重新下载后配置文件中依然没有poc相关参数设置

niudaii commented 1 year ago
image

重新下载后配置文件中依然没有poc相关参数设置

似乎是oss的缓存问题,我确定是更新了的,然后我刚刚测试把 resource.zip 删除,原地址还是能下载到。 更换了文件名:https://zpscan.oss-cn-hangzhou.aliyuncs.com/resource1.zip

cqrlhz commented 1 year ago

更换下载地址后 依然下载的是 resource.zip 文件 ;config 文件并没有更新

niudaii commented 1 year ago

更换下载地址后 依然下载的是 resource.zip 文件 ;config 文件并没有更新 config.yaml 中添加配置

pocscan:
goby-poc-dir: resource/pocscan/goby
xray-poc-dir: resource/pocscan/xray
nuclei-poc-dir: resource/pocscan/nuclei
expscan:
nuclei-exp-dir: resource/pocscan/nuclei
niudaii commented 1 year ago

换了一个 bucket 正常了:https://niudaii.oss-cn-hangzhou.aliyuncs.com/resource.zip

cqrlhz commented 1 year ago
image

无法指定 poc

cqrlhz commented 1 year ago
image
niudaii commented 1 year ago
image

参考报错提示,用 | 分开 url 和 pocTag,比如 http://127.0.0.1:9200|elasticsearch

cqrlhz commented 1 year ago

1、只能使用-f在文本中添加-i无法执行 2、如何添加参数 扫描所有漏洞 elasticsearc模式无法达到预期效果

image image
niudaii commented 1 year ago

1、只能使用-f在文本中添加-i无法执行 2、如何添加参数 扫描所有漏洞 elasticsearc模式无法达到预期效果 image image

1、文本中每行和 -i 的输入格式相同。 2、暂时不支持,可以使用 nuclei 本身,我编写这个模块主要是为了兼容三种 poc 格式以及和 webscan 模块联动。