-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
123 lines (112 loc) · 2.83 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
"strings"
)
type Row struct {
URL string `json:"url"`
Method string `json:"method"`
SQLiVulnerable bool `json:"sqlivulnerable"`
VulnerableParams string `json:"vulnerableparams"`
XSSVulnerable bool `json:"xssvulnerable"`
ClickJackVulnerable bool `json:"clickjackvulnerable"`
}
type u struct {
Url string `json:"url"`
}
func init() {
//Check ENV variables.
envChecks()
}
func envChecks() {
port, portExist := os.LookupEnv("PORT")
if !portExist || port == "" {
log.Fatal("PORT must be set in .env and not empty")
}
}
func getTableArray(baseUrl string) []Row {
var allRows []Row
sitemapget, sitemappost := crawlUrls(baseUrl)
for i, v := range sitemapget {
if i == "" {
continue
}
_isVulnerableToSqli := scanForSqli(i)
_isVulnerableToXSS := scanForXSS(i)
_isVulnerableToClickJack := scanForClickJack(i)
if !_isVulnerableToSqli {
v = ""
}
row := Row{
URL: i,
Method: "GET",
SQLiVulnerable: _isVulnerableToSqli,
VulnerableParams: v,
XSSVulnerable: _isVulnerableToXSS,
ClickJackVulnerable: _isVulnerableToClickJack,
}
allRows = append(allRows, row)
}
for i, v := range sitemappost {
if len(v) > 0 {
_isVulnerableToSqliForm := scanForSqliForm(i, v)
_isVulnerableToXSS := scanForXSSForm(i, v)
_isVulnerableToClickJack := scanForClickJack(i)
if !_isVulnerableToSqliForm {
v = []string{}
}
row := Row{
URL: i,
Method: "POST",
SQLiVulnerable: _isVulnerableToSqliForm,
VulnerableParams: strings.Join(v, ", "),
XSSVulnerable: _isVulnerableToXSS,
ClickJackVulnerable: _isVulnerableToClickJack,
}
allRows = append(allRows, row)
}
}
return allRows
}
func index(w http.ResponseWriter, r *http.Request) {
// parsedTemplate, _ := template.ParseFiles("Template/index.html")
switch r.Method {
case "GET":
http.ServeFile(w, r, "index.html")
case "POST":
http.ServeFile(w, r, "index.html")
default:
fmt.Fprintf(w, "Sorry, only GET and POST methods are supported.")
}
}
func api(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "POST":
var url u
body, err := ioutil.ReadAll(r.Body)
if err != nil {
panic(err)
}
err = json.Unmarshal(body, &url)
if err != nil {
panic(err)
}
data := getTableArray(url.Url)
json.NewEncoder(w).Encode(data)
default:
fmt.Fprintf(w, "Sorry, only POST method is supported.")
}
}
func main() {
http.Handle("/static/", http.StripPrefix("/static", http.FileServer(http.Dir("./static"))))
http.HandleFunc("/", index)
http.HandleFunc("/getdata", api)
fmt.Printf("Starting server for testing HTTP POST...\n")
port := os.Getenv("PORT")
log.Fatal(http.ListenAndServe(":"+port, nil))
}