@@ -2,14 +2,33 @@ package brute
22
33import (
44 "github.com/hktalent/ProScan4all/lib/util"
5+ "github.com/hktalent/ProScan4all/pkg/httpx/common/httpx"
56 "net/url"
67 "regexp"
78 "strings"
89)
910
10- func CheckLoginPage (inputurl string ) bool {
11+ var clp = regexp .MustCompile (`<link[^>]*href=['"](.*?)['"]` )
12+ var urlReg = regexp .MustCompile (`\/(login|Login)` )
13+ var urlReg1 = regexp .MustCompile (`\.(png|jpg|jpeg|gif|css)$` )
14+ var bdReg = regexp .MustCompile (`(login|Login|type="password"|忘记密码|注册|登录|forget|登录页面)` )
15+
16+ func IsLoginPage (inputurl , body string , StatusCode int ) bool {
17+ if StatusCode == 200 && 0 == len (urlReg1 .FindAllString (inputurl , - 1 )) && 0 < len (urlReg .FindAllString (inputurl , - 1 )) || 0 < len (bdReg .FindAllString (body , - 1 )) {
18+ return true
19+ }
20+ return false
21+ }
22+
23+ func CheckLoginPage (inputurl string , resp * httpx.Response ) bool {
24+ if IsLoginPage (inputurl , string (resp .Data ), resp .StatusCode ) {
25+ return true
26+ }
1127 if req , err := util .HttpRequset (inputurl , "GET" , "" , true , nil ); err == nil {
12- cssurl := regexp .MustCompile (`<link[^>]*href=['"](.*?)['"]` ).FindAllStringSubmatch (req .Body , - 1 )
28+ if 0 < len (bdReg .FindAllString (req .Body , - 1 )) {
29+ return true
30+ }
31+ cssurl := clp .FindAllStringSubmatch (req .Body , - 1 )
1332 for _ , v := range cssurl {
1433 if strings .Contains (v [1 ], ".css" ) {
1534 u , err := url .Parse (strings .TrimSpace (inputurl ))
@@ -23,7 +42,9 @@ func CheckLoginPage(inputurl string) bool {
2342 if err != nil {
2443 return false
2544 }
45+ // 转换为绝对的可访问的url
2646 hrefurl := u .ResolveReference (href )
47+ // 原理,css中包含了login
2748 if reqcss , err := util .HttpRequset (hrefurl .String (), "GET" , "" , true , nil ); err == nil {
2849 if util .StrContains (reqcss .Body , "login" ) {
2950 return true
0 commit comments