Skip to content

Commit

Permalink
ver:2.0.8 (momosecurity#18)
Browse files Browse the repository at this point in the history 
## [2.0.8]-2022-06-18
感谢mdkk对此版本的建议
感谢NeeSung对UI的建议
### 添加
- 新增了webhook配置页,当后台服务处理完成后,将数据发送到指定api
- 新增了可拖拽的全局悬浮窗,可在配置页控制开关
- 新增了处理进度展示
### 变更
- 将manifest_version升级到了3
- 优化了UI
### 修复
- 尝试修复了部分数据提取不到的问题
  • Loading branch information
@ResidualLaugh
ResidualLaugh committed Jun 19, 2022
1 parent cf3d574 commit 7d95873
Show file tree
Hide file tree
Showing 9 changed files with 626 additions and 127 deletions.
14 changes: 14 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,21 @@
# 变更日志
此项目的所有显著更改将记录在此文件中。

## [2.0.8]-2022-06-18
感谢mdkk对此版本的建议
感谢NeeSung对UI的建议
### 添加
- 新增了webhook配置页,当后台服务处理完成后,将数据发送到指定api
- 新增了可拖拽的全局悬浮窗,可在配置页控制开关
- 新增了处理进度展示
### 变更
- 将manifest_version升级到了3
- 优化了UI
### 修复
- 尝试修复了部分数据提取不到的问题

## [2.0.7]-2022-05-26
感谢0cat对此版本的建议
### 添加
- 新增了通过关键词提取部分敏感数据,使用了nuclei的规则,感谢开源。https://github.com/projectdiscovery/nuclei-templates/blob/master/exposures/tokens/generic/credentials-disclosure.yaml
- 新增了复制功能,一键复制该区域结果
Expand Down
183 changes: 135 additions & 48 deletions background.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -694,7 +694,10 @@ var nuclei_regex = [
/["']?account[_-]?sid["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
/["']?access[_-]?token["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
/["']?access[_-]?secret["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
/["']?access[_-]?key[_-]?secret["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi
/["']?access[_-]?key[_-]?secret["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
/["']?account["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
/["']?password["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi,
/["']?username["']?[^\S\r\n]*[=:][^\S\r\n]*["']?[\w-]+["']?/gi
]

function get_js(){
Expand Down Expand Up @@ -780,8 +783,9 @@ function get_secret(data) {
result.push(tmp_result[i]);
}
}

}
// console.log(data);
// console.log(result);
// console.timeEnd();
return result;
Expand All @@ -807,57 +811,140 @@ function extract_info(data) {
return extract_data;
}

chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if (request.greeting == "result"){
var tmp_data = request.data;
tmp_data = extract_info(tmp_data);
tmp_data['current'] = request.current;
var myHeaders = new Headers();
myHeaders.append('accept', '*/*');
var myInit = { method: 'GET',
headers: myHeaders,
mode: 'cors',
cache: 'default',
credentials: 'include'
};

//遍历所有数据类型
for (var i = 0; i < key.length; i++) {
//如果传入的数据没有这个类型,就看下一个
if (tmp_data[key[i]] == null){
continue;
}
// 把前端的处理放到这里避免重复
if (not_sub_key.indexOf(key[i])<0){
tmp_data[key[i]] = sub_1(tmp_data[key[i]])
function webhook(data) {
// console.log(search_data[data]);
data = JSON.stringify(search_data[data]);
// console.log(data);
chrome.storage.local.get(["webhook_setting"], function(settings){
if(settings["webhook_setting"] == {}){
console.log('获取webhook_setting失败');
return;
}
//如果search_data有历史数据,进行检查
if (tmp_data['current'] in search_data){
for (var j = 0; j < key.length; j++) {
if (search_data[tmp_data['current']][key[j]]!=null){
tmp_data[key[i]] = jiaoji(unique(tmp_data[key[i]]),find(unique(tmp_data[key[i]]),search_data[tmp_data['current']][key[j]]))

let webhookInit = { method: 'GET',
mode: 'cors',
cache: 'default',
credentials: 'include'
};
let webhookHeaders = new Headers();
if (settings["webhook_setting"]['url']!="") {
var url = settings["webhook_setting"]['url'];
if (settings["webhook_setting"]['method']=="GET"){
url = url + "?" + settings["webhook_setting"]['arg'] + "=" + data;
}else if (settings["webhook_setting"]['method']=="POST"){
webhookHeaders.append("Content-Type", "application/json");
webhookInit['method'] = "POST";
if (settings["webhook_setting"]['arg']!=""){
webhookInit['body'] = settings["webhook_setting"]['arg'] + "=" + data
}else{
webhookInit['body'] = data;
}
}else{
console.log("webhook method error:"+settings["webhook_setting"]['method']);
}
}
}else{
search_data[tmp_data['current']] = {}
if (settings["webhook_setting"]['headers']!={}){
for (let i in settings["webhook_setting"]['headers']) {
webhookHeaders.append(i,settings["webhook_setting"]['headers'][i]);
}
}
webhookInit["headers"] = webhookHeaders;
let webhookRequest = new Request(url, webhookInit);
// console.log(webhookRequest);
fetch(webhookRequest, webhookInit).then(function(response) {
// console.log(response);
});
}
if (tmp_data['current'] in search_data && search_data[tmp_data['current']][key[i]]!=null ){
var search_data_value = unique(add(search_data[tmp_data['current']][key[i]],tmp_data[key[i]])).sort()
if ('static' in search_data[tmp_data['current']]){
var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
}else{
var res = collect_static(search_data_value,[])
}
search_data[tmp_data['current']][key[i]] = res['arr1']
search_data[tmp_data['current']]['static'] = res['static']
});
}

chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if (request.greeting == "find"){
// console.log(request.data);
if(request.current in search_data){
search_data[request.current]['done'] = '';
search_data[request.current]['tasklist'] = [];
search_data[request.current]['donetasklist'] = [];
}else{
var search_data_value = unique(tmp_data[key[i]]).sort()
if ('static' in search_data[tmp_data['current']]){
var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
}else{
var res = collect_static(search_data_value,[])
}
search_data[tmp_data['current']]['static'] = res['static']
search_data[tmp_data['current']][key[i]] = res['arr1']
search_data[request.current] = {'current':request.current, 'tasklist': [], 'donetasklist': []};
}
}
let promiseTask = [];
for (var i = request.data.length - 1; i >= 0; i--) {
try{
var myRequest = new Request(request.data[i], myInit);
}
catch (e){
continue;
}
search_data[request.current]['tasklist'].push(0);
let p = fetch(myRequest,myInit).then(function(response) {
// console.log(response);
response.text().then(function(text) {
// console.log(text);
var tmp_data=text;
tmp_data = extract_info(tmp_data);
tmp_data['current'] = request.current;

//遍历所有数据类型
for (var i = 0; i < key.length; i++) {
//如果传入的数据没有这个类型,就看下一个
if (tmp_data[key[i]] == null){
continue;
}
// 把前端的处理放到这里避免重复
if (not_sub_key.indexOf(key[i])<0){
tmp_data[key[i]] = sub_1(tmp_data[key[i]])
}
//如果search_data有历史数据,进行检查
if (tmp_data['current'] in search_data){
for (var j = 0; j < key.length; j++) {
if (search_data[tmp_data['current']][key[j]]!=null){
tmp_data[key[i]] = jiaoji(unique(tmp_data[key[i]]),find(unique(tmp_data[key[i]]),search_data[tmp_data['current']][key[j]]))
}
}
}
if (tmp_data['current'] in search_data && search_data[tmp_data['current']][key[i]]!=null ){
var search_data_value = unique(add(search_data[tmp_data['current']][key[i]],tmp_data[key[i]])).sort()
if ('static' in search_data[tmp_data['current']]){
var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
}else{
var res = collect_static(search_data_value,[])
}
search_data[tmp_data['current']][key[i]] = res['arr1']
search_data[tmp_data['current']]['static'] = res['static']
}else{
var search_data_value = unique(tmp_data[key[i]]).sort()
if ('static' in search_data[tmp_data['current']]){
var res = collect_static(search_data_value,search_data[tmp_data['current']]['static'])
}else{
var res = collect_static(search_data_value,[])
}
search_data[tmp_data['current']]['static'] = res['static']
search_data[tmp_data['current']][key[i]] = res['arr1']
}
}
search_data[request.current]['donetasklist'].push(0);
});
});
promiseTask.push(p);
}
Promise.all(promiseTask).then(function() {
webhook(request.current);
search_data[request.current]['done'] = 'done';
});
// console.log(JSON.stringify(search_data));
return true;
}else if(request.greeting == "get"){
sendResponse(search_data[request.current]);
return true;
}
});


function result(host){
return search_data[host];
}
Loading

0 comments on commit 7d95873

Please sign in to comment.