Allow local fingerprints JSON

topscoder · May 30, 2024 · d755ba8 · d755ba8
1 parent 1c61433
commit d755ba8
Show file tree

Hide file tree

Showing 5 changed files with 93 additions and 10 deletions.
diff --git a/fingerprints/fingerprints.go b/fingerprints/fingerprints.go
@@ -47,7 +47,7 @@ func (f *Fingerprint) UnmarshalJSON(data []byte) error {
 
 // LoadFingerprints loads the fingerprints from the given URL.
 func LoadFingerprints(url string) ([]Fingerprint, error) {
-	fmt.Println("Downloading the fingerprints JSON file from " + url)
+	fmt.Println("[INF] Downloading the fingerprints JSON file from " + url)
 	resp, err := http.Get(url)
 	if err != nil {
 		return nil, err
@@ -67,3 +67,19 @@ func LoadFingerprints(url string) ([]Fingerprint, error) {
 
 	return fingerprints, nil
 }
+
+// LoadFingerprintsFromFile loads the fingerprints from a local file.
+func LoadFingerprintsFromFile(filePath string) ([]Fingerprint, error) {
+	data, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		return nil, err
+	}
+
+	var fingerprints []Fingerprint
+	err = json.Unmarshal(data, &fingerprints)
+	if err != nil {
+		return nil, err
+	}
+
+	return fingerprints, nil
+}
diff --git a/main.go b/main.go
@@ -14,23 +14,27 @@ import (
 func main() {
 	// Define command-line flags
 	domainsFile := flag.String("domains", "", "The file containing the domains to be checked")
-	fingerprintsURL := flag.String("fingerprints", "https://raw.githubusercontent.com/topscoder/Subdominator/master/Subdominator/custom_fingerprints.json", "URL to the online fingerprints.json file to be used")
+	fingerprintsArg := flag.String("fingerprints", "", "URL or local file path to the fingerprints.json file to be used")
 	threads := flag.Int("threads", 5, "The amount of threads to be used")
 
 	// Parse command-line flags
 	flag.Parse()
 
 	// Check if the domains file is provided
 	if *domainsFile == "" {
-		fmt.Println("Usage: subgomain -domains <filename> [-fingerprints <url>] [-threads <int>]")
+		fmt.Println("Usage: subgomain -domains <filename> [-fingerprints <url_or_local_path>] [-threads <int>]")
 		os.Exit(1)
 	}
 
 	// Load fingerprints
-	fps, err := fingerprints.LoadFingerprints(*fingerprintsURL)
-	if err != nil {
-		fmt.Printf("Error loading fingerprints: %v\n", err)
-		os.Exit(1)
+	var fps []fingerprints.Fingerprint
+	var err error
+	if *fingerprintsArg != "" {
+		fps, err = loadFingerprints(*fingerprintsArg)
+		if err != nil {
+			fmt.Printf("Error loading fingerprints: %v\n", err)
+			os.Exit(1)
+		}
 	}
 
 	// Read domains from file
@@ -58,14 +62,14 @@ func main() {
 			for domain := range domainChan {
 				vulnerable, err := domainchecker.CheckDomain(domain, fps)
 				if err != nil {
-					fmt.Printf("Error checking domain %s: %v\n", domain, err)
+					fmt.Printf("[ERROR] [Domain %s: %v]\n", domain, err)
 					continue
 				}
 
 				if vulnerable {
-					fmt.Printf("Domain %s is vulnerable!\n", domain)
+					fmt.Printf("[vulnerable] [%s]\n", domain)
 				} else {
-					fmt.Printf("Domain %s is not vulnerable.\n", domain)
+					fmt.Printf("[not vulnerable] [%s]\n", domain)
 				}
 			}
 		}()
@@ -74,3 +78,13 @@ func main() {
 	// Wait for all goroutines to finish
 	wg.Wait()
 }
+
+func loadFingerprints(fingerprintsArg string) ([]fingerprints.Fingerprint, error) {
+	if utils.IsValidURL(fingerprintsArg) {
+		// Load fingerprints from URL
+		return fingerprints.LoadFingerprints(fingerprintsArg)
+	}
+
+	// Load fingerprints from local file
+	return fingerprints.LoadFingerprintsFromFile(fingerprintsArg)
+}
diff --git a/tests/testdomains.txt b/tests/testdomains.txt
@@ -0,0 +1 @@
+httpstat.us
diff --git a/tests/testfingerprints.json b/tests/testfingerprints.json
@@ -0,0 +1,38 @@
+[
+  {
+    "cname": ["httpstat.us"],
+    "discussion": "",
+    "documentation": "MULTIPLE FINGERPRINTS",
+    "fingerprint": [
+      "to target URL: <a href=\"https://tictail.com",
+      "httpstat"
+    ],
+    "http_status": null,
+    "nxdomain": false,
+    "service": "Test httpstat.us service",
+    "status": "Vulnerable",
+    "vulnerable": true
+  },
+  {
+    "cname": ["brightcovegallery.com", "gallery.video", "bcvp0rtal.com"],
+    "discussion": "",
+    "documentation": "MULTIPLE CNAMES",
+    "fingerprint": "<p class=\"bc-gallery-error-code\">Error Code: 404</p>",
+    "http_status": null,
+    "nxdomain": false,
+    "service": "Brightcove",
+    "status": "Vulnerable",
+    "vulnerable": true
+  },
+  {
+    "cname": ["bcvp0rtal.com"],
+    "discussion": "",
+    "documentation": "NXDOMAIN",
+    "fingerprint": "NXDOMAIN",
+    "http_status": null,
+    "nxdomain": true,
+    "service": "Brightcove",
+    "status": "Vulnerable",
+    "vulnerable": true
+  }
+]
diff --git a/utils/utils.go b/utils/utils.go
@@ -2,6 +2,7 @@ package utils
 
 import (
 	"bufio"
+	"net/url"
 	"os"
 )
 
@@ -25,3 +26,16 @@ func ReadDomainsFromFile(filePath string) ([]string, error) {
 
 	return domains, nil
 }
+
+// IsValidURL checks if the given string is a valid URL.
+func IsValidURL(s string) bool {
+	_, err := url.ParseRequestURI(s)
+	if err != nil {
+		return false
+	}
+	u, err := url.Parse(s)
+	if err != nil || u.Scheme == "" || u.Host == "" {
+		return false
+	}
+	return true
+}