-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsubjs.go
More file actions
179 lines (173 loc) · 4.11 KB
/
subjs.go
File metadata and controls
179 lines (173 loc) · 4.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
package main
import (
"bufio"
"crypto/tls"
"encoding/json"
"flag"
"fmt"
"io"
"io/ioutil"
"log"
"net/http"
"net/url"
"os"
"strings"
"time"
"github.com/PuerkitoBio/goquery"
)
var (
file = flag.String("i", "", "input file containg urls")
format = flag.Bool("json", false, "output in json format")
wayback = flag.Bool("wayback", false, "retrieve javascript files from the wayback machine")
urls []string
input io.Reader
seenWayback map[string]bool
waybackresp [][]string
)
var subjs = &http.Client{
Timeout: time.Second * 20,
}
func main() {
flag.Parse()
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
output := make(map[string][]string)
if *file == "" {
input = os.Stdin
} else {
infp, err := os.Open(*file)
if err != nil {
log.Fatalf("Error opening file: %v", err)
}
input = infp
}
s := bufio.NewScanner(input)
for s.Scan() {
urls = append(urls, s.Text())
}
if s.Err() != nil {
log.Fatalf("Error retrieving input: %v", s.Err())
}
for _, host := range urls {
found := getScripts(host)
if *wayback {
u, err := url.Parse(host)
if err != nil {
log.Fatalf("Error parsing url: %v", err)
}
temp := waybackUrls(u.Hostname())
for _, js := range temp {
found = append(found, js)
}
}
for _, js := range dedupe(found) {
output[host] = append(output[host], js)
}
}
if *format {
bytes, err := json.MarshalIndent(output, "", " ")
if err != nil {
log.Fatalf("Error JSON Marshalling data: %v", err)
}
fmt.Println(string(bytes))
} else {
for _, items := range output {
for _, file := range items {
fmt.Println(file)
}
}
}
}
func getScripts(domain string) []string {
var found []string
resp, err := subjs.Get(domain)
if err != nil {
return found
}
doc, err := goquery.NewDocumentFromReader(resp.Body)
if err != nil {
fmt.Println("Error parsing response from: ", domain)
}
u, err := url.Parse(domain)
if err != nil {
log.Fatalf("error parsing url: %v", err)
}
doc.Find("script").Each(func(index int, s *goquery.Selection) {
js, _ := s.Attr("src")
if js != "" {
if strings.HasPrefix(js, "http://") || strings.HasPrefix(js, "https://") {
found = append(found, js)
} else if strings.HasPrefix(js, "//") {
js := fmt.Sprintf("%s:%s", u.Scheme, js)
found = append(found, js)
} else {
js := fmt.Sprintf("%s://%s/%s", u.Scheme, u.Host, js)
found = append(found, js)
}
}
})
doc.Find("div").Each(func(index int, s *goquery.Selection) {
js, _ := s.Attr("data-script-src")
if js != "" {
if strings.HasPrefix(js, "http://") || strings.HasPrefix(js, "https://") {
found = append(found, js)
} else if strings.HasPrefix(js, "//") {
js := fmt.Sprintf("%s:%s", u.Scheme, js)
found = append(found, js)
} else if strings.HasPrefix(js, "/") {
js := fmt.Sprintf("%s://%s%s", u.Scheme, u.Host, js)
found = append(found, js)
} else {
js := fmt.Sprintf("%s://%s/%s", u.Scheme, u.Host, js)
found = append(found, js)
}
}
})
return found
}
func waybackUrls(hostname string) []string {
var found []string
tg := fmt.Sprintf("http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&collapse=urlkey&fl=original", hostname)
r, err := subjs.Get(tg)
if err != nil {
log.Printf("Error in http request: %v\n", err)
return found
}
defer r.Body.Close()
resp, err := ioutil.ReadAll(r.Body)
if err != nil {
log.Printf("Error reading body: %v\n", err)
return found
}
err = json.Unmarshal(resp, &waybackresp)
if err != nil {
log.Printf("Error unmarshalling response: %v\n", err)
}
first := true
for _, result := range waybackresp {
if first {
// skip first result from wayback machine
// always is "original"
first = false
continue
}
u, err := url.Parse(result[0])
if err != nil {
continue
}
if strings.HasSuffix(u.Path, ".js") {
found = append(found, result[0])
}
}
return found
}
func dedupe(all []string) []string {
seen := make(map[string]bool)
unique := []string{}
for b := range all {
if !seen[all[b]] {
seen[all[b]] = true
unique = append(unique, all[b])
}
}
return unique
}