Refactor

Author: hahwul

Rakefile

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require 'rspec/core/rake_task'
+require 'net/http'
+require 'json'
 
 namespace :test do
   desc 'Set up the test environment for functional tests'
@@ -56,3 +58,28 @@ namespace :docs do
     exit 1
   end
 end
+
+namespace :assets do
+  desc 'Check remote assets'
+  task :check do
+
+    def check(endpoint)
+      url = URI("https://assets.hahwul.com/#{endpoint}.json")
+      response = Net::HTTP.get(url)
+
+      data = JSON.parse(response)
+      puts data
+    end
+
+    endpoints = [
+      'xss-portswigger',
+      'xss-payloadbox',
+      'wl-params',
+      'wl-assetnote-params'
+    ]
+
+    endpoints.each do |target|
+      check target
+    end
+  end
+end

cmd/file.go

@@ -10,8 +10,8 @@ import (
 	"time"
 
 	spinner "github.com/briandowns/spinner"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	model "github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
 	"github.com/hahwul/dalfox/v2/pkg/scanning"
 	voltFile "github.com/hahwul/volt/file"
 	voltHar "github.com/hahwul/volt/format/har"

cmd/payload.go

@@ -3,9 +3,9 @@ package cmd
 import (
 	"strconv"
 
-	"github.com/hahwul/dalfox/v2/pkg/generating"
-	"github.com/hahwul/dalfox/v2/pkg/optimization"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
+	"github.com/hahwul/dalfox/v2/internal/generating"
+	"github.com/hahwul/dalfox/v2/internal/optimization"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/hahwul/dalfox/v2/pkg/scanning"
 	"github.com/spf13/cobra"
 )

cmd/pipe.go

@@ -9,8 +9,8 @@ import (
 	"time"
 
 	"github.com/briandowns/spinner"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	model "github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
 	"github.com/hahwul/dalfox/v2/pkg/scanning"
 	voltUtils "github.com/hahwul/volt/util"
 	"github.com/spf13/cobra"

cmd/root.go

@@ -8,9 +8,9 @@ import (
 	"runtime"
 	"time"
 
-	"github.com/hahwul/dalfox/v2/pkg/har"
+	"github.com/hahwul/dalfox/v2/internal/har"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
 	"github.com/logrusorgru/aurora"
 	"github.com/spf13/cobra"
 )

cmd/server.go

@@ -1,7 +1,7 @@
 package cmd
 
 import (
-	"github.com/hahwul/dalfox/v2/pkg/printing"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/hahwul/dalfox/v2/pkg/server"
 	"github.com/spf13/cobra"
 )

cmd/sxss.go

@@ -1,7 +1,7 @@
 package cmd
 
 import (
-	"github.com/hahwul/dalfox/v2/pkg/printing"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/hahwul/dalfox/v2/pkg/scanning"
 	"github.com/spf13/cobra"
 )

cmd/url.go

@@ -1,7 +1,7 @@
 package cmd
 
 import (
-	"github.com/hahwul/dalfox/v2/pkg/printing"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/hahwul/dalfox/v2/pkg/scanning"
 	"github.com/spf13/cobra"
 )

cmd/version.go

@@ -1,7 +1,7 @@
 package cmd
 
 import (
-	"github.com/hahwul/dalfox/v2/pkg/printing"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/spf13/cobra"
 )
 

pkg/generating/bulk.go renamed to internal/generating/bulk.go

@@ -9,7 +9,7 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/hahwul/dalfox/v2/pkg/har"
+	"github.com/hahwul/dalfox/v2/internal/har"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/tidwall/sjson"

pkg/generating/bulk_test.go renamed to internal/generating/bulk_test.go

@@ -10,7 +10,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/hahwul/dalfox/v2/pkg/har"
+	"github.com/hahwul/dalfox/v2/internal/har"
 
 	"github.com/hahwul/dalfox/v2/pkg/model"
 )

pkg/har/client_tracer.go renamed to internal/har/client_tracer.go

@@ -1,4 +1,4 @@
-package scanning
+package printing
 
 import (
 	"strconv"

pkg/har/client_tracer_test.go renamed to internal/har/client_tracer_test.go

@@ -0,0 +1,41 @@
+package printing
+
+import (
+	"testing"
+)
+
+func TestCodeView(t *testing.T) {
+	type args struct {
+		resbody string
+		pattern string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			name: "test with pattern",
+			args: args{
+				resbody: "This is a test string.\nAnother line with pattern.\nEnd of test.",
+				pattern: "pattern",
+			},
+			want: "2 line:  Another line with pattern.",
+		},
+		{
+			name: "test without pattern",
+			args: args{
+				resbody: "This is a test string.\nAnother line.\nEnd of test.",
+				pattern: "pattern",
+			},
+			want: "",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := CodeView(tt.args.resbody, tt.args.pattern); got != tt.want {
+				t.Errorf("CodeView() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

pkg/har/har_test.go renamed to internal/har/har_test.go

@@ -3,7 +3,7 @@ package printing_test
 import (
 	"testing"
 
-	dalfox "github.com/hahwul/dalfox/v2/pkg/printing"
+	dalfox "github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/stretchr/testify/assert"
 )
 

pkg/har/message_id.go renamed to internal/har/message_id.go

@@ -3,7 +3,7 @@ package lib
 import (
 	"time"
 
-	"github.com/hahwul/dalfox/v2/pkg/har"
+	"github.com/hahwul/dalfox/v2/internal/har"
 	"github.com/hahwul/dalfox/v2/pkg/model"
 )
 

pkg/har/message_id_test.go renamed to internal/har/message_id_test.go

@@ -5,7 +5,7 @@ import (
 	"sync"
 	t "time"
 
-	"github.com/hahwul/dalfox/v2/pkg/har"
+	"github.com/hahwul/dalfox/v2/internal/har"
 
 	s "github.com/briandowns/spinner"
 	a "github.com/logrusorgru/aurora"

pkg/har/round_tripper.go renamed to internal/har/round_tripper.go

@@ -5,8 +5,8 @@ import (
 	"net/url"
 	"sync"
 
+	"github.com/hahwul/dalfox/v2/internal/optimization"
 	"github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/optimization"
 )
 
 // SSTIAnalysis is basic check for SSTI
@@ -43,7 +43,7 @@ func SSTIAnalysis(target string, options model.Options, rl *rateLimiter) {
 	wg.Wait()
 }
 
-//CRLFAnalysis is basic check for CRLF Injection
+// CRLFAnalysis is basic check for CRLF Injection
 func CRLFAnalysis(target string, options model.Options, rl *rateLimiter) {
 	bpu, _ := url.Parse(target)
 	bpd := bpu.Query()
@@ -75,7 +75,7 @@ func CRLFAnalysis(target string, options model.Options, rl *rateLimiter) {
 
 }
 
-//ESIIAnalysis is basic check for CRLF Injection
+// ESIIAnalysis is basic check for CRLF Injection
 func ESIIAnalysis(target string, options model.Options, rl *rateLimiter) {
 	bpu, _ := url.Parse(target)
 	bpd := bpu.Query()
@@ -107,7 +107,7 @@ func ESIIAnalysis(target string, options model.Options, rl *rateLimiter) {
 
 }
 
-//SqliAnalysis is basic check for SQL Injection
+// SqliAnalysis is basic check for SQL Injection
 func SqliAnalysis(target string, options model.Options, rl *rateLimiter) {
 	// sqli payload
 
@@ -141,7 +141,7 @@ func SqliAnalysis(target string, options model.Options, rl *rateLimiter) {
 
 }
 
-//OpenRedirectorAnalysis is basic check for open redirectors
+// OpenRedirectorAnalysis is basic check for open redirectors
 func OpenRedirectorAnalysis(target string, options model.Options, rl *rateLimiter) {
 
 	// openredirect payload

pkg/har/round_tripper_test.go renamed to internal/har/round_tripper_test.go

@@ -4,8 +4,8 @@ import (
 	"os/exec"
 	"strings"
 
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
 )
 
 // foundAction is after command function.

pkg/har/types.go renamed to internal/har/types.go

@@ -12,10 +12,10 @@ import (
 	"time"
 
 	"github.com/PuerkitoBio/goquery"
+	"github.com/hahwul/dalfox/v2/internal/optimization"
+	"github.com/hahwul/dalfox/v2/internal/printing"
+	"github.com/hahwul/dalfox/v2/internal/verification"
 	"github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/optimization"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
-	"github.com/hahwul/dalfox/v2/pkg/verification"
 	voltFile "github.com/hahwul/volt/file"
 	vlogger "github.com/hahwul/volt/logger"
 	voltUtils "github.com/hahwul/volt/util"
@@ -161,7 +161,7 @@ func processParams(target string, paramsQue chan string, results chan model.Para
 				pLog.Debug(lineSum)
 			}
 			if vrs {
-				code = CodeView(resbody, "DalFox")
+				code = printing.CodeView(resbody, "DalFox")
 				code = code[:len(code)-5]
 				pointer := optimization.Abstraction(resbody, "DalFox")
 				smap := "Injected: "

pkg/har/types_test.go renamed to internal/har/types_test.go

@@ -13,16 +13,16 @@ import (
 	"sync"
 	"time"
 
-	"github.com/hahwul/dalfox/v2/pkg/har"
+	"github.com/hahwul/dalfox/v2/internal/har"
 
 	"golang.org/x/term"
 
 	"github.com/briandowns/spinner"
+	"github.com/hahwul/dalfox/v2/internal/optimization"
+	"github.com/hahwul/dalfox/v2/internal/printing"
+	"github.com/hahwul/dalfox/v2/internal/report"
+	"github.com/hahwul/dalfox/v2/internal/verification"
 	"github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/optimization"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
-	"github.com/hahwul/dalfox/v2/pkg/report"
-	"github.com/hahwul/dalfox/v2/pkg/verification"
 	voltFile "github.com/hahwul/volt/file"
 )
 
@@ -787,7 +787,7 @@ func Scan(target string, options model.Options, sid string) (model.Result, error
 														resultsChan <- poc
 													}
 												} else {
-													code := CodeView(resbody, v["payload"])
+													code := printing.CodeView(resbody, v["payload"])
 													printing.DalLog("WEAK", "Reflected Payload in JS: "+v["param"]+"="+v["payload"], options)
 													printing.DalLog("CODE", code, options)
 													poc := model.PoC{
@@ -838,7 +838,7 @@ func Scan(target string, options model.Options, sid string) (model.Result, error
 								} else if strings.Contains(v["type"], "inATTR") {
 									if vds {
 										if vStatus[v["param"]] == false {
-											code := CodeView(resbody, v["payload"])
+											code := printing.CodeView(resbody, v["payload"])
 											printing.DalLog("VULN", "Triggered XSS Payload (found DOM Object): "+v["param"]+"="+v["payload"], options)
 											printing.DalLog("CODE", code, options)
 											poc := model.PoC{
@@ -886,7 +886,7 @@ func Scan(target string, options model.Options, sid string) (model.Result, error
 										}
 									} else if vrs {
 										if vStatus[v["param"]] == false {
-											code := CodeView(resbody, v["payload"])
+											code := printing.CodeView(resbody, v["payload"])
 											printing.DalLog("WEAK", "Reflected Payload in Attribute: "+v["param"]+"="+v["payload"], options)
 											printing.DalLog("CODE", code, options)
 											poc := model.PoC{
@@ -935,7 +935,7 @@ func Scan(target string, options model.Options, sid string) (model.Result, error
 								} else {
 									if vds {
 										if vStatus[v["param"]] == false {
-											code := CodeView(resbody, v["payload"])
+											code := printing.CodeView(resbody, v["payload"])
 											printing.DalLog("VULN", "Triggered XSS Payload (found DOM Object): "+v["param"]+"="+v["payload"], options)
 											printing.DalLog("CODE", code, options)
 											poc := model.PoC{
@@ -983,7 +983,7 @@ func Scan(target string, options model.Options, sid string) (model.Result, error
 										}
 									} else if vrs {
 										if vStatus[v["param"]] == false {
-											code := CodeView(resbody, v["payload"])
+											code := printing.CodeView(resbody, v["payload"])
 											printing.DalLog("WEAK", "Reflected Payload in HTML: "+v["param"]+"="+v["payload"], options)
 											printing.DalLog("CODE", code, options)
 											poc := model.PoC{

pkg/har/writer.go renamed to internal/har/writer.go

@@ -11,12 +11,12 @@ import (
 	"strings"
 	"time"
 
-	"github.com/hahwul/dalfox/v2/pkg/har"
+	"github.com/hahwul/dalfox/v2/internal/har"
 
+	"github.com/hahwul/dalfox/v2/internal/optimization"
+	"github.com/hahwul/dalfox/v2/internal/printing"
+	"github.com/hahwul/dalfox/v2/internal/verification"
 	"github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/optimization"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
-	"github.com/hahwul/dalfox/v2/pkg/verification"
 	vlogger "github.com/hahwul/volt/logger"
 	"github.com/sirupsen/logrus"
 )

pkg/optimization/abstraction.go renamed to internal/optimization/abstraction.go

@@ -5,8 +5,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/hahwul/dalfox/v2/internal/optimization"
 	"github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/optimization"
 )
 
 // StaticAnalysis is found information on original req/res

pkg/optimization/abstraction_test.go renamed to internal/optimization/abstraction_test.go

@@ -9,9 +9,9 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/hahwul/dalfox/v2/pkg/har"
+	"github.com/hahwul/dalfox/v2/internal/har"
+	"github.com/hahwul/dalfox/v2/internal/printing"
 	"github.com/hahwul/dalfox/v2/pkg/model"
-	"github.com/hahwul/dalfox/v2/pkg/printing"
 	"github.com/tidwall/sjson"
 )