-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
86 lines (75 loc) · 2.18 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
// ________ ________ ________ ________ ___ ________
// |\ ___ \|\ __ \|\ __ \|\ __ \|\ \ |\ __ \
// \ \ \_|\ \ \ \|\ \ \ \|\ \ \ \|\ \ \ \ \ \ \|\ \
// \ \ \ \\ \ \ \\\ \ \ \\\ \ \ ____\ \ \ \ \ __ \
// \ \ \_\\ \ \ \\\ \ \ \\\ \ \ \___|\ \ \____\ \ \ \ \
// \ \_______\ \_______\ \_______\ \__\ \ \_______\ \__\ \__\
// \|_______|\|_______|\|_______|\|__| \|_______|\|__|\|__|
//
// A Unique URL Identifier for use in bug bounties and penetration testing
package main
import (
"bufio"
"fmt"
"net/url"
"os"
"strings"
)
func Contains(sl []string, name string) bool {
for _, value := range sl {
if value == name {
return true
}
}
return false
}
func parseQueryString(splitQuery []string) []string {
var queryParams []string
if len(splitQuery) > 1 {
i := 0
for i < len(splitQuery) {
splitParam := strings.Split(splitQuery[i], "=")
queryParams = append(queryParams, strings.TrimSpace(splitParam[0])+"=TEST")
i = i + 1
}
} else {
queryParams = append(queryParams, strings.Join(splitQuery, ""))
}
return queryParams
}
func isStaticContent(u *url.URL) bool {
static_exts := []string{
"js", "css", "png", "jpg", "jpeg", "svg",
"ico", "webp", "ttf", "otf", "woff", "gif",
"pdf", "bmp", "eot", "mp3", "woff2", "mp4", "avi"}
for _, ext := range static_exts {
if strings.Contains(u.Path, ext) {
return true
}
}
return false
}
func isUserContent(u *url.URL) bool {
pathParts := strings.Split(u.Path, "/")
return strings.Contains(pathParts[len(pathParts)-1], "-")
}
func main() {
scanner := bufio.NewScanner((os.Stdin))
seenQueryStrings := make([]string, 0)
for scanner.Scan() {
txt := scanner.Text()
u, err := url.Parse(txt)
if err == nil {
queryString := u.RawQuery
splitQuery := strings.Split(queryString, "&")
queryParams := parseQueryString(splitQuery)
if !isStaticContent(u) && !isUserContent(u) {
testQueryString := u.Path + strings.Join(queryParams, "&")
if !Contains(seenQueryStrings, testQueryString) {
fmt.Println(txt)
seenQueryStrings = append(seenQueryStrings, testQueryString)
}
}
}
}
}