adapt to new sweetygo api

AmyangXYZ · Mar 13, 2019 · a8e4852 · a8e4852
1 parent ad6ce61
commit a8e4852
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 97 deletions.
diff --git a/AssassinGo b/AssassinGo
diff --git a/web/controller.go b/web/controller.go
@@ -14,21 +14,18 @@ import (
 	"github.com/gorilla/websocket"
 )
 
-func index(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
-	ctx.Render(200, "index")
+func index(ctx *sweetygo.Context) error {
+	return ctx.Render(200, "index")
 }
 
-func static(ctx *sweetygo.Context) {
+func static(ctx *sweetygo.Context) error {
 	staticHandle := http.StripPrefix("/static",
 		http.FileServer(http.Dir("./web/static")))
 	staticHandle.ServeHTTP(ctx.Resp, ctx.Req)
+	return nil
 }
 
-func signin(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func signin(ctx *sweetygo.Context) error {
 	if ctx.Param("username") != "" && ctx.Param("password") != "" {
 		username := ctx.Param("username")
 		password := getPassword(username)
@@ -40,134 +37,117 @@ func signin(ctx *sweetygo.Context) {
 			claims["exp"] = time.Now().Add(time.Hour * 36).Unix()
 			t, _ := token.SignedString([]byte(config.SecretKey))
 			ctx.SetCookie("SG_Token", t)
-			ctx.JSON(200, 1, "success", map[string]string{"SG_Token": t})
 
 			a := assassin.New()
 			s := assassin.NewSiblings()
 			daddy.Son[username] = a
 			daddy.Sibling[username] = s
 			logger.Green.Println(username, "Has Signed In")
-			return
+
+			return ctx.JSON(200, 1, "success", map[string]string{"SG_Token": t})
 		}
-		ctx.JSON(200, 0, "Username or Password Error.", nil)
+		return ctx.JSON(200, 0, "Username or Password Error.", nil)
 	}
+	return nil
 }
 
-func setTarget(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func setTarget(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	if target := ctx.Param("target"); target != "" {
 		daddy.Son[usr].SetTarget(target)
-		ctx.JSON(200, 1, "success", nil)
-		return
+		return ctx.JSON(200, 1, "success", nil)
 	}
 	if targets := ctx.Param("targets"); targets != "" {
 		daddy.Sibling[usr].SetTargets(targets)
-		ctx.JSON(200, 1, "success", nil)
+		return ctx.JSON(200, 1, "success", nil)
 	}
+	return nil
 }
 
-func basicInfo(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func basicInfo(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	a.Gatherers["basicInfo"].Set(a.Target)
 	a.Gatherers["basicInfo"].Run()
 	ret := a.Gatherers["basicInfo"].Report()
-	ctx.JSON(200, 1, "success", ret)
+	return ctx.JSON(200, 1, "success", ret)
 }
 
-func bypassCF(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func bypassCF(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	a.Gatherers["bypassCF"].Set(a.Target)
 	a.Gatherers["bypassCF"].Run()
 	ret := a.Gatherers["bypassCF"].Report()
-	ctx.JSON(200, 1, "success", ret)
+	return ctx.JSON(200, 1, "success", ret)
 }
 
-func cmsDetect(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func cmsDetect(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	a.Gatherers["cms"].Set(a.Target)
 	a.Gatherers["cms"].Run()
 	ret := a.Gatherers["cms"].Report()
-	ctx.JSON(200, 1, "success", ret)
+	return ctx.JSON(200, 1, "success", ret)
 }
 
-func whois(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func whois(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	if net.ParseIP(a.Target).String() == a.Target {
-		ctx.JSON(200, 0, "ip do not need whois", nil)
-		return
+		return ctx.JSON(200, 0, "ip do not need whois", nil)
 	}
 	a.Gatherers["whois"].Set(a.Target)
 	a.Gatherers["whois"].Run()
 	ret := a.Gatherers["whois"].Report()
-	ctx.JSON(200, 1, "success", ret)
+	return ctx.JSON(200, 1, "success", ret)
 }
 
-func honeypot(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func honeypot(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	a.Gatherers["honeypot"].Set(a.Target)
 	a.Gatherers["honeypot"].Run()
 	ret := a.Gatherers["honeypot"].Report()
-	ctx.JSON(200, 1, "success", ret)
+	return ctx.JSON(200, 1, "success", ret)
 }
 
-func tracert(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func tracert(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
 	a.Gatherers["tracert"].Set(conn, a.Target)
 	a.Gatherers["tracert"].Run()
 	conn.Close()
+	return nil
 }
 
-func portScan(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func portScan(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
 	a.Gatherers["port"].Set(conn, a.Target)
 	a.Gatherers["port"].Run()
 	conn.Close()
+	return nil
 }
 
-func subDomainScan(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func subDomainScan(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
 	a.Gatherers["subdomain"].Set(conn, a.Target)
 	a.Gatherers["subdomain"].Run()
 	conn.Close()
+	return nil
 }
 
 type dirbMsg struct {
 	// Payload   string `json:"payload"`
 	Concurrency int `json:"concurrency"`
 }
 
-func dirBrute(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func dirBrute(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
@@ -176,40 +156,38 @@ func dirBrute(ctx *sweetygo.Context) {
 	a.Gatherers["dirb"].Set(conn, a.Target, m.Concurrency)
 	a.Gatherers["dirb"].Run()
 	conn.Close()
+	return nil
 }
 
-func crawl(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func crawl(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
 	a.Attackers["crawler"].Set(conn, a.Target, 4)
 	a.Attackers["crawler"].Run()
 	a.FuzzableURLs = a.Attackers["crawler"].Report()["fuzzableURLs"].([]string)
 	conn.Close()
+	return nil
 }
 
-func checkSQLi(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func checkSQLi(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
 	a.Attackers["sqli"].Set(conn, a.FuzzableURLs)
 	a.Attackers["sqli"].Run()
 	conn.Close()
+	return nil
 }
 
-func checkXSS(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func checkXSS(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
 	a.Attackers["xss"].Set(conn, a.FuzzableURLs)
 	a.Attackers["xss"].Run()
 	conn.Close()
+	return nil
 }
 
 type intruderMsg struct {
@@ -218,9 +196,7 @@ type intruderMsg struct {
 	Concurrency int    `json:"concurrency"`
 }
 
-func intrude(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func intrude(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
@@ -229,21 +205,20 @@ func intrude(ctx *sweetygo.Context) {
 	if err != nil {
 		logger.Red.Println(err)
 		conn.Close()
-		return
+		return err
 	}
 	a.Attackers["intruder"].Set(conn, a.Target, m.Header, m.Payload, m.Concurrency)
 	a.Attackers["intruder"].Run()
 	conn.Close()
+	return nil
 }
 
 type sshMsg struct {
 	Port        string `json:"port"`
 	Concurrency int    `json:"concurrency"`
 }
 
-func sshBrute(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func sshBrute(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
@@ -252,11 +227,12 @@ func sshBrute(ctx *sweetygo.Context) {
 	if err != nil {
 		logger.Red.Println(err)
 		conn.Close()
-		return
+		return err
 	}
 	a.Attackers["ssh"].Set(conn, a.Target, m.Port, m.Concurrency)
 	a.Attackers["ssh"].Run()
 	conn.Close()
+	return nil
 }
 
 type seekerMsg struct {
@@ -265,9 +241,7 @@ type seekerMsg struct {
 	MaxPage int    `json:"max_page"`
 }
 
-func seek(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func seek(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	conn, _ := websocket.Upgrade(ctx.Resp, ctx.Req, ctx.Resp.Header(), 1024, 1024)
@@ -276,16 +250,15 @@ func seek(ctx *sweetygo.Context) {
 	if err != nil {
 		logger.Red.Println(err)
 		conn.Close()
-		return
+		return err
 	}
 	a.Seeker.Set(conn, m.Query, m.SE, m.MaxPage)
 	a.Seeker.Run()
 	conn.Close()
+	return nil
 }
 
-func getPoCList(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func getPoCList(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	pocList := map[string]poc.Intro{}
@@ -295,33 +268,28 @@ func getPoCList(ctx *sweetygo.Context) {
 	ret := map[string]interface{}{
 		"poc_list": pocList,
 	}
-	ctx.JSON(200, 1, "success", ret)
+	return ctx.JSON(200, 1, "success", ret)
 }
 
-func runPoC(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func runPoC(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	a := daddy.Son[usr]
 	pocName := ctx.Param("poc")
 	if a.PoC[pocName] == nil {
 		logger.Red.Println("No Such PoC")
-		ctx.JSON(200, 0, "no such poc", nil)
-		return
+		return ctx.JSON(200, 0, "no such poc", nil)
 	}
 	a.PoC[pocName].Set(a.Target)
 	a.PoC[pocName].Run()
 	ret := a.PoC[pocName].Report()
-	ctx.JSON(200, 1, "success", ret)
+	return ctx.JSON(200, 1, "success", ret)
 }
 
 type pocMsg struct {
 	Concurrency int `json:"concurrency"`
 }
 
-func runSiblingPoC(ctx *sweetygo.Context) {
-	ctx.Resp.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
-	ctx.Resp.Header().Set("Access-Control-Allow-Credentials", "true")
+func runSiblingPoC(ctx *sweetygo.Context) error {
 	usr := ctx.Get("userInfo").(*jwt.Token).Claims.(jwt.MapClaims)["username"].(string)
 	sibling := daddy.Sibling[usr]
 	pocName := ctx.Param("poc")
@@ -330,7 +298,7 @@ func runSiblingPoC(ctx *sweetygo.Context) {
 		conn.WriteJSON(map[string]string{"message": "no such poc"})
 		logger.Red.Println("No Such PoC")
 		conn.Close()
-		return
+		return nil
 	}
 	sibling.MuxConn.Conn = conn
 	m := pocMsg{}
@@ -355,4 +323,5 @@ func runSiblingPoC(ctx *sweetygo.Context) {
 		blockers <- struct{}{}
 	}
 	conn.Close()
+	return nil
 }