Skip to content

Comments

publicwww engine integration#157

Merged
Mzack9999 merged 19 commits intodevfrom
issue-122-publicwww-engine-integration
Mar 1, 2023
Merged

publicwww engine integration#157
Mzack9999 merged 19 commits intodevfrom
issue-122-publicwww-engine-integration

Conversation

@xm1k3
Copy link
Contributor

@xm1k3 xm1k3 commented Feb 15, 2023
edited
Loading 

cho "/wp-content/themes/twentysixteen/" | ./uncover  -e publicwww -f host -silent

https://www.mcmaster.ca/
https://fancywap.com/
https://winaero.com/
...

./uncover -e publicwww -q adserver.adtech.de -f host

https://www.anibis.ch/fr
https://fotka.com/
https://ng.se/stockholm
https://www.niederschlagsradar.de/
...

@xm1k3 xm1k3 self-assigned this Feb 15, 2023
@xm1k3 xm1k3 added the Type: Enhancement Most issues will probably ask for additions or changes. label Feb 15, 2023
@xm1k3 xm1k3 linked an issue Feb 15, 2023 that may be closed by this pull request
publicwww - new api provider #122
Closed
@xm1k3 xm1k3 marked this pull request as ready for review February 16, 2023 15:23
ehsandeep
ehsandeep requested changes Feb 19, 2023
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment
edited by xm1k3
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Known issues -

  • Dedicated search query is not working
./uncover -pw "/wp-content/themes/twentysixteen/"

  __  ______  _________ _   _____  _____
 / / / / __ \/ ___/ __ \ | / / _ \/ ___/
/ /_/ / / / / /__/ /_/ / |/ /  __/ /    
\__,_/_/ /_/\___/\____/|___/\___/_/ v1.0.2

		projectdiscovery.io

[FTL] Program exiting: no query provided
  • ENV token support, PUBLICWWW_API_KEY
  • Unpexected output
echo "/wp-content/themes/twentysixteen/" | ./uncover  -e publicwww -v

  __  ______  _________ _   _____  _____
 / / / / __ \/ ___/ __ \ | / / _ \/ ___/
/ /_/ / / / / /__/ /_/ / |/ /  __/ /    
\__,_/_/ /_/\___/\____/|___/\___/_/ v1.0.2

		projectdiscovery.io

[publicwww] :0
[publicwww] :0
[publicwww] :0
[publicwww] :0
[publicwww] :0
[publicwww] :0
[publicwww] :0
[publicwww] :0
[publicwww] :0

@ehsandeep ehsandeep marked this pull request as draft February 19, 2023 10:19
@xm1k3
Copy link
Contributor Author

xm1k3 commented Feb 20, 2023 

echo "/wp-content/themes/twentysixteen/" | ./uncover  -e publicwww -v -f host

  __  ______  _________ _   _____  _____
 / / / / __ \/ ___/ __ \ | / / _ \/ ___/
/ /_/ / / / / /__/ /_/ / |/ /  __/ /    
\__,_/_/ /_/\___/\____/|___/\___/_/ v1.0.2

                projectdiscovery.io

[publicwww] www.mcmaster.ca
[publicwww] fancywap.com
[publicwww] winaero.com
[publicwww] getitfree.us
[publicwww] semioffice.com
[publicwww] www.saberia.com
[publicwww] cerkov.ru
[publicwww] bezux.pl
[publicwww] thespacereporter.com
[publicwww] www.cbrc.jp
[publicwww] www.infokids.gr
[publicwww] wiselwisel.com
[publicwww] techmixx.de

@xm1k3
Copy link
Contributor Author

xm1k3 commented Feb 20, 2023 

echo "/wp-content/themes/twentysixteen/" | ./uncover  -e publicwww -v -f url

  __  ______  _________ _   _____  _____
 / / / / __ \/ ___/ __ \ | / / _ \/ ___/
/ /_/ / / / / /__/ /_/ / |/ /  __/ /    
\__,_/_/ /_/\___/\____/|___/\___/_/ v1.0.2

                projectdiscovery.io

[publicwww] https://www.mcmaster.ca/
[publicwww] https://fancywap.com/
[publicwww] https://winaero.com/
[publicwww] https://getitfree.us/

@xm1k3
Copy link
Contributor Author

xm1k3 commented Feb 20, 2023 

[publicwww] :0
[publicwww] :0
[publicwww] :0

@ehsandeep this output is caused because -f by default is ip:port, publicwww csv provide to us url and rank, and with another export also snippet

url;rank;snippet
https://www.anibis.ch/fr;13403;fetch\" href=\"http://adserver.adtech.de\" crossorigin=\"anony

@xm1k3 xm1k3 requested a review from ehsandeep February 20, 2023 22:33
@xm1k3
Copy link
Contributor Author

xm1k3 commented Feb 21, 2023 

echo jira | uncover -e shodan,publicww,fofa

...
[publicwww] cbreresidential.cz
[publicwww] www.dustingetz.com
[publicwww] luccasfraga.com.br
[shodan] 80.188.51.107:443
[shodan] 3.67.24.209:443
[shodan] 159.75.125.176:5800
[shodan] 119.29.10.14:10000
....

@ehsandeep ehsandeep marked this pull request as ready for review February 21, 2023 15:15
tarunKoyalwar
tarunKoyalwar requested changes Feb 21, 2023
View reviewed changes
@tarunKoyalwar
Copy link
Member

tarunKoyalwar commented Feb 21, 2023

@xm1k3 , @ehsandeep I think it will be better if we change ratelimit logic in uncover i.e in uncover we use delay to configure ratelimit while we have -rlm and -rl options in nuclei,subfinder,httpx . I think keeping options uniform will help rather than providing different formats for same functionality. Example

If source has ratelimit say 30 req/min

  • In nuclei we pass -rlm 30
  • In uncover we have to pass -delay 2

Apart from obvious calculation required another thing we miss is bucket refill rate.

The original library i.e golang.org/x/time/rate implements classic token bucket algorithm allowing a burst of tokens and a refill that happens at a specified ratio by one unit at a time whereas this implementation is a variant that allows a burst of tokens just like "the token bucket" algorithm, but the refill happens entirely at the defined ratio.

tarunKoyalwar
tarunKoyalwar reviewed Feb 21, 2023
View reviewed changes
@xm1k3 xm1k3 requested a review from tarunKoyalwar February 23, 2023 22:28
tarunKoyalwar
tarunKoyalwar reviewed Feb 24, 2023
View reviewed changes
Copy link
Member

@tarunKoyalwar tarunKoyalwar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggesting some improvements .

  • I think we implement -delay option to avoid hitting ratelimit . since we already know ratelimits for most of the sources (shodan,censys etc) I think we can use a default ratelimit for these sources and leave it for user to configure sources whose ratelimit is not know (ex: publicwww).
  • we are doing the same in subfinder

runner/runner.go
Comment on lines 99 to 105
)
switch engine {
case "shodan":
agent, err = shodan.NewWithOptions(&uncover.AgentOptions{RateLimiter: shodanRateLimiter})
agent, err = shodan.New()
case "censys":
agent, err = censys.NewWithOptions(&uncover.AgentOptions{RateLimiter: censysRateLimiter})
agent, err = censys.New()
case "fofa":
Copy link
Member

@tarunKoyalwar tarunKoyalwar Feb 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xm1k3 , it depends on your preference , but I think we can remove .New() functions since they are not used anymore and only decrease overall code coverage. I think we can directly append to array

agents = append(agents, &publicwww.Agent{})

uncover/agent/censys/censys.go Outdated
Comment on lines 72 to 77
err = session.RateLimits.Take(agent.Name())
if err != nil {
return nil, err
}
return session.Do(request)
}
Copy link
Member

@tarunKoyalwar tarunKoyalwar Feb 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here , I think we can modify session.Do to accept a optional sourcename and move ratelimit logic inside Do function

func (s *Session) Do(req *retryablehttp.Request,source ...string)

uncover/session.go Outdated
Comment on lines 49 to 56
var err error
rateLimitOpts := &ratelimit.Options{
MaxCount: uint(retryMax),
Duration: time.Duration(delay),
IsUnlimited: delay == 0,
}

rateLimitOpts.Key = engines[0]
Copy link
Member

@tarunKoyalwar tarunKoyalwar Feb 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xm1k3 I think Maxcount should be 1 here and retryMax is configured should be configure inretryablehttp.Client

@Mzack9999
Copy link
Member

Mzack9999 commented Feb 28, 2023

@tarunKoyalwar I think tracking these changes within a new issue would be better as they are not specific to this implementation, which only adds support for the new source publicwww. Could you create a follow-up ticket?

@xm1k3 xm1k3 mentioned this pull request Feb 28, 2023
Closed
@xm1k3
restored logic
d593f66 
- session and rate limit logic moved to #165
@xm1k3
Copy link
Contributor Author

xm1k3 commented Feb 28, 2023

@Mzack9999 @tarunKoyalwar as mentioned in the above message above, the logic that also modifies the other providers has been moved to this issue: #164

@xm1k3 xm1k3 requested a review from tarunKoyalwar February 28, 2023 18:49
tarunKoyalwar
tarunKoyalwar approved these changes Mar 1, 2023
View reviewed changes
Copy link
Member

@tarunKoyalwar tarunKoyalwar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

Just a note this source is not very stable due to its ratelimit which will be implemented in #164

@tarunKoyalwar tarunKoyalwar requested a review from Mzack9999 March 1, 2023 07:17
Mzack9999
Mzack9999 approved these changes Mar 1, 2023
View reviewed changes
@Mzack9999 Mzack9999 merged commit 0968d71 into dev Mar 1, 2023
@Mzack9999 Mzack9999 deleted the issue-122-publicwww-engine-integration branch March 1, 2023 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

@tarunKoyalwar tarunKoyalwar tarunKoyalwar approved these changes

Assignees

@xm1k3 xm1k3

Labels

Type: Enhancement Most issues will probably ask for additions or changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

publicwww - new api provider

4 participants

@xm1k3 @tarunKoyalwar @Mzack9999 @ehsandeep