feat: initial commit

.github/workflows/release-binary.yml

@@ -0,0 +1,29 @@
+name: 🎉 Release Binary
+on:
+  create:
+    tags:
+      - v*
+  workflow_dispatch:
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Check out code"
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: "Set up Go"
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
+      - name: "Create release on GitHub"
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          args: "release --rm-dist"
+          version: latest
+          workdir: .
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -0,0 +1,3 @@
+main
+linx
+.idea

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Rıza Sabuncu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,36 @@
+<h1>linx</h1>  
+<p> Reveals invisible links within JavaScript files. Inspired by <a href="https://github.com/GerbenJavado/LinkFinder">LinkFinder</a> </p>  
+<p>  
+  <a href="https://opensource.org/licenses/MIT">  
+    <img src="https://img.shields.io/badge/license-MIT-_red.svg">  
+  </a>  
+  <a href="https://goreportcard.com/badge/github.com/riza/linx">  
+    <img src="https://goreportcard.com/badge/github.com/riza/linx">  
+  </a>  
+  <a href="https://github.com/projectdiscovery/httpx/releases">  
+    <img src="https://img.shields.io/github/release/riza/linx">  
+  </a>  
+  <a href="https://twitter.com/rizasabuncu">  
+    <img src="https://img.shields.io/twitter/follow/rizasabuncu.svg?logo=twitter">  
+  </a>  
+</p>
+
+# Installation
+
+linx requires **go1.17** to install successfully. Run the following command to get the repo -
+
+```sh
+go install -v github.com/riza/linx/cmd/linx@latest
+```
+
+# Usage
+
+```sh
+linx --target=https://rizasabuncu.com/assets/admin_acces.js
+```
+
+# TODOs
+
+* [ ] HTML Output  
+* [ ] Support parallel scan multiple files
+* [ ] ...

cmd/linx.go

@@ -0,0 +1,24 @@
+package main
+
+import (
+	"linx/internal/banner"
+	"linx/internal/options"
+	"linx/linx"
+	"linx/pkg/logger"
+)
+
+const Version = "v1.0"
+
+func main() {
+	banner.Show(Version)
+
+	opts, err := options.Get().Parse()
+	if err != nil {
+		logger.Get().Fatal(err)
+	}
+
+	err = linx.Run(opts)
+	if err != nil {
+		logger.Get().Error(err)
+	}
+}

go.mod

@@ -0,0 +1,11 @@
+module linx
+
+go 1.17
+
+require github.com/sirupsen/logrus v1.8.1
+
+require (
+	github.com/stretchr/testify v1.7.0 // indirect
+	golang.org/x/sys v0.0.0-20220624220833-87e55d714810 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+)

go.sum

@@ -0,0 +1,18 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220624220833-87e55d714810 h1:rHZQSjJdAI4Xf5Qzeh2bBc5YJIkPFVM6oDtMFYmgws0=
+golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/banner/banner.go

@@ -0,0 +1,14 @@
+package banner
+
+import "linx/pkg/logger"
+
+const banner = `
+   ___         
+  / (_)__ __ __
+ / / / _ \\ \ /
+/_/_/_//_/_\_\  %s
+`
+
+func Show(ver string) {
+	logger.Get().Printf(banner, ver)
+}

internal/options/options.go

@@ -0,0 +1,64 @@
+package options
+
+import (
+	"flag"
+	"fmt"
+	"linx/pkg/logger"
+	"os"
+	"strings"
+)
+
+type Options struct {
+	Target string
+	Debug  bool
+}
+
+var (
+	o *Options
+)
+
+func init() {
+	o = &Options{}
+}
+
+func Get() *Options {
+	return o
+}
+
+func (o *Options) Parse() (*Options, error) {
+	flag.StringVar(&o.Target, "target", "", "can be *.js file path or url")
+	flag.BoolVar(&o.Debug, "debug", false, "do you want to know what's inside the engine?")
+	flag.Parse()
+
+	if o.Debug {
+		logger.Get().SetLevelDebug()
+	}
+
+	if o.Target == "" {
+		printDefaults()
+		return nil, fmt.Errorf(errTargetIsRequired, o.Target)
+	}
+
+	isValid := validateTarget(o.Target)
+	if !isValid {
+		printDefaults()
+		return nil, fmt.Errorf(errTargetIsInvalid, o.Target)
+	}
+
+	return o, nil
+}
+
+func validateTarget(target string) (isValid bool) {
+	if (strings.Contains(target, "http://") || strings.Contains(target, "https://")) && strings.Contains(target, ".js") {
+		return true
+	}
+	if strings.Contains(target, ".js") {
+		return true
+	}
+	return false
+}
+
+func printDefaults() {
+	fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
+	flag.PrintDefaults()
+}

internal/options/options_errors.go

@@ -0,0 +1,6 @@
+package options
+
+const (
+	errTargetIsRequired = "target required, must be not empty target=%s"
+	errTargetIsInvalid  = "target is invalid, it must be url or file path target=%s"
+)

internal/scanner/scanner.go

@@ -0,0 +1,54 @@
+package scanner
+
+import (
+	"fmt"
+	"linx/internal/scanner/strategies"
+	"linx/pkg/logger"
+	"regexp"
+	"strings"
+	"unsafe"
+)
+
+// rule from LinkFinder https://github.com/GerbenJavado/LinkFinder/blob/master/linkfinder.py#L29 ty @GerbenJavado
+const rule = `(?:"|')(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;| *()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\?|#][^"|']{0,}|)))(?:"|')`
+
+type task struct {
+	target   string
+	strategy strategies.ScanStrategy
+}
+
+type scanner struct {
+	task task
+}
+
+func NewScanner(target string) scanner {
+	return scanner{
+		task{
+			strategy: defineStrategyForTarget(target),
+		},
+	}
+}
+
+func (s scanner) Run() error {
+	r, _ := regexp.Compile(rule)
+
+	content, err := s.task.strategy.GetContent()
+	if err != nil {
+		return fmt.Errorf(errGetFileContent, err)
+	}
+
+	urls := r.FindAllString(*(*string)(unsafe.Pointer(&content)), -1)
+	for _, s := range urls {
+		logger.Get().Infof("found possible url: %s", s)
+	}
+
+	logger.Get().Infof("%d possible url found", len(urls))
+	return nil
+}
+
+func defineStrategyForTarget(target string) strategies.ScanStrategy {
+	if strings.Contains(target, "http://") || strings.Contains(target, "https://") {
+		return strategies.URLStrategy{target}
+	}
+	return strategies.FileStrategy{target}
+}

internal/scanner/scanner_errors.go

@@ -0,0 +1,5 @@
+package scanner
+
+var (
+	errGetFileContent = "error getting content err: %w"
+)

internal/scanner/strategies/file.go

@@ -0,0 +1,30 @@
+package strategies
+
+import (
+	"io/ioutil"
+	"linx/pkg/logger"
+	"os"
+)
+
+type FileStrategy struct {
+	Target string
+}
+
+func (fs FileStrategy) GetContent() ([]byte, error) {
+	logger.Get().Debugf("selected file content strategy target=%s", fs.Target)
+	return fs.readFileContent()
+}
+
+func (fs FileStrategy) readFileContent() ([]byte, error) {
+	_, err := os.Stat(fs.Target)
+	if err != nil {
+		return nil, err
+	}
+
+	content, err := ioutil.ReadFile(fs.Target)
+	if err != nil {
+		return nil, err
+	}
+
+	return content, nil
+}

internal/scanner/strategies/strategy.go

@@ -0,0 +1,5 @@
+package strategies
+
+type ScanStrategy interface {
+	GetContent() ([]byte, error)
+}

internal/scanner/strategies/url.go

@@ -0,0 +1,38 @@
+package strategies
+
+import (
+	"fmt"
+	"io/ioutil"
+	"linx/pkg/logger"
+	"net/http"
+)
+
+type URLStrategy struct {
+	Target string
+}
+
+func (us URLStrategy) GetContent() ([]byte, error) {
+	logger.Get().Debugf("selected url strategy target=%s", us.Target)
+	return us.getFileContent()
+}
+
+func (us URLStrategy) getFileContent() ([]byte, error) {
+	logger.Get().Debugf("getting file from %s", us.Target)
+	resp, err := http.Get(us.Target)
+	if err != nil {
+		return nil, err
+	}
+
+	logger.Get().Debugf("response: status code=%d", resp.StatusCode)
+	if !(resp.StatusCode >= 200 && resp.StatusCode <= 299) {
+		return nil, fmt.Errorf("getting url content fail. status code is not success code=%d", resp.StatusCode)
+	}
+
+	logger.Get().Debugf("response: content length=%d", resp.ContentLength)
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return body, nil
+}