package main
import (
"bufio"
"fmt"
"net/url"
"os"
"sort"
"strings"
)
// Ideas:
// More than, say, 3 query string parameteres (exluding utm_*?)
// Popular app names (phpmyadmin etc) in path
// Filenames from configfiles list / seclist
// dev/stage/test in path or hostname
// jenkins, graphite etc in hostname or path
type urlCheck func(*url.URL) bool
func main() {
checks := []urlCheck{
// query string stuff
func(u *url.URL) bool {
interesting := 0
for k, vv := range u.Query() {
for _, v := range vv {
if qsCheck(k, v) {
interesting++
}
}
}
return interesting > 0
},
// extensions
func(u *url.URL) bool {
exts := []string{
".php",
".phtml",
".asp",
".aspx",
".cgi",
".pl",
".json",
".xml",
".rb",
".py",
".sh",
".yaml",
".yml",
".toml",
".ini",
".md",
".mkd",
".do",
".jsp",
}
p := strings.ToLower(u.EscapedPath())
for _, e := range exts {
if strings.HasSuffix(p, e) {
return true
}
}
return false
},
// path bits
func(u *url.URL) bool {
p := strings.ToLower(u.EscapedPath())
return strings.Contains(p, "ajax") ||
strings.Contains(p, "jsonp") ||
strings.Contains(p, "admin") ||
strings.Contains(p, "include") ||
strings.Contains(p, "src") ||
strings.Contains(p, "redirect")
},
// non-standard port
func(u *url.URL) bool {
return (u.Port() != "80" && u.Port() != "443" && u.Port() != "")
},
}
seen := make(map[string]bool)
sc := bufio.NewScanner(os.Stdin)
for sc.Scan() {
u, err := url.Parse(sc.Text())
if err != nil {
//fmt.Fprintf(os.Stderr, "failed to parse url %s [%s]\n", sc.Text(), err)
continue
}
if isBoringStaticFile(u) {
continue
}
// Go's maps aren't ordered, but we want to use all the param names
// as part of the key to output only unique requests. To do that, put
// them into a slice and then sort it.
pp := make([]string, 0)
for p, _ := range u.Query() {
pp = append(pp, p)
}
sort.Strings(pp)
key := fmt.Sprintf("%s%s?%s", u.Hostname(), u.EscapedPath(), strings.Join(pp, "&"))
// Only output each host + path + params combination once
if _, exists := seen[key]; exists {
continue
}
seen[key] = true
interesting := 0
for _, check := range checks {
if check(u) {
interesting++
}
}
if interesting > 0 {
fmt.Println(sc.Text())
}
}
}
// qsCheck looks a key=value pair from a query
// string and returns true if it looks interesting
func qsCheck(k, v string) bool {
k = strings.ToLower(k)
v = strings.ToLower(v)
// the super-common utm_referrer etc
// are rarely interesting
if strings.HasPrefix(k, "utm_") {
return false
}
// value checks
return strings.HasPrefix(v, "http") ||
strings.Contains(v, "{") ||
strings.Contains(v, "[") ||
strings.Contains(v, "/") ||
strings.Contains(v, "\\") ||
strings.Contains(v, "<") ||
strings.Contains(v, "(") ||
// shoutout to liveoverflow ;)
strings.Contains(v, "eyj") ||
// key checks
strings.Contains(k, "redirect") ||
strings.Contains(k, "debug") ||
strings.Contains(k, "password") ||
strings.Contains(k, "passwd") ||
strings.Contains(k, "file") ||
strings.Contains(k, "fn") ||
strings.Contains(k, "template") ||
strings.Contains(k, "include") ||
strings.Contains(k, "require") ||
strings.Contains(k, "url") ||
strings.Contains(k, "uri") ||
strings.Contains(k, "src") ||
strings.Contains(k, "href") ||
strings.Contains(k, "func") ||
strings.Contains(k, "callback")
}
func isBoringStaticFile(u *url.URL) bool {
exts := []string{
// OK, so JS could be interesting, but 99% of the time it's boring.
".js",
".html",
".htm",
".svg",
".eot",
".ttf",
".woff",
".woff2",
".png",
".jpg",
".jpeg",
".gif",
}
p := strings.ToLower(u.EscapedPath())
for _, e := range exts {
if strings.HasSuffix(p, e) {
return true
}
}
return false
}
About Online Golang Compiler
Try our Online Golang Compiler (Version Go v1.18.1) to Edit, Run, and Share your Golang Code directly from your browser. This online development environment provides you the latest version Go v1.18.1.
How to use Online Golang Compiler?
Write and Execute Code
- Write your program (or, paste it) directly under the "Source Code" tab.
- If you want to save your program, go to the "Project" menu and save it.
- You can directly execute your program without saving it by clicking on on "Execute" button.
User Input
The latest version of Coding Ground allows to provide program input at run time from the termnial window exactly the same way as you run your program at your own computer. So simply run a program and provide your program input (if any) from the terminal window available in the right side.
Online Golang Compiler: Keyboard Shortcuts
The following are the keyword shortcut of this Online Golang Compiler:
Shortcut | Description |
⌘ + Enter | Run the program |
⌘ + S | Save Project (Login Required) |
⇧ + ⌘ + S | Save As Project |
⌘ + P | New Project |
⌘ + G | Share Project |
⌘ + Z | Undo Editing |
⌘ + Y | Redo Editing |
⌘ + A | Select All Text |
⌘ + X | Cut Selected Text |
⌘ + C | Copy Selected Text |
⌘ + V | Paste Copied Text |
⌘ + F | Search Text |
⌘ + ⌥ + F | Replace Text |
Shortcut | Description |
Ctrl + Enter | Run the program |
Ctrl + S | Save Project |
Shift + Ctrl + S | Save As Project |
Ctrl + G | Share Project |
Ctrl + Z | Undo Editing |
Ctrl + Y | Redo Editing |
Ctrl + A | Select All Text |
Ctrl + X | Cut Selected Text |
Ctrl + C | Copy Selected Text |
Ctrl + V | Paste Copied Text |
Ctrl + F | Search Text |
Ctrl + H | Replace Text |
Online Golang Compiler: Save and Share Golang Code (Project)
Save Golang Project Online
You can save your Golang Project with us so that you can access this project later on. To save a project you will need to create a login Id with us. So before you save a project, please create a login Id using a link given at the top right corner of this page.
Share Golang Project Online
You can use this feature to share your Golang Code with your teachers, classmates and colleagues. Just click Share Button and it will create a short link, which can be shared through Email, WhatsApp or even through Social Media. A shared link will be deleted if it has been passive for almost 3 months.
More Features of Online Golang Compiler
- Theme – You can change the current editor's theme from the "Editor Theme" option under "Settings" menu.
- Font Size – You can change the font size of the editor /compiler from from the "Font Size" option under "Settings" menu.
- Tab Size – You can change the tab size from the "Tab Size" option under "Settings" Menu.
- Show/Hide Line Numbers – You can show/hide the line number with the code from the "Show Line Numbers" or "Hide Line Numbers" option under "Settings" Menu.
- And, many more.
Benefits of Using Online Golang Compiler
There are several benefits of using the Online Golang Compiler to run your Golang code:
- Platform independence: You can run your code from any device without taking care of operating systems.
- Convenience: You don't need to install anything for using this.
- No setup required: There is no need for additional setup to run your code.
- Updated version: Our online compiler/editors/terminals are the latest up-to-date.