Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/LubyRuffy/gofofa

fofa client in Go
https://github.com/LubyRuffy/gofofa

Last synced: 21 days ago
JSON representation

fofa client in Go

Awesome Lists containing this project

README

        

# gofofa

fofa client in Go

[![Test status](https://github.com/lubyruffy/gofofa/workflows/Go/badge.svg)](https://github.com/lubyruffy/gofofa/actions?query=workflow%3A%22Go%22)
[![codecov](https://codecov.io/gh/lubyruffy/gofofa/branch/main/graph/badge.svg)](https://codecov.io/gh/lubyruffy/gofofa)
[![License: MIT](https://img.shields.io/github/license/lubyruffy/gofofa)](https://github.com/LubyRuffy/gofofa/blob/main/LICENSE)
[![Go Report Card](https://goreportcard.com/badge/github.com/lubyruffy/gofofa)](https://goreportcard.com/report/github.com/lubyruffy/gofofa)
[![Codacy Badge](https://app.codacy.com/project/badge/Grade/3eadab4e412e4c3494bbc5f188d441e8)](https://www.codacy.com/gh/LubyRuffy/gofofa/dashboard?utm_source=github.com&utm_medium=referral&utm_content=LubyRuffy/gofofa&utm_campaign=Badge_Grade)
[![Github Release](https://img.shields.io/github/release/lubyruffy/gofofa/all.svg)](https://github.com/lubyruffy/gofofa/releases)
[![Go Reference](https://pkg.go.dev/badge/github.com/LubyRuffy/gofofa.svg)](https://pkg.go.dev/github.com/LubyRuffy/gofofa)

## Background

The official library doesn't has unittests, 之前官方的库功能不全,代码质量差,完全没有社区活跃度,不符合开源项目的基本要求。因此,想就fofa的客户端作为练手,解决上述问题。

## Usage

### Build and run

```
~ go install github.com/LubyRuffy/gofofa/cmd/fofa@latest
~ fofa
~ FOFA_CLIENT_URL='https://fofa.info/[email protected]&key=xxx' fofa search port=80
```

### Search

- search query, only query needed:

```shell
./fofa search port=80
./fofa search 'port=80 && protocol=ftp'
```

- search short, default subcommand is search:

```shell
./fofa domain=qq.com
```

- custom fields, default 'ip,port':

```shell
./fofa search --fields host,ip,port,protocol,lastupdatetime 'port=6379'
./fofa search -f host,ip,port,protocol,lastupdatetime 'port=6379'
```

- custom size, default 100:

```shell
./fofa search --size 10 'port=6379'
./fofa search -s 10 'port=6379'
```

if size is larger than your account free limit, you can set `-deductMode` to decide whether deduct fcoin automatically or not

- custom out format, default csv:
can be csv/json/xml, line by line

```shell
./fofa search --format=json 'port=6379'
./fofa search --format json 'port=6379'
```

- write to file, default stdout:

```shell
./fofa search --outFile a.txt 'port=6379'
./fofa search -o a.txt 'port=6379'
```

- fix host to url:

```shell
./fofa --size 2 --fields "host" title=Gitblit
47.92.145.232:8998
https://114.55.35.145:8443
./fofa --size 2 --fields "host" --fixUrl title=Gitblit
http://47.92.145.232:8998
https://114.55.35.145:8443
./fofa --size 2 --fields "host" --fixUrl title=Gitblit
```
use another url prefix:
```shell
./fofa --size 1 --fields "host" --fixUrl --urlPrefix "redis://" protocol=redis
redis://152.136.145.87:6379
```

- verbose mode

```shell
./fofa --verbose search port=80
```

- pipeline to nuclei

```shell
./fofa -fields "host" -fixUrl 'app="Aspera-Faspex"' | nuclei -t http/cves/2022/CVE-2022-47986.yaml
```

- uniq by ip

```shell
./fofa --fixUrl --size 1000 --fields host --uniqByIP 'host="edu.cn"'
```

- pipeline with parallel mode

```shell
fofa -f ip "is_ipv6=false && port=22" | fofa -f ip -uniqByIP -template "port=8443 && ip={}"
```
can use `-rate 3` to increase rate limit, default is 2

### Stats

- stats subcommand

```shell
./fofa stats --fields title,country title="hacked by"
```
![fofa stats](./data/fofa_stats.png)

### Icon

- icon subcommand

search icon at fofa:

```shell
./fofa icon --open ./data/favicon.ico
./fofa icon --open https://fofa.info/favicon.ico
./fofa icon --open http://www.baidu.com
```

calc local file icon hash:

```shell
./fofa icon ./data/favicon.ico
```

calc remote icon hash:

```shell
./fofa icon https://fofa.info/favicon.ico
```

calc remote homepage icon hash:

```shell
./fofa icon http://www.baidu.com
```

### Host

- host subcommand

```shell
./fofa host demo.cpanel.net
Host: demo.cpanel.net
IP: 208.74.120.133
ASN: 33522
ORG: CPANEL-INC
Country: United States of America
CountryCode: US
Ports: [2078 3306 2079 2082 143 993 2086 2095 2083 2087 110 2080 80 995 2096 2077 443]
Protocols: imaps,mysql,https,imap,pop3s,http,pop3
Categories: Server Management
Products: cPanel-MGMT-Products
UpdateTime: 2022-05-30 17:00:00
```

### Dump

- dump large-scale data

```shell
./fofa dump --format json -fixUrl -outFile a.json -batchSize 10000 'title=phpinfo'
```

- dump large-scale data by queries file (line by line)

```shell

cat queries.txt
port=13344
port=23455

# csv
./fofa dump -outFile out.csv -inFile queries.txt

# json
./fofa dump -inFile queries.txt -outFile out.json -j
2023/08/09 10:05:33 dump data of query: port=13344
2023/08/09 10:05:35 size: 11/11, 100.00%
2023/08/09 10:05:35 dump data of query: port=23455
2023/08/09 10:05:37 size: 499/499, 100.00%
```

### Domains

- domain subcommand 主要用于最简单的拓线

add domains mode to extend domains from domain, through certs
```shell
fofa domains -s 1000 -withCount baidu.com
baidu.com 660
dwz.cn 620
dlnel.com 614
bcehost.com 614
bdstatic.com 614
......
......
```

withCount mean with domain count value, you can also use `-uniqByIP` to uniq by ip:
```shell
fofa domains -s 1000 -withCount -uniqByIP baidu.com
baidu.com 448
dwz.cn 410
aipage.cn 406

```

### Utils

- random subcommand

random generate date from fofa, line by line
```shell
./fofa random
./fofa random -f host,ip,port,lastupdatetime,title,header,body --format json
```

every 500ms generate one line, never stop

```shell
./fofa random -s -1 -sleep 500
```

- count subcommand

```shell
./fofa count port=80
```

- account subcommand

```shell
./fofa account
```

- version

```shell
./fofa --version
```

## Features

- ☑ Cross-platform
- ☑ Windows
- ☑ Linux
- ☑ Mac
- ☑ Code coverage > 90%
- ☑ As SDK
- ☑ Client: NewClient
- ☑ HostSearch
- ☑ HostSize
- ☑ AccountInfo
- ☑ IconHash
- ☑ support cancel through SetContext
- ☑ As Client
- ☑ Sub Commands
- ☑ account
- ☑ search
- ☑ query
- ☑ fields/f
- ☑ size/s
- group/g 根据字段聚合:group by ip 根据ip合并,比如查询一个app会有很多域名,其中多个域名对应一个ip,这时只测试其中一个就好了
- ☑ fixUrl build valid url,默认的字段如果是http的话前面没有http://前缀,导致命令行一些工具不能使用,通过这个参数进行修复
- ☑ can use with urlPrefix, such as use `app://` instead of `http://`
- ☑ support socks5
- ☑ support redis
- ☑ full 匹配所有,而不只是一年内的
- ☑ format
- ☑ csv
- ☑ json
- ☑ xml
- ☐ table
- ☐ excel
- ☑ outFile/o
- ☑ stats
- ☑ icon
- ☐ web
- ☑ dump https://en.fofa.info/api/batches_pages large-scale data retrieval
- ☑ domains
- ☑ Terminal color
- ☑ Global Config
- ☑ fofaURL
- ☑ deductMode
- ☑ Envirement
- ☑ FOFA_CLIENT_URL format: /?email=\&key=\&version=\
- ☑ FOFA_SERVER
- ☑ FOFA_EMAIL
- ☑ FOFA_KEY
- ☐ Publish
- ☑ github
- ☐ brew
- ☐ apt
- ☐ yum

## Scenes

### How to dump all domains that cert is valid and contains google?

```shell
./fofa stats -f domain -s 100 'cert.is_valid=true && (cert="google")'
```