Add multiple url support

hupe1980 · Dec 19, 2021 · 4adec6c · 4adec6c
1 parent fda81f1
commit 4adec6c
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -172,10 +172,11 @@ Global Flags:
 Send specially crafted requests to an url
 ```
 Usage:
-  scan4log4shell remote url [url] [flags]
+  scan4log4shell remote url [urls] [flags]
 
 Examples:
 - Scan a url: scan4log4shell remote url https://target.org
+- Scan multiple urls: scan4log4shell remote url https://target1.org https://target2.org
 - TCP catcher: scan4log4shell remote url https://target.org --catcher-type tcp --caddr 172.20.0.30:4444
 
 Flags:

diff --git a/cmd/remote_url.go b/cmd/remote_url.go
@@ -23,10 +23,11 @@ func newRemoteURLCmd(noColor *bool, output *string, verbose *bool) *cobra.Comman
 	opts := &remoteURLOptions{}
 
 	cmd := &cobra.Command{
-		Use:   "url [url]",
+		Use:   "url [urls]",
 		Short: "Send specially crafted requests to an url",
 		Args:  cobra.MinimumNArgs(1),
 		Example: `- Scan a url: scan4log4shell remote url https://target.org
+- Scan multiple urls: scan4log4shell remote url https://target1.org https://target2.org
 - TCP catcher: scan4log4shell remote url https://target.org --catcher-type tcp --caddr 172.20.0.30:4444`,
 		SilenceUsage:  true,
 		SilenceErrors: true,
@@ -47,8 +48,6 @@ func newRemoteURLCmd(noColor *bool, output *string, verbose *bool) *cobra.Comman
 				color.NoColor = true
 			}
 
-			targetURL := args[0]
-
 			printInfo("Log4Shell CVE-2021-44228 Remote Vulnerability Scan")
 
 			ctx, cancel := context.WithCancel(context.Background())
@@ -101,8 +100,6 @@ func newRemoteURLCmd(noColor *bool, output *string, verbose *bool) *cobra.Comman
 				}()
 			}
 
-			printInfo("Start scanning CIDR %s\n---------", targetURL)
-
 			scanner, err := internal.NewRemoteScanner(remoteOpts)
 			if err != nil {
 				return err
@@ -118,27 +115,33 @@ func newRemoteURLCmd(noColor *bool, output *string, verbose *bool) *cobra.Comman
 
 			errs := make(chan error)
 
-			for _, payload := range scanner.Payloads() {
-				if err := sem.Acquire(ctx, 1); err != nil {
-					return err
-				}
+			for _, targetURL := range args {
+				printInfo("Start scanning CIDR %s\n---------", targetURL)
 
-				if *verbose {
-					printInfo("Checking %s for %s", payload, targetURL)
-				}
+				for _, payload := range scanner.Payloads() {
+					if err := sem.Acquire(ctx, 1); err != nil {
+						return err
+					}
 
-				wg.Add(1)
+					if *verbose {
+						printInfo("Checking %s for %s", payload, targetURL)
+					}
 
-				go func(payload string) {
-					defer func() {
-						wg.Done()
-						sem.Release(1)
-					}()
+					wg.Add(1)
 
-					if err := scanner.Scan(ctx, opts.requestType, targetURL, payload); err != nil {
-						errs <- err
-					}
-				}(payload)
+					go func(targetURL, payload string) {
+						defer func() {
+							wg.Done()
+							sem.Release(1)
+						}()
+
+						if err := scanner.Scan(ctx, opts.requestType, targetURL, payload); err != nil {
+							errs <- err
+						}
+					}(targetURL, payload)
+				}
+
+				printInfo("All request to %s have been sent", targetURL)
 			}
 
 			go func() {
@@ -153,7 +156,7 @@ func newRemoteURLCmd(noColor *bool, output *string, verbose *bool) *cobra.Comman
 				}
 			}
 
-			printInfo("Completed scanning of CIDR %s", targetURL)
+			printInfo("Completed scanning")
 			if opts.catcherType != noCatcher {
 				printInfo("Waiting for incoming callbacks!")
 				printInfo("Use ctrl+c to stop the program.")