@@ -2,6 +2,7 @@ package main
22
33import (
44 "bufio"
5+ "crypto/tls"
56 "fmt"
67 "net/http"
78 "net/url"
@@ -52,14 +53,15 @@ var output logger
5253var au aurora.Aurora
5354
5455func main () {
55- urlArg := flag .String ("url" , "" , "The url to get the javascript sources from" )
56+ urlArg := flag .String ("url" , "U " , "The url to get the javascript sources from" )
5657 outputFileArg := flag .String ("output" , "" , "Output file to save the results to" )
5758 inputFileArg := flag .String ("input" , "" , "Input file with urls" )
5859 resolveArg := flag .Bool ("resolve" , false , "Output only existing files" )
5960 completeArg := flag .Bool ("complete" , false , "Complete the url. e.g. append the domain to the path" )
6061 verboseArg := flag .Bool ("verbose" , false , "Display info of what is going on" )
6162 noColorsArg := flag .Bool ("nocolors" , false , "Enable or disable colors" )
6263 HeaderArg := flag .StringArrayP ("header" , "H" , nil , "Any HTTP headers(-H \" Authorization:Bearer token\" )" )
64+ insecureArg := flag .Bool ("insecure" , false , "Check the SSL security checks. Use when the certificate is expired or invalid" )
6365 flag .Parse ()
6466
6567 au = aurora .NewAurora (! * noColorsArg )
@@ -119,7 +121,7 @@ func main() {
119121 var sourcesBak []string
120122 var completedSuccessfully = true
121123 output .Log ("[+] Getting sources from " + e )
122- sources , err := getScriptSrc (e , * HeaderArg )
124+ sources , err := getScriptSrc (e , * HeaderArg , * insecureArg )
123125 if err != nil {
124126 output .Error (fmt .Sprintf ("[!] Couldn't get sources from %s" , e ), err )
125127 }
@@ -187,7 +189,7 @@ func saveToFile(sources []string, path string) error {
187189 return w .Flush ()
188190}
189191
190- func getScriptSrc (url string , headers []string ) ([]string , error ) {
192+ func getScriptSrc (url string , headers []string , insecure bool ) ([]string , error ) {
191193 // Request the HTML page.
192194 req , err := http .NewRequest ("GET" , url , nil )
193195 if err != nil {
@@ -202,7 +204,20 @@ func getScriptSrc(url string, headers []string) ([]string, error) {
202204 }
203205 }
204206
205- client := new (http.Client )
207+ tr := & http.Transport {
208+ TLSClientConfig : & tls.Config {InsecureSkipVerify : false },
209+ }
210+
211+ var client = & http.Client {
212+ Transport : tr ,
213+ }
214+
215+ if insecure {
216+ client .Transport = & http.Transport {
217+ TLSClientConfig : & tls.Config {InsecureSkipVerify : true },
218+ }
219+ }
220+
206221 res , err := client .Do (req )
207222 if err != nil {
208223 return []string {}, err
0 commit comments