Output the help information for the detected system language

Author: sule01u

sbscan.py

@@ -8,31 +8,29 @@
 """
 import sys
 import signal
+import locale
 from click import Command, Context
 import click
 from managers.proxy_manager import ProxyManager
 from managers.scanner_manager import ScannerManager
 from utils.logging_config import configure_logger
 from utils.args_prase import ArgumentParser
-from utils.banner import banner
+from utils.banner import banner, help_info_en, help_info_zh
 logger = configure_logger(__name__)
 
+system_lang = locale.getlocale()[0]
 
-class CustomCommand(Command):
-    def format_usage(self, ctx: Context, formatter):
-        formatter.write_text("python3 sbscan.py [OPTIONS]")
 
-
-@click.command(cls=CustomCommand, add_help_option=False)
+@click.command(add_help_option=False)
 @click.option("-u", "--url", type=str, help="对单个URL进行扫描")
 @click.option("-f", "--file", help="读取文件中的url进行扫描", type=click.Path(exists=True))
 @click.option("-m", "--mode", type=str, help="扫描模式选择: [path/cve/all], 默认all", default="all")
-@click.option("-p", "--proxy", type=str, help="使用HTTP代理")
+@click.option("-p", "--proxy", type=str, help="指定HTTP代理")
 @click.option("-t", "--threads", type=int, help="并发线程数, 默认单线程", default=1)
 @click.option("-ff", "--fingerprint_filter", is_flag=True, help="只对存在spring指纹的网站开始扫描")
 @click.option("-d", "--dnslog", type=str, help="指定dnslog域名", default="")
 @click.option("-q", "--quiet", is_flag=True, help="纯净版输出，仅输出命中的结果")
-@click.option("-h", "--help", is_flag=True, callback=lambda ctx, param, value: ctx.exit(click.echo(ctx.get_help()) or 0) if value else None, expose_value=False, help="显示帮助信息")
+@click.option("-h", "--help", is_flag=True, callback=lambda ctx, param, value: ctx.exit(click.secho(help_info_zh if system_lang.startswith("zh_CN") else help_info_en, fg='cyan') or 0) if value else None, expose_value=False, help="显示帮助信息")
 def main(url, file, mode, proxy, dnslog, threads, fingerprint_filter, quiet):
     try:
         # 参数解析与验证

scanners/cve_scanners/cve_2018_1273.py

@@ -48,11 +48,11 @@ def check(url, dns_domain, proxies=None):
         res = requests.post(target_url, headers=headers, timeout=TIMEOUT, data=payload, verify=False, proxies=proxies)
         logger.debug(Fore.CYAN + f"[{res.status_code}]" + Fore.BLUE + f"[{res.headers}]", extra={"target": target_url})
         if res.status_code == 500:
-            details = f"可能存在{CVE_ID}[无回显漏洞]的RCE漏洞"
+            details = f"{CVE_ID} vulnerability detected"
             if dns_domain == "dnslog.cn":
-                details += "，建议使用--dnslog参数指定你的dnslog域名后再次扫描"
+                details += ",use the --dnslog parameter to specify your dnslog domain and then scan again"
             else:
-                details += "，请查看你的dnslog记录确认"
+                details += ",please check your dnslog record for confirmation"
 
             logger.info(Fore.RED + f"[{CVE_ID} vulnerability detected!]", extra={"target": target_url})
             return True, {

scanners/cve_scanners/cve_2019_3799.py

@@ -40,7 +40,7 @@ def check(url, dns_domain, proxies=None):
             return True, {
                 "CVE_ID": CVE_ID,
                 "URL": target_url,
-                "Details": f"检测到{CVE_ID}的RCE漏洞",
+                "Details": f"{CVE_ID} vulnerability detected",
                 "response": res.text[:200] + "...."
             }
         logger.info(f"[{CVE_ID} vulnerability not detected]", extra={"target": url})

scanners/cve_scanners/cve_2021_21234.py

@@ -54,7 +54,7 @@ def check(url, dns_domain, proxies=None):
                 return True, {
                     "CVE_ID": CVE_ID,
                     "URL": target_url,
-                    "Details": f"检测到{CVE_ID}的RCE漏洞",
+                    "Details": f"{CVE_ID} vulnerability detected",
                     "response": res.text[:200] + "...."
                 }
         except requests.RequestException as e:

scanners/cve_scanners/cve_2022_22947.py

@@ -59,7 +59,7 @@ def check(url, dns_domain, proxies=None):
             return True, {
                 "CVE_ID": CVE_ID,
                 "URL": res3.url,
-                "Details": f"检测到{CVE_ID}的RCE漏洞",
+                "Details": f"{CVE_ID} vulnerability detected",
                 "response": res3.json()
             }
         logger.info(f"[{CVE_ID} vulnerability not detected]", extra={"target": url})

scanners/cve_scanners/cve_2022_22963.py

@@ -41,11 +41,11 @@ def check(url, dns_domain, proxies=None):
         logger.debug(Fore.CYAN + f"[{res.status_code}]" + Fore.BLUE + f"[{res.headers}]", extra={"target": target_url})
         # 检查响应内容来判断漏洞是否存在
         if res.status_code == 500 and '"error":"Internal Server Error"' in res.text:
-            details = f"可能存在{CVE_ID}[无回显漏洞]的RCE漏洞"
+            details = f"{CVE_ID} vulnerability detected!"
             if dns_domain == "dnslog.cn":
-                details += "，建议使用--dnslog参数指定你的dnslog域名后再次扫描"
+                details += ",use the --dnslog parameter to specify your dnslog domain and then scan again"
             else:
-                details += "，请查看你的dnslog记录确认"
+                details += ",Please check your dnslog record for confirmation"
 
             logger.info(Fore.RED + f"[{CVE_ID} vulnerability detected!]", extra={"target": target_url})
             return True, {

scanners/cve_scanners/cve_2022_22965.py

@@ -58,7 +58,7 @@ def check(url, dns_domain, proxies=None):
             return True, {
                 "CVE_ID": CVE_ID,
                 "URL": target_url,
-                "Details": f"检测到{CVE_ID}的RCE漏洞"
+                "Details": f"{CVE_ID} vulnerability detected"
             }
         else:
             parsed_url = urlparse(target_url)
@@ -71,7 +71,7 @@ def check(url, dns_domain, proxies=None):
                 return True, {
                     "CVE_ID": CVE_ID,
                     "URL": target_url_root,
-                    "Details": f"检测{CVE_ID}的RCE漏洞"
+                    "Details": f"{CVE_ID} vulnerability detected"
                 }
         logger.info(f"[{CVE_ID} vulnerability not detected]", extra={"target": url})
         return False, {}

utils/banner.py

@@ -10,6 +10,34 @@
 from rich.console import Console
 console = Console()
 
+help_info_en = """
+python3 sbscan.py [OPTIONS]
+
+    -u  --url: Scan a single URL
+    -f  --file: Read URLs from a file for scanning
+    -m  --mode: Scan mode selection: [path/cve/all], default is 'all'
+    -p  --proxy: Specify an HTTP proxy
+    -t  --threads: Number of concurrent threads, default is single-threaded
+    -ff  --fingerprint_filter: Scan only websites with a Spring fingerprint
+    -d  --dnslog: Specify a dnslog domain
+    -q  --quiet: Quiet mode, only outputs the results
+    -h  --help: Show this help information
+"""
+
+help_info_zh = """
+python3 sbscan.py [OPTIONS]
+
+    -u  --url: 对单个URL进行扫描
+    -f  --file: 从文件读取URL进行扫描
+    -m  --mode: 扫描模式选择: [path/cve/all], 默认为'all'
+    -p  --proxy: 指定HTTP代理
+    -t  --threads: 并发线程数, 默认单线程
+    -ff  --fingerprint_filter: 只对存在Spring指纹的网站进行扫描
+    -d  --dnslog: 指定dnslog域名
+    -q  --quiet: 纯净版输出，仅输出命中的结果
+    -h  --help: 显示帮助信息
+"""
+
 
 def banner():
     colors = ["red", "green", "yellow", "blue", "magenta", "cyan", "white"]
@@ -24,7 +52,7 @@ def banner():
         r"name: SBSCAN",
         r"author: sule01u",
         r"from: [underline]https://github.com/sule01u/SBSCAN[/underline]",
-        r"desc: springboot information leak scanning & spring vulnerability scanning",
+        r"desc: springboot information leak scanner && spring vulnerability scanner",
         r"" 
         ""
     ]