Add files via upload

src/main/java/com/bcvgh/controller/AddPocController.java

@@ -74,7 +74,7 @@ public void initialize(){
 //        this.tag.setItems(FXCollections.observableList(PocUtil.getTags()));
         this.tag.setItems(FXCollections.observableList(new ArrayList<>(PocUtil.TagCn.values())));
         this.poc_header.setPromptText(Constant.StringHeader); // 设置默认字符
-        this.name.setPromptText("用友NCcloud uapjs上传命令执行");
+        this.name.setPromptText("xxxx漏洞");
         this.name.setStyle("-fx-prompt-text-fill: lightgray;");
         this.poc_get.setPromptText("/api/upload");
         this.poc_get.setStyle("-fx-prompt-text-fill: lightgray;");

src/main/java/com/bcvgh/controller/MainPageController.java

@@ -31,6 +31,7 @@ public class MainPageController {
     private static final Logger LOGGER = LogManager.getLogger(MainPageController.class.getName());
 
 
+
     @FXML
     void RemoteUpdatePOC(ActionEvent event){
         Stage newTargetStage = new Stage();

src/main/java/com/bcvgh/controller/VulManagerController.java

@@ -117,7 +117,7 @@ public void initialize(){
             }
         }catch (Exception e){
             LOGGER.error(e);
-            this.dnsUrlCheck.getScene().getWindow().hide();
+//            this.dnsUrlCheck.getScene().getWindow().hide();
             return;
         }
         this.threadNum.setText("5");

src/main/java/com/bcvgh/core/exploit/BaseTemplate.java

@@ -1,5 +1,8 @@
 package com.bcvgh.core.exploit;
+import com.bcvgh.core.exploit.pojo.ResPattern;
 import com.bcvgh.core.pojo.Payload;
+import com.bcvgh.utils.Response;
+
 import java.util.HashMap;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -10,6 +13,7 @@ public class BaseTemplate {
     public String tag;
     public String type;
     public HashMap<String,Object> header;
+    private String ResText;
 
 
     public BaseTemplate(String url, Payload payload) {
@@ -19,6 +23,28 @@ public BaseTemplate(String url, Payload payload) {
         this.type = payload.type;
     }
 
+//    public String resMatch(Response response,Pattern)
+
+    public String resMatch(Response response, String PatternText){
+        ResPattern resPattern = new ResPattern(PatternText);
+        if (resPattern.getResType().equals("text")){
+            this.ResText = response.getText();
+        }
+        if (resPattern.getResType().equals("head")){
+            this.ResText = response.getHead();
+        }
+
+        try {
+            Matcher matcher = resPattern.getPattern().matcher(this.ResText);
+            if (matcher.find()){
+                return matcher.group(1);
+            }
+        }catch (Exception e){
+            return null;
+        }
+        return null;
+    }
+
     public String resMatch(String resText,Pattern pattern){
         try {
             Matcher matcher = pattern.matcher(resText);

src/main/java/com/bcvgh/core/exploit/exp/ExpTemplateImp.java

@@ -21,7 +21,7 @@ public class ExpTemplateImp extends BaseTemplate implements ExpTemplate {
     public Input input ;
     public Object expPost;
     public String expGet;
-    public Pattern pattern;
+    public String patternText;
     public String status_code;
 
     public ExpTemplateImp(String url, Payload payload , Input input) {
@@ -64,7 +64,7 @@ public void initStep(String value){
         }else {
             this.expPost = null;
         }
-        this.pattern = Pattern.compile(stepContent.getString("pattern") , Pattern.DOTALL);
+        this.patternText = stepContent.getString("pattern");
         this.header = new HashMap<>(stepContent.getJSONObject("header"));
         this.status_code = stepContent.getString("status_code");
         if (this.result.keySet().contains("result")) this.result.remove("result");
@@ -79,7 +79,7 @@ public Boolean ExpRequest(Response res,String type) {
             this.isExploited = false;
             return true;
         }
-        String resText = this.resMatch(res.getText(),this.pattern);
+        String resText = this.resMatch(res,this.patternText);
         if (resText!=null){
             this.isExploited = true;
             if (type.equals("upload") && (this.resMatch(resText,Pattern.compile("(.*\\.[a-zA-Z]{1,4})")))!=null){

src/main/java/com/bcvgh/core/exploit/poc/PocTemplateImp.java

@@ -24,7 +24,7 @@
 public class PocTemplateImp extends BaseTemplate implements PocTemplate {
     public Object pocPost;
     public String pocGet;
-    public Pattern pattern;
+    public String patternText;
     public HashMap<String, Object> header;
     public String status_code;
     public Poc poc;
@@ -47,7 +47,7 @@ public PocTemplateImp(String url, Payload payload, Input input ,TextArea textAre
             this.pocPost = this.poc.getPocPost();
         }
 
-        this.pattern = this.poc.getPattern();
+        this.patternText = this.poc.getPatternText();
         this.status_code = this.poc.getstatus_code();
         //
         this.textArea = textArea;
@@ -68,7 +68,7 @@ public void checkVul() {
     @Override
     public void PocRequest(Response res) {
         if (Arrays.asList(this.status_code.split(",")).contains(String.valueOf(res.getCode())) && (res.getText()==null || !res.getText().contains("Burp Suite"))){
-            String resText = this.resMatch(res.getText(), this.pattern);
+            String resText = this.resMatch(res, this.patternText);
             if (resText != null || (resText == null && res.getCode() != 200)) {
                 if (!this.input.getDnslog().equals("127.0.0.1") && (this.payload.StringPayload.contains(this.input.getDnslog()) || JSON.toJSONString(this.payload.poc).contains("{{serialization}}"))) {
                     DnsApi dnsApi = new DnsApi(this.input.getDnslog(), Constant.ConfigPath);

src/main/java/com/bcvgh/core/exploit/pojo/ResPattern.java

@@ -0,0 +1,44 @@
+package com.bcvgh.core.exploit.pojo;
+
+import com.bcvgh.utils.Response;
+
+import java.util.regex.Pattern;
+
+public class ResPattern {
+
+    private Pattern pattern;
+    private String ResType;
+
+    public Pattern getPattern() {
+        return pattern;
+    }
+
+    public void setPattern(Pattern pattern) {
+        this.pattern = pattern;
+    }
+
+    public String getResType() {
+        return ResType;
+    }
+
+    public void setResType(String resType) {
+        ResType = resType;
+    }
+
+    public ResPattern(String patternString) {
+        if (patternString.split("head:",2).length>1){
+            this.ResType =  "head";
+            this.pattern = Pattern.compile(patternString.split("head:",2)[1] , Pattern.DOTALL);
+        }else {
+            this.ResType = "text";
+            this.pattern = Pattern.compile(patternString , Pattern.DOTALL);
+        }
+
+/*        if (this.ResType == "text"){
+
+        }
+        if (this.ResType == "head"){
+
+        }*/
+    }
+}

src/main/java/com/bcvgh/core/pojo/Poc.java

@@ -11,14 +11,14 @@ public class Poc {
     private Object pocPost;
     private HashMap<String,Object> header;
     private String status_code;
-    private Pattern pattern;
+    private String patternText;
 
     public Poc(JSONObject poc) {
         this.pocGet = poc.getString("pocGet");
         this.pocPost = poc.get("pocPost");
         this.header = new HashMap(poc.getJSONObject("header"));
         this.status_code = poc.getString("status_code");
-        this.pattern = Pattern.compile(poc.getString("pattern") , Pattern.DOTALL);
+        this.patternText = poc.getString("pattern");
     }
 
     public String getPocGet() {
@@ -53,12 +53,11 @@ public void setstatus_code(String status_code) {
         this.status_code = status_code;
     }
 
-    public Pattern getPattern() {
-        return pattern;
+    public String getPatternText() {
+        return patternText;
     }
 
-    public void setPattern(Pattern pattern) {
-        this.pattern = pattern;
+    public void setPatternText(String patternText) {
+        this.patternText = patternText;
     }
-
 }

src/main/java/com/bcvgh/utils/Constant.java

@@ -25,8 +25,10 @@ public class Constant {
             "    \"anheng\": \"安恒\",\n" +
             "    \"hikvision\": \"海康威视\",\n" +
             "  },\n" +
-            "  \"dnsapi\": {\n" +
-            "    \"ceye\": \"xxxxxxxxxxxxxxxxxxxxxxxx\"\n" +
+            "  \"dnslog\": {\n" +
+            "    \"type\": \"ceye\",\n" +
+            "    \"api\": \"http://api.ceye.io/v1/records?token={{token}}&type=dns&filter=\",\n" +
+            "    \"token\": \"xxxxxxxxxxxxx\",\n" +
             "  }\n" +
             "}";
 }

src/main/java/com/bcvgh/utils/FileUtil.java

@@ -4,9 +4,11 @@
 import org.apache.logging.log4j.Logger;
 
 import java.io.*;
+import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.*;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.util.LinkedList;
 import java.util.List;
 
 public class FileUtil {
@@ -35,15 +37,23 @@ public static <T> T FileRead(String filePath,T type){
                 }
             }
             if (type instanceof String){
+                List<String> list = null;
                 try {
-                    List<String> list = Files.readAllLines(FilePath, StandardCharsets.UTF_8);
-                    content = String.join("\n",list);
-                    return (T) content;
+                    list = Files.readAllLines(FilePath, StandardCharsets.UTF_8);
+
                 } catch (IOException e) {
-                    LOGGER.error(e.getMessage());
+                    try {
+                        list = Files.readAllLines(FilePath, Charset.defaultCharset());
+                    } catch (IOException ioException) {
+                        LOGGER.error(e.getMessage());
+                        return null;
+                    }
+
                 }
+                content = String.join("\n",list);
             }
-            return null;
+            return (T) content;
+
     }
 
     public static <T> Boolean FileWrite(String filePath,T content ) {

src/main/java/com/bcvgh/utils/PocUtil.java

@@ -20,7 +20,7 @@ public static HashMap<String, ArrayList<String>> getTagVul() throws Exception{
         HashMap<String, ArrayList<String>> tag_vul = new HashMap<String, ArrayList<String>>();
         if (tags!=null){
             for (String tag : tags){
-                if (tag.equals("config.json")) continue;
+                if (tag.equals("config.json") || tag.equals(".git") || tag.equals("README.md") || tag.equals(".DS_Store")) continue;
                 String[] NamesArray = FileUtil.DirList(Constant.PocPath+ File.separator+tag);
                 ArrayList<String> Names = (ArrayList<String>) Arrays.asList(NamesArray).stream()
                         .map(s -> s.replaceAll("\\.json$", ""))

src/test/java/dsadas.java

@@ -45,6 +45,13 @@ public void teete() throws UnsupportedEncodingException {
         System.out.println(response.getText());
     }
 
+    @Test
+    public void asd() {
+        String text = "text:(asdasdas:sadasd)";
+        System.out.println(text.split("text:",2)[0]);
+
+    }
+
     @Test
     public void add() throws ExecutionException, InterruptedException {
         System.out.println("----程序开始运行----");
@@ -189,6 +196,8 @@ public void it() throws UnsupportedEncodingException {
 
 }
 
+
+
 class MyCallable implements Callable<Object> {
     private String taskNum;