diff --git a/src/main/java/com/bcvgh/controller/AddPocController.java b/src/main/java/com/bcvgh/controller/AddPocController.java index 1c60e7d..50dca1b 100644 --- a/src/main/java/com/bcvgh/controller/AddPocController.java +++ b/src/main/java/com/bcvgh/controller/AddPocController.java @@ -74,7 +74,7 @@ public void initialize(){ // this.tag.setItems(FXCollections.observableList(PocUtil.getTags())); this.tag.setItems(FXCollections.observableList(new ArrayList<>(PocUtil.TagCn.values()))); this.poc_header.setPromptText(Constant.StringHeader); // 设置默认字符 - this.name.setPromptText("用友NCcloud uapjs上传命令执行"); + this.name.setPromptText("xxxx漏洞"); this.name.setStyle("-fx-prompt-text-fill: lightgray;"); this.poc_get.setPromptText("/api/upload"); this.poc_get.setStyle("-fx-prompt-text-fill: lightgray;"); diff --git a/src/main/java/com/bcvgh/controller/MainPageController.java b/src/main/java/com/bcvgh/controller/MainPageController.java index 965cc16..df5f8a8 100644 --- a/src/main/java/com/bcvgh/controller/MainPageController.java +++ b/src/main/java/com/bcvgh/controller/MainPageController.java @@ -31,6 +31,7 @@ public class MainPageController { private static final Logger LOGGER = LogManager.getLogger(MainPageController.class.getName()); + @FXML void RemoteUpdatePOC(ActionEvent event){ Stage newTargetStage = new Stage(); diff --git a/src/main/java/com/bcvgh/controller/VulManagerController.java b/src/main/java/com/bcvgh/controller/VulManagerController.java index e12ac93..4520330 100644 --- a/src/main/java/com/bcvgh/controller/VulManagerController.java +++ b/src/main/java/com/bcvgh/controller/VulManagerController.java @@ -117,7 +117,7 @@ public void initialize(){ } }catch (Exception e){ LOGGER.error(e); - this.dnsUrlCheck.getScene().getWindow().hide(); +// this.dnsUrlCheck.getScene().getWindow().hide(); return; } this.threadNum.setText("5"); diff --git a/src/main/java/com/bcvgh/core/exploit/BaseTemplate.java b/src/main/java/com/bcvgh/core/exploit/BaseTemplate.java index f7274c5..adbf065 100644 --- a/src/main/java/com/bcvgh/core/exploit/BaseTemplate.java +++ b/src/main/java/com/bcvgh/core/exploit/BaseTemplate.java @@ -1,5 +1,8 @@ package com.bcvgh.core.exploit; +import com.bcvgh.core.exploit.pojo.ResPattern; import com.bcvgh.core.pojo.Payload; +import com.bcvgh.utils.Response; + import java.util.HashMap; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -10,6 +13,7 @@ public class BaseTemplate { public String tag; public String type; public HashMap header; + private String ResText; public BaseTemplate(String url, Payload payload) { @@ -19,6 +23,28 @@ public BaseTemplate(String url, Payload payload) { this.type = payload.type; } +// public String resMatch(Response response,Pattern) + + public String resMatch(Response response, String PatternText){ + ResPattern resPattern = new ResPattern(PatternText); + if (resPattern.getResType().equals("text")){ + this.ResText = response.getText(); + } + if (resPattern.getResType().equals("head")){ + this.ResText = response.getHead(); + } + + try { + Matcher matcher = resPattern.getPattern().matcher(this.ResText); + if (matcher.find()){ + return matcher.group(1); + } + }catch (Exception e){ + return null; + } + return null; + } + public String resMatch(String resText,Pattern pattern){ try { Matcher matcher = pattern.matcher(resText); diff --git a/src/main/java/com/bcvgh/core/exploit/exp/ExpTemplateImp.java b/src/main/java/com/bcvgh/core/exploit/exp/ExpTemplateImp.java index 1f7d0d7..0076107 100644 --- a/src/main/java/com/bcvgh/core/exploit/exp/ExpTemplateImp.java +++ b/src/main/java/com/bcvgh/core/exploit/exp/ExpTemplateImp.java @@ -21,7 +21,7 @@ public class ExpTemplateImp extends BaseTemplate implements ExpTemplate { public Input input ; public Object expPost; public String expGet; - public Pattern pattern; + public String patternText; public String status_code; public ExpTemplateImp(String url, Payload payload , Input input) { @@ -64,7 +64,7 @@ public void initStep(String value){ }else { this.expPost = null; } - this.pattern = Pattern.compile(stepContent.getString("pattern") , Pattern.DOTALL); + this.patternText = stepContent.getString("pattern"); this.header = new HashMap<>(stepContent.getJSONObject("header")); this.status_code = stepContent.getString("status_code"); if (this.result.keySet().contains("result")) this.result.remove("result"); @@ -79,7 +79,7 @@ public Boolean ExpRequest(Response res,String type) { this.isExploited = false; return true; } - String resText = this.resMatch(res.getText(),this.pattern); + String resText = this.resMatch(res,this.patternText); if (resText!=null){ this.isExploited = true; if (type.equals("upload") && (this.resMatch(resText,Pattern.compile("(.*\\.[a-zA-Z]{1,4})")))!=null){ diff --git a/src/main/java/com/bcvgh/core/exploit/poc/PocTemplateImp.java b/src/main/java/com/bcvgh/core/exploit/poc/PocTemplateImp.java index eaa05c9..71a4822 100644 --- a/src/main/java/com/bcvgh/core/exploit/poc/PocTemplateImp.java +++ b/src/main/java/com/bcvgh/core/exploit/poc/PocTemplateImp.java @@ -24,7 +24,7 @@ public class PocTemplateImp extends BaseTemplate implements PocTemplate { public Object pocPost; public String pocGet; - public Pattern pattern; + public String patternText; public HashMap header; public String status_code; public Poc poc; @@ -47,7 +47,7 @@ public PocTemplateImp(String url, Payload payload, Input input ,TextArea textAre this.pocPost = this.poc.getPocPost(); } - this.pattern = this.poc.getPattern(); + this.patternText = this.poc.getPatternText(); this.status_code = this.poc.getstatus_code(); // this.textArea = textArea; @@ -68,7 +68,7 @@ public void checkVul() { @Override public void PocRequest(Response res) { if (Arrays.asList(this.status_code.split(",")).contains(String.valueOf(res.getCode())) && (res.getText()==null || !res.getText().contains("Burp Suite"))){ - String resText = this.resMatch(res.getText(), this.pattern); + String resText = this.resMatch(res, this.patternText); if (resText != null || (resText == null && res.getCode() != 200)) { if (!this.input.getDnslog().equals("127.0.0.1") && (this.payload.StringPayload.contains(this.input.getDnslog()) || JSON.toJSONString(this.payload.poc).contains("{{serialization}}"))) { DnsApi dnsApi = new DnsApi(this.input.getDnslog(), Constant.ConfigPath); diff --git a/src/main/java/com/bcvgh/core/exploit/pojo/ResPattern.java b/src/main/java/com/bcvgh/core/exploit/pojo/ResPattern.java new file mode 100644 index 0000000..16d9793 --- /dev/null +++ b/src/main/java/com/bcvgh/core/exploit/pojo/ResPattern.java @@ -0,0 +1,44 @@ +package com.bcvgh.core.exploit.pojo; + +import com.bcvgh.utils.Response; + +import java.util.regex.Pattern; + +public class ResPattern { + + private Pattern pattern; + private String ResType; + + public Pattern getPattern() { + return pattern; + } + + public void setPattern(Pattern pattern) { + this.pattern = pattern; + } + + public String getResType() { + return ResType; + } + + public void setResType(String resType) { + ResType = resType; + } + + public ResPattern(String patternString) { + if (patternString.split("head:",2).length>1){ + this.ResType = "head"; + this.pattern = Pattern.compile(patternString.split("head:",2)[1] , Pattern.DOTALL); + }else { + this.ResType = "text"; + this.pattern = Pattern.compile(patternString , Pattern.DOTALL); + } + +/* if (this.ResType == "text"){ + + } + if (this.ResType == "head"){ + + }*/ + } +} diff --git a/src/main/java/com/bcvgh/core/pojo/Poc.java b/src/main/java/com/bcvgh/core/pojo/Poc.java index 64b94bd..a07fb1f 100644 --- a/src/main/java/com/bcvgh/core/pojo/Poc.java +++ b/src/main/java/com/bcvgh/core/pojo/Poc.java @@ -11,14 +11,14 @@ public class Poc { private Object pocPost; private HashMap header; private String status_code; - private Pattern pattern; + private String patternText; public Poc(JSONObject poc) { this.pocGet = poc.getString("pocGet"); this.pocPost = poc.get("pocPost"); this.header = new HashMap(poc.getJSONObject("header")); this.status_code = poc.getString("status_code"); - this.pattern = Pattern.compile(poc.getString("pattern") , Pattern.DOTALL); + this.patternText = poc.getString("pattern"); } public String getPocGet() { @@ -53,12 +53,11 @@ public void setstatus_code(String status_code) { this.status_code = status_code; } - public Pattern getPattern() { - return pattern; + public String getPatternText() { + return patternText; } - public void setPattern(Pattern pattern) { - this.pattern = pattern; + public void setPatternText(String patternText) { + this.patternText = patternText; } - } diff --git a/src/main/java/com/bcvgh/utils/Constant.java b/src/main/java/com/bcvgh/utils/Constant.java index 2dbd5b4..1866470 100644 --- a/src/main/java/com/bcvgh/utils/Constant.java +++ b/src/main/java/com/bcvgh/utils/Constant.java @@ -25,8 +25,10 @@ public class Constant { " \"anheng\": \"安恒\",\n" + " \"hikvision\": \"海康威视\",\n" + " },\n" + - " \"dnsapi\": {\n" + - " \"ceye\": \"xxxxxxxxxxxxxxxxxxxxxxxx\"\n" + + " \"dnslog\": {\n" + + " \"type\": \"ceye\",\n" + + " \"api\": \"http://api.ceye.io/v1/records?token={{token}}&type=dns&filter=\",\n" + + " \"token\": \"xxxxxxxxxxxxx\",\n" + " }\n" + "}"; } diff --git a/src/main/java/com/bcvgh/utils/FileUtil.java b/src/main/java/com/bcvgh/utils/FileUtil.java index 5ce520a..0dcf7f3 100644 --- a/src/main/java/com/bcvgh/utils/FileUtil.java +++ b/src/main/java/com/bcvgh/utils/FileUtil.java @@ -4,9 +4,11 @@ import org.apache.logging.log4j.Logger; import java.io.*; +import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.nio.file.*; import java.nio.file.attribute.BasicFileAttributes; +import java.util.LinkedList; import java.util.List; public class FileUtil { @@ -35,15 +37,23 @@ public static T FileRead(String filePath,T type){ } } if (type instanceof String){ + List list = null; try { - List list = Files.readAllLines(FilePath, StandardCharsets.UTF_8); - content = String.join("\n",list); - return (T) content; + list = Files.readAllLines(FilePath, StandardCharsets.UTF_8); + } catch (IOException e) { - LOGGER.error(e.getMessage()); + try { + list = Files.readAllLines(FilePath, Charset.defaultCharset()); + } catch (IOException ioException) { + LOGGER.error(e.getMessage()); + return null; + } + } + content = String.join("\n",list); } - return null; + return (T) content; + } public static Boolean FileWrite(String filePath,T content ) { diff --git a/src/main/java/com/bcvgh/utils/PocUtil.java b/src/main/java/com/bcvgh/utils/PocUtil.java index 21371ef..6095964 100644 --- a/src/main/java/com/bcvgh/utils/PocUtil.java +++ b/src/main/java/com/bcvgh/utils/PocUtil.java @@ -20,7 +20,7 @@ public static HashMap> getTagVul() throws Exception{ HashMap> tag_vul = new HashMap>(); if (tags!=null){ for (String tag : tags){ - if (tag.equals("config.json")) continue; + if (tag.equals("config.json") || tag.equals(".git") || tag.equals("README.md") || tag.equals(".DS_Store")) continue; String[] NamesArray = FileUtil.DirList(Constant.PocPath+ File.separator+tag); ArrayList Names = (ArrayList) Arrays.asList(NamesArray).stream() .map(s -> s.replaceAll("\\.json$", "")) diff --git a/src/test/java/dsadas.java b/src/test/java/dsadas.java index 43ee336..ef9b9f8 100644 --- a/src/test/java/dsadas.java +++ b/src/test/java/dsadas.java @@ -45,6 +45,13 @@ public void teete() throws UnsupportedEncodingException { System.out.println(response.getText()); } + @Test + public void asd() { + String text = "text:(asdasdas:sadasd)"; + System.out.println(text.split("text:",2)[0]); + + } + @Test public void add() throws ExecutionException, InterruptedException { System.out.println("----程序开始运行----"); @@ -189,6 +196,8 @@ public void it() throws UnsupportedEncodingException { } + + class MyCallable implements Callable { private String taskNum;