private void checkAExp(Object index) { while (urlMappings.Count > 0) { BatchExps batchExp = null; lock (base_lock) { batchExp = urlMappings.Dequeue(); } if (batchExp == null) { continue; } try { String url = ""; if (BatchCheckListView.Items[batchExp.Index].ForeColor == Color.Green) { continue; } ExpModule exp = getExpByIndex(batchExp.ExpIndex); url = BatchCheckListView.Items[batchExp.Index].SubItems[1].Text; BatchCheckListView.Items[batchExp.Index].SubItems[3].Text = "检测" + exp.Name; ExpVerificationResult result = ExpHandle.Verification(url, exp); result.Index = batchExp.Index; if (result.Code == 1) { BatchCheckListView.Items[result.Index].SubItems[3].Text = result.Result; BatchCheckListView.Items[result.Index].SubItems[2].Text = result.ExpName; BatchCheckListView.Items[result.Index].ForeColor = Color.Green; successProsion++; } if (result.Code == 2) { continue; } } catch { } finally { try { lock (base_lock) { checkNum[batchExp.Index]++; } if (BatchCheckListView.Items[batchExp.Index].ForeColor != Color.Green) { if (checkNum[batchExp.Index] >= expLength) { BatchCheckListView.Items[batchExp.Index].ForeColor = Color.DarkGray; BatchCheckListView.Items[batchExp.Index].SubItems[3].Text = "不存在漏洞"; } } } catch { } Thread.Sleep(1); } } }
private void checkExpForSign(object indexObj) { int index = (int)indexObj; String url = UrlTextBox.Text; String expJson = ScannerExpListView.Items[index].SubItems[5].Text; ExpModule exp = (ExpModule)JsonHandle.toBean <ExpModule>(expJson); ScannerExpListView.Items[index].SubItems[3].Text = "检测中"; try { ExpVerificationResult result = ExpHandle.Verification(url, exp); ScannerExpListView.Items[index].SubItems[6].Text = result.Html; if (!String.IsNullOrEmpty(result.Html)) { ResultTextBox.Text = result.Html; } if (result.Code == 0) { ScannerExpListView.Items[index].SubItems[4].Text = result.Result; ScannerExpListView.Items[index].ForeColor = Color.Red; return; } if (result.Code == 1) { ScannerExpListView.Items[index].SubItems[4].Text = result.Result; ScannerExpListView.Items[index].ForeColor = Color.Green; } if (result.Code == 2) { ScannerExpListView.Items[index].SubItems[4].Text = "连接失败"; ScannerExpListView.Items[index].ForeColor = Color.Red; } } catch { } finally { ScannerExpListView.Items[index].SubItems[3].Text = "检测完成"; } }
public static ExpVerificationResult Verification(String url, ExpModule exp) { String method = exp.ExpContext.Method; String body = exp.ExpContext.Body; if (exp.ExpContext.IsHex) { body = getExpUnHexBody(exp); } LoveCoody.handle.HttpHandle.HttpResult httpEntity = HttpHandle.BaseConn(url, method, body, exp.ExpContext.Encode, exp.ExpContext.Header); ExpVerificationResult result = new ExpVerificationResult(); if (httpEntity == null) { result.Code = 2; result.Result = "连接失败"; return(result); } result.Html = httpEntity.Header + "\r\n" + httpEntity.Body; if (exp.Verification.Type == 0) { if (httpEntity.Code != Convert.ToInt32(exp.Verification.Context)) { result.Code = 0; result.Result = "不存在" + exp.Name; return(result); } result.Code = 1; result.Result = "存在" + exp.Name; result.ExpName = exp.Name; return(result); } if (exp.Verification.Type == 1) { if (exp.Verification.Calc.Equals("等于")) { String resultBody = httpEntity.Body; String value = exp.Verification.Context.Trim(); if (!resultBody.ToLower().Equals(value.ToLower())) { result.Code = 0; result.Result = "不存在" + exp.Name; return(result); } result.Code = 1; result.Result = resultBody; result.ExpName = exp.Name; return(result); } if (exp.Verification.Calc.Equals("包含")) { if (!result.Html.ToLower().Contains(exp.Verification.Context.ToLower().Trim())) { result.Code = 0; result.Result = "不存在" + exp.Name; return(result); } result.Code = 1; result.Result = exp.Verification.Context; result.ExpName = exp.Name; return(result); } if (exp.Verification.Calc.Equals("匹配")) { List <String> list = matchExport(result.Html, new Regex(exp.Verification.Context), new Uri(url).Host); if (list == null || list.Count == 0) { result.Code = 0; result.Result = "不存在" + exp.Name; return(result); } result.Code = 1; result.Result = JsonHandle.toJson(list); result.ExpName = exp.Name; return(result); } } if (exp.Verification.Type == 2) { String newUrl = urlFormat(url); newUrl = newUrl + exp.Verification.Context; LoveCoody.handle.HttpHandle.HttpResult entity = HttpHandle.Get(newUrl, exp.ExpContext.Encode, exp.ExpContext.Header); if (entity.Code == 200) { result.Code = 0; result.Result = "不存在" + exp.Name; return(result); } result.Code = 1; result.Result = JsonHandle.toJson(exp.Verification.Context); result.ExpName = exp.Name; return(result); } ExpVerificationResult results = new ExpVerificationResult(); results.Code = 2; results.Result = "模块配置有误"; return(results); }