private void 导入数据ToolStripMenuItem1_Click(object sender, EventArgs e)
{
OpenFileDialog ofd = new OpenFileDialog();
if (ofd.ShowDialog() == DialogResult.OK)
{
if (ofd.FileName != "")
{
StreamReader sr = new StreamReader(ofd.FileName);
StringBuilder sb = new StringBuilder("");
while (true)
{
string line = sr.ReadLine();
if (line == null)
{
break;
}
if (line.Equals(""))
{
continue;
}
try
{
ExpModule exp = (ExpModule)JsonHandle.toBean <ExpModule>(line);
modifyExpInfo(exp, -1);
}
catch { }
}
sr.Close();
}
}
}
private void button1_Click(object sender, EventArgs e)
{
ExpModule exp = parseFormToExp();
parentMain.modifyExpInfo(exp, index);
this.Close();
}
private void checkAExp(Object index)
{
while (urlMappings.Count > 0)
{
BatchExps batchExp = null;
lock (base_lock)
{
batchExp = urlMappings.Dequeue();
}
if (batchExp == null)
{
continue;
}
try
{
String url = "";
if (BatchCheckListView.Items[batchExp.Index].ForeColor == Color.Green)
{
continue;
}
ExpModule exp = getExpByIndex(batchExp.ExpIndex);
url = BatchCheckListView.Items[batchExp.Index].SubItems[1].Text;
BatchCheckListView.Items[batchExp.Index].SubItems[3].Text = "检测" + exp.Name;
ExpVerificationResult result = ExpHandle.Verification(url, exp);
result.Index = batchExp.Index;
if (result.Code == 1)
{
BatchCheckListView.Items[result.Index].SubItems[3].Text = result.Result;
BatchCheckListView.Items[result.Index].SubItems[2].Text = result.ExpName;
BatchCheckListView.Items[result.Index].ForeColor = Color.Green;
successProsion++;
}
if (result.Code == 2)
{
continue;
}
}
catch { }
finally
{
try
{
lock (base_lock)
{
checkNum[batchExp.Index]++;
}
if (BatchCheckListView.Items[batchExp.Index].ForeColor != Color.Green)
{
if (checkNum[batchExp.Index] >= expLength)
{
BatchCheckListView.Items[batchExp.Index].ForeColor = Color.DarkGray;
BatchCheckListView.Items[batchExp.Index].SubItems[3].Text = "不存在漏洞";
}
}
}
catch { }
Thread.Sleep(1);
}
}
}
public void initLvi()
{
if (lvi == null)
{
for (int i = 0; i < parentMain.HeaderListview.Items.Count; i++)
{
addOrModifyHeader(parentMain.HeaderListview.Items[i].SubItems[0].Text, parentMain.HeaderListview.Items[i].SubItems[1].Text, -1);
}
return;
}
String expName = lvi.SubItems[1].Text;
String language = lvi.SubItems[2].Text;
String status = lvi.SubItems[5].Text;
ExpNameTextBox.Text = expName;
LanguafeComboBox.Text = language;
ExpStatusComboBox.Text = status;
//解析Header
String json = lvi.SubItems[3].Text;
ExpModule exp = (ExpModule)JsonHandle.toBean <ExpModule>(json);
if (exp == null)
{
return;
}
if (exp.ExpContext != null)
{
//解析Header
if (exp.ExpContext.Header != null)
{
foreach (String key in exp.ExpContext.Header.Keys)
{
ListViewItem lvitmp = new ListViewItem();
lvitmp.SubItems[0].Text = key;
lvitmp.SubItems.Add(exp.ExpContext.Header[key]);
HeaderListview.Items.Add(lvitmp);
}
}
BodyTextBox.Text = exp.ExpContext.Body;
EncodeComBox.Text = exp.ExpContext.Encode;
FormatUrlComboBox.Text = "否";
RequestMethodComboBox.Text = exp.ExpContext.Method;
if (exp.FormatUrl)
{
FormatUrlComboBox.Text = "是";
}
}
if (exp.Verification != null)
{
VerificationValueTextBox.Text = exp.Verification.Context;
CalcComboBox.Text = exp.Verification.Calc;
VerificationComboBox.Text = MainForm.verificationTypes[exp.Verification.Type];
}
}
private ExpModule parseFormToExp()
{
ExpModule exp = new ExpModule();
exp.Name = ExpNameTextBox.Text;
exp.Language = LanguafeComboBox.Text;
exp.Status = 1;
if (ExpStatusComboBox.Text.Equals("禁用"))
{
exp.Status = 0;
}
exp.FormatUrl = false;
if (FormatUrlComboBox.Text.Equals("是"))
{
exp.FormatUrl = true;
}
ExpVerification verification = new ExpVerification();
verification.Context = VerificationValueTextBox.Text;
foreach (Int32 key in MainForm.verificationTypes.Keys)
{
if (MainForm.verificationTypes[key].Equals(VerificationComboBox.Text))
{
verification.Type = key;
}
}
exp.Verification = verification;
exp.Verification.Calc = CalcComboBox.Text;
HttpModule expContext = new HttpModule();
Dictionary <String, String> headers = new Dictionary <string, string>();
for (int index = 0; index < HeaderListview.Items.Count; index++)
{
try {
headers.Add(HeaderListview.Items[index].SubItems[0].Text, HeaderListview.Items[index].SubItems[1].Text);
}
catch { }
}
expContext.Header = headers;
expContext.Encode = EncodeComBox.Text;
expContext.Body = BodyTextBox.Text;
if (!String.IsNullOrEmpty(expContext.Body))
{
if (ExpHandle.IsHexadecimal(expContext.Body))
{
expContext.IsHex = true;
}
}
expContext.Method = RequestMethodComboBox.Text;
exp.ExpContext = expContext;
return(exp);
}
private void loadConfig()
{
try
{
StreamReader sr = new StreamReader(System.Diagnostics.Process.GetCurrentProcess().ProcessName + ".conf", Encoding.Default);
String line;
StringBuilder configContext = new StringBuilder();
while ((line = sr.ReadLine()) != null)
{
configContext.AppendLine(line);
}
sr.Close();
CoodyConfig config = (CoodyConfig)JsonHandle.toBean <CoodyConfig>(configContext.ToString());
ThreadNumComboBox.Text = config.ThreadNum;
TimeOutComboBox.Text = config.TimeOut;
if (config.ExpListViews != null)
{
foreach (String[] lines in config.ExpListViews)
{
ListViewItem lvi = new ListViewItem();
lvi.SubItems[0].Text = Convert.ToString(ExpListView.Items.Count + 1);
lvi.SubItems.Add(lines[1]);
lvi.SubItems.Add(lines[2]);
lvi.SubItems.Add(lines[3]);
lvi.SubItems.Add(lines[4]);
lvi.SubItems.Add(lines[5]);
ExpListView.Items.Add(lvi);
}
}
if (config.HeaderListviews != null)
{
foreach (String[] lines in config.HeaderListviews)
{
addOrModifyHeader(lines[0], lines[1], -1);
}
}
}
catch { }
finally
{
if (ExpListView.Items.Count == 0)
{
String jsons = Properties.Resources.Struts2_exp;
String[] lines = jsons.Split(Environment.NewLine.ToCharArray());
foreach (String line in lines)
{
ExpModule exp = (ExpModule)JsonHandle.toBean <ExpModule>(line);
modifyExpInfo(exp, -1);
}
}
}
}
private ExpModule getExpByIndex(Int32 expIndex)
{
if (expDics.ContainsKey(expIndex))
{
return(expDics[expIndex]);
}
String expJson = ExpListView.Items[expIndex].SubItems[3].Text;
ExpModule exp = (ExpModule)JsonHandle.toBean <ExpModule>(expJson);
try { expDics.Add(expIndex, exp); }
catch { }
return(exp);
}
private static String getExpUnHexBody(ExpModule exp)
{
String key = exp.Language + "_" + exp.Name;
if (expBodyDics.ContainsKey(key))
{
return(expBodyDics[key]);
}
String body = Encoding.UTF8.GetString(hexStringToByte(exp.ExpContext.Body));
try {
expBodyDics.Add(key, body);
}
catch { }
return(body);
}
public void modifyExpInfo(ExpModule exp, Int32 index)
{
try
{
String configJson = JsonHandle.toJson(exp);
if (index == -1)
{
ListViewItem lvi = new ListViewItem();
lvi.SubItems[0].Text = Convert.ToString(ExpListView.Items.Count + 1);
lvi.SubItems.Add(exp.Name);
lvi.SubItems.Add(exp.Language);
lvi.SubItems.Add(configJson);
lvi.SubItems.Add(verificationTypes[exp.Verification.Type] + ":" + exp.Verification.Context);
lvi.SubItems.Add(exp.Status == 0 ? "禁用" : "启用");
for (int i = 0; i < ExpListView.Items.Count; i++)
{
if (ExpListView.Items[i].SubItems[1].Text.Equals(exp.Name))
{
ExpListView.Items[i] = lvi;
ExpListView.Update();
return;
}
}
ExpListView.Items.Add(lvi);
return;
}
ExpListView.Items[index].SubItems[0].Text = Convert.ToString(ExpListView.Items.Count + 1);
ExpListView.Items[index].SubItems[1].Text = exp.Name;
ExpListView.Items[index].SubItems[2].Text = exp.Language;
ExpListView.Items[index].SubItems[3].Text = configJson;
ExpListView.Items[index].SubItems[4].Text = (verificationTypes[exp.Verification.Type] + ":" + exp.Verification.Context);
ExpListView.Items[index].SubItems[5].Text = (exp.Status == 0 ? "禁用" : "启用");
return;
}
catch { }
finally
{
resetListViewIndex(ExpListView);
saveConfig();
}
}
private void checkExpForSign(object indexObj)
{
int index = (int)indexObj;
String url = UrlTextBox.Text;
String expJson = ScannerExpListView.Items[index].SubItems[5].Text;
ExpModule exp = (ExpModule)JsonHandle.toBean <ExpModule>(expJson);
ScannerExpListView.Items[index].SubItems[3].Text = "检测中";
try
{
ExpVerificationResult result = ExpHandle.Verification(url, exp);
ScannerExpListView.Items[index].SubItems[6].Text = result.Html;
if (!String.IsNullOrEmpty(result.Html))
{
ResultTextBox.Text = result.Html;
}
if (result.Code == 0)
{
ScannerExpListView.Items[index].SubItems[4].Text = result.Result;
ScannerExpListView.Items[index].ForeColor = Color.Red;
return;
}
if (result.Code == 1)
{
ScannerExpListView.Items[index].SubItems[4].Text = result.Result;
ScannerExpListView.Items[index].ForeColor = Color.Green;
}
if (result.Code == 2)
{
ScannerExpListView.Items[index].SubItems[4].Text = "连接失败";
ScannerExpListView.Items[index].ForeColor = Color.Red;
}
}
catch { }
finally
{
ScannerExpListView.Items[index].SubItems[3].Text = "检测完成";
}
}
public static ExpVerificationResult Verification(String url, ExpModule exp)
{
String method = exp.ExpContext.Method;
String body = exp.ExpContext.Body;
if (exp.ExpContext.IsHex)
{
body = getExpUnHexBody(exp);
}
LoveCoody.handle.HttpHandle.HttpResult httpEntity = HttpHandle.BaseConn(url, method, body, exp.ExpContext.Encode, exp.ExpContext.Header);
ExpVerificationResult result = new ExpVerificationResult();
if (httpEntity == null)
{
result.Code = 2;
result.Result = "连接失败";
return(result);
}
result.Html = httpEntity.Header + "\r\n" + httpEntity.Body;
if (exp.Verification.Type == 0)
{
if (httpEntity.Code != Convert.ToInt32(exp.Verification.Context))
{
result.Code = 0;
result.Result = "不存在" + exp.Name;
return(result);
}
result.Code = 1;
result.Result = "存在" + exp.Name;
result.ExpName = exp.Name;
return(result);
}
if (exp.Verification.Type == 1)
{
if (exp.Verification.Calc.Equals("等于"))
{
String resultBody = httpEntity.Body;
String value = exp.Verification.Context.Trim();
if (!resultBody.ToLower().Equals(value.ToLower()))
{
result.Code = 0;
result.Result = "不存在" + exp.Name;
return(result);
}
result.Code = 1;
result.Result = resultBody;
result.ExpName = exp.Name;
return(result);
}
if (exp.Verification.Calc.Equals("包含"))
{
if (!result.Html.ToLower().Contains(exp.Verification.Context.ToLower().Trim()))
{
result.Code = 0;
result.Result = "不存在" + exp.Name;
return(result);
}
result.Code = 1;
result.Result = exp.Verification.Context;
result.ExpName = exp.Name;
return(result);
}
if (exp.Verification.Calc.Equals("匹配"))
{
List <String> list = matchExport(result.Html, new Regex(exp.Verification.Context), new Uri(url).Host);
if (list == null || list.Count == 0)
{
result.Code = 0;
result.Result = "不存在" + exp.Name;
return(result);
}
result.Code = 1;
result.Result = JsonHandle.toJson(list);
result.ExpName = exp.Name;
return(result);
}
}
if (exp.Verification.Type == 2)
{
String newUrl = urlFormat(url);
newUrl = newUrl + exp.Verification.Context;
LoveCoody.handle.HttpHandle.HttpResult entity = HttpHandle.Get(newUrl, exp.ExpContext.Encode, exp.ExpContext.Header);
if (entity.Code == 200)
{
result.Code = 0;
result.Result = "不存在" + exp.Name;
return(result);
}
result.Code = 1;
result.Result = JsonHandle.toJson(exp.Verification.Context);
result.ExpName = exp.Name;
return(result);
}
ExpVerificationResult results = new ExpVerificationResult();
results.Code = 2;
results.Result = "模块配置有误";
return(results);
}
