Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
5419d4a679 | ||
|
|
ae8cb2fd25 | ||
|
|
5b6bdbe5b6 | ||
|
|
ddb08e9a6e | ||
|
|
6a2f289d57 |
@@ -12,9 +12,14 @@
|
|||||||
|
|
||||||
> 随着现代化Web应用采用前后端分离的开发模式,日常漏洞挖掘的过程中,捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用,会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**,借助HaE,您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。
|
> 随着现代化Web应用采用前后端分离的开发模式,日常漏洞挖掘的过程中,捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用,会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**,借助HaE,您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。
|
||||||
|
|
||||||
|
GitHub项目地址:https://github.com/gh0stkey/HaE
|
||||||
|
|
||||||
|
GitCode项目地址:https://gitcode.com/gh0stkey/HaE
|
||||||
|
|
||||||
**所获荣誉**:
|
**所获荣誉**:
|
||||||
|
|
||||||
1. [入选2022年KCon兵器谱](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
|
1. [入选2022年KCon兵器谱](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
|
||||||
|
2. [入选GitCode G-Star项目](https://gitcode.com/gh0stkey/HaE)
|
||||||
|
|
||||||
**注意事项**:
|
**注意事项**:
|
||||||
|
|
||||||
|
|||||||
@@ -22,6 +22,8 @@ dependencies {
|
|||||||
implementation 'org.yaml:snakeyaml:2.0'
|
implementation 'org.yaml:snakeyaml:2.0'
|
||||||
implementation 'dk.brics.automaton:automaton:1.11-8'
|
implementation 'dk.brics.automaton:automaton:1.11-8'
|
||||||
implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
|
implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
|
||||||
|
implementation 'com.google.code.gson:gson:2.11.0'
|
||||||
|
implementation 'com.squareup.okhttp3:okhttp:4.12.0'
|
||||||
}
|
}
|
||||||
|
|
||||||
test {
|
test {
|
||||||
|
|||||||
@@ -12,6 +12,8 @@ public class Config {
|
|||||||
|
|
||||||
public static String status = "404";
|
public static String status = "404";
|
||||||
|
|
||||||
|
public static String size = "0";
|
||||||
|
|
||||||
public static String boundary = "\n\t\n";
|
public static String boundary = "\n\t\n";
|
||||||
|
|
||||||
public static String[] scope = new String[]{
|
public static String[] scope = new String[]{
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ public class HaE implements BurpExtension {
|
|||||||
@Override
|
@Override
|
||||||
public void initialize(MontoyaApi api) {
|
public void initialize(MontoyaApi api) {
|
||||||
// 设置扩展名称
|
// 设置扩展名称
|
||||||
String version = "3.3.2";
|
String version = "3.3.3";
|
||||||
api.extension().setName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
api.extension().setName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
||||||
|
|
||||||
// 加载扩展后输出的项目信息
|
// 加载扩展后输出的项目信息
|
||||||
@@ -30,7 +30,7 @@ public class HaE implements BurpExtension {
|
|||||||
// 配置文件加载
|
// 配置文件加载
|
||||||
ConfigLoader configLoader = new ConfigLoader(api);
|
ConfigLoader configLoader = new ConfigLoader(api);
|
||||||
|
|
||||||
MessageTableModel messageTableModel = new MessageTableModel(api);
|
MessageTableModel messageTableModel = new MessageTableModel(api, configLoader);
|
||||||
|
|
||||||
// 注册Tab页(用于查询数据)
|
// 注册Tab页(用于查询数据)
|
||||||
api.userInterface().registerSuiteTab("HaE", new Main(api, configLoader, messageTableModel));
|
api.userInterface().registerSuiteTab("HaE", new Main(api, configLoader, messageTableModel));
|
||||||
|
|||||||
@@ -66,7 +66,7 @@ public class Config extends JPanel {
|
|||||||
constraints.gridx = 1;
|
constraints.gridx = 1;
|
||||||
JTabbedPane configTabbedPanel = new JTabbedPane();
|
JTabbedPane configTabbedPanel = new JTabbedPane();
|
||||||
|
|
||||||
String[] settingMode = new String[]{"Exclude suffix", "Block host", "Exclude status"};
|
String[] settingMode = new String[]{"Exclude suffix", "Block host", "Exclude status", "Limit size (MB)"};
|
||||||
JPanel settingPanel = createConfigTablePanel(settingMode, "Setting");
|
JPanel settingPanel = createConfigTablePanel(settingMode, "Setting");
|
||||||
JPanel scopePanel = getScopePanel();
|
JPanel scopePanel = getScopePanel();
|
||||||
JScrollPane scopeScrollPane = new JScrollPane(scopePanel);
|
JScrollPane scopeScrollPane = new JScrollPane(scopePanel);
|
||||||
@@ -153,6 +153,13 @@ public class Config extends JPanel {
|
|||||||
configLoader.setExcludeStatus(values);
|
configLoader.setExcludeStatus(values);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (selected.contains("Limit size")) {
|
||||||
|
if (!values.equals(configLoader.getExcludeStatus()) && !values.isEmpty()) {
|
||||||
|
String[] limit = values.split("\\|");
|
||||||
|
configLoader.setLimitSize(limit[limit.length - 1]);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -175,6 +182,10 @@ public class Config extends JPanel {
|
|||||||
if (selected.equals("Exclude status")) {
|
if (selected.equals("Exclude status")) {
|
||||||
addDataToTable(configLoader.getExcludeStatus().replaceAll("\\|", "\r\n"), model);
|
addDataToTable(configLoader.getExcludeStatus().replaceAll("\\|", "\r\n"), model);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (selected.contains("Limit size")) {
|
||||||
|
addDataToTable(configLoader.getLimitSize(), model);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -279,13 +290,13 @@ public class Config extends JPanel {
|
|||||||
settingPanel.add(inputPanel, BorderLayout.CENTER);
|
settingPanel.add(inputPanel, BorderLayout.CENTER);
|
||||||
|
|
||||||
|
|
||||||
addButton.addActionListener(e -> addActionPerformed(e, model, addTextField));
|
addButton.addActionListener(e -> addActionPerformed(e, model, addTextField, setTypeComboBox.getSelectedItem().toString()));
|
||||||
|
|
||||||
addTextField.addKeyListener(new KeyAdapter() {
|
addTextField.addKeyListener(new KeyAdapter() {
|
||||||
@Override
|
@Override
|
||||||
public void keyPressed(KeyEvent e) {
|
public void keyPressed(KeyEvent e) {
|
||||||
if (e.getKeyCode() == KeyEvent.VK_ENTER) {
|
if (e.getKeyCode() == KeyEvent.VK_ENTER) {
|
||||||
addActionPerformed(null, model, addTextField);
|
addActionPerformed(null, model, addTextField, setTypeComboBox.getSelectedItem().toString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
@@ -294,7 +305,9 @@ public class Config extends JPanel {
|
|||||||
Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();
|
Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();
|
||||||
try {
|
try {
|
||||||
String data = (String) clipboard.getData(DataFlavor.stringFlavor);
|
String data = (String) clipboard.getData(DataFlavor.stringFlavor);
|
||||||
|
if (setTypeComboBox.getSelectedItem().toString().contains("Limit size")) {
|
||||||
|
model.setRowCount(0);
|
||||||
|
}
|
||||||
if (data != null && !data.isEmpty()) {
|
if (data != null && !data.isEmpty()) {
|
||||||
addDataToTable(data, model);
|
addDataToTable(data, model);
|
||||||
}
|
}
|
||||||
@@ -385,13 +398,16 @@ public class Config extends JPanel {
|
|||||||
configLoader.setScope(String.join("|", HaEScope));
|
configLoader.setScope(String.join("|", HaEScope));
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addActionPerformed(ActionEvent e, DefaultTableModel model, JTextField addTextField) {
|
private void addActionPerformed(ActionEvent e, DefaultTableModel model, JTextField addTextField, String comboBoxSelected) {
|
||||||
String addTextFieldText = addTextField.getText();
|
String addTextFieldText = addTextField.getText();
|
||||||
if (!addTextFieldText.equals(defaultText)) {
|
if (addTextField.getForeground().equals(Color.BLACK)) {
|
||||||
|
if (comboBoxSelected.contains("Limit size")) {
|
||||||
|
model.setRowCount(0);
|
||||||
|
}
|
||||||
addDataToTable(addTextFieldText, model);
|
addDataToTable(addTextFieldText, model);
|
||||||
|
addTextField.setText("");
|
||||||
|
addTextField.requestFocusInWindow();
|
||||||
}
|
}
|
||||||
addTextField.setText("");
|
|
||||||
addTextField.requestFocusInWindow();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void onlineUpdateActionPerformed(ActionEvent e) {
|
private void onlineUpdateActionPerformed(ActionEvent e) {
|
||||||
|
|||||||
@@ -419,8 +419,8 @@ public class Databoard extends JPanel {
|
|||||||
JTable taskStatusTable = new JTable(taskStatusTableModel);
|
JTable taskStatusTable = new JTable(taskStatusTableModel);
|
||||||
|
|
||||||
for (Object[] data : dataList) {
|
for (Object[] data : dataList) {
|
||||||
int rowCount = taskStatusTable.getRowCount();
|
int rowCount = taskStatusTableModel.getRowCount();
|
||||||
int id = rowCount > 0 ? (Integer) taskStatusTable.getValueAt(rowCount - 1, 0) + 1 : 1;
|
int id = rowCount > 0 ? (Integer) taskStatusTableModel.getValueAt(rowCount - 1, 0) + 1 : 1;
|
||||||
Object[] rowData = new Object[data.length + 1];
|
Object[] rowData = new Object[data.length + 1];
|
||||||
rowData[0] = id;
|
rowData[0] = id;
|
||||||
System.arraycopy(data, 0, rowData, 1, data.length);
|
System.arraycopy(data, 0, rowData, 1, data.length);
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
package hae.component.board.message;
|
package hae.component.board.message;
|
||||||
|
|
||||||
import burp.api.montoya.MontoyaApi;
|
import burp.api.montoya.MontoyaApi;
|
||||||
import burp.api.montoya.core.ByteArray;
|
|
||||||
import burp.api.montoya.http.message.HttpHeader;
|
import burp.api.montoya.http.message.HttpHeader;
|
||||||
import burp.api.montoya.http.message.HttpRequestResponse;
|
import burp.api.montoya.http.message.HttpRequestResponse;
|
||||||
import burp.api.montoya.http.message.requests.HttpRequest;
|
import burp.api.montoya.http.message.requests.HttpRequest;
|
||||||
@@ -11,6 +10,7 @@ import burp.api.montoya.ui.editor.HttpRequestEditor;
|
|||||||
import burp.api.montoya.ui.editor.HttpResponseEditor;
|
import burp.api.montoya.ui.editor.HttpResponseEditor;
|
||||||
import hae.Config;
|
import hae.Config;
|
||||||
import hae.cache.CachePool;
|
import hae.cache.CachePool;
|
||||||
|
import hae.utils.ConfigLoader;
|
||||||
import hae.utils.project.FileProcessor;
|
import hae.utils.project.FileProcessor;
|
||||||
import hae.utils.string.HashCalculator;
|
import hae.utils.string.HashCalculator;
|
||||||
import hae.utils.string.StringProcessor;
|
import hae.utils.string.StringProcessor;
|
||||||
@@ -23,6 +23,8 @@ import javax.swing.table.TableRowSorter;
|
|||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
import java.util.concurrent.ExecutorService;
|
||||||
|
import java.util.concurrent.Executors;
|
||||||
import java.util.concurrent.atomic.AtomicBoolean;
|
import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
@@ -30,15 +32,17 @@ import static burp.api.montoya.ui.editor.EditorOptions.READ_ONLY;
|
|||||||
|
|
||||||
public class MessageTableModel extends AbstractTableModel {
|
public class MessageTableModel extends AbstractTableModel {
|
||||||
private final MontoyaApi api;
|
private final MontoyaApi api;
|
||||||
|
private final ConfigLoader configLoader;
|
||||||
private final MessageTable messageTable;
|
private final MessageTable messageTable;
|
||||||
private final JSplitPane splitPane;
|
private final JSplitPane splitPane;
|
||||||
private final LinkedList<MessageEntry> log = new LinkedList<>();
|
private final LinkedList<MessageEntry> log = new LinkedList<>();
|
||||||
private final LinkedList<MessageEntry> filteredLog;
|
private final LinkedList<MessageEntry> filteredLog;
|
||||||
private SwingWorker<Void, Void> currentWorker;
|
private SwingWorker<Void, Void> currentWorker;
|
||||||
|
|
||||||
public MessageTableModel(MontoyaApi api) {
|
public MessageTableModel(MontoyaApi api, ConfigLoader configLoader) {
|
||||||
this.filteredLog = new LinkedList<>();
|
this.filteredLog = new LinkedList<>();
|
||||||
this.api = api;
|
this.api = api;
|
||||||
|
this.configLoader = configLoader;
|
||||||
|
|
||||||
JTabbedPane messageTab = new JTabbedPane();
|
JTabbedPane messageTab = new JTabbedPane();
|
||||||
UserInterface userInterface = api.userInterface();
|
UserInterface userInterface = api.userInterface();
|
||||||
@@ -435,7 +439,7 @@ public class MessageTableModel extends AbstractTableModel {
|
|||||||
|
|
||||||
public class MessageTable extends JTable {
|
public class MessageTable extends JTable {
|
||||||
private MessageEntry messageEntry;
|
private MessageEntry messageEntry;
|
||||||
private SwingWorker<ByteArray[], Void> currentWorker;
|
private final ExecutorService executorService;
|
||||||
private int lastSelectedIndex = -1;
|
private int lastSelectedIndex = -1;
|
||||||
private final HttpRequestEditor requestEditor;
|
private final HttpRequestEditor requestEditor;
|
||||||
private final HttpResponseEditor responseEditor;
|
private final HttpResponseEditor responseEditor;
|
||||||
@@ -444,52 +448,31 @@ public class MessageTableModel extends AbstractTableModel {
|
|||||||
super(messageTableModel);
|
super(messageTableModel);
|
||||||
this.requestEditor = requestEditor;
|
this.requestEditor = requestEditor;
|
||||||
this.responseEditor = responseEditor;
|
this.responseEditor = responseEditor;
|
||||||
|
this.executorService = Executors.newSingleThreadExecutor();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void changeSelection(int row, int col, boolean toggle, boolean extend) {
|
public void changeSelection(int row, int col, boolean toggle, boolean extend) {
|
||||||
super.changeSelection(row, col, toggle, extend);
|
super.changeSelection(row, col, toggle, extend);
|
||||||
|
int selectedIndex = convertRowIndexToModel(row);
|
||||||
if (currentWorker != null && !currentWorker.isDone()) {
|
if (lastSelectedIndex != selectedIndex) {
|
||||||
currentWorker.cancel(true);
|
lastSelectedIndex = selectedIndex;
|
||||||
|
executorService.execute(this::getSelectedMessage);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
currentWorker = new SwingWorker<>() {
|
private void getSelectedMessage() {
|
||||||
@Override
|
messageEntry = filteredLog.get(lastSelectedIndex);
|
||||||
protected ByteArray[] doInBackground() {
|
|
||||||
int selectedIndex = convertRowIndexToModel(row);
|
|
||||||
if (lastSelectedIndex != selectedIndex) {
|
|
||||||
lastSelectedIndex = selectedIndex;
|
|
||||||
messageEntry = filteredLog.get(selectedIndex);
|
|
||||||
|
|
||||||
HttpRequestResponse httpRequestResponse = messageEntry.getRequestResponse();
|
HttpRequestResponse httpRequestResponse = messageEntry.getRequestResponse();
|
||||||
|
|
||||||
ByteArray requestByte = httpRequestResponse.request().toByteArray();
|
requestEditor.setRequest(HttpRequest.httpRequest(messageEntry.getRequestResponse().httpService(), httpRequestResponse.request().toByteArray()));
|
||||||
ByteArray responseByte = httpRequestResponse.response().toByteArray();
|
int responseSizeWithMb = httpRequestResponse.response().toString().length() / 1024 / 1024;
|
||||||
|
if ((responseSizeWithMb < Integer.parseInt(configLoader.getLimitSize())) || configLoader.getLimitSize().equals("0")) {
|
||||||
ByteArray[] httpByteArray = new ByteArray[2];
|
responseEditor.setResponse(httpRequestResponse.response());
|
||||||
httpByteArray[0] = requestByte;
|
} else {
|
||||||
httpByteArray[1] = responseByte;
|
responseEditor.setResponse(HttpResponse.httpResponse("Exceeds length limit."));
|
||||||
return httpByteArray;
|
}
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void done() {
|
|
||||||
try {
|
|
||||||
ByteArray[] retByteArray = get();
|
|
||||||
if (retByteArray != null) {
|
|
||||||
requestEditor.setRequest(HttpRequest.httpRequest(messageEntry.getRequestResponse().httpService(), retByteArray[0]));
|
|
||||||
responseEditor.setResponse(HttpResponse.httpResponse(retByteArray[1]));
|
|
||||||
}
|
|
||||||
} catch (Exception ignored) {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
currentWorker.execute();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ import java.awt.event.ActionEvent;
|
|||||||
import java.awt.event.MouseAdapter;
|
import java.awt.event.MouseAdapter;
|
||||||
import java.awt.event.MouseEvent;
|
import java.awt.event.MouseEvent;
|
||||||
import java.lang.reflect.Type;
|
import java.lang.reflect.Type;
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.Comparator;
|
import java.util.Comparator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@@ -34,6 +35,7 @@ public class Datatable extends JPanel {
|
|||||||
private final JTable dataTable;
|
private final JTable dataTable;
|
||||||
private final DefaultTableModel dataTableModel;
|
private final DefaultTableModel dataTableModel;
|
||||||
private final JTextField searchField;
|
private final JTextField searchField;
|
||||||
|
private final JTextField secondSearchField;
|
||||||
private final TableRowSorter<DefaultTableModel> sorter;
|
private final TableRowSorter<DefaultTableModel> sorter;
|
||||||
private final JCheckBox searchMode = new JCheckBox("Reverse search");
|
private final JCheckBox searchMode = new JCheckBox("Reverse search");
|
||||||
private final String tabName;
|
private final String tabName;
|
||||||
@@ -52,7 +54,8 @@ public class Datatable extends JPanel {
|
|||||||
|
|
||||||
this.dataTable = new JTable(dataTableModel);
|
this.dataTable = new JTable(dataTableModel);
|
||||||
this.sorter = new TableRowSorter<>(dataTableModel);
|
this.sorter = new TableRowSorter<>(dataTableModel);
|
||||||
this.searchField = new JTextField();
|
this.searchField = new JTextField(10);
|
||||||
|
this.secondSearchField = new JTextField(10);
|
||||||
this.aiEmpoweredMenu = new JPopupMenu();
|
this.aiEmpoweredMenu = new JPopupMenu();
|
||||||
this.footerPanel = new JPanel(new BorderLayout(0, 5));
|
this.footerPanel = new JPanel(new BorderLayout(0, 5));
|
||||||
|
|
||||||
@@ -80,11 +83,7 @@ public class Datatable extends JPanel {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// 设置灰色默认文本
|
UIEnhancer.setTextFieldPlaceholder(searchField, "Search");
|
||||||
String searchText = "Search";
|
|
||||||
UIEnhancer.setTextFieldPlaceholder(searchField, searchText);
|
|
||||||
|
|
||||||
// 监听输入框内容输入、更新、删除
|
|
||||||
searchField.getDocument().addDocumentListener(new DocumentListener() {
|
searchField.getDocument().addDocumentListener(new DocumentListener() {
|
||||||
@Override
|
@Override
|
||||||
public void insertUpdate(DocumentEvent e) {
|
public void insertUpdate(DocumentEvent e) {
|
||||||
@@ -103,6 +102,25 @@ public class Datatable extends JPanel {
|
|||||||
|
|
||||||
});
|
});
|
||||||
|
|
||||||
|
UIEnhancer.setTextFieldPlaceholder(secondSearchField, "Second search");
|
||||||
|
secondSearchField.getDocument().addDocumentListener(new DocumentListener() {
|
||||||
|
@Override
|
||||||
|
public void insertUpdate(DocumentEvent e) {
|
||||||
|
performSearch();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void removeUpdate(DocumentEvent e) {
|
||||||
|
performSearch();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void changedUpdate(DocumentEvent e) {
|
||||||
|
performSearch();
|
||||||
|
}
|
||||||
|
|
||||||
|
});
|
||||||
|
|
||||||
// 设置布局
|
// 设置布局
|
||||||
JScrollPane scrollPane = new JScrollPane(dataTable);
|
JScrollPane scrollPane = new JScrollPane(dataTable);
|
||||||
scrollPane.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS);
|
scrollPane.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS);
|
||||||
@@ -162,6 +180,8 @@ public class Datatable extends JPanel {
|
|||||||
optionsPanel.add(Box.createHorizontalStrut(5));
|
optionsPanel.add(Box.createHorizontalStrut(5));
|
||||||
optionsPanel.add(searchField);
|
optionsPanel.add(searchField);
|
||||||
optionsPanel.add(Box.createHorizontalStrut(5));
|
optionsPanel.add(Box.createHorizontalStrut(5));
|
||||||
|
optionsPanel.add(secondSearchField);
|
||||||
|
optionsPanel.add(Box.createHorizontalStrut(5));
|
||||||
optionsPanel.add(aiEmpoweredButton);
|
optionsPanel.add(aiEmpoweredButton);
|
||||||
|
|
||||||
footerPanel.setBorder(BorderFactory.createEmptyBorder(2, 3, 5, 3));
|
footerPanel.setBorder(BorderFactory.createEmptyBorder(2, 3, 5, 3));
|
||||||
@@ -252,29 +272,61 @@ public class Datatable extends JPanel {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void performSearch() {
|
private void performSearch() {
|
||||||
|
RowFilter<Object, Object> firstRowFilter = applyFirstSearchFilter();
|
||||||
|
RowFilter<Object, Object> secondRowFilter = applySecondFilter();
|
||||||
if (searchField.getForeground().equals(Color.BLACK)) {
|
if (searchField.getForeground().equals(Color.BLACK)) {
|
||||||
RowFilter<Object, Object> rowFilter = new RowFilter<Object, Object>() {
|
sorter.setRowFilter(firstRowFilter);
|
||||||
public boolean include(Entry<?, ?> entry) {
|
if (secondSearchField.getForeground().equals(Color.BLACK)) {
|
||||||
String searchFieldTextText = searchField.getText();
|
List<RowFilter<Object, Object>> filters = new ArrayList<>();
|
||||||
Pattern pattern = null;
|
filters.add(firstRowFilter);
|
||||||
try {
|
filters.add(secondRowFilter);
|
||||||
pattern = Pattern.compile(searchFieldTextText, Pattern.CASE_INSENSITIVE);
|
sorter.setRowFilter(RowFilter.andFilter(filters));
|
||||||
} catch (Exception ignored) {
|
}
|
||||||
}
|
|
||||||
|
|
||||||
String entryValue = ((String) entry.getValue(1)).toLowerCase();
|
|
||||||
searchFieldTextText = searchFieldTextText.toLowerCase();
|
|
||||||
if (pattern != null) {
|
|
||||||
return searchFieldTextText.isEmpty() || pattern.matcher(entryValue).find() != searchMode.isSelected();
|
|
||||||
} else {
|
|
||||||
return searchFieldTextText.isEmpty() || entryValue.contains(searchFieldTextText) != searchMode.isSelected();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
sorter.setRowFilter(rowFilter);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private RowFilter<Object, Object> applyFirstSearchFilter() {
|
||||||
|
return new RowFilter<Object, Object>() {
|
||||||
|
public boolean include(Entry<?, ?> entry) {
|
||||||
|
String searchFieldTextText = searchField.getText();
|
||||||
|
Pattern pattern = null;
|
||||||
|
try {
|
||||||
|
pattern = Pattern.compile(searchFieldTextText, Pattern.CASE_INSENSITIVE);
|
||||||
|
} catch (Exception ignored) {
|
||||||
|
}
|
||||||
|
|
||||||
|
String entryValue = ((String) entry.getValue(1)).toLowerCase();
|
||||||
|
searchFieldTextText = searchFieldTextText.toLowerCase();
|
||||||
|
if (pattern != null) {
|
||||||
|
return searchFieldTextText.isEmpty() || pattern.matcher(entryValue).find() != searchMode.isSelected();
|
||||||
|
} else {
|
||||||
|
return searchFieldTextText.isEmpty() || entryValue.contains(searchFieldTextText) != searchMode.isSelected();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
private RowFilter<Object, Object> applySecondFilter() {
|
||||||
|
return new RowFilter<Object, Object>() {
|
||||||
|
public boolean include(Entry<?, ?> entry) {
|
||||||
|
String searchFieldTextText = secondSearchField.getText();
|
||||||
|
Pattern pattern = null;
|
||||||
|
try {
|
||||||
|
pattern = Pattern.compile(searchFieldTextText, Pattern.CASE_INSENSITIVE);
|
||||||
|
} catch (Exception ignored) {
|
||||||
|
}
|
||||||
|
|
||||||
|
String entryValue = ((String) entry.getValue(1)).toLowerCase();
|
||||||
|
searchFieldTextText = searchFieldTextText.toLowerCase();
|
||||||
|
if (pattern != null) {
|
||||||
|
return searchFieldTextText.isEmpty() || pattern.matcher(entryValue).find();
|
||||||
|
} else {
|
||||||
|
return searchFieldTextText.isEmpty() || entryValue.contains(searchFieldTextText);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
public void setTableListener(MessageTableModel messagePanel) {
|
public void setTableListener(MessageTableModel messagePanel) {
|
||||||
// 表格复制功能
|
// 表格复制功能
|
||||||
dataTable.setTransferHandler(new TransferHandler() {
|
dataTable.setTransferHandler(new TransferHandler() {
|
||||||
|
|||||||
@@ -80,6 +80,7 @@ public class ConfigLoader {
|
|||||||
r.put("ExcludeSuffix", getExcludeSuffix());
|
r.put("ExcludeSuffix", getExcludeSuffix());
|
||||||
r.put("BlockHost", getBlockHost());
|
r.put("BlockHost", getBlockHost());
|
||||||
r.put("ExcludeStatus", getExcludeStatus());
|
r.put("ExcludeStatus", getExcludeStatus());
|
||||||
|
r.put("LimitSize", getLimitSize());
|
||||||
r.put("HaEScope", getScope());
|
r.put("HaEScope", getScope());
|
||||||
try {
|
try {
|
||||||
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8);
|
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8);
|
||||||
@@ -160,6 +161,10 @@ public class ConfigLoader {
|
|||||||
return getValueFromConfig("ExcludeStatus", Config.status);
|
return getValueFromConfig("ExcludeStatus", Config.status);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getLimitSize() {
|
||||||
|
return getValueFromConfig("LimitSize", Config.size);
|
||||||
|
}
|
||||||
|
|
||||||
public String getScope() {
|
public String getScope() {
|
||||||
return getValueFromConfig("HaEScope", Config.scopeOptions);
|
return getValueFromConfig("HaEScope", Config.scopeOptions);
|
||||||
}
|
}
|
||||||
@@ -206,6 +211,10 @@ public class ConfigLoader {
|
|||||||
setValueToConfig("ExcludeStatus", status);
|
setValueToConfig("ExcludeStatus", status);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setLimitSize(String size) {
|
||||||
|
setValueToConfig("LimitSize", size);
|
||||||
|
}
|
||||||
|
|
||||||
public void setScope(String scope) {
|
public void setScope(String scope) {
|
||||||
setValueToConfig("HaEScope", scope);
|
setValueToConfig("HaEScope", scope);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,284 +1,284 @@
|
|||||||
rules:
|
rules:
|
||||||
- group: Fingerprint
|
- group: Fingerprint
|
||||||
rule:
|
rule:
|
||||||
- name: Shiro
|
- name: Shiro
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (=deleteMe|rememberMe=)
|
f_regex: (=deleteMe|rememberMe=)
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: green
|
color: green
|
||||||
scope: any header
|
scope: any header
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: true
|
sensitive: true
|
||||||
- name: JSON Web Token
|
- name: JSON Web Token
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9._-]{10,}|eyJ[A-Za-z0-9_\/+-]{10,}\.[A-Za-z0-9._\/+-]{10,})
|
f_regex: (eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9._-]{10,}|eyJ[A-Za-z0-9_\/+-]{10,}\.[A-Za-z0-9._\/+-]{10,})
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: green
|
color: green
|
||||||
scope: any
|
scope: any
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: true
|
sensitive: true
|
||||||
- name: Swagger UI
|
- name: Swagger UI
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((swagger-ui.html)|(\"swagger\":)|(Swagger UI)|(swaggerUi)|(swaggerVersion))
|
f_regex: ((swagger-ui.html)|(\"swagger\":)|(Swagger UI)|(swaggerUi)|(swaggerVersion))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: red
|
color: red
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Ueditor
|
- name: Ueditor
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (ueditor\.(config|all)\.js)
|
f_regex: (ueditor\.(config|all)\.js)
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: green
|
color: green
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Druid
|
- name: Druid
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (Druid Stat Index)
|
f_regex: (Druid Stat Index)
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: orange
|
color: orange
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- group: Maybe Vulnerability
|
- group: Maybe Vulnerability
|
||||||
rule:
|
rule:
|
||||||
- name: Java Deserialization
|
- name: Java Deserialization
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (javax\.faces\.ViewState)
|
f_regex: (javax\.faces\.ViewState)
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Debug Logic Parameters
|
- name: Debug Logic Parameters
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((access=)|(adm=)|(admin=)|(alter=)|(cfg=)|(clone=)|(config=)|(create=)|(dbg=)|(debug=)|(delete=)|(disable=)|(edit=)|(enable=)|(exec=)|(execute=)|(grant=)|(load=)|(make=)|(modify=)|(rename=)|(reset=)|(root=)|(shell=)|(test=)|(toggl=))
|
f_regex: ((access=)|(adm=)|(admin=)|(alter=)|(cfg=)|(clone=)|(config=)|(create=)|(dbg=)|(debug=)|(delete=)|(disable=)|(edit=)|(enable=)|(exec=)|(execute=)|(grant=)|(load=)|(make=)|(modify=)|(rename=)|(reset=)|(root=)|(shell=)|(test=)|(toggl=))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: cyan
|
color: cyan
|
||||||
scope: request
|
scope: request
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: URL As A Value
|
- name: URL As A Value
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (=(https?)(://|%3a%2f%2f))
|
f_regex: (=(https?)(://|%3a%2f%2f))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: cyan
|
color: cyan
|
||||||
scope: any
|
scope: any
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Upload Form
|
- name: Upload Form
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (type\=\"file\")
|
f_regex: (type\=\"file\")
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: DoS Paramters
|
- name: DoS Paramters
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((size=)|(page=)|(num=)|(limit=)|(start=)|(end=)|(count=))
|
f_regex: ((size=)|(page=)|(num=)|(limit=)|(start=)|(end=)|(count=))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: cyan
|
color: cyan
|
||||||
scope: request
|
scope: request
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- group: Basic Information
|
- group: Basic Information
|
||||||
rule:
|
rule:
|
||||||
- name: Email
|
- name: Email
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (([a-z0-9]+[_|\.])*[a-z0-9]+@([a-z0-9]+[-|_|\.])*[a-z0-9]+\.((?!js|css|jpg|jpeg|png|ico)[a-z]{2,5}))
|
f_regex: (([a-z0-9]+[_|\.])*[a-z0-9]+@([a-z0-9]+[-|_|\.])*[a-z0-9]+\.((?!js|css|jpg|jpeg|png|ico)[a-z]{2,5}))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: response
|
scope: response
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Chinese IDCard
|
- name: Chinese IDCard
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: '[^0-9]((\d{8}(0\d|10|11|12)([0-2]\d|30|31)\d{3}$)|(\d{6}(18|19|20)\d{2}(0[1-9]|10|11|12)([0-2]\d|30|31)\d{3}(\d|X|x)))[^0-9]'
|
f_regex: '[^0-9]((\d{8}(0\d|10|11|12)([0-2]\d|30|31)\d{3}$)|(\d{6}(18|19|20)\d{2}(0[1-9]|10|11|12)([0-2]\d|30|31)\d{3}(\d|X|x)))[^0-9]'
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: orange
|
color: orange
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: true
|
sensitive: true
|
||||||
- name: Chinese Mobile Number
|
- name: Chinese Mobile Number
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: '[^\w]((?:(?:\+|00)86)?1(?:(?:3[\d])|(?:4[5-79])|(?:5[0-35-9])|(?:6[5-7])|(?:7[0-8])|(?:8[\d])|(?:9[189]))\d{8})[^\w]'
|
f_regex: '[^\w]((?:(?:\+|00)86)?1(?:(?:3[\d])|(?:4[5-79])|(?:5[0-35-9])|(?:6[5-7])|(?:7[0-8])|(?:8[\d])|(?:9[189]))\d{8})[^\w]'
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: orange
|
color: orange
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Internal IP Address
|
- name: Internal IP Address
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: '[^0-9]((127\.0\.0\.1)|(10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(172\.((1[6-9])|(2\d)|(3[01]))\.\d{1,3}\.\d{1,3})|(192\.168\.\d{1,3}\.\d{1,3}))'
|
f_regex: '[^0-9]((127\.0\.0\.1)|(10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(172\.((1[6-9])|(2\d)|(3[01]))\.\d{1,3}\.\d{1,3})|(192\.168\.\d{1,3}\.\d{1,3}))'
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: cyan
|
color: cyan
|
||||||
scope: response
|
scope: response
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: true
|
sensitive: true
|
||||||
- name: MAC Address
|
- name: MAC Address
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (^([a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){5})|[^a-zA-Z0-9]([a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){5}))
|
f_regex: (^([a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){5})|[^a-zA-Z0-9]([a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){5}))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: green
|
color: green
|
||||||
scope: response
|
scope: response
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: true
|
sensitive: true
|
||||||
- group: Sensitive Information
|
- group: Sensitive Information
|
||||||
rule:
|
rule:
|
||||||
- name: Cloud Key
|
- name: Cloud Key
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (((access)(|-|_)(key)(|-|_)(id|secret))|(LTAI[a-z0-9]{12,20}))
|
f_regex: (((access)(|-|_)(key)(|-|_)(id|secret))|(LTAI[a-z0-9]{12,20}))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: any
|
scope: any
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Windows File/Dir Path
|
- name: Windows File/Dir Path
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: '[^\w](([a-zA-Z]:\\(?:\w+\\?)*)|([a-zA-Z]:\\(?:\w+\\)*\w+\.\w+))'
|
f_regex: '[^\w](([a-zA-Z]:\\(?:\w+\\?)*)|([a-zA-Z]:\\(?:\w+\\)*\w+\.\w+))'
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: green
|
color: green
|
||||||
scope: response
|
scope: response
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: true
|
sensitive: true
|
||||||
- name: Password Field
|
- name: Password Field
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((|'|")(|[\w]{1,10})([p](ass|wd|asswd|assword))(|[\w]{1,10})(|'|")(:|=)(
|
f_regex: ((|'|")(|[\w]{1,10})([p](ass|wd|asswd|assword))(|[\w]{1,10})(|'|")(:|=)(
|
||||||
|)('|")(.*?)('|")(|,))
|
|)('|")(.*?)('|")(|,))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Username Field
|
- name: Username Field
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((|'|")(|[\w]{1,10})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\w]{1,10})(|'|")(:|=)(
|
f_regex: ((|'|")(|[\w]{1,10})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\w]{1,10})(|'|")(:|=)(
|
||||||
|)('|")(.*?)('|")(|,))
|
|)('|")(.*?)('|")(|,))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: green
|
color: green
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: WeCom Key
|
- name: WeCom Key
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((corp)(id|secret))
|
f_regex: ((corp)(id|secret))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: green
|
color: green
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: JDBC Connection
|
- name: JDBC Connection
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (jdbc:[a-z:]+://[a-z0-9\.\-_:;=/@?,&]+)
|
f_regex: (jdbc:[a-z:]+://[a-z0-9\.\-_:;=/@?,&]+)
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: any
|
scope: any
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Authorization Header
|
- name: Authorization Header
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((basic [a-z0-9=:_\+\/-]{5,100})|(bearer [a-z0-9_.=:_\+\/-]{5,100}))
|
f_regex: ((basic [a-z0-9=:_\+\/-]{5,100})|(bearer [a-z0-9_.=:_\+\/-]{5,100}))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Sensitive Field
|
- name: Sensitive Field
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((\[)?('|")?([\w]{0,10})((key)|(secret)|(token)|(config)|(auth)|(access)|(admin)|(ticket))([\w]{0,10})('|")?(\])?(
|
f_regex: ((\[)?('|")?([\w]{0,10})((key)|(secret)|(token)|(config)|(auth)|(access)|(admin)|(ticket))([\w]{0,10})('|")?(\])?(
|
||||||
|)(:|=)( |)('|")(.*?)('|")(|,))
|
|)(:|=)( |)('|")(.*?)('|")(|,))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: response
|
scope: response
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- group: Other
|
- group: Other
|
||||||
rule:
|
rule:
|
||||||
- name: Linkfinder
|
- name: Linkfinder
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (?:"|')(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;|*()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:\w)(?:[\?|#][^"|']{0,}|)))(?:"|')
|
f_regex: (?:"|')(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;|*()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:\w)(?:[\?|#][^"|']{0,}|)))(?:"|')
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: gray
|
color: gray
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: true
|
sensitive: true
|
||||||
- name: Source Map
|
- name: Source Map
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (\.js\.map)
|
f_regex: (\.js\.map)
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: pink
|
color: pink
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Create Script
|
- name: Create Script
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (\{[^{}]*\}\s*\[[^\s]*\]\s*\+\s*"[^\s]*\.js")
|
f_regex: (\{[^{}]*\}\s*\[[^\s]*\]\s*\+\s*"[^\s]*\.js")
|
||||||
s_regex: '"?([\w].*?)"?:"(.*?)"'
|
s_regex: '"?([\w].*?)"?:"(.*?)"'
|
||||||
format: '{0}.{1}'
|
format: '{0}.{1}'
|
||||||
color: green
|
color: green
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: URL Schemes
|
- name: URL Schemes
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ((?![http]|[https])(([-A-Za-z0-9]{1,20})://[-A-Za-z0-9+&@#/%?=~_|!:,.;]+[-A-Za-z0-9+&@#/%=~_|]))
|
f_regex: ((?![http]|[https])(([-A-Za-z0-9]{1,20})://[-A-Za-z0-9+&@#/%?=~_|!:,.;]+[-A-Za-z0-9+&@#/%=~_|]))
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: yellow
|
color: yellow
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: Router Push
|
- name: Router Push
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (\$router\.push)
|
f_regex: (\$router\.push)
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: magenta
|
color: magenta
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: All URL
|
- name: All URL
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (https?://[-A-Za-z0-9+&@#/%?=~_|!:,.;\u4E00-\u9FFF]+[-A-Za-z0-9+&@#/%=~_|])
|
f_regex: (https?://[-A-Za-z0-9+&@#/%?=~_|!:,.;\u4E00-\u9FFF]+[-A-Za-z0-9+&@#/%=~_|])
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: gray
|
color: gray
|
||||||
scope: response body
|
scope: response body
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: true
|
sensitive: true
|
||||||
- name: Request URI
|
- name: Request URI
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: ' ((?!.*\.js(\?.*)?$)(.*?[^.js$])) '
|
f_regex: ' ((?!.*\.js(\?.*)?$)(.*?[^.js$])) '
|
||||||
s_regex: ''
|
s_regex: ''
|
||||||
format: '{0}'
|
format: '{0}'
|
||||||
color: gray
|
color: gray
|
||||||
scope: request line
|
scope: request line
|
||||||
engine: nfa
|
engine: nfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
|
|||||||
Reference in New Issue
Block a user