diff --git a/src/InternetSearch/SearchResultEntry.java b/src/InternetSearch/SearchResultEntry.java index 7b809af0..5d8d221a 100644 --- a/src/InternetSearch/SearchResultEntry.java +++ b/src/InternetSearch/SearchResultEntry.java @@ -220,11 +220,8 @@ public String getTitle() { public void setTitle(String title) { this.title = title; } - public void AddToTarget() { - AddToTarget(null); - } - - public void AddToTarget(String trustLevel) { + + public void AddToTarget(String trustLevel,String commentToAdd) { DomainManager domainResult = BurpExtender.getGui().getDomainPanel().getDomainResult(); if (IPAddressUtils.isValidIPv4NoPort(this.host)) { domainResult.getSpecialPortTargets().add(this.host); @@ -234,14 +231,14 @@ public void AddToTarget(String trustLevel) { } if (DomainUtils.isValidDomainMayPort(this.host)) { - domainResult.addToTargetAndSubDomain(this.host,true); + domainResult.addToTargetAndSubDomain(this.host,true,commentToAdd); if (this.port >=0 && this.port <= 65535) { - domainResult.addToTargetAndSubDomain(this.host+":"+this.port,true,trustLevel); + domainResult.addToTargetAndSubDomain(this.host+":"+this.port,true,trustLevel,commentToAdd); } } if (StringUtils.isEmpty(this.rootDomain)) { - domainResult.addToTargetAndSubDomain(this.rootDomain,true,trustLevel); + domainResult.addToTargetAndSubDomain(this.rootDomain,true,trustLevel,commentToAdd); } } diff --git a/src/InternetSearch/SearchResultEntryMenu.java b/src/InternetSearch/SearchResultEntryMenu.java index 59b654a5..31474d33 100644 --- a/src/InternetSearch/SearchResultEntryMenu.java +++ b/src/InternetSearch/SearchResultEntryMenu.java @@ -4,12 +4,16 @@ import java.io.PrintWriter; import java.util.HashSet; import java.util.List; +import java.util.Set; import javax.swing.AbstractAction; import javax.swing.JMenuItem; +import javax.swing.JOptionPane; import javax.swing.JPopupMenu; import javax.swing.SwingWorker; +import org.apache.commons.lang3.StringUtils; + import com.bit4woo.utilbox.utils.SystemUtils; import com.bit4woo.utilbox.utils.TextUtils; @@ -154,7 +158,7 @@ protected Object doInBackground() throws Exception { try{ List entries = searchTableModel.getEntries(modelRows); for (SearchResultEntry entry:entries) { - entry.AddToTarget(); + entry.AddToTarget(null,null); } guiMain.getDomainPanel().saveDomainDataToDB(); } @@ -177,7 +181,33 @@ protected Object doInBackground() throws Exception { try{ List entries = searchTableModel.getEntries(modelRows); for (SearchResultEntry entry:entries) { - entry.AddToTarget(AssetTrustLevel.Confirm); + entry.AddToTarget(AssetTrustLevel.Confirm,null); + } + guiMain.getDomainPanel().saveDomainDataToDB(); + } + catch (Exception e1) + { + e1.printStackTrace(stderr); + } + return null; + } + }.execute(); + } + }); + + JMenuItem addToTargetWithCommentItem = new JMenuItem(new AbstractAction("Add Host/Domain To Target With Comment") { + @Override + public void actionPerformed(ActionEvent actionEvent) { + new SwingWorker(){ + @Override + protected Object doInBackground() throws Exception { + try{ + List entries = searchTableModel.getEntries(modelRows); + for (SearchResultEntry entry:entries) { + String comment = JOptionPane.showInputDialog("to find which value", ""); + if (StringUtils.isNotBlank(comment)) { + entry.AddToTarget(null,null); + } } guiMain.getDomainPanel().saveDomainDataToDB(); } @@ -190,6 +220,32 @@ protected Object doInBackground() throws Exception { }.execute(); } }); + + + JMenuItem addIPToBlackListItem = new JMenuItem(new AbstractAction("Add IP To Black List") { + @Override + public void actionPerformed(ActionEvent actionEvent) { + new SwingWorker(){ + @Override + protected Object doInBackground() throws Exception { + try{ + List entries = searchTableModel.getEntries(modelRows); + Set blackIPSet = new HashSet(); + for (SearchResultEntry entry:entries) { + blackIPSet.addAll(entry.getIPSet()); + } + guiMain.getDomainPanel().getDomainResult().getNotTargetIPSet().addAll(blackIPSet); + guiMain.getDomainPanel().saveDomainDataToDB(); + } + catch (Exception e1) + { + e1.printStackTrace(stderr); + } + return null; + } + }.execute(); + } + }); this.add(itemNumber); @@ -198,6 +254,11 @@ protected Object doInBackground() throws Exception { //常用多选操作 this.add(addToTargetItem); this.add(addToTargetConfirmItem); + this.add(addToTargetWithCommentItem); + this.add(addIPToBlackListItem); + + this.addSeparator(); + this.add(copyUrlItem); this.add(copyHostItem); this.add(copyIPItem); diff --git a/src/domain/DomainManager.java b/src/domain/DomainManager.java index 5999250b..464a85d2 100644 --- a/src/domain/DomainManager.java +++ b/src/domain/DomainManager.java @@ -367,6 +367,14 @@ public boolean isTargetByCertInfo(Set certDomains) { } return false; } + + public void addToTargetAndSubDomain(String enteredRootDomain, boolean autoSub,String trustLevel,String commentToAdd) { + if (enteredRootDomain == null) return; + if (guiMain.getDomainPanel().fetchTargetModel().addOrUpdateRowIfValid(new TargetEntry(enteredRootDomain, autoSub,trustLevel,commentToAdd))) { + subDomainSet.add(enteredRootDomain); + }; + } + /** * 添加到目标,并且设置资产可信度级别 * @param enteredRootDomain @@ -375,14 +383,14 @@ public boolean isTargetByCertInfo(Set certDomains) { */ public void addToTargetAndSubDomain(String enteredRootDomain, boolean autoSub,String trustLevel) { if (enteredRootDomain == null) return; - if (guiMain.getDomainPanel().fetchTargetModel().addRowIfValid(new TargetEntry(enteredRootDomain, autoSub,trustLevel))) { + if (guiMain.getDomainPanel().fetchTargetModel().addOrUpdateRowIfValid(new TargetEntry(enteredRootDomain, autoSub,trustLevel))) { subDomainSet.add(enteredRootDomain); }; } public void addToTargetAndSubDomain(String enteredRootDomain, boolean autoSub) { if (enteredRootDomain == null) return; - if (guiMain.getDomainPanel().fetchTargetModel().addRowIfValid(new TargetEntry(enteredRootDomain, autoSub))) { + if (guiMain.getDomainPanel().fetchTargetModel().addOrUpdateRowIfValid(new TargetEntry(enteredRootDomain, autoSub))) { subDomainSet.add(enteredRootDomain); }; } @@ -391,8 +399,8 @@ public boolean addTLDToTargetAndSubDomain(String enteredRootDomain) { if (enteredRootDomain == null) return false; String tldDomainToAdd = guiMain.getDomainPanel().fetchTargetModel().getTLDDomainToAdd(enteredRootDomain); TargetEntry tmp = new TargetEntry(tldDomainToAdd, false); - guiMain.getDomainPanel().fetchTargetModel().addRowIfValid(tmp); - if (guiMain.getDomainPanel().fetchTargetModel().addRowIfValid(tmp)) { + guiMain.getDomainPanel().fetchTargetModel().addOrUpdateRowIfValid(tmp); + if (guiMain.getDomainPanel().fetchTargetModel().addOrUpdateRowIfValid(tmp)) { subDomainSet.add(enteredRootDomain); return true; }; diff --git a/src/domain/target/TargetControlPanel.java b/src/domain/target/TargetControlPanel.java index c44ef553..77655b91 100644 --- a/src/domain/target/TargetControlPanel.java +++ b/src/domain/target/TargetControlPanel.java @@ -48,7 +48,7 @@ public void actionPerformed(ActionEvent e) { } else { String enteredRootDomain = JOptionPane.showInputDialog("Enter Root Domain", null); TargetEntry entry = new TargetEntry(enteredRootDomain); - if(domainPanel.fetchTargetModel().addRowIfValid(entry)){ + if(domainPanel.fetchTargetModel().addOrUpdateRowIfValid(entry)){ domainPanel.getDomainResult().addIfValid(enteredRootDomain); btnFresh.doClick(); } @@ -66,7 +66,7 @@ public void actionPerformed(ActionEvent e) { } else { String enteredRootDomain = JOptionPane.showInputDialog("Enter Root Domain", null); TargetEntry entry = new TargetEntry(enteredRootDomain,false); - if(domainPanel.fetchTargetModel().addRowIfValid(entry)){ + if(domainPanel.fetchTargetModel().addOrUpdateRowIfValid(entry)){ domainPanel.getDomainResult().addIfValid(enteredRootDomain); btnFresh.doClick(); } @@ -164,7 +164,7 @@ public void selectedToBalck(){ for (int i = rowindexs.length - 1; i >= 0; i--) { TargetEntry entry = domainTableModel.getValueAt(rowindexs[i]); entry.setTrustLevel(AssetTrustLevel.NonTarget); - domainTableModel.updateRow(entry); + domainTableModel.addOrUpdateRow(entry); } } } diff --git a/src/domain/target/TargetEntry.java b/src/domain/target/TargetEntry.java index 4a0bd5bb..6838cd0a 100644 --- a/src/domain/target/TargetEntry.java +++ b/src/domain/target/TargetEntry.java @@ -53,6 +53,16 @@ public TargetEntry(String input) { this(input,true); } + public TargetEntry(String input,boolean autoSub,String trustLevel,String comment) { + this(input,autoSub); + if (AssetTrustLevel.getLevelList().contains(trustLevel)) { + this.setTrustLevel(trustLevel); + }else { + //已经有默认初始值了,无需再设置 + } + addComment(comment); + } + public TargetEntry(String input,boolean autoSub,String trustLevel) { this(input,autoSub); if (AssetTrustLevel.getLevelList().contains(trustLevel)) { @@ -61,6 +71,26 @@ public TargetEntry(String input,boolean autoSub,String trustLevel) { //已经有默认初始值了,无需再设置 } } + + private void autoDetectTrustLevel() { + //resources/cloud_service_domain_names.txt + String domains = "aliyun.com\r\n" + + "aliyuncs.com\r\n" + + "amazon.com\r\n" + + "amazonaws.com\r\n" + + "huaweicloud.com\r\n" + + "myhuaweicloud.com\r\n" + + "myqcloud.com\r\n" + + "tencent.com\r\n" + + "tencentcloudapi.com\r\n" + + "cloudfront.net"; + for (String item:domains.split("\r\n")) { + if (target.toLowerCase().strip().endsWith(item)) { + this.setTrustLevel(AssetTrustLevel.Cloud); + break; + } + } + } public TargetEntry(String input,boolean autoSub) { @@ -103,6 +133,7 @@ public TargetEntry(String input,boolean autoSub) { keyword = domainKeyword; } } + autoDetectTrustLevel(); } @@ -167,7 +198,7 @@ public void setComments(Set comments) { } public void addComment(String commentToAdd) { - if (StringUtils.isEmpty(commentToAdd)) return; + if (StringUtils.isBlank(commentToAdd)) return; comments.addAll(Arrays.asList(commentToAdd.split(","))); } diff --git a/src/domain/target/TargetTableModel.java b/src/domain/target/TargetTableModel.java index 54323287..83f27483 100644 --- a/src/domain/target/TargetTableModel.java +++ b/src/domain/target/TargetTableModel.java @@ -60,7 +60,7 @@ private TargetTableModel(GUIMain guiMain) { public TargetTableModel(GUIMain guiMain, List entries) { this(guiMain); for (TargetEntry entry : entries) { - if (ifValid(entry)) { + if (isValid(entry)) { targetEntries.put(entry.getTarget(), entry); } } @@ -215,7 +215,7 @@ public boolean isCellEditable(int rowIndex, int columnIndex) { * @param entry * @return */ - public static boolean ifValid(TargetEntry entry) { + public static boolean isValid(TargetEntry entry) { if (StringUtils.isEmpty(entry.getTarget())) { return false; } @@ -230,10 +230,10 @@ public static boolean ifValid(TargetEntry entry) { * * @param entry */ - public boolean addRowIfValid(TargetEntry entry) { - if (ifValid(entry)) { + public boolean addOrUpdateRowIfValid(TargetEntry entry) { + if (isValid(entry)) { String key = entry.getTarget(); - addRow(key, entry); + addOrUpdateRow(key, entry); return true; } return false; @@ -246,7 +246,7 @@ public boolean addRowIfValid(TargetEntry entry) { * @param key * @param entry */ - private void addRow(String key, TargetEntry entry) { + private void addOrUpdateRow(String key, TargetEntry entry) { TargetEntry oldentry = targetEntries.get(key); if (oldentry != null) {//如果有旧的记录,就需要用旧的内容做修改 //entry.setBlack(oldentry.isBlack()); @@ -254,7 +254,7 @@ private void addRow(String key, TargetEntry entry) { //当新记录的类型是maybe,那么它是确信度最低的,使用旧值。否则使用新的值 entry.setTrustLevel(oldentry.getTrustLevel()); } - entry.setComments(oldentry.getComments()); + entry.getComments().addAll(oldentry.getComments()); entry.setKeyword(oldentry.getKeyword()); } @@ -303,9 +303,9 @@ public TargetEntry getValueAt(int rowIndex) { /** * 数据的增删查改:修改更新 */ - public void updateRow(TargetEntry entry) { + public void addOrUpdateRow(TargetEntry entry) { String key = entry.getTarget(); - addRow(key, entry); + addOrUpdateRow(key, entry); } @@ -330,7 +330,7 @@ public String fetchRootDomains() { public Set fetchTargetSet() { Set result = new HashSet(); for (TargetEntry entry : targetEntries.values()) { - if (!ifValid(entry)) continue; + if (!isValid(entry)) continue; if (!entry.isNotTarget()) { result.add(entry.getTarget()); } @@ -347,7 +347,7 @@ public Set fetchTargetSet() { public Set fetchTargetDomainSet() { Set result = new HashSet(); for (TargetEntry entry : targetEntries.values()) { - if (!ifValid(entry)) continue; + if (!isValid(entry)) continue; try { if (!entry.isNotTarget() && entry.getType().equals(TargetEntry.Target_Type_Domain)) { result.add(entry.getTarget()); @@ -369,7 +369,7 @@ public Set fetchTargetDomainSet() { public Set fetchTargetWildCardDomainSet() { Set result = new HashSet(); for (TargetEntry entry : targetEntries.values()) { - if (!ifValid(entry)) continue; + if (!isValid(entry)) continue; try { if (!entry.isNotTarget() && entry.getType().equals(TargetEntry.Target_Type_Wildcard_Domain)) { result.add(entry.getTarget()); @@ -391,7 +391,7 @@ public Set fetchTargetWildCardDomainSet() { public Set fetchTargetIPSet() { Set result = new HashSet(); for (TargetEntry entry : targetEntries.values()) { - if (ifValid(entry)) { + if (isValid(entry)) { if (!entry.isNotTarget()) { if (entry.getTarget() == null || entry.getType() == null) continue; if (entry.getType().equals(TargetEntry.Target_Type_Subnet)) { @@ -412,7 +412,7 @@ public Set fetchTargetIPSet() { private Set fetchTargetBlackDomainSet() { Set result = new HashSet(); for (TargetEntry entry : targetEntries.values()) { - if (!ifValid(entry)) continue; + if (!isValid(entry)) continue; if (entry.isNotTarget() && entry.getType().equals(TargetEntry.Target_Type_Domain)) { result.add(entry.getTarget()); } @@ -428,7 +428,7 @@ private Set fetchTargetBlackDomainSet() { public Set fetchBlackIPSet() { Set result = new HashSet(); for (TargetEntry entry : targetEntries.values()) { - if (!ifValid(entry)) continue; + if (!isValid(entry)) continue; if (entry.isNotTarget()) { if (entry.getType().equals(TargetEntry.Target_Type_Subnet)) { List tmpIPs = IPAddressUtils.toIPList(entry.getTarget()); @@ -442,7 +442,7 @@ public Set fetchBlackIPSet() { public Set fetchKeywordSet() { Set result = new HashSet(); for (TargetEntry entry : targetEntries.values()) { - if (!ifValid(entry)) continue; + if (!isValid(entry)) continue; if (!entry.isNotTarget() && !entry.getKeyword().trim().equals("")) { result.add(entry.getKeyword()); } @@ -734,7 +734,7 @@ public void removeRows(int[] rows) { public static void test() { TargetEntry aaa = new TargetEntry("103.125.112.0/23"); - System.out.println(ifValid(aaa)); + System.out.println(isValid(aaa)); System.out.println(IPAddressUtils.isValidSubnet("103.125.112.0/23")); } diff --git a/src/resources/cloud_service_domain_names.txt b/src/resources/cloud_service_domain_names.txt new file mode 100644 index 00000000..2387a1fa --- /dev/null +++ b/src/resources/cloud_service_domain_names.txt @@ -0,0 +1,10 @@ +aliyun.com +aliyuncs.com +amazon.com +amazonaws.com +huaweicloud.com +myhuaweicloud.com +myqcloud.com +tencent.com +tencentcloudapi.com +cloudfront.net \ No newline at end of file