카테고리 없음

1231. 2025. 4. 15. 14:35 
from burp import IBurpExtender, ITab
from java.awt import BorderLayout, Dimension
from javax.swing import JPanel, JTable, JScrollPane, JTextArea, JSplitPane, JButton, JComboBox, JLabel
from javax.swing.table import DefaultTableModel
from javax.swing.event import ListSelectionListener
from java.util import Date, ArrayList
from java.text import SimpleDateFormat
from java.net import URL

class BurpExtender(IBurpExtender, ITab):
    def registerExtenderCallbacks(self, callbacks):
        self.callbacks = callbacks
        self.helpers = callbacks.getHelpers()
        callbacks.setExtensionName("Advanced Dir Index Checker")
        
        self._results = ArrayList()

        self._panel = JPanel(BorderLayout())

        # Table Setup
        self._table_model = DefaultTableModel(["URL", "Status", "Indexed", "Checked Time"], 0)
        self._table = JTable(self._table_model)
        self._panel.add(JScrollPane(self._table), BorderLayout.CENTER)

        # Request/Response and Logs Viewers
        self._request_viewer = JTextArea()
        self._response_viewer = JTextArea()
        self._log_viewer = JTextArea()

        self._request_viewer.setEditable(False)
        self._response_viewer.setEditable(False)
        self._log_viewer.setEditable(False)

        viewers = JSplitPane(JSplitPane.VERTICAL_SPLIT,
                             JSplitPane(JSplitPane.HORIZONTAL_SPLIT,
                                        JScrollPane(self._request_viewer),
                                        JScrollPane(self._response_viewer)),
                             JScrollPane(self._log_viewer))
        viewers.setDividerLocation(300)
        viewers.setPreferredSize(Dimension(1000, 400))
        self._panel.add(viewers, BorderLayout.SOUTH)

        # Selection Listener
        class RowSelectionListener(ListSelectionListener):
            def valueChanged(inner_self, event):
                if not event.getValueIsAdjusting():
                    self.updateRequestResponse()
        self._table.getSelectionModel().addListSelectionListener(RowSelectionListener())

        # Host Selector and Scan Button
        self._host_selector = JComboBox()
        self._scan_button = JButton("Start Scan", actionPerformed=self.scanHost)
        top_panel = JPanel()
        top_panel.add(JLabel("Select Host:"))
        top_panel.add(self._host_selector)
        top_panel.add(self._scan_button)
        self._panel.add(top_panel, BorderLayout.NORTH)

        callbacks.addSuiteTab(self)

        self.populateHosts()

    def getTabCaption(self):
        return "Dir Index Checker"

    def getUiComponent(self):
        return self._panel

    def populateHosts(self):
        hosts = set()
        for item in self.callbacks.getSiteMap(None):
            try:
                url = self.helpers.analyzeRequest(item).getUrl()
                hosts.add(url.getHost())
            except:
                continue
        self._host_selector.removeAllItems()
        for host in sorted(hosts):
            self._host_selector.addItem(host)

    def scanHost(self, event):
        host = self._host_selector.getSelectedItem()
        if not host:
            return

        self._table_model.setRowCount(0)
        self._results.clear()
        scanned_urls = set()
        self._log_viewer.setText("")

        sitemap = self.callbacks.getSiteMap(None)
        urls_to_scan = []

        for item in sitemap:
            try:
                url = self.helpers.analyzeRequest(item).getUrl()
                if url.getHost() == host:
                    urls_to_scan.append(url)

                    if not url.getPath().endswith("/"):
                        urls_to_scan.append(URL(url.toString() + "/"))
            except Exception as e:
                self.log("Error collecting URL: " + str(e))

        self.log("Total URLs to scan: {}".format(len(urls_to_scan)))

        for url in urls_to_scan:
            self.log("Scanning: " + url.toString())
            self.checkDirectoryIndex(url, self.helpers.buildHttpService(url.getHost(), url.getPort(), url.getProtocol()), scanned_urls)

    def checkDirectoryIndex(self, url, service, scanned_urls):
        if url.toString() in scanned_urls:
            self.log("Skipped (duplicate): " + url.toString())
            return

        scanned_urls.add(url.toString())

        try:
            request = self.helpers.buildHttpRequest(url)
            response = self.callbacks.makeHttpRequest(service, request)

            if response and response.getResponse():
                analyzed_resp = self.helpers.analyzeResponse(response.getResponse())
                body = self.helpers.bytesToString(response.getResponse()[analyzed_resp.getBodyOffset():]).lower()

                indexed = "YES" if ("<title>index of" in body or "index of /" in body) else "NO"
                status_code = analyzed_resp.getStatusCode()
                time_checked = SimpleDateFormat("HH:mm:ss").format(Date())

                self._table_model.addRow([url.toString(), status_code, indexed, time_checked])
                self._results.add((request, response.getResponse()))
                self.log("Completed: " + url.toString() + " Indexed: " + indexed)
        except Exception as e:
            self.log("Error scanning URL: " + url.toString() + " - " + str(e))

    def updateRequestResponse(self):
        row = self._table.getSelectedRow()
        if row >= 0 and row < self._results.size():
            request, response = self._results.get(row)
            self._request_viewer.setText(self.helpers.bytesToString(request))
            self._response_viewer.setText(self.helpers.bytesToString(response))

    def log(self, message):
        current_time = SimpleDateFormat("HH:mm:ss").format(Date())
        self._log_viewer.append("[" + current_time + "] " + message + "\n")

'카테고리 없음'의 다른글

  • 현재글

티스토리툴바