Skip to content

Commit

Permalink
Merge pull request yaklang#1533 from yaklang/luoluo/feature/poc-add-i…
Browse files Browse the repository at this point in the history 
…d-scan

luoluo/feature/poc-add-id-scan
  • Loading branch information
@b1rdfree
b1rdfree authored Mar 28, 2024
2 parents ff89580 + 600fcf9 commit 8dff179
Show file tree
Hide file tree
Showing 24 changed files with 392 additions and 124 deletions.
54 changes: 46 additions & 8 deletions app/renderer/src/main/src/components/HTTPFlowTable/HTTPFlowTable.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ import {
generateYakCodeByRequest,
RequestToYakCodeTemplate
} from "../../pages/invoker/fromPacketToYakCode"
import {execPacketScan} from "@/pages/packetScanner/PacketScanner"
import {execPacketScan, execPacketScanWithNewTab} from "@/pages/packetScanner/PacketScanner"
import {GetPacketScanByCursorMenuItem, packetScanDefaultValue} from "@/pages/packetScanner/DefaultPacketScanGroup"
import {getRemoteValue, setRemoteValue} from "@/utils/kv"
import {FooterBottom, TableVirtualResize} from "../TableVirtualResize/TableVirtualResize"
Expand Down Expand Up @@ -1496,7 +1496,7 @@ export const HTTPFlowTable = React.memo<HTTPFlowTableProp>((props) => {
let id
if (inViewport) {
scrollUpdate()
if(isLoop){
if (isLoop) {
id = setInterval(scrollUpdate, 1000)
}
}
Expand Down Expand Up @@ -2695,7 +2695,11 @@ export const HTTPFlowTable = React.memo<HTTPFlowTableProp>((props) => {
if (keyPath.includes("数据包扫描")) {
const scanItem = packetScanDefaultValue.find((e) => e.Verbose === key)
if (!scanItem) return
execPacketScan([rowData.Id], scanItem.Keyword)
execPacketScan({
httpFlowIds: [rowData.Id],
value: scanItem,
https: rowData.IsHTTPS
})
return
}
if (keyPath.includes("标注颜色")) {
Expand Down Expand Up @@ -3133,17 +3137,33 @@ export const HTTPFlowTable = React.memo<HTTPFlowTableProp>((props) => {
})}
onClick={({key, keyPath}) => {
if (keyPath.includes("数据包扫描")) {
if (isAllSelect) {
yakitNotify(
"warning",
"该批量操作不支持全选"
)
return
}
const currentItemScan = menuData.find(
(f) =>
f.onClickBatch &&
f.key === "数据包扫描"
)
if (!currentItemScan) return
onBatch(
(v) => execPacketScan([v.Id], key),
currentItemScan.number || 0,
selectedRowKeys.length === total
const currentItemPacketScan =
packetScanDefaultValue.find(
(f) => f.Verbose === key
)
if (
!currentItemScan ||
!currentItemPacketScan
)
return

onBatchExecPacketScan({
httpFlowIds: selectedRowKeys,
maxLength: currentItemScan.number || 0,
currentPacketScan: currentItemPacketScan
})
return
}
if (keyPath.includes("标注颜色")) {
Expand Down Expand Up @@ -3852,3 +3872,21 @@ export const onRemoveCalloutColor = (flow: HTTPFlow, data: HTTPFlow[], setData)
setData(newData)
})
}

const onBatchExecPacketScan = (params: {
httpFlowIds: string[]
maxLength: number
currentPacketScan: {Keyword?: string; Verbose: string}
}) => {
const {httpFlowIds, maxLength, currentPacketScan} = params
if (httpFlowIds.length > maxLength) {
yakitNotify("warning", `最多同时只能发送${maxLength}条数据`)
return
}
execPacketScanWithNewTab({
httpFlowIds,
https: false,
keyword: currentPacketScan.Keyword || "",
verbose: currentPacketScan.Verbose
})
}
3 changes: 2 additions & 1 deletion app/renderer/src/main/src/components/playground/hybrid/HybridScanDemo.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ export const HybridScanDemo: React.FC<HybridScanDemoProp> = (props) => {
HTTPRequestTemplate: {
IsHttps: false, IsRawHTTPRequest: false, RawHTTPRequest: new Uint8Array(),
Method: "GET", Path: ["/"], GetParams: [], Headers: [], Cookie: [],
Body: new Uint8Array(), PostParams: [], MultipartParams: [], MultipartFileParams: [],
Body: new Uint8Array(), PostParams: [], MultipartParams: [], MultipartFileParams: [],IsHttpFlowId:false,
HTTPFlowId:[]
},
})
const [plugin, setPlugin] = React.useState<HybridScanPluginConfig>({
Expand Down
5 changes: 4 additions & 1 deletion app/renderer/src/main/src/models/HTTPRequestBuilder.tsx
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import {KVPair} from "@/models/kv";
import {KVPair} from "@/models/kv"

export interface HTTPRequestBuilderParams {
IsHttps: boolean
Expand All @@ -18,4 +18,7 @@ export interface HTTPRequestBuilderParams {
PostParams: KVPair[]
MultipartParams: KVPair[]
MultipartFileParams: KVPair[]

IsHttpFlowId: boolean
HTTPFlowId: number[]
}
4 changes: 3 additions & 1 deletion app/renderer/src/main/src/pages/httpRequestBuilder/HTTPRequestBuilder.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,9 @@ export const getDefaultHTTPRequestBuilderParams = (): HTTPRequestBuilderParams =
MultipartParams: [],
Path: ["/"],
PostParams: [],
RawHTTPRequest: new Uint8Array()
RawHTTPRequest: new Uint8Array(),
IsHttpFlowId:false,
HTTPFlowId:[]
}
}

Expand Down
48 changes: 36 additions & 12 deletions app/renderer/src/main/src/pages/layout/mainOperatorContent/MainOperatorContent.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,10 +83,17 @@ import emiter from "@/utils/eventBus/eventBus"
import {shallow} from "zustand/shallow"
import {menuBodyHeight} from "@/pages/globalVariable"
import {RemoteGV} from "@/yakitGV"
import {PageNodeItemProps, PageProps, defPage, usePageInfo} from "@/store/pageInfo"
import {
PageNodeItemProps,
PageProps,
defPage,
defaultPluginBatchExecutorPageInfo,
defaultPocPageInfo,
usePageInfo
} from "@/store/pageInfo"
import {startupDuplexConn, closeDuplexConn} from "@/utils/duplex/duplex"
import cloneDeep from "lodash/cloneDeep"
import {onToManageGroup} from "@/pages/securityTool/yakPoC/yakPoC"
import {onToManageGroup} from "@/pages/securityTool/yakPoC/YakPoC"
import {defPluginBatchExecuteExtraFormValue} from "@/pages/plugins/pluginBatchExecutor/pluginBatchExecutor"
import { apiFetchQueryYakScriptGroupLocal } from "@/pages/plugins/utils"
import { PluginGroupType } from "@/pages/plugins/group/PluginGroups"
Expand Down Expand Up @@ -434,10 +441,24 @@ export const MainOperatorContent: React.FC<MainOperatorContentProps> = React.mem
case YakitRoute.Plugin_Groups:
pluginGroup(params)
break
case YakitRoute.BatchExecutorPage:
addBatchExecutorPage(params)
break
case YakitRoute.PoC:
addPoC(params)
break
default:
break
}
})
/**批量执行 */
const addBatchExecutorPage = useMemoizedFn((data) => {
openMenuPage({route: YakitRoute.BatchExecutorPage}, {pageParams: {pluginBatchExecutorPageInfo: data}})
})
/**专项漏洞 */
const addPoC = useMemoizedFn((data) => {
openMenuPage({route: YakitRoute.PoC}, {pageParams: {pocPageInfo: data}})
})
/**
* @name 新建插件
* @param source 触发打开页面的父页面路由
Expand Down Expand Up @@ -601,8 +622,6 @@ export const MainOperatorContent: React.FC<MainOperatorContentProps> = React.mem
if (type === "plugin-store") addYakRunning(data)
if (type === "batch-exec-recover") addBatchExecRecover(data as UnfinishedBatchTask)
if (type === "simple-batch-exec-recover") addSimpleBatchExecRecover(data as UnfinishedSimpleDetectBatchTask)
if (type === "exec-packet-scan")
addPacketScan(data["httpFlows"], data["https"], data["httpRequest"], data["keyword"])
if (type === "add-yakit-script") addYakScript(data)
if (type === "online-plugin-recycle-bin") addOnlinePluginRecycleBin(data)
if (type === "facade-server") addFacadeServer(data)
Expand Down Expand Up @@ -761,6 +780,7 @@ export const MainOperatorContent: React.FC<MainOperatorContentProps> = React.mem
{
pageParams: {
pocPageInfo: {
...defaultPocPageInfo,
selectGroup: bugTestValue ? [bugTestValue] : [],
formValue: {
Targets: {
Expand Down Expand Up @@ -1037,12 +1057,12 @@ export const MainOperatorContent: React.FC<MainOperatorContentProps> = React.mem
case YakitRoute.PoC:
onSetPocData(node, order)
break
case YakitRoute.BatchExecutorPage:
onBatchExecutorPage(node, order)
break
default:
break
}
if (route === YakitRoute.BatchExecutorPage) {
onBatchExecutorPage(node, order)
}
setPageCache([...pages])
openFlag && setCurrentTabKey(key)
} else {
Expand All @@ -1058,12 +1078,12 @@ export const MainOperatorContent: React.FC<MainOperatorContentProps> = React.mem
case YakitRoute.PoC:
onSetPocData(node, 1)
break
case YakitRoute.BatchExecutorPage:
onBatchExecutorPage(node, 1)
break
default:
break
}
if (route === YakitRoute.BatchExecutorPage) {
onBatchExecutorPage(node, 1)
}
setPageCache([
...pageCache,
{
Expand Down Expand Up @@ -1092,9 +1112,12 @@ export const MainOperatorContent: React.FC<MainOperatorContentProps> = React.mem
pageId: node.id,
pageName: node.verbose,
pageParamsInfo: {
pluginBatchExecutorPageInfo:node.pageParams?.pluginBatchExecutorPageInfo?{
pluginBatchExecutorPageInfo:node.pageParams?.pluginBatchExecutorPageInfo
? {
...defaultPluginBatchExecutorPageInfo,
...node.pageParams.pluginBatchExecutorPageInfo
}:undefined
}
: undefined
},
sortFieId: order
}
Expand Down Expand Up @@ -1619,6 +1642,7 @@ export const MainOperatorContent: React.FC<MainOperatorContentProps> = React.mem
pageName: node.verbose,
pageParamsInfo: {
pocPageInfo: {
...defaultPocPageInfo,
...node.pageParams?.pocPageInfo
}
},
Expand Down
29 changes: 20 additions & 9 deletions app/renderer/src/main/src/pages/packetScanner/DefaultPacketScanGroup.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,33 +10,44 @@ import styles from "./packetScanner.module.scss"
* @description 数据包扫描的默认菜单数据
*/
export const packetScanDefaultValue: {Verbose: string; Keyword?: string}[] = [
{Verbose: "自定义", Keyword: undefined},
{Verbose: "批量执行", Keyword: undefined},
{Verbose: "网络设备与OA系统", Keyword: "锐捷,若依,金和,金山,金蝶,致远,Seeyou,seeyou,通达,tonged,Tongda,银澎,浪潮,泛微,方维,帆软,向日葵,ecshop,dahua,huawei,zimbra,coremail,Coremail,邮件服务器"},
{Verbose: "安全产品", Keyword: "防火墙,行为管理,绿盟,天擎,tianqing,防篡改,网御星云,安防,审计系统,天融信,安全系统"},
{Verbose: "FastJSON", Keyword: "fastjson,FastJson,FastJSON"},
{Verbose: "Log4j", Keyword: "Log4j,log4j,Log4shell,log4shell,Log4Shell"},
{Verbose: "Weblogic", Keyword: "weblogic,Weblogic"},
{Verbose: "远程代码执行(扫描)", Keyword: "RCE,rce"},
{Verbose: "XSS", Keyword: "xss,XSS"},
{Verbose: "Java", Keyword: "Java"},
{Verbose: "Tomcat", Keyword: "Tomcat"},
{Verbose: "IIS", Keyword: "IIS"},
{Verbose: "Nginx", Keyword: "Nginx"},
{Verbose: "Shiro", Keyword: "Shiro"},
{Verbose: "SQL注入", Keyword: "SQL注入"}
]

export const GetPacketScanByCursorMenuItem = (id: number): ByCursorMenuItemProps => {
return {
title: "数据包扫描", onClick: () => {
},
subMenuItems: packetScanDefaultValue.map(i => {
title: "数据包扫描",
onClick: () => {},
subMenuItems: packetScanDefaultValue.map((i) => {
return {
id:i.Keyword,
title: i.Verbose, onClick: () => {
execPacketScan([id], i.Keyword)
id: i.Keyword,
title: i.Verbose,
onClick: () => {
execPacketScan({
httpFlowIds: [id],
value: i,
https: false
})
}
}
})
}
}

export interface PacketScanButtonProp {
packetGetter: () => { https: boolean, httpRequest: Uint8Array }
packetGetter: () => {https: boolean; httpRequest: Uint8Array}
}

export const PacketScanButton: React.FC<PacketScanButtonProp> = (props) => {
Expand All @@ -60,7 +71,7 @@ export const PacketScanButton: React.FC<PacketScanButtonProp> = (props) => {
setTimeout(() => {
setVisible(undefined)
}, 300)
execPacketScanFromRaw(https, httpRequest, i.Keyword)
execPacketScanFromRaw(https, httpRequest, i)
}}
key={`${i.Verbose}+${n}`}
>
Expand Down
Loading

0 comments on commit 8dff179

Please sign in to comment.