Initial commit

kN6jq · Jul 17, 2023 · a744edc · a744edc
commit a744edc
Show file tree

Hide file tree

Showing 36 changed files with 4,114 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
diff --git a/.idea/.gitignore b/.idea/.gitignore
diff --git a/.idea/encodings.xml b/.idea/encodings.xml
diff --git a/.idea/misc.xml b/.idea/misc.xml
diff --git a/.idea/uiDesigner.xml b/.idea/uiDesigner.xml
diff --git a/README.md b/README.md
@@ -0,0 +1,83 @@
+# 目前功能
+
+1. fastjson扫描
+2. 权限绕过
+3. 未授权检测
+4. sql注入检测
+5. 工具调用
+
+# 使用说明
+
+首次使用请先将数据库文件放到用户名目录/.gather/目录中 *!* *!* *!*
+
+首次使用请先将数据库文件放到用户名目录/.gather/目录中 *!* *!* *!*
+
+首次使用请先将数据库文件放到用户名目录/.gather/目录中 *!* *!* *!*
+
+请使用`mvn clean package`进行编译打包,生成的jar包在target/gather/目录下
+
+请使用`mvn clean package`进行编译打包,生成的jar包在target/gather/目录下
+
+请使用`mvn clean package`进行编译打包,生成的jar包在target/gather/目录下
+
+皆可通过使用鼠标右键菜单,进行调用
+
+![tool-1.png](images%2Ftool-1.png)
+
+![tool-2.png](images%2Ftool-2.png)
+
+# 功能说明
+
+## fastjson扫描
+
+![](./images/fastjson.png)
+
+> 使用前请先在config模块配置dns,ip并点击保存
+
+1. 通过鼠标右键菜单,扫描dns,jndi,回显,注入内存马等
+2. dns扫描可以在数据库配置,type为dns,需要在替换dns域名的地方填写FUZZ,并在FUZZ前填写一个字符,如a.FUZZ,主要是为了区别
+3. jndi扫描可以在数据库配置,type为jndi,需要在替换jndi的地方填写FUZZ,jndi扫描会让你选择是使用dns还是ip
+4. 回显扫描可以在数据库配置,type为echo,需要你填写执行的命令,默认是在请求头加Accept-Cache字段,响应是在响应头Content-auth字段
+3. 注入内存马。。。
+
+## 权限绕过
+
+![](./images/authcheck.png)
+
+1. 通过给uri中加入特殊字符绕过权限
+2. 通过给header中加入字段绕过权限
+
+## 未授权检测
+
+![](./images/prem.png)
+
+> 使用前请先在面板设置相关参数值
+
+1. 通过替换低权限用户的cookie,来判断是否存在未授权
+2. 通过删除用户的cookie,来判断是否存在未授权
+3. 支持被动扫描
+
+## sql注入检测
+
+![](./images/sql.png)
+
+> 使用前请先在面板设置相关参数值
+
+1. 通过添加特殊字符,来判断是否存在sql注入
+2. sql注入支持get,post,cookie,json等多种方式
+
+## 工具调用
+
+![](./images/config.png)
+
+> 使用前请先在面板设置相关参数值,并点击保存
+
+1. 通过添加常用功能,来调用工具
+2. {host} 会被替换为当前请求的host
+3. {url} 会被替换为当前请求的url
+4. {request} 会保存当前数据包到用户名目录的./gather/目录下,进行调用
+
+
+# 后期计划
+
+1. 如有想法,可以提issue
diff --git a/gather.db b/gather.db
diff --git a/images/authcheck.png b/images/authcheck.png
diff --git a/images/config.png b/images/config.png
diff --git a/images/fastjson.png b/images/fastjson.png
diff --git a/images/prem.png b/images/prem.png
diff --git a/images/sql.png b/images/sql.png
diff --git a/images/tool-1.png b/images/tool-1.png
diff --git a/images/tool-2.png b/images/tool-2.png
diff --git a/pom.xml b/pom.xml
@@ -0,0 +1,95 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>org.xm17</groupId>
+  <artifactId>gatherBurp</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <packaging>jar</packaging>
+
+  <name>gatherBurp</name>
+  <url>http://maven.apache.org</url>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>3.8.1</version>
+      <scope>test</scope>
+    </dependency>
+    <!-- https://mvnrepository.com/artifact/net.portswigger.burp.extender/burp-extender-api -->
+    <dependency>
+      <groupId>net.portswigger.burp.extender</groupId>
+      <artifactId>burp-extender-api</artifactId>
+      <version>2.3</version>
+    </dependency>
+
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+      <version>2.11.0</version>
+    </dependency>
+    <dependency>
+      <groupId>org.json</groupId>
+      <artifactId>json</artifactId>
+      <version>20200518</version>
+    </dependency>
+    <!-- https://mvnrepository.com/artifact/org.xerial/sqlite-jdbc -->
+    <dependency>
+      <groupId>org.xerial</groupId>
+      <artifactId>sqlite-jdbc</artifactId>
+      <version>3.42.0.0</version>
+    </dependency>
+
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.8.1</version>
+        <configuration>
+          <source>8</source>
+          <target>8</target>
+          <encoding>UTF-8</encoding>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <version>3.3.0</version>
+        <configuration>
+          <!-- 自定义jar包名称 -->
+          <finalName>gatherBurp</finalName>
+          <appendAssemblyId>false</appendAssemblyId>
+          <archive>
+            <manifest>
+              <mainClass>burp.BurpExtender</mainClass>
+            </manifest>
+          </archive>
+          <descriptorRefs>
+            <descriptorRef>jar-with-dependencies</descriptorRef>
+          </descriptorRefs>
+          <outputDirectory>
+            ${project.build.directory}/gather
+          </outputDirectory>
+        </configuration>
+        <!-- 添加此项后，可直接使用mvn package | mvn install -->
+        <!-- 不添加此项，需直接使用mvn package assembly:single -->
+        <executions>
+          <execution>
+            <id>make-assembly</id>
+            <phase>package</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>