Merge pull request #18 from vankyver/master

RELEASE-1.3

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>burp-vulners-scanner</groupId>
     <artifactId>burp-vulners-scanner</artifactId>
-    <version>1.2</version>
+    <version>1.3</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -37,12 +37,13 @@
         <dependency>
             <groupId>org.jtwig</groupId>
             <artifactId>jtwig-core</artifactId>
-            <version>5.85.3.RELEASE</version>
+            <version>5.87.0.RELEASE</version>
         </dependency>
+
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20160810</version>
+            <version>20231013</version>
         </dependency>
 
     </dependencies>

src/main/java/burp/HttpClient.java

@@ -8,8 +8,8 @@
 
 public class HttpClient {
 
-    private static String VULNERS_API_HOST = "vulners.com";
-    private static String VULNERS_API_PATH = "/api/v3/burp/";
+    private static final String VULNERS_API_HOST = "vulners.com";
+    private static final String VULNERS_API_PATH = "/api/v3/burp/";
 
     private final IBurpExtenderCallbacks callbacks;
     private final IExtensionHelpers helpers;
@@ -21,21 +21,31 @@ public class HttpClient {
         this.helpers = helpers;
     }
 
+    public JSONObject post(String action, Map<String, String> params) {
+        return request("POST", action, params);
+    }
+
     public JSONObject get(String action, Map<String, String> params) {
+        return request("GET", action, params);
+    }
+
+    public JSONObject request(String method, String action, Map<String, String> params) {
         List<String> headers = new ArrayList<>();
-        headers.add("POST " + VULNERS_API_PATH + action + "/ HTTP/1.1");
+        headers.add( method + " " + VULNERS_API_PATH + action + "/ HTTP/1.1");
         headers.add("Host: " + VULNERS_API_HOST);
-        headers.add("User-Agent: vulners-burpscanner-v-1.2");
+        headers.add("User-Agent: vulners-burpscanner-v-1.3");
         headers.add("Content-type: application/json");
 
         JSONObject jsonBody = new JSONObject();
 
-        if (burpExtender.getApiKey() != null) {
-            jsonBody = jsonBody.put("apiKey", burpExtender.getApiKey());
-        }
+        if (!method.equals("GET")) {
+            if (burpExtender.getApiKey() != null) {
+                jsonBody = jsonBody.put("apiKey", burpExtender.getApiKey());
+            }
 
-        for (Map.Entry<String, String> p: params.entrySet()) {
-            jsonBody = jsonBody.put(p.getKey(), p.getValue());
+            for (Map.Entry<String, String> p: params.entrySet()) {
+                jsonBody = jsonBody.put(p.getKey(), p.getValue());
+            }
         }
 
         byte[] request = helpers.buildHttpMessage(headers, helpers.stringToBytes(jsonBody.toString()));

src/main/java/burp/gui/TabComponent.java

@@ -7,23 +7,18 @@
 import burp.gui.rules.RulesTableListener;
 import burp.gui.software.SoftwareTable;
 import burp.models.Domain;
-import burp.models.Software;
-import burp.models.Vulnerability;
 import com.intellij.uiDesigner.core.GridConstraints;
 import com.intellij.uiDesigner.core.GridLayoutManager;
 import com.intellij.uiDesigner.core.Spacer;
 
 import javax.swing.*;
 import java.awt.*;
-import java.awt.event.ActionEvent;
-import java.awt.event.ActionListener;
 import java.awt.event.MouseAdapter;
 import java.awt.event.MouseEvent;
 import java.io.IOException;
 import java.net.URI;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.Set;
 
 public class TabComponent {
     private JPanel rootPanel;
@@ -148,6 +143,7 @@ public RulesTable getRulesTable() {
     }
 
     public void setAPIKey(String apiKey) {
+        System.out.println("Setting API key: " + apiKey);
         if (apiKey != null) {
             txtApi.setText(apiKey);
         }

src/main/java/burp/gui/path/PathsTable.java

@@ -15,7 +15,7 @@ public boolean isCellEditable(int row, int column) {
             }
         };
         model.addColumn("Domain");
-        model.addColumn("path");
+        model.addColumn("Path");
         model.addColumn("CVSS Score");
         model.addColumn("Vulnerabilities");
 

src/main/java/burp/tasks/PathScanTask.java

@@ -25,7 +25,7 @@ public PathScanTask(VulnersRequest vulnersRequest, HttpClient httpClient, Consum
     @Override
     public void run() {
 
-        JSONObject data = httpClient.get("path", new HashMap<String, String>() {{
+        JSONObject data = httpClient.post("path", new HashMap<String, String>() {{
             put("path", vulnersRequest.getPath());
         }});
 

src/main/java/burp/tasks/SoftwareScanTask.java

@@ -28,7 +28,7 @@ public void run() {
 
         Software software = vulnersRequest.getSoftware();
 
-        JSONObject data = httpClient.get("software", new HashMap<String, String>(){{
+        JSONObject data = httpClient.post("software", new HashMap<String, String>() {{
             put("software", software.getAlias());
             put("version", software.getVersion());
             put("type", software.getMatchType());