V1.4 修复第三方包没引入造成的fofa搜索无结果的bug

Author: yhy0

META-INF/MANIFEST.MF

@@ -0,0 +1,4 @@
+Manifest-Version: 1.4
+Class-Path: lib/fastjson-1.2.76.jar lib/guava-19.0.jar
+Main-Class: com.yhy.Main
+

.idea/uiDesigner.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<module type="JAVA_MODULE" version="4" />
+<module type="JAVA_MODULE" version="8" />

ExpDemo-JavaFX-1.3-jfx.jar renamed to ExpDemo-JavaFX-1.4-jfx.jar

@@ -1,5 +1,9 @@
 ## 更新
 
+### V1.4
+
+修复生成的jar文件，fofa查询时无反应（mvn生成jar时没有加载第三方包，添加MANIFEST.MF文件指定加载）
+
 ### V1.3
 
 1.  增加fofa查询模块，并且fofa高级会员可以通过输入icon的url，计算hash值，查询相同icon的网站

ExpDemo-JavaFX.iml

@@ -0,0 +1 @@
+[email protected]:fdbcccdbeb87421ce408ccdf868ce86b

README.md

@@ -7,11 +7,11 @@
   <groupId>com.yhy</groupId>
   <artifactId>ExpDemo-JavaFX</artifactId>
   <packaging>jar</packaging>
-  <version>1.3</version>
+  <version>1.4</version>
 
   <name>ExpDemo-JavaFX</name>
   <!-- FIXME change it to the project's website -->
-  <url>https://github.com/yhy0</url>
+  <url>https://github.com/yhy0/ExpDemo-JavaFX</url>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -35,18 +35,26 @@
       <artifactId>javafx-fxml</artifactId>
       <version>11.0.2</version>
     </dependency>
-    <dependency>
-      <groupId>org.json</groupId>
-      <artifactId>json</artifactId>
-      <version>20160212</version>
-    </dependency>
 
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
       <version>19.0</version>
     </dependency>
 
+
+    <dependency>
+      <groupId>com.alibaba</groupId>
+      <artifactId>fastjson</artifactId>
+      <version>1.2.76</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-core</artifactId>
+      <version>4.1.6.RELEASE</version>
+    </dependency>
+
   </dependencies>
 
   <build>

fofa.conf

@@ -1,5 +1,6 @@
 package com.yhy;
 
+import com.alibaba.fastjson.JSONObject;
 import com.google.common.hash.Hashing;
 import com.yhy.core.Constants;
 import com.yhy.core.ExploitInterface;
@@ -21,7 +22,6 @@
 import javafx.scene.input.ClipboardContent;
 import javafx.scene.layout.GridPane;
 import javafx.scene.layout.HBox;
-import javafx.scene.layout.Region;
 import javafx.scene.text.Text;
 import javafx.stage.FileChooser;
 import javafx.stage.Stage;
@@ -34,9 +34,7 @@
 import java.net.PasswordAuthentication;
 import java.net.Proxy;
 import java.nio.charset.StandardCharsets;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
+import java.util.*;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
@@ -484,7 +482,7 @@ public void get_execute_cmd() {
                 this.cmd_info.setText(result);
                 System.out.println(result);
             } catch (Exception var4) {
-                this.cmd_info.setText(var4.toString());
+                this.cmd_info.setText("error: " + var4.toString());
             }
 
         }
@@ -655,19 +653,19 @@ public void export() {
     @FXML
     // fofa 搜索
     public void fofa_search() {
+        String result = "";
+        try {
+            int page = (int) this.fofa_size.getValue();
 
-        int page = (int) this.fofa_size.getValue();
+            String fofa_info = this.fofa_info.getText();
 
-        String fofa_info = this.fofa_info.getText();
+            if(fofa_info.length() == 0) {
+                fofa_info = "app=\"Solr\"";
+            }
 
-        if(fofa_info.length() == 0) {
-            fofa_info = "app=\"Solr\"";
-        }
+            File file = new File(Constants.FOFAPATH);
 
-        String result = "";
 
-        File file = new File(Constants.FOFAPATH);
-        try {
             if (file.exists()) {
                 String values = Tools.read(Constants.FOFAPATH,"UTF-8", false).toString();
                 values = values.substring(1,values.length()-1);;
@@ -677,11 +675,20 @@ public void fofa_search() {
                 if(EmaliKey.length == 2) {
                     String email = EmaliKey[0];
                     String key = EmaliKey[1];
-                    result = Tools.fofaHTTP(email, key, fofa_info, page);
 
-                    String[] str = result.split("\r\n");
-                    for (String s:str) {
-                        fofa_result.add(s);
+
+                    String fResult = Tools.fofaHTTP(email, key, fofa_info, page, fofa_result_info);
+
+                    // 不清楚为啥生成的jar文件，这里json不能解析，也不报错，在IDEA中运行就可以
+                    JSONObject object = (JSONObject) JSONObject.parse(fResult);
+                    List<String> listStr = object.parseArray(object.getJSONArray("results").toJSONString(), String.class);
+
+                    for (String s:listStr) {
+                        s = s.replace("\"","").replace("\\r\\n","").replace("\\t","");
+                        String host = s.split(",", 2)[0].replace("[","");
+                        String title = s.split(",", 2)[1].replace("]","");
+                        result += host + "\t\t\t" + title + "\r\n";
+                        this.fofa_result.add(host);
                     }
 
                     this.proxyStatusLabel.setText("fofa查询完成");
@@ -693,23 +700,28 @@ public void fofa_search() {
                     alert.setContentText("fofa 配置错误\n");
 
                     alert.showAndWait();
+
+                    this.proxyStatusLabel.setText("asasdadas配置错误");
                 }
+            } else {
+                this.fofa_result_info.setText("fofa.conf文件没找到！！！！！\r\n");
             }
 
 
         } catch (Exception e) {
             e.printStackTrace();
             result = e.getStackTrace().toString();
+
         }
 
+        this.fofa_result_info.setText(result);
 
         fofa_check.setOnAction((e) -> {
             table_view(fofa_result);
             this.proxyStatusLabel.setText("批量检查完成，请到批量检查界面查看");
 
         });
 
-        this.fofa_result_info.setText(result);
 
     }
 
@@ -737,17 +749,10 @@ public void fofa_icon() {
 
 
         iconHash.setOnAction((e) -> {
-
             String ste = HttpTool.ImageToBase64ByOnline(iconUrlText.getText());
-
             int hashcode = Hashing.murmur3_32().hashString(ste.replaceAll("\r", "") + "\n", StandardCharsets.UTF_8).asInt();
-
             iconHashText.setText("icon_hash=\"" + hashcode + "\"");
 
-
-            System.out.println(ste);
-            System.out.println(hashcode);
-
         });
 
 

lib/fastjson-1.2.76.jar

@@ -1,8 +1,8 @@
 package com.yhy.core;
 
+import com.alibaba.fastjson.JSONObject;
 import com.yhy.tools.HttpTool;
 import com.yhy.tools.Tools;
-import org.json.JSONObject;
 
 import java.util.HashMap;
 import java.util.UUID;
@@ -71,9 +71,8 @@ public String exeCMD(String cmd, String encoding) throws Exception {
             String payload = String.format("{\"command\":\"run\",\"utilCmdArgs\":\"-c %s\"}", cmd);
             String result = HttpTool.postHttpReuest(path, payload, encoding, map, "application/json");
 
-            JSONObject jsonObj = new JSONObject(result);
-            result = jsonObj.getString("commandResult");
-
+            JSONObject object = JSONObject.parseObject(result);
+            result = object.getString("commandResult");
 
             return result + "\r\n 命令执行成功";
 

lib/guava-19.0.jar

@@ -9,15 +9,17 @@
 public class Constants {
     public static String NAME = "图形化漏洞利用Demo-JavaFx版";
 
-    public static String VERSION = "v1.3 ";
+    public static String VERSION = "v1.4 ";
 
     public static String AUTHOR = "yhy";
 
     public static String BASICINFO = "本工具提供给安全测试人员,安全工程师,进行安全自查使用,请勿非法使用\r\n\r\n" +
             "版本:     " + VERSION + "\r\n\r\n" +
             "Bug反馈:  https://github.com/yhy0/ExpDemo-JavaFX\r\n\r\n" +
+            "V1.4\r\n" +
+            "\t修复生成的jar文件，fofa查询时无反应（mvn生成jar时没有加载第三方包，添加MANIFEST.MF文件指定加载）\r\n" +
             "V1.3\r\n" +
-            "\t增加fofa查询功能\r\n" +
+            "\t增加fofa查询模块，并且fofa高级会员可以通过输入icon的url，计算hash值，查询相同icon的网站\r\n" +
             "V1.2\n" +
             "\t批量扫描模块，添加对存在漏洞的url导出功能\r\n" +
             "\t修改检测漏洞后的显示，存在、不存在、异常\r\n" +