Share
## https://sploitus.com/exploit?id=B74A7936-AD5F-53C0-9210-FF6A8885D033
# Java POC Scanner

A powerful graphical POC (Proof of Concept) scanner built with Java, designed to detect whether a target URL contains specific vulnerabilities. This tool loads POC files in YAML format, sends customized HTTP requests to the target system, and determines whether any vulnerabilities exist based on the response.

## Features

- **Intuitive Graphical Interface**: Provides three main tabs: Scanner, Scan Results, and POC Management, making operations easy.
- **POC Management**: Supports loading, adding, editing, and deleting YAML-based POC files from the local directory.
- **Multi-threaded Scanning**: Configurable thread count (1-50) to improve batch scanning efficiency.
- **Proxy Support**: Supports HTTP, HTTPS, and SOCKS proxies, with options to enable them as needed.
- **Flexible Matching Rules**: Supports three matching methods: "contains", "equals", and "regex".
- **Detailed Result Display**: Shows key data such as request/response information, vulnerability status, response time, SSL/TLS details, etc.
- **Configurable Parameters**: Supports custom timeout settings, proxy settings, and thread count.

## Technology Stack

- **Development Language**: Java 8+
- **Build Tool**: Maven
- **GUI Framework**: Swing
- **YAML Parsing**: SnakeYAML
- **HTTP Client**: OkHttp

## Project Structure

```
poc-scanner-gui/
β”œβ”€β”€ src/main/java/com/pocscanner/
β”‚ β”œβ”€β”€ Application.java # Application entry class
β”‚ β”œβ”€β”€ core/ # Core functionality modules
β”‚ β”‚ β”œβ”€β”€ POCEngine.java # POC execution engine, handles single POC logic
β”‚ β”‚ β”œβ”€β”€ POCLoader.java # POC loader, responsible for loading POC configurations from YAML files
β”‚ β”‚ β”œβ”€β”€ ScannerEngine.java # Scanning engine, manages multi-threaded scanning tasks
β”‚ β”‚ └── model/ # Data model definitions
β”‚ β”‚ β”œβ”€β”€ POCConfig.java # POC configuration model
β”‚ β”‚ β”œβ”€β”€ ScanRequest.java # Scan request model
β”‚ β”‚ └── ScanResult.java # Scan result model
β”‚ β”œβ”€β”€ gui/ # Graphical interface module
β”‚ β”‚ β”œβ”€β”€ MainFrame.java # Main window with three functional tabs
β”‚ β”‚ β”œβ”€β”€ POCManagerPanel.java # POC management panel for managing POC files
β”‚ β”‚ β”œβ”€β”€ ResultPanel.java # Result display panel, showing scan results
β”‚ β”‚ └── ScannerPanel.java # Scanner panel, for configuring and executing scans
β”‚ └── http/ # HTTP request module
β”‚ β”œβ”€β”€ HttpClient.java # HTTP client, encapsulated using OkHttp
β”‚ └── HttpResponse.java # HTTP response model
β”œβ”€β”€ pocs/ # Default POC file storage directory
β”‚ β”œβ”€β”€ test-contains-matching.yaml
β”‚ β”œβ”€β”€ test-equals-matching.yaml
β”‚ └── Test_Contains_Matching.yaml
β”œβ”€β”€ pom.xml # Maven project configuration file
└── README.md # Project description document

## Installation and Execution

### Prerequisites

- JDK 8 or higher
- Maven 3.6.0 or higher

### Building the Project

1. Clone or download the project code to your local machine.
2. Open a command-line tool and enter the project root directory.
3. Execute the following command to build the project:

```bash
mvn clean package
```

### Running the Application

After building successfully, you can run the application in two ways:

**Method 1: Using Maven**

```bash
mvn exec:java
```

**Method 2: Running the JAR File Directly**

```bash
java -jar target/poc-scanner-gui-1.0-SNAPSHOT.jar
```

## Usage Instructions

### 1. Loading POC Files

- Switch to the "POC Management" tab.
- The POC files in the `./pocs` directory will be loaded by default.
- To change the POC directory, click the "Browse" button to select a new directory, then click "Refresh".
- After loading, the POC list will be displayed in a table.

### 2. Configuring Scan Parameters

- Switch to the "Scanner" tab.
- Enter the target URL to be scanned in the "Target URL" field.
- Confirm the POC file directory in the "POC Directory" field.

### Optional Configurations 
- Set up a proxy server (type, host, port) 
- Adjust the number of threads (controlled via a slider, range 1-50) 

### 3. Execute the Scanning 
- Click the β€œStart Scan” button to initiate the scan 
- During the scan, the log area will display real-time scan status 
- The progress bar shows the current scanning progress 

### 4. View Scan Results 
- Switch to the β€œScan Results” tab 
- A table displays an overview of the scan results for all POCs 
- Click on any row in the table, and detailed information about that scan will be displayed, including: 
 - Request details (URL, method, request headers, request body) 
 - Response details (status code, response headers, response body) 
 - Vulnerability status and matching evidence 

## POC File Format 
POC files use YAML format, following this structure: 
```yaml
name: POC Name # Unique identifier for the POC 
description: POC Description # Detailed description of the POC 
level: Vulnerability Level #:Low/Medium/High/Serious 
author: Author # Information about the POC author 
request: 
 method: HTTP Method #:GET/POST/PUT/DELETE 
 path: Request Path # Path part of the target URL 
 headers: # Optional, HTTP request headers 
 User-Agent: Mozilla/5.0... Content-Type: application/json 
 body: Request Body # Optional, applicable for methods like POST 
 params: # Optional, URL query parameters 
 id: 1 
 type: test 
response: 
 matchType: Matching Type # contains, equals, or regex 
 successIndicators: # List of successfully matched strings 
 - "Keyword1" 
 - "Keyword2" 
 errorIndicators: # List of failed matches 
 - "Error Message1" 
 statusCode: Expected HTTP Status Code #:200/404/500 
``` 

## Example POC 
```yaml
name: Test Containing Matches 
description: Example POC testing matching rules 
level: Medium 
author: Test 
request: 
 method: GET 
 path: /test-contains 
response: 
 matchType: contains 
 successIndicators: 
 - "partial" 
 - "content" 
 errorIndicators: 
 - "not found" 
 statusCode: 200 
``` 

## How It Works 
1. **POC Loading**: The POC configuration is loaded from YAML files using the `POCLoader` class, supporting UTF-8 and GBK encoding. 
2. **Scan Preparation**: Scan parameters are configured in the `ScannerPanel`, and `ScanRequest` objects are created. 
3. **Task Distribution**: The `ScannerEngine` creates a thread pool to assign scan tasks to each POC. 
4. **POC Execution**: The `POCEngine` constructs HTTP requests based on the POC configuration and sends them using `HttpClient`. 
5. **Result Matching**: The response content is checked against the matching rules defined in the POC (contains/equals/regex) to determine if the vulnerability is detected. 
6. **Result Display**: Scan results are displayed in the `ResultPanel`, including vulnerability status, request/response details, and SSL/TLS information. 

## Notes 
1. **Legality**: This tool is only used for legal security testing and authorized vulnerability assessments. Do not use it on unauthorized systems. 
2. **Performance**: When scanning large numbers of targets or multiple POCs, it’s recommended to set the number of threads appropriately to avoid system resource exhaustion. 
3. **Accuracy**: Scan results are for reference only. It’s recommended to manually verify positive results. 
4. **Directory Configuration**: The default POC directory is `./pocs`. If you need to modify it, please configure it on the scanner page. 

## Development Notes 
### Adding New Features 
1. Core feature extensions: Implement new functionality in the `core` package. 
2. GUI Component Addition: Create or modify GUI components in the `gui` package. 
3. HTTP Request Enhancements: Expand HTTP request-related features in the `http` package. 
4. Data Model Updates: Add new data structures in the `model` package. 

### Building and Testing 
```bash
mvn clean test # Run unit tests 
mvn clean package # Build the project 
``` 

## Areas for Improvement 
1. SSL certificate verification switch (currently requires code modification). 
2. Batch target scanning functionality. 
3. Export of scan results. 
4. Scheduled scan tasks. 
5. Support for more matching rules.