## https://sploitus.com/exploit?id=B74A7936-AD5F-53C0-9210-FF6A8885D033
# Java POC Scanner
A powerful graphical POC (Proof of Concept) scanner built with Java, designed to detect whether a target URL contains specific vulnerabilities. This tool loads POC files in YAML format, sends customized HTTP requests to the target system, and determines whether any vulnerabilities exist based on the response.
## Features
- **Intuitive Graphical Interface**: Provides three main tabs: Scanner, Scan Results, and POC Management, making operations easy.
- **POC Management**: Supports loading, adding, editing, and deleting YAML-based POC files from the local directory.
- **Multi-threaded Scanning**: Configurable thread count (1-50) to improve batch scanning efficiency.
- **Proxy Support**: Supports HTTP, HTTPS, and SOCKS proxies, with options to enable them as needed.
- **Flexible Matching Rules**: Supports three matching methods: "contains", "equals", and "regex".
- **Detailed Result Display**: Shows key data such as request/response information, vulnerability status, response time, SSL/TLS details, etc.
- **Configurable Parameters**: Supports custom timeout settings, proxy settings, and thread count.
## Technology Stack
- **Development Language**: Java 8+
- **Build Tool**: Maven
- **GUI Framework**: Swing
- **YAML Parsing**: SnakeYAML
- **HTTP Client**: OkHttp
## Project Structure
```
poc-scanner-gui/
βββ src/main/java/com/pocscanner/
β βββ Application.java # Application entry class
β βββ core/ # Core functionality modules
β β βββ POCEngine.java # POC execution engine, handles single POC logic
β β βββ POCLoader.java # POC loader, responsible for loading POC configurations from YAML files
β β βββ ScannerEngine.java # Scanning engine, manages multi-threaded scanning tasks
β β βββ model/ # Data model definitions
β β βββ POCConfig.java # POC configuration model
β β βββ ScanRequest.java # Scan request model
β β βββ ScanResult.java # Scan result model
β βββ gui/ # Graphical interface module
β β βββ MainFrame.java # Main window with three functional tabs
β β βββ POCManagerPanel.java # POC management panel for managing POC files
β β βββ ResultPanel.java # Result display panel, showing scan results
β β βββ ScannerPanel.java # Scanner panel, for configuring and executing scans
β βββ http/ # HTTP request module
β βββ HttpClient.java # HTTP client, encapsulated using OkHttp
β βββ HttpResponse.java # HTTP response model
βββ pocs/ # Default POC file storage directory
β βββ test-contains-matching.yaml
β βββ test-equals-matching.yaml
β βββ Test_Contains_Matching.yaml
βββ pom.xml # Maven project configuration file
βββ README.md # Project description document
## Installation and Execution
### Prerequisites
- JDK 8 or higher
- Maven 3.6.0 or higher
### Building the Project
1. Clone or download the project code to your local machine.
2. Open a command-line tool and enter the project root directory.
3. Execute the following command to build the project:
```bash
mvn clean package
```
### Running the Application
After building successfully, you can run the application in two ways:
**Method 1: Using Maven**
```bash
mvn exec:java
```
**Method 2: Running the JAR File Directly**
```bash
java -jar target/poc-scanner-gui-1.0-SNAPSHOT.jar
```
## Usage Instructions
### 1. Loading POC Files
- Switch to the "POC Management" tab.
- The POC files in the `./pocs` directory will be loaded by default.
- To change the POC directory, click the "Browse" button to select a new directory, then click "Refresh".
- After loading, the POC list will be displayed in a table.
### 2. Configuring Scan Parameters
- Switch to the "Scanner" tab.
- Enter the target URL to be scanned in the "Target URL" field.
- Confirm the POC file directory in the "POC Directory" field.
### Optional Configurations
- Set up a proxy server (type, host, port)
- Adjust the number of threads (controlled via a slider, range 1-50)
### 3. Execute the Scanning
- Click the βStart Scanβ button to initiate the scan
- During the scan, the log area will display real-time scan status
- The progress bar shows the current scanning progress
### 4. View Scan Results
- Switch to the βScan Resultsβ tab
- A table displays an overview of the scan results for all POCs
- Click on any row in the table, and detailed information about that scan will be displayed, including:
- Request details (URL, method, request headers, request body)
- Response details (status code, response headers, response body)
- Vulnerability status and matching evidence
## POC File Format
POC files use YAML format, following this structure:
```yaml
name: POC Name # Unique identifier for the POC
description: POC Description # Detailed description of the POC
level: Vulnerability Level #οΌLow/Medium/High/Serious
author: Author # Information about the POC author
request:
method: HTTP Method #οΌGET/POST/PUT/DELETE
path: Request Path # Path part of the target URL
headers: # Optional, HTTP request headers
User-Agent: Mozilla/5.0... Content-Type: application/json
body: Request Body # Optional, applicable for methods like POST
params: # Optional, URL query parameters
id: 1
type: test
response:
matchType: Matching Type # contains, equals, or regex
successIndicators: # List of successfully matched strings
- "Keyword1"
- "Keyword2"
errorIndicators: # List of failed matches
- "Error Message1"
statusCode: Expected HTTP Status Code #οΌ200/404/500
```
## Example POC
```yaml
name: Test Containing Matches
description: Example POC testing matching rules
level: Medium
author: Test
request:
method: GET
path: /test-contains
response:
matchType: contains
successIndicators:
- "partial"
- "content"
errorIndicators:
- "not found"
statusCode: 200
```
## How It Works
1. **POC Loading**: The POC configuration is loaded from YAML files using the `POCLoader` class, supporting UTF-8 and GBK encoding.
2. **Scan Preparation**: Scan parameters are configured in the `ScannerPanel`, and `ScanRequest` objects are created.
3. **Task Distribution**: The `ScannerEngine` creates a thread pool to assign scan tasks to each POC.
4. **POC Execution**: The `POCEngine` constructs HTTP requests based on the POC configuration and sends them using `HttpClient`.
5. **Result Matching**: The response content is checked against the matching rules defined in the POC (contains/equals/regex) to determine if the vulnerability is detected.
6. **Result Display**: Scan results are displayed in the `ResultPanel`, including vulnerability status, request/response details, and SSL/TLS information.
## Notes
1. **Legality**: This tool is only used for legal security testing and authorized vulnerability assessments. Do not use it on unauthorized systems.
2. **Performance**: When scanning large numbers of targets or multiple POCs, itβs recommended to set the number of threads appropriately to avoid system resource exhaustion.
3. **Accuracy**: Scan results are for reference only. Itβs recommended to manually verify positive results.
4. **Directory Configuration**: The default POC directory is `./pocs`. If you need to modify it, please configure it on the scanner page.
## Development Notes
### Adding New Features
1. Core feature extensions: Implement new functionality in the `core` package.
2. GUI Component Addition: Create or modify GUI components in the `gui` package.
3. HTTP Request Enhancements: Expand HTTP request-related features in the `http` package.
4. Data Model Updates: Add new data structures in the `model` package.
### Building and Testing
```bash
mvn clean test # Run unit tests
mvn clean package # Build the project
```
## Areas for Improvement
1. SSL certificate verification switch (currently requires code modification).
2. Batch target scanning functionality.
3. Export of scan results.
4. Scheduled scan tasks.
5. Support for more matching rules.