申明:本次测试只作为学习用处,请勿未授权进行渗透测试,切勿用于其它用途!
公众号现在只对常读和星标的公众号才展示大图推送,
建议大家把 明暗安全
设为星标,否则可能就看不到啦!
但是感觉在线版的不太方便,索性做一个小工具。
首先下载scenebuilder
https://gluonhq.com/
2. idea里导入path
setting-->搜索javafx
3. 新建javafx项目
如果配置正确,就能在idea里打开可视化工具。
4. 绘制自己想要的格式,并给文本框添加属性。 为什么要给文本添加 因为在文本里输入数据,需要获取文本里的数据进行处理。
5. 为按钮添加事件。
为什么要添加事件,为了方便执行点击按钮的操作。如果看不懂,百度翻译即可
6. 生成java代码。
代码很简单,是自己配置的东西,两个text属性,一个点击事件。剩下代码在点击事件里写就行。
关键代码如下:
获取text的数据(小框)修改格式输出到文本里
void google(MouseEvent event) {
String website = text.getText().trim();
StringBuilder stringBuilder = new StringBuilder();
String[] queries = new String[]{
"敏感信息搜索", "site:qq.com ( \"默认密码\" OR \"学号\" OR \"工号\")",
"后台接口和敏感信息探测", "site:qq.com (inurl:login OR inurl:admin OR inurl:index OR inurl:登录) OR (inurl:config | inurl:env | inurl:setting | inurl:backup | inurl:admin | inurl:php)",
"查找暴露的特殊文件", "site:qq.com filetype:txt OR filetype:xls OR filetype:xlsx OR filetype:doc OR filetype:docx OR filetype:pdf",
"已公开的 XSS 和重定向漏洞", "site:openbugbounty.org inurl:reports intext:\"qq.com\"",
"常见的敏感文件扩展", "site:qq.com ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess",
"XSS 漏洞倾向参数", "inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:qq.com",
"重定向漏洞倾向参数", "inurl:url= | inurl:return= | inurl:next= | inurl:redirect= | inurl:redir= | inurl:ret= | inurl:r2= | inurl:page= inurl:& inurl:http site:qq.com",
"SQL 注入倾向参数", "inurl:id= | inurl:pid= | inurl:category= | inurl:cat= | inurl:action= | inurl:sid= | inurl:dir= inurl:& site:qq.com",
"SSRF 漏洞倾向参数", "inurl:http | inurl:url= | inurl:path= | inurl:dest= | inurl:html= | inurl:data= | inurl:domain= | inurl:page= inurl:& site:qq.com",
"本地文件包含(LFI)倾向参数", "inurl:include | inurl:dir | inurl:detail= | inurl:file= | inurl:folder= | inurl:inc= | inurl:locate= | inurl:doc= | inurl:conf= inurl:& site:qq.com",
"远程命令执行(RCE)倾向参数", "inurl:cmd | inurl:exec= | inurl:query= | inurl:code= | inurl:do= | inurl:run= | inurl:read= | inurl:ping= inurl:& site:qq.com",
"敏感参数", "inurl:email= | inurl:phone= | inurl:password= | inurl:secret= inurl:& site:qq.com",
"API 文档", "inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:qq.com",
"代码泄露", "site:pastebin.com \"qq.com\"",
"云存储", "site:s3.amazonaws.com \"qq.com\"",
"JFrog Artifactory", "site:jfrog.io \"qq.com\"",
"Firebase", "site:firebaseio.com \"qq.com\"",
"文件上传端点", "site:qq.com \"choose file\"",
"漏洞赏金和漏洞披露程序", "\"submit vulnerability report\" | \"powered by bugcrowd\" | \"powered by hackerone\" site:*/security.txt \"bounty\"",
"暴露的 Apache 服务器状态", "site:*/server-status apache",
"WordPress", "inurl:/wp-admin/admin-ajax.php"
};
for (int i = 0; i < queries.length; i += 2) {
stringBuilder.append(queries[i])
.append(":\n")
.append(queries[i + 1])
.append("\n\n");
}
text1.setText(stringBuilder.toString());
}
7. 打包为jar
8. 输出到了指定目录,运行如下:
成品关注公众号回复:google工具 获取
往期精彩推荐
1.本文已收录在明暗官方网站:http://www.php1nf0.top/