信息收集工具 JavaWebInfo

admin 2023年5月31日11:06:45评论26 views字数 4331阅读14分26秒阅读模式

===================================

免责声明

 

请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。工具来自网络,安全性自测,如有侵权请联系删除。
一个jsp脚本,用于搜集javaweb中的所有servlet、filter和springmvc的controller。可用来代码审计。

0x02 安装与使用

界面展示

信息收集工具  JavaWebInfo

0x03 项目链接下载

https://github.com/jdr2021/JavaWebInfo

 

jsp文件内容

 

<%@ page import="javax.servlet.ServletContext" %>
<%@ page import="org.springframework.context.ApplicationContext" %>
<%@ page import="org.springframework.web.context.support.WebApplicationContextUtils" %>
<%@ page import="javax.ws.rs.Path" %>
<%@ page import="org.springframework.web.bind.annotation.RequestMapping" %>
<%@ page import="java.lang.reflect.Method" %>
<%@ page import="java.util.Map" %>
<%@ page import="javax.servlet.FilterRegistration" %>
<%@ page import="java.util.Collection" %>
<%@ page import="java.util.Map" %>
<!DOCTYPE html>
<html>
<head>
    <title>Controller 、Servlet and Filter</title>
    <style>
        table {
            border-collapse: collapse;
            width: 100%;
        }

        th, td {
            text-align: left;
            padding: 8px;
        }

        tr:nth-child(even) {
            background-color: #f2f2f2;
        }
    </style>
</head>
<body>
<%
    ServletContext servletContext = request.getServletContext();
    ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(servletContext);
    String contextPath = request.getContextPath();
    out.println("<table>");
    out.println("<tr>");
    out.println("<th>Type</th>");
    out.println("<th>Name</th>");
    out.println("<th>Class</th>");
    out.println("<th>URL</th>");
    out.println("</tr>");
    // Servlet mappings
    Map<String, ? extends ServletRegistration> servletRegistrations = servletContext.getServletRegistrations();
    Collection<? extends ServletRegistration> servlets = servletRegistrations.values();

    for (ServletRegistration registration : servlets) {
        String servletName = registration.getName();
        Collection<String> urlPatterns = registration.getMappings();
        String servletClass = registration.getClassName();

        out.println("<tr>");
        out.println("<td>Servlet</td>");
        out.println("<td>" + servletName + "</td>");
        out.println("<td>" + servletClass + "</td>");
        out.println("<td>");
        for (String urlPattern : urlPatterns) {
            if (!urlPattern.startsWith("/")) {
                urlPattern = "/" + urlPattern;
            }
            out.println(contextPath + urlPattern + "<br>");
        }
        out.println("</td>");
        out.println("</tr>");
    }
    // Filter mappings
    Map<String, ? extends FilterRegistration> filterRegistrations = servletContext.getFilterRegistrations();
    Collection<? extends FilterRegistration> filters = filterRegistrations.values();
    for (FilterRegistration registration : filters) {
        String filterName = registration.getName();
        Collection<String> urlPatterns = registration.getUrlPatternMappings();
        String filterClass = registration.getClassName();

        out.println("<tr>");
        out.println("<td>Filter</td>");
        out.println("<td>" + filterName + "</td>");
        out.println("<td>" + filterClass + "</td>");
        out.println("<td>");
        for (String urlPattern : urlPatterns) {
            if (!urlPattern.startsWith("/")) {
                urlPattern = "/" + urlPattern;
            }
            out.println(contextPath + urlPattern + "<br>");
        }
        out.println("</td>");
        out.println("</tr>");
    }
    if (applicationContext != null) {
        Map<String, Object> controllerBeans = applicationContext.getBeansOfType(Object.class);

        for (Object controllerBean : controllerBeans.values()) {
            Class<?> clazz = controllerBean.getClass();
            Class<?> currentClass = clazz;
            while (currentClass != null) {
                Method[] methods = currentClass.getDeclaredMethods();
                for (Method method : methods) {
                    /*
                     *获取通过@Path注解注册的路由
                     *获取通过@RequestMapping注解注册的路由
                     */
                    if (method.isAnnotationPresent(Path.class)) {
                        Path classPathAnnotation = currentClass.getAnnotation(Path.class);
                        Path methodPathAnnotation = method.getAnnotation(Path.class);

                        String classPath = classPathAnnotation.value();
                        String methodPath = methodPathAnnotation.value();

                        String url = contextPath + classPath + methodPath;
                        out.println("<tr>");
                        out.println("<td>Controller</td>");
                        out.println("<td>" + currentClass.getSimpleName() + "</td>");
                        out.println("<td>" + currentClass + "</td>");
                        out.println("<td>" + url + "</td>");
                        out.println("</tr>");
                    } else if (method.isAnnotationPresent(RequestMapping.class)) {
                        RequestMapping requestMappingAnnotation = method.getAnnotation(RequestMapping.class);
                        String[] values = requestMappingAnnotation.value();
                        for (String value : values) {
                            String url = contextPath + value;
                            out.println("<tr>");
                            out.println("<td>Controller</td>");
                            out.println("<td>" + currentClass.getSimpleName() + "</td>");
                            out.println("<td>" + currentClass.getName() + "</td>");
                            out.println("<td>" + url + "</td>");
                            out.println("</tr>");
                        }
                    }
                }
                currentClass = currentClass.getSuperclass();
            }
        }
    } else {
        out.println("<p>Application context is null.</p>");
    }
    out.println("</table>");
%>
</body>

 

 

 

信息收集工具  JavaWebInfo

 

原文始发于微信公众号(网络安全者):信息收集工具 -- JavaWebInfo

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年5月31日11:06:45
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   信息收集工具 JavaWebInfohttps://cn-sec.com/archives/1777106.html

发表评论

匿名网友 填写信息