更新SQLMap和Nmap的实现逻辑，2种模式可选

src/burp/RobotInput.java

@@ -188,7 +188,7 @@ public final String getSelectedString(){
 
 			String selectedString = (String)clip.getData(DataFlavor.stringFlavor);
 			System.out.println("复制之前剪切板中的内容："+selectedString);
-			
+
 			inputWithCtrl(KeyEvent.VK_C);
 			final String result = (String)clip.getData(DataFlavor.stringFlavor);
 			//selectedString = (String)clip.getData(DataFlavor.stringFlavor);
@@ -203,10 +203,10 @@ public final String getSelectedString(){
 			e.printStackTrace();
 		}
 		return "";
-//		复制之前剪切板中的内容：printStackTrace
-//		复制之后剪切板中的内容：null
-//		恢复之后剪切板中的内容：printStackTrace
-//		printStackTrace//最后的值随着剪切板的恢复而改变了，应该是引用传递的原因。所有需要将复制后的值设置为final。
+		//		复制之前剪切板中的内容：printStackTrace
+		//		复制之后剪切板中的内容：null
+		//		恢复之后剪切板中的内容：printStackTrace
+		//		printStackTrace//最后的值随着剪切板的恢复而改变了，应该是引用传递的原因。所有需要将复制后的值设置为final。
 	}
 
 	//单个 按键
@@ -239,4 +239,13 @@ public static void startCmdConsole() {
 			e.printStackTrace();
 		}
 	}
+
+	/*
+	 * parserPath --- python.exe java.exe ....
+	 * executerPath --- sqlmap.py nmap.exe ....
+	 * parameters ---- -v -A -r xxx.file .....
+	 */
+	public static String genCmd(String parserPath,String executerPath, String parameter) {
+		return burp.TerminalExec.genCmd(parserPath, executerPath, parameter);
+	}
 }

src/burp/TerminalExec.java

@@ -0,0 +1,198 @@
+package burp;
+
+import java.awt.Toolkit;
+import java.awt.datatransfer.Clipboard;
+import java.awt.datatransfer.StringSelection;
+import java.io.File;
+import java.io.IOException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+
+import org.apache.commons.io.FileUtils;
+
+/*
+ * 在系统terminal中执行命令，实现思路：
+ * 1、将命令写入bat文件
+ * 2、通过执行bat文件执行命令
+ */
+public class TerminalExec {
+
+	String workdir;
+	String cmdContent;
+	String FullBatchFilePath;
+
+	public String getWorkdir() {
+		return workdir;
+	}
+
+	public void setWorkdir(String workdir) {
+		this.workdir = workdir;
+	}
+
+	public String getCmdContent() {
+		return cmdContent;
+	}
+
+	public void setCmdContent(String cmdContent) {
+		this.cmdContent = cmdContent;
+	}
+
+	public String getFullBatchFilePath() {
+		return FullBatchFilePath;
+	}
+
+	public void setFullBatchFilePath(String fullBatchFilePath) {
+		FullBatchFilePath = fullBatchFilePath;
+	}
+
+	/*
+	 * workdir --the dir of batch file
+	 *  
+	 */
+	public TerminalExec(String workdir, String batchFileName,String parserPath,String executerPath, String parameter){
+		if (workdir == null) {
+			workdir = (String) System.getProperties().get("java.io.tmpdir");
+		}
+		cmdContent = changeDirCommand(workdir);
+		cmdContent = cmdContent +genCmd(parserPath,executerPath,parameter);
+		FullBatchFilePath = genBatchFile(cmdContent,batchFileName);
+	}
+
+	public void run() {
+		executeBatchFile(FullBatchFilePath);
+	}
+
+	/*
+	 * 通知执行bat文件来执行命令
+	 */
+	public static Process executeBatchFile(String batfilepath) {
+		String command = "";
+		if (Utils.isWindows()) {
+			command="cmd /c start " + batfilepath;
+		} else {
+			if (new File("/bin/sh").exists()) {
+				command="/bin/sh " + batfilepath;
+			}
+			else if (new File("/bin/bash").exists()) {
+				command="/bin/bash " + batfilepath;
+			}
+		}
+		try {
+			Process process = Runtime.getRuntime().exec(command);
+			return process;
+		} catch (IOException e) {
+			e.printStackTrace();
+			return null;
+		}
+	}
+
+	public String genBatchFile(String cmdContent, String batchFileName) {
+		try {
+			//将命令写入剪切板
+			Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();
+			StringSelection selection = new StringSelection(cmdContent);
+			clipboard.setContents(selection, null);
+
+			if (batchFileName == null || batchFileName.trim().equals("")) {
+				SimpleDateFormat simpleDateFormat = new SimpleDateFormat("MMdd-HHmmss");
+				String timeString = simpleDateFormat.format(new Date());
+				batchFileName = timeString+".bat";
+			}else if(!batchFileName.endsWith(".bat") && !batchFileName.endsWith(".cmd")) {
+				batchFileName = batchFileName+".bat";
+			}
+
+			File batFile = new File(workdir,batchFileName);
+			if (!batFile.exists()) {
+				batFile.createNewFile();
+			}
+
+			FileUtils.writeByteArrayToFile(batFile, cmdContent.getBytes());
+			return batFile.getAbsolutePath();
+		} catch (IOException e) {
+			e.printStackTrace();
+			return null;
+		}
+	}
+
+	/*
+	 * 切换工作目录
+	 */
+	public String changeDirCommand(String dir){
+		//运行命令的工作目录，work path
+		String command = "cd "+dir+System.lineSeparator();
+
+		if (Utils.isWindows()) {//如果是windows，还要注意不同磁盘的切换
+			String diskString = dir.split(":")[0];
+			command =command+ diskString+":"+System.lineSeparator();
+		}
+		return command;
+	}
+
+	/*
+	 * parserPath --- python.exe java.exe ....
+	 * executerPath --- sqlmap.py nmap.exe ....
+	 * parameters ---- -v -A -r xxx.file .....
+	 */
+	public static String genCmd(String parserPath,String executerPath, String parameter) {
+		StringBuilder command = new StringBuilder();
+
+		if ((parserPath != null && new File(parserPath).exists() && new File(parserPath).isFile())
+				|| isInEnvironmentPath(parserPath)){
+
+			if (parserPath.contains(" ")) {
+				parserPath = "\""+parserPath+"\"";//如果路径中包含空格，需要引号
+			}
+			command.append(parserPath);
+			command.append(" ");
+		}
+
+		if ((executerPath != null && new File(executerPath).exists() && new File(executerPath).isFile())
+			|| isInEnvironmentPath(executerPath)){
+
+			if (executerPath.contains(" ")) {
+				executerPath = "\""+executerPath+"\"";//如果路径中包含空格，需要引号
+			}
+
+			command.append(executerPath);
+			command.append(" ");
+		}
+
+		if (parameter != null && !parameter.equals("")) {
+			command.append(parameter);
+		}
+		command.append(System.lineSeparator());
+		return command.toString();
+	}
+
+	/*
+	 * 判断某个文件是否在环境变量中
+	 */
+	public static boolean isInEnvironmentPath(String filename) {
+		if (filename == null) {
+			return false;
+		}
+		String pathvalue = System.getenv().get("Path");
+//		System.out.println(pathvalue);
+		String[] items = pathvalue.split(";");
+		for (String item:items) {
+			File tmpPath = new File(item);
+			if (tmpPath.isDirectory()) {
+//				System.out.println(Arrays.asList(tmpPath.listFiles()));
+				File fullpath = new File(item,filename);
+				if (Arrays.asList(tmpPath.listFiles()).contains(fullpath)) {
+					return true;
+				}else {
+					continue;
+				}
+			}
+		}
+		return false;
+	}
+
+	public static void main(String[] args) {
+		System.out.println(isInEnvironmentPath("nmap.exe"));
+		TerminalExec xxx = new TerminalExec(null,"nmap-test.bat",null,"nmap.exe","-v -A www.baidu.com");
+		xxx.run();
+	}
+}

src/config/ConfigTableModel.java

@@ -36,6 +36,7 @@ public ConfigTableModel(){
 		configEntries.add(new ConfigEntry("SQLMap-Options","--risk=3 --level=3",ConfigEntry.Config_Basic_Variable,true,false));
 
 		configEntries.add(new ConfigEntry("Nmap-File-Path","D:\\Program Files (x86)\\Nmap\\nmap.exe",ConfigEntry.Config_Basic_Variable,true,false));
+		configEntries.add(new ConfigEntry("RunTerminalWithRobotInput","enable",ConfigEntry.Config_Basic_Variable,true,false,"this config effect sqlmap and nmap"));
 
 		configEntries.add(new ConfigEntry("Chunked-Length", "10",ConfigEntry.Config_Chunked_Variable,true,false));
 		configEntries.add(new ConfigEntry("Chunked-AutoEnable", "",ConfigEntry.Config_Chunked_Variable,false,false));

src/config/GUI.java

@@ -58,7 +58,7 @@ public class GUI extends JFrame {
 	protected JScrollPane configPanel;
 	private SortOrder sortedMethod;
 	public ConfigTable table;//create in burpextender.java
-	public ConfigTableModel tableModel;//create in burpextender.java
+	public static ConfigTableModel tableModel;//create in burpextender.java
 	private JButton RemoveButton;
 	private JButton AddButton;
 	private JSplitPane TargetSplitPane;

src/knife/DoPortScanMenu.java

@@ -1,28 +1,20 @@
 package knife;
 
-import java.awt.Robot;
-import java.awt.Toolkit;
-import java.awt.datatransfer.Clipboard;
-import java.awt.datatransfer.StringSelection;
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
-import java.io.File;
-import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.HashSet;
 import java.util.Set;
 
 import javax.swing.JMenuItem;
 
-import org.apache.commons.io.FileUtils;
-
 import burp.BurpExtender;
 import burp.IBurpExtenderCallbacks;
 import burp.IContextMenuInvocation;
 import burp.IExtensionHelpers;
 import burp.IHttpRequestResponse;
 import burp.RobotInput;
-import burp.Utils;
+import burp.TerminalExec;
 
 
 public class DoPortScanMenu extends JMenuItem {
@@ -33,15 +25,15 @@ public class DoPortScanMenu extends JMenuItem {
 
 	//JMenuItem vs. JMenu
 	public DoPortScanMenu(BurpExtender burp){
-		this.setText("^_^ Do Port Scan");
+		this.setText("^_^ Run Nmap");
 		this.addActionListener(new DoPortScan_Action(burp,burp.invocation));
 	}
 }
 
 class DoPortScan_Action implements ActionListener{
 
 	private IContextMenuInvocation invocation;
-    public BurpExtender myburp;
+	public BurpExtender myburp;
 	public IExtensionHelpers helpers;
 	public PrintWriter stdout;
 	public PrintWriter stderr;
@@ -51,52 +43,50 @@ class DoPortScan_Action implements ActionListener{
 	public DoPortScan_Action(BurpExtender burp,IContextMenuInvocation invocation) {
 		this.invocation  = invocation;
 		this.burp = burp;
-        this.helpers = burp.helpers;
-        this.callbacks = burp.callbacks;
-        this.stderr = burp.stderr;
+		this.helpers = burp.helpers;
+		this.callbacks = burp.callbacks;
+		this.stderr = burp.stderr;
 	}
 
-	
+
 	@Override
 	public void actionPerformed(ActionEvent actionEvent) {
 		try{
+			boolean useRobot = (BurpExtender.tableModel.getConfigValueByKey("RunTerminalWithRobotInput") != null);
+			if (useRobot) {
+				RobotInput.startCmdConsole();//尽早启动减少出错概率
+			}
+
 			IHttpRequestResponse[] messages = invocation.getSelectedMessages();
 			Set<String> hosts = new HashSet<String>();
-
-        	for(IHttpRequestResponse message:messages) {
-        		String host = message.getHttpService().getHost();
-        		hosts.add(host);
-			}
-
-        	RobotInput ri = new RobotInput();
-        	for(String host:hosts) {
-        		RobotInput.startCmdConsole();
-				String command = genNmapCmd(host);
-				ri.inputString(command);
 
+			for(IHttpRequestResponse message:messages) {
+				String host = message.getHttpService().getHost();
+				hosts.add(host);
 			}
 
+			String nmapPath = burp.tableModel.getConfigValueByKey("Nmap-File-Path");
+			if (nmapPath ==null || nmapPath.trim().equals("")) {
+				nmapPath = "nmap.exe";
+			}
+			RobotInput ri = new RobotInput();
+			for(String host:hosts) {
+				if (useRobot) {
+					//RobotInput.startCmdConsole();
+					String command = RobotInput.genCmd(null,nmapPath,"-v -A -p 1-65535 "+host.trim());
+					ri.inputString(command);
+				}else {
+					TerminalExec exec = new TerminalExec(null,"nmap-knife.bat",null,nmapPath,"-v -A -p 1-65535 "+host.trim());
+					exec.run();
+				}
+			}
 		}
 		catch (Exception e1)
 		{
 			e1.printStackTrace(BurpExtender.getStderr());
 		}
 	}
-
-	public String genNmapCmd(String host) {
-			String nmapPath = burp.tableModel.getConfigValueByKey("Nmap-File-Path");
-			if (nmapPath ==null || nmapPath.trim().equals("")) {
-				nmapPath = "nmap";
-			}else if (nmapPath.contains(" ")) {//如果路径中包含空格，需要引号
-				nmapPath = "\""+nmapPath+"\"";
-			}
-
-			String command = nmapPath+" -v -A -p 1-65535 "+host.trim()+System.lineSeparator();
-			return command;
-	}
-
 
-
 	public static void main(String[] args){
 	}
 }