Utilities

Go调用ChatGPT API

func chatGPT() {
	apiKey := "YourAPIkey"
	apiEndpoint := "https://api.openai.com/v1/engines/gpt-3.5-turbo/completions"

	data := `{
		"prompt": "你好这是一个用来测试API的信息",
		"max_tokens": 50
	}`

	req, err := http.NewRequest("POST", apiEndpoint, bytes.NewBuffer([]byte(data)))
	if err != nil {
		fmt.Println("Error creating request:", err)
		return
	}

	req.Header.Set("Content-Type", "application/json")
	req.Header.Set("Authorization", "Bearer "+apiKey)

	client := &http.Client{}
	resp, err := client.Do(req)
	if err != nil {
		fmt.Println("Error sending request:", err)
		return
	}
	defer resp.Body.Close()

	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		fmt.Println("Error reading response body:", err)
		return
	}

	fmt.Println("API Response:", string(body))
}

从request获取参数

Enumeration paramNames = request.getParameterNames();
while (paramNames.hasMoreElements()) {
    String name = (String) paramNames.nextElement();
    String value = request.getParameter(name);
    //...在这里处理参数...
}

SSRF

通过域名解析IP地址

//通过域名解析IP地址
   public static String[] resolveDomain(String domain) {
       try {
           InetAddress[] addresses = InetAddress.getAllByName(domain);
           String[] ips = Arrays.stream(addresses).map(InetAddress::getHostAddress).toArray(String[]::new);
           return ips;
       } catch (UnknownHostException e) {
           e.printStackTrace();
           return new String[0];
       }
   }

将IP转换成长整形

public static long ip2long(String ip) throws UnknownHostException {
    InetAddress ipAddress = InetAddress.getByName(ip);
    byte[] bytes = ipAddress.getAddress();
    long result = 0;
    for (byte b : bytes) {
        result = result << 8 | (b & 0xFF);
    }
    return result;
}

判断IP是否处在内网段中

//判断IP是否处在内网段中
public static boolean ipDetect(String ip) throws UnknownHostException {
    long ipLong = ip2Long(ip);
    System.out.println("iptolong: " + ipLong);
    /*
     常用内网段:
     A类        10.0.0.0/8 => 10.0.0.0 ~ 10.255.255.255
     B类        172.16.0.0/12 => 172.16.0.0 ~ 172.31.255.255
     C类        192.168.0.0/16 => 192.168.0.0 ~ 192.168.255.255
     本地回环    127.0.0.0/8 => 127.0.0.0 ~ 127.255.255.255
     保留地址    0.0.0.0/32 => 0.0.0.0
     注:本地回环包含了整个127段
     */
    return (ip2Long("127.0.0.0") >> 24 == ipLong >> 24) ||
            (ip2Long("10.0.0.0") >> 24 == ipLong >> 24) ||
            (ip2Long("172.16.0.0") >> 20 == ipLong >> 20) ||
            (ip2Long("192.168.0.0") >> 16 == ipLong >> 16) ||
            (ip2Long("0.0.0.0") >> 24 == ipLong >> 24);
}

XSS

//检测XSS
   public static boolean xssDetect(String name, String input) {
       if (!input.isEmpty()) {
           try {
               Policy policy = Policy.getInstance();
               AntiSamy antiSamy = new AntiSamy();
               CleanResults cr = antiSamy.scan(input, policy);
               if (input.equals(cr.getCleanHTML())) {
                   return false;
               } else {
                   filterLog(logPath, "查询字段: " + name + " 检测到XSS: " + input);
                   return true;
               }
           } catch (Exception e) {
               return true;
           }
       }
       return false;
   }

SQLi

//检测SQLi
    private Boolean sqliDetect(String name, String param) {
        Libinjection a = new Libinjection();
        boolean issqli1 = a.libinjection_sqli(param);
        String log = "\n" + "注入检测结果: " + issqli1 + " 查询字段: " + name + " " + param + "\n";
        filterLog(logPath, log);
        return issqli1;
    }

保存日志

//保存日志
    String logPath = "/path/to/your/logsDir/logName.out";
    private static void filterLog(String path, String log) {
        try {
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(path, true), "UTF-8");
            outputStreamWriter.write(log);
            outputStreamWriter.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }