DanMcInerney/xsscrapy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
112 Commits 1 Branch 0 Tags
60542c34292d704fc08aec0bb3042d0254bade99
Commit Graph

112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan McInerney
60542c3429 removed JS escaped chars too early, also allowed empty params to be payloaded 2014-12-03 23:40:34 -07:00
Dan McInerney
f4061a6aa9 Merge pull request #19 from masterkorp/enhancement/typo-fix 
Fix typo
 2014-12-03 09:08:38 -07:00
Alfredo Palhares
4bad271e54 Fix typo 2014-12-03 16:03:11 +00:00
Dan McInerney
0070a91759 Merge branch 'master' of https://github.com/DanMcInerney/xsscrapy 2014-11-13 08:30:23 -07:00
Dan McInerney
2842ea1324 fixed a possible payload 2014-11-13 08:30:01 -07:00
Dan McInerney
8b42c37c7d Merge pull request #17 from ddworken/master 
Added rate limiting documentation.
 2014-11-10 09:10:48 -05:00
David Dworken
35c29e1e4e Added rate limiting documentation. 2014-11-10 07:55:11 -05:00
Dan McInerney
ce6587fe83 fixed rate limiting 2014-11-09 20:45:11 -05:00
Dan McInerney
c559d483e9 readded rate limiting 2014-11-09 20:28:37 -05:00
Dan McInerney
c07b0df0e1 attempts to fix broken form action URLs 2014-11-09 14:21:04 -05:00
Dan McInerney
94cf440bc1 shortened examples 2014-11-08 06:40:02 -05:00
Dan McInerney
62c813ac68 added -c option for max simultaneous connections 2014-11-08 06:35:52 -05:00
Dan McInerney
646ecf64b6 removal of comment 2014-11-08 05:11:19 -05:00
Dan McInerney
2f80a9f147 added / to fuzzer chars to prevent false+ within JS when trying to close the script tags with </script> 2014-11-07 15:38:58 -05:00
Dan McInerney
a2b9fdbd85 reduce false+ associated with gathering characters between two unrelated delimiter strings 2014-11-07 11:50:15 -05:00
Dan McInerney
b9cc3c6ea3 added / to fuzzer chars to prevent false+ within JS when trying to close the script tags with </script> 2014-11-07 10:02:53 -05:00
Dan McInerney
ebe204bde7 updated readme with basic auth 2014-10-24 07:14:33 -04:00
Dan McInerney
68386dfc61 added --basic option for http basic auth 2014-10-24 07:12:40 -04:00
DanMcInerney
bc19ded59d typo 2014-10-14 02:31:45 -04:00
Dan McInerney
a8d7e6c426 Merge branch 'ddworken-master' 2014-10-13 01:35:10 -04:00
David Dworken
85c58003e1 Changed to example.com to comply with RFC 2606 
Something.com is not a reserved domain name for documentation purposes. Example.com is. http://tools.ietf.org/html/rfc2606#page-2
 2014-10-11 11:18:57 -04:00
David Dworken
d66f994f71 Added rate limiting option. 2014-10-11 11:14:47 -04:00
David Dworken
d7d3421f55 Added rate limiting directions 2014-10-11 11:14:06 -04:00
David Dworken
1d30c19d92 Merge pull request #1 from DanMcInerney/master 
Update fork from origin
 2014-10-11 10:42:30 -04:00
Dan McInerney
231abcf86c typo + will no longer go outside specified subdomains 2014-10-10 09:41:45 -04:00
DanMcInerney
34fc11550b Merge pull request #13 from ddworken/master 
Prompt for password if not specified
 2014-10-08 20:20:49 -04:00
David Dworken
fe15ee5e16 Added beautifulsoup as dependency 
beautifulsoup was not listed as a dependency. Without it, running the code will fail.
 2014-10-08 19:50:41 -04:00
David Dworken
04e5a81018 Updated with new directions. 2014-10-08 15:46:27 -04:00
David Dworken
a4b905637a Prompt for password. 
Adds a prompt for password if a username is specified and no password is specified. This removes the risk of storing a password in one's bash history.
 2014-10-08 15:44:53 -04:00
Dan McInerney
46f4955c9e removed scrapyjs til I figure it out 2014-10-06 20:27:04 -04:00
Dan McInerney
207078ec12 swapped w3af's sqli for dsss.py's sqli since it has higher detection 2014-10-06 00:42:19 -04:00
Dan McInerney
c586a5d76f less false+ on sqli check 2014-10-05 23:36:09 -04:00
Dan McInerney
20d0a7cb66 help remove false+ 2014-10-05 23:12:03 -04:00
Dan McInerney
0790c5ca23 added error-based sqli detection 2014-10-03 03:27:00 -04:00
Dan McInerney
ef9831c210 removed IPython debugging stuff 2014-09-18 13:22:58 -04:00
Dan McInerney
9b52be411f added example payloads and logic improvement 2014-09-13 03:00:03 -04:00
Dan McInerney
61be0dad98 rm backup 2014-09-11 05:40:48 -04:00
Dan McInerney
ab490bddfe try/except 2014-09-10 07:18:56 -04:00
Dan McInerney
5a56ec8911 removed debug stuff 2014-09-09 05:50:37 -04:00
Dan McInerney
bbdfc39452 clearer wording 2014-09-09 00:40:56 -04:00
Dan McInerney
df6f94a2b7 rm backup spider 2014-09-09 00:38:14 -04:00
Dan McInerney
d79a16f510 default parallel connections now set to 30 2014-09-08 07:17:15 -04:00
Dan McInerney
27d40716cb removed lots of code from xss_spider.py 2014-09-08 05:27:03 -04:00
Dan McInerney
7273a2aa1e minor readme and log update 2014-09-08 05:17:39 -04:00
Dan McInerney
7397ad8f7d now sends 1 request per form input 2014-09-08 05:10:10 -04:00
Dan McInerney
85907da7be tons of changes, better logic, less false positives 2014-09-07 02:14:39 -04:00
Dan McInerney
63d753d802 improved regex match:lxml match lineup 2014-09-02 07:02:11 -04:00
Dan McInerney
b9db77a630 66/66 wavsep detection rate!! 2014-09-01 06:28:53 -04:00
Dan McInerney
7de4eb2277 quote finder logic improvement 2014-08-31 12:13:37 -04:00
Dan McInerney
c9a8e41cb6 fixed bug in quote parser 2014-08-31 11:52:30 -04:00