XSStrike/core/fuzzer.py

import copy
import requests
from time import sleep
from random import randint
from core.utils import replacer
from core.requester import requester
from core.config import fuzzes, xsschecker
from urllib.parse import quote_plus, unquote
from core.colors import end, red, white, green, yellow, run, bad, good, info, que

def counter(string):
    special = '\'"=/:*&)(}{][><'
    count = 0
    for char in list(string):
        if char in special:
            count += 1
    return count

def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
    for fuzz in fuzzes:
        if delay == 0:
            delay = 0
        t = delay + randint(delay, delay * 2) + counter(fuzz)
        sleep(t)
        paramsCopy = copy.deepcopy(params)
        try:
            if encoding:
                fuzz = encoding(unquote(fuzz))
            data = replacer(paramsCopy, xsschecker, fuzz)
            response = requester(url, data, headers, GET, delay/2, timeout)
        except:
            print ('\n%s WAF is dropping suspicious requests.' % bad)
            if delay == 0:
                print ('%s Delay has been increased to %s6%s seconds.' % (info, green, end))
                delay += 6
            limit = (delay + 1) * 50
            timer = -1
            while timer < limit:
                print ('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r')
                limit -= 1
                sleep(1)
            try:
                requester(url, params, headers, GET, 0, 10)
                print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)
            except:
                print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)
                break
        if encoding:
            fuzz = encoding(fuzz)
        if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response
            result = ('%s[passed]  %s' % (green, end))
        elif str(response.status_code)[:1] != '2': # if the server returned an error (Maybe WAF blocked it)
            result = ('%s[blocked] %s' % (red, end))
        else: # if the fuzz string was not reflected in the response completely
            result = ('%s[filtered]%s' % (yellow, end))
        print ('%s %s' % (result, fuzz))
Add files via upload 2018-10-27 18:58:52 +05:30			`import copy`
added missing import 2018-10-27 20:00:29 +05:30			`import requests`
Add files via upload 2018-10-27 18:58:52 +05:30			`from time import sleep`
			`from random import randint`
			`from core.utils import replacer`
			`from core.requester import requester`
			`from core.config import fuzzes, xsschecker`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`from urllib.parse import quote_plus, unquote`
Add files via upload 2018-10-27 18:58:52 +05:30			`from core.colors import end, red, white, green, yellow, run, bad, good, info, que`

			`def counter(string):`
			`special = '\'"=/:*&)(}{][><'`
			`count = 0`
			`for char in list(string):`
			`if char in special:`
			`count += 1`
			`return count`

Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):`
Add files via upload 2018-10-27 18:58:52 +05:30			`for fuzz in fuzzes:`
			`if delay == 0:`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`delay = 0`
Add files via upload 2018-10-27 18:58:52 +05:30			`t = delay + randint(delay, delay * 2) + counter(fuzz)`
			`sleep(t)`
			`paramsCopy = copy.deepcopy(params)`
			`try:`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`if encoding:`
			`fuzz = encoding(unquote(fuzz))`
			`data = replacer(paramsCopy, xsschecker, fuzz)`
			`response = requester(url, data, headers, GET, delay/2, timeout)`
Add files via upload 2018-10-27 18:58:52 +05:30			`except:`
			`print ('\n%s WAF is dropping suspicious requests.' % bad)`
			`if delay == 0:`
			`print ('%s Delay has been increased to %s6%s seconds.' % (info, green, end))`
			`delay += 6`
			`limit = (delay + 1) * 50`
			`timer = -1`
			`while timer < limit:`
			`print ('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r')`
			`limit -= 1`
			`sleep(1)`
			`try:`
Add files via upload 2018-11-14 23:53:18 +05:30			`requester(url, params, headers, GET, 0, 10)`
Add files via upload 2018-10-27 18:58:52 +05:30			`print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)`
			`except:`
			`print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)`
			`break`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`if encoding:`
			`fuzz = encoding(fuzz)`
Add files via upload 2018-10-27 18:58:52 +05:30			`if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response`
			`result = ('%s[passed] %s' % (green, end))`
			`elif str(response.status_code)[:1] != '2': # if the server returned an error (Maybe WAF blocked it)`
			`result = ('%s[blocked] %s' % (red, end))`
			`else: # if the fuzz string was not reflected in the response completely`
			`result = ('%s[filtered]%s' % (yellow, end))`
added missing import 2018-10-27 20:00:29 +05:30			`print ('%s %s' % (result, fuzz))`