XSStrike/xsstrike.py

#!/usr/bin/env python3

from __future__ import print_function

from core.colors import end, red, white, green, yellow, run, bad, good, info, que

# Just a fancy ass banner
print('''%s
\tXSStrike %sv3.0.2
%s''' % (red, white, end))

try:
    from urllib.parse import quote_plus, unquote, urlparse
except ImportError: # throws error in python2
    print ('%s XSStrike isn\'t compatible with python2.' % bad)
    quit()

# Let's import whatever we need
import re
import os
import sys
import copy
import argparse
import requests
import concurrent.futures

import core.config
from core.dom import dom
from core.arjun import arjun
from core.photon import photon
from core.prompt import prompt
from core.fuzzer import fuzzer
from core.updater import updater
from core.checker import checker
from core.encoders import base64
from core.generator import generator
from core.requester import requester
from core.htmlParser import htmlParser
from core.wafDetector import wafDetector
from core.filterChecker import filterChecker
from core.config import xsschecker, minEfficiency
from core.utils import getUrl, getParams, flattenParams, extractHeaders, verboseOutput

# Processing command line arguments
parser = argparse.ArgumentParser()
parser.add_argument('-u', '--url', help='url', dest='target')
parser.add_argument('--data', help='post data', dest='data')
parser.add_argument('-e', '--encode', help='encode payloads', dest='encode')
parser.add_argument('--fuzzer', help='fuzzer', dest='fuzz', action='store_true')
parser.add_argument('--update', help='update', dest='update', action='store_true')
parser.add_argument('--timeout', help='timeout', dest='timeout', type=int)
parser.add_argument('--params', help='find params', dest='find', action='store_true')
parser.add_argument('--crawl', help='crawl', dest='recursive', action='store_true')
parser.add_argument('-f', '--file', help='load payloads from a file', dest='file')
parser.add_argument('-l', '--level', help='level of crawling', dest='level', type=int)
parser.add_argument('--headers', help='add headers', dest='headers', action='store_true')
parser.add_argument('-t', '--threads', help='number of threads', dest='threads', type=int)
parser.add_argument('-d', '--delay', help='delay between requests', dest='delay', type=int)
parser.add_argument('--skip', help='don\'t ask to continue', dest='skip', action='store_true')
parser.add_argument('--skip-dom', help='skip dom checking', dest='skipDOM', action='store_true')
parser.add_argument('-v', '--vectors', help='verbose output', dest='verbose', action='store_true')
args = parser.parse_args()

if args.headers:
    headers = extractHeaders(prompt())
else:
    from core.config import headers

find = args.find
fuzz = args.fuzz
encode = args.encode
target = args.target
paramData = args.data
verbose = args.verbose
skipDOM = args.skipDOM
level = args.level or 2
delay = args.delay or core.config.delay
timeout = args.timeout or core.config.timeout
threadCount = args.threads or core.config.threadCount

if args.file:
    if args.file == 'default':
        payloadList = core.config.payloads
    else:
        payloadList = []
        with open(args.file, 'r') as f:
            for line in f:
                payloadList.append(line.rstrip('\n'))

encoding = False
if encode:
    if encode == 'base64':
        encoding = base64

if args.update: # if the user has supplied --update argument
    updater()
    quit() # quitting because files have been changed

if not target: # if the user hasn't supplied a url
    print('\n' + parser.format_help().lower())
    quit()

def singleTarget(target, paramData, verbose, encoding):
    if paramData:
        GET, POST = False, True
    else:
        GET, POST = True, False
    # If the user hasn't supplied the root url with http(s), we will handle it
    if target.startswith('http'):
        target = target
    else:
        try:
            response = requester('https://' + target, {}, headers, GET, delay, timeout)
            target = 'https://' + target
        except:
            target = 'http://' + target
    response = requester(target, {}, headers, GET, delay, timeout).text
    if not skipDOM:
        print ('%s Checking for DOM vulnerabilities' % run)
        highlighted = dom(response)
        if highlighted:
            print ('%s Potentially vulnerable objects found' % good)
            print (red + ('-' * 60) + end)
            for line in highlighted:
                print (line)
            print (red + ('-' * 60) + end)
    host = urlparse(target).netloc # Extracts host out of the url
    verboseOutput(host, 'host', verbose)
    url = getUrl(target, GET)
    verboseOutput(url, 'url', verbose)
    params = getParams(target, paramData, GET)
    verboseOutput(params, 'params', verbose)
    if args.find:
        params = arjun(url, GET, headers, delay, timeout)
    if not params:
        quit()
    WAF = wafDetector(url, {list(params.keys())[0] : xsschecker}, headers, GET, delay, timeout)
    if WAF:
        print ('%s WAF detected: %s%s%s' % (bad, green, WAF, end))
    else:
        print ('%s WAF Status: %sOffline%s' % (good, green, end))

    if fuzz:
        for paramName in params.keys():
            print ('%s Fuzzing parameter: %s' % (info, paramName))
            paramsCopy = copy.deepcopy(params)
            paramsCopy[paramName] = xsschecker
            fuzzer(url, paramsCopy, headers, GET, delay, timeout, WAF, encoding)
        quit()

    for paramName in params.keys():
        paramsCopy = copy.deepcopy(params)
        print ('%s Testing parameter: %s' % (info, paramName))
        if encoding:
            paramsCopy[paramName] = encoding(xsschecker)
        else:
            paramsCopy[paramName] = xsschecker
        response = requester(url, paramsCopy, headers, GET, delay, timeout)
        parsedResponse = htmlParser(response, encoding)
        occurences = parsedResponse[0]
        verboseOutput(occurences, 'occurences', verbose)
        positions = parsedResponse[1]
        verboseOutput(positions, 'positions', verbose)
        if not occurences:
            print ('%s No reflection found' % bad)
            continue
        else:
            print ('%s Reflections found: %s' % (info, len(occurences)))
        print ('%s Analysing reflections' % run)
        efficiencies = filterChecker(url, paramsCopy, headers, GET, delay, occurences, timeout, encoding)
        verboseOutput(efficiencies, 'efficiencies', verbose)
        print ('%s Generating payloads' % run)
        vectors = generator(occurences, response.text)
        verboseOutput(vectors, 'vectors', verbose)
        total = 0
        for v in vectors.values():
            total += len(v)
        if total == 0:
            print ('%s No vectors were crafted' % bad)
            continue
        print ('%s Payloads generated: %i' % (info, total))
        progress = 0
        for confidence, vects in vectors.items():
            for vect in vects:
                progress += 1
                print ('%s Payloads tried [%i/%i]' % (run, progress, total), end='\r')
                if not GET:
                    vect = unquote(vect)
                efficiencies = checker(url, paramsCopy, headers, GET, delay, vect, positions, timeout, encoding)
                if not efficiencies:
                    for i in range(len(occurences)):
                        efficiencies.append(0)
                bestEfficiency = max(efficiencies)
                if bestEfficiency == 100 or (vect[0] == '\\' and bestEfficiency >= 95):
                    print (('%s-%s' % (red, end)) * 60)
                    print ('%s Payload: %s' % (good, vect))
                    print ('%s Efficiency: %i' % (info, bestEfficiency))
                    print ('%s Confidence: %i' % (info, confidence))
                    if not args.skip:
                        choice = input('%s Would you like to continue scanning? [y/N] ' % que).lower()
                        if choice != 'y':
                            quit()
                elif bestEfficiency > minEfficiency:
                    print (('%s-%s' % (red, end)) * 60)
                    print ('%s Payload: %s' % (good, vect))
                    print ('%s Efficiency: %i' % (info, bestEfficiency))
                    print ('%s Confidence: %i' % (info, confidence))

def multiTargets(scheme, host, main_url, form, domURL, verbose):
    signatures = set()
    if domURL and not skipDOM:
        response = requests.get(domURL).text
        highlighted = dom(response)
        if highlighted:
            print ('%s Potentially vulnerable objects found at %s' % (good, domURL))
            print (red + ('-' * 60) + end)
            for line in highlighted:
                print (line)
            print (red + ('-' * 60) + end)
    if form:
        for each in form.values():
            url = each['action']
            if url:
                if url.startswith(main_url):
                    pass
                elif url.startswith('//') and url[2:].startswith(host):
                    url = scheme + '://' + url[2:]
                elif url.startswith('/'):
                    url = scheme + '://' + host + url
                elif re.match(r'\w', url[0]):
                    url = scheme + '://' + host + '/' + url
                method = each['method']
                if method == 'get':
                    GET = True
                else:
                    GET = False
                inputs = each['inputs']
                paramData = {}
                for one in inputs:
                    paramData[one['name']] = one['value']
                    for paramName in paramData.keys():
                        paramsCopy = copy.deepcopy(paramData)
                        paramsCopy[paramName] = xsschecker
                        response = requester(url, paramsCopy, headers, GET, delay, timeout)
                        parsedResponse = htmlParser(response, encoding)
                        occurences = parsedResponse[0]
                        positions = parsedResponse[1]
                        efficiencies = filterChecker(url, paramsCopy, headers, GET, delay, occurences, timeout, encoding)
                        vectors = generator(occurences, response.text)
                        if vectors:
                            for confidence, vects in vectors.items():
                                try:
                                    payload = list(vects)[0]
                                    print ('%s Vulnerable webpage: %s%s%s' % (good, green, url, end))
                                    print ('%s Vector for %s%s%s: %s' % (good, green, paramName, end, payload))
                                    break
                                except IndexError:
                                    pass


def bruteforcer(target, paramData, payloadList, verbose, encoding):
    if paramData:
        GET, POST = False, True
    else:
        GET, POST = True, False
    host = urlparse(target).netloc # Extracts host out of the url
    verboseOutput(host, 'host', verbose)
    url = getUrl(target, GET)
    verboseOutput(url, 'url', verbose)
    params = getParams(target, paramData, GET)
    verboseOutput(params, 'params', verbose)
    for paramName in params.keys():
        paramsCopy = copy.deepcopy(params)
        for payload in payloadList:
            if encoding:
                payload = encoding(unquote(payload))
            paramsCopy[paramName] = payload
            response = requester(url, paramsCopy, headers, GET, delay, timeout).text
            if encoding:
                payload = encoding(payload)
            if payload in response:
                print ('%s %s' % (good, payload))

if not args.recursive:
    if args.file:
        bruteforcer(target, paramData, payloadList, verbose, encoding)
    else:
        singleTarget(target, paramData, verbose, encoding)
else:
    print ('%s Crawling the target' % run)
    scheme = urlparse(target).scheme
    verboseOutput(scheme, 'scheme', verbose)
    host = urlparse(target).netloc
    main_url = scheme + '://' + host
    crawlingResult = photon(target, headers, level, threadCount, delay, timeout)
    forms = crawlingResult[0]
    domURLs = list(crawlingResult[1])
    difference = abs(len(domURLs) - len(forms))
    if len(domURLs) > len(forms):
        for i in range(difference):
            forms.append(0)
    elif len(forms) > len(domURLs):
        for i in range(difference):
            domURLs.append(0)
    threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
    futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose) for form, domURL in zip(forms, domURLs))
    for i, _ in enumerate(concurrent.futures.as_completed(futures)):
        if i + 1 == len(forms) or (i + 1) % threadCount == 0:
            print('%s Progress: %i/%i' % (info, i + 1, len(forms)), end='\r')
    print ('')
Add files via upload 2018-10-27 18:57:32 +05:30			`#!/usr/bin/env python3`

			`from __future__ import print_function`

			`from core.colors import end, red, white, green, yellow, run, bad, good, info, que`

			`# Just a fancy ass banner`
			`print('''%s`
changed version number in banner 2018-11-13 17:11:16 +05:30			`\tXSStrike %sv3.0.2`
Add files via upload 2018-10-27 18:57:32 +05:30			`%s''' % (red, white, end))`

			`try:`
Fixes #79, Fixes 80, Fixes #81 2018-11-03 22:49:40 +05:30			`from urllib.parse import quote_plus, unquote, urlparse`
Add files via upload 2018-10-27 18:57:32 +05:30			`except ImportError: # throws error in python2`
			`print ('%s XSStrike isn\'t compatible with python2.' % bad)`
			`quit()`

			`# Let's import whatever we need`
			`import re`
			`import os`
			`import sys`
			`import copy`
			`import argparse`
			`import requests`
Add files via upload 2018-10-29 09:51:49 +05:30			`import concurrent.futures`
Add files via upload 2018-10-27 18:57:32 +05:30
			`import core.config`
			`from core.dom import dom`
			`from core.arjun import arjun`
			`from core.photon import photon`
			`from core.prompt import prompt`
			`from core.fuzzer import fuzzer`
			`from core.updater import updater`
			`from core.checker import checker`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`from core.encoders import base64`
Add files via upload 2018-10-27 18:57:32 +05:30			`from core.generator import generator`
			`from core.requester import requester`
			`from core.htmlParser import htmlParser`
			`from core.wafDetector import wafDetector`
			`from core.filterChecker import filterChecker`
			`from core.config import xsschecker, minEfficiency`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`from core.utils import getUrl, getParams, flattenParams, extractHeaders, verboseOutput`
Add files via upload 2018-10-27 18:57:32 +05:30
			`# Processing command line arguments`
			`parser = argparse.ArgumentParser()`
			`parser.add_argument('-u', '--url', help='url', dest='target')`
			`parser.add_argument('--data', help='post data', dest='data')`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`parser.add_argument('-e', '--encode', help='encode payloads', dest='encode')`
Add files via upload 2018-10-27 18:57:32 +05:30			`parser.add_argument('--fuzzer', help='fuzzer', dest='fuzz', action='store_true')`
			`parser.add_argument('--update', help='update', dest='update', action='store_true')`
stable release 2018-11-10 17:33:48 +05:30			`parser.add_argument('--timeout', help='timeout', dest='timeout', type=int)`
Add files via upload 2018-10-27 18:57:32 +05:30			`parser.add_argument('--params', help='find params', dest='find', action='store_true')`
			`parser.add_argument('--crawl', help='crawl', dest='recursive', action='store_true')`
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`parser.add_argument('-f', '--file', help='load payloads from a file', dest='file')`
added -l option to control crawling depth 2018-10-28 14:57:36 +05:30			`parser.add_argument('-l', '--level', help='level of crawling', dest='level', type=int)`
Add files via upload 2018-10-27 18:57:32 +05:30			`parser.add_argument('--headers', help='add headers', dest='headers', action='store_true')`
Stabilized multi-threaded scanning 2018-10-30 11:39:18 +05:30			`parser.add_argument('-t', '--threads', help='number of threads', dest='threads', type=int)`
Add files via upload 2018-10-27 18:57:32 +05:30			`parser.add_argument('-d', '--delay', help='delay between requests', dest='delay', type=int)`
Added --skip option 2018-11-11 19:28:26 +05:30			`parser.add_argument('--skip', help='don\'t ask to continue', dest='skip', action='store_true')`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`parser.add_argument('--skip-dom', help='skip dom checking', dest='skipDOM', action='store_true')`
			`parser.add_argument('-v', '--vectors', help='verbose output', dest='verbose', action='store_true')`
Add files via upload 2018-10-27 18:57:32 +05:30			`args = parser.parse_args()`

			`if args.headers:`
			`headers = extractHeaders(prompt())`
			`else:`
			`from core.config import headers`

			`find = args.find`
			`fuzz = args.fuzz`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`encode = args.encode`
Add files via upload 2018-10-27 18:57:32 +05:30			`target = args.target`
			`paramData = args.data`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verbose = args.verbose`
Add files via upload 2018-10-27 18:57:32 +05:30			`skipDOM = args.skipDOM`
added -l option to control crawling depth 2018-10-28 14:57:36 +05:30			`level = args.level or 2`
Add files via upload 2018-10-27 18:57:32 +05:30			`delay = args.delay or core.config.delay`
			`timeout = args.timeout or core.config.timeout`
stable release 2018-11-10 17:33:48 +05:30			`threadCount = args.threads or core.config.threadCount`
Add files via upload 2018-10-27 18:57:32 +05:30
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`if args.file:`
			`if args.file == 'default':`
			`payloadList = core.config.payloads`
			`else:`
			`payloadList = []`
			`with open(args.file, 'r') as f:`
			`for line in f:`
			`payloadList.append(line.rstrip('\n'))`

Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`encoding = False`
			`if encode:`
			`if encode == 'base64':`
			`encoding = base64`

Add files via upload 2018-10-27 18:57:32 +05:30			`if args.update: # if the user has supplied --update argument`
			`updater()`
			`quit() # quitting because files have been changed`

			`if not target: # if the user hasn't supplied a url`
			`print('\n' + parser.format_help().lower())`
			`quit()`

Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`def singleTarget(target, paramData, verbose, encoding):`
Add files via upload 2018-10-27 18:57:32 +05:30			`if paramData:`
			`GET, POST = False, True`
			`else:`
			`GET, POST = True, False`
			`# If the user hasn't supplied the root url with http(s), we will handle it`
			`if target.startswith('http'):`
			`target = target`
			`else:`
			`try:`
Update xsstrike.py 2018-11-12 12:51:25 +05:30			`response = requester('https://' + target, {}, headers, GET, delay, timeout)`
Add files via upload 2018-10-27 18:57:32 +05:30			`target = 'https://' + target`
			`except:`
			`target = 'http://' + target`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`response = requester(target, {}, headers, GET, delay, timeout).text`
			`if not skipDOM:`
			`print ('%s Checking for DOM vulnerabilities' % run)`
			`highlighted = dom(response)`
			`if highlighted:`
			`print ('%s Potentially vulnerable objects found' % good)`
			`print (red + ('-' * 60) + end)`
			`for line in highlighted:`
			`print (line)`
			`print (red + ('-' * 60) + end)`
Add files via upload 2018-10-27 18:57:32 +05:30			`host = urlparse(target).netloc # Extracts host out of the url`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(host, 'host', verbose)`
			`url = getUrl(target, GET)`
			`verboseOutput(url, 'url', verbose)`
Add files via upload 2018-10-27 18:57:32 +05:30			`params = getParams(target, paramData, GET)`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(params, 'params', verbose)`
Add files via upload 2018-10-27 18:57:32 +05:30			`if args.find:`
stable release 2018-11-10 17:33:48 +05:30			`params = arjun(url, GET, headers, delay, timeout)`
Fixes #72 2018-10-28 01:25:35 +05:30			`if not params:`
Add files via upload 2018-10-27 18:57:32 +05:30			`quit()`
stable release 2018-11-10 17:33:48 +05:30			`WAF = wafDetector(url, {list(params.keys())[0] : xsschecker}, headers, GET, delay, timeout)`
Add files via upload 2018-10-27 18:57:32 +05:30			`if WAF:`
			`print ('%s WAF detected: %s%s%s' % (bad, green, WAF, end))`
			`else:`
			`print ('%s WAF Status: %sOffline%s' % (good, green, end))`

			`if fuzz:`
			`for paramName in params.keys():`
			`print ('%s Fuzzing parameter: %s' % (info, paramName))`
			`paramsCopy = copy.deepcopy(params)`
			`paramsCopy[paramName] = xsschecker`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`fuzzer(url, paramsCopy, headers, GET, delay, timeout, WAF, encoding)`
Add files via upload 2018-10-27 18:57:32 +05:30			`quit()`

			`for paramName in params.keys():`
			`paramsCopy = copy.deepcopy(params)`
			`print ('%s Testing parameter: %s' % (info, paramName))`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`if encoding:`
			`paramsCopy[paramName] = encoding(xsschecker)`
			`else:`
			`paramsCopy[paramName] = xsschecker`
stable release 2018-11-10 17:33:48 +05:30			`response = requester(url, paramsCopy, headers, GET, delay, timeout)`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`parsedResponse = htmlParser(response, encoding)`
Handle dynamic number of reflections (Fixes #78) 2018-10-30 16:28:56 +05:30			`occurences = parsedResponse[0]`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(occurences, 'occurences', verbose)`
Handle dynamic number of reflections (Fixes #78) 2018-10-30 16:28:56 +05:30			`positions = parsedResponse[1]`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(positions, 'positions', verbose)`
Add files via upload 2018-10-27 18:57:32 +05:30			`if not occurences:`
			`print ('%s No reflection found' % bad)`
			`continue`
			`else:`
			`print ('%s Reflections found: %s' % (info, len(occurences)))`
			`print ('%s Analysing reflections' % run)`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`efficiencies = filterChecker(url, paramsCopy, headers, GET, delay, occurences, timeout, encoding)`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(efficiencies, 'efficiencies', verbose)`
Add files via upload 2018-10-27 18:57:32 +05:30			`print ('%s Generating payloads' % run)`
Fixes #79, Fixes 80, Fixes #81 2018-11-03 22:49:40 +05:30			`vectors = generator(occurences, response.text)`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(vectors, 'vectors', verbose)`
Add files via upload 2018-10-27 18:57:32 +05:30			`total = 0`
			`for v in vectors.values():`
			`total += len(v)`
			`if total == 0:`
			`print ('%s No vectors were crafted' % bad)`
			`continue`
			`print ('%s Payloads generated: %i' % (info, total))`
			`progress = 0`
			`for confidence, vects in vectors.items():`
			`for vect in vects:`
			`progress += 1`
			`print ('%s Payloads tried [%i/%i]' % (run, progress, total), end='\r')`
			`if not GET:`
			`vect = unquote(vect)`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`efficiencies = checker(url, paramsCopy, headers, GET, delay, vect, positions, timeout, encoding)`
Add files via upload 2018-10-27 18:57:32 +05:30			`if not efficiencies:`
			`for i in range(len(occurences)):`
			`efficiencies.append(0)`
			`bestEfficiency = max(efficiencies)`
			`if bestEfficiency == 100 or (vect[0] == '\\' and bestEfficiency >= 95):`
			`print (('%s-%s' % (red, end)) * 60)`
			`print ('%s Payload: %s' % (good, vect))`
			`print ('%s Efficiency: %i' % (info, bestEfficiency))`
fix: spelling mistake 2018-11-12 13:04:20 +07:00			`print ('%s Confidence: %i' % (info, confidence))`
Added --skip option 2018-11-11 19:28:26 +05:30			`if not args.skip:`
			`choice = input('%s Would you like to continue scanning? [y/N] ' % que).lower()`
			`if choice != 'y':`
			`quit()`
Add files via upload 2018-10-27 18:57:32 +05:30			`elif bestEfficiency > minEfficiency:`
			`print (('%s-%s' % (red, end)) * 60)`
			`print ('%s Payload: %s' % (good, vect))`
			`print ('%s Efficiency: %i' % (info, bestEfficiency))`
fix: spelling mistake 2018-11-12 13:04:20 +07:00			`print ('%s Confidence: %i' % (info, confidence))`
Add files via upload 2018-10-27 18:57:32 +05:30
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`def multiTargets(scheme, host, main_url, form, domURL, verbose):`
Add files via upload 2018-10-29 09:51:49 +05:30			`signatures = set()`
not sure how that happened, skipDOM1 -> skipDOM 2018-10-31 13:10:36 +05:30			`if domURL and not skipDOM:`
fixed a bug in DOM scanning while crawling 2018-10-31 12:28:42 +05:30			`response = requests.get(domURL).text`
Update xsstrike.py 2018-11-12 12:58:56 +05:30			`highlighted = dom(response)`
			`if highlighted:`
fixed a bug in DOM scanning while crawling 2018-10-31 12:28:42 +05:30			`print ('%s Potentially vulnerable objects found at %s' % (good, domURL))`
Update xsstrike.py 2018-11-12 12:58:56 +05:30			`print (red + ('-' * 60) + end)`
			`for line in highlighted:`
			`print (line)`
			`print (red + ('-' * 60) + end)`
fixed a bug in DOM scanning while crawling 2018-10-31 12:28:42 +05:30			`if form:`
			`for each in form.values():`
			`url = each['action']`
			`if url:`
			`if url.startswith(main_url):`
			`pass`
			`elif url.startswith('//') and url[2:].startswith(host):`
			`url = scheme + '://' + url[2:]`
			`elif url.startswith('/'):`
			`url = scheme + '://' + host + url`
			`elif re.match(r'\w', url[0]):`
			`url = scheme + '://' + host + '/' + url`
			`method = each['method']`
			`if method == 'get':`
			`GET = True`
			`else:`
			`GET = False`
			`inputs = each['inputs']`
			`paramData = {}`
			`for one in inputs:`
			`paramData[one['name']] = one['value']`
			`for paramName in paramData.keys():`
Fixes #79, Fixes 80, Fixes #81 2018-11-03 22:49:40 +05:30			`paramsCopy = copy.deepcopy(paramData)`
			`paramsCopy[paramName] = xsschecker`
stable release 2018-11-10 17:33:48 +05:30			`response = requester(url, paramsCopy, headers, GET, delay, timeout)`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`parsedResponse = htmlParser(response, encoding)`
Fixes #79, Fixes 80, Fixes #81 2018-11-03 22:49:40 +05:30			`occurences = parsedResponse[0]`
			`positions = parsedResponse[1]`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`efficiencies = filterChecker(url, paramsCopy, headers, GET, delay, occurences, timeout, encoding)`
Fixes #79, Fixes 80, Fixes #81 2018-11-03 22:49:40 +05:30			`vectors = generator(occurences, response.text)`
			`if vectors:`
			`for confidence, vects in vectors.items():`
			`try:`
			`payload = list(vects)[0]`
			`print ('%s Vulnerable webpage: %s%s%s' % (good, green, url, end))`
			`print ('%s Vector for %s%s%s: %s' % (good, green, paramName, end, payload))`
			`break`
			`except IndexError:`
			`pass`
Add files via upload 2018-10-29 09:51:49 +05:30

changed version number in banner 2018-11-13 17:11:16 +05:30			`def bruteforcer(target, paramData, payloadList, verbose, encoding):`
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`if paramData:`
			`GET, POST = False, True`
			`else:`
			`GET, POST = True, False`
			`host = urlparse(target).netloc # Extracts host out of the url`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(host, 'host', verbose)`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`url = getUrl(target, GET)`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(url, 'url', verbose)`
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`params = getParams(target, paramData, GET)`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(params, 'params', verbose)`
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`for paramName in params.keys():`
			`paramsCopy = copy.deepcopy(params)`
			`for payload in payloadList:`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`if encoding:`
			`payload = encoding(unquote(payload))`
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`paramsCopy[paramName] = payload`
			`response = requester(url, paramsCopy, headers, GET, delay, timeout).text`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`if encoding:`
			`payload = encoding(payload)`
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`if payload in response:`
			`print ('%s %s' % (good, payload))`

Add files via upload 2018-10-27 18:57:32 +05:30			`if not args.recursive:`
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`if args.file:`
changed version number in banner 2018-11-13 17:11:16 +05:30			`bruteforcer(target, paramData, payloadList, verbose, encoding)`
ability to load payloads from file 2018-11-12 21:09:51 +05:30			`else:`
Ability to encode payloads, Fixed a bug in bruteforcer 2018-11-13 16:47:00 +05:30			`singleTarget(target, paramData, verbose, encoding)`
Add files via upload 2018-10-27 18:57:32 +05:30			`else:`
			`print ('%s Crawling the target' % run)`
			`scheme = urlparse(target).scheme`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`verboseOutput(scheme, 'scheme', verbose)`
Add files via upload 2018-10-27 18:57:32 +05:30			`host = urlparse(target).netloc`
			`main_url = scheme + '://' + host`
stable release 2018-11-10 17:33:48 +05:30			`crawlingResult = photon(target, headers, level, threadCount, delay, timeout)`
fixed a bug in DOM scanning while crawling 2018-10-31 12:28:42 +05:30			`forms = crawlingResult[0]`
			`domURLs = list(crawlingResult[1])`
			`difference = abs(len(domURLs) - len(forms))`
			`if len(domURLs) > len(forms):`
			`for i in range(difference):`
			`forms.append(0)`
			`elif len(forms) > len(domURLs):`
			`for i in range(difference):`
			`domURLs.append(0)`
Stabilized multi-threaded scanning 2018-10-30 11:39:18 +05:30			`threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose) for form, domURL in zip(forms, domURLs))`
Add files via upload 2018-10-29 09:51:49 +05:30			`for i, _ in enumerate(concurrent.futures.as_completed(futures)):`
Stabilized multi-threaded scanning 2018-10-30 11:39:18 +05:30			`if i + 1 == len(forms) or (i + 1) % threadCount == 0:`
			`print('%s Progress: %i/%i' % (info, i + 1, len(forms)), end='\r')`
fixed a typo, url -> domURL 2018-10-31 13:02:36 +05:30			`print ('')`