XSStrike/core/utils.py

import json
import random
import re
from urllib.parse import urlparse

import core.config
from core.colors import info, red, end
from core.config import xsschecker

def converter(data, url=False):
    if 'str' in str(type(data)):
        if url:
            dictized = {}
            parts = data.split('/')[3:]
            for part in parts:
                dictized[part] = part
            return dictized
        else:
            return json.loads(data)
    else:
        if url:
            url = urlparse(url).scheme + '://' + urlparse(url).netloc
            for part in list(data.values()):
                url += '/' + part
            return url
        else:
            return json.dumps(data)


def counter(string):
    string = re.sub(r'\s|\w', '', string)
    return len(string)


def verboseOutput(data, name, verbose):
    if core.config.globalVariables['verbose']:
        if str(type(data)) == '<class \'dict\'>':
            try:
                print (json.dumps(data, indent=2))
            except TypeError:
                print (data)
        print (data)


def closest(number, numbers):
    difference = [abs(list(numbers.values())[0]), {}]
    for index, i in numbers.items():
        diff = abs(number - i)
        if diff < difference[0]:
            difference = [diff, {index: i}]
    return difference[1]


def fillHoles(original, new):
    filler = 0
    filled = []
    for x, y in zip(original, new):
        if int(x) == (y + filler):
            filled.append(y)
        else:
            filled.extend([0, y])
            filler += (int(x) - y)
    return filled


def stripper(string, substring, direction='right'):
    done = False
    strippedString = ''
    if direction == 'right':
        string = string[::-1]
    for char in string:
        if char == substring and not done:
            done = True
        else:
            strippedString += char
    if direction == 'right':
        strippedString = strippedString[::-1]
    return strippedString


def extractHeaders(headers):
    sorted_headers = {}
    matches = re.findall(r'(.*):\s(.*)', headers)
    for match in matches:
        header = match[0]
        value = match[1]
        try:
            if value[-1] == ',':
                value = value[:-1]
            sorted_headers[header] = value
        except IndexError:
            pass
    return sorted_headers


def replaceValue(mapping, old, new, strategy=None):
    """
    Replace old values with new ones following dict strategy.

    The parameter strategy is None per default for inplace operation.
    A copy operation is injected via strateg values like copy.copy
    or copy.deepcopy

    Note: A dict is returned regardless of modifications.
    """
    anotherMap = strategy(mapping) if strategy else mapping
    if old in anotherMap.values():
        for k in anotherMap.keys():
            if anotherMap[k] == old:
                anotherMap[k] = new
    return anotherMap


def getUrl(url, GET):
    if GET:
        return url.split('?')[0]
    else:
        return url


def extractScripts(response):
    scripts = []
    matches = re.findall(r'(?s)<script.*?>(.*?)</script>', response.lower())
    for match in matches:
        if xsschecker in match:
            scripts.append(match)
    return scripts


def randomUpper(string):
    return ''.join(random.choice((x, y)) for x, y in zip(string.upper(), string.lower()))


def flattenParams(currentParam, params, payload):
    flatted = []
    for name, value in params.items():
        if name == currentParam:
            value = payload
        flatted.append(name + '=' + value)
    return '?' + '&'.join(flatted)


def genGen(fillings, eFillings, lFillings, eventHandlers, tags, functions, ends, breaker, special):
    vectors = []
    r = randomUpper  # randomUpper randomly converts chars of a string to uppercase
    for tag in tags:
        if tag == 'd3v' or tag == 'a':
            bait = xsschecker
        else:
            bait = ''
        for eventHandler in eventHandlers:
            # if the tag is compatible with the event handler
            if tag in eventHandlers[eventHandler]:
                for function in functions:
                    for filling in fillings:
                        for eFilling in eFillings:
                            for lFilling in lFillings:
                                for end in ends:
                                    if tag == 'd3v' or tag == 'a':
                                        if '>' in ends:
                                            end = '>'  # we can't use // as > with "a" or "d3v" tag
                                    vector = vector = r(breaker) + special + '<' + r(tag) + filling + r(
                                        eventHandler) + eFilling + '=' + eFilling + function + lFilling + end + bait
                                    vectors.append(vector)
    return vectors


def getParams(url, data, GET):
    params = {}
    if '=' in url:
        data = url.split('?')[1]
        if data[:1] == '?':
            data = data[1:]
    elif data:
        if core.config.globalVariables['jsonData'] or core.config.globalVariables['path']:
            params = data
        else:
            try:
                params = json.loads(data.replace('\'', '"'))
                return params
            except json.decoder.JSONDecodeError:
                pass
    else:
        return None
    if not params:
        parts = data.split('&')
        for part in parts:
            each = part.split('=')
            try:
                params[each[0]] = each[1]
            except IndexError:
                params = None
    return params


def writer(obj, path):
    kind = str(type(obj)).split('\'')[0]
    if kind == 'list' or kind == 'tuple':
        obj = '\n'.join(obj)
    elif kind == 'dict':
        obj = json.dumps(obj, indent=4)
    savefile = open(path, 'w+')
    savefile.write(obj.encode('utf-8'))
    savefile.close()


def reader(path):
    with open(path, 'r') as f:
        result = [line.strip(
                    '\n').encode('utf-8').decode('utf-8') for line in f]
    return result
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`import json`
Add files via upload 2018-10-27 18:58:52 +05:30			`import random`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30			`import re`
URL rewriting support 2018-11-22 13:43:25 +05:30			`from urllib.parse import urlparse`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30
added counter and jsonize function 2018-11-22 01:47:04 +05:30			`import core.config`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`from core.colors import info, red, end`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30			`from core.config import xsschecker`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30
URL rewriting support 2018-11-22 13:43:25 +05:30			`def converter(data, url=False):`
added counter and jsonize function 2018-11-22 01:47:04 +05:30			`if 'str' in str(type(data)):`
URL rewriting support 2018-11-22 13:43:25 +05:30			`if url:`
			`dictized = {}`
			`parts = data.split('/')[3:]`
			`for part in parts:`
			`dictized[part] = part`
			`return dictized`
			`else:`
			`return json.loads(data)`
added counter and jsonize function 2018-11-22 01:47:04 +05:30			`else:`
URL rewriting support 2018-11-22 13:43:25 +05:30			`if url:`
			`url = urlparse(url).scheme + '://' + urlparse(url).netloc`
			`for part in list(data.values()):`
			`url += '/' + part`
			`return url`
			`else:`
			`return json.dumps(data)`
added counter and jsonize function 2018-11-22 01:47:04 +05:30

			`def counter(string):`
Fixes #167 2018-12-07 23:43:45 +05:30			`string = re.sub(r'\s\|\w', '', string)`
added counter and jsonize function 2018-11-22 01:47:04 +05:30			`return len(string)`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`def verboseOutput(data, name, verbose):`
URL rewriting support 2018-11-22 13:43:25 +05:30			`if core.config.globalVariables['verbose']:`
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`if str(type(data)) == '<class \'dict\'>':`
			`try:`
			`print (json.dumps(data, indent=2))`
			`except TypeError:`
			`print (data)`
			`print (data)`
Add files via upload 2018-10-27 18:58:52 +05:30
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Handle dynamic number of reflections (Fixes #78) 2018-10-30 16:28:56 +05:30			`def closest(number, numbers):`
			`difference = [abs(list(numbers.values())[0]), {}]`
			`for index, i in numbers.items():`
			`diff = abs(number - i)`
			`if diff < difference[0]:`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`difference = [diff, {index: i}]`
Handle dynamic number of reflections (Fixes #78) 2018-10-30 16:28:56 +05:30			`return difference[1]`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Handle dynamic number of reflections (Fixes #78) 2018-10-30 16:28:56 +05:30			`def fillHoles(original, new):`
			`filler = 0`
			`filled = []`
			`for x, y in zip(original, new):`
			`if int(x) == (y + filler):`
			`filled.append(y)`
			`else:`
			`filled.extend([0, y])`
			`filler += (int(x) - y)`
			`return filled`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
added stripping function 2018-10-28 23:54:57 +05:30			`def stripper(string, substring, direction='right'):`
			`done = False`
			`strippedString = ''`
			`if direction == 'right':`
			`string = string[::-1]`
			`for char in string:`
			`if char == substring and not done:`
			`done = True`
			`else:`
			`strippedString += char`
			`if direction == 'right':`
			`strippedString = strippedString[::-1]`
			`return strippedString`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Add files via upload 2018-10-27 18:58:52 +05:30			`def extractHeaders(headers):`
			`sorted_headers = {}`
			`matches = re.findall(r'(.):\s(.)', headers)`
			`for match in matches:`
			`header = match[0]`
			`value = match[1]`
			`try:`
			`if value[-1] == ',':`
			`value = value[:-1]`
			`sorted_headers[header] = value`
			`except IndexError:`
			`pass`
			`return sorted_headers`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
optimized utilities 2018-11-18 22:46:31 +01:00			`def replaceValue(mapping, old, new, strategy=None):`
			`"""`
			`Replace old values with new ones following dict strategy.`

			`The parameter strategy is None per default for inplace operation.`
			`A copy operation is injected via strateg values like copy.copy`
			`or copy.deepcopy`

			`Note: A dict is returned regardless of modifications.`
			`"""`
			`anotherMap = strategy(mapping) if strategy else mapping`
			`if old in anotherMap.values():`
			`for k in anotherMap.keys():`
			`if anotherMap[k] == old:`
			`anotherMap[k] = new`
			`return anotherMap`
Add files via upload 2018-10-27 18:58:52 +05:30
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Verbose switch, Fixes #71, Fixes #93 2018-11-13 12:43:47 +05:30			`def getUrl(url, GET):`
Add files via upload 2018-10-27 18:58:52 +05:30			`if GET:`
			`return url.split('?')[0]`
			`else:`
			`return url`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Add files via upload 2018-10-27 18:58:52 +05:30			`def extractScripts(response):`
			`scripts = []`
			`matches = re.findall(r'(?s)<script.?>(.?)</script>', response.lower())`
			`for match in matches:`
			`if xsschecker in match:`
			`scripts.append(match)`
			`return scripts`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Add files via upload 2018-10-27 18:58:52 +05:30			`def randomUpper(string):`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`return ''.join(random.choice((x, y)) for x, y in zip(string.upper(), string.lower()))`

Add files via upload 2018-10-27 18:58:52 +05:30
			`def flattenParams(currentParam, params, payload):`
			`flatted = []`
			`for name, value in params.items():`
			`if name == currentParam:`
			`value = payload`
			`flatted.append(name + '=' + value)`
			`return '?' + '&'.join(flatted)`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Add files via upload 2018-10-27 18:58:52 +05:30			`def genGen(fillings, eFillings, lFillings, eventHandlers, tags, functions, ends, breaker, special):`
			`vectors = []`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`r = randomUpper # randomUpper randomly converts chars of a string to uppercase`
Add files via upload 2018-10-27 18:58:52 +05:30			`for tag in tags:`
			`if tag == 'd3v' or tag == 'a':`
v3.1.0 - browser engine integration for zero false positives - coverage of event handler context - bug fixes 2018-11-21 19:20:10 +05:30			`bait = xsschecker`
Add files via upload 2018-10-27 18:58:52 +05:30			`else:`
			`bait = ''`
			`for eventHandler in eventHandlers:`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`# if the tag is compatible with the event handler`
Add files via upload 2018-10-27 18:58:52 +05:30			`if tag in eventHandlers[eventHandler]:`
			`for function in functions:`
			`for filling in fillings:`
			`for eFilling in eFillings:`
			`for lFilling in lFillings:`
			`for end in ends:`
			`if tag == 'd3v' or tag == 'a':`
			`if '>' in ends:`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`end = '>' # we can't use // as > with "a" or "d3v" tag`
			`vector = vector = r(breaker) + special + '<' + r(tag) + filling + r(`
			`eventHandler) + eFilling + '=' + eFilling + function + lFilling + end + bait`
Add files via upload 2018-10-27 18:58:52 +05:30			`vectors.append(vector)`
			`return vectors`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
Add files via upload 2018-10-27 18:58:52 +05:30			`def getParams(url, data, GET):`
keep both methods of supplying post data 2018-11-22 02:02:39 +05:30			`params = {}`
handle GET method without parameters 2018-11-22 02:14:06 +05:30			`if '=' in url:`
			`data = url.split('?')[1]`
			`if data[:1] == '?':`
			`data = data[1:]`
keep both methods of supplying post data 2018-11-22 02:02:39 +05:30			`elif data:`
URL rewriting support 2018-11-22 13:43:25 +05:30			`if core.config.globalVariables['jsonData'] or core.config.globalVariables['path']:`
keep both methods of supplying post data 2018-11-22 02:02:39 +05:30			`params = data`
			`else:`
			`try:`
			`params = json.loads(data.replace('\'', '"'))`
			`return params`
			`except json.decoder.JSONDecodeError:`
			`pass`
handle GET method without parameters 2018-11-22 02:14:06 +05:30			`else:`
			`return None`
keep both methods of supplying post data 2018-11-22 02:02:39 +05:30			`if not params:`
fixed POST data handling 2018-11-21 21:46:15 +05:30			`parts = data.split('&')`
			`for part in parts:`
			`each = part.split('=')`
			`try:`
			`params[each[0]] = each[1]`
			`except IndexError:`
			`params = None`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30			`return params`
optimized utilities 2018-11-18 22:46:31 +01:00

			`def writer(obj, path):`
			`kind = str(type(obj)).split('\'')[0]`
			`if kind == 'list' or kind == 'tuple':`
			`obj = '\n'.join(obj)`
			`elif kind == 'dict':`
			`obj = json.dumps(obj, indent=4)`
			`savefile = open(path, 'w+')`
Handle unicode while writing to file (Fixes #169) 2018-12-17 16:44:17 +05:30			`savefile.write(obj.encode('utf-8'))`
optimized utilities 2018-11-18 22:46:31 +01:00			`savefile.close()`


			`def reader(path):`
			`with open(path, 'r') as f:`
			`result = [line.strip(`
			`'\n').encode('utf-8').decode('utf-8') for line in f]`
			`return result`