s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Somdev Sangwan
2018-11-14 23:53:18 +05:30
committed by GitHub
parent 755f2fb497
commit 0491c18ebe
5 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/config.py
View File

@@ -1,4 +1,4 @@
changes = '''detection of up to 66 WAFs'''
changes = '''bug fixes;detection of up to 66 WAFs'''
defaultEditor = 'nano'
blindPayload = '' # your blind XSS payload

2
core/fuzzer.py
View File

@@ -40,7 +40,7 @@ def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
limit -= 1
sleep(1)
try:
requests.get(url, timeout=5, headers=headers)
requester(url, params, headers, GET, 0, 10)
print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)
except:
print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)

2
core/wafDetector.py
View File

@@ -35,4 +35,4 @@ def wafDetector(url, params, headers, GET, delay, timeout):
else:
return None
else:
return None
return None

2
db/wafSignatures.json
View File

@@ -329,4 +329,4 @@
"page" : "<img class=.yunsuologo.",
"headers" : "yunsuo_session"
}
}
}

8
xsstrike.py
View File

@@ -6,7 +6,7 @@ from core.colors import end, red, white, green, yellow, run, bad, good, info, qu
# Just a fancy ass banner
print('''%s
\tXSStrike %sv3.0.2
\tXSStrike %sv3.0.3
%s''' % (red, white, end))
try:
@@ -213,10 +213,10 @@ def singleTarget(target, paramData, verbose, encoding):
print ('%s Efficiency: %i' % (info, bestEfficiency))
print ('%s Confidence: %i' % (info, confidence))
def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload):
def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout):
signatures = set()
if domURL and not skipDOM:
response = requests.get(domURL).text
response = requester(domURL, {}, headers, True, delay, timeout).text
highlighted = dom(response)
if highlighted:
print ('%s Potentially vulnerable objects found at %s' % (good, domURL))
@@ -316,7 +316,7 @@ else:
for i in range(difference):
domURLs.append(0)
threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload) for form, domURL in zip(forms, domURLs))
futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout) for form, domURL in zip(forms, domURLs))
for i, _ in enumerate(concurrent.futures.as_completed(futures)):
if i + 1 == len(forms) or (i + 1) % threadCount == 0:
print('%s Progress: %i/%i' % (info, i + 1, len(forms)), end='\r')