From 2418ae0b65bb22f92365e2a4f3fd020d905ed214 Mon Sep 17 00:00:00 2001 From: Ahmed Khaled Date: Thu, 20 Dec 2018 02:59:43 +0200 Subject: [PATCH 1/3] Ability to add request headers directly from command line without any need to open any external text editor --- xsstrike.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xsstrike.py b/xsstrike.py index 6fb9329..d8a5555 100644 --- a/xsstrike.py +++ b/xsstrike.py @@ -61,7 +61,7 @@ parser.add_argument( parser.add_argument('-l', '--level', help='level of crawling', dest='level', type=int, default=2) parser.add_argument('--headers', help='add headers', - dest='add_headers', action='store_true') + dest='add_headers', nargs='?', const=True) parser.add_argument('-t', '--threads', help='number of threads', dest='threadCount', type=int, default=core.config.threadCount) parser.add_argument('-d', '--delay', help='delay between requests', @@ -76,8 +76,10 @@ parser.add_argument('--blind', help='inject blind XSS payload while crawling', dest='blindXSS', action='store_true') args = parser.parse_args() -if args.add_headers: +if type(args.add_headers) == bool: headers = extractHeaders(prompt()) +elif type(args.add_headers) == str: + headers = extractHeaders(args.add_headers) else: from core.config import headers From eff08a36f8e3e09489781132378083c8a65f76b3 Mon Sep 17 00:00:00 2001 From: Ahmed Khaled Date: Thu, 20 Dec 2018 03:01:00 +0200 Subject: [PATCH 2/3] Handle the case when --headers argument is passed to open an external text editor with the $EDITOR value being defined nor nano text editor being installed --- core/prompt.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/core/prompt.py b/core/prompt.py index b0a91b5..f1e2c5d 100644 --- a/core/prompt.py +++ b/core/prompt.py @@ -2,6 +2,8 @@ import os import tempfile from core.config import defaultEditor +from core.colors import info, white, bad, yellow + def prompt(default=None): @@ -14,10 +16,16 @@ def prompt(default=None): tmpfile.flush() child_pid = os.fork() is_child = child_pid == 0 - if is_child: # opens the file in the editor - os.execvp(editor, [editor, tmpfile.name]) + try: + os.execvp(editor, [editor, tmpfile.name]) + except FileNotFoundError: + print('%s You don\'t have either a default $EDITOR \ +value defined nor \'nano\' text editor' % bad) + print('%s Execute %s`export EDITOR=/pat/to/your/editor` \ +%sthen run XSStrike again.\n\n' % (info, yellow,white)) + exit(1) else: os.waitpid(child_pid, 0) # wait till the editor gets closed tmpfile.seek(0) From c035960cad0321bf067e6114282105530d6ed84b Mon Sep 17 00:00:00 2001 From: Somdev Sangwan Date: Thu, 20 Dec 2018 12:36:47 +0530 Subject: [PATCH 3/3] Update utils.py --- core/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/core/utils.py b/core/utils.py index cb2b87b..ecdf616 100644 --- a/core/utils.py +++ b/core/utils.py @@ -79,6 +79,7 @@ def stripper(string, substring, direction='right'): def extractHeaders(headers): + headers = headers.replace('\\n', '\n') sorted_headers = {} matches = re.findall(r'(.*):\s(.*)', headers) for match in matches: