s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Resolves #28

Browse Source 
Some improvements and error handling to the `--headers` argument
This commit is contained in:
Somdev Sangwan
2018-12-20 12:39:36 +05:30
committed by GitHub
parent 0a46e87d04 c035960cad
commit 1e171e48af
3 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
core/prompt.py
View File

@@ -2,6 +2,8 @@ import os
import tempfile import tempfile
from core.config import defaultEditor from core.config import defaultEditor
from core.colors import info, white, bad, yellow
def prompt(default=None): def prompt(default=None):
@@ -14,10 +16,16 @@ def prompt(default=None):
tmpfile.flush() tmpfile.flush()
child_pid = os.fork() child_pid = os.fork()
is_child = child_pid == 0 is_child = child_pid == 0
if is_child: if is_child:
# opens the file in the editor # opens the file in the editor
os.execvp(editor, [editor, tmpfile.name]) try:
os.execvp(editor, [editor, tmpfile.name])
except FileNotFoundError:
print('%s You don\'t have either a default $EDITOR \
value defined nor \'nano\' text editor' % bad)
print('%s Execute %s`export EDITOR=/pat/to/your/editor` \
%sthen run XSStrike again.\n\n' % (info, yellow,white))
exit(1)
else: else:
os.waitpid(child_pid, 0) # wait till the editor gets closed os.waitpid(child_pid, 0) # wait till the editor gets closed
tmpfile.seek(0) tmpfile.seek(0)

1
core/utils.py
View File

@@ -79,6 +79,7 @@ def stripper(string, substring, direction='right'):
def extractHeaders(headers): def extractHeaders(headers):
headers = headers.replace('\\n', '\n')
sorted_headers = {} sorted_headers = {}
matches = re.findall(r'(.*):\s(.*)', headers) matches = re.findall(r'(.*):\s(.*)', headers)
for match in matches: for match in matches:

6
xsstrike.py
View File

@@ -61,7 +61,7 @@ parser.add_argument(
parser.add_argument('-l', '--level', help='level of crawling', parser.add_argument('-l', '--level', help='level of crawling',
dest='level', type=int, default=2) dest='level', type=int, default=2)
parser.add_argument('--headers', help='add headers', parser.add_argument('--headers', help='add headers',
dest='add_headers', action='store_true') dest='add_headers', nargs='?', const=True)
parser.add_argument('-t', '--threads', help='number of threads', parser.add_argument('-t', '--threads', help='number of threads',
dest='threadCount', type=int, default=core.config.threadCount) dest='threadCount', type=int, default=core.config.threadCount)
parser.add_argument('-d', '--delay', help='delay between requests', parser.add_argument('-d', '--delay', help='delay between requests',
@@ -76,8 +76,10 @@ parser.add_argument('--blind', help='inject blind XSS payload while crawling',
dest='blindXSS', action='store_true') dest='blindXSS', action='store_true')
args = parser.parse_args() args = parser.parse_args()
if args.add_headers: if type(args.add_headers) == bool:
headers = extractHeaders(prompt()) headers = extractHeaders(prompt())
elif type(args.add_headers) == str:
headers = extractHeaders(args.add_headers)
else: else:
from core.config import headers from core.config import headers