s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

minor bug fixes and bump to 3.0.3

Browse Source
This commit is contained in:
Somdev Sangwan
2018-11-14 23:59:03 +05:30
committed by GitHub
parent 755f2fb497 7d790fe2eb
commit 4ba2dfe159
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/config.py
View File

@@ -1,4 +1,4 @@
changes = '''detection of up to 66 WAFs'''
changes = '''bug fixes;detection of up to 66 WAFs'''
defaultEditor = 'nano'
blindPayload = '' # your blind XSS payload

2
core/fuzzer.py
View File

@@ -40,7 +40,7 @@ def fuzzer(url, params, headers, GET, delay, timeout, WAF, encoding):
limit -= 1
sleep(1)
try:
requests.get(url, timeout=5, headers=headers)
requester(url, params, headers, GET, 0, 10)
print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)
except:
print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)

8
xsstrike.py
View File

@@ -6,7 +6,7 @@ from core.colors import end, red, white, green, yellow, run, bad, good, info, qu
# Just a fancy ass banner
print('''%s
\tXSStrike %sv3.0.2
\tXSStrike %sv3.0.3
%s''' % (red, white, end))
try:
@@ -213,10 +213,10 @@ def singleTarget(target, paramData, verbose, encoding):
print ('%s Efficiency: %i' % (info, bestEfficiency))
print ('%s Confidence: %i' % (info, confidence))
def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload):
def multiTargets(scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout):
signatures = set()
if domURL and not skipDOM:
response = requests.get(domURL).text
response = requester(domURL, {}, headers, True, delay, timeout).text
highlighted = dom(response)
if highlighted:
print ('%s Potentially vulnerable objects found at %s' % (good, domURL))
@@ -316,7 +316,7 @@ else:
for i in range(difference):
domURLs.append(0)
threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload) for form, domURL in zip(forms, domURLs))
futures = (threadpool.submit(multiTargets, scheme, host, main_url, form, domURL, verbose, blindXSS, blindPayload, headers, delay, timeout) for form, domURL in zip(forms, domURLs))
for i, _ in enumerate(concurrent.futures.as_completed(futures)):
if i + 1 == len(forms) or (i + 1) % threadCount == 0:
print('%s Progress: %i/%i' % (info, i + 1, len(forms)), end='\r')