s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
462 Commits 1 Branch 0 Tags
c8fc4700732e1525741d6c4a69bd7acc5cfc77d5
Commit Graph

462 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
s0md3v
c8fc470073 fix index out of range error 2022-03-20 15:06:16 +05:30
s0md3v
ba5c75bee7 bug fix round #1 2022-03-20 14:51:41 +05:30
Somdev Sangwan
e03c2dbb05 Merge pull request #304 from networknerd/master 
Issue# 303. Added validation to the return code of the os.system call…
 2022-03-20 14:32:39 +05:30
Somdev Sangwan
509b98ea55 Merge pull request #294 from icepng/master 
fix dom.py allControlledVariables position
 2022-03-20 14:31:07 +05:30
Somdev Sangwan
015853495e Merge pull request #330 from seqrity/master 
Update version number in banner
 2022-03-20 14:30:03 +05:30
Somdev Sangwan
a6d2efdb7c Merge pull request #285 from faf0-addepar/faf0/colors-fix 
Fix DOM scanner on Windows/macOS/iOS
 2022-03-20 14:29:50 +05:30
Somdev Sangwan
dd3b0fe0b0 Merge pull request #313 from hash3liZer/master 
Handling of Connection Error
 2022-03-20 14:28:58 +05:30
Somdev Sangwan
947c70290f Merge pull request #337 from mrshu/patch-1 
fix: Add missing comma
 2022-01-30 00:32:00 +05:30
Marek Šuppa
9d16479ec2 fix: Add missing comma 
* Add missing comma to `user_agents` list
 2022-01-29 01:08:18 +01:00
Seqrity
1736a8b687 Update xsstrike.py 
Update version number in banner
 2021-08-27 03:31:27 -05:00
hash3liZer
1dcc5ddd46 Handling of Connection Error 2020-09-04 19:49:36 +05:30
Raja Tumbalabeedu
eb52451f33 Issue# 303. Added validation to the return code of the os.system call to check if the fuzzywuzzy installation is success. 2020-05-20 16:26:50 +00:00
icepng
ce231e4f8f fix dom.py allControlledVariables position 2020-03-05 15:25:43 +08:00
Fabian Foerg
fe81c53167 Fix DOM scanner on Windows/macOS/iOS 
The DOM scanner colors sources and sinks in script lines.  Moreover,
that scanner collects all colored lines:
0ecedc1bba/core/dom.py (L50)

As coloring is disabled on Windows, macOS, and iOS, no potentially
tainted lines will be collected on these platforms:
0ecedc1bba/core/colors.py (L8-L9)
Consequently, the report of potential DOM vulnerabilities is always
empty.

This change fixes this bug by surrounding sources and sinks with `*`
characters.

Also, this change removes unused colors imports.
 2019-12-30 17:10:40 -05:00
Somdev Sangwan
0ecedc1bba Merge pull request #272 from s0md3v/fixed 
3.1.5
 2019-12-20 02:17:35 +05:30
Somdev Sangwan
3ff48aed42 Delete __init__.cpython-37.pyc 2019-11-13 12:09:03 +05:30
Somdev Sangwan
d5988b7467 Delete retireJs.cpython-37.pyc 2019-11-13 12:08:55 +05:30
Somdev Sangwan
b5ef9979c6 Add files via upload 2019-11-01 00:23:25 +05:30
Somdev Sangwan
45e2d47bd0 REVERTED TO STABLE BUILD 2019-10-31 18:40:14 +05:30
Somdev Sangwan
58066bbad3 Add files via upload 2019-10-31 18:36:50 +05:30
Somdev Sangwan
18c31c3a53 Merge pull request #266 from darkMoon1973/fix-comment-regex 
fix html comment regex error
 2019-10-18 22:46:55 +05:30
RyunosukeA
339342eee5 fix comment regex 2019-10-17 19:26:18 +08:00
Somdev Sangwan
470f138db5 fixed quoteless attribute context (Fixes #251) 2019-07-10 17:47:34 +05:30
Somdev Sangwan
d69402bf83 only crawl webpages (Fixes #253) 2019-07-10 17:43:03 +05:30
Somdev Sangwan
160bbf8372 dropping browser validation temporarily 2019-06-08 16:18:31 +05:30
Somdev Sangwan
daa3ae3f63 reverting to the stable build 2019-06-08 16:17:55 +05:30
Somdev Sangwan
53c8903f21 reverting to the stable build 2019-06-08 16:11:34 +05:30
Somdev Sangwan
ac69f60adc Delete .whitesource 2019-06-08 06:23:48 +05:30
Somdev Sangwan
cb97741fb8 Merge pull request #242 from IAmStoxe/master 
Fixed Alert Validation
 2019-05-23 17:30:42 +05:30
Devin Stokes
7fea5ff9fd Modified the alert detection method to avoid false positives. 2019-05-22 14:07:56 -07:00
stoXe
1a7681d794 Merge pull request #2 from s0md3v/master 
Merge
 2019-05-22 13:05:48 -07:00
whitesource-bolt-for-github[bot]
7cd06e02f8 Initial WhiteSource configuration file 2019-05-05 15:49:26 +00:00
Somdev Sangwan
0010a900b6 +3 vulnerable libraries 2019-05-02 00:02:52 +05:30
Devin Stokes
1907d701dc Fixed bug in browserEngine that wouldn't initialize browser on navigation in some conditions. 2019-05-01 10:09:41 -07:00
stoXe
ec3e12d23c Merge pull request #1 from s0md3v/master 
Catch up with master
 2019-05-01 10:06:07 -07:00
Somdev Sangwan
0e8a75bcc4 Added browser validation for 0 false positives 2019-05-01 22:07:33 +05:30
Devin Stokes
8e00a32511 Move browser initialization out of browserEngine and put it in to scan.py 2019-05-01 09:11:52 -07:00
Devin Stokes
1d22590cd5 Removed extra logging from scan.py 2019-05-01 07:28:12 -07:00
Devin Stokes
2c3b1e1676 Removed logging from browserEngine 2019-05-01 07:27:08 -07:00
Devin Stokes
16e0dd25b5 Updated naming in browserEngine.py 
Refactored methods in browserEngine to be more readable

Fixed logging methods used when adding the browserEngine (ie. info/debug/good/etc)
 2019-04-30 19:19:00 -07:00
Devin Stokes
b20c24a438 update travis 2019-04-30 18:17:13 -07:00
Devin Stokes
c03c085eeb Removed browser quit arguments and made a method out of it to be called externally 2019-04-30 18:09:30 -07:00
Devin Stokes
dada14f3e8 make the browser static so we don't have to initialize it each execution. 2019-04-30 17:52:44 -07:00
Devin Stokes
0c66cd94cb Added geckodriver to travis.yml 2019-04-30 17:44:41 -07:00
Devin Stokes
4b9776c641 Added selenium to requirements.txt 2019-04-30 14:49:23 -07:00
Devin Stokes
186cb9077d Added browser validation 2019-04-30 14:44:19 -07:00
Somdev Sangwan
5a6d77370b fixed a crawler bug 2019-04-30 22:09:40 +05:30
Somdev Sangwan
d28d553179 my cat ran across my keyboard 2019-04-30 22:07:29 +05:30
Somdev Sangwan
3e3b719157 fixed a crawler bug 2019-04-30 22:00:52 +05:30
Somdev Sangwan
d923cb99e3 remove generic HTTP response code 2019-04-28 11:44:48 +05:30