s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: s0md3v:f63c6cedcb55c17094eaf91878bcec2d3870ba87
Branches Tags
s0md3v:master
...
compare: s0md3v:ab27955d367432f944d8f29897e09c15356e76f7
Branches Tags
s0md3v:master

10 Commits
f63c6cedcb ... ab27955d36

Author SHA1 Message Date
Somdev Sangwan
ab27955d36 removed sponsor 2025-04-26 14:17:06 +05:30
Somdev Sangwan
65dd68ae90 add installation guide 2025-03-17 16:54:27 +05:30
Somdev Sangwan
acbecfbdad Merge pull request #421 from wom-bat/python3_12 
Fix syntax for Python 3.12
 2025-03-16 19:08:29 +05:30
Somdev Sangwan
c3a75e2c7f Merge pull request #387 from Monsef-Noubadji/master 
global-flags-not-at-the-start-of-the-expression-at-position 12
 2025-02-25 01:11:34 +05:30
Somdev Sangwan
212ac46197 added sponsor 2025-02-20 17:45:03 +05:30
Peter Chubb
3f46fee699 Fix syntax for Python 3.12 
Backslash needs escaping now.  Otherwise one sees:

.../XSStrike/core/dom.py:27: SyntaxWarning: invalid escape sequence '\$'
  controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
.../XSStrike/core/dom.py:36: SyntaxWarning: invalid escape sequence '\$'
  controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))

Signed-off-by: Peter Chubb <Peter.Chubb@unsw.edu.au>
 2025-02-15 20:20:47 +11:00
Monsef Noubadji
6946692803 Bug Fix v2 : global flags not at the start of the expression at position 12 2023-11-10 23:36:21 +01:00
Monsef Noubadji
2cf294e97e Bug Fix : global flags not at the start of the expression at position 12 2023-11-10 23:34:53 +01:00
s0md3v
f292787604 update 2022-03-20 15:49:57 +05:30
s0md3v
9ba0b5ec53 fix #314 2022-03-20 15:41:58 +05:30
4 changed files with 21 additions and 10 deletions
Expand all files Collapse all files

13
README.md
View File

@@ -60,6 +60,19 @@ Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detect
- Powered by [Photon](https://github.com/s0md3v/Photon), [Zetanize](https://github.com/s0md3v/zetanize) and [Arjun](https://github.com/s0md3v/Arjun)
- Payload Encoding
### Installation
Enter the following commands one by one in terminal:
```
git clone https://github.com/s0md3v/XSStrike
cd XSStrike
pip install -r requirements.txt --break-system-packages
```
Now, XSStrike can be used at any time as follows:
```
python xsstrike.py
```
### Documentation
- [Usage](https://github.com/s0md3v/XSStrike/wiki/Usage)
- [Compatibility & Dependencies](https://github.com/s0md3v/XSStrike/wiki/Compatibility-&-Dependencies)

8
core/dom.py
View File

@@ -7,8 +7,8 @@ if len(end) < 1:
def dom(response):
highlighted = []
sources = r'''document\.(URL|documentURI|URLUnencoded|baseURI|cookie|referrer)|location\.(href|search|hash|pathname)|window\.name|history\.(pushState|replaceState)(local|session)Storage'''
sinks = r'''eval|evaluate|execCommand|assign|navigate|getResponseHeaderopen|showModalDialog|Function|set(Timeout|Interval|Immediate)|execScript|crypto.generateCRMFRequest|ScriptElement\.(src|text|textContent|innerText)|.*?\.onEventName|document\.(write|writeln)|.*?\.innerHTML|Range\.createContextualFragment|(document|window)\.location'''
sources = r'''\b(?:document\.(URL|documentURI|URLUnencoded|baseURI|cookie|referrer)|location\.(href|search|hash|pathname)|window\.name|history\.(pushState|replaceState)(local|session)Storage)\b'''
sinks = r'''\b(?:eval|evaluate|execCommand|assign|navigate|getResponseHeaderopen|showModalDialog|Function|set(Timeout|Interval|Immediate)|execScript|crypto.generateCRMFRequest|ScriptElement\.(src|text|textContent|innerText)|.*?\.onEventName|document\.(write|writeln)|.*?\.innerHTML|Range\.createContextualFragment|(document|window)\.location)\b'''
scripts = re.findall(r'(?i)(?s)<script[^>]*>(.*?)</script>', response)
sinkFound, sourceFound = False, False
for script in scripts:
@@ -24,7 +24,7 @@ def dom(response):
for part in parts:
for controlledVariable in allControlledVariables:
if controlledVariable in part:
controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\\$'))
pattern = re.finditer(sources, newLine)
for grp in pattern:
if grp:
@@ -33,7 +33,7 @@ def dom(response):
if len(parts) > 1:
for part in parts:
if source in part:
controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\$'))
controlledVariables.add(re.search(r'[a-zA-Z$_][a-zA-Z0-9$_]+', part).group().replace('$', '\\$'))
line = line.replace(source, yellow + source + end)
for controlledVariable in controlledVariables:
allControlledVariables.add(controlledVariable)

2
core/jsContexter.py
View File

@@ -8,7 +8,7 @@ def jsContexter(script):
broken = script.split(xsschecker)
pre = broken[0]
# remove everything that is between {..}, "..." or '...'
pre = re.sub(r'(?s)\{.*?\}|(?s)\(.*?\)|(?s)".*?"|(?s)\'.*?\'', '', pre)
pre = re.sub(r'(?s)\{.*?\}|\(.*?\)|".*?"|\'.*?\'', '', pre)
breaker = ''
num = 0
for char in pre: # iterate over the remaining characters

6
core/requester.py
View File

@@ -47,8 +47,6 @@ def requester(url, data, headers, GET, delay, timeout):
logger.warning('WAF is dropping suspicious requests.')
logger.warning('Scanning will continue after 10 minutes.')
time.sleep(600)
except requests.exceptions.ConnectionError as e:
logger.error('Error Connecting to Host')
logger.error('Scanning will continue after 2 minutes')
time.sleep(120)
except Exception as e:
logger.warning('Unable to connect to the target.')
return requests.Response()