s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d3f25bbee29afa29cac0b282b392e74f6a8ea82
XSStrike/core/fuzzer.py
Somdev Sangwan 0d3f25bbee Add files via upload
2018-10-27 18:58:52 +05:30

50 lines
2.1 KiB
Python
Raw Blame History

import copy
from time import sleep
from random import randint
from core.utils import replacer
from urllib.parse import quote_plus
from core.requester import requester
from core.config import fuzzes, xsschecker
from core.colors import end, red, white, green, yellow, run, bad, good, info, que
def counter(string):
special = '\'"=/:*&)(}{][><'
count = 0
for char in list(string):
if char in special:
count += 1
return count
def fuzzer(url, params, headers, GET, delay, WAF):
for fuzz in fuzzes:
if delay == 0:
delay = 6
t = delay + randint(delay, delay * 2) + counter(fuzz)
sleep(t)
paramsCopy = copy.deepcopy(params)
try:
response = requester(url, replacer(paramsCopy, xsschecker, fuzz), headers, GET, delay/2)
except:
print ('\n%s WAF is dropping suspicious requests.' % bad)
if delay == 0:
print ('%s Delay has been increased to %s6%s seconds.' % (info, green, end))
delay += 6
limit = (delay + 1) * 50
timer = -1
while timer < limit:
print ('\r%s Fuzzing will continue after %s%i%s seconds.\t\t' % (info, green, limit, end), end='\r')
limit -= 1
sleep(1)
try:
requests.get(url, timeout=5, cookies=cookie)
print ('\n%s Pheww! Looks like sleeping for %s%i%s seconds worked!' % (good, green, (delay + 1) * 2), end)
except:
print ('\n%s Looks like WAF has blocked our IP Address. Sorry!' % bad)
break
if fuzz.lower() in response.text.lower(): # if fuzz string is reflected in the response
result = ('%s[passed] %s' % (green, end))
elif str(response.status_code)[:1] != '2': # if the server returned an error (Maybe WAF blocked it)
result = ('%s[blocked] %s' % (red, end))
else: # if the fuzz string was not reflected in the response completely
result = ('%s[filtered]%s' % (yellow, end))
print ('%s %s' % (result, fuzz))
Reference in New Issue View Git Blame Copy Permalink