s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
15bc6387086442cb76d0b5b409af0aea0b09ec28
XSStrike/core/checker.py
Stefan Hagen 15bc638708 Clearer argument handling, pep8, import order, less unused vars (#123) 
* Proposal for less redundant argument handling, autopep8, sorted imports, etc.
* dest labels in sync with local target vars and safe names
* only one special handling before transfer of values to local vars (headers prompt)
* some initial comments - there was a quest for help on documentation ;-)
* few oneliners from if else variable setters
* left the simple script style as is (might be a preference for author and users)
* Adapted code for static checks and removed unused mports sys and requests, many unused  variables remain
2018-11-15 15:07:38 +05:30

43 lines
1.7 KiB
Python
Raw Blame History

import re
import copy
from fuzzywuzzy import fuzz
from core.config import xsschecker
from core.requester import requester
from core.utils import replacer, fillHoles
from urllib.parse import unquote
def checker(url, params, headers, GET, delay, payload, positions, timeout, encoding):
checkString = 'st4r7s' + payload + '3nd'
if encoding:
checkString = encoding(unquote(checkString))
paramsCopy = copy.deepcopy(params)
response = requester(url, replacer(paramsCopy, xsschecker, checkString), headers, GET, delay, timeout).text.lower()
reflectedPositions = []
for match in re.finditer('st4r7s', response):
reflectedPositions.append(match.start())
filledPositions = fillHoles(positions, reflectedPositions)
# Itretating over the reflections
num = 0
efficiencies = []
for position in filledPositions:
allEfficiencies = []
try:
reflected = response[reflectedPositions[num]:reflectedPositions[num]+len(checkString)]
efficiency = fuzz.partial_ratio(reflected, checkString.lower())
allEfficiencies.append(efficiency)
except IndexError:
pass
if position:
reflected = response[position:position+len(checkString)]
if encoding:
checkString = encoding(checkString.lower())
efficiency = fuzz.partial_ratio(reflected, checkString)
if reflected[:-2] == ('\\%s' % checkString.replace('st4r7s', '').replace('3nd', '')):
efficiency = 90
allEfficiencies.append(efficiency)
efficiencies.append(max(allEfficiencies))
else:
efficiencies.append(0)
num += 1
return list(filter(None, efficiencies))
Reference in New Issue View Git Blame Copy Permalink