s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
53c8903f21521eb4d57a384ee7719b3cf6ccafcf
XSStrike/core/arjun.py
Somdev Sangwan 98c6b347b4 Logging functionality (#193) 
* Add files via upload

* Add files via upload

* Logging functionality (Resolves #146)

* Created customized logger and setup file

* Start replacing prints

* Custom StreamHandler to allow '\r' as line terminator and updated more prints

* Remove setup.py

* Logger functionality to write red lines and records without format

* Possibility to set logging level when logging without format and usage of debug level instead of verboseOutput

* Replace utils logger function calls

* Fixes

* Import missing info color

* Move xsstrike.py imports to properly initialize loggers and add logger method to debug data using json

* Minor fix
2019-01-21 04:57:55 +05:30

43 lines
1.7 KiB
Python
Raw Blame History

import concurrent.futures
import re
from core.colors import green, end
from core.config import blindParams, xsschecker, threadCount
from core.requester import requester
from core.log import setup_logger
logger = setup_logger(__name__)
def checky(param, paraNames, url, headers, GET, delay, timeout):
if param not in paraNames:
logger.debug('Checking param: {}'.format(param))
response = requester(url, {param: xsschecker},
headers, GET, delay, timeout).text
if '\'%s\'' % xsschecker in response or '"%s"' % xsschecker in response or ' %s ' % xsschecker in response:
paraNames[param] = ''
logger.good('Valid parameter found: %s%s', green, param)
def arjun(url, GET, headers, delay, timeout):
paraNames = {}
response = requester(url, {}, headers, GET, delay, timeout).text
matches = re.findall(
r'<input.*?name=\'(.*?)\'.*?>|<input.*?name="(.*?)".*?>', response)
for match in matches:
try:
foundParam = match[1]
except UnicodeDecodeError:
continue
logger.good('Heuristics found a potentially valid parameter: %s%s%s. Priortizing it.' % (
green, foundParam, end))
if foundParam not in blindParams:
blindParams.insert(0, foundParam)
threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
futures = (threadpool.submit(checky, param, paraNames, url,
headers, GET, delay, timeout) for param in blindParams)
for i, _ in enumerate(concurrent.futures.as_completed(futures)):
if i + 1 == len(blindParams) or (i + 1) % threadCount == 0:
logger.info('Progress: %i/%i\r' % (i + 1, len(blindParams)))
return paraNames
Reference in New Issue View Git Blame Copy Permalink