s0md3v/XSStrike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b9bf006e2c8c1cfed73b17896c68545f5ac788cd
XSStrike/modes/bruteforcer.py
Somdev Sangwan b9bf006e2c More Modular Structure, Fixes #13
2018-11-17 22:43:09 +05:30

35 lines
1.4 KiB
Python
Raw Blame History

import copy
from urllib.parse import urlparse, unquote
from core.colors import run, good, bad, green, end
from core.requester import requester
from core.utils import getUrl, getParams, verboseOutput
def bruteforcer(target, paramData, payloadList, verbose, encoding, headers, delay, timeout):
GET, POST = (False, True) if paramData else (True, False)
host = urlparse(target).netloc # Extracts host out of the url
verboseOutput(host, 'host', verbose)
url = getUrl(target, GET)
verboseOutput(url, 'url', verbose)
params = getParams(target, paramData, GET)
if not params:
print('%s No parameters to test.' % bad)
quit()
verboseOutput(params, 'params', verbose)
for paramName in params.keys():
progress = 1
paramsCopy = copy.deepcopy(params)
for payload in payloadList:
print ('%s Bruteforcing %s[%s%s%s]%s: %i/%i' % (run, green, end, paramName, green, end, progress, len(payloadList)), end='\r')
if encoding:
payload = encoding(unquote(payload))
paramsCopy[paramName] = payload
response = requester(url, paramsCopy, headers,
GET, delay, timeout).text
if encoding:
payload = encoding(payload)
if payload in response:
print('%s %s' % (good, payload))
progress += 1
print ()
Reference in New Issue View Git Blame Copy Permalink