Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

300COM-10703337/FlowerScanner.py

Go to file
 
 
Cannot retrieve contributors at this time
125 lines (104 sloc) 3.46 KB
Raw Blame
Open in GitHub Desktop
import json
import xssDetect
import weakPasswordDetect
import scan
import argparse
import config
import os
# for FlowerPlay:
# localStorage = {}
# localStorage['vuex'] = '{"user":{"userInfo":{"username":"test","IsAdmin":false,"uuid":"d3fdc539-a242-441a-91c0-e1b59bcd4e38","email":"a@a.wwa"},"token":"asdasdasd","expiresAt":"2020/10/16"}}'
parser = argparse.ArgumentParser()
parser.add_argument('-u', '--url', dest="url")
parser.add_argument('--header', dest="header", action="store_true")
parser.add_argument('--cookie', dest="cookie", action="store_true")
parser.add_argument('-t', '--threads', dest="threadsCount")
parser.add_argument('--timeout', dest="timeout")
parser.add_argument('-A', '--all', dest="All", action="store_true")
parser.add_argument('-o', '--output', dest="output")
parser.add_argument('--GET', dest="GET", action="store_true")
parser.add_argument('--POST', dest="POST", action="store_true")
parser.add_argument('--vue', dest="vue", action="store_true")
args = parser.parse_args()
Url = args.url
threadsCount = args.threadsCount
timeout = args.timeout
All = args.All
output = args.output
GET = args.GET
POST = args.POST
cookie = args.cookie
header = args.header
vue = args.vue
f = open("database\\logo.txt", 'r')
logo = f.read()
f.close()
config.menu += logo
config.menu += '''
1. XssScan
2. SqlScan
3. WeakPasswordScan
4. Exit
> '''
if GET:
GET = True
POST = False
else:
GET = False
POST = True
if type(header) == str:
with open(header, 'r') as h:
config.headers = h.read()
cookies = {}
if cookie:
try:
with open("database\\cookie.txt", 'r') as f:
cookies = json.loads(f.read().replace('\'', '"'))
except Exception as e:
print("Cookie Error:" + e)
exit(-1)
with open("database\\payloads.txt", 'r') as f:
payloads = []
for eachline in f:
payloads.append(eachline[:-1])
os.system("chcp 65001")
os.system("cls")
while True:
print(config.menu, end='')
choose = input()
if choose == '1':
result = xssDetect.detect(Url, payloads, GET, cookies)
outStr = ""
for url in result.keys():
thisLine = "result of %s: \n" % url
for param in result[url].keys():
tmp = "\tParam %s: \n" % param
for eachPayload in result[url][param]:
tmp += "\t\t%s\n" % eachPayload
if len(tmp) != len("\tParam %s: \n" % param):
thisLine += tmp
if len(thisLine) != len("result of %s: \n" % url):
outStr += thisLine
outStr += "\n"
if len(outStr) != 0:
print(outStr)
else:
print("Seems no XSS here...")
print("XSS DETECT finished\n")
elif choose == '2':
if cookies:
command = "python ScanQLi\\scanqli.py -u %s -c %s" % (Url, json.dumps(cookies))
else:
command = "python ScanQLi\\scanqli.py -u %s" % Url
os.system(command)
elif choose == '3':
ans = weakPasswordDetect.detect(Url, GET)
if ans:
print("-----------------------------------------")
print("result:")
for each in ans:
print("Username: %s, Password: %s" % (each[0], each[1]))
print("-----------------------------------------")
elif choose == '4':
print("BYE")
exit(0)