Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
300COM-10703337/xssDetect.py
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
97 lines (87 sloc)
3.42 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
from config import headers | |
import scan | |
import scanForm | |
import requests | |
#import vueScan | |
def detect(url, payloads, GET = True, cookie = {}): | |
f = open("database\\xssLogo.txt", 'r') | |
xssLogo = f.read() | |
f.close() | |
print(xssLogo) | |
if '?' in url: | |
print("XSS DETECTOR: trying XSS.......") | |
request = url.split('?')[1] | |
request = request.split('&') | |
params = {} | |
for each in request: | |
tmp = each.split('=') | |
params[tmp[0]] = tmp[1] | |
result = {} | |
thisResult = {} | |
for param in params.keys(): | |
thisParam = params.copy() | |
thisResult[param] = [] | |
for payload in payloads: | |
thisParam[param] = payload | |
try: | |
if GET: | |
res = requests.get(url, | |
data = thisParam, | |
headers = headers, | |
cookies = cookie) | |
else: | |
res = requests.post(url, | |
params = thisParam, | |
headers = headers, | |
cookies = cookie) | |
except: | |
continue | |
res.encoding = 'utf-8' | |
if payload in res.text: | |
thisResult[param].append(payload) | |
thisParam[param] = "" | |
result[url.split('?')[0]] = thisResult | |
return result | |
print("XSS DETECTOR: scanning URL......") | |
urls = scan.main(url, cookies = cookie)[0] | |
print("XSS DETECTOR: urlscan finished") | |
print("XSS DETECTOR: trying XSS.......") | |
total = len(urls) | |
now = 0 | |
result = {} | |
for url in urls: | |
print('percent: {:.2%}\r'.format(now / total), end = '', flush = True) | |
params = scanForm.getParams(url, cookie)[1] | |
thisResult = {} | |
for param in params.keys(): | |
thisParam = params.copy() | |
thisResult[param] = [] | |
for payload in payloads: | |
thisParam[param] = payload | |
try: | |
if GET: | |
res = requests.get(url, | |
data = thisParam, | |
headers = headers, | |
cookies = cookie) | |
else: | |
res = requests.post(url, | |
params = thisParam, | |
headers = headers, | |
cookies = cookie) | |
except: | |
continue | |
res.encoding = 'utf-8' | |
if payload in res.text: | |
thisResult[param].append(payload) | |
thisParam[param] = "" | |
result[url] = thisResult | |
now += 1 | |
print("XSS DETECTOR: Detect finished!") | |
return result | |
# def vueDetect(url, payloads, GET = True, localStorage = None, cookie = None): | |
# print("XSS DETECTOR: scanning URL......") | |
# urls = vueScan.main(url, cookies = cookie, localStorage = localStorage)[0] | |
# print("XSS DETECTOR: urlscan finished") | |
# print("XSS DETECTOR: trying XSS.......") | |