-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathxss_tester.py
132 lines (108 loc) · 4.27 KB
/
xss_tester.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
'''XSS vectors in addition to GET URL parameters to add:
UA
Referer
POST params
All headers?
Encoding:
hex
" url stuff
unicode'''
import gevent.monkey
gevent.monkey.patch_all()
import logging
import gevent.pool
import gevent.queue
import urllib
import time
import requests
import gevent
#from BeautifulSoup import UnicodeDammit
import lxml.html
import sys
import argparse
from random import randrange
from urlparse import urlparse, parse_qs, parse_qsl
import socket
import random
import string
#socket.setdefaulttimeout(30)
def parse_args():
''' Create arguments '''
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", help="URL with variables to test")
parser.add_argument("-p", "--parallel", default=500, help="Specifies how many pages you want to crawl in parallel. Default = 500")
return parser.parse_args()
class XSS_tester():
def __init__(self):
#self.url = url
# Unicode encoding
# < = %uff1c, > = %uff1e, " = %u0022
self.username = ''
self.password = ''
self.xssDelim = self.generateDelimiter()
self.payloadTest = '"\'><()=;/:'
self.payloadTests = [self.xssDelim+'"\'><()=;/:'+self.xssDelim, # Normal check
self.xssDelim+'%22%27%3E%3C%28%29%3D%3B%2F%3A'+self.xssDelim, # Hex encoded
self.xssDelim+'"'><()=;/:'+self.xssDelim] # HTML encoded without semicolons
#self.payloads = ['"><SvG/oNlOaD=prompt(98)>', # Basic test within attribute like <meta value="INJECT">
# 'jAvAscRiPt:prompt(98)',
# '\';prompt(98);//', # Test for XSS in embedded JS
# '<object data=data:text/html;base64,Ij48c3ZnL29ubG9hZD1wcm9tcHQoNDMpPg==></object>'] # base64
def generateDelimiter(self):
l1 = random.choice(string.ascii_lowercase)
l2 = random.choice(string.ascii_lowercase)
l3 = random.choice(string.ascii_lowercase)
l4 = random.choice(string.ascii_lowercase)
delim = '9'+l1+l2+l3+l4
return delim
def getURLparams(self, url):
''' Parse out the URL parameters '''
parsedUrl = urlparse(url)
#self.path = parsedUrl.path
#self.hostname = parsedUrl.hostname
#self.protocol = parsedUrl.scheme+'://'
fullParams = parsedUrl.query
params = parse_qsl(fullParams) #parse_qsl rather than parse_ps in order to preserve order
return params
def change_params(self, params):
''' Returns a list of complete parameters, each with 1 parameter changed to an XSS vector '''
changedParams = []
changedParam = False
moddedParams = []
#allModdedParams = []
allModdedParams = {}
# Create a list of lists, each list will be the URL we will test
# This preserves the order of the URL parameters and will also
# test each parameter individually instead of all at once
for payload in self.payloadTests:
allModdedParams[payload] = []
for x in xrange(0, len(params)):
for p in params:
param = p[0]
value = p[1]
# If a parameter has not been modified yet
if param not in changedParams and changedParam == False:
newValue = payload
changedParams.append(param)
p = (param, newValue)
moddedParams.append(p)
changedParam = True
else:
moddedParams.append(p)
# Reset so we can step through again and change a diff param
allModdedParams[payload].append(moddedParams)
changedParam = False
moddedParams = []
# Reset the list of changed params each time a new payload is attempted
changedParams = []
return allModdedParams
def main(self, url):
xssedLinks = []
params = self.getURLparams(url)
moddedParams = self.change_params(params)
# print moddedParams
return moddedParams
X = XSS_tester()
go = X.main(parse_args().url)