def singleFuzz(target, paramData, encoding, headers, delay, timeout): GET, POST = (False, True) if paramData else (True, False) # If the user hasn't supplied the root url with http(s), we will handle it if not target.startswith("http"): try: response = requester("https://" + target, {}, headers, GET, delay, timeout) target = "https://" + target except: target = "http://" + target logger.debug("Single Fuzz target: {}".format(target)) host = urlparse(target).netloc # Extracts host out of the url logger.debug("Single fuzz host: {}".format(host)) url = getUrl(target, GET) logger.debug("Single fuzz url: {}".format(url)) params = getParams(target, paramData, GET) logger.debug_json("Single fuzz params:", params) if not params: logger.error("No parameters to test.") quit() WAF = wafDetector( url, {list(params.keys())[0]: xsschecker}, headers, GET, delay, timeout ) if WAF: logger.error("WAF detected: %s%s%s" % (green, WAF, end)) else: logger.good("WAF Status: %sOffline%s" % (green, end)) for paramName in params.keys(): logger.info("Fuzzing parameter: %s" % paramName) paramsCopy = copy.deepcopy(params) paramsCopy[paramName] = xsschecker fuzzer(url, paramsCopy, headers, GET, delay, timeout, WAF, encoding)
def singleFuzz(target, paramData, verbose, encoding, headers, delay, timeout): GET, POST = (False, True) if paramData else (True, False) # If the user hasn't supplied the root url with http(s), we will handle it if not target.startswith('http'): try: response = requester('https://' + target, {}, headers, GET, delay, timeout) target = 'https://' + target except: target = 'http://' + target host = urlparse(target).netloc # Extracts host out of the url verboseOutput(host, 'host', verbose) url = getUrl(target, GET) verboseOutput(url, 'url', verbose) params = getParams(target, paramData, GET) verboseOutput(params, 'params', verbose) if not params: print('%s No parameters to test.' % bad) quit() WAF = wafDetector(url, {list(params.keys())[0]: xsschecker}, headers, GET, delay, timeout) if WAF: print('%s WAF detected: %s%s%s' % (bad, green, WAF, end)) else: print('%s WAF Status: %sOffline%s' % (good, green, end)) for paramName in params.keys(): print('%s Fuzzing parameter: %s' % (info, paramName)) paramsCopy = copy.deepcopy(params) paramsCopy[paramName] = xsschecker fuzzer(url, paramsCopy, headers, GET, delay, timeout, WAF, encoding)
def singleFuzz(target, paramData, verbose, encoding, headers, delay, timeout): GET, POST = (False, True) if paramData else (True, False) # If the user hasn't supplied the root url with http(s), we will handle it if not target.startswith('http'): try: response = requester('https://' + target, {}, headers, GET, delay, timeout) target = 'https://' + target except: target = 'http://' + target host = urlparse(target).netloc # Extracts host out of the url verboseOutput(host, 'host', verbose) url = getUrl(target, GET) verboseOutput(url, 'url', verbose) params = getParams(target, paramData, GET) verboseOutput(params, 'params', verbose) if not params: print('%s No parameters to test.' % bad) quit() WAF = wafDetector( url, {list(params.keys())[0]: xsschecker}, headers, GET, delay, timeout) if WAF: print('%s WAF detected: %s%s%s' % (bad, green, WAF, end)) else: print('%s WAF Status: %sOffline%s' % (good, green, end)) for paramName in params.keys(): print('%s Fuzzing parameter: %s' % (info, paramName)) paramsCopy = copy.deepcopy(params) paramsCopy[paramName] = xsschecker fuzzer(url, paramsCopy, headers, GET, delay, timeout, WAF, encoding)
def singleFuzz(target, paramData, encoding, headers, delay, timeout): report = dict() config = dict() GET, POST = (False, True) if paramData else (True, False) # If the user hasn't supplied the root url with http(s), we will handle it if not target.startswith('http'): try: response = requester('https://' + target, {}, headers, GET, delay, timeout) target = 'https://' + target except: target = 'http://' + target logger.debug('Single Fuzz target: {}'.format(target)) host = urlparse(target).netloc # Extracts host out of the url logger.debug('Single fuzz host: {}'.format(host)) url = getUrl(target, GET) logger.debug('Single fuzz url: {}'.format(url)) params = getParams(target, paramData, GET) config['target'] = target config['host'] = host config['url'] = url logger.debug_json('Single fuzz params:', params) if not params: config['param'] = 'No paramaters to test' report['config'] = config logger.error('No parameters to test.') quit() WAF = wafDetector(url, {list(params.keys())[0]: xsschecker}, headers, GET, delay, timeout) if WAF: waf_status = WAF logger.error('WAF detected: %s%s%s' % (green, WAF, end)) else: waf_status = "offline" logger.good('WAF Status: %sOffline%s' % (green, end)) report['waf'] = waf_status report['parameters'] = list() for paramName in params.keys(): paramReport = dict() paramReport['paramater'] = paramName logger.info('Fuzzing parameter: %s' % paramName) paramsCopy = copy.deepcopy(params) paramsCopy[paramName] = xsschecker result = fuzzer(url, paramsCopy, headers, GET, delay, timeout, WAF, encoding) paramReport['result'] = result report['parameters'] = paramReport report['config'] = config print(report)
def singleTarget(target, paramData, verbose, encoding): if paramData: GET, POST = False, True else: GET, POST = True, False # If the user hasn't supplied the root url with http(s), we will handle it if target.startswith('http'): target = target else: try: response = requester('https://' + target, {}, headers, GET, delay, timeout) target = 'https://' + target except: target = 'http://' + target response = requester(target, {}, headers, GET, delay, timeout).text if not skipDOM: print('%s Checking for DOM vulnerabilities' % run) highlighted = dom(response) if highlighted: print('%s Potentially vulnerable objects found' % good) print(red + ('-' * 60) + end) for line in highlighted: print(line) print(red + ('-' * 60) + end) host = urlparse(target).netloc # Extracts host out of the url verboseOutput(host, 'host', verbose) url = getUrl(target, GET) verboseOutput(url, 'url', verbose) params = getParams(target, paramData, GET) verboseOutput(params, 'params', verbose) if args.find: params = arjun(url, GET, headers, delay, timeout) if not params: quit() WAF = wafDetector(url, {list(params.keys())[0]: xsschecker}, headers, GET, delay, timeout) if WAF: print('%s WAF detected: %s%s%s' % (bad, green, WAF, end)) else: print('%s WAF Status: %sOffline%s' % (good, green, end)) if fuzz: for paramName in params.keys(): print('%s Fuzzing parameter: %s' % (info, paramName)) paramsCopy = copy.deepcopy(params) paramsCopy[paramName] = xsschecker fuzzer(url, paramsCopy, headers, GET, delay, timeout, WAF, encoding) quit() for paramName in params.keys(): paramsCopy = copy.deepcopy(params) print('%s Testing parameter: %s' % (info, paramName)) if encoding: paramsCopy[paramName] = encoding(xsschecker) else: paramsCopy[paramName] = xsschecker response = requester(url, paramsCopy, headers, GET, delay, timeout) parsedResponse = htmlParser(response, encoding) occurences = parsedResponse[0] verboseOutput(occurences, 'occurences', verbose) positions = parsedResponse[1] verboseOutput(positions, 'positions', verbose) if not occurences: print('%s No reflection found' % bad) continue else: print('%s Reflections found: %s' % (info, len(occurences))) print('%s Analysing reflections' % run) efficiencies = filterChecker(url, paramsCopy, headers, GET, delay, occurences, timeout, encoding) verboseOutput(efficiencies, 'efficiencies', verbose) print('%s Generating payloads' % run) vectors = generator(occurences, response.text) verboseOutput(vectors, 'vectors', verbose) total = 0 for v in vectors.values(): total += len(v) if total == 0: print('%s No vectors were crafted' % bad) continue print('%s Payloads generated: %i' % (info, total)) progress = 0 for confidence, vects in vectors.items(): for vect in vects: progress += 1 print('%s Payloads tried [%i/%i]' % (run, progress, total), end='\r') if not GET: vect = unquote(vect) efficiencies = checker(url, paramsCopy, headers, GET, delay, vect, positions, timeout, encoding) if not efficiencies: for i in range(len(occurences)): efficiencies.append(0) bestEfficiency = max(efficiencies) if bestEfficiency == 100 or (vect[0] == '\\' and bestEfficiency >= 95): print(('%s-%s' % (red, end)) * 60) print('%s Payload: %s' % (good, vect)) print('%s Efficiency: %i' % (info, bestEfficiency)) print('%s Confidence: %i' % (info, confidence)) if not args.skip: choice = input( '%s Would you like to continue scanning? [y/N] ' % que).lower() if choice != 'y': quit() elif bestEfficiency > minEfficiency: print(('%s-%s' % (red, end)) * 60) print('%s Payload: %s' % (good, vect)) print('%s Efficiency: %i' % (info, bestEfficiency)) print('%s Confidence: %i' % (info, confidence))
def singleTarget(target, paramData): if paramData: GET, POST = False, True else: GET, POST = True, False # If the user hasn't supplied the root url with http(s), we will handle it if target.startswith('http'): target = target else: try: response = requests.get('https://' + target) target = 'https://' + target except: target = 'http://' + target try: response = requests.get(target).text if not skipDOM: print('%s Checking for DOM vulnerabilities' % run) if dom(response): print('%s Potentially vulnerable objects found' % good) except Exception as e: print('%s Unable to connect to the target' % bad) print('%s Error: %s' % (bad, e)) quit() host = urlparse(target).netloc # Extracts host out of the url url = getUrl(target, paramData, GET) params = getParams(target, paramData, GET) if args.find: params = arjun(url, GET, headers, delay) if not params: quit() WAF = wafDetector(url, {list(params.keys())[0]: xsschecker}, headers, GET, delay) if WAF: print('%s WAF detected: %s%s%s' % (bad, green, WAF, end)) else: print('%s WAF Status: %sOffline%s' % (good, green, end)) if fuzz: for paramName in params.keys(): print('%s Fuzzing parameter: %s' % (info, paramName)) paramsCopy = copy.deepcopy(params) paramsCopy[paramName] = xsschecker fuzzer(url, paramsCopy, headers, GET, delay, WAF) quit() for paramName in params.keys(): paramsCopy = copy.deepcopy(params) print('%s Testing parameter: %s' % (info, paramName)) paramsCopy[paramName] = xsschecker response = requester(url, paramsCopy, headers, GET, delay).text occurences = htmlParser(response) if not occurences: print('%s No reflection found' % bad) continue else: print('%s Reflections found: %s' % (info, len(occurences))) print('%s Analysing reflections' % run) efficiencies = filterChecker(url, paramsCopy, headers, GET, delay, occurences) print('%s Generating payloads' % run) vectors = generator(occurences, response) total = 0 for v in vectors.values(): total += len(v) if total == 0: print('%s No vectors were crafted' % bad) continue print('%s Payloads generated: %i' % (info, total)) progress = 0 for confidence, vects in vectors.items(): for vect in vects: progress += 1 print('%s Payloads tried [%i/%i]' % (run, progress, total), end='\r') if not GET: vect = unquote(vect) efficiencies = checker(url, paramsCopy, headers, GET, delay, vect) if not efficiencies: for i in range(len(occurences)): efficiencies.append(0) bestEfficiency = max(efficiencies) if bestEfficiency == 100 or (vect[0] == '\\' and bestEfficiency >= 95): print(('%s-%s' % (red, end)) * 60) print('%s Payload: %s' % (good, vect)) print('%s Efficiency: %i' % (info, bestEfficiency)) print('%s Cofidence: %i' % (info, confidence)) if GET: flatParams = flattenParams(paramName, paramsCopy, vect) if '"' not in flatParams and '}' not in flatParams and not skipPOC: webbrowser.open(url + flatParams) choice = input( '%s Would you like to continue scanning? [y/N] ' % que).lower() if choice != 'y': quit() elif bestEfficiency > minEfficiency: print(('%s-%s' % (red, end)) * 60) print('%s Payload: %s' % (good, vect)) print('%s Efficiency: %i' % (info, bestEfficiency)) print('%s Cofidence: %i' % (info, confidence))
params = getParams(target, paramData, GET) if not params and not find: quit() WAF = wafDetector(url, {list(params.keys())[0]: xsschecker}, headers, GET, delay) if WAF: print('%s WAF detected: %s%s%s' % (bad, green, WAF, end)) else: print('%s WAF Status: %sOffline%s' % (good, green, end)) if fuzz: for paramName in params.keys(): print('%s Fuzzing parameter: %s' % (info, paramName)) paramsCopy = copy.deepcopy(params) paramsCopy[paramName] = xsschecker fuzzer(url, paramsCopy, headers, GET, delay, WAF) quit() for paramName in params.keys(): paramsCopy = copy.deepcopy(params) print('%s Testing parameter: %s' % (info, paramName)) paramsCopy[paramName] = xsschecker response = requester(url, paramsCopy, headers, GET, delay).text occurences = htmlParser(response) if not occurences: print('%s No reflection found' % bad) continue else: print('%s Reflections found: %s' % (info, len(occurences))) print('%s Analysing reflections' % run) efficiencies = filterChecker(url, paramsCopy, headers, GET, delay,