forked from infodox/xsssniper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
xsssniper.py
136 lines (115 loc) · 5.21 KB
/
xsssniper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#/usr/bin/env python
import os
try:
import hgapi
except ImportError:
print "\n[X] Please install hgapi module:"
print " $ pip install \n"
exit()
from optparse import OptionParser
from core.target import Target
from core.engine import Engine
from core.packages.clint.textui import colored
from core.cli import success, warning, error
def banner():
print """
db db .d8888. .d8888. .d8888. d8b db d888888b d8888b. d88888b d8888b.
`8b d8' 88' YP 88' YP 88' YP 888o 88 `88' 88 `8D 88' 88 `8D
`8bd8' `8bo. `8bo. `8bo. 88V8o 88 88 88oodD' 88ooooo 88oobY'
.dPYb. `Y8b. `Y8b. `Y8b. 88 V8o88 88 88~~~ 88~~~~~ 88`8b
.8P Y8. db 8D db 8D db 8D 88 V888 .88. 88 88. 88 `88.
YP YP `8888Y' `8888Y' `8888Y' VP V8P Y888888P 88 Y88888P 88 YD
----[ version 0.9 Gianluca Brindisi <g@brindi.si> ]----
http://brindi.si/g/ ]----
-----------------------------------------------------------------------------
| Scanning targets without prior mutual consent is illegal. It is the end |
| user's responsibility to obey all applicable local, state and federal laws. |
| Authors assume no liability and are not responsible for any misuse or |
| damage caused by this program. |
-----------------------------------------------------------------------------
"""
def main():
banner()
usage = "usage: %prog [options]"
parser = OptionParser(usage=usage)
parser.add_option("-u", "--url", dest="url", help="target URL")
parser.add_option("--post", dest="post", default=False, action="store_true",
help="try a post request to target url")
parser.add_option("--data", dest="post_data", help="posta data to use")
parser.add_option("--threads", dest="threads", default=1,
help="number of threads")
parser.add_option("--http-proxy", dest="http_proxy",
help="scan behind given proxy (format: 127.0.0.1:80)")
parser.add_option("--tor", dest="tor", default=False, action="store_true",
help="scan behind default Tor")
parser.add_option("--crawl", dest="crawl", default=False, action="store_true",
help="crawl target url for other links to test")
parser.add_option("--forms", dest="forms", default=False, action="store_true",
help="crawl target url looking for forms to test")
parser.add_option("--user-agent", dest="user_agent",
help="provide an user agent")
parser.add_option("--random-agent", dest="random_agent", default=False,
action="store_true",
help="perform scan with random user agents")
parser.add_option("--cookie", dest="cookie",
help="use a cookie to perform scans")
parser.add_option("--dom", dest="dom", default=False, action="store_true",
help="basic heuristic to detect dom xss")
(options, args) = parser.parse_args()
if options.url is None:
parser.print_help()
exit()
# Build a first target
print "[+] TARGET: %s" % options.url
if options.post is True:
print " |- METHOD: POST"
if options.post_data is not None:
print " |- POST data: %s" % options.post_data
t = Target(options.url, method = 'POST', data = options.post_data)
else:
error('No POST data specified: use --data', ' |- ')
exit()
else:
print " |- METHOD: GET"
t = Target(options.url)
# Build a scanner
s = Engine(t)
# Lets parse options for some proxy setting
if options.http_proxy is not None and options.tor is True:
error('No --tor and --http-proxy together!', ' |- ')
exit()
elif options.tor is False and options.http_proxy is not None:
s.addOption("http-proxy", options.http_proxy)
print " |- PROXY: %s" % options.http_proxy
elif options.tor is True:
s.addOption("http-proxy", "127.0.0.1:8118")
print " |- PROXY: 127.0.0.1:8118"
# User Agent option provided?
if options.user_agent is not None and options.random_agent is True:
error('No --user-agent and --random-agent together!', ' |- ')
elif options.random_agent is False and options.user_agent is not None:
s.addOption("ua", options.user_agent)
print " |- USER-AGENT: %s" % options.user_agent
elif options.random_agent is True:
s.addOption("ua", "RANDOM")
print " |- USER-AGENT: RANDOM"
# Cookies?
if options.cookie is not None:
s.addOption("cookie", options.cookie)
print " |- COOKIE: %s" % options.cookie
# Do you want to crawl?
if options.crawl is True:
s.addOption("crawl", True)
# Do you want to crawl forms?
if options.forms is True:
s.addOption("forms", True)
# Dom scan?
if options.dom is True:
s.addOption("dom", True)
# How many threads?
s.addOption("threads", int(options.threads))
# Start the scanning
if s.start():
exit()
if __name__ == '__main__':
main()