class Gui:
def __init__(self):
ctypes.windll.shell32.SetCurrentProcessExplicitAppUserModelID(
"myappid")
self.window = tkinter.Tk()
self.window.title("xssmap")
self.height = 800
self.width = 1024
self.window.geometry(
"%dx%d+%d+%d" %
(self.width, self.height,
(self.window.winfo_screenwidth() - self.width) / 2,
(self.window.winfo_screenheight() - self.height) / 2))
self.window.resizable(width=False, height=False)
self.window.iconbitmap("xssmap.ico")
self.text1 = None
self.text2 = None
self.text3 = None
self.button1 = None
self.button2 = None
self.button3 = None
self.finish = False
self.p = None
self.combobox = None
self.source = None
self.dist = None
self.index1 = 0
self.index2 = 0
self.ssl = 0
self.payload = Payload()
self.package = Package('', 0)
self.encode = Encode()
self.setframe1()
self.setframe2()
self.setframe3()
self.setframe4()
self.setframe5()
def setflag(self):
try:
self.text1.tag_configure('red', foreground='#DC143C')
self.text1.insert(tkinter.SEL_FIRST, "$", 'red')
self.text1.insert(tkinter.SEL_LAST, "$", 'red')
self.button1['state'] = tkinter.DISABLED
except tkinter.TclError:
messagebox.showerror("提示", "请选中标记参数")
def unsetflag(self):
content = self.text1.get("0.0", "end").strip('\n')
self.text1.delete("0.0", "end")
self.text1.insert("0.0", content.replace('$', ''))
self.button1['state'] = tkinter.NORMAL
self.text1.see(1000.0)
def valid(self):
data = self.source[0:self.
index1] + 'jimmywhite' + self.source[self.index2 +
1:]
self.package.setcontent(data)
self.package.setssl(self.ssl)
self.package.process()
self.package.setcontent(self.dist)
result = self.package.process()
if result.find('jimmywhite') > 0:
return True
return False
def typeone(self):
content = self.source[0:self.index1] + '<jimmywhite>' + self.source[
self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.source[0:self.index1] + self.encode.urlencode(
'<jimmywhite>') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.source[0:self.index1] + self.encode.unicodeencode(
'<jimmywhite>') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.source[0:self.index1] + self.encode.htmlencode(
'<jimmywhite>') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.source[0:self.index1] + self.encode.doubleencode(
'<jimmywhite>') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.source[0:self.index1] + self.encode.base64encode(
'<jimmywhite>') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
return False
def typetwo(self):
content = self.source[0:self.index1] + 'jimmywhite' + self.source[
self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find('"jimmywhite"') > 0:
return True
content = self.source[0:self.index1] + self.encode.doubleencode(
'jimmywhite') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find('"jimmywhite"') > 0:
return True
content = self.source[0:self.index1] + self.encode.base64encode(
'jimmywhite') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find('"jimmywhite"') > 0:
return True
content = self.source[0:self.index1] + self.encode.htmlencode(
'jimmywhite') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find('"jimmywhite"') > 0:
return True
content = self.source[0:self.index1] + self.encode.unicodeencode(
'jimmywhite') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find('"jimmywhite"') > 0:
return True
content = self.source[0:self.index1] + self.encode.urlencode(
'jimmywhite') + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find('"jimmywhite"') > 0:
return True
return False
def testone(self):
for i in range(0, self.payload.payloads1.__len__()):
content = self.source[0:self.index1] + self.payload.payloads1[
i] + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.payload.payloads1[i]
content = self.source[0:self.index1] + self.encode.urlencode(
self.payload.payloads1[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.urlencode(self.payload.payloads1[i])
content = self.source[0:self.index1] + self.encode.unicodeencode(
self.payload.payloads1[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.unicodeencode(self.payload.payloads1[i])
content = self.source[0:self.index1] + self.encode.htmlencode(
self.payload.payloads1[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.htmlencode(self.payload.payloads1[i])
content = self.source[0:self.index1] + self.encode.base64encode(
self.payload.payloads1[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.base64encode(self.payload.payloads1[i])
content = self.source[0:self.index1] + self.encode.doubleencode(
self.payload.payloads1[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.doubleencode(self.payload.payloads1[i])
content = self.source[0:self.index1] + self.encode.capsencode(
self.payload.payloads1[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
index = 0
while content.find(
self.encode.capsencode(self.payload.payloads1[i]),
index + 1) > 0:
index = content.find(
self.encode.capsencode(self.payload.payloads1[i]),
index + 1)
if content[index - 1] != '"':
return self.encode.capsencode(self.payload.payloads1[i])
return 'fail'
def testtwo(self):
for i in range(0, self.payload.payloads2.__len__()):
content = self.source[0:self.index1] + self.payload.payloads2[
i] + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find(self.payload.payloads2[i]) > 0:
return self.payload.payloads2[i]
content = self.source[0:self.index1] + self.encode.capsencode(
self.payload.payloads2[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find(self.encode.capsencode(
self.payload.payloads2[i])) > 0:
return self.encode.capsencode(self.payload.payloads2[i])
content = self.source[0:self.index1] + self.encode.doubleencode(
self.payload.payloads2[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find(self.payload.payloads2[i]) > 0:
return self.encode.doubleencode(self.payload.payloads2[i])
content = self.source[0:self.index1] + self.encode.base64encode(
self.payload.payloads2[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find(self.payload.payloads2[i]) > 0:
return self.encode.base64encode(self.payload.payloads2[i])
content = self.source[0:self.index1] + self.encode.htmlencode(
self.payload.payloads2[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find(self.payload.payloads2[i]) > 0:
return self.encode.htmlencode(self.payload.payloads2[i])
content = self.source[0:self.index1] + self.encode.unicodeencode(
self.payload.payloads2[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find(self.payload.payloads2[i]) > 0:
return self.encode.unicodeencode(self.payload.payloads2[i])
content = self.source[0:self.index1] + self.encode.urlencode(
self.payload.payloads2[i]) + self.source[self.index2 + 1:]
self.package.setcontent(content)
self.package.process()
self.package.setcontent(self.dist)
content = self.package.process()
if content.find(self.payload.payloads2[i]) > 0:
return self.encode.urlencode(self.payload.payloads2[i])
return 'fail'
def testxss(self):
if self.combobox.get() == 'http':
self.ssl = 0
else:
self.ssl = 1
flag = False
self.source = self.text1.get("0.0", "end")
self.dist = self.text2.get("0.0", "end")
self.index1 = self.source.find('$', 0)
self.index2 = self.source.find('$', self.index1 + 1)
if self.valid():
if self.typeone():
p = self.testone()
if p != 'fail':
self.p = p
self.text3.insert("end", "检测存在XSS!\n")
self.text3.insert("end", "PAYLOAD:" + self.p)
flag = True
if self.typetwo() and flag is False:
p = self.testtwo()
if p != 'fail':
self.p = p
self.text3.insert("end", "检测存在XSS!\n")
self.text3.insert("end", "PAYLOAD:" + self.p)
self.finish = True
def show(self):
while self.finish is False:
pass
tkinter.messagebox.showinfo('XSS检测成功', 'PAYLOAD:' + self.p)
def start(self):
self.button3['state'] = 'disabled'
thread.start_new_thread(self.testxss, ())
def setframe1(self):
frame = tkinter.Frame(self.window, height=300)
frame.pack(fill=tkinter.X)
frame.pack_propagate(0)
label = tkinter.Label(frame, text="XSS输入点")
label.pack()
self.text1 = tkinter.Text(frame)
self.text1.pack(fill=tkinter.X)
def setframe2(self):
frame = tkinter.Frame(self.window, height=50)
frame.pack(fill=tkinter.X)
frame.pack_propagate(0)
frame1 = tkinter.Frame(frame)
frame1.pack(side=tkinter.LEFT)
frame2 = tkinter.Frame(frame)
frame2.pack(side=tkinter.RIGHT)
self.button1 = tkinter.Button(frame1,
text="标记参数",
command=self.setflag,
cursor="hand2")
self.button1.pack(ipadx=200)
self.button2 = tkinter.Button(frame2,
text="清除标记",
command=self.unsetflag,
cursor="hand2")
self.button2.pack(ipadx=200)
def setframe3(self):
frame = tkinter.Frame(self.window, height=300)
frame.pack(fill=tkinter.X)
frame.pack_propagate(0)
label = tkinter.Label(frame, text="XSS输出点")
label.pack()
self.text2 = tkinter.Text(frame)
self.text2.pack(fill=tkinter.X)
def setframe4(self):
frame = tkinter.Frame(self.window, height=100)
frame.pack(fill=tkinter.X)
frame.pack_propagate(0)
label = tkinter.Label(frame, text="检测结果")
label.pack()
self.text3 = tkinter.Text(frame)
self.text3.pack(fill=tkinter.X)
def setframe5(self):
frame = tkinter.Frame(self.window, height=50)
frame1 = tkinter.Frame(frame, height=50)
frame2 = tkinter.Frame(frame, height=50)
frame.pack(fill=tkinter.X)
frame.pack_propagate(0)
frame1.pack(side=tkinter.LEFT)
frame2.pack(side=tkinter.RIGHT)
self.combobox = ttk.Combobox(frame1, state="readonly", width=5)
self.combobox['value'] = ['http', 'https']
self.combobox.current(0)
self.combobox.pack(ipadx=200)
self.button3 = tkinter.Button(frame2,
text="开始",
command=self.start,
cursor="hand2")
self.button3.pack(ipadx=200)
class Crawler:
def __init__(self, domain, threads, depth, times, headers, father):
self.domain = domain
if self.domain[self.domain.__len__() - 1] == '/':
self.domain = self.domain[0:self.domain.__len__() - 1]
self.threads = threads
self.times = times
self.cookies = {}
self.headers = {}
self.count = 0
self.controlthread = 0
self.depth = depth
self.father = father
self.realdomain = ''
self.payload = Payload()
self.encode = Encode()
if headers != '':
self.setheader(headers)
if 'https' in self.domain:
self.domain1 = self.domain.replace('https://', '')
self.domain2 = 'http://' + self.domain1
self.domain3 = 'http%3A%2F%2F' + self.domain1
self.domain4 = 'https%3A%2F%2F' + self.domain1
elif 'http' in self.domain:
self.domain1 = self.domain.replace('http://', '')
self.domain2 = 'https://' + self.domain1
self.domain3 = 'http%3A%2F%2F' + self.domain1
self.domain4 = 'https%3A%2F%2F' + self.domain1
else:
self.domain1 = 'http://' + self.domain
self.domain2 = 'https://' + self.domain
self.domain3 = 'http%3A%2F%2F' + self.domain
self.domain4 = 'https%3A%2F%2F' + self.domain
self.queue = Queue()
self.urlqueue = Queue()
self.lock = threading.RLock()
self.lock2 = threading.RLock()
self.lock3 = threading.RLock()
self.lock4 = threading.RLock()
self.lock5 = threading.RLock()
self.bloomfilter = ScalableBloomFilter(
initial_capacity=10000,
error_rate=0.001,
mode=ScalableBloomFilter.LARGE_SET_GROWTH)
self.bloomfilter2 = ScalableBloomFilter(
initial_capacity=10000,
error_rate=0.001,
mode=ScalableBloomFilter.LARGE_SET_GROWTH)
self.blacklist = [
'<', '{', '\'', '"', '.css', '.jpg', '.mp4', '.png', '.gif',
'.avi', '.jpeg', '.ico', '.mp3', '.pdf', 'docx', 'doc', 'bmp',
'.rmvb', '.zip', '.rar', '.exe', '.ppt', '.pptx', 'xls'
]
self.rule = 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+'
def black(self, url):
for i in self.blacklist:
if i in url:
return False
return True
def black2(self, url):
if '.js' in url and '.jsp' not in url:
if self.domain in url or self.domain1 in url or self.domain2 in url or self.domain3 in url or self.domain4 in url:
return True
else:
return False
if '.' + self.domain in url:
return False
if '.' + self.domain1 in url:
return False
if '.' + self.domain2 in url:
return False
if '.' + self.domain3 in url:
return False
if '.' + self.domain4 in url:
return False
if '=' + self.domain in url:
return False
if '=' + self.domain1 in url:
return False
if '=' + self.domain2 in url:
return False
if '=' + self.domain3 in url:
return False
if '=' + self.domain4 in url:
return False
if '/' + self.domain in url and '//' + self.domain not in url:
return False
if '/' + self.domain1 in url and '//' + self.domain1 not in url:
return False
if '/' + self.domain2 in url and '//' + self.domain2 not in url:
return False
if '/' + self.domain3 in url and '//' + self.domain3 not in url:
return False
if '/' + self.domain4 in url and '//' + self.domain4 not in url:
return False
if self.domain in url or self.domain1 in url or self.domain2 in url or self.domain3 in url or self.domain4 in url:
return True
else:
return False
def setheader(self, url):
index = 0
l = 0
url += '\n'
while index < url.__len__() - 1:
index = url.find(':', index)
index1 = url.find('\n', index)
index2 = url.find('\n', index1 + 1)
if ':' not in url[index1:index2]:
while ':' not in url[index1:index2]:
index3 = index2
index2 = url.find('\n', index2 + 1)
if index2 <= 0:
index2 = index3
break
else:
index2 = index1
if url[index + 1] != ' ':
self.headers.update(
{url[l:index]: url[index + 1:index2].replace('\n', '')})
else:
self.headers.update(
{url[l:index]: url[index + 2:index2].replace('\n', '')})
index = index2 + 1
l = index
def setcookies(self, cookies):
index = cookies.find('=')
index2 = cookies.find(';')
index3 = 0
self.lock2.acquire()
self.cookies.update({cookies[0:index]: cookies[index + 2:index2]})
self.lock2.release()
while cookies.find(',', index) > 0:
index = cookies.find(',', index3)
while cookies[index +
2] == '0' or cookies[index + 2] == '1' or cookies[
index + 2] == '2' or cookies[index + 2] == '3':
index = cookies.find(',', index + 1)
index2 = cookies.find('=', index)
index3 = cookies.find(';', index2)
self.lock2.acquire()
self.cookies.update(
{cookies[index + 2:index2]: cookies[index2 + 1:index3]})
self.lock2.release()
index = cookies.find(',', index + 1)
while cookies[index +
2] == '0' or cookies[index + 2] == '1' or cookies[
index + 2] == '2' or cookies[index + 2] == '3':
index = cookies.find(',', index + 1)
def stepone(self):
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
r = None
if 'http' in self.domain:
try:
r = requests.get(url=self.domain,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True)
self.realdomain = self.domain
except requests.exceptions.Timeout:
pass
except requests.exceptions.ConnectionError:
pass
except requests.exceptions.ChunkedEncodingError:
pass
else:
try:
r = requests.get(url="http://" + self.domain,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True)
self.realdomain = 'http://' + self.domain
except requests.exceptions.Timeout:
pass
except requests.exceptions.ConnectionError:
pass
except requests.exceptions.ChunkedEncodingError:
pass
if r.text.__len__() < 100:
try:
r = requests.get(url="https://" + self.domain,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True)
self.realdomain = 'https://' + self.domain
except requests.exceptions.Timeout:
pass
except requests.exceptions.ConnectionError:
pass
except requests.exceptions.ChunkedEncodingError:
pass
content = r.text
print content
if r.headers.get('Set-Cookie'):
cookies = r.headers['Set-Cookie']
self.setcookies(cookies)
href = re.findall(self.rule, content)
href2 = re.findall('href="(.*?)"', content)
href3 = re.findall('href=(.*?)>', content)
if href.__len__() > 0:
for url in href:
if self.black(url):
if url.__len__() > 0:
if url[0] == '/':
url = url.replace('//', '')
url = url.replace('&', '&')
if self.black2(url):
if not self.bloomfilter.add(url):
self.queue.put(url)
if href2.__len__() > 0:
for url in href2:
if '//' not in url:
if self.black(url):
if url.__len__() > 0:
url = url.replace('&', '&')
if url[0] != '/':
url = '/' + url
if self.black2(self.realdomain + url):
if not self.bloomfilter.add(self.realdomain +
url):
self.queue.put(self.realdomain + url)
if href3.__len__() > 0:
for url in href3:
url = url.replace('"', '')
if '//' not in url:
if self.black(url):
if url.__len__() > 0:
url = url.replace('&', '&')
if url[0] != '/':
url = '/' + url
if self.black2(self.realdomain + url):
if not self.bloomfilter.add(self.realdomain +
url):
self.queue.put(self.realdomain + url)
for i in range(0, 100):
self.queue.put("https://www.baidu.com")
locks = []
for i in range(0, self.threads):
lock = threading.Lock()
locks.append(lock)
thread.start_new_thread(self.steptwo, (lock, ))
time.sleep(5)
for lock in locks:
while lock.locked():
pass
time.sleep(1000)
'''locks = []
for i in range(0, 20):
lock = threading.Lock()
locks.append(lock)
thread.start_new_thread(self.testxss, (lock,))
time.sleep(5)
for lock in locks:
while lock.locked():
pass
print 1
time.sleep(1000)'''
def steptwo(self, minilock):
minilock.acquire()
while True:
self.lock.acquire()
self.count += 1
if self.queue.qsize() < 1:
self.lock.release()
break
url = self.queue.get()
self.lock.release()
url = url.replace('&', '&')
if '?' in url and '=' in url:
self.stepthree(url)
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
if 'http' in url:
try:
if self.headers:
r = requests.get(url=url,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True)
else:
self.lock2.acquire()
cookies = self.cookies
self.lock2.release()
r = requests.get(url=url,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True,
cookies=cookies)
except requests.exceptions.Timeout:
pass
except requests.exceptions.ConnectionError:
pass
except requests.exceptions.ChunkedEncodingError:
pass
else:
try:
if self.headers:
r = requests.get(url="http://" + url,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True)
else:
self.lock2.acquire()
cookies = self.cookies
self.lock2.release()
r = requests.get(url="http://" + url,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True,
cookies=cookies)
except requests.exceptions.Timeout:
pass
except requests.exceptions.ConnectionError:
pass
except requests.exceptions.ChunkedEncodingError:
pass
if r.text.__len__() < 100:
try:
if self.headers:
r = requests.get(url="https://" + url,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True)
else:
self.lock2.acquire()
cookies = self.cookies
self.lock2.release()
r = requests.get(url="https://" + url,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True,
cookies=cookies)
except requests.exceptions.Timeout:
pass
except requests.exceptions.ConnectionError:
pass
except requests.exceptions.ChunkedEncodingError:
pass
if r.status_code == 200:
try:
content = r.text
except requests.exceptions.ConnectionError:
continue
except AttributeError:
continue
except requests.exceptions.ChunkedEncodingError:
continue
else:
continue
if r.headers.get('Set-Cookie'):
cookies = r.headers['Set-Cookie']
self.setcookies(cookies)
href = re.findall(self.rule, content)
href2 = re.findall('href="(.*?)"', content)
if href.__len__() > 0:
for url in href:
if self.black(url):
if url.__len__() > 0:
if url[0] == '/':
url = url.replace('//', '')
url = url.replace('&', '&')
if self.black2(url):
if not self.bloomfilter.add(url):
self.queue.put(url)
if href2.__len__() > 0:
for url in href2:
if '//' not in url:
if self.black(url):
if url.__len__() > 0:
url = url.replace('&', '&')
if url[0] != '/':
url = '/' + url
if self.black2(self.realdomain + url):
if not self.bloomfilter.add(
self.realdomain + url):
self.queue.put(self.realdomain + url)
if self.count > self.depth:
break
minilock.release()
def stepthree(self, url):
url += '&'
index2 = url.find('=') + 1
newurl = url[0:url.find('=') + 1] + 'xss'
while True:
index1 = url.find('&', index2 + 1)
index2 = url.find('=', index2 + 1)
if index1 > 0 and index2 > 0:
newurl += url[index1:index2] + '=xss'
else:
break
if not self.bloomfilter2.add(newurl):
self.urlqueue.put(url[0:url.__len__() - 1])
self.lock5.acquire()
self.father.text2.insert("end", url[0:url.__len__() - 1] + '\n')
self.lock5.release()
if self.controlthread < 20:
thread.start_new_thread(self.testxss, (None, ))
def network(self, url):
try:
if self.headers:
r = requests.get(url=url,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True)
else:
self.lock2.acquire()
cookies = self.cookies
r = requests.get(url=url,
verify=False,
timeout=(self.times, self.times),
headers=self.headers,
stream=True,
cookies=cookies)
self.lock2.release()
except requests.exceptions.Timeout:
pass
except requests.exceptions.ConnectionError:
pass
except requests.exceptions.ChunkedEncodingError:
pass
return r.text
def valid(self, url, index1, index2):
url = url[0:index1 + 1] + 'jimmywhite' + url[index2:]
url = url.strip('&')
if self.network(url).find('jimmywhite') > 0:
return True
else:
return False
def typeone(self, url, index1, index2):
url = url.strip('&')
content = self.network(url[0:index1 + 1] + '<jimmywhite>' +
url[index2:])
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.network(url[0:index1 + 1] +
self.encode.capsencode('<jimmywhite>') +
url[index2:])
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.network(url[0:index1 + 1] +
self.encode.doubleencode('<jimmywhite>') +
url[index2:])
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.network(url[0:index1 + 1] +
self.encode.htmlencode('<jimmywhite>') +
url[index2:])
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.network(url[0:index1 + 1] +
self.encode.unicodeencode('<jimmywhite>') +
url[index2:])
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
content = self.network(url[0:index1 + 1] +
self.encode.urlencode('<jimmywhite>') +
url[index2:])
index = 0
while content.find('<jimmywhite>', index + 2) > 0:
index = content.find('<jimmywhite>', index + 2)
if content[index - 1] != '"':
return True
return False
def typetwo(self, url, index1, index2):
url = url.strip('&')
if self.network(url[0:index1 + 1] + 'jimmywhite' +
url[index2:]).find('"jimmywhite"') > 0:
return True
if self.network(url[0:index1 + 1] +
self.encode.capsencode('jimmywhite') +
url[index2:]).find('"jimmywhite"') > 0:
return True
if self.network(url[0:index1 + 1] +
self.encode.doubleencode('jimmywhite') +
url[index2:]).find('"jimmywhite"') > 0:
return True
if self.network(url[0:index1 + 1] +
self.encode.htmlencode('jimmywhite') +
url[index2:]).find('<"jimmywhite"') > 0:
return True
if self.network(url[0:index1 + 1] +
self.encode.unicodeencode('jimmywhite') +
url[index2:]).find('"jimmywhite"') > 0:
return True
if self.network(url[0:index1 + 1] +
self.encode.urlencode('jimmywhite') +
url[index2:]).find('"jimmywhite"') > 0:
return True
if self.network(url[0:index1 + 1] +
self.encode.base64encode('jimmywhite') +
url[index2:]).find('"jimmywhite"') > 0:
return True
return False
def testone(self, url, index1, index2):
url = url.strip('&')
for i in range(0, self.payload.payloads1.__len__()):
content = self.network(url[0:index1 + 1] +
self.payload.payloads1[i] + url[index2:])
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.payload.payloads1[i]
content = self.network(
url[0:index1 + 1] +
self.encode.capsencode(self.payload.payloads1[i]) +
url[index2:])
index = 0
while content.find(
self.encode.capsencode(self.payload.payloads1[i]),
index + 1) > 0:
index = content.find(
self.encode.capsencode(self.payload.payloads1[i]),
index + 1)
if content[index - 1] != '"':
return self.encode.capsencode(self.payload.payloads1[i])
content = self.network(
url[0:index1 + 1] +
self.encode.urlencode(self.payload.payloads1[i]) +
url[index2:])
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.urlencode(self.payload.payloads1[i])
content = self.network(
url[0:index1 + 1] +
self.encode.unicodeencode(self.payload.payloads1[i]) +
url[index2:])
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.unicodeencode(self.payload.payloads1[i])
content = self.network(
url[0:index1 + 1] +
self.encode.htmlencode(self.payload.payloads1[i]) +
url[index2:])
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.htmlencode(self.payload.payloads1[i])
content = self.network(
url[0:index1 + 1] +
self.encode.doubleencode(self.payload.payloads1[i]) +
url[index2:])
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.doubleencode(self.payload.payloads1[i])
content = self.network(
url[0:index1 + 1] +
self.encode.base64encode(self.payload.payloads1[i]) +
url[index2:])
index = 0
while content.find(self.payload.payloads1[i], index + 1) > 0:
index = content.find(self.payload.payloads1[i], index + 1)
if content[index - 1] != '"':
return self.encode.base64encode(self.payload.payloads1[i])
return 'fail'
def testtwo(self, url, index1, index2):
url = url.strip('&')
for i in range(0, self.payload.payloads2.__len__()):
if self.network(url[0:index1 + 1] + self.payload.payloads2[i] +
url[index2:]).find(self.payload.payloads2[i]) > 0:
return self.payload.payloads2[i]
if self.network(url[0:index1 + 1] +
self.encode.capsencode(self.payload.payloads2[i]) +
url[index2:]).find(
self.encode.capsencode(
self.payload.payloads2[i])) > 0:
return self.encode.capsencode(self.payload.payloads2[i])
if self.network(url[0:index1 + 1] + self.encode.doubleencode(
self.payload.payloads2[i]) + url[index2:]).find(
self.payload.payloads2[i]) > 0:
return self.encode.doubleencode(self.payload.payloads2[i])
if self.network(url[0:index1 + 1] +
self.encode.htmlencode(self.payload.payloads2[i]) +
url[index2:]).find(self.payload.payloads2[i]) > 0:
return self.encode.htmlencode(self.payload.payloads2[i])
if self.network(url[0:index1 + 1] + self.encode.unicodeencode(
self.payload.payloads2[i]) + url[index2:]).find(
self.payload.payloads2[i]) > 0:
return self.encode.unicodeencode(self.payload.payloads2[i])
if self.network(url[0:index1 + 1] +
self.encode.urlencode(self.payload.payloads2[i]) +
url[index2:]).find(self.payload.payloads2[i]) > 0:
return self.encode.urlencode(self.payload.payloads2[i])
if self.network(url[0:index1 + 1] + self.encode.base64encode(
self.payload.payloads2[i]) + url[index2:]).find(
self.payload.payloads2[i]) > 0:
return self.encode.base64encode(self.payload.payloads2[i])
return 'fail'
def testthree(self, url, index1, index2):
url = url.strip('&')
for i in range(0, self.payload.payloads3.__len__()):
if self.network(url[0:index1 + 1] + self.payload.payloads3[i] +
url[index2:]).find(self.payload.payloads3[i]) > 0:
return self.payload.payloads3[i] + url[index2:]
if self.network(url[0:index1 + 1] +
self.encode.capsencode(self.payload.payloads3[i]) +
url[index2:]).find(
self.encode.capsencode(
self.payload.payloads3[i])) > 0:
return self.encode.capsencode(self.payload.payloads3[i])
if self.network(url[0:index1 + 1] + self.encode.doubleencode(
self.payload.payloads3[i]) + url[index2:]).find(
self.payload.payloads3[i]) > 0:
return self.encode.doubleencode(self.payload.payloads3[i])
if self.network(url[0:index1 + 1] +
self.encode.htmlencode(self.payload.payloads3[i]) +
url[index2:]).find(self.payload.payloads3[i]) > 0:
return self.encode.htmlencode(self.payload.payloads3[i])
if self.network(url[0:index1 + 1] + self.encode.unicodeencode(
self.payload.payloads3[i]) + url[index2:]).find(
self.payload.payloads3[i]) > 0:
return self.encode.unicodeencode(self.payload.payloads3[i])
if self.network(url[0:index1 + 1] +
self.encode.urlencode(self.payload.payloads3[i]) +
url[index2:]).find(self.payload.payloads3[i]) > 0:
return self.encode.urlencode(self.payload.payloads3[i])
if self.network(url[0:index1 + 1] + self.encode.base64encode(
self.payload.payloads3[i]) + url[index2:]).find(
self.payload.payloads3[i]) > 0:
return self.encode.base64encode(self.payload.payloads3[i])
return 'fail'
def testxss(self, minilock):
# minilock.acquire()
self.lock3.acquire()
self.controlthread += 1
if not self.urlqueue.empty():
url = self.urlqueue.get()
else:
self.lock3.release()
return
self.lock3.release()
url += '&'
index2 = 0
index3 = url.find('?')
while True:
index1 = url.find('=', index2 + 1)
index2 = url.find('&', index2 + 1)
if index3 != url.find('?'):
index3 = index2
if index1 > 0 and index2 > 0:
if self.valid(url, index1, index2):
if self.typeone(url, index1, index2):
p = self.testone(url, index1, index2)
if p != 'fail':
self.lock4.acquire()
self.father.text3.insert(
"end", 'URL:' + url.strip('&') + '\n')
self.father.text3.insert(
"end", 'VAR:' + url[index3 + 1:index1] + '\n')
self.father.text3.insert("end",
'PAYLOAD:' + p + '\n')
self.father.text3.insert(
"end", 'XSSURL:' + url[0:index1 + 1] + p +
url[index2:].strip('&') + '\n')
self.father.text3.insert("end", '\n')
self.lock4.release()
continue
if self.typetwo(url, index1, index2):
p = self.testtwo(url, index1, index2)
if p != 'fail':
self.lock4.acquire()
self.father.text3.insert(
"end", 'URL:' + url.strip('&') + '\n')
self.father.text3.insert(
"end", 'VAR:' + url[index3 + 1:index1] + '\n')
self.father.text3.insert("end",
'PAYLOAD:' + p + '\n')
self.father.text3.insert(
"end", 'XSSURL:' + url[0:index1 + 1] + p +
url[index2:].strip('&') + '\n')
self.father.text3.insert("end", '\n')
self.lock4.release()
continue
'''if self.testthree(url, index1, index2):
p = self.testthree(url, index1, index2)
if p != 'fail':
self.lock4.acquire()
self.father.text3.insert("end", 'URL:' + url.strip('&') + '\n')
self.father.text3.insert("end", 'VAR:' + url[index3 + 1: index1] + '\n')
self.father.text3.insert("end", 'PAYLOAD:' + p + '\n')
self.father.text3.insert("end", 'XSSURL:' + url[0:index1 + 1] + p + url[index2:].strip('&') + '\n')
self.father.text3.insert("end", '\n')
self.lock4.release()
continue'''
else:
break