def run(self): """ Run """ info('Checking XSS..') URL = None DATA = None PAYLOAD = None for payload in pxss(): # post method if self.data: # data add payload rPayload = padd(self.url, payload, self.data) for data in rPayload.run(): # send request req = self.Send(url=self.url, method=self.post, data=data) # search payload in req.content if search(payload, req.content): URL = req.url DATA = data PAYLOAD = payload break # get method else: # url query add payload urls = padd(self.url, payload, None) for url in urls.run(): # send request req = self.Send(url=url, method=self.get) # search payload in req.content if search(payload, req.content): URL = url PAYLOAD = payload break # if URL and PAYLOAD not empty if URL and PAYLOAD: return True
def useragent(self): """ Check user-agent """ for payload in pxss(): headers = {'User-Agent': '{}'.format(payload)} req = self.Send(url=self.url, method=self.get, headers=headers) # search payload in content if search(payload, req.content): return True
def referer(self): """ Check referer """ for payload in pxss(): headers = {'Referer': '{}'.format(payload)} req = self.Send(url=self.url, method=self.get, headers=headers) # search payload in content if search(payload, req.content): return True
def cookie(self): """ Check cookie """ for payload in pxss(): headers = {'Cookie': '{}'.format(payload)} req = self.Send(url=self.url, method=self.get, headers=headers) # search payload in content if search(payload, req.content): return True
def useragent(self): """ Check user-agent """ for payload in pxss(): headers = {'User-Agent': '{}'.format(payload)} req = self.Send(url=self.url, method=self.get, headers=headers) # search payload in content if search(payload, req.content): plus( "A potential \"Cross-Site Scripting (XSS)\" was found at user-agent header value:" ) more("URL: {}".format(req.url)) more("PAYLOAD: {}".format(payload))
def referer(self): """ Check referer """ for payload in pxss(): headers = {'Referer': '{}'.format(payload)} req = self.Send(url=self.url, method=self.get, headers=headers) # search payload in content if search(str(payload), str(req.content)): plus( "A potential \"Cross-Site Scripting (XSS)\" was found at referer header value:" ) more("URL: {}".format(req.url)) more("PAYLOAD: {}".format(payload))
def run(self): """ Run """ info('Checking XSS..') URL = None DATA = None PAYLOAD = None for payload in pxss(): # post method if self.data: # data add payload rPayload = padd(self.url, payload, self.data) for data in rPayload.run(): # send request req = self.Send(url=self.url, method=self.post, data=data) # search payload in req.content if search(payload, req.content): URL = req.url DATA = data PAYLOAD = payload break # get method else: # url query add payload urls = padd(self.url, payload, None) for url in urls.run(): # send request req = self.Send(url=url, method=self.get) # search payload in req.content if search(payload, req.content): URL = url PAYLOAD = payload break # if URL and PAYLOAD not empty if URL and PAYLOAD: # print if DATA != None: plus( "A potential \"Cross-Site Scripting (XSS)\" was found at:" ) more("URL: {}".format(URL)) more("POST DATA: {}".format(DATA)) more("PAYLOAD: {}".format(PAYLOAD)) return True, PAYLOAD elif DATA == None: plus( "A potential \"Cross-Site Scripting (XSS)\" was found at:" ) more("URL: {}".format(URL)) more("PAYLOAD: {}".format(PAYLOAD)) return True, PAYLOAD # break break
def cookie(self): """ Check cookie """ for payload in pxss(): headers = {'Cookie': '{}'.format(payload)} req = self.Send(url=self.url, method=self.get, headers=headers) # search payload in content if search(payload, req.content): plus( "A potential \"Cross-Site Scripting (XSS)\" was found at cookie header value:" ) more("URL: {}".format(req.url)) more("PAYLOAD: {}".format(payload)) return True, payload