def printResults(self): """ Print every result """ if len(self.results) == 0: print "\n[+] " + colored.yellow("RESULT:") + " No XSS Found :(" else: print "\n[+] " + colored.green("RESULT:") + " Found XSS Injection points in " + colored.green("%s" % len(self.results)) + " targets" for r in self.results: r.printResult() # Print javascript analysis if self.getOption("dom") and len(self.javascript) == 0: print "\n[+] " + colored.yeallow("RESULT:") + " No DOM XSS Found :(" if len(self.wl_javascript) != 0: for wlj in self.wl_javascript: print " |- Found a whitelisted javascript: %s" % wlj["description"] elif self.getOption("dom"): print "\n[+] " + colored.green("RESULT:") + " Found possible dom xss in " + colored.green("%s" % len(self.javascript)) + " javascripts" if len(self.wl_javascript) != 0: for wlj in self.wl_javascript: print " |- Found a whitelisted javascript: %s" % wlj["description"] for js in self.javascript: js.printResult()
def printResults(self): """ Print every result """ if len(self.results) == 0: print "\n[+] " + colored.yellow("RESULT:") + " No XSS Found :(" else: print "\n[+] " + colored.green( "RESULT:") + " Found XSS Injection points in " + colored.green( "%s" % len(self.results)) + " targets" for r in self.results: r.printResult() # Print javascript analysis if self.getOption("dom") and len(self.javascript) == 0: print "\n[+] " + colored.yellow("RESULT:") + " No DOM XSS Found :(" if len(self.wl_javascript) != 0: for wlj in self.wl_javascript: print " |- Found a whitelisted javascript: %s" % wlj[ "description"] elif self.getOption("dom"): print "\n[+] " + colored.green( "RESULT:") + " Found possible dom xss in " + colored.green( "%s" % len(self.javascript)) + " javascripts" if len(self.wl_javascript) != 0: for wlj in self.wl_javascript: print " |- Found a whitelisted javascript: %s" % wlj[ "description"] for js in self.javascript: js.printResult()
def printResult(self): if len(self.sources) > 0 | len(self.sinks) > 0: print " |--[!] Javascript: %s" % self.link if self.is_embedded: print " | |- Type: embedded" print " | |--[+] # Possible Sources: " + colored.green("%s" % len(self.sources)) for s in self.sources: print " | | |--[Line: %s] %s" % (s[0], s[1]) print " | |" print " | |--[+] # Possible Sinks: " + colored.green("%s" % len(self.sinks)) for s in self.sinks: print " | | |--[Line: %s] %s" % (s[0], s[1]) print " | |"
def printResult(self): if len(self.sources) > 0 | len(self.sinks) > 0: print " |--[!] Javascript: %s" % self.link if self.is_embedded: print " | |- Type: embedded" print " | |--[+] # Possible Sources: " + colored.green( "%s" % len(self.sources)) for s in self.sources: print " | | |--[Line: %s] %s" % (s[0], s[1]) print " | |" print " | |--[+] # Possible Sinks: " + colored.green( "%s" % len(self.sinks)) for s in self.sinks: print " | | |--[Line: %s] %s" % (s[0], s[1]) print " | |"
def _crawlForms(self): print "\n[+] Crawling for forms..." queue = self._getTargetsQueue() crawlers = [] for i in range(min(self.getOption('threads'), len(self.targets))): c = Crawler(self, queue, crawl_forms=True) c.setDaemon(True) crawlers.append(c) c.start() # Little hack to kill threads on SIGINT while True: try: if queue.empty() is True: break sys.stderr.write("\r |- Remaining targets: %s " % queue.qsize()) sys.stderr.flush() except KeyboardInterrupt: print "\n |- " + colored.yellow( "INTERRUPT!") + " Killing threads..." queue = Queue.Queue() break queue.join() # Harvest results results = [] errors = {} for c in crawlers: # results for r in c.results: results.append(r) # errors for ek, ev in c.errors.iteritems(): if errors.has_key(ek): errors[ek] += ev else: errors[ek] = ev results = set(results) if errors: print " |--[+] " + colored.red("CRAWL ERRORS!") for ek, ev in errors.iteritems(): print " | |- %sx: %s" % (len(ev), ek) if len(results) > 0: print " |- " + colored.green( "SUCCESS: ") + "Found %s unique forms." % len(results) else: print " |- " + colored.yellow("WARNING: ") + "No forms found." # Add targets for t in results: self.targets.append(t)
def printResult(self): print " |--[!] Target:\t%s" % self.target.getAbsoluteUrl() print " | |- Method:\t%s" % self.target.method print " | |- Query String:\t%s" % urlencode(self.target.params) for param, inj in self.injections.iteritems(): print " | |--[!] Param: %s" % param print " | | |- # Injections: " + colored.green("%s" % len(inj)) for k, i in enumerate(inj): print " | | |--#%s %s" % (k, i[0][1]) print " | |" return True
def _crawlTarget(self): print "\n[+] Crawling links..." # Build a queue and start crawlers queue = self._getTargetsQueue() crawlers = [] for i in range(min(self.getOption('threads'), len(self.targets))): c = Crawler(self, queue, crawl_links=True) c.setDaemon(True) crawlers.append(c) c.start() # Little hack to kill threads on SIGINT while True: try: if queue.empty() is True: break #x sys.stdout.write("\r Remaining targets: %s" % queue.qsize()) #sys.stdout.flush() except KeyboardInterrupt: print"\n |- " + colored.yellow("INTERRUPT!") + " Killing threads..." queue = Queue.Queue() break queue.join() # Harvest results results = [] errors = {} for c in crawlers: # results for r in c.results: results.append(r) # errors for ek, ev in c.errors.iteritems(): if errors.has_key(ek): errors[ek] += ev else: errors[ek] = ev results = set(results) if errors: print " |--[+] " + colored.red("CRAWL ERRORS!") for ek, ev in errors.iteritems(): print " | |- %sx: %s" % (len(ev), ek) if len(results) > 0: print " |- " + colored.green("SUCCESS: ") + "Found %s unique targets." % len(results) else: print " |- " + colored.yellow("WARNING: ") + "No new targets found." # Add targets for t in results: self.targets.append(t)