Exemplo n.º 1
0
 def run(self):
     """ Run """
     info('Checking XSS..')
     URL = None
     DATA = None
     PAYLOAD = None
     for payload in pxss():
         # post method
         if self.data:
             # data add payload
             rPayload = padd(self.url, payload, self.data)
             for data in rPayload.run():
                 # send request
                 req = self.Send(url=self.url, method=self.post, data=data)
                 # search payload in req.content
                 if search(payload, req.content):
                     URL = req.url
                     DATA = data
                     PAYLOAD = payload
                     break
         # get method
         else:
             # url query add payload
             urls = padd(self.url, payload, None)
             for url in urls.run():
                 # send request
                 req = self.Send(url=url, method=self.get)
                 # search payload in req.content
                 if search(payload, req.content):
                     URL = url
                     PAYLOAD = payload
                     break
             # if URL and PAYLOAD not empty
             if URL and PAYLOAD:
                 return True
Exemplo n.º 2
0
 def useragent(self):
     """ Check user-agent """
     for payload in pxss():
         headers = {'User-Agent': '{}'.format(payload)}
         req = self.Send(url=self.url, method=self.get, headers=headers)
         # search payload in content
         if search(payload, req.content):
             return True
Exemplo n.º 3
0
 def referer(self):
     """ Check referer """
     for payload in pxss():
         headers = {'Referer': '{}'.format(payload)}
         req = self.Send(url=self.url, method=self.get, headers=headers)
         # search payload in content
         if search(payload, req.content):
             return True
Exemplo n.º 4
0
 def cookie(self):
     """ Check cookie """
     for payload in pxss():
         headers = {'Cookie': '{}'.format(payload)}
         req = self.Send(url=self.url, method=self.get, headers=headers)
         # search payload in content
         if search(payload, req.content):
             return True
Exemplo n.º 5
0
 def useragent(self):
     """ Check user-agent """
     for payload in pxss():
         headers = {'User-Agent': '{}'.format(payload)}
         req = self.Send(url=self.url, method=self.get, headers=headers)
         # search payload in content
         if search(payload, req.content):
             plus(
                 "A potential \"Cross-Site Scripting (XSS)\" was found at user-agent header value:"
             )
             more("URL: {}".format(req.url))
             more("PAYLOAD: {}".format(payload))
Exemplo n.º 6
0
 def referer(self):
     """ Check referer """
     for payload in pxss():
         headers = {'Referer': '{}'.format(payload)}
         req = self.Send(url=self.url, method=self.get, headers=headers)
         # search payload in content
         if search(str(payload), str(req.content)):
             plus(
                 "A potential \"Cross-Site Scripting (XSS)\" was found at referer header value:"
             )
             more("URL: {}".format(req.url))
             more("PAYLOAD: {}".format(payload))
Exemplo n.º 7
0
 def run(self):
     """ Run """
     info('Checking XSS..')
     URL = None
     DATA = None
     PAYLOAD = None
     for payload in pxss():
         # post method
         if self.data:
             # data add payload
             rPayload = padd(self.url, payload, self.data)
             for data in rPayload.run():
                 # send request
                 req = self.Send(url=self.url, method=self.post, data=data)
                 # search payload in req.content
                 if search(payload, req.content):
                     URL = req.url
                     DATA = data
                     PAYLOAD = payload
                     break
         # get method
         else:
             # url query add payload
             urls = padd(self.url, payload, None)
             for url in urls.run():
                 # send request
                 req = self.Send(url=url, method=self.get)
                 # search payload in req.content
                 if search(payload, req.content):
                     URL = url
                     PAYLOAD = payload
                     break
             # if URL and PAYLOAD not empty
             if URL and PAYLOAD:
                 # print
                 if DATA != None:
                     plus(
                         "A potential \"Cross-Site Scripting (XSS)\" was found at:"
                     )
                     more("URL: {}".format(URL))
                     more("POST DATA: {}".format(DATA))
                     more("PAYLOAD: {}".format(PAYLOAD))
                     return True, PAYLOAD
                 elif DATA == None:
                     plus(
                         "A potential \"Cross-Site Scripting (XSS)\" was found at:"
                     )
                     more("URL: {}".format(URL))
                     more("PAYLOAD: {}".format(PAYLOAD))
                     return True, PAYLOAD
                 # break
                 break
Exemplo n.º 8
0
 def cookie(self):
     """ Check cookie """
     for payload in pxss():
         headers = {'Cookie': '{}'.format(payload)}
         req = self.Send(url=self.url, method=self.get, headers=headers)
         # search payload in content
         if search(payload, req.content):
             plus(
                 "A potential \"Cross-Site Scripting (XSS)\" was found at cookie header value:"
             )
             more("URL: {}".format(req.url))
             more("PAYLOAD: {}".format(payload))
             return True, payload