try: resp_file = open(path + '/' + 'response.txt', 'r') except IOError: print "Cannot read the file response.txt" print "Exiting..." sys.exit(0) scr_file.seek(0) count = counter.count('\n') cr = 0 dr = 0 param = None print "payload count: %d\n" % (count) c_l = f_p() postdata = c_l.c_l(postdata) ba = s_c.cscr() csrfprint = a_cf.p_cf() cc = rqs() response_data = rs_p.resp() checklogout = lgt() data, respcode, requrl, respurl = cc.send_req(postdata, options.ssl, options.contimeout, options.shreflected) for a in range(0, count + 1): if options.scanone == True: cnt = 0 checklogout.cklgt(data, options.logout, options.logoutcode, respcode, requrl, respurl, options.shreflected) if options.timedelay != None: time.sleep(options.timedelay) resp = resp_file.readline() resp = resp.rstrip()
def xssrun(self,postdata,mode,log): reload(s_c) CRLF = '\r\n\r\n' path = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe()))) try: scr_file = open(path+'/'+'script.txt','r') except IOError: print colored("Cannot read the script file script.txt",'white','on_red') print colored("Exiting...",'red') sys.exit(0) counter = scr_file.read() try: resp_file = open(path+'/'+'response.txt','r') except IOError: print colored("Cannot read the file response.txt",'white','on_red') print colored("Exiting...",'red') sys.exit(0) scr_file.seek(0) count = counter.count('\n') cr = 0 dr = 0 param = None print colored("payload count: %d" %(count),'yellow') c_l = f_p() postdata = c_l.c_l(postdata) ba = s_c.cscr() csrfprint = a_cf.p_cf() cc = rqs() response_data = rs_p.resp() checklogout = lgt() data,respcode,requrl,respurl = cc.send_req(postdata,options.ssl,options.contimeout,options.shreflected,mode,log) for a in range(0,count+1): if options.scanone == True: cnt = 0 checklogout.cklgt(data,options.logout,options.logoutcode,respcode,requrl,respurl,options.shreflected) if options.timedelay !=None: time.sleep(options.timedelay) resp = resp_file.readline() resp = resp.rstrip() postdata1, bb= ba.a_scr(postdata,options.urlencode) if bb == '' or bb == None: continue if options.blacklist !='' and options.blacklist !=None: try: for dd in options.blacklist.split(','): de = urllib.unquote(bb) if de.upper().lower().find(dd.upper().lower()) >=0: cnt = cnt+1 except: print colored('Black list data not provided in proper format.\nPlease include the characters within "" and separate each character using comma.\nEg:"$,@,!"','white','on_red') sys.exit(0) if cnt >0: continue if options.csrftoken != None and log == False: postdata1 = csrfprint.da_cf(postdata1,data,options.csrftoken,options.shreflected) postdata1 = c_l.c_l(postdata1) print colored("-----------------------------------------------------------",'cyan') if options.verbose == True: print "Request:\n",postdata1 print "Trying payload: '%s'" %(bb.replace('+',' ')) data,respcode,requrl,respurl = cc.send_req(postdata1,options.ssl,options.contimeout,options.shreflected,mode,log) print "Response status code observed: %s" %(respcode) rp,fl = response_data.resp1(data,resp,bb,None,options.strip) cr +=rp else: resp = resp_file.readline() resp = resp.rstrip() for postdata1,bc,bd in ba.scr_iter(postdata,options.csrftoken,options.skipparam,options.urlencode,options.increferer,param): cnt = 0 checklogout.cklgt(data,options.logout,options.logoutcode,respcode,requrl,respurl,options.shreflected) if options.timedelay !=None: time.sleep(options.timedelay) if bc == '' or bc ==None: continue if options.blacklist !='' and options.blacklist !=None: try: for dd in options.blacklist.split(','): de = urllib.unquote(bc) if de.upper().lower().find(dd.upper().lower()) >=0: cnt = cnt+1 except: print colored('Black list data not provided in proper format.\nPlease include the characters within "" and separate each character using comma.\nEg:"$,@,!"','white','on_red') if cnt >0: continue if options.csrftoken != None and log == False: postdata1 = csrfprint.da_cf(postdata1,data,options.csrftoken,options.shreflected) postdata1 = c_l.c_l(postdata1) print colored("-----------------------------------------------------------",'cyan') if options.verbose == True: print "Request:\n",postdata1 print "Trying payload: '%s' on parameter '%s'" %(bc.replace('+',' '),bd) data,respcode,requrl,respurl = cc.send_req(postdata1,options.ssl,options.contimeout,options.shreflected,mode,log) print "Response status code observed: %s" %(respcode) rp,fl = response_data.resp1(data,resp,bc,bd,options.strip) cr +=rp dr +=fl if dr ==1 and log == False: dr +=1 print colored("\n-------------------------------------------------------------\n",'cyan') print colored("Reflection was found on parameter '%s'" %(bd),'white','on_green') print colored("Press 'y' to continue scanning all parameters, 't' to scan only this parameter for other payloads and 'n' to exit",'yellow') while True: try: input = raw_input(colored("Press 'y' or 't' or 'n'...\n",'yellow')) except KeyboardInterrupt, e: print colored("\n---------------------------------------------------------------\nScanning interrupted",'yellow') print colored("Scan result observed till now is stored in reflected.txt file\n",'yellow') sys.exit(0) if input.lower() == 'y': break if input.lower() == 't': param = bd break if input.lower() == 'n': print colored("Exiting...",'red') print colored("The reflection results are stored in reflected.txt file",'green') scr_file.close() resp_file.close() sys.exit(0)
try: resp_file = open(path+'/'+'response.txt','r') except IOError: print "Cannot read the file response.txt" print "Exiting..." sys.exit(0) scr_file.seek(0) count = counter.count('\n') cr = 0 dr = 0 param = None print "payload count: %d\n" %(count) c_l = f_p() postdata = c_l.c_l(postdata) ba = s_c.cscr() csrfprint = a_cf.p_cf() cc = rqs() response_data = rs_p.resp() checklogout = lgt() data,respcode,requrl,respurl = cc.send_req(postdata,options.ssl,options.contimeout,options.shreflected) for a in range(0,count+1): if options.scanone == True: cnt = 0 checklogout.cklgt(data,options.logout,options.logoutcode,respcode,requrl,respurl,options.shreflected) if options.timedelay !=None: time.sleep(options.timedelay) resp = resp_file.readline() resp = resp.rstrip() postdata1, bb= ba.a_scr(postdata,options.urlencode) if bb == '' or bb == None: continue
def xssrun(self, postdata, mode, log): reload(s_c) CRLF = '\r\n\r\n' path = os.path.dirname( os.path.abspath(inspect.getfile(inspect.currentframe()))) try: scr_file = open(path + '/' + 'script.txt', 'r') except IOError: print colored("Cannot read the script file script.txt", 'white', 'on_red') print colored("Exiting...", 'red') sys.exit(0) counter = scr_file.read() try: resp_file = open(path + '/' + 'response.txt', 'r') except IOError: print colored("Cannot read the file response.txt", 'white', 'on_red') print colored("Exiting...", 'red') sys.exit(0) scr_file.seek(0) count = counter.count('\n') cr = 0 dr = 0 param = None print colored("payload count: %d" % (count), 'yellow') c_l = f_p() postdata = c_l.c_l(postdata) ba = s_c.cscr() csrfprint = a_cf.p_cf() cc = rqs() response_data = rs_p.resp() checklogout = lgt() data, respcode, requrl, respurl = cc.send_req(postdata, options.ssl, options.contimeout, options.shreflected, mode, log) for a in range(0, count + 1): if options.scanone == True: cnt = 0 checklogout.cklgt(data, options.logout, options.logoutcode, respcode, requrl, respurl, options.shreflected) if options.timedelay != None: time.sleep(options.timedelay) resp = resp_file.readline() resp = resp.rstrip() postdata1, bb = ba.a_scr(postdata, options.urlencode) if bb == '' or bb == None: continue if options.blacklist != '' and options.blacklist != None: try: for dd in options.blacklist.split(','): de = urllib.unquote(bb) if de.upper().lower().find( dd.upper().lower()) >= 0: cnt = cnt + 1 except: print colored( 'Black list data not provided in proper format.\nPlease include the characters within "" and separate each character using comma.\nEg:"$,@,!"', 'white', 'on_red') sys.exit(0) if cnt > 0: continue if options.csrftoken != None and log == False: postdata1 = csrfprint.da_cf(postdata1, data, options.csrftoken, options.shreflected) postdata1 = c_l.c_l(postdata1) print colored( "-----------------------------------------------------------", 'cyan') if options.verbose == True: print "Request:\n", postdata1 print "Trying payload: '%s'" % (bb.replace('+', ' ')) data, respcode, requrl, respurl = cc.send_req( postdata1, options.ssl, options.contimeout, options.shreflected, mode, log) print "Response status code observed: %s" % (respcode) rp, fl = response_data.resp1(data, resp, bb, None, options.strip) cr += rp else: resp = resp_file.readline() resp = resp.rstrip() for postdata1, bc, bd in ba.scr_iter( postdata, options.csrftoken, options.skipparam, options.urlencode, options.increferer, param): cnt = 0 checklogout.cklgt(data, options.logout, options.logoutcode, respcode, requrl, respurl, options.shreflected) if options.timedelay != None: time.sleep(options.timedelay) if bc == '' or bc == None: continue if options.blacklist != '' and options.blacklist != None: try: for dd in options.blacklist.split(','): de = urllib.unquote(bc) if de.upper().lower().find( dd.upper().lower()) >= 0: cnt = cnt + 1 except: print colored( 'Black list data not provided in proper format.\nPlease include the characters within "" and separate each character using comma.\nEg:"$,@,!"', 'white', 'on_red') if cnt > 0: continue if options.csrftoken != None and log == False: postdata1 = csrfprint.da_cf(postdata1, data, options.csrftoken, options.shreflected) postdata1 = c_l.c_l(postdata1) print colored( "-----------------------------------------------------------", 'cyan') if options.verbose == True: print "Request:\n", postdata1 print "Trying payload: '%s' on parameter '%s'" % ( bc.replace('+', ' '), bd) data, respcode, requrl, respurl = cc.send_req( postdata1, options.ssl, options.contimeout, options.shreflected, mode, log) print "Response status code observed: %s" % (respcode) rp, fl = response_data.resp1(data, resp, bc, bd, options.strip) cr += rp dr += fl if dr == 1 and log == False: dr += 1 print colored( "\n-------------------------------------------------------------\n", 'cyan') print colored( "Reflection was found on parameter '%s'" % (bd), 'white', 'on_green') print colored( "Press 'y' to continue scanning all parameters, 't' to scan only this parameter for other payloads and 'n' to exit", 'yellow') while True: try: input = raw_input( colored("Press 'y' or 't' or 'n'...\n", 'yellow')) except KeyboardInterrupt, e: print colored( "\n---------------------------------------------------------------\nScanning interrupted", 'yellow') print colored( "Scan result observed till now is stored in reflected.txt file\n", 'yellow') sys.exit(0) if input.lower() == 'y': break if input.lower() == 't': param = bd break if input.lower() == 'n': print colored("Exiting...", 'red') print colored( "The reflection results are stored in reflected.txt file", 'green') scr_file.close() resp_file.close() sys.exit(0)