class rqs:
global file_parsing
file_parsing = f_p()
global path
path = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
def ch_en(self, response):
if response.info().get('Content-Encoding') == 'gzip' or response.info(
).get('Content-Encoding') == 'x-gzip':
buf = StringIO(response.read())
f = gzip.GzipFile(fileobj=buf)
data = f.read()
elif response.info().get('Content-Encoding') == 'deflate':
f = StringIO.StringIO(zlib.decompress(response.read()))
data = f.read()
else:
data = response.read()
return data
def send_req(self, postdata, ssla, tm, ref):
if ssla == True:
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
header, body, method, url = file_parsing.f_par(postdata, 'Https')
if method.upper() == 'GET':
req = urllib2.Request(url, headers=header)
try:
response = urllib2.urlopen(req, context=ctx, timeout=tm)
except socket.timeout, e:
print "\n---------------------------------------------------------------\n---------------------------------------------------------------\nThe connection has timed out. Please check the network connectivity or increase the connection timeout using option --contimeout."
print "Scan result observed till now is stored in reflected.txt file\n"
sys.exit(0)
except urllib2.HTTPError, response:
pass
except urllib2.URLError, response:
print "\n---------------------------------------------------------------\nError occured.\nError Message:", response.args[
0]
sys.exit(0)
data = self.ch_en(response)
return data, response.code, url, response.url
import sys
import time
import signal
import xyzs
import br_log
from r_p import f_p
from termcolor import colored
import colorama
colorama.init()
options = onh()
print colored("Disclaimer:",'blue','on_white') + colored(" Usage of XssScan tool for testing targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program\n",'cyan')
path = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
ref_file = open(path+'/'+'reflected.txt','w')
ref_file.close()
f_parse = f_p()
def signal_handler(signal, frame):
print colored("\n---------------------------------------------------------------",'cyan')
print colored("\nScanning interrupted\nExiting...\n",'red')
print colored("Scan result observed till now is stored in reflected.txt file\n",'yellow')
if options.shreflected ==True:
print colored("-----------------------Scan Results------------------------",'green','on_white')
ref_file = open(path+'/'+'reflected.txt','r')
print colored(ref_file.read(),'green')
ref_file.close()
sys.exit(0)
signal.signal(signal.SIGINT,signal_handler)
cr =0
r_count =0
a = xyzs.xss()
print "Exiting..."
sys.exit(0)
counter = scr_file.read()
try:
resp_file = open(path + '/' + 'response.txt', 'r')
except IOError:
print "Cannot read the file response.txt"
print "Exiting..."
sys.exit(0)
scr_file.seek(0)
count = counter.count('\n')
cr = 0
dr = 0
param = None
print "payload count: %d\n" % (count)
c_l = f_p()
postdata = c_l.c_l(postdata)
ba = s_c.cscr()
csrfprint = a_cf.p_cf()
cc = rqs()
response_data = rs_p.resp()
checklogout = lgt()
data, respcode, requrl, respurl = cc.send_req(postdata, options.ssl,
options.contimeout,
options.shreflected)
for a in range(0, count + 1):
if options.scanone == True:
cnt = 0
checklogout.cklgt(data, options.logout, options.logoutcode, respcode,
requrl, respurl, options.shreflected)
if options.timedelay != None:
print "Exiting..."
sys.exit(0)
counter = scr_file.read()
try:
resp_file = open(path+'/'+'response.txt','r')
except IOError:
print "Cannot read the file response.txt"
print "Exiting..."
sys.exit(0)
scr_file.seek(0)
count = counter.count('\n')
cr = 0
dr = 0
param = None
print "payload count: %d\n" %(count)
c_l = f_p()
postdata = c_l.c_l(postdata)
ba = s_c.cscr()
csrfprint = a_cf.p_cf()
cc = rqs()
response_data = rs_p.resp()
checklogout = lgt()
data,respcode,requrl,respurl = cc.send_req(postdata,options.ssl,options.contimeout,options.shreflected)
for a in range(0,count+1):
if options.scanone == True:
cnt = 0
checklogout.cklgt(data,options.logout,options.logoutcode,respcode,requrl,respurl,options.shreflected)
if options.timedelay !=None:
time.sleep(options.timedelay)
resp = resp_file.readline()
resp = resp.rstrip()
def xssrun(self,postdata,mode,log):
reload(s_c)
CRLF = '\r\n\r\n'
path = os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
try:
scr_file = open(path+'/'+'script.txt','r')
except IOError:
print colored("Cannot read the script file script.txt",'white','on_red')
print colored("Exiting...",'red')
sys.exit(0)
counter = scr_file.read()
try:
resp_file = open(path+'/'+'response.txt','r')
except IOError:
print colored("Cannot read the file response.txt",'white','on_red')
print colored("Exiting...",'red')
sys.exit(0)
scr_file.seek(0)
count = counter.count('\n')
cr = 0
dr = 0
param = None
print colored("payload count: %d" %(count),'yellow')
c_l = f_p()
postdata = c_l.c_l(postdata)
ba = s_c.cscr()
csrfprint = a_cf.p_cf()
cc = rqs()
response_data = rs_p.resp()
checklogout = lgt()
data,respcode,requrl,respurl = cc.send_req(postdata,options.ssl,options.contimeout,options.shreflected,mode,log)
for a in range(0,count+1):
if options.scanone == True:
cnt = 0
checklogout.cklgt(data,options.logout,options.logoutcode,respcode,requrl,respurl,options.shreflected)
if options.timedelay !=None:
time.sleep(options.timedelay)
resp = resp_file.readline()
resp = resp.rstrip()
postdata1, bb= ba.a_scr(postdata,options.urlencode)
if bb == '' or bb == None:
continue
if options.blacklist !='' and options.blacklist !=None:
try:
for dd in options.blacklist.split(','):
de = urllib.unquote(bb)
if de.upper().lower().find(dd.upper().lower()) >=0:
cnt = cnt+1
except:
print colored('Black list data not provided in proper format.\nPlease include the characters within "" and separate each character using comma.\nEg:"$,@,!"','white','on_red')
sys.exit(0)
if cnt >0:
continue
if options.csrftoken != None and log == False:
postdata1 = csrfprint.da_cf(postdata1,data,options.csrftoken,options.shreflected)
postdata1 = c_l.c_l(postdata1)
print colored("-----------------------------------------------------------",'cyan')
if options.verbose == True:
print "Request:\n",postdata1
print "Trying payload: '%s'" %(bb.replace('+',' '))
data,respcode,requrl,respurl = cc.send_req(postdata1,options.ssl,options.contimeout,options.shreflected,mode,log)
print "Response status code observed: %s" %(respcode)
rp,fl = response_data.resp1(data,resp,bb,None,options.strip)
cr +=rp
else:
resp = resp_file.readline()
resp = resp.rstrip()
for postdata1,bc,bd in ba.scr_iter(postdata,options.csrftoken,options.skipparam,options.urlencode,options.increferer,param):
cnt = 0
checklogout.cklgt(data,options.logout,options.logoutcode,respcode,requrl,respurl,options.shreflected)
if options.timedelay !=None:
time.sleep(options.timedelay)
if bc == '' or bc ==None:
continue
if options.blacklist !='' and options.blacklist !=None:
try:
for dd in options.blacklist.split(','):
de = urllib.unquote(bc)
if de.upper().lower().find(dd.upper().lower()) >=0:
cnt = cnt+1
except:
print colored('Black list data not provided in proper format.\nPlease include the characters within "" and separate each character using comma.\nEg:"$,@,!"','white','on_red')
if cnt >0:
continue
if options.csrftoken != None and log == False:
postdata1 = csrfprint.da_cf(postdata1,data,options.csrftoken,options.shreflected)
postdata1 = c_l.c_l(postdata1)
print colored("-----------------------------------------------------------",'cyan')
if options.verbose == True:
print "Request:\n",postdata1
print "Trying payload: '%s' on parameter '%s'" %(bc.replace('+',' '),bd)
data,respcode,requrl,respurl = cc.send_req(postdata1,options.ssl,options.contimeout,options.shreflected,mode,log)
print "Response status code observed: %s" %(respcode)
rp,fl = response_data.resp1(data,resp,bc,bd,options.strip)
cr +=rp
dr +=fl
if dr ==1 and log == False:
dr +=1
print colored("\n-------------------------------------------------------------\n",'cyan')
print colored("Reflection was found on parameter '%s'" %(bd),'white','on_green')
print colored("Press 'y' to continue scanning all parameters, 't' to scan only this parameter for other payloads and 'n' to exit",'yellow')
while True:
try:
input = raw_input(colored("Press 'y' or 't' or 'n'...\n",'yellow'))
except KeyboardInterrupt, e:
print colored("\n---------------------------------------------------------------\nScanning interrupted",'yellow')
print colored("Scan result observed till now is stored in reflected.txt file\n",'yellow')
sys.exit(0)
if input.lower() == 'y':
break
if input.lower() == 't':
param = bd
break
if input.lower() == 'n':
print colored("Exiting...",'red')
print colored("The reflection results are stored in reflected.txt file",'green')
scr_file.close()
resp_file.close()
sys.exit(0)
def xssrun(self, postdata, mode, log):
reload(s_c)
CRLF = '\r\n\r\n'
path = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
try:
scr_file = open(path + '/' + 'script.txt', 'r')
except IOError:
print colored("Cannot read the script file script.txt", 'white',
'on_red')
print colored("Exiting...", 'red')
sys.exit(0)
counter = scr_file.read()
try:
resp_file = open(path + '/' + 'response.txt', 'r')
except IOError:
print colored("Cannot read the file response.txt", 'white',
'on_red')
print colored("Exiting...", 'red')
sys.exit(0)
scr_file.seek(0)
count = counter.count('\n')
cr = 0
dr = 0
param = None
print colored("payload count: %d" % (count), 'yellow')
c_l = f_p()
postdata = c_l.c_l(postdata)
ba = s_c.cscr()
csrfprint = a_cf.p_cf()
cc = rqs()
response_data = rs_p.resp()
checklogout = lgt()
data, respcode, requrl, respurl = cc.send_req(postdata, options.ssl,
options.contimeout,
options.shreflected,
mode, log)
for a in range(0, count + 1):
if options.scanone == True:
cnt = 0
checklogout.cklgt(data, options.logout, options.logoutcode,
respcode, requrl, respurl,
options.shreflected)
if options.timedelay != None:
time.sleep(options.timedelay)
resp = resp_file.readline()
resp = resp.rstrip()
postdata1, bb = ba.a_scr(postdata, options.urlencode)
if bb == '' or bb == None:
continue
if options.blacklist != '' and options.blacklist != None:
try:
for dd in options.blacklist.split(','):
de = urllib.unquote(bb)
if de.upper().lower().find(
dd.upper().lower()) >= 0:
cnt = cnt + 1
except:
print colored(
'Black list data not provided in proper format.\nPlease include the characters within "" and separate each character using comma.\nEg:"$,@,!"',
'white', 'on_red')
sys.exit(0)
if cnt > 0:
continue
if options.csrftoken != None and log == False:
postdata1 = csrfprint.da_cf(postdata1, data,
options.csrftoken,
options.shreflected)
postdata1 = c_l.c_l(postdata1)
print colored(
"-----------------------------------------------------------",
'cyan')
if options.verbose == True:
print "Request:\n", postdata1
print "Trying payload: '%s'" % (bb.replace('+', ' '))
data, respcode, requrl, respurl = cc.send_req(
postdata1, options.ssl, options.contimeout,
options.shreflected, mode, log)
print "Response status code observed: %s" % (respcode)
rp, fl = response_data.resp1(data, resp, bb, None,
options.strip)
cr += rp
else:
resp = resp_file.readline()
resp = resp.rstrip()
for postdata1, bc, bd in ba.scr_iter(
postdata, options.csrftoken, options.skipparam,
options.urlencode, options.increferer, param):
cnt = 0
checklogout.cklgt(data, options.logout, options.logoutcode,
respcode, requrl, respurl,
options.shreflected)
if options.timedelay != None:
time.sleep(options.timedelay)
if bc == '' or bc == None:
continue
if options.blacklist != '' and options.blacklist != None:
try:
for dd in options.blacklist.split(','):
de = urllib.unquote(bc)
if de.upper().lower().find(
dd.upper().lower()) >= 0:
cnt = cnt + 1
except:
print colored(
'Black list data not provided in proper format.\nPlease include the characters within "" and separate each character using comma.\nEg:"$,@,!"',
'white', 'on_red')
if cnt > 0:
continue
if options.csrftoken != None and log == False:
postdata1 = csrfprint.da_cf(postdata1, data,
options.csrftoken,
options.shreflected)
postdata1 = c_l.c_l(postdata1)
print colored(
"-----------------------------------------------------------",
'cyan')
if options.verbose == True:
print "Request:\n", postdata1
print "Trying payload: '%s' on parameter '%s'" % (
bc.replace('+', ' '), bd)
data, respcode, requrl, respurl = cc.send_req(
postdata1, options.ssl, options.contimeout,
options.shreflected, mode, log)
print "Response status code observed: %s" % (respcode)
rp, fl = response_data.resp1(data, resp, bc, bd,
options.strip)
cr += rp
dr += fl
if dr == 1 and log == False:
dr += 1
print colored(
"\n-------------------------------------------------------------\n",
'cyan')
print colored(
"Reflection was found on parameter '%s'" % (bd),
'white', 'on_green')
print colored(
"Press 'y' to continue scanning all parameters, 't' to scan only this parameter for other payloads and 'n' to exit",
'yellow')
while True:
try:
input = raw_input(
colored("Press 'y' or 't' or 'n'...\n",
'yellow'))
except KeyboardInterrupt, e:
print colored(
"\n---------------------------------------------------------------\nScanning interrupted",
'yellow')
print colored(
"Scan result observed till now is stored in reflected.txt file\n",
'yellow')
sys.exit(0)
if input.lower() == 'y':
break
if input.lower() == 't':
param = bd
break
if input.lower() == 'n':
print colored("Exiting...", 'red')
print colored(
"The reflection results are stored in reflected.txt file",
'green')
scr_file.close()
resp_file.close()
sys.exit(0)