class Gui: def __init__(self): ctypes.windll.shell32.SetCurrentProcessExplicitAppUserModelID( "myappid") self.window = tkinter.Tk() self.window.title("xssmap") self.height = 800 self.width = 1024 self.window.geometry( "%dx%d+%d+%d" % (self.width, self.height, (self.window.winfo_screenwidth() - self.width) / 2, (self.window.winfo_screenheight() - self.height) / 2)) self.window.resizable(width=False, height=False) self.window.iconbitmap("xssmap.ico") self.text1 = None self.text2 = None self.text3 = None self.button1 = None self.button2 = None self.button3 = None self.finish = False self.p = None self.combobox = None self.source = None self.dist = None self.index1 = 0 self.index2 = 0 self.ssl = 0 self.payload = Payload() self.package = Package('', 0) self.encode = Encode() self.setframe1() self.setframe2() self.setframe3() self.setframe4() self.setframe5() def setflag(self): try: self.text1.tag_configure('red', foreground='#DC143C') self.text1.insert(tkinter.SEL_FIRST, "$", 'red') self.text1.insert(tkinter.SEL_LAST, "$", 'red') self.button1['state'] = tkinter.DISABLED except tkinter.TclError: messagebox.showerror("提示", "请选中标记参数") def unsetflag(self): content = self.text1.get("0.0", "end").strip('\n') self.text1.delete("0.0", "end") self.text1.insert("0.0", content.replace('$', '')) self.button1['state'] = tkinter.NORMAL self.text1.see(1000.0) def valid(self): data = self.source[0:self. index1] + 'jimmywhite' + self.source[self.index2 + 1:] self.package.setcontent(data) self.package.setssl(self.ssl) self.package.process() self.package.setcontent(self.dist) result = self.package.process() if result.find('jimmywhite') > 0: return True return False def typeone(self): content = self.source[0:self.index1] + '<jimmywhite>' + self.source[ self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.source[0:self.index1] + self.encode.urlencode( '<jimmywhite>') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.source[0:self.index1] + self.encode.unicodeencode( '<jimmywhite>') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.source[0:self.index1] + self.encode.htmlencode( '<jimmywhite>') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.source[0:self.index1] + self.encode.doubleencode( '<jimmywhite>') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.source[0:self.index1] + self.encode.base64encode( '<jimmywhite>') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True return False def typetwo(self): content = self.source[0:self.index1] + 'jimmywhite' + self.source[ self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find('"jimmywhite"') > 0: return True content = self.source[0:self.index1] + self.encode.doubleencode( 'jimmywhite') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find('"jimmywhite"') > 0: return True content = self.source[0:self.index1] + self.encode.base64encode( 'jimmywhite') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find('"jimmywhite"') > 0: return True content = self.source[0:self.index1] + self.encode.htmlencode( 'jimmywhite') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find('"jimmywhite"') > 0: return True content = self.source[0:self.index1] + self.encode.unicodeencode( 'jimmywhite') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find('"jimmywhite"') > 0: return True content = self.source[0:self.index1] + self.encode.urlencode( 'jimmywhite') + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find('"jimmywhite"') > 0: return True return False def testone(self): for i in range(0, self.payload.payloads1.__len__()): content = self.source[0:self.index1] + self.payload.payloads1[ i] + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.payload.payloads1[i] content = self.source[0:self.index1] + self.encode.urlencode( self.payload.payloads1[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.urlencode(self.payload.payloads1[i]) content = self.source[0:self.index1] + self.encode.unicodeencode( self.payload.payloads1[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.unicodeencode(self.payload.payloads1[i]) content = self.source[0:self.index1] + self.encode.htmlencode( self.payload.payloads1[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.htmlencode(self.payload.payloads1[i]) content = self.source[0:self.index1] + self.encode.base64encode( self.payload.payloads1[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.base64encode(self.payload.payloads1[i]) content = self.source[0:self.index1] + self.encode.doubleencode( self.payload.payloads1[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.doubleencode(self.payload.payloads1[i]) content = self.source[0:self.index1] + self.encode.capsencode( self.payload.payloads1[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() index = 0 while content.find( self.encode.capsencode(self.payload.payloads1[i]), index + 1) > 0: index = content.find( self.encode.capsencode(self.payload.payloads1[i]), index + 1) if content[index - 1] != '"': return self.encode.capsencode(self.payload.payloads1[i]) return 'fail' def testtwo(self): for i in range(0, self.payload.payloads2.__len__()): content = self.source[0:self.index1] + self.payload.payloads2[ i] + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find(self.payload.payloads2[i]) > 0: return self.payload.payloads2[i] content = self.source[0:self.index1] + self.encode.capsencode( self.payload.payloads2[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find(self.encode.capsencode( self.payload.payloads2[i])) > 0: return self.encode.capsencode(self.payload.payloads2[i]) content = self.source[0:self.index1] + self.encode.doubleencode( self.payload.payloads2[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find(self.payload.payloads2[i]) > 0: return self.encode.doubleencode(self.payload.payloads2[i]) content = self.source[0:self.index1] + self.encode.base64encode( self.payload.payloads2[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find(self.payload.payloads2[i]) > 0: return self.encode.base64encode(self.payload.payloads2[i]) content = self.source[0:self.index1] + self.encode.htmlencode( self.payload.payloads2[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find(self.payload.payloads2[i]) > 0: return self.encode.htmlencode(self.payload.payloads2[i]) content = self.source[0:self.index1] + self.encode.unicodeencode( self.payload.payloads2[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find(self.payload.payloads2[i]) > 0: return self.encode.unicodeencode(self.payload.payloads2[i]) content = self.source[0:self.index1] + self.encode.urlencode( self.payload.payloads2[i]) + self.source[self.index2 + 1:] self.package.setcontent(content) self.package.process() self.package.setcontent(self.dist) content = self.package.process() if content.find(self.payload.payloads2[i]) > 0: return self.encode.urlencode(self.payload.payloads2[i]) return 'fail' def testxss(self): if self.combobox.get() == 'http': self.ssl = 0 else: self.ssl = 1 flag = False self.source = self.text1.get("0.0", "end") self.dist = self.text2.get("0.0", "end") self.index1 = self.source.find('$', 0) self.index2 = self.source.find('$', self.index1 + 1) if self.valid(): if self.typeone(): p = self.testone() if p != 'fail': self.p = p self.text3.insert("end", "检测存在XSS!\n") self.text3.insert("end", "PAYLOAD:" + self.p) flag = True if self.typetwo() and flag is False: p = self.testtwo() if p != 'fail': self.p = p self.text3.insert("end", "检测存在XSS!\n") self.text3.insert("end", "PAYLOAD:" + self.p) self.finish = True def show(self): while self.finish is False: pass tkinter.messagebox.showinfo('XSS检测成功', 'PAYLOAD:' + self.p) def start(self): self.button3['state'] = 'disabled' thread.start_new_thread(self.testxss, ()) def setframe1(self): frame = tkinter.Frame(self.window, height=300) frame.pack(fill=tkinter.X) frame.pack_propagate(0) label = tkinter.Label(frame, text="XSS输入点") label.pack() self.text1 = tkinter.Text(frame) self.text1.pack(fill=tkinter.X) def setframe2(self): frame = tkinter.Frame(self.window, height=50) frame.pack(fill=tkinter.X) frame.pack_propagate(0) frame1 = tkinter.Frame(frame) frame1.pack(side=tkinter.LEFT) frame2 = tkinter.Frame(frame) frame2.pack(side=tkinter.RIGHT) self.button1 = tkinter.Button(frame1, text="标记参数", command=self.setflag, cursor="hand2") self.button1.pack(ipadx=200) self.button2 = tkinter.Button(frame2, text="清除标记", command=self.unsetflag, cursor="hand2") self.button2.pack(ipadx=200) def setframe3(self): frame = tkinter.Frame(self.window, height=300) frame.pack(fill=tkinter.X) frame.pack_propagate(0) label = tkinter.Label(frame, text="XSS输出点") label.pack() self.text2 = tkinter.Text(frame) self.text2.pack(fill=tkinter.X) def setframe4(self): frame = tkinter.Frame(self.window, height=100) frame.pack(fill=tkinter.X) frame.pack_propagate(0) label = tkinter.Label(frame, text="检测结果") label.pack() self.text3 = tkinter.Text(frame) self.text3.pack(fill=tkinter.X) def setframe5(self): frame = tkinter.Frame(self.window, height=50) frame1 = tkinter.Frame(frame, height=50) frame2 = tkinter.Frame(frame, height=50) frame.pack(fill=tkinter.X) frame.pack_propagate(0) frame1.pack(side=tkinter.LEFT) frame2.pack(side=tkinter.RIGHT) self.combobox = ttk.Combobox(frame1, state="readonly", width=5) self.combobox['value'] = ['http', 'https'] self.combobox.current(0) self.combobox.pack(ipadx=200) self.button3 = tkinter.Button(frame2, text="开始", command=self.start, cursor="hand2") self.button3.pack(ipadx=200)
class Crawler: def __init__(self, domain, threads, depth, times, headers, father): self.domain = domain if self.domain[self.domain.__len__() - 1] == '/': self.domain = self.domain[0:self.domain.__len__() - 1] self.threads = threads self.times = times self.cookies = {} self.headers = {} self.count = 0 self.controlthread = 0 self.depth = depth self.father = father self.realdomain = '' self.payload = Payload() self.encode = Encode() if headers != '': self.setheader(headers) if 'https' in self.domain: self.domain1 = self.domain.replace('https://', '') self.domain2 = 'http://' + self.domain1 self.domain3 = 'http%3A%2F%2F' + self.domain1 self.domain4 = 'https%3A%2F%2F' + self.domain1 elif 'http' in self.domain: self.domain1 = self.domain.replace('http://', '') self.domain2 = 'https://' + self.domain1 self.domain3 = 'http%3A%2F%2F' + self.domain1 self.domain4 = 'https%3A%2F%2F' + self.domain1 else: self.domain1 = 'http://' + self.domain self.domain2 = 'https://' + self.domain self.domain3 = 'http%3A%2F%2F' + self.domain self.domain4 = 'https%3A%2F%2F' + self.domain self.queue = Queue() self.urlqueue = Queue() self.lock = threading.RLock() self.lock2 = threading.RLock() self.lock3 = threading.RLock() self.lock4 = threading.RLock() self.lock5 = threading.RLock() self.bloomfilter = ScalableBloomFilter( initial_capacity=10000, error_rate=0.001, mode=ScalableBloomFilter.LARGE_SET_GROWTH) self.bloomfilter2 = ScalableBloomFilter( initial_capacity=10000, error_rate=0.001, mode=ScalableBloomFilter.LARGE_SET_GROWTH) self.blacklist = [ '<', '{', '\'', '"', '.css', '.jpg', '.mp4', '.png', '.gif', '.avi', '.jpeg', '.ico', '.mp3', '.pdf', 'docx', 'doc', 'bmp', '.rmvb', '.zip', '.rar', '.exe', '.ppt', '.pptx', 'xls' ] self.rule = 'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+' def black(self, url): for i in self.blacklist: if i in url: return False return True def black2(self, url): if '.js' in url and '.jsp' not in url: if self.domain in url or self.domain1 in url or self.domain2 in url or self.domain3 in url or self.domain4 in url: return True else: return False if '.' + self.domain in url: return False if '.' + self.domain1 in url: return False if '.' + self.domain2 in url: return False if '.' + self.domain3 in url: return False if '.' + self.domain4 in url: return False if '=' + self.domain in url: return False if '=' + self.domain1 in url: return False if '=' + self.domain2 in url: return False if '=' + self.domain3 in url: return False if '=' + self.domain4 in url: return False if '/' + self.domain in url and '//' + self.domain not in url: return False if '/' + self.domain1 in url and '//' + self.domain1 not in url: return False if '/' + self.domain2 in url and '//' + self.domain2 not in url: return False if '/' + self.domain3 in url and '//' + self.domain3 not in url: return False if '/' + self.domain4 in url and '//' + self.domain4 not in url: return False if self.domain in url or self.domain1 in url or self.domain2 in url or self.domain3 in url or self.domain4 in url: return True else: return False def setheader(self, url): index = 0 l = 0 url += '\n' while index < url.__len__() - 1: index = url.find(':', index) index1 = url.find('\n', index) index2 = url.find('\n', index1 + 1) if ':' not in url[index1:index2]: while ':' not in url[index1:index2]: index3 = index2 index2 = url.find('\n', index2 + 1) if index2 <= 0: index2 = index3 break else: index2 = index1 if url[index + 1] != ' ': self.headers.update( {url[l:index]: url[index + 1:index2].replace('\n', '')}) else: self.headers.update( {url[l:index]: url[index + 2:index2].replace('\n', '')}) index = index2 + 1 l = index def setcookies(self, cookies): index = cookies.find('=') index2 = cookies.find(';') index3 = 0 self.lock2.acquire() self.cookies.update({cookies[0:index]: cookies[index + 2:index2]}) self.lock2.release() while cookies.find(',', index) > 0: index = cookies.find(',', index3) while cookies[index + 2] == '0' or cookies[index + 2] == '1' or cookies[ index + 2] == '2' or cookies[index + 2] == '3': index = cookies.find(',', index + 1) index2 = cookies.find('=', index) index3 = cookies.find(';', index2) self.lock2.acquire() self.cookies.update( {cookies[index + 2:index2]: cookies[index2 + 1:index3]}) self.lock2.release() index = cookies.find(',', index + 1) while cookies[index + 2] == '0' or cookies[index + 2] == '1' or cookies[ index + 2] == '2' or cookies[index + 2] == '3': index = cookies.find(',', index + 1) def stepone(self): urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) r = None if 'http' in self.domain: try: r = requests.get(url=self.domain, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True) self.realdomain = self.domain except requests.exceptions.Timeout: pass except requests.exceptions.ConnectionError: pass except requests.exceptions.ChunkedEncodingError: pass else: try: r = requests.get(url="http://" + self.domain, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True) self.realdomain = 'http://' + self.domain except requests.exceptions.Timeout: pass except requests.exceptions.ConnectionError: pass except requests.exceptions.ChunkedEncodingError: pass if r.text.__len__() < 100: try: r = requests.get(url="https://" + self.domain, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True) self.realdomain = 'https://' + self.domain except requests.exceptions.Timeout: pass except requests.exceptions.ConnectionError: pass except requests.exceptions.ChunkedEncodingError: pass content = r.text print content if r.headers.get('Set-Cookie'): cookies = r.headers['Set-Cookie'] self.setcookies(cookies) href = re.findall(self.rule, content) href2 = re.findall('href="(.*?)"', content) href3 = re.findall('href=(.*?)>', content) if href.__len__() > 0: for url in href: if self.black(url): if url.__len__() > 0: if url[0] == '/': url = url.replace('//', '') url = url.replace('&', '&') if self.black2(url): if not self.bloomfilter.add(url): self.queue.put(url) if href2.__len__() > 0: for url in href2: if '//' not in url: if self.black(url): if url.__len__() > 0: url = url.replace('&', '&') if url[0] != '/': url = '/' + url if self.black2(self.realdomain + url): if not self.bloomfilter.add(self.realdomain + url): self.queue.put(self.realdomain + url) if href3.__len__() > 0: for url in href3: url = url.replace('"', '') if '//' not in url: if self.black(url): if url.__len__() > 0: url = url.replace('&', '&') if url[0] != '/': url = '/' + url if self.black2(self.realdomain + url): if not self.bloomfilter.add(self.realdomain + url): self.queue.put(self.realdomain + url) for i in range(0, 100): self.queue.put("https://www.baidu.com") locks = [] for i in range(0, self.threads): lock = threading.Lock() locks.append(lock) thread.start_new_thread(self.steptwo, (lock, )) time.sleep(5) for lock in locks: while lock.locked(): pass time.sleep(1000) '''locks = [] for i in range(0, 20): lock = threading.Lock() locks.append(lock) thread.start_new_thread(self.testxss, (lock,)) time.sleep(5) for lock in locks: while lock.locked(): pass print 1 time.sleep(1000)''' def steptwo(self, minilock): minilock.acquire() while True: self.lock.acquire() self.count += 1 if self.queue.qsize() < 1: self.lock.release() break url = self.queue.get() self.lock.release() url = url.replace('&', '&') if '?' in url and '=' in url: self.stepthree(url) urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) if 'http' in url: try: if self.headers: r = requests.get(url=url, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True) else: self.lock2.acquire() cookies = self.cookies self.lock2.release() r = requests.get(url=url, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True, cookies=cookies) except requests.exceptions.Timeout: pass except requests.exceptions.ConnectionError: pass except requests.exceptions.ChunkedEncodingError: pass else: try: if self.headers: r = requests.get(url="http://" + url, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True) else: self.lock2.acquire() cookies = self.cookies self.lock2.release() r = requests.get(url="http://" + url, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True, cookies=cookies) except requests.exceptions.Timeout: pass except requests.exceptions.ConnectionError: pass except requests.exceptions.ChunkedEncodingError: pass if r.text.__len__() < 100: try: if self.headers: r = requests.get(url="https://" + url, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True) else: self.lock2.acquire() cookies = self.cookies self.lock2.release() r = requests.get(url="https://" + url, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True, cookies=cookies) except requests.exceptions.Timeout: pass except requests.exceptions.ConnectionError: pass except requests.exceptions.ChunkedEncodingError: pass if r.status_code == 200: try: content = r.text except requests.exceptions.ConnectionError: continue except AttributeError: continue except requests.exceptions.ChunkedEncodingError: continue else: continue if r.headers.get('Set-Cookie'): cookies = r.headers['Set-Cookie'] self.setcookies(cookies) href = re.findall(self.rule, content) href2 = re.findall('href="(.*?)"', content) if href.__len__() > 0: for url in href: if self.black(url): if url.__len__() > 0: if url[0] == '/': url = url.replace('//', '') url = url.replace('&', '&') if self.black2(url): if not self.bloomfilter.add(url): self.queue.put(url) if href2.__len__() > 0: for url in href2: if '//' not in url: if self.black(url): if url.__len__() > 0: url = url.replace('&', '&') if url[0] != '/': url = '/' + url if self.black2(self.realdomain + url): if not self.bloomfilter.add( self.realdomain + url): self.queue.put(self.realdomain + url) if self.count > self.depth: break minilock.release() def stepthree(self, url): url += '&' index2 = url.find('=') + 1 newurl = url[0:url.find('=') + 1] + 'xss' while True: index1 = url.find('&', index2 + 1) index2 = url.find('=', index2 + 1) if index1 > 0 and index2 > 0: newurl += url[index1:index2] + '=xss' else: break if not self.bloomfilter2.add(newurl): self.urlqueue.put(url[0:url.__len__() - 1]) self.lock5.acquire() self.father.text2.insert("end", url[0:url.__len__() - 1] + '\n') self.lock5.release() if self.controlthread < 20: thread.start_new_thread(self.testxss, (None, )) def network(self, url): try: if self.headers: r = requests.get(url=url, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True) else: self.lock2.acquire() cookies = self.cookies r = requests.get(url=url, verify=False, timeout=(self.times, self.times), headers=self.headers, stream=True, cookies=cookies) self.lock2.release() except requests.exceptions.Timeout: pass except requests.exceptions.ConnectionError: pass except requests.exceptions.ChunkedEncodingError: pass return r.text def valid(self, url, index1, index2): url = url[0:index1 + 1] + 'jimmywhite' + url[index2:] url = url.strip('&') if self.network(url).find('jimmywhite') > 0: return True else: return False def typeone(self, url, index1, index2): url = url.strip('&') content = self.network(url[0:index1 + 1] + '<jimmywhite>' + url[index2:]) index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.network(url[0:index1 + 1] + self.encode.capsencode('<jimmywhite>') + url[index2:]) index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.network(url[0:index1 + 1] + self.encode.doubleencode('<jimmywhite>') + url[index2:]) index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.network(url[0:index1 + 1] + self.encode.htmlencode('<jimmywhite>') + url[index2:]) index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.network(url[0:index1 + 1] + self.encode.unicodeencode('<jimmywhite>') + url[index2:]) index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True content = self.network(url[0:index1 + 1] + self.encode.urlencode('<jimmywhite>') + url[index2:]) index = 0 while content.find('<jimmywhite>', index + 2) > 0: index = content.find('<jimmywhite>', index + 2) if content[index - 1] != '"': return True return False def typetwo(self, url, index1, index2): url = url.strip('&') if self.network(url[0:index1 + 1] + 'jimmywhite' + url[index2:]).find('"jimmywhite"') > 0: return True if self.network(url[0:index1 + 1] + self.encode.capsencode('jimmywhite') + url[index2:]).find('"jimmywhite"') > 0: return True if self.network(url[0:index1 + 1] + self.encode.doubleencode('jimmywhite') + url[index2:]).find('"jimmywhite"') > 0: return True if self.network(url[0:index1 + 1] + self.encode.htmlencode('jimmywhite') + url[index2:]).find('<"jimmywhite"') > 0: return True if self.network(url[0:index1 + 1] + self.encode.unicodeencode('jimmywhite') + url[index2:]).find('"jimmywhite"') > 0: return True if self.network(url[0:index1 + 1] + self.encode.urlencode('jimmywhite') + url[index2:]).find('"jimmywhite"') > 0: return True if self.network(url[0:index1 + 1] + self.encode.base64encode('jimmywhite') + url[index2:]).find('"jimmywhite"') > 0: return True return False def testone(self, url, index1, index2): url = url.strip('&') for i in range(0, self.payload.payloads1.__len__()): content = self.network(url[0:index1 + 1] + self.payload.payloads1[i] + url[index2:]) index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.payload.payloads1[i] content = self.network( url[0:index1 + 1] + self.encode.capsencode(self.payload.payloads1[i]) + url[index2:]) index = 0 while content.find( self.encode.capsencode(self.payload.payloads1[i]), index + 1) > 0: index = content.find( self.encode.capsencode(self.payload.payloads1[i]), index + 1) if content[index - 1] != '"': return self.encode.capsencode(self.payload.payloads1[i]) content = self.network( url[0:index1 + 1] + self.encode.urlencode(self.payload.payloads1[i]) + url[index2:]) index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.urlencode(self.payload.payloads1[i]) content = self.network( url[0:index1 + 1] + self.encode.unicodeencode(self.payload.payloads1[i]) + url[index2:]) index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.unicodeencode(self.payload.payloads1[i]) content = self.network( url[0:index1 + 1] + self.encode.htmlencode(self.payload.payloads1[i]) + url[index2:]) index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.htmlencode(self.payload.payloads1[i]) content = self.network( url[0:index1 + 1] + self.encode.doubleencode(self.payload.payloads1[i]) + url[index2:]) index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.doubleencode(self.payload.payloads1[i]) content = self.network( url[0:index1 + 1] + self.encode.base64encode(self.payload.payloads1[i]) + url[index2:]) index = 0 while content.find(self.payload.payloads1[i], index + 1) > 0: index = content.find(self.payload.payloads1[i], index + 1) if content[index - 1] != '"': return self.encode.base64encode(self.payload.payloads1[i]) return 'fail' def testtwo(self, url, index1, index2): url = url.strip('&') for i in range(0, self.payload.payloads2.__len__()): if self.network(url[0:index1 + 1] + self.payload.payloads2[i] + url[index2:]).find(self.payload.payloads2[i]) > 0: return self.payload.payloads2[i] if self.network(url[0:index1 + 1] + self.encode.capsencode(self.payload.payloads2[i]) + url[index2:]).find( self.encode.capsencode( self.payload.payloads2[i])) > 0: return self.encode.capsencode(self.payload.payloads2[i]) if self.network(url[0:index1 + 1] + self.encode.doubleencode( self.payload.payloads2[i]) + url[index2:]).find( self.payload.payloads2[i]) > 0: return self.encode.doubleencode(self.payload.payloads2[i]) if self.network(url[0:index1 + 1] + self.encode.htmlencode(self.payload.payloads2[i]) + url[index2:]).find(self.payload.payloads2[i]) > 0: return self.encode.htmlencode(self.payload.payloads2[i]) if self.network(url[0:index1 + 1] + self.encode.unicodeencode( self.payload.payloads2[i]) + url[index2:]).find( self.payload.payloads2[i]) > 0: return self.encode.unicodeencode(self.payload.payloads2[i]) if self.network(url[0:index1 + 1] + self.encode.urlencode(self.payload.payloads2[i]) + url[index2:]).find(self.payload.payloads2[i]) > 0: return self.encode.urlencode(self.payload.payloads2[i]) if self.network(url[0:index1 + 1] + self.encode.base64encode( self.payload.payloads2[i]) + url[index2:]).find( self.payload.payloads2[i]) > 0: return self.encode.base64encode(self.payload.payloads2[i]) return 'fail' def testthree(self, url, index1, index2): url = url.strip('&') for i in range(0, self.payload.payloads3.__len__()): if self.network(url[0:index1 + 1] + self.payload.payloads3[i] + url[index2:]).find(self.payload.payloads3[i]) > 0: return self.payload.payloads3[i] + url[index2:] if self.network(url[0:index1 + 1] + self.encode.capsencode(self.payload.payloads3[i]) + url[index2:]).find( self.encode.capsencode( self.payload.payloads3[i])) > 0: return self.encode.capsencode(self.payload.payloads3[i]) if self.network(url[0:index1 + 1] + self.encode.doubleencode( self.payload.payloads3[i]) + url[index2:]).find( self.payload.payloads3[i]) > 0: return self.encode.doubleencode(self.payload.payloads3[i]) if self.network(url[0:index1 + 1] + self.encode.htmlencode(self.payload.payloads3[i]) + url[index2:]).find(self.payload.payloads3[i]) > 0: return self.encode.htmlencode(self.payload.payloads3[i]) if self.network(url[0:index1 + 1] + self.encode.unicodeencode( self.payload.payloads3[i]) + url[index2:]).find( self.payload.payloads3[i]) > 0: return self.encode.unicodeencode(self.payload.payloads3[i]) if self.network(url[0:index1 + 1] + self.encode.urlencode(self.payload.payloads3[i]) + url[index2:]).find(self.payload.payloads3[i]) > 0: return self.encode.urlencode(self.payload.payloads3[i]) if self.network(url[0:index1 + 1] + self.encode.base64encode( self.payload.payloads3[i]) + url[index2:]).find( self.payload.payloads3[i]) > 0: return self.encode.base64encode(self.payload.payloads3[i]) return 'fail' def testxss(self, minilock): # minilock.acquire() self.lock3.acquire() self.controlthread += 1 if not self.urlqueue.empty(): url = self.urlqueue.get() else: self.lock3.release() return self.lock3.release() url += '&' index2 = 0 index3 = url.find('?') while True: index1 = url.find('=', index2 + 1) index2 = url.find('&', index2 + 1) if index3 != url.find('?'): index3 = index2 if index1 > 0 and index2 > 0: if self.valid(url, index1, index2): if self.typeone(url, index1, index2): p = self.testone(url, index1, index2) if p != 'fail': self.lock4.acquire() self.father.text3.insert( "end", 'URL:' + url.strip('&') + '\n') self.father.text3.insert( "end", 'VAR:' + url[index3 + 1:index1] + '\n') self.father.text3.insert("end", 'PAYLOAD:' + p + '\n') self.father.text3.insert( "end", 'XSSURL:' + url[0:index1 + 1] + p + url[index2:].strip('&') + '\n') self.father.text3.insert("end", '\n') self.lock4.release() continue if self.typetwo(url, index1, index2): p = self.testtwo(url, index1, index2) if p != 'fail': self.lock4.acquire() self.father.text3.insert( "end", 'URL:' + url.strip('&') + '\n') self.father.text3.insert( "end", 'VAR:' + url[index3 + 1:index1] + '\n') self.father.text3.insert("end", 'PAYLOAD:' + p + '\n') self.father.text3.insert( "end", 'XSSURL:' + url[0:index1 + 1] + p + url[index2:].strip('&') + '\n') self.father.text3.insert("end", '\n') self.lock4.release() continue '''if self.testthree(url, index1, index2): p = self.testthree(url, index1, index2) if p != 'fail': self.lock4.acquire() self.father.text3.insert("end", 'URL:' + url.strip('&') + '\n') self.father.text3.insert("end", 'VAR:' + url[index3 + 1: index1] + '\n') self.father.text3.insert("end", 'PAYLOAD:' + p + '\n') self.father.text3.insert("end", 'XSSURL:' + url[0:index1 + 1] + p + url[index2:].strip('&') + '\n') self.father.text3.insert("end", '\n') self.lock4.release() continue''' else: break