brandonprry/gist:3014090

## gistfile1.cs
using System;
using System.Xml;
using System.Collections.Generic;
using System.Diagnostics;

namespace wapiti_to_dsxs
{
	class MainClass
	{
	public class WapitiBug
	{
		public WapitiBug()
		{}

		public WapitiBug(string type, XmlNode bug)
		{
			this.Type = type;

			foreach (XmlNode node in bug.ChildNodes)
			{
				if (node.Name == "timestamp")
					this.Timestamp = DateTime.Parse (node.InnerText);
				else if (node.Name == "url")
					this.URL = node.InnerText;
				else if (node.Name == "peer") {
					foreach (XmlNode peerInfo in node.ChildNodes) {
						if (peerInfo.Name == "addr")
							this.Host = peerInfo.InnerText;
						else if (peerInfo.Name == "port")
							this.Port = int.Parse (peerInfo.InnerText);
					}
				} else if (node.Name == "parameter")
					this.Parameter = node.InnerText;
				else if (node.Name == "info")
					this.Info = node.InnerText;

			}
		}

		public int Level { get; set; }

		public DateTime Timestamp { get; set; }

		public string URL { get; set; }

		public string Host { get; set; }

		public int Port { get; set; }

		public string Parameter { get; set; }

		public string Info { get; set; }

		public string Type { get; set; }
}
		public static void Main (string[] args)
		{
			string dsxsPath = "/home/bperry/tools/dsxs/dsxs.py";
			string wapitiReport = "/tmp/wapiti_55fdd419-800a-4ba1-b591-5f2d6001a72f.xml";
			string xml = System.IO.File.ReadAllText(wapitiReport);

			XmlDocument doc = new XmlDocument();
			doc.LoadXml(xml);

			var nodes = doc.SelectNodes("/report/bugTypeList/bugType");

			List<WapitiBug> bugs = new List<WapitiBug>();
			foreach (XmlNode node in nodes)
			{
				string bugType = node.Attributes["name"].Value;
				XmlNodeList bugElements = node.SelectNodes("bugList/bug");

				foreach (XmlNode bug in bugElements)
					bugs.Add(new WapitiBug(bugType, bug));
			}

			foreach (WapitiBug bug in bugs)
			{

				if (bug.Type != "Cross Site Scripting")
					continue;

				ProcessStartInfo si = new ProcessStartInfo();

				si.RedirectStandardOutput = true;
				si.UseShellExecute = false;

				Process proc = new Process();

				proc.StartInfo = si;
				proc.EnableRaisingEvents = false;
				proc.StartInfo.FileName = dsxsPath;

				string url = bug.URL.Replace("%3Cscript%3Ealert%28%22tv25fmf889%22%29%3C%2Fscript%3E", "abcd");
				string command = string.Empty;

				command = "-u \"" + url + "\" --random-agent";

				if (bug.URL.Contains(bug.Parameter))
				{
					//the XSS is in a GET request
					proc.StartInfo.Arguments = command;
					Console.WriteLine ("Performing GET XSS test on URL: " + url);
				}
				else
				{
					//the XSS is in a POST request
					string data = bug.Parameter.Replace("%3Cscript%3Ealert%28%22tv25fmf889%22%29%3C%2Fscript%3E", "abcd");
					command = command + " --data=\"" + data + "\"";
					proc.StartInfo.Arguments = command;
					Console.WriteLine ("Performing POST XSS test on URL: " + url);
				}

				proc.Start();

				string output = proc.StandardOutput.ReadToEnd();
				Console.WriteLine(output);
			}
		}
	}
}
	using System;
	using System.Xml;
	using System.Collections.Generic;
	using System.Diagnostics;

	namespace wapiti_to_dsxs
	{
	class MainClass
	{
	public class WapitiBug
	{
	public WapitiBug()
	{}

	public WapitiBug(string type, XmlNode bug)
	{
	this.Type = type;

	foreach (XmlNode node in bug.ChildNodes)
	{
	if (node.Name == "timestamp")
	this.Timestamp = DateTime.Parse (node.InnerText);
	else if (node.Name == "url")
	this.URL = node.InnerText;
	else if (node.Name == "peer") {
	foreach (XmlNode peerInfo in node.ChildNodes) {
	if (peerInfo.Name == "addr")
	this.Host = peerInfo.InnerText;
	else if (peerInfo.Name == "port")
	this.Port = int.Parse (peerInfo.InnerText);
	}
	} else if (node.Name == "parameter")
	this.Parameter = node.InnerText;
	else if (node.Name == "info")
	this.Info = node.InnerText;

	}
	}

	public int Level { get; set; }

	public DateTime Timestamp { get; set; }

	public string URL { get; set; }

	public string Host { get; set; }

	public int Port { get; set; }

	public string Parameter { get; set; }

	public string Info { get; set; }

	public string Type { get; set; }
	}
	public static void Main (string[] args)
	{
	string dsxsPath = "/home/bperry/tools/dsxs/dsxs.py";
	string wapitiReport = "/tmp/wapiti_55fdd419-800a-4ba1-b591-5f2d6001a72f.xml";
	string xml = System.IO.File.ReadAllText(wapitiReport);

	XmlDocument doc = new XmlDocument();
	doc.LoadXml(xml);

	var nodes = doc.SelectNodes("/report/bugTypeList/bugType");

	List<WapitiBug> bugs = new List<WapitiBug>();
	foreach (XmlNode node in nodes)
	{
	string bugType = node.Attributes["name"].Value;
	XmlNodeList bugElements = node.SelectNodes("bugList/bug");

	foreach (XmlNode bug in bugElements)
	bugs.Add(new WapitiBug(bugType, bug));
	}

	foreach (WapitiBug bug in bugs)
	{

	if (bug.Type != "Cross Site Scripting")
	continue;

	ProcessStartInfo si = new ProcessStartInfo();

	si.RedirectStandardOutput = true;
	si.UseShellExecute = false;

	Process proc = new Process();

	proc.StartInfo = si;
	proc.EnableRaisingEvents = false;
	proc.StartInfo.FileName = dsxsPath;

	string url = bug.URL.Replace("%3Cscript%3Ealert%28%22tv25fmf889%22%29%3C%2Fscript%3E", "abcd");
	string command = string.Empty;

	command = "-u \"" + url + "\" --random-agent";

	if (bug.URL.Contains(bug.Parameter))
	{
	//the XSS is in a GET request
	proc.StartInfo.Arguments = command;
	Console.WriteLine ("Performing GET XSS test on URL: " + url);
	}
	else
	{
	//the XSS is in a POST request
	string data = bug.Parameter.Replace("%3Cscript%3Ealert%28%22tv25fmf889%22%29%3C%2Fscript%3E", "abcd");
	command = command + " --data=\"" + data + "\"";
	proc.StartInfo.Arguments = command;
	Console.WriteLine ("Performing POST XSS test on URL: " + url);
	}

	proc.Start();

	string output = proc.StandardOutput.ReadToEnd();
	Console.WriteLine(output);
	}
	}
	}
	}